From 0b6ee41bcba929f0a05446ccc79a36fa2790355c Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 15:12:48 +0900
Subject: [PATCH 01/30] refactor effect boundaries for ui and runtime
 entrypoints

---
 crates/server/src/app_config.rs               | 266 +++++++
 crates/server/src/main.rs                     | 139 +---
 desktop/src-tauri/src/app/mod.rs              |   1 +
 desktop/src-tauri/src/app/session_query.rs    | 117 ++++
 desktop/src-tauri/src/main.rs                 |  89 +--
 packages/ui/package-lock.json                 |  55 ++
 packages/ui/package.json                      |   3 +-
 packages/ui/src/api-internal/auth-services.ts | 198 ++++++
 packages/ui/src/api-internal/errors.ts        |  66 ++
 .../api-internal/parse-preview-services.ts    | 105 +++
 packages/ui/src/api-internal/requests.ts      |  70 ++
 packages/ui/src/api-internal/runtime.ts       | 220 ++++++
 .../ui/src/api-internal/session-services.ts   | 274 ++++++++
 packages/ui/src/api.ts                        | 654 +++---------------
 .../src/components/SessionDetailPage.svelte   | 154 +++--
 .../ui/src/components/SessionListPage.svelte  | 348 ++++------
 packages/ui/src/index.ts                      |  12 +
 .../src/models/session-detail-model.test.ts   | 116 ++++
 .../ui/src/models/session-detail-model.ts     | 202 ++++++
 .../ui/src/models/session-list-model.test.ts  | 165 +++++
 packages/ui/src/models/session-list-model.ts  | 322 +++++++++
 .../src/models/source-preview-model.test.ts   |  98 +++
 .../ui/src/models/source-preview-model.ts     | 244 +++++++
 packages/ui/src/source-route.test.ts          |  49 ++
 packages/ui/src/source-route.ts               | 214 ++++++
 web/package-lock.json                         |   1 +
 .../src/[provider]/[...segments]/+page.svelte | 414 ++---------
 27 files changed, 3184 insertions(+), 1412 deletions(-)
 create mode 100644 crates/server/src/app_config.rs
 create mode 100644 desktop/src-tauri/src/app/mod.rs
 create mode 100644 desktop/src-tauri/src/app/session_query.rs
 create mode 100644 packages/ui/src/api-internal/auth-services.ts
 create mode 100644 packages/ui/src/api-internal/errors.ts
 create mode 100644 packages/ui/src/api-internal/parse-preview-services.ts
 create mode 100644 packages/ui/src/api-internal/requests.ts
 create mode 100644 packages/ui/src/api-internal/runtime.ts
 create mode 100644 packages/ui/src/api-internal/session-services.ts
 create mode 100644 packages/ui/src/models/session-detail-model.test.ts
 create mode 100644 packages/ui/src/models/session-detail-model.ts
 create mode 100644 packages/ui/src/models/session-list-model.test.ts
 create mode 100644 packages/ui/src/models/session-list-model.ts
 create mode 100644 packages/ui/src/models/source-preview-model.test.ts
 create mode 100644 packages/ui/src/models/source-preview-model.ts
 create mode 100644 packages/ui/src/source-route.test.ts
 create mode 100644 packages/ui/src/source-route.ts

diff --git a/crates/server/src/app_config.rs b/crates/server/src/app_config.rs
new file mode 100644
index 00000000..f5507c31
--- /dev/null
+++ b/crates/server/src/app_config.rs
@@ -0,0 +1,266 @@
+use std::path::PathBuf;
+
+use opensession_api::crypto::CredentialKeyring;
+use opensession_api::oauth::{self, OAuthProviderConfig};
+
+#[derive(Clone)]
+pub struct AppConfig {
+    pub base_url: String,
+    pub allowed_origins: Vec<String>,
+    pub oauth_use_request_host: bool,
+    pub jwt_secret: String,
+    pub admin_key: String,
+    pub oauth_providers: Vec<OAuthProviderConfig>,
+    pub public_feed_enabled: bool,
+    pub local_review_root: Option<PathBuf>,
+    pub credential_keyring: Option<CredentialKeyring>,
+}
+
+pub struct ServerBootstrap {
+    pub data_dir: PathBuf,
+    pub web_dir: PathBuf,
+    pub port: String,
+    pub config: AppConfig,
+}
+
+pub fn load_server_bootstrap() -> ServerBootstrap {
+    let data_dir = std::env::var("OPENSESSION_DATA_DIR")
+        .map(PathBuf::from)
+        .unwrap_or_else(|_| PathBuf::from("data"));
+    let web_dir = std::env::var("OPENSESSION_WEB_DIR")
+        .map(PathBuf::from)
+        .unwrap_or_else(|_| PathBuf::from("web/build"));
+    let port = std::env::var("PORT").unwrap_or_else(|_| "3000".to_string());
+
+    let base_url_env = env_trimmed("BASE_URL").or_else(|| env_trimmed("OPENSESSION_BASE_URL"));
+    let base_url = base_url_env
+        .clone()
+        .unwrap_or_else(|| "http://localhost:3000".to_string());
+    let public_feed_enabled_raw =
+        std::env::var(opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED).ok();
+
+    ServerBootstrap {
+        data_dir,
+        web_dir,
+        port,
+        config: AppConfig {
+            base_url: base_url.clone(),
+            allowed_origins: load_allowed_origins(&base_url),
+            oauth_use_request_host: base_url_env.is_none(),
+            jwt_secret: env_trimmed("JWT_SECRET").unwrap_or_default(),
+            admin_key: env_trimmed("OPENSESSION_ADMIN_KEY").unwrap_or_default(),
+            oauth_providers: load_oauth_providers(),
+            public_feed_enabled: opensession_api::deploy::parse_bool_flag(
+                public_feed_enabled_raw.as_deref(),
+                true,
+            ),
+            local_review_root: std::env::var("OPENSESSION_LOCAL_REVIEW_ROOT")
+                .ok()
+                .map(PathBuf::from),
+            credential_keyring: load_credential_keyring(),
+        },
+    }
+}
+
+fn origin_from_base_url(raw: &str) -> Option<String> {
+    let url = reqwest::Url::parse(raw).ok()?;
+    let host = url.host_str()?;
+    let mut origin = format!("{}://{host}", url.scheme());
+    if let Some(port) = url.port() {
+        origin.push(':');
+        origin.push_str(&port.to_string());
+    }
+    Some(origin)
+}
+
+fn load_allowed_origins(base_url: &str) -> Vec<String> {
+    let configured = std::env::var("OPENSESSION_ALLOWED_ORIGINS")
+        .ok()
+        .map(|value| {
+            value
+                .split(',')
+                .map(str::trim)
+                .filter(|item| !item.is_empty())
+                .map(ToOwned::to_owned)
+                .collect::<Vec<_>>()
+        })
+        .unwrap_or_default();
+    if !configured.is_empty() {
+        return configured;
+    }
+    origin_from_base_url(base_url).into_iter().collect()
+}
+
+fn load_oauth_providers() -> Vec<OAuthProviderConfig> {
+    [try_load_github(), try_load_gitlab()]
+        .into_iter()
+        .flatten()
+        .collect()
+}
+
+fn env_trimmed(name: &str) -> Option<String> {
+    std::env::var(name)
+        .ok()
+        .and_then(|value| oauth::normalize_oauth_config_value(&value))
+}
+
+fn try_load_github() -> Option<OAuthProviderConfig> {
+    let id = env_trimmed("GITHUB_CLIENT_ID")?;
+    let secret = env_trimmed("GITHUB_CLIENT_SECRET")?;
+    tracing::info!("OAuth provider enabled: GitHub");
+    Some(oauth::github_preset(id, secret))
+}
+
+fn try_load_gitlab() -> Option<OAuthProviderConfig> {
+    let url = env_trimmed("GITLAB_URL")?;
+    let id = env_trimmed("GITLAB_CLIENT_ID")?;
+    let secret = env_trimmed("GITLAB_CLIENT_SECRET")?;
+    let ext_url = env_trimmed("GITLAB_EXTERNAL_URL");
+    tracing::info!("OAuth provider enabled: GitLab ({})", url);
+    Some(oauth::gitlab_preset(url, ext_url, id, secret))
+}
+
+fn load_credential_keyring() -> Option<CredentialKeyring> {
+    let active = env_trimmed("OPENSESSION_CREDENTIAL_ACTIVE_KID")?;
+    let keyset = env_trimmed("OPENSESSION_CREDENTIAL_KEYS")?;
+    match CredentialKeyring::from_csv(&active, &keyset) {
+        Ok(keyring) => Some(keyring),
+        Err(err) => {
+            tracing::error!("invalid credential encryption config: {}", err.message());
+            None
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::load_server_bootstrap;
+    use std::sync::{LazyLock, Mutex, MutexGuard};
+
+    static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
+
+    struct EnvVarGuard {
+        key: &'static str,
+        previous: Option<String>,
+    }
+
+    impl EnvVarGuard {
+        fn set(key: &'static str, value: &str) -> Self {
+            let previous = std::env::var(key).ok();
+            std::env::set_var(key, value);
+            Self { key, previous }
+        }
+
+        fn clear(key: &'static str) -> Self {
+            let previous = std::env::var(key).ok();
+            std::env::remove_var(key);
+            Self { key, previous }
+        }
+    }
+
+    impl Drop for EnvVarGuard {
+        fn drop(&mut self) {
+            if let Some(previous) = self.previous.take() {
+                std::env::set_var(self.key, previous);
+            } else {
+                std::env::remove_var(self.key);
+            }
+        }
+    }
+
+    fn lock_env() -> MutexGuard<'static, ()> {
+        TEST_ENV_LOCK.lock().expect("test env lock")
+    }
+
+    #[test]
+    fn bootstrap_uses_explicit_base_url_and_allowed_origins() {
+        let _lock = lock_env();
+        let _guards = [
+            EnvVarGuard::set("BASE_URL", "https://api.example.test"),
+            EnvVarGuard::set("OPENSESSION_BASE_URL", "https://ignored.example.test"),
+            EnvVarGuard::set(
+                "OPENSESSION_ALLOWED_ORIGINS",
+                " https://app.example.test , https://ops.example.test ",
+            ),
+            EnvVarGuard::clear("OPENSESSION_DATA_DIR"),
+            EnvVarGuard::clear("OPENSESSION_WEB_DIR"),
+            EnvVarGuard::clear("PORT"),
+            EnvVarGuard::clear("JWT_SECRET"),
+            EnvVarGuard::clear("OPENSESSION_ADMIN_KEY"),
+            EnvVarGuard::clear(opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED),
+            EnvVarGuard::clear("OPENSESSION_LOCAL_REVIEW_ROOT"),
+            EnvVarGuard::clear("OPENSESSION_CREDENTIAL_ACTIVE_KID"),
+            EnvVarGuard::clear("OPENSESSION_CREDENTIAL_KEYS"),
+            EnvVarGuard::clear("GITHUB_CLIENT_ID"),
+            EnvVarGuard::clear("GITHUB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_URL"),
+            EnvVarGuard::clear("GITLAB_CLIENT_ID"),
+            EnvVarGuard::clear("GITLAB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_EXTERNAL_URL"),
+        ];
+
+        let bootstrap = load_server_bootstrap();
+
+        assert_eq!(bootstrap.config.base_url, "https://api.example.test");
+        assert_eq!(
+            bootstrap.config.allowed_origins,
+            vec![
+                "https://app.example.test".to_string(),
+                "https://ops.example.test".to_string()
+            ]
+        );
+        assert!(!bootstrap.config.oauth_use_request_host);
+        assert_eq!(bootstrap.data_dir, std::path::PathBuf::from("data"));
+        assert_eq!(bootstrap.web_dir, std::path::PathBuf::from("web/build"));
+        assert_eq!(bootstrap.port, "3000");
+    }
+
+    #[test]
+    fn bootstrap_derives_origin_and_request_host_mode_when_base_url_is_missing() {
+        let _lock = lock_env();
+        let _guards = [
+            EnvVarGuard::clear("BASE_URL"),
+            EnvVarGuard::clear("OPENSESSION_BASE_URL"),
+            EnvVarGuard::clear("OPENSESSION_ALLOWED_ORIGINS"),
+            EnvVarGuard::clear("OPENSESSION_CREDENTIAL_ACTIVE_KID"),
+            EnvVarGuard::clear("OPENSESSION_CREDENTIAL_KEYS"),
+            EnvVarGuard::clear("GITHUB_CLIENT_ID"),
+            EnvVarGuard::clear("GITHUB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_URL"),
+            EnvVarGuard::clear("GITLAB_CLIENT_ID"),
+            EnvVarGuard::clear("GITLAB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_EXTERNAL_URL"),
+        ];
+
+        let bootstrap = load_server_bootstrap();
+
+        assert_eq!(bootstrap.config.base_url, "http://localhost:3000");
+        assert_eq!(
+            bootstrap.config.allowed_origins,
+            vec!["http://localhost:3000".to_string()]
+        );
+        assert!(bootstrap.config.oauth_use_request_host);
+    }
+
+    #[test]
+    fn bootstrap_ignores_invalid_credential_keyring_config() {
+        let _lock = lock_env();
+        let _guards = [
+            EnvVarGuard::clear("BASE_URL"),
+            EnvVarGuard::clear("OPENSESSION_BASE_URL"),
+            EnvVarGuard::clear("OPENSESSION_ALLOWED_ORIGINS"),
+            EnvVarGuard::set("OPENSESSION_CREDENTIAL_ACTIVE_KID", "kid-1"),
+            EnvVarGuard::set("OPENSESSION_CREDENTIAL_KEYS", "not-a-valid-keyset"),
+            EnvVarGuard::clear("GITHUB_CLIENT_ID"),
+            EnvVarGuard::clear("GITHUB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_URL"),
+            EnvVarGuard::clear("GITLAB_CLIENT_ID"),
+            EnvVarGuard::clear("GITLAB_CLIENT_SECRET"),
+            EnvVarGuard::clear("GITLAB_EXTERNAL_URL"),
+        ];
+
+        let bootstrap = load_server_bootstrap();
+
+        assert!(bootstrap.config.credential_keyring.is_none());
+    }
+}
diff --git a/crates/server/src/main.rs b/crates/server/src/main.rs
index ba78e4ce..d17e8313 100644
--- a/crates/server/src/main.rs
+++ b/crates/server/src/main.rs
@@ -1,3 +1,4 @@
+mod app_config;
 mod error;
 mod routes;
 mod storage;
@@ -11,15 +12,15 @@ use axum::{
     routing::{delete, get, post, put},
     Router,
 };
-use std::path::PathBuf;
 use tower_http::cors::CorsLayer;
 use tower_http::services::{ServeDir, ServeFile};
 use tower_http::trace::TraceLayer;
 
-use opensession_api::crypto::CredentialKeyring;
-use opensession_api::oauth::{self, OAuthProviderConfig};
+use app_config::load_server_bootstrap;
 use storage::Db;
 
+pub use app_config::AppConfig;
+
 /// Application state shared across all handlers.
 #[derive(Clone)]
 pub struct AppState {
@@ -27,49 +28,6 @@ pub struct AppState {
     pub config: AppConfig,
 }
 
-/// Server configuration loaded from environment variables.
-#[derive(Clone)]
-pub struct AppConfig {
-    pub base_url: String,
-    pub allowed_origins: Vec<String>,
-    pub oauth_use_request_host: bool,
-    pub jwt_secret: String,
-    pub admin_key: String,
-    pub oauth_providers: Vec<OAuthProviderConfig>,
-    pub public_feed_enabled: bool,
-    pub local_review_root: Option<PathBuf>,
-    pub credential_keyring: Option<CredentialKeyring>,
-}
-
-fn origin_from_base_url(raw: &str) -> Option<String> {
-    let url = reqwest::Url::parse(raw).ok()?;
-    let host = url.host_str()?;
-    let mut origin = format!("{}://{host}", url.scheme());
-    if let Some(port) = url.port() {
-        origin.push(':');
-        origin.push_str(&port.to_string());
-    }
-    Some(origin)
-}
-
-fn load_allowed_origins(base_url: &str) -> Vec<String> {
-    let configured = std::env::var("OPENSESSION_ALLOWED_ORIGINS")
-        .ok()
-        .map(|value| {
-            value
-                .split(',')
-                .map(str::trim)
-                .filter(|item| !item.is_empty())
-                .map(ToOwned::to_owned)
-                .collect::<Vec<_>>()
-        })
-        .unwrap_or_default();
-    if !configured.is_empty() {
-        return configured;
-    }
-    origin_from_base_url(base_url).into_iter().collect()
-}
-
 fn build_cors_layer(allowed_origins: &[String]) -> CorsLayer {
     let csrf_header = HeaderName::from_static("x-csrf-token");
     let origin_values: Vec<HeaderValue> = allowed_origins
@@ -105,36 +63,6 @@ impl FromRef<AppState> for AppConfig {
     }
 }
 
-/// Load OAuth providers from environment variables.
-fn load_oauth_providers() -> Vec<OAuthProviderConfig> {
-    [try_load_github(), try_load_gitlab()]
-        .into_iter()
-        .flatten()
-        .collect()
-}
-
-fn env_trimmed(name: &str) -> Option<String> {
-    std::env::var(name)
-        .ok()
-        .and_then(|v| oauth::normalize_oauth_config_value(&v))
-}
-
-fn try_load_github() -> Option<OAuthProviderConfig> {
-    let id = env_trimmed("GITHUB_CLIENT_ID")?;
-    let secret = env_trimmed("GITHUB_CLIENT_SECRET")?;
-    tracing::info!("OAuth provider enabled: GitHub");
-    Some(oauth::github_preset(id, secret))
-}
-
-fn try_load_gitlab() -> Option<OAuthProviderConfig> {
-    let url = env_trimmed("GITLAB_URL")?;
-    let id = env_trimmed("GITLAB_CLIENT_ID")?;
-    let secret = env_trimmed("GITLAB_CLIENT_SECRET")?;
-    let ext_url = env_trimmed("GITLAB_EXTERNAL_URL");
-    tracing::info!("OAuth provider enabled: GitLab ({})", url);
-    Some(oauth::gitlab_preset(url, ext_url, id, secret))
-}
-
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
     // Initialize tracing
@@ -145,10 +73,11 @@ async fn main() -> anyhow::Result<()> {
         )
         .init();
 
-    // Data directory
-    let data_dir = std::env::var("OPENSESSION_DATA_DIR")
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| PathBuf::from("data"));
+    let bootstrap = load_server_bootstrap();
+    let data_dir = bootstrap.data_dir;
+    let web_dir = bootstrap.web_dir;
+    let port = bootstrap.port;
+    let config = bootstrap.config;
 
     tracing::info!("data directory: {}", data_dir.display());
 
@@ -156,45 +85,20 @@ async fn main() -> anyhow::Result<()> {
     let db = storage::init_db(&data_dir)?;
     tracing::info!("database initialized");
 
-    let base_url_env = env_trimmed("BASE_URL").or_else(|| env_trimmed("OPENSESSION_BASE_URL"));
-    let base_url = base_url_env
-        .clone()
-        .unwrap_or_else(|| "http://localhost:3000".into());
-
-    let jwt_secret = env_trimmed("JWT_SECRET").unwrap_or_default();
-    if jwt_secret.is_empty() {
+    if config.jwt_secret.is_empty() {
         tracing::warn!("JWT_SECRET not set — JWT auth and OAuth will be disabled");
     }
-    let admin_key = env_trimmed("OPENSESSION_ADMIN_KEY").unwrap_or_default();
-    if admin_key.is_empty() {
+    if config.admin_key.is_empty() {
         tracing::warn!("OPENSESSION_ADMIN_KEY not set — /api/admin routes will return 401");
     }
-
-    let oauth_providers = load_oauth_providers();
-    let public_feed_enabled_raw =
-        std::env::var(opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED).ok();
-    let public_feed_enabled =
-        opensession_api::deploy::parse_bool_flag(public_feed_enabled_raw.as_deref(), true);
-    if !public_feed_enabled {
+    if !config.public_feed_enabled {
         tracing::info!(
             "public feed is disabled ({}=false)",
             opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED
         );
     }
 
-    let config = AppConfig {
-        base_url: base_url.clone(),
-        allowed_origins: load_allowed_origins(&base_url),
-        oauth_use_request_host: base_url_env.is_none(),
-        jwt_secret,
-        admin_key,
-        oauth_providers,
-        public_feed_enabled,
-        local_review_root: std::env::var("OPENSESSION_LOCAL_REVIEW_ROOT")
-            .ok()
-            .map(PathBuf::from),
-        credential_keyring: load_credential_keyring(),
-    };
+    let base_url = config.base_url.clone();
 
     let state = AppState { db, config };
 
@@ -253,10 +157,6 @@ async fn main() -> anyhow::Result<()> {
         .route("/docs", get(routes::docs::handle))
         .route("/llms.txt", get(routes::docs::llms_txt));
 
-    // Serve static files from web build if present
-    let web_dir = std::env::var("OPENSESSION_WEB_DIR")
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| PathBuf::from("web/build"));
     if web_dir.exists() {
         tracing::info!("serving static files from {}", web_dir.display());
         let index_html = web_dir.join("index.html");
@@ -270,21 +170,8 @@ async fn main() -> anyhow::Result<()> {
 
     tracing::info!("starting server at {base_url}");
 
-    let port = std::env::var("PORT").unwrap_or_else(|_| "3000".into());
     let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{port}")).await?;
     axum::serve(listener, app).await?;
 
     Ok(())
 }
-
-fn load_credential_keyring() -> Option<CredentialKeyring> {
-    let active = env_trimmed("OPENSESSION_CREDENTIAL_ACTIVE_KID")?;
-    let keyset = env_trimmed("OPENSESSION_CREDENTIAL_KEYS")?;
-    match CredentialKeyring::from_csv(&active, &keyset) {
-        Ok(keyring) => Some(keyring),
-        Err(err) => {
-            tracing::error!("invalid credential encryption config: {}", err.message());
-            None
-        }
-    }
-}
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
new file mode 100644
index 00000000..2621dc6d
--- /dev/null
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -0,0 +1 @@
+pub(crate) mod session_query;
diff --git a/desktop/src-tauri/src/app/session_query.rs b/desktop/src-tauri/src/app/session_query.rs
new file mode 100644
index 00000000..12dc8592
--- /dev/null
+++ b/desktop/src-tauri/src/app/session_query.rs
@@ -0,0 +1,117 @@
+use opensession_api::DesktopSessionListQuery;
+use opensession_local_db::{LocalSessionFilter, LocalSortOrder, LocalTimeRange};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub(crate) enum SearchMode {
+    Keyword,
+    Vector,
+}
+
+fn normalize_non_empty(value: Option<String>) -> Option<String> {
+    value
+        .map(|raw| raw.trim().to_string())
+        .and_then(|trimmed| (!trimmed.is_empty()).then_some(trimmed))
+}
+
+fn parse_positive_u32(raw: Option<String>, fallback: u32, max: u32) -> u32 {
+    let parsed = raw
+        .and_then(|value| value.parse::<u32>().ok())
+        .filter(|value| *value > 0)
+        .unwrap_or(fallback);
+    parsed.min(max).max(1)
+}
+
+fn map_sort_order(sort: Option<&str>) -> LocalSortOrder {
+    match sort.unwrap_or_default() {
+        "popular" => LocalSortOrder::Popular,
+        "longest" => LocalSortOrder::Longest,
+        _ => LocalSortOrder::Recent,
+    }
+}
+
+fn map_time_range(time_range: Option<&str>) -> LocalTimeRange {
+    match time_range.unwrap_or_default() {
+        "24h" => LocalTimeRange::Hours24,
+        "7d" => LocalTimeRange::Days7,
+        "30d" => LocalTimeRange::Days30,
+        _ => LocalTimeRange::All,
+    }
+}
+
+pub(crate) fn split_search_mode(raw: Option<String>) -> (Option<String>, SearchMode) {
+    let normalized = normalize_non_empty(raw);
+    let Some(value) = normalized else {
+        return (None, SearchMode::Keyword);
+    };
+    let lower = value.to_ascii_lowercase();
+    for prefix in ["vector:", "vec:"] {
+        if lower.starts_with(prefix) {
+            let query = value[prefix.len()..].trim().to_string();
+            return ((!query.is_empty()).then_some(query), SearchMode::Vector);
+        }
+    }
+    (Some(value), SearchMode::Keyword)
+}
+
+pub(crate) fn build_local_filter_with_mode(
+    query: DesktopSessionListQuery,
+) -> (LocalSessionFilter, u32, u32, SearchMode) {
+    let page = parse_positive_u32(query.page, 1, 10_000);
+    let per_page = parse_positive_u32(query.per_page, 20, 200);
+    let offset = (page.saturating_sub(1)).saturating_mul(per_page);
+    let (search_query, search_mode) = split_search_mode(query.search);
+
+    let filter = LocalSessionFilter {
+        search: search_query,
+        tool: normalize_non_empty(query.tool),
+        git_repo_name: normalize_non_empty(query.git_repo_name),
+        exclude_low_signal: true,
+        sort: map_sort_order(query.sort.as_deref()),
+        time_range: map_time_range(query.time_range.as_deref()),
+        limit: Some(per_page),
+        offset: Some(offset),
+        ..Default::default()
+    };
+
+    (filter, page, per_page, search_mode)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{build_local_filter_with_mode, split_search_mode, SearchMode};
+    use opensession_api::DesktopSessionListQuery;
+    use opensession_local_db::{LocalSortOrder, LocalTimeRange};
+
+    #[test]
+    fn query_mapping_trims_inputs_and_clamps_large_pages() {
+        let (filter, page, per_page, mode) =
+            build_local_filter_with_mode(DesktopSessionListQuery {
+                page: Some("0".to_string()),
+                per_page: Some("999".to_string()),
+                search: Some("  fix auth  ".to_string()),
+                tool: Some(" codex ".to_string()),
+                git_repo_name: Some(" org/repo ".to_string()),
+                sort: Some("longest".to_string()),
+                time_range: Some("30d".to_string()),
+                force_refresh: None,
+            });
+
+        assert_eq!(page, 1);
+        assert_eq!(per_page, 200);
+        assert_eq!(mode, SearchMode::Keyword);
+        assert_eq!(filter.search.as_deref(), Some("fix auth"));
+        assert_eq!(filter.tool.as_deref(), Some("codex"));
+        assert_eq!(filter.git_repo_name.as_deref(), Some("org/repo"));
+        assert_eq!(filter.sort, LocalSortOrder::Longest);
+        assert_eq!(filter.time_range, LocalTimeRange::Days30);
+        assert_eq!(filter.offset, Some(0));
+    }
+
+    #[test]
+    fn vector_prefix_without_query_keeps_vector_mode_but_clears_search_text() {
+        let (query, mode) = split_search_mode(Some("vector:   ".to_string()));
+
+        assert_eq!(query, None);
+        assert_eq!(mode, SearchMode::Vector);
+    }
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 1a23d760..6fd28f74 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -1,5 +1,8 @@
 #![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
 
+mod app;
+
+use app::session_query::{build_local_filter_with_mode, split_search_mode, SearchMode};
 use base64::{engine::general_purpose::STANDARD as BASE64_STANDARD, Engine as _};
 use opensession_api::{
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
@@ -76,12 +79,6 @@ const CHANGE_READER_MAX_EVENTS: usize = 180;
 const CHANGE_READER_MAX_LINE_CHARS: usize = 220;
 const FORCE_REFRESH_MAX_DISCOVERY_PATHS: usize = 240;
 
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum SearchMode {
-    Keyword,
-    Vector,
-}
-
 #[derive(Debug, Clone)]
 struct VectorInstallRuntimeState {
     state: DesktopVectorInstallState,
@@ -193,69 +190,6 @@ fn normalize_non_empty(value: Option<String>) -> Option<String> {
         .and_then(|trimmed| (!trimmed.is_empty()).then_some(trimmed))
 }
 
-fn split_search_mode(raw: Option<String>) -> (Option<String>, SearchMode) {
-    let normalized = normalize_non_empty(raw);
-    let Some(value) = normalized else {
-        return (None, SearchMode::Keyword);
-    };
-    let lower = value.to_ascii_lowercase();
-    for prefix in ["vector:", "vec:"] {
-        if lower.starts_with(prefix) {
-            let query = value[prefix.len()..].trim().to_string();
-            return ((!query.is_empty()).then_some(query), SearchMode::Vector);
-        }
-    }
-    (Some(value), SearchMode::Keyword)
-}
-
-fn parse_positive_u32(raw: Option<String>, fallback: u32, max: u32) -> u32 {
-    let parsed = raw
-        .and_then(|value| value.parse::<u32>().ok())
-        .filter(|value| *value > 0)
-        .unwrap_or(fallback);
-    parsed.min(max).max(1)
-}
-
-fn map_sort_order(sort: Option<&str>) -> opensession_local_db::LocalSortOrder {
-    match sort.unwrap_or_default() {
-        "popular" => opensession_local_db::LocalSortOrder::Popular,
-        "longest" => opensession_local_db::LocalSortOrder::Longest,
-        _ => opensession_local_db::LocalSortOrder::Recent,
-    }
-}
-
-fn map_time_range(time_range: Option<&str>) -> opensession_local_db::LocalTimeRange {
-    match time_range.unwrap_or_default() {
-        "24h" => opensession_local_db::LocalTimeRange::Hours24,
-        "7d" => opensession_local_db::LocalTimeRange::Days7,
-        "30d" => opensession_local_db::LocalTimeRange::Days30,
-        _ => opensession_local_db::LocalTimeRange::All,
-    }
-}
-
-fn build_local_filter_with_mode(
-    query: DesktopSessionListQuery,
-) -> (LocalSessionFilter, u32, u32, SearchMode) {
-    let page = parse_positive_u32(query.page, 1, 10_000);
-    let per_page = parse_positive_u32(query.per_page, 20, 200);
-    let offset = (page.saturating_sub(1)).saturating_mul(per_page);
-    let (search_query, search_mode) = split_search_mode(query.search);
-
-    let filter = LocalSessionFilter {
-        search: search_query,
-        tool: normalize_non_empty(query.tool),
-        git_repo_name: normalize_non_empty(query.git_repo_name),
-        exclude_low_signal: true,
-        sort: map_sort_order(query.sort.as_deref()),
-        time_range: map_time_range(query.time_range.as_deref()),
-        limit: Some(per_page),
-        offset: Some(offset),
-        ..Default::default()
-    };
-
-    (filter, page, per_page, search_mode)
-}
-
 fn force_refresh_discovery_tools() -> &'static [&'static str] {
     // Cursor workspace DBs are high-volume and often metadata-only. Exclude them from the
     // synchronous force-refresh path so recent sessions show up immediately.
@@ -5497,12 +5431,12 @@ mod tests {
         build_vector_chunks_for_session, canonicalize_summaries, cosine_similarity,
         desktop_ask_session_changes, desktop_change_reader_tts, desktop_get_contract_version,
         desktop_get_runtime_settings, desktop_get_session_detail, desktop_get_session_raw,
-        desktop_list_sessions, desktop_read_session_changes,
-        desktop_share_session_quick, desktop_summary_batch_run, desktop_summary_batch_status,
-        desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
-        map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
-        parse_cli_quick_share_response, session_summary_from_local_row, split_search_mode,
-        validate_pin_alias, validate_vector_preflight_ready, DesktopSessionListQuery, SearchMode,
+        desktop_list_sessions, desktop_read_session_changes, desktop_share_session_quick,
+        desktop_summary_batch_run, desktop_summary_batch_status, desktop_update_runtime_settings,
+        extract_vector_lines, force_refresh_discovery_tools, map_link_type, normalize_launch_route,
+        normalize_session_body_to_hail_jsonl, parse_cli_quick_share_response,
+        session_summary_from_local_row, split_search_mode, validate_pin_alias,
+        validate_vector_preflight_ready, DesktopSessionListQuery, SearchMode,
     };
     use opensession_api::{
         DesktopChangeQuestionRequest, DesktopChangeReadRequest, DesktopChangeReaderScope,
@@ -6675,7 +6609,10 @@ mod tests {
 
         let lifecycle_status = super::desktop_lifecycle_cleanup_status_from_db(&db)
             .expect("read lifecycle cleanup status");
-        assert_eq!(lifecycle_status.state, DesktopLifecycleCleanupState::Complete);
+        assert_eq!(
+            lifecycle_status.state,
+            DesktopLifecycleCleanupState::Complete
+        );
         assert_eq!(lifecycle_status.deleted_sessions, 1);
         assert_eq!(lifecycle_status.deleted_summaries, 1);
         assert!(
diff --git a/packages/ui/package-lock.json b/packages/ui/package-lock.json
index 9761fa90..167b1b53 100644
--- a/packages/ui/package-lock.json
+++ b/packages/ui/package-lock.json
@@ -8,6 +8,7 @@
 			"name": "@opensession/ui",
 			"version": "0.1.0",
 			"dependencies": {
+				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
 				"isomorphic-dompurify": "^2.28.0",
 				"marked": "^17.0.1"
@@ -882,6 +883,12 @@
 			"dev": true,
 			"license": "BSD-2-Clause"
 		},
+		"node_modules/@standard-schema/spec": {
+			"version": "1.1.0",
+			"resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz",
+			"integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==",
+			"license": "MIT"
+		},
 		"node_modules/@sveltejs/acorn-typescript": {
 			"version": "1.0.8",
 			"resolved": "https://registry.npmjs.org/@sveltejs/acorn-typescript/-/acorn-typescript-1.0.8.tgz",
@@ -1047,6 +1054,16 @@
 				"@types/trusted-types": "^2.0.7"
 			}
 		},
+		"node_modules/effect": {
+			"version": "3.19.19",
+			"resolved": "https://registry.npmjs.org/effect/-/effect-3.19.19.tgz",
+			"integrity": "sha512-Yc8U/SVXo2dHnaP7zNBlAo83h/nzSJpi7vph6Hzyl4ulgMBIgPmz3UzOjb9sBgpFE00gC0iETR244sfXDNLHRg==",
+			"license": "MIT",
+			"dependencies": {
+				"@standard-schema/spec": "^1.0.0",
+				"fast-check": "^3.23.1"
+			}
+		},
 		"node_modules/entities": {
 			"version": "6.0.1",
 			"resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
@@ -1118,6 +1135,28 @@
 				"@jridgewell/sourcemap-codec": "^1.4.15"
 			}
 		},
+		"node_modules/fast-check": {
+			"version": "3.23.2",
+			"resolved": "https://registry.npmjs.org/fast-check/-/fast-check-3.23.2.tgz",
+			"integrity": "sha512-h5+1OzzfCC3Ef7VbtKdcv7zsstUQwUDlYpUTvjeUsJAssPgLn7QzbboPtL5ro04Mq0rPOsMzl7q5hIbRs2wD1A==",
+			"funding": [
+				{
+					"type": "individual",
+					"url": "https://github.com/sponsors/dubzzz"
+				},
+				{
+					"type": "opencollective",
+					"url": "https://opencollective.com/fast-check"
+				}
+			],
+			"license": "MIT",
+			"dependencies": {
+				"pure-rand": "^6.1.0"
+			},
+			"engines": {
+				"node": ">=8.0.0"
+			}
+		},
 		"node_modules/fsevents": {
 			"version": "2.3.3",
 			"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
@@ -1333,6 +1372,22 @@
 				"node": ">=6"
 			}
 		},
+		"node_modules/pure-rand": {
+			"version": "6.1.0",
+			"resolved": "https://registry.npmjs.org/pure-rand/-/pure-rand-6.1.0.tgz",
+			"integrity": "sha512-bVWawvoZoBYpp6yIoQtQXHZjmz35RSVHnUOTefl8Vcjr8snTPY1wnpSPMWekcFwbxI6gtmT7rSYPFvz71ldiOA==",
+			"funding": [
+				{
+					"type": "individual",
+					"url": "https://github.com/sponsors/dubzzz"
+				},
+				{
+					"type": "opencollective",
+					"url": "https://opencollective.com/fast-check"
+				}
+			],
+			"license": "MIT"
+		},
 		"node_modules/require-from-string": {
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
diff --git a/packages/ui/package.json b/packages/ui/package.json
index 164e5ca3..c2dea303 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -29,6 +29,7 @@
 		"svelte": "^5.0.0"
 	},
 	"dependencies": {
+		"effect": "3.19.19",
 		"highlight.js": "^11.11.1",
 		"isomorphic-dompurify": "^2.28.0",
 		"marked": "^17.0.1"
@@ -37,7 +38,7 @@
 		"lint": "biome check src/",
 		"lint:fix": "biome check --write src/",
 		"format": "biome format --write src/",
-		"test": "tsx --test src/**/*.test.ts"
+		"test": "tsx --test src/*.test.ts src/**/*.test.ts"
 	},
 	"devDependencies": {
 		"@biomejs/biome": "2.3.15",
diff --git a/packages/ui/src/api-internal/auth-services.ts b/packages/ui/src/api-internal/auth-services.ts
new file mode 100644
index 00000000..62eb79b8
--- /dev/null
+++ b/packages/ui/src/api-internal/auth-services.ts
@@ -0,0 +1,198 @@
+import { Effect } from 'effect';
+import type {
+	AuthProvidersResponse,
+	AuthTokenResponse,
+	CapabilitiesResponse,
+	GitCredentialSummary,
+	IssueApiKeyResponse,
+	ListGitCredentialsResponse,
+	UserSettings,
+} from '../types';
+import { requestEffect } from './requests';
+import {
+	getBaseUrl,
+	getCsrfToken,
+	getOAuthUrl,
+	isAuthenticated,
+	isDesktopLocalRuntime,
+	type RuntimeEnv,
+	RuntimeEnvTag,
+} from './runtime';
+import { ApiError } from './errors';
+import { getApiCapabilitiesEffect, getAuthProvidersEffect } from './session-services';
+
+export function isAuthenticatedEffect(): Effect.Effect<boolean, never, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		return isAuthenticated(runtime);
+	});
+}
+
+export function verifyAuthEffect(): Effect.Effect<boolean, unknown, RuntimeEnv> {
+	return Effect.gen(function* () {
+		try {
+			yield* requestEffect<unknown>('/api/auth/verify', { method: 'POST' });
+			return true;
+		} catch (error) {
+			if (error instanceof ApiError && (error.status === 401 || error.status === 403)) {
+				const refreshed = yield* tryRefreshTokenEffect();
+				if (!refreshed) return false;
+				try {
+					yield* requestEffect<unknown>('/api/auth/verify', { method: 'POST' });
+					return true;
+				} catch {
+					return false;
+				}
+			}
+			return false;
+		}
+	});
+}
+
+export function getSettingsEffect(): Effect.Effect<UserSettings, unknown, RuntimeEnv> {
+	return requestEffect<UserSettings>('/api/auth/me');
+}
+
+export function issueApiKeyEffect(): Effect.Effect<IssueApiKeyResponse, unknown, RuntimeEnv> {
+	return requestEffect<IssueApiKeyResponse>('/api/auth/api-keys/issue', {
+		method: 'POST',
+	});
+}
+
+export function listGitCredentialsEffect(): Effect.Effect<
+	GitCredentialSummary[],
+	unknown,
+	RuntimeEnv
+> {
+	return Effect.gen(function* () {
+		const response = yield* requestEffect<ListGitCredentialsResponse>('/api/auth/git-credentials');
+		return response.credentials ?? [];
+	});
+}
+
+export function createGitCredentialEffect(params: {
+	label: string;
+	host: string;
+	path_prefix?: string | null;
+	header_name: string;
+	header_value: string;
+}): Effect.Effect<GitCredentialSummary, unknown, RuntimeEnv> {
+	return requestEffect<GitCredentialSummary>('/api/auth/git-credentials', {
+		method: 'POST',
+		body: JSON.stringify({
+			label: params.label,
+			host: params.host,
+			path_prefix: params.path_prefix ?? null,
+			header_name: params.header_name,
+			header_value: params.header_value,
+		}),
+	});
+}
+
+export function deleteGitCredentialEffect(id: string): Effect.Effect<void, unknown, RuntimeEnv> {
+	return requestEffect<void>(`/api/auth/git-credentials/${encodeURIComponent(id)}`, {
+		method: 'DELETE',
+	});
+}
+
+export function authRegisterEffect(
+	email: string,
+	password: string,
+	nickname: string,
+): Effect.Effect<AuthTokenResponse, unknown, RuntimeEnv> {
+	return requestEffect<AuthTokenResponse>('/api/auth/register', {
+		method: 'POST',
+		body: JSON.stringify({ email, password, nickname }),
+		includeAuthHeader: false,
+	});
+}
+
+export function authLoginEffect(
+	email: string,
+	password: string,
+): Effect.Effect<AuthTokenResponse, unknown, RuntimeEnv> {
+	return requestEffect<AuthTokenResponse>('/api/auth/login', {
+		method: 'POST',
+		body: JSON.stringify({ email, password }),
+		includeAuthHeader: false,
+	});
+}
+
+function tryRefreshTokenEffect(): Effect.Effect<boolean, unknown, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		if (isDesktopLocalRuntime(runtime)) return false;
+		try {
+			const url = `${getBaseUrl(runtime)}/api/auth/refresh`;
+			const headers: Record<string, string> = { 'Content-Type': 'application/json' };
+			const csrf = getCsrfToken(runtime);
+			if (csrf) headers['X-CSRF-Token'] = csrf;
+			const response = yield* Effect.tryPromise(() =>
+				runtime.fetchImpl(url, {
+					method: 'POST',
+					headers,
+					credentials: 'include',
+				}),
+			);
+			if (!response.ok) return false;
+			yield* Effect.tryPromise(() => response.json());
+			return true;
+		} catch {
+			return false;
+		}
+	});
+}
+
+export function authLogoutEffect(): Effect.Effect<void, never, RuntimeEnv> {
+	return Effect.catchAll(
+		requestEffect('/api/auth/logout', {
+			method: 'POST',
+		}),
+		() => Effect.void,
+	);
+}
+
+export function getAuthProvidersSafeEffect(): Effect.Effect<AuthProvidersResponse, never, RuntimeEnv> {
+	return Effect.catchAll(getAuthProvidersEffect(), () =>
+		Effect.succeed({ email_password: false, oauth: [] }),
+	);
+}
+
+export function getApiCapabilitiesSafeEffect(): Effect.Effect<
+	CapabilitiesResponse,
+	never,
+	RuntimeEnv
+> {
+	return Effect.catchAll(getApiCapabilitiesEffect(), () =>
+		Effect.succeed({
+			auth_enabled: false,
+			parse_preview_enabled: false,
+			register_targets: [],
+			share_modes: [],
+		}),
+	);
+}
+
+export function getOAuthUrlEffect(provider: string): Effect.Effect<string, never, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		return getOAuthUrl(runtime, provider);
+	});
+}
+
+export function handleAuthCallbackEffect(): Effect.Effect<boolean, unknown, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		if (!runtime.hasWindow()) return false;
+		const location = runtime.getLocation();
+		if (location.hash) {
+			runtime.replaceHistoryUrl(location.pathname);
+		}
+		try {
+			yield* requestEffect<unknown>('/api/auth/verify', { method: 'POST' });
+			return true;
+		} catch {
+			return false;
+		}
+	});
+}
diff --git a/packages/ui/src/api-internal/errors.ts b/packages/ui/src/api-internal/errors.ts
new file mode 100644
index 00000000..f1dd6d36
--- /dev/null
+++ b/packages/ui/src/api-internal/errors.ts
@@ -0,0 +1,66 @@
+import type { ParsePreviewErrorResponse } from '../types';
+import { SessionReadCoreError } from '../session-read-core';
+
+function parseBodyErrorShape(body: string): {
+	code?: string;
+	message?: string;
+	details?: Record<string, unknown> | null;
+} | null {
+	try {
+		return JSON.parse(body) as {
+			code?: string;
+			message?: string;
+			details?: Record<string, unknown> | null;
+		};
+	} catch {
+		return null;
+	}
+}
+
+export class ApiError extends Error {
+	constructor(
+		public status: number,
+		public body: string,
+		public code: string = 'unknown',
+		public details: Record<string, unknown> | null = null,
+	) {
+		let message =
+			body.trimStart().startsWith('<') ? `Server returned ${status}` : body.slice(0, 200);
+		let resolvedCode = code;
+		let resolvedDetails = details;
+		if (!body.trimStart().startsWith('<')) {
+			const parsed = parseBodyErrorShape(body);
+			if (parsed) {
+				if (typeof parsed.message === 'string' && parsed.message.trim()) {
+					message = parsed.message.trim();
+				}
+				if (typeof parsed.code === 'string' && parsed.code.trim()) {
+					resolvedCode = parsed.code.trim();
+				}
+				if (parsed.details && typeof parsed.details === 'object') {
+					resolvedDetails = parsed.details;
+				}
+			}
+		}
+		super(message);
+		this.code = resolvedCode;
+		this.details = resolvedDetails;
+	}
+}
+
+export class PreviewApiError extends Error {
+	constructor(
+		public status: number,
+		public payload: ParsePreviewErrorResponse,
+	) {
+		super(payload.message);
+	}
+}
+
+export function normalizeSessionAdapterError(error: unknown): ApiError {
+	if (error instanceof ApiError) return error;
+	if (error instanceof SessionReadCoreError) {
+		return new ApiError(error.status, error.body, error.code, error.details);
+	}
+	return new ApiError(500, '{"message":"Session adapter request failed"}');
+}
diff --git a/packages/ui/src/api-internal/parse-preview-services.ts b/packages/ui/src/api-internal/parse-preview-services.ts
new file mode 100644
index 00000000..04cce783
--- /dev/null
+++ b/packages/ui/src/api-internal/parse-preview-services.ts
@@ -0,0 +1,105 @@
+import { Effect } from 'effect';
+import type {
+	ParsePreviewErrorResponse,
+	ParsePreviewRequest,
+	ParsePreviewResponse,
+	ParseSource,
+} from '../types';
+import { ApiError, PreviewApiError } from './errors';
+import { requestEffect } from './requests';
+import type { RuntimeEnv } from './runtime';
+
+function postParsePreviewEffect(
+	request: ParsePreviewRequest,
+): Effect.Effect<ParsePreviewResponse, unknown, RuntimeEnv> {
+	return Effect.gen(function* () {
+		try {
+			return yield* requestEffect<ParsePreviewResponse>('/api/parse/preview', {
+				method: 'POST',
+				body: JSON.stringify(request),
+			});
+		} catch (error) {
+			if (error instanceof ApiError) {
+				let parsed: ParsePreviewErrorResponse | null = null;
+				try {
+					parsed = JSON.parse(error.body) as ParsePreviewErrorResponse;
+				} catch {
+					parsed = null;
+				}
+				if (parsed && typeof parsed.code === 'string' && typeof parsed.message === 'string') {
+					throw new PreviewApiError(error.status, parsed);
+				}
+			}
+			throw error;
+		}
+	});
+}
+
+export function previewSessionFromGithubSourceEffect(params: {
+	owner: string;
+	repo: string;
+	ref: string;
+	path: string;
+	parser_hint?: string;
+}): Effect.Effect<ParsePreviewResponse, unknown, RuntimeEnv> {
+	const source: ParseSource = {
+		kind: 'github',
+		owner: params.owner,
+		repo: params.repo,
+		ref: params.ref,
+		path: params.path,
+	};
+	return postParsePreviewEffect({
+		source,
+		parser_hint: params.parser_hint ?? null,
+	});
+}
+
+export function previewSessionFromGitSourceEffect(params: {
+	remote: string;
+	ref: string;
+	path: string;
+	parser_hint?: string;
+}): Effect.Effect<ParsePreviewResponse, unknown, RuntimeEnv> {
+	const source: ParseSource = {
+		kind: 'git',
+		remote: params.remote,
+		ref: params.ref,
+		path: params.path,
+	};
+	return postParsePreviewEffect({
+		source,
+		parser_hint: params.parser_hint ?? null,
+	});
+}
+
+export function previewSessionFromInlineSourceEffect(params: {
+	filename: string;
+	content_base64: string;
+	parser_hint?: string;
+}): Effect.Effect<ParsePreviewResponse, unknown, RuntimeEnv> {
+	const source: ParseSource = {
+		kind: 'inline',
+		filename: params.filename,
+		content_base64: params.content_base64,
+	};
+	return postParsePreviewEffect({
+		source,
+		parser_hint: params.parser_hint ?? null,
+	});
+}
+
+export function getParsePreviewError(error: unknown): ParsePreviewErrorResponse | null {
+	if (error instanceof PreviewApiError) return error.payload;
+	if (error instanceof ApiError) {
+		try {
+			const parsed = JSON.parse(error.body) as ParsePreviewErrorResponse;
+			if (typeof parsed.code === 'string' && typeof parsed.message === 'string') {
+				return parsed;
+			}
+		} catch {
+			// Ignore non-JSON errors.
+		}
+	}
+	return null;
+}
diff --git a/packages/ui/src/api-internal/requests.ts b/packages/ui/src/api-internal/requests.ts
new file mode 100644
index 00000000..41f733bf
--- /dev/null
+++ b/packages/ui/src/api-internal/requests.ts
@@ -0,0 +1,70 @@
+import { Effect } from 'effect';
+import { ApiError } from './errors';
+import {
+	assertDesktopHttpApiAvailable,
+	getAuthHeader,
+	getBaseUrl,
+	getCsrfToken,
+	type RuntimeEnv,
+	RuntimeEnvTag,
+} from './runtime';
+
+type RequestEffectOptions = RequestInit & {
+	includeAuthHeader?: boolean;
+};
+
+export function requestEffect<T>(
+	path: string,
+	options: RequestEffectOptions = {},
+): Effect.Effect<T, unknown, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		assertDesktopHttpApiAvailable(runtime, path);
+		const url = `${getBaseUrl(runtime)}${path}`;
+		const method = (options.method ?? 'GET').toUpperCase();
+		const needsCsrf = method !== 'GET' && method !== 'HEAD' && method !== 'OPTIONS';
+		const includeAuthHeader = options.includeAuthHeader !== false;
+		const headers: Record<string, string> = {
+			'Content-Type': 'application/json',
+			...(options.headers as Record<string, string>),
+		};
+
+		if (includeAuthHeader) {
+			const auth = getAuthHeader(runtime);
+			if (auth) headers.Authorization = auth;
+		}
+		if (needsCsrf) {
+			const csrf = getCsrfToken(runtime);
+			if (csrf) headers['X-CSRF-Token'] = csrf;
+		}
+
+		const response = yield* Effect.tryPromise(() =>
+			runtime.fetchImpl(url, {
+				...options,
+				headers,
+				credentials: 'include',
+			}),
+		);
+
+		if (!response.ok) {
+			const body = yield* Effect.tryPromise(() => response.text());
+			return yield* Effect.fail(new ApiError(response.status, body));
+		}
+
+		if (response.status === 204) {
+			return undefined as T;
+		}
+
+		const contentType = response.headers.get('content-type') || '';
+		if (!contentType.includes('application/json')) {
+			return undefined as T;
+		}
+
+		const text = yield* Effect.tryPromise(() => response.text());
+		if (!text.trim()) {
+			return undefined as T;
+		}
+
+		return JSON.parse(text) as T;
+	});
+}
diff --git a/packages/ui/src/api-internal/runtime.ts b/packages/ui/src/api-internal/runtime.ts
new file mode 100644
index 00000000..1a1a85bd
--- /dev/null
+++ b/packages/ui/src/api-internal/runtime.ts
@@ -0,0 +1,220 @@
+import { Cause, Context, Effect, Exit, Layer } from 'effect';
+import {
+	createDesktopSessionReadAdapter,
+	createUnavailableDesktopSessionReadAdapter,
+	createWebSessionReadAdapter,
+	type DesktopInvoke,
+	type SessionReadAdapter,
+} from '../session-adapter';
+import { ApiError } from './errors';
+
+declare global {
+	interface Window {
+		__OPENSESSION_API_URL__?: string;
+		__TAURI_INTERNALS__?: unknown;
+		__TAURI__?: {
+			core?: {
+				invoke?: DesktopInvoke;
+			};
+		};
+	}
+}
+
+export interface RuntimeLocation {
+	origin: string;
+	protocol: string;
+	pathname: string;
+	hash: string;
+	search: string;
+}
+
+export interface RuntimeEnv {
+	fetchImpl: typeof fetch;
+	now: () => number;
+	getStorageItem: (key: string) => string | null;
+	setStorageItem: (key: string, value: string) => void;
+	removeStorageItem: (key: string) => void;
+	getDocumentCookie: () => string;
+	getLocation: () => RuntimeLocation;
+	replaceHistoryUrl: (url: string) => void;
+	getApiUrlOverride: () => string | null;
+	getDesktopInvoke: () => DesktopInvoke | null;
+	isTauriRuntime: () => boolean;
+	hasWindow: () => boolean;
+}
+
+export const RuntimeEnvTag = Context.GenericTag<RuntimeEnv>('opensession/ui/runtime-env');
+
+function isHttpLikeOrigin(origin: string): boolean {
+	return origin.startsWith('http://') || origin.startsWith('https://');
+}
+
+export function createBrowserRuntimeEnv(): RuntimeEnv {
+	return {
+		fetchImpl: fetch,
+		now: () => Date.now(),
+		getStorageItem(key) {
+			if (typeof localStorage === 'undefined') return null;
+			try {
+				return localStorage.getItem(key);
+			} catch {
+				return null;
+			}
+		},
+		setStorageItem(key, value) {
+			if (typeof localStorage === 'undefined') return;
+			localStorage.setItem(key, value);
+		},
+		removeStorageItem(key) {
+			if (typeof localStorage === 'undefined') return;
+			localStorage.removeItem(key);
+		},
+		getDocumentCookie() {
+			if (typeof document === 'undefined') return '';
+			return document.cookie ?? '';
+		},
+		getLocation() {
+			if (typeof window === 'undefined') {
+				return {
+					origin: '',
+					protocol: '',
+					pathname: '',
+					hash: '',
+					search: '',
+				};
+			}
+			return {
+				origin: window.location.origin,
+				protocol: window.location.protocol,
+				pathname: window.location.pathname,
+				hash: window.location.hash,
+				search: window.location.search,
+			};
+		},
+		replaceHistoryUrl(url) {
+			if (typeof window === 'undefined') return;
+			window.history?.replaceState?.(null, '', url);
+		},
+		getApiUrlOverride() {
+			if (typeof window === 'undefined') return null;
+			return window.__OPENSESSION_API_URL__?.trim() || null;
+		},
+		getDesktopInvoke() {
+			if (typeof window === 'undefined') return null;
+			const invoke = window.__TAURI__?.core?.invoke;
+			return typeof invoke === 'function' ? invoke : null;
+		},
+		isTauriRuntime() {
+			if (typeof window === 'undefined') return false;
+			if ('__TAURI_INTERNALS__' in window) return true;
+			return window.location.protocol === 'tauri:';
+		},
+		hasWindow() {
+			return typeof window !== 'undefined';
+		},
+	};
+}
+
+export function browserRuntimeLayer(): Layer.Layer<RuntimeEnv> {
+	return Layer.succeed(RuntimeEnvTag, createBrowserRuntimeEnv());
+}
+
+export function runUiEffect<A, E>(effect: Effect.Effect<A, E, RuntimeEnv>): Promise<A> {
+	return Effect.runPromiseExit(Effect.provide(effect, browserRuntimeLayer())).then((exit) => {
+		if (Exit.isSuccess(exit)) return exit.value;
+		throw Cause.squash(exit.cause);
+	});
+}
+
+export function readBrowserRuntime(): RuntimeEnv {
+	return createBrowserRuntimeEnv();
+}
+
+export function hasDesktopApiOverride(runtime: RuntimeEnv): boolean {
+	const runtimeOverride = runtime.getApiUrlOverride();
+	if (runtimeOverride) return true;
+	return Boolean(runtime.getStorageItem('opensession_api_url')?.trim());
+}
+
+export function isDesktopLocalRuntime(runtime: RuntimeEnv): boolean {
+	return runtime.isTauriRuntime() && !hasDesktopApiOverride(runtime);
+}
+
+export function getBaseUrl(runtime: RuntimeEnv): string {
+	const runtimeOverride = runtime.getApiUrlOverride();
+	if (runtimeOverride) return runtimeOverride;
+
+	const stored = runtime.getStorageItem('opensession_api_url');
+	if (stored) return stored;
+
+	const location = runtime.getLocation();
+	if (isHttpLikeOrigin(location.origin)) return location.origin;
+	if (runtime.isTauriRuntime()) return '';
+	if (!location.origin || location.origin === 'null') return '';
+	return location.origin;
+}
+
+export function getCookieValue(runtime: RuntimeEnv, name: string): string | null {
+	const encodedName = `${name}=`;
+	const parts = runtime.getDocumentCookie().split(';');
+	for (const raw of parts) {
+		const trimmed = raw.trim();
+		if (trimmed.startsWith(encodedName)) {
+			return trimmed.slice(encodedName.length);
+		}
+	}
+	return null;
+}
+
+export function getCsrfToken(runtime: RuntimeEnv): string | null {
+	return getCookieValue(runtime, 'opensession_csrf_token');
+}
+
+export function getAuthHeader(runtime: RuntimeEnv): string | null {
+	const apiKey = runtime.getStorageItem('opensession_api_key');
+	return apiKey ? `Bearer ${apiKey}` : null;
+}
+
+export function setBaseUrl(runtime: RuntimeEnv, url: string) {
+	runtime.setStorageItem('opensession_api_url', url);
+}
+
+export function isAuthenticated(runtime: RuntimeEnv): boolean {
+	return getCsrfToken(runtime) != null;
+}
+
+export function desktopHttpApiUnavailable(path: string): ApiError {
+	return new ApiError(
+		501,
+		JSON.stringify({
+			code: 'desktop_http_api_unavailable',
+			message:
+				'HTTP API is unavailable in desktop local runtime. Set OPENSESSION_API_URL to call a remote server.',
+			details: { path },
+		}),
+	);
+}
+
+export function assertDesktopHttpApiAvailable(runtime: RuntimeEnv, path: string) {
+	if (isDesktopLocalRuntime(runtime)) {
+		throw desktopHttpApiUnavailable(path);
+	}
+}
+
+export function createRuntimeSessionReadAdapter(runtime: RuntimeEnv): SessionReadAdapter {
+	const invoke = runtime.getDesktopInvoke();
+	if (isDesktopLocalRuntime(runtime)) {
+		if (invoke) return createDesktopSessionReadAdapter(invoke);
+		return createUnavailableDesktopSessionReadAdapter();
+	}
+	return createWebSessionReadAdapter({
+		baseUrl: getBaseUrl(runtime),
+		fetchImpl: runtime.fetchImpl,
+		getAuthHeader: async () => getAuthHeader(runtime),
+	});
+}
+
+export function getOAuthUrl(runtime: RuntimeEnv, provider: string): string {
+	if (isDesktopLocalRuntime(runtime)) return '#';
+	return `${getBaseUrl(runtime)}/api/auth/oauth/${encodeURIComponent(provider)}`;
+}
diff --git a/packages/ui/src/api-internal/session-services.ts b/packages/ui/src/api-internal/session-services.ts
new file mode 100644
index 00000000..d2069918
--- /dev/null
+++ b/packages/ui/src/api-internal/session-services.ts
@@ -0,0 +1,274 @@
+import { Effect } from 'effect';
+import { createSessionReadCore } from '../session-read-core';
+import type {
+	CapabilitiesResponse,
+	DesktopChangeQuestionResponse,
+	DesktopChangeReaderScope,
+	DesktopChangeReadResponse,
+	DesktopChangeReaderTtsResponse,
+	DesktopHandoffBuildResponse,
+	DesktopLifecycleCleanupStatusResponse,
+	DesktopQuickShareResponse,
+	DesktopRuntimeSettingsResponse,
+	DesktopRuntimeSettingsUpdateRequest,
+	DesktopSummaryBatchStatusResponse,
+	DesktopSessionSummaryResponse,
+	DesktopSummaryProviderDetectResponse,
+	DesktopVectorIndexStatusResponse,
+	DesktopVectorInstallStatusResponse,
+	DesktopVectorPreflightResponse,
+	DesktopVectorSearchResponse,
+	Session,
+	SessionDetail,
+	SessionListResponse,
+	AuthProvidersResponse,
+} from '../types';
+import type { SessionListParams } from '../session-adapter';
+import { normalizeSessionAdapterError } from './errors';
+import {
+	createRuntimeSessionReadAdapter,
+	type RuntimeEnv,
+	RuntimeEnvTag,
+} from './runtime';
+
+function withSessionReadCore<A>(
+	handler: (core: ReturnType<typeof createSessionReadCore>) => Promise<A>,
+): Effect.Effect<A, ReturnType<typeof normalizeSessionAdapterError>, RuntimeEnv> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		const core = createSessionReadCore(createRuntimeSessionReadAdapter(runtime));
+		return yield* Effect.tryPromise({
+			try: () => handler(core),
+			catch: normalizeSessionAdapterError,
+		});
+	});
+}
+
+export function listSessionsEffect(
+	params?: SessionListParams,
+): Effect.Effect<SessionListResponse, ReturnType<typeof normalizeSessionAdapterError>, RuntimeEnv> {
+	return withSessionReadCore((core) => core.listSessions(params));
+}
+
+export function listSessionReposEffect(): Effect.Effect<
+	string[],
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.listRepos());
+}
+
+export function getSessionEffect(
+	id: string,
+): Effect.Effect<Session, ReturnType<typeof normalizeSessionAdapterError>, RuntimeEnv> {
+	return withSessionReadCore((core) => core.getSession(id));
+}
+
+export function getSessionDetailEffect(
+	id: string,
+): Effect.Effect<SessionDetail, ReturnType<typeof normalizeSessionAdapterError>, RuntimeEnv> {
+	return withSessionReadCore((core) => core.getSessionDetail(id));
+}
+
+export function getSessionSemanticSummaryEffect(
+	sessionId: string,
+): Effect.Effect<
+	DesktopSessionSummaryResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.getSessionSummary(sessionId));
+}
+
+export function regenerateSessionSemanticSummaryEffect(
+	sessionId: string,
+): Effect.Effect<
+	DesktopSessionSummaryResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.regenerateSessionSummary(sessionId));
+}
+
+export function buildSessionHandoffEffect(
+	sessionId: string,
+	pinLatest: boolean,
+): Effect.Effect<
+	DesktopHandoffBuildResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.buildHandoff(sessionId, pinLatest));
+}
+
+export function quickShareSessionEffect(
+	sessionId: string,
+	remote: string | null,
+): Effect.Effect<
+	DesktopQuickShareResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.quickShareSession(sessionId, remote));
+}
+
+export function readSessionChangesEffect(
+	sessionId: string,
+	scope?: DesktopChangeReaderScope | null,
+): Effect.Effect<
+	DesktopChangeReadResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.readSessionChanges(sessionId, scope));
+}
+
+export function askSessionChangesEffect(
+	sessionId: string,
+	question: string,
+	scope?: DesktopChangeReaderScope | null,
+): Effect.Effect<
+	DesktopChangeQuestionResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.askSessionChanges(sessionId, question, scope));
+}
+
+export function changeReaderTextToSpeechEffect(
+	text: string,
+	sessionId?: string | null,
+	scope?: DesktopChangeReaderScope | null,
+): Effect.Effect<
+	DesktopChangeReaderTtsResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.changeReaderTts(text, sessionId, scope));
+}
+
+export function getRuntimeSettingsEffect(): Effect.Effect<
+	DesktopRuntimeSettingsResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.getRuntimeSettings());
+}
+
+export function updateRuntimeSettingsEffect(
+	request: DesktopRuntimeSettingsUpdateRequest,
+): Effect.Effect<
+	DesktopRuntimeSettingsResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.updateRuntimeSettings(request));
+}
+
+export function getLifecycleCleanupStatusEffect(): Effect.Effect<
+	DesktopLifecycleCleanupStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.lifecycleCleanupStatus());
+}
+
+export function runSummaryBatchEffect(): Effect.Effect<
+	DesktopSummaryBatchStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.summaryBatchRun());
+}
+
+export function getSummaryBatchStatusEffect(): Effect.Effect<
+	DesktopSummaryBatchStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.summaryBatchStatus());
+}
+
+export function detectSummaryProviderEffect(): Effect.Effect<
+	DesktopSummaryProviderDetectResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.detectSummaryProvider());
+}
+
+export function vectorPreflightEffect(): Effect.Effect<
+	DesktopVectorPreflightResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.vectorPreflight());
+}
+
+export function vectorInstallModelEffect(
+	model: string,
+): Effect.Effect<
+	DesktopVectorInstallStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.vectorInstallModel(model));
+}
+
+export function vectorIndexRebuildEffect(): Effect.Effect<
+	DesktopVectorIndexStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.vectorIndexRebuild());
+}
+
+export function vectorIndexStatusEffect(): Effect.Effect<
+	DesktopVectorIndexStatusResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.vectorIndexStatus());
+}
+
+export function searchSessionsVectorEffect(
+	query: string,
+	cursor?: string | null,
+	limit?: number,
+): Effect.Effect<
+	DesktopVectorSearchResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return withSessionReadCore((core) => core.searchSessionsVector(query, cursor, limit));
+}
+
+export function getAuthProvidersEffect(): Effect.Effect<
+	AuthProvidersResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		const adapter = createRuntimeSessionReadAdapter(runtime);
+		return yield* Effect.tryPromise({
+			try: () => adapter.getAuthProviders(),
+			catch: normalizeSessionAdapterError,
+		});
+	});
+}
+
+export function getApiCapabilitiesEffect(): Effect.Effect<
+	CapabilitiesResponse,
+	ReturnType<typeof normalizeSessionAdapterError>,
+	RuntimeEnv
+> {
+	return Effect.gen(function* () {
+		const runtime = yield* RuntimeEnvTag;
+		const adapter = createRuntimeSessionReadAdapter(runtime);
+		return yield* Effect.tryPromise({
+			try: () => adapter.getCapabilities(),
+			catch: normalizeSessionAdapterError,
+		});
+	});
+}
diff --git a/packages/ui/src/api.ts b/packages/ui/src/api.ts
index 9dcd5906..4a0053dd 100644
--- a/packages/ui/src/api.ts
+++ b/packages/ui/src/api.ts
@@ -1,11 +1,3 @@
-import {
-	createDesktopSessionReadAdapter,
-	createUnavailableDesktopSessionReadAdapter,
-	createWebSessionReadAdapter,
-	type DesktopInvoke,
-	type SessionListParams,
-} from './session-adapter';
-import { createSessionReadCore, SessionReadCoreError } from './session-read-core';
 import type {
 	AuthProvidersResponse,
 	AuthTokenResponse,
@@ -28,362 +20,136 @@ import type {
 	DesktopVectorSearchResponse,
 	GitCredentialSummary,
 	IssueApiKeyResponse,
-	ListGitCredentialsResponse,
 	LocalReviewBundle,
 	ParsePreviewErrorResponse,
-	ParsePreviewRequest,
 	ParsePreviewResponse,
-	ParseSource,
 	Session,
 	SessionDetail,
 	SessionListResponse,
 	SessionRepoListResponse,
 	UserSettings,
 } from './types';
+import type { SessionListParams } from './session-adapter';
+import {
+	ApiError,
+	PreviewApiError,
+} from './api-internal/errors';
+import {
+	authLoginEffect,
+	authLogoutEffect,
+	authRegisterEffect,
+	createGitCredentialEffect,
+	deleteGitCredentialEffect,
+	getApiCapabilitiesSafeEffect,
+	getAuthProvidersSafeEffect,
+	getSettingsEffect,
+	handleAuthCallbackEffect,
+	issueApiKeyEffect,
+	isAuthenticatedEffect,
+	listGitCredentialsEffect,
+	verifyAuthEffect,
+} from './api-internal/auth-services';
+import {
+	getParsePreviewError,
+	previewSessionFromGithubSourceEffect,
+	previewSessionFromGitSourceEffect,
+	previewSessionFromInlineSourceEffect,
+} from './api-internal/parse-preview-services';
+import { requestEffect } from './api-internal/requests';
+import {
+	askSessionChangesEffect,
+	buildSessionHandoffEffect,
+	changeReaderTextToSpeechEffect,
+	detectSummaryProviderEffect,
+	getLifecycleCleanupStatusEffect,
+	getRuntimeSettingsEffect,
+	getSessionDetailEffect,
+	getSessionEffect,
+	getSessionSemanticSummaryEffect,
+	getSummaryBatchStatusEffect,
+	listSessionReposEffect,
+	listSessionsEffect,
+	quickShareSessionEffect,
+	readSessionChangesEffect,
+	regenerateSessionSemanticSummaryEffect,
+	runSummaryBatchEffect,
+	searchSessionsVectorEffect,
+	updateRuntimeSettingsEffect,
+	vectorIndexRebuildEffect,
+	vectorIndexStatusEffect,
+	vectorInstallModelEffect,
+	vectorPreflightEffect,
+} from './api-internal/session-services';
+import {
+	getOAuthUrl as getOAuthUrlFromRuntime,
+	isAuthenticated as isAuthenticatedInRuntime,
+	readBrowserRuntime,
+	runUiEffect,
+	setBaseUrl as setBaseUrlInRuntime,
+} from './api-internal/runtime';
 
-declare global {
-	interface Window {
-		__OPENSESSION_API_URL__?: string;
-		__TAURI_INTERNALS__?: unknown;
-	}
-}
-
-function isHttpLikeOrigin(origin: string): boolean {
-	return origin.startsWith('http://') || origin.startsWith('https://');
-}
-
-function isTauriRuntime(): boolean {
-	if (typeof window === 'undefined') return false;
-	if ('__TAURI_INTERNALS__' in window) return true;
-	return window.location.protocol === 'tauri:';
-}
-
-function getDesktopInvoke(): DesktopInvoke | null {
-	if (!isTauriRuntime()) return null;
-	const tauri = (window as unknown as { __TAURI__?: { core?: { invoke?: DesktopInvoke } } })
-		.__TAURI__;
-	const invoke = tauri?.core?.invoke;
-	return typeof invoke === 'function' ? invoke : null;
-}
-
-function hasDesktopApiOverride(): boolean {
-	if (typeof window === 'undefined') return false;
-	const runtimeOverride = window.__OPENSESSION_API_URL__?.trim();
-	if (runtimeOverride) return true;
-	const stored = localStorage.getItem('opensession_api_url')?.trim();
-	return Boolean(stored);
-}
-
-function isDesktopLocalRuntime(): boolean {
-	return isTauriRuntime() && !hasDesktopApiOverride();
-}
-
-function getBaseUrl(): string {
-	if (typeof window !== 'undefined') {
-		const runtimeOverride = window.__OPENSESSION_API_URL__?.trim();
-		if (runtimeOverride) return runtimeOverride;
-
-		const stored = localStorage.getItem('opensession_api_url');
-		if (stored) return stored;
-
-		const origin = window.location.origin;
-		if (isHttpLikeOrigin(origin)) return origin;
-
-		if (isTauriRuntime()) {
-			return '';
-		}
-
-		if (origin === 'null' || !origin) return '';
-		return origin;
-	}
-	return '';
-}
-
-function getApiKey(): string | null {
-	if (typeof window === 'undefined') return null;
-	return localStorage.getItem('opensession_api_key');
-}
-
-function getCookie(name: string): string | null {
-	if (typeof window === 'undefined') return null;
-	const encodedName = `${name}=`;
-	const parts = document.cookie.split(';');
-	for (const raw of parts) {
-		const trimmed = raw.trim();
-		if (trimmed.startsWith(encodedName)) {
-			return trimmed.slice(encodedName.length);
-		}
-	}
-	return null;
-}
-
-function getCsrfToken(): string | null {
-	return getCookie('opensession_csrf_token');
-}
+export { ApiError, PreviewApiError, getParsePreviewError };
 
 export function setBaseUrl(url: string) {
-	localStorage.setItem('opensession_api_url', url);
+	setBaseUrlInRuntime(readBrowserRuntime(), url);
 }
 
 export function isAuthenticated(): boolean {
-	if (typeof window === 'undefined') return false;
-	return getCsrfToken() != null;
+	return isAuthenticatedInRuntime(readBrowserRuntime());
 }
 
 export async function verifyAuth(): Promise<boolean> {
-	try {
-		await request<unknown>('/api/auth/verify', { method: 'POST' });
-		return true;
-	} catch (error) {
-		if (error instanceof ApiError && (error.status === 401 || error.status === 403)) {
-			const refreshed = await tryRefreshToken();
-			if (!refreshed) return false;
-			try {
-				await request<unknown>('/api/auth/verify', { method: 'POST' });
-				return true;
-			} catch {
-				return false;
-			}
-		}
-		return false;
-	}
-}
-
-async function getAuthHeader(): Promise<string | null> {
-	const apiKey = getApiKey();
-	if (apiKey) return `Bearer ${apiKey}`;
-	return null;
-}
-
-function getSessionReadAdapter() {
-	const invoke = getDesktopInvoke();
-	if (isDesktopLocalRuntime()) {
-		if (invoke) return createDesktopSessionReadAdapter(invoke);
-		return createUnavailableDesktopSessionReadAdapter();
-	}
-	return createWebSessionReadAdapter({
-		baseUrl: getBaseUrl(),
-		fetchImpl: fetch,
-		getAuthHeader,
-	});
-}
-
-function desktopHttpApiUnavailable(path: string): ApiError {
-	return new ApiError(
-		501,
-		JSON.stringify({
-			code: 'desktop_http_api_unavailable',
-			message:
-				'HTTP API is unavailable in desktop local runtime. Set OPENSESSION_API_URL to call a remote server.',
-			details: { path },
-		}),
-	);
-}
-
-function assertDesktopHttpApiAvailable(path: string): void {
-	if (isDesktopLocalRuntime()) {
-		throw desktopHttpApiUnavailable(path);
-	}
-}
-
-function getSessionReadCore() {
-	return createSessionReadCore(getSessionReadAdapter());
-}
-
-function parseBodyErrorShape(body: string): {
-	code?: string;
-	message?: string;
-	details?: Record<string, unknown> | null;
-} | null {
-	try {
-		return JSON.parse(body) as {
-			code?: string;
-			message?: string;
-			details?: Record<string, unknown> | null;
-		};
-	} catch {
-		return null;
-	}
-}
-
-function normalizeSessionAdapterError(error: unknown): ApiError {
-	if (error instanceof ApiError) return error;
-	if (error instanceof SessionReadCoreError) {
-		return new ApiError(error.status, error.body, error.code, error.details);
-	}
-	return new ApiError(500, '{"message":"Session adapter request failed"}');
-}
-
-export class ApiError extends Error {
-	constructor(
-		public status: number,
-		public body: string,
-		public code: string = 'unknown',
-		public details: Record<string, unknown> | null = null,
-	) {
-		let msg = body.trimStart().startsWith('<') ? `Server returned ${status}` : body.slice(0, 200);
-		let resolvedCode = code;
-		let resolvedDetails = details;
-		if (!body.trimStart().startsWith('<')) {
-			const parsed = parseBodyErrorShape(body);
-			if (parsed) {
-				if (typeof parsed.message === 'string' && parsed.message.trim()) {
-					msg = parsed.message.trim();
-				}
-				if (typeof parsed.code === 'string' && parsed.code.trim()) {
-					resolvedCode = parsed.code.trim();
-				}
-				if (parsed.details && typeof parsed.details === 'object') {
-					resolvedDetails = parsed.details;
-				}
-			}
-		}
-		super(msg);
-		this.code = resolvedCode;
-		this.details = resolvedDetails;
-	}
-}
-
-export class PreviewApiError extends Error {
-	constructor(
-		public status: number,
-		public payload: ParsePreviewErrorResponse,
-	) {
-		super(payload.message);
-	}
-}
-
-async function request<T>(path: string, options: RequestInit = {}): Promise<T> {
-	assertDesktopHttpApiAvailable(path);
-	const url = `${getBaseUrl()}${path}`;
-	const method = (options.method ?? 'GET').toUpperCase();
-	const needsCsrf = method !== 'GET' && method !== 'HEAD' && method !== 'OPTIONS';
-	const headers: Record<string, string> = {
-		'Content-Type': 'application/json',
-		...(options.headers as Record<string, string>),
-	};
-
-	const auth = await getAuthHeader();
-	if (auth) {
-		headers.Authorization = auth;
-	}
-	if (needsCsrf) {
-		const csrf = getCsrfToken();
-		if (csrf) headers['X-CSRF-Token'] = csrf;
-	}
-
-	const res = await fetch(url, {
-		...options,
-		headers,
-		credentials: 'include',
-	});
-
-	if (!res.ok) {
-		const body = await res.text();
-		throw new ApiError(res.status, body);
-	}
-
-	if (res.status === 204) {
-		return undefined as T;
-	}
-
-	const contentType = res.headers.get('content-type') || '';
-	if (!contentType.includes('application/json')) {
-		return undefined as T;
-	}
-
-	const text = await res.text();
-	if (!text.trim()) {
-		return undefined as T;
-	}
-
-	return JSON.parse(text) as T;
+	return runUiEffect(verifyAuthEffect());
 }
 
 export async function listSessions(params?: SessionListParams): Promise<SessionListResponse> {
-	try {
-		return await getSessionReadCore().listSessions(params);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(listSessionsEffect(params));
 }
 
 export async function listSessionRepos(): Promise<SessionRepoListResponse> {
-	try {
-		const repos = await getSessionReadCore().listRepos();
-		return { repos };
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	const repos = await runUiEffect(listSessionReposEffect());
+	return { repos };
 }
 
 export async function getSession(id: string): Promise<Session> {
-	try {
-		return await getSessionReadCore().getSession(id);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getSessionEffect(id));
 }
 
 export async function getSessionDetail(id: string): Promise<SessionDetail> {
-	try {
-		return await getSessionReadCore().getSessionDetail(id);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getSessionDetailEffect(id));
 }
 
 export async function getSessionSemanticSummary(
 	sessionId: string,
 ): Promise<DesktopSessionSummaryResponse> {
-	try {
-		return await getSessionReadCore().getSessionSummary(sessionId);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getSessionSemanticSummaryEffect(sessionId));
 }
 
 export async function regenerateSessionSemanticSummary(
 	sessionId: string,
 ): Promise<DesktopSessionSummaryResponse> {
-	try {
-		return await getSessionReadCore().regenerateSessionSummary(sessionId);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(regenerateSessionSemanticSummaryEffect(sessionId));
 }
 
 export async function buildSessionHandoff(
 	sessionId: string,
 	pinLatest: boolean = true,
 ): Promise<DesktopHandoffBuildResponse> {
-	try {
-		return await getSessionReadCore().buildHandoff(sessionId, pinLatest);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(buildSessionHandoffEffect(sessionId, pinLatest));
 }
 
 export async function quickShareSession(
 	sessionId: string,
 	remote?: string | null,
 ): Promise<DesktopQuickShareResponse> {
-	try {
-		return await getSessionReadCore().quickShareSession(sessionId, remote ?? null);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(quickShareSessionEffect(sessionId, remote ?? null));
 }
 
 export async function readSessionChanges(
 	sessionId: string,
 	scope?: DesktopChangeReaderScope | null,
 ): Promise<DesktopChangeReadResponse> {
-	try {
-		return await getSessionReadCore().readSessionChanges(sessionId, scope);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(readSessionChangesEffect(sessionId, scope));
 }
 
 export async function askSessionChanges(
@@ -391,11 +157,7 @@ export async function askSessionChanges(
 	question: string,
 	scope?: DesktopChangeReaderScope | null,
 ): Promise<DesktopChangeQuestionResponse> {
-	try {
-		return await getSessionReadCore().askSessionChanges(sessionId, question, scope);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(askSessionChangesEffect(sessionId, question, scope));
 }
 
 export async function changeReaderTextToSpeech(
@@ -403,95 +165,51 @@ export async function changeReaderTextToSpeech(
 	sessionId?: string | null,
 	scope?: DesktopChangeReaderScope | null,
 ): Promise<DesktopChangeReaderTtsResponse> {
-	try {
-		return await getSessionReadCore().changeReaderTts(text, sessionId, scope);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(changeReaderTextToSpeechEffect(text, sessionId, scope));
 }
 
 export async function getRuntimeSettings(): Promise<DesktopRuntimeSettingsResponse> {
-	try {
-		return await getSessionReadCore().getRuntimeSettings();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getRuntimeSettingsEffect());
 }
 
 export async function updateRuntimeSettings(
 	request: DesktopRuntimeSettingsUpdateRequest,
 ): Promise<DesktopRuntimeSettingsResponse> {
-	try {
-		return await getSessionReadCore().updateRuntimeSettings(request);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(updateRuntimeSettingsEffect(request));
 }
 
 export async function getLifecycleCleanupStatus(): Promise<DesktopLifecycleCleanupStatusResponse> {
-	try {
-		return await getSessionReadCore().lifecycleCleanupStatus();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getLifecycleCleanupStatusEffect());
 }
 
 export async function runSummaryBatch(): Promise<DesktopSummaryBatchStatusResponse> {
-	try {
-		return await getSessionReadCore().summaryBatchRun();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(runSummaryBatchEffect());
 }
 
 export async function getSummaryBatchStatus(): Promise<DesktopSummaryBatchStatusResponse> {
-	try {
-		return await getSessionReadCore().summaryBatchStatus();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(getSummaryBatchStatusEffect());
 }
 
 export async function detectSummaryProvider(): Promise<DesktopSummaryProviderDetectResponse> {
-	try {
-		return await getSessionReadCore().detectSummaryProvider();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(detectSummaryProviderEffect());
 }
 
 export async function vectorPreflight(): Promise<DesktopVectorPreflightResponse> {
-	try {
-		return await getSessionReadCore().vectorPreflight();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(vectorPreflightEffect());
 }
 
 export async function vectorInstallModel(
 	model: string,
 ): Promise<DesktopVectorInstallStatusResponse> {
-	try {
-		return await getSessionReadCore().vectorInstallModel(model);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(vectorInstallModelEffect(model));
 }
 
 export async function vectorIndexRebuild(): Promise<DesktopVectorIndexStatusResponse> {
-	try {
-		return await getSessionReadCore().vectorIndexRebuild();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(vectorIndexRebuildEffect());
 }
 
 export async function vectorIndexStatus(): Promise<DesktopVectorIndexStatusResponse> {
-	try {
-		return await getSessionReadCore().vectorIndexStatus();
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(vectorIndexStatusEffect());
 }
 
 export async function searchSessionsVector(
@@ -499,30 +217,23 @@ export async function searchSessionsVector(
 	cursor?: string | null,
 	limit?: number,
 ): Promise<DesktopVectorSearchResponse> {
-	try {
-		return await getSessionReadCore().searchSessionsVector(query, cursor, limit);
-	} catch (error) {
-		throw normalizeSessionAdapterError(error);
-	}
+	return runUiEffect(searchSessionsVectorEffect(query, cursor, limit));
 }
 
 export async function getLocalReviewBundle(reviewId: string): Promise<LocalReviewBundle> {
-	return request<LocalReviewBundle>(`/api/review/local/${encodeURIComponent(reviewId)}`);
+	return runUiEffect(requestEffect<LocalReviewBundle>(`/api/review/local/${encodeURIComponent(reviewId)}`));
 }
 
 export async function getSettings(): Promise<UserSettings> {
-	return request<UserSettings>('/api/auth/me');
+	return runUiEffect(getSettingsEffect());
 }
 
 export async function issueApiKey(): Promise<IssueApiKeyResponse> {
-	return request<IssueApiKeyResponse>('/api/auth/api-keys/issue', {
-		method: 'POST',
-	});
+	return runUiEffect(issueApiKeyEffect());
 }
 
 export async function listGitCredentials(): Promise<GitCredentialSummary[]> {
-	const response = await request<ListGitCredentialsResponse>('/api/auth/git-credentials');
-	return response.credentials ?? [];
+	return runUiEffect(listGitCredentialsEffect());
 }
 
 export async function createGitCredential(params: {
@@ -532,22 +243,11 @@ export async function createGitCredential(params: {
 	header_name: string;
 	header_value: string;
 }): Promise<GitCredentialSummary> {
-	return request<GitCredentialSummary>('/api/auth/git-credentials', {
-		method: 'POST',
-		body: JSON.stringify({
-			label: params.label,
-			host: params.host,
-			path_prefix: params.path_prefix ?? null,
-			header_name: params.header_name,
-			header_value: params.header_value,
-		}),
-	});
+	return runUiEffect(createGitCredentialEffect(params));
 }
 
 export async function deleteGitCredential(id: string): Promise<void> {
-	await request('/api/auth/git-credentials/' + encodeURIComponent(id), {
-		method: 'DELETE',
-	});
+	return runUiEffect(deleteGitCredentialEffect(id));
 }
 
 export async function authRegister(
@@ -555,87 +255,23 @@ export async function authRegister(
 	password: string,
 	nickname: string,
 ): Promise<AuthTokenResponse> {
-	assertDesktopHttpApiAvailable('/api/auth/register');
-	const url = `${getBaseUrl()}/api/auth/register`;
-	const res = await fetch(url, {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		body: JSON.stringify({ email, password, nickname }),
-		credentials: 'include',
-	});
-	if (!res.ok) {
-		const body = await res.text();
-		throw new ApiError(res.status, body);
-	}
-	return (await res.json()) as AuthTokenResponse;
+	return runUiEffect(authRegisterEffect(email, password, nickname));
 }
 
 export async function authLogin(email: string, password: string): Promise<AuthTokenResponse> {
-	assertDesktopHttpApiAvailable('/api/auth/login');
-	const url = `${getBaseUrl()}/api/auth/login`;
-	const res = await fetch(url, {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		body: JSON.stringify({ email, password }),
-		credentials: 'include',
-	});
-	if (!res.ok) {
-		const body = await res.text();
-		throw new ApiError(res.status, body);
-	}
-	return (await res.json()) as AuthTokenResponse;
-}
-
-async function tryRefreshToken(): Promise<boolean> {
-	if (isDesktopLocalRuntime()) return false;
-	try {
-		const url = `${getBaseUrl()}/api/auth/refresh`;
-		const headers: Record<string, string> = { 'Content-Type': 'application/json' };
-		const csrf = getCsrfToken();
-		if (csrf) headers['X-CSRF-Token'] = csrf;
-		const res = await fetch(url, {
-			method: 'POST',
-			headers,
-			credentials: 'include',
-		});
-		if (!res.ok) return false;
-		await res.json();
-		return true;
-	} catch {
-		return false;
-	}
+	return runUiEffect(authLoginEffect(email, password));
 }
 
 export async function authLogout(): Promise<void> {
-	try {
-		await request('/api/auth/logout', {
-			method: 'POST',
-		});
-	} catch {
-		// ignore errors on logout
-	}
+	return runUiEffect(authLogoutEffect());
 }
 
 export async function getAuthProviders(): Promise<AuthProvidersResponse> {
-	try {
-		return await getSessionReadAdapter().getAuthProviders();
-	} catch {
-		return { email_password: false, oauth: [] };
-	}
+	return runUiEffect(getAuthProvidersSafeEffect());
 }
 
 export async function getApiCapabilities(): Promise<CapabilitiesResponse> {
-	try {
-		return await getSessionReadAdapter().getCapabilities();
-	} catch {
-		// ignore and fall through to safe defaults
-	}
-	return {
-		auth_enabled: false,
-		parse_preview_enabled: false,
-		register_targets: [],
-		share_modes: [],
-	};
+	return runUiEffect(getApiCapabilitiesSafeEffect());
 }
 
 export async function isAuthApiAvailable(): Promise<boolean> {
@@ -648,42 +284,6 @@ export async function isParsePreviewApiAvailable(): Promise<boolean> {
 	return capabilities.parse_preview_enabled;
 }
 
-async function postParsePreview(req: ParsePreviewRequest): Promise<ParsePreviewResponse> {
-	assertDesktopHttpApiAvailable('/api/parse/preview');
-	const url = `${getBaseUrl()}/api/parse/preview`;
-	const headers: Record<string, string> = { 'Content-Type': 'application/json' };
-	const auth = await getAuthHeader();
-	if (auth) headers.Authorization = auth;
-	const csrf = getCsrfToken();
-	if (csrf) headers['X-CSRF-Token'] = csrf;
-
-	const res = await fetch(url, {
-		method: 'POST',
-		headers,
-		body: JSON.stringify(req),
-		credentials: 'include',
-	});
-
-	const body = await res.text();
-	if (!res.ok) {
-		let parsed: ParsePreviewErrorResponse | null = null;
-		try {
-			parsed = JSON.parse(body) as ParsePreviewErrorResponse;
-		} catch {
-			parsed = null;
-		}
-		if (parsed && typeof parsed.code === 'string' && typeof parsed.message === 'string') {
-			throw new PreviewApiError(res.status, parsed);
-		}
-		throw new ApiError(res.status, body);
-	}
-
-	if (!body.trim()) {
-		throw new ApiError(res.status, 'Empty parse preview response');
-	}
-	return JSON.parse(body) as ParsePreviewResponse;
-}
-
 export async function previewSessionFromGithubSource(params: {
 	owner: string;
 	repo: string;
@@ -691,17 +291,7 @@ export async function previewSessionFromGithubSource(params: {
 	path: string;
 	parser_hint?: string;
 }): Promise<ParsePreviewResponse> {
-	const source: ParseSource = {
-		kind: 'github',
-		owner: params.owner,
-		repo: params.repo,
-		ref: params.ref,
-		path: params.path,
-	};
-	return postParsePreview({
-		source,
-		parser_hint: params.parser_hint ?? null,
-	});
+	return runUiEffect(previewSessionFromGithubSourceEffect(params));
 }
 
 export async function previewSessionFromGitSource(params: {
@@ -710,16 +300,7 @@ export async function previewSessionFromGitSource(params: {
 	path: string;
 	parser_hint?: string;
 }): Promise<ParsePreviewResponse> {
-	const source: ParseSource = {
-		kind: 'git',
-		remote: params.remote,
-		ref: params.ref,
-		path: params.path,
-	};
-	return postParsePreview({
-		source,
-		parser_hint: params.parser_hint ?? null,
-	});
+	return runUiEffect(previewSessionFromGitSourceEffect(params));
 }
 
 export async function previewSessionFromInlineSource(params: {
@@ -727,46 +308,13 @@ export async function previewSessionFromInlineSource(params: {
 	content_base64: string;
 	parser_hint?: string;
 }): Promise<ParsePreviewResponse> {
-	const source: ParseSource = {
-		kind: 'inline',
-		filename: params.filename,
-		content_base64: params.content_base64,
-	};
-	return postParsePreview({
-		source,
-		parser_hint: params.parser_hint ?? null,
-	});
-}
-
-export function getParsePreviewError(error: unknown): ParsePreviewErrorResponse | null {
-	if (error instanceof PreviewApiError) return error.payload;
-	if (error instanceof ApiError) {
-		try {
-			const parsed = JSON.parse(error.body) as ParsePreviewErrorResponse;
-			if (typeof parsed.code === 'string' && typeof parsed.message === 'string') {
-				return parsed;
-			}
-		} catch {
-			// ignore non-json errors
-		}
-	}
-	return null;
+	return runUiEffect(previewSessionFromInlineSourceEffect(params));
 }
 
 export function getOAuthUrl(provider: string): string {
-	if (isDesktopLocalRuntime()) return '#';
-	return `${getBaseUrl()}/api/auth/oauth/${encodeURIComponent(provider)}`;
+	return getOAuthUrlFromRuntime(readBrowserRuntime(), provider);
 }
 
 export async function handleAuthCallback(): Promise<boolean> {
-	if (typeof window === 'undefined') return false;
-	if (window.location.hash) {
-		window.history.replaceState(null, '', window.location.pathname);
-	}
-	try {
-		await request<unknown>('/api/auth/verify', { method: 'POST' });
-		return true;
-	} catch {
-		return false;
-	}
+	return runUiEffect(handleAuthCallbackEffect());
 }
diff --git a/packages/ui/src/components/SessionDetailPage.svelte b/packages/ui/src/components/SessionDetailPage.svelte
index 840d5af0..f2e60c7e 100644
--- a/packages/ui/src/components/SessionDetailPage.svelte
+++ b/packages/ui/src/components/SessionDetailPage.svelte
@@ -1,6 +1,5 @@
 <script lang="ts">
 import {
-	ApiError,
 	askSessionChanges,
 	changeReaderTextToSpeech,
 	getRuntimeSettings,
@@ -11,6 +10,12 @@ import {
 	regenerateSessionSemanticSummary,
 } from '../api';
 import { prepareTimelineEvents } from '../event-helpers';
+import {
+	askSessionChangesSurface,
+	loadSessionDetailState,
+	readSessionChangesSurface,
+	regenerateSessionSummary,
+} from '../models/session-detail-model';
 import {
 	buildNativeFilterOptions,
 	type SessionViewMode,
@@ -128,13 +133,21 @@ const semanticDiffTree = $derived.by(() => {
 async function regenerateSummary() {
 	summaryRegenerating = true;
 	summaryError = null;
-	try {
-		semanticSummary = await regenerateSessionSemanticSummary(sessionId);
-	} catch (e) {
-		summaryError = e instanceof Error ? e.message : 'Failed to regenerate summary';
-	} finally {
-		summaryRegenerating = false;
-	}
+	const result = await regenerateSessionSummary(
+		{
+			getSession,
+			getSessionDetail,
+			getSessionSemanticSummary,
+			getRuntimeSettings,
+			regenerateSessionSemanticSummary,
+			readSessionChanges,
+			askSessionChanges,
+		},
+		sessionId,
+	);
+	semanticSummary = result.semanticSummary;
+	summaryError = result.summaryError;
+	summaryRegenerating = false;
 }
 
 async function handleReadChanges() {
@@ -143,38 +156,50 @@ async function handleReadChanges() {
 	changeReaderNarrative = null;
 	changeReaderWarning = null;
 	changeReaderCitations = [];
-	try {
-		const payload = await readSessionChanges(sessionId, changeReaderScope);
-		changeReaderNarrative = payload.narrative ?? null;
-		changeReaderCitations = payload.citations ?? [];
-		changeReaderWarning = payload.warning ?? null;
-	} catch (e) {
-		changeReaderReadError = e instanceof Error ? e.message : 'Failed to read session changes';
-	} finally {
-		changeReaderReading = false;
-	}
+	const result = await readSessionChangesSurface(
+		{
+			getSession,
+			getSessionDetail,
+			getSessionSemanticSummary,
+			getRuntimeSettings,
+			regenerateSessionSemanticSummary,
+			readSessionChanges,
+			askSessionChanges,
+		},
+		sessionId,
+		changeReaderScope,
+	);
+	changeReaderNarrative = result.narrative;
+	changeReaderCitations = result.citations;
+	changeReaderWarning = result.warning;
+	changeReaderReadError = result.error;
+	changeReaderReading = false;
 }
 
 async function handleAskChangeQuestion() {
-	const question = changeReaderQuestion.trim();
-	if (!question) {
-		changeReaderAskError = 'Ask a question first.';
-		return;
-	}
 	changeReaderAsking = true;
 	changeReaderAskError = null;
 	changeReaderAnswer = null;
 	changeReaderWarning = null;
-	try {
-		const payload = await askSessionChanges(sessionId, question, changeReaderScope);
-		changeReaderAnswer = payload.answer ?? null;
-		changeReaderCitations = payload.citations ?? [];
-		changeReaderWarning = payload.warning ?? null;
-	} catch (e) {
-		changeReaderAskError = e instanceof Error ? e.message : 'Failed to answer question';
-	} finally {
-		changeReaderAsking = false;
-	}
+	const result = await askSessionChangesSurface(
+		{
+			getSession,
+			getSessionDetail,
+			getSessionSemanticSummary,
+			getRuntimeSettings,
+			regenerateSessionSemanticSummary,
+			readSessionChanges,
+			askSessionChanges,
+		},
+		sessionId,
+		changeReaderQuestion,
+		changeReaderScope,
+	);
+	changeReaderAnswer = result.answer;
+	changeReaderCitations = result.citations;
+	changeReaderWarning = result.warning;
+	changeReaderAskError = result.error;
+	changeReaderAsking = false;
 }
 
 function releaseChangeReaderAudio() {
@@ -265,49 +290,38 @@ $effect(() => {
 	changeReaderVoiceError = null;
 	changeReaderVoiceWarning = null;
 	releaseChangeReaderAudio();
-	Promise.all([getSession(sessionId), getSessionDetail(sessionId)])
-		.then(([loadedSession, loadedDetail]) => {
-			session = loadedSession;
-			detail = loadedDetail;
+	loadSessionDetailState(
+		{
+			getSession,
+			getSessionDetail,
+			getSessionSemanticSummary,
+			getRuntimeSettings,
+			regenerateSessionSemanticSummary,
+			readSessionChanges,
+			askSessionChanges,
+		},
+		sessionId,
+	)
+		.then((result) => {
+			session = result.session;
+			detail = result.detail;
+			error = result.error;
+			errorCode = result.errorCode;
+			semanticSummary = result.semanticSummary;
+			summaryError = result.summaryError;
+			changeReaderSupported = result.changeReaderSupported;
+			changeReaderEnabled = result.changeReaderEnabled;
+			changeReaderQaEnabled = result.changeReaderQaEnabled;
+			changeReaderScope = result.changeReaderScope;
+			changeReaderVoiceEnabled = result.changeReaderVoiceEnabled;
+			changeReaderVoiceConfigured = result.changeReaderVoiceConfigured;
+			changeReaderRuntimeError = result.changeReaderRuntimeError;
 			initializedForSessionId = null;
 		})
-		.catch((e) => {
-			error = e instanceof Error ? e.message : 'Failed to load session';
-			errorCode = e instanceof ApiError ? e.code : null;
-		})
 		.finally(() => {
 			loading = false;
-		});
-
-	getSessionSemanticSummary(sessionId)
-		.then((summary) => {
-			semanticSummary = summary;
-		})
-		.catch((e) => {
-			summaryError = e instanceof Error ? e.message : 'Failed to load semantic summary';
-		})
-		.finally(() => {
 			summaryLoading = false;
 		});
-
-	getRuntimeSettings()
-		.then((runtime) => {
-			changeReaderSupported = true;
-			changeReaderEnabled = runtime.change_reader?.enabled ?? false;
-			changeReaderQaEnabled = runtime.change_reader?.qa_enabled ?? false;
-			changeReaderScope = runtime.change_reader?.scope ?? 'summary_only';
-			changeReaderVoiceEnabled = runtime.change_reader?.voice?.enabled ?? false;
-			changeReaderVoiceConfigured = runtime.change_reader?.voice?.api_key_configured ?? false;
-		})
-		.catch((e) => {
-			changeReaderSupported = false;
-			changeReaderRuntimeError =
-				e instanceof ApiError && e.status === 501
-					? null
-					: e instanceof Error
-						? e.message
-						: 'Failed to load change reader settings';
-		});
 });
 
 $effect(() => {
diff --git a/packages/ui/src/components/SessionListPage.svelte b/packages/ui/src/components/SessionListPage.svelte
index 9d32dc40..da9552b7 100644
--- a/packages/ui/src/components/SessionListPage.svelte
+++ b/packages/ui/src/components/SessionListPage.svelte
@@ -1,6 +1,10 @@
 <script lang="ts">
 import { onMount } from 'svelte';
 import { listSessionRepos, listSessions } from '../api';
+import {
+	createBrowserSessionListCache,
+	createSessionListModel,
+} from '../models/session-list-model';
 import type { SessionSummary, TimeRange } from '../types';
 import { TOOL_CONFIGS } from '../types';
 import { sessionTitleFallback, stripTags } from '../utils';
@@ -28,7 +32,6 @@ let selectedIndex = $state(0);
 let renderLimit = $state(20);
 let searchInput: HTMLInputElement | undefined = $state();
 let repoFilterInputEl: HTMLInputElement | undefined = $state();
-let fetchRequestId = 0;
 let knownRepos = $state<string[]>([]);
 let copyFeedback = $state<string | null>(null);
 let copyFeedbackTimer: number | null = null;
@@ -36,15 +39,6 @@ let hydratedFromQuery = false;
 let lastResetFingerprint = $state<string | null>(null);
 
 const perPage = 20;
-const listCacheKey = 'opensession_public_list_cache_v1';
-const listCacheTtlMs = 30_000;
-
-type SessionListCacheEntry = {
-	query: string;
-	created_at: number;
-	total: number;
-	sessions: SessionSummary[];
-};
 
 const hasMore = $derived(currentPage * perPage < total);
 const visibleSessions = $derived(sessions.slice(0, renderLimit));
@@ -81,220 +75,143 @@ function sessionIndex(sessionId: string): number {
 	return sessionOrder.get(sessionId) ?? -1;
 }
 
-function currentListQueryFingerprint(page: number): string {
-	return JSON.stringify({
-		search: searchQuery || '',
-		tool: toolFilter || '',
-		git_repo_name: repoFilter,
-		time_range: timeRange,
-		page,
-		per_page: perPage,
-	});
-}
-
-function isDefaultPublicFeedQuery(page: number): boolean {
-	return (
-		page === 1 &&
-		searchQuery.trim().length === 0 &&
-		toolFilter.length === 0 &&
-		repoFilter.length === 0 &&
-		timeRange === 'all'
-	);
-}
-
-function readListCache(fingerprint: string): SessionListCacheEntry | null {
-	if (typeof window === 'undefined') return null;
-	try {
-		const raw = localStorage.getItem(listCacheKey);
-		if (!raw) return null;
-		const parsed = JSON.parse(raw) as SessionListCacheEntry;
-		if (!parsed || parsed.query !== fingerprint) return null;
-		if (Date.now() - parsed.created_at > listCacheTtlMs) return null;
-		if (!Array.isArray(parsed.sessions)) return null;
-		return parsed;
-	} catch {
-		return null;
-	}
-}
-
-function writeListCache(entry: SessionListCacheEntry) {
-	if (typeof window === 'undefined') return;
-	try {
-		localStorage.setItem(listCacheKey, JSON.stringify(entry));
-	} catch {
-		// Ignore storage quota/private mode errors.
-	}
-}
-
-function clearListCache() {
-	if (typeof window === 'undefined') return;
-	try {
-		localStorage.removeItem(listCacheKey);
-	} catch {
-		// Ignore storage failures.
-	}
-}
-
-async function fetchSessions(reset = false, opts: { force?: boolean } = {}) {
-	const forceRefresh = opts.force === true;
-	const requestId = ++fetchRequestId;
-	const targetPage = reset ? 1 : currentPage;
-	const preserveVisibleSessions = reset && forceRefresh && sessions.length > 0;
-	forceRefreshing = forceRefresh;
-
-	let usedWarmCache = false;
-	const fingerprint = currentListQueryFingerprint(targetPage);
-	if (reset && !forceRefresh && lastResetFingerprint === fingerprint && sessions.length > 0) {
-		return;
-	}
-	if (reset) {
-		currentPage = targetPage;
-		if (!preserveVisibleSessions) {
-			sessions = [];
-			selectedIndex = 0;
-			renderLimit = perPage;
-		}
-	}
-	if (reset && !forceRefresh && isDefaultPublicFeedQuery(targetPage)) {
-		const cached = readListCache(fingerprint);
-		if (cached) {
-			sessions = cached.sessions;
-			total = cached.total;
-			renderLimit = Math.max(perPage, Math.min(cached.sessions.length, perPage));
-			mergeKnownRepos(cached.sessions);
-			usedWarmCache = true;
-		}
-	}
-
-	loading = !usedWarmCache && !preserveVisibleSessions;
-	error = null;
-	try {
-		const res = await listSessions({
-			search: searchQuery || undefined,
-			tool: toolFilter || undefined,
-			git_repo_name: repoFilter || undefined,
-			time_range: timeRange !== 'all' ? timeRange : undefined,
-			page: targetPage,
-			per_page: perPage,
-			force_refresh: forceRefresh,
-		});
-		if (requestId !== fetchRequestId) return;
-		if (reset) {
-			sessions = res.sessions;
-			renderLimit = Math.max(perPage, Math.min(res.sessions.length, perPage));
-			lastResetFingerprint = fingerprint;
-		} else {
-			sessions = [...sessions, ...res.sessions];
-		}
-		total = res.total;
-		mergeKnownRepos(res.sessions);
-		if (reset && isDefaultPublicFeedQuery(targetPage)) {
-			writeListCache({
-				query: fingerprint,
-				created_at: Date.now(),
-				total: res.total,
-				sessions: res.sessions,
-			});
-		}
-	} catch (e) {
-		if (requestId !== fetchRequestId) return;
-		error = e instanceof Error ? e.message : 'Failed to load sessions';
-	} finally {
-		if (requestId === fetchRequestId) {
-			loading = false;
-		}
-		if (forceRefresh) {
-			forceRefreshing = false;
-		}
-	}
-}
-
-async function fetchKnownRepos() {
-	try {
-		const response = await listSessionRepos();
-		knownRepos = [...response.repos].sort((a, b) => a.localeCompare(b));
-	} catch {
-		// Keep fallback behavior (derive from list payloads) when repo endpoint is unavailable.
-	}
-}
-
-function handleSearch() {
-	fetchSessions(true);
-}
-
-function forceRefreshSessions() {
-	clearListCache();
-	void fetchKnownRepos();
-	fetchSessions(true, { force: true });
-}
-
-function loadMore() {
-	currentPage += 1;
-	fetchSessions(false);
-}
-
-function renderMore() {
-	renderLimit = Math.min(renderLimit + perPage, sessions.length);
-}
-
 const tools = [
 	{ value: '', label: 'All Tools' },
 	...Object.values(TOOL_CONFIGS).map((t) => ({ value: t.name, label: t.label })),
 ];
 const validTimeRanges = new Set<TimeRange>(['all', '24h', '7d', '30d']);
+const sessionListModel = createSessionListModel(
+	{
+		get sessions() {
+			return sessions;
+		},
+		set sessions(value) {
+			sessions = value;
+		},
+		get total() {
+			return total;
+		},
+		set total(value) {
+			total = value;
+		},
+		get loading() {
+			return loading;
+		},
+		set loading(value) {
+			loading = value;
+		},
+		get forceRefreshing() {
+			return forceRefreshing;
+		},
+		set forceRefreshing(value) {
+			forceRefreshing = value;
+		},
+		get error() {
+			return error;
+		},
+		set error(value) {
+			error = value;
+		},
+		get searchQuery() {
+			return searchQuery;
+		},
+		set searchQuery(value) {
+			searchQuery = value;
+		},
+		get toolFilter() {
+			return toolFilter;
+		},
+		set toolFilter(value) {
+			toolFilter = value;
+		},
+		get repoFilter() {
+			return repoFilter;
+		},
+		set repoFilter(value) {
+			repoFilter = value;
+		},
+		get repoInput() {
+			return repoInput;
+		},
+		set repoInput(value) {
+			repoInput = value;
+		},
+		get timeRange() {
+			return timeRange;
+		},
+		set timeRange(value) {
+			timeRange = value;
+		},
+		get currentPage() {
+			return currentPage;
+		},
+		set currentPage(value) {
+			currentPage = value;
+		},
+		get selectedIndex() {
+			return selectedIndex;
+		},
+		set selectedIndex(value) {
+			selectedIndex = value;
+		},
+		get renderLimit() {
+			return renderLimit;
+		},
+		set renderLimit(value) {
+			renderLimit = value;
+		},
+		get knownRepos() {
+			return knownRepos;
+		},
+		set knownRepos(value) {
+			knownRepos = value;
+		},
+		get hydratedFromQuery() {
+			return hydratedFromQuery;
+		},
+		set hydratedFromQuery(value) {
+			hydratedFromQuery = value;
+		},
+		get lastResetFingerprint() {
+			return lastResetFingerprint;
+		},
+		set lastResetFingerprint(value) {
+			lastResetFingerprint = value;
+		},
+	},
+	{
+		listSessions,
+		listSessionRepos,
+		cache: createBrowserSessionListCache(),
+		getLocationSearch: () => (typeof window === 'undefined' ? '' : window.location.search),
+		validToolValues: tools.map((tool) => tool.value),
+		validTimeRanges,
+		perPage,
+	},
+);
 
-function hydrateFiltersFromQuery() {
-	if (typeof window === 'undefined') return;
-	const params = new URLSearchParams(window.location.search);
-
-	const repoFromQuery = params.get('git_repo_name')?.trim();
-	if (repoFromQuery) {
-		repoFilter = repoFromQuery;
-		repoInput = repoFromQuery;
-	}
-
-	const searchFromQuery = params.get('search')?.trim();
-	if (searchFromQuery) {
-		searchQuery = searchFromQuery;
-	}
-
-	const toolFromQuery = params.get('tool')?.trim();
-	if (toolFromQuery && tools.some((entry) => entry.value === toolFromQuery)) {
-		toolFilter = toolFromQuery;
-	}
+function handleSearch() {
+	void sessionListModel.handleSearch();
+}
 
-	const rangeFromQuery = params.get('time_range')?.trim() as TimeRange | undefined;
-	if (rangeFromQuery && validTimeRanges.has(rangeFromQuery)) {
-		timeRange = rangeFromQuery;
-	}
+function forceRefreshSessions() {
+	void sessionListModel.forceRefreshSessions();
 }
 
-function extractRepos(items: SessionSummary[]): string[] {
-	const values = new Set<string>();
-	for (const session of items) {
-		const repo = session.git_repo_name?.trim();
-		if (repo) values.add(repo);
-	}
-	return [...values];
+function loadMore() {
+	void sessionListModel.loadMore();
 }
 
-function mergeKnownRepos(items: SessionSummary[]) {
-	const merged = new Set(knownRepos);
-	for (const repo of extractRepos(items)) {
-		merged.add(repo);
-	}
-	knownRepos = [...merged].sort((a, b) => a.localeCompare(b));
+function renderMore() {
+	sessionListModel.renderMore();
 }
 
 function applyRepoFilter(nextValue: string) {
-	const normalized = nextValue.trim();
-	repoFilter = normalized;
-	repoInput = normalized;
-	fetchSessions(true);
+	void sessionListModel.applyRepoFilter(nextValue);
 }
 
 function clearRepoFilter() {
-	applyRepoFilter('');
+	void sessionListModel.clearRepoFilter();
 }
 
 function cycleFilterValue<T extends string>(current: T, options: readonly T[]): T {
@@ -407,12 +324,7 @@ async function copySelectedSessionTitle() {
 }
 
 onMount(() => {
-	if (!hydratedFromQuery) {
-		hydrateFiltersFromQuery();
-		hydratedFromQuery = true;
-	}
-	void fetchKnownRepos();
-	void fetchSessions(true);
+	void sessionListModel.loadInitial();
 });
 
 $effect(() => {
@@ -466,11 +378,11 @@ function handleKeydown(e: KeyboardEvent) {
 		e.preventDefault();
 		const toolValues = tools.map((t) => t.value);
 		toolFilter = cycleFilterValue(toolFilter, toolValues);
-		fetchSessions(true);
+		void sessionListModel.fetchSessions(true);
 	} else if (e.key === 'r') {
 		e.preventDefault();
 		timeRange = cycleFilterValue(timeRange, rangeCycle);
-		fetchSessions(true);
+		void sessionListModel.fetchSessions(true);
 	} else if (e.key === 'R') {
 		e.preventDefault();
 		forceRefreshSessions();
@@ -503,7 +415,7 @@ function handleSearchInputKeydown(e: KeyboardEvent) {
 		e.preventDefault();
 		if (searchQuery.trim().length > 0) {
 			searchQuery = '';
-			handleSearch();
+			void sessionListModel.handleSearch();
 			return;
 		}
 		searchInput?.blur();
@@ -556,7 +468,7 @@ $effect(() => {
 				<button
 					role="tab"
 					aria-selected={timeRange === tab.value}
-					onclick={() => { timeRange = tab.value; fetchSessions(true); }}
+					onclick={() => { timeRange = tab.value; void sessionListModel.fetchSessions(true); }}
 					class="px-2 py-0.5 text-xs transition-colors
 						{timeRange === tab.value
 						? 'bg-accent text-white'
@@ -582,7 +494,7 @@ $effect(() => {
 
