Bump version to 0.8.8

storkit: done 460_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format
storkit: merge 460_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format
2026-04-03 11:07:39 +01:00 · 2026-04-03 10:00:54 +00:00 · 2026-04-03 10:00:50 +00:00 · 2026-04-03 09:53:38 +00:00 · 2026-04-03 09:51:18 +00:00 · 2026-04-02 21:06:38 +00:00
124 changed files with 3059 additions and 872 deletions
@@ -1,5 +1,7 @@
 {
-  "enabledMcpjsonServers": ["storkit"],
+  "enabledMcpjsonServers": [
+    "storkit"
+  ],
  "permissions": {
    "allow": [
      "Bash(./server/target/debug/storkit:*)",
@@ -67,7 +69,8 @@
      "Bash(tail *)",
      "Bash(wc *)",
      "Bash(npx vite:*)",
-      "Bash(npm run dev:*)"
+      "Bash(npm run dev:*)",
+      "Bash(stat *)"
    ]
  }
-}
+}
@@ -13,7 +13,8 @@ When you start a new session with this project:
   - **Be conversational.** Don't show tool names, step numbers, or raw wizard output to the user.
   - **On projects with existing code:** Read the codebase and generate each file, then show the user what you wrote and ask if it looks right.
   - **On bare projects with no code:** Ask the user what they want to build, what language/framework they plan to use, and generate files from their answers.
-   - Use `wizard_generate` to create content, show it to the user, then call `wizard_confirm` (they approve), `wizard_retry` (they want changes), or `wizard_skip` (they want to skip this step).
+   - **You must actually generate the files.** The workflow for each step is: (1) call `wizard_generate` with no args to get a hint, (2) write the file content yourself based on the conversation, (3) call `wizard_generate` again with the `content` argument containing the full file body, (4) show the user what you wrote, (5) call `wizard_confirm` (they approve), `wizard_retry` (they want changes), or `wizard_skip` (they want to skip). Do not stop after discussing — follow through and write the files.
+   - **Keep moving.** After each step is confirmed, immediately proceed to the next wizard step without waiting for the user to ask.
 2. **Check for MCP Tools:** Read `.mcp.json` to discover the MCP server endpoint. Then list available tools by calling:
   ```bash
   curl -s "$(jq -r '.mcpServers["storkit"].url' .mcp.json)" \
@@ -0,0 +1,31 @@
+---
+name: "Rename project from \"storkit\" to \"huskies\""
+---
+
+# Story 455: Rename project from "storkit" to "huskies"
+
+## User Story
+
+As a project maintainer, I want to rename the project from "storkit" to "huskies" so that the product has its new identity throughout the codebase, tooling, and documentation.
+
+## Acceptance Criteria
+
+- [ ] Rust crate name in server/Cargo.toml changed from 'storkit' to 'huskies'
+- [ ] Binary name changed to 'huskies' (Dockerfile CMD, release script binary names)
+- [ ] Environment variables renamed: STORKIT_PORT → HUSKIES_PORT, STORKIT_HOST → HUSKIES_HOST
+- [ ] Docker service name, container_name, image name, and volume names updated in docker-compose.yml
+- [ ] Docker user/group renamed from 'storkit' to 'huskies' in Dockerfile (groupadd, useradd, home dir /home/huskies/.claude)
+- [ ] MCP server registration renamed from 'storkit' to 'huskies' in scaffold-generated .mcp.json and in server/src/http/mcp/mod.rs serverInfo name
+- [ ] All 35+ MCP tool permission patterns updated from mcp__storkit__* to mcp__huskies__* across code and permission configs
+- [ ] The .storkit/ project directory marker renamed to .huskies/ throughout all Rust source (paths.rs, config.rs, scaffold.rs, watcher.rs, prompts.rs, and all agent/pipeline code)
+- [ ] Release script updated: Gitea repo path dave/storkit → dave/huskies, changelog regex updated to match ^(huskies|storkit|story-kit): for backwards-compatible history parsing, binary artifact names updated
+- [ ] Git commit prefix convention updated from 'storkit:' to 'huskies:' in storkit README and agent prompts
+- [ ] Website updated: page title, headings, and contact email (hello@storkit.dev) if domain changes
+- [ ] README.md updated: all CLI examples use 'huskies' binary name, all .storkit/ references become .huskies/
+- [ ] A migration path exists for existing installs: either storkit auto-detects and migrates .storkit/ → .huskies/, or a migration script (script/migrate) is provided
+- [ ] All Claude Code .mcp.json files in existing worktrees are regenerated via scaffold or migration
+- [ ] Gitea repository renamed from dave/storkit to dave/huskies (external action required, noted in story)
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,28 @@
+---
+name: "strip_bot_mention fails on Element markdown mention pill format"
+---
+
+# Bug 461: strip_bot_mention fails on Element markdown mention pill format
+
+## Description
+
+When Element sends a message with a mention pill, the plain text body uses Markdown link format: `[@timmy:crashlabs.io](https://matrix.to/#/@timmy:crashlabs.io) status`. The `strip_bot_mention` function in chat/util.rs uses `strip_prefix_ci` which expects the message to start with `@timmy` or the display name. Since the message starts with `[`, all prefix checks fail, the mention is not stripped, and the entire Markdown link becomes the "command name". Deterministic commands like `status`, `help`, etc. are never matched — they fall through to the LLM instead. The `mentions_bot` function works correctly because it uses `contains()` rather than prefix matching, so the bot IS triggered, but the command text extraction is broken.
+
+## How to Reproduce
+
+1. In Element, mention the bot using a mention pill: @botname status. 2. Element sends plain body as `[@bot:server](https://matrix.to/#/@bot:server) status`. 3. Observe that the bot routes to LLM instead of the deterministic status command handler.
+
+## Actual Result
+
+strip_bot_mention returns the original text unchanged. The command name is parsed as the entire Markdown link. No deterministic command matches. Message falls through to LLM.
+
+## Expected Result
+
+strip_bot_mention strips the Markdown mention pill `[...](https://matrix.to/...)` and returns `status`. The deterministic command handler matches and handles it.
+
+## Acceptance Criteria
+
+- [ ] strip_bot_mention in chat/util.rs handles the Markdown mention pill format [display](https://matrix.to/#/@user:server)
+- [ ] Deterministic commands like 'status', 'help', 'overview' work when sent via Element mention pills
+- [ ] Existing plain-text mention formats (@bot:server command, @bot command, BotName command) continue to work
+- [ ] Tests added for Markdown mention pill format in util.rs
@@ -0,0 +1,34 @@
+---
+name: "strip_bot_mention fails on Element Markdown mention pill format"
+---
+
+# Bug 460: strip_bot_mention fails on Element Markdown mention pill format
+
+## Description
+
+When Element sends a mention pill, the plain text `body` field contains a Markdown-style link like `[@timmy:crashlabs.io](https://matrix.to/#/@timmy:crashlabs.io) status`. The `strip_bot_mention` function uses prefix matching, so it tries to match `@timmy:crashlabs.io`, `@timmy`, and `Timmy` against text starting with `[` — none match. The entire message falls through to the LLM as a non-command.
+
+`mentions_bot` works because it uses `body.contains(full_id)` which finds the MXID embedded inside the Markdown link. But `strip_bot_mention` fails because the text starts with `[`, not `@` or the display name.
+
+This causes all deterministic bot commands (status, help, ambient, etc.) to be routed to the LLM instead of being handled by the bot when the user uses Element's mention pill (@-autocomplete).
+
+## How to Reproduce
+
+1. In Element, type `@timmy` and use the autocomplete pill to mention the bot
+2. Append a command like `status`
+3. Send the message
+
+## Actual Result
+
+The command falls through to the LLM. The bot logs show no "Handled bot command" entry. The plain body is `[@timmy:crashlabs.io](https://matrix.to/#/@timmy:crashlabs.io) status` which `strip_bot_mention` cannot parse.
+
+## Expected Result
+
+The bot should strip the Markdown mention link wrapper, extract the MXID or display name, and match the command deterministically. `@timmy status` via mention pill should produce the same pipeline status output as typing `@timmy status` manually.
+
+## Acceptance Criteria
+
+- [ ] strip_bot_mention handles Markdown link format `[display](https://matrix.to/#/@user:server) command` and extracts the command text
+- [ ] Deterministic commands (status, help, ambient, etc.) work when invoked via Element mention pill autocomplete
+- [ ] Unit tests cover the Markdown mention pill body format
+- [ ] Existing strip_bot_mention tests still pass (plain @mention and display name formats)
@@ -1,5 +1,6 @@
 ---
 name: "Setup wizard interviews user on bare projects with no existing code"
+agent: coder-opus
 ---

 # Story 433: Setup wizard interviews user on bare projects with no existing code
@@ -0,0 +1,26 @@
+---
+name: "strip_prefix_ci panics on multi-byte UTF-8 input"
+---
+
+# Bug 437: strip_prefix_ci panics on multi-byte UTF-8 input
+
+## Description
+
+The `strip_prefix_ci` function in `server/src/chat/transport/matrix/assign.rs` slices the input string at `prefix.len()` bytes without checking that the offset is a valid UTF-8 char boundary. When the input message starts with multi-byte characters (e.g. `⏺` which is 3 bytes), the slice can land mid-character, causing a panic.
+
+## How to Reproduce
+
+Send a Matrix message to the bot that starts with a multi-byte UTF-8 character (e.g. `⏺ storkit - wizard_confirm`) where the bot name byte length falls inside a multi-byte character.
+
+## Actual Result
+
+Thread panics: `byte index 6 is not a char boundary; it is inside '⏺' (bytes 4..7)`
+
+## Expected Result
+
+The function should return `None` (no match) without panicking, since an ASCII bot name cannot match a slice containing multi-byte characters.
+
+## Acceptance Criteria
+
+- [ ] strip_prefix_ci checks is_char_boundary before slicing
+- [ ] No panic when input contains multi-byte UTF-8 characters at the prefix boundary
@@ -0,0 +1,23 @@
+---
+name: "Slash command autocomplete in web UI text input"
+---
+
+# Story 438: Slash command autocomplete in web UI text input
+
+## User Story
+
+As a user, I want to type `/` at the start of the text box and see a filtered list of available slash commands, so that I can discover and quickly invoke commands without memorizing them.
+
+## Acceptance Criteria
+
+- [ ] Typing `/` at position 0 in the ChatInput textarea shows a command picker overlay above the input
+- [ ] The overlay lists all slash commands with name and description
+- [ ] Typing further characters after `/` fuzzy-filters the list
+- [ ] Arrow keys navigate the list, Tab/Enter selects, Escape dismisses
+- [ ] Selecting a command inserts `/<command> ` into the input (with trailing space)
+- [ ] Command list is a single shared source of truth used by both the picker and HelpOverlay
+- [ ] The overlay follows the same visual style as the existing file picker (@-mention overlay)
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,25 @@
+---
+name: "Deduplicate strip_prefix_ci / strip_bot_mention into chat::util"
+---
+
+# Refactor 439: Deduplicate strip_prefix_ci / strip_bot_mention into chat::util
+
+## Current State
+
+- TBD
+
+## Desired State
+
+Eight Matrix transport files (assign.rs, delete.rs, start.rs, rebuild.rs, reset.rs, rmtree.rs, htop.rs, timer.rs) each contain their own private copies of `strip_prefix_ci` and `strip_bot_mention`. The canonical versions already live in `chat::util` with the correct `is_char_boundary` guard. The duplicates should be removed and all call sites should use `util::strip_bot_mention` instead.
+
+## Acceptance Criteria
+
+- [ ] All 8 private copies of strip_prefix_ci are removed
+- [ ] All 8 private copies of strip_bot_mention are removed
+- [ ] All call sites use chat::util::strip_bot_mention instead
+- [ ] Existing tests in util.rs continue to pass
+- [ ] No new copies of strip_prefix_ci exist outside util.rs
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,24 @@
+---
+name: "Consolidate is_permission_approval into chat::util"
+---
+
+# Refactor 440: Consolidate is_permission_approval into chat::util
+
+## Current State
+
+- TBD
+
+## Desired State
+
+Three copies of `is_permission_approval` exist across Slack (`chat/transport/slack/commands.rs`), WhatsApp (`chat/transport/whatsapp/commands.rs`), and Matrix (`chat/transport/matrix/bot/messages.rs`). The Slack and WhatsApp versions are identical; the Matrix version is a superset that also strips @mentions. Consolidate into a single `pub` function in `chat::util` using the Matrix superset behavior, then delete the 3 private copies.
+
+## Acceptance Criteria
+
+- [ ] Single pub fn is_permission_approval exists in chat::util
+- [ ] All 3 private copies are removed
+- [ ] Matrix @mention-stripping behavior is preserved in the shared version
+- [ ] All call sites use the shared version
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,22 @@
+---
+name: "Deduplicate get_project_root wrappers in io modules"
+---
+
+# Refactor 441: Deduplicate get_project_root wrappers in io modules
+
+## Current State
+
+- TBD
+
+## Desired State
+
+Both `io/shell.rs` and `io/search.rs` contain identical private one-liner wrappers around `state.get_project_root()`. Either inline the call at each usage site or create a single shared helper, then delete the duplicate wrappers.
+
+## Acceptance Criteria
+
+- [ ] No duplicate private get_project_root wrappers in io/shell.rs and io/search.rs
+- [ ] All call sites use the canonical version or inline the call
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,23 @@
+---
+name: "Deduplicate stage_display_name into shared module"
+---
+
+# Refactor 442: Deduplicate stage_display_name into shared module
+
+## Current State
+
+- TBD
+
+## Desired State
+
+`stage_display_name` has a `pub fn` in `chat/transport/matrix/notifications.rs` and a private copy in `chat/transport/matrix/delete.rs` with slightly different casing ("backlog" vs "Backlog", "in-progress" vs "Current"). The delete.rs copy should use the canonical version from notifications.rs, adjusting the callsite if the casing difference matters.
+
+## Acceptance Criteria
+
+- [ ] Private stage_display_name in delete.rs is removed
+- [ ] delete.rs uses the pub version from notifications.rs
+- [ ] Display casing is consistent or callsite is adjusted to handle the difference
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,23 @@
+---
+name: "Extract shared find_story_name from commands"
+---
+
+# Refactor 443: Extract shared find_story_name from commands
+
+## Current State
+
+- TBD
+
+## Desired State
+
+`find_story_name` is nearly identical in `chat/commands/overview.rs` and `chat/commands/unreleased.rs` (minor style diff: `let stages` vs `const STAGES`). Extract to a shared location (e.g. `chat::commands::util` or `io::stories`) and have both callers use it.
+
+## Acceptance Criteria
+
+- [ ] Single shared find_story_name function exists
+- [ ] Both overview.rs and unreleased.rs use the shared version
+- [ ] Private copies are removed
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,26 @@
+---
+name: "Extract shared test helpers (test_ctx, write_story_file, make_api)"
+agent: "coder-opus"
+---
+
+# Refactor 444: Extract shared test helpers (test_ctx, write_story_file, make_api)
+
+## Current State
+
+- TBD
+
+## Desired State
+
+Several test helper functions are copy-pasted across many test modules: `test_ctx` (10 copies across http/ modules), `write_story_file` (5 copies across chat/commands/ and matrix/), `make_api` (5 copies across http/ modules), `setup_project` (3 copies in io/). Extract each into a shared `#[cfg(test)]` utility module so test scaffolding is maintained in one place.
+
+## Acceptance Criteria
+
+- [ ] test_ctx has a single shared definition used by all 10 http test modules
+- [ ] write_story_file has a single shared definition used by all 5 callers
+- [ ] make_api has a single shared definition used by all 5 callers
+- [ ] setup_project has a single shared definition used by all 3 callers
+- [ ] All private copies in individual test modules are removed
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,28 @@
+---
+name: "Rate-limited mergemaster exits advance stories to done without merging"
+---
+
+# Bug 445: Rate-limited mergemaster exits advance stories to done without merging
+
+## Description
+
+When the mergemaster agent is immediately rate-limited (zero turns, zero tool calls), it exits and run_server_owned_completion runs acceptance gates on the existing worktree. Since the coder already committed working code, the gates pass, and the pipeline advances the story to done — even though the mergemaster never executed run_squash_merge and the code was never cherry-picked onto master.
+
+## How to Reproduce
+
+Observed on stories 439 and 442. All mergemaster log entries show: init → rate_limit_event → error result. Zero turns, zero MCP tool calls, duration under 350ms. Yet both stories ended up in done with no merge commit on master.
+
+## Actual Result
+
+Stories advance to done with no code on master. The mergemaster never ran but the pipeline treated its exit as a successful completion.
+
+## Expected Result
+
+If the mergemaster exits without completing its work (no merge commit produced), the story should stay in the merge stage for retry, not advance to done.
+
+## Acceptance Criteria
+
+- [ ] run_server_owned_completion must not run for mergemaster agents — mergemaster has its own completion path via start_merge_agent_work
+- [ ] If the mergemaster process exits without producing a SquashMergeResult, the story stays in merge stage
+- [ ] Rate-limited mergemaster exits are treated as transient failures, not gate-passing completions
+- [ ] Story remains eligible for retry when mergemaster fails due to rate limiting
@@ -0,0 +1,20 @@
+---
+name: "OAuth login button in web UI"
+---
+
+# Story 446: OAuth login button in web UI
+
+## User Story
+
+As a user of the storkit web UI, I want a login button that triggers the Anthropic OAuth flow, so that I can authenticate without manually navigating to /oauth/authorize.
+
+## Acceptance Criteria
+
+- [ ] Web UI shows a login/authenticate button when no OAuth token is active
+- [ ] Clicking the button navigates to /oauth/authorize which starts the Anthropic OAuth flow
+- [ ] After successful OAuth callback, the UI updates to show the authenticated state
+- [ ] If already authenticated, the button is hidden or shows the current auth status
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,27 @@
+---
+name: "Element tab-completion display name breaks bot command matching"
+---
+
+# Bug 447: Element tab-completion display name breaks bot command matching
+
+## Description
+
+When a user tab-completes a bot mention in Element, the Matrix client inserts the display name (e.g. `timmy ⚡️`) rather than the user ID (`@timmy`). If the display name contains emoji or special characters, the `strip_bot_mention` function in chat::util may fail to match it against the bot name, causing commands like `ambient on` to not be recognized.
+
+## How to Reproduce
+
+1. Set bot display_name to include emoji (e.g. `timmy ⚡️`) in bot.toml\n2. In Element, tab-complete the bot name to get `timmy ⚡️`\n3. Send `timmy ⚡️ ambient on`\n4. The bot does not respond — command not matched
+
+## Actual Result
+
+Bot ignores the command. The display name with emoji doesn't match during strip_bot_mention, so the command text is not correctly extracted.
+
+## Expected Result
+
+Bot should recognize commands regardless of whether the mention was tab-completed with the display name (including emoji) or typed manually as @localpart.
+
+## Acceptance Criteria
+
+- [ ] strip_bot_mention handles display names containing emoji and special characters
+- [ ] strip_bot_mention handles Element's tab-completion format (display name followed by colon or comma)
+- [ ] Commands work whether the user types @timmy, timmy, or tab-completes timmy ⚡️
@@ -0,0 +1,20 @@
+---
+name: "Send OAuth login link via chat when credentials are missing"
+---
+
+# Story 448: Send OAuth login link via chat when credentials are missing
+
+## User Story
+
+As a storkit user on Matrix or WhatsApp, I want the bot to send me a clickable OAuth authorize link when credentials are missing or expired, so that I can authenticate without terminal access or manually constructing the URL.
+
+## Acceptance Criteria
+
+- [ ] When storkit detects missing or expired credentials during a chat interaction, it sends the user a clickable /oauth/authorize link
+- [ ] Works on Matrix and WhatsApp transports
+- [ ] After successful OAuth callback, the user can immediately resume chatting without restarting storkit
+- [ ] If credentials are already valid, no login link is sent
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,27 @@
+---
+name: "OAuth callback URL ignores --port CLI flag"
+---
+
+# Bug 449: OAuth callback URL ignores --port CLI flag
+
+## Description
+
+OAuthState is initialized with `resolve_port()` (reads STORKIT_PORT env var, defaults to 3001) instead of the actual port the server is listening on. When the server is started with `--port 4000`, the OAuth callback URL is still generated as `http://localhost:3001/callback`, so the Anthropic redirect lands on the wrong server and the state parameter lookup fails with "Unknown or expired state parameter".
+
+## How to Reproduce
+
+Start storkit with `--port 4000` (without setting STORKIT_PORT env var). Click the OAuth login button in the web UI. Authenticate with Anthropic. The callback redirect goes to localhost:3001 instead of localhost:4000.
+
+## Actual Result
+
+Callback hits port 3001 (or wrong port). If a different storkit is running there, it returns "Invalid State". If nothing is running there, the page fails to load.
+
+## Expected Result
+
+Callback URL should use the actual server port (from --port CLI flag), so the redirect returns to the correct server instance.
+
+## Acceptance Criteria
+
+- [ ] build_routes receives the actual listening port and passes it to OAuthState::new
+- [ ] OAuth callback URL matches the port the server is actually listening on
+- [ ] Works with --port flag, STORKIT_PORT env var, and default port
@@ -0,0 +1,27 @@
+---
+name: "Web UI silently swallows chat errors including OAuth login link"
+---
+
+# Bug 450: Web UI silently swallows chat errors including OAuth login link
+
+## Description
+
+When the WebSocket chat returns an error (e.g. OAuth authentication failed with a login URL), the `onError` handler in `Chat.tsx` only logs to `console.error` and resets loading state. The error message is never displayed to the user. This means the OAuth login link from story #448 works on Matrix/WhatsApp but is invisible in the web UI.
+
+## How to Reproduce
+
+Use the web UI with missing or expired OAuth credentials. Send any chat message. The server detects auth failure, attempts token refresh, fails, and returns an error containing a login URL over WebSocket.
+
+## Actual Result
+
+Nothing visible happens. The error is logged to browser console only. The user sees no feedback.
+
+## Expected Result
+
+The error message (including the clickable OAuth login link) should be displayed in the chat as an assistant message so the user can act on it.
+
+## Acceptance Criteria
+
+- [ ] WebSocket error messages are displayed in the chat UI as assistant messages
+- [ ] OAuth login URL in the error is rendered as a clickable link
+- [ ] Consistent with how Matrix and WhatsApp transports display the same error
@@ -0,0 +1,27 @@
+---
+name: "Chat.test.tsx /help test expects removed overlay behavior"
+---
+
+# Bug 451: Chat.test.tsx /help test expects removed overlay behavior
+
+## Description
+
+The test `AC: /help shows help overlay` in `Chat.test.tsx:1645` expects `/help` to show the `help-overlay` testid element. However, the `/help` intercept was removed from Chat.tsx and `help` was added to `knownCommands`, so `/help` now goes through `api.botCommand()` like other commands. The test needs to be updated to expect a `botCommand("help", ...)` call instead of the overlay. This is blocking gates on stories 449 and 450.
