Local extension before_tool_call/after_tool_call hooks registered but
never fired after a scoped mid-run plugin activation (harness or memory
ensure) rebound the global hook runner to a narrow registry, dropping
hooks unique to the broader registry (#91918).
The runner is now created once and resolves hooks live on every dispatch
from the composed set of currently-live registries (the most recently
initialized registry, the active registry, and the pinned channel and
http-route surfaces) instead of freezing one registry. The loader's
one-shot preserve gate is removed since activation order no longer
matters. Per-plugin ownership prefers loaded records so a failed scoped
reload cannot shadow a healthy pinned registration (including a
fail-closed tool-call gate), and the explicitly initialized registry
stays highest precedence so SDK callers keep an authoritative registry.
Reuses the live-registry collector the agent-event bridge already uses
so both dispatch surfaces agree on what is live.
When ensureAgentWorkspace is called for an already-configured workspace
(setupCompletedAt is set), skip creating optional bootstrap files
(SOUL.md, USER.md, IDENTITY.md, HEARTBEAT.md) at the root level.
This prevents subagent spawns from recreating root-level optional
bootstrap markdown files in repository workspaces where these files
were removed intentionally or only exist under agent-specific
subdirectories (e.g., main/).
Fixes#83593
* fix(session): prevent stale finalizer from recreating deleted session rows
After sessions.delete removes a session row, updateSessionStoreAfterAgentRun
could still recreate it via the fallbackEntry path in patchSessionEntry when
preserveUserFacingRunState was false. Changed the guard from only checking
preserveUserFacingRunState to checking whether the session key exists in the
in-memory store but not on disk — indicating the session was intentionally
deleted mid-run.
Fixes#40840
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test(session): cover deleted session finalizer fence
* fix(session): fence post-run writes after deletion
* fix(session): guard post-run transcript persistence
* fix(session): fence metadata after session reset
---------
Co-authored-by: Peter Lee <22994703+xialonglee@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Compaction summarization consumes the model stream via result() only (no
iteration), so it never emitted model.call diagnostic spans. Observe the
stream's result() in the diagnostic wrapper and wire the wrapper into the
direct compaction path so these LLM calls are traced (request/response
content, byte accounting, traceparent).
Decouple underlying-iterator cleanup from terminal-event dedup. The agent
loop awaits result() on the terminal event then abandons the iterator, so
once result() also emits the terminal event, gating safeReturnIterator on
terminalEventEmitted skipped provider cleanup (idle-timeout abort listeners
on the long-lived run signal, SSE readers). Track iterator settlement
separately so return() cleanup always runs; emit dedup stays on
terminalEventEmitted.
Parent compaction model-call spans to the active run/harness trace rather
than a phantom child trace that emits no span of its own.