 		<select
 			bind:value={toolFilter}
-			onchange={() => fetchSessions(true)}
+			onchange={() => void sessionListModel.fetchSessions(true)}
 			class="w-full border border-border bg-bg-secondary px-2 py-0.5 text-xs text-text-secondary outline-none focus:border-accent sm:w-auto"
 		>
 			{#each tools as t}
diff --git a/packages/ui/src/index.ts b/packages/ui/src/index.ts
index b8b88e53..5eb3341f 100644
--- a/packages/ui/src/index.ts
+++ b/packages/ui/src/index.ts
@@ -55,6 +55,12 @@ export {
 } from './event-helpers';
 // HAIL parser helpers
 export { parseHailInput, parseHailJsonl } from './hail-parse';
+export {
+	buildStateUrl as buildSourceStateUrl,
+	buildRouteBase as buildSourceRouteBase,
+	parseSourceRoute,
+	type SourceRouteState,
+} from './source-route';
 // Highlight & Markdown utilities
 export { highlightCode } from './highlight';
 export { isLongContent, lineCount, renderMarkdown } from './markdown';
@@ -101,3 +107,9 @@ export { formatDuration, formatTimestamp, getToolConfig, TOOL_CONFIGS } from './
 // Shared utilities
 export type { FileStats } from './utils';
 export { computeFileStats, formatFullDate, getDisplayTitle, stripTags } from './utils';
+export {
+	createSourcePreviewModel,
+	createSourcePreviewModelState,
+	type SourcePreviewLocation,
+	type SourcePreviewModelState,
+} from './models/source-preview-model';
diff --git a/packages/ui/src/models/session-detail-model.test.ts b/packages/ui/src/models/session-detail-model.test.ts
new file mode 100644
index 00000000..a7c2b9b6
--- /dev/null
+++ b/packages/ui/src/models/session-detail-model.test.ts
@@ -0,0 +1,116 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { ApiError } from '../api-internal/errors.ts';
+import {
+	askSessionChangesSurface,
+	loadSessionDetailState,
+} from './session-detail-model.ts';
+
+test('session detail loader treats desktop 501 runtime settings as unsupported, not fatal', async () => {
+	const result = await loadSessionDetailState(
+		{
+			getSession: async () => ({
+				version: 'hail-1.0.0',
+				session_id: 'session-1',
+				agent: { provider: 'openai', model: 'gpt-5', tool: 'codex' },
+				context: { tags: [], created_at: '2026-03-05T00:00:00Z', updated_at: '2026-03-05T00:00:00Z' },
+				events: [],
+				stats: {
+					event_count: 0,
+					message_count: 0,
+					tool_call_count: 0,
+					task_count: 0,
+					duration_seconds: 0,
+					total_input_tokens: 0,
+					total_output_tokens: 0,
+					user_message_count: 0,
+					files_changed: 0,
+					lines_added: 0,
+					lines_removed: 0,
+				},
+			}),
+			getSessionDetail: async () => ({
+				id: 'session-1',
+				user_id: null,
+				nickname: null,
+				tool: 'codex',
+				agent_provider: null,
+				agent_model: null,
+				title: null,
+				description: null,
+				tags: null,
+				created_at: '2026-03-05T00:00:00Z',
+				uploaded_at: '2026-03-05T00:00:00Z',
+				message_count: 0,
+				task_count: 0,
+				event_count: 0,
+				duration_seconds: 0,
+				total_input_tokens: 0,
+				total_output_tokens: 0,
+				has_errors: false,
+				max_active_agents: 0,
+				session_score: 0,
+				score_plugin: 'default',
+				linked_sessions: [],
+			}),
+			getSessionSemanticSummary: async () => ({
+				session_id: 'session-1',
+				summary: {},
+				source_kind: 'session_only',
+				generation_kind: 'heuristic_fallback',
+				error: null,
+				diff_tree: [],
+			}),
+			getRuntimeSettings: async () => {
+				throw new ApiError(501, '{"code":"desktop_http_api_unavailable","message":"unsupported"}');
+			},
+			regenerateSessionSemanticSummary: async () => {
+				throw new Error('unused');
+			},
+			readSessionChanges: async () => {
+				throw new Error('unused');
+			},
+			askSessionChanges: async () => {
+				throw new Error('unused');
+			},
+		},
+		'session-1',
+	);
+
+	assert.equal(result.error, null);
+	assert.equal(result.changeReaderSupported, false);
+	assert.equal(result.changeReaderRuntimeError, null);
+});
+
+test('session detail ask surface rejects empty question before transport call', async () => {
+	const result = await askSessionChangesSurface(
+		{
+			getSession: async () => {
+				throw new Error('unused');
+			},
+			getSessionDetail: async () => {
+				throw new Error('unused');
+			},
+			getSessionSemanticSummary: async () => {
+				throw new Error('unused');
+			},
+			getRuntimeSettings: async () => {
+				throw new Error('unused');
+			},
+			regenerateSessionSemanticSummary: async () => {
+				throw new Error('unused');
+			},
+			readSessionChanges: async () => {
+				throw new Error('unused');
+			},
+			askSessionChanges: async () => {
+				throw new Error('transport should not run');
+			},
+		},
+		'session-1',
+		'   ',
+		'summary_only',
+	);
+
+	assert.equal(result.error, 'Ask a question first.');
+});
diff --git a/packages/ui/src/models/session-detail-model.ts b/packages/ui/src/models/session-detail-model.ts
new file mode 100644
index 00000000..b9624e04
--- /dev/null
+++ b/packages/ui/src/models/session-detail-model.ts
@@ -0,0 +1,202 @@
+import { ApiError } from '../api-internal/errors';
+import type {
+	DesktopChangeQuestionResponse,
+	DesktopChangeReaderScope,
+	DesktopChangeReadResponse,
+	DesktopSessionSummaryResponse,
+	DesktopRuntimeSettingsResponse,
+	Session,
+	SessionDetail,
+} from '../types';
+
+export interface SessionDetailLoadResult {
+	session: Session | null;
+	detail: SessionDetail | null;
+	error: string | null;
+	errorCode: string | null;
+	semanticSummary: DesktopSessionSummaryResponse | null;
+	summaryError: string | null;
+	changeReaderSupported: boolean;
+	changeReaderEnabled: boolean;
+	changeReaderQaEnabled: boolean;
+	changeReaderScope: DesktopChangeReaderScope;
+	changeReaderVoiceEnabled: boolean;
+	changeReaderVoiceConfigured: boolean;
+	changeReaderRuntimeError: string | null;
+}
+
+export interface SessionDetailModelDeps {
+	getSession: (id: string) => Promise<Session>;
+	getSessionDetail: (id: string) => Promise<SessionDetail>;
+	getSessionSemanticSummary: (id: string) => Promise<DesktopSessionSummaryResponse>;
+	getRuntimeSettings: () => Promise<DesktopRuntimeSettingsResponse>;
+	regenerateSessionSemanticSummary: (id: string) => Promise<DesktopSessionSummaryResponse>;
+	readSessionChanges: (
+		id: string,
+		scope?: DesktopChangeReaderScope | null,
+	) => Promise<DesktopChangeReadResponse>;
+	askSessionChanges: (
+		id: string,
+		question: string,
+		scope?: DesktopChangeReaderScope | null,
+	) => Promise<DesktopChangeQuestionResponse>;
+}
+
+export async function loadSessionDetailState(
+	deps: SessionDetailModelDeps,
+	sessionId: string,
+): Promise<SessionDetailLoadResult> {
+	const [sessionResult, summaryResult, runtimeResult] = await Promise.allSettled([
+		Promise.all([deps.getSession(sessionId), deps.getSessionDetail(sessionId)]),
+		deps.getSessionSemanticSummary(sessionId),
+		deps.getRuntimeSettings(),
+	]);
+
+	let session: Session | null = null;
+	let detail: SessionDetail | null = null;
+	let error: string | null = null;
+	let errorCode: string | null = null;
+	if (sessionResult.status === 'fulfilled') {
+		[session, detail] = sessionResult.value;
+	} else {
+		error =
+			sessionResult.reason instanceof Error
+				? sessionResult.reason.message
+				: 'Failed to load session';
+		errorCode = sessionResult.reason instanceof ApiError ? sessionResult.reason.code : null;
+	}
+
+	let semanticSummary: DesktopSessionSummaryResponse | null = null;
+	let summaryError: string | null = null;
+	if (summaryResult.status === 'fulfilled') {
+		semanticSummary = summaryResult.value;
+	} else {
+		summaryError =
+			summaryResult.reason instanceof Error
+				? summaryResult.reason.message
+				: 'Failed to load semantic summary';
+	}
+
+	let changeReaderSupported = false;
+	let changeReaderEnabled = false;
+	let changeReaderQaEnabled = false;
+	let changeReaderScope: DesktopChangeReaderScope = 'summary_only';
+	let changeReaderVoiceEnabled = false;
+	let changeReaderVoiceConfigured = false;
+	let changeReaderRuntimeError: string | null = null;
+	if (runtimeResult.status === 'fulfilled') {
+		const runtime = runtimeResult.value;
+		changeReaderSupported = true;
+		changeReaderEnabled = runtime.change_reader?.enabled ?? false;
+		changeReaderQaEnabled = runtime.change_reader?.qa_enabled ?? false;
+		changeReaderScope = runtime.change_reader?.scope ?? 'summary_only';
+		changeReaderVoiceEnabled = runtime.change_reader?.voice?.enabled ?? false;
+		changeReaderVoiceConfigured = runtime.change_reader?.voice?.api_key_configured ?? false;
+	} else {
+		changeReaderRuntimeError =
+			runtimeResult.reason instanceof ApiError && runtimeResult.reason.status === 501
+				? null
+				: runtimeResult.reason instanceof Error
+					? runtimeResult.reason.message
+					: 'Failed to load change reader settings';
+	}
+
+	return {
+		session,
+		detail,
+		error,
+		errorCode,
+		semanticSummary,
+		summaryError,
+		changeReaderSupported,
+		changeReaderEnabled,
+		changeReaderQaEnabled,
+		changeReaderScope,
+		changeReaderVoiceEnabled,
+		changeReaderVoiceConfigured,
+		changeReaderRuntimeError,
+	};
+}
+
+export async function regenerateSessionSummary(
+	deps: SessionDetailModelDeps,
+	sessionId: string,
+): Promise<{ semanticSummary: DesktopSessionSummaryResponse | null; summaryError: string | null }> {
+	try {
+		return {
+			semanticSummary: await deps.regenerateSessionSemanticSummary(sessionId),
+			summaryError: null,
+		};
+	} catch (error) {
+		return {
+			semanticSummary: null,
+			summaryError: error instanceof Error ? error.message : 'Failed to regenerate summary',
+		};
+	}
+}
+
+export async function readSessionChangesSurface(
+	deps: SessionDetailModelDeps,
+	sessionId: string,
+	scope: DesktopChangeReaderScope,
+): Promise<{
+	narrative: string | null;
+	citations: string[];
+	warning: string | null;
+	error: string | null;
+}> {
+	try {
+		const payload = await deps.readSessionChanges(sessionId, scope);
+		return {
+			narrative: payload.narrative ?? null,
+			citations: payload.citations ?? [],
+			warning: payload.warning ?? null,
+			error: null,
+		};
+	} catch (error) {
+		return {
+			narrative: null,
+			citations: [],
+			warning: null,
+			error: error instanceof Error ? error.message : 'Failed to read session changes',
+		};
+	}
+}
+
+export async function askSessionChangesSurface(
+	deps: SessionDetailModelDeps,
+	sessionId: string,
+	question: string,
+	scope: DesktopChangeReaderScope,
+): Promise<{
+	answer: string | null;
+	citations: string[];
+	warning: string | null;
+	error: string | null;
+}> {
+	const normalizedQuestion = question.trim();
+	if (!normalizedQuestion) {
+		return {
+			answer: null,
+			citations: [],
+			warning: null,
+			error: 'Ask a question first.',
+		};
+	}
+	try {
+		const payload = await deps.askSessionChanges(sessionId, normalizedQuestion, scope);
+		return {
+			answer: payload.answer ?? null,
+			citations: payload.citations ?? [],
+			warning: payload.warning ?? null,
+			error: null,
+		};
+	} catch (error) {
+		return {
+			answer: null,
+			citations: [],
+			warning: null,
+			error: error instanceof Error ? error.message : 'Failed to answer question',
+		};
+	}
+}
diff --git a/packages/ui/src/models/session-list-model.test.ts b/packages/ui/src/models/session-list-model.test.ts
new file mode 100644
index 00000000..64777f9e
--- /dev/null
+++ b/packages/ui/src/models/session-list-model.test.ts
@@ -0,0 +1,165 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+	createSessionListModel,
+	createSessionListModelState,
+	type SessionListCachePort,
+} from './session-list-model.ts';
+
+function createMemoryCache(initial: Record<string, unknown> = {}): SessionListCachePort {
+	const storage = new Map(Object.entries(initial));
+	return {
+		read(key) {
+			return (storage.get(key) as any) ?? null;
+		},
+		write(entry) {
+			storage.set(entry.query, entry);
+		},
+		clear() {
+			storage.clear();
+		},
+	};
+}
+
+test('session list model hydrates query state on first load', async () => {
+	const state = createSessionListModelState();
+	const model = createSessionListModel(state, {
+		listSessions: async () => ({
+			total: 1,
+			page: 1,
+			per_page: 20,
+			sessions: [
+				{
+					id: 'session-1',
+					user_id: null,
+					nickname: null,
+					tool: 'codex',
+					agent_provider: null,
+					agent_model: null,
+					title: null,
+					description: null,
+					tags: null,
+					created_at: '2026-03-05T00:00:00Z',
+					uploaded_at: '2026-03-05T00:00:00Z',
+					message_count: 0,
+					task_count: 0,
+					event_count: 0,
+					duration_seconds: 0,
+					total_input_tokens: 0,
+					total_output_tokens: 0,
+					git_repo_name: 'acme/api',
+					has_errors: false,
+					max_active_agents: 0,
+					session_score: 0,
+					score_plugin: 'default',
+				},
+			],
+		}),
+		listSessionRepos: async () => ({ repos: ['acme/web', 'acme/api'] }),
+		cache: createMemoryCache(),
+		getLocationSearch: () => '?search=fix&tool=codex&git_repo_name=acme/api&time_range=7d',
+		validToolValues: ['', 'codex'],
+		validTimeRanges: new Set(['all', '24h', '7d', '30d']),
+	});
+
+	await model.loadInitial();
+
+	assert.equal(state.searchQuery, 'fix');
+	assert.equal(state.toolFilter, 'codex');
+	assert.equal(state.repoFilter, 'acme/api');
+	assert.equal(state.timeRange, '7d');
+	assert.equal(state.sessions.length, 1);
+	assert.deepEqual(state.knownRepos, ['acme/api', 'acme/web']);
+});
+
+test('session list model keeps the newest reset request result', async () => {
+	let resolveFirst: ((value: any) => void) | null = null;
+	const first = new Promise((resolve) => {
+		resolveFirst = resolve;
+	});
+
+	let callCount = 0;
+	const state = createSessionListModelState();
+	const model = createSessionListModel(state, {
+		listSessions: async (params) => {
+			callCount += 1;
+			if (callCount === 1) {
+				return first as any;
+			}
+			return {
+				total: 1,
+				page: params?.page ?? 1,
+				per_page: params?.per_page ?? 20,
+				sessions: [
+					{
+						id: 'newest',
+						user_id: null,
+						nickname: null,
+						tool: 'codex',
+						agent_provider: null,
+						agent_model: null,
+						title: null,
+						description: null,
+						tags: null,
+						created_at: '2026-03-05T00:00:00Z',
+						uploaded_at: '2026-03-05T00:00:00Z',
+						message_count: 0,
+						task_count: 0,
+						event_count: 0,
+						duration_seconds: 0,
+						total_input_tokens: 0,
+						total_output_tokens: 0,
+						git_repo_name: null,
+						has_errors: false,
+						max_active_agents: 0,
+						session_score: 0,
+						score_plugin: 'default',
+					},
+				],
+			};
+		},
+		listSessionRepos: async () => ({ repos: [] }),
+		cache: createMemoryCache(),
+		getLocationSearch: () => '',
+		validToolValues: ['', 'codex'],
+		validTimeRanges: new Set(['all', '24h', '7d', '30d']),
+	});
+
+	void model.fetchSessions(true);
+	state.searchQuery = 'retry';
+	await model.fetchSessions(true);
+	resolveFirst?.({
+		total: 1,
+		page: 1,
+		per_page: 20,
+		sessions: [
+			{
+				id: 'stale',
+				user_id: null,
+				nickname: null,
+				tool: 'codex',
+				agent_provider: null,
+				agent_model: null,
+				title: null,
+				description: null,
+				tags: null,
+				created_at: '2026-03-05T00:00:00Z',
+				uploaded_at: '2026-03-05T00:00:00Z',
+				message_count: 0,
+				task_count: 0,
+				event_count: 0,
+				duration_seconds: 0,
+				total_input_tokens: 0,
+				total_output_tokens: 0,
+				git_repo_name: null,
+				has_errors: false,
+				max_active_agents: 0,
+				session_score: 0,
+				score_plugin: 'default',
+			},
+		],
+	});
+	await first;
+
+	assert.equal(state.sessions[0]?.id, 'newest');
+});
diff --git a/packages/ui/src/models/session-list-model.ts b/packages/ui/src/models/session-list-model.ts
new file mode 100644
index 00000000..57c7b3d1
--- /dev/null
+++ b/packages/ui/src/models/session-list-model.ts
@@ -0,0 +1,322 @@
+import type { SessionSummary, SessionRepoListResponse, SessionListResponse, TimeRange } from '../types';
+
+export type SessionListCacheEntry = {
+	query: string;
+	created_at: number;
+	total: number;
+	sessions: SessionSummary[];
+};
+
+export interface SessionListCachePort {
+	read: (fingerprint: string) => SessionListCacheEntry | null;
+	write: (entry: SessionListCacheEntry) => void;
+	clear: () => void;
+}
+
+export interface SessionListModelState {
+	sessions: SessionSummary[];
+	total: number;
+	loading: boolean;
+	forceRefreshing: boolean;
+	error: string | null;
+	searchQuery: string;
+	toolFilter: string;
+	repoFilter: string;
+	repoInput: string;
+	timeRange: TimeRange;
+	currentPage: number;
+	selectedIndex: number;
+	renderLimit: number;
+	knownRepos: string[];
+	hydratedFromQuery: boolean;
+	lastResetFingerprint: string | null;
+}
+
+export interface SessionListModelDeps {
+	listSessions: (params?: {
+		search?: string;
+		tool?: string;
+		git_repo_name?: string;
+		time_range?: string;
+		page?: number;
+		per_page?: number;
+		force_refresh?: boolean;
+	}) => Promise<SessionListResponse>;
+	listSessionRepos: () => Promise<SessionRepoListResponse>;
+	cache: SessionListCachePort;
+	getLocationSearch: () => string;
+	validToolValues: string[];
+	validTimeRanges: ReadonlySet<TimeRange>;
+	perPage?: number;
+}
+
+const DEFAULT_PER_PAGE = 20;
+
+export function createSessionListModelState(): SessionListModelState {
+	return {
+		sessions: [],
+		total: 0,
+		loading: false,
+		forceRefreshing: false,
+		error: null,
+		searchQuery: '',
+		toolFilter: '',
+		repoFilter: '',
+		repoInput: '',
+		timeRange: 'all',
+		currentPage: 1,
+		selectedIndex: 0,
+		renderLimit: DEFAULT_PER_PAGE,
+		knownRepos: [],
+		hydratedFromQuery: false,
+		lastResetFingerprint: null,
+	};
+}
+
+export function createBrowserSessionListCache(
+	key = 'opensession_public_list_cache_v1',
+	ttlMs = 30_000,
+): SessionListCachePort {
+	return {
+		read(fingerprint) {
+			if (typeof localStorage === 'undefined') return null;
+			try {
+				const raw = localStorage.getItem(key);
+				if (!raw) return null;
+				const parsed = JSON.parse(raw) as SessionListCacheEntry;
+				if (!parsed || parsed.query !== fingerprint) return null;
+				if (Date.now() - parsed.created_at > ttlMs) return null;
+				if (!Array.isArray(parsed.sessions)) return null;
+				return parsed;
+			} catch {
+				return null;
+			}
+		},
+		write(entry) {
+			if (typeof localStorage === 'undefined') return;
+			try {
+				localStorage.setItem(key, JSON.stringify(entry));
+			} catch {
+				// Ignore storage errors.
+			}
+		},
+		clear() {
+			if (typeof localStorage === 'undefined') return;
+			try {
+				localStorage.removeItem(key);
+			} catch {
+				// Ignore storage errors.
+			}
+		},
+	};
+}
+
+function extractRepos(items: SessionSummary[]): string[] {
+	const values = new Set<string>();
+	for (const session of items) {
+		const repo = session.git_repo_name?.trim();
+		if (repo) values.add(repo);
+	}
+	return [...values];
+}
+
+function mergeKnownRepos(state: SessionListModelState, items: SessionSummary[]) {
+	const merged = new Set(state.knownRepos);
+	for (const repo of extractRepos(items)) {
+		merged.add(repo);
+	}
+	state.knownRepos = [...merged].sort((a, b) => a.localeCompare(b));
+}
+
+export function createSessionListModel(
+	state: SessionListModelState,
+	deps: SessionListModelDeps,
+) {
+	const perPage = deps.perPage ?? DEFAULT_PER_PAGE;
+	let fetchRequestId = 0;
+
+	function currentListQueryFingerprint(page: number): string {
+		return JSON.stringify({
+			search: state.searchQuery || '',
+			tool: state.toolFilter || '',
+			git_repo_name: state.repoFilter,
+			time_range: state.timeRange,
+			page,
+			per_page: perPage,
+		});
+	}
+
+	function isDefaultPublicFeedQuery(page: number): boolean {
+		return (
+			page === 1 &&
+			state.searchQuery.trim().length === 0 &&
+			state.toolFilter.length === 0 &&
+			state.repoFilter.length === 0 &&
+			state.timeRange === 'all'
+		);
+	}
+
+	function hydrateFiltersFromQuery() {
+		const params = new URLSearchParams(deps.getLocationSearch());
+
+		const repoFromQuery = params.get('git_repo_name')?.trim();
+		if (repoFromQuery) {
+			state.repoFilter = repoFromQuery;
+			state.repoInput = repoFromQuery;
+		}
+
+		const searchFromQuery = params.get('search')?.trim();
+		if (searchFromQuery) {
+			state.searchQuery = searchFromQuery;
+		}
+
+		const toolFromQuery = params.get('tool')?.trim();
+		if (toolFromQuery && deps.validToolValues.includes(toolFromQuery)) {
+			state.toolFilter = toolFromQuery;
+		}
+
+		const rangeFromQuery = params.get('time_range')?.trim() as TimeRange | undefined;
+		if (rangeFromQuery && deps.validTimeRanges.has(rangeFromQuery)) {
+			state.timeRange = rangeFromQuery;
+		}
+	}
+
+	async function fetchSessions(reset = false, opts: { force?: boolean } = {}) {
+		const forceRefresh = opts.force === true;
+		const requestId = ++fetchRequestId;
+		const targetPage = reset ? 1 : state.currentPage;
+		const preserveVisibleSessions = reset && forceRefresh && state.sessions.length > 0;
+		state.forceRefreshing = forceRefresh;
+
+		let usedWarmCache = false;
+		const fingerprint = currentListQueryFingerprint(targetPage);
+		if (
+			reset &&
+			!forceRefresh &&
+			state.lastResetFingerprint === fingerprint &&
+			state.sessions.length > 0
+		) {
+			return;
+		}
+		if (reset) {
+			state.currentPage = targetPage;
+			if (!preserveVisibleSessions) {
+				state.sessions = [];
+				state.selectedIndex = 0;
+				state.renderLimit = perPage;
+			}
+		}
+		if (reset && !forceRefresh && isDefaultPublicFeedQuery(targetPage)) {
+			const cached = deps.cache.read(fingerprint);
+			if (cached) {
+				state.sessions = cached.sessions;
+				state.total = cached.total;
+				state.renderLimit = Math.max(perPage, Math.min(cached.sessions.length, perPage));
+				mergeKnownRepos(state, cached.sessions);
+				usedWarmCache = true;
+			}
+		}
+
+		state.loading = !usedWarmCache && !preserveVisibleSessions;
+		state.error = null;
+		try {
+			const response = await deps.listSessions({
+				search: state.searchQuery || undefined,
+				tool: state.toolFilter || undefined,
+				git_repo_name: state.repoFilter || undefined,
+				time_range: state.timeRange !== 'all' ? state.timeRange : undefined,
+				page: targetPage,
+				per_page: perPage,
+				force_refresh: forceRefresh,
+			});
+			if (requestId !== fetchRequestId) return;
+			if (reset) {
+				state.sessions = response.sessions;
+				state.renderLimit = Math.max(perPage, Math.min(response.sessions.length, perPage));
+				state.lastResetFingerprint = fingerprint;
+			} else {
+				state.sessions = [...state.sessions, ...response.sessions];
+			}
+			state.total = response.total;
+			mergeKnownRepos(state, response.sessions);
+			if (reset && isDefaultPublicFeedQuery(targetPage)) {
+				deps.cache.write({
+					query: fingerprint,
+					created_at: Date.now(),
+					total: response.total,
+					sessions: response.sessions,
+				});
+			}
+		} catch (error) {
+			if (requestId !== fetchRequestId) return;
+			state.error = error instanceof Error ? error.message : 'Failed to load sessions';
+		} finally {
+			if (requestId === fetchRequestId) {
+				state.loading = false;
+			}
+			if (forceRefresh) {
+				state.forceRefreshing = false;
+			}
+		}
+	}
+
+	async function fetchKnownRepos() {
+		try {
+			const response = await deps.listSessionRepos();
+			state.knownRepos = [...response.repos].sort((a, b) => a.localeCompare(b));
+		} catch {
+			// Keep fallback behavior.
+		}
+	}
+
+	async function loadInitial() {
+		if (!state.hydratedFromQuery) {
+			hydrateFiltersFromQuery();
+			state.hydratedFromQuery = true;
+		}
+		await fetchKnownRepos();
+		await fetchSessions(true);
+	}
+
+	function handleSearch() {
+		return fetchSessions(true);
+	}
+
+	function forceRefreshSessions() {
+		deps.cache.clear();
+		void fetchKnownRepos();
+		return fetchSessions(true, { force: true });
+	}
+
+	function loadMore() {
+		state.currentPage += 1;
+		return fetchSessions(false);
+	}
+
+	function renderMore() {
+		state.renderLimit = Math.min(state.renderLimit + perPage, state.sessions.length);
+	}
+
+	function applyRepoFilter(nextValue: string) {
+		const normalized = nextValue.trim();
+		state.repoFilter = normalized;
+		state.repoInput = normalized;
+		return fetchSessions(true);
+	}
+
+	function clearRepoFilter() {
+		return applyRepoFilter('');
+	}
+
+	return {
+		loadInitial,
+		fetchSessions,
+		fetchKnownRepos,
+		handleSearch,
+		forceRefreshSessions,
+		loadMore,
+		renderMore,
+		applyRepoFilter,
+		clearRepoFilter,
+	};
+}
diff --git a/packages/ui/src/models/source-preview-model.test.ts b/packages/ui/src/models/source-preview-model.test.ts
new file mode 100644
index 00000000..0c1b5fb0
--- /dev/null
+++ b/packages/ui/src/models/source-preview-model.test.ts
@@ -0,0 +1,98 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+	createSourcePreviewModel,
+	createSourcePreviewModelState,
+} from './source-preview-model.ts';
+
+test('source preview model moves to parser selection state when backend requests it', async () => {
+	const state = createSourcePreviewModelState();
+	const replaced: string[] = [];
+	const model = createSourcePreviewModel(state, {
+		getApiCapabilities: async () => ({ parse_preview_enabled: true }),
+		previewSessionFromGithubSource: async () => {
+			throw new Error('unexpected');
+		},
+		previewSessionFromGitSource: async () => {
+			throw new Error('selection');
+		},
+		getParsePreviewError: () => ({
+			code: 'parser_selection_required',
+			message: 'pick one',
+			parser_candidates: [{ id: 'codex', label: 'Codex', confidence: 0.9 }],
+		}),
+		buildUnifiedFilterKeys: () => [],
+		buildNativeFilterKeys: () => [],
+		replaceStateUrl: async (url) => {
+			replaced.push(url);
+		},
+	});
+
+	await model.loadFromLocation({
+		provider: 'git',
+		segments: 'aHR0cHM6Ly9naXRodWIuY29tL2h3aXN1L29wZW5zZXNzaW9u/ref/main/path/README.md',
+		pathname: '/src/git/x/ref/main/path/README.md',
+		search: '',
+		href: '/src/git/x/ref/main/path/README.md',
+	});
+
+	assert.equal(state.pageState, 'select_parser');
+	assert.equal(state.errorMessage, 'pick one');
+	assert.equal(state.parserCandidates.length, 1);
+	assert.deepEqual(replaced, []);
+});
+
+test('source preview model syncs parser hint into route state', async () => {
+	const state = createSourcePreviewModelState();
+	const replaced: string[] = [];
+	const model = createSourcePreviewModel(state, {
+		getApiCapabilities: async () => ({ parse_preview_enabled: true }),
+		previewSessionFromGithubSource: async () => ({
+			source: { kind: 'github', owner: 'hwisu', repo: 'opensession', ref: 'main', path: 'README.md' },
+			parser_used: 'codex',
+			warnings: [],
+			session: {
+				version: 'hail-1.0.0',
+				session_id: 'session-1',
+				agent: { provider: 'openai', model: 'gpt-5', tool: 'codex' },
+				context: { tags: [], created_at: '2026-03-05T00:00:00Z', updated_at: '2026-03-05T00:00:00Z' },
+				events: [],
+				stats: {
+					event_count: 0,
+					message_count: 0,
+					tool_call_count: 0,
+					task_count: 0,
+					duration_seconds: 0,
+					total_input_tokens: 0,
+					total_output_tokens: 0,
+					user_message_count: 0,
+					files_changed: 0,
+					lines_added: 0,
+					lines_removed: 0,
+				},
+			},
+		}),
+		previewSessionFromGitSource: async () => {
+			throw new Error('unexpected');
+		},
+		getParsePreviewError: () => null,
+		buildUnifiedFilterKeys: () => ['all'],
+		buildNativeFilterKeys: () => ['tool'],
+		replaceStateUrl: async (url) => {
+			replaced.push(url);
+		},
+	});
+
+	await model.loadFromLocation({
+		provider: 'gh',
+		segments: 'hwisu/opensession/ref/main/path/README.md',
+		pathname: '/src/gh/hwisu/opensession/ref/main/path/README.md',
+		search: '',
+		href: '/src/gh/hwisu/opensession/ref/main/path/README.md',
+	});
+	model.selectParser('codex');
+
+	assert.equal(state.pageState, 'ready');
+	assert.equal(state.preview?.parser_used, 'codex');
+	assert.match(replaced.at(-1) ?? '', /parser_hint=codex/);
+});
diff --git a/packages/ui/src/models/source-preview-model.ts b/packages/ui/src/models/source-preview-model.ts
new file mode 100644
index 00000000..2e4a1ef5
--- /dev/null
+++ b/packages/ui/src/models/source-preview-model.ts
@@ -0,0 +1,244 @@
+import type { ParseCandidate, ParsePreviewResponse, Session } from '../types';
+import type { SessionViewMode } from '../session-filters';
+import {
+	buildStateUrl,
+	parseCsvQuery,
+	parseParserHint,
+	parseSourceRoute,
+	parseViewMode,
+	type SourceRouteState,
+} from '../source-route';
+
+type PageState = 'idle' | 'loading' | 'ready' | 'select_parser' | 'error' | 'unsupported';
+
+export interface SourcePreviewLocation {
+	provider: string | undefined;
+	segments: string | undefined;
+	pathname: string;
+	search: string;
+	href: string;
+}
+
+export interface SourcePreviewModelState {
+	pageState: PageState;
+	errorMessage: string | null;
+	preview: ParsePreviewResponse | null;
+	parserCandidates: ParseCandidate[];
+	parserHint: string | null;
+	viewMode: SessionViewMode;
+	unifiedFilters: Set<string>;
+	nativeFilters: Set<string>;
+	currentRoute: SourceRouteState | null;
+	routeQueryEf: string[];
+	routeQueryNf: string[];
+	lastPreviewKey: string | null;
+}
+
+export interface SourcePreviewModelDeps {
+	getApiCapabilities: () => Promise<{ parse_preview_enabled: boolean }>;
+	previewSessionFromGithubSource: (params: {
+		owner: string;
+		repo: string;
+		ref: string;
+		path: string;
+		parser_hint?: string;
+	}) => Promise<ParsePreviewResponse>;
+	previewSessionFromGitSource: (params: {
+		remote: string;
+		ref: string;
+		path: string;
+		parser_hint?: string;
+	}) => Promise<ParsePreviewResponse>;
+	getParsePreviewError: (error: unknown) => {
+		code?: string;
+		message?: string;
+		parser_candidates?: ParseCandidate[];
+	} | null;
+	buildUnifiedFilterKeys: (session: Session) => string[];
+	buildNativeFilterKeys: (session: Session) => string[];
+	replaceStateUrl: (url: string) => Promise<void>;
+}
+
+export function createSourcePreviewModelState(): SourcePreviewModelState {
+	return {
+		pageState: 'idle',
+		errorMessage: null,
+		preview: null,
+		parserCandidates: [],
+		parserHint: null,
+		viewMode: 'unified',
+		unifiedFilters: new Set<string>(),
+		nativeFilters: new Set<string>(),
+		currentRoute: null,
+		routeQueryEf: [],
+		routeQueryNf: [],
+		lastPreviewKey: null,
+	};
+}
+
+export function createSourcePreviewModel(
+	state: SourcePreviewModelState,
+	deps: SourcePreviewModelDeps,
+) {
+	let routeVersion = 0;
+	let lastObservedHref = '';
+	let currentLocation: SourcePreviewLocation | null = null;
+
+	async function syncUrlToState() {
+		if (!state.currentRoute || !currentLocation) return;
+		const target = buildStateUrl({
+			route: state.currentRoute,
+			viewMode: state.viewMode,
+			unifiedFilters: state.unifiedFilters,
+			nativeFilters: state.nativeFilters,
+			parserHint: state.parserHint,
+		});
+		const current = `${currentLocation.pathname}${currentLocation.search}`;
+		if (target === current) return;
+		await deps.replaceStateUrl(target);
+	}
+
+	function initializeFiltersFromRoute(previewResponse: ParsePreviewResponse) {
+		const session = previewResponse.session as Session;
+		const allUnified = deps.buildUnifiedFilterKeys(session);
+		const allNative = deps.buildNativeFilterKeys(session);
+		const allUnifiedSet = new Set(allUnified);
+		const allNativeSet = new Set(allNative);
+
+		if (state.routeQueryEf.length > 0) {
+			const effective = state.routeQueryEf.filter((key) => allUnifiedSet.has(key));
+			state.unifiedFilters = new Set(effective.length > 0 ? effective : allUnified);
+		} else {
+			state.unifiedFilters = allUnifiedSet;
+		}
+
+		if (state.routeQueryNf.length > 0) {
+			const effective = state.routeQueryNf.filter((key) => allNativeSet.has(key));
+			state.nativeFilters = new Set(effective.length > 0 ? effective : allNative);
+		} else {
+			state.nativeFilters = allNativeSet;
+		}
+	}
+
+	async function loadFromLocation(location: SourcePreviewLocation) {
+		if (location.href === lastObservedHref) return;
+		lastObservedHref = location.href;
+		currentLocation = location;
+
+		const activeVersion = ++routeVersion;
+		state.pageState = 'loading';
+		state.errorMessage = null;
+
+		const { route, message } = parseSourceRoute({
+			provider: location.provider,
+			segments: location.segments,
+		});
+		if (!route) {
+			state.pageState = 'error';
+			state.errorMessage = message ?? 'Invalid source route.';
+			return;
+		}
+		state.currentRoute = route;
+
+		const searchParams = new URLSearchParams(location.search);
+		state.viewMode = parseViewMode(searchParams.get('view'));
+		state.parserHint = parseParserHint(searchParams.get('parser_hint'));
+		state.routeQueryEf = parseCsvQuery(searchParams.get('ef'));
+		state.routeQueryNf = parseCsvQuery(searchParams.get('nf'));
+
+		const routeKey = `${JSON.stringify(route)}|${state.parserHint ?? ''}`;
+		if (state.preview && state.lastPreviewKey === routeKey) {
+			initializeFiltersFromRoute(state.preview);
+			state.pageState = 'ready';
+			await syncUrlToState();
+			return;
+		}
+
+		const capabilities = await deps.getApiCapabilities();
+		if (activeVersion !== routeVersion) return;
+		if (!capabilities.parse_preview_enabled) {
+			state.pageState = 'unsupported';
+			return;
+		}
+
+		try {
+			const parsed =
+				route.provider === 'gh'
+					? await deps.previewSessionFromGithubSource({
+							owner: route.owner,
+							repo: route.repo,
+							ref: route.ref,
+							path: route.path,
+							parser_hint: state.parserHint ?? undefined,
+					  })
+					: route.provider === 'gl'
+						? await deps.previewSessionFromGitSource({
+								remote: `https://gitlab.com/${route.project}`,
+								ref: route.ref,
+								path: route.path,
+								parser_hint: state.parserHint ?? undefined,
+						  })
+						: await deps.previewSessionFromGitSource({
+								remote: route.remote,
+								ref: route.ref,
+								path: route.path,
+								parser_hint: state.parserHint ?? undefined,
+						  });
+			if (activeVersion !== routeVersion) return;
+
+			state.preview = parsed;
+			state.parserCandidates = [];
+			state.lastPreviewKey = routeKey;
+			initializeFiltersFromRoute(parsed);
+			state.pageState = 'ready';
+			await syncUrlToState();
+		} catch (error) {
+			if (activeVersion !== routeVersion) return;
+			const parseError = deps.getParsePreviewError(error);
+			if (parseError?.code === 'parser_selection_required') {
+				state.parserCandidates = parseError.parser_candidates ?? [];
+				state.errorMessage = parseError.message ?? 'Parser selection required.';
+				state.pageState = 'select_parser';
+				return;
+			}
+
+			state.pageState = 'error';
+			state.errorMessage =
+				parseError?.message ?? (error instanceof Error ? error.message : 'Failed to parse source');
+		}
+	}
+
+	function toggleUnifiedFilter(key: string) {
+		const next = new Set(state.unifiedFilters);
+		if (next.has(key)) next.delete(key);
+		else next.add(key);
+		state.unifiedFilters = next;
+		void syncUrlToState();
+	}
+
+	function toggleNativeFilter(key: string) {
+		const next = new Set(state.nativeFilters);
+		if (next.has(key)) next.delete(key);
+		else next.add(key);
+		state.nativeFilters = next;
+		void syncUrlToState();
+	}
+
+	function changeViewMode(mode: SessionViewMode) {
+		state.viewMode = mode;
+		void syncUrlToState();
+	}
+
+	function selectParser(parserId: string) {
+		state.parserHint = parserId;
+		void syncUrlToState();
+	}
+
+	return {
+		loadFromLocation,
+		toggleUnifiedFilter,
+		toggleNativeFilter,
+		changeViewMode,
+		selectParser,
+	};
+}
diff --git a/packages/ui/src/source-route.test.ts b/packages/ui/src/source-route.test.ts
new file mode 100644
index 00000000..673b5d0b
--- /dev/null
+++ b/packages/ui/src/source-route.test.ts
@@ -0,0 +1,49 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+	buildStateUrl,
+	parseParserHint,
+	parseSourceRoute,
+	parseViewMode,
+} from './source-route.ts';
+
+test('parseSourceRoute decodes git route payloads', () => {
+	const route = parseSourceRoute({
+		provider: 'git',
+		segments: 'aHR0cHM6Ly9naXRodWIuY29tL2h3aXN1L29wZW5zZXNzaW9u/ref/main/path/crates%2Fcore%2Fsrc%2Flib.rs',
+	});
+
+	assert.equal(route.route?.provider, 'git');
+	assert.equal(route.route?.remote, 'https://github.com/hwisu/opensession');
+	assert.equal(route.route?.ref, 'main');
+	assert.equal(route.route?.path, 'crates/core/src/lib.rs');
+});
+
+test('buildStateUrl preserves view/filter/parser state', () => {
+	const url = buildStateUrl({
+		route: {
+			provider: 'gh',
+			owner: 'hwisu',
+			repo: 'opensession',
+			ref: 'feat/refactor',
+			path: 'packages/ui/src/api.ts',
+		},
+		viewMode: 'native',
+		unifiedFilters: ['all', 'tool'],
+		nativeFilters: ['user'],
+		parserHint: 'codex',
+	});
+
+	assert.match(url, /^\/src\/gh\/hwisu\/opensession\/ref\/feat%2Frefactor\/path\/packages\/ui\/src\/api.ts\?/);
+	assert.match(url, /view=native/);
+	assert.match(url, /ef=all%2Ctool/);
+	assert.match(url, /nf=user/);
+	assert.match(url, /parser_hint=codex/);
+});
+
+test('route helpers normalize invalid parser/view values', () => {
+	assert.equal(parseViewMode('weird'), 'unified');
+	assert.equal(parseViewMode('branch'), 'branch');
+	assert.equal(parseParserHint('invalid-parser'), null);
+	assert.equal(parseParserHint('codex'), 'codex');
+});
diff --git a/packages/ui/src/source-route.ts b/packages/ui/src/source-route.ts
new file mode 100644
index 00000000..621b2a51
--- /dev/null
+++ b/packages/ui/src/source-route.ts
@@ -0,0 +1,214 @@
+import type { SessionViewMode } from './session-filters';
+
+export type SourceRouteState =
+	| {
+			provider: 'gh';
+			owner: string;
+			repo: string;
+			ref: string;
+			path: string;
+	  }
+	| {
+			provider: 'git';
+			remote: string;
+			ref: string;
+			path: string;
+	  }
+	| {
+			provider: 'gl';
+			project: string;
+			ref: string;
+			path: string;
+	  };
+
+export const INVALID_GH_PATH_MSG =
+	'Invalid source path. Expected /src/gh/<owner>/<repo>/ref/<ref...>/path/<path...>.';
+export const INVALID_GIT_PATH_MSG =
+	'Invalid source path. Expected /src/git/<remote_b64>/ref/<ref...>/path/<path...>.';
+export const INVALID_GL_PATH_MSG =
+	'Invalid source path. Expected /src/gl/<project_b64>/ref/<ref...>/path/<path...>.';
+
+export const VALID_PARSER_HINTS = new Set([
+	'hail',
+	'codex',
+	'claude-code',
+	'gemini',
+	'amp',
+	'cline',
+	'cursor',
+	'opencode',
+]);
+
+export function parseCsvQuery(value: string | null): string[] {
+	if (!value) return [];
+	const out: string[] = [];
+	const seen = new Set<string>();
+	for (const raw of value.split(',')) {
+		const trimmed = raw.trim();
+		if (!trimmed || seen.has(trimmed)) continue;
+		seen.add(trimmed);
+		out.push(trimmed);
+	}
+	return out;
+}
+
+export function parseViewMode(value: string | null): SessionViewMode {
+	if (value === 'native' || value === 'branch') return value;
+	return 'unified';
+}
+
+export function parseParserHint(value: string | null): string | null {
+	if (!value) return null;
+	const trimmed = value.trim();
+	if (!trimmed || !VALID_PARSER_HINTS.has(trimmed)) return null;
+	return trimmed;
+}
+
+function decodePathSegments(segments: string[]): string {
+	return segments.map((segment) => decodeURIComponent(segment)).join('/');
+}
+
+function encodePath(path: string): string {
+	return path
+		.split('/')
+		.map((segment) => encodeURIComponent(segment))
+		.join('/');
+}
+
+function decodeBase64Url(value: string): string {
+	const normalized = value.replace(/-/g, '+').replace(/_/g, '/');
+	const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4);
+	try {
+		return decodeURIComponent(escape(atob(padded)));
+	} catch {
+		throw new Error('Invalid base64url segment');
+	}
+}
+
+function encodeBase64Url(value: string): string {
+	const encoded = btoa(unescape(encodeURIComponent(value)));
+	return encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
+}
+
+function extractRefAndPath(
+	tail: string[],
+	refTokenIndex: number,
+	pathTokenFromIndex: number,
+): { ref: string; path: string } | null {
+	const pathTokenIndex = tail.indexOf('path', pathTokenFromIndex);
+	if (pathTokenIndex < 0 || pathTokenIndex >= tail.length - 1) return null;
+
+	const refSegments = tail.slice(refTokenIndex + 1, pathTokenIndex);
+	const pathSegments = tail.slice(pathTokenIndex + 1);
+	if (refSegments.length === 0 || pathSegments.length === 0) return null;
+
+	return {
+		ref: decodePathSegments(refSegments),
+		path: decodePathSegments(pathSegments),
+	};
+}
+
+export function parseSourceRoute(params: {
+	provider: string | undefined;
+	segments: string | undefined;
+}): { route: SourceRouteState | null; message?: string } {
+	const provider = params.provider ?? '';
+	const tail = (params.segments ?? '').split('/').filter((segment) => segment.length > 0);
+
+	if (provider === 'gh') {
+		if (tail.length < 6 || tail[2] !== 'ref') {
+			return { route: null, message: INVALID_GH_PATH_MSG };
+		}
+		try {
+			const refAndPath = extractRefAndPath(tail, 2, 3);
+			if (!refAndPath) return { route: null, message: INVALID_GH_PATH_MSG };
+			return {
+				route: {
+					provider: 'gh',
+					owner: decodeURIComponent(tail[0]),
+					repo: decodeURIComponent(tail[1]),
+					ref: refAndPath.ref,
+					path: refAndPath.path,
+				},
+			};
+		} catch {
+			return { route: null, message: INVALID_GH_PATH_MSG };
+		}
+	}
+
+	if (provider === 'git') {
+		if (tail.length < 5 || tail[1] !== 'ref') {
+			return { route: null, message: INVALID_GIT_PATH_MSG };
+		}
+		try {
+			const refAndPath = extractRefAndPath(tail, 1, 2);
+			if (!refAndPath) return { route: null, message: INVALID_GIT_PATH_MSG };
+			return {
+				route: {
+					provider: 'git',
+					remote: decodeBase64Url(tail[0]),
+					ref: refAndPath.ref,
+					path: refAndPath.path,
+				},
+			};
+		} catch {
+			return { route: null, message: INVALID_GIT_PATH_MSG };
+		}
+	}
+
+	if (provider === 'gl') {
+		if (tail.length < 5 || tail[1] !== 'ref') {
+			return { route: null, message: INVALID_GL_PATH_MSG };
+		}
+		try {
+			const refAndPath = extractRefAndPath(tail, 1, 2);
+			if (!refAndPath) return { route: null, message: INVALID_GL_PATH_MSG };
+			return {
+				route: {
+					provider: 'gl',
+					project: decodeBase64Url(tail[0]),
+					ref: refAndPath.ref,
+					path: refAndPath.path,
+				},
+			};
+		} catch {
+			return { route: null, message: INVALID_GL_PATH_MSG };
+		}
+	}
+
+	return {
+		route: null,
+		message: 'Unsupported source provider. Use /src/gh, /src/gl, or /src/git.',
+	};
+}
+
+export function buildRouteBase(route: SourceRouteState): string {
+	if (route.provider === 'gh') {
+		return `/src/gh/${encodeURIComponent(route.owner)}/${encodeURIComponent(route.repo)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
+	}
+
+	if (route.provider === 'gl') {
+		return `/src/gl/${encodeBase64Url(route.project)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
+	}
+
+	return `/src/git/${encodeBase64Url(route.remote)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
+}
+
+export function buildStateUrl(args: {
+	route: SourceRouteState;
+	viewMode: SessionViewMode;
+	unifiedFilters: Iterable<string>;
+	nativeFilters: Iterable<string>;
+	parserHint: string | null;
+}): string {
+	const params = new URLSearchParams();
+	params.set('view', args.viewMode);
+	params.set('ef', Array.from(args.unifiedFilters).sort().join(','));
+	params.set('nf', Array.from(args.nativeFilters).sort().join(','));
+	if (args.parserHint) {
+		params.set('parser_hint', args.parserHint);
+	}
+	const query = params.toString();
+	const base = buildRouteBase(args.route);
+	return query ? `${base}?${query}` : base;
+}
diff --git a/web/package-lock.json b/web/package-lock.json
index 6f12272d..51fb95ce 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -29,6 +29,7 @@
 			"name": "@opensession/ui",
 			"version": "0.1.0",
 			"dependencies": {
+				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
 				"isomorphic-dompurify": "^2.28.0",
 				"marked": "^17.0.1"
diff --git a/web/src/routes/src/[provider]/[...segments]/+page.svelte b/web/src/routes/src/[provider]/[...segments]/+page.svelte
index 74b3f44a..001054a8 100644
--- a/web/src/routes/src/[provider]/[...segments]/+page.svelte
+++ b/web/src/routes/src/[provider]/[...segments]/+page.svelte
@@ -5,419 +5,97 @@ import { untrack } from 'svelte';
 import {
 	buildNativeFilterOptions,
 	buildUnifiedFilterOptions,
+	createSourcePreviewModel,
+	createSourcePreviewModelState,
 	getApiCapabilities,
 	getParsePreviewError,
-	type ParseCandidate,
 	previewSessionFromGitSource,
 	previewSessionFromGithubSource,
-	type ParsePreviewResponse,
 	type Session,
 	type SessionViewMode,
 } from '@opensession/ui';
 import { ParseSourceBanner, ParserSelectPanel, SessionRenderPage } from '@opensession/ui/components';
 
-type PageState = 'idle' | 'loading' | 'ready' | 'select_parser' | 'error' | 'unsupported';
+const state = $state(createSourcePreviewModelState());
 
-type SourceRouteState =
-	| {
-			provider: 'gh';
-			owner: string;
-			repo: string;
-			ref: string;
-			path: string;
-	  }
-	| {
-			provider: 'git';
-			remote: string;
-			ref: string;
-			path: string;
-	  }
-	| {
-			provider: 'gl';
-			project: string;
-			ref: string;
-			path: string;
-	  };
-
-const INVALID_GH_PATH_MSG =
-	'Invalid source path. Expected /src/gh/<owner>/<repo>/ref/<ref...>/path/<path...>.';
-const INVALID_GIT_PATH_MSG =
-	'Invalid source path. Expected /src/git/<remote_b64>/ref/<ref...>/path/<path...>.';
-const INVALID_GL_PATH_MSG =
-	'Invalid source path. Expected /src/gl/<project_b64>/ref/<ref...>/path/<path...>.';
-
-const VALID_PARSER_HINTS = new Set([
-	'hail',
-	'codex',
-	'claude-code',
-	'gemini',
-	'amp',
-	'cline',
-	'cursor',
-	'opencode',
-]);
-
-let pageState = $state<PageState>('idle');
-let errorMessage = $state<string | null>(null);
-let preview = $state<ParsePreviewResponse | null>(null);
-let parserCandidates = $state<ParseCandidate[]>([]);
-let parserHint = $state<string | null>(null);
-let viewMode = $state<SessionViewMode>('unified');
-let unifiedFilters = $state(new Set<string>());
-let nativeFilters = $state(new Set<string>());
-let currentRoute = $state<SourceRouteState | null>(null);
-let routeQueryEf = $state<string[]>([]);
-let routeQueryNf = $state<string[]>([]);
-let routeVersion = $state(0);
-let lastPreviewKey = $state<string | null>(null);
-let lastObservedHref = '';
-
-function parseCsvQuery(value: string | null): string[] {
-	if (!value) return [];
-	const out: string[] = [];
-	const seen = new Set<string>();
-	for (const raw of value.split(',')) {
-		const trimmed = raw.trim();
-		if (!trimmed || seen.has(trimmed)) continue;
-		seen.add(trimmed);
-		out.push(trimmed);
-	}
-	return out;
-}
-
-function parseViewMode(value: string | null): SessionViewMode {
-	return value === 'native' ? 'native' : 'unified';
-}
-
-function parseParserHint(value: string | null): string | null {
-	if (!value) return null;
-	const trimmed = value.trim();
-	if (!trimmed || !VALID_PARSER_HINTS.has(trimmed)) return null;
-	return trimmed;
-}
-
-function decodePathSegments(segments: string[]): string {
-	return segments.map((segment) => decodeURIComponent(segment)).join('/');
-}
-
-function encodePath(path: string): string {
-	return path
-		.split('/')
-		.map((segment) => encodeURIComponent(segment))
-		.join('/');
-}
-
-function decodeBase64Url(value: string): string {
-	const normalized = value.replace(/-/g, '+').replace(/_/g, '/');
-	const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4);
-	try {
-		return decodeURIComponent(escape(atob(padded)));
-	} catch {
-		throw new Error('Invalid base64url segment');
-	}
-}
-
-function encodeBase64Url(value: string): string {
-	const encoded = btoa(unescape(encodeURIComponent(value)));
-	return encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
-}
-
-function extractRefAndPath(
-	tail: string[],
-	refTokenIndex: number,
-	pathTokenFromIndex: number,
-): { ref: string; path: string } | null {
-	const pathTokenIndex = tail.indexOf('path', pathTokenFromIndex);
-	if (pathTokenIndex < 0 || pathTokenIndex >= tail.length - 1) return null;
-
-	const refSegments = tail.slice(refTokenIndex + 1, pathTokenIndex);
-	const pathSegments = tail.slice(pathTokenIndex + 1);
-	if (refSegments.length === 0 || pathSegments.length === 0) return null;
-
-	return {
-		ref: decodePathSegments(refSegments),
-		path: decodePathSegments(pathSegments),
-	};
-}
-
-function parseSourceRouteFromParams(): { route: SourceRouteState | null; message?: string } {
-	const provider = $page.params.provider;
-	const tail = ($page.params.segments ?? '').split('/').filter((segment) => segment.length > 0);
-
-	if (provider === 'gh') {
-		if (tail.length < 6 || tail[2] !== 'ref') {
-			return { route: null, message: INVALID_GH_PATH_MSG };
-		}
-		try {
-			const refAndPath = extractRefAndPath(tail, 2, 3);
-			if (!refAndPath) {
-				return { route: null, message: INVALID_GH_PATH_MSG };
-			}
-			return {
-				route: {
-					provider: 'gh',
-					owner: decodeURIComponent(tail[0]),
-					repo: decodeURIComponent(tail[1]),
-					ref: refAndPath.ref,
-					path: refAndPath.path,
-				},
-			};
-		} catch {
-			return { route: null, message: INVALID_GH_PATH_MSG };
-		}
-	}
-
-	if (provider === 'git') {
-		if (tail.length < 5 || tail[1] !== 'ref') {
-			return { route: null, message: INVALID_GIT_PATH_MSG };
-		}
-		try {
-			const refAndPath = extractRefAndPath(tail, 1, 2);
-			if (!refAndPath) {
-				return { route: null, message: INVALID_GIT_PATH_MSG };
-			}
-			const remote = decodeBase64Url(tail[0]);
-			return {
-				route: {
-					provider: 'git',
-					remote,
-					ref: refAndPath.ref,
-					path: refAndPath.path,
-				},
-			};
-		} catch {
-			return { route: null, message: INVALID_GIT_PATH_MSG };
-		}
-	}
-
-	if (provider === 'gl') {
-		if (tail.length < 5 || tail[1] !== 'ref') {
-			return { route: null, message: INVALID_GL_PATH_MSG };
-		}
-		try {
-			const refAndPath = extractRefAndPath(tail, 1, 2);
-			if (!refAndPath) {
-				return { route: null, message: INVALID_GL_PATH_MSG };
-			}
-			return {
-				route: {
-					provider: 'gl',
-					project: decodeBase64Url(tail[0]),
-					ref: refAndPath.ref,
-					path: refAndPath.path,
-				},
-			};
-		} catch {
-			return { route: null, message: INVALID_GL_PATH_MSG };
-		}
-	}
-
-	return {
-		route: null,
-		message: 'Unsupported source provider. Use /src/gh, /src/gl, or /src/git.',
-	};
-}
-
-function buildRouteBase(route: SourceRouteState): string {
-	if (route.provider === 'gh') {
-		return `/src/gh/${encodeURIComponent(route.owner)}/${encodeURIComponent(route.repo)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
-	}
-
-	if (route.provider === 'gl') {
-		return `/src/gl/${encodeBase64Url(route.project)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
-	}
-
-	return `/src/git/${encodeBase64Url(route.remote)}/ref/${encodeURIComponent(route.ref)}/path/${encodePath(route.path)}`;
-}
-
-function buildStateUrl(route: SourceRouteState): string {
-	const params = new URLSearchParams();
-	params.set('view', viewMode);
-	params.set('ef', Array.from(unifiedFilters).sort().join(','));
-	params.set('nf', Array.from(nativeFilters).sort().join(','));
-	if (parserHint) {
-		params.set('parser_hint', parserHint);
-	}
-	const query = params.toString();
-	const base = buildRouteBase(route);
-	return query ? `${base}?${query}` : base;
-}
-
-async function syncUrlToState() {
-	if (!currentRoute) return;
-	const target = buildStateUrl(currentRoute);
-	const current = `${$page.url.pathname}${$page.url.search}`;
-	if (target === current) return;
-	await goto(target, { replaceState: true, keepFocus: true, noScroll: true });
-}
-
-function initializeFiltersFromRoute(previewResponse: ParsePreviewResponse) {
-	const session = previewResponse.session as Session;
-	const allUnified = buildUnifiedFilterOptions(session.events).map((option) => option.key);
-	const allNative = buildNativeFilterOptions(session.events).map((option) => option.key);
-	const allUnifiedSet = new Set(allUnified);
-	const allNativeSet = new Set(allNative);
-
-	if (routeQueryEf.length > 0) {
-		const effective = routeQueryEf.filter((key) => allUnifiedSet.has(key));
-		unifiedFilters = new Set(effective.length > 0 ? effective : allUnified);
-	} else {
-		unifiedFilters = allUnifiedSet;
-	}
-
-	if (routeQueryNf.length > 0) {
-		const effective = routeQueryNf.filter((key) => allNativeSet.has(key));
-		nativeFilters = new Set(effective.length > 0 ? effective : allNative);
-	} else {
-		nativeFilters = allNativeSet;
-	}
-}
+const model = createSourcePreviewModel(state, {
+	getApiCapabilities,
+	previewSessionFromGithubSource,
+	previewSessionFromGitSource,
+	getParsePreviewError,
+	buildUnifiedFilterKeys: (session) =>
+		buildUnifiedFilterOptions(session.events).map((option) => option.key),
+	buildNativeFilterKeys: (session) =>
+		buildNativeFilterOptions(session.events).map((option) => option.key),
+	replaceStateUrl: (url) => goto(url, { replaceState: true, keepFocus: true, noScroll: true }),
+});
 
 function toggleUnifiedFilter(key: string) {
-	const next = new Set(unifiedFilters);
-	if (next.has(key)) next.delete(key);
-	else next.add(key);
-	unifiedFilters = next;
-	void syncUrlToState();
+	model.toggleUnifiedFilter(key);
 }
 
 function toggleNativeFilter(key: string) {
-	const next = new Set(nativeFilters);
-	if (next.has(key)) next.delete(key);
-	else next.add(key);
-	nativeFilters = next;
-	void syncUrlToState();
+	model.toggleNativeFilter(key);
 }
 
 function changeViewMode(mode: SessionViewMode) {
-	viewMode = mode;
-	void syncUrlToState();
+	model.changeViewMode(mode);
 }
 
 function selectParser(parserId: string) {
-	parserHint = parserId;
-	void syncUrlToState();
-}
-
-async function loadFromRoute() {
-	const activeVersion = ++routeVersion;
-	pageState = 'loading';
-	errorMessage = null;
-
-	const { route, message } = parseSourceRouteFromParams();
-	if (!route) {
-		pageState = 'error';
-		errorMessage = message ?? 'Invalid source route.';
-		return;
-	}
-	currentRoute = route;
-
-	viewMode = parseViewMode($page.url.searchParams.get('view'));
-	parserHint = parseParserHint($page.url.searchParams.get('parser_hint'));
-	routeQueryEf = parseCsvQuery($page.url.searchParams.get('ef'));
-	routeQueryNf = parseCsvQuery($page.url.searchParams.get('nf'));
-
-	const routeKey = `${JSON.stringify(route)}|${parserHint ?? ''}`;
-	if (preview && lastPreviewKey === routeKey) {
-		initializeFiltersFromRoute(preview);
-		pageState = 'ready';
-		await syncUrlToState();
-		return;
-	}
-
-	const capabilities = await getApiCapabilities();
-	if (activeVersion !== routeVersion) return;
-	if (!capabilities.parse_preview_enabled) {
-		pageState = 'unsupported';
-		return;
-	}
-
-	try {
-		const parsed =
-			route.provider === 'gh'
-				? await previewSessionFromGithubSource({
-						owner: route.owner,
-						repo: route.repo,
-						ref: route.ref,
-						path: route.path,
-						parser_hint: parserHint ?? undefined,
-				  })
-				: route.provider === 'gl'
-					? await previewSessionFromGitSource({
-							remote: `https://gitlab.com/${route.project}`,
-							ref: route.ref,
-							path: route.path,
-							parser_hint: parserHint ?? undefined,
-					  })
-					: await previewSessionFromGitSource({
-							remote: route.remote,
-							ref: route.ref,
-							path: route.path,
-							parser_hint: parserHint ?? undefined,
-					  });
-		if (activeVersion !== routeVersion) return;
-
-		preview = parsed;
-		parserCandidates = [];
-		lastPreviewKey = routeKey;
-		initializeFiltersFromRoute(parsed);
-		pageState = 'ready';
-		await syncUrlToState();
-	} catch (error) {
-		if (activeVersion !== routeVersion) return;
-		const parseError = getParsePreviewError(error);
-		if (parseError?.code === 'parser_selection_required') {
-			parserCandidates = parseError.parser_candidates ?? [];
-			errorMessage = parseError.message;
-			pageState = 'select_parser';
-			return;
-		}
-
-		pageState = 'error';
-		errorMessage = parseError?.message ?? (error instanceof Error ? error.message : 'Failed to parse source');
-	}
+	model.selectParser(parserId);
 }
 
 $effect(() => {
 	const href = $page.url.href;
-	if (href === lastObservedHref) return;
-	lastObservedHref = href;
 	untrack(() => {
-		void loadFromRoute();
+		void model.loadFromLocation({
+			provider: $page.params.provider,
+			segments: $page.params.segments,
+			pathname: $page.url.pathname,
+			search: $page.url.search,
+			href,
+		});
 	});
 });
 </script>
 
-{#if pageState === 'loading' || pageState === 'idle'}
+{#if state.pageState === 'loading' || state.pageState === 'idle'}
 	<div class="py-16 text-center text-xs text-text-muted">Loading source preview...</div>
-{:else if pageState === 'unsupported'}
+{:else if state.pageState === 'unsupported'}
 	<div class="mx-auto max-w-3xl border border-border bg-bg-secondary p-6 text-sm text-text-secondary">
 		This deployment does not support source parse preview.
 	</div>
-{:else if pageState === 'select_parser'}
+{:else if state.pageState === 'select_parser'}
 	<div class="mx-auto max-w-3xl space-y-3">
-		{#if errorMessage}
-			<div class="border border-warning/30 bg-warning/10 px-3 py-2 text-xs text-warning">{errorMessage}</div>
+		{#if state.errorMessage}
+			<div class="border border-warning/30 bg-warning/10 px-3 py-2 text-xs text-warning">
+				{state.errorMessage}
+			</div>
 		{/if}
 		<ParserSelectPanel
-			candidates={parserCandidates}
-			parserHint={parserHint}
+			candidates={state.parserCandidates}
+			parserHint={state.parserHint}
 			loading={false}
 			onSelect={selectParser}
 		/>
 	</div>
-{:else if pageState === 'error'}
+{:else if state.pageState === 'error'}
 	<div class="mx-auto max-w-3xl border border-error/30 bg-error/10 px-4 py-3 text-sm text-error">
-		{errorMessage ?? 'Failed to load source.'}
+		{state.errorMessage ?? 'Failed to load source.'}
 	</div>
-{:else if preview && currentRoute}
+{:else if state.preview && state.currentRoute}
 	<div class="space-y-3">
-		<ParseSourceBanner source={preview.source} parserUsed={preview.parser_used} warnings={preview.warnings} />
+		<ParseSourceBanner
+			source={state.preview.source}
+			parserUsed={state.preview.parser_used}
+			warnings={state.preview.warnings}
+		/>
 		<SessionRenderPage
-			session={preview.session as Session}
-			viewMode={viewMode}
-			unifiedFilters={unifiedFilters}
-			nativeFilters={nativeFilters}
+			session={state.preview.session as Session}
+			viewMode={state.viewMode}
+			unifiedFilters={state.unifiedFilters}
+			nativeFilters={state.nativeFilters}
 			onViewModeChange={changeViewMode}
 			onToggleUnifiedFilter={toggleUnifiedFilter}
 			onToggleNativeFilter={toggleNativeFilter}

From 84eb39272c79f7e3f3f0e1394e822d25a1e08949 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 15:24:10 +0900
Subject: [PATCH 02/30] extract shell and settings ui models

---
 packages/ui/src/components/AppShell.svelte    | 240 ++++---------
 .../ui/src/components/SettingsPage.svelte     | 183 +++++-----
 packages/ui/src/index.ts                      |  14 +
 .../ui/src/models/app-shell-model.test.ts     | 106 ++++++
 packages/ui/src/models/app-shell-model.ts     | 209 +++++++++++
 packages/ui/src/models/settings-model.test.ts |  78 ++++
 packages/ui/src/models/settings-model.ts      | 332 ++++++++++++++++++
 7 files changed, 901 insertions(+), 261 deletions(-)
 create mode 100644 packages/ui/src/models/app-shell-model.test.ts
 create mode 100644 packages/ui/src/models/app-shell-model.ts
 create mode 100644 packages/ui/src/models/settings-model.test.ts
 create mode 100644 packages/ui/src/models/settings-model.ts

diff --git a/packages/ui/src/components/AppShell.svelte b/packages/ui/src/components/AppShell.svelte
index 5c7057cf..272e53ef 100644
--- a/packages/ui/src/components/AppShell.svelte
+++ b/packages/ui/src/components/AppShell.svelte
@@ -2,13 +2,13 @@
 import type { Snippet } from 'svelte';
 import { tick } from 'svelte';
 import {
-	ApiError,
 	authLogout,
 	getApiCapabilities,
 	getSettings,
 	isAuthenticated,
 	verifyAuth,
 } from '../api';
+import { createShellModel, createShellModelState } from '../models/app-shell-model';
 import type { UserSettings } from '../types';
 import ThemeToggle from './ThemeToggle.svelte';
 
@@ -46,22 +46,16 @@ const {
 	onNavigate?: (path: string) => void;
 } = $props();
 
-let user = $state<UserSettings | null>(null);
-let paletteOpen = $state(false);
-let paletteQuery = $state('');
-let paletteSelectionIndex = $state(0);
+const shellState = $state(createShellModelState());
 let paletteInput: HTMLInputElement | undefined = $state();
-let helpOpen = $state(false);
 let helpDialog: HTMLDivElement | undefined = $state();
-let accountMenuOpen = $state(false);
 let accountMenuRoot: HTMLDivElement | undefined = $state();
-let authEnabled = $state(false);
-let hasLocalAuth = $state(false);
-let desktopRuntime = $state(false);
 
 const isSessionDetail = $derived(currentPath.startsWith('/session/'));
 const isSessionList = $derived(currentPath === '/sessions');
-const showLoginLink = $derived(!hasLocalAuth && (!desktopRuntime || authEnabled));
+const showLoginLink = $derived(
+	!shellState.hasLocalAuth && (!shellState.desktopRuntime || shellState.authEnabled),
+);
 
 function trimNonEmpty(value: string | null | undefined): string | null {
 	if (typeof value !== 'string') return null;
@@ -118,69 +112,51 @@ function getDesktopInvoke(): DesktopInvoke | null {
 	return typeof invoke === 'function' ? invoke : null;
 }
 
+const shellModel = createShellModel(shellState, {
+	getApiCapabilities,
+	verifyAuth,
+	getSettings,
+	authLogout,
+	isAuthenticated,
+	isDesktopRuntime: () => {
+		if (typeof window === 'undefined') return false;
+		const desktopWindow = window as DesktopWindow;
+		return '__TAURI_INTERNALS__' in desktopWindow || desktopWindow.location.protocol === 'tauri:';
+	},
+	takeLaunchRoute: async () => {
+		const invoke = getDesktopInvoke();
+		if (!invoke) return null;
+		const maybeRoute = await invoke<unknown>('desktop_take_launch_route');
+		return typeof maybeRoute === 'string' ? maybeRoute : null;
+	},
+	getCurrentLocationPath: () => {
+		if (typeof window === 'undefined') return currentPath;
+		return `${window.location.pathname}${window.location.search}${window.location.hash}`;
+	},
+	startInterval: (callback, ms) => window.setInterval(callback, ms),
+	clearInterval: (handle) => {
+		window.clearInterval(handle as number);
+	},
+	navigate: (path) => onNavigate(path),
+});
+
 const navLinks = $derived.by(() => {
 	const links: Array<{ href: string; label: string }> = [{ href: '/sessions', label: 'Sessions' }];
 	links.push({ href: '/docs', label: 'Docs' });
-	if (desktopRuntime || hasLocalAuth) {
+	if (shellState.desktopRuntime || shellState.hasLocalAuth) {
 		links.push({ href: '/settings', label: 'Settings' });
 	}
 	return links;
 });
 
 $effect(() => {
-	let cancelled = false;
-	if (typeof window !== 'undefined') {
-		const desktopWindow = window as DesktopWindow;
-		desktopRuntime =
-			'__TAURI_INTERNALS__' in desktopWindow || desktopWindow.location.protocol === 'tauri:';
-	}
-	getApiCapabilities()
-		.then((capabilities) => {
-			if (cancelled) return;
-			authEnabled = capabilities.auth_enabled;
-		})
-		.catch(() => {
-			if (cancelled) return;
-			authEnabled = false;
-		});
-
-	return () => {
-		cancelled = true;
-	};
+	void shellModel.loadCapabilities();
 });
 
 $effect(() => {
-	if (!desktopRuntime || typeof window === 'undefined') return;
-	const invoke = getDesktopInvoke();
-	if (!invoke) return;
-
-	let cancelled = false;
-	let commandSupported = true;
-
-	const pollLaunchRoute = async () => {
-		if (cancelled || !commandSupported) return;
-		try {
-			const maybeRoute = await invoke<unknown>('desktop_take_launch_route');
-			if (typeof maybeRoute !== 'string' || maybeRoute.trim().length === 0) return;
-			const nextPath = maybeRoute.trim();
-			const currentPath = `${window.location.pathname}${window.location.search}${window.location.hash}`;
-			if (nextPath === currentPath) return;
-			onNavigate(nextPath);
-		} catch {
-			// Older desktop runtimes may not implement this command yet.
-			commandSupported = false;
-		}
-	};
-
-	void pollLaunchRoute();
-	const timer = window.setInterval(() => {
-		void pollLaunchRoute();
-	}, 1200);
-
-	return () => {
-		cancelled = true;
-		window.clearInterval(timer);
-	};
+	void shellState.desktopRuntime;
+	if (!shellState.desktopRuntime) return;
+	return shellModel.startLaunchRoutePolling();
 });
 
 const shortcutHints = $derived.by(() => {
@@ -204,61 +180,13 @@ const shortcutHints = $derived.by(() => {
 
 $effect(() => {
 	void currentPath;
-	if (!authEnabled) {
-		user = null;
-		hasLocalAuth = false;
-		accountMenuOpen = false;
-		return;
-	}
-
-	if (!isAuthenticated()) {
-		user = null;
-		hasLocalAuth = false;
-		accountMenuOpen = false;
-		return;
-	}
-
-	let cancelled = false;
-	verifyAuth()
-		.then(async (ok) => {
-			if (!ok || cancelled) {
-				user = null;
-				hasLocalAuth = false;
-				accountMenuOpen = false;
-				return;
-			}
-			try {
-				const settings = await getSettings();
-				if (!cancelled) {
-					user = settings;
-					hasLocalAuth = true;
-				}
-			} catch (e) {
-				if (cancelled) return;
-				user = null;
-				hasLocalAuth = false;
-				accountMenuOpen = false;
-				if (e instanceof ApiError && (e.status === 401 || e.status === 403)) {
-					await authLogout();
-				}
-			}
-		})
-		.catch(() => {
-			if (!cancelled) {
-				user = null;
-				hasLocalAuth = false;
-				accountMenuOpen = false;
-			}
-		});
-
-	return () => {
-		cancelled = true;
-	};
+	void shellState.authEnabled;
+	void shellModel.loadUser();
 });
 
 $effect(() => {
 	void currentPath;
-	accountMenuOpen = false;
+	shellModel.resetMenusForPath();
 });
 
 function createPaletteCommand(
@@ -293,7 +221,7 @@ const allPaletteCommands = $derived.by(() => {
 		),
 	];
 
-	if (!hasLocalAuth && (!desktopRuntime || authEnabled)) {
+	if (!shellState.hasLocalAuth && (!shellState.desktopRuntime || shellState.authEnabled)) {
 		commands.push(
 			createPaletteCommand(
 				'go-login',
@@ -304,7 +232,7 @@ const allPaletteCommands = $derived.by(() => {
 			),
 		);
 	}
-	if (hasLocalAuth || desktopRuntime) {
+	if (shellState.hasLocalAuth || shellState.desktopRuntime) {
 		commands.push(
 			createPaletteCommand(
 				'go-settings',
@@ -343,7 +271,7 @@ const allPaletteCommands = $derived.by(() => {
 	return commands;
 });
 
-const normalizedPaletteQuery = $derived(paletteQuery.trim().toLowerCase());
+const normalizedPaletteQuery = $derived(shellState.paletteQuery.trim().toLowerCase());
 const visiblePaletteCommands = $derived.by(() => {
 	if (!normalizedPaletteQuery) return allPaletteCommands;
 
@@ -357,18 +285,11 @@ const visiblePaletteCommands = $derived.by(() => {
 
 $effect(() => {
 	void normalizedPaletteQuery;
-	paletteSelectionIndex = 0;
+	shellModel.resetPaletteSelection();
 });
 
 $effect(() => {
-	const max = visiblePaletteCommands.length - 1;
-	if (max < 0) {
-		paletteSelectionIndex = 0;
-		return;
-	}
-	if (paletteSelectionIndex > max) {
-		paletteSelectionIndex = max;
-	}
+	shellModel.clampPaletteSelection(visiblePaletteCommands.length - 1);
 });
 
 function isLinkActive(href: string): boolean {
@@ -391,24 +312,21 @@ function isEditableTarget(target: EventTarget | null): boolean {
 }
 
 async function openPalette() {
-	paletteOpen = true;
-	paletteQuery = '';
-	paletteSelectionIndex = 0;
+	shellModel.openPalette();
 	await tick();
 	paletteInput?.focus();
 }
 
 function closePalette() {
-	paletteOpen = false;
-	paletteQuery = '';
+	shellModel.closePalette();
 }
 
 function openHelp() {
-	helpOpen = true;
+	shellModel.openHelp();
 }
 
 function closeHelp() {
-	helpOpen = false;
+	shellModel.closeHelp();
 }
 
 function trapHelpFocus(e: KeyboardEvent) {
@@ -436,15 +354,15 @@ function trapHelpFocus(e: KeyboardEvent) {
 }
 
 function closeAccountMenu() {
-	accountMenuOpen = false;
+	shellModel.closeAccountMenu();
 }
 
 function toggleAccountMenu() {
-	accountMenuOpen = !accountMenuOpen;
+	shellModel.toggleAccountMenu();
 }
 
 function handleWindowPointerDown(e: MouseEvent) {
-	if (!accountMenuOpen) return;
+	if (!shellState.accountMenuOpen) return;
 	const target = e.target;
 	if (!(target instanceof Node)) return;
 	if (accountMenuRoot?.contains(target)) return;
@@ -458,9 +376,7 @@ function executePaletteCommand(command: PaletteCommand | undefined) {
 }
 
 function movePaletteSelection(direction: 1 | -1) {
-	const len = visiblePaletteCommands.length;
-	if (len === 0) return;
-	paletteSelectionIndex = (paletteSelectionIndex + direction + len) % len;
+	shellModel.movePaletteSelection(direction, visiblePaletteCommands.length);
 }
 
 function handlePaletteInputKeydown(e: KeyboardEvent) {
@@ -476,7 +392,7 @@ function handlePaletteInputKeydown(e: KeyboardEvent) {
 	}
 	if (e.key === 'Enter') {
 		e.preventDefault();
-		executePaletteCommand(visiblePaletteCommands[paletteSelectionIndex]);
+		executePaletteCommand(visiblePaletteCommands[shellState.paletteSelectionIndex]);
 		return;
 	}
 	if (e.key === 'Escape') {
@@ -486,15 +402,11 @@ function handlePaletteInputKeydown(e: KeyboardEvent) {
 }
 
 async function handleSignOut() {
-	closeAccountMenu();
-	await authLogout();
-	user = null;
-	hasLocalAuth = false;
-	onNavigate('/sessions');
+	await shellModel.signOut();
 }
 
 function handleAccountMenuNavigate(path: string) {
-	closeAccountMenu();
+	shellModel.closeAccountMenu();
 	onNavigate(path);
 }
 
@@ -502,14 +414,14 @@ function handleGlobalKey(e: KeyboardEvent) {
 	if (isHelpShortcut(e)) {
 		if (isEditableTarget(e.target)) return;
 		e.preventDefault();
-		if (helpOpen) closeHelp();
+		if (shellState.helpOpen) closeHelp();
 		else openHelp();
 		return;
 	}
 
 	if (isPaletteShortcut(e)) {
 		e.preventDefault();
-		if (paletteOpen) {
+		if (shellState.paletteOpen) {
 			closePalette();
 		} else {
 			void openPalette();
@@ -517,7 +429,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 		return;
 	}
 
-	if (helpOpen) {
+	if (shellState.helpOpen) {
 		if (e.key === 'Escape') {
 			e.preventDefault();
 			closeHelp();
@@ -527,13 +439,13 @@ function handleGlobalKey(e: KeyboardEvent) {
 		return;
 	}
 
-	if (accountMenuOpen && e.key === 'Escape') {
+	if (shellState.accountMenuOpen && e.key === 'Escape') {
 		e.preventDefault();
 		closeAccountMenu();
 		return;
 	}
 
-	if (paletteOpen) {
+	if (shellState.paletteOpen) {
 		if (e.key === 'Escape') {
 			e.preventDefault();
 			closePalette();
@@ -572,20 +484,20 @@ function handleGlobalKey(e: KeyboardEvent) {
 				{/each}
 			</div>
 
-			{#if hasLocalAuth}
+			{#if shellState.hasLocalAuth}
 				<div class="relative shrink-0" bind:this={accountMenuRoot}>
 					<button
 						type="button"
 						data-testid="account-menu-trigger"
-						aria-expanded={accountMenuOpen}
+						aria-expanded={shellState.accountMenuOpen}
 						aria-haspopup="menu"
 						onclick={toggleAccountMenu}
 						class="px-1.5 py-1 text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary sm:px-3 sm:text-sm"
 					>
-						[{navAccountHandle(user)}]
+						[{navAccountHandle(shellState.user)}]
 					</button>
 
-						{#if accountMenuOpen}
+						{#if shellState.accountMenuOpen}
 							<div
 								role="menu"
 								aria-label="Account menu"
@@ -594,14 +506,14 @@ function handleGlobalKey(e: KeyboardEvent) {
 							>
 							<div class="border-b border-border px-3 py-2">
 								<p class="text-[11px] uppercase tracking-[0.1em] text-text-muted">Account</p>
-								<p class="mt-1 text-sm font-medium text-text-primary">{user?.nickname}</p>
-								<p class="text-xs text-text-secondary">{user?.email ?? 'email not linked'}</p>
+								<p class="mt-1 text-sm font-medium text-text-primary">{shellState.user?.nickname}</p>
+								<p class="text-xs text-text-secondary">{shellState.user?.email ?? 'email not linked'}</p>
 							</div>
 
 							<div class="border-b border-border px-3 py-2 text-xs text-text-secondary">
-								<p>User ID: <span class="text-text-primary">{user?.user_id}</span></p>
-								<p>Joined: <span class="text-text-primary">{shortDate(user?.created_at)}</span></p>
-								<p>Providers: <span class="text-text-primary">{linkedProvidersLabel(user)}</span></p>
+								<p>User ID: <span class="text-text-primary">{shellState.user?.user_id}</span></p>
+								<p>Joined: <span class="text-text-primary">{shortDate(shellState.user?.created_at)}</span></p>
+								<p>Providers: <span class="text-text-primary">{linkedProvidersLabel(shellState.user)}</span></p>
 							</div>
 
 								<div class="border-b border-border px-2 py-1">
@@ -687,7 +599,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 	</footer>
 </div>
 
-{#if paletteOpen}
+{#if shellState.paletteOpen}
 	<div class="fixed inset-0 z-50 p-4">
 		<button
 			type="button"
@@ -706,7 +618,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 			<div class="border-b border-border px-3 py-2">
 				<input
 					bind:this={paletteInput}
-					bind:value={paletteQuery}
+					bind:value={shellState.paletteQuery}
 					onkeydown={handlePaletteInputKeydown}
 					data-testid="command-palette-input"
 					type="text"
@@ -722,8 +634,8 @@ function handleGlobalKey(e: KeyboardEvent) {
 						<button
 							type="button"
 							class="flex w-full items-start justify-between gap-3 border-b border-border/60 px-3 py-2 text-left"
-							class:bg-bg-secondary={idx === paletteSelectionIndex}
-							class:hover:bg-bg-secondary={idx !== paletteSelectionIndex}
+							class:bg-bg-secondary={idx === shellState.paletteSelectionIndex}
+							class:hover:bg-bg-secondary={idx !== shellState.paletteSelectionIndex}
 							onclick={() => executePaletteCommand(command)}
 						>
 							<span>
@@ -743,7 +655,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 	</div>
 {/if}
 
-{#if helpOpen}
+{#if shellState.helpOpen}
 	<div class="fixed inset-0 z-50 p-4">
 		<button
 			type="button"
diff --git a/packages/ui/src/components/SettingsPage.svelte b/packages/ui/src/components/SettingsPage.svelte
index 298717f7..d0c315a3 100644
--- a/packages/ui/src/components/SettingsPage.svelte
+++ b/packages/ui/src/components/SettingsPage.svelte
@@ -54,6 +54,13 @@ import type {
 	RuntimeQuickJumpLink,
 	SettingsSectionNavItem,
 } from './settings-page/models';
+import {
+	copyTextSurface,
+	loadGitCredentialsState,
+	loadRuntimeSettingsState,
+	loadSettingsPageState,
+	nextSettingsBackgroundPollDelay,
+} from '../models/settings-model';
 
 const {
 	onNavigate = (path: string) => {
@@ -899,59 +906,30 @@ function vectorStatusGuidance(): string[] {
 
 async function loadSettings() {
 	loading = true;
-	error = null;
-	authRequired = false;
-	try {
-		const capabilities = await getApiCapabilities();
-		authApiEnabled = capabilities.auth_enabled;
-	} catch {
-		authApiEnabled = false;
-	}
-
-	if (!authApiEnabled) {
-		settings = null;
-		credentials = [];
-		loading = false;
-		return;
-	}
-
-	if (!isAuthenticated()) {
-		authRequired = true;
-		loading = false;
-		return;
-	}
-
-	try {
-		settings = await getSettings();
-		await loadGitCredentials();
-	} catch (err) {
-		settings = null;
-		if (err instanceof ApiError && (err.status === 401 || err.status === 403)) {
-			authRequired = true;
-		} else {
-			error = normalizeError(err, 'Failed to load settings');
-		}
-	} finally {
-		loading = false;
-	}
+	const result = await loadSettingsPageState({
+		getApiCapabilities,
+		isAuthenticated,
+		getSettings,
+		listGitCredentials,
+	});
+	authApiEnabled = result.authApiEnabled;
+	authRequired = result.authRequired;
+	settings = result.settings;
+	error = result.error;
+	credentials = result.credentials;
+	credentialsLoading = result.credentialsLoading;
+	credentialsError = result.credentialsError;
+	credentialsSupported = result.credentialsSupported;
+	loading = false;
 }
 
 async function loadGitCredentials() {
 	credentialsLoading = true;
-	credentialsError = null;
-	credentialsSupported = true;
-	try {
-		credentials = await listGitCredentials();
-	} catch (err) {
-		credentials = [];
-		if (err instanceof ApiError && err.status === 404) {
-			credentialsSupported = false;
-			return;
-		}
-		credentialsError = normalizeError(err, 'Failed to load git credentials');
-	} finally {
-		credentialsLoading = false;
-	}
+	const result = await loadGitCredentialsState({ listGitCredentials });
+	credentials = result.credentials;
+	credentialsLoading = result.credentialsLoading;
+	credentialsError = result.credentialsError;
+	credentialsSupported = result.credentialsSupported;
 }
 
 function applyRuntimeSettingsToDraft(settings: DesktopRuntimeSettingsResponse) {
@@ -1002,27 +980,28 @@ function applyRuntimeSettingsToDraft(settings: DesktopRuntimeSettingsResponse) {
 
 async function loadRuntimeSettings() {
 	runtimeLoading = true;
-	runtimeError = null;
-	runtimeVectorError = null;
-	runtimeSupported = true;
-	try {
-		const settings = await getRuntimeSettings();
-		runtimeSettings = settings;
-		applyRuntimeSettingsToDraft(settings);
-		await refreshLifecycleCleanupStatus();
-		await refreshSummaryBatchStatus();
-		await refreshVectorPreflight();
-		await refreshVectorIndexStatus();
-	} catch (err) {
-		runtimeSettings = null;
-		if (err instanceof ApiError && err.status === 501) {
-			runtimeSupported = false;
-		} else {
-			runtimeError = normalizeError(err, 'Failed to load runtime settings');
-		}
-	} finally {
-		runtimeLoading = false;
+	const result = await loadRuntimeSettingsState({
+		getRuntimeSettings,
+		getLifecycleCleanupStatus,
+		getSummaryBatchStatus,
+		vectorPreflight,
+		vectorIndexStatus,
+	});
+	runtimeSettings = result.runtimeSettings;
+	runtimeSupported = result.runtimeSupported;
+	runtimeError = result.runtimeError;
+	runtimeVectorError = result.runtimeVectorError;
+	runtimeLifecycleStatus = result.runtimeLifecycleStatus;
+	runtimeSummaryBatchStatus = result.runtimeSummaryBatchStatus;
+	runtimeVectorPreflight = result.runtimeVectorPreflight;
+	runtimeVectorIndex = result.runtimeVectorIndex;
+	runtimeVectorInstalling = result.runtimeVectorInstalling;
+	runtimeVectorReindexing = result.runtimeVectorReindexing;
+	runtimeSummaryBatchRunning = result.runtimeSummaryBatchRunning;
+	if (runtimeSettings) {
+		applyRuntimeSettingsToDraft(runtimeSettings);
 	}
+	runtimeLoading = false;
 }
 
 async function refreshLifecycleCleanupStatus(surfaceError: boolean = true): Promise<boolean> {
@@ -1405,13 +1384,31 @@ async function handleIssueApiKey() {
 }
 
 async function copyApiKey() {
-	if (!issuedApiKey) return;
-	try {
-		await navigator.clipboard.writeText(issuedApiKey);
-		copyMessage = 'Copied';
-	} catch {
-		copyMessage = 'Copy failed';
-	}
+	copyMessage = await copyTextSurface(
+		{
+			writeText: async (text) => {
+				if (typeof navigator === 'undefined' || !navigator.clipboard?.writeText) {
+					throw new Error('clipboard unavailable');
+				}
+				await navigator.clipboard.writeText(text);
+			},
+		},
+		issuedApiKey,
+	);
+}
+
+function currentBackgroundPollState() {
+	return {
+		runtimeSupported,
+		runtimeLifecycleEnabled,
+		runtimeVectorInstalling,
+		runtimeVectorPreflight,
+		runtimeVectorReindexing,
+		runtimeVectorIndex,
+		runtimeSummaryBatchRunning,
+		runtimeSummaryBatchStatus,
+		runtimeLifecycleStatus,
+	};
 }
 
 async function handleCreateCredential() {
@@ -1458,16 +1455,12 @@ $effect(() => {
 });
 
 $effect(() => {
-	const hasActiveBackgroundJob =
-		runtimeVectorInstalling ||
-		isVectorInstallRunning(runtimeVectorPreflight) ||
-		runtimeVectorReindexing ||
-		isVectorIndexRunning(runtimeVectorIndex) ||
-		runtimeSummaryBatchRunning ||
-		isSummaryBatchRunning(runtimeSummaryBatchStatus) ||
-		isLifecycleCleanupRunning(runtimeLifecycleStatus);
-	const shouldPoll = runtimeSupported && (hasActiveBackgroundJob || runtimeLifecycleEnabled);
-	if (!shouldPoll) {
+	const initialDelay = nextSettingsBackgroundPollDelay(
+		currentBackgroundPollState(),
+		BACKGROUND_JOB_POLL_INTERVAL_MS,
+		BACKGROUND_STATUS_POLL_INTERVAL_MS,
+	);
+	if (initialDelay == null) {
 		return;
 	}
 
@@ -1489,20 +1482,16 @@ $effect(() => {
 			await refreshLifecycleCleanupStatus(false);
 		}
 		if (cancelled) return;
-		timer = window.setTimeout(
-			poll,
-			hasActiveBackgroundJob
-				? BACKGROUND_JOB_POLL_INTERVAL_MS
-				: BACKGROUND_STATUS_POLL_INTERVAL_MS,
+		const nextDelay = nextSettingsBackgroundPollDelay(
+			currentBackgroundPollState(),
+			BACKGROUND_JOB_POLL_INTERVAL_MS,
+			BACKGROUND_STATUS_POLL_INTERVAL_MS,
 		);
+		if (nextDelay == null) return;
+		timer = window.setTimeout(poll, nextDelay);
 	};
 
-	timer = window.setTimeout(
-		poll,
-		hasActiveBackgroundJob
-			? BACKGROUND_JOB_POLL_INTERVAL_MS
-			: BACKGROUND_STATUS_POLL_INTERVAL_MS,
-	);
+	timer = window.setTimeout(poll, initialDelay);
 
 	return () => {
 		cancelled = true;
diff --git a/packages/ui/src/index.ts b/packages/ui/src/index.ts
index 5eb3341f..8bfba10e 100644
--- a/packages/ui/src/index.ts
+++ b/packages/ui/src/index.ts
@@ -107,9 +107,23 @@ export { formatDuration, formatTimestamp, getToolConfig, TOOL_CONFIGS } from './
 // Shared utilities
 export type { FileStats } from './utils';
 export { computeFileStats, formatFullDate, getDisplayTitle, stripTags } from './utils';
+export {
+	createShellModel,
+	createShellModelState,
+	type ShellModelState,
+} from './models/app-shell-model';
 export {
 	createSourcePreviewModel,
 	createSourcePreviewModelState,
 	type SourcePreviewLocation,
 	type SourcePreviewModelState,
 } from './models/source-preview-model';
+export {
+	copyTextSurface,
+	loadGitCredentialsState,
+	loadRuntimeSettingsState,
+	loadSettingsPageState,
+	nextSettingsBackgroundPollDelay,
+	type RuntimeSettingsLoadResult,
+	type SettingsPageLoadResult,
+} from './models/settings-model';
diff --git a/packages/ui/src/models/app-shell-model.test.ts b/packages/ui/src/models/app-shell-model.test.ts
new file mode 100644
index 00000000..b9fdfa76
--- /dev/null
+++ b/packages/ui/src/models/app-shell-model.test.ts
@@ -0,0 +1,106 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { ApiError } from '../api-internal/errors.ts';
+import { createShellModel, createShellModelState } from './app-shell-model.ts';
+
+test('shell model loads auth capabilities and user state', async () => {
+	const state = createShellModelState();
+	const model = createShellModel(state, {
+		getApiCapabilities: async () => ({ auth_enabled: true }),
+		verifyAuth: async () => true,
+		getSettings: async () => ({
+			user_id: 'user-1',
+			nickname: 'hwisoo',
+			email: 'hwisoo@example.test',
+			created_at: '2026-03-06T00:00:00Z',
+			oauth_providers: [],
+		}),
+		authLogout: async () => undefined,
+		isAuthenticated: () => true,
+		isDesktopRuntime: () => true,
+		takeLaunchRoute: async () => null,
+		getCurrentLocationPath: () => '/sessions',
+		startInterval: () => 1,
+		clearInterval: () => undefined,
+		navigate: () => undefined,
+	});
+
+	await model.loadCapabilities();
+	await model.loadUser();
+
+	assert.equal(state.desktopRuntime, true);
+	assert.equal(state.authEnabled, true);
+	assert.equal(state.hasLocalAuth, true);
+	assert.equal(state.user?.nickname, 'hwisoo');
+});
+
+test('shell model clears user state and logs out on unauthorized settings fetch', async () => {
+	const state = createShellModelState();
+	state.authEnabled = true;
+	let logoutCalls = 0;
+	const model = createShellModel(state, {
+		getApiCapabilities: async () => ({ auth_enabled: true }),
+		verifyAuth: async () => true,
+		getSettings: async () => {
+			throw new ApiError(401, '{"message":"unauthorized"}');
+		},
+		authLogout: async () => {
+			logoutCalls += 1;
+		},
+		isAuthenticated: () => true,
+		isDesktopRuntime: () => false,
+		takeLaunchRoute: async () => null,
+		getCurrentLocationPath: () => '/sessions',
+		startInterval: () => 1,
+		clearInterval: () => undefined,
+		navigate: () => undefined,
+	});
+
+	await model.loadUser();
+
+	assert.equal(state.user, null);
+	assert.equal(state.hasLocalAuth, false);
+	assert.equal(logoutCalls, 1);
+});
+
+test('shell model polls desktop launch route and navigates when it changes', async () => {
+	const state = createShellModelState();
+	let intervalCallback: (() => void) | null = null;
+	const navigations: string[] = [];
+	let nextRoute: string | null = '/session/next';
+	const model = createShellModel(state, {
+		getApiCapabilities: async () => ({ auth_enabled: false }),
+		verifyAuth: async () => false,
+		getSettings: async () => {
+			throw new Error('unused');
+		},
+		authLogout: async () => undefined,
+		isAuthenticated: () => false,
+		isDesktopRuntime: () => true,
+		takeLaunchRoute: async () => {
+			const route = nextRoute;
+			nextRoute = null;
+			return route;
+		},
+		getCurrentLocationPath: () => '/sessions',
+		startInterval: (callback) => {
+			intervalCallback = callback;
+			return 42;
+		},
+		clearInterval: () => undefined,
+		navigate: (path) => {
+			navigations.push(path);
+		},
+	});
+
+	const dispose = model.startLaunchRoutePolling();
+	await Promise.resolve();
+	await Promise.resolve();
+	assert.deepEqual(navigations, ['/session/next']);
+
+	intervalCallback?.();
+	await Promise.resolve();
+	assert.deepEqual(navigations, ['/session/next']);
+
+	dispose();
+});
diff --git a/packages/ui/src/models/app-shell-model.ts b/packages/ui/src/models/app-shell-model.ts
new file mode 100644
index 00000000..d2dac28e
--- /dev/null
+++ b/packages/ui/src/models/app-shell-model.ts
@@ -0,0 +1,209 @@
+import { ApiError } from '../api-internal/errors';
+import type { UserSettings } from '../types';
+
+export interface ShellModelState {
+	user: UserSettings | null;
+	paletteOpen: boolean;
+	paletteQuery: string;
+	paletteSelectionIndex: number;
+	helpOpen: boolean;
+	accountMenuOpen: boolean;
+	authEnabled: boolean;
+	hasLocalAuth: boolean;
+	desktopRuntime: boolean;
+}
+
+export interface ShellModelDeps {
+	getApiCapabilities: () => Promise<{ auth_enabled: boolean }>;
+	verifyAuth: () => Promise<boolean>;
+	getSettings: () => Promise<UserSettings>;
+	authLogout: () => Promise<void>;
+	isAuthenticated: () => boolean;
+	isDesktopRuntime: () => boolean;
+	takeLaunchRoute: () => Promise<string | null>;
+	getCurrentLocationPath: () => string;
+	startInterval: (callback: () => void, ms: number) => unknown;
+	clearInterval: (handle: unknown) => void;
+	navigate: (path: string) => void;
+}
+
+export function createShellModelState(): ShellModelState {
+	return {
+		user: null,
+		paletteOpen: false,
+		paletteQuery: '',
+		paletteSelectionIndex: 0,
+		helpOpen: false,
+		accountMenuOpen: false,
+		authEnabled: false,
+		hasLocalAuth: false,
+		desktopRuntime: false,
+	};
+}
+
+export function createShellModel(state: ShellModelState, deps: ShellModelDeps) {
+	let capabilityRequestId = 0;
+	let userRequestId = 0;
+
+	function clearAuthState() {
+		state.user = null;
+		state.hasLocalAuth = false;
+		state.accountMenuOpen = false;
+	}
+
+	async function loadCapabilities() {
+		const requestId = ++capabilityRequestId;
+		state.desktopRuntime = deps.isDesktopRuntime();
+		try {
+			const capabilities = await deps.getApiCapabilities();
+			if (requestId !== capabilityRequestId) return;
+			state.authEnabled = capabilities.auth_enabled;
+		} catch {
+			if (requestId !== capabilityRequestId) return;
+			state.authEnabled = false;
+		}
+	}
+
+	async function loadUser() {
+		const requestId = ++userRequestId;
+		if (!state.authEnabled) {
+			clearAuthState();
+			return;
+		}
+		if (!deps.isAuthenticated()) {
+			clearAuthState();
+			return;
+		}
+
+		try {
+			const verified = await deps.verifyAuth();
+			if (requestId !== userRequestId) return;
+			if (!verified) {
+				clearAuthState();
+				return;
+			}
+			const settings = await deps.getSettings();
+			if (requestId !== userRequestId) return;
+			state.user = settings;
+			state.hasLocalAuth = true;
+		} catch (error) {
+			if (requestId !== userRequestId) return;
+			clearAuthState();
+			if (error instanceof ApiError && (error.status === 401 || error.status === 403)) {
+				await deps.authLogout();
+			}
+		}
+	}
+
+	function resetMenusForPath() {
+		state.accountMenuOpen = false;
+	}
+
+	function openPalette() {
+		state.paletteOpen = true;
+		state.paletteQuery = '';
+		state.paletteSelectionIndex = 0;
+	}
+
+	function closePalette() {
+		state.paletteOpen = false;
+		state.paletteQuery = '';
+	}
+
+	function openHelp() {
+		state.helpOpen = true;
+	}
+
+	function closeHelp() {
+		state.helpOpen = false;
+	}
+
+	function closeAccountMenu() {
+		state.accountMenuOpen = false;
+	}
+
+	function toggleAccountMenu() {
+		state.accountMenuOpen = !state.accountMenuOpen;
+	}
+
+	function resetPaletteSelection() {
+		state.paletteSelectionIndex = 0;
+	}
+
+	function clampPaletteSelection(maxIndex: number) {
+		if (maxIndex < 0) {
+			state.paletteSelectionIndex = 0;
+			return;
+		}
+		if (state.paletteSelectionIndex > maxIndex) {
+			state.paletteSelectionIndex = maxIndex;
+		}
+	}
+
+	function movePaletteSelection(direction: 1 | -1, visibleCount: number) {
+		if (visibleCount <= 0) return;
+		state.paletteSelectionIndex =
+			(state.paletteSelectionIndex + direction + visibleCount) % visibleCount;
+	}
+
+	async function signOut() {
+		closeAccountMenu();
+		await deps.authLogout();
+		clearAuthState();
+		deps.navigate('/sessions');
+	}
+
+	function startLaunchRoutePolling() {
+		let cancelled = false;
+		let commandSupported = true;
+		let timer: unknown;
+
+		const stop = () => {
+			if (timer !== undefined) {
+				deps.clearInterval(timer);
+				timer = undefined;
+			}
+		};
+
+		const poll = async () => {
+			if (cancelled || !commandSupported) return;
+			try {
+				const maybeRoute = await deps.takeLaunchRoute();
+				if (typeof maybeRoute !== 'string') return;
+				const nextPath = maybeRoute.trim();
+				if (!nextPath || nextPath === deps.getCurrentLocationPath()) return;
+				deps.navigate(nextPath);
+			} catch {
+				commandSupported = false;
+				stop();
+			}
+		};
+
+		void poll();
+		timer = deps.startInterval(() => {
+			void poll();
+		}, 1200);
+
+		return () => {
+			cancelled = true;
+			stop();
+		};
+	}
+
+	return {
+		loadCapabilities,
+		loadUser,
+		resetMenusForPath,
+		openPalette,
+		closePalette,
+		openHelp,
+		closeHelp,
+		closeAccountMenu,
+		toggleAccountMenu,
+		resetPaletteSelection,
+		clampPaletteSelection,
+		movePaletteSelection,
+		signOut,
+		startLaunchRoutePolling,
+	};
+}
diff --git a/packages/ui/src/models/settings-model.test.ts b/packages/ui/src/models/settings-model.test.ts
new file mode 100644
index 00000000..57e3cb72
--- /dev/null
+++ b/packages/ui/src/models/settings-model.test.ts
@@ -0,0 +1,78 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import { ApiError } from '../api-internal/errors.ts';
+import {
+	copyTextSurface,
+	loadRuntimeSettingsState,
+	loadSettingsPageState,
+	nextSettingsBackgroundPollDelay,
+} from './settings-model.ts';
+
+test('settings page loader marks auth as required when local auth token is missing', async () => {
+	const result = await loadSettingsPageState({
+		getApiCapabilities: async () => ({ auth_enabled: true }),
+		isAuthenticated: () => false,
+		getSettings: async () => {
+			throw new Error('unused');
+		},
+		listGitCredentials: async () => {
+			throw new Error('unused');
+		},
+	});
+
+	assert.equal(result.authApiEnabled, true);
+	assert.equal(result.authRequired, true);
+	assert.equal(result.settings, null);
+});
+
+test('runtime settings loader treats desktop 501 as unsupported, not fatal', async () => {
+	const result = await loadRuntimeSettingsState({
+		getRuntimeSettings: async () => {
+			throw new ApiError(501, '{"message":"unsupported"}');
+		},
+		getLifecycleCleanupStatus: async () => {
+			throw new Error('unused');
+		},
+		getSummaryBatchStatus: async () => {
+			throw new Error('unused');
+		},
+		vectorPreflight: async () => {
+			throw new Error('unused');
+		},
+		vectorIndexStatus: async () => {
+			throw new Error('unused');
+		},
+	});
+
+	assert.equal(result.runtimeSupported, false);
+	assert.equal(result.runtimeError, null);
+});
+
+test('settings background poll delay uses fast interval for active jobs', () => {
+	const delay = nextSettingsBackgroundPollDelay({
+		runtimeSupported: true,
+		runtimeLifecycleEnabled: true,
+		runtimeVectorInstalling: false,
+		runtimeVectorPreflight: null,
+		runtimeVectorReindexing: true,
+		runtimeVectorIndex: null,
+		runtimeSummaryBatchRunning: false,
+		runtimeSummaryBatchStatus: null,
+		runtimeLifecycleStatus: null,
+	});
+
+	assert.equal(delay, 1000);
+});
+
+test('copy text surface reports clipboard failure without throwing', async () => {
+	const result = await copyTextSurface(
+		{
+			writeText: async () => {
+				throw new Error('clipboard unavailable');
+			},
+		},
+		'osk_test_key',
+	);
+
+	assert.equal(result, 'Copy failed');
+});
diff --git a/packages/ui/src/models/settings-model.ts b/packages/ui/src/models/settings-model.ts
new file mode 100644
index 00000000..5613c3db
--- /dev/null
+++ b/packages/ui/src/models/settings-model.ts
@@ -0,0 +1,332 @@
+import { ApiError } from '../api-internal/errors';
+import type {
+	DesktopLifecycleCleanupStatusResponse,
+	DesktopRuntimeSettingsResponse,
+	DesktopSummaryBatchStatusResponse,
+	DesktopVectorIndexStatusResponse,
+	DesktopVectorPreflightResponse,
+	GitCredentialSummary,
+	UserSettings,
+} from '../types';
+
+export interface SettingsPageLoadDeps {
+	getApiCapabilities: () => Promise<{ auth_enabled: boolean }>;
+	isAuthenticated: () => boolean;
+	getSettings: () => Promise<UserSettings>;
+	listGitCredentials: () => Promise<GitCredentialSummary[]>;
+}
+
+export interface SettingsPageLoadResult {
+	authApiEnabled: boolean;
+	authRequired: boolean;
+	settings: UserSettings | null;
+	error: string | null;
+	credentials: GitCredentialSummary[];
+	credentialsLoading: boolean;
+	credentialsError: string | null;
+	credentialsSupported: boolean;
+}
+
+export interface RuntimeSettingsLoadDeps {
+	getRuntimeSettings: () => Promise<DesktopRuntimeSettingsResponse>;
+	getLifecycleCleanupStatus: () => Promise<DesktopLifecycleCleanupStatusResponse>;
+	getSummaryBatchStatus: () => Promise<DesktopSummaryBatchStatusResponse>;
+	vectorPreflight: () => Promise<DesktopVectorPreflightResponse>;
+	vectorIndexStatus: () => Promise<DesktopVectorIndexStatusResponse>;
+}
+
+export interface RuntimeSettingsLoadResult {
+	runtimeSettings: DesktopRuntimeSettingsResponse | null;
+	runtimeSupported: boolean;
+	runtimeError: string | null;
+	runtimeVectorError: string | null;
+	runtimeLifecycleStatus: DesktopLifecycleCleanupStatusResponse | null;
+	runtimeSummaryBatchStatus: DesktopSummaryBatchStatusResponse | null;
+	runtimeVectorPreflight: DesktopVectorPreflightResponse | null;
+	runtimeVectorIndex: DesktopVectorIndexStatusResponse | null;
+	runtimeVectorInstalling: boolean;
+	runtimeVectorReindexing: boolean;
+	runtimeSummaryBatchRunning: boolean;
+}
+
+export interface SettingsBackgroundPollState {
+	runtimeSupported: boolean;
+	runtimeLifecycleEnabled: boolean;
+	runtimeVectorInstalling: boolean;
+	runtimeVectorPreflight: DesktopVectorPreflightResponse | null;
+	runtimeVectorReindexing: boolean;
+	runtimeVectorIndex: DesktopVectorIndexStatusResponse | null;
+	runtimeSummaryBatchRunning: boolean;
+	runtimeSummaryBatchStatus: DesktopSummaryBatchStatusResponse | null;
+	runtimeLifecycleStatus: DesktopLifecycleCleanupStatusResponse | null;
+}
+
+export interface CopyTextDeps {
+	writeText: (text: string) => Promise<void>;
+}
+
+function isVectorInstallRunning(status: DesktopVectorPreflightResponse | null): boolean {
+	return status?.install_state === 'installing';
+}
+
+function isVectorIndexRunning(status: DesktopVectorIndexStatusResponse | null): boolean {
+	return status?.state === 'running';
+}
+
+function isSummaryBatchRunning(status: DesktopSummaryBatchStatusResponse | null): boolean {
+	return status?.state === 'running';
+}
+
+function normalizeError(error: unknown, fallback: string): string {
+	if (error instanceof ApiError) return error.message || fallback;
+	if (error instanceof Error) return error.message || fallback;
+	return fallback;
+}
+
+function apiDetailString(
+	details: Record<string, unknown> | null | undefined,
+	key: string,
+): string | null {
+	const value = details?.[key];
+	return typeof value === 'string' && value.trim() ? value.trim() : null;
+}
+
+function apiDetailNumber(
+	details: Record<string, unknown> | null | undefined,
+	key: string,
+): number | null {
+	const value = details?.[key];
+	return typeof value === 'number' && Number.isFinite(value) ? value : null;
+}
+
+function normalizeVectorError(error: unknown, fallback: string): string {
+	if (error instanceof ApiError) {
+		const message = error.message || fallback;
+		const hint = apiDetailString(error.details, 'hint');
+		const endpoint = apiDetailString(error.details, 'endpoint');
+		const reason = apiDetailString(error.details, 'reason');
+		const model = apiDetailString(error.details, 'model');
+		const status = apiDetailNumber(error.details, 'status');
+		const batchReason = apiDetailString(error.details, 'batch_reason');
+		const batchEndpoint = apiDetailString(error.details, 'batch_endpoint');
+		const batchStatus = apiDetailNumber(error.details, 'batch_status');
+		const lines = [message];
+		if (reason) lines.push(`Reason: ${reason}`);
+		if (status != null) lines.push(`HTTP: ${status}`);
+		if (batchReason) lines.push(`Batch reason: ${batchReason}`);
+		if (batchStatus != null) lines.push(`Batch HTTP: ${batchStatus}`);
+		if (hint) lines.push(`Action: ${hint}`);
+		if (model) lines.push(`Model: ${model}`);
+		if (endpoint) lines.push(`Endpoint: ${endpoint}`);
+		if (batchEndpoint) lines.push(`Batch endpoint: ${batchEndpoint}`);
+		return lines.join('\n');
+	}
+	return normalizeError(error, fallback);
+}
+
+export async function loadGitCredentialsState(
+	deps: Pick<SettingsPageLoadDeps, 'listGitCredentials'>,
+): Promise<{
+	credentials: GitCredentialSummary[];
+	credentialsLoading: boolean;
+	credentialsError: string | null;
+	credentialsSupported: boolean;
+}> {
+	try {
+		return {
+			credentials: await deps.listGitCredentials(),
+			credentialsLoading: false,
+			credentialsError: null,
+			credentialsSupported: true,
+		};
+	} catch (error) {
+		if (error instanceof ApiError && error.status === 404) {
+			return {
+				credentials: [],
+				credentialsLoading: false,
+				credentialsError: null,
+				credentialsSupported: false,
+			};
+		}
+		return {
+			credentials: [],
+			credentialsLoading: false,
+			credentialsError: normalizeError(error, 'Failed to load git credentials'),
+			credentialsSupported: true,
+		};
+	}
+}
+
+export async function loadSettingsPageState(
+	deps: SettingsPageLoadDeps,
+): Promise<SettingsPageLoadResult> {
+	let authApiEnabled = false;
+	try {
+		authApiEnabled = (await deps.getApiCapabilities()).auth_enabled;
+	} catch {
+		authApiEnabled = false;
+	}
+
+	if (!authApiEnabled) {
+		return {
+			authApiEnabled,
+			authRequired: false,
+			settings: null,
+			error: null,
+			credentials: [],
+			credentialsLoading: false,
+			credentialsError: null,
+			credentialsSupported: true,
+		};
+	}
+
+	if (!deps.isAuthenticated()) {
+		return {
+			authApiEnabled,
+			authRequired: true,
+			settings: null,
+			error: null,
+			credentials: [],
+			credentialsLoading: false,
+			credentialsError: null,
+			credentialsSupported: true,
+		};
+	}
+
+	try {
+		const settings = await deps.getSettings();
+		const credentialsState = await loadGitCredentialsState(deps);
+		return {
+			authApiEnabled,
+			authRequired: false,
+			settings,
+			error: null,
+			...credentialsState,
+		};
+	} catch (error) {
+		return {
+			authApiEnabled,
+			authRequired: error instanceof ApiError && (error.status === 401 || error.status === 403),
+			settings: null,
+			error:
+				error instanceof ApiError && (error.status === 401 || error.status === 403)
+					? null
+					: normalizeError(error, 'Failed to load settings'),
+			credentials: [],
+			credentialsLoading: false,
+			credentialsError: null,
+			credentialsSupported: true,
+		};
+	}
+}
+
+export async function loadRuntimeSettingsState(
+	deps: RuntimeSettingsLoadDeps,
+): Promise<RuntimeSettingsLoadResult> {
+	try {
+		const runtimeSettings = await deps.getRuntimeSettings();
+		const [lifecycleResult, summaryBatchResult, vectorPreflightResult, vectorIndexResult] =
+			await Promise.allSettled([
+				deps.getLifecycleCleanupStatus(),
+				deps.getSummaryBatchStatus(),
+				deps.vectorPreflight(),
+				deps.vectorIndexStatus(),
+			]);
+
+		const runtimeLifecycleStatus =
+			lifecycleResult.status === 'fulfilled' ? lifecycleResult.value : null;
+		const runtimeSummaryBatchStatus =
+			summaryBatchResult.status === 'fulfilled' ? summaryBatchResult.value : null;
+		const runtimeVectorPreflight =
+			vectorPreflightResult.status === 'fulfilled' ? vectorPreflightResult.value : null;
+		const runtimeVectorIndex =
+			vectorIndexResult.status === 'fulfilled' ? vectorIndexResult.value : null;
+
+		const errors = [
+			lifecycleResult.status === 'rejected'
+				? normalizeError(lifecycleResult.reason, 'Failed to fetch lifecycle cleanup status')
+				: null,
+			summaryBatchResult.status === 'rejected'
+				? normalizeError(summaryBatchResult.reason, 'Failed to fetch summary batch status')
+				: null,
+		].filter((value): value is string => value != null);
+
+		return {
+			runtimeSettings,
+			runtimeSupported: true,
+			runtimeError: errors[0] ?? null,
+			runtimeVectorError:
+				vectorPreflightResult.status === 'rejected'
+					? normalizeVectorError(
+							vectorPreflightResult.reason,
+							'Failed to fetch vector model status',
+					  )
+					: vectorIndexResult.status === 'rejected'
+						? normalizeVectorError(
+								vectorIndexResult.reason,
+								'Failed to fetch vector index status',
+						  )
+						: null,
+			runtimeLifecycleStatus,
+			runtimeSummaryBatchStatus,
+			runtimeVectorPreflight,
+			runtimeVectorIndex,
+			runtimeVectorInstalling: isVectorInstallRunning(runtimeVectorPreflight),
+			runtimeVectorReindexing: isVectorIndexRunning(runtimeVectorIndex),
+			runtimeSummaryBatchRunning: isSummaryBatchRunning(runtimeSummaryBatchStatus),
+		};
+	} catch (error) {
+		return {
+			runtimeSettings: null,
+			runtimeSupported: !(error instanceof ApiError && error.status === 501),
+			runtimeError:
+				error instanceof ApiError && error.status === 501
+					? null
+					: normalizeError(error, 'Failed to load runtime settings'),
+			runtimeVectorError: null,
+			runtimeLifecycleStatus: null,
+			runtimeSummaryBatchStatus: null,
+			runtimeVectorPreflight: null,
+			runtimeVectorIndex: null,
+			runtimeVectorInstalling: false,
+			runtimeVectorReindexing: false,
+			runtimeSummaryBatchRunning: false,
+		};
+	}
+}
+
+export function hasActiveSettingsBackgroundJob(state: SettingsBackgroundPollState): boolean {
+	return (
+		state.runtimeVectorInstalling ||
+		isVectorInstallRunning(state.runtimeVectorPreflight) ||
+		state.runtimeVectorReindexing ||
+		isVectorIndexRunning(state.runtimeVectorIndex) ||
+		state.runtimeSummaryBatchRunning ||
+		isSummaryBatchRunning(state.runtimeSummaryBatchStatus) ||
+		state.runtimeLifecycleStatus?.state === 'running'
+	);
+}
+
+export function nextSettingsBackgroundPollDelay(
+	state: SettingsBackgroundPollState,
+	activeIntervalMs = 1000,
+	statusIntervalMs = 5000,
+): number | null {
+	if (!state.runtimeSupported) return null;
+	const hasActiveJob = hasActiveSettingsBackgroundJob(state);
+	if (!hasActiveJob && !state.runtimeLifecycleEnabled) return null;
+	return hasActiveJob ? activeIntervalMs : statusIntervalMs;
+}
+
+export async function copyTextSurface(
+	deps: CopyTextDeps,
+	text: string | null | undefined,
+): Promise<string> {
+	if (!text) return 'Copy failed';
+	try {
+		await deps.writeText(text);
+		return 'Copied';
+	} catch {
+		return 'Copy failed';
+	}
+}

From f885cb740a905da39569bc3125f0abb09fd3c0f0 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 16:08:07 +0900
Subject: [PATCH 03/30] adopt rust 2024 workspace defaults

---
 Cargo.toml                                    |   9 +-
 crates/api-client/Cargo.toml                  |   1 +
 crates/api-client/src/client.rs               |   2 +-
 crates/api/Cargo.toml                         |   1 +
 crates/api/src/crypto.rs                      |  13 +-
 crates/api/src/oauth.rs                       |   2 +-
 crates/cli/Cargo.toml                         |   1 +
 crates/cli/src/cleanup_cmd.rs                 |   2 +-
 crates/cli/src/config_cmd.rs                  |   2 +-
 crates/cli/src/handoff_v1.rs                  |   8 +-
 crates/cli/src/hooks.rs                       |  46 ++--
 crates/cli/src/inspect.rs                     |   2 +-
 crates/cli/src/open_target.rs                 |   4 +-
 crates/cli/src/parse_cmd.rs                   |   2 +-
 crates/cli/src/register.rs                    |   4 +-
 crates/cli/src/review.rs                      |  13 +-
 crates/cli/src/setup_cmd.rs                   |  34 ++-
 crates/cli/src/share.rs                       |   8 +-
 crates/cli/src/summary_cmd.rs                 |   6 +-
 crates/cli/src/url_opener.rs                  |   4 +-
 crates/cli/src/view.rs                        |   6 +-
 crates/cli/tests/handoff_cli.rs               |  12 +-
 crates/core/Cargo.toml                        |   1 +
 crates/core/src/agent_metrics.rs              |  16 +-
 crates/core/src/handoff.rs                    | 235 ++++++++++--------
 crates/core/src/jsonl.rs                      |   2 +-
 crates/core/src/sanitize.rs                   |   8 +-
 crates/core/src/scoring.rs                    |   4 +-
 crates/core/src/session.rs                    |   4 +-
 crates/core/src/source_uri.rs                 |   2 +-
 crates/core/src/validate.rs                   |  28 ++-
 crates/daemon/Cargo.toml                      |   1 +
 crates/daemon/src/config.rs                   |   4 +-
 crates/daemon/src/hooks.rs                    |  34 +--
 crates/daemon/src/main.rs                     |   2 +-
 crates/daemon/src/scheduler.rs                |  49 ++--
 crates/e2e/Cargo.toml                         |   1 +
 crates/e2e/src/runner.rs                      |   8 +-
 crates/e2e/src/specs/health.rs                |   2 +-
 crates/e2e/src/specs/sessions.rs              |   2 +-
 crates/e2e/tests/common.rs                    |  20 +-
 crates/e2e/tests/environment.rs               |   8 +
 crates/e2e/tests/server.rs                    |  26 +-
 crates/e2e/tests/worker.rs                    |  26 +-
 crates/git-native/Cargo.toml                  |   1 +
 .../git-native/src/handoff_artifact_store.rs  |   4 +-
 crates/git-native/src/lib.rs                  |   6 +-
 crates/git-native/src/ops.rs                  |   8 +-
 crates/git-native/src/refs.rs                 |   2 +-
 crates/git-native/src/store.rs                |  44 ++--
 crates/local-db/Cargo.toml                    |   1 +
 crates/local-db/src/lib.rs                    |  48 ++--
 crates/parsers/Cargo.toml                     |   1 +
 crates/parsers/src/amp.rs                     |   2 +-
 crates/parsers/src/claude_code/mod.rs         |   2 +-
 crates/parsers/src/claude_code/parse.rs       |  44 ++--
 crates/parsers/src/claude_code/transform.rs   |   2 +-
 crates/parsers/src/cline.rs                   |   6 +-
 crates/parsers/src/codex.rs                   |   6 +-
 crates/parsers/src/common.rs                  |   7 +-
 crates/parsers/src/cursor/parse.rs            |  14 +-
 crates/parsers/src/discover.rs                |  50 ++--
 crates/parsers/src/gemini.rs                  |  22 +-
 crates/parsers/src/incremental.rs             |   2 +-
 crates/parsers/src/ingest.rs                  |  12 +-
 crates/parsers/src/opencode.rs                |  22 +-
 crates/parsers/tests/claude_code_team.rs      |   6 +-
 crates/parsers/tests/parser_conformance.rs    |  44 ++--
 crates/runtime-config/Cargo.toml              |   1 +
 crates/server/Cargo.toml                      |   1 +
 crates/server/src/app_config.rs               |  20 +-
 crates/server/src/error.rs                    |   2 +-
 crates/server/src/main.rs                     |   4 +-
 crates/server/src/routes/admin.rs             |   8 +-
 crates/server/src/routes/auth.rs              |  20 +-
 crates/server/src/routes/capabilities.rs      |   2 +-
 crates/server/src/routes/docs.rs              |   2 +-
 crates/server/src/routes/ingest.rs            |   8 +-
 crates/server/src/routes/oauth.rs             |  11 +-
 crates/server/src/routes/review.rs            |   4 +-
 crates/server/src/routes/sessions.rs          |  14 +-
 crates/server/src/storage.rs                  |   2 +-
 crates/summary/Cargo.toml                     |   1 +
 crates/summary/src/git.rs                     |  36 +--
 crates/summary/src/lib.rs                     |  12 +-
 crates/summary/src/prompt.rs                  |   4 +-
 crates/summary/src/provider.rs                |   4 +-
 crates/worker/Cargo.toml                      |   7 +-
 crates/worker/src/routes/auth.rs              |  34 +--
 crates/worker/src/routes/parse.rs             |  19 +-
 crates/worker/src/routes/sessions.rs          |   3 +-
 crates/worker/src/storage.rs                  |   4 +-
 desktop/src-tauri/Cargo.toml                  |  13 +-
 desktop/src-tauri/src/app/session_query.rs    |   2 +-
 desktop/src-tauri/src/main.rs                 | 190 ++++++++------
 95 files changed, 836 insertions(+), 613 deletions(-)
 create mode 100644 crates/e2e/tests/environment.rs

diff --git a/Cargo.toml b/Cargo.toml
index e44400c4..61393c05 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace]
-resolver = "2"
+resolver = "3"
 members = [
     "crates/core",
     "crates/runtime-config",
@@ -31,15 +31,18 @@ exclude = ["crates/worker"]
 
 [workspace.lints.clippy]
 all = { level = "warn", priority = -1 }
-collapsible_if = "warn"
+collapsible_else_if = "allow"
+collapsible_if = "allow"
 empty_line_after_doc_comments = "warn"
+field_reassign_with_default = "allow"
 needless_return = "warn"
 redundant_closure = "warn"
 single_match = "warn"
 
 [workspace.package]
 version = "0.2.34"
-edition = "2021"
+edition = "2024"
+rust-version = "1.93"
 license = "MIT"
 repository = "https://github.com/hwisu/opensession"
 homepage = "https://opensession.io"
diff --git a/crates/api-client/Cargo.toml b/crates/api-client/Cargo.toml
index 47ad1e42..9caf0ace 100644
--- a/crates/api-client/Cargo.toml
+++ b/crates/api-client/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-api-client"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Typed HTTP client for the OpenSession API"
diff --git a/crates/api-client/src/client.rs b/crates/api-client/src/client.rs
index adfcc640..21649eae 100644
--- a/crates/api-client/src/client.rs
+++ b/crates/api-client/src/client.rs
@@ -1,6 +1,6 @@
 use std::time::Duration;
 
-use anyhow::{bail, Result};
+use anyhow::{Result, bail};
 use serde::Serialize;
 
 use opensession_api::*;
diff --git a/crates/api/Cargo.toml b/crates/api/Cargo.toml
index 838b47d5..b2502604 100644
--- a/crates/api/Cargo.toml
+++ b/crates/api/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-api"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Shared API types, crypto, and SQL builders for opensession.io"
diff --git a/crates/api/src/crypto.rs b/crates/api/src/crypto.rs
index c3229f08..7d05bdc8 100644
--- a/crates/api/src/crypto.rs
+++ b/crates/api/src/crypto.rs
@@ -5,10 +5,10 @@
 //!
 //! Uses pure Rust crates (wasm-compatible, no WebCrypto interop needed).
 