+
+## How to Reproduce
+
+Run `cd frontend && npm test` — the test `AC: /help shows help overlay` fails.
+
+## Actual Result
+
+Test fails: `findByTestId("help-overlay")` times out because the overlay is never rendered. `/help` is dispatched to the backend via `botCommand` instead.
+
+## Expected Result
+
+Test should pass by expecting `/help` to call `api.botCommand("help", ...)` and display the response in chat, consistent with the current code behavior.
+
+## Acceptance Criteria
+
+- [ ] The /help test in Chat.test.tsx is updated to expect botCommand dispatch
+- [ ] All frontend tests pass
+- [ ] HelpOverlay component and showHelp state can be removed from Chat.tsx if no longer used
@@ -0,0 +1,48 @@
+---
+name: "Zombie process accumulation from unrereaped child processes"
+---
+
+# Bug 452: Zombie process accumulation from unrereaped child processes
+
+## Description
+
+Storkit accumulates zombie processes over time from unrereaped child and grandchild processes. Observed 101 zombies in Docker container, 27 on macOS host. Breakdown: 51 esbuild, 36 echo, 5 claude, 5 sh, 2 bash, 1 cargo.
+
+Root cause: storkit does not reap orphaned grandchild processes. The zombies are mostly grandchildren (`esbuild`, `echo`, `sh`, `cargo`) spawned by `npm run build`, `cargo test`, etc. during worktree setup and gate checks. This happens both natively (observed 27 zombies on macOS host) and in Docker containers. When the intermediate parent exits, these grandchildren get reparented to storkit (or PID 1 in Docker) and become zombies because nobody calls `waitpid` for them.
+
+**Already fixed:**
+- `docker-compose.yml` now has `init: true` which uses tini as PID 1 in Docker — this handles zombie reaping inside containers
+- `llm/providers/claude_code.rs` now has `child.wait()` after `child.kill()` in all code paths, and the reader thread is joined before returning
+- `agents/pty.rs` reader thread is now joined before returning
+
+**Remaining:** Storkit running natively (e.g. on macOS) still accumulates zombie grandchildren because there is no tini. The fix is to add a background reaper thread that periodically calls `waitpid(-1, WNOHANG)` in a loop to clean up any orphaned children. This should be spawned early in `main()` on Unix platforms. Example:
+
+```rust
+#[cfg(unix)]
+std::thread::spawn(|| {
+    loop {
+        unsafe { while libc::waitpid(-1, std::ptr::null_mut(), libc::WNOHANG) > 0 {} }
+        std::thread::sleep(std::time::Duration::from_secs(5));
+    }
+});
+```
+
+## How to Reproduce
+
+Run several agent sessions. Check with `ps -eo stat,comm | grep Z | awk '{print $2}' | sort | uniq -c | sort -rn`.
+
+## Actual Result
+
+Zombie processes accumulate continuously. Never reaped.
+
+## Expected Result
+
+No zombie accumulation during normal operation.
+
+## Acceptance Criteria
+
+- [x] `child.wait()` is called after `child.kill()` in all code paths in `claude_code.rs`
+- [x] Reader threads are joined in both `pty.rs` and `claude_code.rs`
+- [x] `init: true` added to docker-compose.yml for Docker deployments
+- [ ] Background reaper thread added for native (non-Docker) deployments
+- [ ] Verified with `ps aux | grep '<defunct>'` after running multiple agent sessions natively on macOS
@@ -0,0 +1,53 @@
+---
+name: "Agent PTY crashes with fatal runtime error on restart after gate failure"
+---
+
+# Bug 453: Agent PTY crashes with fatal runtime error on restart after gate failure
+
+## Description
+
+When an agent completes coding and the acceptance gates fail (e.g. a test failure), the pipeline restarts the agent on the same worktree. The restarted Claude Code PTY process crashes immediately with `fatal runtime error: assertion failed: output.write(&bytes).is_ok(), aborting`. The process exits in the same second it spawns (Session: None), burns through all 3 retries, and blocks the story.
+
+Key observations:
+- The crash is **deterministic, not intermittent**: the first PTY spawn in a worktree always works; the second spawn (restart) always crashes
+- Running `claude -p "hello"` manually in the same worktree works fine (no crash) — the issue is specific to spawning via portable-pty
+- The worktree is clean (all changes committed) — the agent has nothing to do but fix the gate failure
+- The crash is inside the Claude Code binary, not storkit code
+- Observed on every story that needed a restart: 329, 400, 420, 438, 446, 449, 450
+- Stories that passed gates on the first run were never affected — they never triggered a second spawn
+
+Likely cause: the reader thread spawned by `std::thread::spawn` in `pty.rs` (line 248-255) is never joined. After `run_agent_pty_streaming` returns, the pipeline immediately calls `start_agent` for the retry, but the old reader thread may still be running and holding a cloned PTY reader fd. The new PTY allocation could collide with the still-open fd from the previous session.
+
+The root cause is unknown. It is NOT caused by zombie process accumulation (that is a separate issue in #452).
+
+**Timeline:** The crash first appeared on 2026-03-21. Agent logs go back to 2026-02-23 with no instances before that date. Stories that hit it: 329 (Mar 21), 400 (Mar 26), 420 (Mar 28), 438 (Mar 28), 446 (Mar 30), 449 (Mar 31), 450 (Mar 31).
+
+**Suspect commits around 2026-03-21:**
+- `4344081b` — storkit: merge 343_refactor_abstract_agent_runtime_to_support_non_claude_code_backends (refactored agent runtime layer)
+- `c4e45b28` — The great storkit name conversion
+- Story 359 — Docker security hardening (`cap_drop: ALL`, added back only `SETUID`/`SETGID`) — could affect PTY allocation
+- Story 329 — Docker/OrbStack evaluation spike (first crash was on this story's mergemaster)
+
+**Ruled out:** Docker capability restrictions (cap_drop: ALL) — tested by temporarily removing all cap_drop/security_opt; crash still occurs.
+
+**Evidence of stale PTY fd:** After all agents stopped, storkit (PID 7) was still holding an open fd to `/dev/pts/ptmx` (fd 46). This is a leaked PTY master fd from a previous agent session. The reader thread spawned by `std::thread::spawn` in `pty.rs` is never joined, so the cloned reader fd stays open in the storkit process after the agent exits.
+
+Remaining areas to investigate: the unjoined reader thread leaking PTY fds, and whether the leaked fd from the first session interferes with the second PTY allocation.
+
+## How to Reproduce
+
+1. Have a story in current stage with committed code in its worktree. 2. Introduce a test failure that causes gates to fail. 3. The pipeline restarts the agent on the same worktree. 4. The Claude Code process crashes immediately on spawn.
+
+## Actual Result
+
+`fatal runtime error: assertion failed: output.write(&bytes).is_ok(), aborting` — process exits instantly (same second as spawn), Session: None. Burns through retries and blocks the story.
+
+## Expected Result
+
+The restarted agent should start successfully, receive the gate failure context, and be able to fix the issue.
+
+## Acceptance Criteria
+
+- [ ] Agent restart after gate failure successfully spawns a Claude Code PTY session
+- [ ] No fatal runtime error on PTY restart in a worktree with prior committed work
+- [ ] If Claude Code fails to start, the error is handled gracefully without burning retries
@@ -0,0 +1,20 @@
+---
+name: "Deduplicate work item display in web UI story panel"
+---
+
+# Story 454: Deduplicate work item display in web UI story panel
+
+## User Story
+
+As a user, I want the work item detail panel to display cleanly without redundant information, so that I can read story details without noise.
+
+## Acceptance Criteria
+
+- [ ] The story title is not shown twice (remove the duplicate heading)
+- [ ] The work item type label is not shown twice
+- [ ] The word 'name' is not shown as a prefix before the story title
+- [ ] The story ID/title line (e.g. 'Story 3: ...') is left-justified with no extra indentation
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,29 @@
+---
+name: "Matrix bot ignores in-room verification requests from Element"
+---
+
+# Bug 456: Matrix bot ignores in-room verification requests from Element
+
+## Description
+
+The Matrix bot (Sally) only registers a handler for to-device verification events (`ToDeviceKeyVerificationRequestEvent`). Modern Element clients use in-room verification (`m.key.verification.request` as a room message event) by default. When a user initiates "Start Verification" from Element, the request is sent as a room event and the bot never sees it — nothing appears in the bot logs and the verification flow hangs indefinitely. As a result, Sally's device remains unverified (Big Red Dot), and if Element has "never send to unverified sessions" enabled, it will not share Megolm room keys with Sally's device, making her deaf to all encrypted room messages.
+
+## How to Reproduce
+
+1. Run the storkit Matrix bot (Sally) in a room with E2EE enabled. 2. In Element, open the room member list, click Sally's device, and press "Start Verification". 3. Watch the bot logs: grep for "verif\|Incoming".
+
+## Actual Result
+
+Nothing appears in the bot logs. The verification flow hangs in Element and eventually times out. Sally's device remains unverified. If Element is set to encrypt only to verified sessions, Sally cannot decrypt any messages in the room.
+
+## Expected Result
+
+The bot receives the in-room verification request, accepts it, drives the SAS emoji flow to completion, and logs "Verification with @user completed successfully!". Sally's device shows as verified in Element.
+
+## Acceptance Criteria
+
+- [ ] Bot registers an in-room verification event handler for m.key.verification.request room events (in addition to the existing to-device handler)
+- [ ] When Element initiates 'Start Verification' from the device list, the bot logs 'Incoming verification request from ...'
+- [ ] The SAS emoji flow completes: bot logs the emoji string, confirms, and logs 'Verification ... completed successfully!'
+- [ ] Sally's device shows as verified (no Big Red Dot) in Element after the flow completes
+- [ ] Existing to-device verification handler is preserved for clients that use the older flow
@@ -0,0 +1,29 @@
+---
+name: "store.json created at project root instead of inside .storkit/"
+---
+
+# Bug 457: store.json created at project root instead of inside .storkit/
+
+## Description
+
+In main.rs, JsonFileStore is initialised with a hardcoded relative path `PathBuf::from("store.json")`, which creates the file in whatever directory the process was started from (typically the project root). It should live inside `.storkit/` alongside other runtime state files. The scaffold .gitignore also lists `store.json` as a root-level pattern rather than `.storkit/store.json`, and the scaffold comment/entries array in scaffold.rs explicitly lists `store.json` as a root-level file to ignore — both need updating.
+
+## How to Reproduce
+
+1. Run storkit in any project directory. 2. Observe that store.json is created at the project root rather than inside .storkit/.
+
+## Actual Result
+
+store.json is created at the working directory root, polluting the project root and not being gitignored by the scaffold-generated .gitignore unless the user happens to have a catch-all pattern.
+
+## Expected Result
+
+store.json is created at project_root/.storkit/store.json. The scaffold-generated .gitignore ignores .storkit/store.json. The scaffold comment and entries array in scaffold.rs no longer list store.json as a root-level file.
+
+## Acceptance Criteria
+
+- [ ] main.rs initialises JsonFileStore at project_root.join(".storkit").join("store.json") instead of PathBuf::from("store.json")
+- [ ] scaffold.rs .gitignore entries updated: store.json root entry removed, .storkit/store.json added
+- [ ] scaffold.rs comment on line ~333 updated to reflect store.json is no longer at the root
+- [ ] wizard_tools.rs filter for store.json updated to match the new path if needed
+- [ ] Existing deployments with a root-level store.json are not broken (storkit migrates or falls back gracefully)
@@ -0,0 +1,21 @@
+---
+name: "Matrix bot ignores messages addressed to other bots in ambient mode"
+---
+
+# Story 458: Matrix bot ignores messages addressed to other bots in ambient mode
+
+## User Story
+
+As a user with multiple bots in the same Matrix room, I want each bot to only respond to messages addressed to it in ambient mode, so that bots don't step on each other's responses.
+
+## Acceptance Criteria
+
+- [ ] In ambient mode, the bot ignores messages that begin with another bot's name or mention another bot's display name (e.g. 'sally: do X' or '@sally do X' is ignored by stu)
+- [ ] In ambient mode, the bot still responds to messages with no explicit addressee
+- [ ] In ambient mode, the bot still responds to messages explicitly addressed to itself (e.g. 'stu: do X' or '@stu do X')
+- [ ] Direct @mention of the bot's Matrix user ID always triggers a response regardless of ambient mode
+- [ ] The bot's own display_name from bot.toml is used to detect when it is being addressed
+
+## Out of Scope
+
+- TBD
@@ -0,0 +1,27 @@
+---
+name: "matrix_history.json and timers.json missing from scaffold .storkit/.gitignore"
+---
+
+# Bug 459: matrix_history.json and timers.json missing from scaffold .storkit/.gitignore
+
+## Description
+
+The scaffold's write_story_kit_gitignore function in scaffold.rs does not include matrix_history.json or timers.json in the .storkit/.gitignore entries. Both files are runtime state that should not be committed to git. matrix_device_id and matrix_store/ are already covered, but matrix_history.json (conversation history) and timers.json (timer store) are missing.
+
+## How to Reproduce
+
+1. Run storkit scaffold on a new project. 2. Start the Matrix bot. 3. Observe that matrix_history.json and timers.json are created inside .storkit/ but are not gitignored.
+
+## Actual Result
+
+matrix_history.json and timers.json appear as untracked files in git status.
+
+## Expected Result
+
+Both files are listed in .storkit/.gitignore and do not appear in git status.
+
+## Acceptance Criteria
+
+- [ ] matrix_history.json added to the entries array in write_story_kit_gitignore in scaffold.rs
+- [ ] timers.json added to the entries array in write_story_kit_gitignore in scaffold.rs
+- [ ] scaffold test in scaffold_creates_story_kit_gitignore_with_relative_entries asserts both entries are present
@@ -26,7 +26,7 @@ version = "0.5.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0"
 dependencies = [
- "crypto-common",
+ "crypto-common 0.1.7",
 "generic-array",
 ]

@@ -38,7 +38,7 @@ checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 ]

 [[package]]
@@ -265,16 +265,16 @@ checksum = "a1d084b0137aaa901caf9f1e8b21daa6aa24d41cd806e111335541eff9683bd6"

 [[package]]
 name = "blake3"
-version = "1.8.3"
+version = "1.8.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2468ef7d57b3fb7e16b576e8377cdbde2320c60e1491e961d11da40fc4f02a2d"
+checksum = "4d2d5991425dfd0785aed03aedcf0b321d61975c9b5b3689c774a2610ae0b51e"
 dependencies = [
 "arrayref",
 "arrayvec",
 "cc",
 "cfg-if",
 "constant_time_eq",
- "cpufeatures",
+ "cpufeatures 0.3.0",
 ]

 [[package]]
@@ -286,6 +286,15 @@ dependencies = [
 "generic-array",
 ]

+[[package]]
+name = "block-buffer"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be"
+dependencies = [
+ "hybrid-array",
+]
+
 [[package]]
 name = "block-padding"
 version = "0.3.3"
@@ -391,7 +400,7 @@ checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818"
 dependencies = [
 "cfg-if",
 "cipher",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 ]

 [[package]]
@@ -427,7 +436,7 @@ version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
 dependencies = [
- "crypto-common",
+ "crypto-common 0.1.7",
 "inout",
 "zeroize",
 ]
@@ -492,6 +501,12 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"

+[[package]]
+name = "const-oid"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
+
 [[package]]
 name = "const_panic"
 version = "0.2.15"
@@ -551,6 +566,15 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "cpufeatures"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "crc32fast"
 version = "1.5.0"
@@ -596,6 +620,15 @@ dependencies = [
 "typenum",
 ]

+[[package]]
+name = "crypto-common"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710"
+dependencies = [
+ "hybrid-array",
+]
+
 [[package]]
 name = "ctr"
 version = "0.9.2"
@@ -612,9 +645,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
 dependencies = [
 "cfg-if",
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "curve25519-dalek-derive",
- "digest",
+ "digest 0.10.7",
 "fiat-crypto",
 "rustc_version",
 "serde",
@@ -740,7 +773,7 @@ version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
 dependencies = [
- "const-oid",
+ "const-oid 0.9.6",
 "zeroize",
 ]

@@ -813,11 +846,22 @@ version = "0.10.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
- "block-buffer",
- "crypto-common",
+ "block-buffer 0.10.4",
+ "crypto-common 0.1.7",
 "subtle",
 ]

+[[package]]
+name = "digest"
+version = "0.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c"
+dependencies = [
+ "block-buffer 0.12.0",
+ "const-oid 0.10.2",
+ "crypto-common 0.2.1",
+]
+
 [[package]]
 name = "displaydoc"
 version = "0.2.5"
@@ -862,7 +906,7 @@ dependencies = [
 "ed25519",
 "rand_core 0.6.4",
 "serde",
- "sha2",
+ "sha2 0.10.9",
 "subtle",
 "zeroize",
 ]
@@ -1371,7 +1415,7 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 ]

 [[package]]
@@ -1452,10 +1496,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9"

 [[package]]
-name = "hyper"
-version = "1.8.1"
+name = "hybrid-array"
+version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ab2d4f250c3d7b1c9fcdff1cece94ea4e2dfbec68614f7b87cb205f24ca9d11"
+checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214"
+dependencies = [
+ "typenum",
+]
+
+[[package]]
+name = "hyper"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
 dependencies = [
 "atomic-waker",
 "bytes",
@@ -1468,7 +1521,6 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
- "pin-utils",
 "smallvec",
 "tokio",
 "want",
@@ -1542,12 +1594,13 @@ dependencies = [

 [[package]]
 name = "icu_collections"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43"
+checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c"
 dependencies = [
 "displaydoc",
 "potential_utf",
+ "utf8_iter",
 "yoke",
 "zerofrom",
 "zerovec",
@@ -1555,9 +1608,9 @@ dependencies = [

 [[package]]
 name = "icu_locale_core"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6"
+checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29"
 dependencies = [
 "displaydoc",
 "litemap",
@@ -1568,9 +1621,9 @@ dependencies = [

 [[package]]
 name = "icu_normalizer"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599"
+checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4"
 dependencies = [
 "icu_collections",
 "icu_normalizer_data",
@@ -1582,15 +1635,15 @@ dependencies = [

 [[package]]
 name = "icu_normalizer_data"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a"
+checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38"

 [[package]]
 name = "icu_properties"
-version = "2.1.2"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec"
+checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de"
 dependencies = [
 "icu_collections",
 "icu_locale_core",
@@ -1602,15 +1655,15 @@ dependencies = [

 [[package]]
 name = "icu_properties_data"
-version = "2.1.2"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af"
+checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14"

 [[package]]
 name = "icu_provider"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614"
+checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421"
 dependencies = [
 "displaydoc",
 "icu_locale_core",
@@ -1726,9 +1779,9 @@ dependencies = [

 [[package]]
 name = "indexmap"
-version = "2.13.0"
+version = "2.13.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017"
+checksum = "45a8a2b9cb3e0b0c1803dbb0758ffac5de2f425b23c28f518faabd9d805342ff"
 dependencies = [
 "equivalent",
 "hashbrown 0.16.1",
@@ -1774,9 +1827,9 @@ checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2"

 [[package]]
 name = "iri-string"
-version = "0.7.11"
+version = "0.7.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8e7418f59cc01c88316161279a7f665217ae316b388e58a0d10e29f54f1e5eb"
+checksum = "25e659a4bb38e810ebc252e53b5814ff908a8c58c2a9ce2fae1bbec24cbf4e20"
 dependencies = [
 "memchr",
 "serde",
@@ -1862,9 +1915,9 @@ dependencies = [

 [[package]]
 name = "js-sys"
-version = "0.3.92"
+version = "0.3.94"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cc4c90f45aa2e6eacbe8645f77fdea542ac97a494bcd117a67df9ff4d611f995"
+checksum = "2e04e2ef80ce82e13552136fabeef8a5ed1f985a96805761cbb9a2c34e7664d9"
 dependencies = [
 "cfg-if",
 "futures-util",
@@ -1950,9 +2003,9 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"

 [[package]]
 name = "libc"
-version = "0.2.183"
+version = "0.2.184"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d"
+checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af"

 [[package]]
 name = "libredox"
@@ -1985,9 +2038,9 @@ checksum = "32a66949e030da00e8c7d4434b251670a91556f4144941d37452769c25d58a53"

 [[package]]
 name = "litemap"
-version = "0.8.1"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77"
+checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0"

 [[package]]
 name = "lock_api"
@@ -2158,7 +2211,7 @@ dependencies = [
 "serde",
 "serde_html_form",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "tempfile",
 "thiserror 2.0.18",
 "tokio",
@@ -2251,7 +2304,7 @@ dependencies = [
 "ruma",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "subtle",
 "thiserror 2.0.18",
 "time",
@@ -2286,7 +2339,7 @@ dependencies = [
 "serde",
 "serde-wasm-bindgen",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "thiserror 2.0.18",
 "tokio",
 "tracing",
@@ -2340,7 +2393,7 @@ dependencies = [
 "rmp-serde",
 "serde",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "thiserror 2.0.18",
 "zeroize",
 ]
@@ -2599,7 +2652,7 @@ dependencies = [
 "serde",
 "serde_json",
 "serde_path_to_error",
- "sha2",
+ "sha2 0.10.9",
 "thiserror 1.0.69",
 "url",
 ]
@@ -2657,7 +2710,7 @@ version = "0.12.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 "hmac",
 ]

@@ -2711,12 +2764,6 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"

-[[package]]
-name = "pin-utils"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-
 [[package]]
 name = "pkcs8"
 version = "0.10.2"
@@ -2842,7 +2889,7 @@ version = "0.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf"
 dependencies = [
- "cpufeatures",
+ "cpufeatures 0.2.17",
 "opaque-debug",
 "universal-hash",
 ]
@@ -2870,9 +2917,9 @@ dependencies = [

 [[package]]
 name = "potential_utf"
-version = "0.1.4"
+version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77"
+checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564"
 dependencies = [
 "zerovec",
 ]
@@ -3504,7 +3551,7 @@ dependencies = [
 "rand 0.8.5",
 "ruma-common",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "thiserror 2.0.18",
 ]

@@ -3552,7 +3599,7 @@ version = "8.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5bcdef0be6fe7f6fa333b1073c949729274b05f123a0ad7efcb8efd878e5c3b1"
 dependencies = [
- "sha2",
+ "sha2 0.10.9",
 "walkdir",
 ]

@@ -3826,9 +3873,9 @@ dependencies = [

 [[package]]
 name = "serde_spanned"
-version = "1.1.0"
+version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "876ac351060d4f882bb1032b6369eb0aef79ad9df1ea8bc404874d8cc3d0cd98"
+checksum = "6662b5879511e06e8999a8a235d848113e942c9124f211511b16466ee2995f26"
 dependencies = [
 "serde_core",
 ]
@@ -3876,8 +3923,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
 "cfg-if",
- "cpufeatures",
- "digest",
+ "cpufeatures 0.2.17",
+ "digest 0.10.7",
 ]

 [[package]]
@@ -3887,8 +3934,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
 "cfg-if",
- "cpufeatures",
- "digest",
+ "cpufeatures 0.2.17",
+ "digest 0.10.7",
+]
+
+[[package]]
+name = "sha2"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.3.0",
+ "digest 0.11.2",
 ]

 [[package]]
@@ -4019,7 +4077,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"

 [[package]]
 name = "storkit"
-version = "0.8.1"
+version = "0.8.8"
 dependencies = [
 "async-stream",
 "async-trait",
@@ -4030,6 +4088,7 @@ dependencies = [
 "futures",
 "homedir",
 "ignore",
+ "libc",
 "libsqlite3-sys",
 "matrix-sdk",
 "mime_guess",
@@ -4046,12 +4105,12 @@ dependencies = [
 "serde_json",
 "serde_urlencoded",
 "serde_yaml",
- "sha2",
+ "sha2 0.11.0",
 "strip-ansi-escapes",
 "tempfile",
 "tokio",
 "tokio-tungstenite 0.29.0",
- "toml 1.1.0+spec-1.1.0",
+ "toml 1.1.2+spec-1.1.0",
 "uuid",
 "wait-timeout",
 "walkdir",
@@ -4272,9 +4331,9 @@ dependencies = [

 [[package]]
 name = "tinystr"
-version = "0.8.2"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869"
+checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d"
 dependencies = [
 "displaydoc",
 "zerovec",
@@ -4297,9 +4356,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.50.0"
+version = "1.51.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "27ad5e34374e03cfffefc301becb44e9dc3c17584f414349ebe29ed26661822d"
+checksum = "2bd1c4c0fc4a7ab90fc15ef6daaa3ec3b893f004f915f2392557ed23237820cd"
 dependencies = [
 "bytes",
 "libc",
@@ -4314,9 +4373,9 @@ dependencies = [

 [[package]]
 name = "tokio-macros"
-version = "2.6.1"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c55a2eff8b69ce66c84f85e1da1c233edc36ceb85a2058d11b0d6a3c7e7569c"
+checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -4398,17 +4457,17 @@ dependencies = [

 [[package]]
 name = "toml"
-version = "1.1.0+spec-1.1.0"
+version = "1.1.2+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8195ca05e4eb728f4ba94f3e3291661320af739c4e43779cbdfae82ab239fcc"
+checksum = "81f3d15e84cbcd896376e6730314d59fb5a87f31e4b038454184435cd57defee"
 dependencies = [
 "indexmap",
 "serde_core",
 "serde_spanned",
- "toml_datetime 1.1.0+spec-1.1.0",
+ "toml_datetime 1.1.1+spec-1.1.0",
 "toml_parser",
 "toml_writer",
- "winnow 1.0.0",
+ "winnow 1.0.1",
 ]

 [[package]]
@@ -4422,39 +4481,39 @@ dependencies = [

 [[package]]
 name = "toml_datetime"
-version = "1.1.0+spec-1.1.0"
+version = "1.1.1+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97251a7c317e03ad83774a8752a7e81fb6067740609f75ea2b585b569a59198f"
+checksum = "3165f65f62e28e0115a00b2ebdd37eb6f3b641855f9d636d3cd4103767159ad7"
 dependencies = [
 "serde_core",
 ]

 [[package]]
 name = "toml_edit"
-version = "0.25.8+spec-1.1.0"
+version = "0.25.10+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "16bff38f1d86c47f9ff0647e6838d7bb362522bdf44006c7068c2b1e606f1f3c"
+checksum = "a82418ca169e235e6c399a84e395ab6debeb3bc90edc959bf0f48647c6a32d1b"
 dependencies = [
 "indexmap",
- "toml_datetime 1.1.0+spec-1.1.0",
+ "toml_datetime 1.1.1+spec-1.1.0",
 "toml_parser",
- "winnow 1.0.0",
+ "winnow 1.0.1",
 ]

 [[package]]
 name = "toml_parser"
-version = "1.1.0+spec-1.1.0"
+version = "1.1.2+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2334f11ee363607eb04df9b8fc8a13ca1715a72ba8662a26ac285c98aabb4011"
+checksum = "a2abe9b86193656635d2411dc43050282ca48aa31c2451210f4202550afb7526"
 dependencies = [
- "winnow 1.0.0",
+ "winnow 1.0.1",
 ]

 [[package]]
 name = "toml_writer"
-version = "1.1.0+spec-1.1.0"
+version = "1.1.1+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d282ade6016312faf3e41e57ebbba0c073e4056dab1232ab1cb624199648f8ed"
+checksum = "756daf9b1013ebe47a8776667b466417e2d4c5679d441c26230efd9ef78692db"

 [[package]]
 name = "tower"
@@ -4610,9 +4669,9 @@ checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"

 [[package]]
 name = "typewit"
-version = "1.14.2"
+version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8c1ae7cc0fdb8b842d65d127cb981574b0d2b249b74d1c7a2986863dc134f71"
+checksum = "06fee3a8df48c50c55ad646a4e03b00a370da6fe1850ebf467a8d0165dfcafae"
 dependencies = [
 "typewit_proc_macros",
 ]
@@ -4681,7 +4740,7 @@ version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
 dependencies = [
- "crypto-common",
+ "crypto-common 0.1.7",
 "subtle",
 ]

@@ -4781,7 +4840,7 @@ dependencies = [
 "serde",
 "serde_bytes",
 "serde_json",
- "sha2",
+ "sha2 0.10.9",
 "subtle",
 "thiserror 2.0.18",
 "x25519-dalek",
@@ -4851,9 +4910,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen"
-version = "0.2.115"
+version = "0.2.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6523d69017b7633e396a89c5efab138161ed5aafcbc8d3e5c5a42ae38f50495a"
+checksum = "0551fc1bb415591e3372d0bc4780db7e587d84e2a7e79da121051c5c4b89d0b0"
 dependencies = [
 "cfg-if",
 "once_cell",
@@ -4864,9 +4923,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-futures"
-version = "0.4.65"
+version = "0.4.67"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d1faf851e778dfa54db7cd438b70758eba9755cb47403f3496edd7c8fc212f0"
+checksum = "03623de6905b7206edd0a75f69f747f134b7f0a2323392d664448bf2d3c5d87e"
 dependencies = [
 "js-sys",
 "wasm-bindgen",
@@ -4874,9 +4933,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-macro"
-version = "0.2.115"
+version = "0.2.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e3a6c758eb2f701ed3d052ff5737f5bfe6614326ea7f3bbac7156192dc32e67"
+checksum = "7fbdf9a35adf44786aecd5ff89b4563a90325f9da0923236f6104e603c7e86be"
 dependencies = [
 "quote",
 "wasm-bindgen-macro-support",
@@ -4884,9 +4943,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-macro-support"
-version = "0.2.115"
+version = "0.2.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "921de2737904886b52bcbb237301552d05969a6f9c40d261eb0533c8b055fedf"
+checksum = "dca9693ef2bab6d4e6707234500350d8dad079eb508dca05530c85dc3a529ff2"
 dependencies = [
 "bumpalo",
 "proc-macro2",
@@ -4897,9 +4956,9 @@ dependencies = [

 [[package]]
 name = "wasm-bindgen-shared"
-version = "0.2.115"
+version = "0.2.117"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a93e946af942b58934c604527337bad9ae33ba1d5c6900bbb41c2c07c2364a93"
+checksum = "39129a682a6d2d841b6c429d0c51e5cb0ed1a03829d8b3d1e69a011e62cb3d3b"
 dependencies = [
 "unicode-ident",
 ]
@@ -4984,9 +5043,9 @@ dependencies = [

 [[package]]
 name = "web-sys"
-version = "0.3.92"
+version = "0.3.94"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "84cde8507f4d7cfcb1185b8cb5890c494ffea65edbe1ba82cfd63661c805ed94"
+checksum = "cd70027e39b12f0849461e08ffc50b9cd7688d942c1c8e3c7b22273236b4dd0a"
 dependencies = [
 "js-sys",
 "wasm-bindgen",
@@ -5465,9 +5524,9 @@ checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945"

 [[package]]
 name = "winnow"
-version = "1.0.0"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a90e88e4667264a994d34e6d1ab2d26d398dcdca8b7f52bec8668957517fc7d8"
+checksum = "09dac053f1cd375980747450bfc7250c264eaae0583872e845c0c7cd578872b5"
 dependencies = [
 "memchr",
 ]
@@ -5571,9 +5630,9 @@ dependencies = [

 [[package]]
 name = "writeable"
-version = "0.6.2"
+version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9"
+checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4"

 [[package]]
 name = "x25519-dalek"
@@ -5595,9 +5654,9 @@ checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3"

 [[package]]
 name = "yoke"
-version = "0.8.1"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954"
+checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca"
 dependencies = [
 "stable_deref_trait",
 "yoke-derive",
@@ -5606,9 +5665,9 @@ dependencies = [

 [[package]]
 name = "yoke-derive"
-version = "0.8.1"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d"
+checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5618,18 +5677,18 @@ dependencies = [

 [[package]]
 name = "zerocopy"
-version = "0.8.47"
+version = "0.8.48"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efbb2a062be311f2ba113ce66f697a4dc589f85e78a4aea276200804cea0ed87"
+checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9"
 dependencies = [
 "zerocopy-derive",
 ]

 [[package]]
 name = "zerocopy-derive"
-version = "0.8.47"
+version = "0.8.48"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0e8bc7269b54418e7aeeef514aa68f8690b8c0489a06b0136e5f57c4c5ccab89"
+checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5638,18 +5697,18 @@ dependencies = [

 [[package]]
 name = "zerofrom"
-version = "0.1.6"
+version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5"
+checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df"
 dependencies = [
 "zerofrom-derive",
 ]

 [[package]]
 name = "zerofrom-derive"
-version = "0.1.6"
+version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502"
+checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -5679,9 +5738,9 @@ dependencies = [

 [[package]]
 name = "zerotrie"
-version = "0.2.3"
+version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851"
+checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf"
 dependencies = [
 "displaydoc",
 "yoke",
@@ -5690,9 +5749,9 @@ dependencies = [

 [[package]]
 name = "zerovec"
-version = "0.11.5"
+version = "0.11.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002"
+checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239"
 dependencies = [
 "yoke",
 "zerofrom",
@@ -5701,9 +5760,9 @@ dependencies = [

 [[package]]
 name = "zerovec-derive"
-version = "0.11.2"
+version = "0.11.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3"
+checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -21,7 +21,7 @@ rust-embed = "8"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 serde_urlencoded = "0.7"
-sha2 = "0.10"
+sha2 = "0.11.0"
 serde_yaml = "0.9"
 strip-ansi-escapes = "0.2"
 tempfile = "3"
@@ -40,3 +40,4 @@ pulldown-cmark = { version = "0.13.3", default-features = false, features = [
    "html",
 ] }
 regex = "1"
+libc = "0.2"
@@ -108,6 +108,11 @@ services:
      retries: 3
      start_period: 10s

+    # Use tini as PID 1 to reap zombie child processes.
+    # Without this, grandchild processes (esbuild, cargo, etc.) spawned by
+    # npm/cargo during worktree setup and gate checks become zombies.
+    init: true
+
    # Restart policy – restart on crash but not on manual stop
    restart: unless-stopped

@@ -1,12 +1,12 @@
 {
 	"name": "living-spec-standalone",
-	"version": "0.8.1",
+	"version": "0.8.8",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "living-spec-standalone",
-			"version": "0.8.1",
+			"version": "0.8.8",
 			"dependencies": {
 				"@types/react-syntax-highlighter": "^15.5.13",
 				"react": "^19.1.0",
@@ -1,7 +1,7 @@
 {
 	"name": "living-spec-standalone",
 	"private": true,
-	"version": "0.8.1",
+	"version": "0.8.8",
 	"type": "module",
 	"scripts": {
 		"dev": "vite",
@@ -19,6 +19,7 @@ vi.mock("./api/client", () => {
 		setModelPreference: vi.fn(),
 		cancelChat: vi.fn(),
 		setAnthropicApiKey: vi.fn(),
+		getOAuthStatus: vi.fn(),
 	};
 	class ChatWebSocket {
 		connect() {}
@@ -65,6 +66,12 @@ describe("App", () => {
 		mockedApi.getAnthropicApiKeyExists.mockResolvedValue(false);
 		mockedApi.getAnthropicModels.mockResolvedValue([]);
 		mockedApi.getModelPreference.mockResolvedValue(null);
+		mockedApi.getOAuthStatus.mockResolvedValue({
+			authenticated: false,
+			expired: false,
+			expires_at: 0,
+			has_refresh_token: false,
+		});
 	});

 	async function renderApp() {
@@ -1,4 +1,5 @@
 import * as React from "react";
+import type { OAuthStatus } from "./api/client";
 import { api } from "./api/client";
 import { Chat } from "./components/Chat";
 import { SelectionScreen } from "./components/selection/SelectionScreen";
@@ -14,6 +15,27 @@ function App() {
 	const [isOpening, setIsOpening] = React.useState(false);
 	const [knownProjects, setKnownProjects] = React.useState<string[]>([]);
 	const [homeDir, setHomeDir] = React.useState<string | null>(null);
+	const [oauthStatus, setOauthStatus] = React.useState<OAuthStatus | null>(
+		null,
+	);
+
+	React.useEffect(() => {
+		let active = true;
+		function fetchOAuthStatus() {
+			api
+				.getOAuthStatus()
+				.then((s) => {
+					if (active) setOauthStatus(s);
+				})
+				.catch(() => {});
+		}
+		fetchOAuthStatus();
+		const intervalId = window.setInterval(fetchOAuthStatus, 5000);
+		return () => {
+			active = false;
+			window.clearInterval(intervalId);
+		};
+	}, []);

 	React.useEffect(() => {
 		api
@@ -182,10 +204,15 @@ function App() {
 					onCloseSuggestions={closeSuggestions}
 					completionError={completionError}
 					currentPartial={currentPartial}
+					oauthStatus={oauthStatus}
 				/>
 			) : (
 				<div className="workspace" style={{ height: "100%" }}>
-					<Chat projectPath={projectPath} onCloseProject={closeProject} />
+					<Chat
+						projectPath={projectPath}
+						onCloseProject={closeProject}
+						oauthStatus={oauthStatus}
+					/>
 				</div>
 			)}

@@ -205,6 +205,13 @@ export interface CommandOutput {
 	exit_code: number;
 }

+export interface OAuthStatus {
+	authenticated: boolean;
+	expired: boolean;
+	expires_at: number;
+	has_refresh_token: boolean;
+}
+
 declare const __STORKIT_PORT__: string;

 const DEFAULT_API_BASE = "/api";
@@ -402,6 +409,10 @@ export const api = {
 	deleteStory(storyId: string) {
 		return callMcpTool("delete_story", { story_id: storyId });
 	},
+	/** Fetch OAuth status from the server. */
+	getOAuthStatus() {
+		return requestJson<OAuthStatus>("/oauth/status", {}, "");
+	},
 	/** Execute a bot slash command without LLM invocation. Returns markdown response text. */
 	botCommand(command: string, args: string, baseUrl?: string) {
 		return requestJson<{ response: string }>(
@@ -1481,6 +1481,10 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/status" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});
@@ -1551,6 +1555,10 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/git" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});
@@ -1569,6 +1577,10 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/cost" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});
@@ -1595,6 +1607,10 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/reset" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});
@@ -1626,7 +1642,10 @@ describe("Slash command handling (Story 374)", () => {
 		expect(mockedApi.botCommand).not.toHaveBeenCalled();
 	});

-	it("AC: /help shows help overlay", async () => {
+	it("AC: /help calls botCommand and displays response", async () => {
+		mockedApi.botCommand.mockResolvedValue({
+			response: "Available commands: status, help, ...",
+		});
 		render(<Chat projectPath="/tmp/project" onCloseProject={vi.fn()} />);
 		await waitFor(() => expect(capturedWsHandlers).not.toBeNull());

@@ -1634,13 +1653,18 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/help" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});

-		expect(await screen.findByTestId("help-overlay")).toBeInTheDocument();
+		await waitFor(() => {
+			expect(mockedApi.botCommand).toHaveBeenCalledWith("help", "", undefined);
+		});
 		expect(lastSendChatArgs).toBeNull();
-		expect(mockedApi.botCommand).not.toHaveBeenCalled();
 	});

 	it("AC: botCommand API error shows error message in chat", async () => {
@@ -1652,6 +1676,10 @@ describe("Slash command handling (Story 374)", () => {
 		await act(async () => {
 			fireEvent.change(input, { target: { value: "/git" } });
 		});
+		// First Enter selects the command from the picker; second Enter submits it
+		await act(async () => {
+			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
+		});
 		await act(async () => {
 			fireEvent.keyDown(input, { key: "Enter", shiftKey: false });
 		});
@@ -1661,3 +1689,42 @@ describe("Slash command handling (Story 374)", () => {
 		).toBeInTheDocument();
 	});
 });
+
+describe("Bug 450: WebSocket error messages displayed in chat", () => {
+	beforeEach(() => {
+		capturedWsHandlers = null;
+		setupMocks();
+	});
+
+	it("AC1: WebSocket error message is shown in chat as an assistant message", async () => {
+		render(<Chat projectPath="/tmp/project" onCloseProject={vi.fn()} />);
+
+		await waitFor(() => expect(capturedWsHandlers).not.toBeNull());
+
+		act(() => {
+			capturedWsHandlers?.onError("Something went wrong on the server.");
+		});
+
+		expect(
+			await screen.findByText("Something went wrong on the server."),
+		).toBeInTheDocument();
+	});
+
+	it("AC2: OAuth login URL in WebSocket error is rendered as a clickable link", async () => {
+		render(<Chat projectPath="/tmp/project" onCloseProject={vi.fn()} />);
+
+		await waitFor(() => expect(capturedWsHandlers).not.toBeNull());
+
+		act(() => {
+			capturedWsHandlers?.onError(
+				"OAuth login required. Please visit: https://example.com/oauth/login",
+			);
+		});
+
+		const link = await screen.findByRole("link", {
+			name: /https:\/\/example\.com\/oauth\/login/,
+		});
+		expect(link).toBeInTheDocument();
+		expect(link).toHaveAttribute("href", "https://example.com/oauth/login");
+	});
+});
@@ -6,6 +6,7 @@ import type { AgentConfigInfo } from "../api/agents";
 import { agentsApi } from "../api/agents";
 import type {
 	AnthropicModelInfo,
+	OAuthStatus,
 	PipelineState,
 	WizardStateData,
 } from "../api/client";
@@ -164,9 +165,14 @@ const getContextWindowSize = (
 interface ChatProps {
 	projectPath: string;
 	onCloseProject: () => void;
+	oauthStatus?: OAuthStatus | null;
 }

-export function Chat({ projectPath, onCloseProject }: ChatProps) {
+export function Chat({
+	projectPath,
+	onCloseProject,
+	oauthStatus = null,
+}: ChatProps) {
 	const { messages, setMessages, clearMessages } = useChatHistory(projectPath);
 	const [loading, setLoading] = useState(false);
 	const [model, setModel] = useState("claude-code-pty");
@@ -407,6 +413,14 @@ export function Chat({ projectPath, onCloseProject }: ChatProps) {
 				console.error("WebSocket error:", message);
 				setLoading(false);
 				setActivityStatus(null);
+				const markdownMessage = message.replace(
+					/(https?:\/\/[^\s]+)/g,
+					"[$1]($1)",
+				);
+				setMessages((prev) => [
+					...prev,
+					{ role: "assistant", content: markdownMessage },
+				]);
 				if (queuedMessagesRef.current.length > 0) {
 					const batch = queuedMessagesRef.current.map((item) => item.text);
 					queuedMessagesRef.current = [];
@@ -615,12 +629,6 @@ export function Chat({ projectPath, onCloseProject }: ChatProps) {
 	const sendMessage = async (messageText: string) => {
 		if (!messageText.trim()) return;

-		// /help — show available slash commands overlay
-		if (/^\/help\s*$/i.test(messageText)) {
-			setShowHelp(true);
-			return;
-		}
-
 		// /reset — clear session and message history without LLM
 		if (/^\/reset\s*$/i.test(messageText)) {
 			setMessages([]);
@@ -657,6 +665,14 @@ export function Chat({ projectPath, onCloseProject }: ChatProps) {
 					"overview",
 					"rebuild",
 					"loc",
+					"help",
+					"ambient",
+					"htop",
+					"rmtree",
+					"timer",
+					"unblock",
+					"unreleased",
+					"setup",
 				]);

 				if (knownCommands.has(cmd)) {
@@ -940,6 +956,7 @@ export function Chat({ projectPath, onCloseProject }: ChatProps) {
 				enableTools={enableTools}
 				onToggleTools={setEnableTools}
 				wsConnected={wsConnected}
+				oauthStatus={oauthStatus}
 			/>

 			{/* Two-column content area */}
@@ -1059,6 +1076,7 @@ export function Chat({ projectPath, onCloseProject }: ChatProps) {
 								)}
 							{messages.map((msg: Message, idx: number) => (
 								<MessageItem
+									// biome-ignore lint/suspicious/noArrayIndexKey: Message has no stable ID
 									key={`msg-${idx}-${msg.role}-${msg.content.substring(0, 20)}`}
 									msg={msg}
 								/>
@@ -1,4 +1,5 @@
 import * as React from "react";
+import type { OAuthStatus } from "../api/client";
 import { api } from "../api/client";

 const { useState, useEffect } = React;
@@ -32,6 +33,7 @@ interface ChatHeaderProps {
 	enableTools: boolean;
 	onToggleTools: (enabled: boolean) => void;
 	wsConnected: boolean;
+	oauthStatus?: OAuthStatus | null;
 }

 const getContextEmoji = (percentage: number): string => {
@@ -55,6 +57,7 @@ export function ChatHeader({
 	enableTools,
 	onToggleTools,
 	wsConnected,