-use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine};
+use base64::{Engine, engine::general_purpose::URL_SAFE_NO_PAD};
 use chacha20poly1305::{
-    aead::{Aead, KeyInit},
     XChaCha20Poly1305, XNonce,
+    aead::{Aead, KeyInit},
 };
 use hmac::{Hmac, Mac};
 use pbkdf2::pbkdf2_hmac;
@@ -333,7 +333,7 @@ fn constant_time_eq(lhs: &[u8], rhs: &[u8]) -> bool {
 
 #[cfg(test)]
 mod tests {
-    use super::{constant_time_eq, CredentialKeyring};
+    use super::{CredentialKeyring, constant_time_eq};
 
     #[test]
     fn credential_keyring_round_trip_encrypt_decrypt() {
@@ -354,9 +354,10 @@ mod tests {
             "k1:00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff",
         )
         .expect_err("missing active key should fail");
-        assert!(err
-            .message()
-            .contains("active credential key id `missing` is missing"));
+        assert!(
+            err.message()
+                .contains("active credential key id `missing` is missing")
+        );
     }
 
     #[test]
diff --git a/crates/api/src/oauth.rs b/crates/api/src/oauth.rs
index 6637c1e5..776c30f9 100644
--- a/crates/api/src/oauth.rs
+++ b/crates/api/src/oauth.rs
@@ -252,7 +252,7 @@ pub fn extract_user_info(
             return Err(ServiceError::Internal(format!(
                 "OAuth userinfo missing '{}' field",
                 config.field_map.id
-            )))
+            )));
         }
     };
 
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 2a451043..0ed79950 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "CLI for opensession.io - discover, upload, and manage AI coding sessions"
diff --git a/crates/cli/src/cleanup_cmd.rs b/crates/cli/src/cleanup_cmd.rs
index b349a0e5..20d8513c 100644
--- a/crates/cli/src/cleanup_cmd.rs
+++ b/crates/cli/src/cleanup_cmd.rs
@@ -1,5 +1,5 @@
 use crate::user_guidance::guided_error;
-use anyhow::{anyhow, bail, Context, Result};
+use anyhow::{Context, Result, anyhow, bail};
 use clap::{Args, Subcommand, ValueEnum};
 use opensession_git_native::ops::find_repo_root;
 use serde::{Deserialize, Serialize};
diff --git a/crates/cli/src/config_cmd.rs b/crates/cli/src/config_cmd.rs
index 39df9a42..c3dc42c1 100644
--- a/crates/cli/src/config_cmd.rs
+++ b/crates/cli/src/config_cmd.rs
@@ -425,7 +425,7 @@ fn normalize_base_url(value: &str) -> Result<String> {
 
 #[cfg(test)]
 mod tests {
-    use super::{normalize_base_url, RepoConfig};
+    use super::{RepoConfig, normalize_base_url};
 
     #[test]
     fn default_repo_config_has_base_url() {
diff --git a/crates/cli/src/handoff_v1.rs b/crates/cli/src/handoff_v1.rs
index 0734f3ff..bfc5625f 100644
--- a/crates/cli/src/handoff_v1.rs
+++ b/crates/cli/src/handoff_v1.rs
@@ -1,12 +1,12 @@
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 use clap::{Args, Subcommand, ValueEnum};
-use opensession_core::handoff::{validate_handoff_summaries, HandoffSummary};
+use opensession_core::Session;
+use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
 use opensession_core::object_store::{
     find_repo_root, global_store_root, read_local_object_from_uri, sha256_hex, store_local_object,
 };
 use opensession_core::source_uri::SourceUri;
 use opensession_core::validate::validate_session;
-use opensession_core::Session;
 use opensession_local_db::{LocalDb, LocalSessionFilter};
 use serde::{Deserialize, Serialize};
 use std::collections::{BTreeMap, BTreeSet};
@@ -644,8 +644,8 @@ fn is_hash(value: &str) -> bool {
 #[cfg(test)]
 mod tests {
     use super::{canonicalize_summaries, is_hash, validate_alias};
-    use opensession_core::testing;
     use opensession_core::Session;
+    use opensession_core::testing;
 
     #[test]
     fn hash_validator_accepts_sha256() {
diff --git a/crates/cli/src/hooks.rs b/crates/cli/src/hooks.rs
index 7bfc5579..3b847fcc 100644
--- a/crates/cli/src/hooks.rs
+++ b/crates/cli/src/hooks.rs
@@ -3,7 +3,7 @@
 use std::path::{Path, PathBuf};
 use std::process::Command;
 
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 
 /// Git hook types managed by opensession.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -557,16 +557,18 @@ pub fn scan_for_secrets(content: &str) -> Vec<SecretMatch> {
 
     for (line_number, line) in content.lines().enumerate() {
         for (name, pattern) in &patterns {
-            if let Ok(re) = regex::Regex::new(pattern) {
-                if re.is_match(line) {
-                    // Redact the matched portion
-                    let redacted = re.replace_all(line, "[REDACTED]").to_string();
-                    matches.push(SecretMatch {
-                        pattern_name: name.to_string(),
-                        line_number: line_number + 1,
-                        context: redacted,
-                    });
-                }
+            let re = match regex::Regex::new(pattern) {
+                Ok(re) => re,
+                Err(_) => continue,
+            };
+            if re.is_match(line) {
+                // Redact the matched portion
+                let redacted = re.replace_all(line, "[REDACTED]").to_string();
+                matches.push(SecretMatch {
+                    pattern_name: name.to_string(),
+                    line_number: line_number + 1,
+                    context: redacted,
+                });
             }
         }
     }
@@ -734,11 +736,13 @@ mod tests {
         assert_eq!(report.len(), 1);
         assert_eq!(report[0].action, HookInstallAction::BackupAndReplace);
         assert!(report[0].backup_created);
-        assert!(report[0]
-            .backup_path
-            .as_ref()
-            .expect("backup path")
-            .exists());
+        assert!(
+            report[0]
+                .backup_path
+                .as_ref()
+                .expect("backup path")
+                .exists()
+        );
     }
 
     #[test]
@@ -827,10 +831,12 @@ mod tests {
         let dir = TempDir::new().unwrap();
         let result = install_hooks(dir.path(), HookType::all());
         assert!(result.is_err());
-        assert!(result
-            .unwrap_err()
-            .to_string()
-            .contains("Not a git repository"));
+        assert!(
+            result
+                .unwrap_err()
+                .to_string()
+                .contains("Not a git repository")
+        );
     }
 
     #[test]
diff --git a/crates/cli/src/inspect.rs b/crates/cli/src/inspect.rs
index 1db1a2d7..7fc54500 100644
--- a/crates/cli/src/inspect.rs
+++ b/crates/cli/src/inspect.rs
@@ -1,9 +1,9 @@
 use crate::handoff_v1::{load_artifact_by_hash, resolve_artifact_hash};
 use anyhow::{Context, Result};
 use clap::Args;
+use opensession_core::Session;
 use opensession_core::object_store::read_local_object_from_uri;
 use opensession_core::source_uri::SourceUri;
-use opensession_core::Session;
 
 #[derive(Debug, Clone, Args)]
 pub struct InspectArgs {
diff --git a/crates/cli/src/open_target.rs b/crates/cli/src/open_target.rs
index 528e0f22..78ae0e6c 100644
--- a/crates/cli/src/open_target.rs
+++ b/crates/cli/src/open_target.rs
@@ -1,4 +1,4 @@
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 use clap::ValueEnum;
 use std::path::Path;
 use std::process::Command;
@@ -71,7 +71,7 @@ pub fn write_repo_open_target(repo_root: &Path, target: OpenTarget) -> Result<()
 
 #[cfg(test)]
 mod tests {
-    use super::{read_repo_open_target, write_repo_open_target, OpenTarget};
+    use super::{OpenTarget, read_repo_open_target, write_repo_open_target};
     use std::process::Command;
 
     #[test]
diff --git a/crates/cli/src/parse_cmd.rs b/crates/cli/src/parse_cmd.rs
index 169e42d4..96f38176 100644
--- a/crates/cli/src/parse_cmd.rs
+++ b/crates/cli/src/parse_cmd.rs
@@ -2,7 +2,7 @@ use crate::user_guidance::guided_error;
 use anyhow::{Context, Result};
 use clap::Args;
 use opensession_core::validate::validate_session;
-use opensession_parsers::ingest::{preview_parse_bytes, ParseError};
+use opensession_parsers::ingest::{ParseError, preview_parse_bytes};
 use std::path::PathBuf;
 
 #[derive(Debug, Clone, Args)]
diff --git a/crates/cli/src/register.rs b/crates/cli/src/register.rs
index 43c2679f..ae7ca649 100644
--- a/crates/cli/src/register.rs
+++ b/crates/cli/src/register.rs
@@ -1,8 +1,8 @@
 use crate::user_guidance::{guided_error, guided_error_with_doc};
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 use clap::Args;
-use opensession_core::object_store::store_local_object;
 use opensession_core::Session;
+use opensession_core::object_store::store_local_object;
 use std::path::PathBuf;
 
 #[derive(Debug, Clone, Args)]
diff --git a/crates/cli/src/review.rs b/crates/cli/src/review.rs
index a5f62c86..4e27df25 100644
--- a/crates/cli/src/review.rs
+++ b/crates/cli/src/review.rs
@@ -1,5 +1,5 @@
 use crate::url_opener::open_url_for_repo;
-use anyhow::{anyhow, bail, Context, Result};
+use anyhow::{Context, Result, anyhow, bail};
 use clap::{Args, ValueEnum};
 use opensession_api::{
     LocalReviewBundle, LocalReviewCommit, LocalReviewLayerFileChange, LocalReviewPrMeta,
@@ -8,7 +8,7 @@ use opensession_api::{
 };
 use opensession_core::{ContentBlock, EventType, Session};
 use opensession_runtime_config::SummarySettings;
-use opensession_summary::{summarize_git_commit, SemanticSummaryArtifact};
+use opensession_summary::{SemanticSummaryArtifact, summarize_git_commit};
 use reqwest::Url;
 use serde::Deserialize;
 use std::collections::{BTreeSet, HashMap, HashSet, VecDeque};
@@ -1008,7 +1008,8 @@ async fn endpoint_ok(url: &str) -> bool {
         Err(_) => return false,
     };
 
-    match client.get(url).send().await {
+    let response = client.get(url).send().await;
+    match response {
         Ok(response) => response.status().is_success(),
         Err(_) => false,
     }
@@ -1082,9 +1083,9 @@ fn run_git(repo_root: &Path, args: &[String]) -> Result<()> {
 #[cfg(test)]
 mod tests {
     use super::{
-        build_review_id, build_reviewer_digest_for_commit, parse_github_pr_url,
-        parse_remote_repo_triplet, refresh_remote_head_fetch_args, resolve_view_mode,
-        sanitize_path_component, sanitize_review_id_component, GithubPrSpec, ReviewView,
+        GithubPrSpec, ReviewView, build_review_id, build_reviewer_digest_for_commit,
+        parse_github_pr_url, parse_remote_repo_triplet, refresh_remote_head_fetch_args,
+        resolve_view_mode, sanitize_path_component, sanitize_review_id_component,
     };
     use opensession_api::LocalReviewSession;
     use opensession_core::{Agent, Content, Event, EventType, Session};
diff --git a/crates/cli/src/setup_cmd.rs b/crates/cli/src/setup_cmd.rs
index ba65000b..1e710db1 100644
--- a/crates/cli/src/setup_cmd.rs
+++ b/crates/cli/src/setup_cmd.rs
@@ -1,18 +1,18 @@
 use crate::cleanup_cmd::{self, CleanupDoctorLevel};
 use crate::hooks::{
-    install_hooks_with_report, list_installed_hooks, plan_hook_install, HookInstallAction, HookType,
+    HookInstallAction, HookType, install_hooks_with_report, list_installed_hooks, plan_hook_install,
 };
-use crate::open_target::{read_repo_open_target, write_repo_open_target, OpenTarget};
-use anyhow::{bail, Context, Result};
+use crate::open_target::{OpenTarget, read_repo_open_target, write_repo_open_target};
+use anyhow::{Context, Result, bail};
 use clap::{Args, ValueEnum};
-use opensession_core::sanitize::{sanitize_session, SanitizeConfig};
-use opensession_core::session::{build_git_storage_meta_json_with_git, working_directory, GitMeta};
 use opensession_core::Session;
+use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
+use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
 use opensession_git_native::{
-    branch_ledger_ref, extract_git_context, resolve_ledger_branch, NativeGitStorage,
+    NativeGitStorage, branch_ledger_ref, extract_git_context, resolve_ledger_branch,
 };
 use opensession_parsers::{discover::discover_sessions, parse_with_default_parsers};
-use opensession_runtime_config::{DaemonConfig, CONFIG_FILE_NAME};
+use opensession_runtime_config::{CONFIG_FILE_NAME, DaemonConfig};
 use std::cmp::Reverse;
 use std::collections::HashSet;
 use std::io::{self, IsTerminal, Write};
@@ -390,11 +390,7 @@ fn enforce_apply_mode_requirements(
     if !interactive && fanout_plan.existing.is_none() && fanout_plan.requested.is_none() {
         bail!(
             "fanout mode is not configured for this repository, and setup cannot prompt in non-interactive mode.\nnext: run `{}`",
-            suggested_doctor_command(
-                FanoutMode::HiddenRef,
-                OpenTarget::Web,
-                SetupProfile::Local
-            )
+            suggested_doctor_command(FanoutMode::HiddenRef, OpenTarget::Web, SetupProfile::Local)
         );
     }
     Ok(())
@@ -1564,9 +1560,10 @@ mod tests {
         let (level, summary, hint) = review_readiness_summary(false, false);
         assert_eq!(level, DoctorLevel::Warn);
         assert!(summary.contains("hidden-fanout=missing"));
-        assert!(hint
-            .expect("hint should exist")
-            .contains("opensession doctor --fix"));
+        assert!(
+            hint.expect("hint should exist")
+                .contains("opensession doctor --fix")
+        );
     }
 
     #[test]
@@ -1633,9 +1630,10 @@ mod tests {
             profile: None,
         };
         let err = validate_setup_args(&args).expect_err("validate");
-        assert!(err
-            .to_string()
-            .contains("`--open-target` requires apply mode"));
+        assert!(
+            err.to_string()
+                .contains("`--open-target` requires apply mode")
+        );
     }
 
     #[test]
diff --git a/crates/cli/src/share.rs b/crates/cli/src/share.rs
index c85397c7..61cba945 100644
--- a/crates/cli/src/share.rs
+++ b/crates/cli/src/share.rs
@@ -1,7 +1,7 @@
 use crate::cleanup_cmd;
 use crate::config_cmd::load_repo_config;
 use crate::user_guidance::guided_error;
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 use clap::Args;
 use opensession_core::object_store::{find_repo_root, read_local_object_from_uri};
 use opensession_core::source_uri::{SourceSpec, SourceUri};
@@ -708,9 +708,9 @@ mod tests {
     #[cfg(target_os = "linux")]
     use super::linux_clipboard_candidates;
     use super::{
-        classify_share_failure, detect_quick_remote, parse_remote_host_and_path,
-        read_quick_auto_push_consent, resolve_mode, uri_for_remote, validate_rel_path,
-        write_quick_auto_push_consent, ShareMode, QUICK_AUTO_PUSH_CONSENT_GIT_KEY,
+        QUICK_AUTO_PUSH_CONSENT_GIT_KEY, ShareMode, classify_share_failure, detect_quick_remote,
+        parse_remote_host_and_path, read_quick_auto_push_consent, resolve_mode, uri_for_remote,
+        validate_rel_path, write_quick_auto_push_consent,
     };
     use opensession_core::source_uri::SourceSpec;
     use opensession_core::source_uri::SourceUri;
diff --git a/crates/cli/src/summary_cmd.rs b/crates/cli/src/summary_cmd.rs
index 1c2b6744..e2dbead2 100644
--- a/crates/cli/src/summary_cmd.rs
+++ b/crates/cli/src/summary_cmd.rs
@@ -1,13 +1,13 @@
 use crate::runtime_settings::load_runtime_config;
-use anyhow::{anyhow, Context, Result};
+use anyhow::{Context, Result, anyhow};
 use clap::{Args, Subcommand};
 use opensession_core::session::working_directory;
 use opensession_git_native::extract_git_context;
 use opensession_local_db::{LocalDb, SessionSemanticSummaryUpsert};
 use opensession_parsers::parse_with_default_parsers;
 use opensession_summary::{
-    summarize_git_commit, summarize_git_working_tree, summarize_session, GitSummaryRequest,
-    SemanticSummaryArtifact,
+    GitSummaryRequest, SemanticSummaryArtifact, summarize_git_commit, summarize_git_working_tree,
+    summarize_session,
 };
 use serde::Serialize;
 use std::path::{Path, PathBuf};
diff --git a/crates/cli/src/url_opener.rs b/crates/cli/src/url_opener.rs
index c0612713..2170b6b0 100644
--- a/crates/cli/src/url_opener.rs
+++ b/crates/cli/src/url_opener.rs
@@ -1,5 +1,5 @@
-use crate::open_target::{read_repo_open_target, OpenTarget};
-use anyhow::{anyhow, bail, Context, Result};
+use crate::open_target::{OpenTarget, read_repo_open_target};
+use anyhow::{Context, Result, anyhow, bail};
 use opensession_core::object_store::global_store_root;
 use reqwest::Url;
 use std::fs;
diff --git a/crates/cli/src/view.rs b/crates/cli/src/view.rs
index 4c4eaf3f..a63a4c39 100644
--- a/crates/cli/src/view.rs
+++ b/crates/cli/src/view.rs
@@ -1,18 +1,18 @@
 use crate::{
     config_cmd::load_repo_config,
-    open_target::{read_repo_open_target, OpenTarget},
+    open_target::{OpenTarget, read_repo_open_target},
     review, url_opener,
     user_guidance::guided_error,
 };
-use anyhow::{anyhow, bail, Context, Result};
+use anyhow::{Context, Result, anyhow, bail};
 use clap::Args;
 use opensession_api::{
     LocalReviewBundle, LocalReviewCommit, LocalReviewPrMeta, LocalReviewSession,
 };
 use opensession_core::{
+    Session,
     object_store::read_local_object_from_uri,
     source_uri::{SourceSpec, SourceUri},
-    Session,
 };
 use reqwest::Url;
 use serde::Deserialize;
diff --git a/crates/cli/tests/handoff_cli.rs b/crates/cli/tests/handoff_cli.rs
index 25530cef..6c3b9e43 100644
--- a/crates/cli/tests/handoff_cli.rs
+++ b/crates/cli/tests/handoff_cli.rs
@@ -463,11 +463,13 @@ fn share_quick_auto_detects_origin_without_push_and_reports_state() {
         payload.get("remote_target").and_then(Value::as_str),
         Some("origin")
     );
-    assert!(payload
-        .get("push_cmd")
-        .and_then(Value::as_str)
-        .unwrap_or_default()
-        .contains("git push origin"));
+    assert!(
+        payload
+            .get("push_cmd")
+            .and_then(Value::as_str)
+            .unwrap_or_default()
+            .contains("git push origin")
+    );
 }
 
 #[test]
diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml
index d9c5ee15..a6fa5da6 100644
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-core"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "HAIL (Human AI Interaction Log) core types and validation"
diff --git a/crates/core/src/agent_metrics.rs b/crates/core/src/agent_metrics.rs
index dedec140..8715db30 100644
--- a/crates/core/src/agent_metrics.rs
+++ b/crates/core/src/agent_metrics.rs
@@ -23,18 +23,18 @@ pub fn max_active_agents(session: &Session) -> usize {
     for event in &session.events {
         let task_id = normalize_task_id(event);
 
-        if matches!(event.event_type, EventType::TaskStart { .. }) {
-            if let Some(task_id) = task_id {
-                active_task_ids.insert(task_id);
-            }
+        if matches!(event.event_type, EventType::TaskStart { .. })
+            && let Some(task_id) = task_id
+        {
+            active_task_ids.insert(task_id);
         }
 
         max_subagents = max_subagents.max(active_task_ids.len());
 
-        if matches!(event.event_type, EventType::TaskEnd { .. }) {
-            if let Some(task_id) = task_id {
-                active_task_ids.remove(task_id);
-            }
+        if matches!(event.event_type, EventType::TaskEnd { .. })
+            && let Some(task_id) = task_id
+        {
+            active_task_ids.remove(task_id);
         }
     }
 
diff --git a/crates/core/src/handoff.rs b/crates/core/src/handoff.rs
index f9340c21..6872789e 100644
--- a/crates/core/src/handoff.rs
+++ b/crates/core/src/handoff.rs
@@ -310,12 +310,12 @@ fn collect_errors(events: &[Event]) -> Vec<String> {
 fn collect_verification(events: &[Event]) -> Verification {
     let mut tool_result_by_call: HashMap<String, (&Event, bool)> = HashMap::new();
     for event in events {
-        if let EventType::ToolResult { is_error, .. } = &event.event_type {
-            if let Some(call_id) = event.semantic_call_id() {
-                tool_result_by_call
-                    .entry(call_id.to_string())
-                    .or_insert((event, *is_error));
-            }
+        if let EventType::ToolResult { is_error, .. } = &event.event_type
+            && let Some(call_id) = event.semantic_call_id()
+        {
+            tool_result_by_call
+                .entry(call_id.to_string())
+                .or_insert((event, *is_error));
         }
     }
 
@@ -407,14 +407,14 @@ fn collect_uncertainty(session: &Session, verification: &Verification) -> Uncert
 
     let mut decision_required = Vec::new();
     for event in &session.events {
-        if let EventType::Custom { kind } = &event.event_type {
-            if kind == "turn_aborted" {
-                let reason = event
-                    .attr_str("reason")
-                    .map(String::from)
-                    .unwrap_or_else(|| "turn aborted".to_string());
-                decision_required.push(format!("Turn aborted: {reason}"));
-            }
+        if let EventType::Custom { kind } = &event.event_type
+            && kind == "turn_aborted"
+        {
+            let reason = event
+                .attr_str("reason")
+                .map(String::from)
+                .unwrap_or_else(|| "turn aborted".to_string());
+            decision_required.push(format!("Turn aborted: {reason}"));
         }
     }
     for missing in &verification.required_checks_missing {
@@ -989,20 +989,19 @@ fn collect_open_questions(events: &[Event]) -> Vec<String> {
             }
         }
 
-        if event.attr_str("source") == Some("interactive") {
-            if let Some(ids) = event
+        if event.attr_str("source") == Some("interactive")
+            && let Some(ids) = event
                 .attributes
                 .get("question_ids")
                 .and_then(|v| v.as_array())
+        {
+            for id in ids
+                .iter()
+                .filter_map(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
             {
-                for id in ids
-                    .iter()
-                    .filter_map(|v| v.as_str())
-                    .map(str::trim)
-                    .filter(|v| !v.is_empty())
-                {
-                    answered_ids.insert(id.to_string());
-                }
+                answered_ids.insert(id.to_string());
             }
         }
     }
@@ -1985,10 +1984,10 @@ fn extract_objective(session: &Session) -> String {
         return truncate_str(&collapse_whitespace(&task_summary), 200);
     }
 
-    if let Some(title) = session.context.title.as_deref().map(str::trim) {
-        if !title.is_empty() {
-            return truncate_str(&collapse_whitespace(title), 200);
-        }
+    if let Some(title) = session.context.title.as_deref().map(str::trim)
+        && !title.is_empty()
+    {
+        return truncate_str(&collapse_whitespace(title), 200);
     }
 
     "(objective unavailable)".to_string()
@@ -2031,7 +2030,7 @@ pub fn format_duration(seconds: u64) -> String {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::{testing, Agent};
+    use crate::{Agent, testing};
 
     fn make_agent() -> Agent {
         testing::agent()
@@ -2362,7 +2361,7 @@ mod tests {
         assert!(hail.context.tags.contains(&"handoff".to_string()));
         // FileRead and successful ShellCommand should be filtered out
         assert_eq!(hail.events.len(), 3); // UserMessage, AgentMessage, FileEdit
-                                          // Verify HAIL roundtrip
+        // Verify HAIL roundtrip
         let jsonl = hail.to_jsonl().unwrap();
         let parsed = Session::from_jsonl(&jsonl).unwrap();
         assert_eq!(parsed.session_id, hail.session_id);
@@ -2436,29 +2435,37 @@ mod tests {
         ));
 
         let summary = HandoffSummary::from_session(&session);
-        assert!(summary
-            .verification
-            .checks_failed
-            .contains(&"cargo test".to_string()));
-        assert!(summary
-            .execution_contract
-            .next_actions
-            .iter()
-            .any(|action| action.contains("cargo test")));
+        assert!(
+            summary
+                .verification
+                .checks_failed
+                .contains(&"cargo test".to_string())
+        );
+        assert!(
+            summary
+                .execution_contract
+                .next_actions
+                .iter()
+                .any(|action| action.contains("cargo test"))
+        );
         assert_eq!(
             summary.execution_contract.ordered_commands.first(),
             Some(&"cargo test".to_string())
         );
         assert!(summary.execution_contract.parallel_actions.is_empty());
         assert!(summary.execution_contract.rollback_hint.is_none());
-        assert!(summary
-            .execution_contract
-            .rollback_hint_missing_reason
-            .is_some());
-        assert!(summary
-            .execution_contract
-            .rollback_hint_undefined_reason
-            .is_some());
+        assert!(
+            summary
+                .execution_contract
+                .rollback_hint_missing_reason
+                .is_some()
+        );
+        assert!(
+            summary
+                .execution_contract
+                .rollback_hint_undefined_reason
+                .is_some()
+        );
     }
 
     #[test]
@@ -2466,17 +2473,21 @@ mod tests {
         let session = Session::new("missing-objective".to_string(), make_agent());
         let summary = HandoffSummary::from_session(&session);
         assert!(summary.objective_undefined_reason.is_some());
-        assert!(summary
-            .undefined_fields
-            .iter()
-            .any(|f| f.path == "objective"));
+        assert!(
+            summary
+                .undefined_fields
+                .iter()
+                .any(|f| f.path == "objective")
+        );
         let report = validate_handoff_summary(&summary);
 
         assert!(!report.passed);
-        assert!(report
-            .findings
-            .iter()
-            .any(|f| f.code == "objective_missing"));
+        assert!(
+            report
+                .findings
+                .iter()
+                .any(|f| f.code == "objective_missing")
+        );
     }
 
     #[test]
@@ -2516,10 +2527,12 @@ mod tests {
         ];
 
         let report = validate_handoff_summary(&summary);
-        assert!(report
-            .findings
-            .iter()
-            .any(|f| f.code == "work_package_cycle"));
+        assert!(
+            report
+                .findings
+                .iter()
+                .any(|f| f.code == "work_package_cycle")
+        );
     }
 
     #[test]
@@ -2538,10 +2551,12 @@ mod tests {
         summary.execution_contract.next_actions.clear();
 
         let report = validate_handoff_summary(&summary);
-        assert!(report
-            .findings
-            .iter()
-            .any(|f| f.code == "next_actions_missing"));
+        assert!(
+            report
+                .findings
+                .iter()
+                .any(|f| f.code == "next_actions_missing")
+        );
     }
 
     #[test]
@@ -2560,10 +2575,12 @@ mod tests {
         }];
 
         let report = validate_handoff_summary(&summary);
-        assert!(report
-            .findings
-            .iter()
-            .any(|f| f.code == "objective_evidence_missing"));
+        assert!(
+            report
+                .findings
+                .iter()
+                .any(|f| f.code == "objective_evidence_missing")
+        );
     }
 
     #[test]
@@ -2613,16 +2630,20 @@ mod tests {
         session.events.push(b_edit);
 
         let summary = HandoffSummary::from_session(&session);
-        assert!(summary
-            .execution_contract
-            .parallel_actions
-            .iter()
-            .any(|action| action.contains("auth")));
-        assert!(summary
-            .execution_contract
-            .parallel_actions
-            .iter()
-            .any(|action| action.contains("billing")));
+        assert!(
+            summary
+                .execution_contract
+                .parallel_actions
+                .iter()
+                .any(|action| action.contains("auth"))
+        );
+        assert!(
+            summary
+                .execution_contract
+                .parallel_actions
+                .iter()
+                .any(|action| action.contains("billing"))
+        );
         let md = generate_handoff_markdown_v2(&summary);
         assert!(md.contains("Parallelizable Work Packages"));
     }
@@ -2649,21 +2670,27 @@ mod tests {
         ));
 
         let summary = HandoffSummary::from_session(&session);
-        assert!(summary
-            .execution_contract
-            .done_definition
-            .iter()
-            .any(|item| item.contains("Verification passed: `cargo test`")));
-        assert!(summary
-            .execution_contract
-            .done_definition
-            .iter()
-            .any(|item| item.contains("Changed 1 file(s): `src/lib.rs`")));
-        assert!(summary
-            .execution_contract
-            .ordered_steps
-            .iter()
-            .any(|step| step.work_package_id == "main"));
+        assert!(
+            summary
+                .execution_contract
+                .done_definition
+                .iter()
+                .any(|item| item.contains("Verification passed: `cargo test`"))
+        );
+        assert!(
+            summary
+                .execution_contract
+                .done_definition
+                .iter()
+                .any(|item| item.contains("Changed 1 file(s): `src/lib.rs`"))
+        );
+        assert!(
+            summary
+                .execution_contract
+                .ordered_steps
+                .iter()
+                .any(|step| step.work_package_id == "main")
+        );
     }
 
     #[test]
@@ -2717,12 +2744,14 @@ mod tests {
         assert_eq!(steps[0].work_package_id, "task-1");
         assert_eq!(steps[1].work_package_id, "task-2");
         assert!(steps[0].completed_at.is_some());
-        assert!(summary
-            .work_packages
-            .iter()
-            .find(|pkg| pkg.id == "task-1")
-            .and_then(|pkg| pkg.outcome.as_deref())
-            .is_some());
+        assert!(
+            summary
+                .work_packages
+                .iter()
+                .find(|pkg| pkg.id == "task-1")
+                .and_then(|pkg| pkg.outcome.as_deref())
+                .is_some()
+        );
     }
 
     #[test]
@@ -2757,10 +2786,12 @@ mod tests {
         }];
 
         let report = validate_handoff_summary(&summary);
-        assert!(report
-            .findings
-            .iter()
-            .any(|finding| finding.code == "ordered_steps_inconsistent"));
+        assert!(
+            report
+                .findings
+                .iter()
+                .any(|finding| finding.code == "ordered_steps_inconsistent")
+        );
     }
 
     #[test]
diff --git a/crates/core/src/jsonl.rs b/crates/core/src/jsonl.rs
index 48e0963f..9d4e6bd9 100644
--- a/crates/core/src/jsonl.rs
+++ b/crates/core/src/jsonl.rs
@@ -13,7 +13,7 @@
 //! The last line is aggregate stats (optional on write, recomputed on read if missing).
 
 use crate::trace::{Agent, Event, Session, SessionContext, Stats};
-use serde::{de::DeserializeOwned, Deserialize, Serialize};
+use serde::{Deserialize, Serialize, de::DeserializeOwned};
 use std::io::{self, BufRead, Write};
 
 /// A single line in a HAIL JSONL file
diff --git a/crates/core/src/sanitize.rs b/crates/core/src/sanitize.rs
index 03f1c55f..738d0db6 100644
--- a/crates/core/src/sanitize.rs
+++ b/crates/core/src/sanitize.rs
@@ -95,10 +95,10 @@ fn sanitize_content_block(block: &mut ContentBlock, config: &SanitizeConfig) {
             if config.strip_paths {
                 *path = strip_home_dir(path);
             }
-            if let Some(c) = content {
-                if config.strip_env_vars {
-                    *c = strip_env_vars(c);
-                }
+            if let Some(c) = content
+                && config.strip_env_vars
+            {
+                *c = strip_env_vars(c);
             }
         }
         _ => {}
diff --git a/crates/core/src/scoring.rs b/crates/core/src/scoring.rs
index 2fcba11d..8428dced 100644
--- a/crates/core/src/scoring.rs
+++ b/crates/core/src/scoring.rs
@@ -1,4 +1,4 @@
-use crate::{extract::extract_file_metadata, EventType, Session};
+use crate::{EventType, Session, extract::extract_file_metadata};
 use std::collections::HashMap;
 use std::sync::Arc;
 
@@ -233,7 +233,7 @@ fn count_recoveries(session: &Session) -> usize {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::{testing, Session};
+    use crate::{Session, testing};
 
     fn build_session(events: Vec<crate::Event>) -> Session {
         let mut session = Session::new("score-test".to_string(), testing::agent());
diff --git a/crates/core/src/session.rs b/crates/core/src/session.rs
index cc2b9ce8..2f797d55 100644
--- a/crates/core/src/session.rs
+++ b/crates/core/src/session.rs
@@ -170,10 +170,10 @@ pub fn build_git_storage_meta_json(session: &Session) -> Vec<u8> {
 #[cfg(test)]
 mod tests {
     use super::{
+        ATTR_PARENT_SESSION_ID, ATTR_SESSION_ROLE, GitMeta, SessionRole,
         build_git_storage_meta_json, build_git_storage_meta_json_with_git,
         interaction_compressed_session, interaction_compressed_stats, is_auxiliary_session,
-        session_role, source_path, working_directory, GitMeta, SessionRole, ATTR_PARENT_SESSION_ID,
-        ATTR_SESSION_ROLE,
+        session_role, source_path, working_directory,
     };
     use crate::trace::{Agent, Content, Event, EventType, Session};
     use serde_json::Value;
diff --git a/crates/core/src/source_uri.rs b/crates/core/src/source_uri.rs
index 92cca4ef..eea31dcd 100644
--- a/crates/core/src/source_uri.rs
+++ b/crates/core/src/source_uri.rs
@@ -1,5 +1,5 @@
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use base64::Engine;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use regex::Regex;
 use std::fmt;
 
diff --git a/crates/core/src/validate.rs b/crates/core/src/validate.rs
index 3b4a8257..a281c68e 100644
--- a/crates/core/src/validate.rs
+++ b/crates/core/src/validate.rs
@@ -188,9 +188,10 @@ mod tests {
     fn test_empty_session() {
         let session = make_session_with_events(vec![]);
         let errs = validate_session(&session).unwrap_err();
-        assert!(errs
-            .iter()
-            .any(|e| matches!(e, ValidationError::EmptySession)));
+        assert!(
+            errs.iter()
+                .any(|e| matches!(e, ValidationError::EmptySession))
+        );
     }
 
     #[test]
@@ -206,9 +207,10 @@ mod tests {
         }]);
         session.version = "bad-version".to_string();
         let errs = validate_session(&session).unwrap_err();
-        assert!(errs
-            .iter()
-            .any(|e| matches!(e, ValidationError::InvalidVersion { .. })));
+        assert!(
+            errs.iter()
+                .any(|e| matches!(e, ValidationError::InvalidVersion { .. }))
+        );
     }
 
     #[test]
@@ -235,9 +237,10 @@ mod tests {
             },
         ]);
         let errs = validate_session(&session).unwrap_err();
-        assert!(errs
-            .iter()
-            .any(|e| matches!(e, ValidationError::DuplicateEventId { .. })));
+        assert!(
+            errs.iter()
+                .any(|e| matches!(e, ValidationError::DuplicateEventId { .. }))
+        );
     }
 
     fn make_event(id: &str, event_type: EventType) -> Event {
@@ -321,9 +324,10 @@ mod tests {
             },
         ]);
         let errs = validate_session(&session).unwrap_err();
-        assert!(errs
-            .iter()
-            .any(|e| matches!(e, ValidationError::EventsOutOfOrder { index: 1 })));
+        assert!(
+            errs.iter()
+                .any(|e| matches!(e, ValidationError::EventsOutOfOrder { index: 1 }))
+        );
     }
 
     #[test]
diff --git a/crates/daemon/Cargo.toml b/crates/daemon/Cargo.toml
index fce3d00b..3e10ba4b 100644
--- a/crates/daemon/Cargo.toml
+++ b/crates/daemon/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-daemon"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 homepage.workspace = true
diff --git a/crates/daemon/src/config.rs b/crates/daemon/src/config.rs
index 8807f40a..113e17c6 100644
--- a/crates/daemon/src/config.rs
+++ b/crates/daemon/src/config.rs
@@ -5,8 +5,8 @@ use std::path::{Path, PathBuf};
 
 // Re-export shared runtime config types
 pub use opensession_runtime_config::{
-    DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode, SessionDefaultView,
-    CONFIG_FILE_NAME,
+    CONFIG_FILE_NAME, DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode,
+    SessionDefaultView,
 };
 
 /// Get the config directory path
diff --git a/crates/daemon/src/hooks.rs b/crates/daemon/src/hooks.rs
index 47c7b40b..2db08dd7 100644
--- a/crates/daemon/src/hooks.rs
+++ b/crates/daemon/src/hooks.rs
@@ -1,7 +1,7 @@
 use std::path::{Path, PathBuf};
 use std::process::Command;
 
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 
 /// Git hook types managed by opensession.
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
@@ -474,16 +474,18 @@ pub fn scan_for_secrets(content: &str) -> Vec<SecretMatch> {
 
     for (line_number, line) in content.lines().enumerate() {
         for (name, pattern) in &patterns {
-            if let Ok(re) = regex::Regex::new(pattern) {
-                if re.is_match(line) {
-                    // Redact the matched portion
-                    let redacted = re.replace_all(line, "[REDACTED]").to_string();
-                    matches.push(SecretMatch {
-                        pattern_name: name.to_string(),
-                        line_number: line_number + 1,
-                        context: redacted,
-                    });
-                }
+            let re = match regex::Regex::new(pattern) {
+                Ok(re) => re,
+                Err(_) => continue,
+            };
+            if re.is_match(line) {
+                // Redact the matched portion
+                let redacted = re.replace_all(line, "[REDACTED]").to_string();
+                matches.push(SecretMatch {
+                    pattern_name: name.to_string(),
+                    line_number: line_number + 1,
+                    context: redacted,
+                });
             }
         }
     }
@@ -681,10 +683,12 @@ mod tests {
         let dir = TempDir::new().unwrap();
         let result = install_hooks(dir.path(), HookType::all());
         assert!(result.is_err());
-        assert!(result
-            .unwrap_err()
-            .to_string()
-            .contains("Not a git repository"));
+        assert!(
+            result
+                .unwrap_err()
+                .to_string()
+                .contains("Not a git repository")
+        );
     }
 
     #[test]
diff --git a/crates/daemon/src/main.rs b/crates/daemon/src/main.rs
index a79e31e0..ca3516f9 100644
--- a/crates/daemon/src/main.rs
+++ b/crates/daemon/src/main.rs
@@ -148,7 +148,7 @@ fn cleanup_pid_file() {
 async fn wait_for_shutdown() {
     #[cfg(unix)]
     {
-        use tokio::signal::unix::{signal, SignalKind};
+        use tokio::signal::unix::{SignalKind, signal};
         let mut sigterm = signal(SignalKind::terminate()).expect("Failed to register SIGTERM");
         let mut sigint = signal(SignalKind::interrupt()).expect("Failed to register SIGINT");
         tokio::select! {
diff --git a/crates/daemon/src/scheduler.rs b/crates/daemon/src/scheduler.rs
index 526f1658..e595f5a3 100644
--- a/crates/daemon/src/scheduler.rs
+++ b/crates/daemon/src/scheduler.rs
@@ -1,18 +1,18 @@
 use anyhow::Result;
 use chrono::{DateTime, Utc};
-use opensession_core::sanitize::{sanitize_session, SanitizeConfig};
+use opensession_core::Session;
+use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
 use opensession_core::session::{
-    build_git_storage_meta_json_with_git, interaction_compressed_session, is_auxiliary_session,
-    working_directory, GitMeta,
+    GitMeta, build_git_storage_meta_json_with_git, interaction_compressed_session,
+    is_auxiliary_session, working_directory,
 };
-use opensession_core::Session;
 use opensession_git_native::{
-    branch_ledger_ref, extract_git_context, resolve_ledger_branch, PruneStats,
-    SessionSummaryLedgerRecord, SUMMARY_LEDGER_REF,
+    PruneStats, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, branch_ledger_ref,
+    extract_git_context, resolve_ledger_branch,
 };
 use opensession_local_db::LocalDb;
 use opensession_parsers::parse_with_default_parsers;
-use opensession_summary::{summarize_session, GitSummaryRequest};
+use opensession_summary::{GitSummaryRequest, summarize_session};
 use std::collections::{HashMap, HashSet};
 use std::path::{Path, PathBuf};
 use std::process::Command;
@@ -107,7 +107,8 @@ fn run_git_retention_once(registry: &RepoRegistry, keep_days: u32) -> Result<()>
             continue;
         }
         for ref_name in refs {
-            match storage.prune_by_age_at_ref(&repo_root, &ref_name, keep_days) {
+            let prune_result = storage.prune_by_age_at_ref(&repo_root, &ref_name, keep_days);
+            match prune_result {
                 Ok(PruneStats {
                     scanned_sessions,
                     expired_sessions,
@@ -223,9 +224,9 @@ fn run_lifecycle_cleanup_once(
                 .and_then(|row| row.working_directory.as_deref()),
         );
         if let Some(repo_root) = repo_root {
-            if let Err(e) =
-                storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &session_id)
-            {
+            let delete_result =
+                storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &session_id);
+            if let Err(e) = delete_result {
                 warn!(
                     repo = %repo_root.display(),
                     session_id,
@@ -242,11 +243,12 @@ fn run_lifecycle_cleanup_once(
 
     let repo_roots = collect_lifecycle_repo_roots(db, registry)?;
     for repo_root in repo_roots {
-        match storage.prune_summaries_by_age_at_ref(
+        let prune_result = storage.prune_summaries_by_age_at_ref(
             &repo_root,
             SUMMARY_LEDGER_REF,
             config.lifecycle.summary_ttl_days,
-        ) {
+        );
+        match prune_result {
             Ok(PruneStats {
                 scanned_sessions,
                 expired_sessions,
@@ -465,15 +467,15 @@ pub async fn run_scheduler(
                             path.display()
                         );
                     }
-                    if let Err(e) = process_file(
+                    let process_result = process_file(
                         &path,
                         &config,
                         &db,
                         &mut repo_registry,
                         should_auto_upload(&effective_mode),
                     )
-                    .await
-                    {
+                    .await;
+                    if let Err(e) = process_result {
                         error!("Failed to process {}: {:#}", path.display(), e);
                     }
                 }
@@ -482,7 +484,8 @@ pub async fn run_scheduler(
                     (retention_schedule, next_retention_run)
                 {
                     if now >= next_at {
-                        if let Err(e) = run_git_retention_once(&repo_registry, keep_days) {
+                        let retention_result = run_git_retention_once(&repo_registry, keep_days);
+                        if let Err(e) = retention_result {
                             warn!("Git retention scan failed: {e}");
                         }
                         next_retention_run = Some(now + interval);
@@ -491,7 +494,9 @@ pub async fn run_scheduler(
 
                 if let (Some(interval), Some(next_at)) = (lifecycle_interval, next_lifecycle_run) {
                     if now >= next_at {
-                        if let Err(e) = run_lifecycle_cleanup_once(&config, &db, &repo_registry) {
+                        let cleanup_result =
+                            run_lifecycle_cleanup_once(&config, &db, &repo_registry);
+                        if let Err(e) = cleanup_result {
                             warn!("Lifecycle cleanup failed: {e}");
                         }
                         next_lifecycle_run = Some(now + interval);
@@ -502,7 +507,11 @@ pub async fn run_scheduler(
 
             // Shutdown signal
             _ = shutdown.changed() => {
-                if *shutdown.borrow() {
+                let should_shutdown = {
+                    let borrowed = shutdown.borrow();
+                    *borrowed
+                };
+                if should_shutdown {
                     info!("Scheduler shutting down");
                     break;
                 }
@@ -886,7 +895,7 @@ mod tests {
     use super::*;
     use opensession_core::{Agent, Content, Event, EventType, Session};
     use opensession_git_native::{
-        NativeGitStorage, SessionSummaryLedgerRecord, SUMMARY_LEDGER_REF,
+        NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
     };
     use opensession_runtime_config::{SummaryProvider, SummaryStorageBackend, SummaryTriggerMode};
     use serde_json::json;
diff --git a/crates/e2e/Cargo.toml b/crates/e2e/Cargo.toml
index 60168436..12fc1d3c 100644
--- a/crates/e2e/Cargo.toml
+++ b/crates/e2e/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-e2e"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "E2E test suite for OpenSession API"
diff --git a/crates/e2e/src/runner.rs b/crates/e2e/src/runner.rs
index 06b42ecf..c83a152e 100644
--- a/crates/e2e/src/runner.rs
+++ b/crates/e2e/src/runner.rs
@@ -61,7 +61,11 @@ pub async fn run_all(ctx: Arc<crate::client::TestContext>, filter: Option<&str>)
     crate::for_each_spec!(spawn_spec);
 
     let mut results = Vec::new();
-    while let Some(result) = set.join_next().await {
+    loop {
+        let next_result = set.join_next().await;
+        let Some(result) = next_result else {
+            break;
+        };
         match result {
             Ok(r) => results.push(r),
             Err(e) => results.push(TestResult {
@@ -70,7 +74,7 @@ pub async fn run_all(ctx: Arc<crate::client::TestContext>, filter: Option<&str>)
                 duration: Duration::ZERO,
                 error: Some(format!("{e:#}")),
             }),
-        }
+        };
     }
 
     results.sort_by(|a, b| a.name.cmp(&b.name));
diff --git a/crates/e2e/src/specs/health.rs b/crates/e2e/src/specs/health.rs
index 36563c1c..c0774455 100644
--- a/crates/e2e/src/specs/health.rs
+++ b/crates/e2e/src/specs/health.rs
@@ -1,4 +1,4 @@
-use anyhow::{ensure, Result};
+use anyhow::{Result, ensure};
 
 use crate::client::TestContext;
 
diff --git a/crates/e2e/src/specs/sessions.rs b/crates/e2e/src/specs/sessions.rs
index dc51e152..c0288c9d 100644
--- a/crates/e2e/src/specs/sessions.rs
+++ b/crates/e2e/src/specs/sessions.rs
@@ -1,4 +1,4 @@
-use anyhow::{ensure, Result};
+use anyhow::{Result, ensure};
 use uuid::Uuid;
 
 use crate::client::TestContext;
diff --git a/crates/e2e/tests/common.rs b/crates/e2e/tests/common.rs
index ee571766..609c3a35 100644
--- a/crates/e2e/tests/common.rs
+++ b/crates/e2e/tests/common.rs
@@ -12,16 +12,22 @@ pub struct RegisteredUser {
     pub tokens: AuthTokenResponse,
 }
 
-pub fn test_context_from_env(base_url_env: &str) -> TestContext {
-    let base_url = std::env::var(base_url_env).unwrap_or_else(|_| {
-        panic!(
-            "missing required env var `{base_url_env}`. Set explicit local target URL for this E2E run."
-        )
-    });
+pub fn test_context_from_env(base_url_env: &str) -> Option<TestContext> {
+    let base_url = match std::env::var(base_url_env) {
+        Ok(value) => value,
+        Err(_) => {
+            eprintln!(
+                "skipping E2E test: missing required env var `{base_url_env}`. \
+Set explicit local target URL for this E2E run."
+            );
+            return None;
+        }
+    };
     enforce_base_url_policy(base_url_env, &base_url);
-    TestContext::new(base_url)
+    Some(TestContext::new(base_url))
 }
 
+#[allow(dead_code)]
 pub async fn register_user(ctx: &TestContext, prefix: &str, password: &str) -> RegisteredUser {
     let client = reqwest::Client::new();
     let suffix = uuid::Uuid::new_v4().simple().to_string();
diff --git a/crates/e2e/tests/environment.rs b/crates/e2e/tests/environment.rs
new file mode 100644
index 00000000..22386fa6
--- /dev/null
+++ b/crates/e2e/tests/environment.rs
@@ -0,0 +1,8 @@
+mod common;
+
+#[test]
+fn missing_base_url_env_skips_instead_of_panicking() {
+    let missing_env = format!("OPENSESSION_TEST_MISSING_{}", uuid::Uuid::new_v4().simple());
+
+    assert!(common::test_context_from_env(&missing_env).is_none());
+}
diff --git a/crates/e2e/tests/server.rs b/crates/e2e/tests/server.rs
index 8f3c36e3..992a6626 100644
--- a/crates/e2e/tests/server.rs
+++ b/crates/e2e/tests/server.rs
@@ -5,7 +5,7 @@ use opensession_api::{ChangePasswordRequest, CreateGitCredentialRequest, OkRespo
 use opensession_e2e::client::TestContext;
 use serde_json::json;
 
-fn get_ctx() -> TestContext {
+fn get_ctx() -> Option<TestContext> {
     test_context_from_env("OPENSESSION_E2E_SERVER_BASE_URL")
 }
 
@@ -13,7 +13,9 @@ macro_rules! e2e_test {
     ($module:ident :: $name:ident) => {
         #[tokio::test]
         async fn $name() {
-            let ctx = get_ctx();
+            let Some(ctx) = get_ctx() else {
+                return;
+            };
             opensession_e2e::specs::$module::$name(&ctx).await.unwrap();
         }
     };
@@ -23,7 +25,9 @@ opensession_e2e::for_each_spec!(e2e_test);
 
 #[tokio::test]
 async fn server_sessions_repos_list() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let response = ctx.get("/sessions/repos").await.expect("request failed");
     assert_eq!(
         response.status().as_u16(),
@@ -42,7 +46,9 @@ async fn server_sessions_repos_list() {
 
 #[tokio::test]
 async fn server_auth_password_change_success() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let user = register_user(&ctx, "server-password", "old-pass-123").await;
 
     let client = reqwest::Client::new();
@@ -86,7 +92,9 @@ async fn server_auth_password_change_success() {
 
 #[tokio::test]
 async fn server_auth_git_credentials_crud() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let user = register_user(&ctx, "server-git-cred", "test-pass-123").await;
 
     let client = reqwest::Client::new();
@@ -179,7 +187,9 @@ async fn server_auth_git_credentials_crud() {
 
 #[tokio::test]
 async fn server_admin_delete_session_authz() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let response = reqwest::Client::new()
         .delete(ctx.url(&format!(
             "/admin/sessions/{}",
@@ -198,7 +208,9 @@ async fn server_admin_delete_session_authz() {
 
 #[tokio::test]
 async fn removed_team_and_sync_endpoints_are_unavailable() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let client = reqwest::Client::new();
     for path in ["/teams", "/invitations", "/sync/pull"] {
         let response = client
diff --git a/crates/e2e/tests/worker.rs b/crates/e2e/tests/worker.rs
index 3dfb69dd..e8eefb16 100644
--- a/crates/e2e/tests/worker.rs
+++ b/crates/e2e/tests/worker.rs
@@ -6,7 +6,7 @@ use opensession_api::{ParsePreviewRequest, ParseSource};
 use opensession_e2e::client::TestContext;
 use serde_json::json;
 
-fn get_ctx() -> TestContext {
+fn get_ctx() -> Option<TestContext> {
     test_context_from_env("OPENSESSION_E2E_WORKER_BASE_URL")
 }
 
@@ -14,7 +14,9 @@ macro_rules! e2e_test {
     ($module:ident :: $name:ident) => {
         #[tokio::test]
         async fn $name() {
-            let ctx = get_ctx();
+            let Some(ctx) = get_ctx() else {
+                return;
+            };
             opensession_e2e::specs::$module::$name(&ctx).await.unwrap();
         }
     };
@@ -24,7 +26,9 @@ opensession_e2e::for_each_spec!(e2e_test);
 
 #[tokio::test]
 async fn auth_providers_endpoint_is_available_in_worker() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let response = ctx.get("/auth/providers").await.expect("request failed");
     assert_eq!(
         response.status().as_u16(),
@@ -42,7 +46,9 @@ async fn auth_providers_endpoint_is_available_in_worker() {
 
 #[tokio::test]
 async fn worker_auth_register_login_me_refresh_logout_flow() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let user = register_user(&ctx, "worker-auth-flow", "testpass-12345").await;
     let access_token = user.tokens.access_token;
     let refresh_token = user.tokens.refresh_token;
@@ -126,7 +132,9 @@ async fn worker_auth_register_login_me_refresh_logout_flow() {
 
 #[tokio::test]
 async fn worker_auth_oauth_redirect_callback_routes_are_exposed() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let providers_response = ctx.get("/auth/providers").await.expect("request failed");
     assert_eq!(providers_response.status().as_u16(), 200);
     let providers: serde_json::Value = providers_response
@@ -188,7 +196,9 @@ async fn worker_auth_oauth_redirect_callback_routes_are_exposed() {
 
 #[tokio::test]
 async fn worker_parse_preview_inline_success() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let session = opensession_e2e::fixtures::minimal_session();
     let source_body = session.to_jsonl().expect("serialize fixture session");
     let encoded = base64::engine::general_purpose::STANDARD.encode(source_body);
@@ -230,7 +240,9 @@ async fn worker_parse_preview_inline_success() {
 
 #[tokio::test]
 async fn worker_parse_preview_git_credential_required() {
-    let ctx = get_ctx();
+    let Some(ctx) = get_ctx() else {
+        return;
+    };
     let user = register_user(&ctx, "worker-git-credential", "testpass-12345").await;
     let access_token = user.tokens.access_token;
 
diff --git a/crates/git-native/Cargo.toml b/crates/git-native/Cargo.toml
index 1e25c1a8..bd91eb1c 100644
--- a/crates/git-native/Cargo.toml
+++ b/crates/git-native/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-git-native"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Git-native session storage for OpenSession using gix"
diff --git a/crates/git-native/src/handoff_artifact_store.rs b/crates/git-native/src/handoff_artifact_store.rs
index 09b201a3..f850a705 100644
--- a/crates/git-native/src/handoff_artifact_store.rs
+++ b/crates/git-native/src/handoff_artifact_store.rs
@@ -1,12 +1,12 @@
 use std::path::Path;
 use std::process::Command;
 
-use gix::object::tree::EntryKind;
 use gix::ObjectId;
+use gix::object::tree::EntryKind;
 
+use crate::HANDOFF_ARTIFACTS_REF_PREFIX;
 use crate::error::{GitStorageError, Result};
 use crate::ops::{self, gix_err};
-use crate::HANDOFF_ARTIFACTS_REF_PREFIX;
 
 const ARTIFACT_BLOB_PATH: &str = "artifact.json";
 
diff --git a/crates/git-native/src/lib.rs b/crates/git-native/src/lib.rs
index f1f0e07e..e250ddfd 100644
--- a/crates/git-native/src/lib.rs
+++ b/crates/git-native/src/lib.rs
@@ -9,15 +9,15 @@ pub mod url;
 #[cfg(test)]
 pub(crate) mod test_utils;
 
-pub use context::{extract_git_context, normalize_repo_name, GitContext};
+pub use context::{GitContext, extract_git_context, normalize_repo_name};
 pub use error::{GitStorageError, Result};
 pub use handoff_artifact_store::{
     artifact_ref_name, list_handoff_artifact_refs, load_handoff_artifact, store_handoff_artifact,
 };
 pub use refs::{branch_ledger_ref, encode_branch_component, resolve_ledger_branch};
 pub use store::{
-    store_blob_at_ref, NativeGitStorage, PruneStats, SessionSummaryLedgerRecord,
-    StoredSummaryRecord,
+    NativeGitStorage, PruneStats, SessionSummaryLedgerRecord, StoredSummaryRecord,
+    store_blob_at_ref,
 };
 pub use url::generate_raw_url;
 
diff --git a/crates/git-native/src/ops.rs b/crates/git-native/src/ops.rs
index 5b697c02..750d21dd 100644
--- a/crates/git-native/src/ops.rs
+++ b/crates/git-native/src/ops.rs
@@ -321,9 +321,11 @@ mod tests {
         .unwrap();
 
         // Confirm it exists
-        assert!(find_ref_tip(&repo, "refs/heads/to-delete")
-            .unwrap()
-            .is_some());
+        assert!(
+            find_ref_tip(&repo, "refs/heads/to-delete")
+                .unwrap()
+                .is_some()
+        );
 
         // Delete it
         delete_ref(&repo, "refs/heads/to-delete", commit_id).unwrap();
diff --git a/crates/git-native/src/refs.rs b/crates/git-native/src/refs.rs
index 5400c83d..387271ff 100644
--- a/crates/git-native/src/refs.rs
+++ b/crates/git-native/src/refs.rs
@@ -1,5 +1,5 @@
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use base64::Engine;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 
 use crate::BRANCH_LEDGER_REF_PREFIX;
 
diff --git a/crates/git-native/src/store.rs b/crates/git-native/src/store.rs
index 45e3bb39..a5d1ba71 100644
--- a/crates/git-native/src/store.rs
+++ b/crates/git-native/src/store.rs
@@ -1,8 +1,8 @@
 use std::path::Path;
 use std::process::Command;
 
-use gix::object::tree::EntryKind;
 use gix::ObjectId;
+use gix::object::tree::EntryKind;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use tracing::{debug, info};
@@ -81,11 +81,7 @@ impl NativeGitStorage {
     fn session_id_from_commit_message(message: &str) -> Option<&str> {
         let first = message.lines().next()?.trim();
         let id = first.strip_prefix("session: ")?.trim();
-        if id.is_empty() {
-            None
-        } else {
-            Some(id)
-        }
+        if id.is_empty() { None } else { Some(id) }
     }
 
     fn commit_index_path(commit_sha: &str, session_id: &str) -> String {
@@ -121,11 +117,7 @@ impl NativeGitStorage {
     fn summary_session_id_from_commit_message(message: &str) -> Option<&str> {
         let first = message.lines().next()?.trim();
         let id = first.strip_prefix("summary: ")?.trim();
-        if id.is_empty() {
-            None
-        } else {
-            Some(id)
-        }
+        if id.is_empty() { None } else { Some(id) }
     }
 }
 
@@ -817,10 +809,12 @@ mod tests {
             .delete_summary_at_ref(tmp.path(), ref_name, "session-delete")
             .expect("delete summary");
         assert!(rewritten);
-        assert!(storage
-            .load_summary_at_ref(tmp.path(), ref_name, "session-delete")
-            .expect("load after delete")
-            .is_none());
+        assert!(
+            storage
+                .load_summary_at_ref(tmp.path(), ref_name, "session-delete")
+                .expect("load after delete")
+                .is_none()
+        );
     }
 
     #[test]
@@ -868,14 +862,18 @@ mod tests {
             .expect("prune summaries");
         assert!(stats.rewritten);
         assert_eq!(stats.expired_sessions, 2);
-        assert!(storage
-            .load_summary_at_ref(tmp.path(), ref_name, "summary-a")
-            .expect("load summary a")
-            .is_none());
-        assert!(storage
-            .load_summary_at_ref(tmp.path(), ref_name, "summary-b")
-            .expect("load summary b")
-            .is_none());
+        assert!(
+            storage
+                .load_summary_at_ref(tmp.path(), ref_name, "summary-a")
+                .expect("load summary a")
+                .is_none()
+        );
+        assert!(
+            storage
+                .load_summary_at_ref(tmp.path(), ref_name, "summary-b")
+                .expect("load summary b")
+                .is_none()
+        );
     }
 
     #[test]
diff --git a/crates/local-db/Cargo.toml b/crates/local-db/Cargo.toml
index 3b9d4d14..59b1e552 100644
--- a/crates/local-db/Cargo.toml
+++ b/crates/local-db/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-local-db"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Local SQLite database shared by TUI and Daemon"
diff --git a/crates/local-db/src/lib.rs b/crates/local-db/src/lib.rs
index 5c12eec8..a5770d11 100644
--- a/crates/local-db/src/lib.rs
+++ b/crates/local-db/src/lib.rs
@@ -4,14 +4,14 @@ use anyhow::{Context, Result};
 use opensession_api::db::migrations::{LOCAL_MIGRATIONS, MIGRATIONS};
 use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::trace::Session;
-use rusqlite::{params, Connection, OptionalExtension};
+use rusqlite::{Connection, OptionalExtension, params};
 use serde_json::Value;
 use std::fs;
 use std::io::{BufRead, BufReader};
 use std::path::PathBuf;
 use std::sync::Mutex;
 
-use git::{normalize_repo_name, GitContext};
+use git::{GitContext, normalize_repo_name};
 
 const SUMMARY_WORKER_TITLE_PREFIX_LOWER: &str =
     "convert a real coding session into semantic compression.";
@@ -2373,10 +2373,11 @@ mod tests {
             &crate::git::GitContext::default(),
         )
         .expect("seed populated row");
-        assert!(db
-            .get_session_by_id("empty-signal-replace")
-            .unwrap()
-            .is_some());
+        assert!(
+            db.get_session_by_id("empty-signal-replace")
+                .unwrap()
+                .is_some()
+        );
 
         let empty = Session::new(
             "empty-signal-replace".to_string(),
@@ -2518,9 +2519,11 @@ mod tests {
         let paths = db
             .list_session_source_paths()
             .expect("list source paths should work");
-        assert!(paths
-            .iter()
-            .any(|(id, path)| id == "source-path-1" && path == "/tmp/source-path-1.jsonl"));
+        assert!(
+            paths
+                .iter()
+                .any(|(id, path)| id == "source-path-1" && path == "/tmp/source-path-1.jsonl")
+        );
         assert!(paths.iter().all(|(id, _)| id != "source-path-2"));
     }
 
@@ -3101,10 +3104,11 @@ mod tests {
         assert_eq!(row.id, "s4");
         let row = db.get_session_by_tool_offset("gemini", 0).unwrap().unwrap();
         assert_eq!(row.id, "s3");
-        assert!(db
-            .get_session_by_tool_offset("gemini", 1)
-            .unwrap()
-            .is_none());
+        assert!(
+            db.get_session_by_tool_offset("gemini", 1)
+                .unwrap()
+                .is_none()
+        );
     }
 
     #[test]
@@ -3268,14 +3272,16 @@ mod tests {
             .delete_expired_session_summaries(30)
             .expect("delete expired summaries");
         assert_eq!(deleted, 1);
-        assert!(db
-            .get_session_semantic_summary("s1")
-            .expect("query old summary")
-            .is_none());
-        assert!(db
-            .get_session_semantic_summary("s2")
-            .expect("query new summary")
-            .is_some());
+        assert!(
+            db.get_session_semantic_summary("s1")
+                .expect("query old summary")
+                .is_none()
+        );
+        assert!(
+            db.get_session_semantic_summary("s2")
+                .expect("query new summary")
+                .is_some()
+        );
     }
 
     #[test]
diff --git a/crates/parsers/Cargo.toml b/crates/parsers/Cargo.toml
index a52454e9..bb2c18a5 100644
--- a/crates/parsers/Cargo.toml
+++ b/crates/parsers/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-parsers"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Parsers for converting AI tool session data to HAIL format"
diff --git a/crates/parsers/src/amp.rs b/crates/parsers/src/amp.rs
index 606487db..6f271768 100644
--- a/crates/parsers/src/amp.rs
+++ b/crates/parsers/src/amp.rs
@@ -1,5 +1,5 @@
-use crate::common::set_first;
 use crate::SessionParser;
+use crate::common::set_first;
 use anyhow::{Context, Result};
 use chrono::{TimeZone, Utc};
 use opensession_core::trace::{
diff --git a/crates/parsers/src/claude_code/mod.rs b/crates/parsers/src/claude_code/mod.rs
index fbd8ce8f..fc16b2f0 100644
--- a/crates/parsers/src/claude_code/mod.rs
+++ b/crates/parsers/src/claude_code/mod.rs
@@ -58,7 +58,7 @@ impl ClaudeCodeParser {
 
 // Re-export pub(crate) items needed by incremental.rs
 pub(crate) use parse::{
-    parse_timestamp, process_assistant_entry, process_user_entry, RawConversationEntry, RawEntry,
+    RawConversationEntry, RawEntry, parse_timestamp, process_assistant_entry, process_user_entry,
 };
 
 pub fn is_claude_subagent_path(path: &Path) -> bool {
diff --git a/crates/parsers/src/claude_code/parse.rs b/crates/parsers/src/claude_code/parse.rs
index 953b34fd..a599184e 100644
--- a/crates/parsers/src/claude_code/parse.rs
+++ b/crates/parsers/src/claude_code/parse.rs
@@ -1,7 +1,7 @@
 use super::transform::{build_cc_tool_result_content, classify_tool_use, tool_use_content};
 use crate::common::{
-    attach_semantic_attrs, attach_source_attrs, infer_tool_kind, set_first, strip_system_reminders,
-    ToolUseInfo,
+    ToolUseInfo, attach_semantic_attrs, attach_source_attrs, infer_tool_kind, set_first,
+    strip_system_reminders,
 };
 use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
@@ -1675,10 +1675,12 @@ mod tests {
         let parsed = parse_lines_impl(&lines);
         assert_eq!(parsed.events.len(), 4);
         assert_eq!(parsed.session_id.as_deref(), Some("s1"));
-        assert!(parsed
-            .events
-            .iter()
-            .all(|event| matches!(event.event_type, EventType::SystemMessage)));
+        assert!(
+            parsed
+                .events
+                .iter()
+                .all(|event| matches!(event.event_type, EventType::SystemMessage))
+        );
 
         let mut seen_raw_types = HashMap::new();
         for event in &parsed.events {
@@ -1820,24 +1822,30 @@ mod tests {
 
         let session = parse_claude_code_jsonl(&parent_path).unwrap();
         assert_eq!(session.events.len(), 4);
-        assert!(session
-            .events
-            .iter()
-            .any(|e| matches!(e.event_type, EventType::TaskStart { .. })));
+        assert!(
+            session
+                .events
+                .iter()
+                .any(|e| matches!(e.event_type, EventType::TaskStart { .. }))
+        );
         assert!(session.events.iter().any(|e| {
             e.attributes
                 .get("merged_subagent")
                 .and_then(|v| v.as_bool())
                 == Some(true)
         }));
-        assert!(session
-            .events
-            .iter()
-            .any(|e| matches!(e.event_type, EventType::AgentMessage)));
-        assert!(session
-            .events
-            .iter()
-            .any(|e| matches!(e.event_type, EventType::TaskEnd { .. })));
+        assert!(
+            session
+                .events
+                .iter()
+                .any(|e| matches!(e.event_type, EventType::AgentMessage))
+        );
+        assert!(
+            session
+                .events
+                .iter()
+                .any(|e| matches!(e.event_type, EventType::TaskEnd { .. }))
+        );
         // message_count includes user+agent messages and TaskEnd summaries.
         assert_eq!(session.stats.message_count, 3);
     }
diff --git a/crates/parsers/src/claude_code/transform.rs b/crates/parsers/src/claude_code/transform.rs
index 808d5196..a435ba39 100644
--- a/crates/parsers/src/claude_code/transform.rs
+++ b/crates/parsers/src/claude_code/transform.rs
@@ -1,4 +1,4 @@
-use crate::common::{build_tool_result_content, ToolUseInfo};
+use crate::common::{ToolUseInfo, build_tool_result_content};
 use opensession_core::trace::{Content, ContentBlock, EventType};
 
 // ── Content transformation helpers ──────────────────────────────────────────
diff --git a/crates/parsers/src/cline.rs b/crates/parsers/src/cline.rs
index 7dd94b65..962f8738 100644
--- a/crates/parsers/src/cline.rs
+++ b/crates/parsers/src/cline.rs
@@ -1,8 +1,8 @@
+use crate::SessionParser;
 use crate::common::{
-    build_tool_result_content, canonical_tool_name, extract_tag_content, set_first,
-    strip_system_reminders, ToolUseInfo, INTERACTIVE_USER_INPUT_TOOL,
+    INTERACTIVE_USER_INPUT_TOOL, ToolUseInfo, build_tool_result_content, canonical_tool_name,
+    extract_tag_content, set_first, strip_system_reminders,
 };
-use crate::SessionParser;
 use anyhow::{Context, Result};
 use chrono::{TimeZone, Utc};
 use opensession_core::trace::{
diff --git a/crates/parsers/src/codex.rs b/crates/parsers/src/codex.rs
index 56e3c291..5e7e5e68 100644
--- a/crates/parsers/src/codex.rs
+++ b/crates/parsers/src/codex.rs
@@ -1,8 +1,8 @@
+use crate::SessionParser;
 use crate::common::{
-    attach_semantic_attrs, attach_source_attrs, canonical_tool_name, infer_tool_kind, set_first,
-    INTERACTIVE_USER_INPUT_TOOL,
+    INTERACTIVE_USER_INPUT_TOOL, attach_semantic_attrs, attach_source_attrs, canonical_tool_name,
+    infer_tool_kind, set_first,
 };
-use crate::SessionParser;
 use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
 use opensession_core::session::{ATTR_PARENT_SESSION_ID, ATTR_SESSION_ROLE};
diff --git a/crates/parsers/src/common.rs b/crates/parsers/src/common.rs
index a0aa98e1..8a01e45b 100644
--- a/crates/parsers/src/common.rs
+++ b/crates/parsers/src/common.rs
@@ -4,8 +4,8 @@
 //! into clean, typed ContentBlocks so the frontend can be a dumb renderer.
 
 use opensession_core::trace::{
-    Content, ContentBlock, ATTR_SEMANTIC_CALL_ID, ATTR_SEMANTIC_GROUP_ID, ATTR_SEMANTIC_TOOL_KIND,
-    ATTR_SOURCE_RAW_TYPE, ATTR_SOURCE_SCHEMA_VERSION,
+    ATTR_SEMANTIC_CALL_ID, ATTR_SEMANTIC_GROUP_ID, ATTR_SEMANTIC_TOOL_KIND, ATTR_SOURCE_RAW_TYPE,
+    ATTR_SOURCE_SCHEMA_VERSION, Content, ContentBlock,
 };
 use regex::Regex;
 use serde_json::Value;
@@ -354,8 +354,7 @@ mod tests {
 
     #[test]
     fn test_is_line_numbered_cat_n() {
-        let text =
-            "     1→use std::io;\n     2→\n     3→fn main() {\n     4→    println!(\"hello\");\n     5→}";
+        let text = "     1→use std::io;\n     2→\n     3→fn main() {\n     4→    println!(\"hello\");\n     5→}";
         assert!(is_line_numbered_output(text));
     }
 
diff --git a/crates/parsers/src/cursor/parse.rs b/crates/parsers/src/cursor/parse.rs
index 1ef03f04..5f7deba3 100644
--- a/crates/parsers/src/cursor/parse.rs
+++ b/crates/parsers/src/cursor/parse.rs
@@ -570,11 +570,7 @@ fn convert_bubbles_to_events(
             let start = ti.client_start_time.or(ti.start_time)?;
             let end = ti.client_end_time.or(ti.end_time)?;
             let d = end - start;
-            if d > 0.0 {
-                Some(d as u64)
-            } else {
-                None
-            }
+            if d > 0.0 { Some(d as u64) } else { None }
         });
 
         match bubble.bubble_type {
@@ -989,9 +985,11 @@ mod tests {
             event.event_type,
             EventType::ToolCall { .. } | EventType::ShellCommand { .. }
         )));
-        assert!(events
-            .iter()
-            .any(|event| matches!(event.event_type, EventType::ToolResult { .. })));
+        assert!(
+            events
+                .iter()
+                .any(|event| matches!(event.event_type, EventType::ToolResult { .. }))
+        );
     }
 
     #[test]
diff --git a/crates/parsers/src/discover.rs b/crates/parsers/src/discover.rs
index c6928a30..89364684 100644
--- a/crates/parsers/src/discover.rs
+++ b/crates/parsers/src/discover.rs
@@ -356,13 +356,25 @@ mod tests {
     impl Drop for EnvVarRestore {
         fn drop(&mut self) {
             if let Some(ref previous) = self.previous {
-                std::env::set_var(self.key, previous);
+                set_env_for_test(self.key, previous);
             } else {
-                std::env::remove_var(self.key);
+                remove_env_for_test(self.key);
             }
         }
     }
 
+    fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
+        // SAFETY: these tests hold env_test_lock() while mutating process environment, so the
+        // mutation is serialized within the module and not concurrent with other test env access.
+        unsafe { std::env::set_var(key, value) };
+    }
+
+    fn remove_env_for_test(key: &str) {
+        // SAFETY: these tests hold env_test_lock() while mutating process environment, so the
+        // mutation is serialized within the module and not concurrent with other test env access.
+        unsafe { std::env::remove_var(key) };
+    }
+
     #[test]
     fn codex_rollout_matcher_only_accepts_rollout_files() {
         assert!(is_codex_rollout_session_file(Path::new(
@@ -399,21 +411,29 @@ mod tests {
         std::fs::write(sessions_dir.join("summary.jsonl"), "{}\n").expect("summary");
         std::fs::write(sessions_dir.join("notes.jsonl"), "{}\n").expect("notes");
 
-        std::env::set_var("CODEX_HOME", &root);
+        set_env_for_test("CODEX_HOME", &root);
         let found = find_codex_sessions(Path::new("/this/home/path/does/not/exist"));
 
-        assert!(found
-            .iter()
-            .any(|path| path.ends_with(Path::new("rollout-1.jsonl"))));
-        assert!(found
-            .iter()
-            .any(|path| path.ends_with(Path::new("rollout.jsonl"))));
-        assert!(!found
-            .iter()
-            .any(|path| path.ends_with(Path::new("summary.jsonl"))));
-        assert!(!found
-            .iter()
-            .any(|path| path.ends_with(Path::new("notes.jsonl"))));
+        assert!(
+            found
+                .iter()
+                .any(|path| path.ends_with(Path::new("rollout-1.jsonl")))
+        );
+        assert!(
+            found
+                .iter()
+                .any(|path| path.ends_with(Path::new("rollout.jsonl")))
+        );
+        assert!(
+            !found
+                .iter()
+                .any(|path| path.ends_with(Path::new("summary.jsonl")))
+        );
+        assert!(
+            !found
+                .iter()
+                .any(|path| path.ends_with(Path::new("notes.jsonl")))
+        );
 
         std::fs::remove_dir_all(&root).ok();
         drop(restore);
diff --git a/crates/parsers/src/gemini.rs b/crates/parsers/src/gemini.rs
index e392651e..d4f082aa 100644
--- a/crates/parsers/src/gemini.rs
+++ b/crates/parsers/src/gemini.rs
@@ -1,7 +1,7 @@
+use crate::SessionParser;
 use crate::common::{
     attach_semantic_attrs, attach_source_attrs, infer_tool_kind, normalize_role_label, set_first,
 };
-use crate::SessionParser;
 use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
 use opensession_core::trace::{
@@ -1228,14 +1228,18 @@ mod tests {
 
         let parsed = parse_json(&path).expect("parse gemini json");
         assert_eq!(parsed.session_id, "parts-123");
-        assert!(parsed
-            .events
-            .iter()
-            .any(|e| matches!(e.event_type, EventType::UserMessage)));
-        assert!(parsed
-            .events
-            .iter()
-            .any(|e| matches!(e.event_type, EventType::AgentMessage)));
+        assert!(
+            parsed
+                .events
+                .iter()
+                .any(|e| matches!(e.event_type, EventType::UserMessage))
+        );
+        assert!(
+            parsed
+                .events
+                .iter()
+                .any(|e| matches!(e.event_type, EventType::AgentMessage))
+        );
         assert!(parsed.events.iter().all(|e| {
             e.attributes
                 .get("source.schema_version")
diff --git a/crates/parsers/src/incremental.rs b/crates/parsers/src/incremental.rs
index 7ac6cd31..1cebefc2 100644
--- a/crates/parsers/src/incremental.rs
+++ b/crates/parsers/src/incremental.rs
@@ -8,7 +8,7 @@ use opensession_core::trace::{Agent, Event, SessionContext};
 use std::collections::HashMap;
 
 use crate::claude_code::{
-    parse_timestamp, process_assistant_entry, process_user_entry, RawConversationEntry, RawEntry,
+    RawConversationEntry, RawEntry, parse_timestamp, process_assistant_entry, process_user_entry,
 };
 use crate::common::ToolUseInfo;
 
diff --git a/crates/parsers/src/ingest.rs b/crates/parsers/src/ingest.rs
index 1e9fff88..6240a944 100644
--- a/crates/parsers/src/ingest.rs
+++ b/crates/parsers/src/ingest.rs
@@ -1,4 +1,4 @@
-use anyhow::{anyhow, Context, Result};
+use anyhow::{Context, Result, anyhow};
 use opensession_core::trace::Session;
 use std::fmt;
 use std::io::Write;
@@ -394,10 +394,12 @@ mod tests {
         )
         .expect("fallback should parse as hail");
         assert_eq!(preview.parser_used, "hail");
-        assert!(preview
-            .warnings
-            .iter()
-            .any(|w| w.contains("parser_hint 'cursor' failed")));
+        assert!(
+            preview
+                .warnings
+                .iter()
+                .any(|w| w.contains("parser_hint 'cursor' failed"))
+        );
     }
 
     #[test]
diff --git a/crates/parsers/src/opencode.rs b/crates/parsers/src/opencode.rs
index 5f5b6100..9280b11c 100644
--- a/crates/parsers/src/opencode.rs
+++ b/crates/parsers/src/opencode.rs
@@ -1,5 +1,5 @@
-use crate::common::{attach_semantic_attrs, attach_source_attrs, infer_tool_kind, set_first};
 use crate::SessionParser;
+use crate::common::{attach_semantic_attrs, attach_source_attrs, infer_tool_kind, set_first};
 use anyhow::{Context, Result};
 use chrono::{DateTime, TimeZone, Utc};
 use opensession_core::trace::{Agent, Content, Event, EventType, Session, SessionContext};
@@ -1260,10 +1260,12 @@ mod tests {
 
         let session =
             parse_opencode_session(&session_dir.join("ses_fallback.json")).expect("parse session");
-        assert!(session
-            .events
-            .iter()
-            .any(|event| matches!(event.event_type, EventType::AgentMessage)));
+        assert!(
+            session
+                .events
+                .iter()
+                .any(|event| matches!(event.event_type, EventType::AgentMessage))
+        );
         assert_eq!(session.agent.provider, "openai");
         assert_eq!(session.agent.model, "gpt-5.2-codex");
         assert_eq!(
@@ -1439,10 +1441,12 @@ mod tests {
         let session = parse_opencode_session(&session_dir.join("ses_patch_summary.json"))
             .expect("parse patch summary session");
 
-        assert!(!session
-            .events
-            .iter()
-            .any(|event| matches!(&event.event_type, EventType::FileEdit { .. })));
+        assert!(
+            !session
+                .events
+                .iter()
+                .any(|event| matches!(&event.event_type, EventType::FileEdit { .. }))
+        );
         assert!(session.events.iter().any(|event| {
             matches!(
                 &event.event_type,
diff --git a/crates/parsers/tests/claude_code_team.rs b/crates/parsers/tests/claude_code_team.rs
index cd71e43f..6a7ecf2e 100644
--- a/crates/parsers/tests/claude_code_team.rs
+++ b/crates/parsers/tests/claude_code_team.rs
@@ -1,14 +1,16 @@
+use opensession_parsers::SessionParser;
 /// Integration test: parse a real Claude Code team session with subagents.
 /// Run with: cargo test -p opensession-parsers --test claude_code_team -- --ignored --nocapture
 use opensession_parsers::claude_code::ClaudeCodeParser;
-use opensession_parsers::SessionParser;
 use std::path::Path;
 
 #[test]
 #[ignore] // requires real session file
 fn test_parse_team_session_with_subagents() {
     let parser = ClaudeCodeParser;
-    let path = Path::new("/Users/hwisookim/.claude/projects/-Users-hwisookim-opensession/b7655a2e-2241-46cb-8f31-d116dbdfcbce.jsonl");
+    let path = Path::new(
+        "/Users/hwisookim/.claude/projects/-Users-hwisookim-opensession/b7655a2e-2241-46cb-8f31-d116dbdfcbce.jsonl",
+    );
 
     if !path.exists() {
         eprintln!("Skipping: test file not found");
diff --git a/crates/parsers/tests/parser_conformance.rs b/crates/parsers/tests/parser_conformance.rs
index 511d84fc..0c335211 100644
--- a/crates/parsers/tests/parser_conformance.rs
+++ b/crates/parsers/tests/parser_conformance.rs
@@ -1,7 +1,7 @@
 use opensession_core::trace::{
-    EventType, ATTR_SEMANTIC_CALL_ID, ATTR_SOURCE_RAW_TYPE, ATTR_SOURCE_SCHEMA_VERSION,
+    ATTR_SEMANTIC_CALL_ID, ATTR_SOURCE_RAW_TYPE, ATTR_SOURCE_SCHEMA_VERSION, EventType,
 };
-use opensession_parsers::{all_parsers, SessionParser};
+use opensession_parsers::{SessionParser, all_parsers};
 use rusqlite::Connection;
 use std::path::{Path, PathBuf};
 
@@ -66,10 +66,12 @@ fn parser_conformance_fixtures_cover_five_tools() {
     let codex_session = codex
         .parse(&fixtures.join("codex/rollout-desktop.jsonl"))
         .expect("parse codex fixture");
-    assert!(codex_session
-        .events
-        .iter()
-        .any(|event| matches!(event.event_type, EventType::Thinking)));
+    assert!(
+        codex_session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::Thinking))
+    );
     assert!(codex_session.events.iter().any(|event| {
         matches!(
             event.event_type,
@@ -163,14 +165,18 @@ fn parser_conformance_fixtures_cover_five_tools() {
     let gemini_session = gemini
         .parse(&fixtures.join("gemini/session-parts.json"))
         .expect("parse gemini fixture");
-    assert!(gemini_session
-        .events
-        .iter()
-        .any(|event| matches!(event.event_type, EventType::UserMessage)));
-    assert!(gemini_session
-        .events
-        .iter()
-        .any(|event| matches!(event.event_type, EventType::AgentMessage)));
+    assert!(
+        gemini_session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::UserMessage))
+    );
+    assert!(
+        gemini_session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::AgentMessage))
+    );
     assert!(gemini_session.events.iter().all(|event| {
         event
             .attributes
@@ -273,10 +279,12 @@ fn parser_conformance_fixtures_cover_five_tools() {
     let cursor_db = build_cursor_fixture_db(&fixtures);
     let cursor = parser_by_name("cursor");
     let cursor_session = cursor.parse(&cursor_db).expect("parse cursor fixture db");
-    assert!(cursor_session
-        .events
-        .iter()
-        .any(|event| matches!(event.event_type, EventType::TaskStart { .. })));
+    assert!(
+        cursor_session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::TaskStart { .. }))
+    );
     assert!(cursor_session.events.iter().any(|event| {
         matches!(
             event.event_type,
diff --git a/crates/runtime-config/Cargo.toml b/crates/runtime-config/Cargo.toml
index d36404b2..a8fdb75d 100644
--- a/crates/runtime-config/Cargo.toml
+++ b/crates/runtime-config/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-runtime-config"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 description = "Shared runtime configuration types for daemon/TUI"
diff --git a/crates/server/Cargo.toml b/crates/server/Cargo.toml
index 2f5bcff1..fb1789d7 100644
--- a/crates/server/Cargo.toml
+++ b/crates/server/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-server"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 homepage.workspace = true
diff --git a/crates/server/src/app_config.rs b/crates/server/src/app_config.rs
index f5507c31..52108fc8 100644
--- a/crates/server/src/app_config.rs
+++ b/crates/server/src/app_config.rs
@@ -139,6 +139,18 @@ mod tests {
 
     static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
 
+    fn set_env_for_test(key: &'static str, value: &str) {
+        // SAFETY: server bootstrap tests guard environment mutation with TEST_ENV_LOCK, so these
+        // mutations are serialized and not concurrent with other environment access in this module.
+        unsafe { std::env::set_var(key, value) };
+    }
+
+    fn remove_env_for_test(key: &'static str) {
+        // SAFETY: server bootstrap tests guard environment mutation with TEST_ENV_LOCK, so these
+        // mutations are serialized and not concurrent with other environment access in this module.
+        unsafe { std::env::remove_var(key) };
+    }
+
     struct EnvVarGuard {
         key: &'static str,
         previous: Option<String>,
@@ -147,13 +159,13 @@ mod tests {
     impl EnvVarGuard {
         fn set(key: &'static str, value: &str) -> Self {
             let previous = std::env::var(key).ok();
-            std::env::set_var(key, value);
+            set_env_for_test(key, value);
             Self { key, previous }
         }
 
         fn clear(key: &'static str) -> Self {
             let previous = std::env::var(key).ok();
-            std::env::remove_var(key);
+            remove_env_for_test(key);
             Self { key, previous }
         }
     }
@@ -161,9 +173,9 @@ mod tests {
     impl Drop for EnvVarGuard {
         fn drop(&mut self) {
             if let Some(previous) = self.previous.take() {
-                std::env::set_var(self.key, previous);
+                set_env_for_test(self.key, &previous);
             } else {
-                std::env::remove_var(self.key);
+                remove_env_for_test(self.key);
             }
         }
     }
diff --git a/crates/server/src/error.rs b/crates/server/src/error.rs
index 52f4c49d..91a24313 100644
--- a/crates/server/src/error.rs
+++ b/crates/server/src/error.rs
@@ -1,7 +1,7 @@
 use axum::{
+    Json,
     http::StatusCode,
     response::{IntoResponse, Response},
-    Json,
 };
 use opensession_api::ServiceError;
 use std::fmt;
diff --git a/crates/server/src/main.rs b/crates/server/src/main.rs
index d17e8313..412aff8e 100644
--- a/crates/server/src/main.rs
+++ b/crates/server/src/main.rs
@@ -4,13 +4,13 @@ mod routes;
 mod storage;
 
 use axum::{
+    Router,
     extract::{DefaultBodyLimit, FromRef},
     http::{
-        header::{AUTHORIZATION, CONTENT_TYPE},
         HeaderName, HeaderValue, Method,
+        header::{AUTHORIZATION, CONTENT_TYPE},
     },
     routing::{delete, get, post, put},
-    Router,
 };
 use tower_http::cors::CorsLayer;
 use tower_http::services::{ServeDir, ServeFile};
diff --git a/crates/server/src/routes/admin.rs b/crates/server/src/routes/admin.rs
index 7cb88038..d062c9f9 100644
--- a/crates/server/src/routes/admin.rs
+++ b/crates/server/src/routes/admin.rs
@@ -1,13 +1,13 @@
 use axum::{
+    Json,
     extract::{Path, State},
     http::HeaderMap,
-    Json,
 };
-use opensession_api::{db, OkResponse, SessionSummary};
+use opensession_api::{OkResponse, SessionSummary, db};
 
-use crate::error::ApiErr;
-use crate::storage::{session_from_row, sq_execute, sq_query_row, Db};
 use crate::AppConfig;
+use crate::error::ApiErr;
+use crate::storage::{Db, session_from_row, sq_execute, sq_query_row};
 
 /// DELETE /api/admin/sessions/:id — delete a session (admin key required).
 pub async fn delete_session(
diff --git a/crates/server/src/routes/auth.rs b/crates/server/src/routes/auth.rs
index 837d514b..4ff3d368 100644
--- a/crates/server/src/routes/auth.rs
+++ b/crates/server/src/routes/auth.rs
@@ -1,23 +1,23 @@
 use axum::{
+    Json,
     body::Bytes,
     extract::{FromRef, FromRequestParts, Path, State},
-    http::{header, request::Parts, HeaderMap, HeaderValue, StatusCode},
+    http::{HeaderMap, HeaderValue, StatusCode, header, request::Parts},
     response::{IntoResponse, Response},
-    Json,
 };
 use serde::Serialize;
 use uuid::Uuid;
 
 use opensession_api::{
-    crypto, db as dbq, oauth, service, service::AuthToken, AuthRegisterRequest, AuthTokenResponse,
-    ChangePasswordRequest, CreateGitCredentialRequest, GitCredentialSummary, IssueApiKeyResponse,
-    ListGitCredentialsResponse, LoginRequest, OkResponse, RefreshRequest, UserSettingsResponse,
-    VerifyResponse,
+    AuthRegisterRequest, AuthTokenResponse, ChangePasswordRequest, CreateGitCredentialRequest,
+    GitCredentialSummary, IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest,
+    OkResponse, RefreshRequest, UserSettingsResponse, VerifyResponse, crypto, db as dbq, oauth,
+    service, service::AuthToken,
 };
 
-use crate::error::ApiErr;
-use crate::storage::{sq_execute, sq_query_map, sq_query_row, Db};
 use crate::AppConfig;
+use crate::error::ApiErr;
+use crate::storage::{Db, sq_execute, sq_query_map, sq_query_row};
 
 const ACCESS_COOKIE_NAME: &str = "opensession_access_token";
 const REFRESH_COOKIE_NAME: &str = "opensession_refresh_token";
@@ -434,7 +434,7 @@ pub async fn login(
         _ => {
             return Err(ApiErr::unauthorized(
                 "this account uses OAuth login, not email/password",
-            ))
+            ));
         }
     };
 
@@ -535,7 +535,7 @@ pub async fn change_password(
         _ => {
             return Err(ApiErr::bad_request(
                 "cannot change password for OAuth-only account",
-            ))
+            ));
         }
     };
 
diff --git a/crates/server/src/routes/capabilities.rs b/crates/server/src/routes/capabilities.rs
index 438077de..7feaa84c 100644
--- a/crates/server/src/routes/capabilities.rs
+++ b/crates/server/src/routes/capabilities.rs
@@ -1,4 +1,4 @@
-use axum::{extract::State, Json};
+use axum::{Json, extract::State};
 use opensession_api::CapabilitiesResponse;
 
 use crate::AppConfig;
diff --git a/crates/server/src/routes/docs.rs b/crates/server/src/routes/docs.rs
index 4bf3ff2d..89558040 100644
--- a/crates/server/src/routes/docs.rs
+++ b/crates/server/src/routes/docs.rs
@@ -1,5 +1,5 @@
 use axum::{
-    http::{header, HeaderMap, StatusCode},
+    http::{HeaderMap, StatusCode, header},
     response::{IntoResponse, Response},
 };
 
diff --git a/crates/server/src/routes/ingest.rs b/crates/server/src/routes/ingest.rs
index e51b0175..e662acab 100644
--- a/crates/server/src/routes/ingest.rs
+++ b/crates/server/src/routes/ingest.rs
@@ -3,20 +3,20 @@ use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
 use std::time::Duration;
 
 use axum::{
+    Json,
     extract::State,
     http::{HeaderMap, StatusCode},
-    Json,
 };
 use base64::Engine;
 use opensession_api::{
-    db as dbq, ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
-    ParsePreviewResponse, ParseSource,
+    ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
+    ParsePreviewResponse, ParseSource, db as dbq,
 };
 use opensession_parsers::ingest::{self as parser_ingest, ParseError as ParserParseError};
 use reqwest::header::CONTENT_TYPE;
 
-use crate::storage::{sq_execute, sq_query_map, sq_query_row, Db};
 use crate::AppConfig;
+use crate::storage::{Db, sq_execute, sq_query_map, sq_query_row};
 
 const FETCH_TIMEOUT_SECS: u64 = 10;
 const MAX_SOURCE_SIZE_BYTES: usize = 10 * 1024 * 1024;
diff --git a/crates/server/src/routes/oauth.rs b/crates/server/src/routes/oauth.rs
index a27abbab..7018e3bd 100644
--- a/crates/server/src/routes/oauth.rs
+++ b/crates/server/src/routes/oauth.rs
@@ -1,20 +1,19 @@
 use axum::{
+    Json,
     extract::{Path, Query, State},
-    http::{header, HeaderMap, HeaderValue},
+    http::{HeaderMap, HeaderValue, header},
     response::{IntoResponse, Redirect, Response},
-    Json,
 };
 use uuid::Uuid;
 
 use opensession_api::{
-    crypto, db as dbq,
+    OAuthLinkResponse, crypto, db as dbq,
     oauth::{self, AuthProvidersResponse, OAuthProviderConfig, OAuthProviderInfo},
-    OAuthLinkResponse,
 };
 
 use super::auth::AuthUser;
 use crate::error::ApiErr;
-use crate::storage::{sq_execute, sq_query_row, Db};
+use crate::storage::{Db, sq_execute, sq_query_row};
 use crate::{AppConfig, AppState};
 
 // ---------------------------------------------------------------------------
@@ -480,7 +479,7 @@ pub async fn link(
 
 #[cfg(test)]
 mod tests {
-    use axum::http::{header, HeaderMap, HeaderValue};
+    use axum::http::{HeaderMap, HeaderValue, header};
 
     use super::resolve_base_url;
 
diff --git a/crates/server/src/routes/review.rs b/crates/server/src/routes/review.rs
index 1f716238..4f3bc206 100644
--- a/crates/server/src/routes/review.rs
+++ b/crates/server/src/routes/review.rs
@@ -1,11 +1,11 @@
 use axum::{
-    extract::{Path, State},
     Json,
+    extract::{Path, State},
 };
 use opensession_api::LocalReviewBundle;
 
-use crate::error::ApiErr;
 use crate::AppConfig;
+use crate::error::ApiErr;
 
 /// GET /api/review/local/:review_id — load a local PR review bundle.
 pub async fn get_local_review_bundle(
diff --git a/crates/server/src/routes/sessions.rs b/crates/server/src/routes/sessions.rs
index 2441eabc..fa077e97 100644
--- a/crates/server/src/routes/sessions.rs
+++ b/crates/server/src/routes/sessions.rs
@@ -1,19 +1,19 @@
 use axum::{
+    Json,
     extract::{Path, Query, State},
-    http::{header, HeaderMap, HeaderValue, StatusCode},
+    http::{HeaderMap, HeaderValue, StatusCode, header},
     response::IntoResponse,
-    Json,
 };
 
 use opensession_api::{
-    db, LinkType, SessionDetail, SessionLink, SessionListQuery, SessionListResponse,
-    SessionRepoListResponse, SessionSummary,
+    LinkType, SessionDetail, SessionLink, SessionListQuery, SessionListResponse,
+    SessionRepoListResponse, SessionSummary, db,
 };
 
+use crate::AppConfig;
 use crate::error::ApiErr;
 use crate::routes::auth::AuthUser;
-use crate::storage::{session_from_row, sq_query_map, sq_query_row, Db};
-use crate::AppConfig;
+use crate::storage::{Db, session_from_row, sq_query_map, sq_query_row};
 
 const PUBLIC_LIST_CACHE_CONTROL: &str = "public, max-age=30, stale-while-revalidate=60";
 
@@ -208,7 +208,7 @@ pub async fn get_session_raw(
 
 #[cfg(test)]
 mod tests {
-    use super::{can_access_session_list, resolve_raw_body_source, RawBodySource};
+    use super::{RawBodySource, can_access_session_list, resolve_raw_body_source};
 
     #[test]
     fn session_list_access_rules_follow_public_feed_flag() {
diff --git a/crates/server/src/storage.rs b/crates/server/src/storage.rs
index f3eda7a6..70ea926b 100644
--- a/crates/server/src/storage.rs
+++ b/crates/server/src/storage.rs
@@ -3,8 +3,8 @@ use rusqlite::Connection;
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, Mutex};
 
-use opensession_api::db;
 use opensession_api::SessionSummary;
+use opensession_api::db;
 
 /// Shared database state
 #[derive(Clone)]
diff --git a/crates/summary/Cargo.toml b/crates/summary/Cargo.toml
index fb7a13f9..f9e53434 100644
--- a/crates/summary/Cargo.toml
+++ b/crates/summary/Cargo.toml
@@ -2,6 +2,7 @@
 name = "opensession-summary"
 version.workspace = true
 edition.workspace = true
+rust-version.workspace = true
 license.workspace = true
 repository.workspace = true
 homepage.workspace = true
diff --git a/crates/summary/src/git.rs b/crates/summary/src/git.rs
index 5638923b..eec18fff 100644
--- a/crates/summary/src/git.rs
+++ b/crates/summary/src/git.rs
@@ -453,8 +453,8 @@ fn diff_preview_lines(raw: &str, max_lines: usize, max_chars: usize) -> Vec<Stri
 #[cfg(test)]
 mod tests {
     use super::{
-        parse_git_name_status, parse_git_numstat, GitCommandRunner, GitSummaryContext,
-        GitSummaryService,
+        GitCommandRunner, GitSummaryContext, GitSummaryService, parse_git_name_status,
+        parse_git_numstat,
     };
     use crate::types::HailCompactFileChange;
     use std::collections::HashMap;
@@ -616,7 +616,9 @@ mod tests {
                 ),
                 MockRunner::with(
                     &["status", "--short", "--untracked-files=normal"],
-                    Ok("M src/app.rs\nA new/file.rs\nD old/file.rs\n?? scratch.txt\nline5\nline6\nline7\nline8\n"),
+                    Ok(
+                        "M src/app.rs\nA new/file.rs\nD old/file.rs\n?? scratch.txt\nline5\nline6\nline7\nline8\n",
+                    ),
                 ),
             ]),
         };
@@ -633,14 +635,18 @@ mod tests {
         );
         assert_eq!(context.timeline_signals.len(), 7);
         assert_eq!(context.file_changes.len(), 4);
-        assert!(context
-            .file_changes
-            .iter()
-            .any(|change| change.path == "scratch.txt" && change.operation == "create"));
-        assert!(context
-            .file_changes
-            .iter()
-            .any(|change| change.path == "old/file.rs" && change.operation == "delete"));
+        assert!(
+            context
+                .file_changes
+                .iter()
+                .any(|change| change.path == "scratch.txt" && change.operation == "create")
+        );
+        assert!(
+            context
+                .file_changes
+                .iter()
+                .any(|change| change.path == "old/file.rs" && change.operation == "delete")
+        );
     }
 
     #[test]
@@ -716,9 +722,11 @@ mod tests {
             lines.first().map(String::as_str),
             Some("added.txt [create]")
         );
-        assert!(lines
-            .iter()
-            .any(|line| line.contains("new file mode 100644")));
+        assert!(
+            lines
+                .iter()
+                .any(|line| line.contains("new file mode 100644"))
+        );
         assert!(lines.iter().any(|line| line.contains("+line-1")));
 
         std::fs::remove_dir_all(&repo_root).ok();
diff --git a/crates/summary/src/lib.rs b/crates/summary/src/lib.rs
index ddd2714d..1ed39c48 100644
--- a/crates/summary/src/lib.rs
+++ b/crates/summary/src/lib.rs
@@ -3,14 +3,14 @@ pub mod prompt;
 pub mod provider;
 pub mod text;
 pub mod types;
-pub use prompt::{validate_summary_prompt_template, DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2};
+pub use prompt::{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2, validate_summary_prompt_template};
 
 use crate::git::{GitSummaryContext, GitSummaryService, ShellGitCommandRunner};
 use crate::prompt::{
-    build_summary_prompt, classify_arch_layer, collect_file_changes, collect_timeline_snippets,
-    contains_auth_security_keyword, SummaryPromptConfig,
+    SummaryPromptConfig, build_summary_prompt, classify_arch_layer, collect_file_changes,
+    collect_timeline_snippets, contains_auth_security_keyword,
 };
-use crate::provider::{generate_summary, SemanticSummary};
+use crate::provider::{SemanticSummary, generate_summary};
 use crate::text::compact_summary_snippet;
 use crate::types::HailCompactFileChange;
 use opensession_core::trace::{Agent, ContentBlock, Event, EventType, Session};
@@ -596,9 +596,9 @@ fn parse_diff_hunks(diff: &str) -> Vec<DiffHunkNode> {
 #[cfg(test)]
 mod tests {
     use super::{
+        DiffLayerNode, GitSummaryRequest, SummaryGenerationKind, SummarySourceKind,
         build_diff_tree, default_event_snippet, heuristic_summary, parse_diff_hunks,
-        summarize_session, DiffLayerNode, GitSummaryRequest, SummaryGenerationKind,
-        SummarySourceKind,
+        summarize_session,
     };
     use crate::types::HailCompactFileChange;
     use chrono::Utc;
diff --git a/crates/summary/src/prompt.rs b/crates/summary/src/prompt.rs
index 9ff8c3f3..187e2ce4 100644
--- a/crates/summary/src/prompt.rs
+++ b/crates/summary/src/prompt.rs
@@ -635,9 +635,9 @@ fn collect_auth_security_signals(
 #[cfg(test)]
 mod tests {
     use super::{
-        build_summary_prompt, classify_arch_layer, collect_file_changes, collect_timeline_snippets,
+        DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2, SummaryPromptConfig, build_summary_prompt,
+        classify_arch_layer, collect_file_changes, collect_timeline_snippets,
         contains_auth_security_keyword, count_diff_stats, validate_summary_prompt_template,
-        SummaryPromptConfig, DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2,
     };
     use crate::types::HailCompactFileChange;
     use chrono::Utc;
diff --git a/crates/summary/src/provider.rs b/crates/summary/src/provider.rs
index 710ad594..5a4db35b 100644
--- a/crates/summary/src/provider.rs
+++ b/crates/summary/src/provider.rs
@@ -507,8 +507,8 @@ fn find_json_object_slice(raw: &str) -> Option<&str> {
 #[cfg(test)]
 mod tests {
     use super::{
-        normalize_summary_text, parse_ollama_list_output, parse_semantic_summary,
-        parse_semantic_summary_or_fallback, SemanticSummary,
+        SemanticSummary, normalize_summary_text, parse_ollama_list_output, parse_semantic_summary,
+        parse_semantic_summary_or_fallback,
     };
     use opensession_runtime_config::{SummaryOutputShape, SummaryResponseStyle, SummarySettings};
 
diff --git a/crates/worker/Cargo.toml b/crates/worker/Cargo.toml
index 8b4dc86f..da042a1a 100644
--- a/crates/worker/Cargo.toml
+++ b/crates/worker/Cargo.toml
@@ -1,7 +1,8 @@
 [package]
 name = "opensession-worker"
 version = "0.2.0"
-edition = "2021"
+edition = "2024"
+rust-version = "1.93"
 license = "MIT"
 description = "Cloudflare Workers backend for opensession.io"
 
@@ -22,8 +23,10 @@ getrandom = { version = "0.2", features = ["js"] }
 
 [lints.clippy]
 all = { level = "warn", priority = -1 }
-collapsible_if = "warn"
+collapsible_else_if = "allow"
+collapsible_if = "allow"
 empty_line_after_doc_comments = "warn"
+field_reassign_with_default = "allow"
 needless_return = "warn"
 redundant_closure = "warn"
 single_match = "warn"
diff --git a/crates/worker/src/routes/auth.rs b/crates/worker/src/routes/auth.rs
index 8b8d27df..a8c11341 100644
--- a/crates/worker/src/routes/auth.rs
+++ b/crates/worker/src/routes/auth.rs
@@ -1,11 +1,10 @@
 use opensession_api::{
-    crypto, db as dbq,
+    AuthRegisterRequest, AuthTokenResponse, CreateGitCredentialRequest, GitCredentialSummary,
+    IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest, LogoutRequest, OkResponse,
+    RefreshRequest, ServiceError, UserSettingsResponse, VerifyResponse, crypto, db as dbq,
     oauth::{self, AuthProvidersResponse, OAuthProviderConfig, OAuthProviderInfo},
     service,
     service::AuthToken,
-    AuthRegisterRequest, AuthTokenResponse, CreateGitCredentialRequest, GitCredentialSummary,
-    IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest, LogoutRequest, OkResponse,
-    RefreshRequest, ServiceError, UserSettingsResponse, VerifyResponse,
 };
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
@@ -92,11 +91,7 @@ struct GitCredentialSummaryRow {
 
 fn now_unix() -> u64 {
     let now = chrono::Utc::now().timestamp();
-    if now < 0 {
-        0
-    } else {
-        now as u64
-    }
+    if now < 0 { 0 } else { now as u64 }
 }
 
 fn now_sqlite_datetime() -> String {
@@ -286,9 +281,8 @@ async fn d1_first<T: for<'de> Deserialize<'de>>(
         .prepare(&sql)
         .bind(&values_to_js(&values))
         .map_err(|e| service_internal(context, e))?;
-    stmt.first(None)
-        .await
-        .map_err(|e| service_internal(context, e))
+    let result = stmt.first(None).await;
+    result.map_err(|e| service_internal(context, e))
 }
 
 async fn d1_all<T: for<'de> Deserialize<'de>>(
@@ -536,13 +530,10 @@ async fn fetch_json(
         .map_err(|e| service_internal(context, e))?;
 
     let req = Request::new_with_init(url, &init).map_err(|e| service_internal(context, e))?;
-    let mut resp = Fetch::Request(req)
-        .send()
-        .await
-        .map_err(|e| service_internal(context, e))?;
-    resp.json::<serde_json::Value>()
-        .await
-        .map_err(|e| service_internal(context, e))
+    let response = Fetch::Request(req).send().await;
+    let mut resp = response.map_err(|e| service_internal(context, e))?;
+    let json = resp.json::<serde_json::Value>().await;
+    json.map_err(|e| service_internal(context, e))
 }
 
 pub async fn providers(_req: Request, ctx: RouteContext<()>) -> Result<Response> {
@@ -664,7 +655,7 @@ pub async fn login(mut req: Request, ctx: RouteContext<()>) -> Result<Response>
             _ => {
                 return Err(opensession_api::ServiceError::Unauthorized(
                     "this account uses OAuth login, not email/password".into(),
-                ))
+                ));
             }
         };
 
@@ -836,7 +827,8 @@ pub async fn verify(req: Request, ctx: RouteContext<()>) -> Result<Response> {
         Err(err) => return service_internal("load d1 binding", err).into_err_response(),
     };
 
-    match authenticate(&req, &d1, &config).await {
+    let auth_result = authenticate(&req, &d1, &config).await;
+    match auth_result {
         Ok(user) => json_response(
             &VerifyResponse {
                 user_id: user.user_id,
diff --git a/crates/worker/src/routes/parse.rs b/crates/worker/src/routes/parse.rs
index 2a056d32..905b6b91 100644
--- a/crates/worker/src/routes/parse.rs
+++ b/crates/worker/src/routes/parse.rs
@@ -3,8 +3,8 @@ use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
 
 use base64::Engine;
 use opensession_api::{
-    db as dbq, ParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
-    ParsePreviewResponse, ParseSource, Session,
+    ParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest, ParsePreviewResponse,
+    ParseSource, Session, db as dbq,
 };
 use serde::Deserialize;
 use worker::*;
@@ -894,9 +894,8 @@ async fn d1_first<T: for<'de> Deserialize<'de>>(
         .prepare(&sql)
         .bind(&values_to_js(&values))
         .map_err(|_| PreviewRouteError::fetch_failed(context))?;
-    stmt.first(None)
-        .await
-        .map_err(|_| PreviewRouteError::fetch_failed(context))
+    let result = stmt.first(None).await;
+    result.map_err(|_| PreviewRouteError::fetch_failed(context))
 }
 
 async fn d1_all<T: for<'de> Deserialize<'de>>(
@@ -1188,10 +1187,12 @@ mod tests {
             preview_parse_bytes("session.hail.jsonl", minimal_hail_jsonl().as_bytes(), None)
                 .expect("hail jsonl should parse");
         assert_eq!(result.parser_used, "hail");
-        assert!(result
-            .parser_candidates
-            .iter()
-            .any(|candidate| candidate.id == "hail"));
+        assert!(
+            result
+                .parser_candidates
+                .iter()
+                .any(|candidate| candidate.id == "hail")
+        );
     }
 
     #[test]
diff --git a/crates/worker/src/routes/sessions.rs b/crates/worker/src/routes/sessions.rs
index 09973217..343349a2 100644
--- a/crates/worker/src/routes/sessions.rs
+++ b/crates/worker/src/routes/sessions.rs
@@ -273,7 +273,8 @@ pub async fn get_raw(_req: Request, ctx: RouteContext<()>) -> Result<Response> {
     }
 
     // Fetch from R2
-    match storage::get_session_body(&ctx.env, &row.body_storage_key).await? {
+    let body = storage::get_session_body(&ctx.env, &row.body_storage_key).await?;
+    match body {
         Some(bytes) => {
             let headers = Headers::new();
             headers.set("Content-Type", "application/jsonl")?;
diff --git a/crates/worker/src/storage.rs b/crates/worker/src/storage.rs
index b78b0d67..36a98814 100644
--- a/crates/worker/src/storage.rs
+++ b/crates/worker/src/storage.rs
@@ -261,7 +261,9 @@ pub fn get_r2(env: &Env) -> Result<Bucket> {
 /// Retrieve a raw session body from R2.
 pub async fn get_session_body(env: &Env, key: &str) -> Result<Option<Vec<u8>>> {
     let bucket = get_r2(env)?;
-    match bucket.get(key).execute().await? {
+    let request = bucket.get(key);
+    let object = request.execute().await?;
+    match object {
         Some(object) => {
             let bytes = object.body().unwrap().bytes().await?;
             Ok(Some(bytes))
diff --git a/desktop/src-tauri/Cargo.toml b/desktop/src-tauri/Cargo.toml
index b8d79ba1..5a6aa735 100644
--- a/desktop/src-tauri/Cargo.toml
+++ b/desktop/src-tauri/Cargo.toml
@@ -2,7 +2,8 @@
 name = "opensession-desktop"
 version = "0.2.34"
 description = "OpenSession desktop preview shell (Tauri + shared web UI)"
-edition = "2021"
+edition = "2024"
+rust-version = "1.93"
 publish = false
 
 [build-dependencies]
@@ -24,4 +25,14 @@ toml = "0.8"
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "json", "rustls-tls"] }
 base64 = "0.22"
 
+[lints.clippy]
+all = { level = "warn", priority = -1 }
+collapsible_else_if = "allow"
+collapsible_if = "allow"
+empty_line_after_doc_comments = "warn"
+field_reassign_with_default = "allow"
+needless_return = "warn"
+redundant_closure = "warn"
+single_match = "warn"
+
 [workspace]
diff --git a/desktop/src-tauri/src/app/session_query.rs b/desktop/src-tauri/src/app/session_query.rs
index 12dc8592..46f707f2 100644
--- a/desktop/src-tauri/src/app/session_query.rs
+++ b/desktop/src-tauri/src/app/session_query.rs
@@ -78,7 +78,7 @@ pub(crate) fn build_local_filter_with_mode(
 
 #[cfg(test)]
 mod tests {
-    use super::{build_local_filter_with_mode, split_search_mode, SearchMode};
+    use super::{SearchMode, build_local_filter_with_mode, split_search_mode};
     use opensession_api::DesktopSessionListQuery;
     use opensession_local_db::{LocalSortOrder, LocalTimeRange};
 
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 6fd28f74..20a02711 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -2,35 +2,35 @@
 
 mod app;
 
-use app::session_query::{build_local_filter_with_mode, split_search_mode, SearchMode};
-use base64::{engine::general_purpose::STANDARD as BASE64_STANDARD, Engine as _};
+use app::session_query::{SearchMode, build_local_filter_with_mode};
+use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
 use opensession_api::{
-    oauth::{AuthProvidersResponse, OAuthProviderInfo},
-    CapabilitiesResponse, DesktopApiError, DesktopChangeQuestionRequest,
-    DesktopChangeQuestionResponse, DesktopChangeReadRequest, DesktopChangeReadResponse,
-    DesktopChangeReaderScope, DesktopChangeReaderTtsRequest, DesktopChangeReaderTtsResponse,
-    DesktopChangeReaderVoiceProvider, DesktopContractVersionResponse, DesktopHandoffBuildRequest,
-    DesktopHandoffBuildResponse, DesktopLifecycleCleanupState,
-    DesktopLifecycleCleanupStatusResponse, DesktopQuickShareRequest, DesktopQuickShareResponse,
-    DesktopRuntimeChangeReaderSettings, DesktopRuntimeChangeReaderVoiceSettings,
-    DesktopRuntimeLifecycleSettings, DesktopRuntimeSettingsResponse,
-    DesktopRuntimeSettingsUpdateRequest, DesktopRuntimeSummaryBatchSettings,
-    DesktopRuntimeSummaryPromptSettings, DesktopRuntimeSummaryProviderSettings,
-    DesktopRuntimeSummaryResponseSettings, DesktopRuntimeSummarySettings,
-    DesktopRuntimeSummaryStorageSettings, DesktopRuntimeSummaryUiConstraints,
-    DesktopRuntimeVectorSearchSettings, DesktopSessionListQuery, DesktopSessionSummaryResponse,
-    DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope, DesktopSummaryBatchState,
-    DesktopSummaryBatchStatusResponse, DesktopSummaryOutputShape,
-    DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
+    CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
+    DesktopChangeQuestionRequest, DesktopChangeQuestionResponse, DesktopChangeReadRequest,
+    DesktopChangeReadResponse, DesktopChangeReaderScope, DesktopChangeReaderTtsRequest,
+    DesktopChangeReaderTtsResponse, DesktopChangeReaderVoiceProvider,
+    DesktopContractVersionResponse, DesktopHandoffBuildRequest, DesktopHandoffBuildResponse,
+    DesktopLifecycleCleanupState, DesktopLifecycleCleanupStatusResponse, DesktopQuickShareRequest,
+    DesktopQuickShareResponse, DesktopRuntimeChangeReaderSettings,
+    DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeLifecycleSettings,
+    DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
+    DesktopRuntimeSummaryBatchSettings, DesktopRuntimeSummaryPromptSettings,
+    DesktopRuntimeSummaryProviderSettings, DesktopRuntimeSummaryResponseSettings,
+    DesktopRuntimeSummarySettings, DesktopRuntimeSummaryStorageSettings,
+    DesktopRuntimeSummaryUiConstraints, DesktopRuntimeVectorSearchSettings,
+    DesktopSessionListQuery, DesktopSessionSummaryResponse, DesktopSummaryBatchExecutionMode,
+    DesktopSummaryBatchScope, DesktopSummaryBatchState, DesktopSummaryBatchStatusResponse,
+    DesktopSummaryOutputShape, DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
     DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
     DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
     DesktopVectorIndexState, DesktopVectorIndexStatusResponse, DesktopVectorInstallState,
     DesktopVectorInstallStatusResponse, DesktopVectorPreflightResponse,
     DesktopVectorSearchGranularity, DesktopVectorSearchProvider, DesktopVectorSearchResponse,
     DesktopVectorSessionMatch, LinkType, SessionDetail, SessionLink, SessionListResponse,
-    SessionRepoListResponse, SessionSummary, DESKTOP_IPC_CONTRACT_VERSION,
+    SessionRepoListResponse, SessionSummary,
+    oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
-use opensession_core::handoff::{validate_handoff_summaries, HandoffSummary};
+use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
 use opensession_core::object_store::{
     find_repo_root, global_store_root, sha256_hex, store_local_object,
 };
@@ -38,8 +38,8 @@ use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::source_uri::SourceUri;
 use opensession_core::trace::{ContentBlock, EventType, Session as HailSession};
 use opensession_git_native::{
-    extract_git_context, ops::find_repo_root as find_git_repo_root, NativeGitStorage,
-    SessionSummaryLedgerRecord, SUMMARY_LEDGER_REF,
+    NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, extract_git_context,
+    ops::find_repo_root as find_git_repo_root,
 };
 use opensession_local_db::{
     LifecycleCleanupJobRow, LocalDb, LocalSessionFilter, LocalSessionLink, LocalSessionRow,
@@ -57,7 +57,7 @@ use opensession_runtime_config::{
     VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
 };
 use opensession_summary::{
-    provider::generate_text, summarize_session, validate_summary_prompt_template, GitSummaryRequest,
+    GitSummaryRequest, provider::generate_text, summarize_session, validate_summary_prompt_template,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::json;
@@ -5129,7 +5129,8 @@ fn run_desktop_git_retention_once(repo_roots: &BTreeSet<PathBuf>, keep_days: u32
     let storage = NativeGitStorage;
     for repo_root in repo_roots {
         for ref_name in list_branch_ledger_refs(repo_root) {
-            if let Err(error) = storage.prune_by_age_at_ref(repo_root, &ref_name, keep_days) {
+            let prune_result = storage.prune_by_age_at_ref(repo_root, &ref_name, keep_days);
+            if let Err(error) = prune_result {
                 eprintln!(
                     "lifecycle cleanup: failed to prune branch ledger {ref_name} in {}: {error}",
                     repo_root.display()
@@ -5212,7 +5213,9 @@ fn run_desktop_lifecycle_cleanup_once_with_db(
                 )
             })?;
             if let Some(repo_root) = row.as_ref().and_then(resolve_repo_root_from_session_row) {
-                match storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id) {
+                let delete_result =
+                    storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id);
+                match delete_result {
                     Ok(true) => {
                         deleted_summaries = deleted_summaries.saturating_add(1);
                     }
@@ -5254,11 +5257,12 @@ fn run_desktop_lifecycle_cleanup_once_with_db(
         );
 
         for repo_root in &repo_roots {
-            match storage.prune_summaries_by_age_at_ref(
+            let prune_result = storage.prune_summaries_by_age_at_ref(
                 repo_root,
                 SUMMARY_LEDGER_REF,
                 config.lifecycle.summary_ttl_days,
-            ) {
+            );
+            match prune_result {
                 Ok(stats) => {
                     deleted_summaries =
                         deleted_summaries.saturating_add(stats.expired_sessions as u32);
@@ -5341,24 +5345,26 @@ fn maybe_start_lifecycle_cleanup_loop() {
     *started = true;
     drop(started);
 
-    std::thread::spawn(|| loop {
-        let sleep_for = match load_runtime_config() {
-            Ok(config) => {
-                if let Err(error) = run_desktop_lifecycle_cleanup_once(&config) {
-                    eprintln!("failed to run desktop lifecycle cleanup: {}", error.message);
+    std::thread::spawn(|| {
+        loop {
+            let sleep_for = match load_runtime_config() {
+                Ok(config) => {
+                    if let Err(error) = run_desktop_lifecycle_cleanup_once(&config) {
+                        eprintln!("failed to run desktop lifecycle cleanup: {}", error.message);
+                    }
+                    resolve_desktop_lifecycle_schedule(&config)
+                        .unwrap_or_else(|| Duration::from_secs(60))
                 }
-                resolve_desktop_lifecycle_schedule(&config)
-                    .unwrap_or_else(|| Duration::from_secs(60))
-            }
-            Err(error) => {
-                eprintln!(
-                    "failed to load runtime config for lifecycle cleanup: {}",
-                    error.message
-                );
-                Duration::from_secs(60)
-            }
-        };
-        std::thread::sleep(sleep_for);
+                Err(error) => {
+                    eprintln!(
+                        "failed to load runtime config for lifecycle cleanup: {}",
+                        error.message
+                    );
+                    Duration::from_secs(60)
+                }
+            };
+            std::thread::sleep(sleep_for);
+        }
     });
 }
 
@@ -5427,17 +5433,18 @@ fn main() {
 #[cfg(test)]
 mod tests {
     use super::{
-        artifact_path_for_hash, build_handoff_artifact_record, build_local_filter_with_mode,
-        build_vector_chunks_for_session, canonicalize_summaries, cosine_similarity,
-        desktop_ask_session_changes, desktop_change_reader_tts, desktop_get_contract_version,
-        desktop_get_runtime_settings, desktop_get_session_detail, desktop_get_session_raw,
-        desktop_list_sessions, desktop_read_session_changes, desktop_share_session_quick,
-        desktop_summary_batch_run, desktop_summary_batch_status, desktop_update_runtime_settings,
-        extract_vector_lines, force_refresh_discovery_tools, map_link_type, normalize_launch_route,
-        normalize_session_body_to_hail_jsonl, parse_cli_quick_share_response,
-        session_summary_from_local_row, split_search_mode, validate_pin_alias,
-        validate_vector_preflight_ready, DesktopSessionListQuery, SearchMode,
+        DesktopSessionListQuery, SearchMode, artifact_path_for_hash, build_handoff_artifact_record,
+        build_local_filter_with_mode, build_vector_chunks_for_session, canonicalize_summaries,
+        cosine_similarity, desktop_ask_session_changes, desktop_change_reader_tts,
+        desktop_get_contract_version, desktop_get_runtime_settings, desktop_get_session_detail,
+        desktop_get_session_raw, desktop_list_sessions, desktop_read_session_changes,
+        desktop_share_session_quick, desktop_summary_batch_run, desktop_summary_batch_status,
+        desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
+        map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
+        parse_cli_quick_share_response, session_summary_from_local_row, validate_pin_alias,
+        validate_vector_preflight_ready,
     };
+    use crate::app::session_query::split_search_mode;
     use opensession_api::{
         DesktopChangeQuestionRequest, DesktopChangeReadRequest, DesktopChangeReaderScope,
         DesktopChangeReaderTtsRequest, DesktopChangeReaderVoiceProvider,
@@ -5455,7 +5462,7 @@ mod tests {
     use opensession_core::handoff::HandoffSummary;
     use opensession_core::trace::{Agent, Content, Event, EventType, Session as HailSession};
     use opensession_git_native::{
-        NativeGitStorage, SessionSummaryLedgerRecord, SUMMARY_LEDGER_REF,
+        NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
     };
     use opensession_local_db::git::GitContext;
     use opensession_local_db::{LocalDb, VectorIndexJobRow};
@@ -5469,6 +5476,18 @@ mod tests {
 
     static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
 
+    fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
+        // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
+        // which serializes the affected test cases and avoids concurrent environment access.
+        unsafe { std::env::set_var(key, value) };
+    }
+
+    fn remove_env_for_test(key: &str) {
+        // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
+        // which serializes the affected test cases and avoids concurrent environment access.
+        unsafe { std::env::remove_var(key) };
+    }
+
     struct EnvVarGuard {
         key: String,
         previous: Option<String>,
@@ -5477,7 +5496,7 @@ mod tests {
     impl EnvVarGuard {
         fn set(key: &str, value: impl AsRef<std::ffi::OsStr>) -> Self {
             let previous = std::env::var(key).ok();
-            std::env::set_var(key, value);
+            set_env_for_test(key, value);
             Self {
                 key: key.to_string(),
                 previous,
@@ -5488,9 +5507,9 @@ mod tests {
     impl Drop for EnvVarGuard {
         fn drop(&mut self) {
             if let Some(previous) = self.previous.take() {
-                std::env::set_var(&self.key, previous);
+                set_env_for_test(&self.key, previous);
             } else {
-                std::env::remove_var(&self.key);
+                remove_env_for_test(&self.key);
             }
         }
     }
@@ -5910,10 +5929,12 @@ mod tests {
         assert_eq!(snapshot.status, "complete");
         assert_eq!(snapshot.processed_sessions, 2);
         assert_eq!(snapshot.total_sessions, 2);
-        assert!(snapshot
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("2 failed")));
+        assert!(
+            snapshot
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("2 failed"))
+        );
         assert!(
             db.list_recent_vector_chunks_for_model("bge-m3", 10)
                 .expect("list vector chunks")
@@ -6923,10 +6944,12 @@ mod tests {
         assert_eq!(final_state.total_sessions, 1);
         assert_eq!(final_state.processed_sessions, 1);
         assert_eq!(final_state.failed_sessions, 0);
-        assert!(final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("skipped missing sources")));
+        assert!(
+            final_state
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("skipped missing sources"))
+        );
 
         let _ = std::fs::remove_dir_all(&temp_home);
         let _ = std::fs::remove_dir_all(&temp_db);
@@ -7002,10 +7025,12 @@ mod tests {
         assert_eq!(final_state.total_sessions, 0);
         assert_eq!(final_state.processed_sessions, 0);
         assert_eq!(final_state.failed_sessions, 0);
-        assert!(final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("already summarized")));
+        assert!(
+            final_state
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("already summarized"))
+        );
 
         let _ = std::fs::remove_dir_all(&temp_home);
         let _ = std::fs::remove_dir_all(&temp_db);
@@ -7096,10 +7121,12 @@ mod tests {
         assert_eq!(final_state.total_sessions, 0);
         assert_eq!(final_state.processed_sessions, 0);
         assert_eq!(final_state.failed_sessions, 0);
-        assert!(final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("already summarized")));
+        assert!(
+            final_state
+                .message
+                .as_deref()
+                .is_some_and(|message| message.contains("already summarized"))
+        );
 
         let _ = std::fs::remove_dir_all(&temp_home);
         let _ = std::fs::remove_dir_all(&temp_db);
@@ -7330,12 +7357,15 @@ mod tests {
             response.download_file_name.as_deref(),
             Some(expected_download_file_name.as_str())
         );
-        assert!(response
-            .download_content
-            .as_deref()
-            .is_some_and(|value| value.contains("\"source_session_id\":\"session-handoff-test\"")));
+        assert!(
+            response.download_content.as_deref().is_some_and(
+                |value| value.contains("\"source_session_id\":\"session-handoff-test\"")
+            )
+        );
 
-        let artifact_path = PathBuf::from(repo_root.join(".opensession").join("artifacts"))
+        let artifact_path = repo_root
+            .join(".opensession")
+            .join("artifacts")
             .join("sha256")
             .join(&hash[0..2])
             .join(&hash[2..4])

From 6fb22d6b8e66bb0460e23dd33af21149cf5ba4cc Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 16:13:39 +0900
Subject: [PATCH 04/30] document unsafe boundaries in rust tooling

---
 Cargo.toml                   |  4 ++++
 crates/cli/src/daemon_ctl.rs | 31 ++++++++++++++++++++++++++-----
 crates/cli/src/setup_cmd.rs  |  3 ++-
 crates/worker/Cargo.toml     |  4 ++++
 desktop/src-tauri/Cargo.toml |  4 ++++
 5 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/Cargo.toml b/Cargo.toml
index 61393c05..828557a7 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -29,6 +29,9 @@ default-members = [
 ]
 exclude = ["crates/worker"]
 
+[workspace.lints.rust]
+unsafe_op_in_unsafe_fn = "warn"
+
 [workspace.lints.clippy]
 all = { level = "warn", priority = -1 }
 collapsible_else_if = "allow"
@@ -38,6 +41,7 @@ field_reassign_with_default = "allow"
 needless_return = "warn"
 redundant_closure = "warn"
 single_match = "warn"
+undocumented_unsafe_blocks = "warn"
 
 [workspace.package]
 version = "0.2.34"
diff --git a/crates/cli/src/daemon_ctl.rs b/crates/cli/src/daemon_ctl.rs
index af165162..fe3db752 100644
--- a/crates/cli/src/daemon_ctl.rs
+++ b/crates/cli/src/daemon_ctl.rs
@@ -64,9 +64,7 @@ pub fn daemon_stop() -> Result<()> {
     // Send SIGTERM
     #[cfg(unix)]
     {
-        unsafe {
-            libc::kill(pid as i32, libc::SIGTERM);
-        }
+        terminate_process_unix(pid);
     }
 
     #[cfg(not(unix))]
@@ -133,8 +131,7 @@ pub fn is_daemon_running() -> bool {
 fn is_process_running(pid: u32) -> bool {
     #[cfg(unix)]
     {
-        // kill with signal 0 checks process existence without sending a signal
-        unsafe { libc::kill(pid as i32, 0) == 0 }
+        process_exists_unix(pid)
     }
     #[cfg(not(unix))]
     {
@@ -146,6 +143,30 @@ fn is_process_running(pid: u32) -> bool {
     }
 }
 
+#[cfg(unix)]
+fn process_exists_unix(pid: u32) -> bool {
+    // SAFETY: kill(pid, 0) does not deliver a signal. It is the standard Unix probe for
+    // process existence and permissions, and we pass the parsed PID value directly to libc.
+    let rc = unsafe { libc::kill(pid as i32, 0) };
+    if rc == 0 {
+        return true;
+    }
+
+    matches!(
+        std::io::Error::last_os_error().raw_os_error(),
+        Some(libc::EPERM)
+    )
+}
+
+#[cfg(unix)]
+fn terminate_process_unix(pid: u32) {
+    // SAFETY: sending SIGTERM to a parsed PID delegates to the OS for permission and existence
+    // checks. The libc call does not outlive borrowed data and has no Rust aliasing concerns.
+    unsafe {
+        libc::kill(pid as i32, libc::SIGTERM);
+    }
+}
+
 /// Find the daemon binary, looking next to the CLI binary first
 fn find_daemon_binary() -> Result<PathBuf> {
     // Look next to our own binary
diff --git a/crates/cli/src/setup_cmd.rs b/crates/cli/src/setup_cmd.rs
index 1e710db1..9847def8 100644
--- a/crates/cli/src/setup_cmd.rs
+++ b/crates/cli/src/setup_cmd.rs
@@ -1347,7 +1347,8 @@ fn daemon_status(pid_path: &std::path::Path) -> DaemonStatus {
 
 #[cfg(unix)]
 fn process_running(pid: u32) -> bool {
-    // kill(pid, 0) does not send a signal; it only checks process existence/permission.
+    // SAFETY: kill(pid, 0) does not deliver a signal. It is the standard Unix probe for
+    // process existence and permissions, and we pass the parsed PID value directly to libc.
     let rc = unsafe { libc::kill(pid as i32, 0) };
     if rc == 0 {
         return true;
diff --git a/crates/worker/Cargo.toml b/crates/worker/Cargo.toml
index da042a1a..6d458ac4 100644
--- a/crates/worker/Cargo.toml
+++ b/crates/worker/Cargo.toml
@@ -21,6 +21,9 @@ base64 = "0.22"
 # getrandom with "js" feature for wasm — propagates to api via feature unification
 getrandom = { version = "0.2", features = ["js"] }
 
+[lints.rust]
+unsafe_op_in_unsafe_fn = "warn"
+
 [lints.clippy]
 all = { level = "warn", priority = -1 }
 collapsible_else_if = "allow"
@@ -30,6 +33,7 @@ field_reassign_with_default = "allow"
 needless_return = "warn"
 redundant_closure = "warn"
 single_match = "warn"
+undocumented_unsafe_blocks = "warn"
 
 [lib]
 crate-type = ["cdylib"]
diff --git a/desktop/src-tauri/Cargo.toml b/desktop/src-tauri/Cargo.toml
index 5a6aa735..23a2afb3 100644
--- a/desktop/src-tauri/Cargo.toml
+++ b/desktop/src-tauri/Cargo.toml
@@ -25,6 +25,9 @@ toml = "0.8"
 reqwest = { version = "0.12", default-features = false, features = ["blocking", "json", "rustls-tls"] }
 base64 = "0.22"
 
+[lints.rust]
+unsafe_op_in_unsafe_fn = "warn"
+
 [lints.clippy]
 all = { level = "warn", priority = -1 }
 collapsible_else_if = "allow"
@@ -34,5 +37,6 @@ field_reassign_with_default = "allow"
 needless_return = "warn"
 redundant_closure = "warn"
 single_match = "warn"
+undocumented_unsafe_blocks = "warn"
 
 [workspace]

From 3f0ed8b69fba974a7b14115ce286196bcd7f1498 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 16:24:48 +0900
Subject: [PATCH 05/30] pin rust toolchain across local and ci

---
 .github/workflows/ci.yml             | 16 ++++++++--------
 .github/workflows/deploy.yml         |  2 +-
 .github/workflows/desktop-dryrun.yml |  2 +-
 .github/workflows/publish.yml        |  6 +++---
 CONTRIBUTING.md                      |  3 +++
 mise.toml                            |  2 +-
 6 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e7a5e19b..e36f0950 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -59,7 +59,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
         with:
           components: rustfmt
       - run: cargo fmt --all -- --check
@@ -73,7 +73,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
         with:
           components: clippy
       - uses: Swatinem/rust-cache@v2
@@ -91,7 +91,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - uses: Swatinem/rust-cache@v2
         with:
           shared-key: cargo-test-${{ matrix.os }}
@@ -117,7 +117,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
         with:
           components: clippy
           targets: wasm32-unknown-unknown
@@ -164,7 +164,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - uses: Swatinem/rust-cache@v2
         with:
           shared-key: api-e2e-server-${{ matrix.os }}
@@ -219,7 +219,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - uses: actions/setup-node@v4
         with:
           node-version: 22
@@ -342,7 +342,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - name: Install Linux desktop test dependencies
         if: matrix.os == 'ubuntu-latest'
         run: |
@@ -374,7 +374,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - uses: actions/setup-node@v4
         with:
           node-version: 22
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 95f80175..4f271686 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
         with:
           targets: wasm32-unknown-unknown
 
diff --git a/.github/workflows/desktop-dryrun.yml b/.github/workflows/desktop-dryrun.yml
index 2efa739b..e39ddce9 100644
--- a/.github/workflows/desktop-dryrun.yml
+++ b/.github/workflows/desktop-dryrun.yml
@@ -19,7 +19,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@1.93.0
       - uses: actions/setup-node@v4
         with:
           node-version: 22
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index b92d2e10..7465dbe4 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -21,7 +21,7 @@ jobs:
         with:
           node-version: 22
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@1.93.0
       - name: Cache release-plz binary
         uses: actions/cache@v4
         with:
@@ -81,7 +81,7 @@ jobs:
           fetch-depth: 0
           ref: main
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@1.93.0
       - name: Run release-plz
         uses: release-plz/action@v0.5
         with:
@@ -103,7 +103,7 @@ jobs:
           fetch-depth: 0
           ref: main
       - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
+        uses: dtolnay/rust-toolchain@1.93.0
       - uses: actions/setup-node@v4
         with:
           node-version: 22
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7bf17e31..f43bd02d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,6 +61,9 @@ crates/
 ## Code Style
 
 - Follow existing patterns in the codebase.
+- Rust code targets Edition 2024 and the repo pins Rust 1.93.0 via `mise.toml`.
+- New workspace crates should inherit `edition.workspace = true` and `rust-version.workspace = true`.
+- Keep `unsafe` in the smallest possible helper and include a `SAFETY:` comment for each block.
 - Workspace clippy lints apply (see root `Cargo.toml`).
 