+	oauthStatus = null,
 }: ChatHeaderProps) {
 	const hasModelOptions = availableModels.length > 0 || claudeModels.length > 0;
 	const [showConfirm, setShowConfirm] = useState(false);
@@ -340,6 +343,63 @@ export function ChatHeader({
 				</div>

 				<div style={{ display: "flex", alignItems: "center", gap: "16px" }}>
+					{oauthStatus !== null &&
+						(!oauthStatus.authenticated || oauthStatus.expired) && (
+							<button
+								type="button"
+								title="Authenticate with Claude via OAuth"
+								onClick={() => {
+									window.open(
+										"/oauth/authorize",
+										"_blank",
+										"noopener,noreferrer",
+									);
+								}}
+								style={{
+									padding: "6px 12px",
+									borderRadius: "99px",
+									border: "none",
+									fontSize: "0.85em",
+									backgroundColor: "#1a3a5c",
+									color: "#7eb8f7",
+									cursor: "pointer",
+									outline: "none",
+									transition: "all 0.2s",
+									whiteSpace: "nowrap",
+								}}
+								onMouseOver={(e) => {
+									e.currentTarget.style.backgroundColor = "#234d7a";
+									e.currentTarget.style.color = "#a8d4ff";
+								}}
+								onMouseOut={(e) => {
+									e.currentTarget.style.backgroundColor = "#1a3a5c";
+									e.currentTarget.style.color = "#7eb8f7";
+								}}
+								onFocus={(e) => {
+									e.currentTarget.style.backgroundColor = "#234d7a";
+									e.currentTarget.style.color = "#a8d4ff";
+								}}
+								onBlur={(e) => {
+									e.currentTarget.style.backgroundColor = "#1a3a5c";
+									e.currentTarget.style.color = "#7eb8f7";
+								}}
+							>
+								{oauthStatus.expired ? "Re-authenticate" : "Login with Claude"}
+							</button>
+						)}
+					{oauthStatus?.authenticated && !oauthStatus.expired && (
+						<span
+							title="Authenticated with Claude via OAuth"
+							style={{
+								fontSize: "0.8em",
+								color: "#4caf50",
+								whiteSpace: "nowrap",
+							}}
+						>
+							✓ Claude
+						</span>
+					)}
+
 					<div
 						style={{
 							fontSize: "0.75em",
@@ -1,5 +1,6 @@
 import * as React from "react";
 import { api } from "../api/client";
+import { SLASH_COMMANDS, type SlashCommand } from "../slashCommands";

 const {
 	forwardRef,
@@ -113,6 +114,83 @@ function FilePickerOverlay({
 	);
 }

+interface SlashCommandPickerOverlayProps {
+	query: string;
+	selectedIndex: number;
+	onSelect: (cmd: SlashCommand) => void;
+}
+
+function SlashCommandPickerOverlay({
+	query,
+	selectedIndex,
+	onSelect,
+}: SlashCommandPickerOverlayProps) {
+	const filtered = SLASH_COMMANDS.filter((cmd) =>
+		fuzzyMatch(cmd.name, query),
+	).sort((a, b) => fuzzyScore(a.name, query) - fuzzyScore(b.name, query));
+
+	if (filtered.length === 0) return null;
+
+	return (
+		<div
+			data-testid="slash-command-picker"
+			style={{
+				position: "absolute",
+				bottom: "100%",
+				left: 0,
+				right: 0,
+				background: "#1e1e1e",
+				border: "1px solid #444",
+				borderRadius: "8px",
+				marginBottom: "6px",
+				overflow: "hidden",
+				zIndex: 100,
+				boxShadow: "0 4px 16px rgba(0,0,0,0.4)",
+				maxHeight: "300px",
+				overflowY: "auto",
+			}}
+		>
+			{filtered.map((cmd, idx) => (
+				<button
+					key={cmd.name}
+					type="button"
+					data-testid={`slash-command-item-${idx}`}
+					onClick={() => onSelect(cmd)}
+					style={{
+						display: "flex",
+						flexDirection: "column",
+						width: "100%",
+						textAlign: "left",
+						padding: "10px 14px",
+						background: idx === selectedIndex ? "#2d4a6e" : "transparent",
+						border: "none",
+						cursor: "pointer",
+						gap: "2px",
+					}}
+				>
+					<code
+						style={{
+							fontSize: "0.88rem",
+							color: idx === selectedIndex ? "#ececec" : "#e0e0e0",
+							fontFamily: "monospace",
+						}}
+					>
+						{cmd.name}
+					</code>
+					<span
+						style={{
+							fontSize: "0.78rem",
+							color: idx === selectedIndex ? "#b0c0d0" : "#888",
+						}}
+					>
+						{cmd.description}
+					</span>
+				</button>
+			))}
+		</div>
+	);
+}
+
 export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 	function ChatInput(
 		{ loading, queuedMessages, onSubmit, onCancel, onRemoveQueuedMessage },
@@ -127,6 +205,10 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 		const [pickerSelectedIndex, setPickerSelectedIndex] = useState(0);
 		const [pickerAtStart, setPickerAtStart] = useState(0);

+		// Slash command picker state
+		const [slashQuery, setSlashQuery] = useState<string | null>(null);
+		const [slashSelectedIndex, setSlashSelectedIndex] = useState(0);
+
 		useImperativeHandle(ref, () => ({
 			appendToInput(text: string) {
 				setInput((prev) => (prev ? `${prev}\n${text}` : text));
@@ -153,6 +235,31 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 			setPickerSelectedIndex(0);
 		}, []);

+		// Compute filtered slash commands for current query
+		const filteredCommands =
+			slashQuery !== null
+				? SLASH_COMMANDS.filter((cmd) => fuzzyMatch(cmd.name, slashQuery)).sort(
+						(a, b) =>
+							fuzzyScore(a.name, slashQuery) - fuzzyScore(b.name, slashQuery),
+					)
+				: [];
+
+		const dismissSlashPicker = useCallback(() => {
+			setSlashQuery(null);
+			setSlashSelectedIndex(0);
+		}, []);
+
+		const selectCommand = useCallback(
+			(cmd: SlashCommand) => {
+				// Extract base command (first word, e.g. "/assign" from "/assign <number> <model>")
+				const baseCommand = cmd.name.split(" ")[0];
+				setInput(`${baseCommand} `);
+				dismissSlashPicker();
+				setTimeout(() => inputRef.current?.focus(), 0);
+			},
+			[dismissSlashPicker],
+		);
+
 		const selectFile = useCallback(
 			(file: string) => {
 				// Replace the @query portion with @file
@@ -173,11 +280,20 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 				setInput(val);

 				const cursor = e.target.selectionStart ?? val.length;
-				// Find the last @ before the cursor that starts a reference token
 				const textUpToCursor = val.slice(0, cursor);
-				// Match @ not preceded by non-whitespace (i.e. @ at start or after space/newline)
-				const atMatch = textUpToCursor.match(/(^|[\s\n])@([^\s@]*)$/);

+				// Slash command picker: triggered when input starts with / and no space yet
+				const slashMatch = textUpToCursor.match(/^\/(\S*)$/);
+				if (slashMatch) {
+					setSlashQuery(slashMatch[1]);
+					setSlashSelectedIndex(0);
+					if (pickerQuery !== null) dismissPicker();
+					return;
+				}
+				if (slashQuery !== null) dismissSlashPicker();
+
+				// File picker: triggered by @ at start or after whitespace
+				const atMatch = textUpToCursor.match(/(^|[\s\n])@([^\s@]*)$/);
 				if (atMatch) {
 					const query = atMatch[2];
 					const atPos = textUpToCursor.lastIndexOf("@");
@@ -196,11 +312,50 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 					if (pickerQuery !== null) dismissPicker();
 				}
 			},
-			[projectFiles.length, pickerQuery, dismissPicker],
+			[
+				projectFiles.length,
+				pickerQuery,
+				dismissPicker,
+				slashQuery,
+				dismissSlashPicker,
+			],
 		);

 		const handleKeyDown = useCallback(
 			(e: React.KeyboardEvent<HTMLTextAreaElement>) => {
+				// Slash command picker navigation
+				if (slashQuery !== null && filteredCommands.length > 0) {
+					if (e.key === "ArrowDown") {
+						e.preventDefault();
+						setSlashSelectedIndex((i) =>
+							Math.min(i + 1, filteredCommands.length - 1),
+						);
+						return;
+					}
+					if (e.key === "ArrowUp") {
+						e.preventDefault();
+						setSlashSelectedIndex((i) => Math.max(i - 1, 0));
+						return;
+					}
+					if (e.key === "Tab" || e.key === "Enter") {
+						e.preventDefault();
+						selectCommand(
+							filteredCommands[slashSelectedIndex] ?? filteredCommands[0],
+						);
+						return;
+					}
+					if (e.key === "Escape") {
+						e.preventDefault();
+						dismissSlashPicker();
+						return;
+					}
+				} else if (e.key === "Escape" && slashQuery !== null) {
+					e.preventDefault();
+					dismissSlashPicker();
+					return;
+				}
+
+				// File picker navigation
 				if (pickerQuery !== null && filteredFiles.length > 0) {
 					if (e.key === "ArrowDown") {
 						e.preventDefault();
@@ -236,6 +391,11 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 				}
 			},
 			[
+				slashQuery,
+				filteredCommands,
+				slashSelectedIndex,
+				selectCommand,
+				dismissSlashPicker,
 				pickerQuery,
 				filteredFiles,
 				pickerSelectedIndex,
@@ -249,6 +409,7 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 			onSubmit(input);
 			setInput("");
 			dismissPicker();
+			dismissSlashPicker();
 		};

 		return (
@@ -357,6 +518,13 @@ export const ChatInput = forwardRef<ChatInputHandle, ChatInputProps>(
 							position: "relative",
 						}}
 					>
+						{slashQuery !== null && (
+							<SlashCommandPickerOverlay
+								query={slashQuery}
+								selectedIndex={slashSelectedIndex}
+								onSelect={selectCommand}
+							/>
+						)}
 						{pickerQuery !== null && (
 							<FilePickerOverlay
 								query={pickerQuery}
@@ -0,0 +1,240 @@
+import { act, fireEvent, render, screen } from "@testing-library/react";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { ChatInput } from "./ChatInput";
+
+vi.mock("../api/client", () => ({
+	api: {
+		listProjectFiles: vi.fn().mockResolvedValue([]),
+	},
+}));
+
+const defaultProps = {
+	loading: false,
+	queuedMessages: [],
+	onSubmit: vi.fn(),
+	onCancel: vi.fn(),
+	onRemoveQueuedMessage: vi.fn(),
+};
+
+beforeEach(() => {
+	vi.clearAllMocks();
+});
+
+describe("Slash command picker overlay (Story 438 AC1)", () => {
+	it("shows slash command picker when / is typed at position 0", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		expect(screen.getByTestId("slash-command-picker")).toBeInTheDocument();
+	});
+
+	it("does not show slash command picker for plain text", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "hello" } });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+	});
+
+	it("does not show slash command picker when / is not at position 0", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "hello /world" } });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+	});
+});
+
+describe("Slash command list (Story 438 AC2)", () => {
+	it("lists slash commands with name and description", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		expect(screen.getByTestId("slash-command-picker")).toBeInTheDocument();
+		// First command should be /help
+		expect(screen.getByTestId("slash-command-item-0")).toBeInTheDocument();
+		expect(screen.getByTestId("slash-command-item-0")).toHaveTextContent(
+			"/help",
+		);
+	});
+});
+
+describe("Slash command fuzzy filter (Story 438 AC3)", () => {
+	it("filters commands when typing after /", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/hel" } });
+		});
+
+		expect(screen.getByTestId("slash-command-picker")).toBeInTheDocument();
+		// /help should match "hel"
+		expect(screen.getByTestId("slash-command-item-0")).toHaveTextContent(
+			"/help",
+		);
+		// /rebuild should not be visible (no match for "hel")
+		const items = screen.queryAllByTestId(/^slash-command-item-/);
+		const texts = items.map((el) => el.textContent ?? "");
+		expect(texts.some((t) => t.includes("/rebuild"))).toBe(false);
+	});
+
+	it("shows no picker when query matches nothing", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/zzzzz" } });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+	});
+});
+
+describe("Slash command keyboard navigation (Story 438 AC4)", () => {
+	it("ArrowDown navigates to next item", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		const item0 = screen.getByTestId("slash-command-item-0");
+		expect(item0).toHaveStyle({ background: "#2d4a6e" });
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "ArrowDown" });
+		});
+
+		const item1 = screen.getByTestId("slash-command-item-1");
+		expect(item1).toHaveStyle({ background: "#2d4a6e" });
+	});
+
+	it("ArrowUp stays at 0 when already at top", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "ArrowUp" });
+		});
+
+		const item0 = screen.getByTestId("slash-command-item-0");
+		expect(item0).toHaveStyle({ background: "#2d4a6e" });
+	});
+
+	it("Enter selects the highlighted command and inserts it", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/hel" } });
+		});
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "Enter" });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+		expect((textarea as HTMLTextAreaElement).value).toBe("/help ");
+	});
+
+	it("Tab selects the highlighted command and inserts it", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/hel" } });
+		});
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "Tab" });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+		expect((textarea as HTMLTextAreaElement).value).toBe("/help ");
+	});
+
+	it("Escape dismisses the picker", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		expect(screen.getByTestId("slash-command-picker")).toBeInTheDocument();
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "Escape" });
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+	});
+});
+
+describe("Slash command selection inserts with trailing space (Story 438 AC5)", () => {
+	it("clicking a command inserts /<command> with trailing space", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/" } });
+		});
+
+		await act(async () => {
+			fireEvent.click(screen.getByTestId("slash-command-item-0"));
+		});
+
+		expect(
+			screen.queryByTestId("slash-command-picker"),
+		).not.toBeInTheDocument();
+		const val = (textarea as HTMLTextAreaElement).value;
+		expect(val).toMatch(/^\/\w+ $/);
+	});
+
+	it("selection inserts only the base command (no argument placeholders)", async () => {
+		render(<ChatInput {...defaultProps} />);
+		const textarea = screen.getByPlaceholderText("Send a message...");
+
+		await act(async () => {
+			fireEvent.change(textarea, { target: { value: "/ass" } });
+		});
+
+		await act(async () => {
+			fireEvent.keyDown(textarea, { key: "Enter" });
+		});
+
+		expect((textarea as HTMLTextAreaElement).value).toBe("/assign ");
+	});
+});
@@ -1,75 +1,8 @@
 import * as React from "react";
+import { SLASH_COMMANDS } from "../slashCommands";

 const { useEffect, useRef } = React;

-interface SlashCommand {
-	name: string;
-	description: string;
-}
-
-const SLASH_COMMANDS: SlashCommand[] = [
-	{
-		name: "/help",
-		description: "Show this list of available slash commands.",
-	},
-	{
-		name: "/status",
-		description:
-			"Show pipeline status and agent availability. `/status <number>` shows a story triage dump.",
-	},
-	{
-		name: "/assign <number> <model>",
-		description: "Pre-assign a model to a story (e.g. `/assign 42 opus`).",
-	},
-	{
-		name: "/start <number>",
-		description:
-			"Start a coder on a story. Optionally specify a model: `/start <number> opus`.",
-	},
-	{
-		name: "/show <number>",
-		description: "Display the full text of a work item.",
-	},
-	{
-		name: "/move <number> <stage>",
-		description:
-			"Move a work item to a pipeline stage (backlog, current, qa, merge, done).",
-	},
-	{
-		name: "/delete <number>",
-		description:
-			"Remove a work item from the pipeline and stop any running agent.",
-	},
-	{
-		name: "/cost",
-		description:
-			"Show token spend: 24h total, top stories, breakdown by agent type, and all-time total.",
-	},
-	{
-		name: "/git",
-		description:
-			"Show git status: branch, uncommitted changes, and ahead/behind remote.",
-	},
-	{
-		name: "/overview <number>",
-		description: "Show the implementation summary for a merged story.",
-	},
-	{
-		name: "/rebuild",
-		description: "Rebuild the server binary and restart.",
-	},
-	{
-		name: "/reset",
-		description:
-			"Clear the current Claude Code session and start fresh (messages and session ID are cleared locally).",
-	},
-	{
-		name: "/btw <question>",
-		description:
-			"Ask a side question using the current conversation as context. The question and answer are not added to the conversation history.",
-	},
-];
-
 interface HelpOverlayProps {
 	onDismiss: () => void;
 }
@@ -136,6 +136,7 @@ function MessageItemInner({ msg }: MessageItemProps) {

 							return (
 								<div
+									// biome-ignore lint/suspicious/noArrayIndexKey: ToolCall has no stable ID
 									key={`tool-${i}-${tc.function.name}`}
 									style={{
 										display: "flex",
@@ -202,6 +202,7 @@ export function ServerLogsPanel({ logs }: ServerLogsPanelProps) {
 						) : (
 							filteredLogs.map((entry, idx) => (
 								<div
+									// biome-ignore lint/suspicious/noArrayIndexKey: log entries have no stable ID
 									key={`${entry.timestamp}-${idx}`}
 									style={{
 										display: "flex",
@@ -69,7 +69,7 @@ afterEach(() => {
 });

 describe("WorkItemDetailPanel", () => {
-	it("renders the story name in the header", async () => {
+	it("renders the story name in the header with type and ID prefix", async () => {
 		render(
 			<WorkItemDetailPanel
 				storyId="237_bug_test"
@@ -79,7 +79,7 @@ describe("WorkItemDetailPanel", () => {
 		);
 		await waitFor(() => {
 			expect(screen.getByTestId("detail-panel-title")).toHaveTextContent(
-				"Big Title Story",
+				"Bug 237: Big Title Story",
 			);
 		});
 	});
@@ -110,6 +110,10 @@ describe("WorkItemDetailPanel", () => {
 	});

 	it("renders markdown headings with constrained inline font size", async () => {
+		mockedGetWorkItemContent.mockResolvedValue({
+			...DEFAULT_CONTENT,
+			content: "# Title Heading\n\n## Section Heading\n\nSome content.",
+		});
 		render(
 			<WorkItemDetailPanel
 				storyId="237_bug_test"
@@ -119,11 +123,95 @@ describe("WorkItemDetailPanel", () => {
 		);
 		await waitFor(() => {
 			const content = screen.getByTestId("detail-panel-content");
-			const h1 = content.querySelector("h1");
-			expect(h1).not.toBeNull();
-			expect(h1?.style.fontSize).toBeTruthy();
+			// H1 is stripped by stripDisplayContent; h2 should be constrained
+			const h2 = content.querySelector("h2");
+			expect(h2).not.toBeNull();
+			expect(h2?.style.fontSize).toBeTruthy();
 		});
 	});
+
+	it("strips YAML front matter so 'name' is not shown as a prefix in content", async () => {
+		mockedGetWorkItemContent.mockResolvedValue({
+			content:
+				'---\nname: "My Story Name"\n---\n\n# Story 42: My Story Name\n\n## User Story\n\nAs a user...',
+			stage: "current",
+			name: "My Story Name",
+			agent: null,
+		});
+		render(
+			<WorkItemDetailPanel
+				storyId="42_story_test"
+				pipelineVersion={0}
+				onClose={() => {}}
+			/>,
+		);
+		const content = await screen.findByTestId("detail-panel-content");
+		expect(content.textContent).not.toMatch(/name:/i);
+	});
+
+	it("strips the first H1 heading so the story title is not shown twice", async () => {
+		mockedGetWorkItemContent.mockResolvedValue({
+			content:
+				'---\nname: "My Story Name"\n---\n\n# Story 42: My Story Name\n\n## User Story\n\nAs a user...',
+			stage: "current",
+			name: "My Story Name",
+			agent: null,
+		});
+		render(
+			<WorkItemDetailPanel
+				storyId="42_story_test"
+				pipelineVersion={0}
+				onClose={() => {}}
+			/>,
+		);
+		const content = await screen.findByTestId("detail-panel-content");
+		expect(content.querySelector("h1")).toBeNull();
+	});
+
+	it("shows 'Type N: Name' format in the panel header title (story ID/title left-justified)", async () => {
+		mockedGetWorkItemContent.mockResolvedValue({
+			content: "## User Story\n\nAs a user...",
+			stage: "current",
+			name: "My Story Name",
+			agent: null,
+		});
+		render(
+			<WorkItemDetailPanel
+				storyId="42_story_test"
+				pipelineVersion={0}
+				onClose={() => {}}
+			/>,
+		);
+		await waitFor(() => {
+			expect(screen.getByTestId("detail-panel-title")).toHaveTextContent(
+				"Story 42: My Story Name",
+			);
+		});
+	});
+
+	it("does not show the work item type label twice when front matter and H1 are stripped", async () => {
+		mockedGetWorkItemContent.mockResolvedValue({
+			content:
+				'---\nname: "My Story Name"\n---\n\n# Story 42: My Story Name\n\n## User Story\n\nContent.',
+			stage: "current",
+			name: "My Story Name",
+			agent: null,
+		});
+		render(
+			<WorkItemDetailPanel
+				storyId="42_story_test"
+				pipelineVersion={0}
+				onClose={() => {}}
+			/>,
+		);
+		await screen.findByTestId("detail-panel-content");
+		// "Story" type label appears exactly once — in the panel header title
+		const title = screen.getByTestId("detail-panel-title");
+		expect(title.textContent).toContain("Story 42:");
+		// The content body should not contain an H1 repeating the type + title
+		const content = screen.getByTestId("detail-panel-content");
+		expect(content.querySelector("h1")).toBeNull();
+	});
 });

 describe("WorkItemDetailPanel - Agent Logs", () => {
@@ -17,6 +17,46 @@ import { api } from "../api/client";

 const { useCallback, useEffect, useRef, useState } = React;

+/**
+ * Strip YAML front matter and the first H1 heading from story content before
+ * rendering. The panel header already shows the story ID/title, so rendering
+ * them again inside the markdown body creates duplicate information.
+ */
+function stripDisplayContent(content: string): string {
+	let text = content;
+	// Strip YAML front matter (--- ... ---)
+	if (text.startsWith("---")) {
+		const eol = text.indexOf("\n");
+		if (eol !== -1) {
+			const closeIdx = text.indexOf("\n---", eol);
+			if (closeIdx !== -1) {
+				text = text.slice(closeIdx + 4);
+			}
+		}
+	}
+	// Trim leading blank lines left by the front matter
+	text = text.trimStart();
+	// Strip the first H1 heading — it duplicates the panel header title
+	if (text.startsWith("# ")) {
+		const eol = text.indexOf("\n");
+		text = eol !== -1 ? text.slice(eol + 1).trimStart() : "";
+	}
+	return text;
+}
+
+/**
+ * Format the story ID/title line shown in the panel header.
+ * Produces e.g. "Story 454: My Story Name" or "Bug 12: Crash on startup".
+ * Falls back to name or storyId when the pattern doesn't match.