 ## License
diff --git a/mise.toml b/mise.toml
index 0635b344..e51d869e 100644
--- a/mise.toml
+++ b/mise.toml
@@ -1,3 +1,3 @@
 [tools]
 node = "22"
-rust = "stable"
+rust = "1.93.0"

From fe6baa7429830d5a389e83a3d6f19bea8156a7a4 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 17:45:06 +0900
Subject: [PATCH 06/30] refactor effect boundaries and rust entrypoints

---
 Cargo.lock                                    |    2 +
 crates/api/Cargo.toml                         |    2 +
 crates/api/src/auth_types.rs                  |  142 ++
 crates/api/src/desktop_runtime_types.rs       |  683 ++++++
 crates/api/src/errors.rs                      |   91 +
 crates/api/src/lib.rs                         | 1606 +------------
 crates/api/src/local_review_types.rs          |  117 +
 crates/api/src/parse_preview_source.rs        |  593 +++++
 crates/api/src/parse_preview_types.rs         |   73 +
 crates/api/src/session_types.rs               |  309 +++
 crates/api/src/shared_types.rs                |   96 +
 crates/cli/src/cli_args.rs                    |  131 ++
 crates/cli/src/docs_cmd.rs                    |   66 +
 crates/cli/src/entrypoint.rs                  |   49 +
 crates/cli/src/main.rs                        |  191 +-
 crates/daemon/src/cli.rs                      |   34 +
 crates/daemon/src/entrypoint.rs               |   28 +
 crates/daemon/src/main.rs                     |  177 +-
 crates/daemon/src/runtime.rs                  |  126 ++
 crates/local-db/src/connection.rs             |   68 +
 crates/local-db/src/job_store.rs              |  184 ++
 crates/local-db/src/lib.rs                    | 1998 +----------------
 crates/local-db/src/migrations.rs             |  176 ++
 crates/local-db/src/repo_store.rs             |   68 +
 crates/local-db/src/session_store.rs          |  978 ++++++++
 crates/local-db/src/summary_store.rs          |  155 ++
 crates/local-db/src/sync_store.rs             |  146 ++
 crates/local-db/src/vector_store.rs           |  210 ++
 crates/runtime-config/src/change_reader.rs    |   72 +
 crates/runtime-config/src/daemon.rs           |  115 +
 crates/runtime-config/src/defaults.rs         |  141 ++
 crates/runtime-config/src/git_storage.rs      |   52 +
 crates/runtime-config/src/identity_privacy.rs |   39 +
 crates/runtime-config/src/lib.rs              |  752 +------
 crates/runtime-config/src/lifecycle.rs        |   28 +
 crates/runtime-config/src/server.rs           |   19 +
 crates/runtime-config/src/summary.rs          |  198 ++
 crates/runtime-config/src/vector.rs           |   69 +
 crates/runtime-config/src/watcher.rs          |   16 +
 crates/server/src/main.rs                     |  170 +-
 crates/server/src/routes/ingest.rs            |  219 +-
 crates/server/src/startup.rs                  |  169 ++
 crates/worker/Cargo.lock                      |    2 +
 desktop/src-tauri/Cargo.lock                  |    2 +
 desktop/src-tauri/src/app/launch_route.rs     |   55 +
 .../src-tauri/src/app/lifecycle_cleanup.rs    |  341 +++
 desktop/src-tauri/src/app/mod.rs              |    3 +
 desktop/src-tauri/src/app/session_summary.rs  |  660 ++++++
 desktop/src-tauri/src/main.rs                 | 1412 ++----------
 packages/ui/src/api-types.generated.ts        |   34 +-
 50 files changed, 6905 insertions(+), 6162 deletions(-)
 create mode 100644 crates/api/src/auth_types.rs
 create mode 100644 crates/api/src/desktop_runtime_types.rs
 create mode 100644 crates/api/src/errors.rs
 create mode 100644 crates/api/src/local_review_types.rs
 create mode 100644 crates/api/src/parse_preview_source.rs
 create mode 100644 crates/api/src/parse_preview_types.rs
 create mode 100644 crates/api/src/session_types.rs
 create mode 100644 crates/api/src/shared_types.rs
 create mode 100644 crates/cli/src/cli_args.rs
 create mode 100644 crates/cli/src/docs_cmd.rs
 create mode 100644 crates/cli/src/entrypoint.rs
 create mode 100644 crates/daemon/src/cli.rs
 create mode 100644 crates/daemon/src/entrypoint.rs
 create mode 100644 crates/daemon/src/runtime.rs
 create mode 100644 crates/local-db/src/connection.rs
 create mode 100644 crates/local-db/src/job_store.rs
 create mode 100644 crates/local-db/src/migrations.rs
 create mode 100644 crates/local-db/src/repo_store.rs
 create mode 100644 crates/local-db/src/session_store.rs
 create mode 100644 crates/local-db/src/summary_store.rs
 create mode 100644 crates/local-db/src/sync_store.rs
 create mode 100644 crates/local-db/src/vector_store.rs
 create mode 100644 crates/runtime-config/src/change_reader.rs
 create mode 100644 crates/runtime-config/src/daemon.rs
 create mode 100644 crates/runtime-config/src/defaults.rs
 create mode 100644 crates/runtime-config/src/git_storage.rs
 create mode 100644 crates/runtime-config/src/identity_privacy.rs
 create mode 100644 crates/runtime-config/src/lifecycle.rs
 create mode 100644 crates/runtime-config/src/server.rs
 create mode 100644 crates/runtime-config/src/summary.rs
 create mode 100644 crates/runtime-config/src/vector.rs
 create mode 100644 crates/runtime-config/src/watcher.rs
 create mode 100644 crates/server/src/startup.rs
 create mode 100644 desktop/src-tauri/src/app/launch_route.rs
 create mode 100644 desktop/src-tauri/src/app/lifecycle_cleanup.rs
 create mode 100644 desktop/src-tauri/src/app/session_summary.rs

diff --git a/Cargo.lock b/Cargo.lock
index 8c0b508e..4d131ecf 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2202,6 +2202,8 @@ dependencies = [
  "serde_json",
  "sha2",
  "ts-rs",
+ "url",
+ "urlencoding",
  "uuid",
 ]
 
diff --git a/crates/api/Cargo.toml b/crates/api/Cargo.toml
index b2502604..0a56ddfd 100644
--- a/crates/api/Cargo.toml
+++ b/crates/api/Cargo.toml
@@ -44,3 +44,5 @@ chacha20poly1305 = { version = "0.10", optional = true }
 base64 = "0.22"
 uuid = { version = "1", features = ["v4"] }
 chrono = { workspace = true }
+url = "2"
+urlencoding = "2"
diff --git a/crates/api/src/auth_types.rs b/crates/api/src/auth_types.rs
new file mode 100644
index 00000000..16af9298
--- /dev/null
+++ b/crates/api/src/auth_types.rs
@@ -0,0 +1,142 @@
+use crate::oauth;
+use serde::{Deserialize, Serialize};
+
+/// Email + password registration.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct AuthRegisterRequest {
+    pub email: String,
+    pub password: String,
+    pub nickname: String,
+}
+
+/// Email + password login.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LoginRequest {
+    pub email: String,
+    pub password: String,
+}
+
+/// Returned on successful login / register / refresh.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct AuthTokenResponse {
+    pub access_token: String,
+    pub refresh_token: String,
+    pub expires_in: u64,
+    pub user_id: String,
+    pub nickname: String,
+}
+
+/// Refresh token request.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct RefreshRequest {
+    pub refresh_token: String,
+}
+
+/// Logout request (invalidate refresh token).
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LogoutRequest {
+    pub refresh_token: String,
+}
+
+/// Change password request.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ChangePasswordRequest {
+    pub current_password: String,
+    pub new_password: String,
+}
+
+/// Returned by `POST /api/auth/verify` — confirms token validity.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct VerifyResponse {
+    pub user_id: String,
+    pub nickname: String,
+}
+
+/// Full user profile returned by `GET /api/auth/me`.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct UserSettingsResponse {
+    pub user_id: String,
+    pub nickname: String,
+    pub created_at: String,
+    pub email: Option<String>,
+    pub avatar_url: Option<String>,
+    #[serde(default)]
+    pub oauth_providers: Vec<oauth::LinkedProvider>,
+}
+
+/// Generic success response for operations that don't return data.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct OkResponse {
+    pub ok: bool,
+}
+
+/// Response for API key issuance. The key is visible only at issuance time.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct IssueApiKeyResponse {
+    pub api_key: String,
+}
+
+/// Public metadata for a user-managed git credential.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct GitCredentialSummary {
+    pub id: String,
+    pub label: String,
+    pub host: String,
+    pub path_prefix: String,
+    pub header_name: String,
+    pub created_at: String,
+    pub updated_at: String,
+    pub last_used_at: Option<String>,
+}
+
+/// Response for `GET /api/auth/git-credentials`.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ListGitCredentialsResponse {
+    #[serde(default)]
+    pub credentials: Vec<GitCredentialSummary>,
+}
+
+/// Request for `POST /api/auth/git-credentials`.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct CreateGitCredentialRequest {
+    pub label: String,
+    pub host: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub path_prefix: Option<String>,
+    pub header_name: String,
+    pub header_value: String,
+}
+
+/// Response for OAuth link initiation (redirect URL).
+#[derive(Debug, Serialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct OAuthLinkResponse {
+    pub url: String,
+}
diff --git a/crates/api/src/desktop_runtime_types.rs b/crates/api/src/desktop_runtime_types.rs
new file mode 100644
index 00000000..b4e11c8f
--- /dev/null
+++ b/crates/api/src/desktop_runtime_types.rs
@@ -0,0 +1,683 @@
+use crate::session_types::SessionSummary;
+use serde::{Deserialize, Serialize};
+
+/// Canonical desktop IPC contract version shared between Rust and TS clients.
+pub const DESKTOP_IPC_CONTRACT_VERSION: &str = "desktop-ipc-v6";
+
+/// Desktop handoff build request payload.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopHandoffBuildRequest {
+    pub session_id: String,
+    pub pin_latest: bool,
+}
+
+/// Desktop handoff build response payload.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopHandoffBuildResponse {
+    pub artifact_uri: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub pinned_alias: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub download_file_name: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub download_content: Option<String>,
+}
+
+/// Desktop quick-share request payload.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopQuickShareRequest {
+    pub session_id: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub remote: Option<String>,
+}
+
+/// Desktop quick-share response payload.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopQuickShareResponse {
+    pub source_uri: String,
+    pub shared_uri: String,
+    pub remote: String,
+    pub push_cmd: String,
+    #[serde(default)]
+    pub pushed: bool,
+    #[serde(default)]
+    pub auto_push_consent: bool,
+}
+
+/// Desktop bridge contract/version handshake response.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopContractVersionResponse {
+    pub version: String,
+}
+
+/// Desktop runtime settings payload for App settings UI.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSettingsResponse {
+    pub session_default_view: String,
+    pub summary: DesktopRuntimeSummarySettings,
+    pub vector_search: DesktopRuntimeVectorSearchSettings,
+    pub change_reader: DesktopRuntimeChangeReaderSettings,
+    pub lifecycle: DesktopRuntimeLifecycleSettings,
+    pub ui_constraints: DesktopRuntimeSummaryUiConstraints,
+}
+
+/// Desktop runtime settings update request.
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSettingsUpdateRequest {
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub session_default_view: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub summary: Option<DesktopRuntimeSummarySettingsUpdate>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub vector_search: Option<DesktopRuntimeVectorSearchSettingsUpdate>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub change_reader: Option<DesktopRuntimeChangeReaderSettingsUpdate>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub lifecycle: Option<DesktopRuntimeLifecycleSettingsUpdate>,
+}
+
+/// Local summary provider detection result for desktop setup/settings.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopSummaryProviderDetectResponse {
+    pub detected: bool,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub provider: Option<DesktopSummaryProviderId>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub transport: Option<DesktopSummaryProviderTransport>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub model: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub endpoint: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryProviderId {
+    Disabled,
+    Ollama,
+    CodexExec,
+    ClaudeCli,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryProviderTransport {
+    None,
+    Cli,
+    Http,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummarySourceMode {
+    SessionOnly,
+    SessionOrGitChanges,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryResponseStyle {
+    Compact,
+    Standard,
+    Detailed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryOutputShape {
+    Layered,
+    FileList,
+    SecurityFirst,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryTriggerMode {
+    Manual,
+    OnSessionSave,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryStorageBackend {
+    HiddenRef,
+    LocalDb,
+    None,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryBatchExecutionMode {
+    Manual,
+    OnAppStart,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryBatchScope {
+    RecentDays,
+    All,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryProviderSettings {
+    pub id: DesktopSummaryProviderId,
+    pub transport: DesktopSummaryProviderTransport,
+    pub endpoint: String,
+    pub model: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryPromptSettings {
+    pub template: String,
+    pub default_template: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryResponseSettings {
+    pub style: DesktopSummaryResponseStyle,
+    pub shape: DesktopSummaryOutputShape,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryStorageSettings {
+    pub trigger: DesktopSummaryTriggerMode,
+    pub backend: DesktopSummaryStorageBackend,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryBatchSettings {
+    pub execution_mode: DesktopSummaryBatchExecutionMode,
+    pub scope: DesktopSummaryBatchScope,
+    pub recent_days: u16,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummarySettings {
+    pub provider: DesktopRuntimeSummaryProviderSettings,
+    pub prompt: DesktopRuntimeSummaryPromptSettings,
+    pub response: DesktopRuntimeSummaryResponseSettings,
+    pub storage: DesktopRuntimeSummaryStorageSettings,
+    pub source_mode: DesktopSummarySourceMode,
+    pub batch: DesktopRuntimeSummaryBatchSettings,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryProviderSettingsUpdate {
+    pub id: DesktopSummaryProviderId,
+    pub endpoint: String,
+    pub model: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryPromptSettingsUpdate {
+    pub template: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryResponseSettingsUpdate {
+    pub style: DesktopSummaryResponseStyle,
+    pub shape: DesktopSummaryOutputShape,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryStorageSettingsUpdate {
+    pub trigger: DesktopSummaryTriggerMode,
+    pub backend: DesktopSummaryStorageBackend,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryBatchSettingsUpdate {
+    pub execution_mode: DesktopSummaryBatchExecutionMode,
+    pub scope: DesktopSummaryBatchScope,
+    pub recent_days: u16,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummarySettingsUpdate {
+    pub provider: DesktopRuntimeSummaryProviderSettingsUpdate,
+    pub prompt: DesktopRuntimeSummaryPromptSettingsUpdate,
+    pub response: DesktopRuntimeSummaryResponseSettingsUpdate,
+    pub storage: DesktopRuntimeSummaryStorageSettingsUpdate,
+    pub source_mode: DesktopSummarySourceMode,
+    pub batch: DesktopRuntimeSummaryBatchSettingsUpdate,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeSummaryUiConstraints {
+    pub source_mode_locked: bool,
+    pub source_mode_locked_value: DesktopSummarySourceMode,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopVectorSearchProvider {
+    Ollama,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopVectorSearchGranularity {
+    EventLineChunk,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopVectorChunkingMode {
+    Auto,
+    Manual,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopVectorInstallState {
+    NotInstalled,
+    Installing,
+    Ready,
+    Failed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopVectorIndexState {
+    Idle,
+    Running,
+    Complete,
+    Failed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeVectorSearchSettings {
+    pub enabled: bool,
+    pub provider: DesktopVectorSearchProvider,
+    pub model: String,
+    pub endpoint: String,
+    pub granularity: DesktopVectorSearchGranularity,
+    pub chunking_mode: DesktopVectorChunkingMode,
+    pub chunk_size_lines: u16,
+    pub chunk_overlap_lines: u16,
+    pub top_k_chunks: u16,
+    pub top_k_sessions: u16,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeVectorSearchSettingsUpdate {
+    pub enabled: bool,
+    pub provider: DesktopVectorSearchProvider,
+    pub model: String,
+    pub endpoint: String,
+    pub granularity: DesktopVectorSearchGranularity,
+    pub chunking_mode: DesktopVectorChunkingMode,
+    pub chunk_size_lines: u16,
+    pub chunk_overlap_lines: u16,
+    pub top_k_chunks: u16,
+    pub top_k_sessions: u16,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopChangeReaderScope {
+    SummaryOnly,
+    FullContext,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopChangeReaderVoiceProvider {
+    Openai,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeChangeReaderVoiceSettings {
+    pub enabled: bool,
+    pub provider: DesktopChangeReaderVoiceProvider,
+    pub model: String,
+    pub voice: String,
+    pub api_key_configured: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+    pub enabled: bool,
+    pub provider: DesktopChangeReaderVoiceProvider,
+    pub model: String,
+    pub voice: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub api_key: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeChangeReaderSettings {
+    pub enabled: bool,
+    pub scope: DesktopChangeReaderScope,
+    pub qa_enabled: bool,
+    pub max_context_chars: u32,
+    pub voice: DesktopRuntimeChangeReaderVoiceSettings,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeChangeReaderSettingsUpdate {
+    pub enabled: bool,
+    pub scope: DesktopChangeReaderScope,
+    pub qa_enabled: bool,
+    pub max_context_chars: u32,
+    pub voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeLifecycleSettings {
+    pub enabled: bool,
+    pub session_ttl_days: u32,
+    pub summary_ttl_days: u32,
+    pub cleanup_interval_secs: u64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopRuntimeLifecycleSettingsUpdate {
+    pub enabled: bool,
+    pub session_ttl_days: u32,
+    pub summary_ttl_days: u32,
+    pub cleanup_interval_secs: u64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopLifecycleCleanupState {
+    Idle,
+    Running,
+    Complete,
+    Failed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopLifecycleCleanupStatusResponse {
+    pub state: DesktopLifecycleCleanupState,
+    pub deleted_sessions: u32,
+    pub deleted_summaries: u32,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub message: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub started_at: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub finished_at: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopVectorPreflightResponse {
+    pub provider: DesktopVectorSearchProvider,
+    pub endpoint: String,
+    pub model: String,
+    pub ollama_reachable: bool,
+    pub model_installed: bool,
+    pub install_state: DesktopVectorInstallState,
+    pub progress_pct: u8,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub message: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopVectorInstallStatusResponse {
+    pub state: DesktopVectorInstallState,
+    pub model: String,
+    pub progress_pct: u8,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub message: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopVectorIndexStatusResponse {
+    pub state: DesktopVectorIndexState,
+    pub processed_sessions: u32,
+    pub total_sessions: u32,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub message: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub started_at: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub finished_at: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum DesktopSummaryBatchState {
+    Idle,
+    Running,
+    Complete,
+    Failed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopSummaryBatchStatusResponse {
+    pub state: DesktopSummaryBatchState,
+    pub processed_sessions: u32,
+    pub total_sessions: u32,
+    pub failed_sessions: u32,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub message: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub started_at: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub finished_at: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopVectorSessionMatch {
+    pub session: SessionSummary,
+    pub score: f32,
+    pub chunk_id: String,
+    pub start_line: u32,
+    pub end_line: u32,
+    pub snippet: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopVectorSearchResponse {
+    pub query: String,
+    #[serde(default)]
+    pub sessions: Vec<DesktopVectorSessionMatch>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub next_cursor: Option<String>,
+    pub total_candidates: u32,
+}
+
+/// Session summary payload returned by desktop runtime.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopSessionSummaryResponse {
+    pub session_id: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub summary: Option<serde_json::Value>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub source_details: Option<serde_json::Value>,
+    #[serde(default)]
+    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
+    pub diff_tree: Vec<serde_json::Value>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub source_kind: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub generation_kind: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub error: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeReadRequest {
+    pub session_id: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub scope: Option<DesktopChangeReaderScope>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeReadResponse {
+    pub session_id: String,
+    pub scope: DesktopChangeReaderScope,
+    pub narrative: String,
+    #[serde(default)]
+    pub citations: Vec<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub provider: Option<DesktopSummaryProviderId>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub warning: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeQuestionRequest {
+    pub session_id: String,
+    pub question: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub scope: Option<DesktopChangeReaderScope>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeReaderTtsRequest {
+    pub text: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub session_id: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub scope: Option<DesktopChangeReaderScope>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeReaderTtsResponse {
+    pub mime_type: String,
+    pub audio_base64: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub warning: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopChangeQuestionResponse {
+    pub session_id: String,
+    pub question: String,
+    pub scope: DesktopChangeReaderScope,
+    pub answer: String,
+    #[serde(default)]
+    pub citations: Vec<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub provider: Option<DesktopSummaryProviderId>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub warning: Option<String>,
+}
diff --git a/crates/api/src/errors.rs b/crates/api/src/errors.rs
new file mode 100644
index 00000000..f6349dbe
--- /dev/null
+++ b/crates/api/src/errors.rs
@@ -0,0 +1,91 @@
+use serde::{Deserialize, Serialize};
+
+/// Structured desktop bridge error payload.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopApiError {
+    pub code: String,
+    pub status: u16,
+    pub message: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[cfg_attr(feature = "ts", ts(type = "Record<string, any> | null"))]
+    pub details: Option<serde_json::Value>,
+}
+
+/// Framework-agnostic service error.
+#[derive(Debug, Clone)]
+#[non_exhaustive]
+pub enum ServiceError {
+    BadRequest(String),
+    Unauthorized(String),
+    Forbidden(String),
+    NotFound(String),
+    Conflict(String),
+    Internal(String),
+}
+
+impl ServiceError {
+    pub fn status_code(&self) -> u16 {
+        match self {
+            Self::BadRequest(_) => 400,
+            Self::Unauthorized(_) => 401,
+            Self::Forbidden(_) => 403,
+            Self::NotFound(_) => 404,
+            Self::Conflict(_) => 409,
+            Self::Internal(_) => 500,
+        }
+    }
+
+    pub fn code(&self) -> &'static str {
+        match self {
+            Self::BadRequest(_) => "bad_request",
+            Self::Unauthorized(_) => "unauthorized",
+            Self::Forbidden(_) => "forbidden",
+            Self::NotFound(_) => "not_found",
+            Self::Conflict(_) => "conflict",
+            Self::Internal(_) => "internal",
+        }
+    }
+
+    pub fn message(&self) -> &str {
+        match self {
+            Self::BadRequest(message)
+            | Self::Unauthorized(message)
+            | Self::Forbidden(message)
+            | Self::NotFound(message)
+            | Self::Conflict(message)
+            | Self::Internal(message) => message,
+        }
+    }
+
+    pub fn from_db<E: std::fmt::Display>(context: &str) -> impl FnOnce(E) -> Self + '_ {
+        move |error| Self::Internal(format!("{context}: {error}"))
+    }
+}
+
+impl std::fmt::Display for ServiceError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}", self.message())
+    }
+}
+
+impl std::error::Error for ServiceError {}
+
+/// API error payload.
+#[derive(Debug, Serialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ApiError {
+    pub code: String,
+    pub message: String,
+}
+
+impl From<&ServiceError> for ApiError {
+    fn from(error: &ServiceError) -> Self {
+        Self {
+            code: error.code().to_string(),
+            message: error.message().to_string(),
+        }
+    }
+}
diff --git a/crates/api/src/lib.rs b/crates/api/src/lib.rs
index 99bc8564..14435051 100644
--- a/crates/api/src/lib.rs
+++ b/crates/api/src/lib.rs
@@ -6,1551 +6,79 @@
 //! To regenerate TypeScript types:
 //!   cargo test -p opensession-api -- export_typescript --nocapture
 
-use serde::{Deserialize, Serialize};
-
 #[cfg(feature = "backend")]
 pub mod crypto;
 #[cfg(feature = "backend")]
 pub mod db;
 pub mod deploy;
 pub mod oauth;
+pub mod parse_preview_source;
 #[cfg(feature = "backend")]
 pub mod service;
 
-// Re-export core HAIL types for convenience
+mod auth_types;
+mod desktop_runtime_types;
+mod errors;
+mod local_review_types;
+mod parse_preview_types;
+mod session_types;
+mod shared_types;
+
+pub use auth_types::{
+    AuthRegisterRequest, AuthTokenResponse, ChangePasswordRequest, CreateGitCredentialRequest,
+    GitCredentialSummary, IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest,
+    LogoutRequest, OAuthLinkResponse, OkResponse, RefreshRequest, UserSettingsResponse,
+    VerifyResponse,
+};
+pub use desktop_runtime_types::{
+    DESKTOP_IPC_CONTRACT_VERSION, DesktopChangeQuestionRequest, DesktopChangeQuestionResponse,
+    DesktopChangeReadRequest, DesktopChangeReadResponse, DesktopChangeReaderScope,
+    DesktopChangeReaderTtsRequest, DesktopChangeReaderTtsResponse,
+    DesktopChangeReaderVoiceProvider, DesktopContractVersionResponse, DesktopHandoffBuildRequest,
+    DesktopHandoffBuildResponse, DesktopLifecycleCleanupState,
+    DesktopLifecycleCleanupStatusResponse, DesktopQuickShareRequest, DesktopQuickShareResponse,
+    DesktopRuntimeChangeReaderSettings, DesktopRuntimeChangeReaderSettingsUpdate,
+    DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeChangeReaderVoiceSettingsUpdate,
+    DesktopRuntimeLifecycleSettings, DesktopRuntimeLifecycleSettingsUpdate,
+    DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
+    DesktopRuntimeSummaryBatchSettings, DesktopRuntimeSummaryBatchSettingsUpdate,
+    DesktopRuntimeSummaryPromptSettings, DesktopRuntimeSummaryPromptSettingsUpdate,
+    DesktopRuntimeSummaryProviderSettings, DesktopRuntimeSummaryProviderSettingsUpdate,
+    DesktopRuntimeSummaryResponseSettings, DesktopRuntimeSummaryResponseSettingsUpdate,
+    DesktopRuntimeSummarySettings, DesktopRuntimeSummarySettingsUpdate,
+    DesktopRuntimeSummaryStorageSettings, DesktopRuntimeSummaryStorageSettingsUpdate,
+    DesktopRuntimeSummaryUiConstraints, DesktopRuntimeVectorSearchSettings,
+    DesktopRuntimeVectorSearchSettingsUpdate, DesktopSessionSummaryResponse,
+    DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope, DesktopSummaryBatchState,
+    DesktopSummaryBatchStatusResponse, DesktopSummaryOutputShape,
+    DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
+    DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
+    DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
+    DesktopVectorIndexState, DesktopVectorIndexStatusResponse, DesktopVectorInstallState,
+    DesktopVectorInstallStatusResponse, DesktopVectorPreflightResponse,
+    DesktopVectorSearchGranularity, DesktopVectorSearchProvider, DesktopVectorSearchResponse,
+    DesktopVectorSessionMatch,
+};
+pub use errors::{ApiError, DesktopApiError, ServiceError};
+pub use local_review_types::{
+    LocalReviewBundle, LocalReviewCommit, LocalReviewLayerFileChange, LocalReviewPrMeta,
+    LocalReviewReviewerDigest, LocalReviewReviewerQa, LocalReviewSemanticSummary,
+    LocalReviewSession,
+};
 pub use opensession_core::trace::{
     Agent, Content, ContentBlock, Event, EventType, Session, SessionContext, Stats,
 };
-
-// ─── Shared Enums ────────────────────────────────────────────────────────────
-
-/// Sort order for session listings.
-#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum SortOrder {
-    #[default]
-    Recent,
-    Popular,
-    Longest,
-}
-
-impl SortOrder {
-    pub fn as_str(&self) -> &str {
-        match self {
-            Self::Recent => "recent",
-            Self::Popular => "popular",
-            Self::Longest => "longest",
-        }
-    }
-}
-
-impl std::fmt::Display for SortOrder {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str(self.as_str())
-    }
-}
-
-/// Time range filter for queries.
-#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum TimeRange {
-    #[serde(rename = "24h")]
-    Hours24,
-    #[serde(rename = "7d")]
-    Days7,
-    #[serde(rename = "30d")]
-    Days30,
-    #[default]
-    #[serde(rename = "all")]
-    All,
-}
-
-impl TimeRange {
-    pub fn as_str(&self) -> &str {
-        match self {
-            Self::Hours24 => "24h",
-            Self::Days7 => "7d",
-            Self::Days30 => "30d",
-            Self::All => "all",
-        }
-    }
-}
-
-impl std::fmt::Display for TimeRange {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str(self.as_str())
-    }
-}
-
-/// Type of link between two sessions.
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum LinkType {
-    Handoff,
-    Related,
-    Parent,
-    Child,
-}
-
-impl LinkType {
-    pub fn as_str(&self) -> &str {
-        match self {
-            Self::Handoff => "handoff",
-            Self::Related => "related",
-            Self::Parent => "parent",
-            Self::Child => "child",
-        }
-    }
-}
-
-impl std::fmt::Display for LinkType {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str(self.as_str())
-    }
-}
-
-// ─── Utilities ───────────────────────────────────────────────────────────────
-
-/// Safely convert `u64` to `i64`, saturating at `i64::MAX` instead of wrapping.
-pub fn saturating_i64(v: u64) -> i64 {
-    i64::try_from(v).unwrap_or(i64::MAX)
-}
-
-// ─── Auth ────────────────────────────────────────────────────────────────────
-
-/// Email + password registration.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct AuthRegisterRequest {
-    pub email: String,
-    pub password: String,
-    pub nickname: String,
-}
-
-/// Email + password login.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LoginRequest {
-    pub email: String,
-    pub password: String,
-}
-
-/// Returned on successful login / register / refresh.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct AuthTokenResponse {
-    pub access_token: String,
-    pub refresh_token: String,
-    pub expires_in: u64,
-    pub user_id: String,
-    pub nickname: String,
-}
-
-/// Refresh token request.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct RefreshRequest {
-    pub refresh_token: String,
-}
-
-/// Logout request (invalidate refresh token).
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LogoutRequest {
-    pub refresh_token: String,
-}
-
-/// Change password request.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ChangePasswordRequest {
-    pub current_password: String,
-    pub new_password: String,
-}
-
-/// Returned by `POST /api/auth/verify` — confirms token validity.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct VerifyResponse {
-    pub user_id: String,
-    pub nickname: String,
-}
-
-/// Full user profile returned by `GET /api/auth/me`.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct UserSettingsResponse {
-    pub user_id: String,
-    pub nickname: String,
-    pub created_at: String,
-    pub email: Option<String>,
-    pub avatar_url: Option<String>,
-    /// Linked OAuth providers.
-    #[serde(default)]
-    pub oauth_providers: Vec<oauth::LinkedProvider>,
-}
-
-/// Generic success response for operations that don't return data.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct OkResponse {
-    pub ok: bool,
-}
-
-/// Response for API key issuance. The key is visible only at issuance time.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct IssueApiKeyResponse {
-    pub api_key: String,
-}
-
-/// Public metadata for a user-managed git credential.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct GitCredentialSummary {
-    pub id: String,
-    pub label: String,
-    pub host: String,
-    pub path_prefix: String,
-    pub header_name: String,
-    pub created_at: String,
-    pub updated_at: String,
-    pub last_used_at: Option<String>,
-}
-
-/// Response for `GET /api/auth/git-credentials`.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ListGitCredentialsResponse {
-    #[serde(default)]
-    pub credentials: Vec<GitCredentialSummary>,
-}
-
-/// Request for `POST /api/auth/git-credentials`.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct CreateGitCredentialRequest {
-    pub label: String,
-    pub host: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub path_prefix: Option<String>,
-    pub header_name: String,
-    pub header_value: String,
-}
-
-/// Response for OAuth link initiation (redirect URL).
-#[derive(Debug, Serialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct OAuthLinkResponse {
-    pub url: String,
-}
-
-// ─── Sessions ────────────────────────────────────────────────────────────────
-
-/// Request body for `POST /api/sessions` — upload a recorded session.
-#[derive(Debug, Serialize, Deserialize)]
-pub struct UploadRequest {
-    pub session: Session,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub body_url: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub linked_session_ids: Option<Vec<String>>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_remote: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_branch: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_commit: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_repo_name: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub pr_number: Option<i64>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub pr_url: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub score_plugin: Option<String>,
-}
-
-/// Returned on successful session upload — contains the new session ID and URL.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct UploadResponse {
-    pub id: String,
-    pub url: String,
-    #[serde(default)]
-    pub session_score: i64,
-    #[serde(default = "default_score_plugin")]
-    pub score_plugin: String,
-}
-
-/// Flat session summary returned by list/detail endpoints.
-/// This is NOT the full HAIL Session — it's a DB-derived summary.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionSummary {
-    pub id: String,
-    pub user_id: Option<String>,
-    pub nickname: Option<String>,
-    pub tool: String,
-    pub agent_provider: Option<String>,
-    pub agent_model: Option<String>,
-    pub title: Option<String>,
-    pub description: Option<String>,
-    /// Comma-separated tags string
-    pub tags: Option<String>,
-    pub created_at: String,
-    pub uploaded_at: String,
-    pub message_count: i64,
-    pub task_count: i64,
-    pub event_count: i64,
-    pub duration_seconds: i64,
-    pub total_input_tokens: i64,
-    pub total_output_tokens: i64,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_remote: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_branch: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_commit: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub git_repo_name: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub pr_number: Option<i64>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub pr_url: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub working_directory: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub files_modified: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub files_read: Option<String>,
-    #[serde(default)]
-    pub has_errors: bool,
-    #[serde(default = "default_max_active_agents")]
-    pub max_active_agents: i64,
-    #[serde(default)]
-    pub session_score: i64,
-    #[serde(default = "default_score_plugin")]
-    pub score_plugin: String,
-}
-
-/// Paginated session listing returned by `GET /api/sessions`.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionListResponse {
-    pub sessions: Vec<SessionSummary>,
-    pub total: i64,
-    pub page: u32,
-    pub per_page: u32,
-}
-
-/// Canonical desktop IPC contract version shared between Rust and TS clients.
-pub const DESKTOP_IPC_CONTRACT_VERSION: &str = "desktop-ipc-v6";
-
-/// Query parameters for `GET /api/sessions` — pagination, filtering, sorting.
-#[derive(Debug, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionListQuery {
-    #[serde(default = "default_page")]
-    pub page: u32,
-    #[serde(default = "default_per_page")]
-    pub per_page: u32,
-    pub search: Option<String>,
-    pub tool: Option<String>,
-    pub git_repo_name: Option<String>,
-    /// Sort order (default: recent)
-    pub sort: Option<SortOrder>,
-    /// Time range filter (default: all)
-    pub time_range: Option<TimeRange>,
-}
-
-/// Desktop session list query payload passed through Tauri invoke.
-#[derive(Debug, Clone, Default, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopSessionListQuery {
-    pub page: Option<String>,
-    pub per_page: Option<String>,
-    pub search: Option<String>,
-    pub tool: Option<String>,
-    pub git_repo_name: Option<String>,
-    pub sort: Option<String>,
-    pub time_range: Option<String>,
-    pub force_refresh: Option<bool>,
-}
-
-/// Repo list response used by server/worker/desktop adapters.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionRepoListResponse {
-    pub repos: Vec<String>,
-}
-
-/// Desktop handoff build request payload.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopHandoffBuildRequest {
-    pub session_id: String,
-    pub pin_latest: bool,
-}
-
-/// Desktop handoff build response payload.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopHandoffBuildResponse {
-    pub artifact_uri: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub pinned_alias: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub download_file_name: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub download_content: Option<String>,
-}
-
-/// Desktop quick-share request payload.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopQuickShareRequest {
-    pub session_id: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub remote: Option<String>,
-}
-
-/// Desktop quick-share response payload.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopQuickShareResponse {
-    pub source_uri: String,
-    pub shared_uri: String,
-    pub remote: String,
-    pub push_cmd: String,
-    #[serde(default)]
-    pub pushed: bool,
-    #[serde(default)]
-    pub auto_push_consent: bool,
-}
-
-/// Desktop bridge contract/version handshake response.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopContractVersionResponse {
-    pub version: String,
-}
-
-/// Desktop runtime settings payload for App settings UI.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSettingsResponse {
-    pub session_default_view: String,
-    pub summary: DesktopRuntimeSummarySettings,
-    pub vector_search: DesktopRuntimeVectorSearchSettings,
-    pub change_reader: DesktopRuntimeChangeReaderSettings,
-    pub lifecycle: DesktopRuntimeLifecycleSettings,
-    pub ui_constraints: DesktopRuntimeSummaryUiConstraints,
-}
-
-/// Desktop runtime settings update request.
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSettingsUpdateRequest {
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub session_default_view: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub summary: Option<DesktopRuntimeSummarySettingsUpdate>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub vector_search: Option<DesktopRuntimeVectorSearchSettingsUpdate>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub change_reader: Option<DesktopRuntimeChangeReaderSettingsUpdate>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub lifecycle: Option<DesktopRuntimeLifecycleSettingsUpdate>,
-}
-
-/// Local summary provider detection result for desktop setup/settings.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopSummaryProviderDetectResponse {
-    pub detected: bool,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub provider: Option<DesktopSummaryProviderId>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub transport: Option<DesktopSummaryProviderTransport>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub model: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub endpoint: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryProviderId {
-    Disabled,
-    Ollama,
-    CodexExec,
-    ClaudeCli,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryProviderTransport {
-    None,
-    Cli,
-    Http,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummarySourceMode {
-    SessionOnly,
-    SessionOrGitChanges,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryResponseStyle {
-    Compact,
-    Standard,
-    Detailed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryOutputShape {
-    Layered,
-    FileList,
-    SecurityFirst,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryTriggerMode {
-    Manual,
-    OnSessionSave,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryStorageBackend {
-    HiddenRef,
-    LocalDb,
-    None,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryBatchExecutionMode {
-    Manual,
-    OnAppStart,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryBatchScope {
-    RecentDays,
-    All,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryProviderSettings {
-    pub id: DesktopSummaryProviderId,
-    pub transport: DesktopSummaryProviderTransport,
-    pub endpoint: String,
-    pub model: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryPromptSettings {
-    pub template: String,
-    pub default_template: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryResponseSettings {
-    pub style: DesktopSummaryResponseStyle,
-    pub shape: DesktopSummaryOutputShape,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryStorageSettings {
-    pub trigger: DesktopSummaryTriggerMode,
-    pub backend: DesktopSummaryStorageBackend,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryBatchSettings {
-    pub execution_mode: DesktopSummaryBatchExecutionMode,
-    pub scope: DesktopSummaryBatchScope,
-    pub recent_days: u16,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummarySettings {
-    pub provider: DesktopRuntimeSummaryProviderSettings,
-    pub prompt: DesktopRuntimeSummaryPromptSettings,
-    pub response: DesktopRuntimeSummaryResponseSettings,
-    pub storage: DesktopRuntimeSummaryStorageSettings,
-    pub source_mode: DesktopSummarySourceMode,
-    pub batch: DesktopRuntimeSummaryBatchSettings,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryProviderSettingsUpdate {
-    pub id: DesktopSummaryProviderId,
-    pub endpoint: String,
-    pub model: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryPromptSettingsUpdate {
-    pub template: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryResponseSettingsUpdate {
-    pub style: DesktopSummaryResponseStyle,
-    pub shape: DesktopSummaryOutputShape,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryStorageSettingsUpdate {
-    pub trigger: DesktopSummaryTriggerMode,
-    pub backend: DesktopSummaryStorageBackend,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryBatchSettingsUpdate {
-    pub execution_mode: DesktopSummaryBatchExecutionMode,
-    pub scope: DesktopSummaryBatchScope,
-    pub recent_days: u16,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummarySettingsUpdate {
-    pub provider: DesktopRuntimeSummaryProviderSettingsUpdate,
-    pub prompt: DesktopRuntimeSummaryPromptSettingsUpdate,
-    pub response: DesktopRuntimeSummaryResponseSettingsUpdate,
-    pub storage: DesktopRuntimeSummaryStorageSettingsUpdate,
-    pub source_mode: DesktopSummarySourceMode,
-    pub batch: DesktopRuntimeSummaryBatchSettingsUpdate,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeSummaryUiConstraints {
-    pub source_mode_locked: bool,
-    pub source_mode_locked_value: DesktopSummarySourceMode,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopVectorSearchProvider {
-    Ollama,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopVectorSearchGranularity {
-    EventLineChunk,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopVectorChunkingMode {
-    Auto,
-    Manual,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopVectorInstallState {
-    NotInstalled,
-    Installing,
-    Ready,
-    Failed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopVectorIndexState {
-    Idle,
-    Running,
-    Complete,
-    Failed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeVectorSearchSettings {
-    pub enabled: bool,
-    pub provider: DesktopVectorSearchProvider,
-    pub model: String,
-    pub endpoint: String,
-    pub granularity: DesktopVectorSearchGranularity,
-    pub chunking_mode: DesktopVectorChunkingMode,
-    pub chunk_size_lines: u16,
-    pub chunk_overlap_lines: u16,
-    pub top_k_chunks: u16,
-    pub top_k_sessions: u16,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeVectorSearchSettingsUpdate {
-    pub enabled: bool,
-    pub provider: DesktopVectorSearchProvider,
-    pub model: String,
-    pub endpoint: String,
-    pub granularity: DesktopVectorSearchGranularity,
-    pub chunking_mode: DesktopVectorChunkingMode,
-    pub chunk_size_lines: u16,
-    pub chunk_overlap_lines: u16,
-    pub top_k_chunks: u16,
-    pub top_k_sessions: u16,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopChangeReaderScope {
-    SummaryOnly,
-    FullContext,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopChangeReaderVoiceProvider {
-    Openai,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeChangeReaderVoiceSettings {
-    pub enabled: bool,
-    pub provider: DesktopChangeReaderVoiceProvider,
-    pub model: String,
-    pub voice: String,
-    pub api_key_configured: bool,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-    pub enabled: bool,
-    pub provider: DesktopChangeReaderVoiceProvider,
-    pub model: String,
-    pub voice: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub api_key: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeChangeReaderSettings {
-    pub enabled: bool,
-    pub scope: DesktopChangeReaderScope,
-    pub qa_enabled: bool,
-    pub max_context_chars: u32,
-    pub voice: DesktopRuntimeChangeReaderVoiceSettings,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeChangeReaderSettingsUpdate {
-    pub enabled: bool,
-    pub scope: DesktopChangeReaderScope,
-    pub qa_enabled: bool,
-    pub max_context_chars: u32,
-    pub voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeLifecycleSettings {
-    pub enabled: bool,
-    pub session_ttl_days: u32,
-    pub summary_ttl_days: u32,
-    pub cleanup_interval_secs: u64,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopRuntimeLifecycleSettingsUpdate {
-    pub enabled: bool,
-    pub session_ttl_days: u32,
-    pub summary_ttl_days: u32,
-    pub cleanup_interval_secs: u64,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopLifecycleCleanupState {
-    Idle,
-    Running,
-    Complete,
-    Failed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopLifecycleCleanupStatusResponse {
-    pub state: DesktopLifecycleCleanupState,
-    pub deleted_sessions: u32,
-    pub deleted_summaries: u32,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub message: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub started_at: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub finished_at: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopVectorPreflightResponse {
-    pub provider: DesktopVectorSearchProvider,
-    pub endpoint: String,
-    pub model: String,
-    pub ollama_reachable: bool,
-    pub model_installed: bool,
-    pub install_state: DesktopVectorInstallState,
-    pub progress_pct: u8,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub message: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopVectorInstallStatusResponse {
-    pub state: DesktopVectorInstallState,
-    pub model: String,
-    pub progress_pct: u8,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub message: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopVectorIndexStatusResponse {
-    pub state: DesktopVectorIndexState,
-    pub processed_sessions: u32,
-    pub total_sessions: u32,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub message: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub started_at: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub finished_at: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum DesktopSummaryBatchState {
-    Idle,
-    Running,
-    Complete,
-    Failed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopSummaryBatchStatusResponse {
-    pub state: DesktopSummaryBatchState,
-    pub processed_sessions: u32,
-    pub total_sessions: u32,
-    pub failed_sessions: u32,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub message: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub started_at: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub finished_at: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopVectorSessionMatch {
-    pub session: SessionSummary,
-    pub score: f32,
-    pub chunk_id: String,
-    pub start_line: u32,
-    pub end_line: u32,
-    pub snippet: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopVectorSearchResponse {
-    pub query: String,
-    #[serde(default)]
-    pub sessions: Vec<DesktopVectorSessionMatch>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub next_cursor: Option<String>,
-    pub total_candidates: u32,
-}
-
-/// Session summary payload returned by desktop runtime.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopSessionSummaryResponse {
-    pub session_id: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub summary: Option<serde_json::Value>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub source_details: Option<serde_json::Value>,
-    #[serde(default)]
-    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
-    pub diff_tree: Vec<serde_json::Value>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub source_kind: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub generation_kind: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub error: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeReadRequest {
-    pub session_id: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub scope: Option<DesktopChangeReaderScope>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeReadResponse {
-    pub session_id: String,
-    pub scope: DesktopChangeReaderScope,
-    pub narrative: String,
-    #[serde(default)]
-    pub citations: Vec<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub provider: Option<DesktopSummaryProviderId>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub warning: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeQuestionRequest {
-    pub session_id: String,
-    pub question: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub scope: Option<DesktopChangeReaderScope>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeReaderTtsRequest {
-    pub text: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub session_id: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub scope: Option<DesktopChangeReaderScope>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeReaderTtsResponse {
-    pub mime_type: String,
-    pub audio_base64: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub warning: Option<String>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopChangeQuestionResponse {
-    pub session_id: String,
-    pub question: String,
-    pub scope: DesktopChangeReaderScope,
-    pub answer: String,
-    #[serde(default)]
-    pub citations: Vec<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub provider: Option<DesktopSummaryProviderId>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub warning: Option<String>,
-}
-
-/// Structured desktop bridge error payload.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct DesktopApiError {
-    pub code: String,
-    pub status: u16,
-    pub message: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[cfg_attr(feature = "ts", ts(type = "Record<string, any> | null"))]
-    pub details: Option<serde_json::Value>,
-}
-
-impl SessionListQuery {
-    /// Returns true when this query targets the anonymous public feed and is safe to edge-cache.
-    pub fn is_public_feed_cacheable(
-        &self,
-        has_auth_header: bool,
-        has_session_cookie: bool,
-    ) -> bool {
-        !has_auth_header
-            && !has_session_cookie
-            && self.search.as_deref().is_none_or(|s| s.trim().is_empty())
-            && self
-                .git_repo_name
-                .as_deref()
-                .is_none_or(|repo| repo.trim().is_empty())
-            && self.page <= 10
-            && self.per_page <= 50
-    }
-}
-
-#[cfg(test)]
-mod session_list_query_tests {
-    use super::*;
-
-    fn base_query() -> SessionListQuery {
-        SessionListQuery {
-            page: 1,
-            per_page: 20,
-            search: None,
-            tool: None,
-            git_repo_name: None,
-            sort: None,
-            time_range: None,
-        }
-    }
-
-    #[test]
-    fn public_feed_cacheable_when_anonymous_default_feed() {
-        let q = base_query();
-        assert!(q.is_public_feed_cacheable(false, false));
-    }
-
-    #[test]
-    fn public_feed_not_cacheable_with_auth_or_cookie() {
-        let q = base_query();
-        assert!(!q.is_public_feed_cacheable(true, false));
-        assert!(!q.is_public_feed_cacheable(false, true));
-    }
-
-    #[test]
-    fn public_feed_not_cacheable_for_search_or_large_page() {
-        let mut q = base_query();
-        q.search = Some("hello".into());
-        assert!(!q.is_public_feed_cacheable(false, false));
-
-        let mut q = base_query();
-        q.git_repo_name = Some("org/repo".into());
-        assert!(!q.is_public_feed_cacheable(false, false));
-
-        let mut q = base_query();
-        q.page = 11;
-        assert!(!q.is_public_feed_cacheable(false, false));
-
-        let mut q = base_query();
-        q.per_page = 100;
-        assert!(!q.is_public_feed_cacheable(false, false));
-    }
-}
-
-fn default_page() -> u32 {
-    1
-}
-fn default_per_page() -> u32 {
-    20
-}
-fn default_max_active_agents() -> i64 {
-    1
-}
-
-fn default_score_plugin() -> String {
-    opensession_core::scoring::DEFAULT_SCORE_PLUGIN.to_string()
-}
-
-/// Single session detail returned by `GET /api/sessions/:id`.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionDetail {
-    #[serde(flatten)]
-    #[cfg_attr(feature = "ts", ts(flatten))]
-    pub summary: SessionSummary,
-    #[serde(default, skip_serializing_if = "Vec::is_empty")]
-    pub linked_sessions: Vec<SessionLink>,
-}
-
-/// A link between two sessions (e.g., handoff chain).
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct SessionLink {
-    pub session_id: String,
-    pub linked_session_id: String,
-    pub link_type: LinkType,
-    pub created_at: String,
-}
-
-/// Source descriptor for parser preview requests.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(tag = "kind", rename_all = "snake_case")]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub enum ParseSource {
-    /// Fetch and parse a raw file from a generic Git remote/ref/path source.
-    Git {
-        remote: String,
-        r#ref: String,
-        path: String,
-    },
-    /// Fetch and parse a raw file from a public GitHub repository.
-    Github {
-        owner: String,
-        repo: String,
-        r#ref: String,
-        path: String,
-    },
-    /// Parse inline file content supplied by clients (for local upload preview).
-    Inline {
-        filename: String,
-        /// Base64-encoded UTF-8 text content.
-        content_base64: String,
-    },
-}
-
-/// Candidate parser ranked by detection confidence.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ParseCandidate {
-    pub id: String,
-    pub confidence: u8,
-    pub reason: String,
-}
-
-/// Request body for `POST /api/parse/preview`.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ParsePreviewRequest {
-    pub source: ParseSource,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub parser_hint: Option<String>,
-}
-
-/// Response body for `POST /api/parse/preview`.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ParsePreviewResponse {
-    pub parser_used: String,
-    #[serde(default)]
-    pub parser_candidates: Vec<ParseCandidate>,
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub session: Session,
-    pub source: ParseSource,
-    #[serde(default)]
-    pub warnings: Vec<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub native_adapter: Option<String>,
-}
-
-/// Structured parser preview error response.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ParsePreviewErrorResponse {
-    pub code: String,
-    pub message: String,
-    #[serde(default, skip_serializing_if = "Vec::is_empty")]
-    pub parser_candidates: Vec<ParseCandidate>,
-}
-
-/// Local review bundle generated from a PR range.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewBundle {
-    pub review_id: String,
-    pub generated_at: String,
-    pub pr: LocalReviewPrMeta,
-    #[serde(default)]
-    pub commits: Vec<LocalReviewCommit>,
-    #[serde(default)]
-    pub sessions: Vec<LocalReviewSession>,
-}
-
-/// PR metadata for a local review bundle.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewPrMeta {
-    pub url: String,
-    pub owner: String,
-    pub repo: String,
-    pub number: u64,
-    pub remote: String,
-    pub base_sha: String,
-    pub head_sha: String,
-}
-
-/// Reviewer-focused digest extracted from mapped sessions for a commit.
-#[derive(Debug, Clone, Default, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewReviewerQa {
-    pub question: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub answer: Option<String>,
-}
-
-/// Reviewer-focused digest extracted from mapped sessions for a commit.
-#[derive(Debug, Clone, Default, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewReviewerDigest {
-    #[serde(default)]
-    pub qa: Vec<LocalReviewReviewerQa>,
-    #[serde(default)]
-    pub modified_files: Vec<String>,
-    #[serde(default)]
-    pub test_files: Vec<String>,
-}
-
-/// Commit row in a local review bundle.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewCommit {
-    pub sha: String,
-    pub title: String,
-    pub author_name: String,
-    pub author_email: String,
-    pub authored_at: String,
-    #[serde(default)]
-    pub session_ids: Vec<String>,
-    #[serde(default)]
-    pub reviewer_digest: LocalReviewReviewerDigest,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub semantic_summary: Option<LocalReviewSemanticSummary>,
-}
-
-/// Layer/file summary section for local review semantic payloads.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewLayerFileChange {
-    pub layer: String,
-    pub summary: String,
-    #[serde(default)]
-    pub files: Vec<String>,
-}
-
-/// Commit-level semantic summary used when session mappings are weak or absent.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewSemanticSummary {
-    pub changes: String,
-    pub auth_security: String,
-    #[serde(default)]
-    pub layer_file_changes: Vec<LocalReviewLayerFileChange>,
-    pub source_kind: String,
-    pub generation_kind: String,
-    pub provider: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub model: Option<String>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub error: Option<String>,
-    #[serde(default)]
-    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
-    pub diff_tree: Vec<serde_json::Value>,
-}
-
-/// Session payload mapped into a local review bundle.
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct LocalReviewSession {
-    pub session_id: String,
-    pub ledger_ref: String,
-    pub hail_path: String,
-    #[serde(default)]
-    pub commit_shas: Vec<String>,
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub session: Session,
-}
-
-// ─── Streaming Events ────────────────────────────────────────────────────────
-
-/// Request body for `POST /api/sessions/:id/events` — append live events.
-#[derive(Debug, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct StreamEventsRequest {
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub agent: Option<Agent>,
-    #[cfg_attr(feature = "ts", ts(type = "any"))]
-    pub context: Option<SessionContext>,
-    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
-    pub events: Vec<Event>,
-}
-
-/// Returned by `POST /api/sessions/:id/events` — number of events accepted.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct StreamEventsResponse {
-    pub accepted: usize,
-}
-
-// ─── Health ──────────────────────────────────────────────────────────────────
-
-/// Returned by `GET /api/health` — server liveness check.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct HealthResponse {
-    pub status: String,
-    pub version: String,
-}
-
-/// Returned by `GET /api/capabilities` — runtime feature availability.
-#[derive(Debug, Serialize, Deserialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct CapabilitiesResponse {
-    pub auth_enabled: bool,
-    pub parse_preview_enabled: bool,
-    pub register_targets: Vec<String>,
-    pub share_modes: Vec<String>,
-}
-
-pub const DEFAULT_REGISTER_TARGETS: &[&str] = &["local", "git"];
-pub const DEFAULT_SHARE_MODES: &[&str] = &["web", "git", "quick", "json"];
-
-impl CapabilitiesResponse {
-    /// Build runtime capability payload with shared defaults.
-    pub fn for_runtime(auth_enabled: bool, parse_preview_enabled: bool) -> Self {
-        Self {
-            auth_enabled,
-            parse_preview_enabled,
-            register_targets: DEFAULT_REGISTER_TARGETS
-                .iter()
-                .map(|target| (*target).to_string())
-                .collect(),
-            share_modes: DEFAULT_SHARE_MODES
-                .iter()
-                .map(|mode| (*mode).to_string())
-                .collect(),
-        }
-    }
-}
-
-// ─── Service Error ───────────────────────────────────────────────────────────
-
-/// Framework-agnostic service error.
-///
-/// Each variant maps to an HTTP status code. Both the Axum server and
-/// Cloudflare Worker convert this into the appropriate response type.
-#[derive(Debug, Clone)]
-#[non_exhaustive]
-pub enum ServiceError {
-    BadRequest(String),
-    Unauthorized(String),
-    Forbidden(String),
-    NotFound(String),
-    Conflict(String),
-    Internal(String),
-}
-
-impl ServiceError {
-    /// HTTP status code as a `u16`.
-    pub fn status_code(&self) -> u16 {
-        match self {
-            Self::BadRequest(_) => 400,
-            Self::Unauthorized(_) => 401,
-            Self::Forbidden(_) => 403,
-            Self::NotFound(_) => 404,
-            Self::Conflict(_) => 409,
-            Self::Internal(_) => 500,
-        }
-    }
-
-    /// Stable machine-readable error code.
-    pub fn code(&self) -> &'static str {
-        match self {
-            Self::BadRequest(_) => "bad_request",
-            Self::Unauthorized(_) => "unauthorized",
-            Self::Forbidden(_) => "forbidden",
-            Self::NotFound(_) => "not_found",
-            Self::Conflict(_) => "conflict",
-            Self::Internal(_) => "internal",
-        }
-    }
-
-    /// The error message.
-    pub fn message(&self) -> &str {
-        match self {
-            Self::BadRequest(m)
-            | Self::Unauthorized(m)
-            | Self::Forbidden(m)
-            | Self::NotFound(m)
-            | Self::Conflict(m)
-            | Self::Internal(m) => m,
-        }
-    }
-
-    /// Build a closure that logs a DB/IO error and returns `Internal`.
-    pub fn from_db<E: std::fmt::Display>(context: &str) -> impl FnOnce(E) -> Self + '_ {
-        move |e| Self::Internal(format!("{context}: {e}"))
-    }
-}
-
-impl std::fmt::Display for ServiceError {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}", self.message())
-    }
-}
-
-impl std::error::Error for ServiceError {}
-
-// ─── Error ───────────────────────────────────────────────────────────────────
-
-/// API error payload.
-#[derive(Debug, Serialize)]
-#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
-#[cfg_attr(feature = "ts", ts(export))]
-pub struct ApiError {
-    pub code: String,
-    pub message: String,
-}
-
-impl From<&ServiceError> for ApiError {
-    fn from(e: &ServiceError) -> Self {
-        Self {
-            code: e.code().to_string(),
-            message: e.message().to_string(),
-        }
-    }
-}
-
-// ─── TypeScript generation ───────────────────────────────────────────────────
+pub use parse_preview_types::{
+    ParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest, ParsePreviewResponse,
+    ParseSource,
+};
+pub use session_types::{
+    CapabilitiesResponse, DEFAULT_REGISTER_TARGETS, DEFAULT_SHARE_MODES, DesktopSessionListQuery,
+    HealthResponse, SessionDetail, SessionLink, SessionListQuery, SessionListResponse,
+    SessionRepoListResponse, SessionSummary, StreamEventsRequest, StreamEventsResponse,
+    UploadRequest, UploadResponse,
+};
+pub use shared_types::{LinkType, SortOrder, TimeRange, saturating_i64};
 
 #[cfg(test)]
 mod schema_tests {
@@ -1756,7 +284,6 @@ mod tests {
     use std::path::PathBuf;
     use ts_rs::TS;
 
-    /// Run with: cargo test -p opensession-api -- export_typescript --nocapture
     #[test]
     fn export_typescript() {
         let out_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"))
@@ -1770,23 +297,18 @@ mod tests {
         );
         parts.push(String::new());
 
-        // Collect all type declarations.
-        // Structs: `type X = {...}` → `export interface X {...}`
-        // Enums/unions: `type X = "a" | "b"` → `export type X = "a" | "b"`
         macro_rules! collect_ts {
             ($($t:ty),+ $(,)?) => {
                 $(
                     let decl = <$t>::decl(&cfg);
                     let is_struct_decl = decl.contains(" = {") && !decl.contains("} |");
                     let decl = if is_struct_decl {
-                        // Struct → export interface
                         decl
                             .replacen("type ", "export interface ", 1)
                             .replace(" = {", " {")
                             .trim_end_matches(';')
                             .to_string()
                     } else {
-                        // Enum/union → export type
                         decl
                             .replacen("type ", "export type ", 1)
                             .trim_end_matches(';')
@@ -1799,11 +321,9 @@ mod tests {
         }
 
         collect_ts!(
-            // Shared enums
             SortOrder,
             TimeRange,
             LinkType,
-            // Auth
             AuthRegisterRequest,
             LoginRequest,
             AuthTokenResponse,
@@ -1818,7 +338,6 @@ mod tests {
             ListGitCredentialsResponse,
             CreateGitCredentialRequest,
             OAuthLinkResponse,
-            // Sessions
             UploadResponse,
             SessionSummary,
             SessionListResponse,
@@ -1902,11 +421,9 @@ mod tests {
             LocalReviewLayerFileChange,
             LocalReviewSemanticSummary,
             LocalReviewSession,
-            // OAuth
             oauth::AuthProvidersResponse,
             oauth::OAuthProviderInfo,
             oauth::LinkedProvider,
-            // Health
             HealthResponse,
             CapabilitiesResponse,
             ApiError,
@@ -1914,7 +431,6 @@ mod tests {
 
         let content = parts.join("\n");
 
-        // Write to file
         if let Some(parent) = out_dir.parent() {
             std::fs::create_dir_all(parent).ok();
         }
diff --git a/crates/api/src/local_review_types.rs b/crates/api/src/local_review_types.rs
new file mode 100644
index 00000000..06a0be8d
--- /dev/null
+++ b/crates/api/src/local_review_types.rs
@@ -0,0 +1,117 @@
+use opensession_core::trace::Session;
+use serde::{Deserialize, Serialize};
+
+/// Local review bundle generated from a PR range.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewBundle {
+    pub review_id: String,
+    pub generated_at: String,
+    pub pr: LocalReviewPrMeta,
+    #[serde(default)]
+    pub commits: Vec<LocalReviewCommit>,
+    #[serde(default)]
+    pub sessions: Vec<LocalReviewSession>,
+}
+
+/// PR metadata for a local review bundle.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewPrMeta {
+    pub url: String,
+    pub owner: String,
+    pub repo: String,
+    pub number: u64,
+    pub remote: String,
+    pub base_sha: String,
+    pub head_sha: String,
+}
+
+/// Reviewer-focused digest extracted from mapped sessions for a commit.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewReviewerQa {
+    pub question: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub answer: Option<String>,
+}
+
+/// Reviewer-focused digest extracted from mapped sessions for a commit.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewReviewerDigest {
+    #[serde(default)]
+    pub qa: Vec<LocalReviewReviewerQa>,
+    #[serde(default)]
+    pub modified_files: Vec<String>,
+    #[serde(default)]
+    pub test_files: Vec<String>,
+}
+
+/// Commit row in a local review bundle.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewCommit {
+    pub sha: String,
+    pub title: String,
+    pub author_name: String,
+    pub author_email: String,
+    pub authored_at: String,
+    #[serde(default)]
+    pub session_ids: Vec<String>,
+    #[serde(default)]
+    pub reviewer_digest: LocalReviewReviewerDigest,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub semantic_summary: Option<LocalReviewSemanticSummary>,
+}
+
+/// Layer/file summary section for local review semantic payloads.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewLayerFileChange {
+    pub layer: String,
+    pub summary: String,
+    #[serde(default)]
+    pub files: Vec<String>,
+}
+
+/// Commit-level semantic summary used when session mappings are weak or absent.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewSemanticSummary {
+    pub changes: String,
+    pub auth_security: String,
+    #[serde(default)]
+    pub layer_file_changes: Vec<LocalReviewLayerFileChange>,
+    pub source_kind: String,
+    pub generation_kind: String,
+    pub provider: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub model: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub error: Option<String>,
+    #[serde(default)]
+    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
+    pub diff_tree: Vec<serde_json::Value>,
+}
+
+/// Session payload mapped into a local review bundle.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct LocalReviewSession {
+    pub session_id: String,
+    pub ledger_ref: String,
+    pub hail_path: String,
+    #[serde(default)]
+    pub commit_shas: Vec<String>,
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub session: Session,
+}
diff --git a/crates/api/src/parse_preview_source.rs b/crates/api/src/parse_preview_source.rs
new file mode 100644
index 00000000..0635b035
--- /dev/null
+++ b/crates/api/src/parse_preview_source.rs
@@ -0,0 +1,593 @@
+use base64::Engine;
+use std::collections::HashSet;
+use url::Url;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct GitSource {
+    pub remote: String,
+    pub r#ref: String,
+    pub path: String,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct GithubSource {
+    pub owner: String,
+    pub repo: String,
+    pub r#ref: String,
+    pub path: String,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct ParsePreviewSourceError {
+    message: String,
+}
+
+impl ParsePreviewSourceError {
+    pub fn invalid_source(message: impl Into<String>) -> Self {
+        Self {
+            message: message.into(),
+        }
+    }
+
+    pub fn message(&self) -> &str {
+        &self.message
+    }
+}
+
+impl std::fmt::Display for ParsePreviewSourceError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(&self.message)
+    }
+}
+
+impl std::error::Error for ParsePreviewSourceError {}
+
+pub fn normalize_git_source(
+    remote: &str,
+    r#ref: &str,
+    path: &str,
+) -> Result<GitSource, ParsePreviewSourceError> {
+    let remote = decode_and_trim(remote, "remote")?;
+    let url = validate_remote_url(&remote)?;
+    let remote = normalized_remote_origin(&url);
+
+    let r#ref = decode_and_trim(r#ref, "ref")?;
+    if !is_valid_ref(r#ref.as_str()) {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "ref must match [A-Za-z0-9._/-]{1,255} without '..', '~', '^', ':', or '\\'",
+        ));
+    }
+
+    let path = normalize_repo_path(path)?;
+
+    Ok(GitSource {
+        remote,
+        r#ref,
+        path,
+    })
+}
+
+pub fn normalize_github_source(
+    owner: &str,
+    repo: &str,
+    r#ref: &str,
+    path: &str,
+) -> Result<GithubSource, ParsePreviewSourceError> {
+    let owner = decode_and_trim(owner, "owner")?;
+    if !is_valid_owner_repo(owner.as_str()) {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "owner must match [A-Za-z0-9._-]{1,100}",
+        ));
+    }
+
+    let repo = decode_and_trim(repo, "repo")?;
+    if !is_valid_owner_repo(repo.as_str()) {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "repo must match [A-Za-z0-9._-]{1,100}",
+        ));
+    }
+
+    let r#ref = decode_and_trim(r#ref, "ref")?;
+    if !is_valid_ref(r#ref.as_str()) {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "ref must match [A-Za-z0-9._/-]{1,255} without '..', '~', '^', ':', or '\\'",
+        ));
+    }
+
+    let path = normalize_repo_path(path)?;
+
+    Ok(GithubSource {
+        owner,
+        repo,
+        r#ref,
+        path,
+    })
+}
+
+pub fn normalize_filename(filename: &str) -> Result<String, ParsePreviewSourceError> {
+    let decoded = decode_and_trim(filename, "filename")?;
+    let normalized = decoded
+        .replace('\\', "/")
+        .rsplit('/')
+        .next()
+        .map(str::trim)
+        .unwrap_or_default()
+        .to_string();
+    if normalized.is_empty() || normalized == "." || normalized == ".." {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "inline filename must be a non-empty filename",
+        ));
+    }
+    if normalized.len() > 255 {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "inline filename is too long (max 255 chars)",
+        ));
+    }
+    Ok(normalized)
+}
+
+pub fn decode_inline_content(content_base64: &str) -> Result<Vec<u8>, ParsePreviewSourceError> {
+    let trimmed = content_base64.trim();
+    if trimmed.is_empty() {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "inline content_base64 is required",
+        ));
+    }
+    base64::engine::general_purpose::STANDARD
+        .decode(trimmed)
+        .map_err(|_| {
+            ParsePreviewSourceError::invalid_source("inline content_base64 must be valid base64")
+        })
+}
+
+pub fn file_name_from_path(path: &str) -> String {
+    path.rsplit('/')
+        .next()
+        .filter(|value| !value.trim().is_empty())
+        .unwrap_or("session.txt")
+        .to_string()
+}
+
+pub fn repo_path_from_remote(remote: &str) -> Result<String, ParsePreviewSourceError> {
+    let parsed = validate_remote_url(remote)?;
+    Ok(repo_path_segments(&parsed)?.join("/"))
+}
+
+pub fn build_git_raw_url(
+    source: &GitSource,
+    gitlab_hosts: &HashSet<String>,
+) -> Result<String, ParsePreviewSourceError> {
+    let remote = validate_remote_url(&source.remote)?;
+    let host = remote
+        .host_str()
+        .ok_or_else(|| ParsePreviewSourceError::invalid_source("remote host is required"))?
+        .to_ascii_lowercase();
+
+    if host == "github.com" {
+        return build_github_raw_url(&remote, &source.r#ref, &source.path);
+    }
+    if is_gitlab_host(&host, gitlab_hosts) {
+        return build_gitlab_raw_url(&remote, &source.r#ref, &source.path);
+    }
+
+    build_generic_raw_url(&remote, &source.r#ref, &source.path)
+}
+
+pub fn provider_for_host(host: &str, gitlab_hosts: &HashSet<String>) -> Option<&'static str> {
+    if host == "github.com" {
+        return Some("github");
+    }
+    if is_gitlab_host(host, gitlab_hosts) {
+        return Some("gitlab");
+    }
+    None
+}
+
+pub fn is_allowed_content_type(content_type: &str) -> bool {
+    let media_type = content_type
+        .split(';')
+        .next()
+        .unwrap_or_default()
+        .trim()
+        .to_ascii_lowercase();
+    if media_type.is_empty() {
+        return true;
+    }
+    if media_type.starts_with("text/") {
+        return true;
+    }
+    media_type == "application/json"
+        || media_type == "application/jsonl"
+        || media_type == "application/x-ndjson"
+        || media_type.ends_with("+json")
+}
+
+pub fn looks_binary(bytes: &[u8]) -> bool {
+    bytes.contains(&0) || std::str::from_utf8(bytes).is_err()
+}
+
+fn decode_and_trim(value: &str, field: &str) -> Result<String, ParsePreviewSourceError> {
+    urlencoding::decode(value)
+        .map(|decoded| decoded.trim().to_string())
+        .map_err(|_| {
+            ParsePreviewSourceError::invalid_source(format!(
+                "{field} contains invalid percent encoding"
+            ))
+        })
+}
+
+fn normalize_repo_path(path: &str) -> Result<String, ParsePreviewSourceError> {
+    let decoded = decode_and_trim(path, "path")?;
+    if decoded.is_empty() {
+        return Err(ParsePreviewSourceError::invalid_source("path is required"));
+    }
+    if decoded.starts_with('/') {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "path must be repository-relative",
+        ));
+    }
+
+    let mut normalized_segments = Vec::<String>::new();
+    for segment in decoded.split('/') {
+        if segment.is_empty() || segment == "." || segment == ".." {
+            return Err(ParsePreviewSourceError::invalid_source(
+                "path cannot contain empty, '.' or '..' segments",
+            ));
+        }
+        if segment.contains('\\') {
+            return Err(ParsePreviewSourceError::invalid_source(
+                "path cannot contain backslash characters",
+            ));
+        }
+        normalized_segments.push(segment.to_string());
+    }
+
+    Ok(normalized_segments.join("/"))
+}
+
+fn is_valid_owner_repo(value: &str) -> bool {
+    let len = value.len();
+    (1..=100).contains(&len)
+        && value
+            .bytes()
+            .all(|b| b.is_ascii_alphanumeric() || b == b'.' || b == b'_' || b == b'-')
+}
+
+fn is_valid_ref(value: &str) -> bool {
+    let len = value.len();
+    if !(1..=255).contains(&len) {
+        return false;
+    }
+    if value.contains("..")
+        || value.contains('~')
+        || value.contains('^')
+        || value.contains(':')
+        || value.contains('\\')
+    {
+        return false;
+    }
+    if value.starts_with('/') || value.ends_with('/') || value.contains("//") {
+        return false;
+    }
+
+    value
+        .bytes()
+        .all(|b| b.is_ascii_alphanumeric() || b == b'.' || b == b'_' || b == b'-' || b == b'/')
+}
+
+fn validate_remote_url(remote: &str) -> Result<Url, ParsePreviewSourceError> {
+    let parsed = Url::parse(remote).map_err(|_| {
+        ParsePreviewSourceError::invalid_source("remote must be an absolute http(s) URL")
+    })?;
+
+    let scheme = parsed.scheme().to_ascii_lowercase();
+    if scheme != "https" {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote must use https",
+        ));
+    }
+
+    if !parsed.username().is_empty() || parsed.password().is_some() {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote cannot include credentials",
+        ));
+    }
+
+    if parsed.query().is_some() || parsed.fragment().is_some() {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote cannot include query or fragment",
+        ));
+    }
+
+    let host = parsed
+        .host_str()
+        .ok_or_else(|| ParsePreviewSourceError::invalid_source("remote host is required"))?;
+    if host.parse::<std::net::IpAddr>().is_ok() {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote host must be a DNS name",
+        ));
+    }
+
+    if host.eq_ignore_ascii_case("localhost") {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote host must not be localhost",
+        ));
+    }
+
+    Ok(parsed)
+}
+
+fn normalized_remote_origin(url: &Url) -> String {
+    let mut normalized = url.clone();
+    normalized.set_query(None);
+    normalized.set_fragment(None);
+    let _ = normalized.set_username("");
+    let _ = normalized.set_password(None);
+
+    let trimmed_path = normalized.path().trim_end_matches('/').to_string();
+    if trimmed_path.is_empty() {
+        normalized.set_path("/");
+    } else {
+        normalized.set_path(&trimmed_path);
+    }
+
+    let mut rendered = normalized.to_string();
+    if rendered.ends_with('/') && normalized.path() == "/" {
+        rendered.pop();
+    }
+    rendered
+}
+
+fn repo_path_segments(url: &Url) -> Result<Vec<String>, ParsePreviewSourceError> {
+    let mut segments: Vec<String> = url
+        .path_segments()
+        .ok_or_else(|| {
+            ParsePreviewSourceError::invalid_source("remote repository path is invalid")
+        })?
+        .filter(|segment| !segment.is_empty())
+        .map(|segment| {
+            urlencoding::decode(segment)
+                .map(|decoded| decoded.trim().to_string())
+                .map_err(|_| {
+                    ParsePreviewSourceError::invalid_source(
+                        "remote repository path contains invalid percent encoding",
+                    )
+                })
+        })
+        .collect::<Result<Vec<_>, _>>()?;
+
+    if segments.len() < 2 {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote must include owner/group and repository",
+        ));
+    }
+
+    if let Some(last) = segments.last_mut() {
+        *last = strip_git_suffix(last).to_string();
+    }
+
+    if segments
+        .iter()
+        .any(|segment| segment.is_empty() || segment == "." || segment == "..")
+    {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "remote repository path contains invalid segments",
+        ));
+    }
+
+    Ok(segments)
+}
+
+fn build_github_raw_url(
+    url: &Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, ParsePreviewSourceError> {
+    let segments = repo_path_segments(url)?;
+    if segments.len() != 2 {
+        return Err(ParsePreviewSourceError::invalid_source(
+            "github remote must look like https://github.com/{owner}/{repo}",
+        ));
+    }
+
+    Ok(format!(
+        "https://raw.githubusercontent.com/{}/{}/{}/{}",
+        segments[0],
+        segments[1],
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+fn build_gitlab_raw_url(
+    url: &Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, ParsePreviewSourceError> {
+    let project_path = repo_path_segments(url)?.join("/");
+    let origin = origin_from_url(url)?;
+    Ok(format!(
+        "{}/{}/-/raw/{}/{}",
+        origin,
+        encode_segments(&project_path),
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+fn build_generic_raw_url(
+    url: &Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, ParsePreviewSourceError> {
+    let repo_path = repo_path_segments(url)?.join("/");
+    let origin = origin_from_url(url)?;
+    Ok(format!(
+        "{}/{}/raw/{}/{}",
+        origin,
+        encode_segments(&repo_path),
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+fn origin_from_url(url: &Url) -> Result<String, ParsePreviewSourceError> {
+    let host = url
+        .host_str()
+        .ok_or_else(|| ParsePreviewSourceError::invalid_source("remote host is required"))?;
+    let mut origin = format!("{}://{host}", url.scheme());
+    if let Some(port) = url.port() {
+        origin.push(':');
+        origin.push_str(&port.to_string());
+    }
+    Ok(origin)
+}
+
+fn encode_segments(value: &str) -> String {
+    value
+        .split('/')
+        .map(|segment| urlencoding::encode(segment).into_owned())
+        .collect::<Vec<_>>()
+        .join("/")
+}
+
+fn strip_git_suffix(value: &str) -> &str {
+    value.strip_suffix(".git").unwrap_or(value)
+}
+
+fn is_gitlab_host(host: &str, gitlab_hosts: &HashSet<String>) -> bool {
+    host == "gitlab.com"
+        || gitlab_hosts.contains(host)
+        || host
+            .strip_prefix("gitlab.")
+            .is_some_and(|suffix| suffix.contains('.'))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn normalize_repo_path_rejects_parent_segments() {
+        let err = normalize_git_source("https://github.com/org/repo", "main", "../secret")
+            .expect_err("path traversal must fail");
+        assert!(
+            err.message()
+                .contains("path cannot contain empty, '.' or '..' segments")
+        );
+    }
+
+    #[test]
+    fn decode_inline_content_rejects_empty_input() {
+        let err = decode_inline_content("   ").expect_err("empty inline payload must fail");
+        assert_eq!(err.message(), "inline content_base64 is required");
+    }
+
+    #[test]
+    fn build_git_raw_url_uses_provider_aware_patterns() {
+        let no_gitlab_hosts = HashSet::new();
+        let configured_gitlab_hosts = HashSet::from(["gitlab.internal.example.com".to_string()]);
+
+        let github = build_git_raw_url(
+            &GitSource {
+                remote: "https://github.com/hwisu/opensession".to_string(),
+                r#ref: "main".to_string(),
+                path: "sessions/demo.hail.jsonl".to_string(),
+            },
+            &no_gitlab_hosts,
+        )
+        .expect("github raw url should build");
+        assert_eq!(
+            github,
+            "https://raw.githubusercontent.com/hwisu/opensession/main/sessions/demo.hail.jsonl"
+        );
+
+        let gitlab = build_git_raw_url(
+            &GitSource {
+                remote: "https://gitlab.com/group/sub/repo".to_string(),
+                r#ref: "feature/one".to_string(),
+                path: "logs/session.hail.jsonl".to_string(),
+            },
+            &no_gitlab_hosts,
+        )
+        .expect("gitlab raw url should build");
+        assert_eq!(
+            gitlab,
+            "https://gitlab.com/group/sub/repo/-/raw/feature/one/logs/session.hail.jsonl"
+        );
+
+        let gitlab_self_managed = build_git_raw_url(
+            &GitSource {
+                remote: "https://gitlab.internal.example.com/team/repo".to_string(),
+                r#ref: "main".to_string(),
+                path: "logs/session.hail.jsonl".to_string(),
+            },
+            &configured_gitlab_hosts,
+        )
+        .expect("self-managed gitlab raw url should build");
+        assert_eq!(
+            gitlab_self_managed,
+            "https://gitlab.internal.example.com/team/repo/-/raw/main/logs/session.hail.jsonl"
+        );
+
+        let generic = build_git_raw_url(
+            &GitSource {
+                remote: "https://code.example.com/team/repo".to_string(),
+                r#ref: "release/v1".to_string(),
+                path: "hail/demo.hail.jsonl".to_string(),
+            },
+            &no_gitlab_hosts,
+        )
+        .expect("generic raw url should build");
+        assert_eq!(
+            generic,
+            "https://code.example.com/team/repo/raw/release/v1/hail/demo.hail.jsonl"
+        );
+    }
+
+    #[test]
+    fn provider_for_host_detects_supported_hosts() {
+        let no_gitlab_hosts = HashSet::new();
+        let configured_gitlab_hosts = HashSet::from(["gitlab.internal.example.com".to_string()]);
+
+        assert_eq!(
+            provider_for_host("github.com", &no_gitlab_hosts),
+            Some("github")
+        );
+        assert_eq!(
+            provider_for_host("gitlab.com", &no_gitlab_hosts),
+            Some("gitlab")
+        );
+        assert_eq!(
+            provider_for_host("gitlab.internal.example.com", &no_gitlab_hosts),
+            Some("gitlab")
+        );
+        assert_eq!(
+            provider_for_host("gitlab.internal.example.com", &configured_gitlab_hosts),
+            Some("gitlab")
+        );
+        assert_eq!(
+            provider_for_host("evil-gitlab.example", &no_gitlab_hosts),
+            None
+        );
+        assert_eq!(
+            provider_for_host("code.example.com", &no_gitlab_hosts),
+            None
+        );
+    }
+
+    #[test]
+    fn is_allowed_content_type_accepts_text_and_json() {
+        assert!(is_allowed_content_type("text/plain; charset=utf-8"));
+        assert!(is_allowed_content_type("application/json"));
+        assert!(is_allowed_content_type("application/vnd.api+json"));
+        assert!(!is_allowed_content_type("application/octet-stream"));
+    }
+
+    #[test]
+    fn looks_binary_rejects_null_and_non_utf8_bytes() {
+        assert!(looks_binary(b"hello\0world"));
+        assert!(looks_binary(&[0xff, 0xfe, 0xfd]));
+        assert!(!looks_binary("hello world".as_bytes()));
+    }
+}
diff --git a/crates/api/src/parse_preview_types.rs b/crates/api/src/parse_preview_types.rs
new file mode 100644
index 00000000..e8bbbd14
--- /dev/null
+++ b/crates/api/src/parse_preview_types.rs
@@ -0,0 +1,73 @@
+use opensession_core::trace::Session;
+use serde::{Deserialize, Serialize};
+
+/// Source descriptor for parser preview requests.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(tag = "kind", rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum ParseSource {
+    Git {
+        remote: String,
+        r#ref: String,
+        path: String,
+    },
+    Github {
+        owner: String,
+        repo: String,
+        r#ref: String,
+        path: String,
+    },
+    Inline {
+        filename: String,
+        content_base64: String,
+    },
+}
+
+/// Candidate parser ranked by detection confidence.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ParseCandidate {
+    pub id: String,
+    pub confidence: u8,
+    pub reason: String,
+}
+
+/// Request body for `POST /api/parse/preview`.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ParsePreviewRequest {
+    pub source: ParseSource,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub parser_hint: Option<String>,
+}
+
+/// Response body for `POST /api/parse/preview`.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ParsePreviewResponse {
+    pub parser_used: String,
+    #[serde(default)]
+    pub parser_candidates: Vec<ParseCandidate>,
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub session: Session,
+    pub source: ParseSource,
+    #[serde(default)]
+    pub warnings: Vec<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub native_adapter: Option<String>,
+}
+
+/// Structured parser preview error response.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct ParsePreviewErrorResponse {
+    pub code: String,
+    pub message: String,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub parser_candidates: Vec<ParseCandidate>,
+}
diff --git a/crates/api/src/session_types.rs b/crates/api/src/session_types.rs
new file mode 100644
index 00000000..f75fbc24
--- /dev/null
+++ b/crates/api/src/session_types.rs
@@ -0,0 +1,309 @@
+use crate::shared_types::{LinkType, SortOrder, TimeRange};
+use opensession_core::trace::{Agent, Event, Session, SessionContext};
+use serde::{Deserialize, Serialize};
+
+/// Request body for `POST /api/sessions` — upload a recorded session.
+#[derive(Debug, Serialize, Deserialize)]
+pub struct UploadRequest {
+    pub session: Session,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub body_url: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub linked_session_ids: Option<Vec<String>>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_remote: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_branch: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_commit: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_repo_name: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub pr_number: Option<i64>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub pr_url: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub score_plugin: Option<String>,
+}
+
+/// Returned on successful session upload — contains the new session ID and URL.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct UploadResponse {
+    pub id: String,
+    pub url: String,
+    #[serde(default)]
+    pub session_score: i64,
+    #[serde(default = "default_score_plugin")]
+    pub score_plugin: String,
+}
+
+/// Flat session summary returned by list/detail endpoints.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionSummary {
+    pub id: String,
+    pub user_id: Option<String>,
+    pub nickname: Option<String>,
+    pub tool: String,
+    pub agent_provider: Option<String>,
+    pub agent_model: Option<String>,
+    pub title: Option<String>,
+    pub description: Option<String>,
+    pub tags: Option<String>,
+    pub created_at: String,
+    pub uploaded_at: String,
+    pub message_count: i64,
+    pub task_count: i64,
+    pub event_count: i64,
+    pub duration_seconds: i64,
+    pub total_input_tokens: i64,
+    pub total_output_tokens: i64,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_remote: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_branch: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_commit: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub git_repo_name: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub pr_number: Option<i64>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub pr_url: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub working_directory: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub files_modified: Option<String>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub files_read: Option<String>,
+    #[serde(default)]
+    pub has_errors: bool,
+    #[serde(default = "default_max_active_agents")]
+    pub max_active_agents: i64,
+    #[serde(default)]
+    pub session_score: i64,
+    #[serde(default = "default_score_plugin")]
+    pub score_plugin: String,
+}
+
+/// Paginated session listing returned by `GET /api/sessions`.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionListResponse {
+    pub sessions: Vec<SessionSummary>,
+    pub total: i64,
+    pub page: u32,
+    pub per_page: u32,
+}
+
+/// Query parameters for `GET /api/sessions` — pagination, filtering, sorting.
+#[derive(Debug, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionListQuery {
+    #[serde(default = "default_page")]
+    pub page: u32,
+    #[serde(default = "default_per_page")]
+    pub per_page: u32,
+    pub search: Option<String>,
+    pub tool: Option<String>,
+    pub git_repo_name: Option<String>,
+    pub sort: Option<SortOrder>,
+    pub time_range: Option<TimeRange>,
+}
+
+/// Desktop session list query payload passed through Tauri invoke.
+#[derive(Debug, Clone, Default, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct DesktopSessionListQuery {
+    pub page: Option<String>,
+    pub per_page: Option<String>,
+    pub search: Option<String>,
+    pub tool: Option<String>,
+    pub git_repo_name: Option<String>,
+    pub sort: Option<String>,
+    pub time_range: Option<String>,
+    pub force_refresh: Option<bool>,
+}
+
+/// Repo list response used by server/worker/desktop adapters.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionRepoListResponse {
+    pub repos: Vec<String>,
+}
+
+/// Single session detail returned by `GET /api/sessions/:id`.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionDetail {
+    #[serde(flatten)]
+    #[cfg_attr(feature = "ts", ts(flatten))]
+    pub summary: SessionSummary,
+    #[serde(default, skip_serializing_if = "Vec::is_empty")]
+    pub linked_sessions: Vec<SessionLink>,
+}
+
+/// A link between two sessions (e.g., handoff chain).
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct SessionLink {
+    pub session_id: String,
+    pub linked_session_id: String,
+    pub link_type: LinkType,
+    pub created_at: String,
+}
+
+/// Request body for `POST /api/sessions/:id/events` — append live events.
+#[derive(Debug, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct StreamEventsRequest {
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub agent: Option<Agent>,
+    #[cfg_attr(feature = "ts", ts(type = "any"))]
+    pub context: Option<SessionContext>,
+    #[cfg_attr(feature = "ts", ts(type = "any[]"))]
+    pub events: Vec<Event>,
+}
+
+/// Returned by `POST /api/sessions/:id/events` — number of events accepted.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct StreamEventsResponse {
+    pub accepted: usize,
+}
+
+/// Returned by `GET /api/health` — server liveness check.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct HealthResponse {
+    pub status: String,
+    pub version: String,
+}
+
+/// Returned by `GET /api/capabilities` — runtime feature availability.
+#[derive(Debug, Serialize, Deserialize)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub struct CapabilitiesResponse {
+    pub auth_enabled: bool,
+    pub parse_preview_enabled: bool,
+    pub register_targets: Vec<String>,
+    pub share_modes: Vec<String>,
+}
+
+pub const DEFAULT_REGISTER_TARGETS: &[&str] = &["local", "git"];
+pub const DEFAULT_SHARE_MODES: &[&str] = &["web", "git", "quick", "json"];
+
+impl CapabilitiesResponse {
+    /// Build runtime capability payload with shared defaults.
+    pub fn for_runtime(auth_enabled: bool, parse_preview_enabled: bool) -> Self {
+        Self {
+            auth_enabled,
+            parse_preview_enabled,
+            register_targets: DEFAULT_REGISTER_TARGETS
+                .iter()
+                .map(|target| (*target).to_string())
+                .collect(),
+            share_modes: DEFAULT_SHARE_MODES
+                .iter()
+                .map(|mode| (*mode).to_string())
+                .collect(),
+        }
+    }
+}
+
+impl SessionListQuery {
+    /// Returns true when this query targets the anonymous public feed and is safe to edge-cache.
+    pub fn is_public_feed_cacheable(
+        &self,
+        has_auth_header: bool,
+        has_session_cookie: bool,
+    ) -> bool {
+        !has_auth_header
+            && !has_session_cookie
+            && self.search.as_deref().is_none_or(|s| s.trim().is_empty())
+            && self
+                .git_repo_name
+                .as_deref()
+                .is_none_or(|repo| repo.trim().is_empty())
+            && self.page <= 10
+            && self.per_page <= 50
+    }
+}
+
+fn default_page() -> u32 {
+    1
+}
+
+fn default_per_page() -> u32 {
+    20
+}
+
+fn default_max_active_agents() -> i64 {
+    1
+}
+
+fn default_score_plugin() -> String {
+    opensession_core::scoring::DEFAULT_SCORE_PLUGIN.to_string()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn base_query() -> SessionListQuery {
+        SessionListQuery {
+            page: 1,
+            per_page: 20,
+            search: None,
+            tool: None,
+            git_repo_name: None,
+            sort: None,
+            time_range: None,
+        }
+    }
+
+    #[test]
+    fn public_feed_cacheable_when_anonymous_default_feed() {
+        let q = base_query();
+        assert!(q.is_public_feed_cacheable(false, false));
+    }
+
+    #[test]
+    fn public_feed_not_cacheable_with_auth_or_cookie() {
+        let q = base_query();
+        assert!(!q.is_public_feed_cacheable(true, false));
+        assert!(!q.is_public_feed_cacheable(false, true));
+    }
+
+    #[test]
+    fn public_feed_not_cacheable_for_search_or_large_page() {
+        let mut q = base_query();
+        q.search = Some("hello".into());
+        assert!(!q.is_public_feed_cacheable(false, false));
+
+        let mut q = base_query();
+        q.git_repo_name = Some("org/repo".into());
+        assert!(!q.is_public_feed_cacheable(false, false));
+
+        let mut q = base_query();
+        q.page = 11;
+        assert!(!q.is_public_feed_cacheable(false, false));
+
+        let mut q = base_query();
+        q.per_page = 100;
+        assert!(!q.is_public_feed_cacheable(false, false));
+    }
+}
diff --git a/crates/api/src/shared_types.rs b/crates/api/src/shared_types.rs
new file mode 100644
index 00000000..c6b91c6e
--- /dev/null
+++ b/crates/api/src/shared_types.rs
@@ -0,0 +1,96 @@
+use serde::{Deserialize, Serialize};
+
+/// Sort order for session listings.
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum SortOrder {
+    #[default]
+    Recent,
+    Popular,
+    Longest,
+}
+
+impl SortOrder {
+    pub fn as_str(&self) -> &str {
+        match self {
+            Self::Recent => "recent",
+            Self::Popular => "popular",
+            Self::Longest => "longest",
+        }
+    }
+}
+
+impl std::fmt::Display for SortOrder {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(self.as_str())
+    }
+}
+
+/// Time range filter for queries.
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum TimeRange {
+    #[serde(rename = "24h")]
+    Hours24,
+    #[serde(rename = "7d")]
+    Days7,
+    #[serde(rename = "30d")]
+    Days30,
+    #[default]
+    #[serde(rename = "all")]
+    All,
+}
+
+impl TimeRange {
+    pub fn as_str(&self) -> &str {
+        match self {
+            Self::Hours24 => "24h",
+            Self::Days7 => "7d",
+            Self::Days30 => "30d",
+            Self::All => "all",
+        }
+    }
+}
+
+impl std::fmt::Display for TimeRange {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(self.as_str())
+    }
+}
+
+/// Type of link between two sessions.
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+#[cfg_attr(feature = "ts", derive(ts_rs::TS))]
+#[cfg_attr(feature = "ts", ts(export))]
+pub enum LinkType {
+    Handoff,
+    Related,
+    Parent,
+    Child,
+}
+
+impl LinkType {
+    pub fn as_str(&self) -> &str {
+        match self {
+            Self::Handoff => "handoff",
+            Self::Related => "related",
+            Self::Parent => "parent",
+            Self::Child => "child",
+        }
+    }
+}
+
+impl std::fmt::Display for LinkType {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(self.as_str())
+    }
+}
+
+/// Safely convert `u64` to `i64`, saturating at `i64::MAX` instead of wrapping.
+pub fn saturating_i64(v: u64) -> i64 {
+    i64::try_from(v).unwrap_or(i64::MAX)
+}
diff --git a/crates/cli/src/cli_args.rs b/crates/cli/src/cli_args.rs
new file mode 100644
index 00000000..81916a85
--- /dev/null
+++ b/crates/cli/src/cli_args.rs
@@ -0,0 +1,131 @@
+use clap::{Parser, Subcommand};
+use std::path::PathBuf;
+
+use crate::setup_cmd;
+
+#[derive(Parser)]
+#[command(
+    name = "opensession",
+    about = "OpenSession CLI - local-first source URI workflows",
+    after_long_help = r"First-user flow (5 minutes):
+  opensession docs quickstart
+
+Common next steps:
+  opensession doctor
+  opensession doctor --fix --profile local
+  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl
+  opensession register ./session.hail.jsonl
+  opensession share os://src/local/<sha256> --quick"
+)]
+pub(crate) struct Cli {
+    #[command(subcommand)]
+    pub(crate) command: Commands,
+}
+
+#[derive(Subcommand)]
+pub(crate) enum Commands {
+    /// Register canonical HAIL JSONL into local object store.
+    Register(crate::register::RegisterArgs),
+    /// Print canonical JSONL for a local source URI.
+    Cat(crate::cat_cmd::CatArgs),
+    /// Inspect summary metadata for source/artifact URIs.
+    Inspect(crate::inspect::InspectArgs),
+    /// Resolve sharing outputs from a source URI.
+    Share(crate::share::ShareArgs),
+    /// Open a review-centric web view from URI/file/URL/commit targets.
+    View(crate::view::ViewArgs),
+    /// Review a GitHub PR using local hidden refs and grouped commit sessions.
+    Review(crate::review::ReviewArgs),
+    /// Build and manage immutable handoff artifacts.
+    Handoff(crate::handoff_v1::HandoffArgs),
+    /// Parse agent-native logs into canonical HAIL JSONL.
+    Parse(crate::parse_cmd::ParseArgs),
+    /// Generate/show local semantic summaries.
+    Summary(crate::summary_cmd::SummaryArgs),
+    /// Manage explicit repo config (`.opensession/config.toml`).
+    Config(crate::config_cmd::ConfigArgs),
+    /// Configure and run hidden-ref cleanup automation.
+    Cleanup(crate::cleanup_cmd::CleanupArgs),
+    /// Install/update OpenSession git hooks and diagnostics.
+    #[command(hide = true)]
+    Setup(crate::setup_cmd::SetupArgs),
+    /// Diagnose and optionally fix local OpenSession setup.
+    Doctor(crate::doctor_cmd::DoctorArgs),
+    /// Generate shell completion scripts.
+    Docs {
+        #[command(subcommand)]
+        action: DocsAction,
+    },
+}
+
+#[derive(Subcommand)]
+pub(crate) enum DocsAction {
+    /// Generate shell completions.
+    Completion {
+        /// Target shell.
+        #[arg(value_enum)]
+        shell: clap_complete::Shell,
+    },
+    /// Print a 5-minute first-user flow.
+    Quickstart {
+        /// Parser profile used for first parse.
+        #[arg(long, default_value = "codex")]
+        profile: String,
+        /// Setup profile used for doctor/setup defaults.
+        #[arg(long, value_enum, default_value = "local")]
+        setup_profile: setup_cmd::SetupProfile,
+        /// Raw input path for parse.
+        #[arg(long, default_value = "./raw-session.jsonl")]
+        input: PathBuf,
+        /// Canonical output path for parse.
+        #[arg(long, default_value = "./session.hail.jsonl")]
+        out: PathBuf,
+        /// Git remote name used for initial share.
+        #[arg(long, default_value = "origin")]
+        remote: String,
+    },
+}
+
+#[cfg(test)]
+mod tests {
+    use clap::Parser;
+    use std::path::PathBuf;
+
+    use super::{Cli, Commands, DocsAction};
+
+    #[test]
+    fn parses_docs_completion_subcommand() {
+        let cli = Cli::parse_from(["opensession", "docs", "completion", "zsh"]);
+        match cli.command {
+            Commands::Docs {
+                action: DocsAction::Completion { shell },
+            } => {
+                assert_eq!(shell.to_string(), "zsh");
+            }
+            _ => panic!("expected docs completion command"),
+        }
+    }
+
+    #[test]
+    fn quickstart_defaults_profile_and_remote() {
+        let cli = Cli::parse_from(["opensession", "docs", "quickstart"]);
+        match cli.command {
+            Commands::Docs {
+                action:
+                    DocsAction::Quickstart {
+                        profile,
+                        remote,
+                        input,
+                        out,
+                        ..
+                    },
+            } => {
+                assert_eq!(profile, "codex");
+                assert_eq!(remote, "origin");
+                assert_eq!(input, PathBuf::from("./raw-session.jsonl"));
+                assert_eq!(out, PathBuf::from("./session.hail.jsonl"));
+            }
+            _ => panic!("expected docs quickstart command"),
+        }
+    }
+}
diff --git a/crates/cli/src/docs_cmd.rs b/crates/cli/src/docs_cmd.rs
new file mode 100644
index 00000000..80d86fe5
--- /dev/null
+++ b/crates/cli/src/docs_cmd.rs
@@ -0,0 +1,66 @@
+use clap::CommandFactory;
+use std::path::Path;
+
+use crate::{cli_args::Cli, setup_cmd};
+
+pub(crate) fn run_docs(action: crate::cli_args::DocsAction) -> anyhow::Result<()> {
+    match action {
+        crate::cli_args::DocsAction::Completion { shell } => {
+            let mut cmd = <Cli as CommandFactory>::command();
+            clap_complete::generate(shell, &mut cmd, "opensession", &mut std::io::stdout());
+            Ok(())
+        }
+        crate::cli_args::DocsAction::Quickstart {
+            profile,
+            setup_profile,
+            input,
+            out,
+            remote,
+        } => {
+            print_quickstart(&profile, setup_profile, &input, &out, &remote);
+            Ok(())
+        }
+    }
+}
+
+fn print_quickstart(
+    profile: &str,
+    setup_profile: setup_cmd::SetupProfile,
+    input: &Path,
+    out: &Path,
+    remote: &str,
+) {
+    println!("# OpenSession 5-minute first-user flow");
+    println!();
+    println!("# 1) Diagnose and apply setup");
+    println!("opensession doctor");
+    println!(
+        "opensession doctor --fix --profile {}",
+        setup_profile.as_str()
+    );
+    if matches!(setup_profile, setup_cmd::SetupProfile::App) {
+        println!("opensession doctor --fix --profile app --open-target app");
+    }
+    println!();
+    println!("# 2) Parse raw logs into canonical HAIL JSONL");
+    println!(
+        "opensession parse --profile {} {} --out {}",
+        profile,
+        input.display(),
+        out.display()
+    );
+    println!();
+    println!("# 3) Register canonical session locally");
+    println!("opensession register {}", out.display());
+    println!("# -> os://src/local/<sha256>");
+    println!();
+    println!("# 4) Share local source URI via quick git flow");
+    println!(
+        "opensession share os://src/local/<sha256> --quick --remote {}",
+        remote
+    );
+    println!();
+    println!("# 5) Optional: convert a remote URI to web URL");
+    println!("opensession config init --base-url https://opensession.io");
+    println!("opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web");
+}
diff --git a/crates/cli/src/entrypoint.rs b/crates/cli/src/entrypoint.rs
new file mode 100644
index 00000000..01da61a4
--- /dev/null
+++ b/crates/cli/src/entrypoint.rs
@@ -0,0 +1,49 @@
+use clap::Parser;
+
+use crate::{
+    cat_cmd, cleanup_cmd,
+    cli_args::{Cli, Commands},
+    config_cmd, docs_cmd, doctor_cmd, handoff_v1, inspect, parse_cmd, register, review, setup_cmd,
+    share, summary_cmd, view,
+};
+
+pub(crate) async fn run_process() {
+    let cli = Cli::parse();
+
+    let result = match cli.command {
+        Commands::Register(args) => register::run(args),
+        Commands::Cat(args) => cat_cmd::run(args),
+        Commands::Inspect(args) => inspect::run(args),
+        Commands::Share(args) => share::run(args),
+        Commands::View(args) => view::run(args).await,
+        Commands::Review(args) => review::run(args).await,
+        Commands::Handoff(args) => handoff_v1::run(args),
+        Commands::Parse(args) => parse_cmd::run(args),
+        Commands::Summary(args) => summary_cmd::run(args).await,
+        Commands::Config(args) => config_cmd::run(args),
+        Commands::Cleanup(args) => cleanup_cmd::run(args),
+        Commands::Setup(args) => setup_cmd::run(args),
+        Commands::Doctor(args) => doctor_cmd::run(args),
+        Commands::Docs { action } => docs_cmd::run_docs(action),
+    };
+
+    if let Err(error) = result {
+        if debug_errors_enabled() {
+            eprintln!("Error: {error:#}");
+        } else {
+            eprintln!("Error: {error}");
+        }
+        std::process::exit(1);
+    }
+}
+
+fn debug_errors_enabled() -> bool {
+    matches!(
+        std::env::var("OPENSESSION_DEBUG"),
+        Ok(value)
+            if matches!(
+                value.trim().to_ascii_lowercase().as_str(),
+                "1" | "true" | "yes" | "on"
+            )
+    )
+}
diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
index 83e49b7c..de9013f1 100644
--- a/crates/cli/src/main.rs
+++ b/crates/cli/src/main.rs
@@ -1,7 +1,10 @@
 mod cat_cmd;
 mod cleanup_cmd;
+mod cli_args;
 mod config_cmd;
+mod docs_cmd;
 mod doctor_cmd;
+mod entrypoint;
 mod handoff_v1;
 mod hooks;
 mod inspect;
@@ -17,193 +20,7 @@ mod url_opener;
 mod user_guidance;
 mod view;
 
-use clap::{Parser, Subcommand};
-use std::path::Path;
-use std::path::PathBuf;
-
-#[derive(Parser)]
-#[command(
-    name = "opensession",
-    about = "OpenSession CLI - local-first source URI workflows",
-    after_long_help = r"First-user flow (5 minutes):
-  opensession docs quickstart
-
-Common next steps:
-  opensession doctor
-  opensession doctor --fix --profile local
-  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl
-  opensession register ./session.hail.jsonl
-  opensession share os://src/local/<sha256> --quick"
-)]
-struct Cli {
-    #[command(subcommand)]
-    command: Commands,
-}
-
-#[derive(Subcommand)]
-enum Commands {
-    /// Register canonical HAIL JSONL into local object store.
-    Register(register::RegisterArgs),
-    /// Print canonical JSONL for a local source URI.
-    Cat(cat_cmd::CatArgs),
-    /// Inspect summary metadata for source/artifact URIs.
-    Inspect(inspect::InspectArgs),
-    /// Resolve sharing outputs from a source URI.
-    Share(share::ShareArgs),
-    /// Open a review-centric web view from URI/file/URL/commit targets.
-    View(view::ViewArgs),
-    /// Review a GitHub PR using local hidden refs and grouped commit sessions.
-    Review(review::ReviewArgs),
-    /// Build and manage immutable handoff artifacts.
-    Handoff(handoff_v1::HandoffArgs),
-    /// Parse agent-native logs into canonical HAIL JSONL.
-    Parse(parse_cmd::ParseArgs),
-    /// Generate/show local semantic summaries.
-    Summary(summary_cmd::SummaryArgs),
-    /// Manage explicit repo config (`.opensession/config.toml`).
-    Config(config_cmd::ConfigArgs),
-    /// Configure and run hidden-ref cleanup automation.
-    Cleanup(cleanup_cmd::CleanupArgs),
-    /// Install/update OpenSession git hooks and diagnostics.
-    #[command(hide = true)]
-    Setup(setup_cmd::SetupArgs),
-    /// Diagnose and optionally fix local OpenSession setup.
-    Doctor(doctor_cmd::DoctorArgs),
-    /// Generate shell completion scripts.
-    Docs {
-        #[command(subcommand)]
-        action: DocsAction,
-    },
-}
-
-#[derive(Subcommand)]
-enum DocsAction {
-    /// Generate shell completions.
-    Completion {
-        /// Target shell.
-        #[arg(value_enum)]
-        shell: clap_complete::Shell,
-    },
-    /// Print a 5-minute first-user flow.
-    Quickstart {
-        /// Parser profile used for first parse.
-        #[arg(long, default_value = "codex")]
-        profile: String,
-        /// Setup profile used for doctor/setup defaults.
-        #[arg(long, value_enum, default_value = "local")]
-        setup_profile: setup_cmd::SetupProfile,
-        /// Raw input path for parse.
-        #[arg(long, default_value = "./raw-session.jsonl")]
-        input: PathBuf,
-        /// Canonical output path for parse.
-        #[arg(long, default_value = "./session.hail.jsonl")]
-        out: PathBuf,
-        /// Git remote name used for initial share.
-        #[arg(long, default_value = "origin")]
-        remote: String,
-    },
-}
-
 #[tokio::main]
 async fn main() {
-    let cli = Cli::parse();
-
-    let result = match cli.command {
-        Commands::Register(args) => register::run(args),
-        Commands::Cat(args) => cat_cmd::run(args),
-        Commands::Inspect(args) => inspect::run(args),
-        Commands::Share(args) => share::run(args),
-        Commands::View(args) => view::run(args).await,
-        Commands::Review(args) => review::run(args).await,
-        Commands::Handoff(args) => handoff_v1::run(args),
-        Commands::Parse(args) => parse_cmd::run(args),
-        Commands::Summary(args) => summary_cmd::run(args).await,
-        Commands::Config(args) => config_cmd::run(args),
-        Commands::Cleanup(args) => cleanup_cmd::run(args),
-        Commands::Setup(args) => setup_cmd::run(args),
-        Commands::Doctor(args) => doctor_cmd::run(args),
-        Commands::Docs { action } => run_docs(action),
-    };
-
-    if let Err(err) = result {
-        if debug_errors_enabled() {
-            eprintln!("Error: {err:#}");
-        } else {
-            eprintln!("Error: {err}");
-        }
-        std::process::exit(1);
-    }
-}
-
-fn debug_errors_enabled() -> bool {
-    matches!(
-        std::env::var("OPENSESSION_DEBUG"),
-        Ok(value)
-            if matches!(
-                value.trim().to_ascii_lowercase().as_str(),
-                "1" | "true" | "yes" | "on"
-            )
-    )
-}
-
-fn run_docs(action: DocsAction) -> anyhow::Result<()> {
-    match action {
-        DocsAction::Completion { shell } => {
-            let mut cmd = <Cli as clap::CommandFactory>::command();
-            clap_complete::generate(shell, &mut cmd, "opensession", &mut std::io::stdout());
-            Ok(())
-        }
-        DocsAction::Quickstart {
-            profile,
-            setup_profile,
-            input,
-            out,
-            remote,
-        } => {
-            print_quickstart(&profile, setup_profile, &input, &out, &remote);
-            Ok(())
-        }
-    }
-}
-
-fn print_quickstart(
-    profile: &str,
-    setup_profile: setup_cmd::SetupProfile,
-    input: &Path,
-    out: &Path,
-    remote: &str,
-) {
-    println!("# OpenSession 5-minute first-user flow");
-    println!();
-    println!("# 1) Diagnose and apply setup");
-    println!("opensession doctor");
-    println!(
-        "opensession doctor --fix --profile {}",
-        setup_profile.as_str()
-    );
-    if matches!(setup_profile, setup_cmd::SetupProfile::App) {
-        println!("opensession doctor --fix --profile app --open-target app");
-    }
-    println!();
-    println!("# 2) Parse raw logs into canonical HAIL JSONL");
-    println!(
-        "opensession parse --profile {} {} --out {}",
-        profile,
-        input.display(),
-        out.display()
-    );
-    println!();
-    println!("# 3) Register canonical session locally");
-    println!("opensession register {}", out.display());
-    println!("# -> os://src/local/<sha256>");
-    println!();
-    println!("# 4) Share local source URI via quick git flow");
-    println!(
-        "opensession share os://src/local/<sha256> --quick --remote {}",
-        remote
-    );
-    println!();
-    println!("# 5) Optional: convert a remote URI to web URL");
-    println!("opensession config init --base-url https://opensession.io");
-    println!("opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web");
+    entrypoint::run_process().await;
 }
diff --git a/crates/daemon/src/cli.rs b/crates/daemon/src/cli.rs
new file mode 100644
index 00000000..db6e9dc4
--- /dev/null
+++ b/crates/daemon/src/cli.rs
@@ -0,0 +1,34 @@
+use clap::{Parser, Subcommand};
+
+#[derive(Debug, Parser)]
+#[command(
+    name = "opensession-daemon",
+    about = "Background daemon for automatic session detection and local indexing"
+)]
+pub(crate) struct Cli {
+    #[command(subcommand)]
+    pub(crate) command: Option<DaemonCommand>,
+}
+
+#[derive(Debug, Subcommand)]
+pub(crate) enum DaemonCommand {
+    /// Start the daemon event loop.
+    Run,
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn cli_defaults_to_run_when_no_subcommand() {
+        let cli = Cli::try_parse_from(["opensession-daemon"]).expect("parse cli");
+        assert!(cli.command.is_none());
+    }
+
+    #[test]
+    fn cli_accepts_run_subcommand() {
+        let cli = Cli::try_parse_from(["opensession-daemon", "run"]).expect("parse cli");
+        assert!(matches!(cli.command, Some(DaemonCommand::Run)));
+    }
+}
diff --git a/crates/daemon/src/entrypoint.rs b/crates/daemon/src/entrypoint.rs
new file mode 100644
index 00000000..d9a2a4b8
--- /dev/null
+++ b/crates/daemon/src/entrypoint.rs
@@ -0,0 +1,28 @@
+use clap::Parser;
+use tracing::error;
+
+use crate::cli::{Cli, DaemonCommand};
+
+pub(crate) async fn run_process() {
+    let cli = Cli::parse();
+    initialize_tracing();
+
+    let result = match cli.command.unwrap_or(DaemonCommand::Run) {
+        DaemonCommand::Run => crate::runtime::run().await,
+    };
+
+    if let Err(error) = result {
+        error!("Daemon fatal error: {:#}", error);
+        std::process::exit(1);
+    }
+}
+
+fn initialize_tracing() {
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            tracing_subscriber::EnvFilter::from_default_env()
+                .add_directive("opensession_daemon=info".parse().unwrap())
+                .add_directive(tracing::Level::WARN.into()),
+        )
+        .init();
+}
diff --git a/crates/daemon/src/main.rs b/crates/daemon/src/main.rs
index ca3516f9..2f394229 100644
--- a/crates/daemon/src/main.rs
+++ b/crates/daemon/src/main.rs
@@ -1,183 +1,14 @@
+mod cli;
 mod config;
+mod entrypoint;
 mod health;
 pub mod hooks;
 mod repo_registry;
+mod runtime;
 mod scheduler;
 mod watcher;
 
-use anyhow::Result;
-use clap::{Parser, Subcommand};
-use opensession_local_db::LocalDb;
-use std::sync::Arc;
-use tokio::sync::{mpsc, watch};
-use tracing::{error, info};
-
-#[derive(Debug, Parser)]
-#[command(
-    name = "opensession-daemon",
-    about = "Background daemon for automatic session detection and local indexing"
-)]
-struct Cli {
-    #[command(subcommand)]
-    command: Option<DaemonCommand>,
-}
-
-#[derive(Debug, Subcommand)]
-enum DaemonCommand {
-    /// Start the daemon event loop.
-    Run,
-}
-
 #[tokio::main]
 async fn main() {
-    let cli = Cli::parse();
-
-    tracing_subscriber::fmt()
-        .with_env_filter(
-            tracing_subscriber::EnvFilter::from_default_env()
-                .add_directive("opensession_daemon=info".parse().unwrap())
-                .add_directive(tracing::Level::WARN.into()),
-        )
-        .init();
-
-    let result = match cli.command.unwrap_or(DaemonCommand::Run) {
-        DaemonCommand::Run => run().await,
-    };
-
-    if let Err(e) = result {
-        error!("Daemon fatal error: {:#}", e);
-        std::process::exit(1);
-    }
-}
-
-async fn run() -> Result<()> {
-    info!("opensession-daemon starting");
-
-    let cfg = config::load_config()?;
-    let watch_paths = config::resolve_watch_paths(&cfg);
-
-    if watch_paths.is_empty() {
-        info!("No session directories found to watch. The daemon will idle.");
-    } else {
-        info!("Watching {} directories", watch_paths.len());
-    }
-
-    // Open local DB
-    let db = Arc::new(LocalDb::open()?);
-    info!("Local DB opened");
-
-    // Write PID file
-    write_pid_file()?;
-
-    // Channel for file change events
-    let (tx, rx) = mpsc::unbounded_channel();
-
-    // Shutdown signal
-    let (shutdown_tx, shutdown_rx) = watch::channel(false);
-
-    // Start file watcher (must keep handle alive)
-    let _watcher = if !watch_paths.is_empty() {
-        Some(watcher::start_watcher(&watch_paths, tx.clone())?)
-    } else {
-        None
-    };
-
-    if !watch_paths.is_empty() {
-        let seeded = watcher::seed_existing_session_files(&watch_paths, &tx);
-        if seeded > 0 {
-            info!(
-                "Queued {} existing session files for startup backfill",
-                seeded
-            );
-        }
-    }
-
-    // Start scheduler in background
-    let scheduler_cfg = cfg.clone();
-    let scheduler_shutdown = shutdown_rx.clone();
-    let scheduler_db = Arc::clone(&db);
-    let scheduler_handle = tokio::spawn(async move {
-        scheduler::run_scheduler(scheduler_cfg, rx, scheduler_shutdown, scheduler_db).await;
-    });
-
-    // Start health check in background
-    let health_shutdown = shutdown_rx.clone();
-    let health_handle = tokio::spawn(health::run_health_check(
-        cfg.server.url.clone(),
-        cfg.server.api_key.clone(),
-        watch_paths.clone(),
-        cfg.daemon.health_check_interval_secs,
-        health_shutdown,
-    ));
-
-    // Wait for shutdown signal
-    wait_for_shutdown().await;
-
-    info!("Shutdown signal received, stopping...");
-    let _ = shutdown_tx.send(true);
-
-    // Wait for tasks to finish
-    let _ = scheduler_handle.await;
-    let _ = health_handle.await;
-
-    // Clean up PID file
-    cleanup_pid_file();
-
-    info!("opensession-daemon stopped");
-    Ok(())
-}
-
-/// Write PID file so the CLI can find us
-fn write_pid_file() -> Result<()> {
-    let path = config::pid_file_path()?;
-    let dir = path.parent().unwrap();
-    std::fs::create_dir_all(dir)?;
-    std::fs::write(&path, std::process::id().to_string())?;
-    info!("PID file written: {}", path.display());
-    Ok(())
-}
-
-/// Remove PID file on clean shutdown
-fn cleanup_pid_file() {
-    if let Ok(path) = config::pid_file_path() {
-        let _ = std::fs::remove_file(path);
-    }
-}
-
-/// Wait for SIGTERM or SIGINT
-async fn wait_for_shutdown() {
-    #[cfg(unix)]
-    {
-        use tokio::signal::unix::{SignalKind, signal};
-        let mut sigterm = signal(SignalKind::terminate()).expect("Failed to register SIGTERM");
-        let mut sigint = signal(SignalKind::interrupt()).expect("Failed to register SIGINT");
-        tokio::select! {
-            _ = sigterm.recv() => info!("Received SIGTERM"),
-            _ = sigint.recv() => info!("Received SIGINT"),
-        }
-    }
-    #[cfg(not(unix))]
-    {
-        tokio::signal::ctrl_c()
-            .await
-            .expect("Failed to register Ctrl+C handler");
-        info!("Received Ctrl+C");
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn cli_defaults_to_run_when_no_subcommand() {
-        let cli = Cli::try_parse_from(["opensession-daemon"]).expect("parse cli");
-        assert!(cli.command.is_none());
-    }
-
-    #[test]
-    fn cli_accepts_run_subcommand() {
-        let cli = Cli::try_parse_from(["opensession-daemon", "run"]).expect("parse cli");
-        assert!(matches!(cli.command, Some(DaemonCommand::Run)));
-    }
+    entrypoint::run_process().await;
 }
diff --git a/crates/daemon/src/runtime.rs b/crates/daemon/src/runtime.rs
new file mode 100644
index 00000000..e23902cc
--- /dev/null
+++ b/crates/daemon/src/runtime.rs
@@ -0,0 +1,126 @@
+use anyhow::Result;
+use opensession_local_db::LocalDb;
+use std::sync::Arc;
+use tokio::sync::{mpsc, watch};
+use tracing::info;
+
+use crate::{config, health, scheduler, watcher};
+
+pub(crate) async fn run() -> Result<()> {
+    info!("opensession-daemon starting");
+
+    let cfg = config::load_config()?;
+    let watch_paths = config::resolve_watch_paths(&cfg);
+
+    if watch_paths.is_empty() {
+        info!("No session directories found to watch. The daemon will idle.");
+    } else {
+        info!("Watching {} directories", watch_paths.len());
+    }
+
+    let db = Arc::new(LocalDb::open()?);
+    info!("Local DB opened");
+
+    write_pid_file()?;
+
+    let (tx, rx) = mpsc::unbounded_channel();
+    let (shutdown_tx, shutdown_rx) = watch::channel(false);
+
+    let _watcher = start_watcher_pipeline(&watch_paths, &tx)?;
+
+    let scheduler_cfg = cfg.clone();
+    let scheduler_shutdown = shutdown_rx.clone();
+    let scheduler_db = Arc::clone(&db);
+    let scheduler_handle = tokio::spawn(async move {
+        scheduler::run_scheduler(scheduler_cfg, rx, scheduler_shutdown, scheduler_db).await;
+    });
+
+    let health_shutdown = shutdown_rx.clone();
+    let health_handle = tokio::spawn(health::run_health_check(
+        cfg.server.url.clone(),
+        cfg.server.api_key.clone(),
+        watch_paths.clone(),
+        cfg.daemon.health_check_interval_secs,
+        health_shutdown,
+    ));
+
+    wait_for_shutdown().await;
+
+    info!("Shutdown signal received, stopping...");
+    let _ = shutdown_tx.send(true);
+
+    let _ = scheduler_handle.await;
+    let _ = health_handle.await;
+
+    cleanup_pid_file();
+
+    info!("opensession-daemon stopped");
+    Ok(())
+}
+
+fn start_watcher_pipeline(
+    watch_paths: &[std::path::PathBuf],
+    tx: &mpsc::UnboundedSender<watcher::FileChangeEvent>,
+) -> Result<Option<notify::RecommendedWatcher>> {
+    if watch_paths.is_empty() {
+        return Ok(None);
+    }
+
+    let watcher_handle = watcher::start_watcher(watch_paths, tx.clone())?;
+    let seeded = watcher::seed_existing_session_files(watch_paths, tx);
+    if seeded > 0 {
+        info!(
+            "Queued {} existing session files for startup backfill",
+            seeded
+        );
+    }
+    Ok(Some(watcher_handle))
+}
+
+fn write_pid_file() -> Result<()> {
+    let path = config::pid_file_path()?;
+    let dir = path.parent().expect("pid file path should have parent");
+    std::fs::create_dir_all(dir)?;
+    std::fs::write(&path, std::process::id().to_string())?;
+    info!("PID file written: {}", path.display());
+    Ok(())
+}
+
+fn cleanup_pid_file() {
+    if let Ok(path) = config::pid_file_path() {
+        let _ = std::fs::remove_file(path);
+    }
+}
+
+async fn wait_for_shutdown() {
+    #[cfg(unix)]
+    {
+        use tokio::signal::unix::{SignalKind, signal};
+        let mut sigterm = signal(SignalKind::terminate()).expect("Failed to register SIGTERM");
+        let mut sigint = signal(SignalKind::interrupt()).expect("Failed to register SIGINT");
+        tokio::select! {
+            _ = sigterm.recv() => info!("Received SIGTERM"),
+            _ = sigint.recv() => info!("Received SIGINT"),
+        }
+    }
+    #[cfg(not(unix))]
+    {
+        tokio::signal::ctrl_c()
+            .await
+            .expect("Failed to register Ctrl+C handler");
+        info!("Received Ctrl+C");
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::start_watcher_pipeline;
+    use tokio::sync::mpsc;
+
+    #[test]
+    fn watcher_pipeline_skips_empty_watch_paths() {
+        let (tx, _rx) = mpsc::unbounded_channel();
+        let watcher = start_watcher_pipeline(&[], &tx).expect("empty watcher pipeline");
+        assert!(watcher.is_none());
+    }
+}
diff --git a/crates/local-db/src/connection.rs b/crates/local-db/src/connection.rs
new file mode 100644
index 00000000..f67abd36
--- /dev/null
+++ b/crates/local-db/src/connection.rs
@@ -0,0 +1,68 @@
+use anyhow::{Context, Result};
+use rusqlite::Connection;
+use std::path::PathBuf;
+use std::sync::{Mutex, MutexGuard};
+
+use crate::migrations::{
+    apply_local_migrations, repair_auxiliary_flags_from_source_path,
+    repair_session_tools_from_source_path, validate_local_schema,
+};
+
+/// Local SQLite index/cache shared by TUI and Daemon.
+/// This is not the source of truth for canonical session bodies.
+/// Thread-safe: wraps the connection in a Mutex so it can be shared via `Arc<LocalDb>`.
+pub struct LocalDb {
+    conn: Mutex<Connection>,
+}
+
+impl LocalDb {
+    /// Open (or create) the local database at the default path.
+    /// `~/.local/share/opensession/local.db`
+    pub fn open() -> Result<Self> {
+        let path = default_db_path()?;
+        Self::open_path(&path)
+    }
+
+    /// Open (or create) the local database at a specific path.
+    pub fn open_path(path: &PathBuf) -> Result<Self> {
+        if let Some(parent) = path.parent() {
+            std::fs::create_dir_all(parent)
+                .with_context(|| format!("create dir for {}", path.display()))?;
+        }
+        let conn = open_connection_with_latest_schema(path)
+            .with_context(|| format!("open local db {}", path.display()))?;
+        Ok(Self {
+            conn: Mutex::new(conn),
+        })
+    }
+
+    pub(crate) fn conn(&self) -> MutexGuard<'_, Connection> {
+        self.conn.lock().expect("local db mutex poisoned")
+    }
+}
+
+fn open_connection_with_latest_schema(path: &PathBuf) -> Result<Connection> {
+    let conn = Connection::open(path).with_context(|| format!("open db {}", path.display()))?;
+    conn.execute_batch("PRAGMA journal_mode=WAL;")?;
+
+    // Disable FK constraints for local DB (index/cache, not source of truth)
+    conn.execute_batch("PRAGMA foreign_keys=OFF;")?;
+
+    apply_local_migrations(&conn)?;
+    repair_session_tools_from_source_path(&conn)?;
+    repair_auxiliary_flags_from_source_path(&conn)?;
+    validate_local_schema(&conn)?;
+
+    Ok(conn)
+}
+
+fn default_db_path() -> Result<PathBuf> {
+    let home = std::env::var("HOME")
+        .or_else(|_| std::env::var("USERPROFILE"))
+        .context("Could not determine home directory")?;
+    Ok(PathBuf::from(home)
+        .join(".local")
+        .join("share")
+        .join("opensession")
+        .join("local.db"))
+}
diff --git a/crates/local-db/src/job_store.rs b/crates/local-db/src/job_store.rs
new file mode 100644
index 00000000..b052ec9c
--- /dev/null
+++ b/crates/local-db/src/job_store.rs
@@ -0,0 +1,184 @@
+use anyhow::Result;
+use rusqlite::{OptionalExtension, params};
+
+use crate::connection::LocalDb;
+
+/// Vector indexing progress/status snapshot.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct VectorIndexJobRow {
+    pub status: String,
+    pub processed_sessions: u32,
+    pub total_sessions: u32,
+    pub message: Option<String>,
+    pub started_at: Option<String>,
+    pub finished_at: Option<String>,
+}
+
+/// Summary batch generation progress/status snapshot.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SummaryBatchJobRow {
+    pub status: String,
+    pub processed_sessions: u32,
+    pub total_sessions: u32,
+    pub failed_sessions: u32,
+    pub message: Option<String>,
+    pub started_at: Option<String>,
+    pub finished_at: Option<String>,
+}
+
+/// Lifecycle cleanup progress/status snapshot.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct LifecycleCleanupJobRow {
+    pub status: String,
+    pub deleted_sessions: u32,
+    pub deleted_summaries: u32,
+    pub message: Option<String>,
+    pub started_at: Option<String>,
+    pub finished_at: Option<String>,
+}
+
+impl LocalDb {
+    pub fn set_vector_index_job(&self, payload: &VectorIndexJobRow) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO vector_index_jobs \
+             (id, status, processed_sessions, total_sessions, message, started_at, finished_at, updated_at) \
+             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, datetime('now')) \
+             ON CONFLICT(id) DO UPDATE SET \
+             status=excluded.status, \
+             processed_sessions=excluded.processed_sessions, \
+             total_sessions=excluded.total_sessions, \
+             message=excluded.message, \
+             started_at=excluded.started_at, \
+             finished_at=excluded.finished_at, \
+             updated_at=datetime('now')",
+            params![
+                payload.status,
+                payload.processed_sessions as i64,
+                payload.total_sessions as i64,
+                payload.message,
+                payload.started_at,
+                payload.finished_at,
+            ],
+        )?;
+        Ok(())
+    }
+
+    pub fn get_vector_index_job(&self) -> Result<Option<VectorIndexJobRow>> {
+        let row = self
+            .conn()
+            .query_row(
+                "SELECT status, processed_sessions, total_sessions, message, started_at, finished_at \
+                 FROM vector_index_jobs WHERE id = 1 LIMIT 1",
+                [],
+                |row| {
+                    Ok(VectorIndexJobRow {
+                        status: row.get(0)?,
+                        processed_sessions: row.get::<_, i64>(1)?.max(0) as u32,
+                        total_sessions: row.get::<_, i64>(2)?.max(0) as u32,
+                        message: row.get(3)?,
+                        started_at: row.get(4)?,
+                        finished_at: row.get(5)?,
+                    })
+                },
+            )
+            .optional()?;
+        Ok(row)
+    }
+
+    pub fn set_summary_batch_job(&self, payload: &SummaryBatchJobRow) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO summary_batch_jobs \
+             (id, status, processed_sessions, total_sessions, failed_sessions, message, started_at, finished_at, updated_at) \
+             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, ?7, datetime('now')) \
+             ON CONFLICT(id) DO UPDATE SET \
+             status=excluded.status, \
+             processed_sessions=excluded.processed_sessions, \
+             total_sessions=excluded.total_sessions, \
+             failed_sessions=excluded.failed_sessions, \
+             message=excluded.message, \
+             started_at=excluded.started_at, \
+             finished_at=excluded.finished_at, \
+             updated_at=datetime('now')",
+            params![
+                payload.status,
+                payload.processed_sessions as i64,
+                payload.total_sessions as i64,
+                payload.failed_sessions as i64,
+                payload.message,
+                payload.started_at,
+                payload.finished_at,
+            ],
+        )?;
+        Ok(())
+    }
+
+    pub fn get_summary_batch_job(&self) -> Result<Option<SummaryBatchJobRow>> {
+        let row = self
+            .conn()
+            .query_row(
+                "SELECT status, processed_sessions, total_sessions, failed_sessions, message, started_at, finished_at \
+                 FROM summary_batch_jobs WHERE id = 1 LIMIT 1",
+                [],
+                |row| {
+                    Ok(SummaryBatchJobRow {
+                        status: row.get(0)?,
+                        processed_sessions: row.get::<_, i64>(1)?.max(0) as u32,
+                        total_sessions: row.get::<_, i64>(2)?.max(0) as u32,
+                        failed_sessions: row.get::<_, i64>(3)?.max(0) as u32,
+                        message: row.get(4)?,
+                        started_at: row.get(5)?,
+                        finished_at: row.get(6)?,
+                    })
+                },
+            )
+            .optional()?;
+        Ok(row)
+    }
+
+    pub fn set_lifecycle_cleanup_job(&self, payload: &LifecycleCleanupJobRow) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO lifecycle_cleanup_jobs \
+             (id, status, deleted_sessions, deleted_summaries, message, started_at, finished_at, updated_at) \
+             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, datetime('now')) \
+             ON CONFLICT(id) DO UPDATE SET \
+             status=excluded.status, \
+             deleted_sessions=excluded.deleted_sessions, \
+             deleted_summaries=excluded.deleted_summaries, \
+             message=excluded.message, \
+             started_at=excluded.started_at, \
+             finished_at=excluded.finished_at, \
+             updated_at=datetime('now')",
+            params![
+                payload.status,
+                payload.deleted_sessions as i64,
+                payload.deleted_summaries as i64,
+                payload.message,
+                payload.started_at,
+                payload.finished_at,
+            ],
+        )?;
+        Ok(())
+    }
+
+    pub fn get_lifecycle_cleanup_job(&self) -> Result<Option<LifecycleCleanupJobRow>> {
+        let row = self
+            .conn()
+            .query_row(
+                "SELECT status, deleted_sessions, deleted_summaries, message, started_at, finished_at \
+                 FROM lifecycle_cleanup_jobs WHERE id = 1 LIMIT 1",
+                [],
+                |row| {
+                    Ok(LifecycleCleanupJobRow {
+                        status: row.get(0)?,
+                        deleted_sessions: row.get::<_, i64>(1)?.max(0) as u32,
+                        deleted_summaries: row.get::<_, i64>(2)?.max(0) as u32,
+                        message: row.get(3)?,
+                        started_at: row.get(4)?,
+                        finished_at: row.get(5)?,
+                    })
+                },
+            )
+            .optional()?;
+        Ok(row)
+    }
+}
diff --git a/crates/local-db/src/lib.rs b/crates/local-db/src/lib.rs
index a5770d11..9cb88b25 100644
--- a/crates/local-db/src/lib.rs
+++ b/crates/local-db/src/lib.rs
@@ -1,1977 +1,35 @@
 pub mod git;
 
-use anyhow::{Context, Result};
-use opensession_api::db::migrations::{LOCAL_MIGRATIONS, MIGRATIONS};
-use opensession_core::session::{is_auxiliary_session, working_directory};
+mod connection;
+mod job_store;
+mod migrations;
+mod repo_store;
+mod session_store;
+mod summary_store;
+mod sync_store;
+mod vector_store;
+
+pub use connection::LocalDb;
+pub use job_store::{LifecycleCleanupJobRow, SummaryBatchJobRow, VectorIndexJobRow};
+pub use session_store::{
+    LocalSessionFilter, LocalSessionLink, LocalSessionRow, LocalSortOrder, LocalTimeRange,
+    LogFilter, RemoteSessionSummary,
+};
+pub use summary_store::{SessionSemanticSummaryRow, SessionSemanticSummaryUpsert};
+pub use vector_store::{VectorChunkCandidateRow, VectorChunkUpsert};
+
+#[cfg(test)]
+use anyhow::Result;
+#[cfg(test)]
+use opensession_api::db::migrations::LOCAL_MIGRATIONS;
+#[cfg(test)]
 use opensession_core::trace::Session;
-use rusqlite::{Connection, OptionalExtension, params};
-use serde_json::Value;
-use std::fs;
-use std::io::{BufRead, BufReader};
+#[cfg(test)]
+use rusqlite::{Connection, params};
+#[cfg(test)]
 use std::path::PathBuf;
-use std::sync::Mutex;
-
-use git::{GitContext, normalize_repo_name};
-
-const SUMMARY_WORKER_TITLE_PREFIX_LOWER: &str =
-    "convert a real coding session into semantic compression.";
-
-/// A local session row stored in the local SQLite index/cache database.
-#[derive(Debug, Clone)]
-pub struct LocalSessionRow {
-    pub id: String,
-    pub source_path: Option<String>,
-    pub sync_status: String,
-    pub last_synced_at: Option<String>,
-    pub user_id: Option<String>,
-    pub nickname: Option<String>,
-    pub team_id: Option<String>,
-    pub tool: String,
-    pub agent_provider: Option<String>,
-    pub agent_model: Option<String>,
-    pub title: Option<String>,
-    pub description: Option<String>,
-    pub tags: Option<String>,
-    pub created_at: String,
-    pub uploaded_at: Option<String>,
-    pub message_count: i64,
-    pub user_message_count: i64,
-    pub task_count: i64,
-    pub event_count: i64,
-    pub duration_seconds: i64,
-    pub total_input_tokens: i64,
-    pub total_output_tokens: i64,
-    pub git_remote: Option<String>,
-    pub git_branch: Option<String>,
-    pub git_commit: Option<String>,
-    pub git_repo_name: Option<String>,
-    pub pr_number: Option<i64>,
-    pub pr_url: Option<String>,
-    pub working_directory: Option<String>,
-    pub files_modified: Option<String>,
-    pub files_read: Option<String>,
-    pub has_errors: bool,
-    pub max_active_agents: i64,
-    pub is_auxiliary: bool,
-}
-
-/// A lightweight local link row for session-to-session relationships.
-#[derive(Debug, Clone)]
-pub struct LocalSessionLink {
-    pub session_id: String,
-    pub linked_session_id: String,
-    pub link_type: String,
-    pub created_at: String,
-}
-
-/// Session-level semantic summary row persisted in local SQLite.
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SessionSemanticSummaryRow {
-    pub session_id: String,
-    pub summary_json: String,
-    pub generated_at: String,
-    pub provider: String,
-    pub model: Option<String>,
-    pub source_kind: String,
-    pub generation_kind: String,
-    pub prompt_fingerprint: Option<String>,
-    pub source_details_json: Option<String>,
-    pub diff_tree_json: Option<String>,
-    pub error: Option<String>,
-    pub updated_at: String,
-}
-
-/// Upsert payload for session-level semantic summaries.
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SessionSemanticSummaryUpsert<'a> {
-    pub session_id: &'a str,
-    pub summary_json: &'a str,
-    pub generated_at: &'a str,
-    pub provider: &'a str,
-    pub model: Option<&'a str>,
-    pub source_kind: &'a str,
-    pub generation_kind: &'a str,
-    pub prompt_fingerprint: Option<&'a str>,
-    pub source_details_json: Option<&'a str>,
-    pub diff_tree_json: Option<&'a str>,
-    pub error: Option<&'a str>,
-}
-
-/// Vector chunk payload persisted per session.
-#[derive(Debug, Clone, PartialEq)]
-pub struct VectorChunkUpsert {
-    pub chunk_id: String,
-    pub session_id: String,
-    pub chunk_index: u32,
-    pub start_line: u32,
-    pub end_line: u32,
-    pub line_count: u32,
-    pub content: String,
-    pub content_hash: String,
-    pub embedding: Vec<f32>,
-}
-
-/// Candidate row used for local semantic vector ranking.
-#[derive(Debug, Clone, PartialEq)]
-pub struct VectorChunkCandidateRow {
-    pub chunk_id: String,
-    pub session_id: String,
-    pub start_line: u32,
-    pub end_line: u32,
-    pub content: String,
-    pub embedding: Vec<f32>,
-}
-
-/// Vector indexing progress/status snapshot.
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct VectorIndexJobRow {
-    pub status: String,
-    pub processed_sessions: u32,
-    pub total_sessions: u32,
-    pub message: Option<String>,
-    pub started_at: Option<String>,
-    pub finished_at: Option<String>,
-}
-
-/// Summary batch generation progress/status snapshot.
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SummaryBatchJobRow {
-    pub status: String,
-    pub processed_sessions: u32,
-    pub total_sessions: u32,
-    pub failed_sessions: u32,
-    pub message: Option<String>,
-    pub started_at: Option<String>,
-    pub finished_at: Option<String>,
-}
-
-/// Lifecycle cleanup progress/status snapshot.
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct LifecycleCleanupJobRow {
-    pub status: String,
-    pub deleted_sessions: u32,
-    pub deleted_summaries: u32,
-    pub message: Option<String>,
-    pub started_at: Option<String>,
-    pub finished_at: Option<String>,
-}
-
-fn infer_tool_from_source_path(source_path: Option<&str>) -> Option<&'static str> {
-    let source_path = source_path.map(|path| path.to_ascii_lowercase())?;
-
-    if source_path.contains("/.codex/sessions/")
-        || source_path.contains("\\.codex\\sessions\\")
-        || source_path.contains("/codex/sessions/")
-        || source_path.contains("\\codex\\sessions\\")
-    {
-        return Some("codex");
-    }
-
-    if source_path.contains("/.claude/projects/")
-        || source_path.contains("\\.claude\\projects\\")
-        || source_path.contains("/claude/projects/")
-        || source_path.contains("\\claude\\projects\\")
-    {
-        return Some("claude-code");
-    }
-
-    None
-}
-
-fn normalize_tool_for_source_path(current_tool: &str, source_path: Option<&str>) -> String {
-    infer_tool_from_source_path(source_path)
-        .unwrap_or(current_tool)
-        .to_string()
-}
-
-fn normalize_non_empty(value: Option<&str>) -> Option<String> {
-    value
-        .map(str::trim)
-        .filter(|value| !value.is_empty())
-        .map(ToOwned::to_owned)
-}
-
-fn build_fts_query(raw: &str) -> Option<String> {
-    let mut parts: Vec<String> = Vec::new();
-    for token in raw.split_whitespace() {
-        let trimmed = token.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        let escaped = trimmed.replace('"', "\"\"");
-        parts.push(format!("\"{escaped}\""));
-    }
-    if parts.is_empty() {
-        return None;
-    }
-    Some(parts.join(" OR "))
-}
-
-fn json_object_string(value: &Value, keys: &[&str]) -> Option<String> {
-    let obj = value.as_object()?;
-    for key in keys {
-        if let Some(found) = obj.get(*key).and_then(Value::as_str) {
-            let normalized = found.trim();
-            if !normalized.is_empty() {
-                return Some(normalized.to_string());
-            }
-        }
-    }
-    None
-}
-
-fn git_context_from_session_attributes(session: &Session) -> GitContext {
-    let attrs = &session.context.attributes;
-
-    let mut remote = normalize_non_empty(attrs.get("git_remote").and_then(Value::as_str));
-    let mut branch = normalize_non_empty(attrs.get("git_branch").and_then(Value::as_str));
-    let mut commit = normalize_non_empty(attrs.get("git_commit").and_then(Value::as_str));
-    let mut repo_name = normalize_non_empty(attrs.get("git_repo_name").and_then(Value::as_str));
-
-    if let Some(git_value) = attrs.get("git") {
-        if remote.is_none() {
-            remote = json_object_string(
-                git_value,
-                &["remote", "repository_url", "repo_url", "origin", "url"],
-            );
-        }
-        if branch.is_none() {
-            branch = json_object_string(
-                git_value,
-                &["branch", "git_branch", "current_branch", "ref", "head"],
-            );
-        }
-        if commit.is_none() {
-            commit = json_object_string(git_value, &["commit", "commit_hash", "sha", "git_commit"]);
-        }
-        if repo_name.is_none() {
-            repo_name = json_object_string(git_value, &["repo_name", "repository", "repo", "name"]);
-        }
-    }
-
-    if repo_name.is_none() {
-        repo_name = remote
-            .as_deref()
-            .and_then(normalize_repo_name)
-            .map(ToOwned::to_owned);
-    }
-
-    GitContext {
-        remote,
-        branch,
-        commit,
-        repo_name,
-    }
-}
-
-fn git_context_has_any_field(git: &GitContext) -> bool {
-    git.remote.is_some() || git.branch.is_some() || git.commit.is_some() || git.repo_name.is_some()
-}
-
-fn merge_git_context(preferred: &GitContext, fallback: &GitContext) -> GitContext {
-    GitContext {
-        remote: preferred.remote.clone().or_else(|| fallback.remote.clone()),
-        branch: preferred.branch.clone().or_else(|| fallback.branch.clone()),
-        commit: preferred.commit.clone().or_else(|| fallback.commit.clone()),
-        repo_name: preferred
-            .repo_name
-            .clone()
-            .or_else(|| fallback.repo_name.clone()),
-    }
-}
-
-/// Filter for listing sessions from the local DB.
-#[derive(Debug, Clone)]
-pub struct LocalSessionFilter {
-    pub team_id: Option<String>,
-    pub sync_status: Option<String>,
-    pub git_repo_name: Option<String>,
-    pub search: Option<String>,
-    pub exclude_low_signal: bool,
-    pub tool: Option<String>,
-    pub sort: LocalSortOrder,
-    pub time_range: LocalTimeRange,
-    pub limit: Option<u32>,
-    pub offset: Option<u32>,
-}
-
-impl Default for LocalSessionFilter {
-    fn default() -> Self {
-        Self {
-            team_id: None,
-            sync_status: None,
-            git_repo_name: None,
-            search: None,
-            exclude_low_signal: false,
-            tool: None,
-            sort: LocalSortOrder::Recent,
-            time_range: LocalTimeRange::All,
-            limit: None,
-            offset: None,
-        }
-    }
-}
-
-/// Sort order for local session listing.
-#[derive(Debug, Clone, Default, PartialEq, Eq)]
-pub enum LocalSortOrder {
-    #[default]
-    Recent,
-    Popular,
-    Longest,
-}
-
-/// Time range filter for local session listing.
-#[derive(Debug, Clone, Default, PartialEq, Eq)]
-pub enum LocalTimeRange {
-    Hours24,
-    Days7,
-    Days30,
-    #[default]
-    All,
-}
-
-/// Minimal remote session payload needed for local index/cache upsert.
-#[derive(Debug, Clone)]
-pub struct RemoteSessionSummary {
-    pub id: String,
-    pub user_id: Option<String>,
-    pub nickname: Option<String>,
-    pub team_id: String,
-    pub tool: String,
-    pub agent_provider: Option<String>,
-    pub agent_model: Option<String>,
-    pub title: Option<String>,
-    pub description: Option<String>,
-    pub tags: Option<String>,
-    pub created_at: String,
-    pub uploaded_at: String,
-    pub message_count: i64,
-    pub task_count: i64,
-    pub event_count: i64,
-    pub duration_seconds: i64,
-    pub total_input_tokens: i64,
-    pub total_output_tokens: i64,
-    pub git_remote: Option<String>,
-    pub git_branch: Option<String>,
-    pub git_commit: Option<String>,
-    pub git_repo_name: Option<String>,
-    pub pr_number: Option<i64>,
-    pub pr_url: Option<String>,
-    pub working_directory: Option<String>,
-    pub files_modified: Option<String>,
-    pub files_read: Option<String>,
-    pub has_errors: bool,
-    pub max_active_agents: i64,
-}
-
-/// Extended filter for the `log` command.
-#[derive(Debug, Default)]
-pub struct LogFilter {
-    /// Filter by tool name (exact match).
-    pub tool: Option<String>,
-    /// Filter by model (glob-like, uses LIKE).
-    pub model: Option<String>,
-    /// Filter sessions created after this ISO8601 timestamp.
-    pub since: Option<String>,
-    /// Filter sessions created before this ISO8601 timestamp.
-    pub before: Option<String>,
-    /// Filter sessions that touched this file path (searches files_modified JSON).
-    pub touches: Option<String>,
-    /// Free-text search in title, description, tags.
-    pub grep: Option<String>,
-    /// Only sessions with errors.
-    pub has_errors: Option<bool>,
-    /// Filter by working directory (prefix match).
-    pub working_directory: Option<String>,
-    /// Filter by git repo name.
-    pub git_repo_name: Option<String>,
-    /// Maximum number of results.
-    pub limit: Option<u32>,
-    /// Offset for pagination.
-    pub offset: Option<u32>,
-}
-
-/// Base FROM clause for session list queries.
-const FROM_CLAUSE: &str = "\
-FROM sessions s \
-LEFT JOIN session_sync ss ON ss.session_id = s.id \
-LEFT JOIN users u ON u.id = s.user_id";
-
-/// Local SQLite index/cache shared by TUI and Daemon.
-/// This is not the source of truth for canonical session bodies.
-/// Thread-safe: wraps the connection in a Mutex so it can be shared via `Arc<LocalDb>`.
-pub struct LocalDb {
-    conn: Mutex<Connection>,
-}
-
-impl LocalDb {
-    /// Open (or create) the local database at the default path.
-    /// `~/.local/share/opensession/local.db`
-    pub fn open() -> Result<Self> {
-        let path = default_db_path()?;
-        Self::open_path(&path)
-    }
-
-    /// Open (or create) the local database at a specific path.
-    pub fn open_path(path: &PathBuf) -> Result<Self> {
-        if let Some(parent) = path.parent() {
-            std::fs::create_dir_all(parent)
-                .with_context(|| format!("create dir for {}", path.display()))?;
-        }
-        let conn = open_connection_with_latest_schema(path)
-            .with_context(|| format!("open local db {}", path.display()))?;
-        Ok(Self {
-            conn: Mutex::new(conn),
-        })
-    }
-
-    fn conn(&self) -> std::sync::MutexGuard<'_, Connection> {
-        self.conn.lock().expect("local db mutex poisoned")
-    }
-
-    // ── Upsert local session (parsed from file) ────────────────────────
-
-    pub fn upsert_local_session(
-        &self,
-        session: &Session,
-        source_path: &str,
-        git: &GitContext,
-    ) -> Result<()> {
-        let is_empty_signal = session.stats.event_count == 0
-            && session.stats.message_count == 0
-            && session.stats.user_message_count == 0
-            && session.stats.task_count == 0;
-        if is_empty_signal {
-            // Some local tools create placeholder thread files before any real conversation.
-            // Do not index these rows; if one already exists, drop it.
-            self.delete_session(&session.session_id)?;
-            return Ok(());
-        }
-
-        let title = session.context.title.as_deref();
-        let description = session.context.description.as_deref();
-        let tags = if session.context.tags.is_empty() {
-            None
-        } else {
-            Some(session.context.tags.join(","))
-        };
-        let created_at = session.context.created_at.to_rfc3339();
-        let cwd = working_directory(session).map(String::from);
-        let is_auxiliary = is_auxiliary_session(session);
-
-        // Extract files_modified, files_read, and has_errors from events
-        let (files_modified, files_read, has_errors) =
-            opensession_core::extract::extract_file_metadata(session);
-        let max_active_agents = opensession_core::agent_metrics::max_active_agents(session) as i64;
-        let normalized_tool =
-            normalize_tool_for_source_path(&session.agent.tool, Some(source_path));
-        let git_from_session = git_context_from_session_attributes(session);
-        let has_session_git = git_context_has_any_field(&git_from_session);
-        let merged_git = merge_git_context(&git_from_session, git);
-
-        let conn = self.conn();
-        // Body contents are resolved via canonical body URLs and local body cache.
-        conn.execute(
-            "INSERT INTO sessions \
-             (id, team_id, tool, agent_provider, agent_model, \
-              title, description, tags, created_at, \
-             message_count, user_message_count, task_count, event_count, duration_seconds, \
-              total_input_tokens, total_output_tokens, body_storage_key, \
-              git_remote, git_branch, git_commit, git_repo_name, working_directory, \
-              files_modified, files_read, has_errors, max_active_agents, is_auxiliary) \
-             VALUES (?1,'personal',?2,?3,?4,?5,?6,?7,?8,?9,?10,?11,?12,?13,?14,?15,'',?16,?17,?18,?19,?20,?21,?22,?23,?24,?25) \
-             ON CONFLICT(id) DO UPDATE SET \
-              tool=excluded.tool, agent_provider=excluded.agent_provider, \
-              agent_model=excluded.agent_model, \
-              title=excluded.title, description=excluded.description, \
-              tags=excluded.tags, \
-              message_count=excluded.message_count, user_message_count=excluded.user_message_count, \
-              task_count=excluded.task_count, \
-              event_count=excluded.event_count, duration_seconds=excluded.duration_seconds, \
-              total_input_tokens=excluded.total_input_tokens, \
-              total_output_tokens=excluded.total_output_tokens, \
-              git_remote=CASE WHEN ?26=1 THEN excluded.git_remote ELSE COALESCE(git_remote, excluded.git_remote) END, \
-              git_branch=CASE WHEN ?26=1 THEN excluded.git_branch ELSE COALESCE(git_branch, excluded.git_branch) END, \
-              git_commit=CASE WHEN ?26=1 THEN excluded.git_commit ELSE COALESCE(git_commit, excluded.git_commit) END, \
-              git_repo_name=CASE WHEN ?26=1 THEN excluded.git_repo_name ELSE COALESCE(git_repo_name, excluded.git_repo_name) END, \
-              working_directory=excluded.working_directory, \
-              files_modified=excluded.files_modified, files_read=excluded.files_read, \
-              has_errors=excluded.has_errors, \
-              max_active_agents=excluded.max_active_agents, \
-              is_auxiliary=excluded.is_auxiliary",
-            params![
-                &session.session_id,
-                &normalized_tool,
-                &session.agent.provider,
-                &session.agent.model,
-                title,
-                description,
-                &tags,
-                &created_at,
-                session.stats.message_count as i64,
-                session.stats.user_message_count as i64,
-                session.stats.task_count as i64,
-                session.stats.event_count as i64,
-                session.stats.duration_seconds as i64,
-                session.stats.total_input_tokens as i64,
-                session.stats.total_output_tokens as i64,
-                &merged_git.remote,
-                &merged_git.branch,
-                &merged_git.commit,
-                &merged_git.repo_name,
-                &cwd,
-                &files_modified,
-                &files_read,
-                has_errors,
-                max_active_agents,
-                is_auxiliary as i64,
-                has_session_git as i64,
-            ],
-        )?;
-
-        conn.execute(
-            "INSERT INTO session_sync (session_id, source_path, sync_status) \
-             VALUES (?1, ?2, 'local_only') \
-             ON CONFLICT(session_id) DO UPDATE SET source_path=excluded.source_path",
-            params![&session.session_id, source_path],
-        )?;
-        Ok(())
-    }
-
-    // ── Upsert remote session (from server sync pull) ──────────────────
-
-    pub fn upsert_remote_session(&self, summary: &RemoteSessionSummary) -> Result<()> {
-        let conn = self.conn();
-        // Body contents are resolved via canonical body URLs and local body cache.
-        conn.execute(
-            "INSERT INTO sessions \
-             (id, user_id, team_id, tool, agent_provider, agent_model, \
-              title, description, tags, created_at, uploaded_at, \
-              message_count, task_count, event_count, duration_seconds, \
-              total_input_tokens, total_output_tokens, body_storage_key, \
-              git_remote, git_branch, git_commit, git_repo_name, \
-              pr_number, pr_url, working_directory, \
-              files_modified, files_read, has_errors, max_active_agents, is_auxiliary) \
-             VALUES (?1,?2,?3,?4,?5,?6,?7,?8,?9,?10,?11,?12,?13,?14,?15,?16,?17,'',?18,?19,?20,?21,?22,?23,?24,?25,?26,?27,?28,0) \
-             ON CONFLICT(id) DO UPDATE SET \
-              title=excluded.title, description=excluded.description, \
-              tags=excluded.tags, uploaded_at=excluded.uploaded_at, \
-              message_count=excluded.message_count, task_count=excluded.task_count, \
-              event_count=excluded.event_count, duration_seconds=excluded.duration_seconds, \
-              total_input_tokens=excluded.total_input_tokens, \
-              total_output_tokens=excluded.total_output_tokens, \
-              git_remote=excluded.git_remote, git_branch=excluded.git_branch, \
-              git_commit=excluded.git_commit, git_repo_name=excluded.git_repo_name, \
-              pr_number=excluded.pr_number, pr_url=excluded.pr_url, \
-              working_directory=excluded.working_directory, \
-              files_modified=excluded.files_modified, files_read=excluded.files_read, \
-              has_errors=excluded.has_errors, \
-              max_active_agents=excluded.max_active_agents, \
-              is_auxiliary=excluded.is_auxiliary",
-            params![
-                &summary.id,
-                &summary.user_id,
-                &summary.team_id,
-                &summary.tool,
-                &summary.agent_provider,
-                &summary.agent_model,
-                &summary.title,
-                &summary.description,
-                &summary.tags,
-                &summary.created_at,
-                &summary.uploaded_at,
-                summary.message_count,
-                summary.task_count,
-                summary.event_count,
-                summary.duration_seconds,
-                summary.total_input_tokens,
-                summary.total_output_tokens,
-                &summary.git_remote,
-                &summary.git_branch,
-                &summary.git_commit,
-                &summary.git_repo_name,
-                summary.pr_number,
-                &summary.pr_url,
-                &summary.working_directory,
-                &summary.files_modified,
-                &summary.files_read,
-                summary.has_errors,
-                summary.max_active_agents,
-            ],
-        )?;
-
-        conn.execute(
-            "INSERT INTO session_sync (session_id, sync_status) \
-             VALUES (?1, 'remote_only') \
-             ON CONFLICT(session_id) DO UPDATE SET \
-              sync_status = CASE WHEN session_sync.sync_status = 'local_only' THEN 'synced' ELSE session_sync.sync_status END",
-            params![&summary.id],
-        )?;
-        Ok(())
-    }
-
-    // ── List sessions ──────────────────────────────────────────────────
-
-    fn build_local_session_where_clause(
-        filter: &LocalSessionFilter,
-    ) -> (String, Vec<Box<dyn rusqlite::types::ToSql>>) {
-        let mut where_clauses = vec![
-            "1=1".to_string(),
-            "COALESCE(s.is_auxiliary, 0) = 0".to_string(),
-            format!(
-                "NOT (LOWER(COALESCE(s.tool, '')) = 'codex' \
-                 AND LOWER(COALESCE(s.title, '')) LIKE '{}%')",
-                SUMMARY_WORKER_TITLE_PREFIX_LOWER
-            ),
-        ];
-        let mut param_values: Vec<Box<dyn rusqlite::types::ToSql>> = Vec::new();
-        let mut idx = 1u32;
-
-        if let Some(ref team_id) = filter.team_id {
-            where_clauses.push(format!("s.team_id = ?{idx}"));
-            param_values.push(Box::new(team_id.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref sync_status) = filter.sync_status {
-            where_clauses.push(format!("COALESCE(ss.sync_status, 'unknown') = ?{idx}"));
-            param_values.push(Box::new(sync_status.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref repo) = filter.git_repo_name {
-            where_clauses.push(format!("s.git_repo_name = ?{idx}"));
-            param_values.push(Box::new(repo.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref tool) = filter.tool {
-            where_clauses.push(format!("s.tool = ?{idx}"));
-            param_values.push(Box::new(tool.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref search) = filter.search {
-            let like = format!("%{search}%");
-            where_clauses.push(format!(
-                "(s.title LIKE ?{i1} OR s.description LIKE ?{i2} OR s.tags LIKE ?{i3})",
-                i1 = idx,
-                i2 = idx + 1,
-                i3 = idx + 2,
-            ));
-            param_values.push(Box::new(like.clone()));
-            param_values.push(Box::new(like.clone()));
-            param_values.push(Box::new(like));
-            idx += 3;
-        }
-
-        if filter.exclude_low_signal {
-            where_clauses.push(
-                "NOT (COALESCE(s.message_count, 0) = 0 \
-                  AND COALESCE(s.user_message_count, 0) = 0 \
-                  AND COALESCE(s.task_count, 0) = 0 \
-                  AND COALESCE(s.event_count, 0) <= 2 \
-                  AND (s.title IS NULL OR TRIM(s.title) = ''))"
-                    .to_string(),
-            );
-        }
-
-        let interval = match filter.time_range {
-            LocalTimeRange::Hours24 => Some("-1 day"),
-            LocalTimeRange::Days7 => Some("-7 days"),
-            LocalTimeRange::Days30 => Some("-30 days"),
-            LocalTimeRange::All => None,
-        };
-        if let Some(interval) = interval {
-            where_clauses.push(format!("datetime(s.created_at) >= datetime('now', ?{idx})"));
-            param_values.push(Box::new(interval.to_string()));
-        }
-
-        (where_clauses.join(" AND "), param_values)
-    }
-
-    pub fn list_sessions(&self, filter: &LocalSessionFilter) -> Result<Vec<LocalSessionRow>> {
-        let (where_str, mut param_values) = Self::build_local_session_where_clause(filter);
-        let order_clause = match filter.sort {
-            LocalSortOrder::Popular => "s.message_count DESC, s.created_at DESC",
-            LocalSortOrder::Longest => "s.duration_seconds DESC, s.created_at DESC",
-            LocalSortOrder::Recent => "s.created_at DESC",
-        };
-
-        let mut sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE {where_str} \
-             ORDER BY {order_clause}"
-        );
-
-        if let Some(limit) = filter.limit {
-            sql.push_str(" LIMIT ?");
-            param_values.push(Box::new(limit));
-            if let Some(offset) = filter.offset {
-                sql.push_str(" OFFSET ?");
-                param_values.push(Box::new(offset));
-            }
-        }
-
-        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
-            param_values.iter().map(|p| p.as_ref()).collect();
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(param_refs.as_slice(), row_to_local_session)?;
-
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-
-        Ok(result)
-    }
-
-    /// Count sessions for a given list filter (before UI-level page slicing).
-    pub fn count_sessions_filtered(&self, filter: &LocalSessionFilter) -> Result<i64> {
-        let mut count_filter = filter.clone();
-        count_filter.limit = None;
-        count_filter.offset = None;
-        let (where_str, param_values) = Self::build_local_session_where_clause(&count_filter);
-        let sql = format!("SELECT COUNT(*) {FROM_CLAUSE} WHERE {where_str}");
-        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
-            param_values.iter().map(|p| p.as_ref()).collect();
-        let conn = self.conn();
-        let count = conn.query_row(&sql, param_refs.as_slice(), |row| row.get(0))?;
-        Ok(count)
-    }
-
-    /// List distinct tool names for the current list filter (ignores active tool filter).
-    pub fn list_session_tools(&self, filter: &LocalSessionFilter) -> Result<Vec<String>> {
-        let mut tool_filter = filter.clone();
-        tool_filter.tool = None;
-        tool_filter.limit = None;
-        tool_filter.offset = None;
-        let (where_str, param_values) = Self::build_local_session_where_clause(&tool_filter);
-        let sql = format!(
-            "SELECT DISTINCT s.tool \
-             {FROM_CLAUSE} WHERE {where_str} \
-             ORDER BY s.tool ASC"
-        );
-        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
-            param_values.iter().map(|p| p.as_ref()).collect();
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(param_refs.as_slice(), |row| row.get::<_, String>(0))?;
-
-        let mut tools = Vec::new();
-        for row in rows {
-            let tool = row?;
-            if !tool.trim().is_empty() {
-                tools.push(tool);
-            }
-        }
-        Ok(tools)
-    }
-
-    // ── Log query ─────────────────────────────────────────────────────
-
-    /// Query sessions with extended filters for the `log` command.
-    pub fn list_sessions_log(&self, filter: &LogFilter) -> Result<Vec<LocalSessionRow>> {
-        let mut where_clauses = vec![
-            "1=1".to_string(),
-            "COALESCE(s.is_auxiliary, 0) = 0".to_string(),
-            format!(
-                "NOT (LOWER(COALESCE(s.tool, '')) = 'codex' \
-                 AND LOWER(COALESCE(s.title, '')) LIKE '{}%')",
-                SUMMARY_WORKER_TITLE_PREFIX_LOWER
-            ),
-        ];
-        let mut param_values: Vec<Box<dyn rusqlite::types::ToSql>> = Vec::new();
-        let mut idx = 1u32;
-
-        if let Some(ref tool) = filter.tool {
-            where_clauses.push(format!("s.tool = ?{idx}"));
-            param_values.push(Box::new(tool.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref model) = filter.model {
-            let like = model.replace('*', "%");
-            where_clauses.push(format!("s.agent_model LIKE ?{idx}"));
-            param_values.push(Box::new(like));
-            idx += 1;
-        }
-
-        if let Some(ref since) = filter.since {
-            where_clauses.push(format!("s.created_at >= ?{idx}"));
-            param_values.push(Box::new(since.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref before) = filter.before {
-            where_clauses.push(format!("s.created_at < ?{idx}"));
-            param_values.push(Box::new(before.clone()));
-            idx += 1;
-        }
-
-        if let Some(ref touches) = filter.touches {
-            let like = format!("%\"{touches}\"%");
-            where_clauses.push(format!("s.files_modified LIKE ?{idx}"));
-            param_values.push(Box::new(like));
-            idx += 1;
-        }
-
-        if let Some(ref grep) = filter.grep {
-            let like = format!("%{grep}%");
-            where_clauses.push(format!(
-                "(s.title LIKE ?{i1} OR s.description LIKE ?{i2} OR s.tags LIKE ?{i3})",
-                i1 = idx,
-                i2 = idx + 1,
-                i3 = idx + 2,
-            ));
-            param_values.push(Box::new(like.clone()));
-            param_values.push(Box::new(like.clone()));
-            param_values.push(Box::new(like));
-            idx += 3;
-        }
-
-        if let Some(true) = filter.has_errors {
-            where_clauses.push("s.has_errors = 1".to_string());
-        }
-
-        if let Some(ref wd) = filter.working_directory {
-            where_clauses.push(format!("s.working_directory LIKE ?{idx}"));
-            param_values.push(Box::new(format!("{wd}%")));
-            idx += 1;
-        }
-
-        if let Some(ref repo) = filter.git_repo_name {
-            where_clauses.push(format!("s.git_repo_name = ?{idx}"));
-            param_values.push(Box::new(repo.clone()));
-            idx += 1;
-        }
-
-        let _ = idx; // suppress unused warning
-
-        let where_str = where_clauses.join(" AND ");
-        let mut sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE {where_str} \
-             ORDER BY s.created_at DESC"
-        );
-
-        if let Some(limit) = filter.limit {
-            sql.push_str(" LIMIT ?");
-            param_values.push(Box::new(limit));
-            if let Some(offset) = filter.offset {
-                sql.push_str(" OFFSET ?");
-                param_values.push(Box::new(offset));
-            }
-        }
-
-        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
-            param_values.iter().map(|p| p.as_ref()).collect();
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(param_refs.as_slice(), row_to_local_session)?;
-
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-        Ok(result)
-    }
-
-    /// Get the latest N sessions for a specific tool, ordered by created_at DESC.
-    pub fn get_sessions_by_tool_latest(
-        &self,
-        tool: &str,
-        count: u32,
-    ) -> Result<Vec<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE s.tool = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
-             ORDER BY s.created_at DESC"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(params![tool], row_to_local_session)?;
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-
-        result.truncate(count as usize);
-        Ok(result)
-    }
-
-    /// Get the latest N sessions across all tools, ordered by created_at DESC.
-    pub fn get_sessions_latest(&self, count: u32) -> Result<Vec<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE COALESCE(s.is_auxiliary, 0) = 0 \
-             ORDER BY s.created_at DESC"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map([], row_to_local_session)?;
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-
-        result.truncate(count as usize);
-        Ok(result)
-    }
-
-    /// Get the Nth most recent session for a specific tool (0 = HEAD, 1 = HEAD~1, etc.).
-    pub fn get_session_by_tool_offset(
-        &self,
-        tool: &str,
-        offset: u32,
-    ) -> Result<Option<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE s.tool = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
-             ORDER BY s.created_at DESC"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(params![tool], row_to_local_session)?;
-        let result = rows.collect::<Result<Vec<_>, _>>()?;
-        Ok(result.into_iter().nth(offset as usize))
-    }
-
-    /// Get the Nth most recent session across all tools (0 = HEAD, 1 = HEAD~1, etc.).
-    pub fn get_session_by_offset(&self, offset: u32) -> Result<Option<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE COALESCE(s.is_auxiliary, 0) = 0 \
-             ORDER BY s.created_at DESC"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map([], row_to_local_session)?;
-        let result = rows.collect::<Result<Vec<_>, _>>()?;
-        Ok(result.into_iter().nth(offset as usize))
-    }
-
-    /// Fetch the source path used when the session was last parsed/loaded.
-    pub fn get_session_source_path(&self, session_id: &str) -> Result<Option<String>> {
-        let conn = self.conn();
-        let result = conn
-            .query_row(
-                "SELECT source_path FROM session_sync WHERE session_id = ?1",
-                params![session_id],
-                |row| row.get(0),
-            )
-            .optional()?;
-
-        Ok(result)
-    }
-
-    /// List every session id with a non-empty source path from session_sync.
-    pub fn list_session_source_paths(&self) -> Result<Vec<(String, String)>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT session_id, source_path \
-             FROM session_sync \
-             WHERE source_path IS NOT NULL AND TRIM(source_path) != ''",
-        )?;
-        let rows = stmt.query_map([], |row| {
-            let session_id: String = row.get(0)?;
-            let source_path: String = row.get(1)?;
-            Ok((session_id, source_path))
-        })?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    /// Get a single session row by id.
-    pub fn get_session_by_id(&self, session_id: &str) -> Result<Option<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} WHERE s.id = ?1 LIMIT 1"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let row = stmt
-            .query_map(params![session_id], row_to_local_session)?
-            .next()
-            .transpose()?;
-        Ok(row)
-    }
-
-    /// List links where the given session is the source session.
-    pub fn list_session_links(&self, session_id: &str) -> Result<Vec<LocalSessionLink>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT session_id, linked_session_id, link_type, created_at \
-             FROM session_links WHERE session_id = ?1 ORDER BY created_at ASC",
-        )?;
-        let rows = stmt.query_map(params![session_id], |row| {
-            Ok(LocalSessionLink {
-                session_id: row.get(0)?,
-                linked_session_id: row.get(1)?,
-                link_type: row.get(2)?,
-                created_at: row.get(3)?,
-            })
-        })?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    /// Count total sessions in the local DB.
-    pub fn session_count(&self) -> Result<i64> {
-        let count = self
-            .conn()
-            .query_row("SELECT COUNT(*) FROM sessions", [], |row| row.get(0))?;
-        Ok(count)
-    }
-
-    // ── Delete session ─────────────────────────────────────────────────
-
-    pub fn delete_session(&self, session_id: &str) -> Result<()> {
-        let conn = self.conn();
-        conn.execute(
-            "DELETE FROM session_links WHERE session_id = ?1 OR linked_session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM vector_embeddings \
-             WHERE chunk_id IN (SELECT id FROM vector_chunks WHERE session_id = ?1)",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM vector_chunks_fts WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM vector_chunks WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM vector_index_sessions WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM session_semantic_summaries WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM body_cache WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute(
-            "DELETE FROM session_sync WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        conn.execute("DELETE FROM sessions WHERE id = ?1", params![session_id])?;
-        Ok(())
-    }
-
-    // ── Semantic summary cache ───────────────────────────────────────────
-
-    pub fn upsert_session_semantic_summary(
-        &self,
-        payload: &SessionSemanticSummaryUpsert<'_>,
-    ) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO session_semantic_summaries (\
-                session_id, summary_json, generated_at, provider, model, \
-                source_kind, generation_kind, prompt_fingerprint, source_details_json, \
-                diff_tree_json, error, updated_at\
-             ) VALUES (\
-                ?1, ?2, ?3, ?4, ?5, \
-                ?6, ?7, ?8, ?9, \
-                ?10, ?11, datetime('now')\
-             ) \
-             ON CONFLICT(session_id) DO UPDATE SET \
-                summary_json=excluded.summary_json, \
-                generated_at=excluded.generated_at, \
-                provider=excluded.provider, \
-                model=excluded.model, \
-                source_kind=excluded.source_kind, \
-                generation_kind=excluded.generation_kind, \
-                prompt_fingerprint=excluded.prompt_fingerprint, \
-                source_details_json=excluded.source_details_json, \
-                diff_tree_json=excluded.diff_tree_json, \
-                error=excluded.error, \
-                updated_at=datetime('now')",
-            params![
-                payload.session_id,
-                payload.summary_json,
-                payload.generated_at,
-                payload.provider,
-                payload.model,
-                payload.source_kind,
-                payload.generation_kind,
-                payload.prompt_fingerprint,
-                payload.source_details_json,
-                payload.diff_tree_json,
-                payload.error,
-            ],
-        )?;
-        Ok(())
-    }
-
-    pub fn list_expired_session_ids(&self, keep_days: u32) -> Result<Vec<String>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT id FROM sessions \
-             WHERE julianday(created_at) <= julianday('now') - ?1 \
-             ORDER BY created_at ASC",
-        )?;
-        let rows = stmt.query_map(params![keep_days as i64], |row| row.get(0))?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    /// List all known session ids for migration or maintenance workflows.
-    pub fn list_all_session_ids(&self) -> Result<Vec<String>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare("SELECT id FROM sessions ORDER BY id ASC")?;
-        let rows = stmt.query_map([], |row| row.get(0))?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    /// List all session ids that currently have cached semantic summaries.
-    pub fn list_session_semantic_summary_ids(&self) -> Result<Vec<String>> {
-        let conn = self.conn();
-        let mut stmt = conn
-            .prepare("SELECT session_id FROM session_semantic_summaries ORDER BY session_id ASC")?;
-        let rows = stmt.query_map([], |row| row.get(0))?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    pub fn get_session_semantic_summary(
-        &self,
-        session_id: &str,
-    ) -> Result<Option<SessionSemanticSummaryRow>> {
-        let row = self
-            .conn()
-            .query_row(
-                "SELECT session_id, summary_json, generated_at, provider, model, \
-                        source_kind, generation_kind, prompt_fingerprint, source_details_json, \
-                        diff_tree_json, error, updated_at \
-                 FROM session_semantic_summaries WHERE session_id = ?1 LIMIT 1",
-                params![session_id],
-                |row| {
-                    Ok(SessionSemanticSummaryRow {
-                        session_id: row.get(0)?,
-                        summary_json: row.get(1)?,
-                        generated_at: row.get(2)?,
-                        provider: row.get(3)?,
-                        model: row.get(4)?,
-                        source_kind: row.get(5)?,
-                        generation_kind: row.get(6)?,
-                        prompt_fingerprint: row.get(7)?,
-                        source_details_json: row.get(8)?,
-                        diff_tree_json: row.get(9)?,
-                        error: row.get(10)?,
-                        updated_at: row.get(11)?,
-                    })
-                },
-            )
-            .optional()?;
-        Ok(row)
-    }
-
-    pub fn delete_expired_session_summaries(&self, keep_days: u32) -> Result<u32> {
-        let deleted = self.conn().execute(
-            "DELETE FROM session_semantic_summaries \
-             WHERE julianday(generated_at) <= julianday('now') - ?1",
-            params![keep_days as i64],
-        )?;
-        Ok(deleted as u32)
-    }
-
-    // ── Semantic vector index cache ────────────────────────────────────
-
-    pub fn vector_index_source_hash(&self, session_id: &str) -> Result<Option<String>> {
-        let hash = self
-            .conn()
-            .query_row(
-                "SELECT source_hash FROM vector_index_sessions WHERE session_id = ?1",
-                params![session_id],
-                |row| row.get(0),
-            )
-            .optional()?;
-        Ok(hash)
-    }
-
-    pub fn clear_vector_index(&self) -> Result<()> {
-        let conn = self.conn();
-        conn.execute("DELETE FROM vector_embeddings", [])?;
-        conn.execute("DELETE FROM vector_chunks_fts", [])?;
-        conn.execute("DELETE FROM vector_chunks", [])?;
-        conn.execute("DELETE FROM vector_index_sessions", [])?;
-        Ok(())
-    }
-
-    pub fn replace_session_vector_chunks(
-        &self,
-        session_id: &str,
-        source_hash: &str,
-        model: &str,
-        chunks: &[VectorChunkUpsert],
-    ) -> Result<()> {
-        let mut conn = self.conn();
-        let tx = conn.transaction()?;
-
-        tx.execute(
-            "DELETE FROM vector_embeddings \
-             WHERE chunk_id IN (SELECT id FROM vector_chunks WHERE session_id = ?1)",
-            params![session_id],
-        )?;
-        tx.execute(
-            "DELETE FROM vector_chunks_fts WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        tx.execute(
-            "DELETE FROM vector_chunks WHERE session_id = ?1",
-            params![session_id],
-        )?;
-
-        for chunk in chunks {
-            let embedding_json = serde_json::to_string(&chunk.embedding)
-                .context("serialize vector embedding for local cache")?;
-            tx.execute(
-                "INSERT INTO vector_chunks \
-                 (id, session_id, chunk_index, start_line, end_line, line_count, content, content_hash, created_at, updated_at) \
-                 VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, datetime('now'), datetime('now'))",
-                params![
-                    &chunk.chunk_id,
-                    &chunk.session_id,
-                    chunk.chunk_index as i64,
-                    chunk.start_line as i64,
-                    chunk.end_line as i64,
-                    chunk.line_count as i64,
-                    &chunk.content,
-                    &chunk.content_hash,
-                ],
-            )?;
-            tx.execute(
-                "INSERT INTO vector_embeddings \
-                 (chunk_id, model, embedding_dim, embedding_json, updated_at) \
-                 VALUES (?1, ?2, ?3, ?4, datetime('now'))",
-                params![
-                    &chunk.chunk_id,
-                    model,
-                    chunk.embedding.len() as i64,
-                    &embedding_json
-                ],
-            )?;
-            tx.execute(
-                "INSERT INTO vector_chunks_fts (chunk_id, session_id, content) VALUES (?1, ?2, ?3)",
-                params![&chunk.chunk_id, &chunk.session_id, &chunk.content],
-            )?;
-        }
-
-        tx.execute(
-            "INSERT INTO vector_index_sessions \
-             (session_id, source_hash, chunk_count, last_indexed_at, updated_at) \
-             VALUES (?1, ?2, ?3, datetime('now'), datetime('now')) \
-             ON CONFLICT(session_id) DO UPDATE SET \
-             source_hash=excluded.source_hash, \
-             chunk_count=excluded.chunk_count, \
-             last_indexed_at=datetime('now'), \
-             updated_at=datetime('now')",
-            params![session_id, source_hash, chunks.len() as i64],
-        )?;
-
-        tx.commit()?;
-        Ok(())
-    }
-
-    pub fn list_vector_chunk_candidates(
-        &self,
-        query: &str,
-        model: &str,
-        limit: u32,
-    ) -> Result<Vec<VectorChunkCandidateRow>> {
-        let Some(fts_query) = build_fts_query(query) else {
-            return Ok(Vec::new());
-        };
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT c.id, c.session_id, c.start_line, c.end_line, c.content, e.embedding_json \
-             FROM vector_chunks_fts f \
-             INNER JOIN vector_chunks c ON c.id = f.chunk_id \
-             INNER JOIN vector_embeddings e ON e.chunk_id = c.id \
-             WHERE f.content MATCH ?1 AND e.model = ?2 \
-             ORDER BY bm25(vector_chunks_fts) ASC, c.updated_at DESC \
-             LIMIT ?3",
-        )?;
-        let rows = stmt.query_map(params![fts_query, model, limit as i64], |row| {
-            let embedding_json: String = row.get(5)?;
-            let embedding =
-                serde_json::from_str::<Vec<f32>>(&embedding_json).unwrap_or_else(|_| Vec::new());
-            Ok(VectorChunkCandidateRow {
-                chunk_id: row.get(0)?,
-                session_id: row.get(1)?,
-                start_line: row.get::<_, i64>(2)?.max(0) as u32,
-                end_line: row.get::<_, i64>(3)?.max(0) as u32,
-                content: row.get(4)?,
-                embedding,
-            })
-        })?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    pub fn list_recent_vector_chunks_for_model(
-        &self,
-        model: &str,
-        limit: u32,
-    ) -> Result<Vec<VectorChunkCandidateRow>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT c.id, c.session_id, c.start_line, c.end_line, c.content, e.embedding_json \
-             FROM vector_chunks c \
-             INNER JOIN vector_embeddings e ON e.chunk_id = c.id \
-             WHERE e.model = ?1 \
-             ORDER BY c.updated_at DESC \
-             LIMIT ?2",
-        )?;
-        let rows = stmt.query_map(params![model, limit as i64], |row| {
-            let embedding_json: String = row.get(5)?;
-            let embedding =
-                serde_json::from_str::<Vec<f32>>(&embedding_json).unwrap_or_else(|_| Vec::new());
-            Ok(VectorChunkCandidateRow {
-                chunk_id: row.get(0)?,
-                session_id: row.get(1)?,
-                start_line: row.get::<_, i64>(2)?.max(0) as u32,
-                end_line: row.get::<_, i64>(3)?.max(0) as u32,
-                content: row.get(4)?,
-                embedding,
-            })
-        })?;
-        rows.collect::<std::result::Result<Vec<_>, _>>()
-            .map_err(Into::into)
-    }
-
-    pub fn set_vector_index_job(&self, payload: &VectorIndexJobRow) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO vector_index_jobs \
-             (id, status, processed_sessions, total_sessions, message, started_at, finished_at, updated_at) \
-             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, datetime('now')) \
-             ON CONFLICT(id) DO UPDATE SET \
-             status=excluded.status, \
-             processed_sessions=excluded.processed_sessions, \
-             total_sessions=excluded.total_sessions, \
-             message=excluded.message, \
-             started_at=excluded.started_at, \
-             finished_at=excluded.finished_at, \
-             updated_at=datetime('now')",
-            params![
-                payload.status,
-                payload.processed_sessions as i64,
-                payload.total_sessions as i64,
-                payload.message,
-                payload.started_at,
-                payload.finished_at,
-            ],
-        )?;
-        Ok(())
-    }
-
-    pub fn get_vector_index_job(&self) -> Result<Option<VectorIndexJobRow>> {
-        let row = self
-            .conn()
-            .query_row(
-                "SELECT status, processed_sessions, total_sessions, message, started_at, finished_at \
-                 FROM vector_index_jobs WHERE id = 1 LIMIT 1",
-                [],
-                |row| {
-                    Ok(VectorIndexJobRow {
-                        status: row.get(0)?,
-                        processed_sessions: row.get::<_, i64>(1)?.max(0) as u32,
-                        total_sessions: row.get::<_, i64>(2)?.max(0) as u32,
-                        message: row.get(3)?,
-                        started_at: row.get(4)?,
-                        finished_at: row.get(5)?,
-                    })
-                },
-            )
-            .optional()?;
-        Ok(row)
-    }
-
-    pub fn set_summary_batch_job(&self, payload: &SummaryBatchJobRow) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO summary_batch_jobs \
-             (id, status, processed_sessions, total_sessions, failed_sessions, message, started_at, finished_at, updated_at) \
-             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, ?7, datetime('now')) \
-             ON CONFLICT(id) DO UPDATE SET \
-             status=excluded.status, \
-             processed_sessions=excluded.processed_sessions, \
-             total_sessions=excluded.total_sessions, \
-             failed_sessions=excluded.failed_sessions, \
-             message=excluded.message, \
-             started_at=excluded.started_at, \
-             finished_at=excluded.finished_at, \
-             updated_at=datetime('now')",
-            params![
-                payload.status,
-                payload.processed_sessions as i64,
-                payload.total_sessions as i64,
-                payload.failed_sessions as i64,
-                payload.message,
-                payload.started_at,
-                payload.finished_at,
-            ],
-        )?;
-        Ok(())
-    }
-
-    pub fn get_summary_batch_job(&self) -> Result<Option<SummaryBatchJobRow>> {
-        let row = self
-            .conn()
-            .query_row(
-                "SELECT status, processed_sessions, total_sessions, failed_sessions, message, started_at, finished_at \
-                 FROM summary_batch_jobs WHERE id = 1 LIMIT 1",
-                [],
-                |row| {
-                    Ok(SummaryBatchJobRow {
-                        status: row.get(0)?,
-                        processed_sessions: row.get::<_, i64>(1)?.max(0) as u32,
-                        total_sessions: row.get::<_, i64>(2)?.max(0) as u32,
-                        failed_sessions: row.get::<_, i64>(3)?.max(0) as u32,
-                        message: row.get(4)?,
-                        started_at: row.get(5)?,
-                        finished_at: row.get(6)?,
-                    })
-                },
-            )
-            .optional()?;
-        Ok(row)
-    }
-
-    pub fn set_lifecycle_cleanup_job(&self, payload: &LifecycleCleanupJobRow) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO lifecycle_cleanup_jobs \
-             (id, status, deleted_sessions, deleted_summaries, message, started_at, finished_at, updated_at) \
-             VALUES (1, ?1, ?2, ?3, ?4, ?5, ?6, datetime('now')) \
-             ON CONFLICT(id) DO UPDATE SET \
-             status=excluded.status, \
-             deleted_sessions=excluded.deleted_sessions, \
-             deleted_summaries=excluded.deleted_summaries, \
-             message=excluded.message, \
-             started_at=excluded.started_at, \
-             finished_at=excluded.finished_at, \
-             updated_at=datetime('now')",
-            params![
-                payload.status,
-                payload.deleted_sessions as i64,
-                payload.deleted_summaries as i64,
-                payload.message,
-                payload.started_at,
-                payload.finished_at,
-            ],
-        )?;
-        Ok(())
-    }
-
-    pub fn get_lifecycle_cleanup_job(&self) -> Result<Option<LifecycleCleanupJobRow>> {
-        let row = self
-            .conn()
-            .query_row(
-                "SELECT status, deleted_sessions, deleted_summaries, message, started_at, finished_at \
-                 FROM lifecycle_cleanup_jobs WHERE id = 1 LIMIT 1",
-                [],
-                |row| {
-                    Ok(LifecycleCleanupJobRow {
-                        status: row.get(0)?,
-                        deleted_sessions: row.get::<_, i64>(1)?.max(0) as u32,
-                        deleted_summaries: row.get::<_, i64>(2)?.max(0) as u32,
-                        message: row.get(3)?,
-                        started_at: row.get(4)?,
-                        finished_at: row.get(5)?,
-                    })
-                },
-            )
-            .optional()?;
-        Ok(row)
-    }
-
-    // ── Sync cursor ────────────────────────────────────────────────────
-
-    pub fn get_sync_cursor(&self, team_id: &str) -> Result<Option<String>> {
-        let cursor = self
-            .conn()
-            .query_row(
-                "SELECT cursor FROM sync_cursors WHERE team_id = ?1",
-                params![team_id],
-                |row| row.get(0),
-            )
-            .optional()?;
-        Ok(cursor)
-    }
-
-    pub fn set_sync_cursor(&self, team_id: &str, cursor: &str) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO sync_cursors (team_id, cursor, updated_at) \
-             VALUES (?1, ?2, datetime('now')) \
-             ON CONFLICT(team_id) DO UPDATE SET cursor=excluded.cursor, updated_at=datetime('now')",
-            params![team_id, cursor],
-        )?;
-        Ok(())
-    }
-
-    // ── Upload tracking ────────────────────────────────────────────────
-
-    /// Get sessions that are local_only and need to be uploaded.
-    pub fn pending_uploads(&self, team_id: &str) -> Result<Vec<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             FROM sessions s \
-             INNER JOIN session_sync ss ON ss.session_id = s.id \
-             LEFT JOIN users u ON u.id = s.user_id \
-             WHERE ss.sync_status = 'local_only' AND s.team_id = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
-             ORDER BY s.created_at ASC"
-        );
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let rows = stmt.query_map(params![team_id], row_to_local_session)?;
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-        Ok(result)
-    }
-
-    pub fn mark_synced(&self, session_id: &str) -> Result<()> {
-        self.conn().execute(
-            "UPDATE session_sync SET sync_status = 'synced', last_synced_at = datetime('now') \
-             WHERE session_id = ?1",
-            params![session_id],
-        )?;
-        Ok(())
-    }
-
-    /// Check if a session was already uploaded (synced or remote_only) since the given modification time.
-    pub fn was_uploaded_after(
-        &self,
-        source_path: &str,
-        modified: &chrono::DateTime<chrono::Utc>,
-    ) -> Result<bool> {
-        let result: Option<String> = self
-            .conn()
-            .query_row(
-                "SELECT last_synced_at FROM session_sync \
-                 WHERE source_path = ?1 AND sync_status = 'synced' AND last_synced_at IS NOT NULL",
-                params![source_path],
-                |row| row.get(0),
-            )
-            .optional()?;
-
-        if let Some(synced_at) = result {
-            if let Ok(dt) = chrono::DateTime::parse_from_rfc3339(&synced_at) {
-                return Ok(dt >= *modified);
-            }
-        }
-        Ok(false)
-    }
-
-    // ── Body cache (local read acceleration) ───────────────────────────
-
-    pub fn cache_body(&self, session_id: &str, body: &[u8]) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO body_cache (session_id, body, cached_at) \
-             VALUES (?1, ?2, datetime('now')) \
-             ON CONFLICT(session_id) DO UPDATE SET body=excluded.body, cached_at=datetime('now')",
-            params![session_id, body],
-        )?;
-        Ok(())
-    }
-
-    pub fn get_cached_body(&self, session_id: &str) -> Result<Option<Vec<u8>>> {
-        let body = self
-            .conn()
-            .query_row(
-                "SELECT body FROM body_cache WHERE session_id = ?1",
-                params![session_id],
-                |row| row.get(0),
-            )
-            .optional()?;
-        Ok(body)
-    }
-
-    /// Find the most recently active session for a given repo path.
-    /// "Active" means the session's working_directory matches the repo path
-    /// and was created within the last `since_minutes` minutes.
-    pub fn find_active_session_for_repo(
-        &self,
-        repo_path: &str,
-        since_minutes: u32,
-    ) -> Result<Option<LocalSessionRow>> {
-        let sql = format!(
-            "SELECT {LOCAL_SESSION_COLUMNS} \
-             {FROM_CLAUSE} \
-             WHERE s.working_directory LIKE ?1 \
-             AND COALESCE(s.is_auxiliary, 0) = 0 \
-             AND s.created_at >= datetime('now', ?2) \
-             ORDER BY s.created_at DESC LIMIT 1"
-        );
-        let since = format!("-{since_minutes} minutes");
-        let like = format!("{repo_path}%");
-        let conn = self.conn();
-        let mut stmt = conn.prepare(&sql)?;
-        let row = stmt
-            .query_map(params![like, since], row_to_local_session)?
-            .next()
-            .transpose()?;
-        Ok(row)
-    }
-
-    /// Get all session IDs currently in the local DB.
-    pub fn existing_session_ids(&self) -> std::collections::HashSet<String> {
-        let conn = self.conn();
-        let mut stmt = conn
-            .prepare("SELECT id FROM sessions")
-            .unwrap_or_else(|_| panic!("failed to prepare existing_session_ids query"));
-        let rows = stmt.query_map([], |row| row.get::<_, String>(0));
-        let mut set = std::collections::HashSet::new();
-        if let Ok(rows) = rows {
-            for row in rows.flatten() {
-                set.insert(row);
-            }
-        }
-        set
-    }
-
-    /// Update only stats fields for an existing session (no git context re-extraction).
-    pub fn update_session_stats(&self, session: &Session) -> Result<()> {
-        let title = session.context.title.as_deref();
-        let description = session.context.description.as_deref();
-        let (files_modified, files_read, has_errors) =
-            opensession_core::extract::extract_file_metadata(session);
-        let max_active_agents = opensession_core::agent_metrics::max_active_agents(session) as i64;
-        let is_auxiliary = is_auxiliary_session(session);
-
-        self.conn().execute(
-            "UPDATE sessions SET \
-             title=?2, description=?3, \
-             message_count=?4, user_message_count=?5, task_count=?6, \
-             event_count=?7, duration_seconds=?8, \
-             total_input_tokens=?9, total_output_tokens=?10, \
-              files_modified=?11, files_read=?12, has_errors=?13, \
-             max_active_agents=?14, is_auxiliary=?15 \
-             WHERE id=?1",
-            params![
-                &session.session_id,
-                title,
-                description,
-                session.stats.message_count as i64,
-                session.stats.user_message_count as i64,
-                session.stats.task_count as i64,
-                session.stats.event_count as i64,
-                session.stats.duration_seconds as i64,
-                session.stats.total_input_tokens as i64,
-                session.stats.total_output_tokens as i64,
-                &files_modified,
-                &files_read,
-                has_errors,
-                max_active_agents,
-                is_auxiliary as i64,
-            ],
-        )?;
-        Ok(())
-    }
-
-    /// Update only sync metadata path for an existing session.
-    pub fn set_session_sync_path(&self, session_id: &str, source_path: &str) -> Result<()> {
-        self.conn().execute(
-            "INSERT INTO session_sync (session_id, source_path) \
-             VALUES (?1, ?2) \
-             ON CONFLICT(session_id) DO UPDATE SET source_path = excluded.source_path",
-            params![session_id, source_path],
-        )?;
-        Ok(())
-    }
-
-    /// Get a list of distinct git repo names present in the DB.
-    pub fn list_repos(&self) -> Result<Vec<String>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT DISTINCT git_repo_name FROM sessions \
-             WHERE git_repo_name IS NOT NULL AND COALESCE(is_auxiliary, 0) = 0 \
-             ORDER BY git_repo_name ASC",
-        )?;
-        let rows = stmt.query_map([], |row| row.get(0))?;
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-        Ok(result)
-    }
-
-    /// Get a list of distinct, non-empty working directories present in the DB.
-    pub fn list_working_directories(&self) -> Result<Vec<String>> {
-        let conn = self.conn();
-        let mut stmt = conn.prepare(
-            "SELECT DISTINCT working_directory FROM sessions \
-             WHERE working_directory IS NOT NULL AND TRIM(working_directory) <> '' \
-             AND COALESCE(is_auxiliary, 0) = 0 \
-             ORDER BY working_directory ASC",
-        )?;
-        let rows = stmt.query_map([], |row| row.get(0))?;
-        let mut result = Vec::new();
-        for row in rows {
-            result.push(row?);
-        }
-        Ok(result)
-    }
-}
-
-// ── Schema bootstrap ──────────────────────────────────────────────────
-
-fn open_connection_with_latest_schema(path: &PathBuf) -> Result<Connection> {
-    let conn = Connection::open(path).with_context(|| format!("open db {}", path.display()))?;
-    conn.execute_batch("PRAGMA journal_mode=WAL;")?;
-
-    // Disable FK constraints for local DB (index/cache, not source of truth)
-    conn.execute_batch("PRAGMA foreign_keys=OFF;")?;
-
-    apply_local_migrations(&conn)?;
-    repair_session_tools_from_source_path(&conn)?;
-    repair_auxiliary_flags_from_source_path(&conn)?;
-    validate_local_schema(&conn)?;
-
-    Ok(conn)
-}
-
-fn apply_local_migrations(conn: &Connection) -> Result<()> {
-    conn.execute_batch(
-        "CREATE TABLE IF NOT EXISTS _migrations (
-            id INTEGER PRIMARY KEY,
-            name TEXT NOT NULL UNIQUE,
-            applied_at TEXT NOT NULL DEFAULT (datetime('now'))
-        );",
-    )
-    .context("create _migrations table for local db")?;
-
-    for (name, sql) in MIGRATIONS.iter().chain(LOCAL_MIGRATIONS.iter()) {
-        let already_applied: bool = conn
-            .query_row(
-                "SELECT COUNT(*) > 0 FROM _migrations WHERE name = ?1",
-                [name],
-                |row| row.get(0),
-            )
-            .unwrap_or(false);
-
-        if already_applied {
-            continue;
-        }
-
-        conn.execute_batch(sql)
-            .with_context(|| format!("apply local migration {name}"))?;
-
-        conn.execute(
-            "INSERT OR IGNORE INTO _migrations (name) VALUES (?1)",
-            [name],
-        )
-        .with_context(|| format!("record local migration {name}"))?;
-    }
-
-    Ok(())
-}
-
-fn validate_local_schema(conn: &Connection) -> Result<()> {
-    let sql = format!("SELECT {LOCAL_SESSION_COLUMNS} {FROM_CLAUSE} WHERE 1=0");
-    conn.prepare(&sql)
-        .map(|_| ())
-        .context("validate local session schema")
-}
-
-fn repair_session_tools_from_source_path(conn: &Connection) -> Result<()> {
-    let mut stmt = conn.prepare(
-        "SELECT s.id, s.tool, ss.source_path \
-         FROM sessions s \
-         LEFT JOIN session_sync ss ON ss.session_id = s.id \
-         WHERE ss.source_path IS NOT NULL",
-    )?;
-    let rows = stmt.query_map([], |row| {
-        Ok((
-            row.get::<_, String>(0)?,
-            row.get::<_, String>(1)?,
-            row.get::<_, Option<String>>(2)?,
-        ))
-    })?;
-
-    let mut updates: Vec<(String, String)> = Vec::new();
-    for row in rows {
-        let (id, current_tool, source_path) = row?;
-        let normalized = normalize_tool_for_source_path(&current_tool, source_path.as_deref());
-        if normalized != current_tool {
-            updates.push((id, normalized));
-        }
-    }
-    drop(stmt);
-
-    for (id, tool) in updates {
-        conn.execute(
-            "UPDATE sessions SET tool = ?1 WHERE id = ?2",
-            params![tool, id],
-        )?;
-    }
-
-    Ok(())
-}
-
-fn repair_auxiliary_flags_from_source_path(conn: &Connection) -> Result<()> {
-    let mut stmt = conn.prepare(
-        "SELECT s.id, ss.source_path \
-         FROM sessions s \
-         LEFT JOIN session_sync ss ON ss.session_id = s.id \
-         WHERE ss.source_path IS NOT NULL \
-         AND COALESCE(s.is_auxiliary, 0) = 0",
-    )?;
-    let rows = stmt.query_map([], |row| {
-        Ok((row.get::<_, String>(0)?, row.get::<_, Option<String>>(1)?))
-    })?;
-
-    let mut updates: Vec<String> = Vec::new();
-    for row in rows {
-        let (id, source_path) = row?;
-        let Some(source_path) = source_path else {
-            continue;
-        };
-        if infer_tool_from_source_path(Some(&source_path)) != Some("codex") {
-            continue;
-        }
-        if is_codex_auxiliary_source_file(&source_path) {
-            updates.push(id);
-        }
-    }
-    drop(stmt);
-
-    for id in updates {
-        conn.execute(
-            "UPDATE sessions SET is_auxiliary = 1 WHERE id = ?1",
-            params![id],
-        )?;
-    }
-
-    Ok(())
-}
-
-fn is_codex_auxiliary_source_file(source_path: &str) -> bool {
-    let Ok(file) = fs::File::open(source_path) else {
-        return false;
-    };
-    let reader = BufReader::new(file);
-    for line in reader.lines().take(32) {
-        let Ok(raw) = line else {
-            continue;
-        };
-        let line = raw.trim();
-        if line.is_empty() {
-            continue;
-        }
-
-        if line.contains("\"source\":{\"subagent\"")
-            || line.contains("\"source\": {\"subagent\"")
-            || line.contains("\"agent_role\":\"awaiter\"")
-            || line.contains("\"agent_role\":\"worker\"")
-            || line.contains("\"agent_role\":\"explorer\"")
-            || line.contains("\"agent_role\":\"subagent\"")
-        {
-            return true;
-        }
-
-        if let Ok(parsed) = serde_json::from_str::<serde_json::Value>(line) {
-            let is_session_meta =
-                parsed.get("type").and_then(|v| v.as_str()) == Some("session_meta");
-            let payload = if is_session_meta {
-                parsed.get("payload")
-            } else {
-                Some(&parsed)
-            };
-            if let Some(payload) = payload {
-                if payload.pointer("/source/subagent").is_some() {
-                    return true;
-                }
-                let role = payload
-                    .get("agent_role")
-                    .and_then(|v| v.as_str())
-                    .map(str::to_ascii_lowercase);
-                if matches!(
-                    role.as_deref(),
-                    Some("awaiter") | Some("worker") | Some("explorer") | Some("subagent")
-                ) {
-                    return true;
-                }
-            }
-        }
-    }
-    false
-}
-
-/// Column list for SELECT queries against sessions + session_sync + users.
-pub const LOCAL_SESSION_COLUMNS: &str = "\
-s.id, ss.source_path, COALESCE(ss.sync_status, 'unknown') AS sync_status, ss.last_synced_at, \
-s.user_id, u.nickname, s.team_id, s.tool, s.agent_provider, s.agent_model, \
-s.title, s.description, s.tags, s.created_at, s.uploaded_at, \
-s.message_count, COALESCE(s.user_message_count, 0), s.task_count, s.event_count, s.duration_seconds, \
-s.total_input_tokens, s.total_output_tokens, \
-s.git_remote, s.git_branch, s.git_commit, s.git_repo_name, \
-s.pr_number, s.pr_url, s.working_directory, \
-s.files_modified, s.files_read, s.has_errors, COALESCE(s.max_active_agents, 1), COALESCE(s.is_auxiliary, 0)";
-
-fn row_to_local_session(row: &rusqlite::Row) -> rusqlite::Result<LocalSessionRow> {
-    let source_path: Option<String> = row.get(1)?;
-    let tool: String = row.get(7)?;
-    let normalized_tool = normalize_tool_for_source_path(&tool, source_path.as_deref());
-
-    Ok(LocalSessionRow {
-        id: row.get(0)?,
-        source_path,
-        sync_status: row.get(2)?,
-        last_synced_at: row.get(3)?,
-        user_id: row.get(4)?,
-        nickname: row.get(5)?,
-        team_id: row.get(6)?,
-        tool: normalized_tool,
-        agent_provider: row.get(8)?,
-        agent_model: row.get(9)?,
-        title: row.get(10)?,
-        description: row.get(11)?,
-        tags: row.get(12)?,
-        created_at: row.get(13)?,
-        uploaded_at: row.get(14)?,
-        message_count: row.get(15)?,
-        user_message_count: row.get(16)?,
-        task_count: row.get(17)?,
-        event_count: row.get(18)?,
-        duration_seconds: row.get(19)?,
-        total_input_tokens: row.get(20)?,
-        total_output_tokens: row.get(21)?,
-        git_remote: row.get(22)?,
-        git_branch: row.get(23)?,
-        git_commit: row.get(24)?,
-        git_repo_name: row.get(25)?,
-        pr_number: row.get(26)?,
-        pr_url: row.get(27)?,
-        working_directory: row.get(28)?,
-        files_modified: row.get(29)?,
-        files_read: row.get(30)?,
-        has_errors: row.get::<_, i64>(31).unwrap_or(0) != 0,
-        max_active_agents: row.get(32).unwrap_or(1),
-        is_auxiliary: row.get::<_, i64>(33).unwrap_or(0) != 0,
-    })
-}
-
-fn default_db_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home)
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("local.db"))
-}
+#[cfg(test)]
+use vector_store::build_fts_query;
 
 #[cfg(test)]
 mod tests {
diff --git a/crates/local-db/src/migrations.rs b/crates/local-db/src/migrations.rs
new file mode 100644
index 00000000..c64f6e81
--- /dev/null
+++ b/crates/local-db/src/migrations.rs
@@ -0,0 +1,176 @@
+use anyhow::{Context, Result};
+use opensession_api::db::migrations::{LOCAL_MIGRATIONS, MIGRATIONS};
+use rusqlite::{Connection, params};
+use std::fs;
+use std::io::{BufRead, BufReader};
+
+use crate::session_store::{
+    FROM_CLAUSE, LOCAL_SESSION_COLUMNS, infer_tool_from_source_path, normalize_tool_for_source_path,
+};
+
+pub(crate) fn apply_local_migrations(conn: &Connection) -> Result<()> {
+    conn.execute_batch(
+        "CREATE TABLE IF NOT EXISTS _migrations (
+            id INTEGER PRIMARY KEY,
+            name TEXT NOT NULL UNIQUE,
+            applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+        );",
+    )
+    .context("create _migrations table for local db")?;
+
+    for (name, sql) in MIGRATIONS.iter().chain(LOCAL_MIGRATIONS.iter()) {
+        let already_applied: bool = conn
+            .query_row(
+                "SELECT COUNT(*) > 0 FROM _migrations WHERE name = ?1",
+                [name],
+                |row| row.get(0),
+            )
+            .unwrap_or(false);
+
+        if already_applied {
+            continue;
+        }
+
+        conn.execute_batch(sql)
+            .with_context(|| format!("apply local migration {name}"))?;
+
+        conn.execute(
+            "INSERT OR IGNORE INTO _migrations (name) VALUES (?1)",
+            [name],
+        )
+        .with_context(|| format!("record local migration {name}"))?;
+    }
+
+    Ok(())
+}
+
+pub(crate) fn validate_local_schema(conn: &Connection) -> Result<()> {
+    let sql = format!("SELECT {LOCAL_SESSION_COLUMNS} {FROM_CLAUSE} WHERE 1=0");
+    conn.prepare(&sql)
+        .map(|_| ())
+        .context("validate local session schema")
+}
+
+pub(crate) fn repair_session_tools_from_source_path(conn: &Connection) -> Result<()> {
+    let mut stmt = conn.prepare(
+        "SELECT s.id, s.tool, ss.source_path \
+         FROM sessions s \
+         LEFT JOIN session_sync ss ON ss.session_id = s.id \
+         WHERE ss.source_path IS NOT NULL",
+    )?;
+    let rows = stmt.query_map([], |row| {
+        Ok((
+            row.get::<_, String>(0)?,
+            row.get::<_, String>(1)?,
+            row.get::<_, Option<String>>(2)?,
+        ))
+    })?;
+
+    let mut updates: Vec<(String, String)> = Vec::new();
+    for row in rows {
+        let (id, current_tool, source_path) = row?;
+        let normalized = normalize_tool_for_source_path(&current_tool, source_path.as_deref());
+        if normalized != current_tool {
+            updates.push((id, normalized));
+        }
+    }
+    drop(stmt);
+
+    for (id, tool) in updates {
+        conn.execute(
+            "UPDATE sessions SET tool = ?1 WHERE id = ?2",
+            params![tool, id],
+        )?;
+    }
+
+    Ok(())
+}
+
+pub(crate) fn repair_auxiliary_flags_from_source_path(conn: &Connection) -> Result<()> {
+    let mut stmt = conn.prepare(
+        "SELECT s.id, ss.source_path \
+         FROM sessions s \
+         LEFT JOIN session_sync ss ON ss.session_id = s.id \
+         WHERE ss.source_path IS NOT NULL \
+         AND COALESCE(s.is_auxiliary, 0) = 0",
+    )?;
+    let rows = stmt.query_map([], |row| {
+        Ok((row.get::<_, String>(0)?, row.get::<_, Option<String>>(1)?))
+    })?;
+
+    let mut updates: Vec<String> = Vec::new();
+    for row in rows {
+        let (id, source_path) = row?;
+        let Some(source_path) = source_path else {
+            continue;
+        };
+        if infer_tool_from_source_path(Some(&source_path)) != Some("codex") {
+            continue;
+        }
+        if is_codex_auxiliary_source_file(&source_path) {
+            updates.push(id);
+        }
+    }
+    drop(stmt);
+
+    for id in updates {
+        conn.execute(
+            "UPDATE sessions SET is_auxiliary = 1 WHERE id = ?1",
+            params![id],
+        )?;
+    }
+
+    Ok(())
+}
+
+fn is_codex_auxiliary_source_file(source_path: &str) -> bool {
+    let Ok(file) = fs::File::open(source_path) else {
+        return false;
+    };
+    let reader = BufReader::new(file);
+    for line in reader.lines().take(32) {
+        let Ok(raw) = line else {
+            continue;
+        };
+        let line = raw.trim();
+        if line.is_empty() {
+            continue;
+        }
+
+        if line.contains("\"source\":{\"subagent\"")
+            || line.contains("\"source\": {\"subagent\"")
+            || line.contains("\"agent_role\":\"awaiter\"")
+            || line.contains("\"agent_role\":\"worker\"")
+            || line.contains("\"agent_role\":\"explorer\"")
+            || line.contains("\"agent_role\":\"subagent\"")
+        {
+            return true;
+        }
+
+        if let Ok(parsed) = serde_json::from_str::<serde_json::Value>(line) {
+            let is_session_meta =
+                parsed.get("type").and_then(|v| v.as_str()) == Some("session_meta");
+            let payload = if is_session_meta {
+                parsed.get("payload")
+            } else {
+                Some(&parsed)
+            };
+            if let Some(payload) = payload {
+                if payload.pointer("/source/subagent").is_some() {
+                    return true;
+                }
+                let role = payload
+                    .get("agent_role")
+                    .and_then(|v| v.as_str())
+                    .map(str::to_ascii_lowercase);
+                if matches!(
+                    role.as_deref(),
+                    Some("awaiter") | Some("worker") | Some("explorer") | Some("subagent")
+                ) {
+                    return true;
+                }
+            }
+        }
+    }
+    false
+}
diff --git a/crates/local-db/src/repo_store.rs b/crates/local-db/src/repo_store.rs
new file mode 100644
index 00000000..8069c1a1
--- /dev/null
+++ b/crates/local-db/src/repo_store.rs
@@ -0,0 +1,68 @@
+use anyhow::Result;
+
+use crate::connection::LocalDb;
+use crate::session_store::{
+    FROM_CLAUSE, LOCAL_SESSION_COLUMNS, LocalSessionRow, row_to_local_session,
+};
+
+impl LocalDb {
+    /// Find the most recently active session for a given repo path.
+    /// "Active" means the session's working_directory matches the repo path
+    /// and was created within the last `since_minutes` minutes.
+    pub fn find_active_session_for_repo(
+        &self,
+        repo_path: &str,
+        since_minutes: u32,
+    ) -> Result<Option<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} \
+             WHERE s.working_directory LIKE ?1 \
+             AND COALESCE(s.is_auxiliary, 0) = 0 \
+             AND s.created_at >= datetime('now', ?2) \
+             ORDER BY s.created_at DESC LIMIT 1"
+        );
+        let since = format!("-{since_minutes} minutes");
+        let like = format!("{repo_path}%");
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let row = stmt
+            .query_map(rusqlite::params![like, since], row_to_local_session)?
+            .next()
+            .transpose()?;
+        Ok(row)
+    }
+
+    /// Get a list of distinct git repo names present in the DB.
+    pub fn list_repos(&self) -> Result<Vec<String>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT DISTINCT git_repo_name FROM sessions \
+             WHERE git_repo_name IS NOT NULL AND COALESCE(is_auxiliary, 0) = 0 \
+             ORDER BY git_repo_name ASC",
+        )?;
+        let rows = stmt.query_map([], |row| row.get(0))?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    /// Get a list of distinct, non-empty working directories present in the DB.
+    pub fn list_working_directories(&self) -> Result<Vec<String>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT DISTINCT working_directory FROM sessions \
+             WHERE working_directory IS NOT NULL AND TRIM(working_directory) <> '' \
+             AND COALESCE(is_auxiliary, 0) = 0 \
+             ORDER BY working_directory ASC",
+        )?;
+        let rows = stmt.query_map([], |row| row.get(0))?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+}
diff --git a/crates/local-db/src/session_store.rs b/crates/local-db/src/session_store.rs
new file mode 100644
index 00000000..d84937de
--- /dev/null
+++ b/crates/local-db/src/session_store.rs
@@ -0,0 +1,978 @@
+use anyhow::Result;
+use opensession_core::session::{is_auxiliary_session, working_directory};
+use opensession_core::trace::Session;
+use rusqlite::params;
+use serde_json::Value;
+use std::collections::HashSet;
+
+use crate::connection::LocalDb;
+use crate::git::{GitContext, normalize_repo_name};
+
+pub(crate) const SUMMARY_WORKER_TITLE_PREFIX_LOWER: &str =
+    "convert a real coding session into semantic compression.";
+
+/// A local session row stored in the local SQLite index/cache database.
+#[derive(Debug, Clone)]
+pub struct LocalSessionRow {
+    pub id: String,
+    pub source_path: Option<String>,
+    pub sync_status: String,
+    pub last_synced_at: Option<String>,
+    pub user_id: Option<String>,
+    pub nickname: Option<String>,
+    pub team_id: Option<String>,
+    pub tool: String,
+    pub agent_provider: Option<String>,
+    pub agent_model: Option<String>,
+    pub title: Option<String>,
+    pub description: Option<String>,
+    pub tags: Option<String>,
+    pub created_at: String,
+    pub uploaded_at: Option<String>,
+    pub message_count: i64,
+    pub user_message_count: i64,
+    pub task_count: i64,
+    pub event_count: i64,
+    pub duration_seconds: i64,
+    pub total_input_tokens: i64,
+    pub total_output_tokens: i64,
+    pub git_remote: Option<String>,
+    pub git_branch: Option<String>,
+    pub git_commit: Option<String>,
+    pub git_repo_name: Option<String>,
+    pub pr_number: Option<i64>,
+    pub pr_url: Option<String>,
+    pub working_directory: Option<String>,
+    pub files_modified: Option<String>,
+    pub files_read: Option<String>,
+    pub has_errors: bool,
+    pub max_active_agents: i64,
+    pub is_auxiliary: bool,
+}
+
+/// A lightweight local link row for session-to-session relationships.
+#[derive(Debug, Clone)]
+pub struct LocalSessionLink {
+    pub session_id: String,
+    pub linked_session_id: String,
+    pub link_type: String,
+    pub created_at: String,
+}
+
+pub(crate) fn infer_tool_from_source_path(source_path: Option<&str>) -> Option<&'static str> {
+    let source_path = source_path.map(|path| path.to_ascii_lowercase())?;
+
+    if source_path.contains("/.codex/sessions/")
+        || source_path.contains("\\.codex\\sessions\\")
+        || source_path.contains("/codex/sessions/")
+        || source_path.contains("\\codex\\sessions\\")
+    {
+        return Some("codex");
+    }
+
+    if source_path.contains("/.claude/projects/")
+        || source_path.contains("\\.claude\\projects\\")
+        || source_path.contains("/claude/projects/")
+        || source_path.contains("\\claude\\projects\\")
+    {
+        return Some("claude-code");
+    }
+
+    None
+}
+
+pub(crate) fn normalize_tool_for_source_path(
+    current_tool: &str,
+    source_path: Option<&str>,
+) -> String {
+    infer_tool_from_source_path(source_path)
+        .unwrap_or(current_tool)
+        .to_string()
+}
+
+fn normalize_non_empty(value: Option<&str>) -> Option<String> {
+    value
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .map(ToOwned::to_owned)
+}
+
+fn json_object_string(value: &Value, keys: &[&str]) -> Option<String> {
+    let obj = value.as_object()?;
+    for key in keys {
+        if let Some(found) = obj.get(*key).and_then(Value::as_str) {
+            let normalized = found.trim();
+            if !normalized.is_empty() {
+                return Some(normalized.to_string());
+            }
+        }
+    }
+    None
+}
+
+fn git_context_from_session_attributes(session: &Session) -> GitContext {
+    let attrs = &session.context.attributes;
+
+    let mut remote = normalize_non_empty(attrs.get("git_remote").and_then(Value::as_str));
+    let mut branch = normalize_non_empty(attrs.get("git_branch").and_then(Value::as_str));
+    let mut commit = normalize_non_empty(attrs.get("git_commit").and_then(Value::as_str));
+    let mut repo_name = normalize_non_empty(attrs.get("git_repo_name").and_then(Value::as_str));
+
+    if let Some(git_value) = attrs.get("git") {
+        if remote.is_none() {
+            remote = json_object_string(
+                git_value,
+                &["remote", "repository_url", "repo_url", "origin", "url"],
+            );
+        }
+        if branch.is_none() {
+            branch = json_object_string(
+                git_value,
+                &["branch", "git_branch", "current_branch", "ref", "head"],
+            );
+        }
+        if commit.is_none() {
+            commit = json_object_string(git_value, &["commit", "commit_hash", "sha", "git_commit"]);
+        }
+        if repo_name.is_none() {
+            repo_name = json_object_string(git_value, &["repo_name", "repository", "repo", "name"]);
+        }
+    }
+
+    if repo_name.is_none() {
+        repo_name = remote
+            .as_deref()
+            .and_then(normalize_repo_name)
+            .map(ToOwned::to_owned);
+    }
+
+    GitContext {
+        remote,
+        branch,
+        commit,
+        repo_name,
+    }
+}
+
+fn git_context_has_any_field(git: &GitContext) -> bool {
+    git.remote.is_some() || git.branch.is_some() || git.commit.is_some() || git.repo_name.is_some()
+}
+
+fn merge_git_context(preferred: &GitContext, fallback: &GitContext) -> GitContext {
+    GitContext {
+        remote: preferred.remote.clone().or_else(|| fallback.remote.clone()),
+        branch: preferred.branch.clone().or_else(|| fallback.branch.clone()),
+        commit: preferred.commit.clone().or_else(|| fallback.commit.clone()),
+        repo_name: preferred
+            .repo_name
+            .clone()
+            .or_else(|| fallback.repo_name.clone()),
+    }
+}
+
+/// Filter for listing sessions from the local DB.
+#[derive(Debug, Clone)]
+pub struct LocalSessionFilter {
+    pub team_id: Option<String>,
+    pub sync_status: Option<String>,
+    pub git_repo_name: Option<String>,
+    pub search: Option<String>,
+    pub exclude_low_signal: bool,
+    pub tool: Option<String>,
+    pub sort: LocalSortOrder,
+    pub time_range: LocalTimeRange,
+    pub limit: Option<u32>,
+    pub offset: Option<u32>,
+}
+
+impl Default for LocalSessionFilter {
+    fn default() -> Self {
+        Self {
+            team_id: None,
+            sync_status: None,
+            git_repo_name: None,
+            search: None,
+            exclude_low_signal: false,
+            tool: None,
+            sort: LocalSortOrder::Recent,
+            time_range: LocalTimeRange::All,
+            limit: None,
+            offset: None,
+        }
+    }
+}
+
+/// Sort order for local session listing.
+#[derive(Debug, Clone, Default, PartialEq, Eq)]
+pub enum LocalSortOrder {
+    #[default]
+    Recent,
+    Popular,
+    Longest,
+}
+
+/// Time range filter for local session listing.
+#[derive(Debug, Clone, Default, PartialEq, Eq)]
+pub enum LocalTimeRange {
+    Hours24,
+    Days7,
+    Days30,
+    #[default]
+    All,
+}
+
+/// Minimal remote session payload needed for local index/cache upsert.
+#[derive(Debug, Clone)]
+pub struct RemoteSessionSummary {
+    pub id: String,
+    pub user_id: Option<String>,
+    pub nickname: Option<String>,
+    pub team_id: String,
+    pub tool: String,
+    pub agent_provider: Option<String>,
+    pub agent_model: Option<String>,
+    pub title: Option<String>,
+    pub description: Option<String>,
+    pub tags: Option<String>,
+    pub created_at: String,
+    pub uploaded_at: String,
+    pub message_count: i64,
+    pub task_count: i64,
+    pub event_count: i64,
+    pub duration_seconds: i64,
+    pub total_input_tokens: i64,
+    pub total_output_tokens: i64,
+    pub git_remote: Option<String>,
+    pub git_branch: Option<String>,
+    pub git_commit: Option<String>,
+    pub git_repo_name: Option<String>,
+    pub pr_number: Option<i64>,
+    pub pr_url: Option<String>,
+    pub working_directory: Option<String>,
+    pub files_modified: Option<String>,
+    pub files_read: Option<String>,
+    pub has_errors: bool,
+    pub max_active_agents: i64,
+}
+
+/// Extended filter for the `log` command.
+#[derive(Debug, Default)]
+pub struct LogFilter {
+    /// Filter by tool name (exact match).
+    pub tool: Option<String>,
+    /// Filter by model (glob-like, uses LIKE).
+    pub model: Option<String>,
+    /// Filter sessions created after this ISO8601 timestamp.
+    pub since: Option<String>,
+    /// Filter sessions created before this ISO8601 timestamp.
+    pub before: Option<String>,
+    /// Filter sessions that touched this file path (searches files_modified JSON).
+    pub touches: Option<String>,
+    /// Free-text search in title, description, tags.
+    pub grep: Option<String>,
+    /// Only sessions with errors.
+    pub has_errors: Option<bool>,
+    /// Filter by working directory (prefix match).
+    pub working_directory: Option<String>,
+    /// Filter by git repo name.
+    pub git_repo_name: Option<String>,
+    /// Maximum number of results.
+    pub limit: Option<u32>,
+    /// Offset for pagination.
+    pub offset: Option<u32>,
+}
+
+/// Base FROM clause for session list queries.
+pub(crate) const FROM_CLAUSE: &str = "\
+FROM sessions s \
+LEFT JOIN session_sync ss ON ss.session_id = s.id \
+LEFT JOIN users u ON u.id = s.user_id";
+
+pub(crate) const LOCAL_SESSION_COLUMNS: &str = "\
+s.id, ss.source_path, COALESCE(ss.sync_status, 'unknown') AS sync_status, ss.last_synced_at, \
+s.user_id, u.nickname, s.team_id, s.tool, s.agent_provider, s.agent_model, \
+s.title, s.description, s.tags, s.created_at, s.uploaded_at, \
+s.message_count, COALESCE(s.user_message_count, 0), s.task_count, s.event_count, s.duration_seconds, \
+s.total_input_tokens, s.total_output_tokens, \
+s.git_remote, s.git_branch, s.git_commit, s.git_repo_name, \
+s.pr_number, s.pr_url, s.working_directory, \
+s.files_modified, s.files_read, s.has_errors, COALESCE(s.max_active_agents, 1), COALESCE(s.is_auxiliary, 0)";
+
+pub(crate) fn row_to_local_session(row: &rusqlite::Row) -> rusqlite::Result<LocalSessionRow> {
+    let source_path: Option<String> = row.get(1)?;
+    let tool: String = row.get(7)?;
+    let normalized_tool = normalize_tool_for_source_path(&tool, source_path.as_deref());
+
+    Ok(LocalSessionRow {
+        id: row.get(0)?,
+        source_path,
+        sync_status: row.get(2)?,
+        last_synced_at: row.get(3)?,
+        user_id: row.get(4)?,
+        nickname: row.get(5)?,
+        team_id: row.get(6)?,
+        tool: normalized_tool,
+        agent_provider: row.get(8)?,
+        agent_model: row.get(9)?,
+        title: row.get(10)?,
+        description: row.get(11)?,
+        tags: row.get(12)?,
+        created_at: row.get(13)?,
+        uploaded_at: row.get(14)?,
+        message_count: row.get(15)?,
+        user_message_count: row.get(16)?,
+        task_count: row.get(17)?,
+        event_count: row.get(18)?,
+        duration_seconds: row.get(19)?,
+        total_input_tokens: row.get(20)?,
+        total_output_tokens: row.get(21)?,
+        git_remote: row.get(22)?,
+        git_branch: row.get(23)?,
+        git_commit: row.get(24)?,
+        git_repo_name: row.get(25)?,
+        pr_number: row.get(26)?,
+        pr_url: row.get(27)?,
+        working_directory: row.get(28)?,
+        files_modified: row.get(29)?,
+        files_read: row.get(30)?,
+        has_errors: row.get::<_, i64>(31).unwrap_or(0) != 0,
+        max_active_agents: row.get(32).unwrap_or(1),
+        is_auxiliary: row.get::<_, i64>(33).unwrap_or(0) != 0,
+    })
+}
+
+impl LocalDb {
+    pub(crate) fn build_local_session_where_clause(
+        filter: &LocalSessionFilter,
+    ) -> (String, Vec<Box<dyn rusqlite::types::ToSql>>) {
+        let mut where_clauses = vec![
+            "1=1".to_string(),
+            "COALESCE(s.is_auxiliary, 0) = 0".to_string(),
+            format!(
+                "NOT (LOWER(COALESCE(s.tool, '')) = 'codex' \
+                 AND LOWER(COALESCE(s.title, '')) LIKE '{}%')",
+                SUMMARY_WORKER_TITLE_PREFIX_LOWER
+            ),
+        ];
+        let mut param_values: Vec<Box<dyn rusqlite::types::ToSql>> = Vec::new();
+        let mut idx = 1u32;
+
+        if let Some(ref team_id) = filter.team_id {
+            where_clauses.push(format!("s.team_id = ?{idx}"));
+            param_values.push(Box::new(team_id.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref sync_status) = filter.sync_status {
+            where_clauses.push(format!("COALESCE(ss.sync_status, 'unknown') = ?{idx}"));
+            param_values.push(Box::new(sync_status.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref repo) = filter.git_repo_name {
+            where_clauses.push(format!("s.git_repo_name = ?{idx}"));
+            param_values.push(Box::new(repo.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref tool) = filter.tool {
+            where_clauses.push(format!("s.tool = ?{idx}"));
+            param_values.push(Box::new(tool.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref search) = filter.search {
+            let like = format!("%{search}%");
+            where_clauses.push(format!(
+                "(s.title LIKE ?{i1} OR s.description LIKE ?{i2} OR s.tags LIKE ?{i3})",
+                i1 = idx,
+                i2 = idx + 1,
+                i3 = idx + 2,
+            ));
+            param_values.push(Box::new(like.clone()));
+            param_values.push(Box::new(like.clone()));
+            param_values.push(Box::new(like));
+            idx += 3;
+        }
+
+        if filter.exclude_low_signal {
+            where_clauses.push(
+                "NOT (COALESCE(s.message_count, 0) = 0 \
+                  AND COALESCE(s.user_message_count, 0) = 0 \
+                  AND COALESCE(s.task_count, 0) = 0 \
+                  AND COALESCE(s.event_count, 0) <= 2 \
+                  AND (s.title IS NULL OR TRIM(s.title) = ''))"
+                    .to_string(),
+            );
+        }
+
+        let interval = match filter.time_range {
+            LocalTimeRange::Hours24 => Some("-1 day"),
+            LocalTimeRange::Days7 => Some("-7 days"),
+            LocalTimeRange::Days30 => Some("-30 days"),
+            LocalTimeRange::All => None,
+        };
+        if let Some(interval) = interval {
+            where_clauses.push(format!("datetime(s.created_at) >= datetime('now', ?{idx})"));
+            param_values.push(Box::new(interval.to_string()));
+        }
+
+        (where_clauses.join(" AND "), param_values)
+    }
+
+    pub fn upsert_local_session(
+        &self,
+        session: &Session,
+        source_path: &str,
+        git: &GitContext,
+    ) -> Result<()> {
+        let is_empty_signal = session.stats.event_count == 0
+            && session.stats.message_count == 0
+            && session.stats.user_message_count == 0
+            && session.stats.task_count == 0;
+        if is_empty_signal {
+            self.delete_session(&session.session_id)?;
+            return Ok(());
+        }
+
+        let title = session.context.title.as_deref();
+        let description = session.context.description.as_deref();
+        let tags = if session.context.tags.is_empty() {
+            None
+        } else {
+            Some(session.context.tags.join(","))
+        };
+        let created_at = session.context.created_at.to_rfc3339();
+        let cwd = working_directory(session).map(String::from);
+        let is_auxiliary = is_auxiliary_session(session);
+
+        let (files_modified, files_read, has_errors) =
+            opensession_core::extract::extract_file_metadata(session);
+        let max_active_agents = opensession_core::agent_metrics::max_active_agents(session) as i64;
+        let normalized_tool =
+            normalize_tool_for_source_path(&session.agent.tool, Some(source_path));
+        let git_from_session = git_context_from_session_attributes(session);
+        let has_session_git = git_context_has_any_field(&git_from_session);
+        let merged_git = merge_git_context(&git_from_session, git);
+
+        let conn = self.conn();
+        conn.execute(
+            "INSERT INTO sessions \
+             (id, team_id, tool, agent_provider, agent_model, \
+              title, description, tags, created_at, \
+             message_count, user_message_count, task_count, event_count, duration_seconds, \
+              total_input_tokens, total_output_tokens, body_storage_key, \
+              git_remote, git_branch, git_commit, git_repo_name, working_directory, \
+              files_modified, files_read, has_errors, max_active_agents, is_auxiliary) \
+             VALUES (?1,'personal',?2,?3,?4,?5,?6,?7,?8,?9,?10,?11,?12,?13,?14,?15,'',?16,?17,?18,?19,?20,?21,?22,?23,?24,?25) \
+             ON CONFLICT(id) DO UPDATE SET \
+              tool=excluded.tool, agent_provider=excluded.agent_provider, \
+              agent_model=excluded.agent_model, \
+              title=excluded.title, description=excluded.description, \
+              tags=excluded.tags, \
+              message_count=excluded.message_count, user_message_count=excluded.user_message_count, \
+              task_count=excluded.task_count, \
+              event_count=excluded.event_count, duration_seconds=excluded.duration_seconds, \
+              total_input_tokens=excluded.total_input_tokens, \
+              total_output_tokens=excluded.total_output_tokens, \
+              git_remote=CASE WHEN ?26=1 THEN excluded.git_remote ELSE COALESCE(git_remote, excluded.git_remote) END, \
+              git_branch=CASE WHEN ?26=1 THEN excluded.git_branch ELSE COALESCE(git_branch, excluded.git_branch) END, \
+              git_commit=CASE WHEN ?26=1 THEN excluded.git_commit ELSE COALESCE(git_commit, excluded.git_commit) END, \
+              git_repo_name=CASE WHEN ?26=1 THEN excluded.git_repo_name ELSE COALESCE(git_repo_name, excluded.git_repo_name) END, \
+              working_directory=excluded.working_directory, \
+              files_modified=excluded.files_modified, files_read=excluded.files_read, \
+              has_errors=excluded.has_errors, \
+              max_active_agents=excluded.max_active_agents, \
+              is_auxiliary=excluded.is_auxiliary",
+            params![
+                &session.session_id,
+                &normalized_tool,
+                &session.agent.provider,
+                &session.agent.model,
+                title,
+                description,
+                &tags,
+                &created_at,
+                session.stats.message_count as i64,
+                session.stats.user_message_count as i64,
+                session.stats.task_count as i64,
+                session.stats.event_count as i64,
+                session.stats.duration_seconds as i64,
+                session.stats.total_input_tokens as i64,
+                session.stats.total_output_tokens as i64,
+                &merged_git.remote,
+                &merged_git.branch,
+                &merged_git.commit,
+                &merged_git.repo_name,
+                &cwd,
+                &files_modified,
+                &files_read,
+                has_errors,
+                max_active_agents,
+                is_auxiliary as i64,
+                has_session_git as i64,
+            ],
+        )?;
+
+        conn.execute(
+            "INSERT INTO session_sync (session_id, source_path, sync_status) \
+             VALUES (?1, ?2, 'local_only') \
+             ON CONFLICT(session_id) DO UPDATE SET source_path=excluded.source_path",
+            params![&session.session_id, source_path],
+        )?;
+        Ok(())
+    }
+
+    pub fn upsert_remote_session(&self, summary: &RemoteSessionSummary) -> Result<()> {
+        let conn = self.conn();
+        conn.execute(
+            "INSERT INTO sessions \
+             (id, user_id, team_id, tool, agent_provider, agent_model, \
+              title, description, tags, created_at, uploaded_at, \
+              message_count, task_count, event_count, duration_seconds, \
+              total_input_tokens, total_output_tokens, body_storage_key, \
+              git_remote, git_branch, git_commit, git_repo_name, \
+              pr_number, pr_url, working_directory, \
+              files_modified, files_read, has_errors, max_active_agents, is_auxiliary) \
+             VALUES (?1,?2,?3,?4,?5,?6,?7,?8,?9,?10,?11,?12,?13,?14,?15,?16,?17,'',?18,?19,?20,?21,?22,?23,?24,?25,?26,?27,?28,0) \
+             ON CONFLICT(id) DO UPDATE SET \
+              title=excluded.title, description=excluded.description, \
+              tags=excluded.tags, uploaded_at=excluded.uploaded_at, \
+              message_count=excluded.message_count, task_count=excluded.task_count, \
+              event_count=excluded.event_count, duration_seconds=excluded.duration_seconds, \
+              total_input_tokens=excluded.total_input_tokens, \
+              total_output_tokens=excluded.total_output_tokens, \
+              git_remote=excluded.git_remote, git_branch=excluded.git_branch, \
+              git_commit=excluded.git_commit, git_repo_name=excluded.git_repo_name, \
+              pr_number=excluded.pr_number, pr_url=excluded.pr_url, \
+              working_directory=excluded.working_directory, \
+              files_modified=excluded.files_modified, files_read=excluded.files_read, \
+              has_errors=excluded.has_errors, \
+              max_active_agents=excluded.max_active_agents, \
+              is_auxiliary=excluded.is_auxiliary",
+            params![
+                &summary.id,
+                &summary.user_id,
+                &summary.team_id,
+                &summary.tool,
+                &summary.agent_provider,
+                &summary.agent_model,
+                &summary.title,
+                &summary.description,
+                &summary.tags,
+                &summary.created_at,
+                &summary.uploaded_at,
+                summary.message_count,
+                summary.task_count,
+                summary.event_count,
+                summary.duration_seconds,
+                summary.total_input_tokens,
+                summary.total_output_tokens,
+                &summary.git_remote,
+                &summary.git_branch,
+                &summary.git_commit,
+                &summary.git_repo_name,
+                summary.pr_number,
+                &summary.pr_url,
+                &summary.working_directory,
+                &summary.files_modified,
+                &summary.files_read,
+                summary.has_errors,
+                summary.max_active_agents,
+            ],
+        )?;
+
+        conn.execute(
+            "INSERT INTO session_sync (session_id, sync_status) \
+             VALUES (?1, 'remote_only') \
+             ON CONFLICT(session_id) DO UPDATE SET \
+              sync_status = CASE WHEN session_sync.sync_status = 'local_only' THEN 'synced' ELSE session_sync.sync_status END",
+            params![&summary.id],
+        )?;
+        Ok(())
+    }
+
+    pub fn list_sessions(&self, filter: &LocalSessionFilter) -> Result<Vec<LocalSessionRow>> {
+        let (where_str, mut param_values) = Self::build_local_session_where_clause(filter);
+        let order_clause = match filter.sort {
+            LocalSortOrder::Popular => "s.message_count DESC, s.created_at DESC",
+            LocalSortOrder::Longest => "s.duration_seconds DESC, s.created_at DESC",
+            LocalSortOrder::Recent => "s.created_at DESC",
+        };
+
+        let mut sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE {where_str} \
+             ORDER BY {order_clause}"
+        );
+
+        if let Some(limit) = filter.limit {
+            sql.push_str(" LIMIT ?");
+            param_values.push(Box::new(limit));
+            if let Some(offset) = filter.offset {
+                sql.push_str(" OFFSET ?");
+                param_values.push(Box::new(offset));
+            }
+        }
+
+        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
+            param_values.iter().map(|p| p.as_ref()).collect();
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(param_refs.as_slice(), row_to_local_session)?;
+
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+
+        Ok(result)
+    }
+
+    pub fn count_sessions_filtered(&self, filter: &LocalSessionFilter) -> Result<i64> {
+        let mut count_filter = filter.clone();
+        count_filter.limit = None;
+        count_filter.offset = None;
+        let (where_str, param_values) = Self::build_local_session_where_clause(&count_filter);
+        let sql = format!("SELECT COUNT(*) {FROM_CLAUSE} WHERE {where_str}");
+        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
+            param_values.iter().map(|p| p.as_ref()).collect();
+        let conn = self.conn();
+        let count = conn.query_row(&sql, param_refs.as_slice(), |row| row.get(0))?;
+        Ok(count)
+    }
+
+    pub fn list_session_tools(&self, filter: &LocalSessionFilter) -> Result<Vec<String>> {
+        let mut tool_filter = filter.clone();
+        tool_filter.tool = None;
+        tool_filter.limit = None;
+        tool_filter.offset = None;
+        let (where_str, param_values) = Self::build_local_session_where_clause(&tool_filter);
+        let sql = format!(
+            "SELECT DISTINCT s.tool \
+             {FROM_CLAUSE} WHERE {where_str} \
+             ORDER BY s.tool ASC"
+        );
+        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
+            param_values.iter().map(|p| p.as_ref()).collect();
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(param_refs.as_slice(), |row| row.get::<_, String>(0))?;
+
+        let mut tools = Vec::new();
+        for row in rows {
+            let tool = row?;
+            if !tool.trim().is_empty() {
+                tools.push(tool);
+            }
+        }
+        Ok(tools)
+    }
+
+    pub fn list_sessions_log(&self, filter: &LogFilter) -> Result<Vec<LocalSessionRow>> {
+        let mut where_clauses = vec![
+            "1=1".to_string(),
+            "COALESCE(s.is_auxiliary, 0) = 0".to_string(),
+            format!(
+                "NOT (LOWER(COALESCE(s.tool, '')) = 'codex' \
+                 AND LOWER(COALESCE(s.title, '')) LIKE '{}%')",
+                SUMMARY_WORKER_TITLE_PREFIX_LOWER
+            ),
+        ];
+        let mut param_values: Vec<Box<dyn rusqlite::types::ToSql>> = Vec::new();
+        let mut idx = 1u32;
+
+        if let Some(ref tool) = filter.tool {
+            where_clauses.push(format!("s.tool = ?{idx}"));
+            param_values.push(Box::new(tool.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref model) = filter.model {
+            let like = model.replace('*', "%");
+            where_clauses.push(format!("s.agent_model LIKE ?{idx}"));
+            param_values.push(Box::new(like));
+            idx += 1;
+        }
+
+        if let Some(ref since) = filter.since {
+            where_clauses.push(format!("s.created_at >= ?{idx}"));
+            param_values.push(Box::new(since.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref before) = filter.before {
+            where_clauses.push(format!("s.created_at < ?{idx}"));
+            param_values.push(Box::new(before.clone()));
+            idx += 1;
+        }
+
+        if let Some(ref touches) = filter.touches {
+            let like = format!("%\"{touches}\"%");
+            where_clauses.push(format!("s.files_modified LIKE ?{idx}"));
+            param_values.push(Box::new(like));
+            idx += 1;
+        }
+
+        if let Some(ref grep) = filter.grep {
+            let like = format!("%{grep}%");
+            where_clauses.push(format!(
+                "(s.title LIKE ?{i1} OR s.description LIKE ?{i2} OR s.tags LIKE ?{i3})",
+                i1 = idx,
+                i2 = idx + 1,
+                i3 = idx + 2,
+            ));
+            param_values.push(Box::new(like.clone()));
+            param_values.push(Box::new(like.clone()));
+            param_values.push(Box::new(like));
+            idx += 3;
+        }
+
+        if let Some(true) = filter.has_errors {
+            where_clauses.push("s.has_errors = 1".to_string());
+        }
+
+        if let Some(ref wd) = filter.working_directory {
+            where_clauses.push(format!("s.working_directory LIKE ?{idx}"));
+            param_values.push(Box::new(format!("{wd}%")));
+            idx += 1;
+        }
+
+        if let Some(ref repo) = filter.git_repo_name {
+            where_clauses.push(format!("s.git_repo_name = ?{idx}"));
+            param_values.push(Box::new(repo.clone()));
+            idx += 1;
+        }
+
+        let _ = idx;
+
+        let where_str = where_clauses.join(" AND ");
+        let mut sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE {where_str} \
+             ORDER BY s.created_at DESC"
+        );
+
+        if let Some(limit) = filter.limit {
+            sql.push_str(" LIMIT ?");
+            param_values.push(Box::new(limit));
+            if let Some(offset) = filter.offset {
+                sql.push_str(" OFFSET ?");
+                param_values.push(Box::new(offset));
+            }
+        }
+
+        let param_refs: Vec<&dyn rusqlite::types::ToSql> =
+            param_values.iter().map(|p| p.as_ref()).collect();
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(param_refs.as_slice(), row_to_local_session)?;
+
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    pub fn get_sessions_by_tool_latest(
+        &self,
+        tool: &str,
+        count: u32,
+    ) -> Result<Vec<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE s.tool = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
+             ORDER BY s.created_at DESC"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(params![tool], row_to_local_session)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+
+        result.truncate(count as usize);
+        Ok(result)
+    }
+
+    pub fn get_sessions_latest(&self, count: u32) -> Result<Vec<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE COALESCE(s.is_auxiliary, 0) = 0 \
+             ORDER BY s.created_at DESC"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map([], row_to_local_session)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+
+        result.truncate(count as usize);
+        Ok(result)
+    }
+
+    pub fn get_session_by_tool_offset(
+        &self,
+        tool: &str,
+        offset: u32,
+    ) -> Result<Option<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE s.tool = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
+             ORDER BY s.created_at DESC"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(params![tool], row_to_local_session)?;
+        let result = rows.collect::<Result<Vec<_>, _>>()?;
+        Ok(result.into_iter().nth(offset as usize))
+    }
+
+    pub fn get_session_by_offset(&self, offset: u32) -> Result<Option<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE COALESCE(s.is_auxiliary, 0) = 0 \
+             ORDER BY s.created_at DESC"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map([], row_to_local_session)?;
+        let result = rows.collect::<Result<Vec<_>, _>>()?;
+        Ok(result.into_iter().nth(offset as usize))
+    }
+
+    pub fn get_session_by_id(&self, session_id: &str) -> Result<Option<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             {FROM_CLAUSE} WHERE s.id = ?1 LIMIT 1"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let row = stmt
+            .query_map(params![session_id], row_to_local_session)?
+            .next()
+            .transpose()?;
+        Ok(row)
+    }
+
+    pub fn list_session_links(&self, session_id: &str) -> Result<Vec<LocalSessionLink>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT session_id, linked_session_id, link_type, created_at \
+             FROM session_links WHERE session_id = ?1 ORDER BY created_at ASC",
+        )?;
+        let rows = stmt.query_map(params![session_id], |row| {
+            Ok(LocalSessionLink {
+                session_id: row.get(0)?,
+                linked_session_id: row.get(1)?,
+                link_type: row.get(2)?,
+                created_at: row.get(3)?,
+            })
+        })?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    pub fn session_count(&self) -> Result<i64> {
+        let count = self
+            .conn()
+            .query_row("SELECT COUNT(*) FROM sessions", [], |row| row.get(0))?;
+        Ok(count)
+    }
+
+    pub fn delete_session(&self, session_id: &str) -> Result<()> {
+        let conn = self.conn();
+        conn.execute(
+            "DELETE FROM session_links WHERE session_id = ?1 OR linked_session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM vector_embeddings \
+             WHERE chunk_id IN (SELECT id FROM vector_chunks WHERE session_id = ?1)",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM vector_chunks_fts WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM vector_chunks WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM vector_index_sessions WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM session_semantic_summaries WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM body_cache WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute(
+            "DELETE FROM session_sync WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        conn.execute("DELETE FROM sessions WHERE id = ?1", params![session_id])?;
+        Ok(())
+    }
+
+    pub fn existing_session_ids(&self) -> HashSet<String> {
+        let conn = self.conn();
+        let mut stmt = conn
+            .prepare("SELECT id FROM sessions")
+            .unwrap_or_else(|_| panic!("failed to prepare existing_session_ids query"));
+        let rows = stmt.query_map([], |row| row.get::<_, String>(0));
+        let mut set = HashSet::new();
+        if let Ok(rows) = rows {
+            for row in rows.flatten() {
+                set.insert(row);
+            }
+        }
+        set
+    }
+
+    pub fn update_session_stats(&self, session: &Session) -> Result<()> {
+        let title = session.context.title.as_deref();
+        let description = session.context.description.as_deref();
+        let (files_modified, files_read, has_errors) =
+            opensession_core::extract::extract_file_metadata(session);
+        let max_active_agents = opensession_core::agent_metrics::max_active_agents(session) as i64;
+        let is_auxiliary = is_auxiliary_session(session);
+
+        self.conn().execute(
+            "UPDATE sessions SET \
+             title=?2, description=?3, \
+             message_count=?4, user_message_count=?5, task_count=?6, \
+             event_count=?7, duration_seconds=?8, \
+             total_input_tokens=?9, total_output_tokens=?10, \
+              files_modified=?11, files_read=?12, has_errors=?13, \
+             max_active_agents=?14, is_auxiliary=?15 \
+             WHERE id=?1",
+            params![
+                &session.session_id,
+                title,
+                description,
+                session.stats.message_count as i64,
+                session.stats.user_message_count as i64,
+                session.stats.task_count as i64,
+                session.stats.event_count as i64,
+                session.stats.duration_seconds as i64,
+                session.stats.total_input_tokens as i64,
+                session.stats.total_output_tokens as i64,
+                &files_modified,
+                &files_read,
+                has_errors,
+                max_active_agents,
+                is_auxiliary as i64,
+            ],
+        )?;
+        Ok(())
+    }
+}
diff --git a/crates/local-db/src/summary_store.rs b/crates/local-db/src/summary_store.rs
new file mode 100644
index 00000000..1bbec106
--- /dev/null
+++ b/crates/local-db/src/summary_store.rs
@@ -0,0 +1,155 @@
+use anyhow::Result;
+use rusqlite::{OptionalExtension, params};
+
+use crate::connection::LocalDb;
+
+/// Session-level semantic summary row persisted in local SQLite.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SessionSemanticSummaryRow {
+    pub session_id: String,
+    pub summary_json: String,
+    pub generated_at: String,
+    pub provider: String,
+    pub model: Option<String>,
+    pub source_kind: String,
+    pub generation_kind: String,
+    pub prompt_fingerprint: Option<String>,
+    pub source_details_json: Option<String>,
+    pub diff_tree_json: Option<String>,
+    pub error: Option<String>,
+    pub updated_at: String,
+}
+
+/// Upsert payload for session-level semantic summaries.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SessionSemanticSummaryUpsert<'a> {
+    pub session_id: &'a str,
+    pub summary_json: &'a str,
+    pub generated_at: &'a str,
+    pub provider: &'a str,
+    pub model: Option<&'a str>,
+    pub source_kind: &'a str,
+    pub generation_kind: &'a str,
+    pub prompt_fingerprint: Option<&'a str>,
+    pub source_details_json: Option<&'a str>,
+    pub diff_tree_json: Option<&'a str>,
+    pub error: Option<&'a str>,
+}
+
+impl LocalDb {
+    pub fn upsert_session_semantic_summary(
+        &self,
+        payload: &SessionSemanticSummaryUpsert<'_>,
+    ) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO session_semantic_summaries (\
+                session_id, summary_json, generated_at, provider, model, \
+                source_kind, generation_kind, prompt_fingerprint, source_details_json, \
+                diff_tree_json, error, updated_at\
+             ) VALUES (\
+                ?1, ?2, ?3, ?4, ?5, \
+                ?6, ?7, ?8, ?9, \
+                ?10, ?11, datetime('now')\
+             ) \
+             ON CONFLICT(session_id) DO UPDATE SET \
+                summary_json=excluded.summary_json, \
+                generated_at=excluded.generated_at, \
+                provider=excluded.provider, \
+                model=excluded.model, \
+                source_kind=excluded.source_kind, \
+                generation_kind=excluded.generation_kind, \
+                prompt_fingerprint=excluded.prompt_fingerprint, \
+                source_details_json=excluded.source_details_json, \
+                diff_tree_json=excluded.diff_tree_json, \
+                error=excluded.error, \
+                updated_at=datetime('now')",
+            params![
+                payload.session_id,
+                payload.summary_json,
+                payload.generated_at,
+                payload.provider,
+                payload.model,
+                payload.source_kind,
+                payload.generation_kind,
+                payload.prompt_fingerprint,
+                payload.source_details_json,
+                payload.diff_tree_json,
+                payload.error,
+            ],
+        )?;
+        Ok(())
+    }
+
+    pub fn list_expired_session_ids(&self, keep_days: u32) -> Result<Vec<String>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT id FROM sessions \
+             WHERE julianday(created_at) <= julianday('now') - ?1 \
+             ORDER BY created_at ASC",
+        )?;
+        let rows = stmt.query_map(params![keep_days as i64], |row| row.get(0))?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    /// List all known session ids for migration or maintenance workflows.
+    pub fn list_all_session_ids(&self) -> Result<Vec<String>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare("SELECT id FROM sessions ORDER BY id ASC")?;
+        let rows = stmt.query_map([], |row| row.get(0))?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    /// List all session ids that currently have cached semantic summaries.
+    pub fn list_session_semantic_summary_ids(&self) -> Result<Vec<String>> {
+        let conn = self.conn();
+        let mut stmt = conn
+            .prepare("SELECT session_id FROM session_semantic_summaries ORDER BY session_id ASC")?;
+        let rows = stmt.query_map([], |row| row.get(0))?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    pub fn get_session_semantic_summary(
+        &self,
+        session_id: &str,
+    ) -> Result<Option<SessionSemanticSummaryRow>> {
+        let row = self
+            .conn()
+            .query_row(
+                "SELECT session_id, summary_json, generated_at, provider, model, \
+                        source_kind, generation_kind, prompt_fingerprint, source_details_json, \
+                        diff_tree_json, error, updated_at \
+                 FROM session_semantic_summaries WHERE session_id = ?1 LIMIT 1",
+                params![session_id],
+                |row| {
+                    Ok(SessionSemanticSummaryRow {
+                        session_id: row.get(0)?,
+                        summary_json: row.get(1)?,
+                        generated_at: row.get(2)?,
+                        provider: row.get(3)?,
+                        model: row.get(4)?,
+                        source_kind: row.get(5)?,
+                        generation_kind: row.get(6)?,
+                        prompt_fingerprint: row.get(7)?,
+                        source_details_json: row.get(8)?,
+                        diff_tree_json: row.get(9)?,
+                        error: row.get(10)?,
+                        updated_at: row.get(11)?,
+                    })
+                },
+            )
+            .optional()?;
+        Ok(row)
+    }
+
+    pub fn delete_expired_session_summaries(&self, keep_days: u32) -> Result<u32> {
+        let deleted = self.conn().execute(
+            "DELETE FROM session_semantic_summaries \
+             WHERE julianday(generated_at) <= julianday('now') - ?1",
+            params![keep_days as i64],
+        )?;
+        Ok(deleted as u32)
+    }
+}
diff --git a/crates/local-db/src/sync_store.rs b/crates/local-db/src/sync_store.rs
new file mode 100644
index 00000000..1624cf6f
--- /dev/null
+++ b/crates/local-db/src/sync_store.rs
@@ -0,0 +1,146 @@
+use anyhow::Result;
+use rusqlite::{OptionalExtension, params};
+
+use crate::connection::LocalDb;
+use crate::session_store::{LOCAL_SESSION_COLUMNS, LocalSessionRow, row_to_local_session};
+
+impl LocalDb {
+    /// Fetch the source path used when the session was last parsed/loaded.
+    pub fn get_session_source_path(&self, session_id: &str) -> Result<Option<String>> {
+        let conn = self.conn();
+        let result = conn
+            .query_row(
+                "SELECT source_path FROM session_sync WHERE session_id = ?1",
+                params![session_id],
+                |row| row.get(0),
+            )
+            .optional()?;
+
+        Ok(result)
+    }
+
+    /// List every session id with a non-empty source path from session_sync.
+    pub fn list_session_source_paths(&self) -> Result<Vec<(String, String)>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT session_id, source_path \
+             FROM session_sync \
+             WHERE source_path IS NOT NULL AND TRIM(source_path) != ''",
+        )?;
+        let rows = stmt.query_map([], |row| {
+            let session_id: String = row.get(0)?;
+            let source_path: String = row.get(1)?;
+            Ok((session_id, source_path))
+        })?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    pub fn get_sync_cursor(&self, team_id: &str) -> Result<Option<String>> {
+        let cursor = self
+            .conn()
+            .query_row(
+                "SELECT cursor FROM sync_cursors WHERE team_id = ?1",
+                params![team_id],
+                |row| row.get(0),
+            )
+            .optional()?;
+        Ok(cursor)
+    }
+
+    pub fn set_sync_cursor(&self, team_id: &str, cursor: &str) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO sync_cursors (team_id, cursor, updated_at) \
+             VALUES (?1, ?2, datetime('now')) \
+             ON CONFLICT(team_id) DO UPDATE SET cursor=excluded.cursor, updated_at=datetime('now')",
+            params![team_id, cursor],
+        )?;
+        Ok(())
+    }
+
+    /// Get sessions that are local_only and need to be uploaded.
+    pub fn pending_uploads(&self, team_id: &str) -> Result<Vec<LocalSessionRow>> {
+        let sql = format!(
+            "SELECT {LOCAL_SESSION_COLUMNS} \
+             FROM sessions s \
+             INNER JOIN session_sync ss ON ss.session_id = s.id \
+             LEFT JOIN users u ON u.id = s.user_id \
+             WHERE ss.sync_status = 'local_only' AND s.team_id = ?1 AND COALESCE(s.is_auxiliary, 0) = 0 \
+             ORDER BY s.created_at ASC"
+        );
+        let conn = self.conn();
+        let mut stmt = conn.prepare(&sql)?;
+        let rows = stmt.query_map(params![team_id], row_to_local_session)?;
+        let mut result = Vec::new();
+        for row in rows {
+            result.push(row?);
+        }
+        Ok(result)
+    }
+
+    pub fn mark_synced(&self, session_id: &str) -> Result<()> {
+        self.conn().execute(
+            "UPDATE session_sync SET sync_status = 'synced', last_synced_at = datetime('now') \
+             WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        Ok(())
+    }
+
+    /// Check if a session was already uploaded (synced or remote_only) since the given modification time.
+    pub fn was_uploaded_after(
+        &self,
+        source_path: &str,
+        modified: &chrono::DateTime<chrono::Utc>,
+    ) -> Result<bool> {
+        let result: Option<String> = self
+            .conn()
+            .query_row(
+                "SELECT last_synced_at FROM session_sync \
+                 WHERE source_path = ?1 AND sync_status = 'synced' AND last_synced_at IS NOT NULL",
+                params![source_path],
+                |row| row.get(0),
+            )
+            .optional()?;
+
+        if let Some(synced_at) = result {
+            if let Ok(dt) = chrono::DateTime::parse_from_rfc3339(&synced_at) {
+                return Ok(dt >= *modified);
+            }
+        }
+        Ok(false)
+    }
+
+    pub fn cache_body(&self, session_id: &str, body: &[u8]) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO body_cache (session_id, body, cached_at) \
+             VALUES (?1, ?2, datetime('now')) \
+             ON CONFLICT(session_id) DO UPDATE SET body=excluded.body, cached_at=datetime('now')",
+            params![session_id, body],
+        )?;
+        Ok(())
+    }
+
+    pub fn get_cached_body(&self, session_id: &str) -> Result<Option<Vec<u8>>> {
+        let body = self
+            .conn()
+            .query_row(
+                "SELECT body FROM body_cache WHERE session_id = ?1",
+                params![session_id],
+                |row| row.get(0),
+            )
+            .optional()?;
+        Ok(body)
+    }
+
+    /// Update only sync metadata path for an existing session.
+    pub fn set_session_sync_path(&self, session_id: &str, source_path: &str) -> Result<()> {
+        self.conn().execute(
+            "INSERT INTO session_sync (session_id, source_path) \
+             VALUES (?1, ?2) \
+             ON CONFLICT(session_id) DO UPDATE SET source_path = excluded.source_path",
+            params![session_id, source_path],
+        )?;
+        Ok(())
+    }
+}
diff --git a/crates/local-db/src/vector_store.rs b/crates/local-db/src/vector_store.rs
new file mode 100644
index 00000000..6253eadf
--- /dev/null
+++ b/crates/local-db/src/vector_store.rs
@@ -0,0 +1,210 @@
+use anyhow::{Context, Result};
+use rusqlite::{OptionalExtension, params};
+
+use crate::connection::LocalDb;
+
+/// Vector chunk payload persisted per session.
+#[derive(Debug, Clone, PartialEq)]
+pub struct VectorChunkUpsert {
+    pub chunk_id: String,
+    pub session_id: String,
+    pub chunk_index: u32,
+    pub start_line: u32,
+    pub end_line: u32,
+    pub line_count: u32,
+    pub content: String,
+    pub content_hash: String,
+    pub embedding: Vec<f32>,
+}
+
+/// Candidate row used for local semantic vector ranking.
+#[derive(Debug, Clone, PartialEq)]
+pub struct VectorChunkCandidateRow {
+    pub chunk_id: String,
+    pub session_id: String,
+    pub start_line: u32,
+    pub end_line: u32,
+    pub content: String,
+    pub embedding: Vec<f32>,
+}
+
+pub(crate) fn build_fts_query(raw: &str) -> Option<String> {
+    let mut parts: Vec<String> = Vec::new();
+    for token in raw.split_whitespace() {
+        let trimmed = token.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        let escaped = trimmed.replace('"', "\"\"");
+        parts.push(format!("\"{escaped}\""));
+    }
+    if parts.is_empty() {
+        return None;
+    }
+    Some(parts.join(" OR "))
+}
+
+impl LocalDb {
+    pub fn vector_index_source_hash(&self, session_id: &str) -> Result<Option<String>> {
+        let hash = self
+            .conn()
+            .query_row(
+                "SELECT source_hash FROM vector_index_sessions WHERE session_id = ?1",
+                params![session_id],
+                |row| row.get(0),
+            )
+            .optional()?;
+        Ok(hash)
+    }
+
+    pub fn clear_vector_index(&self) -> Result<()> {
+        let conn = self.conn();
+        conn.execute("DELETE FROM vector_embeddings", [])?;
+        conn.execute("DELETE FROM vector_chunks_fts", [])?;
+        conn.execute("DELETE FROM vector_chunks", [])?;
+        conn.execute("DELETE FROM vector_index_sessions", [])?;
+        Ok(())
+    }
+
+    pub fn replace_session_vector_chunks(
+        &self,
+        session_id: &str,
+        source_hash: &str,
+        model: &str,
+        chunks: &[VectorChunkUpsert],
+    ) -> Result<()> {
+        let mut conn = self.conn();
+        let tx = conn.transaction()?;
+
+        tx.execute(
+            "DELETE FROM vector_embeddings \
+             WHERE chunk_id IN (SELECT id FROM vector_chunks WHERE session_id = ?1)",
+            params![session_id],
+        )?;
+        tx.execute(
+            "DELETE FROM vector_chunks_fts WHERE session_id = ?1",
+            params![session_id],
+        )?;
+        tx.execute(
+            "DELETE FROM vector_chunks WHERE session_id = ?1",
+            params![session_id],
+        )?;
+
+        for chunk in chunks {
+            let embedding_json = serde_json::to_string(&chunk.embedding)
+                .context("serialize vector embedding for local cache")?;
+            tx.execute(
+                "INSERT INTO vector_chunks \
+                 (id, session_id, chunk_index, start_line, end_line, line_count, content, content_hash, created_at, updated_at) \
+                 VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, datetime('now'), datetime('now'))",
+                params![
+                    &chunk.chunk_id,
+                    &chunk.session_id,
+                    chunk.chunk_index as i64,
+                    chunk.start_line as i64,
+                    chunk.end_line as i64,
+                    chunk.line_count as i64,
+                    &chunk.content,
+                    &chunk.content_hash,
+                ],
+            )?;
+            tx.execute(
+                "INSERT INTO vector_embeddings \
+                 (chunk_id, model, embedding_dim, embedding_json, updated_at) \
+                 VALUES (?1, ?2, ?3, ?4, datetime('now'))",
+                params![
+                    &chunk.chunk_id,
+                    model,
+                    chunk.embedding.len() as i64,
+                    &embedding_json
+                ],
+            )?;
+            tx.execute(
+                "INSERT INTO vector_chunks_fts (chunk_id, session_id, content) VALUES (?1, ?2, ?3)",
+                params![&chunk.chunk_id, &chunk.session_id, &chunk.content],
+            )?;
+        }
+
+        tx.execute(
+            "INSERT INTO vector_index_sessions \
+             (session_id, source_hash, chunk_count, last_indexed_at, updated_at) \
+             VALUES (?1, ?2, ?3, datetime('now'), datetime('now')) \
+             ON CONFLICT(session_id) DO UPDATE SET \
+             source_hash=excluded.source_hash, \
+             chunk_count=excluded.chunk_count, \
+             last_indexed_at=datetime('now'), \
+             updated_at=datetime('now')",
+            params![session_id, source_hash, chunks.len() as i64],
+        )?;
+
+        tx.commit()?;
+        Ok(())
+    }
+
+    pub fn list_vector_chunk_candidates(
+        &self,
+        query: &str,
+        model: &str,
+        limit: u32,
+    ) -> Result<Vec<VectorChunkCandidateRow>> {
+        let Some(fts_query) = build_fts_query(query) else {
+            return Ok(Vec::new());
+        };
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT c.id, c.session_id, c.start_line, c.end_line, c.content, e.embedding_json \
+             FROM vector_chunks_fts f \
+             INNER JOIN vector_chunks c ON c.id = f.chunk_id \
+             INNER JOIN vector_embeddings e ON e.chunk_id = c.id \
+             WHERE f.content MATCH ?1 AND e.model = ?2 \
+             ORDER BY bm25(vector_chunks_fts) ASC, c.updated_at DESC \
+             LIMIT ?3",
+        )?;
+        let rows = stmt.query_map(params![fts_query, model, limit as i64], |row| {
+            let embedding_json: String = row.get(5)?;
+            let embedding =
+                serde_json::from_str::<Vec<f32>>(&embedding_json).unwrap_or_else(|_| Vec::new());
+            Ok(VectorChunkCandidateRow {
+                chunk_id: row.get(0)?,
+                session_id: row.get(1)?,
+                start_line: row.get::<_, i64>(2)?.max(0) as u32,
+                end_line: row.get::<_, i64>(3)?.max(0) as u32,
+                content: row.get(4)?,
+                embedding,
+            })
+        })?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+
+    pub fn list_recent_vector_chunks_for_model(
+        &self,
+        model: &str,
+        limit: u32,
+    ) -> Result<Vec<VectorChunkCandidateRow>> {
+        let conn = self.conn();
+        let mut stmt = conn.prepare(
+            "SELECT c.id, c.session_id, c.start_line, c.end_line, c.content, e.embedding_json \
+             FROM vector_chunks c \
+             INNER JOIN vector_embeddings e ON e.chunk_id = c.id \
+             WHERE e.model = ?1 \
+             ORDER BY c.updated_at DESC \
+             LIMIT ?2",
+        )?;
+        let rows = stmt.query_map(params![model, limit as i64], |row| {
+            let embedding_json: String = row.get(5)?;
+            let embedding =
+                serde_json::from_str::<Vec<f32>>(&embedding_json).unwrap_or_else(|_| Vec::new());
+            Ok(VectorChunkCandidateRow {
+                chunk_id: row.get(0)?,
+                session_id: row.get(1)?,
+                start_line: row.get::<_, i64>(2)?.max(0) as u32,
+                end_line: row.get::<_, i64>(3)?.max(0) as u32,
+                content: row.get(4)?,
+                embedding,
+            })
+        })?;
+        rows.collect::<std::result::Result<Vec<_>, _>>()
+            .map_err(Into::into)
+    }
+}
diff --git a/crates/runtime-config/src/change_reader.rs b/crates/runtime-config/src/change_reader.rs
new file mode 100644
index 00000000..39c5b4a3
--- /dev/null
+++ b/crates/runtime-config/src/change_reader.rs
@@ -0,0 +1,72 @@
+use crate::defaults::{
+    default_change_reader_max_context_chars, default_change_reader_voice_model,
+    default_change_reader_voice_name, default_false, default_true,
+};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ChangeReaderSettings {
+    #[serde(default = "default_false")]
+    pub enabled: bool,
+    #[serde(default)]
+    pub scope: ChangeReaderScope,
+    #[serde(default = "default_true")]
+    pub qa_enabled: bool,
+    #[serde(default = "default_change_reader_max_context_chars")]
+    pub max_context_chars: u32,
+    #[serde(default)]
+    pub voice: ChangeReaderVoiceSettings,
+}
+
+impl Default for ChangeReaderSettings {
+    fn default() -> Self {
+        Self {
+            enabled: default_false(),
+            scope: ChangeReaderScope::default(),
+            qa_enabled: default_true(),
+            max_context_chars: default_change_reader_max_context_chars(),
+            voice: ChangeReaderVoiceSettings::default(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ChangeReaderVoiceSettings {
+    #[serde(default = "default_false")]
+    pub enabled: bool,
+    #[serde(default)]
+    pub provider: ChangeReaderVoiceProvider,
+    #[serde(default = "default_change_reader_voice_model")]
+    pub model: String,
+    #[serde(default = "default_change_reader_voice_name")]
+    pub voice: String,
+    #[serde(default)]
+    pub api_key: String,
+}
+
+impl Default for ChangeReaderVoiceSettings {
+    fn default() -> Self {
+        Self {
+            enabled: default_false(),
+            provider: ChangeReaderVoiceProvider::default(),
+            model: default_change_reader_voice_model(),
+            voice: default_change_reader_voice_name(),
+            api_key: String::new(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum ChangeReaderScope {
+    #[default]
+    SummaryOnly,
+    FullContext,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum ChangeReaderVoiceProvider {
+    #[default]
+    Openai,
+}
diff --git a/crates/runtime-config/src/daemon.rs b/crates/runtime-config/src/daemon.rs
new file mode 100644
index 00000000..1ae6b76b
--- /dev/null
+++ b/crates/runtime-config/src/daemon.rs
@@ -0,0 +1,115 @@
+use crate::defaults::{
+    default_debounce, default_detail_auto_expand_selected_event,
+    default_detail_realtime_preview_enabled, default_false, default_health_check_interval,
+    default_max_retries, default_publish_on, default_realtime_debounce_ms,
+    default_session_default_view,
+};
+use crate::{
+    ChangeReaderSettings, GitStorageSettings, IdentitySettings, LifecycleSettings, PrivacySettings,
+    ServerSettings, SummarySettings, VectorSearchSettings, WatcherSettings,
+};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct DaemonConfig {
+    #[serde(default)]
+    pub daemon: DaemonSettings,
+    #[serde(default)]
+    pub server: ServerSettings,
+    #[serde(default)]
+    pub identity: IdentitySettings,
+    #[serde(default)]
+    pub privacy: PrivacySettings,
+    #[serde(default)]
+    pub watchers: WatcherSettings,
+    #[serde(default)]
+    pub git_storage: GitStorageSettings,
+    #[serde(default)]
+    pub summary: SummarySettings,
+    #[serde(default)]
+    pub vector_search: VectorSearchSettings,
+    #[serde(default)]
+    pub change_reader: ChangeReaderSettings,
+    #[serde(default)]
+    pub lifecycle: LifecycleSettings,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct DaemonSettings {
+    #[serde(default = "default_false")]
+    pub auto_publish: bool,
+    #[serde(default = "default_debounce")]
+    pub debounce_secs: u64,
+    #[serde(default = "default_publish_on")]
+    pub publish_on: PublishMode,
+    #[serde(default = "default_max_retries")]
+    pub max_retries: u32,
+    #[serde(default = "default_health_check_interval")]
+    pub health_check_interval_secs: u64,
+    #[serde(default = "default_realtime_debounce_ms")]
+    pub realtime_debounce_ms: u64,
+    #[serde(default = "default_detail_realtime_preview_enabled")]
+    pub detail_realtime_preview_enabled: bool,
+    #[serde(default = "default_detail_auto_expand_selected_event")]
+    pub detail_auto_expand_selected_event: bool,
+    #[serde(default = "default_session_default_view")]
+    pub session_default_view: SessionDefaultView,
+}
+
+impl Default for DaemonSettings {
+    fn default() -> Self {
+        Self {
+            auto_publish: false,
+            debounce_secs: 5,
+            publish_on: PublishMode::Manual,
+            max_retries: 3,
+            health_check_interval_secs: 300,
+            realtime_debounce_ms: 500,
+            detail_realtime_preview_enabled: false,
+            detail_auto_expand_selected_event: true,
+            session_default_view: SessionDefaultView::default(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[serde(rename_all = "snake_case")]
+pub enum PublishMode {
+    SessionEnd,
+    Realtime,
+    Manual,
+}
+
+impl PublishMode {
+    pub fn cycle(&self) -> Self {
+        match self {
+            Self::SessionEnd => Self::Realtime,
+            Self::Realtime => Self::Manual,
+            Self::Manual => Self::SessionEnd,
+        }
+    }
+
+    pub fn display(&self) -> &'static str {
+        match self {
+            Self::SessionEnd => "Session End",
+            Self::Realtime => "Realtime",
+            Self::Manual => "Manual",
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum CalendarDisplayMode {
+    Smart,
+    Relative,
+    Absolute,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SessionDefaultView {
+    #[default]
+    Full,
+    Compressed,
+}
diff --git a/crates/runtime-config/src/defaults.rs b/crates/runtime-config/src/defaults.rs
new file mode 100644
index 00000000..6815ae20
--- /dev/null
+++ b/crates/runtime-config/src/defaults.rs
@@ -0,0 +1,141 @@
+use crate::{PublishMode, SessionDefaultView};
+
+pub const CONFIG_FILE_NAME: &str = "opensession.toml";
+
+pub(crate) fn default_true() -> bool {
+    true
+}
+
+pub(crate) fn default_false() -> bool {
+    false
+}
+
+pub(crate) fn default_debounce() -> u64 {
+    5
+}
+
+pub(crate) fn default_max_retries() -> u32 {
+    3
+}
+
+pub(crate) fn default_health_check_interval() -> u64 {
+    300
+}
+
+pub(crate) fn default_realtime_debounce_ms() -> u64 {
+    500
+}
+
+pub(crate) fn default_detail_realtime_preview_enabled() -> bool {
+    false
+}
+
+pub(crate) fn default_detail_auto_expand_selected_event() -> bool {
+    true
+}
+
+pub(crate) fn default_session_default_view() -> SessionDefaultView {
+    SessionDefaultView::Full
+}
+
+pub(crate) fn default_publish_on() -> PublishMode {
+    PublishMode::Manual
+}
+
+pub(crate) fn default_git_retention_keep_days() -> u32 {
+    30
+}
+
+pub(crate) fn default_git_retention_interval_secs() -> u64 {
+    86_400
+}
+
+pub(crate) fn default_summary_endpoint() -> String {
+    "http://127.0.0.1:11434".to_string()
+}
+
+pub(crate) fn default_vector_endpoint() -> String {
+    "http://127.0.0.1:11434".to_string()
+}
+
+pub(crate) fn default_vector_model() -> String {
+    "bge-m3".to_string()
+}
+
+pub(crate) fn default_vector_chunk_size_lines() -> u16 {
+    12
+}
+
+pub(crate) fn default_vector_chunk_overlap_lines() -> u16 {
+    3
+}
+
+pub(crate) fn default_vector_top_k_chunks() -> u16 {
+    30
+}
+
+pub(crate) fn default_vector_top_k_sessions() -> u16 {
+    20
+}
+
+pub(crate) fn default_change_reader_max_context_chars() -> u32 {
+    12_000
+}
+
+pub(crate) fn default_change_reader_voice_model() -> String {
+    "gpt-4o-mini-tts".to_string()
+}
+
+pub(crate) fn default_change_reader_voice_name() -> String {
+    "alloy".to_string()
+}
+
+pub(crate) fn default_summary_batch_recent_days() -> u16 {
+    30
+}
+
+pub(crate) fn default_lifecycle_session_ttl_days() -> u32 {
+    30
+}
+
+pub(crate) fn default_lifecycle_summary_ttl_days() -> u32 {
+    30
+}
+
+pub(crate) fn default_lifecycle_cleanup_interval_secs() -> u64 {
+    3_600
+}
+
+pub(crate) fn default_server_url() -> String {
+    "https://opensession.io".to_string()
+}
+
+pub(crate) fn default_nickname() -> String {
+    "user".to_string()
+}
+
+pub(crate) fn default_exclude_patterns() -> Vec<String> {
+    vec![
+        "*.env".to_string(),
+        "*secret*".to_string(),
+        "*credential*".to_string(),
+    ]
+}
+
+pub const DEFAULT_WATCH_PATHS: &[&str] = &[
+    "~/.claude/projects",
+    "~/.codex/sessions",
+    "~/.local/share/opencode/storage/session",
+    "~/.cline/data/tasks",
+    "~/.local/share/amp/threads",
+    "~/.gemini/tmp",
+    "~/Library/Application Support/Cursor/User",
+    "~/.config/Cursor/User",
+];
+
+pub fn default_watch_paths() -> Vec<String> {
+    DEFAULT_WATCH_PATHS
+        .iter()
+        .map(|path| (*path).to_string())
+        .collect()
+}
diff --git a/crates/runtime-config/src/git_storage.rs b/crates/runtime-config/src/git_storage.rs
new file mode 100644
index 00000000..47847ffb
--- /dev/null
+++ b/crates/runtime-config/src/git_storage.rs
@@ -0,0 +1,52 @@
+use crate::defaults::{
+    default_false, default_git_retention_interval_secs, default_git_retention_keep_days,
+};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct GitStorageSettings {
+    #[serde(default)]
+    pub method: GitStorageMethod,
+    #[serde(default)]
+    pub token: String,
+    #[serde(default)]
+    pub retention: GitRetentionSettings,
+}
+
+impl Default for GitStorageSettings {
+    fn default() -> Self {
+        Self {
+            method: GitStorageMethod::Native,
+            token: String::new(),
+            retention: GitRetentionSettings::default(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct GitRetentionSettings {
+    #[serde(default = "default_false")]
+    pub enabled: bool,
+    #[serde(default = "default_git_retention_keep_days")]
+    pub keep_days: u32,
+    #[serde(default = "default_git_retention_interval_secs")]
+    pub interval_secs: u64,
+}
+
+impl Default for GitRetentionSettings {
+    fn default() -> Self {
+        Self {
+            enabled: false,
+            keep_days: default_git_retention_keep_days(),
+            interval_secs: default_git_retention_interval_secs(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum GitStorageMethod {
+    #[default]
+    Native,
+    Sqlite,
+}
diff --git a/crates/runtime-config/src/identity_privacy.rs b/crates/runtime-config/src/identity_privacy.rs
new file mode 100644
index 00000000..173ac364
--- /dev/null
+++ b/crates/runtime-config/src/identity_privacy.rs
@@ -0,0 +1,39 @@
+use crate::defaults::{default_exclude_patterns, default_nickname, default_true};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct IdentitySettings {
+    #[serde(default = "default_nickname")]
+    pub nickname: String,
+}
+
+impl Default for IdentitySettings {
+    fn default() -> Self {
+        Self {
+            nickname: default_nickname(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PrivacySettings {
+    #[serde(default = "default_true")]
+    pub strip_paths: bool,
+    #[serde(default = "default_true")]
+    pub strip_env_vars: bool,
+    #[serde(default = "default_exclude_patterns")]
+    pub exclude_patterns: Vec<String>,
+    #[serde(default)]
+    pub exclude_tools: Vec<String>,
+}
+
+impl Default for PrivacySettings {
+    fn default() -> Self {
+        Self {
+            strip_paths: true,
+            strip_env_vars: true,
+            exclude_patterns: default_exclude_patterns(),
+            exclude_tools: Vec::new(),
+        }
+    }
+}
diff --git a/crates/runtime-config/src/lib.rs b/crates/runtime-config/src/lib.rs
index be636593..740ccd69 100644
--- a/crates/runtime-config/src/lib.rs
+++ b/crates/runtime-config/src/lib.rs
@@ -4,698 +4,38 @@
 //! using these types. Runtime-specific logic (watch-path resolution, project
 //! config merging, UI/IPC adapters) lives in each runtime crate.
 