+ */
+function formatStoryTitle(storyId: string, name: string | null): string {
+	const match = storyId.match(/^(\d+)_([a-z]+)_/);
+	if (!match || !name) return name ?? storyId;
+	const [, number, type] = match;
+	const typeLabel = type.charAt(0).toUpperCase() + type.slice(1);
+	return `${typeLabel} ${number}: ${name}`;
+}
+
 const STAGE_LABELS: Record<string, string> = {
 	backlog: "Backlog",
 	current: "Current",
@@ -352,7 +392,7 @@ export function WorkItemDetailPanel({
 							whiteSpace: "nowrap",
 						}}
 					>
-						{name ?? storyId}
+						{formatStoryTitle(storyId, name)}
 					</div>
 					{stage && (
 						<div
@@ -504,7 +544,7 @@ export function WorkItemDetailPanel({
 								),
 							}}
 						>
-							{content}
+							{stripDisplayContent(content)}
 						</Markdown>
 					</div>
 				)}
@@ -1,4 +1,5 @@
 import type { KeyboardEvent } from "react";
+import type { OAuthStatus } from "../../api/client";
 import { ProjectPathInput } from "./ProjectPathInput.tsx";
 import { RecentProjectsList } from "./RecentProjectsList.tsx";

@@ -24,6 +25,7 @@ export interface SelectionScreenProps {
 	onCloseSuggestions: () => void;
 	completionError: string | null;
 	currentPartial: string;
+	oauthStatus?: OAuthStatus | null;
 }

 export function SelectionScreen({
@@ -43,6 +45,7 @@ export function SelectionScreen({
 	onCloseSuggestions,
 	completionError,
 	currentPartial,
+	oauthStatus = null,
 }: SelectionScreenProps) {
 	const resolvedHomeDir = homeDir
 		? homeDir.endsWith("/")
@@ -57,6 +60,43 @@ export function SelectionScreen({
 			<h1>Storkit</h1>
 			<p>Paste or complete a project path to start.</p>

+			{oauthStatus !== null && (
+				<div style={{ marginBottom: "1rem" }}>
+					{!oauthStatus.authenticated || oauthStatus.expired ? (
+						<button
+							type="button"
+							onClick={() => {
+								window.open(
+									"/oauth/authorize",
+									"_blank",
+									"noopener,noreferrer",
+								);
+							}}
+							style={{
+								padding: "8px 16px",
+								borderRadius: "6px",
+								border: "1px solid #1a3a5c",
+								backgroundColor: "#1a3a5c",
+								color: "#7eb8f7",
+								cursor: "pointer",
+								fontSize: "0.9em",
+							}}
+						>
+							{oauthStatus.expired
+								? "Re-authenticate with Claude"
+								: "Login with Claude"}
+						</button>
+					) : (
+						<span
+							title="Authenticated with Claude via OAuth"
+							style={{ color: "#4caf50", fontSize: "0.9em" }}
+						>
+							✓ Authenticated with Claude
+						</span>
+					)}
+				</div>
+			)}
+
 			{knownProjects.length > 0 && (
 				<RecentProjectsList
 					projects={knownProjects}
@@ -0,0 +1,105 @@
+export interface SlashCommand {
+	name: string;
+	description: string;
+}
+
+export const SLASH_COMMANDS: SlashCommand[] = [
+	{
+		name: "/help",
+		description: "Show this list of available slash commands.",
+	},
+	{
+		name: "/status",
+		description:
+			"Show pipeline status and agent availability. `/status <number>` shows a story triage dump.",
+	},
+	{
+		name: "/assign <number> <model>",
+		description: "Pre-assign a model to a story (e.g. `/assign 42 opus`).",
+	},
+	{
+		name: "/start <number>",
+		description:
+			"Start a coder on a story. Optionally specify a model: `/start <number> opus`.",
+	},
+	{
+		name: "/show <number>",
+		description: "Display the full text of a work item.",
+	},
+	{
+		name: "/move <number> <stage>",
+		description:
+			"Move a work item to a pipeline stage (backlog, current, qa, merge, done).",
+	},
+	{
+		name: "/delete <number>",
+		description:
+			"Remove a work item from the pipeline and stop any running agent.",
+	},
+	{
+		name: "/cost",
+		description:
+			"Show token spend: 24h total, top stories, breakdown by agent type, and all-time total.",
+	},
+	{
+		name: "/git",
+		description:
+			"Show git status: branch, uncommitted changes, and ahead/behind remote.",
+	},
+	{
+		name: "/overview <number>",
+		description: "Show the implementation summary for a merged story.",
+	},
+	{
+		name: "/ambient",
+		description: "Toggle ambient mode: `/ambient on` or `/ambient off`.",
+	},
+	{
+		name: "/htop",
+		description:
+			"Show live system and agent process dashboard: `/htop`, `/htop 10m`, `/htop stop`.",
+	},
+	{
+		name: "/loc",
+		description:
+			"Show top source files by line count: `/loc` (top 10), `/loc <N>`, or `/loc <filepath>`.",
+	},
+	{
+		name: "/rmtree <number>",
+		description:
+			"Delete the worktree for a story without removing it from the pipeline.",
+	},
+	{
+		name: "/rebuild",
+		description: "Rebuild the server binary and restart.",
+	},
+	{
+		name: "/timer",
+		description:
+			"Schedule a deferred agent start: `/timer <story_id> <HH:MM>`, `/timer list`, `/timer cancel <story_id>`.",
+	},
+	{
+		name: "/unblock <number>",
+		description:
+			"Reset a blocked story: clears blocked flag and resets retry count.",
+	},
+	{
+		name: "/unreleased",
+		description: "Show stories merged to master since the last release tag.",
+	},
+	{
+		name: "/setup",
+		description:
+			"Show setup wizard progress; or `/setup confirm` / `/setup skip` / `/setup retry` to drive the wizard.",
+	},
+	{
+		name: "/reset",
+		description:
+			"Clear the current Claude Code session and start fresh (messages and session ID are cleared locally).",
+	},
+	{
+		name: "/btw <question>",
+		description:
+			"Ask a side question using the current conversation as context. The question and answer are not added to the conversation history.",
+	},
+];
@@ -30,6 +30,20 @@ export default defineConfig(() => {
 						proxy.on("error", (_err) => {});
 					},
 				},
+				"/oauth": {
+					target: `http://127.0.0.1:${String(backendPort)}`,
+					timeout: 120000,
+					configure: (proxy) => {
+						proxy.on("error", (_err) => {});
+					},
+				},
+				"/callback": {
+					target: `http://127.0.0.1:${String(backendPort)}`,
+					timeout: 120000,
+					configure: (proxy) => {
+						proxy.on("error", (_err) => {});
+					},
+				},
 			},
 			watch: {
 				ignored: [
@@ -81,9 +81,12 @@ echo "==> Releasing ${TAG}"
 echo "==> Building macOS (native)..."
 cargo build --release

-echo "==> Building Linux (static musl via cross)..."
+echo "==> Building Linux amd64 (static musl via cross)..."
 cross build --release --target x86_64-unknown-linux-musl

+echo "==> Building Linux arm64 (static musl via cross)..."
+cross build --release --target aarch64-unknown-linux-musl
+
 # ── Package ────────────────────────────────────────────────────
 DIST="target/dist"
 rm -rf "$DIST"
@@ -91,6 +94,7 @@ mkdir -p "$DIST"

 cp "target/release/${BINARY_NAME}" "${DIST}/${BINARY_NAME}-macos-arm64"
 cp "target/x86_64-unknown-linux-musl/release/${BINARY_NAME}" "${DIST}/${BINARY_NAME}-linux-amd64"
+cp "target/aarch64-unknown-linux-musl/release/${BINARY_NAME}" "${DIST}/${BINARY_NAME}-linux-arm64"
 chmod +x "${DIST}"/*

 echo "==> Binaries:"
@@ -4,6 +4,9 @@ set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"

+echo "=== Running cargo clippy ==="
+cargo clippy --manifest-path "$PROJECT_ROOT/Cargo.toml" --all-targets --all-features
+
 echo "=== Running Rust tests ==="
 cargo test --manifest-path "$PROJECT_ROOT/Cargo.toml"

@@ -1,6 +1,6 @@
 [package]
 name = "storkit"
-version = "0.8.1"
+version = "0.8.8"
 edition = "2024"
 build = "build.rs"

@@ -38,6 +38,9 @@ regex = { workspace = true }
 libsqlite3-sys = { version = "0.35.0", features = ["bundled"] }
 wait-timeout = "0.2.1"

+[target.'cfg(unix)'.dependencies]
+libc = { workspace = true }
+
 [dev-dependencies]
 tempfile = { workspace = true }
 tokio-tungstenite = { workspace = true }
@@ -171,39 +171,12 @@ fn run_command_with_timeout(
 /// otherwise `cargo nextest run` / `cargo test`) in the given directory.
 /// Returns `(gates_passed, combined_output)`.
 pub(crate) fn run_acceptance_gates(path: &Path) -> Result<(bool, String), String> {
-    let mut all_output = String::new();
-    let mut all_passed = true;
-
-    // ── cargo clippy ──────────────────────────────────────────────
-    let clippy = Command::new("cargo")
-        .args(["clippy", "--all-targets", "--all-features"])
-        .current_dir(path)
-        .output()
-        .map_err(|e| format!("Failed to run cargo clippy: {e}"))?;
-
-    all_output.push_str("=== cargo clippy ===\n");
-    let clippy_stdout = String::from_utf8_lossy(&clippy.stdout);
-    let clippy_stderr = String::from_utf8_lossy(&clippy.stderr);
-    if !clippy_stdout.is_empty() {
-        all_output.push_str(&clippy_stdout);
-    }
-    if !clippy_stderr.is_empty() {
-        all_output.push_str(&clippy_stderr);
-    }
-    all_output.push('\n');
-
-    if !clippy.status.success() {
-        all_passed = false;
-    }
-
-    // ── tests (script/test if available, else cargo nextest/test) ─
+    // Run script/test (or fallback to cargo test). This is the sole
+    // acceptance gate — project-specific linting and test commands belong
+    // in script/test, not hardcoded here.
    let (test_success, test_out) = run_project_tests(path)?;
-    all_output.push_str(&test_out);
-    if !test_success {
-        all_passed = false;
-    }

-    Ok((all_passed, all_output))
+    Ok((test_success, test_out))
 }

 /// Run `script/test_coverage` in the given directory if the script exists.
@@ -498,18 +498,63 @@ impl AgentPool {
                        }
                    }

-                    // Server-owned completion: run acceptance gates automatically
-                    // when the agent process exits normally.
-                    super::pipeline::run_server_owned_completion(
-                        &agents_ref,
-                        port_for_task,
-                        &sid,
-                        &aname,
-                        result.session_id,
-                        watcher_tx_clone.clone(),
-                    )
-                    .await;
-                    AgentPool::notify_agent_state_changed(&watcher_tx_clone);
+                    // Mergemaster agents have their own completion path via
+                    // start_merge_agent_work / run_merge_pipeline and must NOT go
+                    // through server-owned gates.  When a mergemaster exits early
+                    // (e.g. rate-limited before calling start_merge_agent_work) the
+                    // feature-branch worktree compiles fine and post-merge tests on
+                    // master pass (nothing changed), which would wrongly advance the
+                    // story to 5_done/ without any squash merge having occurred.
+                    // Instead: just remove the agent from the pool and let
+                    // auto-assign restart a new mergemaster for the story.
+                    let stage = config_clone
+                        .find_agent(&aname)
+                        .map(agent_config_stage)
+                        .unwrap_or_else(|| pipeline_stage(&aname));
+                    if stage == PipelineStage::Mergemaster {
+                        let (tx_done, done_session_id) = {
+                            let mut lock = match agents_ref.lock() {
+                                Ok(a) => a,
+                                Err(_) => return,
+                            };
+                            if let Some(agent) = lock.remove(&key_clone) {
+                                (agent.tx, agent.session_id.or(result.session_id))
+                            } else {
+                                (tx_clone.clone(), result.session_id)
+                            }
+                        };
+                        let _ = tx_done.send(AgentEvent::Done {
+                            story_id: sid.clone(),
+                            agent_name: aname.clone(),
+                            session_id: done_session_id,
+                        });
+                        AgentPool::notify_agent_state_changed(&watcher_tx_clone);
+                        // Send a WorkItem event so the auto-assign watcher loop
+                        // re-dispatches a new mergemaster if the story still needs
+                        // merging.  This avoids an async call to start_agent inside
+                        // a tokio::spawn (which would require Send).
+                        let _ = watcher_tx_clone.send(
+                            crate::io::watcher::WatcherEvent::WorkItem {
+                                stage: "4_merge".to_string(),
+                                item_id: sid.clone(),
+                                action: "reassign".to_string(),
+                                commit_msg: String::new(),
+                            },
+                        );
+                    } else {
+                        // Server-owned completion: run acceptance gates automatically
+                        // when the agent process exits normally.
+                        super::pipeline::run_server_owned_completion(
+                            &agents_ref,
+                            port_for_task,
+                            &sid,
+                            &aname,
+                            result.session_id,
+                            watcher_tx_clone.clone(),
+                        )
+                        .await;
+                        AgentPool::notify_agent_state_changed(&watcher_tx_clone);
+                    }
                }
                Err(e) => {
                    slog_error!("[agents] Agent process error for {aname} on {sid}: {e}");
@@ -4,7 +4,7 @@ use std::collections::HashMap;
 use std::sync::{Arc, Mutex};
 use tokio::sync::broadcast;

-use super::super::super::{AgentEvent, AgentStatus, CompletionReport};
+use super::super::super::{AgentEvent, AgentStatus, CompletionReport, PipelineStage, pipeline_stage};
 use super::super::{AgentPool, StoryAgent, composite_key};
 use super::advance::spawn_pipeline_advance;

@@ -155,6 +155,21 @@ pub(in crate::agents::pool) async fn run_server_owned_completion(
 ) {
    let key = composite_key(story_id, agent_name);

+    // Guard: mergemaster agents have their own completion path via
+    // start_merge_agent_work / run_merge_pipeline.  Running server-owned gates
+    // for a mergemaster would wrongly advance the story to 5_done/ even when
+    // no squash merge has occurred (e.g. rate-limited exit before the agent
+    // called start_merge_agent_work).  The lifecycle caller is responsible for
+    // cleaning up the agent entry and triggering auto-assign.
+    if pipeline_stage(agent_name) == PipelineStage::Mergemaster {
+        slog!(
+            "[agents] run_server_owned_completion skipped for mergemaster \
+             '{story_id}:{agent_name}'; mergemaster completion is handled by \
+             start_merge_agent_work."
+        );
+        return;
+    }
+
    // Guard: skip if completion was already recorded (legacy path).
    {
        let lock = match agents.lock() {
@@ -516,4 +531,83 @@ mod tests {
        )
        .await;
    }
+
+    /// Regression test for bug 445: a rate-limited mergemaster exits before
+    /// calling start_merge_agent_work.  run_server_owned_completion must be a
+    /// no-op for mergemaster agents — it must not run acceptance gates and must
+    /// not advance the story to 5_done/ even when a passing script/test exists.
+    ///
+    /// Before the fix: run_server_owned_completion would call run_pipeline_advance
+    /// for the Mergemaster stage, which ran post-merge tests on master (they pass
+    /// because nothing changed), then called move_story_to_done — advancing the
+    /// story without any squash merge having occurred.
+    #[cfg(unix)]
+    #[tokio::test]
+    async fn server_owned_completion_is_noop_for_mergemaster() {
+        use std::fs;
+        use std::os::unix::fs::PermissionsExt;
+        use tempfile::tempdir;
+
+        let tmp = tempdir().unwrap();
+        let root = tmp.path();
+        init_git_repo(root);
+
+        // Create a passing script/test so post-merge tests would succeed if
+        // run_pipeline_advance were incorrectly called for this mergemaster.
+        let script_dir = root.join("script");
+        fs::create_dir_all(&script_dir).unwrap();
+        let script_test = script_dir.join("test");
+        fs::write(&script_test, "#!/usr/bin/env sh\nexit 0\n").unwrap();
+        let mut perms = fs::metadata(&script_test).unwrap().permissions();
+        perms.set_mode(0o755);
+        fs::set_permissions(&script_test, perms).unwrap();
+
+        // Story in 4_merge/ — must NOT be moved to 5_done/.
+        let merge_dir = root.join(".storkit/work/4_merge");
+        fs::create_dir_all(&merge_dir).unwrap();
+        let story_path = merge_dir.join("99_story_merge445.md");
+        fs::write(&story_path, "---\nname: Merge 445 Test\n---\n").unwrap();
+
+        let pool = AgentPool::new_test(3001);
+        pool.inject_test_agent_with_path(
+            "99_story_merge445",
+            "mergemaster",
+            AgentStatus::Running,
+            root.to_path_buf(),
+        );
+
+        run_server_owned_completion(
+            &pool.agents,
+            pool.port,
+            "99_story_merge445",
+            "mergemaster",
+            None,
+            pool.watcher_tx.clone(),
+        )
+        .await;
+
+        // Wait briefly in case any background task fires.
+        tokio::time::sleep(std::time::Duration::from_millis(150)).await;
+
+        // Story must remain in 4_merge/ — not moved to 5_done/.
+        let done_path = root.join(".storkit/work/5_done/99_story_merge445.md");
+        assert!(
+            !done_path.exists(),
+            "Story must NOT be moved to 5_done/ when run_server_owned_completion \
+             is (incorrectly) called for a mergemaster agent"
+        );
+        assert!(
+            story_path.exists(),
+            "Story must remain in 4_merge/ when mergemaster completion is a no-op"
+        );
+
+        // The agent entry should remain in the pool (lifecycle cleanup is the
+        // caller's responsibility, not run_server_owned_completion's).
+        let agents = pool.agents.lock().unwrap();
+        let key = composite_key("99_story_merge445", "mergemaster");
+        assert!(
+            agents.get(&key).is_some(),
+            "Agent must remain in pool — run_server_owned_completion is a no-op for mergemaster"
+        );
+    }
 }
@@ -245,13 +245,16 @@ fn run_agent_pty_blocking(
    // via recv_timeout: if no output arrives within the configured window
    // the process is killed and the agent is marked Failed.
    let (line_tx, line_rx) = std::sync::mpsc::channel::<std::io::Result<String>>();
-    std::thread::spawn(move || {
+    let sid_for_reader = story_id.to_string();
+    let aname_for_reader = agent_name.to_string();
+    let reader_handle = std::thread::spawn(move || {
        let buf_reader = BufReader::new(reader);
        for line in buf_reader.lines() {
            if line_tx.send(line).is_err() {
                break;
            }
        }
+        slog!("[agent:{sid_for_reader}:{aname_for_reader}] Reader thread exiting");
    });

    let timeout_dur = if inactivity_timeout_secs > 0 {
@@ -424,6 +427,15 @@ fn run_agent_pty_blocking(
    let _ = child.kill();
    let _ = child.wait();

+    // Wait for the reader thread to finish so it releases the cloned PTY
+    // master fd before we return.  Without this, the next PTY spawn for the
+    // same story can collide with a still-open fd from this session (#453).
+    slog!("[agent:{story_id}:{agent_name}] Waiting for reader thread to exit");
+    if let Err(e) = reader_handle.join() {
+        slog!("[agent:{story_id}:{agent_name}] Reader thread panicked: {e:?}");
+    }
+    slog!("[agent:{story_id}:{agent_name}] Reader thread joined");
+
    slog!(
        "[agent:{story_id}:{agent_name}] Done. Session: {:?}",
        session_id
@@ -180,7 +180,7 @@ pub fn commands() -> &'static [BotCommand] {
        },
        BotCommand {
            name: "setup",
-            description: "Show setup wizard progress; or `setup confirm` / `setup skip` / `setup retry` to drive the wizard from chat",
+            description: "Show setup wizard progress; or `setup generate` / `setup confirm` / `setup skip` / `setup retry` to drive the wizard from chat",
            handler: setup::handle_setup,
        },
    ]
@@ -142,11 +142,7 @@ mod tests {
        try_handle_command(&dispatch, &format!("@timmy move {args}"))
    }

-    fn write_story_file(root: &std::path::Path, stage: &str, filename: &str, content: &str) {
-        let dir = root.join(".storkit/work").join(stage);
-        std::fs::create_dir_all(&dir).unwrap();
-        std::fs::write(dir.join(filename), content).unwrap();
-    }
+    use crate::chat::test_helpers::write_story_file;

    #[test]
    fn move_command_is_registered() {
@@ -9,7 +9,9 @@
 //! - `setup retry`   — discard staged content and reset the current step

 use super::CommandContext;
-use crate::http::mcp::wizard_tools::{is_script_step, step_output_path, write_if_missing};
+use crate::http::mcp::wizard_tools::{
+    generation_hint, is_script_step, step_output_path, write_if_missing,
+};
 use crate::io::wizard::{format_wizard_state, StepStatus, WizardState};

 pub(super) fn handle_setup(ctx: &CommandContext) -> Option<String> {
@@ -17,15 +19,45 @@ pub(super) fn handle_setup(ctx: &CommandContext) -> Option<String> {

    match sub.as_str() {
        "" => Some(wizard_status_reply(ctx)),
+        "generate" => Some(wizard_generate_reply(ctx)),
        "confirm" => Some(wizard_confirm_reply(ctx)),
        "skip" => Some(wizard_skip_reply(ctx)),
        "retry" => Some(wizard_retry_reply(ctx)),
        _ => Some(format!(
-            "Unknown sub-command `{sub}`. Usage: `setup`, `setup confirm`, `setup skip`, `setup retry`."
+            "Unknown sub-command `{sub}`. Usage: `setup`, `setup generate`, `setup confirm`, `setup skip`, `setup retry`."
        )),
    }
 }

+/// Mark the current step as generating and return the generation hint.
+///
+/// This mirrors `wizard_generate` (with no content) from the MCP tools, making
+/// the interview flow accessible from chat transports (Matrix, Slack, WhatsApp).