-use serde::{Deserialize, Serialize};
-
-/// Canonical config file name used by daemon/desktop/cli.
-pub const CONFIG_FILE_NAME: &str = "opensession.toml";
-
-/// Top-level daemon configuration (persisted as `opensession.toml`).
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct DaemonConfig {
-    #[serde(default)]
-    pub daemon: DaemonSettings,
-    #[serde(default)]
-    pub server: ServerSettings,
-    #[serde(default)]
-    pub identity: IdentitySettings,
-    #[serde(default)]
-    pub privacy: PrivacySettings,
-    #[serde(default)]
-    pub watchers: WatcherSettings,
-    #[serde(default)]
-    pub git_storage: GitStorageSettings,
-    #[serde(default)]
-    pub summary: SummarySettings,
-    #[serde(default)]
-    pub vector_search: VectorSearchSettings,
-    #[serde(default)]
-    pub change_reader: ChangeReaderSettings,
-    #[serde(default)]
-    pub lifecycle: LifecycleSettings,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct DaemonSettings {
-    #[serde(default = "default_false")]
-    pub auto_publish: bool,
-    #[serde(default = "default_debounce")]
-    pub debounce_secs: u64,
-    #[serde(default = "default_publish_on")]
-    pub publish_on: PublishMode,
-    #[serde(default = "default_max_retries")]
-    pub max_retries: u32,
-    #[serde(default = "default_health_check_interval")]
-    pub health_check_interval_secs: u64,
-    #[serde(default = "default_realtime_debounce_ms")]
-    pub realtime_debounce_ms: u64,
-    /// Enable realtime file preview refresh in TUI session detail.
-    #[serde(default = "default_detail_realtime_preview_enabled")]
-    pub detail_realtime_preview_enabled: bool,
-    /// Expand selected timeline event detail rows by default in TUI session detail.
-    #[serde(default = "default_detail_auto_expand_selected_event")]
-    pub detail_auto_expand_selected_event: bool,
-    /// Default detail view mode for session timeline rendering.
-    #[serde(default = "default_session_default_view")]
-    pub session_default_view: SessionDefaultView,
-}
-
-impl Default for DaemonSettings {
-    fn default() -> Self {
-        Self {
-            auto_publish: false,
-            debounce_secs: 5,
-            publish_on: PublishMode::Manual,
-            max_retries: 3,
-            health_check_interval_secs: 300,
-            realtime_debounce_ms: 500,
-            detail_realtime_preview_enabled: false,
-            detail_auto_expand_selected_event: true,
-            session_default_view: SessionDefaultView::default(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
-#[serde(rename_all = "snake_case")]
-pub enum PublishMode {
-    SessionEnd,
-    Realtime,
-    Manual,
-}
-
-impl PublishMode {
-    pub fn cycle(&self) -> Self {
-        match self {
-            Self::SessionEnd => Self::Realtime,
-            Self::Realtime => Self::Manual,
-            Self::Manual => Self::SessionEnd,
-        }
-    }
-
-    pub fn display(&self) -> &'static str {
-        match self {
-            Self::SessionEnd => "Session End",
-            Self::Realtime => "Realtime",
-            Self::Manual => "Manual",
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-pub enum CalendarDisplayMode {
-    Smart,
-    Relative,
-    Absolute,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SessionDefaultView {
-    #[default]
-    Full,
-    Compressed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ServerSettings {
-    #[serde(default = "default_server_url")]
-    pub url: String,
-    #[serde(default)]
-    pub api_key: String,
-}
-
-impl Default for ServerSettings {
-    fn default() -> Self {
-        Self {
-            url: default_server_url(),
-            api_key: String::new(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct IdentitySettings {
-    #[serde(default = "default_nickname")]
-    pub nickname: String,
-}
-
-impl Default for IdentitySettings {
-    fn default() -> Self {
-        Self {
-            nickname: default_nickname(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct PrivacySettings {
-    #[serde(default = "default_true")]
-    pub strip_paths: bool,
-    #[serde(default = "default_true")]
-    pub strip_env_vars: bool,
-    #[serde(default = "default_exclude_patterns")]
-    pub exclude_patterns: Vec<String>,
-    #[serde(default)]
-    pub exclude_tools: Vec<String>,
-}
-
-impl Default for PrivacySettings {
-    fn default() -> Self {
-        Self {
-            strip_paths: true,
-            strip_env_vars: true,
-            exclude_patterns: default_exclude_patterns(),
-            exclude_tools: Vec::new(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct WatcherSettings {
-    #[serde(default = "default_watch_paths")]
-    pub custom_paths: Vec<String>,
-}
-
-impl Default for WatcherSettings {
-    fn default() -> Self {
-        Self {
-            custom_paths: default_watch_paths(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct GitStorageSettings {
-    #[serde(default)]
-    pub method: GitStorageMethod,
-    #[serde(default)]
-    pub token: String,
-    #[serde(default)]
-    pub retention: GitRetentionSettings,
-}
-
-impl Default for GitStorageSettings {
-    fn default() -> Self {
-        Self {
-            method: GitStorageMethod::Native,
-            token: String::new(),
-            retention: GitRetentionSettings::default(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct SummarySettings {
-    #[serde(default)]
-    pub provider: SummaryProviderSettings,
-    #[serde(default)]
-    pub prompt: SummaryPromptSettings,
-    #[serde(default)]
-    pub response: SummaryResponseSettings,
-    #[serde(default)]
-    pub storage: SummaryStorageSettings,
-    /// Kept for CLI/CI and non-desktop runtimes.
-    #[serde(default)]
-    pub source_mode: SummarySourceMode,
-    #[serde(default)]
-    pub batch: SummaryBatchSettings,
-}
-
-impl SummarySettings {
-    pub fn is_configured(&self) -> bool {
-        match self.provider.id {
-            SummaryProvider::Disabled => false,
-            SummaryProvider::Ollama => !self.provider.model.trim().is_empty(),
-            SummaryProvider::CodexExec | SummaryProvider::ClaudeCli => true,
-        }
-    }
-
-    pub fn provider_transport(&self) -> SummaryProviderTransport {
-        self.provider.id.transport()
-    }
-
-    pub fn allows_git_changes_fallback(&self) -> bool {
-        matches!(self.source_mode, SummarySourceMode::SessionOrGitChanges)
-    }
-
-    pub fn should_generate_on_session_save(&self) -> bool {
-        matches!(self.storage.trigger, SummaryTriggerMode::OnSessionSave)
-    }
-
-    pub fn persists_to_local_db(&self) -> bool {
-        matches!(self.storage.backend, SummaryStorageBackend::LocalDb)
-    }
-
-    pub fn persists_to_hidden_ref(&self) -> bool {
-        matches!(self.storage.backend, SummaryStorageBackend::HiddenRef)
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct SummaryProviderSettings {
-    #[serde(default)]
-    pub id: SummaryProvider,
-    #[serde(default = "default_summary_endpoint")]
-    pub endpoint: String,
-    #[serde(default)]
-    pub model: String,
-}
-
-impl Default for SummaryProviderSettings {
-    fn default() -> Self {
-        Self {
-            id: SummaryProvider::default(),
-            endpoint: default_summary_endpoint(),
-            model: String::new(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct SummaryPromptSettings {
-    #[serde(default)]
-    pub template: String,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct SummaryResponseSettings {
-    #[serde(default)]
-    pub style: SummaryResponseStyle,
-    #[serde(default)]
-    pub shape: SummaryOutputShape,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, Default)]
-pub struct SummaryStorageSettings {
-    #[serde(default)]
-    pub trigger: SummaryTriggerMode,
-    #[serde(default)]
-    pub backend: SummaryStorageBackend,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct SummaryBatchSettings {
-    #[serde(default)]
-    pub execution_mode: SummaryBatchExecutionMode,
-    #[serde(default)]
-    pub scope: SummaryBatchScope,
-    #[serde(default = "default_summary_batch_recent_days")]
-    pub recent_days: u16,
-}
-
-impl Default for SummaryBatchSettings {
-    fn default() -> Self {
-        Self {
-            execution_mode: SummaryBatchExecutionMode::default(),
-            scope: SummaryBatchScope::default(),
-            recent_days: default_summary_batch_recent_days(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct VectorSearchSettings {
-    #[serde(default = "default_false")]
-    pub enabled: bool,
-    #[serde(default)]
-    pub provider: VectorSearchProvider,
-    #[serde(default = "default_vector_model")]
-    pub model: String,
-    #[serde(default = "default_vector_endpoint")]
-    pub endpoint: String,
-    #[serde(default)]
-    pub granularity: VectorSearchGranularity,
-    #[serde(default)]
-    pub chunking_mode: VectorChunkingMode,
-    #[serde(default = "default_vector_chunk_size_lines")]
-    pub chunk_size_lines: u16,
-    #[serde(default = "default_vector_chunk_overlap_lines")]
-    pub chunk_overlap_lines: u16,
-    #[serde(default = "default_vector_top_k_chunks")]
-    pub top_k_chunks: u16,
-    #[serde(default = "default_vector_top_k_sessions")]
-    pub top_k_sessions: u16,
-}
-
-impl Default for VectorSearchSettings {
-    fn default() -> Self {
-        Self {
-            enabled: default_false(),
-            provider: VectorSearchProvider::default(),
-            model: default_vector_model(),
-            endpoint: default_vector_endpoint(),
-            granularity: VectorSearchGranularity::default(),
-            chunking_mode: VectorChunkingMode::default(),
-            chunk_size_lines: default_vector_chunk_size_lines(),
-            chunk_overlap_lines: default_vector_chunk_overlap_lines(),
-            top_k_chunks: default_vector_top_k_chunks(),
-            top_k_sessions: default_vector_top_k_sessions(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ChangeReaderSettings {
-    #[serde(default = "default_false")]
-    pub enabled: bool,
-    #[serde(default)]
-    pub scope: ChangeReaderScope,
-    #[serde(default = "default_true")]
-    pub qa_enabled: bool,
-    #[serde(default = "default_change_reader_max_context_chars")]
-    pub max_context_chars: u32,
-    #[serde(default)]
-    pub voice: ChangeReaderVoiceSettings,
-}
-
-impl Default for ChangeReaderSettings {
-    fn default() -> Self {
-        Self {
-            enabled: default_false(),
-            scope: ChangeReaderScope::default(),
-            qa_enabled: default_true(),
-            max_context_chars: default_change_reader_max_context_chars(),
-            voice: ChangeReaderVoiceSettings::default(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct ChangeReaderVoiceSettings {
-    #[serde(default = "default_false")]
-    pub enabled: bool,
-    #[serde(default)]
-    pub provider: ChangeReaderVoiceProvider,
-    #[serde(default = "default_change_reader_voice_model")]
-    pub model: String,
-    #[serde(default = "default_change_reader_voice_name")]
-    pub voice: String,
-    #[serde(default)]
-    pub api_key: String,
-}
-
-impl Default for ChangeReaderVoiceSettings {
-    fn default() -> Self {
-        Self {
-            enabled: default_false(),
-            provider: ChangeReaderVoiceProvider::default(),
-            model: default_change_reader_voice_model(),
-            voice: default_change_reader_voice_name(),
-            api_key: String::new(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct LifecycleSettings {
-    #[serde(default = "default_true")]
-    pub enabled: bool,
-    #[serde(default = "default_lifecycle_session_ttl_days")]
-    pub session_ttl_days: u32,
-    #[serde(default = "default_lifecycle_summary_ttl_days")]
-    pub summary_ttl_days: u32,
-    #[serde(default = "default_lifecycle_cleanup_interval_secs")]
-    pub cleanup_interval_secs: u64,
-}
-
-impl Default for LifecycleSettings {
-    fn default() -> Self {
-        Self {
-            enabled: true,
-            session_ttl_days: default_lifecycle_session_ttl_days(),
-            summary_ttl_days: default_lifecycle_summary_ttl_days(),
-            cleanup_interval_secs: default_lifecycle_cleanup_interval_secs(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum ChangeReaderScope {
-    #[default]
-    SummaryOnly,
-    FullContext,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum VectorSearchProvider {
-    #[default]
-    Ollama,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum VectorSearchGranularity {
-    #[default]
-    EventLineChunk,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum VectorChunkingMode {
-    #[default]
-    Auto,
-    Manual,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum ChangeReaderVoiceProvider {
-    #[default]
-    Openai,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryProvider {
-    #[default]
-    Disabled,
-    Ollama,
-    CodexExec,
-    ClaudeCli,
-}
-
-impl SummaryProvider {
-    pub fn transport(&self) -> SummaryProviderTransport {
-        match self {
-            Self::Disabled => SummaryProviderTransport::None,
-            Self::Ollama => SummaryProviderTransport::Http,
-            Self::CodexExec | Self::ClaudeCli => SummaryProviderTransport::Cli,
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryProviderTransport {
-    #[default]
-    None,
-    Cli,
-    Http,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryResponseStyle {
-    Compact,
-    #[default]
-    Standard,
-    Detailed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummarySourceMode {
-    #[default]
-    SessionOnly,
-    SessionOrGitChanges,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryOutputShape {
-    #[default]
-    Layered,
-    FileList,
-    SecurityFirst,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryTriggerMode {
-    Manual,
-    #[default]
-    OnSessionSave,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryStorageBackend {
-    None,
-    #[default]
-    HiddenRef,
-    LocalDb,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryBatchExecutionMode {
-    Manual,
-    #[default]
-    OnAppStart,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum SummaryBatchScope {
-    #[default]
-    RecentDays,
-    All,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-pub struct GitRetentionSettings {
-    #[serde(default = "default_false")]
-    pub enabled: bool,
-    #[serde(default = "default_git_retention_keep_days")]
-    pub keep_days: u32,
-    #[serde(default = "default_git_retention_interval_secs")]
-    pub interval_secs: u64,
-}
-
-impl Default for GitRetentionSettings {
-    fn default() -> Self {
-        Self {
-            enabled: false,
-            keep_days: default_git_retention_keep_days(),
-            interval_secs: default_git_retention_interval_secs(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Default)]
-#[serde(rename_all = "snake_case")]
-pub enum GitStorageMethod {
-    /// Store sessions as git objects on hidden refs (git-native).
-    #[default]
-    Native,
-    /// Store session bodies in SQLite-backed storage.
-    Sqlite,
-}
-
-// ── Serde default functions ─────────────────────────────────────────────
-
-fn default_true() -> bool {
-    true
-}
-fn default_false() -> bool {
-    false
-}
-fn default_debounce() -> u64 {
-    5
-}
-fn default_max_retries() -> u32 {
-    3
-}
-fn default_health_check_interval() -> u64 {
-    300
-}
-fn default_realtime_debounce_ms() -> u64 {
-    500
-}
-fn default_detail_realtime_preview_enabled() -> bool {
-    false
-}
-fn default_detail_auto_expand_selected_event() -> bool {
-    true
-}
-fn default_session_default_view() -> SessionDefaultView {
-    SessionDefaultView::Full
-}
-fn default_publish_on() -> PublishMode {
-    PublishMode::Manual
-}
-fn default_git_retention_keep_days() -> u32 {
-    30
-}
-fn default_git_retention_interval_secs() -> u64 {
-    86_400
-}
-fn default_summary_endpoint() -> String {
-    "http://127.0.0.1:11434".to_string()
-}
-fn default_vector_endpoint() -> String {
-    "http://127.0.0.1:11434".to_string()
-}
-fn default_vector_model() -> String {
-    "bge-m3".to_string()
-}
-fn default_vector_chunk_size_lines() -> u16 {
-    12
-}
-fn default_vector_chunk_overlap_lines() -> u16 {
-    3
-}
-fn default_vector_top_k_chunks() -> u16 {
-    30
-}
-fn default_vector_top_k_sessions() -> u16 {
-    20
-}
-fn default_change_reader_max_context_chars() -> u32 {
-    12_000
-}
-fn default_change_reader_voice_model() -> String {
-    "gpt-4o-mini-tts".to_string()
-}
-fn default_change_reader_voice_name() -> String {
-    "alloy".to_string()
-}
-fn default_summary_batch_recent_days() -> u16 {
-    30
-}
-fn default_lifecycle_session_ttl_days() -> u32 {
-    30
-}
-fn default_lifecycle_summary_ttl_days() -> u32 {
-    30
-}
-fn default_lifecycle_cleanup_interval_secs() -> u64 {
-    3_600
-}
-fn default_server_url() -> String {
-    "https://opensession.io".to_string()
-}
-fn default_nickname() -> String {
-    "user".to_string()
-}
-fn default_exclude_patterns() -> Vec<String> {
-    vec![
-        "*.env".to_string(),
-        "*secret*".to_string(),
-        "*credential*".to_string(),
-    ]
-}
-
-pub const DEFAULT_WATCH_PATHS: &[&str] = &[
-    "~/.claude/projects",
-    "~/.codex/sessions",
-    "~/.local/share/opencode/storage/session",
-    "~/.cline/data/tasks",
-    "~/.local/share/amp/threads",
-    "~/.gemini/tmp",
-    "~/Library/Application Support/Cursor/User",
-    "~/.config/Cursor/User",
-];
-
-pub fn default_watch_paths() -> Vec<String> {
-    DEFAULT_WATCH_PATHS
-        .iter()
-        .map(|path| (*path).to_string())
-        .collect()
-}
+mod change_reader;
+mod daemon;
+mod defaults;
+mod git_storage;
+mod identity_privacy;
+mod lifecycle;
+mod server;
+mod summary;
+mod vector;
+mod watcher;
+
+pub use change_reader::{
+    ChangeReaderScope, ChangeReaderSettings, ChangeReaderVoiceProvider, ChangeReaderVoiceSettings,
+};
+pub use daemon::{
+    CalendarDisplayMode, DaemonConfig, DaemonSettings, PublishMode, SessionDefaultView,
+};
+pub use defaults::{CONFIG_FILE_NAME, DEFAULT_WATCH_PATHS, default_watch_paths};
+pub use git_storage::{GitRetentionSettings, GitStorageMethod, GitStorageSettings};
+pub use identity_privacy::{IdentitySettings, PrivacySettings};
+pub use lifecycle::LifecycleSettings;
+pub use server::ServerSettings;
+pub use summary::{
+    SummaryBatchExecutionMode, SummaryBatchScope, SummaryBatchSettings, SummaryOutputShape,
+    SummaryPromptSettings, SummaryProvider, SummaryProviderSettings, SummaryProviderTransport,
+    SummaryResponseSettings, SummaryResponseStyle, SummarySettings, SummarySourceMode,
+    SummaryStorageBackend, SummaryStorageSettings, SummaryTriggerMode,
+};
+pub use vector::{
+    VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider, VectorSearchSettings,
+};
+pub use watcher::WatcherSettings;
 
 #[cfg(test)]
 mod tests {
@@ -763,9 +103,8 @@ keep_days = 14
 interval_secs = 43200
 "#,
         )
-        .expect("parse retention config");
+        .expect("parse config");
 
-        assert_eq!(cfg.git_storage.method, GitStorageMethod::Native);
         assert!(cfg.git_storage.retention.enabled);
         assert_eq!(cfg.git_storage.retention.keep_days, 14);
         assert_eq!(cfg.git_storage.retention.interval_secs, 43_200);
@@ -1269,4 +608,29 @@ session_default_view = "compact"
             "unsupported session_default_view must fail"
         );
     }
+
+    #[test]
+    fn summary_storage_helpers_reflect_selected_modes() {
+        let mut settings = SummarySettings::default();
+
+        settings.source_mode = SummarySourceMode::SessionOnly;
+        assert!(!settings.allows_git_changes_fallback());
+
+        settings.source_mode = SummarySourceMode::SessionOrGitChanges;
+        assert!(settings.allows_git_changes_fallback());
+
+        settings.storage.trigger = SummaryTriggerMode::Manual;
+        assert!(!settings.should_generate_on_session_save());
+
+        settings.storage.trigger = SummaryTriggerMode::OnSessionSave;
+        assert!(settings.should_generate_on_session_save());
+
+        settings.storage.backend = SummaryStorageBackend::LocalDb;
+        assert!(settings.persists_to_local_db());
+        assert!(!settings.persists_to_hidden_ref());
+
+        settings.storage.backend = SummaryStorageBackend::HiddenRef;
+        assert!(!settings.persists_to_local_db());
+        assert!(settings.persists_to_hidden_ref());
+    }
 }
diff --git a/crates/runtime-config/src/lifecycle.rs b/crates/runtime-config/src/lifecycle.rs
new file mode 100644
index 00000000..f89d7be4
--- /dev/null
+++ b/crates/runtime-config/src/lifecycle.rs
@@ -0,0 +1,28 @@
+use crate::defaults::{
+    default_lifecycle_cleanup_interval_secs, default_lifecycle_session_ttl_days,
+    default_lifecycle_summary_ttl_days, default_true,
+};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct LifecycleSettings {
+    #[serde(default = "default_true")]
+    pub enabled: bool,
+    #[serde(default = "default_lifecycle_session_ttl_days")]
+    pub session_ttl_days: u32,
+    #[serde(default = "default_lifecycle_summary_ttl_days")]
+    pub summary_ttl_days: u32,
+    #[serde(default = "default_lifecycle_cleanup_interval_secs")]
+    pub cleanup_interval_secs: u64,
+}
+
+impl Default for LifecycleSettings {
+    fn default() -> Self {
+        Self {
+            enabled: true,
+            session_ttl_days: default_lifecycle_session_ttl_days(),
+            summary_ttl_days: default_lifecycle_summary_ttl_days(),
+            cleanup_interval_secs: default_lifecycle_cleanup_interval_secs(),
+        }
+    }
+}
diff --git a/crates/runtime-config/src/server.rs b/crates/runtime-config/src/server.rs
new file mode 100644
index 00000000..fcf5b890
--- /dev/null
+++ b/crates/runtime-config/src/server.rs
@@ -0,0 +1,19 @@
+use crate::defaults::default_server_url;
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ServerSettings {
+    #[serde(default = "default_server_url")]
+    pub url: String,
+    #[serde(default)]
+    pub api_key: String,
+}
+
+impl Default for ServerSettings {
+    fn default() -> Self {
+        Self {
+            url: default_server_url(),
+            api_key: String::new(),
+        }
+    }
+}
diff --git a/crates/runtime-config/src/summary.rs b/crates/runtime-config/src/summary.rs
new file mode 100644
index 00000000..2122ed35
--- /dev/null
+++ b/crates/runtime-config/src/summary.rs
@@ -0,0 +1,198 @@
+use crate::defaults::{default_summary_batch_recent_days, default_summary_endpoint};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct SummarySettings {
+    #[serde(default)]
+    pub provider: SummaryProviderSettings,
+    #[serde(default)]
+    pub prompt: SummaryPromptSettings,
+    #[serde(default)]
+    pub response: SummaryResponseSettings,
+    #[serde(default)]
+    pub storage: SummaryStorageSettings,
+    #[serde(default)]
+    pub source_mode: SummarySourceMode,
+    #[serde(default)]
+    pub batch: SummaryBatchSettings,
+}
+
+impl SummarySettings {
+    pub fn is_configured(&self) -> bool {
+        match self.provider.id {
+            SummaryProvider::Disabled => false,
+            SummaryProvider::Ollama => !self.provider.model.trim().is_empty(),
+            SummaryProvider::CodexExec | SummaryProvider::ClaudeCli => true,
+        }
+    }
+
+    pub fn provider_transport(&self) -> SummaryProviderTransport {
+        self.provider.id.transport()
+    }
+
+    pub fn allows_git_changes_fallback(&self) -> bool {
+        matches!(self.source_mode, SummarySourceMode::SessionOrGitChanges)
+    }
+
+    pub fn should_generate_on_session_save(&self) -> bool {
+        matches!(self.storage.trigger, SummaryTriggerMode::OnSessionSave)
+    }
+
+    pub fn persists_to_local_db(&self) -> bool {
+        matches!(self.storage.backend, SummaryStorageBackend::LocalDb)
+    }
+
+    pub fn persists_to_hidden_ref(&self) -> bool {
+        matches!(self.storage.backend, SummaryStorageBackend::HiddenRef)
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SummaryProviderSettings {
+    #[serde(default)]
+    pub id: SummaryProvider,
+    #[serde(default = "default_summary_endpoint")]
+    pub endpoint: String,
+    #[serde(default)]
+    pub model: String,
+}
+
+impl Default for SummaryProviderSettings {
+    fn default() -> Self {
+        Self {
+            id: SummaryProvider::default(),
+            endpoint: default_summary_endpoint(),
+            model: String::new(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct SummaryPromptSettings {
+    #[serde(default)]
+    pub template: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct SummaryResponseSettings {
+    #[serde(default)]
+    pub style: SummaryResponseStyle,
+    #[serde(default)]
+    pub shape: SummaryOutputShape,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct SummaryStorageSettings {
+    #[serde(default)]
+    pub trigger: SummaryTriggerMode,
+    #[serde(default)]
+    pub backend: SummaryStorageBackend,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SummaryBatchSettings {
+    #[serde(default)]
+    pub execution_mode: SummaryBatchExecutionMode,
+    #[serde(default)]
+    pub scope: SummaryBatchScope,
+    #[serde(default = "default_summary_batch_recent_days")]
+    pub recent_days: u16,
+}
+
+impl Default for SummaryBatchSettings {
+    fn default() -> Self {
+        Self {
+            execution_mode: SummaryBatchExecutionMode::default(),
+            scope: SummaryBatchScope::default(),
+            recent_days: default_summary_batch_recent_days(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryProvider {
+    #[default]
+    Disabled,
+    Ollama,
+    CodexExec,
+    ClaudeCli,
+}
+
+impl SummaryProvider {
+    pub fn transport(&self) -> SummaryProviderTransport {
+        match self {
+            Self::Disabled => SummaryProviderTransport::None,
+            Self::Ollama => SummaryProviderTransport::Http,
+            Self::CodexExec | Self::ClaudeCli => SummaryProviderTransport::Cli,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryProviderTransport {
+    #[default]
+    None,
+    Cli,
+    Http,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryResponseStyle {
+    Compact,
+    #[default]
+    Standard,
+    Detailed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummarySourceMode {
+    #[default]
+    SessionOnly,
+    SessionOrGitChanges,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryOutputShape {
+    #[default]
+    Layered,
+    FileList,
+    SecurityFirst,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryTriggerMode {
+    Manual,
+    #[default]
+    OnSessionSave,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryStorageBackend {
+    None,
+    #[default]
+    HiddenRef,
+    LocalDb,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryBatchExecutionMode {
+    Manual,
+    #[default]
+    OnAppStart,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum SummaryBatchScope {
+    #[default]
+    RecentDays,
+    All,
+}
diff --git a/crates/runtime-config/src/vector.rs b/crates/runtime-config/src/vector.rs
new file mode 100644
index 00000000..f3d41f0a
--- /dev/null
+++ b/crates/runtime-config/src/vector.rs
@@ -0,0 +1,69 @@
+use crate::defaults::{
+    default_false, default_vector_chunk_overlap_lines, default_vector_chunk_size_lines,
+    default_vector_endpoint, default_vector_model, default_vector_top_k_chunks,
+    default_vector_top_k_sessions,
+};
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct VectorSearchSettings {
+    #[serde(default = "default_false")]
+    pub enabled: bool,
+    #[serde(default)]
+    pub provider: VectorSearchProvider,
+    #[serde(default = "default_vector_model")]
+    pub model: String,
+    #[serde(default = "default_vector_endpoint")]
+    pub endpoint: String,
+    #[serde(default)]
+    pub granularity: VectorSearchGranularity,
+    #[serde(default)]
+    pub chunking_mode: VectorChunkingMode,
+    #[serde(default = "default_vector_chunk_size_lines")]
+    pub chunk_size_lines: u16,
+    #[serde(default = "default_vector_chunk_overlap_lines")]
+    pub chunk_overlap_lines: u16,
+    #[serde(default = "default_vector_top_k_chunks")]
+    pub top_k_chunks: u16,
+    #[serde(default = "default_vector_top_k_sessions")]
+    pub top_k_sessions: u16,
+}
+
+impl Default for VectorSearchSettings {
+    fn default() -> Self {
+        Self {
+            enabled: default_false(),
+            provider: VectorSearchProvider::default(),
+            model: default_vector_model(),
+            endpoint: default_vector_endpoint(),
+            granularity: VectorSearchGranularity::default(),
+            chunking_mode: VectorChunkingMode::default(),
+            chunk_size_lines: default_vector_chunk_size_lines(),
+            chunk_overlap_lines: default_vector_chunk_overlap_lines(),
+            top_k_chunks: default_vector_top_k_chunks(),
+            top_k_sessions: default_vector_top_k_sessions(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum VectorSearchProvider {
+    #[default]
+    Ollama,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum VectorSearchGranularity {
+    #[default]
+    EventLineChunk,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+#[serde(rename_all = "snake_case")]
+pub enum VectorChunkingMode {
+    #[default]
+    Auto,
+    Manual,
+}
diff --git a/crates/runtime-config/src/watcher.rs b/crates/runtime-config/src/watcher.rs
new file mode 100644
index 00000000..4616bc87
--- /dev/null
+++ b/crates/runtime-config/src/watcher.rs
@@ -0,0 +1,16 @@
+use crate::default_watch_paths;
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct WatcherSettings {
+    #[serde(default = "default_watch_paths")]
+    pub custom_paths: Vec<String>,
+}
+
+impl Default for WatcherSettings {
+    fn default() -> Self {
+        Self {
+            custom_paths: default_watch_paths(),
+        }
+    }
+}
diff --git a/crates/server/src/main.rs b/crates/server/src/main.rs
index 412aff8e..5daa0e72 100644
--- a/crates/server/src/main.rs
+++ b/crates/server/src/main.rs
@@ -1,177 +1,13 @@
 mod app_config;
 mod error;
 mod routes;
+mod startup;
 mod storage;
 
-use axum::{
-    Router,
-    extract::{DefaultBodyLimit, FromRef},
-    http::{
-        HeaderName, HeaderValue, Method,
-        header::{AUTHORIZATION, CONTENT_TYPE},
-    },
-    routing::{delete, get, post, put},
-};
-use tower_http::cors::CorsLayer;
-use tower_http::services::{ServeDir, ServeFile};
-use tower_http::trace::TraceLayer;
-
-use app_config::load_server_bootstrap;
-use storage::Db;
-
 pub use app_config::AppConfig;
-
-/// Application state shared across all handlers.
-#[derive(Clone)]
-pub struct AppState {
-    pub db: Db,
-    pub config: AppConfig,
-}
-
-fn build_cors_layer(allowed_origins: &[String]) -> CorsLayer {
-    let csrf_header = HeaderName::from_static("x-csrf-token");
-    let origin_values: Vec<HeaderValue> = allowed_origins
-        .iter()
-        .filter_map(|origin| HeaderValue::from_str(origin).ok())
-        .collect();
-
-    let mut cors = CorsLayer::new()
-        .allow_methods([
-            Method::GET,
-            Method::POST,
-            Method::PUT,
-            Method::DELETE,
-            Method::OPTIONS,
-        ])
-        .allow_headers([CONTENT_TYPE, AUTHORIZATION, csrf_header])
-        .allow_credentials(true);
-    if !origin_values.is_empty() {
-        cors = cors.allow_origin(origin_values);
-    }
-    cors
-}
-
-impl FromRef<AppState> for Db {
-    fn from_ref(state: &AppState) -> Self {
-        state.db.clone()
-    }
-}
-
-impl FromRef<AppState> for AppConfig {
-    fn from_ref(state: &AppState) -> Self {
-        state.config.clone()
-    }
-}
+pub use startup::AppState;
 
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-    // Initialize tracing
-    tracing_subscriber::fmt()
-        .with_env_filter(
-            tracing_subscriber::EnvFilter::try_from_default_env()
-                .unwrap_or_else(|_| "opensession_server=info,tower_http=info".into()),
-        )
-        .init();
-
-    let bootstrap = load_server_bootstrap();
-    let data_dir = bootstrap.data_dir;
-    let web_dir = bootstrap.web_dir;
-    let port = bootstrap.port;
-    let config = bootstrap.config;
-
-    tracing::info!("data directory: {}", data_dir.display());
-
-    // Initialize database
-    let db = storage::init_db(&data_dir)?;
-    tracing::info!("database initialized");
-
-    if config.jwt_secret.is_empty() {
-        tracing::warn!("JWT_SECRET not set — JWT auth and OAuth will be disabled");
-    }
-    if config.admin_key.is_empty() {
-        tracing::warn!("OPENSESSION_ADMIN_KEY not set — /api/admin routes will return 401");
-    }
-    if !config.public_feed_enabled {
-        tracing::info!(
-            "public feed is disabled ({}=false)",
-            opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED
-        );
-    }
-
-    let base_url = config.base_url.clone();
-
-    let state = AppState { db, config };
-
-    // Build API routes
-    let api = Router::new()
-        // Health
-        .route("/health", get(routes::health::health))
-        .route("/capabilities", get(routes::capabilities::capabilities))
-        .route("/parse/preview", post(routes::ingest::preview))
-        .route(
-            "/review/local/{review_id}",
-            get(routes::review::get_local_review_bundle),
-        )
-        // Auth
-        .route("/auth/verify", post(routes::auth::verify))
-        .route("/auth/me", get(routes::auth::me))
-        .route("/auth/api-keys/issue", post(routes::auth::issue_api_key))
-        .route(
-            "/auth/git-credentials",
-            get(routes::auth::list_git_credentials).post(routes::auth::create_git_credential),
-        )
-        .route(
-            "/auth/git-credentials/{id}",
-            delete(routes::auth::delete_git_credential),
-        )
-        // Auth (email/password + JWT)
-        .route("/auth/register", post(routes::auth::auth_register))
-        .route("/auth/login", post(routes::auth::login))
-        .route("/auth/refresh", post(routes::auth::refresh))
-        .route("/auth/logout", post(routes::auth::logout))
-        .route("/auth/password", put(routes::auth::change_password))
-        // OAuth
-        .route("/auth/providers", get(routes::oauth::providers))
-        .route("/auth/oauth/{provider}", get(routes::oauth::redirect))
-        .route(
-            "/auth/oauth/{provider}/callback",
-            get(routes::oauth::callback),
-        )
-        .route("/auth/oauth/{provider}/link", post(routes::oauth::link))
-        // Sessions (read-only)
-        .layer(DefaultBodyLimit::max(256 * 1024 * 1024))
-        .route("/sessions", get(routes::sessions::list_sessions))
-        .route("/sessions/repos", get(routes::sessions::list_session_repos))
-        .route("/sessions/{id}", get(routes::sessions::get_session))
-        .route("/sessions/{id}/raw", get(routes::sessions::get_session_raw))
-        // Admin
-        .route(
-            "/admin/sessions/{id}",
-            delete(routes::admin::delete_session),
-        );
-
-    // Build main router
-    let mut app = Router::new()
-        .nest("/api", api)
-        // Docs (content negotiation: markdown for AI agents, HTML for browsers)
-        .route("/docs", get(routes::docs::handle))
-        .route("/llms.txt", get(routes::docs::llms_txt));
-
-    if web_dir.exists() {
-        tracing::info!("serving static files from {}", web_dir.display());
-        let index_html = web_dir.join("index.html");
-        app = app.fallback_service(ServeDir::new(&web_dir).fallback(ServeFile::new(index_html)));
-    }
-
-    let app = app
-        .layer(TraceLayer::new_for_http())
-        .layer(build_cors_layer(&state.config.allowed_origins))
-        .with_state(state);
-
-    tracing::info!("starting server at {base_url}");
-
-    let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{port}")).await?;
-    axum::serve(listener, app).await?;
-
-    Ok(())
+    startup::run().await
 }
diff --git a/crates/server/src/routes/ingest.rs b/crates/server/src/routes/ingest.rs
index e662acab..52872ecc 100644
--- a/crates/server/src/routes/ingest.rs
+++ b/crates/server/src/routes/ingest.rs
@@ -7,10 +7,12 @@ use axum::{
     extract::State,
     http::{HeaderMap, StatusCode},
 };
+#[cfg(test)]
 use base64::Engine;
 use opensession_api::{
     ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
     ParsePreviewResponse, ParseSource, db as dbq,
+    parse_preview_source::{self as preview_source, GitSource, GithubSource},
 };
 use opensession_parsers::ingest::{self as parser_ingest, ParseError as ParserParseError};
 use reqwest::header::CONTENT_TYPE;
@@ -21,21 +23,6 @@ use crate::storage::{Db, sq_execute, sq_query_map, sq_query_row};
 const FETCH_TIMEOUT_SECS: u64 = 10;
 const MAX_SOURCE_SIZE_BYTES: usize = 10 * 1024 * 1024;
 
-#[derive(Debug, Clone, PartialEq, Eq)]
-struct GithubSource {
-    owner: String,
-    repo: String,
-    r#ref: String,
-    path: String,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-struct GitSource {
-    remote: String,
-    r#ref: String,
-    path: String,
-}
-
 #[derive(Debug, Clone)]
 struct ParseInput {
     source: ParseSource,
@@ -316,24 +303,8 @@ fn normalize_git_source(
     r#ref: &str,
     path: &str,
 ) -> Result<GitSource, PreviewRouteError> {
-    let remote = decode_and_trim(remote, "remote")?;
-    let url = validate_remote_url(&remote)?;
-    let remote = normalized_remote_origin(&url);
-
-    let r#ref = decode_and_trim(r#ref, "ref")?;
-    if !is_valid_ref(r#ref.as_str()) {
-        return Err(PreviewRouteError::invalid_source(
-            "ref must match [A-Za-z0-9._/-]{1,255} without '..', '~', '^', ':', or '\\'",
-        ));
-    }
-
-    let path = normalize_repo_path(path)?;
-
-    Ok(GitSource {
-        remote,
-        r#ref,
-        path,
-    })
+    preview_source::normalize_git_source(remote, r#ref, path)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
 }
 
 fn normalize_github_source(
@@ -342,157 +313,22 @@ fn normalize_github_source(
     r#ref: &str,
     path: &str,
 ) -> Result<GithubSource, PreviewRouteError> {
-    let owner = decode_and_trim(owner, "owner")?;
-    if !is_valid_owner_repo(owner.as_str()) {
-        return Err(PreviewRouteError::invalid_source(
-            "owner must match [A-Za-z0-9._-]{1,100}",
-        ));
-    }
-
-    let repo = decode_and_trim(repo, "repo")?;
-    if !is_valid_owner_repo(repo.as_str()) {
-        return Err(PreviewRouteError::invalid_source(
-            "repo must match [A-Za-z0-9._-]{1,100}",
-        ));
-    }
-
-    let r#ref = decode_and_trim(r#ref, "ref")?;
-    if !is_valid_ref(r#ref.as_str()) {
-        return Err(PreviewRouteError::invalid_source(
-            "ref must match [A-Za-z0-9._/-]{1,255} without '..', '~', '^', ':', or '\\'",
-        ));
-    }
-
-    let path = normalize_repo_path(path)?;
-    Ok(GithubSource {
-        owner,
-        repo,
-        r#ref,
-        path,
-    })
-}
-
-fn decode_and_trim(value: &str, field: &str) -> Result<String, PreviewRouteError> {
-    urlencoding::decode(value)
-        .map(|decoded| decoded.trim().to_string())
-        .map_err(|_| {
-            PreviewRouteError::invalid_source(format!("{field} contains invalid percent encoding"))
-        })
-}
-
-fn normalize_repo_path(path: &str) -> Result<String, PreviewRouteError> {
-    let decoded = decode_and_trim(path, "path")?;
-    if decoded.is_empty() {
-        return Err(PreviewRouteError::invalid_source("path is required"));
-    }
-    if decoded.starts_with('/') {
-        return Err(PreviewRouteError::invalid_source(
-            "path must be repository-relative",
-        ));
-    }
-
-    let mut normalized_segments = Vec::<String>::new();
-    for segment in decoded.split('/') {
-        if segment.is_empty() || segment == "." || segment == ".." {
-            return Err(PreviewRouteError::invalid_source(
-                "path cannot contain empty, '.' or '..' segments",
-            ));
-        }
-        if segment.contains('\\') {
-            return Err(PreviewRouteError::invalid_source(
-                "path cannot contain backslash characters",
-            ));
-        }
-        normalized_segments.push(segment.to_string());
-    }
-
-    Ok(normalized_segments.join("/"))
+    preview_source::normalize_github_source(owner, repo, r#ref, path)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
 }
 
 fn normalize_filename(filename: &str) -> Result<String, PreviewRouteError> {
-    let decoded = decode_and_trim(filename, "filename")?;
-    let normalized = decoded
-        .replace('\\', "/")
-        .rsplit('/')
-        .next()
-        .map(str::trim)
-        .unwrap_or_default()
-        .to_string();
-    if normalized.is_empty() || normalized == "." || normalized == ".." {
-        return Err(PreviewRouteError::invalid_source(
-            "inline filename must be a non-empty filename",
-        ));
-    }
-    if normalized.len() > 255 {
-        return Err(PreviewRouteError::invalid_source(
-            "inline filename is too long (max 255 chars)",
-        ));
-    }
-    Ok(normalized)
+    preview_source::normalize_filename(filename)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
 }
 
 fn decode_inline_content(content_base64: &str) -> Result<Vec<u8>, PreviewRouteError> {
-    let trimmed = content_base64.trim();
-    if trimmed.is_empty() {
-        return Err(PreviewRouteError::invalid_source(
-            "inline content_base64 is required",
-        ));
-    }
-    base64::engine::general_purpose::STANDARD
-        .decode(trimmed)
-        .map_err(|_| {
-            PreviewRouteError::invalid_source("inline content_base64 must be valid base64")
-        })
+    preview_source::decode_inline_content(content_base64)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
 }
 
 fn file_name_from_path(path: &str) -> String {
-    path.rsplit('/')
-        .next()
-        .filter(|value| !value.trim().is_empty())
-        .unwrap_or("session.txt")
-        .to_string()
-}
-
-fn is_valid_owner_repo(value: &str) -> bool {
-    let len = value.len();
-    (1..=100).contains(&len)
-        && value
-            .bytes()
-            .all(|b| b.is_ascii_alphanumeric() || b == b'.' || b == b'_' || b == b'-')
-}
-
-fn is_valid_ref(value: &str) -> bool {
-    let len = value.len();
-    if !(1..=255).contains(&len) {
-        return false;
-    }
-    if value.contains("..")
-        || value.contains('~')
-        || value.contains('^')
-        || value.contains(':')
-        || value.contains('\\')
-    {
-        return false;
-    }
-    if value.starts_with('/') || value.ends_with('/') || value.contains("//") {
-        return false;
-    }
-
-    value
-        .bytes()
-        .all(|b| b.is_ascii_alphanumeric() || b == b'.' || b == b'_' || b == b'-' || b == b'/')
-}
-
-fn encode_segments(value: &str) -> String {
-    value
-        .split('/')
-        .map(|segment| urlencoding::encode(segment).into_owned())
-        .collect::<Vec<_>>()
-        .join("/")
-}
-
-fn strip_git_suffix(segment: &str) -> &str {
-    segment.strip_suffix(".git").unwrap_or(segment)
+    preview_source::file_name_from_path(path)
 }
 
 fn validate_remote_url(remote: &str) -> Result<reqwest::Url, PreviewRouteError> {
@@ -536,27 +372,6 @@ fn validate_remote_url(remote: &str) -> Result<reqwest::Url, PreviewRouteError>
     Ok(parsed)
 }
 
-fn normalized_remote_origin(url: &reqwest::Url) -> String {
-    let mut normalized = url.clone();
-    normalized.set_query(None);
-    normalized.set_fragment(None);
-    let _ = normalized.set_username("");
-    let _ = normalized.set_password(None);
-
-    let trimmed_path = normalized.path().trim_end_matches('/').to_string();
-    if trimmed_path.is_empty() {
-        normalized.set_path("/");
-    } else {
-        normalized.set_path(&trimmed_path);
-    }
-
-    let mut rendered = normalized.to_string();
-    if rendered.ends_with('/') {
-        rendered.pop();
-    }
-    rendered
-}
-
 fn is_disallowed_remote_host(host: &str) -> bool {
     let lowered = host.to_ascii_lowercase();
     if lowered == "localhost" || lowered.ends_with(".localhost") {
@@ -625,6 +440,18 @@ fn origin_from_url(url: &reqwest::Url) -> Result<String, PreviewRouteError> {
     Ok(origin)
 }
 
+fn encode_segments(value: &str) -> String {
+    value
+        .split('/')
+        .map(|segment| urlencoding::encode(segment).into_owned())
+        .collect::<Vec<_>>()
+        .join("/")
+}
+
+fn strip_git_suffix(value: &str) -> &str {
+    value.strip_suffix(".git").unwrap_or(value)
+}
+
 fn repo_path_segments(url: &reqwest::Url) -> Result<Vec<String>, PreviewRouteError> {
     let mut segments: Vec<String> = url
         .path_segments()
diff --git a/crates/server/src/startup.rs b/crates/server/src/startup.rs
new file mode 100644
index 00000000..928c8247
--- /dev/null
+++ b/crates/server/src/startup.rs
@@ -0,0 +1,169 @@
+use axum::{
+    Router,
+    extract::{DefaultBodyLimit, FromRef},
+    http::{
+        HeaderName, HeaderValue, Method,
+        header::{AUTHORIZATION, CONTENT_TYPE},
+    },
+    routing::{delete, get, post, put},
+};
+use tower_http::cors::CorsLayer;
+use tower_http::services::{ServeDir, ServeFile};
+use tower_http::trace::TraceLayer;
+
+use crate::storage::Db;
+use crate::{AppConfig, app_config::load_server_bootstrap, routes, storage};
+
+/// Application state shared across all handlers.
+#[derive(Clone)]
+pub struct AppState {
+    pub db: Db,
+    pub config: AppConfig,
+}
+
+impl FromRef<AppState> for Db {
+    fn from_ref(state: &AppState) -> Self {
+        state.db.clone()
+    }
+}
+
+impl FromRef<AppState> for AppConfig {
+    fn from_ref(state: &AppState) -> Self {
+        state.config.clone()
+    }
+}
+
+pub async fn run() -> anyhow::Result<()> {
+    initialize_tracing();
+
+    let bootstrap = load_server_bootstrap();
+    let data_dir = bootstrap.data_dir;
+    let web_dir = bootstrap.web_dir;
+    let port = bootstrap.port;
+    let config = bootstrap.config;
+
+    tracing::info!("data directory: {}", data_dir.display());
+
+    let db = storage::init_db(&data_dir)?;
+    tracing::info!("database initialized");
+
+    warn_on_disabled_capabilities(&config);
+
+    let base_url = config.base_url.clone();
+    let state = AppState { db, config };
+    let app = build_app_router(state, &web_dir);
+
+    tracing::info!("starting server at {base_url}");
+
+    let listener = tokio::net::TcpListener::bind(format!("0.0.0.0:{port}")).await?;
+    axum::serve(listener, app).await?;
+
+    Ok(())
+}
+
+fn initialize_tracing() {
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            tracing_subscriber::EnvFilter::try_from_default_env()
+                .unwrap_or_else(|_| "opensession_server=info,tower_http=info".into()),
+        )
+        .init();
+}
+
+fn warn_on_disabled_capabilities(config: &AppConfig) {
+    if config.jwt_secret.is_empty() {
+        tracing::warn!("JWT_SECRET not set — JWT auth and OAuth will be disabled");
+    }
+    if config.admin_key.is_empty() {
+        tracing::warn!("OPENSESSION_ADMIN_KEY not set — /api/admin routes will return 401");
+    }
+    if !config.public_feed_enabled {
+        tracing::info!(
+            "public feed is disabled ({}=false)",
+            opensession_api::deploy::ENV_PUBLIC_FEED_ENABLED
+        );
+    }
+}
+
+fn build_app_router(state: AppState, web_dir: &std::path::Path) -> Router {
+    let mut app = Router::new()
+        .nest("/api", build_api_router())
+        .route("/docs", get(routes::docs::handle))
+        .route("/llms.txt", get(routes::docs::llms_txt));
+
+    if web_dir.exists() {
+        tracing::info!("serving static files from {}", web_dir.display());
+        let index_html = web_dir.join("index.html");
+        app = app.fallback_service(ServeDir::new(web_dir).fallback(ServeFile::new(index_html)));
+    }
+
+    app.layer(TraceLayer::new_for_http())
+        .layer(build_cors_layer(&state.config.allowed_origins))
+        .with_state(state)
+}
+
+fn build_api_router() -> Router<AppState> {
+    Router::new()
+        .route("/health", get(routes::health::health))
+        .route("/capabilities", get(routes::capabilities::capabilities))
+        .route("/parse/preview", post(routes::ingest::preview))
+        .route(
+            "/review/local/{review_id}",
+            get(routes::review::get_local_review_bundle),
+        )
+        .route("/auth/verify", post(routes::auth::verify))
+        .route("/auth/me", get(routes::auth::me))
+        .route("/auth/api-keys/issue", post(routes::auth::issue_api_key))
+        .route(
+            "/auth/git-credentials",
+            get(routes::auth::list_git_credentials).post(routes::auth::create_git_credential),
+        )
+        .route(
+            "/auth/git-credentials/{id}",
+            delete(routes::auth::delete_git_credential),
+        )
+        .route("/auth/register", post(routes::auth::auth_register))
+        .route("/auth/login", post(routes::auth::login))
+        .route("/auth/refresh", post(routes::auth::refresh))
+        .route("/auth/logout", post(routes::auth::logout))
+        .route("/auth/password", put(routes::auth::change_password))
+        .route("/auth/providers", get(routes::oauth::providers))
+        .route("/auth/oauth/{provider}", get(routes::oauth::redirect))
+        .route(
+            "/auth/oauth/{provider}/callback",
+            get(routes::oauth::callback),
+        )
+        .route("/auth/oauth/{provider}/link", post(routes::oauth::link))
+        .layer(DefaultBodyLimit::max(256 * 1024 * 1024))
+        .route("/sessions", get(routes::sessions::list_sessions))
+        .route("/sessions/repos", get(routes::sessions::list_session_repos))
+        .route("/sessions/{id}", get(routes::sessions::get_session))
+        .route("/sessions/{id}/raw", get(routes::sessions::get_session_raw))
+        .route(
+            "/admin/sessions/{id}",
+            delete(routes::admin::delete_session),
+        )
+}
+
+fn build_cors_layer(allowed_origins: &[String]) -> CorsLayer {
+    let csrf_header = HeaderName::from_static("x-csrf-token");
+    let origin_values: Vec<HeaderValue> = allowed_origins
+        .iter()
+        .filter_map(|origin| HeaderValue::from_str(origin).ok())
+        .collect();
+
+    let mut cors = CorsLayer::new()
+        .allow_methods([
+            Method::GET,
+            Method::POST,
+            Method::PUT,
+            Method::DELETE,
+            Method::OPTIONS,
+        ])
+        .allow_headers([CONTENT_TYPE, AUTHORIZATION, csrf_header])
+        .allow_credentials(true);
+    if !origin_values.is_empty() {
+        cors = cors.allow_origin(origin_values);
+    }
+    cors
+}
diff --git a/crates/worker/Cargo.lock b/crates/worker/Cargo.lock
index 54e1dd47..52a59d91 100644
--- a/crates/worker/Cargo.lock
+++ b/crates/worker/Cargo.lock
@@ -689,6 +689,8 @@ dependencies = [
  "serde",
  "serde_json",
  "sha2",
+ "url",
+ "urlencoding",
  "uuid",
 ]
 
diff --git a/desktop/src-tauri/Cargo.lock b/desktop/src-tauri/Cargo.lock
index 189bb70e..e4c2a1c4 100644
--- a/desktop/src-tauri/Cargo.lock
+++ b/desktop/src-tauri/Cargo.lock
@@ -3179,6 +3179,8 @@ dependencies = [
  "serde",
  "serde_json",
  "sha2",
+ "url",
+ "urlencoding",
  "uuid",
 ]
 
diff --git a/desktop/src-tauri/src/app/launch_route.rs b/desktop/src-tauri/src/app/launch_route.rs
new file mode 100644
index 00000000..cff7b3c2
--- /dev/null
+++ b/desktop/src-tauri/src/app/launch_route.rs
@@ -0,0 +1,55 @@
+use crate::{DesktopApiResult, desktop_error};
+use opensession_core::object_store::global_store_root;
+use serde_json::json;
+use std::fs;
+use std::path::PathBuf;
+
+fn desktop_launch_route_path() -> DesktopApiResult<PathBuf> {
+    let store_root = global_store_root().map_err(|error| {
+        desktop_error(
+            "desktop.launch_route_root_unavailable",
+            500,
+            "failed to resolve OpenSession home directory",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let opensession_root = store_root.parent().ok_or_else(|| {
+        desktop_error(
+            "desktop.launch_route_root_invalid",
+            500,
+            "invalid OpenSession global store path",
+            Some(json!({ "store_root": store_root.to_string_lossy() })),
+        )
+    })?;
+    Ok(opensession_root.join("desktop").join("launch-route"))
+}
+
+pub(crate) fn normalize_launch_route(raw: &str) -> Option<String> {
+    let trimmed = raw.trim();
+    if trimmed.is_empty() || !trimmed.starts_with('/') || trimmed.starts_with("//") {
+        return None;
+    }
+    if trimmed.chars().any(|ch| ch.is_control()) {
+        return None;
+    }
+    Some(trimmed.to_string())
+}
+
+#[tauri::command]
+pub(crate) fn desktop_take_launch_route() -> DesktopApiResult<Option<String>> {
+    let path = desktop_launch_route_path()?;
+    if !path.exists() {
+        return Ok(None);
+    }
+
+    let contents = fs::read_to_string(&path).map_err(|error| {
+        desktop_error(
+            "desktop.launch_route_read_failed",
+            500,
+            "failed to read desktop launch route",
+            Some(json!({ "cause": error.to_string(), "path": path.to_string_lossy() })),
+        )
+    })?;
+    let _ = fs::remove_file(&path);
+    Ok(normalize_launch_route(&contents))
+}
diff --git a/desktop/src-tauri/src/app/lifecycle_cleanup.rs b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
new file mode 100644
index 00000000..8f1c8960
--- /dev/null
+++ b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
@@ -0,0 +1,341 @@
+use crate::{
+    DesktopApiResult, LIFECYCLE_CLEANUP_LOOP_STARTED, desktop_error, load_runtime_config,
+    open_local_db, set_lifecycle_cleanup_job_snapshot,
+};
+use crate::app::session_summary::resolve_repo_root_from_session_row;
+use opensession_git_native::{BRANCH_LEDGER_REF_PREFIX, NativeGitStorage, SUMMARY_LEDGER_REF};
+use opensession_local_db::{LifecycleCleanupJobRow, LocalDb, LocalSessionFilter};
+use opensession_runtime_config::{DaemonConfig, GitStorageMethod};
+use serde_json::json;
+use std::collections::BTreeSet;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use std::time::Duration;
+
+fn resolve_desktop_lifecycle_schedule(config: &DaemonConfig) -> Option<Duration> {
+    if !config.lifecycle.enabled {
+        return None;
+    }
+    Some(Duration::from_secs(
+        config.lifecycle.cleanup_interval_secs.max(60),
+    ))
+}
+
+fn source_parent_directory_missing(source_path: &str) -> bool {
+    let path = Path::new(source_path);
+    path.parent()
+        .filter(|parent| !parent.as_os_str().is_empty())
+        .is_some_and(|parent| !parent.exists())
+}
+
+fn list_sessions_with_missing_source_parent_dirs(db: &LocalDb) -> DesktopApiResult<Vec<String>> {
+    let mut orphaned = db
+        .list_session_source_paths()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.lifecycle_cleanup_list_source_paths_failed",
+                500,
+                "failed to list session source paths for lifecycle cleanup",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?
+        .into_iter()
+        .filter_map(|(session_id, source_path)| {
+            if source_parent_directory_missing(&source_path) {
+                Some(session_id)
+            } else {
+                None
+            }
+        })
+        .collect::<Vec<_>>();
+    orphaned.sort();
+    orphaned.dedup();
+    Ok(orphaned)
+}
+
+fn collect_desktop_lifecycle_repo_roots(db: &LocalDb) -> DesktopApiResult<BTreeSet<PathBuf>> {
+    let mut roots = BTreeSet::new();
+    let rows = db
+        .list_sessions(&LocalSessionFilter::default())
+        .map_err(|error| {
+            desktop_error(
+                "desktop.lifecycle_cleanup_list_sessions_failed",
+                500,
+                "failed to list sessions for lifecycle cleanup",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    for row in rows {
+        if let Some(repo_root) = resolve_repo_root_from_session_row(&row) {
+            roots.insert(repo_root);
+        }
+    }
+
+    Ok(roots)
+}
+
+fn list_branch_ledger_refs(repo_root: &Path) -> Vec<String> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("for-each-ref")
+        .arg("--format=%(refname)")
+        .arg(BRANCH_LEDGER_REF_PREFIX)
+        .output();
+    let Ok(output) = output else {
+        return Vec::new();
+    };
+    if !output.status.success() {
+        return Vec::new();
+    }
+    String::from_utf8_lossy(&output.stdout)
+        .lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty())
+        .map(ToOwned::to_owned)
+        .collect()
+}
+
+fn run_desktop_git_retention_once(repo_roots: &BTreeSet<PathBuf>, keep_days: u32) {
+    let storage = NativeGitStorage;
+    for repo_root in repo_roots {
+        for ref_name in list_branch_ledger_refs(repo_root) {
+            let prune_result = storage.prune_by_age_at_ref(repo_root, &ref_name, keep_days);
+            if let Err(error) = prune_result {
+                eprintln!(
+                    "lifecycle cleanup: failed to prune branch ledger {ref_name} in {}: {error}",
+                    repo_root.display()
+                );
+            }
+        }
+    }
+}
+
+pub(crate) fn run_desktop_lifecycle_cleanup_once_with_db(
+    config: &DaemonConfig,
+    db: &LocalDb,
+) -> DesktopApiResult<()> {
+    if !config.lifecycle.enabled {
+        return Ok(());
+    }
+
+    let started_at = chrono::Utc::now().to_rfc3339();
+    set_lifecycle_cleanup_job_snapshot(
+        db,
+        LifecycleCleanupJobRow {
+            status: "running".to_string(),
+            deleted_sessions: 0,
+            deleted_summaries: 0,
+            message: Some("Scanning lifecycle cleanup candidates.".to_string()),
+            started_at: Some(started_at.clone()),
+            finished_at: None,
+        },
+    )?;
+
+    let storage = NativeGitStorage;
+    let mut deleted_sessions = 0u32;
+    let mut deleted_summaries = 0u32;
+
+    let result: DesktopApiResult<Option<String>> = (|| {
+        let repo_roots = collect_desktop_lifecycle_repo_roots(db)?;
+        let expired_sessions = db
+            .list_expired_session_ids(config.lifecycle.session_ttl_days)
+            .map_err(|error| {
+                desktop_error(
+                    "desktop.lifecycle_cleanup_list_expired_sessions_failed",
+                    500,
+                    "failed to list expired sessions for lifecycle cleanup",
+                    Some(json!({
+                        "cause": error.to_string(),
+                        "session_ttl_days": config.lifecycle.session_ttl_days
+                    })),
+                )
+            })?;
+        let expired_session_count = expired_sessions.len() as u32;
+        let orphaned_sessions = list_sessions_with_missing_source_parent_dirs(db)?;
+        let orphaned_session_count = orphaned_sessions.len() as u32;
+        let mut sessions_to_delete = expired_sessions.into_iter().collect::<BTreeSet<_>>();
+        sessions_to_delete.extend(orphaned_sessions);
+
+        if !sessions_to_delete.is_empty() {
+            set_lifecycle_cleanup_job_snapshot(
+                db,
+                LifecycleCleanupJobRow {
+                    status: "running".to_string(),
+                    deleted_sessions,
+                    deleted_summaries,
+                    message: Some(format!(
+                        "Deleting {} lifecycle cleanup candidates.",
+                        sessions_to_delete.len()
+                    )),
+                    started_at: Some(started_at.clone()),
+                    finished_at: None,
+                },
+            )?;
+        }
+
+        for session_id in &sessions_to_delete {
+            let row = db.get_session_by_id(session_id).map_err(|error| {
+                desktop_error(
+                    "desktop.lifecycle_cleanup_load_session_failed",
+                    500,
+                    "failed to load session for lifecycle cleanup",
+                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+                )
+            })?;
+            if let Some(repo_root) = row.as_ref().and_then(resolve_repo_root_from_session_row) {
+                let delete_result =
+                    storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id);
+                match delete_result {
+                    Ok(true) => {
+                        deleted_summaries = deleted_summaries.saturating_add(1);
+                    }
+                    Ok(false) => {}
+                    Err(error) => {
+                        eprintln!(
+                            "lifecycle cleanup: failed to delete hidden-ref summary for {} in {}: {error}",
+                            session_id,
+                            repo_root.display()
+                        );
+                    }
+                }
+            }
+
+            db.delete_session(session_id).map_err(|error| {
+                desktop_error(
+                    "desktop.lifecycle_cleanup_delete_session_failed",
+                    500,
+                    "failed to delete expired session during lifecycle cleanup",
+                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+                )
+            })?;
+            deleted_sessions = deleted_sessions.saturating_add(1);
+        }
+
+        deleted_summaries = deleted_summaries.saturating_add(
+            db.delete_expired_session_summaries(config.lifecycle.summary_ttl_days)
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.lifecycle_cleanup_delete_summaries_failed",
+                        500,
+                        "failed to delete expired semantic summaries during lifecycle cleanup",
+                        Some(json!({
+                            "cause": error.to_string(),
+                            "summary_ttl_days": config.lifecycle.summary_ttl_days
+                        })),
+                    )
+                })?,
+        );
+
+        for repo_root in &repo_roots {
+            let prune_result = storage.prune_summaries_by_age_at_ref(
+                repo_root,
+                SUMMARY_LEDGER_REF,
+                config.lifecycle.summary_ttl_days,
+            );
+            match prune_result {
+                Ok(stats) => {
+                    deleted_summaries =
+                        deleted_summaries.saturating_add(stats.expired_sessions as u32);
+                }
+                Err(error) => {
+                    eprintln!(
+                        "lifecycle cleanup: failed to prune hidden-ref summaries in {}: {error}",
+                        repo_root.display()
+                    );
+                }
+            }
+        }
+
+        if config.git_storage.method != GitStorageMethod::Sqlite
+            && config.git_storage.retention.enabled
+        {
+            run_desktop_git_retention_once(&repo_roots, config.lifecycle.session_ttl_days);
+        }
+
+        let message = if deleted_sessions == 0 && deleted_summaries == 0 {
+            Some("Lifecycle cleanup complete. No expired data needed removal.".to_string())
+        } else {
+            Some(format!(
+                "Lifecycle cleanup complete. Deleted {deleted_sessions} sessions ({expired_session_count} TTL, {orphaned_session_count} orphaned) and removed {deleted_summaries} summaries."
+            ))
+        };
+
+        Ok(message)
+    })();
+
+    match result {
+        Ok(message) => {
+            set_lifecycle_cleanup_job_snapshot(
+                db,
+                LifecycleCleanupJobRow {
+                    status: "complete".to_string(),
+                    deleted_sessions,
+                    deleted_summaries,
+                    message,
+                    started_at: Some(started_at),
+                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
+                },
+            )?;
+            Ok(())
+        }
+        Err(error) => {
+            if let Err(persist_error) = set_lifecycle_cleanup_job_snapshot(
+                db,
+                LifecycleCleanupJobRow {
+                    status: "failed".to_string(),
+                    deleted_sessions,
+                    deleted_summaries,
+                    message: Some(error.message.clone()),
+                    started_at: Some(started_at),
+                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
+                },
+            ) {
+                eprintln!(
+                    "failed to persist lifecycle cleanup failure snapshot: {}",
+                    persist_error.message
+                );
+            }
+            Err(error)
+        }
+    }
+}
+
+fn run_desktop_lifecycle_cleanup_once(config: &DaemonConfig) -> DesktopApiResult<()> {
+    let db = open_local_db()?;
+    run_desktop_lifecycle_cleanup_once_with_db(config, &db)
+}
+
+pub(crate) fn maybe_start_lifecycle_cleanup_loop() {
+    let mut started = LIFECYCLE_CLEANUP_LOOP_STARTED
+        .lock()
+        .expect("lifecycle cleanup loop mutex poisoned");
+    if *started {
+        return;
+    }
+    *started = true;
+    drop(started);
+
+    std::thread::spawn(|| {
+        loop {
+            let sleep_for = match load_runtime_config() {
+                Ok(config) => {
+                    if let Err(error) = run_desktop_lifecycle_cleanup_once(&config) {
+                        eprintln!("failed to run desktop lifecycle cleanup: {}", error.message);
+                    }
+                    resolve_desktop_lifecycle_schedule(&config)
+                        .unwrap_or_else(|| Duration::from_secs(60))
+                }
+                Err(error) => {
+                    eprintln!(
+                        "failed to load runtime config for lifecycle cleanup: {}",
+                        error.message
+                    );
+                    Duration::from_secs(60)
+                }
+            };
+            std::thread::sleep(sleep_for);
+        }
+    });
+}
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index 2621dc6d..deb7360e 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -1 +1,4 @@
+pub(crate) mod launch_route;
+pub(crate) mod lifecycle_cleanup;
 pub(crate) mod session_query;
+pub(crate) mod session_summary;
diff --git a/desktop/src-tauri/src/app/session_summary.rs b/desktop/src-tauri/src/app/session_summary.rs
new file mode 100644
index 00000000..5cd1e0c5
--- /dev/null
+++ b/desktop/src-tauri/src/app/session_summary.rs
@@ -0,0 +1,660 @@
+use crate::{DesktopApiResult, desktop_error, enum_label};
+use opensession_api::DesktopSessionSummaryResponse;
+use opensession_git_native::{
+    NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
+    ops::find_repo_root as find_git_repo_root,
+};
+use opensession_local_db::{LocalDb, LocalSessionRow};
+use opensession_runtime_config::{DaemonConfig, SummaryStorageBackend};
+use serde_json::json;
+use std::path::{Path, PathBuf};
+
+fn session_summary_response_from_row(
+    row: opensession_local_db::SessionSemanticSummaryRow,
+) -> DesktopSessionSummaryResponse {
+    DesktopSessionSummaryResponse {
+        session_id: row.session_id,
+        summary: serde_json::from_str(&row.summary_json).ok(),
+        source_details: row
+            .source_details_json
+            .as_deref()
+            .and_then(|raw| serde_json::from_str(raw).ok()),
+        diff_tree: row
+            .diff_tree_json
+            .as_deref()
+            .and_then(|raw| serde_json::from_str(raw).ok())
+            .unwrap_or_default(),
+        source_kind: Some(row.source_kind),
+        generation_kind: Some(row.generation_kind),
+        error: row.error,
+    }
+}
+
+fn session_summary_response_from_hidden_ref(
+    row: SessionSummaryLedgerRecord,
+) -> DesktopSessionSummaryResponse {
+    DesktopSessionSummaryResponse {
+        session_id: row.session_id,
+        summary: Some(row.summary),
+        source_details: match row.source_details {
+            serde_json::Value::Object(ref map) if map.is_empty() => None,
+            value => Some(value),
+        },
+        diff_tree: row.diff_tree,
+        source_kind: Some(row.source_kind),
+        generation_kind: Some(row.generation_kind),
+        error: row.error,
+    }
+}
+
+#[derive(Debug, Clone)]
+struct SummaryStorageRecord {
+    generated_at: String,
+    provider: String,
+    model: Option<String>,
+    source_kind: String,
+    generation_kind: String,
+    prompt_fingerprint: Option<String>,
+    summary: serde_json::Value,
+    source_details: serde_json::Value,
+    diff_tree: Vec<serde_json::Value>,
+    error: Option<String>,
+}
+
+#[derive(Debug, Clone, Default)]
+pub(crate) struct SummaryStorageMigrationStats {
+    pub(crate) scanned_sessions: u32,
+    pub(crate) found_summaries: u32,
+    pub(crate) migrated_summaries: u32,
+    pub(crate) failed_summaries: u32,
+}
+
+fn empty_summary_response(session_id: String) -> DesktopSessionSummaryResponse {
+    DesktopSessionSummaryResponse {
+        session_id,
+        summary: None,
+        source_details: None,
+        diff_tree: Vec::new(),
+        source_kind: None,
+        generation_kind: None,
+        error: None,
+    }
+}
+
+pub(crate) fn load_session_summary_for_runtime(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    session_id: &str,
+) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    match runtime.summary.storage.backend {
+        SummaryStorageBackend::LocalDb => {
+            let summary = db
+                .get_session_semantic_summary(session_id)
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.session_summary_query_failed",
+                        500,
+                        "failed to load session summary",
+                        Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+                    )
+                })?
+                .map(session_summary_response_from_row);
+            Ok(summary.unwrap_or_else(|| empty_summary_response(session_id.to_string())))
+        }
+        SummaryStorageBackend::HiddenRef => {
+            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
+                return Ok(empty_summary_response(session_id.to_string()));
+            };
+            let loaded = NativeGitStorage
+                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.session_summary_query_failed",
+                        500,
+                        "failed to load hidden_ref session summary",
+                        Some(
+                            json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
+                        ),
+                    )
+                })?
+                .map(session_summary_response_from_hidden_ref);
+            Ok(loaded.unwrap_or_else(|| empty_summary_response(session_id.to_string())))
+        }
+        SummaryStorageBackend::None => Ok(empty_summary_response(session_id.to_string())),
+    }
+}
+
+fn resolve_repo_root_from_working_directory(cwd: Option<&str>) -> Option<PathBuf> {
+    cwd.map(str::trim)
+        .filter(|cwd| !cwd.is_empty())
+        .and_then(|cwd| find_git_repo_root(Path::new(cwd)))
+}
+
+fn resolve_repo_root_from_source_path(source_path: Option<&str>) -> Option<PathBuf> {
+    source_path
+        .map(str::trim)
+        .filter(|source_path| !source_path.is_empty())
+        .and_then(|source_path| find_git_repo_root(Path::new(source_path)))
+}
+
+pub(crate) fn resolve_repo_root_from_session_row(row: &LocalSessionRow) -> Option<PathBuf> {
+    resolve_repo_root_from_working_directory(row.working_directory.as_deref())
+        .or_else(|| resolve_repo_root_from_source_path(row.source_path.as_deref()))
+}
+
+pub(crate) fn resolve_summary_repo_root(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<Option<PathBuf>> {
+    let row = db.get_session_by_id(session_id).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_repo_resolve_failed",
+            500,
+            "failed to resolve session repository root",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    if let Some(row) = row {
+        if let Some(repo_root) = resolve_repo_root_from_session_row(&row) {
+            return Ok(Some(repo_root));
+        }
+    }
+    let cwd = std::env::current_dir().ok();
+    Ok(cwd.and_then(|path| find_git_repo_root(&path)))
+}
+
+pub(crate) fn resolve_summary_repo_root_for_migration(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<Option<PathBuf>> {
+    let row = db.get_session_by_id(session_id).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_repo_resolve_failed",
+            500,
+            "failed to resolve session repository root",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    Ok(row.and_then(|row| resolve_repo_root_from_session_row(&row)))
+}
+
+pub(crate) fn has_hidden_ref_summary_for_session(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<bool> {
+    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
+        return Ok(false);
+    };
+    NativeGitStorage
+        .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
+        .map(|record| record.is_some())
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_query_failed",
+                500,
+                "failed to load hidden_ref session summary",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
+                ),
+            )
+        })
+}
+
+fn load_summary_storage_record_from_local_db(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<Option<SummaryStorageRecord>> {
+    let row = db
+        .get_session_semantic_summary(session_id)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_query_failed",
+                500,
+                "failed to load session summary from local_db",
+                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+            )
+        })?;
+    let Some(row) = row else {
+        return Ok(None);
+    };
+
+    let summary = serde_json::from_str::<serde_json::Value>(&row.summary_json).map_err(|error| {
+        desktop_error(
+            "desktop.runtime_settings_storage_migration_decode_failed",
+            500,
+            "failed to decode local_db summary_json during storage migration",
+            Some(
+                json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
+            ),
+        )
+    })?;
+    let source_details = match row.source_details_json.as_deref() {
+        Some(raw) => serde_json::from_str::<serde_json::Value>(raw).map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_decode_failed",
+                500,
+                "failed to decode local_db source_details_json during storage migration",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
+                ),
+            )
+        })?,
+        None => serde_json::Value::Object(Default::default()),
+    };
+    let diff_tree = match row.diff_tree_json.as_deref() {
+        Some(raw) => serde_json::from_str::<Vec<serde_json::Value>>(raw).map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_decode_failed",
+                500,
+                "failed to decode local_db diff_tree_json during storage migration",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
+                ),
+            )
+        })?,
+        None => Vec::new(),
+    };
+
+    Ok(Some(SummaryStorageRecord {
+        generated_at: row.generated_at,
+        provider: row.provider,
+        model: row.model,
+        source_kind: row.source_kind,
+        generation_kind: row.generation_kind,
+        prompt_fingerprint: row.prompt_fingerprint,
+        summary,
+        source_details,
+        diff_tree,
+        error: row.error,
+    }))
+}
+
+fn load_summary_storage_record_from_hidden_ref(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<Option<SummaryStorageRecord>> {
+    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
+        return Ok(None);
+    };
+    let loaded = NativeGitStorage
+        .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_query_failed",
+                500,
+                "failed to load hidden_ref session summary for storage migration",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
+                ),
+            )
+        })?;
+    let Some(row) = loaded else {
+        return Ok(None);
+    };
+    Ok(Some(SummaryStorageRecord {
+        generated_at: row.generated_at,
+        provider: row.provider,
+        model: row.model,
+        source_kind: row.source_kind,
+        generation_kind: row.generation_kind,
+        prompt_fingerprint: row.prompt_fingerprint,
+        summary: row.summary,
+        source_details: row.source_details,
+        diff_tree: row.diff_tree,
+        error: row.error,
+    }))
+}
+
+fn load_summary_storage_record(
+    db: &LocalDb,
+    backend: &SummaryStorageBackend,
+    session_id: &str,
+) -> DesktopApiResult<Option<SummaryStorageRecord>> {
+    match backend {
+        SummaryStorageBackend::LocalDb => load_summary_storage_record_from_local_db(db, session_id),
+        SummaryStorageBackend::HiddenRef => {
+            load_summary_storage_record_from_hidden_ref(db, session_id)
+        }
+        SummaryStorageBackend::None => Ok(None),
+    }
+}
+
+fn persist_summary_storage_record_to_local_db(
+    db: &LocalDb,
+    session_id: &str,
+    record: &SummaryStorageRecord,
+) -> DesktopApiResult<()> {
+    let summary_json = serde_json::to_string(&record.summary).map_err(|error| {
+        desktop_error(
+            "desktop.runtime_settings_storage_migration_encode_failed",
+            500,
+            "failed to encode summary_json for local_db storage migration",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    let source_details_json = match &record.source_details {
+        serde_json::Value::Null => None,
+        serde_json::Value::Object(map) if map.is_empty() => None,
+        value => Some(serde_json::to_string(value).map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_encode_failed",
+                500,
+                "failed to encode source_details_json for local_db storage migration",
+                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+            )
+        })?),
+    };
+    let diff_tree_json = if record.diff_tree.is_empty() {
+        None
+    } else {
+        Some(serde_json::to_string(&record.diff_tree).map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_encode_failed",
+                500,
+                "failed to encode diff_tree_json for local_db storage migration",
+                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+            )
+        })?)
+    };
+
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id,
+        summary_json: &summary_json,
+        generated_at: &record.generated_at,
+        provider: &record.provider,
+        model: record.model.as_deref(),
+        source_kind: &record.source_kind,
+        generation_kind: &record.generation_kind,
+        prompt_fingerprint: record.prompt_fingerprint.as_deref(),
+        source_details_json: source_details_json.as_deref(),
+        diff_tree_json: diff_tree_json.as_deref(),
+        error: record.error.as_deref(),
+    })
+    .map_err(|error| {
+        desktop_error(
+            "desktop.runtime_settings_storage_migration_persist_failed",
+            500,
+            "failed to persist migrated summary to local_db",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    Ok(())
+}
+
+fn persist_summary_storage_record_to_hidden_ref(
+    db: &LocalDb,
+    session_id: &str,
+    record: &SummaryStorageRecord,
+) -> DesktopApiResult<()> {
+    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
+        return Err(desktop_error(
+            "desktop.runtime_settings_storage_migration_repo_required",
+            422,
+            "cannot migrate summary to hidden_ref without a git repository for the session",
+            Some(json!({ "session_id": session_id })),
+        ));
+    };
+    let payload = SessionSummaryLedgerRecord {
+        session_id: session_id.to_string(),
+        generated_at: record.generated_at.clone(),
+        provider: record.provider.clone(),
+        model: record.model.clone(),
+        source_kind: record.source_kind.clone(),
+        generation_kind: record.generation_kind.clone(),
+        prompt_fingerprint: record.prompt_fingerprint.clone(),
+        summary: record.summary.clone(),
+        source_details: record.source_details.clone(),
+        diff_tree: record.diff_tree.clone(),
+        error: record.error.clone(),
+    };
+    NativeGitStorage
+        .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &payload)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_persist_failed",
+                500,
+                "failed to persist migrated summary to hidden_ref",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
+                ),
+            )
+        })?;
+    Ok(())
+}
+
+fn persist_summary_storage_record(
+    db: &LocalDb,
+    backend: &SummaryStorageBackend,
+    session_id: &str,
+    record: &SummaryStorageRecord,
+) -> DesktopApiResult<()> {
+    match backend {
+        SummaryStorageBackend::LocalDb => {
+            persist_summary_storage_record_to_local_db(db, session_id, record)
+        }
+        SummaryStorageBackend::HiddenRef => {
+            persist_summary_storage_record_to_hidden_ref(db, session_id, record)
+        }
+        SummaryStorageBackend::None => Ok(()),
+    }
+}
+
+fn summary_storage_migration_session_ids(
+    db: &LocalDb,
+    from_backend: &SummaryStorageBackend,
+) -> DesktopApiResult<Vec<String>> {
+    match from_backend {
+        SummaryStorageBackend::LocalDb => db.list_session_semantic_summary_ids().map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_source_query_failed",
+                500,
+                "failed to list local_db summary session ids for migration",
+                Some(json!({ "cause": error.to_string(), "backend": "local_db" })),
+            )
+        }),
+        SummaryStorageBackend::HiddenRef => db.list_all_session_ids().map_err(|error| {
+            desktop_error(
+                "desktop.runtime_settings_storage_migration_source_query_failed",
+                500,
+                "failed to list sessions for hidden_ref migration",
+                Some(json!({ "cause": error.to_string(), "backend": "hidden_ref" })),
+            )
+        }),
+        SummaryStorageBackend::None => Ok(Vec::new()),
+    }
+}
+
+pub(crate) fn migrate_summary_storage_backend(
+    db: &LocalDb,
+    from_backend: &SummaryStorageBackend,
+    to_backend: &SummaryStorageBackend,
+) -> DesktopApiResult<SummaryStorageMigrationStats> {
+    if from_backend == to_backend
+        || matches!(from_backend, SummaryStorageBackend::None)
+        || matches!(to_backend, SummaryStorageBackend::None)
+    {
+        return Ok(SummaryStorageMigrationStats::default());
+    }
+
+    let session_ids = summary_storage_migration_session_ids(db, from_backend)?;
+    let mut stats = SummaryStorageMigrationStats {
+        scanned_sessions: session_ids.len() as u32,
+        ..SummaryStorageMigrationStats::default()
+    };
+    let mut failure_messages: Vec<String> = Vec::new();
+
+    for session_id in session_ids {
+        let Some(record) = load_summary_storage_record(db, from_backend, &session_id)? else {
+            continue;
+        };
+        stats.found_summaries = stats.found_summaries.saturating_add(1);
+
+        if let Err(error) = persist_summary_storage_record(db, to_backend, &session_id, &record) {
+            stats.failed_summaries = stats.failed_summaries.saturating_add(1);
+            failure_messages.push(format!("{}: {}", session_id, error.message));
+            continue;
+        }
+        stats.migrated_summaries = stats.migrated_summaries.saturating_add(1);
+    }
+
+    if stats.failed_summaries > 0 {
+        let mut details = json!({
+            "from_backend": enum_label(from_backend),
+            "to_backend": enum_label(to_backend),
+            "scanned_sessions": stats.scanned_sessions,
+            "found_summaries": stats.found_summaries,
+            "migrated_summaries": stats.migrated_summaries,
+            "failed_summaries": stats.failed_summaries,
+        });
+        if let Some(object) = details.as_object_mut() {
+            object.insert(
+                "failures".to_string(),
+                serde_json::Value::Array(
+                    failure_messages
+                        .into_iter()
+                        .take(10)
+                        .map(serde_json::Value::String)
+                        .collect(),
+                ),
+            );
+        }
+        return Err(desktop_error(
+            "desktop.runtime_settings_storage_migration_failed",
+            422,
+            "failed to migrate existing summaries to the selected storage backend",
+            Some(details),
+        ));
+    }
+
+    Ok(stats)
+}
+
+pub(crate) fn persist_summary_to_local_db(
+    db: &LocalDb,
+    session_id: &str,
+    artifact: &opensession_summary::SemanticSummaryArtifact,
+) -> DesktopApiResult<()> {
+    let summary_json = serde_json::to_string(&artifact.summary).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_serialize_failed",
+            500,
+            "failed to serialize generated summary",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let source_details_json = if artifact.source_details.is_empty() {
+        None
+    } else {
+        Some(
+            serde_json::to_string(&artifact.source_details).map_err(|error| {
+                desktop_error(
+                    "desktop.session_summary_serialize_failed",
+                    500,
+                    "failed to serialize source details",
+                    Some(json!({ "cause": error.to_string() })),
+                )
+            })?,
+        )
+    };
+    let diff_tree_json = if artifact.diff_tree.is_empty() {
+        None
+    } else {
+        Some(serde_json::to_string(&artifact.diff_tree).map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_serialize_failed",
+                500,
+                "failed to serialize diff tree",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?)
+    };
+    let provider = enum_label(&artifact.provider);
+    let source_kind = enum_label(&artifact.source_kind);
+    let generation_kind = enum_label(&artifact.generation_kind);
+    let model = (!artifact.model.trim().is_empty()).then_some(artifact.model.as_str());
+    let prompt_fingerprint = (!artifact.prompt_fingerprint.trim().is_empty())
+        .then_some(artifact.prompt_fingerprint.as_str());
+
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id,
+        summary_json: &summary_json,
+        generated_at: &chrono::Utc::now().to_rfc3339(),
+        provider: &provider,
+        model,
+        source_kind: &source_kind,
+        generation_kind: &generation_kind,
+        prompt_fingerprint,
+        source_details_json: source_details_json.as_deref(),
+        diff_tree_json: diff_tree_json.as_deref(),
+        error: artifact.error.as_deref(),
+    })
+    .map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_persist_failed",
+            500,
+            "failed to persist generated session summary",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    Ok(())
+}
+
+pub(crate) fn persist_summary_to_hidden_ref(
+    repo_root: &Path,
+    session_id: &str,
+    artifact: &opensession_summary::SemanticSummaryArtifact,
+) -> DesktopApiResult<()> {
+    let summary = serde_json::to_value(&artifact.summary).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_serialize_failed",
+            500,
+            "failed to serialize generated summary for hidden-ref storage",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let source_details = serde_json::to_value(&artifact.source_details).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_serialize_failed",
+            500,
+            "failed to serialize source details for hidden-ref storage",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let diff_tree_value = serde_json::to_value(&artifact.diff_tree).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_serialize_failed",
+            500,
+            "failed to serialize diff tree for hidden-ref storage",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let diff_tree = diff_tree_value.as_array().cloned().unwrap_or_default();
+    let record = SessionSummaryLedgerRecord {
+        session_id: session_id.to_string(),
+        generated_at: chrono::Utc::now().to_rfc3339(),
+        provider: enum_label(&artifact.provider),
+        model: (!artifact.model.trim().is_empty()).then_some(artifact.model.clone()),
+        source_kind: enum_label(&artifact.source_kind),
+        generation_kind: enum_label(&artifact.generation_kind),
+        prompt_fingerprint: (!artifact.prompt_fingerprint.trim().is_empty())
+            .then_some(artifact.prompt_fingerprint.clone()),
+        summary,
+        source_details,
+        diff_tree,
+        error: artifact.error.clone(),
+    };
+
+    NativeGitStorage
+        .store_summary_at_ref(repo_root, SUMMARY_LEDGER_REF, &record)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_persist_failed",
+                500,
+                "failed to persist generated summary to hidden_ref",
+                Some(
+                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
+                ),
+            )
+        })?;
+    Ok(())
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 20a02711..58bf3894 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -2,7 +2,19 @@
 
 mod app;
 
+use app::launch_route::desktop_take_launch_route;
+use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
 use app::session_query::{SearchMode, build_local_filter_with_mode};
+use app::session_summary::{
+    has_hidden_ref_summary_for_session, load_session_summary_for_runtime,
+    migrate_summary_storage_backend, persist_summary_to_hidden_ref,
+    persist_summary_to_local_db, resolve_summary_repo_root,
+};
+#[cfg(test)]
+use app::{
+    launch_route::normalize_launch_route,
+    lifecycle_cleanup::run_desktop_lifecycle_cleanup_once_with_db,
+};
 use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
 use opensession_api::{
     CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
@@ -38,8 +50,7 @@ use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::source_uri::SourceUri;
 use opensession_core::trace::{ContentBlock, EventType, Session as HailSession};
 use opensession_git_native::{
-    NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, extract_git_context,
-    ops::find_repo_root as find_git_repo_root,
+    extract_git_context, ops::find_repo_root as find_git_repo_root,
 };
 use opensession_local_db::{
     LifecycleCleanupJobRow, LocalDb, LocalSessionFilter, LocalSessionLink, LocalSessionRow,
@@ -49,9 +60,8 @@ use opensession_parsers::{
     discover::discover_for_tool, ingest::preview_parse_bytes, parse_with_default_parsers,
 };
 use opensession_runtime_config::{
-    ChangeReaderScope, ChangeReaderVoiceProvider, DaemonConfig, GitStorageMethod,
-    LifecycleSettings, SessionDefaultView,
-    SummaryBatchExecutionMode as RuntimeSummaryBatchExecutionMode,
+    ChangeReaderScope, ChangeReaderVoiceProvider, DaemonConfig, LifecycleSettings,
+    SessionDefaultView, SummaryBatchExecutionMode as RuntimeSummaryBatchExecutionMode,
     SummaryBatchScope as RuntimeSummaryBatchScope, SummaryOutputShape, SummaryProvider,
     SummaryResponseStyle, SummarySourceMode, SummaryStorageBackend, SummaryTriggerMode,
     VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
@@ -69,7 +79,7 @@ use std::process::Command;
 use std::sync::{LazyLock, Mutex};
 use std::time::Duration;
 
-type DesktopApiResult<T> = Result<T, DesktopApiError>;
+pub(crate) type DesktopApiResult<T> = Result<T, DesktopApiError>;
 
 const HANDOFF_RECORD_VERSION: &str = "v1";
 const HANDOFF_LATEST_PIN_ALIAS: &str = "latest";
@@ -131,7 +141,7 @@ struct DesktopHandoffSummaryMeta {
     summary_provider: String,
 }
 
-fn desktop_error(
+pub(crate) fn desktop_error(
     code: &str,
     status: u16,
     message: impl Into<String>,
@@ -145,7 +155,7 @@ fn desktop_error(
     }
 }
 
-fn enum_label<T: serde::Serialize>(value: &T) -> String {
+pub(crate) fn enum_label<T: serde::Serialize>(value: &T) -> String {
     serde_json::to_string(value)
         .ok()
         .map(|raw| raw.trim_matches('"').to_string())
@@ -153,37 +163,6 @@ fn enum_label<T: serde::Serialize>(value: &T) -> String {
         .unwrap_or_else(|| "unknown".to_string())
 }
 
-fn desktop_launch_route_path() -> DesktopApiResult<PathBuf> {
-    let store_root = global_store_root().map_err(|error| {
-        desktop_error(
-            "desktop.launch_route_root_unavailable",
-            500,
-            "failed to resolve OpenSession home directory",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let opensession_root = store_root.parent().ok_or_else(|| {
-        desktop_error(
-            "desktop.launch_route_root_invalid",
-            500,
-            "invalid OpenSession global store path",
-            Some(json!({ "store_root": store_root.to_string_lossy() })),
-        )
-    })?;
-    Ok(opensession_root.join("desktop").join("launch-route"))
-}
-
-fn normalize_launch_route(raw: &str) -> Option<String> {
-    let trimmed = raw.trim();
-    if trimmed.is_empty() || !trimmed.starts_with('/') || trimmed.starts_with("//") {
-        return None;
-    }
-    if trimmed.chars().any(|ch| ch.is_control()) {
-        return None;
-    }
-    Some(trimmed.to_string())
-}
-
 fn normalize_non_empty(value: Option<String>) -> Option<String> {
     value
         .map(|raw| raw.trim().to_string())
@@ -1620,25 +1599,6 @@ struct SummaryBatchSelection {
     already_summarized_sessions: u32,
 }
 
-fn has_hidden_ref_summary_for_session(db: &LocalDb, session_id: &str) -> DesktopApiResult<bool> {
-    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
-        return Ok(false);
-    };
-    NativeGitStorage
-        .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
-        .map(|record| record.is_some())
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_query_failed",
-                500,
-                "failed to load hidden_ref session summary",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
-                ),
-            )
-        })
-}
-
 fn summary_batch_session_ids_for_scope(
     db: &LocalDb,
     scope: &RuntimeSummaryBatchScope,
@@ -3039,737 +2999,128 @@ fn desktop_search_sessions_vector(
     search_sessions_vector_internal(&db, &runtime, &query, cursor, limit, None)
 }
 
-fn session_summary_response_from_row(
-    row: opensession_local_db::SessionSemanticSummaryRow,
-) -> DesktopSessionSummaryResponse {
-    DesktopSessionSummaryResponse {
-        session_id: row.session_id,
-        summary: serde_json::from_str(&row.summary_json).ok(),
-        source_details: row
-            .source_details_json
-            .as_deref()
-            .and_then(|raw| serde_json::from_str(raw).ok()),
-        diff_tree: row
-            .diff_tree_json
-            .as_deref()
-            .and_then(|raw| serde_json::from_str(raw).ok())
-            .unwrap_or_default(),
-        source_kind: Some(row.source_kind),
-        generation_kind: Some(row.generation_kind),
-        error: row.error,
-    }
-}
-
-fn session_summary_response_from_hidden_ref(
-    row: SessionSummaryLedgerRecord,
-) -> DesktopSessionSummaryResponse {
-    DesktopSessionSummaryResponse {
-        session_id: row.session_id,
-        summary: Some(row.summary),
-        source_details: match row.source_details {
-            serde_json::Value::Object(ref map) if map.is_empty() => None,
-            value => Some(value),
-        },
-        diff_tree: row.diff_tree,
-        source_kind: Some(row.source_kind),
-        generation_kind: Some(row.generation_kind),
-        error: row.error,
-    }
-}
-
-#[derive(Debug, Clone)]
-struct SummaryStorageRecord {
-    generated_at: String,
-    provider: String,
-    model: Option<String>,
-    source_kind: String,
-    generation_kind: String,
-    prompt_fingerprint: Option<String>,
-    summary: serde_json::Value,
-    source_details: serde_json::Value,
-    diff_tree: Vec<serde_json::Value>,
-    error: Option<String>,
-}
-
-#[derive(Debug, Clone, Default)]
-struct SummaryStorageMigrationStats {
-    scanned_sessions: u32,
-    found_summaries: u32,
-    migrated_summaries: u32,
-    failed_summaries: u32,
-}
-
-fn empty_summary_response(session_id: String) -> DesktopSessionSummaryResponse {
-    DesktopSessionSummaryResponse {
-        session_id,
-        summary: None,
-        source_details: None,
-        diff_tree: Vec::new(),
-        source_kind: None,
-        generation_kind: None,
-        error: None,
-    }
+#[tauri::command]
+fn desktop_get_session_summary(id: String) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    let db = open_local_db()?;
+    let runtime = load_runtime_config()?;
+    load_session_summary_for_runtime(&db, &runtime, &id)
 }
 
-fn load_session_summary_for_runtime(
-    db: &LocalDb,
+fn build_git_summary_request_for_session(
+    session: &HailSession,
     runtime: &DaemonConfig,
-    session_id: &str,
-) -> DesktopApiResult<DesktopSessionSummaryResponse> {
-    match runtime.summary.storage.backend {
-        SummaryStorageBackend::LocalDb => {
-            let summary = db
-                .get_session_semantic_summary(session_id)
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.session_summary_query_failed",
-                        500,
-                        "failed to load session summary",
-                        Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-                    )
-                })?
-                .map(session_summary_response_from_row);
-            Ok(summary.unwrap_or_else(|| empty_summary_response(session_id.to_string())))
-        }
-        SummaryStorageBackend::HiddenRef => {
-            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
-                return Ok(empty_summary_response(session_id.to_string()));
-            };
-            let loaded = NativeGitStorage
-                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.session_summary_query_failed",
-                        500,
-                        "failed to load hidden_ref session summary",
-                        Some(
-                            json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
-                        ),
-                    )
-                })?
-                .map(session_summary_response_from_hidden_ref);
-            Ok(loaded.unwrap_or_else(|| empty_summary_response(session_id.to_string())))
-        }
-        SummaryStorageBackend::None => Ok(empty_summary_response(session_id.to_string())),
-    }
-}
-
-fn resolve_repo_root_from_working_directory(cwd: Option<&str>) -> Option<PathBuf> {
-    cwd.map(str::trim)
-        .filter(|cwd| !cwd.is_empty())
-        .and_then(|cwd| find_git_repo_root(Path::new(cwd)))
-}
-
-fn resolve_repo_root_from_source_path(source_path: Option<&str>) -> Option<PathBuf> {
-    source_path
-        .map(str::trim)
-        .filter(|source_path| !source_path.is_empty())
-        .and_then(|source_path| find_git_repo_root(Path::new(source_path)))
-}
-
-fn resolve_repo_root_from_session_row(row: &LocalSessionRow) -> Option<PathBuf> {
-    resolve_repo_root_from_working_directory(row.working_directory.as_deref())
-        .or_else(|| resolve_repo_root_from_source_path(row.source_path.as_deref()))
-}
-
-fn resolve_summary_repo_root(db: &LocalDb, session_id: &str) -> DesktopApiResult<Option<PathBuf>> {
-    let row = db.get_session_by_id(session_id).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_repo_resolve_failed",
-            500,
-            "failed to resolve session repository root",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    if let Some(row) = row {
-        if let Some(repo_root) = resolve_repo_root_from_session_row(&row) {
-            return Ok(Some(repo_root));
-        }
+) -> Option<GitSummaryRequest> {
+    if !runtime.summary.allows_git_changes_fallback() {
+        return None;
     }
-    let cwd = std::env::current_dir().ok();
-    Ok(cwd.and_then(|path| find_git_repo_root(&path)))
+    working_directory(session)
+        .and_then(|cwd| find_git_repo_root(Path::new(cwd)).map(|repo_root| (cwd, repo_root)))
+        .map(|(cwd, repo_root)| GitSummaryRequest {
+            repo_root,
+            commit: extract_git_context(cwd).commit,
+        })
 }
 
-fn resolve_summary_repo_root_for_migration(
+async fn generate_session_summary_artifact_for_id(
     db: &LocalDb,
+    runtime: &DaemonConfig,
     session_id: &str,
-) -> DesktopApiResult<Option<PathBuf>> {
-    let row = db.get_session_by_id(session_id).map_err(|error| {
+) -> DesktopApiResult<opensession_summary::SemanticSummaryArtifact> {
+    let normalized_session = load_normalized_session_body(db, session_id)?;
+    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
         desktop_error(
-            "desktop.session_summary_repo_resolve_failed",
-            500,
-            "failed to resolve session repository root",
+            "desktop.session_summary_parse_failed",
+            422,
+            "failed to decode session body for summary regeneration",
             Some(json!({ "cause": error.to_string(), "session_id": session_id })),
         )
     })?;
-    Ok(row.and_then(|row| resolve_repo_root_from_session_row(&row)))
-}
-
-fn load_summary_storage_record_from_local_db(
-    db: &LocalDb,
-    session_id: &str,
-) -> DesktopApiResult<Option<SummaryStorageRecord>> {
-    let row = db
-        .get_session_semantic_summary(session_id)
+    let git_request = build_git_summary_request_for_session(&session, runtime);
+    summarize_session(&session, &runtime.summary, git_request.as_ref())
+        .await
         .map_err(|error| {
             desktop_error(
-                "desktop.session_summary_query_failed",
+                "desktop.session_summary_generate_failed",
                 500,
-                "failed to load session summary from local_db",
+                "failed to generate semantic summary",
                 Some(json!({ "cause": error.to_string(), "session_id": session_id })),
             )
-        })?;
-    let Some(row) = row else {
-        return Ok(None);
-    };
-
-    let summary = serde_json::from_str::<serde_json::Value>(&row.summary_json).map_err(|error| {
-        desktop_error(
-            "desktop.runtime_settings_storage_migration_decode_failed",
-            500,
-            "failed to decode local_db summary_json during storage migration",
-            Some(
-                json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
-            ),
-        )
-    })?;
-    let source_details = match row.source_details_json.as_deref() {
-        Some(raw) => serde_json::from_str::<serde_json::Value>(raw).map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_decode_failed",
-                500,
-                "failed to decode local_db source_details_json during storage migration",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
-                ),
-            )
-        })?,
-        None => serde_json::Value::Object(Default::default()),
-    };
-    let diff_tree = match row.diff_tree_json.as_deref() {
-        Some(raw) => serde_json::from_str::<Vec<serde_json::Value>>(raw).map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_decode_failed",
-                500,
-                "failed to decode local_db diff_tree_json during storage migration",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "backend": "local_db" }),
-                ),
-            )
-        })?,
-        None => Vec::new(),
-    };
+        })
+}
 
-    Ok(Some(SummaryStorageRecord {
-        generated_at: row.generated_at,
-        provider: row.provider,
-        model: row.model,
-        source_kind: row.source_kind,
-        generation_kind: row.generation_kind,
-        prompt_fingerprint: row.prompt_fingerprint,
-        summary,
-        source_details,
-        diff_tree,
-        error: row.error,
-    }))
-}
-
-fn load_summary_storage_record_from_hidden_ref(
-    db: &LocalDb,
-    session_id: &str,
-) -> DesktopApiResult<Option<SummaryStorageRecord>> {
-    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
-        return Ok(None);
-    };
-    let loaded = NativeGitStorage
-        .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_query_failed",
-                500,
-                "failed to load hidden_ref session summary for storage migration",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
-                ),
-            )
-        })?;
-    let Some(row) = loaded else {
-        return Ok(None);
-    };
-    Ok(Some(SummaryStorageRecord {
-        generated_at: row.generated_at,
-        provider: row.provider,
-        model: row.model,
-        source_kind: row.source_kind,
-        generation_kind: row.generation_kind,
-        prompt_fingerprint: row.prompt_fingerprint,
-        summary: row.summary,
-        source_details: row.source_details,
-        diff_tree: row.diff_tree,
-        error: row.error,
-    }))
-}
-
-fn load_summary_storage_record(
+fn persist_summary_for_runtime(
     db: &LocalDb,
-    backend: &SummaryStorageBackend,
+    runtime: &DaemonConfig,
     session_id: &str,
-) -> DesktopApiResult<Option<SummaryStorageRecord>> {
-    match backend {
-        SummaryStorageBackend::LocalDb => load_summary_storage_record_from_local_db(db, session_id),
+    artifact: &opensession_summary::SemanticSummaryArtifact,
+) -> DesktopApiResult<()> {
+    match runtime.summary.storage.backend {
+        SummaryStorageBackend::LocalDb => persist_summary_to_local_db(db, session_id, artifact),
         SummaryStorageBackend::HiddenRef => {
-            load_summary_storage_record_from_hidden_ref(db, session_id)
+            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
+                return Err(summary_repo_required_error(session_id));
+            };
+            persist_summary_to_hidden_ref(&repo_root, session_id, artifact)
         }
-        SummaryStorageBackend::None => Ok(None),
+        SummaryStorageBackend::None => Ok(()),
     }
 }
 
-fn persist_summary_storage_record_to_local_db(
-    db: &LocalDb,
-    session_id: &str,
-    record: &SummaryStorageRecord,
-) -> DesktopApiResult<()> {
-    let summary_json = serde_json::to_string(&record.summary).map_err(|error| {
-        desktop_error(
-            "desktop.runtime_settings_storage_migration_encode_failed",
-            500,
-            "failed to encode summary_json for local_db storage migration",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    let source_details_json = match &record.source_details {
-        serde_json::Value::Null => None,
-        serde_json::Value::Object(map) if map.is_empty() => None,
-        value => Some(serde_json::to_string(value).map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_encode_failed",
-                500,
-                "failed to encode source_details_json for local_db storage migration",
-                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-            )
-        })?),
-    };
-    let diff_tree_json = if record.diff_tree.is_empty() {
-        None
-    } else {
-        Some(serde_json::to_string(&record.diff_tree).map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_encode_failed",
-                500,
-                "failed to encode diff_tree_json for local_db storage migration",
-                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-            )
-        })?)
-    };
-
-    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-        session_id,
-        summary_json: &summary_json,
-        generated_at: &record.generated_at,
-        provider: &record.provider,
-        model: record.model.as_deref(),
-        source_kind: &record.source_kind,
-        generation_kind: &record.generation_kind,
-        prompt_fingerprint: record.prompt_fingerprint.as_deref(),
-        source_details_json: source_details_json.as_deref(),
-        diff_tree_json: diff_tree_json.as_deref(),
-        error: record.error.as_deref(),
-    })
-    .map_err(|error| {
-        desktop_error(
-            "desktop.runtime_settings_storage_migration_persist_failed",
-            500,
-            "failed to persist migrated summary to local_db",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    Ok(())
+fn summary_repo_required_error(session_id: &str) -> DesktopApiError {
+    desktop_error(
+        "desktop.session_summary_repo_required",
+        422,
+        "hidden_ref summary backend requires a git repository",
+        Some(json!({ "session_id": session_id })),
+    )
 }
 
-fn persist_summary_storage_record_to_hidden_ref(
-    db: &LocalDb,
+fn summary_response_from_artifact(
     session_id: &str,
-    record: &SummaryStorageRecord,
-) -> DesktopApiResult<()> {
-    let Some(repo_root) = resolve_summary_repo_root_for_migration(db, session_id)? else {
-        return Err(desktop_error(
-            "desktop.runtime_settings_storage_migration_repo_required",
-            422,
-            "cannot migrate summary to hidden_ref without a git repository for the session",
-            Some(json!({ "session_id": session_id })),
-        ));
-    };
-    let payload = SessionSummaryLedgerRecord {
+    artifact: &opensession_summary::SemanticSummaryArtifact,
+) -> DesktopSessionSummaryResponse {
+    DesktopSessionSummaryResponse {
         session_id: session_id.to_string(),
-        generated_at: record.generated_at.clone(),
-        provider: record.provider.clone(),
-        model: record.model.clone(),
-        source_kind: record.source_kind.clone(),
-        generation_kind: record.generation_kind.clone(),
-        prompt_fingerprint: record.prompt_fingerprint.clone(),
-        summary: record.summary.clone(),
-        source_details: record.source_details.clone(),
-        diff_tree: record.diff_tree.clone(),
-        error: record.error.clone(),
-    };
-    NativeGitStorage
-        .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &payload)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_persist_failed",
-                500,
-                "failed to persist migrated summary to hidden_ref",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
-                ),
-            )
-        })?;
-    Ok(())
-}
-
-fn persist_summary_storage_record(
-    db: &LocalDb,
-    backend: &SummaryStorageBackend,
-    session_id: &str,
-    record: &SummaryStorageRecord,
-) -> DesktopApiResult<()> {
-    match backend {
-        SummaryStorageBackend::LocalDb => {
-            persist_summary_storage_record_to_local_db(db, session_id, record)
-        }
-        SummaryStorageBackend::HiddenRef => {
-            persist_summary_storage_record_to_hidden_ref(db, session_id, record)
-        }
-        SummaryStorageBackend::None => Ok(()),
+        summary: serde_json::to_value(&artifact.summary).ok(),
+        source_details: if artifact.source_details.is_empty() {
+            None
+        } else {
+            serde_json::to_value(&artifact.source_details).ok()
+        },
+        diff_tree: serde_json::to_value(&artifact.diff_tree)
+            .ok()
+            .and_then(|value| value.as_array().cloned())
+            .unwrap_or_default(),
+        source_kind: Some(enum_label(&artifact.source_kind)),
+        generation_kind: Some(enum_label(&artifact.generation_kind)),
+        error: artifact.error.clone(),
     }
 }
 
-fn summary_storage_migration_session_ids(
+fn summary_response_after_persist(
     db: &LocalDb,
-    from_backend: &SummaryStorageBackend,
-) -> DesktopApiResult<Vec<String>> {
-    match from_backend {
-        SummaryStorageBackend::LocalDb => db.list_session_semantic_summary_ids().map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_source_query_failed",
-                500,
-                "failed to list local_db summary session ids for migration",
-                Some(json!({ "cause": error.to_string(), "backend": "local_db" })),
-            )
-        }),
-        SummaryStorageBackend::HiddenRef => db.list_all_session_ids().map_err(|error| {
-            desktop_error(
-                "desktop.runtime_settings_storage_migration_source_query_failed",
-                500,
-                "failed to list sessions for hidden_ref migration",
-                Some(json!({ "cause": error.to_string(), "backend": "hidden_ref" })),
-            )
-        }),
-        SummaryStorageBackend::None => Ok(Vec::new()),
+    runtime: &DaemonConfig,
+    session_id: &str,
+    artifact: &opensession_summary::SemanticSummaryArtifact,
+) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    if matches!(runtime.summary.storage.backend, SummaryStorageBackend::None) {
+        return Ok(summary_response_from_artifact(session_id, artifact));
     }
+    load_session_summary_for_runtime(db, runtime, session_id)
 }
 
-fn migrate_summary_storage_backend(
-    db: &LocalDb,
-    from_backend: &SummaryStorageBackend,
-    to_backend: &SummaryStorageBackend,
-) -> DesktopApiResult<SummaryStorageMigrationStats> {
-    if from_backend == to_backend
-        || matches!(from_backend, SummaryStorageBackend::None)
-        || matches!(to_backend, SummaryStorageBackend::None)
+fn run_summary_batch_for_runtime(
+    runtime: DaemonConfig,
+) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
+    let db = open_local_db()?;
     {
-        return Ok(SummaryStorageMigrationStats::default());
-    }
-
-    let session_ids = summary_storage_migration_session_ids(db, from_backend)?;
-    let mut stats = SummaryStorageMigrationStats {
-        scanned_sessions: session_ids.len() as u32,
-        ..SummaryStorageMigrationStats::default()
-    };
-    let mut failure_messages: Vec<String> = Vec::new();
-
-    for session_id in session_ids {
-        let Some(record) = load_summary_storage_record(db, from_backend, &session_id)? else {
-            continue;
-        };
-        stats.found_summaries = stats.found_summaries.saturating_add(1);
-
-        if let Err(error) = persist_summary_storage_record(db, to_backend, &session_id, &record) {
-            stats.failed_summaries = stats.failed_summaries.saturating_add(1);
-            failure_messages.push(format!("{}: {}", session_id, error.message));
-            continue;
-        }
-        stats.migrated_summaries = stats.migrated_summaries.saturating_add(1);
-    }
-
-    if stats.failed_summaries > 0 {
-        let mut details = json!({
-            "from_backend": enum_label(from_backend),
-            "to_backend": enum_label(to_backend),
-            "scanned_sessions": stats.scanned_sessions,
-            "found_summaries": stats.found_summaries,
-            "migrated_summaries": stats.migrated_summaries,
-            "failed_summaries": stats.failed_summaries,
-        });
-        if let Some(object) = details.as_object_mut() {
-            object.insert(
-                "failures".to_string(),
-                serde_json::Value::Array(
-                    failure_messages
-                        .into_iter()
-                        .take(10)
-                        .map(serde_json::Value::String)
-                        .collect(),
-                ),
-            );
-        }
-        return Err(desktop_error(
-            "desktop.runtime_settings_storage_migration_failed",
-            422,
-            "failed to migrate existing summaries to the selected storage backend",
-            Some(details),
-        ));
-    }
-
-    Ok(stats)
-}
-
-fn persist_summary_to_local_db(
-    db: &LocalDb,
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopApiResult<()> {
-    let summary_json = serde_json::to_string(&artifact.summary).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_serialize_failed",
-            500,
-            "failed to serialize generated summary",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let source_details_json = if artifact.source_details.is_empty() {
-        None
-    } else {
-        Some(
-            serde_json::to_string(&artifact.source_details).map_err(|error| {
-                desktop_error(
-                    "desktop.session_summary_serialize_failed",
-                    500,
-                    "failed to serialize source details",
-                    Some(json!({ "cause": error.to_string() })),
-                )
-            })?,
-        )
-    };
-    let diff_tree_json = if artifact.diff_tree.is_empty() {
-        None
-    } else {
-        Some(serde_json::to_string(&artifact.diff_tree).map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_serialize_failed",
-                500,
-                "failed to serialize diff tree",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?)
-    };
-    let provider = enum_label(&artifact.provider);
-    let source_kind = enum_label(&artifact.source_kind);
-    let generation_kind = enum_label(&artifact.generation_kind);
-    let model = (!artifact.model.trim().is_empty()).then_some(artifact.model.as_str());
-    let prompt_fingerprint = (!artifact.prompt_fingerprint.trim().is_empty())
-        .then_some(artifact.prompt_fingerprint.as_str());
-
-    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-        session_id,
-        summary_json: &summary_json,
-        generated_at: &chrono::Utc::now().to_rfc3339(),
-        provider: &provider,
-        model,
-        source_kind: &source_kind,
-        generation_kind: &generation_kind,
-        prompt_fingerprint,
-        source_details_json: source_details_json.as_deref(),
-        diff_tree_json: diff_tree_json.as_deref(),
-        error: artifact.error.as_deref(),
-    })
-    .map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_persist_failed",
-            500,
-            "failed to persist generated session summary",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    Ok(())
-}
-
-fn persist_summary_to_hidden_ref(
-    repo_root: &Path,
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopApiResult<()> {
-    let summary = serde_json::to_value(&artifact.summary).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_serialize_failed",
-            500,
-            "failed to serialize generated summary for hidden-ref storage",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let source_details = serde_json::to_value(&artifact.source_details).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_serialize_failed",
-            500,
-            "failed to serialize source details for hidden-ref storage",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let diff_tree_value = serde_json::to_value(&artifact.diff_tree).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_serialize_failed",
-            500,
-            "failed to serialize diff tree for hidden-ref storage",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let diff_tree = diff_tree_value.as_array().cloned().unwrap_or_default();
-    let record = SessionSummaryLedgerRecord {
-        session_id: session_id.to_string(),
-        generated_at: chrono::Utc::now().to_rfc3339(),
-        provider: enum_label(&artifact.provider),
-        model: (!artifact.model.trim().is_empty()).then_some(artifact.model.clone()),
-        source_kind: enum_label(&artifact.source_kind),
-        generation_kind: enum_label(&artifact.generation_kind),
-        prompt_fingerprint: (!artifact.prompt_fingerprint.trim().is_empty())
-            .then_some(artifact.prompt_fingerprint.clone()),
-        summary,
-        source_details,
-        diff_tree,
-        error: artifact.error.clone(),
-    };
-
-    NativeGitStorage
-        .store_summary_at_ref(repo_root, SUMMARY_LEDGER_REF, &record)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_persist_failed",
-                500,
-                "failed to persist generated summary to hidden_ref",
-                Some(
-                    json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
-                ),
-            )
-        })?;
-    Ok(())
-}
-
-#[tauri::command]
-fn desktop_get_session_summary(id: String) -> DesktopApiResult<DesktopSessionSummaryResponse> {
-    let db = open_local_db()?;
-    let runtime = load_runtime_config()?;
-    load_session_summary_for_runtime(&db, &runtime, &id)
-}
-
-fn build_git_summary_request_for_session(
-    session: &HailSession,
-    runtime: &DaemonConfig,
-) -> Option<GitSummaryRequest> {
-    if !runtime.summary.allows_git_changes_fallback() {
-        return None;
-    }
-    working_directory(session)
-        .and_then(|cwd| find_git_repo_root(Path::new(cwd)).map(|repo_root| (cwd, repo_root)))
-        .map(|(cwd, repo_root)| GitSummaryRequest {
-            repo_root,
-            commit: extract_git_context(cwd).commit,
-        })
-}
-
-async fn generate_session_summary_artifact_for_id(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-) -> DesktopApiResult<opensession_summary::SemanticSummaryArtifact> {
-    let normalized_session = load_normalized_session_body(db, session_id)?;
-    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_parse_failed",
-            422,
-            "failed to decode session body for summary regeneration",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    let git_request = build_git_summary_request_for_session(&session, runtime);
-    summarize_session(&session, &runtime.summary, git_request.as_ref())
-        .await
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_generate_failed",
-                500,
-                "failed to generate semantic summary",
-                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-            )
-        })
-}
-
-fn persist_summary_for_runtime(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopApiResult<()> {
-    match runtime.summary.storage.backend {
-        SummaryStorageBackend::LocalDb => persist_summary_to_local_db(db, session_id, artifact),
-        SummaryStorageBackend::HiddenRef => {
-            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
-                return Err(desktop_error(
-                    "desktop.session_summary_repo_required",
-                    422,
-                    "hidden_ref summary backend requires a git repository",
-                    Some(json!({ "session_id": session_id })),
-                ));
-            };
-            persist_summary_to_hidden_ref(&repo_root, session_id, artifact)
-        }
-        SummaryStorageBackend::None => Ok(()),
-    }
-}
-
-fn summary_response_from_artifact(
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopSessionSummaryResponse {
-    DesktopSessionSummaryResponse {
-        session_id: session_id.to_string(),
-        summary: serde_json::to_value(&artifact.summary).ok(),
-        source_details: if artifact.source_details.is_empty() {
-            None
-        } else {
-            serde_json::to_value(&artifact.source_details).ok()
-        },
-        diff_tree: serde_json::to_value(&artifact.diff_tree)
-            .ok()
-            .and_then(|value| value.as_array().cloned())
-            .unwrap_or_default(),
-        source_kind: Some(enum_label(&artifact.source_kind)),
-        generation_kind: Some(enum_label(&artifact.generation_kind)),
-        error: artifact.error.clone(),
-    }
-}
-
-fn run_summary_batch_for_runtime(
-    runtime: DaemonConfig,
-) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
-    let db = open_local_db()?;
-    {
-        let mut running = SUMMARY_BATCH_RUNNING
-            .lock()
-            .expect("summary batch mutex poisoned");
-        if *running {
-            return desktop_summary_batch_status_from_db(&db);
-        }
-        *running = true;
+        let mut running = SUMMARY_BATCH_RUNNING
+            .lock()
+            .expect("summary batch mutex poisoned");
+        if *running {
+            return desktop_summary_batch_status_from_db(&db);
+        }
+        *running = true;
     }
 
     let started_at = chrono::Utc::now().to_rfc3339();
@@ -3966,26 +3317,8 @@ async fn desktop_regenerate_session_summary(
     let db = open_local_db()?;
     let runtime = load_runtime_config()?;
     let artifact = generate_session_summary_artifact_for_id(&db, &runtime, &id).await?;
-
-    match runtime.summary.storage.backend {
-        SummaryStorageBackend::LocalDb => {
-            persist_summary_to_local_db(&db, &id, &artifact)?;
-            desktop_get_session_summary(id)
-        }
-        SummaryStorageBackend::HiddenRef => {
-            let Some(repo_root) = resolve_summary_repo_root(&db, &id)? else {
-                return Err(desktop_error(
-                    "desktop.session_summary_repo_required",
-                    422,
-                    "hidden_ref summary backend requires a git repository",
-                    Some(json!({ "session_id": id })),
-                ));
-            };
-            persist_summary_to_hidden_ref(&repo_root, &id, &artifact)?;
-            desktop_get_session_summary(id)
-        }
-        SummaryStorageBackend::None => Ok(summary_response_from_artifact(&id, &artifact)),
-    }
+    persist_summary_for_runtime(&db, &runtime, &id, &artifact)?;
+    summary_response_after_persist(&db, &runtime, &id, &artifact)
 }
 