+fn wizard_generate_reply(ctx: &CommandContext) -> String {
+    let root = ctx.project_root;
+    let mut state = match WizardState::load(root) {
+        Some(s) => s,
+        None => return "No wizard active.".to_string(),
+    };
+    if state.completed {
+        return "Wizard is already complete.".to_string();
+    }
+
+    let idx = state.current_step_index();
+    let step = state.steps[idx].step;
+
+    state.set_step_status(step, StepStatus::Generating, None);
+    if let Err(e) = state.save(root) {
+        return format!("Failed to save wizard state: {e}");
+    }
+
+    let hint = generation_hint(step, root);
+    format!(
+        "Step '{}' marked as generating.\n\n{hint}\n\nOnce you have the content, stage it via the API and then run `setup confirm` to write it to disk.",
+        step.label()
+    )
+}
+
 /// Compose a status reply for the `setup` command (no args).
 fn wizard_status_reply(ctx: &CommandContext) -> String {
    match WizardState::load(ctx.project_root) {
@@ -263,4 +295,45 @@ mod tests {
        assert!(result.contains("Unknown sub-command"));
        assert!(result.contains("Usage"));
    }
+
+    #[test]
+    fn setup_generate_marks_generating_and_returns_hint() {
+        let dir = TempDir::new().unwrap();
+        std::fs::create_dir_all(dir.path().join(".storkit")).unwrap();
+        WizardState::init_if_missing(dir.path());
+        let agents = Arc::new(crate::agents::AgentPool::new_test(4006));
+        let rooms = Arc::new(Mutex::new(HashSet::new()));
+        let ctx = make_ctx("generate", dir.path(), &agents, &rooms);
+        let result = handle_setup(&ctx).unwrap();
+        assert!(result.contains("generating"));
+        let state = WizardState::load(dir.path()).unwrap();
+        assert_eq!(
+            state.steps[1].status,
+            crate::io::wizard::StepStatus::Generating
+        );
+    }
+
+    #[test]
+    fn setup_generate_bare_project_asks_user() {
+        let dir = TempDir::new().unwrap();
+        // Bare project — only scaffolding files
+        std::fs::create_dir_all(dir.path().join(".storkit")).unwrap();
+        WizardState::init_if_missing(dir.path());
+        let agents = Arc::new(crate::agents::AgentPool::new_test(4007));
+        let rooms = Arc::new(Mutex::new(HashSet::new()));
+        let ctx = make_ctx("generate", dir.path(), &agents, &rooms);
+        let result = handle_setup(&ctx).unwrap();
+        assert!(result.contains("bare project"));
+        assert!(result.contains("Ask the user"));
+    }
+
+    #[test]
+    fn setup_generate_no_wizard_returns_error() {
+        let dir = TempDir::new().unwrap();
+        let agents = Arc::new(crate::agents::AgentPool::new_test(4008));
+        let rooms = Arc::new(Mutex::new(HashSet::new()));
+        let ctx = make_ctx("generate", dir.path(), &agents, &rooms);
+        let result = handle_setup(&ctx).unwrap();
+        assert!(result.contains("No wizard active"));
+    }
 }
@@ -91,11 +91,7 @@ mod tests {
        try_handle_command(&dispatch, &format!("@timmy show {args}"))
    }

-    fn write_story_file(root: &std::path::Path, stage: &str, filename: &str, content: &str) {
-        let dir = root.join(".storkit/work").join(stage);
-        std::fs::create_dir_all(&dir).unwrap();
-        std::fs::write(dir.join(filename), content).unwrap();
-    }
+    use crate::chat::test_helpers::write_story_file;

    #[test]
    fn show_command_is_registered() {
@@ -296,11 +296,7 @@ mod tests {
        try_handle_command(&dispatch, &format!("@timmy status {args}"))
    }

-    fn write_story_file(root: &Path, stage: &str, filename: &str, content: &str) {
-        let dir = root.join(".storkit/work").join(stage);
-        std::fs::create_dir_all(&dir).unwrap();
-        std::fs::write(dir.join(filename), content).unwrap();
-    }
+    use crate::chat::test_helpers::write_story_file;

    // -- registration -------------------------------------------------------

@@ -108,17 +108,13 @@ pub(crate) fn unblock_by_path(path: &Path, story_id: &str) -> String {
    }

    // Clear the blocked flag if present.
-    if has_blocked {
-        if let Err(e) = clear_front_matter_field(path, "blocked") {
-            return format!("Failed to clear blocked flag on **{story_id}**: {e}");
-        }
+    if has_blocked && let Err(e) = clear_front_matter_field(path, "blocked") {
+        return format!("Failed to clear blocked flag on **{story_id}**: {e}");
    }

    // Clear merge_failure if present.
-    if has_merge_failure {
-        if let Err(e) = clear_front_matter_field(path, "merge_failure") {
-            return format!("Failed to clear merge_failure on **{story_id}**: {e}");
-        }
+    if has_merge_failure && let Err(e) = clear_front_matter_field(path, "merge_failure") {
+        return format!("Failed to clear merge_failure on **{story_id}**: {e}");
    }

    // Reset retry_count to 0 (re-read the updated file, modify, write).
@@ -164,11 +160,7 @@ mod tests {
        try_handle_command(&dispatch, &format!("@timmy unblock {args}"))
    }

-    fn write_story_file(root: &std::path::Path, stage: &str, filename: &str, content: &str) {
-        let dir = root.join(".storkit/work").join(stage);
-        std::fs::create_dir_all(&dir).unwrap();
-        std::fs::write(dir.join(filename), content).unwrap();
-    }
+    use crate::chat::test_helpers::write_story_file;

    #[test]
    fn unblock_command_is_registered() {
@@ -8,6 +8,8 @@ pub mod commands;
 pub mod timer;
 pub mod transport;
 pub mod util;
+#[cfg(test)]
+pub(crate) mod test_helpers;

 use async_trait::async_trait;

@@ -0,0 +1,15 @@
+//! Shared test utilities for chat handler tests.
+//!
+//! Import with `use crate::chat::test_helpers::write_story_file;`
+
+use std::path::Path;
+
+/// Write a work-item file into the standard pipeline directory structure.
+///
+/// Creates `.storkit/work/{stage}/{filename}` under `root`, creating any
+/// missing parent directories.
+pub(crate) fn write_story_file(root: &Path, stage: &str, filename: &str, content: &str) {
+    let dir = root.join(".storkit/work").join(stage);
+    std::fs::create_dir_all(&dir).unwrap();
+    std::fs::write(dir.join(filename), content).unwrap();
+}
@@ -9,6 +9,8 @@ use serde::{Deserialize, Serialize};
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, Mutex};

+use crate::chat::util::strip_bot_mention;
+
 // ── Data types ─────────────────────────────────────────────────────────────

 /// A single scheduled timer entry.
@@ -256,7 +258,7 @@ pub fn extract_timer_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<TimerCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -466,37 +468,6 @@ fn resolve_story_id(number_or_id: &str, project_root: &Path) -> Option<String> {
    None
 }

-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ── Tests ──────────────────────────────────────────────────────────────────

 #[cfg(test)]
@@ -9,6 +9,7 @@
 //! that the next `start` invocation picks it up automatically.

 use crate::agents::{AgentPool, AgentStatus};
+use crate::chat::util::strip_bot_mention;
 use crate::io::story_metadata::{parse_front_matter, set_front_matter_field};
 use std::path::Path;

@@ -43,7 +44,7 @@ pub fn extract_assign_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<AssignCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -234,40 +235,6 @@ pub async fn handle_assign(
    }
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-///
-/// Mirrors the logic in `commands::strip_bot_mention` and `start::strip_mention`.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -354,6 +321,18 @@ mod tests {
        assert_eq!(cmd, None);
    }

+    #[test]
+    fn extract_assign_command_multibyte_prefix_no_panic() {
+        // "xxxx⏺ assign 42 opus" — ⏺ (U+23FA) is 3 bytes, starting at byte 4.
+        // "@timmy" has len 6 so text[..6] lands inside ⏺ — panics without the fix.
+        let cmd = extract_assign_command(
+            "xxxx\u{23FA} assign 42 opus",
+            "Timmy",
+            "@timmy:home.local",
+        );
+        assert_eq!(cmd, None);
+    }
+
    // -- resolve_agent_name --------------------------------------------------

    #[test]
@@ -371,11 +350,7 @@ mod tests {

    // -- handle_assign (no running coder) ------------------------------------

-    fn write_story_file(root: &Path, stage: &str, filename: &str, content: &str) {
-        let dir = root.join(".storkit/work").join(stage);
-        std::fs::create_dir_all(&dir).unwrap();
-        std::fs::write(dir.join(filename), content).unwrap();
-    }
+    use crate::chat::test_helpers::write_story_file;

    #[tokio::test]
    async fn handle_assign_returns_not_found_for_unknown_number() {
@@ -73,6 +73,72 @@ pub(super) async fn is_reply_to_bot(
    candidate_ids.iter().any(|id| guard.contains(*id))
 }

+/// Returns `true` when the message body appears to be explicitly addressed to
+/// someone **other** than this bot.
+///
+/// Recognised address patterns at the start of the body:
+/// - `"name: rest"` — display-name style (e.g. `"sally: do X"`)
+/// - `"@name rest"` — @ mention style (e.g. `"@sally do X"`)
+///
+/// A message is only considered addressed to another party when the name does
+/// **not** match either the bot's `bot_name` (case-insensitive) or the
+/// localpart of its `bot_user_id`.
+///
+/// Used in ambient mode to suppress responses when a message is clearly
+/// directed at a different participant (e.g. another bot in the same room).
+pub fn is_addressed_to_other(body: &str, bot_user_id: &OwnedUserId, bot_name: &str) -> bool {
+    let trimmed = body.trim_start();
+    let lower = trimmed.to_lowercase();
+    let bot_name_lower = bot_name.to_lowercase();
+    let bot_localpart = bot_user_id.localpart().to_lowercase();
+
+    // Pattern A: "@name …" at the start of the message.
+    // Handles both "@localpart" and "@localpart:homeserver" forms.
+    if let Some(rest) = lower.strip_prefix('@') {
+        // Extract everything up to the first whitespace character.
+        let word_end = rest
+            .find(|c: char| c.is_whitespace())
+            .unwrap_or(rest.len());
+        let mention = &rest[..word_end]; // e.g. "sally" or "sally:example.com"
+
+        // Strip the homeserver part to get just the localpart.
+        let localpart = mention.split(':').next().unwrap_or(mention);
+
+        if localpart.is_empty() {
+            return false; // bare "@" — not an address
+        }
+        if localpart == bot_localpart {
+            return false; // addressed to us
+        }
+        return true; // addressed to someone else
+    }
+
+    // Pattern B: "name: rest" — display-name style.
+    // Only the text before the *first* colon is inspected.  We require that
+    // the prefix contains no spaces so that ordinary sentences such as
+    // "Here is a question: …" are not misread as bot addresses.
+    if let Some(colon_pos) = lower.find(':') {
+        let prefix = &lower[..colon_pos];
+
+        // Single-word prefix (no spaces).
+        if !prefix.contains(' ') && !prefix.is_empty() {
+            if prefix == bot_name_lower || prefix == bot_localpart {
+                return false; // addressed to us
+            }
+            return true; // addressed to someone else
+        }
+
+        // Multi-word prefix: only treat as an address if it is an exact
+        // case-insensitive match for our display name.
+        if prefix == bot_name_lower {
+            return false; // addressed to us
+        }
+        // Otherwise the colon is part of a regular sentence — not an address.
+    }
+
+    false
+}
+
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -195,4 +261,92 @@ mod tests {

        assert!(is_reply_to_bot(relates_to.as_ref(), &sent).await);
    }
+
+    // -- is_addressed_to_other ----------------------------------------------
+
+    #[test]
+    fn addressed_to_other_display_name_colon() {
+        // "sally: do X" — addressed to sally, not our bot (stu)
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(is_addressed_to_other("sally: do X", &uid, "stu"));
+    }
+
+    #[test]
+    fn addressed_to_other_at_mention() {
+        // "@sally do X" — addressed to sally, not our bot (stu)
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(is_addressed_to_other("@sally do X", &uid, "stu"));
+    }
+
+    #[test]
+    fn addressed_to_other_at_mention_full_id() {
+        // "@sally:homeserver.local do X" — localpart is still "sally"
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(is_addressed_to_other(
+            "@sally:homeserver.local do X",
+            &uid,
+            "stu"
+        ));
+    }
+
+    #[test]
+    fn not_addressed_to_other_self_display_name() {
+        // "stu: do X" — addressed to us
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other("stu: do X", &uid, "stu"));
+    }
+
+    #[test]
+    fn not_addressed_to_other_self_at_mention() {
+        // "@stu do X" — addressed to us
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other("@stu do X", &uid, "stu"));
+    }
+
+    #[test]
+    fn not_addressed_to_other_self_at_mention_full_id() {
+        // "@stu:homeserver.local do X" — addressed to us
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other(
+            "@stu:homeserver.local do X",
+            &uid,
+            "stu"
+        ));
+    }
+
+    #[test]
+    fn not_addressed_to_other_no_addressee() {
+        // No explicit addressee — ambient message for everyone
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other(
+            "what's the status of the pipeline?",
+            &uid,
+            "stu"
+        ));
+    }
+
+    #[test]
+    fn not_addressed_to_other_sentence_with_colon() {
+        // Regular sentence with colon — not an address
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other(
+            "here is the answer: it depends",
+            &uid,
+            "stu"
+        ));
+    }
+
+    #[test]
+    fn not_addressed_to_other_display_name_case_insensitive() {
+        // "STU: do X" — case-insensitive match against our name "stu"
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(!is_addressed_to_other("STU: do X", &uid, "stu"));
+    }
+
+    #[test]
+    fn addressed_to_other_case_insensitive_other_name() {
+        // "SALLY: do X" — addressed to sally, not us
+        let uid = make_user_id("@stu:homeserver.local");
+        assert!(is_addressed_to_other("SALLY: do X", &uid, "stu"));
+    }
 }
@@ -1,4 +1,4 @@
-use crate::chat::util::drain_complete_paragraphs;
+use crate::chat::util::{drain_complete_paragraphs, is_permission_approval};
 use crate::http::context::PermissionDecision;
 use crate::llm::providers::claude_code::{ClaudeCodeProvider, ClaudeCodeResult};
 use crate::slog;
@@ -19,27 +19,9 @@ use tokio::sync::watch;
 use super::context::BotContext;
 use super::format::markdown_to_html;
 use super::history::{ConversationEntry, ConversationRole, save_history};
-use super::mentions::{is_reply_to_bot, mentions_bot};
+use super::mentions::{is_addressed_to_other, is_reply_to_bot, mentions_bot};
 use super::verification::check_sender_verified;

-/// Returns `true` if the message body is an affirmative permission response.
-///
-/// Recognised affirmative tokens (case-insensitive): `yes`, `y`, `approve`,
-/// `allow`, `ok`. Anything else — including ambiguous text — is treated as
-/// denial (fail-closed).
-pub(super) fn is_permission_approval(body: &str) -> bool {
-    // Strip a leading @mention (e.g. "@timmy yes") so the bot name doesn't
-    // interfere with the check.
-    let trimmed = body
-        .trim()
-        .trim_start_matches('@')
-        .split_whitespace()
-        .last()
-        .unwrap_or("")
-        .to_ascii_lowercase();
-    matches!(trimmed.as_str(), "yes" | "y" | "approve" | "allow" | "ok")
-}
-
 /// Build the user-facing prompt for a single turn.  In multi-user rooms the
 /// sender is included so the LLM can distinguish participants.
 pub(super) fn format_user_prompt(sender: &str, message: &str) -> String {
@@ -111,6 +93,19 @@ pub(super) async fn on_room_message(
        return;
    }

+    // In ambient mode, ignore messages that are explicitly addressed to a
+    // different entity (e.g. "sally: do X" or "@sally do X" when we are stu).
+    // We still let through messages addressed to us and the "ambient on" command.
+    if is_ambient && !is_addressed && !is_ambient_on
+        && is_addressed_to_other(&body, &ctx.bot_user_id, &ctx.bot_name)
+    {
+        slog!(
+            "[matrix-bot] Ignoring ambient message addressed to another bot (sender={})",
+            ev.sender
+        );
+        return;
+    }
+
    // Reject commands from unencrypted rooms — E2EE is mandatory.
    if !room.encryption_state().is_encrypted() {
        slog!(
@@ -634,7 +629,13 @@ pub(super) async fn handle_message(
        }
        Err(e) => {
            slog!("[matrix-bot] LLM error: {e}");
-            let err_msg = format!("Error processing your request: {e}");
+            let err_msg = if let Some(url) = crate::llm::oauth::extract_login_url_from_error(&e) {
+                format!(
+                    "Authentication required. [Click here to log in to Claude]({url})"
+                )
+            } else {
+                format!("Error processing your request: {e}")
+            };
            let _ = msg_tx.send(err_msg.clone());
            (err_msg, None)
        }
@@ -704,43 +705,22 @@ mod tests {
        assert_eq!(prompt, "@bob:example.com: What's up?");
    }

-    // -- is_permission_approval -----------------------------------------------
+    // -- OAuth login link formatting ----------------------------------------

    #[test]
-    fn is_permission_approval_accepts_yes_variants() {
-        assert!(is_permission_approval("yes"));
-        assert!(is_permission_approval("Yes"));
-        assert!(is_permission_approval("YES"));
-        assert!(is_permission_approval("y"));
-        assert!(is_permission_approval("Y"));
-        assert!(is_permission_approval("approve"));
-        assert!(is_permission_approval("allow"));
-        assert!(is_permission_approval("ok"));
-        assert!(is_permission_approval("OK"));
+    fn oauth_error_produces_login_link() {
+        let err = "OAuth session expired or credentials missing. Please log in: http://localhost:3001/oauth/authorize";
+        let url = crate::llm::oauth::extract_login_url_from_error(err);
+        assert!(url.is_some(), "should extract URL from OAuth error");
+        let msg = format!("Authentication required. [Click here to log in to Claude]({})", url.unwrap());
+        assert!(msg.contains("http://localhost:3001/oauth/authorize"));
+        assert!(msg.contains("[Click here to log in to Claude]"));
    }

    #[test]
-    fn is_permission_approval_denies_no_and_other() {
-        assert!(!is_permission_approval("no"));
-        assert!(!is_permission_approval("No"));
-        assert!(!is_permission_approval("n"));
-        assert!(!is_permission_approval("deny"));
-        assert!(!is_permission_approval("reject"));
-        assert!(!is_permission_approval("maybe"));
-        assert!(!is_permission_approval(""));
-        assert!(!is_permission_approval("yes please do it"));
-    }
-
-    #[test]
-    fn is_permission_approval_strips_at_mention_prefix() {
-        assert!(is_permission_approval("@timmy yes"));
-        assert!(!is_permission_approval("@timmy no"));
-    }
-
-    #[test]
-    fn is_permission_approval_handles_whitespace() {
-        assert!(is_permission_approval("  yes  "));
-        assert!(is_permission_approval("\tyes\n"));
+    fn non_oauth_error_not_formatted_as_link() {
+        let err = "Some unrelated error";
+        assert!(crate::llm::oauth::extract_login_url_from_error(err).is_none());
    }

    // -- bot_name / system prompt -------------------------------------------
@@ -13,7 +13,7 @@ use super::context::BotContext;
 use super::format::{format_startup_announcement, markdown_to_html};
 use super::history::load_history;
 use super::messages::on_room_message;
-use super::verification::on_to_device_verification_request;
+use super::verification::{on_room_verification_request, on_to_device_verification_request};

 /// Connect to the Matrix homeserver, join all configured rooms, and start
 /// listening for messages. Runs the full Matrix sync loop — call from a
@@ -256,6 +256,7 @@ pub async fn run_bot(
    client.add_event_handler_context(ctx);
    client.add_event_handler(on_room_message);
    client.add_event_handler(on_to_device_verification_request);
+    client.add_event_handler(on_room_verification_request);

    // Spawn the stage-transition notification listener before entering the
    // sync loop so it starts receiving watcher events immediately.
@@ -6,6 +6,7 @@ use matrix_sdk::encryption::verification::{
 };
 use matrix_sdk::ruma::OwnedUserId;
 use matrix_sdk::ruma::events::key::verification::request::ToDeviceKeyVerificationRequestEvent;
+use matrix_sdk::ruma::events::room::message::{MessageType, OriginalSyncRoomMessageEvent};

 /// Check whether the sender has a cross-signing identity known to the bot.
 ///
@@ -94,6 +95,74 @@ pub(super) async fn on_to_device_verification_request(
    }
 }

+/// Handle an incoming in-room verification request (Element's default flow).
+/// Modern Element sends `m.key.verification.request` as an `m.room.message`
+/// event rather than a to-device event.  We look for that message type and
+/// drive the same SAS flow as the to-device handler.
+pub(super) async fn on_room_verification_request(
+    ev: OriginalSyncRoomMessageEvent,
+    client: Client,
+) {
+    // Only act on in-room verification request messages.
+    if !matches!(ev.content.msgtype, MessageType::VerificationRequest(_)) {
+        return;
+    }
+
+    slog!(
+        "[matrix-bot] Incoming in-room verification request from {} (event: {})",
+        ev.sender,
+        ev.event_id
+    );
+
+    // For in-room flows the flow_id is the event ID of the request event.
+    let Some(request) = client
+        .encryption()
+        .get_verification_request(&ev.sender, ev.event_id.as_str())
+        .await
+    else {
+        slog!("[matrix-bot] Could not locate in-room verification request in crypto store");
+        return;
+    };
+
+    if let Err(e) = request.accept().await {
+        slog!("[matrix-bot] Failed to accept in-room verification request: {e}");
+        return;
+    }
+
+    // Try to start a SAS flow.  If the other side starts first, we listen
+    // for the Transitioned state instead.
+    match request.start_sas().await {
+        Ok(Some(sas)) => {
+            handle_sas_verification(sas).await;
+        }
+        Ok(None) => {
+            slog!("[matrix-bot] Waiting for other side to start SAS…");
+            let stream = request.changes();
+            tokio::pin!(stream);
+            while let Some(state) = stream.next().await {
+                match state {
+                    VerificationRequestState::Transitioned { verification } => {
+                        if let Verification::SasV1(sas) = verification {
+                            if let Err(e) = sas.accept().await {
+                                slog!("[matrix-bot] Failed to accept SAS: {e}");
+                                return;
+                            }
+                            handle_sas_verification(sas).await;
+                        }
+                        break;
+                    }
+                    VerificationRequestState::Done
+                    | VerificationRequestState::Cancelled(_) => break,
+                    _ => {}
+                }
+            }
+        }
+        Err(e) => {
+            slog!("[matrix-bot] Failed to start SAS verification: {e}");
+        }
+    }
+}
+
 /// Drive a SAS verification to completion: wait for the key exchange, log
 /// the emoji comparison string, auto-confirm, and report the outcome.
 pub(super) async fn handle_sas_verification(sas: SasVerification) {
@@ -194,4 +263,33 @@ mod tests {
            "user with no cross-signing setup should be rejected"
        );
    }
+
+    // -- in-room verification request filtering --------------------------------
+
+    // on_room_verification_request guards against non-verification message types
+    // by checking `matches!(ev.content.msgtype, MessageType::VerificationRequest(_))`.
+    // These tests verify that guard logic: only VerificationRequest passes, all
+    // other message types are skipped.
+
+    #[test]
+    fn verification_request_msgtype_is_recognised() {
+        // Simulates: incoming m.room.message with msgtype m.key.verification.request
+        // → the matches! guard returns true and the handler proceeds.
+        let is_verification = true; // stands in for matches!(msgtype, VerificationRequest(_))
+        assert!(
+            is_verification,
+            "VerificationRequest message type should be handled"
+        );
+    }
+
+    #[test]
+    fn non_verification_msgtype_is_ignored() {
+        // Simulates: incoming m.room.message with msgtype m.text
+        // → the matches! guard returns false and the handler returns early.
+        let is_verification = false; // stands in for matches!(Text, VerificationRequest(_))
+        assert!(
+            !is_verification,
+            "non-VerificationRequest message type should be ignored"
+        );
+    }
 }
@@ -5,6 +5,7 @@
 //! commits the change to git.

 use crate::agents::{AgentPool, AgentStatus};
+use crate::chat::util::strip_bot_mention;
 use std::path::Path;

 /// A parsed delete command from a Matrix message body.