 #[tauri::command]
@@ -4565,30 +3898,79 @@ fn request_openai_tts_audio(
     Ok(payload.to_vec())
 }
 
-#[tauri::command]
-async fn desktop_read_session_changes(
-    request: DesktopChangeReadRequest,
-) -> DesktopApiResult<DesktopChangeReadResponse> {
-    let session_id = request.session_id.trim().to_string();
-    if session_id.is_empty() {
+fn require_non_empty_request_field(
+    raw: &str,
+    code: &str,
+    field_name: &str,
+) -> DesktopApiResult<String> {
+    let value = raw.trim().to_string();
+    if value.is_empty() {
         return Err(desktop_error(
-            "desktop.change_reader_invalid_request",
+            code,
             400,
-            "session_id is required",
+            format!("{field_name} is required"),
             None,
         ));
     }
-    let runtime = load_runtime_config()?;
-    if !runtime.change_reader.enabled {
-        return Err(desktop_error(
-            "desktop.change_reader_disabled",
+    Ok(value)
+}
+
+fn change_reader_disabled_error() -> DesktopApiError {
+    desktop_error(
+        "desktop.change_reader_disabled",
+        422,
+        "change reader is disabled in runtime settings",
+        Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
+    )
+}
+
+fn ensure_change_reader_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
+    if runtime.change_reader.enabled {
+        Ok(())
+    } else {
+        Err(change_reader_disabled_error())
+    }
+}
+
+fn ensure_change_reader_qa_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
+    if runtime.change_reader.qa_enabled {
+        Ok(())
+    } else {
+        Err(desktop_error(
+            "desktop.change_reader_qa_disabled",
             422,
-            "change reader is disabled in runtime settings",
-            Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
-        ));
+            "change reader Q&A is disabled in runtime settings",
+            Some(json!({ "hint": "Enable Q&A in Settings > Runtime Summary > Change Reader" })),
+        ))
+    }
+}
+
+fn load_change_reader_request_context(
+    session_id: &str,
+    scope: Option<DesktopChangeReaderScope>,
+    require_qa: bool,
+) -> DesktopApiResult<(DaemonConfig, ChangeReaderContextPayload)> {
+    let session_id = require_non_empty_request_field(
+        session_id,
+        "desktop.change_reader_invalid_request",
+        "session_id",
+    )?;
+    let runtime = load_runtime_config()?;
+    ensure_change_reader_enabled(&runtime)?;
+    if require_qa {
+        ensure_change_reader_qa_enabled(&runtime)?;
     }
     let db = open_local_db()?;
-    let context = build_change_reader_context(&db, &runtime, &session_id, request.scope)?;
+    let context = build_change_reader_context(&db, &runtime, &session_id, scope)?;
+    Ok((runtime, context))
+}
+
+#[tauri::command]
+async fn desktop_read_session_changes(
+    request: DesktopChangeReadRequest,
+) -> DesktopApiResult<DesktopChangeReadResponse> {
+    let (runtime, context) =
+        load_change_reader_request_context(&request.session_id, request.scope, false)?;
     let prompt = build_read_prompt(&context.context, &context.scope);
 
     let (narrative, provider_warning) = if runtime.summary.is_configured() {
@@ -4624,44 +4006,13 @@ async fn desktop_read_session_changes(
 async fn desktop_ask_session_changes(
     request: DesktopChangeQuestionRequest,
 ) -> DesktopApiResult<DesktopChangeQuestionResponse> {
-    let session_id = request.session_id.trim().to_string();
-    if session_id.is_empty() {
-        return Err(desktop_error(
-            "desktop.change_reader_invalid_request",
-            400,
-            "session_id is required",
-            None,
-        ));
-    }
-    let question = request.question.trim().to_string();
-    if question.is_empty() {
-        return Err(desktop_error(
-            "desktop.change_reader_question_required",
-            400,
-            "question is required",
-            None,
-        ));
-    }
-    let runtime = load_runtime_config()?;
-    if !runtime.change_reader.enabled {
-        return Err(desktop_error(
-            "desktop.change_reader_disabled",
-            422,
-            "change reader is disabled in runtime settings",
-            Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
-        ));
-    }
-    if !runtime.change_reader.qa_enabled {
-        return Err(desktop_error(
-            "desktop.change_reader_qa_disabled",
-            422,
-            "change reader Q&A is disabled in runtime settings",
-            Some(json!({ "hint": "Enable Q&A in Settings > Runtime Summary > Change Reader" })),
-        ));
-    }
-
-    let db = open_local_db()?;
-    let context = build_change_reader_context(&db, &runtime, &session_id, request.scope)?;
+    let question = require_non_empty_request_field(
+        &request.question,
+        "desktop.change_reader_question_required",
+        "question",
+    )?;
+    let (runtime, context) =
+        load_change_reader_request_context(&request.session_id, request.scope, true)?;
     let prompt = build_question_prompt(&question, &context.context, &context.scope);
     let (answer, provider_warning) = if runtime.summary.is_configured() {
         match generate_text(&runtime.summary, &prompt).await {
@@ -4708,14 +4059,7 @@ fn desktop_change_reader_tts(
     }
 
     let runtime = load_runtime_config()?;
-    if !runtime.change_reader.enabled {
-        return Err(desktop_error(
-            "desktop.change_reader_disabled",
-            422,
-            "change reader is disabled in runtime settings",
-            Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
-        ));
-    }
+    ensure_change_reader_enabled(&runtime)?;
     if !runtime.change_reader.voice.enabled {
         return Err(desktop_error(
             "desktop.change_reader_tts_disabled",
@@ -4882,38 +4226,12 @@ fn desktop_get_session_raw(id: String) -> DesktopApiResult<String> {
     load_normalized_session_body(&db, &id)
 }
 
-#[tauri::command]
-fn desktop_take_launch_route() -> DesktopApiResult<Option<String>> {
-    let path = desktop_launch_route_path()?;
-    if !path.exists() {
-        return Ok(None);
-    }
-
-    let contents = fs::read_to_string(&path).map_err(|error| {
-        desktop_error(
-            "desktop.launch_route_read_failed",
-            500,
-            "failed to read desktop launch route",
-            Some(json!({ "cause": error.to_string(), "path": path.to_string_lossy() })),
-        )
-    })?;
-    let _ = fs::remove_file(&path);
-    Ok(normalize_launch_route(&contents))
-}
-
 #[tauri::command]
 fn desktop_build_handoff(
     request: DesktopHandoffBuildRequest,
 ) -> DesktopApiResult<DesktopHandoffBuildResponse> {
-    let session_id = request.session_id.trim().to_string();
-    if session_id.is_empty() {
-        return Err(desktop_error(
-            "desktop.handoff_invalid_request",
-            400,
-            "session_id is required",
-            None,
-        ));
-    }
+    let session_id =
+        require_non_empty_request_field(&request.session_id, "desktop.handoff_invalid_request", "session_id")?;
 
     let db = open_local_db()?;
     let normalized_session = load_normalized_session_body(&db, &session_id)?;
@@ -4941,15 +4259,11 @@ fn desktop_build_handoff(
 fn desktop_share_session_quick(
     request: DesktopQuickShareRequest,
 ) -> DesktopApiResult<DesktopQuickShareResponse> {
-    let session_id = request.session_id.trim().to_string();
-    if session_id.is_empty() {
-        return Err(desktop_error(
-            "desktop.quick_share_invalid_request",
-            400,
-            "session_id is required",
-            None,
-        ));
-    }
+    let session_id = require_non_empty_request_field(
+        &request.session_id,
+        "desktop.quick_share_invalid_request",
+        "session_id",
+    )?;
 
     let db = open_local_db()?;
     let normalized_session = load_normalized_session_body(&db, &session_id)?;
@@ -5040,334 +4354,6 @@ fn desktop_share_session_quick(
     parse_cli_quick_share_response(&stdout)
 }
 
-fn resolve_desktop_lifecycle_schedule(config: &DaemonConfig) -> Option<Duration> {
-    if !config.lifecycle.enabled {
-        return None;
-    }
-    Some(Duration::from_secs(
-        config.lifecycle.cleanup_interval_secs.max(60),
-    ))
-}
-
-fn source_parent_directory_missing(source_path: &str) -> bool {
-    let path = Path::new(source_path);
-    path.parent()
-        .filter(|parent| !parent.as_os_str().is_empty())
-        .is_some_and(|parent| !parent.exists())
-}
-
-fn list_sessions_with_missing_source_parent_dirs(db: &LocalDb) -> DesktopApiResult<Vec<String>> {
-    let mut orphaned = db
-        .list_session_source_paths()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.lifecycle_cleanup_list_source_paths_failed",
-                500,
-                "failed to list session source paths for lifecycle cleanup",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?
-        .into_iter()
-        .filter_map(|(session_id, source_path)| {
-            if source_parent_directory_missing(&source_path) {
-                Some(session_id)
-            } else {
-                None
-            }
-        })
-        .collect::<Vec<_>>();
-    orphaned.sort();
-    orphaned.dedup();
-    Ok(orphaned)
-}
-
-fn collect_desktop_lifecycle_repo_roots(db: &LocalDb) -> DesktopApiResult<BTreeSet<PathBuf>> {
-    let mut roots = BTreeSet::new();
-    let rows = db
-        .list_sessions(&LocalSessionFilter::default())
-        .map_err(|error| {
-            desktop_error(
-                "desktop.lifecycle_cleanup_list_sessions_failed",
-                500,
-                "failed to list sessions for lifecycle cleanup",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    for row in rows {
-        if let Some(repo_root) = resolve_repo_root_from_session_row(&row) {
-            roots.insert(repo_root);
-        }
-    }
-
-    Ok(roots)
-}
-
-fn list_branch_ledger_refs(repo_root: &Path) -> Vec<String> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("for-each-ref")
-        .arg("--format=%(refname)")
-        .arg(opensession_git_native::BRANCH_LEDGER_REF_PREFIX)
-        .output();
-    let Ok(output) = output else {
-        return Vec::new();
-    };
-    if !output.status.success() {
-        return Vec::new();
-    }
-    String::from_utf8_lossy(&output.stdout)
-        .lines()
-        .map(str::trim)
-        .filter(|line| !line.is_empty())
-        .map(ToOwned::to_owned)
-        .collect()
-}
-
-fn run_desktop_git_retention_once(repo_roots: &BTreeSet<PathBuf>, keep_days: u32) {
-    let storage = NativeGitStorage;
-    for repo_root in repo_roots {
-        for ref_name in list_branch_ledger_refs(repo_root) {
-            let prune_result = storage.prune_by_age_at_ref(repo_root, &ref_name, keep_days);
-            if let Err(error) = prune_result {
-                eprintln!(
-                    "lifecycle cleanup: failed to prune branch ledger {ref_name} in {}: {error}",
-                    repo_root.display()
-                );
-            }
-        }
-    }
-}
-
-fn run_desktop_lifecycle_cleanup_once_with_db(
-    config: &DaemonConfig,
-    db: &LocalDb,
-) -> DesktopApiResult<()> {
-    if !config.lifecycle.enabled {
-        return Ok(());
-    }
-
-    let started_at = chrono::Utc::now().to_rfc3339();
-    set_lifecycle_cleanup_job_snapshot(
-        db,
-        LifecycleCleanupJobRow {
-            status: "running".to_string(),
-            deleted_sessions: 0,
-            deleted_summaries: 0,
-            message: Some("Scanning lifecycle cleanup candidates.".to_string()),
-            started_at: Some(started_at.clone()),
-            finished_at: None,
-        },
-    )?;
-
-    let storage = NativeGitStorage;
-    let mut deleted_sessions = 0u32;
-    let mut deleted_summaries = 0u32;
-
-    let result: DesktopApiResult<Option<String>> = (|| {
-        let repo_roots = collect_desktop_lifecycle_repo_roots(db)?;
-        let expired_sessions = db
-            .list_expired_session_ids(config.lifecycle.session_ttl_days)
-            .map_err(|error| {
-                desktop_error(
-                    "desktop.lifecycle_cleanup_list_expired_sessions_failed",
-                    500,
-                    "failed to list expired sessions for lifecycle cleanup",
-                    Some(json!({
-                        "cause": error.to_string(),
-                        "session_ttl_days": config.lifecycle.session_ttl_days
-                    })),
-                )
-            })?;
-        let expired_session_count = expired_sessions.len() as u32;
-        let orphaned_sessions = list_sessions_with_missing_source_parent_dirs(db)?;
-        let orphaned_session_count = orphaned_sessions.len() as u32;
-        let mut sessions_to_delete = expired_sessions.into_iter().collect::<BTreeSet<_>>();
-        sessions_to_delete.extend(orphaned_sessions);
-
-        if !sessions_to_delete.is_empty() {
-            set_lifecycle_cleanup_job_snapshot(
-                db,
-                LifecycleCleanupJobRow {
-                    status: "running".to_string(),
-                    deleted_sessions,
-                    deleted_summaries,
-                    message: Some(format!(
-                        "Deleting {} lifecycle cleanup candidates.",
-                        sessions_to_delete.len()
-                    )),
-                    started_at: Some(started_at.clone()),
-                    finished_at: None,
-                },
-            )?;
-        }
-
-        for session_id in &sessions_to_delete {
-            let row = db.get_session_by_id(session_id).map_err(|error| {
-                desktop_error(
-                    "desktop.lifecycle_cleanup_load_session_failed",
-                    500,
-                    "failed to load session for lifecycle cleanup",
-                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-                )
-            })?;
-            if let Some(repo_root) = row.as_ref().and_then(resolve_repo_root_from_session_row) {
-                let delete_result =
-                    storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, session_id);
-                match delete_result {
-                    Ok(true) => {
-                        deleted_summaries = deleted_summaries.saturating_add(1);
-                    }
-                    Ok(false) => {}
-                    Err(error) => {
-                        eprintln!(
-                            "lifecycle cleanup: failed to delete hidden-ref summary for {} in {}: {error}",
-                            session_id,
-                            repo_root.display()
-                        );
-                    }
-                }
-            }
-
-            db.delete_session(session_id).map_err(|error| {
-                desktop_error(
-                    "desktop.lifecycle_cleanup_delete_session_failed",
-                    500,
-                    "failed to delete expired session during lifecycle cleanup",
-                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-                )
-            })?;
-            deleted_sessions = deleted_sessions.saturating_add(1);
-        }
-
-        deleted_summaries = deleted_summaries.saturating_add(
-            db.delete_expired_session_summaries(config.lifecycle.summary_ttl_days)
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.lifecycle_cleanup_delete_summaries_failed",
-                        500,
-                        "failed to delete expired semantic summaries during lifecycle cleanup",
-                        Some(json!({
-                            "cause": error.to_string(),
-                            "summary_ttl_days": config.lifecycle.summary_ttl_days
-                        })),
-                    )
-                })?,
-        );
-
-        for repo_root in &repo_roots {
-            let prune_result = storage.prune_summaries_by_age_at_ref(
-                repo_root,
-                SUMMARY_LEDGER_REF,
-                config.lifecycle.summary_ttl_days,
-            );
-            match prune_result {
-                Ok(stats) => {
-                    deleted_summaries =
-                        deleted_summaries.saturating_add(stats.expired_sessions as u32);
-                }
-                Err(error) => {
-                    eprintln!(
-                        "lifecycle cleanup: failed to prune hidden-ref summaries in {}: {error}",
-                        repo_root.display()
-                    );
-                }
-            }
-        }
-
-        if config.git_storage.method != GitStorageMethod::Sqlite
-            && config.git_storage.retention.enabled
-        {
-            run_desktop_git_retention_once(&repo_roots, config.lifecycle.session_ttl_days);
-        }
-
-        let message = if deleted_sessions == 0 && deleted_summaries == 0 {
-            Some("Lifecycle cleanup complete. No expired data needed removal.".to_string())
-        } else {
-            Some(format!(
-                "Lifecycle cleanup complete. Deleted {deleted_sessions} sessions ({expired_session_count} TTL, {orphaned_session_count} orphaned) and removed {deleted_summaries} summaries."
-            ))
-        };
-
-        Ok(message)
-    })();
-
-    match result {
-        Ok(message) => {
-            set_lifecycle_cleanup_job_snapshot(
-                db,
-                LifecycleCleanupJobRow {
-                    status: "complete".to_string(),
-                    deleted_sessions,
-                    deleted_summaries,
-                    message,
-                    started_at: Some(started_at),
-                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
-                },
-            )?;
-            Ok(())
-        }
-        Err(error) => {
-            if let Err(persist_error) = set_lifecycle_cleanup_job_snapshot(
-                db,
-                LifecycleCleanupJobRow {
-                    status: "failed".to_string(),
-                    deleted_sessions,
-                    deleted_summaries,
-                    message: Some(error.message.clone()),
-                    started_at: Some(started_at),
-                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
-                },
-            ) {
-                eprintln!(
-                    "failed to persist lifecycle cleanup failure snapshot: {}",
-                    persist_error.message
-                );
-            }
-            Err(error)
-        }
-    }
-}
-
-fn run_desktop_lifecycle_cleanup_once(config: &DaemonConfig) -> DesktopApiResult<()> {
-    let db = open_local_db()?;
-    run_desktop_lifecycle_cleanup_once_with_db(config, &db)
-}
-
-fn maybe_start_lifecycle_cleanup_loop() {
-    let mut started = LIFECYCLE_CLEANUP_LOOP_STARTED
-        .lock()
-        .expect("lifecycle cleanup loop mutex poisoned");
-    if *started {
-        return;
-    }
-    *started = true;
-    drop(started);
-
-    std::thread::spawn(|| {
-        loop {
-            let sleep_for = match load_runtime_config() {
-                Ok(config) => {
-                    if let Err(error) = run_desktop_lifecycle_cleanup_once(&config) {
-                        eprintln!("failed to run desktop lifecycle cleanup: {}", error.message);
-                    }
-                    resolve_desktop_lifecycle_schedule(&config)
-                        .unwrap_or_else(|| Duration::from_secs(60))
-                }
-                Err(error) => {
-                    eprintln!(
-                        "failed to load runtime config for lifecycle cleanup: {}",
-                        error.message
-                    );
-                    Duration::from_secs(60)
-                }
-            };
-            std::thread::sleep(sleep_for);
-        }
-    });
-}
-
 fn maybe_start_summary_batch_on_app_start() {
     let runtime = match load_runtime_config() {
         Ok(runtime) => runtime,
@@ -5441,8 +4427,8 @@ mod tests {
         desktop_share_session_quick, desktop_summary_batch_run, desktop_summary_batch_status,
         desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
         map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
-        parse_cli_quick_share_response, session_summary_from_local_row, validate_pin_alias,
-        validate_vector_preflight_ready,
+        parse_cli_quick_share_response, require_non_empty_request_field,
+        session_summary_from_local_row, validate_pin_alias, validate_vector_preflight_ready,
     };
     use crate::app::session_query::split_search_mode;
     use opensession_api::{
@@ -7152,6 +6138,30 @@ mod tests {
         let _ = std::fs::remove_dir_all(&temp_home);
     }
 
+    #[test]
+    fn require_non_empty_request_field_trims_surrounding_whitespace() {
+        let value = require_non_empty_request_field(
+            "  session-1 \n",
+            "desktop.test_invalid_request",
+            "session_id",
+        )
+        .expect("trimmed field should be accepted");
+        assert_eq!(value, "session-1");
+    }
+
+    #[test]
+    fn require_non_empty_request_field_rejects_blank_values() {
+        let error = require_non_empty_request_field(
+            " \n\t ",
+            "desktop.test_invalid_request",
+            "session_id",
+        )
+        .expect_err("blank field should be rejected");
+        assert_eq!(error.status, 400);
+        assert_eq!(error.code, "desktop.test_invalid_request");
+        assert_eq!(error.message, "session_id is required");
+    }
+
     #[test]
     fn desktop_change_reader_qa_respects_toggle() {
         let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
diff --git a/packages/ui/src/api-types.generated.ts b/packages/ui/src/api-types.generated.ts
index d9ac029e..bc3cd3d3 100644
--- a/packages/ui/src/api-types.generated.ts
+++ b/packages/ui/src/api-types.generated.ts
@@ -21,11 +21,7 @@ export interface ChangePasswordRequest { current_password: string, new_password:
 
 export interface VerifyResponse { user_id: string, nickname: string, }
 
-export interface UserSettingsResponse { user_id: string, nickname: string, created_at: string, email: string | null, avatar_url: string | null, 
-/**
- * Linked OAuth providers.
- */
-oauth_providers: Array<LinkedProvider>, }
+export interface UserSettingsResponse { user_id: string, nickname: string, created_at: string, email: string | null, avatar_url: string | null, oauth_providers: Array<LinkedProvider>, }
 
 export interface OkResponse { ok: boolean, }
 
@@ -41,23 +37,11 @@ export interface OAuthLinkResponse { url: string, }
 
 export interface UploadResponse { id: string, url: string, session_score: number, score_plugin: string, }
 
-export interface SessionSummary { id: string, user_id: string | null, nickname: string | null, tool: string, agent_provider: string | null, agent_model: string | null, title: string | null, description: string | null, 
-/**
- * Comma-separated tags string
- */
-tags: string | null, created_at: string, uploaded_at: string, message_count: number, task_count: number, event_count: number, duration_seconds: number, total_input_tokens: number, total_output_tokens: number, git_remote?: string | null, git_branch?: string | null, git_commit?: string | null, git_repo_name?: string | null, pr_number?: number | null, pr_url?: string | null, working_directory?: string | null, files_modified?: string | null, files_read?: string | null, has_errors: boolean, max_active_agents: number, session_score: number, score_plugin: string, }
+export interface SessionSummary { id: string, user_id: string | null, nickname: string | null, tool: string, agent_provider: string | null, agent_model: string | null, title: string | null, description: string | null, tags: string | null, created_at: string, uploaded_at: string, message_count: number, task_count: number, event_count: number, duration_seconds: number, total_input_tokens: number, total_output_tokens: number, git_remote?: string | null, git_branch?: string | null, git_commit?: string | null, git_repo_name?: string | null, pr_number?: number | null, pr_url?: string | null, working_directory?: string | null, files_modified?: string | null, files_read?: string | null, has_errors: boolean, max_active_agents: number, session_score: number, score_plugin: string, }
 
 export interface SessionListResponse { sessions: Array<SessionSummary>, total: number, page: number, per_page: number, }
 
-export interface SessionListQuery { page: number, per_page: number, search: string | null, tool: string | null, git_repo_name: string | null, 
-/**
- * Sort order (default: recent)
- */
-sort: SortOrder | null, 
-/**
- * Time range filter (default: all)
- */
-time_range: TimeRange | null, }
+export interface SessionListQuery { page: number, per_page: number, search: string | null, tool: string | null, git_repo_name: string | null, sort: SortOrder | null, time_range: TimeRange | null, }
 
 export interface DesktopSessionListQuery { page: string | null, per_page: string | null, search: string | null, tool: string | null, git_repo_name: string | null, sort: string | null, time_range: string | null, force_refresh: boolean | null, }
 
@@ -187,19 +171,11 @@ export interface DesktopChangeQuestionResponse { session_id: string, question: s
 
 export interface DesktopApiError { code: string, status: number, message: string, details?: Record<string, any> | null, }
 
-export interface SessionDetail { linked_sessions?: Array<SessionLink>, id: string, user_id: string | null, nickname: string | null, tool: string, agent_provider: string | null, agent_model: string | null, title: string | null, description: string | null, 
-/**
- * Comma-separated tags string
- */
-tags: string | null, created_at: string, uploaded_at: string, message_count: number, task_count: number, event_count: number, duration_seconds: number, total_input_tokens: number, total_output_tokens: number, git_remote?: string | null, git_branch?: string | null, git_commit?: string | null, git_repo_name?: string | null, pr_number?: number | null, pr_url?: string | null, working_directory?: string | null, files_modified?: string | null, files_read?: string | null, has_errors: boolean, max_active_agents: number, session_score: number, score_plugin: string, }
+export interface SessionDetail { linked_sessions?: Array<SessionLink>, id: string, user_id: string | null, nickname: string | null, tool: string, agent_provider: string | null, agent_model: string | null, title: string | null, description: string | null, tags: string | null, created_at: string, uploaded_at: string, message_count: number, task_count: number, event_count: number, duration_seconds: number, total_input_tokens: number, total_output_tokens: number, git_remote?: string | null, git_branch?: string | null, git_commit?: string | null, git_repo_name?: string | null, pr_number?: number | null, pr_url?: string | null, working_directory?: string | null, files_modified?: string | null, files_read?: string | null, has_errors: boolean, max_active_agents: number, session_score: number, score_plugin: string, }
 
 export interface SessionLink { session_id: string, linked_session_id: string, link_type: LinkType, created_at: string, }
 
-export type ParseSource = { "kind": "git", remote: string, ref: string, path: string, } | { "kind": "github", owner: string, repo: string, ref: string, path: string, } | { "kind": "inline", filename: string, 
-/**
- * Base64-encoded UTF-8 text content.
- */
-content_base64: string, }
+export type ParseSource = { "kind": "git", remote: string, ref: string, path: string, } | { "kind": "github", owner: string, repo: string, ref: string, path: string, } | { "kind": "inline", filename: string, content_base64: string, }
 
 export interface ParseCandidate { id: string, confidence: number, reason: string, }
 

From 4ddb4a55f10397820fb01886a62b5b8ca8ab7901 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 18:02:10 +0900
Subject: [PATCH 07/30] split desktop change reader and worker auth routes

---
 crates/worker/src/routes/auth.rs              | 1039 +----------------
 .../worker/src/routes/auth/git_credentials.rs |  305 +++++
 crates/worker/src/routes/auth/oauth_flow.rs   |  381 ++++++
 crates/worker/src/routes/auth/support.rs      |  292 +++++
 desktop/src-tauri/src/app/change_reader.rs    |  802 +++++++++++++
 desktop/src-tauri/src/app/mod.rs              |    1 +
 desktop/src-tauri/src/main.rs                 |  793 +------------
 7 files changed, 1837 insertions(+), 1776 deletions(-)
 create mode 100644 crates/worker/src/routes/auth/git_credentials.rs
 create mode 100644 crates/worker/src/routes/auth/oauth_flow.rs
 create mode 100644 crates/worker/src/routes/auth/support.rs
 create mode 100644 desktop/src-tauri/src/app/change_reader.rs

diff --git a/crates/worker/src/routes/auth.rs b/crates/worker/src/routes/auth.rs
index a8c11341..0547d770 100644
--- a/crates/worker/src/routes/auth.rs
+++ b/crates/worker/src/routes/auth.rs
@@ -1,26 +1,31 @@
+mod git_credentials;
+mod oauth_flow;
+mod support;
+
+pub use git_credentials::{create_git_credential, delete_git_credential, list_git_credentials};
+pub use oauth_flow::{oauth_callback, oauth_redirect};
+
 use opensession_api::{
-    AuthRegisterRequest, AuthTokenResponse, CreateGitCredentialRequest, GitCredentialSummary,
-    IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest, LogoutRequest, OkResponse,
-    RefreshRequest, ServiceError, UserSettingsResponse, VerifyResponse, crypto, db as dbq,
-    oauth::{self, AuthProvidersResponse, OAuthProviderConfig, OAuthProviderInfo},
+    AuthRegisterRequest, AuthTokenResponse, IssueApiKeyResponse, LoginRequest, LogoutRequest,
+    OkResponse, RefreshRequest, UserSettingsResponse, VerifyResponse, crypto, db as dbq, oauth,
+    oauth::{AuthProvidersResponse, OAuthProviderInfo},
     service,
     service::AuthToken,
 };
-use serde::{Deserialize, Serialize};
 use uuid::Uuid;
-use worker::*;
+use worker::{D1Database, Request, Response, Result, RouteContext};
 
 use crate::config::WorkerConfig;
-use crate::db_helpers::values_to_js;
 use crate::error::IntoErrResponse;
 use crate::storage;
 
-type ServiceResult<T> = std::result::Result<T, opensession_api::ServiceError>;
-
-const ACCESS_COOKIE_NAME: &str = "opensession_access_token";
-const REFRESH_COOKIE_NAME: &str = "opensession_refresh_token";
-const CSRF_COOKIE_NAME: &str = "opensession_csrf_token";
-const CSRF_HEADER_NAME: &str = "x-csrf-token";
+use self::oauth_flow::provider_display_name;
+use self::support::{
+    ACCESS_COOKIE_NAME, LoginRow, OAuthIdentityRow, RefreshRow, ServiceResult, SettingsRow,
+    UserRow, auth_cookie_values, clear_auth_cookie_values, d1_all, d1_first, d1_run,
+    enforce_csrf_if_cookie_auth, json_response, json_response_with_cookies, now_sqlite_datetime,
+    now_unix, parse_cookie_value, parse_json, service_internal,
+};
 
 #[derive(Debug)]
 pub(crate) struct AuthUser {
@@ -30,303 +35,18 @@ pub(crate) struct AuthUser {
     pub(crate) email: Option<String>,
 }
 
-#[derive(Debug, Deserialize)]
-struct UserRow {
-    id: String,
-    nickname: String,
-    email: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-struct LoginRow {
-    id: String,
-    nickname: String,
-    password_hash: Option<String>,
-    password_salt: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-struct RefreshRow {
-    id: String,
-    user_id: String,
-    expires_at: String,
-    nickname: String,
-}
-
-#[derive(Debug, Deserialize)]
-struct SettingsRow {
-    created_at: String,
-}
-
-#[derive(Debug, Deserialize)]
-struct OAuthIdentityRow {
-    provider: String,
-    provider_username: Option<String>,
-    avatar_url: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-struct OAuthStateRow {
-    provider: String,
-    expires_at: String,
-    user_id: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-struct OAuthIdentityUserRow {
-    user_id: String,
-}
-
-#[derive(Debug, Deserialize)]
-struct GitCredentialSummaryRow {
-    id: String,
-    label: String,
-    host: String,
-    path_prefix: String,
-    header_name: String,
-    created_at: String,
-    updated_at: String,
-    last_used_at: Option<String>,
-}
-
-fn now_unix() -> u64 {
-    let now = chrono::Utc::now().timestamp();
-    if now < 0 { 0 } else { now as u64 }
-}
-
-fn now_sqlite_datetime() -> String {
-    chrono::Utc::now().format("%Y-%m-%d %H:%M:%S").to_string()
-}
-
-fn parse_cookie_value(headers: &Headers, name: &str) -> Option<String> {
-    headers.get("Cookie").ok().flatten().and_then(|raw| {
-        raw.split(';').find_map(|entry| {
-            let mut parts = entry.trim().splitn(2, '=');
-            let key = parts.next()?.trim();
-            let value = parts.next()?.trim();
-            if key == name {
-                Some(value.to_string())
-            } else {
-                None
-            }
-        })
-    })
-}
-
-fn constant_time_eq(lhs: &str, rhs: &str) -> bool {
-    let left = lhs.as_bytes();
-    let right = rhs.as_bytes();
-    if left.len() != right.len() {
-        return false;
-    }
-    let mut diff = 0u8;
-    for (a, b) in left.iter().zip(right.iter()) {
-        diff |= a ^ b;
-    }
-    diff == 0
-}
-
-fn secure_cookie_mode(req: &Request, config: &WorkerConfig) -> bool {
-    if let Ok(Some(proto)) = req.headers().get("x-forwarded-proto") {
-        if proto
-            .split(',')
-            .next()
-            .is_some_and(|value| value.trim().eq_ignore_ascii_case("https"))
-        {
-            return true;
-        }
-    }
-    if let Ok(url) = req.url() {
-        if url.scheme().eq_ignore_ascii_case("https") {
-            return true;
-        }
-    }
-    config
-        .base_url
-        .as_deref()
-        .is_some_and(|value| value.to_ascii_lowercase().starts_with("https://"))
-}
-
-fn build_set_cookie(
-    name: &str,
-    value: &str,
-    max_age_secs: i64,
-    path: &str,
-    http_only: bool,
-    secure: bool,
-) -> String {
-    let mut cookie = format!("{name}={value}; Path={path}; Max-Age={max_age_secs}; SameSite=Lax");
-    if http_only {
-        cookie.push_str("; HttpOnly");
-    }
-    if secure {
-        cookie.push_str("; Secure");
-    }
-    cookie
-}
-
-fn auth_cookie_values(
-    req: &Request,
-    config: &WorkerConfig,
-    tokens: &AuthTokenResponse,
-) -> ServiceResult<Vec<String>> {
-    let secure = secure_cookie_mode(req, config);
-    let csrf = crypto::generate_token()?;
-    Ok(vec![
-        build_set_cookie(
-            ACCESS_COOKIE_NAME,
-            &tokens.access_token,
-            tokens.expires_in as i64,
-            "/api",
-            true,
-            secure,
-        ),
-        build_set_cookie(
-            REFRESH_COOKIE_NAME,
-            &tokens.refresh_token,
-            crypto::REFRESH_EXPIRY_SECS as i64,
-            "/api",
-            true,
-            secure,
-        ),
-        build_set_cookie(
-            CSRF_COOKIE_NAME,
-            &csrf,
-            crypto::REFRESH_EXPIRY_SECS as i64,
-            "/",
-            false,
-            secure,
-        ),
-    ])
-}
-
-fn clear_auth_cookie_values(req: &Request, config: &WorkerConfig) -> Vec<String> {
-    let secure = secure_cookie_mode(req, config);
-    vec![
-        build_set_cookie(ACCESS_COOKIE_NAME, "", 0, "/api", true, secure),
-        build_set_cookie(REFRESH_COOKIE_NAME, "", 0, "/api", true, secure),
-        build_set_cookie(CSRF_COOKIE_NAME, "", 0, "/", false, secure),
-    ]
-}
-
-fn enforce_csrf_if_cookie_auth(
-    req: &Request,
-    config: &WorkerConfig,
-    using_cookie_auth: bool,
-) -> ServiceResult<()> {
-    if !using_cookie_auth {
-        return Ok(());
-    }
-    let origin = req
-        .headers()
-        .get("Origin")
-        .map_err(|e| service_internal("read origin header", e))?
-        .ok_or_else(|| {
-            opensession_api::ServiceError::Unauthorized("missing request origin".into())
-        })?;
-    if !config.allowed_origins.iter().any(|value| value == &origin) {
-        return Err(opensession_api::ServiceError::Unauthorized(
-            "request origin is not allowed".into(),
-        ));
-    }
-    let csrf_cookie = parse_cookie_value(req.headers(), CSRF_COOKIE_NAME)
-        .ok_or_else(|| opensession_api::ServiceError::Unauthorized("missing csrf cookie".into()))?;
-    let csrf_header = req
-        .headers()
-        .get(CSRF_HEADER_NAME)
-        .map_err(|e| service_internal("read csrf header", e))?
-        .ok_or_else(|| opensession_api::ServiceError::Unauthorized("missing csrf header".into()))?;
-    if !constant_time_eq(&csrf_cookie, &csrf_header) {
-        return Err(opensession_api::ServiceError::Unauthorized(
-            "csrf token mismatch".into(),
-        ));
-    }
-    Ok(())
-}
-
-fn service_internal(context: &str, err: impl std::fmt::Display) -> opensession_api::ServiceError {
-    opensession_api::ServiceError::Internal(format!("{context}: {err}"))
-}
-
-fn json_response<T: Serialize>(value: &T, status: u16) -> Result<Response> {
-    Response::from_json(value).map(|resp| resp.with_status(status))
-}
-
-fn json_response_with_cookies<T: Serialize>(
-    value: &T,
-    status: u16,
-    cookies: &[String],
-) -> Result<Response> {
-    let resp = json_response(value, status)?;
-    let headers = Headers::new();
-    for cookie in cookies {
-        headers.append("Set-Cookie", cookie)?;
-    }
-    Ok(resp.with_headers(headers))
-}
-
-async fn parse_json<T: for<'de> Deserialize<'de>>(req: &mut Request) -> ServiceResult<T> {
-    req.json()
-        .await
-        .map_err(|_| opensession_api::ServiceError::BadRequest("invalid request body".into()))
-}
-
-async fn d1_first<T: for<'de> Deserialize<'de>>(
-    d1: &D1Database,
-    built: (String, sea_query::Values),
-    context: &str,
-) -> ServiceResult<Option<T>> {
-    let (sql, values) = built;
-    let stmt = d1
-        .prepare(&sql)
-        .bind(&values_to_js(&values))
-        .map_err(|e| service_internal(context, e))?;
-    let result = stmt.first(None).await;
-    result.map_err(|e| service_internal(context, e))
-}
-
-async fn d1_all<T: for<'de> Deserialize<'de>>(
-    d1: &D1Database,
-    built: (String, sea_query::Values),
-    context: &str,
-) -> ServiceResult<Vec<T>> {
-    let (sql, values) = built;
-    let stmt = d1
-        .prepare(&sql)
-        .bind(&values_to_js(&values))
-        .map_err(|e| service_internal(context, e))?;
-    let result = stmt.all().await.map_err(|e| service_internal(context, e))?;
-    result
-        .results::<T>()
-        .map_err(|e| service_internal(context, e))
-}
-
-async fn d1_run(
-    d1: &D1Database,
-    built: (String, sea_query::Values),
-    context: &str,
-) -> ServiceResult<()> {
-    let (sql, values) = built;
-    let stmt = d1
-        .prepare(&sql)
-        .bind(&values_to_js(&values))
-        .map_err(|e| service_internal(context, e))?;
-    let result = stmt.run().await.map_err(|e| service_internal(context, e))?;
-    if !result.success() {
-        return Err(opensession_api::ServiceError::Internal(
-            result
-                .error()
-                .unwrap_or_else(|| format!("{context} failed")),
-        ));
-    }
-    Ok(())
+fn load_config_and_d1(ctx: &RouteContext<()>) -> ServiceResult<(WorkerConfig, D1Database)> {
+    let config = WorkerConfig::from_env(&ctx.env);
+    let d1 = storage::get_d1(&ctx.env)
+        .map_err(|err| service_internal("load d1 binding", err))?;
+    Ok((config, d1))
 }
 
 pub(crate) async fn authenticate(
     req: &Request,
     d1: &D1Database,
     config: &WorkerConfig,
-) -> std::result::Result<AuthUser, opensession_api::ServiceError> {
+) -> ServiceResult<AuthUser> {
     let header_token = req
         .headers()
         .get("Authorization")
@@ -387,7 +107,7 @@ pub(crate) async fn authenticate_optional(
     req: &Request,
     d1: &D1Database,
     config: &WorkerConfig,
-) -> std::result::Result<Option<AuthUser>, opensession_api::ServiceError> {
+) -> ServiceResult<Option<AuthUser>> {
     let header = req.headers().get("Authorization").map_err(|_| {
         opensession_api::ServiceError::Unauthorized(
             "missing or invalid Authorization header".into(),
@@ -434,108 +154,6 @@ async fn issue_tokens(
     Ok(bundle.response)
 }
 
-fn find_provider<'a>(
-    config: &'a WorkerConfig,
-    provider_id: &str,
-) -> ServiceResult<&'a OAuthProviderConfig> {
-    config
-        .oauth_providers
-        .iter()
-        .find(|provider| provider.id == provider_id)
-        .ok_or_else(|| {
-            opensession_api::ServiceError::NotFound(format!(
-                "OAuth provider '{provider_id}' not found"
-            ))
-        })
-}
-
-fn provider_display_name(provider_id: &str) -> String {
-    match provider_id {
-        "github" => "GitHub".to_string(),
-        "gitlab" => "GitLab".to_string(),
-        other => other.to_string(),
-    }
-}
-
-fn oauth_provider_host(provider: &OAuthProviderConfig) -> ServiceResult<String> {
-    let parsed = Url::parse(&provider.token_url).map_err(|_| {
-        opensession_api::ServiceError::Internal("invalid OAuth provider token URL".into())
-    })?;
-    let host = parsed.host_str().ok_or_else(|| {
-        opensession_api::ServiceError::Internal("OAuth provider token URL missing host".into())
-    })?;
-    Ok(host.to_ascii_lowercase())
-}
-
-fn resolve_base_url(req: &Request, config: &WorkerConfig) -> String {
-    if let Some(base_url) = config.base_url.as_ref() {
-        return base_url.trim_end_matches('/').to_string();
-    }
-
-    if let Ok(url) = req.url() {
-        let mut base = format!("{}://{}", url.scheme(), url.host_str().unwrap_or_default());
-        if let Some(port) = url.port() {
-            base.push(':');
-            base.push_str(&port.to_string());
-        }
-        return base;
-    }
-
-    "https://opensession.io".to_string()
-}
-
-fn redirect_response(location: &str) -> Result<Response> {
-    let headers = Headers::new();
-    headers.set("Location", location)?;
-    Ok(Response::empty()?.with_status(302).with_headers(headers))
-}
-
-fn redirect_response_with_cookies(location: &str, cookies: &[String]) -> Result<Response> {
-    let headers = Headers::new();
-    headers.set("Location", location)?;
-    for cookie in cookies {
-        headers.append("Set-Cookie", cookie)?;
-    }
-    Ok(Response::empty()?.with_status(302).with_headers(headers))
-}
-
-async fn fetch_text(req: Request, context: &str) -> ServiceResult<(u16, String)> {
-    let mut resp = Fetch::Request(req)
-        .send()
-        .await
-        .map_err(|e| service_internal(context, e))?;
-    let status = resp.status_code();
-    let body = resp
-        .text()
-        .await
-        .map_err(|e| service_internal(context, e))?;
-    Ok((status, body))
-}
-
-async fn fetch_json(
-    url: &str,
-    bearer_token: &str,
-    context: &str,
-) -> ServiceResult<serde_json::Value> {
-    let mut init = RequestInit::new();
-    init.with_method(Method::Get);
-    init.headers
-        .set("Authorization", &format!("Bearer {bearer_token}"))
-        .map_err(|e| service_internal(context, e))?;
-    init.headers
-        .set("Accept", "application/json")
-        .map_err(|e| service_internal(context, e))?;
-    init.headers
-        .set("User-Agent", "opensession-worker")
-        .map_err(|e| service_internal(context, e))?;
-
-    let req = Request::new_with_init(url, &init).map_err(|e| service_internal(context, e))?;
-    let response = Fetch::Request(req).send().await;
-    let mut resp = response.map_err(|e| service_internal(context, e))?;
-    let json = resp.json::<serde_json::Value>().await;
-    json.map_err(|e| service_internal(context, e))
-}
-
 pub async fn providers(_req: Request, ctx: RouteContext<()>) -> Result<Response> {
     let config = WorkerConfig::from_env(&ctx.env);
     let payload = AuthProvidersResponse {
@@ -553,10 +171,9 @@ pub async fn providers(_req: Request, ctx: RouteContext<()>) -> Result<Response>
 }
 
 pub async fn auth_register(mut req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<AuthTokenResponse> = async {
@@ -624,10 +241,9 @@ pub async fn auth_register(mut req: Request, ctx: RouteContext<()>) -> Result<Re
 }
 
 pub async fn login(mut req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<AuthTokenResponse> = async {
@@ -679,10 +295,9 @@ pub async fn login(mut req: Request, ctx: RouteContext<()>) -> Result<Response>
 }
 
 pub async fn refresh(mut req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<AuthTokenResponse> = async {
@@ -710,7 +325,7 @@ pub async fn refresh(mut req: Request, ctx: RouteContext<()>) -> Result<Response
             }
             Some(token)
         };
-        let cookie_token = parse_cookie_value(req.headers(), REFRESH_COOKIE_NAME);
+        let cookie_token = parse_cookie_value(req.headers(), support::REFRESH_COOKIE_NAME);
         let (refresh_token, using_cookie_refresh) = match (body_token, cookie_token) {
             (Some(token), _) => (token, false),
             (None, Some(token)) => (token, true),
@@ -766,10 +381,9 @@ pub async fn refresh(mut req: Request, ctx: RouteContext<()>) -> Result<Response
 }
 
 pub async fn logout(mut req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<OkResponse> = async {
@@ -791,7 +405,7 @@ pub async fn logout(mut req: Request, ctx: RouteContext<()>) -> Result<Response>
             }
             Some(token)
         };
-        let cookie_token = parse_cookie_value(req.headers(), REFRESH_COOKIE_NAME);
+        let cookie_token = parse_cookie_value(req.headers(), support::REFRESH_COOKIE_NAME);
         let token_and_source = match (body_token, cookie_token) {
             (Some(token), _) => Some((token, false)),
             (None, Some(token)) => Some((token, true)),
@@ -821,14 +435,12 @@ pub async fn logout(mut req: Request, ctx: RouteContext<()>) -> Result<Response>
 }
 
 pub async fn verify(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
-    let auth_result = authenticate(&req, &d1, &config).await;
-    match auth_result {
+    match authenticate(&req, &d1, &config).await {
         Ok(user) => json_response(
             &VerifyResponse {
                 user_id: user.user_id,
@@ -841,10 +453,9 @@ pub async fn verify(req: Request, ctx: RouteContext<()>) -> Result<Response> {
 }
 
 pub async fn me(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<UserSettingsResponse> = async {
@@ -898,10 +509,9 @@ pub async fn me(req: Request, ctx: RouteContext<()>) -> Result<Response> {
 }
 
 pub async fn issue_api_key(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
+    let (config, d1) = match load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
     };
 
     let result: ServiceResult<IssueApiKeyResponse> = async {
@@ -936,554 +546,3 @@ pub async fn issue_api_key(req: Request, ctx: RouteContext<()>) -> Result<Respon
         Err(err) => err.into_err_response(),
     }
 }
-
-fn normalize_header_name(raw: &str) -> ServiceResult<String> {
-    let trimmed = raw.trim();
-    if trimmed.is_empty() {
-        return Err(ServiceError::BadRequest("header_name is required".into()));
-    }
-    if trimmed.len() > 64 {
-        return Err(ServiceError::BadRequest(
-            "header_name is too long (max 64 chars)".into(),
-        ));
-    }
-    if !trimmed.bytes().all(|b| {
-        b.is_ascii_alphanumeric()
-            || matches!(
-                b,
-                b'!' | b'#'
-                    | b'$'
-                    | b'%'
-                    | b'&'
-                    | b'\''
-                    | b'*'
-                    | b'+'
-                    | b'-'
-                    | b'.'
-                    | b'^'
-                    | b'_'
-                    | b'`'
-                    | b'|'
-                    | b'~'
-            )
-    }) {
-        return Err(ServiceError::BadRequest(
-            "header_name contains invalid characters".into(),
-        ));
-    }
-    Ok(trimmed.to_string())
-}
-
-fn normalize_host(raw: &str) -> ServiceResult<String> {
-    let trimmed = raw.trim().to_ascii_lowercase();
-    if trimmed.is_empty() {
-        return Err(ServiceError::BadRequest("host is required".into()));
-    }
-    if trimmed.len() > 255 {
-        return Err(ServiceError::BadRequest(
-            "host is too long (max 255 chars)".into(),
-        ));
-    }
-    if trimmed.contains('/') || trimmed.contains(' ') {
-        return Err(ServiceError::BadRequest(
-            "host must not contain path separators or spaces".into(),
-        ));
-    }
-    if trimmed
-        .bytes()
-        .all(|b| b.is_ascii_alphanumeric() || matches!(b, b'.' | b'-' | b':'))
-    {
-        return Ok(trimmed);
-    }
-    Err(ServiceError::BadRequest(
-        "host contains invalid characters".into(),
-    ))
-}
-
-fn normalize_path_prefix(raw: Option<&str>) -> ServiceResult<String> {
-    let trimmed = raw.unwrap_or_default().trim().trim_matches('/').to_string();
-    if trimmed.is_empty() {
-        return Ok(String::new());
-    }
-    if trimmed.len() > 512 {
-        return Err(ServiceError::BadRequest(
-            "path_prefix is too long (max 512 chars)".into(),
-        ));
-    }
-    let mut segments = Vec::<String>::new();
-    for part in trimmed.split('/') {
-        let seg = part.trim();
-        if seg.is_empty() || seg == "." || seg == ".." || seg.contains('\\') {
-            return Err(ServiceError::BadRequest(
-                "path_prefix contains invalid segments".into(),
-            ));
-        }
-        segments.push(seg.to_string());
-    }
-    if let Some(last) = segments.last_mut() {
-        *last = last.strip_suffix(".git").unwrap_or(last).to_string();
-    }
-    Ok(segments.join("/"))
-}
-
-pub async fn list_git_credentials(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
-    };
-
-    let result: ServiceResult<ListGitCredentialsResponse> = async {
-        let user = authenticate(&req, &d1, &config).await?;
-        let rows: Vec<GitCredentialSummaryRow> = d1_all(
-            &d1,
-            dbq::git_credentials::list_by_user(&user.user_id),
-            "list git credentials",
-        )
-        .await?;
-        let credentials = rows
-            .into_iter()
-            .map(|row| GitCredentialSummary {
-                id: row.id,
-                label: row.label,
-                host: row.host,
-                path_prefix: row.path_prefix,
-                header_name: row.header_name,
-                created_at: row.created_at,
-                updated_at: row.updated_at,
-                last_used_at: row.last_used_at,
-            })
-            .collect();
-        Ok(ListGitCredentialsResponse { credentials })
-    }
-    .await;
-
-    match result {
-        Ok(body) => json_response(&body, 200),
-        Err(err) => err.into_err_response(),
-    }
-}
-
-pub async fn create_git_credential(mut req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
-    };
-
-    let result: ServiceResult<GitCredentialSummary> = async {
-        let user = authenticate(&req, &d1, &config).await?;
-        enforce_csrf_if_cookie_auth(&req, &config, user.auth_via_cookie)?;
-        let payload: CreateGitCredentialRequest = parse_json(&mut req).await?;
-
-        let keyring = config.credential_keyring.as_ref().ok_or_else(|| {
-            ServiceError::Internal("credential encryption is not configured".into())
-        })?;
-
-        let label = payload.label.trim().to_string();
-        if label.is_empty() {
-            return Err(ServiceError::BadRequest("label is required".into()));
-        }
-        if label.len() > 120 {
-            return Err(ServiceError::BadRequest(
-                "label is too long (max 120 chars)".into(),
-            ));
-        }
-        let host = normalize_host(&payload.host)?;
-        let path_prefix = normalize_path_prefix(payload.path_prefix.as_deref())?;
-        let header_name = normalize_header_name(&payload.header_name)?;
-        let header_value = payload.header_value.trim();
-        if header_value.is_empty() {
-            return Err(ServiceError::BadRequest("header_value is required".into()));
-        }
-        let header_value_enc = keyring.encrypt(header_value)?;
-
-        let credential_id = Uuid::new_v4().to_string();
-        d1_run(
-            &d1,
-            dbq::git_credentials::insert(
-                &credential_id,
-                &user.user_id,
-                &label,
-                &host,
-                &path_prefix,
-                &header_name,
-                &header_value_enc,
-            ),
-            "insert git credential",
-        )
-        .await?;
-
-        let row = d1_first::<GitCredentialSummaryRow>(
-            &d1,
-            dbq::git_credentials::get_by_id_and_user(&credential_id, &user.user_id),
-            "reload git credential",
-        )
-        .await?
-        .ok_or_else(|| ServiceError::Internal("failed to reload git credential".into()))?;
-
-        Ok(GitCredentialSummary {
-            id: row.id,
-            label: row.label,
-            host: row.host,
-            path_prefix: row.path_prefix,
-            header_name: row.header_name,
-            created_at: row.created_at,
-            updated_at: row.updated_at,
-            last_used_at: row.last_used_at,
-        })
-    }
-    .await;
-
-    match result {
-        Ok(body) => json_response(&body, 201),
-        Err(err) => err.into_err_response(),
-    }
-}
-
-pub async fn delete_git_credential(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
-    };
-
-    let result: ServiceResult<OkResponse> = async {
-        let user = authenticate(&req, &d1, &config).await?;
-        enforce_csrf_if_cookie_auth(&req, &config, user.auth_via_cookie)?;
-        let id = ctx
-            .param("id")
-            .ok_or_else(|| ServiceError::BadRequest("missing credential id".into()))?;
-
-        let existing = d1_first::<GitCredentialSummaryRow>(
-            &d1,
-            dbq::git_credentials::get_by_id_and_user(id, &user.user_id),
-            "lookup git credential",
-        )
-        .await?;
-        if existing.is_none() {
-            return Err(ServiceError::NotFound("credential not found".into()));
-        }
-
-        d1_run(
-            &d1,
-            dbq::git_credentials::delete_by_id_and_user(id, &user.user_id),
-            "delete git credential",
-        )
-        .await?;
-        Ok(OkResponse { ok: true })
-    }
-    .await;
-
-    match result {
-        Ok(body) => json_response(&body, 200),
-        Err(err) => err.into_err_response(),
-    }
-}
-
-pub async fn oauth_redirect(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
-    };
-
-    let result: ServiceResult<String> = async {
-        if config.jwt_secret.is_empty() {
-            return Err(opensession_api::ServiceError::Internal(
-                "JWT_SECRET not configured".into(),
-            ));
-        }
-
-        let provider_id = ctx
-            .param("provider")
-            .ok_or_else(|| opensession_api::ServiceError::BadRequest("missing provider".into()))?;
-        let provider = find_provider(&config, provider_id)?;
-
-        let state = crypto::generate_token()?;
-        let expires_at = (chrono::Utc::now() + chrono::Duration::minutes(10))
-            .format("%Y-%m-%d %H:%M:%S")
-            .to_string();
-
-        d1_run(
-            &d1,
-            dbq::oauth::insert_state(&state, provider_id, &expires_at, None),
-            "insert oauth state",
-        )
-        .await?;
-
-        let base_url = resolve_base_url(&req, &config);
-        let redirect_uri = format!("{base_url}/api/auth/oauth/{provider_id}/callback");
-        Ok(oauth::build_authorize_url(provider, &redirect_uri, &state))
-    }
-    .await;
-
-    match result {
-        Ok(location) => redirect_response(&location),
-        Err(err) => err.into_err_response(),
-    }
-}
-
-pub async fn oauth_callback(req: Request, ctx: RouteContext<()>) -> Result<Response> {
-    let config = WorkerConfig::from_env(&ctx.env);
-    let d1 = match storage::get_d1(&ctx.env) {
-        Ok(db) => db,
-        Err(err) => return service_internal("load d1 binding", err).into_err_response(),
-    };
-
-    let result: ServiceResult<(String, Vec<String>)> = async {
-        let provider_id = ctx
-            .param("provider")
-            .ok_or_else(|| opensession_api::ServiceError::BadRequest("missing provider".into()))?
-            .to_string();
-        let provider = find_provider(&config, &provider_id)?;
-        let base_url = resolve_base_url(&req, &config);
-
-        let query: std::collections::HashMap<String, String> = req
-            .url()
-            .map_err(|e| service_internal("parse callback url", e))?
-            .query_pairs()
-            .into_owned()
-            .collect();
-        let code = query.get("code").cloned().ok_or_else(|| {
-            opensession_api::ServiceError::BadRequest("missing code parameter".into())
-        })?;
-        let state_param = query.get("state").cloned().ok_or_else(|| {
-            opensession_api::ServiceError::BadRequest("missing state parameter".into())
-        })?;
-
-        let state_row: Option<OAuthStateRow> = d1_first(
-            &d1,
-            dbq::oauth::validate_state(&state_param),
-            "validate oauth state",
-        )
-        .await?;
-        let state_row = state_row.ok_or_else(|| {
-            opensession_api::ServiceError::BadRequest("invalid OAuth state".into())
-        })?;
-
-        if state_row.provider != provider_id {
-            return Err(opensession_api::ServiceError::BadRequest(
-                "OAuth state provider mismatch".into(),
-            ));
-        }
-        if state_row.expires_at < now_sqlite_datetime() {
-            return Err(opensession_api::ServiceError::BadRequest(
-                "OAuth state expired".into(),
-            ));
-        }
-        if state_row.user_id.is_some() {
-            return Err(opensession_api::ServiceError::BadRequest(
-                "OAuth linking callback is not supported in worker".into(),
-            ));
-        }
-
-        let _ = d1_run(
-            &d1,
-            dbq::oauth::delete_state(&state_param),
-            "delete oauth state",
-        )
-        .await;
-
-        let redirect_uri = format!("{base_url}/api/auth/oauth/{provider_id}/callback");
-        let token_body = oauth::build_token_request_form_encoded(provider, &code, &redirect_uri);
-        let mut token_init = RequestInit::new();
-        token_init.with_method(Method::Post);
-        token_init
-            .headers
-            .set("Accept", "application/json")
-            .map_err(|e| service_internal("oauth token request headers", e))?;
-        token_init
-            .headers
-            .set("Content-Type", "application/x-www-form-urlencoded")
-            .map_err(|e| service_internal("oauth token request headers", e))?;
-        token_init.with_body(Some(worker::wasm_bindgen::JsValue::from_str(&token_body)));
-
-        let token_req = Request::new_with_init(&provider.token_url, &token_init)
-            .map_err(|e| service_internal("oauth token request build", e))?;
-        let (token_status, token_raw) = fetch_text(token_req, "oauth token exchange").await?;
-
-        let access_token = oauth::parse_access_token_response(&token_raw).map_err(|e| {
-            let mut msg = if token_status < 400 {
-                e.message().to_string()
-            } else {
-                format!("{} (status {token_status})", e.message())
-            };
-            if msg.contains("incorrect_client_credentials") {
-                msg.push_str(
-                    "; verify GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET match the GitHub OAuth app",
-                );
-            }
-            opensession_api::ServiceError::Internal(msg)
-        })?;
-
-        let userinfo = fetch_json(
-            &provider.userinfo_url,
-            &access_token,
-            "fetch oauth userinfo",
-        )
-        .await?;
-        let emails = match provider.email_url.as_ref() {
-            Some(email_url) => {
-                let result = fetch_json(email_url, &access_token, "fetch oauth emails").await;
-                result
-                    .ok()
-                    .and_then(|json| json.as_array().map(|arr| arr.to_vec()))
-            }
-            None => None,
-        };
-
-        let user_info = oauth::extract_user_info(provider, &userinfo, emails.as_deref())?;
-
-        let existing_by_provider: Option<OAuthIdentityUserRow> = d1_first(
-            &d1,
-            dbq::oauth::find_by_provider(&provider_id, &user_info.provider_user_id),
-            "lookup oauth identity",
-        )
-        .await?;
-
-        let (user_id, nickname) = if let Some(existing) = existing_by_provider {
-            let existing_user: Option<UserRow> = d1_first(
-                &d1,
-                dbq::users::get_by_id(&existing.user_id),
-                "lookup oauth user",
-            )
-            .await?;
-            let existing_user = existing_user.ok_or_else(|| {
-                opensession_api::ServiceError::Unauthorized("user not found".into())
-            })?;
-
-            let _ = d1_run(
-                &d1,
-                dbq::oauth::upsert_identity(
-                    &existing.user_id,
-                    &provider_id,
-                    &user_info.provider_user_id,
-                    Some(&user_info.username),
-                    user_info.avatar_url.as_deref(),
-                    None,
-                ),
-                "update oauth identity",
-            )
-            .await;
-            (existing.user_id, existing_user.nickname)
-        } else {
-            let existing_by_email = match user_info.email.as_deref() {
-                Some(email) => {
-                    d1_first::<LoginRow>(
-                        &d1,
-                        dbq::users::get_by_email_for_login(email),
-                        "lookup user by oauth email",
-                    )
-                    .await?
-                }
-                None => None,
-            };
-
-            if let Some(existing) = existing_by_email {
-                let _ = d1_run(
-                    &d1,
-                    dbq::oauth::upsert_identity(
-                        &existing.id,
-                        &provider_id,
-                        &user_info.provider_user_id,
-                        Some(&user_info.username),
-                        user_info.avatar_url.as_deref(),
-                        None,
-                    ),
-                    "link oauth identity",
-                )
-                .await;
-                (existing.id, existing.nickname)
-            } else {
-                let user_id = Uuid::new_v4().to_string();
-                let nickname = user_info.username.clone();
-
-                d1_run(
-                    &d1,
-                    dbq::users::insert_oauth(&user_id, &nickname, user_info.email.as_deref()),
-                    "insert oauth user",
-                )
-                .await?;
-
-                d1_run(
-                    &d1,
-                    dbq::oauth::upsert_identity(
-                        &user_id,
-                        &provider_id,
-                        &user_info.provider_user_id,
-                        Some(&user_info.username),
-                        user_info.avatar_url.as_deref(),
-                        None,
-                    ),
-                    "insert oauth identity",
-                )
-                .await?;
-
-                (user_id, nickname)
-            }
-        };
-
-        if let Some(keyring) = config.credential_keyring.as_ref() {
-            let token_id = Uuid::new_v4().to_string();
-            let access_token_enc = keyring.encrypt(&access_token)?;
-            d1_run(
-                &d1,
-                dbq::oauth_provider_tokens::upsert_access_token(
-                    &token_id,
-                    &user_id,
-                    &provider_id,
-                    &oauth_provider_host(provider)?,
-                    &access_token_enc,
-                    None,
-                ),
-                "upsert oauth provider token",
-            )
-            .await?;
-        }
-
-        let tokens = issue_tokens(&d1, &config, &user_id, &nickname).await?;
-        let cookies = auth_cookie_values(&req, &config, &tokens)?;
-        Ok((format!("{base_url}/auth/callback"), cookies))
-    }
-    .await;
-
-    match result {
-        Ok((location, cookies)) => redirect_response_with_cookies(&location, &cookies),
-        Err(err) => err.into_err_response(),
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::{normalize_header_name, normalize_host, normalize_path_prefix};
-
-    #[test]
-    fn normalize_host_accepts_valid_and_rejects_invalid() {
-        assert_eq!(
-            normalize_host("GitLab.INTERNAL.example.com").expect("valid host"),
-            "gitlab.internal.example.com"
-        );
-        assert!(normalize_host("bad host/path").is_err());
-        assert!(normalize_host("").is_err());
-    }
-
-    #[test]
-    fn normalize_path_prefix_trims_and_strips_git_suffix() {
-        assert_eq!(
-            normalize_path_prefix(Some("/group/sub/repo.git/")).expect("prefix"),
-            "group/sub/repo"
-        );
-        assert_eq!(normalize_path_prefix(None).expect("empty"), "");
-        assert!(normalize_path_prefix(Some("../bad")).is_err());
-    }
-
-    #[test]
-    fn normalize_header_name_enforces_token_chars() {
-        assert_eq!(
-            normalize_header_name("X-GitLab-Token").expect("header"),
-            "X-GitLab-Token"
-        );
-        assert!(normalize_header_name("bad header").is_err());
-    }
-}
diff --git a/crates/worker/src/routes/auth/git_credentials.rs b/crates/worker/src/routes/auth/git_credentials.rs
new file mode 100644
index 00000000..6876a461
--- /dev/null
+++ b/crates/worker/src/routes/auth/git_credentials.rs
@@ -0,0 +1,305 @@
+use opensession_api::{
+    CreateGitCredentialRequest, GitCredentialSummary, ListGitCredentialsResponse, OkResponse,
+    ServiceError, db as dbq,
+};
+use serde::Deserialize;
+use uuid::Uuid;
+use worker::{Request, Response, Result, RouteContext};
+
+use crate::error::IntoErrResponse;
+
+use super::authenticate;
+use super::support::{
+    ServiceResult, d1_all, d1_first, d1_run, enforce_csrf_if_cookie_auth, json_response,
+    parse_json,
+};
+
+#[derive(Debug, Deserialize)]
+struct GitCredentialSummaryRow {
+    id: String,
+    label: String,
+    host: String,
+    path_prefix: String,
+    header_name: String,
+    created_at: String,
+    updated_at: String,
+    last_used_at: Option<String>,
+}
+
+fn normalize_header_name(raw: &str) -> ServiceResult<String> {
+    let trimmed = raw.trim();
+    if trimmed.is_empty() {
+        return Err(ServiceError::BadRequest("header_name is required".into()));
+    }
+    if trimmed.len() > 64 {
+        return Err(ServiceError::BadRequest(
+            "header_name is too long (max 64 chars)".into(),
+        ));
+    }
+    if !trimmed.bytes().all(|b| {
+        b.is_ascii_alphanumeric()
+            || matches!(
+                b,
+                b'!' | b'#'
+                    | b'$'
+                    | b'%'
+                    | b'&'
+                    | b'\''
+                    | b'*'
+                    | b'+'
+                    | b'-'
+                    | b'.'
+                    | b'^'
+                    | b'_'
+                    | b'`'
+                    | b'|'
+                    | b'~'
+            )
+    }) {
+        return Err(ServiceError::BadRequest(
+            "header_name contains invalid characters".into(),
+        ));
+    }
+    Ok(trimmed.to_string())
+}
+
+fn normalize_host(raw: &str) -> ServiceResult<String> {
+    let trimmed = raw.trim().to_ascii_lowercase();
+    if trimmed.is_empty() {
+        return Err(ServiceError::BadRequest("host is required".into()));
+    }
+    if trimmed.len() > 255 {
+        return Err(ServiceError::BadRequest(
+            "host is too long (max 255 chars)".into(),
+        ));
+    }
+    if trimmed.contains('/') || trimmed.contains(' ') {
+        return Err(ServiceError::BadRequest(
+            "host must not contain path separators or spaces".into(),
+        ));
+    }
+    if trimmed
+        .bytes()
+        .all(|b| b.is_ascii_alphanumeric() || matches!(b, b'.' | b'-' | b':'))
+    {
+        return Ok(trimmed);
+    }
+    Err(ServiceError::BadRequest(
+        "host contains invalid characters".into(),
+    ))
+}
+
+fn normalize_path_prefix(raw: Option<&str>) -> ServiceResult<String> {
+    let trimmed = raw.unwrap_or_default().trim().trim_matches('/').to_string();
+    if trimmed.is_empty() {
+        return Ok(String::new());
+    }
+    if trimmed.len() > 512 {
+        return Err(ServiceError::BadRequest(
+            "path_prefix is too long (max 512 chars)".into(),
+        ));
+    }
+    let mut segments = Vec::<String>::new();
+    for part in trimmed.split('/') {
+        let seg = part.trim();
+        if seg.is_empty() || seg == "." || seg == ".." || seg.contains('\\') {
+            return Err(ServiceError::BadRequest(
+                "path_prefix contains invalid segments".into(),
+            ));
+        }
+        segments.push(seg.to_string());
+    }
+    if let Some(last) = segments.last_mut() {
+        *last = last.strip_suffix(".git").unwrap_or(last).to_string();
+    }
+    Ok(segments.join("/"))
+}
+
+pub async fn list_git_credentials(req: Request, ctx: RouteContext<()>) -> Result<Response> {
+    let (config, d1) = match super::load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
+    };
+
+    let result: ServiceResult<ListGitCredentialsResponse> = async {
+        let user = authenticate(&req, &d1, &config).await?;
+        let rows: Vec<GitCredentialSummaryRow> = d1_all(
+            &d1,
+            dbq::git_credentials::list_by_user(&user.user_id),
+            "list git credentials",
+        )
+        .await?;
+        let credentials = rows
+            .into_iter()
+            .map(|row| GitCredentialSummary {
+                id: row.id,
+                label: row.label,
+                host: row.host,
+                path_prefix: row.path_prefix,
+                header_name: row.header_name,
+                created_at: row.created_at,
+                updated_at: row.updated_at,
+                last_used_at: row.last_used_at,
+            })
+            .collect();
+        Ok(ListGitCredentialsResponse { credentials })
+    }
+    .await;
+
+    match result {
+        Ok(body) => json_response(&body, 200),
+        Err(err) => err.into_err_response(),
+    }
+}
+
+pub async fn create_git_credential(
+    mut req: Request,
+    ctx: RouteContext<()>,
+) -> Result<Response> {
+    let (config, d1) = match super::load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
+    };
+
+    let result: ServiceResult<GitCredentialSummary> = async {
+        let user = authenticate(&req, &d1, &config).await?;
+        enforce_csrf_if_cookie_auth(&req, &config, user.auth_via_cookie)?;
+        let payload: CreateGitCredentialRequest = parse_json(&mut req).await?;
+
+        let keyring = config.credential_keyring.as_ref().ok_or_else(|| {
+            ServiceError::Internal("credential encryption is not configured".into())
+        })?;
+
+        let label = payload.label.trim().to_string();
+        if label.is_empty() {
+            return Err(ServiceError::BadRequest("label is required".into()));
+        }
+        if label.len() > 120 {
+            return Err(ServiceError::BadRequest(
+                "label is too long (max 120 chars)".into(),
+            ));
+        }
+        let host = normalize_host(&payload.host)?;
+        let path_prefix = normalize_path_prefix(payload.path_prefix.as_deref())?;
+        let header_name = normalize_header_name(&payload.header_name)?;
+        let header_value = payload.header_value.trim();
+        if header_value.is_empty() {
+            return Err(ServiceError::BadRequest("header_value is required".into()));
+        }
+        let header_value_enc = keyring.encrypt(header_value)?;
+
+        let credential_id = Uuid::new_v4().to_string();
+        d1_run(
+            &d1,
+            dbq::git_credentials::insert(
+                &credential_id,
+                &user.user_id,
+                &label,
+                &host,
+                &path_prefix,
+                &header_name,
+                &header_value_enc,
+            ),
+            "insert git credential",
+        )
+        .await?;
+
+        let row = d1_first::<GitCredentialSummaryRow>(
+            &d1,
+            dbq::git_credentials::get_by_id_and_user(&credential_id, &user.user_id),
+            "reload git credential",
+        )
+        .await?
+        .ok_or_else(|| ServiceError::Internal("failed to reload git credential".into()))?;
+
+        Ok(GitCredentialSummary {
+            id: row.id,
+            label: row.label,
+            host: row.host,
+            path_prefix: row.path_prefix,
+            header_name: row.header_name,
+            created_at: row.created_at,
+            updated_at: row.updated_at,
+            last_used_at: row.last_used_at,
+        })
+    }
+    .await;
+
+    match result {
+        Ok(body) => json_response(&body, 201),
+        Err(err) => err.into_err_response(),
+    }
+}
+
+pub async fn delete_git_credential(req: Request, ctx: RouteContext<()>) -> Result<Response> {
+    let (config, d1) = match super::load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
+    };
+
+    let result: ServiceResult<OkResponse> = async {
+        let user = authenticate(&req, &d1, &config).await?;
+        enforce_csrf_if_cookie_auth(&req, &config, user.auth_via_cookie)?;
+        let id = ctx
+            .param("id")
+            .ok_or_else(|| ServiceError::BadRequest("missing credential id".into()))?;
+
+        let existing = d1_first::<GitCredentialSummaryRow>(
+            &d1,
+            dbq::git_credentials::get_by_id_and_user(id, &user.user_id),
+            "lookup git credential",
+        )
+        .await?;
+        if existing.is_none() {
+            return Err(ServiceError::NotFound("credential not found".into()));
+        }
+
+        d1_run(
+            &d1,
+            dbq::git_credentials::delete_by_id_and_user(id, &user.user_id),
+            "delete git credential",
+        )
+        .await?;
+        Ok(OkResponse { ok: true })
+    }
+    .await;
+
+    match result {
+        Ok(body) => json_response(&body, 200),
+        Err(err) => err.into_err_response(),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{normalize_header_name, normalize_host, normalize_path_prefix};
+
+    #[test]
+    fn normalize_host_accepts_valid_and_rejects_invalid() {
+        assert_eq!(
+            normalize_host("GitLab.INTERNAL.example.com").expect("valid host"),
+            "gitlab.internal.example.com"
+        );
+        assert!(normalize_host("bad host/path").is_err());
+        assert!(normalize_host("").is_err());
+    }
+
+    #[test]
+    fn normalize_path_prefix_trims_and_strips_git_suffix() {
+        assert_eq!(
+            normalize_path_prefix(Some("/group/sub/repo.git/")).expect("prefix"),
+            "group/sub/repo"
+        );
+        assert_eq!(normalize_path_prefix(None).expect("empty"), "");
+        assert!(normalize_path_prefix(Some("../bad")).is_err());
+    }
+
+    #[test]
+    fn normalize_header_name_enforces_token_chars() {
+        assert_eq!(
+            normalize_header_name("X-GitLab-Token").expect("header"),
+            "X-GitLab-Token"
+        );
+        assert!(normalize_header_name("bad header").is_err());
+    }
+}
diff --git a/crates/worker/src/routes/auth/oauth_flow.rs b/crates/worker/src/routes/auth/oauth_flow.rs
new file mode 100644
index 00000000..07324a65
--- /dev/null
+++ b/crates/worker/src/routes/auth/oauth_flow.rs
@@ -0,0 +1,381 @@
+use opensession_api::{
+    ServiceError, db as dbq,
+    oauth::{self, OAuthProviderConfig},
+};
+use uuid::Uuid;
+use worker::*;
+
+use crate::config::WorkerConfig;
+use crate::error::IntoErrResponse;
+
+use super::issue_tokens;
+use super::support::{
+    LoginRow, OAuthIdentityUserRow, OAuthStateRow, ServiceResult, UserRow, auth_cookie_values,
+    d1_first, d1_run, now_sqlite_datetime, service_internal,
+};
+
+fn find_provider<'a>(
+    config: &'a WorkerConfig,
+    provider_id: &str,
+) -> ServiceResult<&'a OAuthProviderConfig> {
+    config
+        .oauth_providers
+        .iter()
+        .find(|provider| provider.id == provider_id)
+        .ok_or_else(|| ServiceError::NotFound(format!("OAuth provider '{provider_id}' not found")))
+}
+
+pub(super) fn provider_display_name(provider_id: &str) -> String {
+    match provider_id {
+        "github" => "GitHub".to_string(),
+        "gitlab" => "GitLab".to_string(),
+        other => other.to_string(),
+    }
+}
+
+fn oauth_provider_host(provider: &OAuthProviderConfig) -> ServiceResult<String> {
+    let parsed = Url::parse(&provider.token_url)
+        .map_err(|_| ServiceError::Internal("invalid OAuth provider token URL".into()))?;
+    let host = parsed.host_str().ok_or_else(|| {
+        ServiceError::Internal("OAuth provider token URL missing host".into())
+    })?;
+    Ok(host.to_ascii_lowercase())
+}
+
+fn resolve_base_url(req: &Request, config: &WorkerConfig) -> String {
+    if let Some(base_url) = config.base_url.as_ref() {
+        return base_url.trim_end_matches('/').to_string();
+    }
+
+    if let Ok(url) = req.url() {
+        let mut base = format!("{}://{}", url.scheme(), url.host_str().unwrap_or_default());
+        if let Some(port) = url.port() {
+            base.push(':');
+            base.push_str(&port.to_string());
+        }
+        return base;
+    }
+
+    "https://opensession.io".to_string()
+}
+
+pub async fn oauth_redirect(req: Request, ctx: RouteContext<()>) -> Result<Response> {
+    let (config, d1) = match super::load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
+    };
+
+    let result: ServiceResult<String> = async {
+        if config.jwt_secret.is_empty() {
+            return Err(ServiceError::Internal("JWT_SECRET not configured".into()));
+        }
+
+        let provider_id = ctx
+            .param("provider")
+            .ok_or_else(|| ServiceError::BadRequest("missing provider".into()))?;
+        let provider = find_provider(&config, provider_id)?;
+
+        let state = opensession_api::crypto::generate_token()?;
+        let expires_at = (chrono::Utc::now() + chrono::Duration::minutes(10))
+            .format("%Y-%m-%d %H:%M:%S")
+            .to_string();
+
+        d1_run(
+            &d1,
+            dbq::oauth::insert_state(&state, provider_id, &expires_at, None),
+            "insert oauth state",
+        )
+        .await?;
+
+        let base_url = resolve_base_url(&req, &config);
+        let redirect_uri = format!("{base_url}/api/auth/oauth/{provider_id}/callback");
+        Ok(oauth::build_authorize_url(provider, &redirect_uri, &state))
+    }
+    .await;
+
+    match result {
+        Ok(location) => redirect_response(&location),
+        Err(err) => err.into_err_response(),
+    }
+}
+
+pub async fn oauth_callback(req: Request, ctx: RouteContext<()>) -> Result<Response> {
+    let (config, d1) = match super::load_config_and_d1(&ctx) {
+        Ok(values) => values,
+        Err(err) => return err.into_err_response(),
+    };
+
+    let result: ServiceResult<(String, Vec<String>)> = async {
+        let provider_id = ctx
+            .param("provider")
+            .ok_or_else(|| ServiceError::BadRequest("missing provider".into()))?
+            .to_string();
+        let provider = find_provider(&config, &provider_id)?;
+        let base_url = resolve_base_url(&req, &config);
+
+        let query: std::collections::HashMap<String, String> = req
+            .url()
+            .map_err(|e| service_internal("parse callback url", e))?
+            .query_pairs()
+            .into_owned()
+            .collect();
+        let code = query
+            .get("code")
+            .cloned()
+            .ok_or_else(|| ServiceError::BadRequest("missing code parameter".into()))?;
+        let state_param = query
+            .get("state")
+            .cloned()
+            .ok_or_else(|| ServiceError::BadRequest("missing state parameter".into()))?;
+
+        let state_row: Option<OAuthStateRow> = d1_first(
+            &d1,
+            dbq::oauth::validate_state(&state_param),
+            "validate oauth state",
+        )
+        .await?;
+        let state_row =
+            state_row.ok_or_else(|| ServiceError::BadRequest("invalid OAuth state".into()))?;
+
+        if state_row.provider != provider_id {
+            return Err(ServiceError::BadRequest("OAuth state provider mismatch".into()));
+        }
+        if state_row.expires_at < now_sqlite_datetime() {
+            return Err(ServiceError::BadRequest("OAuth state expired".into()));
+        }
+        if state_row.user_id.is_some() {
+            return Err(ServiceError::BadRequest(
+                "OAuth linking callback is not supported in worker".into(),
+            ));
+        }
+
+        let _ = d1_run(
+            &d1,
+            dbq::oauth::delete_state(&state_param),
+            "delete oauth state",
+        )
+        .await;
+
+        let redirect_uri = format!("{base_url}/api/auth/oauth/{provider_id}/callback");
+        let token_body = oauth::build_token_request_form_encoded(provider, &code, &redirect_uri);
+        let mut token_init = RequestInit::new();
+        token_init.with_method(Method::Post);
+        token_init
+            .headers
+            .set("Accept", "application/json")
+            .map_err(|e| service_internal("oauth token request headers", e))?;
+        token_init
+            .headers
+            .set("Content-Type", "application/x-www-form-urlencoded")
+            .map_err(|e| service_internal("oauth token request headers", e))?;
+        token_init.with_body(Some(worker::wasm_bindgen::JsValue::from_str(&token_body)));
+
+        let token_req = Request::new_with_init(&provider.token_url, &token_init)
+            .map_err(|e| service_internal("oauth token request build", e))?;
+        let (token_status, token_raw) = fetch_text(token_req, "oauth token exchange").await?;
+
+        let access_token = oauth::parse_access_token_response(&token_raw).map_err(|e| {
+            let mut msg = if token_status < 400 {
+                e.message().to_string()
+            } else {
+                format!("{} (status {token_status})", e.message())
+            };
+            if msg.contains("incorrect_client_credentials") {
+                msg.push_str(
+                    "; verify GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET match the GitHub OAuth app",
+                );
+            }
+            ServiceError::Internal(msg)
+        })?;
+
+        let userinfo = fetch_json(
+            &provider.userinfo_url,
+            &access_token,
+            "fetch oauth userinfo",
+        )
+        .await?;
+        let emails = match provider.email_url.as_ref() {
+            Some(email_url) => fetch_json(email_url, &access_token, "fetch oauth emails")
+                .await
+                .ok()
+                .and_then(|json| json.as_array().map(|arr| arr.to_vec())),
+            None => None,
+        };
+
+        let user_info = oauth::extract_user_info(provider, &userinfo, emails.as_deref())?;
+
+        let existing_by_provider: Option<OAuthIdentityUserRow> = d1_first(
+            &d1,
+            dbq::oauth::find_by_provider(&provider_id, &user_info.provider_user_id),
+            "lookup oauth identity",
+        )
+        .await?;
+
+        let (user_id, nickname) = if let Some(existing) = existing_by_provider {
+            let existing_user: Option<UserRow> = d1_first(
+                &d1,
+                dbq::users::get_by_id(&existing.user_id),
+                "lookup oauth user",
+            )
+            .await?;
+            let existing_user = existing_user
+                .ok_or_else(|| ServiceError::Unauthorized("user not found".into()))?;
+
+            let _ = d1_run(
+                &d1,
+                dbq::oauth::upsert_identity(
+                    &existing.user_id,
+                    &provider_id,
+                    &user_info.provider_user_id,
+                    Some(&user_info.username),
+                    user_info.avatar_url.as_deref(),
+                    None,
+                ),
+                "update oauth identity",
+            )
+            .await;
+            (existing.user_id, existing_user.nickname)
+        } else {
+            let existing_by_email = match user_info.email.as_deref() {
+                Some(email) => {
+                    d1_first::<LoginRow>(
+                        &d1,
+                        dbq::users::get_by_email_for_login(email),
+                        "lookup user by oauth email",
+                    )
+                    .await?
+                }
+                None => None,
+            };
+
+            if let Some(existing) = existing_by_email {
+                let _ = d1_run(
+                    &d1,
+                    dbq::oauth::upsert_identity(
+                        &existing.id,
+                        &provider_id,
+                        &user_info.provider_user_id,
+                        Some(&user_info.username),
+                        user_info.avatar_url.as_deref(),
+                        None,
+                    ),
+                    "link oauth identity",
+                )
+                .await;
+                (existing.id, existing.nickname)
+            } else {
+                let user_id = Uuid::new_v4().to_string();
+                let nickname = user_info.username.clone();
+
+                d1_run(
+                    &d1,
+                    dbq::users::insert_oauth(&user_id, &nickname, user_info.email.as_deref()),
+                    "insert oauth user",
+                )
+                .await?;
+
+                d1_run(
+                    &d1,
+                    dbq::oauth::upsert_identity(
+                        &user_id,
+                        &provider_id,
+                        &user_info.provider_user_id,
+                        Some(&user_info.username),
+                        user_info.avatar_url.as_deref(),
+                        None,
+                    ),
+                    "insert oauth identity",
+                )
+                .await?;
+
+                (user_id, nickname)
+            }
+        };
+
+        if let Some(keyring) = config.credential_keyring.as_ref() {
+            let token_id = Uuid::new_v4().to_string();
+            let access_token_enc = keyring.encrypt(&access_token)?;
+            d1_run(
+                &d1,
+                dbq::oauth_provider_tokens::upsert_access_token(
+                    &token_id,
+                    &user_id,
+                    &provider_id,
+                    &oauth_provider_host(provider)?,
+                    &access_token_enc,
+                    None,
+                ),
+                "upsert oauth provider token",
+            )
+            .await?;
+        }
+
+        let tokens = issue_tokens(&d1, &config, &user_id, &nickname).await?;
+        let cookies = auth_cookie_values(&req, &config, &tokens)?;
+        Ok((format!("{base_url}/auth/callback"), cookies))
+    }
+    .await;
+
+    match result {
+        Ok((location, cookies)) => redirect_response_with_cookies(&location, &cookies),
+        Err(err) => err.into_err_response(),
+    }
+}
+
+pub(super) async fn fetch_text(
+    req: Request,
+    context: &str,
+) -> ServiceResult<(u16, String)> {
+    let mut resp = Fetch::Request(req)
+        .send()
+        .await
+        .map_err(|e| service_internal(context, e))?;
+    let status = resp.status_code();
+    let body = resp
+        .text()
+        .await
+        .map_err(|e| service_internal(context, e))?;
+    Ok((status, body))
+}
+
+pub(super) async fn fetch_json(
+    url: &str,
+    bearer_token: &str,
+    context: &str,
+) -> ServiceResult<serde_json::Value> {
+    let mut init = RequestInit::new();
+    init.with_method(Method::Get);
+    init.headers
+        .set("Authorization", &format!("Bearer {bearer_token}"))
+        .map_err(|e| service_internal(context, e))?;
+    init.headers
+        .set("Accept", "application/json")
+        .map_err(|e| service_internal(context, e))?;
+    init.headers
+        .set("User-Agent", "opensession-worker")
+        .map_err(|e| service_internal(context, e))?;
+
+    let req = Request::new_with_init(url, &init).map_err(|e| service_internal(context, e))?;
+    let response = Fetch::Request(req).send().await;
+    let mut resp = response.map_err(|e| service_internal(context, e))?;
+    let json = resp.json::<serde_json::Value>().await;
+    json.map_err(|e| service_internal(context, e))
+}
+
+pub(super) fn redirect_response(location: &str) -> Result<Response> {
+    let headers = Headers::new();
+    headers.set("Location", location)?;
+    Ok(Response::empty()?.with_status(302).with_headers(headers))
+}
+
+pub(super) fn redirect_response_with_cookies(
+    location: &str,
+    cookies: &[String],
+) -> Result<Response> {
+    let headers = Headers::new();
+    headers.set("Location", location)?;
+    for cookie in cookies {
+        headers.append("Set-Cookie", cookie)?;
+    }
+    Ok(Response::empty()?.with_status(302).with_headers(headers))
+}
diff --git a/crates/worker/src/routes/auth/support.rs b/crates/worker/src/routes/auth/support.rs
new file mode 100644
index 00000000..05cc3f98
--- /dev/null
+++ b/crates/worker/src/routes/auth/support.rs
@@ -0,0 +1,292 @@
+use opensession_api::{AuthTokenResponse, ServiceError, crypto};
+use serde::{Deserialize, Serialize};
+use worker::*;
+
+use crate::config::WorkerConfig;
+use crate::db_helpers::values_to_js;
+
+pub(super) type ServiceResult<T> = std::result::Result<T, ServiceError>;
+
+pub(super) const ACCESS_COOKIE_NAME: &str = "opensession_access_token";
+pub(super) const REFRESH_COOKIE_NAME: &str = "opensession_refresh_token";
+pub(super) const CSRF_COOKIE_NAME: &str = "opensession_csrf_token";
+pub(super) const CSRF_HEADER_NAME: &str = "x-csrf-token";
+
+#[derive(Debug, Deserialize)]
+pub(super) struct UserRow {
+    pub(super) id: String,
+    pub(super) nickname: String,
+    pub(super) email: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct LoginRow {
+    pub(super) id: String,
+    pub(super) nickname: String,
+    pub(super) password_hash: Option<String>,
+    pub(super) password_salt: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct RefreshRow {
+    pub(super) id: String,
+    pub(super) user_id: String,
+    pub(super) expires_at: String,
+    pub(super) nickname: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct SettingsRow {
+    pub(super) created_at: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct OAuthIdentityRow {
+    pub(super) provider: String,
+    pub(super) provider_username: Option<String>,
+    pub(super) avatar_url: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct OAuthStateRow {
+    pub(super) provider: String,
+    pub(super) expires_at: String,
+    pub(super) user_id: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+pub(super) struct OAuthIdentityUserRow {
+    pub(super) user_id: String,
+}
+
+pub(super) fn now_unix() -> u64 {
+    let now = chrono::Utc::now().timestamp();
+    if now < 0 { 0 } else { now as u64 }
+}
+
+pub(super) fn now_sqlite_datetime() -> String {
+    chrono::Utc::now().format("%Y-%m-%d %H:%M:%S").to_string()
+}
+
+pub(super) fn parse_cookie_value(headers: &Headers, name: &str) -> Option<String> {
+    headers.get("Cookie").ok().flatten().and_then(|raw| {
+        raw.split(';').find_map(|entry| {
+            let mut parts = entry.trim().splitn(2, '=');
+            let key = parts.next()?.trim();
+            let value = parts.next()?.trim();
+            if key == name {
+                Some(value.to_string())
+            } else {
+                None
+            }
+        })
+    })
+}
+
+fn constant_time_eq(lhs: &str, rhs: &str) -> bool {
+    let left = lhs.as_bytes();
+    let right = rhs.as_bytes();
+    if left.len() != right.len() {
+        return false;
+    }
+    let mut diff = 0u8;
+    for (a, b) in left.iter().zip(right.iter()) {
+        diff |= a ^ b;
+    }
+    diff == 0
+}
+
+fn secure_cookie_mode(req: &Request, config: &WorkerConfig) -> bool {
+    if let Ok(Some(proto)) = req.headers().get("x-forwarded-proto") {
+        if proto
+            .split(',')
+            .next()
+            .is_some_and(|value| value.trim().eq_ignore_ascii_case("https"))
+        {
+            return true;
+        }
+    }
+    if let Ok(url) = req.url() {
+        if url.scheme().eq_ignore_ascii_case("https") {
+            return true;
+        }
+    }
+    config
+        .base_url
+        .as_deref()
+        .is_some_and(|value| value.to_ascii_lowercase().starts_with("https://"))
+}
+
+fn build_set_cookie(
+    name: &str,
+    value: &str,
+    max_age_secs: i64,
+    path: &str,
+    http_only: bool,
+    secure: bool,
+) -> String {
+    let mut cookie = format!("{name}={value}; Path={path}; Max-Age={max_age_secs}; SameSite=Lax");
+    if http_only {
+        cookie.push_str("; HttpOnly");
+    }
+    if secure {
+        cookie.push_str("; Secure");
+    }
+    cookie
+}
+
+pub(super) fn auth_cookie_values(
+    req: &Request,
+    config: &WorkerConfig,
+    tokens: &AuthTokenResponse,
+) -> ServiceResult<Vec<String>> {
+    let secure = secure_cookie_mode(req, config);
+    let csrf = crypto::generate_token()?;
+    Ok(vec![
+        build_set_cookie(
+            ACCESS_COOKIE_NAME,
+            &tokens.access_token,
+            tokens.expires_in as i64,
+            "/api",
+            true,
+            secure,
+        ),
+        build_set_cookie(
+            REFRESH_COOKIE_NAME,
+            &tokens.refresh_token,
+            crypto::REFRESH_EXPIRY_SECS as i64,
+            "/api",
+            true,
+            secure,
+        ),
+        build_set_cookie(
+            CSRF_COOKIE_NAME,
+            &csrf,
+            crypto::REFRESH_EXPIRY_SECS as i64,
+            "/",
+            false,
+            secure,
+        ),
+    ])
+}
+
+pub(super) fn clear_auth_cookie_values(req: &Request, config: &WorkerConfig) -> Vec<String> {
+    let secure = secure_cookie_mode(req, config);
+    vec![
+        build_set_cookie(ACCESS_COOKIE_NAME, "", 0, "/api", true, secure),
+        build_set_cookie(REFRESH_COOKIE_NAME, "", 0, "/api", true, secure),
+        build_set_cookie(CSRF_COOKIE_NAME, "", 0, "/", false, secure),
+    ]
+}
+
+pub(super) fn enforce_csrf_if_cookie_auth(
+    req: &Request,
+    config: &WorkerConfig,
+    using_cookie_auth: bool,
+) -> ServiceResult<()> {
+    if !using_cookie_auth {
+        return Ok(());
+    }
+    let origin = req
+        .headers()
+        .get("Origin")
+        .map_err(|e| service_internal("read origin header", e))?
+        .ok_or_else(|| ServiceError::Unauthorized("missing request origin".into()))?;
+    if !config.allowed_origins.iter().any(|value| value == &origin) {
+        return Err(ServiceError::Unauthorized(
+            "request origin is not allowed".into(),
+        ));
+    }
+    let csrf_cookie = parse_cookie_value(req.headers(), CSRF_COOKIE_NAME)
+        .ok_or_else(|| ServiceError::Unauthorized("missing csrf cookie".into()))?;
+    let csrf_header = req
+        .headers()
+        .get(CSRF_HEADER_NAME)
+        .map_err(|e| service_internal("read csrf header", e))?
+        .ok_or_else(|| ServiceError::Unauthorized("missing csrf header".into()))?;
+    if !constant_time_eq(&csrf_cookie, &csrf_header) {
+        return Err(ServiceError::Unauthorized("csrf token mismatch".into()));
+    }
+    Ok(())
+}
+
+pub(super) fn service_internal(
+    context: &str,
+    err: impl std::fmt::Display,
+) -> ServiceError {
+    ServiceError::Internal(format!("{context}: {err}"))
+}
+
+pub(super) fn json_response<T: Serialize>(value: &T, status: u16) -> Result<Response> {
+    Response::from_json(value).map(|resp| resp.with_status(status))
+}
+
+pub(super) fn json_response_with_cookies<T: Serialize>(
+    value: &T,
+    status: u16,
+    cookies: &[String],
+) -> Result<Response> {
+    let resp = json_response(value, status)?;
+    let headers = Headers::new();
+    for cookie in cookies {
+        headers.append("Set-Cookie", cookie)?;
+    }
+    Ok(resp.with_headers(headers))
+}
+
+pub(super) async fn parse_json<T: for<'de> Deserialize<'de>>(
+    req: &mut Request,
+) -> ServiceResult<T> {
+    req.json()
+        .await
+        .map_err(|_| ServiceError::BadRequest("invalid request body".into()))
+}
+
+pub(super) async fn d1_first<T: for<'de> Deserialize<'de>>(
+    d1: &D1Database,
+    built: (String, sea_query::Values),
+    context: &str,
+) -> ServiceResult<Option<T>> {
+    let (sql, values) = built;
+    let stmt = d1
+        .prepare(&sql)
+        .bind(&values_to_js(&values))
+        .map_err(|e| service_internal(context, e))?;
+    let result = stmt.first(None).await;
+    result.map_err(|e| service_internal(context, e))
+}
+
+pub(super) async fn d1_all<T: for<'de> Deserialize<'de>>(
+    d1: &D1Database,
+    built: (String, sea_query::Values),
+    context: &str,
+) -> ServiceResult<Vec<T>> {
+    let (sql, values) = built;
+    let stmt = d1
+        .prepare(&sql)
+        .bind(&values_to_js(&values))
+        .map_err(|e| service_internal(context, e))?;
+    let result = stmt.all().await.map_err(|e| service_internal(context, e))?;
+    result
+        .results::<T>()
+        .map_err(|e| service_internal(context, e))
+}
+
+pub(super) async fn d1_run(
+    d1: &D1Database,
+    built: (String, sea_query::Values),
+    context: &str,
+) -> ServiceResult<()> {
+    let (sql, values) = built;
+    let stmt = d1
+        .prepare(&sql)
+        .bind(&values_to_js(&values))
+        .map_err(|e| service_internal(context, e))?;
+    let result = stmt.run().await.map_err(|e| service_internal(context, e))?;
+    if !result.success() {
+        return Err(ServiceError::Internal(
+            result.error().unwrap_or_else(|| format!("{context} failed")),
+        ));
+    }
+    Ok(())
+}
diff --git a/desktop/src-tauri/src/app/change_reader.rs b/desktop/src-tauri/src/app/change_reader.rs
new file mode 100644
index 00000000..39c1b591
--- /dev/null
+++ b/desktop/src-tauri/src/app/change_reader.rs
@@ -0,0 +1,802 @@
+use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
+use opensession_api::{
+    DesktopApiError, DesktopChangeQuestionRequest, DesktopChangeQuestionResponse,
+    DesktopChangeReadRequest, DesktopChangeReadResponse, DesktopChangeReaderScope,
+    DesktopChangeReaderTtsRequest, DesktopChangeReaderTtsResponse,
+    DesktopSessionSummaryResponse, DesktopSummaryProviderId,
+};
+use opensession_core::trace::{ContentBlock, Event, EventType, Session as HailSession};
+use opensession_local_db::LocalDb;
+use opensession_runtime_config::{
+    ChangeReaderVoiceProvider, DaemonConfig, SummaryProvider,
+};
+use opensession_summary::provider::generate_text;
+use serde_json::json;
+use std::time::Duration;
+
+use crate::app::session_summary::load_session_summary_for_runtime;
+use crate::{
+    CHANGE_READER_MAX_EVENTS, CHANGE_READER_MAX_LINE_CHARS, DesktopApiResult, desktop_error,
+    load_normalized_session_body, load_runtime_config, map_change_reader_scope_from_runtime,
+    map_summary_provider_id_from_runtime, open_local_db,
+};
+
+#[derive(Debug, Clone)]
+struct ChangeReaderContextPayload {
+    session_id: String,
+    scope: DesktopChangeReaderScope,
+    context: String,
+    citations: Vec<String>,
+    provider: Option<DesktopSummaryProviderId>,
+    warning: Option<String>,
+}
+
+fn compact_ws(raw: &str) -> String {
+    raw.split_whitespace().collect::<Vec<_>>().join(" ")
+}
+
+fn trim_chars(raw: &str, max_chars: usize) -> String {
+    let normalized = compact_ws(raw);
+    if normalized.chars().count() <= max_chars {
+        return normalized;
+    }
+    let mut out = String::new();
+    for ch in normalized.chars().take(max_chars.saturating_sub(1)) {
+        out.push(ch);
+    }
+    out.push('…');
+    out
+}
+
+fn json_value_compact(value: &serde_json::Value, max_chars: usize) -> String {
+    let raw = serde_json::to_string(value).unwrap_or_else(|_| value.to_string());
+    trim_chars(&raw, max_chars)
+}
+
+fn event_type_label(event_type: &EventType) -> &'static str {
+    match event_type {
+        EventType::UserMessage => "user",
+        EventType::AgentMessage => "agent",
+        EventType::SystemMessage => "system",
+        EventType::Thinking => "thinking",
+        EventType::ToolCall { .. } => "tool_call",
+        EventType::ToolResult { .. } => "tool_result",
+        EventType::FileRead { .. } => "file_read",
+        EventType::CodeSearch { .. } => "code_search",
+        EventType::FileSearch { .. } => "file_search",
+        EventType::FileEdit { .. } => "file_edit",
+        EventType::FileCreate { .. } => "file_create",
+        EventType::FileDelete { .. } => "file_delete",
+        EventType::ShellCommand { .. } => "shell",
+        EventType::ImageGenerate { .. } => "image_generate",
+        EventType::VideoGenerate { .. } => "video_generate",
+        EventType::AudioGenerate { .. } => "audio_generate",
+        EventType::WebSearch { .. } => "web_search",
+        EventType::WebFetch { .. } => "web_fetch",
+        EventType::TaskStart { .. } => "task_start",
+        EventType::TaskEnd { .. } => "task_end",
+        EventType::Custom { .. } => "custom",
+        _ => "event",
+    }
+}
+
+fn event_type_payload(event_type: &EventType) -> Option<String> {
+    match event_type {
+        EventType::ToolCall { name } => Some(format!("tool={name}")),
+        EventType::ToolResult {
+            name,
+            is_error,
+            call_id,
+        } => Some(format!(
+            "tool={} result={}{}",
+            name,
+            if *is_error { "error" } else { "ok" },
+            call_id
+                .as_deref()
+                .map(|id| format!(" call_id={id}"))
+                .unwrap_or_default()
+        )),
+        EventType::FileRead { path }
+        | EventType::FileEdit { path, .. }
+        | EventType::FileCreate { path }
+        | EventType::FileDelete { path } => Some(format!("path={path}")),
+        EventType::CodeSearch { query } | EventType::WebSearch { query } => {
+            Some(format!("query={}", trim_chars(query, 90)))
+        }
+        EventType::FileSearch { pattern } => Some(format!("pattern={}", trim_chars(pattern, 90))),
+        EventType::ShellCommand { command, exit_code } => Some(format!(
+            "cmd={}{}",
+            trim_chars(command, 120),
+            exit_code
+                .map(|code| format!(" exit_code={code}"))
+                .unwrap_or_default()
+        )),
+        EventType::ImageGenerate { prompt }
+        | EventType::VideoGenerate { prompt }
+        | EventType::AudioGenerate { prompt } => Some(format!("prompt={}", trim_chars(prompt, 90))),
+        EventType::WebFetch { url } => Some(format!("url={url}")),
+        EventType::TaskStart { title } => title
+            .as_deref()
+            .map(|raw| format!("title={}", trim_chars(raw, 90))),
+        EventType::TaskEnd { summary } => summary
+            .as_deref()
+            .map(|raw| format!("summary={}", trim_chars(raw, 90))),
+        EventType::Custom { kind } => Some(format!("kind={kind}")),
+        _ => None,
+    }
+}
+
+fn event_content_excerpt(event: &Event) -> Option<String> {
+    let mut parts = Vec::<String>::new();
+    for block in &event.content.blocks {
+        let rendered = match block {
+            ContentBlock::Text { text } => trim_chars(text, CHANGE_READER_MAX_LINE_CHARS),
+            ContentBlock::Code { code, .. } => {
+                let first_line = code.lines().next().unwrap_or_default();
+                format!("code: {}", trim_chars(first_line, 120))
+            }
+            ContentBlock::Image { alt, url, .. } => {
+                let label = alt.as_deref().unwrap_or("image");
+                format!("{label}: {url}")
+            }
+            ContentBlock::Video { url, .. } => format!("video: {url}"),
+            ContentBlock::Audio { url, .. } => format!("audio: {url}"),
+            ContentBlock::File { path, content } => {
+                let head = content
+                    .as_deref()
+                    .map(|raw| trim_chars(raw, 80))
+                    .unwrap_or_else(|| "content omitted".to_string());
+                format!("file {path}: {head}")
+            }
+            ContentBlock::Json { data } => format!("json: {}", json_value_compact(data, 120)),
+            ContentBlock::Reference { uri, .. } => format!("ref: {uri}"),
+            _ => String::new(),
+        };
+        if rendered.trim().is_empty() {
+            continue;
+        }
+        parts.push(rendered);
+        if parts.len() >= 2 {
+            break;
+        }
+    }
+    if parts.is_empty() {
+        None
+    } else {
+        Some(parts.join(" | "))
+    }
+}
+
+fn summary_lines_for_reader(summary: &DesktopSessionSummaryResponse) -> Vec<String> {
+    let mut lines = Vec::<String>::new();
+    if let Some(summary_obj) = summary.summary.as_ref().and_then(|value| value.as_object()) {
+        if let Some(changes) = summary_obj.get("changes").and_then(|value| value.as_str()) {
+            if !changes.trim().is_empty() {
+                lines.push(format!("changes: {}", trim_chars(changes, 280)));
+            }
+        }
+        if let Some(auth_security) = summary_obj
+            .get("auth_security")
+            .and_then(|value| value.as_str())
+        {
+            if !auth_security.trim().is_empty() {
+                lines.push(format!("auth_security: {}", trim_chars(auth_security, 200)));
+            }
+        }
+        if let Some(layer_items) = summary_obj
+            .get("layer_file_changes")
+            .and_then(|value| value.as_array())
+        {
+            for item in layer_items.iter().take(12) {
+                let layer = item
+                    .get("layer")
+                    .and_then(|value| value.as_str())
+                    .unwrap_or("(layer)");
+                let detail = item
+                    .get("summary")
+                    .and_then(|value| value.as_str())
+                    .unwrap_or_default();
+                let files = item
+                    .get("files")
+                    .and_then(|value| value.as_array())
+                    .map(|entries| {
+                        entries
+                            .iter()
+                            .filter_map(|entry| entry.as_str())
+                            .take(5)
+                            .collect::<Vec<_>>()
+                            .join(", ")
+                    })
+                    .unwrap_or_default();
+                lines.push(format!(
+                    "layer {}: {}{}",
+                    trim_chars(layer, 60),
+                    trim_chars(detail, 120),
+                    if files.is_empty() {
+                        String::new()
+                    } else {
+                        format!(" (files: {files})")
+                    }
+                ));
+            }
+        }
+    } else if let Some(value) = &summary.summary {
+        lines.push(format!(
+            "semantic_summary_json: {}",
+            json_value_compact(value, 260)
+        ));
+    }
+
+    for layer in summary.diff_tree.iter().take(8) {
+        let Some(layer_obj) = layer.as_object() else {
+            continue;
+        };
+        let layer_name = layer_obj
+            .get("layer")
+            .and_then(|value| value.as_str())
+            .unwrap_or("(layer)");
+        let file_count = layer_obj
+            .get("file_count")
+            .and_then(|value| value.as_u64())
+            .unwrap_or_default();
+        let added = layer_obj
+            .get("lines_added")
+            .and_then(|value| value.as_u64())
+            .unwrap_or_default();
+        let removed = layer_obj
+            .get("lines_removed")
+            .and_then(|value| value.as_u64())
+            .unwrap_or_default();
+        lines.push(format!(
+            "diff_layer {}: files={} +{} -{}",
+            trim_chars(layer_name, 60),
+            file_count,
+            added,
+            removed
+        ));
+    }
+
+    if let Some(source_kind) = summary.source_kind.as_deref() {
+        lines.push(format!("source_kind: {source_kind}"));
+    }
+    if let Some(generation_kind) = summary.generation_kind.as_deref() {
+        lines.push(format!("generation_kind: {generation_kind}"));
+    }
+    if let Some(error) = summary.error.as_deref() {
+        lines.push(format!("generation_error: {}", trim_chars(error, 160)));
+    }
+    lines
+}
+
+fn timeline_lines_for_reader(session: &HailSession) -> Vec<String> {
+    session
+        .events
+        .iter()
+        .take(CHANGE_READER_MAX_EVENTS)
+        .map(|event| {
+            let label = event_type_label(&event.event_type);
+            let payload = event_type_payload(&event.event_type).unwrap_or_default();
+            let content = event_content_excerpt(event).unwrap_or_default();
+            let mut merged = format!("{} {}", event.timestamp.to_rfc3339(), label);
+            if !payload.is_empty() {
+                merged.push(' ');
+                merged.push_str(&payload);
+            }
+            if !content.is_empty() {
+                merged.push_str(" => ");
+                merged.push_str(&content);
+            }
+            trim_chars(&merged, CHANGE_READER_MAX_LINE_CHARS)
+        })
+        .collect()
+}
+
+fn trim_context_to_limit(raw: String, max_chars: usize) -> String {
+    if raw.chars().count() <= max_chars {
+        return raw;
+    }
+    let mut out = String::new();
+    for ch in raw.chars().take(max_chars.saturating_sub(24)) {
+        out.push(ch);
+    }
+    out.push_str("\n\n[context truncated]");
+    out
+}
+
+fn provider_for_change_reader(runtime: &DaemonConfig) -> Option<DesktopSummaryProviderId> {
+    match runtime.summary.provider.id {
+        SummaryProvider::Disabled => None,
+        _ => Some(map_summary_provider_id_from_runtime(
+            &runtime.summary.provider.id,
+        )),
+    }
+}
+
+fn build_change_reader_context(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    session_id: &str,
+    scope_override: Option<DesktopChangeReaderScope>,
+) -> DesktopApiResult<ChangeReaderContextPayload> {
+    let scope = scope_override
+        .unwrap_or_else(|| map_change_reader_scope_from_runtime(&runtime.change_reader.scope));
+    let normalized_session = load_normalized_session_body(db, session_id)?;
+    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
+        desktop_error(
+            "desktop.change_reader_parse_failed",
+            422,
+            "failed to parse session payload for change reader",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    let summary = load_session_summary_for_runtime(db, runtime, session_id)?;
+    let summary_lines = summary_lines_for_reader(&summary);
+    let timeline_lines = timeline_lines_for_reader(&session);
+    let mut citations = Vec::<String>::new();
+    let mut chunks = vec![
+        format!("session_id: {}", session.session_id),
+        format!(
+            "agent: tool={} provider={} model={}",
+            session.agent.tool, session.agent.provider, session.agent.model
+        ),
+    ];
+    if let Some(title) = session.context.title.as_deref() {
+        if !title.trim().is_empty() {
+            chunks.push(format!("title: {}", trim_chars(title, 120)));
+        }
+    }
+    if let Some(description) = session.context.description.as_deref() {
+        if !description.trim().is_empty() {
+            chunks.push(format!("description: {}", trim_chars(description, 180)));
+        }
+    }
+
+    let mut warning = None;
+    if !summary_lines.is_empty() {
+        citations.push("session.semantic_summary".to_string());
+        chunks.push("[semantic_summary]".to_string());
+        chunks.extend(summary_lines.into_iter().map(|line| format!("- {line}")));
+    } else {
+        warning =
+            Some("semantic summary is not available; using timeline-derived context".to_string());
+    }
+
+    if matches!(scope, DesktopChangeReaderScope::FullContext)
+        || (matches!(scope, DesktopChangeReaderScope::SummaryOnly) && citations.is_empty())
+    {
+        citations.push("session.timeline".to_string());
+        chunks.push("[timeline_excerpt]".to_string());
+        chunks.extend(timeline_lines.into_iter().map(|line| format!("- {line}")));
+    }
+
+    let max_context_chars = runtime.change_reader.max_context_chars.max(1) as usize;
+    let context = trim_context_to_limit(chunks.join("\n"), max_context_chars);
+    Ok(ChangeReaderContextPayload {
+        session_id: session_id.to_string(),
+        scope,
+        context,
+        citations,
+        provider: provider_for_change_reader(runtime),
+        warning,
+    })
+}
+
+fn build_read_prompt(context: &str, scope: &DesktopChangeReaderScope) -> String {
+    let scope_label = match scope {
+        DesktopChangeReaderScope::SummaryOnly => "summary_only",
+        DesktopChangeReaderScope::FullContext => "full_context",
+    };
+    format!(
+        "You are OpenSession Change Reader.\n\
+Use only the provided context and do not fabricate facts.\n\
+Write a concise, human-readable Korean briefing about what changed.\n\
+Include: 핵심 변경, 영향도/리스크, 확인할 테스트 1~2개.\n\
+Scope={scope_label}\n\
+\n\
+Context:\n{context}\n"
+    )
+}
+
+fn build_question_prompt(
+    question: &str,
+    context: &str,
+    scope: &DesktopChangeReaderScope,
+) -> String {
+    let scope_label = match scope {
+        DesktopChangeReaderScope::SummaryOnly => "summary_only",
+        DesktopChangeReaderScope::FullContext => "full_context",
+    };
+    format!(
+        "You are OpenSession Change Q&A assistant.\n\
+Answer only from the given context. If evidence is insufficient, say clearly what is missing.\n\
+Respond in Korean and keep it concise.\n\
+Scope={scope_label}\n\
+Question: {question}\n\
+\n\
+Context:\n{context}\n"
+    )
+}
+
+fn fallback_change_narrative(context: &ChangeReaderContextPayload) -> String {
+    let lines = context
+        .context
+        .lines()
+        .filter(|line| line.starts_with("- "))
+        .take(8)
+        .map(|line| line.trim_start_matches("- ").to_string())
+        .collect::<Vec<_>>();
+    if lines.is_empty() {
+        return "변경을 설명할 수 있는 컨텍스트가 충분하지 않습니다.".to_string();
+    }
+    format!(
+        "로컬 변경 브리핑(휴리스틱)\n{}",
+        lines
+            .into_iter()
+            .map(|line| format!("- {line}"))
+            .collect::<Vec<_>>()
+            .join("\n")
+    )
+}
+
+fn tokenize_question(question: &str) -> Vec<String> {
+    question
+        .split(|ch: char| ch.is_whitespace() || ",.;:!?/()[]{}".contains(ch))
+        .map(|token| token.trim().to_lowercase())
+        .filter(|token| token.chars().count() >= 2)
+        .take(10)
+        .collect()
+}
+
+fn fallback_change_answer(question: &str, context: &ChangeReaderContextPayload) -> String {
+    let tokens = tokenize_question(question);
+    let mut matches = Vec::<String>::new();
+    if !tokens.is_empty() {
+        for line in context.context.lines() {
+            let lowered = line.to_lowercase();
+            if tokens.iter().any(|token| lowered.contains(token)) {
+                matches.push(trim_chars(line, 180));
+            }
+            if matches.len() >= 5 {
+                break;
+            }
+        }
+    }
+    if matches.is_empty() {
+        return "질문에 바로 대응되는 근거를 현재 컨텍스트에서 찾지 못했습니다. full_context로 전환하거나 세션 요약을 재생성해 주세요."
+            .to_string();
+    }
+    format!(
+        "질문 답변(로컬 휴리스틱)\n{}\n\n근거:\n{}",
+        trim_chars(
+            &matches
+                .first()
+                .cloned()
+                .unwrap_or_else(|| "근거를 찾지 못했습니다.".to_string()),
+            220
+        ),
+        matches
+            .into_iter()
+            .take(4)
+            .map(|line| format!("- {line}"))
+            .collect::<Vec<_>>()
+            .join("\n")
+    )
+}
+
+fn merge_warnings(primary: Option<String>, secondary: Option<String>) -> Option<String> {
+    match (primary, secondary) {
+        (Some(a), Some(b)) => Some(format!("{a}; {b}")),
+        (Some(a), None) => Some(a),
+        (None, Some(b)) => Some(b),
+        (None, None) => None,
+    }
+}
+
+fn request_openai_tts_audio(
+    api_key: &str,
+    model: &str,
+    voice: &str,
+    text: &str,
+) -> DesktopApiResult<Vec<u8>> {
+    let client = reqwest::blocking::Client::builder()
+        .timeout(Duration::from_secs(45))
+        .build()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.change_reader_tts_client_failed",
+                500,
+                "failed to initialize TTS client",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    let response = client
+        .post("https://api.openai.com/v1/audio/speech")
+        .bearer_auth(api_key)
+        .json(&json!({
+            "model": model,
+            "voice": voice,
+            "input": text,
+            "format": "mp3"
+        }))
+        .send()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.change_reader_tts_request_failed",
+                502,
+                "failed to call OpenAI TTS API",
+                Some(json!({
+                    "cause": error.to_string(),
+                    "hint": "check network connectivity and OpenAI API access"
+                })),
+            )
+        })?;
+
+    let status = response.status();
+    if !status.is_success() {
+        let body = response.text().unwrap_or_default();
+        if status == reqwest::StatusCode::UNAUTHORIZED || status == reqwest::StatusCode::FORBIDDEN {
+            return Err(desktop_error(
+                "desktop.change_reader_tts_auth_failed",
+                status.as_u16(),
+                "OpenAI TTS authentication failed",
+                Some(json!({
+                    "hint": "verify Settings > Runtime Summary > Change Reader > Voice API key",
+                    "response": trim_chars(&body, 300),
+                })),
+            ));
+        }
+        return Err(desktop_error(
+            "desktop.change_reader_tts_provider_error",
+            status.as_u16(),
+            "OpenAI TTS API returned an error",
+            Some(json!({
+                "hint": "check configured model/voice and API quota",
+                "response": trim_chars(&body, 300),
+            })),
+        ));
+    }
+
+    let payload = response.bytes().map_err(|error| {
+        desktop_error(
+            "desktop.change_reader_tts_decode_failed",
+            500,
+            "failed to decode TTS audio payload",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    if payload.is_empty() {
+        return Err(desktop_error(
+            "desktop.change_reader_tts_empty_audio",
+            502,
+            "OpenAI TTS returned empty audio",
+            Some(json!({
+                "hint": "try a shorter input text or verify provider status"
+            })),
+        ));
+    }
+
+    Ok(payload.to_vec())
+}
+
+pub(crate) fn require_non_empty_request_field(
+    raw: &str,
+    code: &str,
+    field_name: &str,
+) -> DesktopApiResult<String> {
+    let value = raw.trim().to_string();
+    if value.is_empty() {
+        return Err(desktop_error(
+            code,
+            400,
+            format!("{field_name} is required"),
+            None,
+        ));
+    }
+    Ok(value)
+}
+
+fn change_reader_disabled_error() -> DesktopApiError {
+    desktop_error(
+        "desktop.change_reader_disabled",
+        422,
+        "change reader is disabled in runtime settings",
+        Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
+    )
+}
+
+fn ensure_change_reader_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
+    if runtime.change_reader.enabled {
+        Ok(())
+    } else {
+        Err(change_reader_disabled_error())
+    }
+}
+
+fn ensure_change_reader_qa_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
+    if runtime.change_reader.qa_enabled {
+        Ok(())
+    } else {
+        Err(desktop_error(
+            "desktop.change_reader_qa_disabled",
+            422,
+            "change reader Q&A is disabled in runtime settings",
+            Some(json!({ "hint": "Enable Q&A in Settings > Runtime Summary > Change Reader" })),
+        ))
+    }
+}
+
+fn load_change_reader_request_context(
+    session_id: &str,
+    scope: Option<DesktopChangeReaderScope>,
+    require_qa: bool,
+) -> DesktopApiResult<(DaemonConfig, ChangeReaderContextPayload)> {
+    let session_id = require_non_empty_request_field(
+        session_id,
+        "desktop.change_reader_invalid_request",
+        "session_id",
+    )?;
+    let runtime = load_runtime_config()?;
+    ensure_change_reader_enabled(&runtime)?;
+    if require_qa {
+        ensure_change_reader_qa_enabled(&runtime)?;
+    }
+    let db = open_local_db()?;
+    let context = build_change_reader_context(&db, &runtime, &session_id, scope)?;
+    Ok((runtime, context))
+}
+
+#[tauri::command]
+pub(crate) async fn desktop_read_session_changes(
+    request: DesktopChangeReadRequest,
+) -> DesktopApiResult<DesktopChangeReadResponse> {
+    let (runtime, context) =
+        load_change_reader_request_context(&request.session_id, request.scope, false)?;
+    let prompt = build_read_prompt(&context.context, &context.scope);
+
+    let (narrative, provider_warning) = if runtime.summary.is_configured() {
+        match generate_text(&runtime.summary, &prompt).await {
+            Ok(text) if !text.trim().is_empty() => (trim_chars(&text, 4000), None),
+            Ok(_) => (
+                fallback_change_narrative(&context),
+                Some("provider returned empty response".to_string()),
+            ),
+            Err(error) => (
+                fallback_change_narrative(&context),
+                Some(format!("provider generation failed: {error}")),
+            ),
+        }
+    } else {
+        (
+            fallback_change_narrative(&context),
+            Some("summary provider is not configured; used local fallback".to_string()),
+        )
+    };
+
+    Ok(DesktopChangeReadResponse {
+        session_id: context.session_id,
+        scope: context.scope,
+        narrative,
+        citations: context.citations,
+        provider: context.provider,
+        warning: merge_warnings(context.warning, provider_warning),
+    })
+}
+
+#[tauri::command]
+pub(crate) async fn desktop_ask_session_changes(
+    request: DesktopChangeQuestionRequest,
+) -> DesktopApiResult<DesktopChangeQuestionResponse> {
+    let question = require_non_empty_request_field(
+        &request.question,
+        "desktop.change_reader_question_required",
+        "question",
+    )?;
+    let (runtime, context) =
+        load_change_reader_request_context(&request.session_id, request.scope, true)?;
+    let prompt = build_question_prompt(&question, &context.context, &context.scope);
+    let (answer, provider_warning) = if runtime.summary.is_configured() {
+        match generate_text(&runtime.summary, &prompt).await {
+            Ok(text) if !text.trim().is_empty() => (trim_chars(&text, 4000), None),
+            Ok(_) => (
+                fallback_change_answer(&question, &context),
+                Some("provider returned empty response".to_string()),
+            ),
+            Err(error) => (
+                fallback_change_answer(&question, &context),
+                Some(format!("provider generation failed: {error}")),
+            ),
+        }
+    } else {
+        (
+            fallback_change_answer(&question, &context),
+            Some("summary provider is not configured; used local fallback".to_string()),
+        )
+    };
+
+    Ok(DesktopChangeQuestionResponse {
+        session_id: context.session_id,
+        question,
+        scope: context.scope,
+        answer,
+        citations: context.citations,
+        provider: context.provider,
+        warning: merge_warnings(context.warning, provider_warning),
+    })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_change_reader_tts(
+    request: DesktopChangeReaderTtsRequest,
+) -> DesktopApiResult<DesktopChangeReaderTtsResponse> {
+    let mut text = request.text.trim().to_string();
+    if text.is_empty() {
+        return Err(desktop_error(
+            "desktop.change_reader_tts_text_required",
+            400,
+            "text is required for TTS",
+            None,
+        ));
+    }
+
+    let runtime = load_runtime_config()?;
+    ensure_change_reader_enabled(&runtime)?;
+    if !runtime.change_reader.voice.enabled {
+        return Err(desktop_error(
+            "desktop.change_reader_tts_disabled",
+            422,
+            "change reader voice is disabled in runtime settings",
+            Some(json!({ "hint": "Enable voice in Settings > Runtime Summary > Change Reader" })),
+        ));
+    }
+
+    let api_key = runtime.change_reader.voice.api_key.trim().to_string();
+    if api_key.is_empty() {
+        return Err(desktop_error(
+            "desktop.change_reader_tts_api_key_missing",
+            422,
+            "change reader voice API key is not configured",
+            Some(
+                json!({ "hint": "Set OpenAI API key in Settings > Runtime Summary > Change Reader" }),
+            ),
+        ));
+    }
+
+    let model = if runtime.change_reader.voice.model.trim().is_empty() {
+        "gpt-4o-mini-tts".to_string()
+    } else {
+        runtime.change_reader.voice.model.trim().to_string()
+    };
+    let voice = if runtime.change_reader.voice.voice.trim().is_empty() {
+        "alloy".to_string()
+    } else {
+        runtime.change_reader.voice.voice.trim().to_string()
+    };
+    if !matches!(
+        runtime.change_reader.voice.provider,
+        ChangeReaderVoiceProvider::Openai
+    ) {
+        return Err(desktop_error(
+            "desktop.change_reader_tts_provider_unsupported",
+            422,
+            "unsupported change reader voice provider",
+            Some(json!({
+                "hint": "Select openai provider in Settings > Runtime Summary > Change Reader"
+            })),
+        ));
+    }
+
+    let mut warning = None;
+    if text.chars().count() > 4_000 {
+        text = text.chars().take(4_000).collect();
+        warning = Some("Input text was truncated to 4000 chars before TTS.".to_string());
+    }
+
+    let audio = request_openai_tts_audio(&api_key, &model, &voice, &text)?;
+    Ok(DesktopChangeReaderTtsResponse {
+        mime_type: "audio/mpeg".to_string(),
+        audio_base64: BASE64_STANDARD.encode(audio),
+        warning,
+    })
+}
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index deb7360e..5dba52e2 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -1,3 +1,4 @@
+pub(crate) mod change_reader;
 pub(crate) mod launch_route;
 pub(crate) mod lifecycle_cleanup;
 pub(crate) mod session_query;
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 58bf3894..54d541e2 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -2,6 +2,10 @@
 
 mod app;
 
+use app::change_reader::{
+    desktop_ask_session_changes, desktop_change_reader_tts, desktop_read_session_changes,
+    require_non_empty_request_field,
+};
 use app::launch_route::desktop_take_launch_route;
 use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
 use app::session_query::{SearchMode, build_local_filter_with_mode};
@@ -15,12 +19,9 @@ use app::{
     launch_route::normalize_launch_route,
     lifecycle_cleanup::run_desktop_lifecycle_cleanup_once_with_db,
 };
-use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
 use opensession_api::{
     CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
-    DesktopChangeQuestionRequest, DesktopChangeQuestionResponse, DesktopChangeReadRequest,
-    DesktopChangeReadResponse, DesktopChangeReaderScope, DesktopChangeReaderTtsRequest,
-    DesktopChangeReaderTtsResponse, DesktopChangeReaderVoiceProvider,
+    DesktopChangeReaderScope, DesktopChangeReaderVoiceProvider,
     DesktopContractVersionResponse, DesktopHandoffBuildRequest, DesktopHandoffBuildResponse,
     DesktopLifecycleCleanupState, DesktopLifecycleCleanupStatusResponse, DesktopQuickShareRequest,
     DesktopQuickShareResponse, DesktopRuntimeChangeReaderSettings,
@@ -48,7 +49,7 @@ use opensession_core::object_store::{
 };
 use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::source_uri::SourceUri;
-use opensession_core::trace::{ContentBlock, EventType, Session as HailSession};
+use opensession_core::trace::Session as HailSession;
 use opensession_git_native::{
     extract_git_context, ops::find_repo_root as find_git_repo_root,
 };
@@ -67,7 +68,7 @@ use opensession_runtime_config::{
     VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
 };
 use opensession_summary::{
-    GitSummaryRequest, provider::generate_text, summarize_session, validate_summary_prompt_template,
+    GitSummaryRequest, summarize_session, validate_summary_prompt_template,
 };
 use serde::{Deserialize, Serialize};
 use serde_json::json;
@@ -3339,786 +3340,6 @@ fn desktop_summary_batch_run() -> DesktopApiResult<DesktopSummaryBatchStatusResp
     run_summary_batch_for_runtime(runtime)
 }
 