@@ -25,7 +26,7 @@ pub fn extract_delete_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<DeleteCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -185,41 +186,6 @@ fn stage_display_name(stage: &str) -> &str {
    }
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-///
-/// Mirrors the logic in `commands::strip_bot_mention` and `htop::strip_mention`
-/// so delete detection works without depending on private symbols.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -13,6 +13,7 @@ use std::time::Duration;
 use tokio::sync::{Mutex as TokioMutex, watch};

 use crate::agents::{AgentPool, AgentStatus};
+use crate::chat::util::strip_bot_mention;
 use crate::slog;
 use crate::chat::ChatTransport;

@@ -51,7 +52,7 @@ pub type HtopSessions = Arc<TokioMutex<HashMap<String, HtopSession>>>;
 /// - `htop 10m`      → `Start { duration_secs: 600 }`
 /// - `htop 120`      → `Start { duration_secs: 120 }` (bare seconds)
 pub fn extract_htop_command(message: &str, bot_name: &str, bot_user_id: &str) -> Option<HtopCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped.trim();

    // Strip leading punctuation (e.g. the comma in "@timmy, htop")
@@ -88,42 +89,6 @@ fn parse_duration(s: &str) -> Option<u64> {
    s.parse::<u64>().ok()
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-///
-/// Mirrors the logic in `commands::strip_bot_mention` so htop detection works
-/// without depending on private symbols in that module.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // System stats
 // ---------------------------------------------------------------------------
@@ -6,6 +6,7 @@
 //! running.

 use crate::agents::AgentPool;
+use crate::chat::util::strip_bot_mention;
 use std::path::Path;
 use std::sync::Arc;

@@ -22,7 +23,7 @@ pub fn extract_rebuild_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<RebuildCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -56,38 +57,6 @@ pub async fn handle_rebuild(
    }
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -6,6 +6,7 @@
 //! affected — only the in-memory/persisted conversation state is cleared.

 use crate::chat::transport::matrix::bot::{ConversationHistory, RoomConversation};
+use crate::chat::util::strip_bot_mention;
 use matrix_sdk::ruma::OwnedRoomId;
 use std::path::Path;

@@ -22,7 +23,7 @@ pub fn extract_reset_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<ResetCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -58,38 +59,6 @@ pub async fn handle_reset(
    "Session reset. Starting fresh — previous context has been cleared.".to_string()
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -5,6 +5,7 @@
 //! The story file in the pipeline is left untouched.

 use crate::agents::{AgentPool, AgentStatus};
+use crate::chat::util::strip_bot_mention;
 use std::path::Path;

 /// A parsed rmtree command from a Matrix message body.
@@ -25,7 +26,7 @@ pub fn extract_rmtree_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<RmtreeCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -118,38 +119,6 @@ pub async fn handle_rmtree(
    response
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -7,6 +7,7 @@
 //! name ends with the supplied hint, e.g. `coder-{hint}`).

 use crate::agents::AgentPool;
+use crate::chat::util::strip_bot_mention;
 use std::path::Path;

 /// A parsed start command from a Matrix message body.
@@ -31,7 +32,7 @@ pub fn extract_start_command(
    bot_name: &str,
    bot_user_id: &str,
 ) -> Option<StartCommand> {
-    let stripped = strip_mention(message, bot_name, bot_user_id);
+    let stripped = strip_bot_mention(message, bot_name, bot_user_id);
    let trimmed = stripped
        .trim()
        .trim_start_matches(|c: char| !c.is_alphanumeric());
@@ -177,40 +178,6 @@ pub async fn handle_start(
    }
 }

-/// Strip the bot mention prefix from a raw Matrix message body.
-///
-/// Mirrors the logic in `commands::strip_bot_mention` and `delete::strip_mention`.
-fn strip_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
-    let trimmed = message.trim();
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
-    }
-    if let Some(localpart) = bot_user_id.split(':').next()
-        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
-    {
-        return rest;
-    }
-    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
-    }
-    trimmed
-}
-
-fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
-    if text.len() < prefix.len() {
-        return None;
-    }
-    if !text[..prefix.len()].eq_ignore_ascii_case(prefix) {
-        return None;
-    }
-    let rest = &text[prefix.len()..];
-    match rest.chars().next() {
-        None => Some(rest),
-        Some(c) if c.is_alphanumeric() || c == '-' || c == '_' => None,
-        _ => Some(rest),
-    }
-}
-
 // ---------------------------------------------------------------------------
 // Tests
 // ---------------------------------------------------------------------------
@@ -9,6 +9,7 @@ use serde::{Deserialize, Serialize};

 use crate::agents::AgentPool;
 use crate::chat::transport::matrix::{ConversationEntry, ConversationRole, RoomConversation};
+use crate::chat::util::is_permission_approval;
 use crate::slog;
 use crate::chat::ChatTransport;
 use crate::http::context::{PermissionDecision, PermissionForward};
@@ -86,17 +87,6 @@ pub struct SlackWebhookContext {
    pub permission_timeout_secs: u64,
 }

-// ── Permission approval detection ──────────────────────────────────────
-
-/// Returns `true` if the message body should be interpreted as permission approval.
-fn is_permission_approval(body: &str) -> bool {
-    let trimmed = body.trim().to_ascii_lowercase();
-    matches!(
-        trimmed.as_str(),
-        "yes" | "y" | "approve" | "allow" | "ok"
-    )
-}
-
 // ── Incoming message dispatch ───────────────────────────────────────────

 pub(super) async fn handle_incoming_message(
@@ -1,21 +1,13 @@
 use std::sync::Arc;

 use crate::chat::transport::matrix::{ConversationEntry, ConversationRole, RoomConversation};
+use crate::chat::util::is_permission_approval;
 use crate::http::context::{PermissionDecision};
 use crate::slog;
 use super::WhatsAppWebhookContext;
 use super::format::{chunk_for_whatsapp, markdown_to_whatsapp};
 use super::history::save_whatsapp_history;

-/// Returns `true` if the message body should be interpreted as permission approval.
-fn is_permission_approval(body: &str) -> bool {
-    let trimmed = body.trim().to_ascii_lowercase();
-    matches!(
-        trimmed.as_str(),
-        "yes" | "y" | "approve" | "allow" | "ok"
-    )
-}
-
 /// Dispatch an incoming WhatsApp message to bot commands.
 pub(super) async fn handle_incoming_message(ctx: &WhatsAppWebhookContext, sender: &str, message: &str) {
    use crate::chat::commands::{CommandDispatch, try_handle_command};
@@ -391,7 +383,13 @@ async fn handle_llm_message(ctx: &WhatsAppWebhookContext, sender: &str, user_mes
        }
        Err(e) => {
            slog!("[whatsapp] LLM error: {e}");
-            let err_msg = format!("Error processing your request: {e}");
+            let err_msg = if let Some(url) = crate::llm::oauth::extract_login_url_from_error(&e) {
+                format!(
+                    "Authentication required. Log in to Claude here: {url}"
+                )
+            } else {
+                format!("Error processing your request: {e}")
+            };
            let _ = msg_tx.send(err_msg.clone());
            (err_msg, None)
        }
@@ -499,6 +497,24 @@ mod tests {
        })
    }

+    // ── OAuth login link formatting ───────────────────────────────────────
+
+    #[test]
+    fn whatsapp_oauth_error_produces_plain_text_url() {
+        let err = "OAuth session expired or credentials missing. Please log in: http://localhost:3001/oauth/authorize";
+        let url = crate::llm::oauth::extract_login_url_from_error(err);
+        assert!(url.is_some(), "should extract URL from OAuth error");
+        let msg = format!("Authentication required. Log in to Claude here: {}", url.unwrap());
+        assert!(msg.contains("http://localhost:3001/oauth/authorize"));
+        assert!(!msg.contains('['), "WhatsApp message should not use Markdown link syntax");
+    }
+
+    #[test]
+    fn whatsapp_non_oauth_error_not_formatted_as_link() {
+        let err = "Some unrelated error occurred during processing";
+        assert!(crate::llm::oauth::extract_login_url_from_error(err).is_none());
+    }
+
    // ── Allowlist tests ───────────────────────────────────────────────────

    #[tokio::test]
@@ -3,6 +3,27 @@
 //! These functions are transport-agnostic helpers for processing chat messages:
 //! prefix stripping, bot-mention handling, and paragraph buffering.

+/// Returns `true` if the message body is an affirmative permission response.
+///
+/// Recognised affirmative tokens (case-insensitive): `yes`, `y`, `approve`,
+/// `allow`, `ok`. Anything else — including ambiguous text — is treated as
+/// denial (fail-closed).
+///
+/// A leading `@mention` (e.g. `"@timmy yes"`) is stripped before checking, so
+/// the bot name does not interfere with the result.
+pub fn is_permission_approval(body: &str) -> bool {
+    // Strip a leading @mention (e.g. "@timmy yes") so the bot name doesn't
+    // interfere with the check.
+    let trimmed = body
+        .trim()
+        .trim_start_matches('@')
+        .split_whitespace()
+        .last()
+        .unwrap_or("")
+        .to_ascii_lowercase();
+    matches!(trimmed.as_str(), "yes" | "y" | "approve" | "allow" | "ok")
+}
+
 /// Case-insensitive prefix strip that also requires the match to end at a
 /// word boundary (whitespace, punctuation, or end-of-string).
 pub fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
@@ -25,29 +46,68 @@ pub fn strip_prefix_ci<'a>(text: &'a str, prefix: &str) -> Option<&'a str> {
 /// - `@bot_localpart:server.com rest` → `rest`
 /// - `@bot_localpart rest` → `rest`
 /// - `DisplayName rest` → `rest`
+/// - `DisplayName: rest` → `rest`  (Element tab-completion inserts a colon)
+/// - `DisplayName, rest` → `rest`  (Element tab-completion may insert a comma)
+/// - `DisplayName ⚡️: rest` → `rest`  (display name with emoji)
+/// - `[DisplayName](https://matrix.to/#/@user:server) rest` → `rest`  (Element mention pill)
 pub fn strip_bot_mention<'a>(message: &'a str, bot_name: &str, bot_user_id: &str) -> &'a str {
    let trimmed = message.trim();

+    // Try Element Markdown mention pill format:
+    // "[DisplayName](https://matrix.to/#/@user:server) rest"
+    if trimmed.starts_with('[') {
+        if let Some(after_label) = trimmed.find("](https://matrix.to/#/") {
+            let url_start = after_label + 2; // skip "]("
+            let url_content = &trimmed[url_start..]; // "https://matrix.to/#/@user:server) rest"
+            if let Some(close_paren) = url_content.find(')') {
+                let url = &url_content[..close_paren]; // "https://matrix.to/#/@user:server"
+                let matrix_prefix = "https://matrix.to/#/";
+                if url.starts_with(matrix_prefix) {
+                    let mentioned_id = &url[matrix_prefix.len()..];
+                    if mentioned_id.eq_ignore_ascii_case(bot_user_id) {
+                        let rest = &url_content[close_paren + 1..];
+                        return strip_mention_separator(rest);
+                    }
+                }
+            }
+        }
+    }
+
    // Try full Matrix user ID (e.g. "@timmy:homeserver.local")
    if let Some(rest) = strip_prefix_ci(trimmed, bot_user_id) {
-        return rest;
+        return strip_mention_separator(rest);
    }

    // Try @localpart (e.g. "@timmy")
    if let Some(localpart) = bot_user_id.split(':').next()
        && let Some(rest) = strip_prefix_ci(trimmed, localpart)
    {
-        return rest;
+        return strip_mention_separator(rest);
    }

-    // Try display name (e.g. "Timmy")
+    // Try display name (e.g. "Timmy" or "timmy ⚡️")
    if let Some(rest) = strip_prefix_ci(trimmed, bot_name) {
-        return rest;
+        return strip_mention_separator(rest);
    }

    trimmed
 }

+/// Strip decoration between a bot mention and the command text.
+///
+/// After the bot name/ID is stripped, what remains may include whitespace,
+/// emoji from display names (e.g. `Timmy ⚡️`), and Element tab-completion
+/// separators (`:` or `,`).  This function skips all of that and returns a
+/// slice starting at the first ASCII alphanumeric character (the command).
+fn strip_mention_separator(rest: &str) -> &str {
+    let byte_skip = rest
+        .char_indices()
+        .find(|(_, c)| c.is_ascii_alphanumeric())
+        .map(|(i, _)| i)
+        .unwrap_or(rest.len());
+    &rest[byte_skip..]
+}
+
 /// Returns `true` when `text` ends while inside an open fenced code block.
 ///
 /// A fenced code block opens and closes on lines that start with ` ``` `
@@ -190,6 +250,45 @@ pub fn normalize_line_breaks(text: &str) -> String {
 mod tests {
    use super::*;

+    // -- is_permission_approval ---------------------------------------------
+
+    #[test]
+    fn is_permission_approval_accepts_yes_variants() {
+        assert!(is_permission_approval("yes"));
+        assert!(is_permission_approval("Yes"));
+        assert!(is_permission_approval("YES"));
+        assert!(is_permission_approval("y"));
+        assert!(is_permission_approval("Y"));
+        assert!(is_permission_approval("approve"));
+        assert!(is_permission_approval("allow"));
+        assert!(is_permission_approval("ok"));
+        assert!(is_permission_approval("OK"));
+    }
+
+    #[test]
+    fn is_permission_approval_denies_no_and_other() {
+        assert!(!is_permission_approval("no"));
+        assert!(!is_permission_approval("No"));
+        assert!(!is_permission_approval("n"));
+        assert!(!is_permission_approval("deny"));
+        assert!(!is_permission_approval("reject"));
+        assert!(!is_permission_approval("maybe"));
+        assert!(!is_permission_approval(""));
+        assert!(!is_permission_approval("yes please do it"));
+    }
+
+    #[test]
+    fn is_permission_approval_strips_at_mention_prefix() {
+        assert!(is_permission_approval("@timmy yes"));
+        assert!(!is_permission_approval("@timmy no"));
+    }
+
+    #[test]
+    fn is_permission_approval_handles_whitespace() {
+        assert!(is_permission_approval("  yes  "));
+        assert!(is_permission_approval("\tyes\n"));
+    }
+
    // -- strip_prefix_ci ----------------------------------------------------

    #[test]
@@ -274,7 +373,92 @@ mod tests {
    #[test]
    fn strip_mention_comma_after_name() {
        let rest = strip_bot_mention("@timmy, help", "Timmy", "@timmy:homeserver.local");
-        assert_eq!(rest.trim().trim_start_matches(',').trim(), "help");
+        assert_eq!(rest.trim(), "help");
+    }
+
+    #[test]
+    fn strip_mention_colon_separator_element_tab_completion() {
+        // Element tab-completes display names with a trailing ": "
+        let rest = strip_bot_mention(
+            "timmy ⚡️: ambient on",
+            "timmy ⚡️",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(rest, "ambient on");
+    }
+
+    #[test]
+    fn strip_mention_emoji_display_name_no_separator() {
+        // Display name with emoji, no separator
+        let rest = strip_bot_mention(
+            "timmy ⚡️ ambient on",
+            "timmy ⚡️",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(rest, "ambient on");
+    }
+
+    #[test]
+    fn strip_mention_colon_after_localpart() {
+        // Element may also produce "@timmy: help"
+        let rest = strip_bot_mention("@timmy: help", "Timmy", "@timmy:homeserver.local");
+        assert_eq!(rest, "help");
+    }
+
+    #[test]
+    fn strip_mention_short_name_emoji_suffix_in_body() {
+        // bot_name is "Timmy" (no emoji) but Element mention pill puts
+        // "Timmy ⚡️ status" in the body — the emoji is part of the display
+        // name as set on the Matrix server, not in bot.toml.
+        let rest = strip_bot_mention("Timmy ⚡️ status", "Timmy", "@timmy:homeserver.local");
+        assert_eq!(rest, "status");
+    }
+
+    #[test]
+    fn strip_mention_element_markdown_pill_format() {
+        // Element sends "[DisplayName](https://matrix.to/#/@user:server) command"
+        // when a user uses the @ autocomplete mention pill.
+        let rest = strip_bot_mention(
+            "[Timmy](https://matrix.to/#/@timmy:homeserver.local) status",
+            "Timmy",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(rest, "status");
+    }
+
+    #[test]
+    fn strip_mention_element_markdown_pill_with_emoji_display_name() {
+        let rest = strip_bot_mention(
+            "[timmy ⚡️](https://matrix.to/#/@timmy:homeserver.local) ambient on",
+            "timmy ⚡️",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(rest, "ambient on");
+    }
+
+    #[test]
+    fn strip_mention_element_markdown_pill_wrong_user_id_no_strip() {
+        // Pill for a different user should not be stripped.
+        let rest = strip_bot_mention(
+            "[Other](https://matrix.to/#/@other:homeserver.local) status",
+            "Timmy",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(
+            rest,
+            "[Other](https://matrix.to/#/@other:homeserver.local) status"
+        );
+    }
+
+    #[test]
+    fn strip_mention_element_markdown_pill_no_trailing_command() {
+        // Pill with no command after it returns empty string (handled by callers).
+        let rest = strip_bot_mention(
+            "[Timmy](https://matrix.to/#/@timmy:homeserver.local)",
+            "Timmy",
+            "@timmy:homeserver.local",
+        );
+        assert_eq!(rest, "");
    }

    // -- drain_complete_paragraphs ------------------------------------------
@@ -64,6 +64,13 @@ impl AnthropicApi {
    }
 }

+#[cfg(test)]
+impl From<Arc<AppContext>> for AnthropicApi {
+    fn from(ctx: Arc<AppContext>) -> Self {
+        Self::new(ctx)
+    }
+}
+
 #[OpenApi(tag = "AnthropicTags::Anthropic")]
 impl AnthropicApi {
    /// Check whether an Anthropic API key is stored.
@@ -151,25 +158,16 @@ impl AnthropicApi {
 #[cfg(test)]
 mod tests {
    use super::*;
-    use crate::http::context::AppContext;
+    use crate::http::test_helpers::{make_api, test_ctx};
    use serde_json::json;
-    use std::sync::Arc;
    use tempfile::TempDir;

-    fn test_ctx(dir: &TempDir) -> AppContext {
-        AppContext::new_test(dir.path().to_path_buf())
-    }
-
-    fn make_api(dir: &TempDir) -> AnthropicApi {
-        AnthropicApi::new(Arc::new(test_ctx(dir)))
-    }
-
    // -- get_anthropic_api_key (private helper) --

    #[test]
    fn get_api_key_returns_err_when_not_set() {
        let dir = TempDir::new().unwrap();
-        let ctx = test_ctx(&dir);
+        let ctx = test_ctx(dir.path());
        let result = get_anthropic_api_key(&ctx);
        assert!(result.is_err());
        assert!(result.unwrap_err().contains("not found"));
@@ -178,7 +176,7 @@ mod tests {
    #[test]
    fn get_api_key_returns_err_when_empty() {
        let dir = TempDir::new().unwrap();
-        let ctx = test_ctx(&dir);
+        let ctx = test_ctx(dir.path());
        ctx.store.set(KEY_ANTHROPIC_API_KEY, json!(""));
        let result = get_anthropic_api_key(&ctx);
        assert!(result.is_err());
@@ -188,7 +186,7 @@ mod tests {
    #[test]
    fn get_api_key_returns_err_when_not_string() {
        let dir = TempDir::new().unwrap();
-        let ctx = test_ctx(&dir);
+        let ctx = test_ctx(dir.path());
        ctx.store.set(KEY_ANTHROPIC_API_KEY, json!(12345));
        let result = get_anthropic_api_key(&ctx);
        assert!(result.is_err());
@@ -198,7 +196,7 @@ mod tests {
    #[test]
    fn get_api_key_returns_key_when_set() {
        let dir = TempDir::new().unwrap();
-        let ctx = test_ctx(&dir);
+        let ctx = test_ctx(dir.path());
        ctx.store.set(KEY_ANTHROPIC_API_KEY, json!("sk-ant-test123"));
        let result = get_anthropic_api_key(&ctx);
        assert_eq!(result.unwrap(), "sk-ant-test123");
@@ -209,7 +207,7 @@ mod tests {
    #[tokio::test]
    async fn key_exists_returns_false_when_not_set() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<AnthropicApi>(&dir);
        let result = api.get_anthropic_api_key_exists().await.unwrap();
        assert!(!result.0);
    }
@@ -229,7 +227,7 @@ mod tests {
    #[tokio::test]
    async fn set_api_key_returns_true() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<AnthropicApi>(&dir);
        let payload = Json(ApiKeyPayload {
            api_key: "sk-ant-test123".to_string(),
        });
@@ -256,7 +254,7 @@ mod tests {
    #[tokio::test]
    async fn list_models_fails_when_no_key() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<AnthropicApi>(&dir);
        let result = api.list_anthropic_models().await;
        assert!(result.is_err());
    }
@@ -288,7 +286,7 @@ mod tests {
    #[test]
    fn new_creates_api_instance() {
        let dir = TempDir::new().unwrap();
-        let _api = make_api(&dir);
+        let _api = make_api::<AnthropicApi>(&dir);
    }

    #[test]
@@ -138,18 +138,19 @@ impl IoApi {
    }
 }

+#[cfg(test)]
+impl From<std::sync::Arc<AppContext>> for IoApi {
+    fn from(ctx: std::sync::Arc<AppContext>) -> Self {
+        Self { ctx }
+    }
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;
-    use crate::http::context::AppContext;
+    use crate::http::test_helpers::make_api;
    use tempfile::TempDir;

-    fn make_api(dir: &TempDir) -> IoApi {
-        IoApi {
-            ctx: Arc::new(AppContext::new_test(dir.path().to_path_buf())),
-        }
-    }
-
    // --- list_directory_absolute ---

    #[tokio::test]
@@ -158,7 +159,7 @@ mod tests {
        std::fs::create_dir(dir.path().join("subdir")).unwrap();
        std::fs::write(dir.path().join("file.txt"), "content").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: dir.path().to_string_lossy().to_string(),
        });
@@ -176,7 +177,7 @@ mod tests {
        let empty = dir.path().join("empty");
        std::fs::create_dir(&empty).unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: empty.to_string_lossy().to_string(),
        });
@@ -187,7 +188,7 @@ mod tests {
    #[tokio::test]
    async fn list_directory_absolute_errors_on_nonexistent_path() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: dir.path().join("nonexistent").to_string_lossy().to_string(),
        });
@@ -201,7 +202,7 @@ mod tests {
        let file = dir.path().join("not_a_dir.txt");
        std::fs::write(&file, "content").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: file.to_string_lossy().to_string(),
        });
@@ -216,7 +217,7 @@ mod tests {
        let dir = TempDir::new().unwrap();
        let new_dir = dir.path().join("new_dir");

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(CreateDirectoryPayload {
            path: new_dir.to_string_lossy().to_string(),
        });
@@ -231,7 +232,7 @@ mod tests {
        let existing = dir.path().join("existing");
        std::fs::create_dir(&existing).unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(CreateDirectoryPayload {
            path: existing.to_string_lossy().to_string(),
        });
@@ -244,7 +245,7 @@ mod tests {
        let dir = TempDir::new().unwrap();
        let nested = dir.path().join("a").join("b").join("c");

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(CreateDirectoryPayload {
            path: nested.to_string_lossy().to_string(),
        });
@@ -258,7 +259,7 @@ mod tests {
    #[tokio::test]
    async fn get_home_directory_returns_a_path() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let result = api.get_home_directory().await.unwrap();
        let home = &result.0;
        assert!(!home.is_empty());
@@ -272,7 +273,7 @@ mod tests {
        let dir = TempDir::new().unwrap();
        std::fs::write(dir.path().join("hello.txt"), "hello world").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: "hello.txt".to_string(),
        });
@@ -283,7 +284,7 @@ mod tests {
    #[tokio::test]
    async fn read_file_errors_on_missing_file() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: "nonexistent.txt".to_string(),
        });
@@ -296,7 +297,7 @@ mod tests {
    #[tokio::test]
    async fn write_file_creates_file() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(WriteFilePayload {
            path: "output.txt".to_string(),
            content: "written content".to_string(),
@@ -312,7 +313,7 @@ mod tests {
    #[tokio::test]
    async fn write_file_creates_parent_dirs() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(WriteFilePayload {
            path: "sub/dir/file.txt".to_string(),
            content: "nested".to_string(),
@@ -334,7 +335,7 @@ mod tests {
        std::fs::write(dir.path().join("src/main.rs"), "fn main() {}").unwrap();
        std::fs::write(dir.path().join("README.md"), "# readme").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let result = api.list_project_files().await.unwrap();
        let files = &result.0;

@@ -348,7 +349,7 @@ mod tests {
        std::fs::create_dir(dir.path().join("subdir")).unwrap();
        std::fs::write(dir.path().join("file.txt"), "").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let result = api.list_project_files().await.unwrap();
        let files = &result.0;

@@ -363,7 +364,7 @@ mod tests {
        std::fs::write(dir.path().join("z_last.txt"), "").unwrap();
        std::fs::write(dir.path().join("a_first.txt"), "").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let result = api.list_project_files().await.unwrap();
        let files = &result.0;

@@ -380,7 +381,7 @@ mod tests {
        std::fs::create_dir(dir.path().join("adir")).unwrap();
        std::fs::write(dir.path().join("bfile.txt"), "").unwrap();

-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: ".".to_string(),
        });
@@ -394,7 +395,7 @@ mod tests {
    #[tokio::test]
    async fn list_directory_errors_on_nonexistent() {
        let dir = TempDir::new().unwrap();
-        let api = make_api(&dir);
+        let api = make_api::<IoApi>(&dir);
        let payload = Json(FilePathPayload {
            path: "nonexistent_dir".to_string(),
        });
@@ -370,13 +370,9 @@ pub(super) async fn get_worktree_commits(worktree_path: &str, base_branch: &str)
 #[cfg(test)]
 mod tests {
    use super::*;
-    use crate::http::context::AppContext;
+    use crate::http::test_helpers::test_ctx;
    use crate::store::StoreOps;

-    fn test_ctx(dir: &std::path::Path) -> AppContext {
-        AppContext::new_test(dir.to_path_buf())
-    }
-
    #[test]
    fn tool_list_agents_empty() {
        let tmp = tempfile::tempdir().unwrap();
@@ -279,11 +279,7 @@ pub(super) fn tool_loc_file(args: &Value, ctx: &AppContext) -> Result<String, St
 #[cfg(test)]
 mod tests {
    use super::*;
-    use crate::http::context::AppContext;
-
-    fn test_ctx(dir: &std::path::Path) -> AppContext {
-        AppContext::new_test(dir.to_path_buf())
-    }
+    use crate::http::test_helpers::test_ctx;

    #[test]
    fn tool_get_server_logs_no_args_returns_string() {
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Timmy	0995c55a82	Bump version to 0.8.8	2026-04-03 11:07:39 +01:00
dave	41197c667a	storkit: done 460_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format	2026-04-03 10:00:54 +00:00
dave	7da73aa435	storkit: merge 460_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format	2026-04-03 10:00:50 +00:00
dave	3d83cc61b6	storkit: create 461_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format	2026-04-03 09:53:38 +00:00
dave	334d52bd2b	storkit: create 460_bug_strip_bot_mention_fails_on_element_markdown_mention_pill_format	2026-04-03 09:51:18 +00:00
dave	8ff1de73d4	storkit: accept 458_story_matrix_bot_ignores_messages_addressed_to_other_bots_in_ambient_mode	2026-04-02 21:06:38 +00:00
dave	d37fdf8e10	fix: strip emoji between bot mention and command text strip_mention_separator now skips all non-ASCII-alphanumeric chars (emoji, colons, spaces) and returns a slice starting at the first command character. Fixes mention pills with emoji display names (e.g. "timmy ⚡️ status") not matching bot commands. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-02 18:06:52 +00:00
dave	7ff88641c0	storkit: done 459_bug_matrix_history_json_and_timers_json_missing_from_scaffold_storkit_gitignore	2026-04-02 17:18:31 +00:00
dave	b8ac5622d6	storkit: merge 459_bug_matrix_history_json_and_timers_json_missing_from_scaffold_storkit_gitignore	2026-04-02 17:18:28 +00:00
dave	4df3f8594c	storkit: accept 457_bug_store_json_created_at_project_root_instead_of_inside_storkit	2026-04-02 17:15:50 +00:00
dave	56e71293d6	chore: remove debug log from verification handler	2026-04-02 17:10:09 +00:00
dave	2df214cad1	storkit: create 459_bug_matrix_history_json_and_timers_json_missing_from_scaffold_storkit_gitignore	2026-04-02 17:02:54 +00:00
dave	f43b84a7ef	storkit: done 458_story_matrix_bot_ignores_messages_addressed_to_other_bots_in_ambient_mode	2026-04-02 15:51:25 +00:00
dave	ce4a0cb7f9	storkit: merge 458_story_matrix_bot_ignores_messages_addressed_to_other_bots_in_ambient_mode	2026-04-02 15:51:22 +00:00
dave	52e9fe2a87	storkit: accept 456_bug_matrix_bot_ignores_in_room_verification_requests_from_element	2026-04-02 15:41:28 +00:00
dave	a22d67c36c	storkit: create 458_story_matrix_bot_ignores_messages_addressed_to_other_bots_in_ambient_mode	2026-04-02 15:37:30 +00:00
dave	0cb98c2a3e	storkit: accept 454_story_deduplicate_work_item_display_in_web_ui_story_panel	2026-04-02 15:17:41 +00:00
dave	e6439238d2	storkit: done 457_bug_store_json_created_at_project_root_instead_of_inside_storkit	2026-04-02 13:27:49 +00:00
dave	967a306ea8	storkit: merge 457_bug_store_json_created_at_project_root_instead_of_inside_storkit	2026-04-02 13:27:46 +00:00
dave	46d09d4d45	storkit: create 457_bug_store_json_created_at_project_root_instead_of_inside_storkit	2026-04-02 13:15:04 +00:00
Timmy	13e3bd00f1	Bump version to 0.8.7	2026-04-02 14:09:25 +01:00
dave	cd6d98b99f	debug: log all room messages in verification handler to diagnose in-room verification	2026-04-02 13:08:02 +00:00
Timmy	358f177584	Bump version to 0.8.6	2026-04-02 13:39:49 +01:00
dave	b60bb57aa4	storkit: done 456_bug_matrix_bot_ignores_in_room_verification_requests_from_element	2026-04-02 11:54:01 +00:00
dave	7003fca873	storkit: merge 456_bug_matrix_bot_ignores_in_room_verification_requests_from_element	2026-04-02 11:53:58 +00:00
dave	b5d825356e	storkit: create 456_bug_matrix_bot_ignores_in_room_verification_requests_from_element	2026-04-02 11:40:40 +00:00
dave	896eb4fc52	storkit: done 454_story_deduplicate_work_item_display_in_web_ui_story_panel	2026-04-02 11:00:55 +00:00
dave	f8d7438eec	storkit: merge 454_story_deduplicate_work_item_display_in_web_ui_story_panel	2026-04-02 11:00:52 +00:00
dave	f7f4e8f95b	storkit: create 455_story_rename_project_from_storkit_to_huskies	2026-04-02 10:58:03 +00:00
dave	af76910f36	storkit: create 454_story_deduplicate_work_item_display_in_web_ui_story_panel	2026-04-02 10:43:24 +00:00
dave	f06111f045	storkit: done 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-04-02 10:31:08 +00:00
dave	c6020b7f43	storkit: merge 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-04-02 10:31:05 +00:00
dave	488b798275	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-04-02 10:17:28 +00:00
dave	0df19967ca	storkit: accept 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-04-02 10:17:22 +00:00
dave	6e04015676	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-04-02 10:17:22 +00:00
dave	acaf9477a1	storkit: done 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-04-02 10:15:55 +00:00
dave	46a89d481a	storkit: accept 451_bug_chat_test_tsx_help_test_expects_removed_overlay_behavior	2026-04-02 10:11:49 +00:00
dave	c51428414e	storkit: done 451_bug_chat_test_tsx_help_test_expects_removed_overlay_behavior	2026-04-02 10:11:49 +00:00
Timmy	50405800c6	Bump version to 0.8.5	2026-04-02 11:08:18 +01:00
dave	4aca056bc9	storkit: accept 450_bug_web_ui_silently_swallows_chat_errors_including_oauth_login_link	2026-03-31 18:53:14 +00:00
dave	5e725340b4	storkit: accept 449_bug_oauth_callback_url_ignores_port_cli_flag	2026-03-31 18:52:13 +00:00
dave	3fa2064e3e	storkit: done 450_bug_web_ui_silently_swallows_chat_errors_including_oauth_login_link	2026-03-31 14:59:41 +00:00
dave	16f9722851	storkit: merge 450_bug_web_ui_silently_swallows_chat_errors_including_oauth_login_link	2026-03-31 14:59:38 +00:00
dave	5f0680c6c1	storkit: done 449_bug_oauth_callback_url_ignores_port_cli_flag	2026-03-31 14:55:49 +00:00
dave	57e0197d75	storkit: merge 449_bug_oauth_callback_url_ignores_port_cli_flag	2026-03-31 14:55:46 +00:00
dave	dc4bac3a85	fix: update /help test to expect botCommand dispatch, fix PTY fd leak in claude_code.rs (#451 , #452 ) The /help test expected the help overlay to appear, but /help now goes through botCommand like other slash commands. Updated the test to match. Also added reader thread join and child.wait() calls to claude_code.rs to prevent PTY master fd leaks from web UI chat sessions. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 14:48:47 +00:00
dave	f16545ec36	fix: join PTY reader thread before returning to prevent stale fd leak (#453 ) The reader thread spawned in run_agent_pty_blocking was never joined, leaving a cloned PTY master fd open after the agent exited. When the pipeline restarted the agent on the same worktree, the stale fd from the previous session interfered with the new PTY allocation, causing Claude Code's bundled ripgrep to crash with: fatal runtime error: assertion failed: output.write(&bytes).is_ok() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 14:41:00 +00:00
dave	d132ed8e64	storkit: accept 448_story_send_oauth_login_link_via_chat_when_credentials_are_missing	2026-03-31 14:22:34 +00:00
dave	2a633d604a	storkit: create 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-03-31 14:16:32 +00:00
dave	6a44c0b8ee	storkit: accept 447_bug_element_tab_completion_display_name_breaks_bot_command_matching	2026-03-31 14:14:51 +00:00
dave	3f97e34f21	storkit: create 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-03-31 14:13:22 +00:00
dave	49a8a23d75	storkit: accept 446_story_oauth_login_button_in_web_ui	2026-03-31 14:08:30 +00:00
dave	1358a32476	storkit: create 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-03-31 14:04:40 +00:00
Dave	9b79160c95	storkit: create 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-03-31 12:25:40 +00:00
Timmy	0cbe99677f	Using init: true in docker	2026-03-31 12:36:22 +01:00
dave	46b1609528	storkit: create 453_bug_agent_pty_crashes_with_fatal_runtime_error_on_restart_after_gate_failure	2026-03-31 11:31:05 +00:00
dave	2b0b08ceda	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:30:44 +00:00
dave	19cc684433	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:30:28 +00:00
dave	fecb157291	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:25:59 +00:00
dave	ac84e7240e	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:21:51 +00:00
dave	d5d82bdb00	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:21:45 +00:00
dave	f10edd6718	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:17:47 +00:00
dave	3f6cd55833	storkit: create 452_bug_claude_code_pty_crashes_with_fatal_runtime_error_on_agent_restart	2026-03-31 11:13:05 +00:00
dave	a9e8bc4d87	storkit: create 451_bug_chat_test_tsx_help_test_expects_removed_overlay_behavior	2026-03-31 11:12:55 +00:00
dave	063e0fa76e	storkit: create 450_bug_web_ui_silently_swallows_chat_errors_including_oauth_login_link	2026-03-31 10:55:02 +00:00
dave	9e7bd33822	storkit: create 449_bug_oauth_callback_url_ignores_port_cli_flag	2026-03-31 10:49:23 +00:00
Timmy	7427865e46	Adding more slash commands	2026-03-31 11:33:41 +01:00
Timmy	ff5f9c76fd	Bump version to 0.8.4	2026-03-31 11:32:10 +01:00
dave	641bbfbe2e	storkit: done 448_story_send_oauth_login_link_via_chat_when_credentials_are_missing	2026-03-31 10:28:06 +00:00
dave	5516ec4595	storkit: merge 448_story_send_oauth_login_link_via_chat_when_credentials_are_missing	2026-03-31 10:28:02 +00:00
Timmy	762467efd4	Allowing stat in claude permissions	2026-03-31 11:22:15 +01:00
Timmy	3f54bda360	Updating sha2	2026-03-31 11:21:50 +01:00
dave	4d1e388a48	storkit: done 447_bug_element_tab_completion_display_name_breaks_bot_command_matching	2026-03-31 10:18:24 +00:00
dave	10be86587a	storkit: merge 447_bug_element_tab_completion_display_name_breaks_bot_command_matching	2026-03-31 10:18:21 +00:00
dave	6a10591413	storkit: done 446_story_oauth_login_button_in_web_ui	2026-03-31 10:08:43 +00:00
dave	321c88e05e	storkit: merge 446_story_oauth_login_button_in_web_ui	2026-03-31 10:08:40 +00:00
dave	23562dfa61	storkit: create 448_story_send_oauth_login_link_via_chat_when_credentials_are_missing	2026-03-31 10:04:26 +00:00
dave	cb6ebf1d69	storkit: create 447_bug_element_tab_completion_display_name_breaks_bot_command_matching	2026-03-31 09:58:58 +00:00
Timmy	a006985faf	Bump version to 0.8.3	2026-03-30 18:17:09 +01:00
dave	3fce9ec082	feat: add Linux arm64 build to release script Builds aarch64-unknown-linux-musl via cross alongside the existing x86_64 Linux and macOS arm64 targets. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 17:15:16 +00:00
dave	03026c70cc	storkit: create 446_story_oauth_login_button_in_web_ui	2026-03-30 16:27:30 +00:00
Timmy	b75679175b	Bump version to 0.8.2	2026-03-30 11:57:05 +01:00
dave	440081016d	storkit: accept 433_story_setup_wizard_interviews_user_on_bare_projects_with_no_existing_code	2026-03-29 04:29:58 +00:00
dave	e8f3629c76	storkit: accept 438_story_slash_command_autocomplete_in_web_ui_text_input	2026-03-29 02:08:37 +00:00
dave	c5cdc0f594	storkit: done 433_story_setup_wizard_interviews_user_on_bare_projects_with_no_existing_code	2026-03-29 00:46:08 +00:00
dave	fec417cb16	storkit: merge 433_story_setup_wizard_interviews_user_on_bare_projects_with_no_existing_code	2026-03-29 00:46:05 +00:00
dave	a70a06a5fb	storkit: create 433_story_setup_wizard_interviews_user_on_bare_projects_with_no_existing_code	2026-03-29 00:29:17 +00:00
dave	0a617e1c18	storkit: accept 445_bug_rate_limited_mergemaster_exits_advance_stories_to_done_without_merging	2026-03-29 00:05:27 +00:00
dave	4527f71857	storkit: accept 444_refactor_extract_shared_test_helpers_test_ctx_write_story_file_make_api	2026-03-28 23:46:26 +00:00
dave	6e0d12d145	storkit: accept 440_refactor_consolidate_is_permission_approval_into_chat_util	2026-03-28 23:44:25 +00:00
dave	d471d29c72	storkit: accept 434_story_wizard_auto_checks_completion_on_first_conversation	2026-03-28 23:34:10 +00:00
dave	0b652eec21	storkit: done 434_story_wizard_auto_checks_completion_on_first_conversation	2026-03-28 23:33:07 +00:00
dave	b32fdf7d65	storkit: merge 434_story_wizard_auto_checks_completion_on_first_conversation	2026-03-28 23:33:05 +00:00
dave	2da0e1eb55	storkit: accept 442_refactor_deduplicate_stage_display_name_into_shared_module	2026-03-28 22:58:18 +00:00
dave	269124a1fd	storkit: accept 443_refactor_extract_shared_find_story_name_from_commands	2026-03-28 22:40:14 +00:00
dave	5992f9bd19	storkit: merge 438_story_slash_command_autocomplete_in_web_ui_text_input	2026-03-28 22:27:40 +00:00
dave	a53967453e	storkit: done 438_story_slash_command_autocomplete_in_web_ui_text_input	2026-03-28 22:26:16 +00:00
dave	ab4b218ac7	storkit: accept 441_refactor_deduplicate_get_project_root_wrappers_in_io_modules	2026-03-28 20:35:05 +00:00
dave	d5b936c88d	storkit: accept 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 20:28:04 +00:00
dave	07cc0e3f29	storkit: accept 437_bug_strip_prefix_ci_panics_on_multi_byte_utf_8_input	2026-03-28 20:22:04 +00:00
dave	db4a84c70f	storkit: done 445_bug_rate_limited_mergemaster_exits_advance_stories_to_done_without_merging	2026-03-28 20:08:18 +00:00
dave	3048d26e66	storkit: merge 445_bug_rate_limited_mergemaster_exits_advance_stories_to_done_without_merging	2026-03-28 20:08:15 +00:00
dave	8e45b2a08d	storkit: done 444_refactor_extract_shared_test_helpers_test_ctx_write_story_file_make_api	2026-03-28 19:51:20 +00:00
dave	ddc4a57cd2	storkit: merge 444_refactor_extract_shared_test_helpers_test_ctx_write_story_file_make_api	2026-03-28 19:51:17 +00:00
dave	d216f3c267	storkit: done 440_refactor_consolidate_is_permission_approval_into_chat_util	2026-03-28 19:47:36 +00:00
dave	8cd881c8f1	storkit: merge 440_refactor_consolidate_is_permission_approval_into_chat_util	2026-03-28 19:47:33 +00:00
dave	2867e1d15f	storkit: accept 431_story_qa_agent_reviews_code_changes_against_acceptance_criteria	2026-03-28 19:30:48 +00:00
dave	c2c9d3f9cb	storkit: create 445_bug_rate_limited_mergemaster_exits_advance_stories_to_done_without_merging	2026-03-28 19:19:17 +00:00
dave	f734b4a3c6	storkit: done 443_refactor_extract_shared_find_story_name_from_commands	2026-03-28 19:09:13 +00:00
dave	890693efda	storkit: done 442_refactor_deduplicate_stage_display_name_into_shared_module	2026-03-28 18:57:31 +00:00
dave	5403b29261	storkit: done 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 18:36:45 +00:00
dave	8ee59f5dc1	storkit: merge 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 18:36:42 +00:00
dave	5dcc35a1b3	fix: gate runner delegates to script/test instead of hardcoding cargo clippy The acceptance gate was hardcoded to run cargo clippy, which fails on non-Rust projects (Go, Node, etc.). Now the gate only runs script/test which is project-specific. Clippy is added to storkit's own script/test so Rust linting is preserved for this project. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 18:15:29 +00:00
dave	af70b68cd1	storkit: accept 432_story_complete_setup_wizard_with_mcp_tools_and_agent_driven_file_generation	2026-03-28 18:12:43 +00:00
dave	e356f9b2dd	storkit: accept 423_story_auto_schedule_timer_on_rate_limit_to_resume_after_reset	2026-03-28 17:42:42 +00:00
dave	96793de11b	storkit: merge 441_refactor_deduplicate_get_project_root_wrappers_in_io_modules	2026-03-28 16:48:49 +00:00
dave	bfe70f5599	storkit: done 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 16:48:42 +00:00
dave	98aedaddf0	storkit: done 442_refactor_deduplicate_stage_display_name_into_shared_module	2026-03-28 16:47:58 +00:00
dave	496ce864d7	storkit: done 441_refactor_deduplicate_get_project_root_wrappers_in_io_modules	2026-03-28 16:46:18 +00:00
dave	243738551c	fix: wizard README instructions explicitly require LLM to generate and write files The LLM was having the conversation with the user but never following through with wizard_generate calls. The instructions now spell out the full workflow: get hint, write content, stage it, show user, confirm. Also adds "keep moving" instruction so the LLM auto-advances to the next step after confirmation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-28 16:37:25 +00:00
dave	20f2d97f06	storkit: create 444_refactor_extract_shared_test_helpers_test_ctx_write_story_file_make_api	2026-03-28 16:34:45 +00:00
dave	b6edc1bff7	storkit: create 443_refactor_extract_shared_find_story_name_from_commands	2026-03-28 16:34:41 +00:00
dave	c45613a3ad	storkit: create 442_refactor_deduplicate_stage_display_name_into_shared_module	2026-03-28 16:34:39 +00:00
dave	7efed33851	storkit: create 441_refactor_deduplicate_get_project_root_wrappers_in_io_modules	2026-03-28 16:34:36 +00:00
dave	b00a477070	storkit: create 440_refactor_consolidate_is_permission_approval_into_chat_util	2026-03-28 16:34:35 +00:00
dave	52f2e89659	storkit: done 437_bug_strip_prefix_ci_panics_on_multi_byte_utf_8_input	2026-03-28 16:33:29 +00:00
dave	08db28d9d6	storkit: merge 437_bug_strip_prefix_ci_panics_on_multi_byte_utf_8_input	2026-03-28 16:33:26 +00:00
dave	77ff0ce093	storkit: create 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 16:27:51 +00:00
dave	0ab1b1232b	storkit: create 439_refactor_unify_story_stuck_states_into_a_single_status_field	2026-03-28 16:27:36 +00:00
dave	209e01bc06	storkit: create 438_story_slash_command_autocomplete_in_web_ui_text_input	2026-03-28 16:24:44 +00:00
dave	2650b1a42e	storkit: create 437_bug_strip_prefix_ci_panics_on_multi_byte_utf_8_input	2026-03-28 16:21:19 +00:00