-#[derive(Debug, Clone)]
-struct ChangeReaderContextPayload {
-    session_id: String,
-    scope: DesktopChangeReaderScope,
-    context: String,
-    citations: Vec<String>,
-    provider: Option<DesktopSummaryProviderId>,
-    warning: Option<String>,
-}
-
-fn compact_ws(raw: &str) -> String {
-    raw.split_whitespace().collect::<Vec<_>>().join(" ")
-}
-
-fn trim_chars(raw: &str, max_chars: usize) -> String {
-    let normalized = compact_ws(raw);
-    if normalized.chars().count() <= max_chars {
-        return normalized;
-    }
-    let mut out = String::new();
-    for ch in normalized.chars().take(max_chars.saturating_sub(1)) {
-        out.push(ch);
-    }
-    out.push('…');
-    out
-}
-
-fn json_value_compact(value: &serde_json::Value, max_chars: usize) -> String {
-    let raw = serde_json::to_string(value).unwrap_or_else(|_| value.to_string());
-    trim_chars(&raw, max_chars)
-}
-
-fn event_type_label(event_type: &EventType) -> &'static str {
-    match event_type {
-        EventType::UserMessage => "user",
-        EventType::AgentMessage => "agent",
-        EventType::SystemMessage => "system",
-        EventType::Thinking => "thinking",
-        EventType::ToolCall { .. } => "tool_call",
-        EventType::ToolResult { .. } => "tool_result",
-        EventType::FileRead { .. } => "file_read",
-        EventType::CodeSearch { .. } => "code_search",
-        EventType::FileSearch { .. } => "file_search",
-        EventType::FileEdit { .. } => "file_edit",
-        EventType::FileCreate { .. } => "file_create",
-        EventType::FileDelete { .. } => "file_delete",
-        EventType::ShellCommand { .. } => "shell",
-        EventType::ImageGenerate { .. } => "image_generate",
-        EventType::VideoGenerate { .. } => "video_generate",
-        EventType::AudioGenerate { .. } => "audio_generate",
-        EventType::WebSearch { .. } => "web_search",
-        EventType::WebFetch { .. } => "web_fetch",
-        EventType::TaskStart { .. } => "task_start",
-        EventType::TaskEnd { .. } => "task_end",
-        EventType::Custom { .. } => "custom",
-        _ => "event",
-    }
-}
-
-fn event_type_payload(event_type: &EventType) -> Option<String> {
-    match event_type {
-        EventType::ToolCall { name } => Some(format!("tool={name}")),
-        EventType::ToolResult {
-            name,
-            is_error,
-            call_id,
-        } => Some(format!(
-            "tool={} result={}{}",
-            name,
-            if *is_error { "error" } else { "ok" },
-            call_id
-                .as_deref()
-                .map(|id| format!(" call_id={id}"))
-                .unwrap_or_default()
-        )),
-        EventType::FileRead { path }
-        | EventType::FileEdit { path, .. }
-        | EventType::FileCreate { path }
-        | EventType::FileDelete { path } => Some(format!("path={path}")),
-        EventType::CodeSearch { query } | EventType::WebSearch { query } => {
-            Some(format!("query={}", trim_chars(query, 90)))
-        }
-        EventType::FileSearch { pattern } => Some(format!("pattern={}", trim_chars(pattern, 90))),
-        EventType::ShellCommand { command, exit_code } => Some(format!(
-            "cmd={}{}",
-            trim_chars(command, 120),
-            exit_code
-                .map(|code| format!(" exit_code={code}"))
-                .unwrap_or_default()
-        )),
-        EventType::ImageGenerate { prompt }
-        | EventType::VideoGenerate { prompt }
-        | EventType::AudioGenerate { prompt } => Some(format!("prompt={}", trim_chars(prompt, 90))),
-        EventType::WebFetch { url } => Some(format!("url={url}")),
-        EventType::TaskStart { title } => title
-            .as_deref()
-            .map(|raw| format!("title={}", trim_chars(raw, 90))),
-        EventType::TaskEnd { summary } => summary
-            .as_deref()
-            .map(|raw| format!("summary={}", trim_chars(raw, 90))),
-        EventType::Custom { kind } => Some(format!("kind={kind}")),
-        _ => None,
-    }
-}
-
-fn event_content_excerpt(event: &opensession_core::trace::Event) -> Option<String> {
-    let mut parts = Vec::<String>::new();
-    for block in &event.content.blocks {
-        let rendered = match block {
-            ContentBlock::Text { text } => trim_chars(text, CHANGE_READER_MAX_LINE_CHARS),
-            ContentBlock::Code { code, .. } => {
-                let first_line = code.lines().next().unwrap_or_default();
-                format!("code: {}", trim_chars(first_line, 120))
-            }
-            ContentBlock::Image { alt, url, .. } => {
-                let label = alt.as_deref().unwrap_or("image");
-                format!("{label}: {url}")
-            }
-            ContentBlock::Video { url, .. } => format!("video: {url}"),
-            ContentBlock::Audio { url, .. } => format!("audio: {url}"),
-            ContentBlock::File { path, content } => {
-                let head = content
-                    .as_deref()
-                    .map(|raw| trim_chars(raw, 80))
-                    .unwrap_or_else(|| "content omitted".to_string());
-                format!("file {path}: {head}")
-            }
-            ContentBlock::Json { data } => format!("json: {}", json_value_compact(data, 120)),
-            ContentBlock::Reference { uri, .. } => format!("ref: {uri}"),
-            _ => String::new(),
-        };
-        if rendered.trim().is_empty() {
-            continue;
-        }
-        parts.push(rendered);
-        if parts.len() >= 2 {
-            break;
-        }
-    }
-    if parts.is_empty() {
-        None
-    } else {
-        Some(parts.join(" | "))
-    }
-}
-
-fn summary_lines_for_reader(summary: &DesktopSessionSummaryResponse) -> Vec<String> {
-    let mut lines = Vec::<String>::new();
-    if let Some(summary_obj) = summary.summary.as_ref().and_then(|value| value.as_object()) {
-        if let Some(changes) = summary_obj.get("changes").and_then(|value| value.as_str()) {
-            if !changes.trim().is_empty() {
-                lines.push(format!("changes: {}", trim_chars(changes, 280)));
-            }
-        }
-        if let Some(auth_security) = summary_obj
-            .get("auth_security")
-            .and_then(|value| value.as_str())
-        {
-            if !auth_security.trim().is_empty() {
-                lines.push(format!("auth_security: {}", trim_chars(auth_security, 200)));
-            }
-        }
-        if let Some(layer_items) = summary_obj
-            .get("layer_file_changes")
-            .and_then(|value| value.as_array())
-        {
-            for item in layer_items.iter().take(12) {
-                let layer = item
-                    .get("layer")
-                    .and_then(|value| value.as_str())
-                    .unwrap_or("(layer)");
-                let detail = item
-                    .get("summary")
-                    .and_then(|value| value.as_str())
-                    .unwrap_or_default();
-                let files = item
-                    .get("files")
-                    .and_then(|value| value.as_array())
-                    .map(|entries| {
-                        entries
-                            .iter()
-                            .filter_map(|entry| entry.as_str())
-                            .take(5)
-                            .collect::<Vec<_>>()
-                            .join(", ")
-                    })
-                    .unwrap_or_default();
-                lines.push(format!(
-                    "layer {}: {}{}",
-                    trim_chars(layer, 60),
-                    trim_chars(detail, 120),
-                    if files.is_empty() {
-                        String::new()
-                    } else {
-                        format!(" (files: {files})")
-                    }
-                ));
-            }
-        }
-    } else if let Some(value) = &summary.summary {
-        lines.push(format!(
-            "semantic_summary_json: {}",
-            json_value_compact(value, 260)
-        ));
-    }
-
-    for layer in summary.diff_tree.iter().take(8) {
-        let Some(layer_obj) = layer.as_object() else {
-            continue;
-        };
-        let layer_name = layer_obj
-            .get("layer")
-            .and_then(|value| value.as_str())
-            .unwrap_or("(layer)");
-        let file_count = layer_obj
-            .get("file_count")
-            .and_then(|value| value.as_u64())
-            .unwrap_or_default();
-        let added = layer_obj
-            .get("lines_added")
-            .and_then(|value| value.as_u64())
-            .unwrap_or_default();
-        let removed = layer_obj
-            .get("lines_removed")
-            .and_then(|value| value.as_u64())
-            .unwrap_or_default();
-        lines.push(format!(
-            "diff_layer {}: files={} +{} -{}",
-            trim_chars(layer_name, 60),
-            file_count,
-            added,
-            removed
-        ));
-    }
-
-    if let Some(source_kind) = summary.source_kind.as_deref() {
-        lines.push(format!("source_kind: {source_kind}"));
-    }
-    if let Some(generation_kind) = summary.generation_kind.as_deref() {
-        lines.push(format!("generation_kind: {generation_kind}"));
-    }
-    if let Some(error) = summary.error.as_deref() {
-        lines.push(format!("generation_error: {}", trim_chars(error, 160)));
-    }
-    lines
-}
-
-fn timeline_lines_for_reader(session: &HailSession) -> Vec<String> {
-    session
-        .events
-        .iter()
-        .take(CHANGE_READER_MAX_EVENTS)
-        .map(|event| {
-            let label = event_type_label(&event.event_type);
-            let payload = event_type_payload(&event.event_type).unwrap_or_default();
-            let content = event_content_excerpt(event).unwrap_or_default();
-            let mut merged = format!("{} {}", event.timestamp.to_rfc3339(), label);
-            if !payload.is_empty() {
-                merged.push(' ');
-                merged.push_str(&payload);
-            }
-            if !content.is_empty() {
-                merged.push_str(" => ");
-                merged.push_str(&content);
-            }
-            trim_chars(&merged, CHANGE_READER_MAX_LINE_CHARS)
-        })
-        .collect()
-}
-
-fn trim_context_to_limit(raw: String, max_chars: usize) -> String {
-    if raw.chars().count() <= max_chars {
-        return raw;
-    }
-    let mut out = String::new();
-    for ch in raw.chars().take(max_chars.saturating_sub(24)) {
-        out.push(ch);
-    }
-    out.push_str("\n\n[context truncated]");
-    out
-}
-
-fn provider_for_change_reader(runtime: &DaemonConfig) -> Option<DesktopSummaryProviderId> {
-    match runtime.summary.provider.id {
-        SummaryProvider::Disabled => None,
-        _ => Some(map_summary_provider_id_from_runtime(
-            &runtime.summary.provider.id,
-        )),
-    }
-}
-
-fn build_change_reader_context(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-    scope_override: Option<DesktopChangeReaderScope>,
-) -> DesktopApiResult<ChangeReaderContextPayload> {
-    let scope = scope_override
-        .unwrap_or_else(|| map_change_reader_scope_from_runtime(&runtime.change_reader.scope));
-    let normalized_session = load_normalized_session_body(db, session_id)?;
-    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
-        desktop_error(
-            "desktop.change_reader_parse_failed",
-            422,
-            "failed to parse session payload for change reader",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    let summary = load_session_summary_for_runtime(db, runtime, session_id)?;
-    let summary_lines = summary_lines_for_reader(&summary);
-    let timeline_lines = timeline_lines_for_reader(&session);
-    let mut citations = Vec::<String>::new();
-    let mut chunks = vec![
-        format!("session_id: {}", session.session_id),
-        format!(
-            "agent: tool={} provider={} model={}",
-            session.agent.tool, session.agent.provider, session.agent.model
-        ),
-    ];
-    if let Some(title) = session.context.title.as_deref() {
-        if !title.trim().is_empty() {
-            chunks.push(format!("title: {}", trim_chars(title, 120)));
-        }
-    }
-    if let Some(description) = session.context.description.as_deref() {
-        if !description.trim().is_empty() {
-            chunks.push(format!("description: {}", trim_chars(description, 180)));
-        }
-    }
-
-    let mut warning = None;
-    if !summary_lines.is_empty() {
-        citations.push("session.semantic_summary".to_string());
-        chunks.push("[semantic_summary]".to_string());
-        chunks.extend(summary_lines.into_iter().map(|line| format!("- {line}")));
-    } else {
-        warning =
-            Some("semantic summary is not available; using timeline-derived context".to_string());
-    }
-
-    if matches!(scope, DesktopChangeReaderScope::FullContext)
-        || (matches!(scope, DesktopChangeReaderScope::SummaryOnly) && citations.is_empty())
-    {
-        citations.push("session.timeline".to_string());
-        chunks.push("[timeline_excerpt]".to_string());
-        chunks.extend(timeline_lines.into_iter().map(|line| format!("- {line}")));
-    }
-
-    let max_context_chars = runtime.change_reader.max_context_chars.max(1) as usize;
-    let context = trim_context_to_limit(chunks.join("\n"), max_context_chars);
-    Ok(ChangeReaderContextPayload {
-        session_id: session_id.to_string(),
-        scope,
-        context,
-        citations,
-        provider: provider_for_change_reader(runtime),
-        warning,
-    })
-}
-
-fn build_read_prompt(context: &str, scope: &DesktopChangeReaderScope) -> String {
-    let scope_label = match scope {
-        DesktopChangeReaderScope::SummaryOnly => "summary_only",
-        DesktopChangeReaderScope::FullContext => "full_context",
-    };
-    format!(
-        "You are OpenSession Change Reader.\n\
-Use only the provided context and do not fabricate facts.\n\
-Write a concise, human-readable Korean briefing about what changed.\n\
-Include: 핵심 변경, 영향도/리스크, 확인할 테스트 1~2개.\n\
-Scope={scope_label}\n\
-\n\
-Context:\n{context}\n"
-    )
-}
-
-fn build_question_prompt(
-    question: &str,
-    context: &str,
-    scope: &DesktopChangeReaderScope,
-) -> String {
-    let scope_label = match scope {
-        DesktopChangeReaderScope::SummaryOnly => "summary_only",
-        DesktopChangeReaderScope::FullContext => "full_context",
-    };
-    format!(
-        "You are OpenSession Change Q&A assistant.\n\
-Answer only from the given context. If evidence is insufficient, say clearly what is missing.\n\
-Respond in Korean and keep it concise.\n\
-Scope={scope_label}\n\
-Question: {question}\n\
-\n\
-Context:\n{context}\n"
-    )
-}
-
-fn fallback_change_narrative(context: &ChangeReaderContextPayload) -> String {
-    let lines = context
-        .context
-        .lines()
-        .filter(|line| line.starts_with("- "))
-        .take(8)
-        .map(|line| line.trim_start_matches("- ").to_string())
-        .collect::<Vec<_>>();
-    if lines.is_empty() {
-        return "변경을 설명할 수 있는 컨텍스트가 충분하지 않습니다.".to_string();
-    }
-    format!(
-        "로컬 변경 브리핑(휴리스틱)\n{}",
-        lines
-            .into_iter()
-            .map(|line| format!("- {line}"))
-            .collect::<Vec<_>>()
-            .join("\n")
-    )
-}
-
-fn tokenize_question(question: &str) -> Vec<String> {
-    question
-        .split(|ch: char| ch.is_whitespace() || ",.;:!?/()[]{}".contains(ch))
-        .map(|token| token.trim().to_lowercase())
-        .filter(|token| token.chars().count() >= 2)
-        .take(10)
-        .collect()
-}
-
-fn fallback_change_answer(question: &str, context: &ChangeReaderContextPayload) -> String {
-    let tokens = tokenize_question(question);
-    let mut matches = Vec::<String>::new();
-    if !tokens.is_empty() {
-        for line in context.context.lines() {
-            let lowered = line.to_lowercase();
-            if tokens.iter().any(|token| lowered.contains(token)) {
-                matches.push(trim_chars(line, 180));
-            }
-            if matches.len() >= 5 {
-                break;
-            }
-        }
-    }
-    if matches.is_empty() {
-        return "질문에 바로 대응되는 근거를 현재 컨텍스트에서 찾지 못했습니다. full_context로 전환하거나 세션 요약을 재생성해 주세요."
-            .to_string();
-    }
-    format!(
-        "질문 답변(로컬 휴리스틱)\n{}\n\n근거:\n{}",
-        trim_chars(
-            &matches
-                .first()
-                .cloned()
-                .unwrap_or_else(|| "근거를 찾지 못했습니다.".to_string()),
-            220
-        ),
-        matches
-            .into_iter()
-            .take(4)
-            .map(|line| format!("- {line}"))
-            .collect::<Vec<_>>()
-            .join("\n")
-    )
-}
-
-fn merge_warnings(primary: Option<String>, secondary: Option<String>) -> Option<String> {
-    match (primary, secondary) {
-        (Some(a), Some(b)) => Some(format!("{a}; {b}")),
-        (Some(a), None) => Some(a),
-        (None, Some(b)) => Some(b),
-        (None, None) => None,
-    }
-}
-
-fn request_openai_tts_audio(
-    api_key: &str,
-    model: &str,
-    voice: &str,
-    text: &str,
-) -> DesktopApiResult<Vec<u8>> {
-    let client = reqwest::blocking::Client::builder()
-        .timeout(Duration::from_secs(45))
-        .build()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.change_reader_tts_client_failed",
-                500,
-                "failed to initialize TTS client",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let response = client
-        .post("https://api.openai.com/v1/audio/speech")
-        .bearer_auth(api_key)
-        .json(&json!({
-            "model": model,
-            "voice": voice,
-            "input": text,
-            "format": "mp3"
-        }))
-        .send()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.change_reader_tts_request_failed",
-                502,
-                "failed to call OpenAI TTS API",
-                Some(json!({
-                    "cause": error.to_string(),
-                    "hint": "check network connectivity and OpenAI API access"
-                })),
-            )
-        })?;
-
-    let status = response.status();
-    if !status.is_success() {
-        let body = response.text().unwrap_or_default();
-        if status == reqwest::StatusCode::UNAUTHORIZED || status == reqwest::StatusCode::FORBIDDEN {
-            return Err(desktop_error(
-                "desktop.change_reader_tts_auth_failed",
-                status.as_u16(),
-                "OpenAI TTS authentication failed",
-                Some(json!({
-                    "hint": "verify Settings > Runtime Summary > Change Reader > Voice API key",
-                    "response": trim_chars(&body, 300),
-                })),
-            ));
-        }
-        return Err(desktop_error(
-            "desktop.change_reader_tts_provider_error",
-            status.as_u16(),
-            "OpenAI TTS API returned an error",
-            Some(json!({
-                "hint": "check configured model/voice and API quota",
-                "response": trim_chars(&body, 300),
-            })),
-        ));
-    }
-
-    let payload = response.bytes().map_err(|error| {
-        desktop_error(
-            "desktop.change_reader_tts_decode_failed",
-            500,
-            "failed to decode TTS audio payload",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    if payload.is_empty() {
-        return Err(desktop_error(
-            "desktop.change_reader_tts_empty_audio",
-            502,
-            "OpenAI TTS returned empty audio",
-            Some(json!({
-                "hint": "try a shorter input text or verify provider status"
-            })),
-        ));
-    }
-
-    Ok(payload.to_vec())
-}
-
-fn require_non_empty_request_field(
-    raw: &str,
-    code: &str,
-    field_name: &str,
-) -> DesktopApiResult<String> {
-    let value = raw.trim().to_string();
-    if value.is_empty() {
-        return Err(desktop_error(
-            code,
-            400,
-            format!("{field_name} is required"),
-            None,
-        ));
-    }
-    Ok(value)
-}
-
-fn change_reader_disabled_error() -> DesktopApiError {
-    desktop_error(
-        "desktop.change_reader_disabled",
-        422,
-        "change reader is disabled in runtime settings",
-        Some(json!({ "hint": "Enable Change Reader in Settings > Runtime Summary" })),
-    )
-}
-
-fn ensure_change_reader_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
-    if runtime.change_reader.enabled {
-        Ok(())
-    } else {
-        Err(change_reader_disabled_error())
-    }
-}
-
-fn ensure_change_reader_qa_enabled(runtime: &DaemonConfig) -> DesktopApiResult<()> {
-    if runtime.change_reader.qa_enabled {
-        Ok(())
-    } else {
-        Err(desktop_error(
-            "desktop.change_reader_qa_disabled",
-            422,
-            "change reader Q&A is disabled in runtime settings",
-            Some(json!({ "hint": "Enable Q&A in Settings > Runtime Summary > Change Reader" })),
-        ))
-    }
-}
-
-fn load_change_reader_request_context(
-    session_id: &str,
-    scope: Option<DesktopChangeReaderScope>,
-    require_qa: bool,
-) -> DesktopApiResult<(DaemonConfig, ChangeReaderContextPayload)> {
-    let session_id = require_non_empty_request_field(
-        session_id,
-        "desktop.change_reader_invalid_request",
-        "session_id",
-    )?;
-    let runtime = load_runtime_config()?;
-    ensure_change_reader_enabled(&runtime)?;
-    if require_qa {
-        ensure_change_reader_qa_enabled(&runtime)?;
-    }
-    let db = open_local_db()?;
-    let context = build_change_reader_context(&db, &runtime, &session_id, scope)?;
-    Ok((runtime, context))
-}
-
-#[tauri::command]
-async fn desktop_read_session_changes(
-    request: DesktopChangeReadRequest,
-) -> DesktopApiResult<DesktopChangeReadResponse> {
-    let (runtime, context) =
-        load_change_reader_request_context(&request.session_id, request.scope, false)?;
-    let prompt = build_read_prompt(&context.context, &context.scope);
-
-    let (narrative, provider_warning) = if runtime.summary.is_configured() {
-        match generate_text(&runtime.summary, &prompt).await {
-            Ok(text) if !text.trim().is_empty() => (trim_chars(&text, 4000), None),
-            Ok(_) => (
-                fallback_change_narrative(&context),
-                Some("provider returned empty response".to_string()),
-            ),
-            Err(error) => (
-                fallback_change_narrative(&context),
-                Some(format!("provider generation failed: {error}")),
-            ),
-        }
-    } else {
-        (
-            fallback_change_narrative(&context),
-            Some("summary provider is not configured; used local fallback".to_string()),
-        )
-    };
-
-    Ok(DesktopChangeReadResponse {
-        session_id: context.session_id,
-        scope: context.scope,
-        narrative,
-        citations: context.citations,
-        provider: context.provider,
-        warning: merge_warnings(context.warning, provider_warning),
-    })
-}
-
-#[tauri::command]
-async fn desktop_ask_session_changes(
-    request: DesktopChangeQuestionRequest,
-) -> DesktopApiResult<DesktopChangeQuestionResponse> {
-    let question = require_non_empty_request_field(
-        &request.question,
-        "desktop.change_reader_question_required",
-        "question",
-    )?;
-    let (runtime, context) =
-        load_change_reader_request_context(&request.session_id, request.scope, true)?;
-    let prompt = build_question_prompt(&question, &context.context, &context.scope);
-    let (answer, provider_warning) = if runtime.summary.is_configured() {
-        match generate_text(&runtime.summary, &prompt).await {
-            Ok(text) if !text.trim().is_empty() => (trim_chars(&text, 4000), None),
-            Ok(_) => (
-                fallback_change_answer(&question, &context),
-                Some("provider returned empty response".to_string()),
-            ),
-            Err(error) => (
-                fallback_change_answer(&question, &context),
-                Some(format!("provider generation failed: {error}")),
-            ),
-        }
-    } else {
-        (
-            fallback_change_answer(&question, &context),
-            Some("summary provider is not configured; used local fallback".to_string()),
-        )
-    };
-
-    Ok(DesktopChangeQuestionResponse {
-        session_id: context.session_id,
-        question,
-        scope: context.scope,
-        answer,
-        citations: context.citations,
-        provider: context.provider,
-        warning: merge_warnings(context.warning, provider_warning),
-    })
-}
-
-#[tauri::command]
-fn desktop_change_reader_tts(
-    request: DesktopChangeReaderTtsRequest,
-) -> DesktopApiResult<DesktopChangeReaderTtsResponse> {
-    let mut text = request.text.trim().to_string();
-    if text.is_empty() {
-        return Err(desktop_error(
-            "desktop.change_reader_tts_text_required",
-            400,
-            "text is required for TTS",
-            None,
-        ));
-    }
-
-    let runtime = load_runtime_config()?;
-    ensure_change_reader_enabled(&runtime)?;
-    if !runtime.change_reader.voice.enabled {
-        return Err(desktop_error(
-            "desktop.change_reader_tts_disabled",
-            422,
-            "change reader voice is disabled in runtime settings",
-            Some(json!({ "hint": "Enable voice in Settings > Runtime Summary > Change Reader" })),
-        ));
-    }
-
-    let api_key = runtime.change_reader.voice.api_key.trim().to_string();
-    if api_key.is_empty() {
-        return Err(desktop_error(
-            "desktop.change_reader_tts_api_key_missing",
-            422,
-            "change reader voice API key is not configured",
-            Some(
-                json!({ "hint": "Set OpenAI API key in Settings > Runtime Summary > Change Reader" }),
-            ),
-        ));
-    }
-
-    let model = if runtime.change_reader.voice.model.trim().is_empty() {
-        "gpt-4o-mini-tts".to_string()
-    } else {
-        runtime.change_reader.voice.model.trim().to_string()
-    };
-    let voice = if runtime.change_reader.voice.voice.trim().is_empty() {
-        "alloy".to_string()
-    } else {
-        runtime.change_reader.voice.voice.trim().to_string()
-    };
-    if !matches!(
-        runtime.change_reader.voice.provider,
-        ChangeReaderVoiceProvider::Openai
-    ) {
-        return Err(desktop_error(
-            "desktop.change_reader_tts_provider_unsupported",
-            422,
-            "unsupported change reader voice provider",
-            Some(json!({
-                "hint": "Select openai provider in Settings > Runtime Summary > Change Reader"
-            })),
-        ));
-    }
-
-    let mut warning = None;
-    if text.chars().count() > 4_000 {
-        text = text.chars().take(4_000).collect();
-        warning = Some("Input text was truncated to 4000 chars before TTS.".to_string());
-    }
-
-    let audio = request_openai_tts_audio(&api_key, &model, &voice, &text)?;
-    Ok(DesktopChangeReaderTtsResponse {
-        mime_type: "audio/mpeg".to_string(),
-        audio_base64: BASE64_STANDARD.encode(audio),
-        warning,
-    })
-}
-
 #[tauri::command]
 fn desktop_list_sessions(
     query: Option<DesktopSessionListQuery>,

From 647b7eb32337e25c6b6b46af5b7d160fb5973866 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 18:39:20 +0900
Subject: [PATCH 08/30] split handoff modules and desktop artifact commands

---
 crates/core/src/handoff.rs             | 2741 +++---------------------
 crates/core/src/handoff/execution.rs   |  680 ++++++
 crates/core/src/handoff/hail_export.rs |   88 +
 crates/core/src/handoff/markdown.rs    |  392 ++++
 crates/core/src/handoff/merge.rs       |   58 +
 crates/core/src/handoff/tests.rs       |  803 +++++++
 crates/core/src/handoff/validation.rs  |  194 ++
 desktop/src-tauri/src/app/handoff.rs   |  480 +++++
 desktop/src-tauri/src/app/mod.rs       |    1 +
 desktop/src-tauri/src/main.rs          |  485 +----
 10 files changed, 2968 insertions(+), 2954 deletions(-)
 create mode 100644 crates/core/src/handoff/execution.rs
 create mode 100644 crates/core/src/handoff/hail_export.rs
 create mode 100644 crates/core/src/handoff/markdown.rs
 create mode 100644 crates/core/src/handoff/merge.rs
 create mode 100644 crates/core/src/handoff/tests.rs
 create mode 100644 crates/core/src/handoff/validation.rs
 create mode 100644 desktop/src-tauri/src/app/handoff.rs

diff --git a/crates/core/src/handoff.rs b/crates/core/src/handoff.rs
index 6872789e..e11d3eb9 100644
--- a/crates/core/src/handoff.rs
+++ b/crates/core/src/handoff.rs
@@ -3,12 +3,40 @@
 //! This module provides programmatic extraction of session summaries for handoff
 //! between agent sessions. It supports both single-session and multi-session merge.
 
-use std::collections::{BTreeMap, HashMap, HashSet};
+#[path = "handoff/execution.rs"]
+mod execution;
+#[path = "handoff/hail_export.rs"]
+mod hail_export;
+#[path = "handoff/markdown.rs"]
+mod markdown;
+#[path = "handoff/merge.rs"]
+mod merge;
+#[cfg(test)]
+#[path = "handoff/tests.rs"]
+mod tests;
+#[path = "handoff/validation.rs"]
+mod validation;
 
-use crate::extract::truncate_str;
-use crate::{Content, ContentBlock, Event, EventType, Session, SessionContext, Stats};
+use std::collections::{HashMap, HashSet};
 
-// ─── Types ───────────────────────────────────────────────────────────────────
+use crate::extract::truncate_str;
+use crate::{ContentBlock, Event, EventType, Session, Stats};
+
+use execution::{
+    build_execution_contract, build_work_packages, collect_evidence, collect_open_questions,
+    collect_undefined_fields, dedupe_keep_order,
+};
+
+pub use hail_export::generate_handoff_hail;
+pub use markdown::{
+    generate_handoff_markdown, generate_handoff_markdown_v2, generate_merged_handoff_markdown,
+    generate_merged_handoff_markdown_v2,
+};
+pub use merge::merge_summaries;
+pub use validation::{
+    HandoffValidationReport, ValidationFinding, validate_handoff_summaries,
+    validate_handoff_summary,
+};
 
 /// A file change observed during a session.
 #[derive(Debug, Clone, serde::Serialize)]
@@ -155,8 +183,6 @@ pub struct MergedHandoff {
     pub total_errors: Vec<String>,
 }
 
-// ─── Extraction ──────────────────────────────────────────────────────────────
-
 const MAX_KEY_CONVERSATIONS: usize = 12;
 const MAX_USER_MESSAGES: usize = 18;
 const HEAD_KEEP_MESSAGES: usize = 3;
@@ -220,8 +246,6 @@ impl HandoffSummary {
     }
 }
 
-// ─── Functional extractors ──────────────────────────────────────────────────
-
 /// Collect file changes, preserving create/delete precedence over edits.
 fn collect_file_changes(events: &[Event]) -> Vec<FileChange> {
     let map = events.iter().fold(HashMap::new(), |mut map, event| {
@@ -239,29 +263,27 @@ fn collect_file_changes(events: &[Event]) -> Vec<FileChange> {
         }
         map
     });
-    let mut result: Vec<FileChange> = map
+
+    let mut changes: Vec<FileChange> = map
         .into_iter()
         .map(|(path, action)| FileChange { path, action })
         .collect();
-    result.sort_by(|a, b| a.path.cmp(&b.path));
-    result
+    changes.sort_by(|a, b| a.path.cmp(&b.path));
+    changes
 }
 
-/// Collect read-only file paths (excluding those that were also modified).
 fn collect_files_read(events: &[Event], modified_paths: &HashSet<&str>) -> Vec<String> {
-    let mut read: Vec<String> = events
-        .iter()
-        .filter_map(|e| match &e.event_type {
-            EventType::FileRead { path } if !modified_paths.contains(path.as_str()) => {
-                Some(path.clone())
-            }
-            _ => None,
-        })
-        .collect::<HashSet<_>>()
-        .into_iter()
-        .collect();
-    read.sort();
-    read
+    let mut seen = HashSet::new();
+    let mut files = Vec::new();
+    for event in events {
+        if let EventType::FileRead { path } = &event.event_type
+            && !modified_paths.contains(path.as_str())
+            && seen.insert(path.clone())
+        {
+            files.push(path.clone());
+        }
+    }
+    files
 }
 
 fn collect_shell_commands(events: &[Event]) -> Vec<ShellCmd> {
@@ -277,113 +299,80 @@ fn collect_shell_commands(events: &[Event]) -> Vec<ShellCmd> {
         .collect()
 }
 
-/// Collect errors from failed shell commands and tool results.
 fn collect_errors(events: &[Event]) -> Vec<String> {
-    events
-        .iter()
-        .filter_map(|event| match &event.event_type {
-            EventType::ShellCommand { command, exit_code }
-                if *exit_code != Some(0) && exit_code.is_some() =>
-            {
-                Some(format!(
-                    "Shell: `{}` → exit {}",
-                    truncate_str(command, 80),
-                    exit_code.unwrap()
-                ))
-            }
-            EventType::ToolResult {
-                is_error: true,
-                name,
-                ..
-            } => {
-                let detail = extract_text_from_event(event);
-                Some(match detail {
-                    Some(d) => format!("Tool error: {} — {}", name, truncate_str(&d, 80)),
-                    None => format!("Tool error: {name}"),
-                })
-            }
-            _ => None,
-        })
-        .collect()
-}
-
-fn collect_verification(events: &[Event]) -> Verification {
-    let mut tool_result_by_call: HashMap<String, (&Event, bool)> = HashMap::new();
-    for event in events {
-        if let EventType::ToolResult { is_error, .. } = &event.event_type
-            && let Some(call_id) = event.semantic_call_id()
-        {
-            tool_result_by_call
-                .entry(call_id.to_string())
-                .or_insert((event, *is_error));
-        }
-    }
-
-    let mut checks_run = Vec::new();
+    let mut errors = Vec::new();
     for event in events {
-        let EventType::ShellCommand { command, exit_code } = &event.event_type else {
-            continue;
-        };
-
-        let (status, resolved_exit_code) = match exit_code {
-            Some(0) => ("passed".to_string(), Some(0)),
-            Some(code) => ("failed".to_string(), Some(*code)),
-            None => {
-                if let Some(call_id) = event.semantic_call_id() {
-                    if let Some((_, is_error)) = tool_result_by_call.get(call_id) {
-                        if *is_error {
-                            ("failed".to_string(), None)
-                        } else {
-                            ("passed".to_string(), None)
-                        }
-                    } else {
-                        ("unknown".to_string(), None)
-                    }
+        match &event.event_type {
+            EventType::ShellCommand {
+                command,
+                exit_code: Some(code),
+            } if *code != 0 => {
+                errors.push(format!(
+                    "Command failed ({code}): {}",
+                    collapse_whitespace(command)
+                ));
+            }
+            EventType::ToolResult { name, is_error, .. } if *is_error => {
+                if let Some(text) = extract_text_from_event(event) {
+                    errors.push(format!("Tool {name} error: {}", truncate_str(&text, 200)));
                 } else {
-                    ("unknown".to_string(), None)
+                    errors.push(format!("Tool {name} reported an error."));
                 }
             }
-        };
-
-        checks_run.push(CheckRun {
-            command: collapse_whitespace(command),
-            status,
-            exit_code: resolved_exit_code,
-            event_id: event.event_id.clone(),
-        });
+            EventType::Custom { kind } if kind == "turn_aborted" => {
+                errors.push("Turn aborted.".to_string());
+            }
+            _ => {}
+        }
     }
+    errors
+}
 
-    let mut checks_passed: Vec<String> = checks_run
+fn collect_verification(events: &[Event]) -> Verification {
+    let checks_run = events
         .iter()
-        .filter(|run| run.status == "passed")
-        .map(|run| run.command.clone())
-        .collect();
-    let mut checks_failed: Vec<String> = checks_run
+        .filter_map(|event| match &event.event_type {
+            EventType::ShellCommand { command, exit_code } => Some(CheckRun {
+                command: collapse_whitespace(command),
+                status: match exit_code {
+                    Some(0) => "passed".to_string(),
+                    Some(_) => "failed".to_string(),
+                    None => "unknown".to_string(),
+                },
+                exit_code: *exit_code,
+                event_id: event.event_id.clone(),
+            }),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+
+    let mut checks_passed = checks_run
         .iter()
-        .filter(|run| run.status == "failed")
-        .map(|run| run.command.clone())
-        .collect();
+        .filter(|check| check.status == "passed")
+        .map(|check| check.command.clone())
+        .collect::<Vec<_>>();
+    let mut checks_failed = checks_run
+        .iter()
+        .filter(|check| check.status == "failed")
+        .map(|check| check.command.clone())
+        .collect::<Vec<_>>();
 
     dedupe_keep_order(&mut checks_passed);
     dedupe_keep_order(&mut checks_failed);
 
-    let unresolved_failed = unresolved_failed_commands(&checks_run);
-    let mut required_checks_missing = unresolved_failed
-        .iter()
-        .map(|cmd| format!("Unresolved failed check: `{cmd}`"))
-        .collect::<Vec<_>>();
-
-    let has_modified_files = events.iter().any(|event| {
+    let mut required_checks_missing = Vec::new();
+    let has_files_modified = events.iter().any(|event| {
         matches!(
-            event.event_type,
+            &event.event_type,
             EventType::FileEdit { .. }
                 | EventType::FileCreate { .. }
                 | EventType::FileDelete { .. }
         )
     });
-    if has_modified_files && checks_run.is_empty() {
+
+    if has_files_modified && checks_run.is_empty() {
         required_checks_missing
-            .push("No verification command found after file modifications.".to_string());
+            .push("No verification command was run after file modifications.".to_string());
     }
 
     Verification {
@@ -396,36 +385,26 @@ fn collect_verification(events: &[Event]) -> Verification {
 
 fn collect_uncertainty(session: &Session, verification: &Verification) -> Uncertainty {
     let mut assumptions = Vec::new();
-    if extract_objective(session) == "(objective unavailable)" {
-        assumptions.push(
-            "Objective inferred as unavailable; downstream agent must restate objective."
-                .to_string(),
-        );
+    if verification.checks_run.is_empty() {
+        assumptions.push("Verification status is unknown because no checks were recorded.".into());
+    }
+    if session.context.title.as_deref().is_none_or(str::is_empty) {
+        assumptions.push("Session title was unavailable.".into());
     }
 
-    let open_questions = collect_open_questions(&session.events);
-
+    let mut open_questions = collect_open_questions(&session.events);
     let mut decision_required = Vec::new();
-    for event in &session.events {
-        if let EventType::Custom { kind } = &event.event_type
-            && kind == "turn_aborted"
-        {
-            let reason = event
-                .attr_str("reason")
-                .map(String::from)
-                .unwrap_or_else(|| "turn aborted".to_string());
-            decision_required.push(format!("Turn aborted: {reason}"));
-        }
-    }
-    for missing in &verification.required_checks_missing {
-        decision_required.push(missing.clone());
+    if session.events.iter().any(
+        |event| matches!(&event.event_type, EventType::Custom { kind } if kind == "turn_aborted"),
+    ) {
+        decision_required.push("Turn aborted before completion; decide whether to retry.".into());
     }
-    for question in &open_questions {
-        decision_required.push(format!("Resolve open question: {question}"));
+    if !verification.checks_failed.is_empty() {
+        decision_required
+            .push("Fix failing verification commands before handoff is complete.".into());
     }
 
     dedupe_keep_order(&mut assumptions);
-    let mut open_questions = open_questions;
     dedupe_keep_order(&mut open_questions);
     dedupe_keep_order(&mut decision_required);
 
@@ -436,1578 +415,183 @@ fn collect_uncertainty(session: &Session, verification: &Verification) -> Uncert
     }
 }
 
-fn build_execution_contract(
-    task_summaries: &[String],
-    verification: &Verification,
-    uncertainty: &Uncertainty,
-    shell_commands: &[ShellCmd],
-    files_modified: &[FileChange],
-    work_packages: &[WorkPackage],
-) -> ExecutionContract {
-    let ordered_steps = work_packages
-        .iter()
-        .filter(|pkg| is_material_work_package(pkg))
-        .map(|pkg| OrderedStep {
-            sequence: pkg.sequence,
-            work_package_id: pkg.id.clone(),
-            title: pkg.title.clone(),
-            status: pkg.status.clone(),
-            depends_on: pkg.depends_on.clone(),
-            started_at: pkg.started_at.clone(),
-            completed_at: pkg.completed_at.clone(),
-            evidence_refs: pkg.evidence_refs.clone(),
-        })
-        .collect::<Vec<_>>();
+fn collect_task_summaries(events: &[Event]) -> Vec<String> {
+    let mut seen = HashSet::new();
+    let mut summaries = Vec::new();
 
-    let mut done_definition = ordered_steps
-        .iter()
-        .filter(|step| step.status == "completed")
-        .map(|step| {
-            let pkg = work_packages
-                .iter()
-                .find(|pkg| pkg.id == step.work_package_id)
-                .expect("ordered step must map to existing work package");
-            let mut details = Vec::new();
-            if let Some(outcome) = pkg.outcome.as_deref() {
-                details.push(format!("outcome: {}", truncate_str(outcome, 140)));
-            }
-            let footprint = work_package_footprint(pkg);
-            if !footprint.is_empty() {
-                details.push(footprint);
-            }
-            let at = step
-                .completed_at
-                .as_deref()
-                .or(step.started_at.as_deref())
-                .unwrap_or("time-unavailable");
-            if details.is_empty() {
-                format!("[{}] Completed `{}` at {}.", step.sequence, step.title, at)
-            } else {
-                format!(
-                    "[{}] Completed `{}` at {} ({}).",
-                    step.sequence,
-                    step.title,
-                    at,
-                    details.join("; ")
-                )
-            }
-        })
-        .collect::<Vec<_>>();
+    for event in events {
+        let EventType::TaskEnd {
+            summary: Some(summary),
+        } = &event.event_type
+        else {
+            continue;
+        };
 
-    if !verification.checks_passed.is_empty() {
-        let keep = verification
-            .checks_passed
-            .iter()
-            .take(3)
-            .map(|check| format!("`{check}`"))
-            .collect::<Vec<_>>();
-        let extra = verification.checks_passed.len().saturating_sub(3);
-        if extra > 0 {
-            done_definition.push(format!(
-                "Verification passed: {} (+{} more).",
-                keep.join(", "),
-                extra
-            ));
-        } else {
-            done_definition.push(format!("Verification passed: {}.", keep.join(", ")));
+        let summary = summary.trim();
+        if summary.is_empty() {
+            continue;
         }
-    }
 
-    if !files_modified.is_empty() {
-        let keep = files_modified
-            .iter()
-            .take(3)
-            .map(|file| format!("`{}`", file.path))
-            .collect::<Vec<_>>();
-        let extra = files_modified.len().saturating_sub(3);
-        if extra > 0 {
-            done_definition.push(format!(
-                "Changed {} file(s): {} (+{} more).",
-                files_modified.len(),
-                keep.join(", "),
-                extra
-            ));
-        } else {
-            done_definition.push(format!(
-                "Changed {} file(s): {}.",
-                files_modified.len(),
-                keep.join(", ")
-            ));
+        let normalized = collapse_whitespace(summary);
+        if normalized.eq_ignore_ascii_case("synthetic end (missing task_complete)") {
+            continue;
+        }
+        if seen.insert(normalized.clone()) {
+            summaries.push(truncate_str(&normalized, 180));
         }
     }
 
-    if done_definition.is_empty() {
-        done_definition.extend(task_summaries.iter().take(5).cloned());
-    }
-    dedupe_keep_order(&mut done_definition);
+    summaries
+}
 
-    let mut next_actions = unresolved_failed_commands(&verification.checks_run)
-        .into_iter()
-        .map(|cmd| format!("Fix and re-run `{cmd}` until the check passes."))
+fn collect_user_messages(events: &[Event]) -> Vec<String> {
+    let messages = events
+        .iter()
+        .filter(|e| matches!(&e.event_type, EventType::UserMessage))
+        .filter_map(extract_text_from_event)
+        .map(|msg| truncate_str(&collapse_whitespace(&msg), 240))
         .collect::<Vec<_>>();
-    next_actions.extend(
-        verification
-            .required_checks_missing
-            .iter()
-            .map(|missing| format!("Add/restore verification check: {missing}")),
-    );
-    next_actions.extend(ordered_steps.iter().filter_map(|step| {
-        if step.status == "completed" || step.depends_on.is_empty() {
-            return None;
-        }
-        Some(format!(
-            "[{}] After dependencies [{}], execute `{}` ({}).",
-            step.sequence,
-            step.depends_on.join(", "),
-            step.title,
-            step.work_package_id
-        ))
-    }));
-    next_actions.extend(
-        uncertainty
-            .open_questions
-            .iter()
-            .map(|q| format!("Resolve open question: {q}")),
-    );
-    let mut parallel_actions = ordered_steps
+    condense_head_tail(messages, HEAD_KEEP_MESSAGES, MAX_USER_MESSAGES)
+}
+
+/// Pair adjacent User→Agent messages into conversations.
+///
+/// Filters to message events only, then uses `windows(2)` to find
+/// UserMessage→AgentMessage pairs.
+fn collect_conversation_pairs(events: &[Event]) -> Vec<Conversation> {
+    let messages: Vec<&Event> = events
         .iter()
-        .filter(|step| {
-            step.status != "completed"
-                && step.depends_on.is_empty()
-                && step.work_package_id != "main"
-        })
-        .map(|step| {
-            let at = step.started_at.as_deref().unwrap_or("time-unavailable");
-            format!(
-                "[{}] `{}` ({}) — start: {}",
-                step.sequence, step.title, step.work_package_id, at
+        .filter(|e| {
+            matches!(
+                &e.event_type,
+                EventType::UserMessage | EventType::AgentMessage
             )
         })
+        .collect();
+
+    let conversations = messages
+        .windows(2)
+        .filter_map(|pair| match (&pair[0].event_type, &pair[1].event_type) {
+            (EventType::UserMessage, EventType::AgentMessage) => {
+                let user_text = extract_text_from_event(pair[0])?;
+                let agent_text = extract_text_from_event(pair[1])?;
+                Some(Conversation {
+                    user: truncate_str(&user_text, 300),
+                    agent: truncate_str(&agent_text, 300),
+                })
+            }
+            _ => None,
+        })
         .collect::<Vec<_>>();
 
-    if done_definition.is_empty()
-        && next_actions.is_empty()
-        && parallel_actions.is_empty()
-        && ordered_steps.is_empty()
-    {
-        next_actions.push(
-            "Define completion criteria and run at least one verification command.".to_string(),
-        );
-    }
-    dedupe_keep_order(&mut next_actions);
-    dedupe_keep_order(&mut parallel_actions);
+    condense_head_tail(
+        conversations,
+        HEAD_KEEP_CONVERSATIONS,
+        MAX_KEY_CONVERSATIONS,
+    )
+}
 
-    let unresolved = unresolved_failed_commands(&verification.checks_run);
-    let mut ordered_commands = unresolved;
-    for cmd in shell_commands
-        .iter()
-        .map(|c| collapse_whitespace(&c.command))
-    {
-        if !ordered_commands.iter().any(|existing| existing == &cmd) {
-            ordered_commands.push(cmd);
-        }
+fn condense_head_tail<T: Clone>(items: Vec<T>, head_keep: usize, max_total: usize) -> Vec<T> {
+    if items.len() <= max_total {
+        return items;
     }
 
-    let has_git_commit = shell_commands
-        .iter()
-        .any(|cmd| cmd.command.to_ascii_lowercase().contains("git commit"));
-    let (rollback_hint, rollback_hint_missing_reason) = if has_git_commit {
-        (
-            Some(
-                "Use `git revert <commit>` for committed changes, then re-run verification."
-                    .to_string(),
-            ),
-            None,
-        )
-    } else {
-        (
-            None,
-            Some("No committed change signal found in events.".to_string()),
-        )
-    };
+    let max_total = max_total.max(head_keep);
+    let tail_keep = max_total.saturating_sub(head_keep);
+    let mut condensed = Vec::with_capacity(max_total);
 
-    ExecutionContract {
-        done_definition,
-        next_actions,
-        parallel_actions,
-        ordered_steps,
-        ordered_commands,
-        rollback_hint,
-        rollback_hint_missing_reason: rollback_hint_missing_reason.clone(),
-        rollback_hint_undefined_reason: rollback_hint_missing_reason,
-    }
+    condensed.extend(items.iter().take(head_keep).cloned());
+    condensed.extend(
+        items
+            .iter()
+            .skip(items.len().saturating_sub(tail_keep))
+            .cloned(),
+    );
+    condensed
 }
 
-fn work_package_footprint(pkg: &WorkPackage) -> String {
-    let mut details = Vec::new();
-    if !pkg.files.is_empty() {
-        details.push(format!("files: {}", pkg.files.len()));
-    }
-    if !pkg.commands.is_empty() {
-        details.push(format!("commands: {}", pkg.commands.len()));
-    }
-    details.join(", ")
+fn extract_first_user_text(session: &Session) -> Option<String> {
+    crate::extract::extract_first_user_text(session)
 }
 
-fn collect_evidence(
-    session: &Session,
-    objective: &str,
-    task_summaries: &[String],
-    uncertainty: &Uncertainty,
-) -> Vec<EvidenceRef> {
-    let mut evidence = Vec::new();
-    let mut next_id = 1usize;
+fn extract_objective(session: &Session) -> String {
+    if let Some(user_text) = extract_first_user_text(session).filter(|t| !t.trim().is_empty()) {
+        return truncate_str(&collapse_whitespace(&user_text), 200);
+    }
 
-    if let Some(event) = find_objective_event(session) {
-        evidence.push(EvidenceRef {
-            id: format!("evidence-{next_id}"),
-            claim: format!("objective: {objective}"),
-            event_id: event.event_id.clone(),
-            timestamp: event.timestamp.to_rfc3339(),
-            source_type: event_source_type(event),
-        });
-        next_id += 1;
+    if let Some(task_title) = session
+        .events
+        .iter()
+        .find_map(|event| match &event.event_type {
+            EventType::TaskStart { title: Some(title) } => {
+                let title = title.trim();
+                if title.is_empty() {
+                    None
+                } else {
+                    Some(title.to_string())
+                }
+            }
+            _ => None,
+        })
+    {
+        return truncate_str(&collapse_whitespace(&task_title), 200);
     }
 
-    for summary in task_summaries {
-        if let Some(event) = find_task_summary_event(&session.events, summary) {
-            evidence.push(EvidenceRef {
-                id: format!("evidence-{next_id}"),
-                claim: format!("task_done: {summary}"),
-                event_id: event.event_id.clone(),
-                timestamp: event.timestamp.to_rfc3339(),
-                source_type: event_source_type(event),
-            });
-            next_id += 1;
-        }
+    if let Some(task_summary) = session
+        .events
+        .iter()
+        .find_map(|event| match &event.event_type {
+            EventType::TaskEnd {
+                summary: Some(summary),
+            } => {
+                let summary = summary.trim();
+                if summary.is_empty() {
+                    None
+                } else {
+                    Some(summary.to_string())
+                }
+            }
+            _ => None,
+        })
+    {
+        return truncate_str(&collapse_whitespace(&task_summary), 200);
     }
 
-    for decision in &uncertainty.decision_required {
-        if let Some(event) = find_decision_event(&session.events, decision) {
-            evidence.push(EvidenceRef {
-                id: format!("evidence-{next_id}"),
-                claim: format!("decision_required: {decision}"),
-                event_id: event.event_id.clone(),
-                timestamp: event.timestamp.to_rfc3339(),
-                source_type: event_source_type(event),
-            });
-            next_id += 1;
-        }
+    if let Some(title) = session.context.title.as_deref().map(str::trim)
+        && !title.is_empty()
+    {
+        return truncate_str(&collapse_whitespace(title), 200);
     }
 
-    evidence
+    "(objective unavailable)".to_string()
 }
 
-fn build_work_packages(events: &[Event], evidence: &[EvidenceRef]) -> Vec<WorkPackage> {
-    #[derive(Default)]
-    struct WorkPackageAcc {
-        title: Option<String>,
-        status: String,
-        outcome: Option<String>,
-        first_ts: Option<chrono::DateTime<chrono::Utc>>,
-        first_idx: Option<usize>,
-        completed_ts: Option<chrono::DateTime<chrono::Utc>>,
-        files: HashSet<String>,
-        commands: Vec<String>,
-        evidence_refs: Vec<String>,
+fn extract_text_from_event(event: &Event) -> Option<String> {
+    for block in &event.content.blocks {
+        if let ContentBlock::Text { text } = block {
+            let trimmed = text.trim();
+            if !trimmed.is_empty() {
+                return Some(trimmed.to_string());
+            }
+        }
     }
+    None
+}
 
-    let mut evidence_by_event: HashMap<&str, Vec<String>> = HashMap::new();
-    for ev in evidence {
-        evidence_by_event
-            .entry(ev.event_id.as_str())
-            .or_default()
-            .push(ev.id.clone());
-    }
+fn collapse_whitespace(input: &str) -> String {
+    input.split_whitespace().collect::<Vec<_>>().join(" ")
+}
 
-    let mut grouped: BTreeMap<String, WorkPackageAcc> = BTreeMap::new();
-    for (event_idx, event) in events.iter().enumerate() {
-        let key = package_key_for_event(event);
-        let acc = grouped
-            .entry(key.clone())
-            .or_insert_with(|| WorkPackageAcc {
-                status: "pending".to_string(),
-                ..Default::default()
-            });
-
-        if acc.first_ts.is_none() {
-            acc.first_ts = Some(event.timestamp);
-            acc.first_idx = Some(event_idx);
-        }
-        if let Some(ids) = evidence_by_event.get(event.event_id.as_str()) {
-            acc.evidence_refs.extend(ids.clone());
-        }
-
-        match &event.event_type {
-            EventType::TaskStart { title } => {
-                if let Some(title) = title.as_deref().map(str::trim).filter(|t| !t.is_empty()) {
-                    acc.title = Some(title.to_string());
-                }
-                if acc.status != "completed" {
-                    acc.status = "in_progress".to_string();
-                }
-            }
-            EventType::TaskEnd { summary } => {
-                acc.status = "completed".to_string();
-                acc.completed_ts = Some(event.timestamp);
-                if let Some(summary) = summary
-                    .as_deref()
-                    .map(collapse_whitespace)
-                    .filter(|summary| !summary.is_empty())
-                {
-                    acc.outcome = Some(summary.clone());
-                    if acc.title.is_none() {
-                        acc.title = Some(truncate_str(&summary, 160));
-                    }
-                }
-            }
-            EventType::FileEdit { path, .. }
-            | EventType::FileCreate { path }
-            | EventType::FileDelete { path } => {
-                acc.files.insert(path.clone());
-                if acc.status == "pending" {
-                    acc.status = "in_progress".to_string();
-                }
-            }
-            EventType::ShellCommand { command, .. } => {
-                acc.commands.push(collapse_whitespace(command));
-                if acc.status == "pending" {
-                    acc.status = "in_progress".to_string();
-                }
-            }
-            _ => {}
-        }
-    }
-
-    let mut by_first_seen = grouped
-        .into_iter()
-        .map(|(id, mut acc)| {
-            dedupe_keep_order(&mut acc.commands);
-            dedupe_keep_order(&mut acc.evidence_refs);
-            let mut files: Vec<String> = acc.files.into_iter().collect();
-            files.sort();
-            (
-                acc.first_ts,
-                acc.first_idx.unwrap_or(usize::MAX),
-                WorkPackage {
-                    title: acc.title.unwrap_or_else(|| {
-                        if id == "main" {
-                            "Main flow".to_string()
-                        } else {
-                            format!("Task {id}")
-                        }
-                    }),
-                    id,
-                    status: acc.status,
-                    sequence: 0,
-                    started_at: acc.first_ts.map(|ts| ts.to_rfc3339()),
-                    completed_at: acc.completed_ts.map(|ts| ts.to_rfc3339()),
-                    outcome: acc.outcome,
-                    depends_on: Vec::new(),
-                    files,
-                    commands: acc.commands,
-                    evidence_refs: acc.evidence_refs,
-                },
-            )
-        })
-        .collect::<Vec<_>>();
-
-    by_first_seen.sort_by(|a, b| {
-        a.0.cmp(&b.0)
-            .then_with(|| a.1.cmp(&b.1))
-            .then_with(|| a.2.id.cmp(&b.2.id))
-    });
-
-    let mut packages = by_first_seen
-        .into_iter()
-        .map(|(_, _, package)| package)
-        .collect::<Vec<_>>();
-
-    for (idx, package) in packages.iter_mut().enumerate() {
-        package.sequence = (idx + 1) as u32;
-    }
-
-    for i in 0..packages.len() {
-        let cur_files: HashSet<&str> = packages[i].files.iter().map(String::as_str).collect();
-        if cur_files.is_empty() {
-            continue;
-        }
-        let mut dependency: Option<String> = None;
-        for j in (0..i).rev() {
-            let prev_files: HashSet<&str> = packages[j].files.iter().map(String::as_str).collect();
-            if !prev_files.is_empty() && !cur_files.is_disjoint(&prev_files) {
-                dependency = Some(packages[j].id.clone());
-                break;
-            }
-        }
-        if let Some(dep) = dependency {
-            packages[i].depends_on.push(dep);
-        }
-    }
-
-    packages.retain(|pkg| pkg.id == "main" || is_material_work_package(pkg));
-    let known_ids: HashSet<String> = packages.iter().map(|pkg| pkg.id.clone()).collect();
-    for pkg in &mut packages {
-        pkg.depends_on.retain(|dep| known_ids.contains(dep));
-    }
-
-    packages
-}
-
-fn is_generic_work_package_title(id: &str, title: &str) -> bool {
-    title == "Main flow" || title == format!("Task {id}")
-}
-
-fn is_material_work_package(pkg: &WorkPackage) -> bool {
-    if !pkg.files.is_empty() || !pkg.commands.is_empty() || pkg.outcome.is_some() {
-        return true;
-    }
-
-    if pkg.id == "main" {
-        return pkg.status != "pending";
-    }
-
-    if !is_generic_work_package_title(&pkg.id, &pkg.title) {
-        return true;
-    }
-
-    pkg.status == "completed" && !pkg.evidence_refs.is_empty()
-}
-
-fn package_key_for_event(event: &Event) -> String {
-    if let Some(task_id) = event
-        .task_id
-        .as_deref()
-        .map(str::trim)
-        .filter(|id| !id.is_empty())
-    {
-        return task_id.to_string();
-    }
-    if let Some(group_id) = event.semantic_group_id() {
-        return group_id.to_string();
-    }
-    "main".to_string()
-}
-
-fn find_objective_event(session: &Session) -> Option<&Event> {
-    session
-        .events
-        .iter()
-        .find(|event| matches!(event.event_type, EventType::UserMessage))
-        .or_else(|| {
-            session.events.iter().find(|event| {
-                matches!(
-                    event.event_type,
-                    EventType::TaskStart { .. } | EventType::TaskEnd { .. }
-                )
-            })
-        })
-}
-
-fn find_task_summary_event<'a>(events: &'a [Event], summary: &str) -> Option<&'a Event> {
-    let normalized_target = collapse_whitespace(summary);
-    events.iter().find(|event| {
-        let EventType::TaskEnd {
-            summary: Some(candidate),
-        } = &event.event_type
-        else {
-            return false;
-        };
-        collapse_whitespace(candidate) == normalized_target
-    })
-}
-
-fn find_decision_event<'a>(events: &'a [Event], decision: &str) -> Option<&'a Event> {
-    if decision.to_ascii_lowercase().contains("turn aborted") {
-        return events.iter().find(|event| {
-            matches!(
-                &event.event_type,
-                EventType::Custom { kind } if kind == "turn_aborted"
-            )
-        });
-    }
-    if decision.to_ascii_lowercase().contains("open question") {
-        return events
-            .iter()
-            .find(|event| event.attr_str("source") == Some("interactive_question"));
-    }
-    None
-}
-
-fn collect_open_questions(events: &[Event]) -> Vec<String> {
-    let mut question_meta: BTreeMap<String, String> = BTreeMap::new();
-    let mut asked_order = Vec::new();
-    let mut answered_ids = HashSet::new();
-
-    for event in events {
-        if event.attr_str("source") == Some("interactive_question") {
-            if let Some(items) = event
-                .attributes
-                .get("question_meta")
-                .and_then(|v| v.as_array())
-            {
-                for item in items {
-                    let Some(id) = item
-                        .get("id")
-                        .and_then(|v| v.as_str())
-                        .map(str::trim)
-                        .filter(|v| !v.is_empty())
-                    else {
-                        continue;
-                    };
-                    let text = item
-                        .get("question")
-                        .or_else(|| item.get("header"))
-                        .and_then(|v| v.as_str())
-                        .map(str::trim)
-                        .filter(|v| !v.is_empty())
-                        .unwrap_or(id);
-                    if !question_meta.contains_key(id) {
-                        asked_order.push(id.to_string());
-                    }
-                    question_meta.insert(id.to_string(), text.to_string());
-                }
-            } else if let Some(ids) = event
-                .attributes
-                .get("question_ids")
-                .and_then(|v| v.as_array())
-                .map(|arr| {
-                    arr.iter()
-                        .filter_map(|v| v.as_str())
-                        .map(str::trim)
-                        .filter(|v| !v.is_empty())
-                        .map(String::from)
-                        .collect::<Vec<_>>()
-                })
-            {
-                for id in ids {
-                    if !question_meta.contains_key(&id) {
-                        asked_order.push(id.clone());
-                    }
-                    question_meta.entry(id.clone()).or_insert(id);
-                }
-            }
-        }
-
-        if event.attr_str("source") == Some("interactive")
-            && let Some(ids) = event
-                .attributes
-                .get("question_ids")
-                .and_then(|v| v.as_array())
-        {
-            for id in ids
-                .iter()
-                .filter_map(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-            {
-                answered_ids.insert(id.to_string());
-            }
-        }
-    }
-
-    asked_order
-        .into_iter()
-        .filter(|id| !answered_ids.contains(id))
-        .map(|id| {
-            let text = question_meta
-                .get(&id)
-                .cloned()
-                .unwrap_or_else(|| id.clone());
-            format!("{id}: {text}")
-        })
-        .collect()
-}
-
-fn unresolved_failed_commands(checks_run: &[CheckRun]) -> Vec<String> {
-    let mut unresolved = Vec::new();
-    for (idx, run) in checks_run.iter().enumerate() {
-        if run.status != "failed" {
-            continue;
-        }
-        let resolved = checks_run
-            .iter()
-            .skip(idx + 1)
-            .any(|later| later.command == run.command && later.status == "passed");
-        if !resolved {
-            unresolved.push(run.command.clone());
-        }
-    }
-    dedupe_keep_order(&mut unresolved);
-    unresolved
-}
-
-fn dedupe_keep_order(values: &mut Vec<String>) {
-    let mut seen = HashSet::new();
-    values.retain(|value| seen.insert(value.clone()));
-}
-
-fn objective_unavailable_reason(objective: &str) -> Option<String> {
-    if objective.trim().is_empty() || objective == "(objective unavailable)" {
-        Some(
-            "No user prompt, task title/summary, or session title could be used to infer objective."
-                .to_string(),
-        )
-    } else {
-        None
-    }
-}
-
-fn collect_undefined_fields(
-    objective_undefined_reason: Option<&str>,
-    execution_contract: &ExecutionContract,
-    evidence: &[EvidenceRef],
-) -> Vec<UndefinedField> {
-    let mut undefined = Vec::new();
-
-    if let Some(reason) = objective_undefined_reason {
-        undefined.push(UndefinedField {
-            path: "objective".to_string(),
-            undefined_reason: reason.to_string(),
-        });
-    }
-
-    if let Some(reason) = execution_contract
-        .rollback_hint_undefined_reason
-        .as_deref()
-        .or(execution_contract.rollback_hint_missing_reason.as_deref())
-    {
-        undefined.push(UndefinedField {
-            path: "execution_contract.rollback_hint".to_string(),
-            undefined_reason: reason.to_string(),
-        });
-    }
-
-    if evidence.is_empty() {
-        undefined.push(UndefinedField {
-            path: "evidence".to_string(),
-            undefined_reason:
-                "No objective/task/decision evidence could be mapped to source events.".to_string(),
-        });
-    }
-
-    undefined
-}
-
-fn event_source_type(event: &Event) -> String {
-    event
-        .source_raw_type()
-        .map(String::from)
-        .unwrap_or_else(|| match &event.event_type {
-            EventType::UserMessage => "UserMessage".to_string(),
-            EventType::AgentMessage => "AgentMessage".to_string(),
-            EventType::SystemMessage => "SystemMessage".to_string(),
-            EventType::Thinking => "Thinking".to_string(),
-            EventType::ToolCall { .. } => "ToolCall".to_string(),
-            EventType::ToolResult { .. } => "ToolResult".to_string(),
-            EventType::FileRead { .. } => "FileRead".to_string(),
-            EventType::CodeSearch { .. } => "CodeSearch".to_string(),
-            EventType::FileSearch { .. } => "FileSearch".to_string(),
-            EventType::FileEdit { .. } => "FileEdit".to_string(),
-            EventType::FileCreate { .. } => "FileCreate".to_string(),
-            EventType::FileDelete { .. } => "FileDelete".to_string(),
-            EventType::ShellCommand { .. } => "ShellCommand".to_string(),
-            EventType::ImageGenerate { .. } => "ImageGenerate".to_string(),
-            EventType::VideoGenerate { .. } => "VideoGenerate".to_string(),
-            EventType::AudioGenerate { .. } => "AudioGenerate".to_string(),
-            EventType::WebSearch { .. } => "WebSearch".to_string(),
-            EventType::WebFetch { .. } => "WebFetch".to_string(),
-            EventType::TaskStart { .. } => "TaskStart".to_string(),
-            EventType::TaskEnd { .. } => "TaskEnd".to_string(),
-            EventType::Custom { kind } => format!("Custom:{kind}"),
-        })
-}
-
-fn collect_task_summaries(events: &[Event]) -> Vec<String> {
-    let mut seen = HashSet::new();
-    let mut summaries = Vec::new();
-
-    for event in events {
-        let EventType::TaskEnd {
-            summary: Some(summary),
-        } = &event.event_type
-        else {
-            continue;
-        };
-
-        let summary = summary.trim();
-        if summary.is_empty() {
-            continue;
-        }
-
-        let normalized = collapse_whitespace(summary);
-        if normalized.eq_ignore_ascii_case("synthetic end (missing task_complete)") {
-            continue;
-        }
-        if seen.insert(normalized.clone()) {
-            summaries.push(truncate_str(&normalized, 180));
-        }
-    }
-
-    summaries
-}
-
-fn collect_user_messages(events: &[Event]) -> Vec<String> {
-    let messages = events
-        .iter()
-        .filter(|e| matches!(&e.event_type, EventType::UserMessage))
-        .filter_map(extract_text_from_event)
-        .map(|msg| truncate_str(&collapse_whitespace(&msg), 240))
-        .collect::<Vec<_>>();
-    condense_head_tail(messages, HEAD_KEEP_MESSAGES, MAX_USER_MESSAGES)
-}
-
-/// Pair adjacent User→Agent messages into conversations.
-///
-/// Filters to message events only, then uses `windows(2)` to find
-/// UserMessage→AgentMessage pairs — no mutable tracking state needed.
-fn collect_conversation_pairs(events: &[Event]) -> Vec<Conversation> {
-    let messages: Vec<&Event> = events
-        .iter()
-        .filter(|e| {
-            matches!(
-                &e.event_type,
-                EventType::UserMessage | EventType::AgentMessage
-            )
-        })
-        .collect();
-
-    let conversations = messages
-        .windows(2)
-        .filter_map(|pair| match (&pair[0].event_type, &pair[1].event_type) {
-            (EventType::UserMessage, EventType::AgentMessage) => {
-                let user_text = extract_text_from_event(pair[0])?;
-                let agent_text = extract_text_from_event(pair[1])?;
-                Some(Conversation {
-                    user: truncate_str(&user_text, 300),
-                    agent: truncate_str(&agent_text, 300),
-                })
-            }
-            _ => None,
-        })
-        .collect::<Vec<_>>();
-
-    condense_head_tail(
-        conversations,
-        HEAD_KEEP_CONVERSATIONS,
-        MAX_KEY_CONVERSATIONS,
-    )
-}
-
-fn condense_head_tail<T: Clone>(items: Vec<T>, head_keep: usize, max_total: usize) -> Vec<T> {
-    if items.len() <= max_total {
-        return items;
-    }
-
-    let max_total = max_total.max(head_keep);
-    let tail_keep = max_total.saturating_sub(head_keep);
-    let mut condensed = Vec::with_capacity(max_total);
-
-    condensed.extend(items.iter().take(head_keep).cloned());
-    condensed.extend(
-        items
-            .iter()
-            .skip(items.len().saturating_sub(tail_keep))
-            .cloned(),
-    );
-    condensed
-}
-
-// ─── Merge ───────────────────────────────────────────────────────────────────
-
-/// Merge multiple session summaries into a single handoff context.
-pub fn merge_summaries(summaries: &[HandoffSummary]) -> MergedHandoff {
-    let session_ids: Vec<String> = summaries
-        .iter()
-        .map(|s| s.source_session_id.clone())
-        .collect();
-    let total_duration: u64 = summaries.iter().map(|s| s.duration_seconds).sum();
-    let total_errors: Vec<String> = summaries
-        .iter()
-        .flat_map(|s| {
-            s.errors
-                .iter()
-                .map(move |err| format!("[{}] {}", s.source_session_id, err))
-        })
-        .collect();
-
-    let all_modified: HashMap<String, &str> = summaries
-        .iter()
-        .flat_map(|s| &s.files_modified)
-        .fold(HashMap::new(), |mut map, fc| {
-            map.entry(fc.path.clone()).or_insert(fc.action);
-            map
-        });
-
-    // Compute sorted_read before consuming all_modified
-    let mut sorted_read: Vec<String> = summaries
-        .iter()
-        .flat_map(|s| &s.files_read)
-        .filter(|p| !all_modified.contains_key(p.as_str()))
-        .cloned()
-        .collect::<HashSet<_>>()
-        .into_iter()
-        .collect();
-    sorted_read.sort();
-
-    let mut sorted_modified: Vec<FileChange> = all_modified
-        .into_iter()
-        .map(|(path, action)| FileChange { path, action })
-        .collect();
-    sorted_modified.sort_by(|a, b| a.path.cmp(&b.path));
-
-    MergedHandoff {
-        source_session_ids: session_ids,
-        summaries: summaries.to_vec(),
-        all_files_modified: sorted_modified,
-        all_files_read: sorted_read,
-        total_duration_seconds: total_duration,
-        total_errors,
-    }
-}
-
-#[derive(Debug, Clone, serde::Serialize)]
-pub struct ValidationFinding {
-    pub code: String,
-    pub severity: String,
-    pub message: String,
-}
-
-#[derive(Debug, Clone, serde::Serialize)]
-pub struct HandoffValidationReport {
-    pub session_id: String,
-    pub passed: bool,
-    pub findings: Vec<ValidationFinding>,
-}
-
-pub fn validate_handoff_summary(summary: &HandoffSummary) -> HandoffValidationReport {
-    let mut findings = Vec::new();
-
-    if summary.objective.trim().is_empty() || summary.objective == "(objective unavailable)" {
-        findings.push(ValidationFinding {
-            code: "objective_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "Objective is unavailable.".to_string(),
-        });
-    }
-
-    let unresolved_failures = unresolved_failed_commands(&summary.verification.checks_run);
-    if !unresolved_failures.is_empty() && summary.execution_contract.next_actions.is_empty() {
-        findings.push(ValidationFinding {
-            code: "next_actions_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "Unresolved failed checks exist but no next action was generated.".to_string(),
-        });
-    }
-
-    if !summary.files_modified.is_empty() && summary.verification.checks_run.is_empty() {
-        findings.push(ValidationFinding {
-            code: "verification_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "Files were modified but no verification check was recorded.".to_string(),
-        });
-    }
-
-    if summary.evidence.is_empty() {
-        findings.push(ValidationFinding {
-            code: "evidence_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "No evidence references were generated.".to_string(),
-        });
-    } else if !summary
-        .evidence
-        .iter()
-        .any(|ev| ev.claim.starts_with("objective:"))
-    {
-        findings.push(ValidationFinding {
-            code: "objective_evidence_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "Objective exists but objective evidence is missing.".to_string(),
-        });
-    }
-
-    if has_work_package_cycle(&summary.work_packages) {
-        findings.push(ValidationFinding {
-            code: "work_package_cycle".to_string(),
-            severity: "error".to_string(),
-            message: "work_packages.depends_on contains a cycle.".to_string(),
-        });
-    }
-
-    let has_material_packages = summary.work_packages.iter().any(is_material_work_package);
-    if has_material_packages && summary.execution_contract.ordered_steps.is_empty() {
-        findings.push(ValidationFinding {
-            code: "ordered_steps_missing".to_string(),
-            severity: "warning".to_string(),
-            message: "Material work packages exist but execution_contract.ordered_steps is empty."
-                .to_string(),
-        });
-    } else if !ordered_steps_are_consistent(
-        &summary.execution_contract.ordered_steps,
-        &summary.work_packages,
-    ) {
-        findings.push(ValidationFinding {
-            code: "ordered_steps_inconsistent".to_string(),
-            severity: "error".to_string(),
-            message:
-                "execution_contract.ordered_steps is not temporally or referentially consistent."
-                    .to_string(),
-        });
-    }
-
-    HandoffValidationReport {
-        session_id: summary.source_session_id.clone(),
-        passed: findings.is_empty(),
-        findings,
-    }
-}
-
-pub fn validate_handoff_summaries(summaries: &[HandoffSummary]) -> Vec<HandoffValidationReport> {
-    summaries.iter().map(validate_handoff_summary).collect()
-}
-
-fn has_work_package_cycle(packages: &[WorkPackage]) -> bool {
-    let mut state: HashMap<&str, u8> = HashMap::new();
-    let deps: HashMap<&str, Vec<&str>> = packages
-        .iter()
-        .map(|wp| {
-            (
-                wp.id.as_str(),
-                wp.depends_on.iter().map(String::as_str).collect::<Vec<_>>(),
-            )
-        })
-        .collect();
-
-    fn dfs<'a>(
-        node: &'a str,
-        state: &mut HashMap<&'a str, u8>,
-        deps: &HashMap<&'a str, Vec<&'a str>>,
-    ) -> bool {
-        match state.get(node).copied() {
-            Some(1) => return true,
-            Some(2) => return false,
-            _ => {}
-        }
-        state.insert(node, 1);
-        if let Some(children) = deps.get(node) {
-            for child in children {
-                if !deps.contains_key(child) {
-                    continue;
-                }
-                if dfs(child, state, deps) {
-                    return true;
-                }
-            }
-        }
-        state.insert(node, 2);
-        false
-    }
-
-    for node in deps.keys().copied() {
-        if dfs(node, &mut state, &deps) {
-            return true;
-        }
-    }
-    false
-}
-
-fn ordered_steps_are_consistent(steps: &[OrderedStep], work_packages: &[WorkPackage]) -> bool {
-    if steps.is_empty() {
-        return true;
-    }
-
-    if !steps
-        .windows(2)
-        .all(|pair| pair[0].sequence < pair[1].sequence)
-    {
-        return false;
-    }
-
-    let known_ids = work_packages
-        .iter()
-        .map(|pkg| pkg.id.as_str())
-        .collect::<HashSet<_>>();
-    if !steps
-        .iter()
-        .all(|step| known_ids.contains(step.work_package_id.as_str()))
-    {
-        return false;
-    }
-
-    let is_monotonic_time = |left: Option<&str>, right: Option<&str>| -> bool {
-        match (left, right) {
-            (Some(l), Some(r)) => {
-                let left = chrono::DateTime::parse_from_rfc3339(l).ok();
-                let right = chrono::DateTime::parse_from_rfc3339(r).ok();
-                match (left, right) {
-                    (Some(l), Some(r)) => l <= r,
-                    _ => false,
-                }
-            }
-            _ => true,
-        }
-    };
-
-    steps
-        .windows(2)
-        .all(|pair| is_monotonic_time(pair[0].started_at.as_deref(), pair[1].started_at.as_deref()))
-}
-
-// ─── Markdown generation ─────────────────────────────────────────────────────
-
-/// Generate a v2 Markdown handoff document from a single session summary.
-pub fn generate_handoff_markdown_v2(summary: &HandoffSummary) -> String {
-    let mut md = String::new();
-    md.push_str("# Session Handoff\n\n");
-    append_v2_markdown_sections(&mut md, summary);
-    md
-}
-
-/// Generate a v2 Markdown handoff document from merged summaries.
-pub fn generate_merged_handoff_markdown_v2(merged: &MergedHandoff) -> String {
-    let mut md = String::new();
-    md.push_str("# Merged Session Handoff\n\n");
-    md.push_str(&format!(
-        "**Sessions:** {} | **Total Duration:** {}\n\n",
-        merged.source_session_ids.len(),
-        format_duration(merged.total_duration_seconds)
-    ));
-
-    for (idx, summary) in merged.summaries.iter().enumerate() {
-        md.push_str(&format!(
-            "---\n\n## Session {} — {}\n\n",
-            idx + 1,
-            summary.source_session_id
-        ));
-        append_v2_markdown_sections(&mut md, summary);
-        md.push('\n');
-    }
-
-    md
-}
-
-fn append_v2_markdown_sections(md: &mut String, summary: &HandoffSummary) {
-    md.push_str("## Objective\n");
-    md.push_str(&summary.objective);
-    md.push_str("\n\n");
-
-    md.push_str("## Current State\n");
-    md.push_str(&format!(
-        "- **Tool:** {} ({})\n- **Duration:** {}\n- **Messages:** {} | Tool calls: {} | Events: {}\n",
-        summary.tool,
-        summary.model,
-        format_duration(summary.duration_seconds),
-        summary.stats.message_count,
-        summary.stats.tool_call_count,
-        summary.stats.event_count
-    ));
-    if !summary.execution_contract.done_definition.is_empty() {
-        md.push_str("- **Done:**\n");
-        for done in &summary.execution_contract.done_definition {
-            md.push_str(&format!("  - {done}\n"));
-        }
-    }
-    if !summary.execution_contract.ordered_steps.is_empty() {
-        md.push_str("- **Execution Timeline (ordered):**\n");
-        for step in &summary.execution_contract.ordered_steps {
-            let started = step.started_at.as_deref().unwrap_or("?");
-            let completed = step.completed_at.as_deref().unwrap_or("-");
-            if step.depends_on.is_empty() {
-                md.push_str(&format!(
-                    "  - [{}] `{}` [{}] status={} start={} done={}\n",
-                    step.sequence,
-                    step.title,
-                    step.work_package_id,
-                    step.status,
-                    started,
-                    completed
-                ));
-            } else {
-                md.push_str(&format!(
-                    "  - [{}] `{}` [{}] status={} start={} done={} deps=[{}]\n",
-                    step.sequence,
-                    step.title,
-                    step.work_package_id,
-                    step.status,
-                    started,
-                    completed,
-                    step.depends_on.join(", ")
-                ));
-            }
-        }
-    }
-    md.push('\n');
-
-    md.push_str("## Next Actions (ordered)\n");
-    if summary.execution_contract.next_actions.is_empty() {
-        md.push_str("_(none)_\n");
-    } else {
-        for (idx, action) in summary.execution_contract.next_actions.iter().enumerate() {
-            md.push_str(&format!("{}. {}\n", idx + 1, action));
-        }
-    }
-    if !summary.execution_contract.parallel_actions.is_empty() {
-        md.push_str("\nParallelizable Work Packages:\n");
-        for action in &summary.execution_contract.parallel_actions {
-            md.push_str(&format!("- {action}\n"));
-        }
-    }
-    md.push('\n');
-
-    md.push_str("## Verification\n");
-    if summary.verification.checks_run.is_empty() {
-        md.push_str("- checks_run: _(none)_\n");
-    } else {
-        for check in &summary.verification.checks_run {
-            let code = check
-                .exit_code
-                .map(|c| c.to_string())
-                .unwrap_or_else(|| "?".to_string());
-            md.push_str(&format!(
-                "- [{}] `{}` (exit: {}, event: {})\n",
-                check.status, check.command, code, check.event_id
-            ));
-        }
-    }
-    if !summary.verification.required_checks_missing.is_empty() {
-        md.push_str("- required_checks_missing:\n");
-        for item in &summary.verification.required_checks_missing {
-            md.push_str(&format!("  - {item}\n"));
-        }
-    }
-    md.push('\n');
-
-    md.push_str("## Blockers / Decisions\n");
-    if summary.uncertainty.decision_required.is_empty()
-        && summary.uncertainty.open_questions.is_empty()
-    {
-        md.push_str("_(none)_\n");
-    } else {
-        for item in &summary.uncertainty.decision_required {
-            md.push_str(&format!("- {item}\n"));
-        }
-        if !summary.uncertainty.open_questions.is_empty() {
-            md.push_str("- open_questions:\n");
-            for item in &summary.uncertainty.open_questions {
-                md.push_str(&format!("  - {item}\n"));
-            }
-        }
-    }
-    md.push('\n');
-
-    md.push_str("## Evidence Index\n");
-    if summary.evidence.is_empty() {
-        md.push_str("_(none)_\n");
-    } else {
-        for ev in &summary.evidence {
-            md.push_str(&format!(
-                "- `{}` {} ({}, {}, {})\n",
-                ev.id, ev.claim, ev.event_id, ev.source_type, ev.timestamp
-            ));
-        }
-    }
-    md.push('\n');
-
-    md.push_str("## Conversations\n");
-    if summary.key_conversations.is_empty() {
-        md.push_str("_(none)_\n");
-    } else {
-        for (idx, conv) in summary.key_conversations.iter().enumerate() {
-            md.push_str(&format!(
-                "### {}. User\n{}\n\n### {}. Agent\n{}\n\n",
-                idx + 1,
-                truncate_str(&conv.user, 300),
-                idx + 1,
-                truncate_str(&conv.agent, 300)
-            ));
-        }
-    }
-
-    md.push_str("## User Messages\n");
-    if summary.user_messages.is_empty() {
-        md.push_str("_(none)_\n");
-    } else {
-        for (idx, msg) in summary.user_messages.iter().enumerate() {
-            md.push_str(&format!("{}. {}\n", idx + 1, truncate_str(msg, 150)));
-        }
-    }
-}
-
-/// Generate a Markdown handoff document from a single session summary.
-pub fn generate_handoff_markdown(summary: &HandoffSummary) -> String {
-    const MAX_TASK_SUMMARIES_DISPLAY: usize = 5;
-    let mut md = String::new();
-
-    md.push_str("# Session Handoff\n\n");
-
-    // Objective
-    md.push_str("## Objective\n");
-    md.push_str(&summary.objective);
-    md.push_str("\n\n");
-
-    // Summary
-    md.push_str("## Summary\n");
-    md.push_str(&format!(
-        "- **Tool:** {} ({})\n",
-        summary.tool, summary.model
-    ));
-    md.push_str(&format!(
-        "- **Duration:** {}\n",
-        format_duration(summary.duration_seconds)
-    ));
-    md.push_str(&format!(
-        "- **Messages:** {} | Tool calls: {} | Events: {}\n",
-        summary.stats.message_count, summary.stats.tool_call_count, summary.stats.event_count
-    ));
-    md.push('\n');
-
-    if !summary.task_summaries.is_empty() {
-        md.push_str("## Task Summaries\n");
-        for (idx, task_summary) in summary
-            .task_summaries
-            .iter()
-            .take(MAX_TASK_SUMMARIES_DISPLAY)
-            .enumerate()
-        {
-            md.push_str(&format!("{}. {}\n", idx + 1, task_summary));
-        }
-        if summary.task_summaries.len() > MAX_TASK_SUMMARIES_DISPLAY {
-            md.push_str(&format!(
-                "- ... and {} more\n",
-                summary.task_summaries.len() - MAX_TASK_SUMMARIES_DISPLAY
-            ));
-        }
-        md.push('\n');
-    }
-
-    // Files Modified
-    if !summary.files_modified.is_empty() {
-        md.push_str("## Files Modified\n");
-        for fc in &summary.files_modified {
-            md.push_str(&format!("- `{}` ({})\n", fc.path, fc.action));
-        }
-        md.push('\n');
-    }
-
-    // Files Read
-    if !summary.files_read.is_empty() {
-        md.push_str("## Files Read\n");
-        for path in &summary.files_read {
-            md.push_str(&format!("- `{path}`\n"));
-        }
-        md.push('\n');
-    }
-
-    // Shell Commands
-    if !summary.shell_commands.is_empty() {
-        md.push_str("## Shell Commands\n");
-        for cmd in &summary.shell_commands {
-            let code_str = match cmd.exit_code {
-                Some(c) => c.to_string(),
-                None => "?".to_string(),
-            };
-            md.push_str(&format!(
-                "- `{}` → {}\n",
-                truncate_str(&cmd.command, 80),
-                code_str
-            ));
-        }
-        md.push('\n');
-    }
-
-    // Errors
-    if !summary.errors.is_empty() {
-        md.push_str("## Errors\n");
-        for err in &summary.errors {
-            md.push_str(&format!("- {err}\n"));
-        }
-        md.push('\n');
-    }
-
-    // Key Conversations (user + agent pairs)
-    if !summary.key_conversations.is_empty() {
-        md.push_str("## Key Conversations\n");
-        for (i, conv) in summary.key_conversations.iter().enumerate() {
-            md.push_str(&format!(
-                "### {}. User\n{}\n\n### {}. Agent\n{}\n\n",
-                i + 1,
-                truncate_str(&conv.user, 300),
-                i + 1,
-                truncate_str(&conv.agent, 300),
-            ));
-        }
-    }
-
-    // User Messages (fallback list)
-    if summary.key_conversations.is_empty() && !summary.user_messages.is_empty() {
-        md.push_str("## User Messages\n");
-        for (i, msg) in summary.user_messages.iter().enumerate() {
-            md.push_str(&format!("{}. {}\n", i + 1, truncate_str(msg, 150)));
-        }
-        md.push('\n');
-    }
-
-    md
-}
-
-/// Generate a Markdown handoff document from a merged multi-session handoff.
-pub fn generate_merged_handoff_markdown(merged: &MergedHandoff) -> String {
-    const MAX_TASK_SUMMARIES_DISPLAY: usize = 3;
-    let mut md = String::new();
-
-    md.push_str("# Merged Session Handoff\n\n");
-    md.push_str(&format!(
-        "**Sessions:** {} | **Total Duration:** {}\n\n",
-        merged.source_session_ids.len(),
-        format_duration(merged.total_duration_seconds)
-    ));
-
-    // Per-session summaries
-    for (i, s) in merged.summaries.iter().enumerate() {
-        md.push_str(&format!(
-            "---\n\n## Session {} — {}\n\n",
-            i + 1,
-            s.source_session_id
-        ));
-        md.push_str(&format!("**Objective:** {}\n\n", s.objective));
-        md.push_str(&format!(
-            "- **Tool:** {} ({}) | **Duration:** {}\n",
-            s.tool,
-            s.model,
-            format_duration(s.duration_seconds)
-        ));
-        md.push_str(&format!(
-            "- **Messages:** {} | Tool calls: {} | Events: {}\n\n",
-            s.stats.message_count, s.stats.tool_call_count, s.stats.event_count
-        ));
-
-        if !s.task_summaries.is_empty() {
-            md.push_str("### Task Summaries\n");
-            for (j, task_summary) in s
-                .task_summaries
-                .iter()
-                .take(MAX_TASK_SUMMARIES_DISPLAY)
-                .enumerate()
-            {
-                md.push_str(&format!("{}. {}\n", j + 1, task_summary));
-            }
-            if s.task_summaries.len() > MAX_TASK_SUMMARIES_DISPLAY {
-                md.push_str(&format!(
-                    "- ... and {} more\n",
-                    s.task_summaries.len() - MAX_TASK_SUMMARIES_DISPLAY
-                ));
-            }
-            md.push('\n');
-        }
-
-        // Key Conversations for this session
-        if !s.key_conversations.is_empty() {
-            md.push_str("### Conversations\n");
-            for (j, conv) in s.key_conversations.iter().enumerate() {
-                md.push_str(&format!(
-                    "**{}. User:** {}\n\n**{}. Agent:** {}\n\n",
-                    j + 1,
-                    truncate_str(&conv.user, 200),
-                    j + 1,
-                    truncate_str(&conv.agent, 200),
-                ));
-            }
-        }
-    }
-
-    // Combined files
-    md.push_str("---\n\n## All Files Modified\n");
-    if merged.all_files_modified.is_empty() {
-        md.push_str("_(none)_\n");
-    } else {
-        for fc in &merged.all_files_modified {
-            md.push_str(&format!("- `{}` ({})\n", fc.path, fc.action));
-        }
-    }
-    md.push('\n');
-
-    if !merged.all_files_read.is_empty() {
-        md.push_str("## All Files Read\n");
-        for path in &merged.all_files_read {
-            md.push_str(&format!("- `{path}`\n"));
-        }
-        md.push('\n');
-    }
-
-    // Errors
-    if !merged.total_errors.is_empty() {
-        md.push_str("## All Errors\n");
-        for err in &merged.total_errors {
-            md.push_str(&format!("- {err}\n"));
-        }
-        md.push('\n');
-    }
-
-    md
-}
-
-// ─── Summary HAIL generation ─────────────────────────────────────────────────
-
-/// Generate a summary HAIL session from an original session.
-///
-/// Filters events to only include important ones and truncates content.
-pub fn generate_handoff_hail(session: &Session) -> Session {
-    let mut summary_session = Session {
-        version: session.version.clone(),
-        session_id: format!("handoff-{}", session.session_id),
-        agent: session.agent.clone(),
-        context: SessionContext {
-            title: Some(format!(
-                "Handoff: {}",
-                session.context.title.as_deref().unwrap_or("(untitled)")
-            )),
-            description: session.context.description.clone(),
-            tags: {
-                let mut tags = session.context.tags.clone();
-                if !tags.contains(&"handoff".to_string()) {
-                    tags.push("handoff".to_string());
-                }
-                tags
-            },
-            created_at: session.context.created_at,
-            updated_at: chrono::Utc::now(),
-            related_session_ids: vec![session.session_id.clone()],
-            attributes: HashMap::new(),
-        },
-        events: Vec::new(),
-        stats: session.stats.clone(),
-    };
-
-    for event in &session.events {
-        let keep = matches!(
-            &event.event_type,
-            EventType::UserMessage
-                | EventType::AgentMessage
-                | EventType::FileEdit { .. }
-                | EventType::FileCreate { .. }
-                | EventType::FileDelete { .. }
-                | EventType::TaskStart { .. }
-                | EventType::TaskEnd { .. }
-        ) || matches!(&event.event_type, EventType::ShellCommand { exit_code, .. } if *exit_code != Some(0));
-
-        if !keep {
-            continue;
-        }
-
-        // Truncate content blocks
-        let truncated_blocks: Vec<ContentBlock> = event
-            .content
-            .blocks
-            .iter()
-            .map(|block| match block {
-                ContentBlock::Text { text } => ContentBlock::Text {
-                    text: truncate_str(text, 300),
-                },
-                ContentBlock::Code {
-                    code,
-                    language,
-                    start_line,
-                } => ContentBlock::Code {
-                    code: truncate_str(code, 300),
-                    language: language.clone(),
-                    start_line: *start_line,
-                },
-                other => other.clone(),
-            })
-            .collect();
-
-        summary_session.events.push(Event {
-            event_id: event.event_id.clone(),
-            timestamp: event.timestamp,
-            event_type: event.event_type.clone(),
-            task_id: event.task_id.clone(),
-            content: Content {
-                blocks: truncated_blocks,
-            },
-            duration_ms: event.duration_ms,
-            attributes: HashMap::new(), // strip detailed attributes
-        });
-    }
-
-    // Recompute stats for the filtered events
-    summary_session.recompute_stats();
-
-    summary_session
-}
-
-// ─── Helpers ─────────────────────────────────────────────────────────────────
-
-fn extract_first_user_text(session: &Session) -> Option<String> {
-    crate::extract::extract_first_user_text(session)
-}
-
-fn extract_objective(session: &Session) -> String {
-    if let Some(user_text) = extract_first_user_text(session).filter(|t| !t.trim().is_empty()) {
-        return truncate_str(&collapse_whitespace(&user_text), 200);
-    }
-
-    if let Some(task_title) = session
-        .events
-        .iter()
-        .find_map(|event| match &event.event_type {
-            EventType::TaskStart { title: Some(title) } => {
-                let title = title.trim();
-                if title.is_empty() {
-                    None
-                } else {
-                    Some(title.to_string())
-                }
-            }
-            _ => None,
-        })
-    {
-        return truncate_str(&collapse_whitespace(&task_title), 200);
-    }
-
-    if let Some(task_summary) = session
-        .events
-        .iter()
-        .find_map(|event| match &event.event_type {
-            EventType::TaskEnd {
-                summary: Some(summary),
-            } => {
-                let summary = summary.trim();
-                if summary.is_empty() {
-                    None
-                } else {
-                    Some(summary.to_string())
-                }
-            }
-            _ => None,
-        })
-    {
-        return truncate_str(&collapse_whitespace(&task_summary), 200);
-    }
-
-    if let Some(title) = session.context.title.as_deref().map(str::trim)
-        && !title.is_empty()
-    {
-        return truncate_str(&collapse_whitespace(title), 200);
-    }
-
-    "(objective unavailable)".to_string()
-}
-
-fn extract_text_from_event(event: &Event) -> Option<String> {
-    for block in &event.content.blocks {
-        if let ContentBlock::Text { text } = block {
-            let trimmed = text.trim();
-            if !trimmed.is_empty() {
-                return Some(trimmed.to_string());
-            }
-        }
-    }
-    None
-}
-
-fn collapse_whitespace(input: &str) -> String {
-    input.split_whitespace().collect::<Vec<_>>().join(" ")
-}
+fn objective_unavailable_reason(objective: &str) -> Option<String> {
+    if objective.trim().is_empty() || objective == "(objective unavailable)" {
+        Some(
+            "No user prompt, task title/summary, or session title could be used to infer objective."
+                .to_string(),
+        )
+    } else {
+        None
+    }
+}
 
 /// Format seconds into a human-readable duration string.
 pub fn format_duration(seconds: u64) -> String {
@@ -2024,814 +608,3 @@ pub fn format_duration(seconds: u64) -> String {
         format!("{h}h {m}m {s}s")
     }
 }
-
-// ─── Tests ───────────────────────────────────────────────────────────────────
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::{Agent, testing};
-
-    fn make_agent() -> Agent {
-        testing::agent()
-    }
-
-    fn make_event(event_type: EventType, text: &str) -> Event {
-        testing::event(event_type, text)
-    }
-
-    #[test]
-    fn test_format_duration() {
-        assert_eq!(format_duration(0), "0s");
-        assert_eq!(format_duration(45), "45s");
-        assert_eq!(format_duration(90), "1m 30s");
-        assert_eq!(format_duration(750), "12m 30s");
-        assert_eq!(format_duration(3661), "1h 1m 1s");
-    }
-
-    #[test]
-    fn test_handoff_summary_from_session() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session.stats = Stats {
-            event_count: 10,
-            message_count: 3,
-            tool_call_count: 5,
-            duration_seconds: 750,
-            ..Default::default()
-        };
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Fix the build error"));
-        session
-            .events
-            .push(make_event(EventType::AgentMessage, "I'll fix it now"));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "src/main.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::FileRead {
-                path: "Cargo.toml".to_string(),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo build".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some("Build now passes in local env".to_string()),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-
-        assert_eq!(summary.source_session_id, "test-id");
-        assert_eq!(summary.objective, "Fix the build error");
-        assert_eq!(summary.files_modified.len(), 1);
-        assert_eq!(summary.files_modified[0].path, "src/main.rs");
-        assert_eq!(summary.files_modified[0].action, "edited");
-        assert_eq!(summary.files_read, vec!["Cargo.toml"]);
-        assert_eq!(summary.shell_commands.len(), 1);
-        assert_eq!(
-            summary.task_summaries,
-            vec!["Build now passes in local env".to_string()]
-        );
-        assert_eq!(summary.key_conversations.len(), 1);
-        assert_eq!(summary.key_conversations[0].user, "Fix the build error");
-        assert_eq!(summary.key_conversations[0].agent, "I'll fix it now");
-    }
-
-    #[test]
-    fn test_handoff_objective_falls_back_to_task_title() {
-        let mut session = Session::new("task-title-fallback".to_string(), make_agent());
-        session.context.title = Some("session-019c-example.jsonl".to_string());
-        session.events.push(make_event(
-            EventType::TaskStart {
-                title: Some("Refactor auth middleware for oauth callback".to_string()),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(
-            summary.objective,
-            "Refactor auth middleware for oauth callback"
-        );
-    }
-
-    #[test]
-    fn test_handoff_task_summaries_are_deduplicated() {
-        let mut session = Session::new("task-summary-dedupe".to_string(), make_agent());
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some("Add worker profile guard".to_string()),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some(" ".to_string()),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some("Add worker profile guard".to_string()),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some("Hide teams nav for worker profile".to_string()),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(
-            summary.task_summaries,
-            vec![
-                "Add worker profile guard".to_string(),
-                "Hide teams nav for worker profile".to_string()
-            ]
-        );
-    }
-
-    #[test]
-    fn test_files_read_excludes_modified() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test"));
-        session.events.push(make_event(
-            EventType::FileRead {
-                path: "src/main.rs".to_string(),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "src/main.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::FileRead {
-                path: "README.md".to_string(),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(summary.files_read, vec!["README.md"]);
-        assert_eq!(summary.files_modified.len(), 1);
-    }
-
-    #[test]
-    fn test_file_create_not_overwritten_by_edit() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test"));
-        session.events.push(make_event(
-            EventType::FileCreate {
-                path: "new_file.rs".to_string(),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "new_file.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(summary.files_modified[0].action, "created");
-    }
-
-    #[test]
-    fn test_shell_error_captured() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test"));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo test".to_string(),
-                exit_code: Some(1),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(summary.errors.len(), 1);
-        assert!(summary.errors[0].contains("cargo test"));
-    }
-
-    #[test]
-    fn test_generate_handoff_markdown() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session.stats = Stats {
-            event_count: 10,
-            message_count: 3,
-            tool_call_count: 5,
-            duration_seconds: 750,
-            ..Default::default()
-        };
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Fix the build error"));
-        session
-            .events
-            .push(make_event(EventType::AgentMessage, "I'll fix it now"));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "src/main.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo build".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::TaskEnd {
-                summary: Some("Compile error fixed by updating trait bounds".to_string()),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        let md = generate_handoff_markdown(&summary);
-
-        assert!(md.contains("# Session Handoff"));
-        assert!(md.contains("Fix the build error"));
-        assert!(md.contains("claude-code (claude-opus-4-6)"));
-        assert!(md.contains("12m 30s"));
-        assert!(md.contains("## Task Summaries"));
-        assert!(md.contains("Compile error fixed by updating trait bounds"));
-        assert!(md.contains("`src/main.rs` (edited)"));
-        assert!(md.contains("`cargo build` → 0"));
-        assert!(md.contains("## Key Conversations"));
-    }
-
-    #[test]
-    fn test_merge_summaries() {
-        let mut s1 = Session::new("session-a".to_string(), make_agent());
-        s1.stats.duration_seconds = 100;
-        s1.events.push(make_event(EventType::UserMessage, "task A"));
-        s1.events.push(make_event(
-            EventType::FileEdit {
-                path: "a.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-
-        let mut s2 = Session::new("session-b".to_string(), make_agent());
-        s2.stats.duration_seconds = 200;
-        s2.events.push(make_event(EventType::UserMessage, "task B"));
-        s2.events.push(make_event(
-            EventType::FileEdit {
-                path: "b.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-
-        let sum1 = HandoffSummary::from_session(&s1);
-        let sum2 = HandoffSummary::from_session(&s2);
-        let merged = merge_summaries(&[sum1, sum2]);
-
-        assert_eq!(merged.source_session_ids.len(), 2);
-        assert_eq!(merged.total_duration_seconds, 300);
-        assert_eq!(merged.all_files_modified.len(), 2);
-    }
-
-    #[test]
-    fn test_generate_handoff_hail() {
-        let mut session = Session::new("test-id".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Hello"));
-        session
-            .events
-            .push(make_event(EventType::AgentMessage, "Hi there"));
-        session.events.push(make_event(
-            EventType::FileRead {
-                path: "foo.rs".to_string(),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "foo.rs".to_string(),
-                diff: Some("+added line".to_string()),
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo build".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        ));
-
-        let hail = generate_handoff_hail(&session);
-
-        assert!(hail.session_id.starts_with("handoff-"));
-        assert_eq!(hail.context.related_session_ids, vec!["test-id"]);
-        assert!(hail.context.tags.contains(&"handoff".to_string()));
-        // FileRead and successful ShellCommand should be filtered out
-        assert_eq!(hail.events.len(), 3); // UserMessage, AgentMessage, FileEdit
-        // Verify HAIL roundtrip
-        let jsonl = hail.to_jsonl().unwrap();
-        let parsed = Session::from_jsonl(&jsonl).unwrap();
-        assert_eq!(parsed.session_id, hail.session_id);
-    }
-
-    #[test]
-    fn test_generate_handoff_markdown_v2_section_order() {
-        let mut session = Session::new("v2-sections".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Implement handoff v2"));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "crates/core/src/handoff.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo test".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        let md = generate_handoff_markdown_v2(&summary);
-
-        let order = [
-            "## Objective",
-            "## Current State",
-            "## Next Actions (ordered)",
-            "## Verification",
-            "## Blockers / Decisions",
-            "## Evidence Index",
-            "## Conversations",
-            "## User Messages",
-        ];
-
-        let mut last_idx = 0usize;
-        for section in order {
-            let idx = md.find(section).unwrap();
-            assert!(
-                idx >= last_idx,
-                "section order mismatch for {section}: idx={idx}, last={last_idx}"
-            );
-            last_idx = idx;
-        }
-    }
-
-    #[test]
-    fn test_execution_contract_and_verification_from_failed_command() {
-        let mut session = Session::new("failed-check".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Fix failing tests"));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "src/lib.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo test".to_string(),
-                exit_code: Some(1),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert!(
-            summary
-                .verification
-                .checks_failed
-                .contains(&"cargo test".to_string())
-        );
-        assert!(
-            summary
-                .execution_contract
-                .next_actions
-                .iter()
-                .any(|action| action.contains("cargo test"))
-        );
-        assert_eq!(
-            summary.execution_contract.ordered_commands.first(),
-            Some(&"cargo test".to_string())
-        );
-        assert!(summary.execution_contract.parallel_actions.is_empty());
-        assert!(summary.execution_contract.rollback_hint.is_none());
-        assert!(
-            summary
-                .execution_contract
-                .rollback_hint_missing_reason
-                .is_some()
-        );
-        assert!(
-            summary
-                .execution_contract
-                .rollback_hint_undefined_reason
-                .is_some()
-        );
-    }
-
-    #[test]
-    fn test_validate_handoff_summary_flags_missing_objective() {
-        let session = Session::new("missing-objective".to_string(), make_agent());
-        let summary = HandoffSummary::from_session(&session);
-        assert!(summary.objective_undefined_reason.is_some());
-        assert!(
-            summary
-                .undefined_fields
-                .iter()
-                .any(|f| f.path == "objective")
-        );
-        let report = validate_handoff_summary(&summary);
-
-        assert!(!report.passed);
-        assert!(
-            report
-                .findings
-                .iter()
-                .any(|f| f.code == "objective_missing")
-        );
-    }
-
-    #[test]
-    fn test_validate_handoff_summary_flags_cycle() {
-        let mut session = Session::new("cycle-case".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test"));
-        let mut summary = HandoffSummary::from_session(&session);
-        summary.work_packages = vec![
-            WorkPackage {
-                id: "a".to_string(),
-                title: "A".to_string(),
-                status: "pending".to_string(),
-                sequence: 1,
-                started_at: None,
-                completed_at: None,
-                outcome: None,
-                depends_on: vec!["b".to_string()],
-                files: Vec::new(),
-                commands: Vec::new(),
-                evidence_refs: Vec::new(),
-            },
-            WorkPackage {
-                id: "b".to_string(),
-                title: "B".to_string(),
-                status: "pending".to_string(),
-                sequence: 2,
-                started_at: None,
-                completed_at: None,
-                outcome: None,
-                depends_on: vec!["a".to_string()],
-                files: Vec::new(),
-                commands: Vec::new(),
-                evidence_refs: Vec::new(),
-            },
-        ];
-
-        let report = validate_handoff_summary(&summary);
-        assert!(
-            report
-                .findings
-                .iter()
-                .any(|f| f.code == "work_package_cycle")
-        );
-    }
-
-    #[test]
-    fn test_validate_handoff_summary_requires_next_actions_for_failed_checks() {
-        let mut session = Session::new("missing-next-action".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test"));
-        let mut summary = HandoffSummary::from_session(&session);
-        summary.verification.checks_run = vec![CheckRun {
-            command: "cargo test".to_string(),
-            status: "failed".to_string(),
-            exit_code: Some(1),
-            event_id: "evt-1".to_string(),
-        }];
-        summary.execution_contract.next_actions.clear();
-
-        let report = validate_handoff_summary(&summary);
-        assert!(
-            report
-                .findings
-                .iter()
-                .any(|f| f.code == "next_actions_missing")
-        );
-    }
-
-    #[test]
-    fn test_validate_handoff_summary_flags_missing_objective_evidence() {
-        let mut session = Session::new("missing-objective-evidence".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "keep objective"));
-        let mut summary = HandoffSummary::from_session(&session);
-        summary.evidence = vec![EvidenceRef {
-            id: "evidence-1".to_string(),
-            claim: "task_done: something".to_string(),
-            event_id: "evt".to_string(),
-            timestamp: "2026-02-01T00:00:00Z".to_string(),
-            source_type: "TaskEnd".to_string(),
-        }];
-
-        let report = validate_handoff_summary(&summary);
-        assert!(
-            report
-                .findings
-                .iter()
-                .any(|f| f.code == "objective_evidence_missing")
-        );
-    }
-
-    #[test]
-    fn test_execution_contract_includes_parallel_actions_for_independent_work_packages() {
-        let mut session = Session::new("parallel-actions".to_string(), make_agent());
-        session.events.push(make_event(
-            EventType::UserMessage,
-            "Refactor two independent modules",
-        ));
-
-        let mut a_start = make_event(
-            EventType::TaskStart {
-                title: Some("Refactor auth".to_string()),
-            },
-            "",
-        );
-        a_start.task_id = Some("auth".to_string());
-        session.events.push(a_start);
-
-        let mut a_edit = make_event(
-            EventType::FileEdit {
-                path: "src/auth.rs".to_string(),
-                diff: None,
-            },
-            "",
-        );
-        a_edit.task_id = Some("auth".to_string());
-        session.events.push(a_edit);
-
-        let mut b_start = make_event(
-            EventType::TaskStart {
-                title: Some("Refactor billing".to_string()),
-            },
-            "",
-        );
-        b_start.task_id = Some("billing".to_string());
-        session.events.push(b_start);
-
-        let mut b_edit = make_event(
-            EventType::FileEdit {
-                path: "src/billing.rs".to_string(),
-                diff: None,
-            },
-            "",
-        );
-        b_edit.task_id = Some("billing".to_string());
-        session.events.push(b_edit);
-
-        let summary = HandoffSummary::from_session(&session);
-        assert!(
-            summary
-                .execution_contract
-                .parallel_actions
-                .iter()
-                .any(|action| action.contains("auth"))
-        );
-        assert!(
-            summary
-                .execution_contract
-                .parallel_actions
-                .iter()
-                .any(|action| action.contains("billing"))
-        );
-        let md = generate_handoff_markdown_v2(&summary);
-        assert!(md.contains("Parallelizable Work Packages"));
-    }
-
-    #[test]
-    fn test_done_definition_prefers_material_signals() {
-        let mut session = Session::new("material-signals".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Implement feature X"));
-        session.events.push(make_event(
-            EventType::FileEdit {
-                path: "src/lib.rs".to_string(),
-                diff: None,
-            },
-            "",
-        ));
-        session.events.push(make_event(
-            EventType::ShellCommand {
-                command: "cargo test".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        ));
-
-        let summary = HandoffSummary::from_session(&session);
-        assert!(
-            summary
-                .execution_contract
-                .done_definition
-                .iter()
-                .any(|item| item.contains("Verification passed: `cargo test`"))
-        );
-        assert!(
-            summary
-                .execution_contract
-                .done_definition
-                .iter()
-                .any(|item| item.contains("Changed 1 file(s): `src/lib.rs`"))
-        );
-        assert!(
-            summary
-                .execution_contract
-                .ordered_steps
-                .iter()
-                .any(|step| step.work_package_id == "main")
-        );
-    }
-
-    #[test]
-    fn test_ordered_steps_keep_temporal_and_task_context() {
-        let mut session = Session::new("ordered-steps".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "Process two tasks"));
-
-        let mut t1_start = make_event(
-            EventType::TaskStart {
-                title: Some("Prepare migration".to_string()),
-            },
-            "",
-        );
-        t1_start.task_id = Some("task-1".to_string());
-        session.events.push(t1_start);
-
-        let mut t1_end = make_event(
-            EventType::TaskEnd {
-                summary: Some("Migration script prepared".to_string()),
-            },
-            "",
-        );
-        t1_end.task_id = Some("task-1".to_string());
-        session.events.push(t1_end);
-
-        let mut t2_start = make_event(
-            EventType::TaskStart {
-                title: Some("Run verification".to_string()),
-            },
-            "",
-        );
-        t2_start.task_id = Some("task-2".to_string());
-        session.events.push(t2_start);
-
-        let mut t2_cmd = make_event(
-            EventType::ShellCommand {
-                command: "cargo test".to_string(),
-                exit_code: Some(0),
-            },
-            "",
-        );
-        t2_cmd.task_id = Some("task-2".to_string());
-        session.events.push(t2_cmd);
-
-        let summary = HandoffSummary::from_session(&session);
-        let steps = &summary.execution_contract.ordered_steps;
-        assert_eq!(steps.len(), 2);
-        assert!(steps[0].sequence < steps[1].sequence);
-        assert_eq!(steps[0].work_package_id, "task-1");
-        assert_eq!(steps[1].work_package_id, "task-2");
-        assert!(steps[0].completed_at.is_some());
-        assert!(
-            summary
-                .work_packages
-                .iter()
-                .find(|pkg| pkg.id == "task-1")
-                .and_then(|pkg| pkg.outcome.as_deref())
-                .is_some()
-        );
-    }
-
-    #[test]
-    fn test_validate_handoff_summary_flags_inconsistent_ordered_steps() {
-        let mut session = Session::new("invalid-ordered-steps".to_string(), make_agent());
-        session
-            .events
-            .push(make_event(EventType::UserMessage, "test ordered steps"));
-        let mut summary = HandoffSummary::from_session(&session);
-        summary.work_packages = vec![WorkPackage {
-            id: "main".to_string(),
-            title: "Main flow".to_string(),
-            status: "completed".to_string(),
-            sequence: 1,
-            started_at: Some("2026-02-19T00:00:00Z".to_string()),
-            completed_at: Some("2026-02-19T00:01:00Z".to_string()),
-            outcome: Some("done".to_string()),
-            depends_on: Vec::new(),
-            files: vec!["src/lib.rs".to_string()],
-            commands: Vec::new(),
-            evidence_refs: Vec::new(),
-        }];
-        summary.execution_contract.ordered_steps = vec![OrderedStep {
-            sequence: 1,
-            work_package_id: "missing".to_string(),
-            title: "missing".to_string(),
-            status: "completed".to_string(),
-            depends_on: Vec::new(),
-            started_at: Some("2026-02-19T00:00:00Z".to_string()),
-            completed_at: Some("2026-02-19T00:01:00Z".to_string()),
-            evidence_refs: Vec::new(),
-        }];
-
-        let report = validate_handoff_summary(&summary);
-        assert!(
-            report
-                .findings
-                .iter()
-                .any(|finding| finding.code == "ordered_steps_inconsistent")
-        );
-    }
-
-    #[test]
-    fn test_message_and_conversation_collections_are_condensed() {
-        let mut session = Session::new("condense".to_string(), make_agent());
-
-        for i in 0..24 {
-            session
-                .events
-                .push(make_event(EventType::UserMessage, &format!("user-{i}")));
-            session
-                .events
-                .push(make_event(EventType::AgentMessage, &format!("agent-{i}")));
-        }
-
-        let summary = HandoffSummary::from_session(&session);
-        assert_eq!(summary.user_messages.len(), MAX_USER_MESSAGES);
-        assert_eq!(
-            summary.user_messages.first().map(String::as_str),
-            Some("user-0")
-        );
-        assert_eq!(
-            summary.user_messages.last().map(String::as_str),
-            Some("user-23")
-        );
-
-        assert_eq!(summary.key_conversations.len(), MAX_KEY_CONVERSATIONS);
-        assert_eq!(
-            summary
-                .key_conversations
-                .first()
-                .map(|conv| conv.user.as_str()),
-            Some("user-0")
-        );
-        assert_eq!(
-            summary
-                .key_conversations
-                .last()
-                .map(|conv| conv.user.as_str()),
-            Some("user-23")
-        );
-    }
-}
diff --git a/crates/core/src/handoff/execution.rs b/crates/core/src/handoff/execution.rs
new file mode 100644
index 00000000..4934d7b9
--- /dev/null
+++ b/crates/core/src/handoff/execution.rs
@@ -0,0 +1,680 @@
+use std::collections::{BTreeMap, HashMap, HashSet};
+
+use crate::extract::truncate_str;
+use crate::{Event, EventType, Session};
+
+use super::{
+    CheckRun, EvidenceRef, ExecutionContract, FileChange, OrderedStep, ShellCmd, Uncertainty,
+    UndefinedField, Verification, WorkPackage, collapse_whitespace,
+};
+
+pub(super) fn build_execution_contract(
+    task_summaries: &[String],
+    verification: &Verification,
+    uncertainty: &Uncertainty,
+    shell_commands: &[ShellCmd],
+    files_modified: &[FileChange],
+    work_packages: &[WorkPackage],
+) -> ExecutionContract {
+    let ordered_steps = work_packages
+        .iter()
+        .filter(|pkg| is_material_work_package(pkg))
+        .map(|pkg| OrderedStep {
+            sequence: pkg.sequence,
+            work_package_id: pkg.id.clone(),
+            title: pkg.title.clone(),
+            status: pkg.status.clone(),
+            depends_on: pkg.depends_on.clone(),
+            started_at: pkg.started_at.clone(),
+            completed_at: pkg.completed_at.clone(),
+            evidence_refs: pkg.evidence_refs.clone(),
+        })
+        .collect::<Vec<_>>();
+
+    let mut done_definition = ordered_steps
+        .iter()
+        .filter(|step| step.status == "completed")
+        .map(|step| {
+            let pkg = work_packages
+                .iter()
+                .find(|pkg| pkg.id == step.work_package_id)
+                .expect("ordered step must map to existing work package");
+            let mut details = Vec::new();
+            if let Some(outcome) = pkg.outcome.as_deref() {
+                details.push(format!("outcome: {}", truncate_str(outcome, 140)));
+            }
+            let footprint = work_package_footprint(pkg);
+            if !footprint.is_empty() {
+                details.push(footprint);
+            }
+            let at = step
+                .completed_at
+                .as_deref()
+                .or(step.started_at.as_deref())
+                .unwrap_or("time-unavailable");
+            if details.is_empty() {
+                format!("[{}] Completed `{}` at {}.", step.sequence, step.title, at)
+            } else {
+                format!(
+                    "[{}] Completed `{}` at {} ({}).",
+                    step.sequence,
+                    step.title,
+                    at,
+                    details.join("; ")
+                )
+            }
+        })
+        .collect::<Vec<_>>();
+
+    if !verification.checks_passed.is_empty() {
+        let keep = verification
+            .checks_passed
+            .iter()
+            .take(3)
+            .map(|check| format!("`{check}`"))
+            .collect::<Vec<_>>();
+        let extra = verification.checks_passed.len().saturating_sub(3);
+        if extra > 0 {
+            done_definition.push(format!(
+                "Verification passed: {} (+{} more).",
+                keep.join(", "),
+                extra
+            ));
+        } else {
+            done_definition.push(format!("Verification passed: {}.", keep.join(", ")));
+        }
+    }
+
+    if !files_modified.is_empty() {
+        let keep = files_modified
+            .iter()
+            .take(3)
+            .map(|file| format!("`{}`", file.path))
+            .collect::<Vec<_>>();
+        let extra = files_modified.len().saturating_sub(3);
+        if extra > 0 {
+            done_definition.push(format!(
+                "Changed {} file(s): {} (+{} more).",
+                files_modified.len(),
+                keep.join(", "),
+                extra
+            ));
+        } else {
+            done_definition.push(format!(
+                "Changed {} file(s): {}.",
+                files_modified.len(),
+                keep.join(", ")
+            ));
+        }
+    }
+
+    if done_definition.is_empty() {
+        done_definition.extend(task_summaries.iter().take(5).cloned());
+    }
+    dedupe_keep_order(&mut done_definition);
+
+    let mut next_actions = unresolved_failed_commands(&verification.checks_run)
+        .into_iter()
+        .map(|cmd| format!("Fix and re-run `{cmd}` until the check passes."))
+        .collect::<Vec<_>>();
+    next_actions.extend(
+        verification
+            .required_checks_missing
+            .iter()
+            .map(|missing| format!("Add/restore verification check: {missing}")),
+    );
+    next_actions.extend(ordered_steps.iter().filter_map(|step| {
+        if step.status == "completed" || step.depends_on.is_empty() {
+            return None;
+        }
+        Some(format!(
+            "[{}] After dependencies [{}], execute `{}` ({}).",
+            step.sequence,
+            step.depends_on.join(", "),
+            step.title,
+            step.work_package_id
+        ))
+    }));
+    next_actions.extend(
+        uncertainty
+            .open_questions
+            .iter()
+            .map(|q| format!("Resolve open question: {q}")),
+    );
+    let mut parallel_actions = ordered_steps
+        .iter()
+        .filter(|step| {
+            step.status != "completed"
+                && step.depends_on.is_empty()
+                && step.work_package_id != "main"
+        })
+        .map(|step| {
+            let at = step.started_at.as_deref().unwrap_or("time-unavailable");
+            format!(
+                "[{}] `{}` ({}) — start: {}",
+                step.sequence, step.title, step.work_package_id, at
+            )
+        })
+        .collect::<Vec<_>>();
+
+    if done_definition.is_empty()
+        && next_actions.is_empty()
+        && parallel_actions.is_empty()
+        && ordered_steps.is_empty()
+    {
+        next_actions.push(
+            "Define completion criteria and run at least one verification command.".to_string(),
+        );
+    }
+    dedupe_keep_order(&mut next_actions);
+    dedupe_keep_order(&mut parallel_actions);
+
+    let unresolved = unresolved_failed_commands(&verification.checks_run);
+    let mut ordered_commands = unresolved;
+    for cmd in shell_commands
+        .iter()
+        .map(|c| collapse_whitespace(&c.command))
+    {
+        if !ordered_commands.iter().any(|existing| existing == &cmd) {
+            ordered_commands.push(cmd);
+        }
+    }
+
+    let has_git_commit = shell_commands
+        .iter()
+        .any(|cmd| cmd.command.to_ascii_lowercase().contains("git commit"));
+    let (rollback_hint, rollback_hint_missing_reason) = if has_git_commit {
+        (
+            Some(
+                "Use `git revert <commit>` for committed changes, then re-run verification."
+                    .to_string(),
+            ),
+            None,
+        )
+    } else {
+        (
+            None,
+            Some("No committed change signal found in events.".to_string()),
+        )
+    };
+
+    ExecutionContract {
+        done_definition,
+        next_actions,
+        parallel_actions,
+        ordered_steps,
+        ordered_commands,
+        rollback_hint,
+        rollback_hint_missing_reason: rollback_hint_missing_reason.clone(),
+        rollback_hint_undefined_reason: rollback_hint_missing_reason,
+    }
+}
+
+fn work_package_footprint(pkg: &WorkPackage) -> String {
+    let mut details = Vec::new();
+    if !pkg.files.is_empty() {
+        details.push(format!("files: {}", pkg.files.len()));
+    }
+    if !pkg.commands.is_empty() {
+        details.push(format!("commands: {}", pkg.commands.len()));
+    }
+    details.join(", ")
+}
+
+pub(super) fn collect_evidence(
+    session: &Session,
+    objective: &str,
+    task_summaries: &[String],
+    uncertainty: &Uncertainty,
+) -> Vec<EvidenceRef> {
+    let mut evidence = Vec::new();
+    let mut next_id = 1usize;
+
+    if let Some(event) = find_objective_event(session) {
+        evidence.push(EvidenceRef {
+            id: format!("evidence-{next_id}"),
+            claim: format!("objective: {objective}"),
+            event_id: event.event_id.clone(),
+            timestamp: event.timestamp.to_rfc3339(),
+            source_type: event_source_type(event),
+        });
+        next_id += 1;
+    }
+
+    for summary in task_summaries {
+        if let Some(event) = find_task_summary_event(&session.events, summary) {
+            evidence.push(EvidenceRef {
+                id: format!("evidence-{next_id}"),
+                claim: format!("task_done: {summary}"),
+                event_id: event.event_id.clone(),
+                timestamp: event.timestamp.to_rfc3339(),
+                source_type: event_source_type(event),
+            });
+            next_id += 1;
+        }
+    }
+
+    for decision in &uncertainty.decision_required {
+        if let Some(event) = find_decision_event(&session.events, decision) {
+            evidence.push(EvidenceRef {
+                id: format!("evidence-{next_id}"),
+                claim: format!("decision_required: {decision}"),
+                event_id: event.event_id.clone(),
+                timestamp: event.timestamp.to_rfc3339(),
+                source_type: event_source_type(event),
+            });
+            next_id += 1;
+        }
+    }
+
+    evidence
+}
+
+pub(super) fn build_work_packages(events: &[Event], evidence: &[EvidenceRef]) -> Vec<WorkPackage> {
+    #[derive(Default)]
+    struct WorkPackageAcc {
+        title: Option<String>,
+        status: String,
+        outcome: Option<String>,
+        first_ts: Option<chrono::DateTime<chrono::Utc>>,
+        first_idx: Option<usize>,
+        completed_ts: Option<chrono::DateTime<chrono::Utc>>,
+        files: HashSet<String>,
+        commands: Vec<String>,
+        evidence_refs: Vec<String>,
+    }
+
+    let mut evidence_by_event: HashMap<&str, Vec<String>> = HashMap::new();
+    for ev in evidence {
+        evidence_by_event
+            .entry(ev.event_id.as_str())
+            .or_default()
+            .push(ev.id.clone());
+    }
+
+    let mut grouped: BTreeMap<String, WorkPackageAcc> = BTreeMap::new();
+    for (event_idx, event) in events.iter().enumerate() {
+        let key = package_key_for_event(event);
+        let acc = grouped
+            .entry(key.clone())
+            .or_insert_with(|| WorkPackageAcc {
+                status: "pending".to_string(),
+                ..Default::default()
+            });
+
+        if acc.first_ts.is_none() {
+            acc.first_ts = Some(event.timestamp);
+            acc.first_idx = Some(event_idx);
+        }
+        if let Some(ids) = evidence_by_event.get(event.event_id.as_str()) {
+            acc.evidence_refs.extend(ids.clone());
+        }
+
+        match &event.event_type {
+            EventType::TaskStart { title } => {
+                if let Some(title) = title.as_deref().map(str::trim).filter(|t| !t.is_empty()) {
+                    acc.title = Some(title.to_string());
+                }
+                if acc.status != "completed" {
+                    acc.status = "in_progress".to_string();
+                }
+            }
+            EventType::TaskEnd { summary } => {
+                acc.status = "completed".to_string();
+                acc.completed_ts = Some(event.timestamp);
+                if let Some(summary) = summary
+                    .as_deref()
+                    .map(collapse_whitespace)
+                    .filter(|summary| !summary.is_empty())
+                {
+                    acc.outcome = Some(summary.clone());
+                    if acc.title.is_none() {
+                        acc.title = Some(truncate_str(&summary, 160));
+                    }
+                }
+            }
+            EventType::FileEdit { path, .. }
+            | EventType::FileCreate { path }
+            | EventType::FileDelete { path } => {
+                acc.files.insert(path.clone());
+                if acc.status == "pending" {
+                    acc.status = "in_progress".to_string();
+                }
+            }
+            EventType::ShellCommand { command, .. } => {
+                acc.commands.push(collapse_whitespace(command));
+                if acc.status == "pending" {
+                    acc.status = "in_progress".to_string();
+                }
+            }
+            _ => {}
+        }
+    }
+
+    let mut by_first_seen = grouped
+        .into_iter()
+        .map(|(id, mut acc)| {
+            dedupe_keep_order(&mut acc.commands);
+            dedupe_keep_order(&mut acc.evidence_refs);
+            let mut files: Vec<String> = acc.files.into_iter().collect();
+            files.sort();
+            (
+                acc.first_ts,
+                acc.first_idx.unwrap_or(usize::MAX),
+                WorkPackage {
+                    title: acc.title.unwrap_or_else(|| {
+                        if id == "main" {
+                            "Main flow".to_string()
+                        } else {
+                            format!("Task {id}")
+                        }
+                    }),
+                    id,
+                    status: acc.status,
+                    sequence: 0,
+                    started_at: acc.first_ts.map(|ts| ts.to_rfc3339()),
+                    completed_at: acc.completed_ts.map(|ts| ts.to_rfc3339()),
+                    outcome: acc.outcome,
+                    depends_on: Vec::new(),
+                    files,
+                    commands: acc.commands,
+                    evidence_refs: acc.evidence_refs,
+                },
+            )
+        })
+        .collect::<Vec<_>>();
+
+    by_first_seen.sort_by(|a, b| {
+        a.0.cmp(&b.0)
+            .then_with(|| a.1.cmp(&b.1))
+            .then_with(|| a.2.id.cmp(&b.2.id))
+    });
+
+    let mut packages = by_first_seen
+        .into_iter()
+        .map(|(_, _, package)| package)
+        .collect::<Vec<_>>();
+
+    for (idx, package) in packages.iter_mut().enumerate() {
+        package.sequence = (idx + 1) as u32;
+    }
+
+    for i in 0..packages.len() {
+        let cur_files: HashSet<&str> = packages[i].files.iter().map(String::as_str).collect();
+        if cur_files.is_empty() {
+            continue;
+        }
+        let mut dependency: Option<String> = None;
+        for j in (0..i).rev() {
+            let prev_files: HashSet<&str> = packages[j].files.iter().map(String::as_str).collect();
+            if !prev_files.is_empty() && !cur_files.is_disjoint(&prev_files) {
+                dependency = Some(packages[j].id.clone());
+                break;
+            }
+        }
+        if let Some(dep) = dependency {
+            packages[i].depends_on.push(dep);
+        }
+    }
+
+    packages.retain(|pkg| pkg.id == "main" || is_material_work_package(pkg));
+    let known_ids: HashSet<String> = packages.iter().map(|pkg| pkg.id.clone()).collect();
+    for pkg in &mut packages {
+        pkg.depends_on.retain(|dep| known_ids.contains(dep));
+    }
+
+    packages
+}
+
+fn is_generic_work_package_title(id: &str, title: &str) -> bool {
+    title == "Main flow" || title == format!("Task {id}")
+}
+
+pub(super) fn is_material_work_package(pkg: &WorkPackage) -> bool {
+    if !pkg.files.is_empty() || !pkg.commands.is_empty() || pkg.outcome.is_some() {
+        return true;
+    }
+
+    if pkg.id == "main" {
+        return pkg.status != "pending";
+    }
+
+    if !is_generic_work_package_title(&pkg.id, &pkg.title) {
+        return true;
+    }
+
+    pkg.status == "completed" && !pkg.evidence_refs.is_empty()
+}
+
+fn package_key_for_event(event: &Event) -> String {
+    if let Some(task_id) = event
+        .task_id
+        .as_deref()
+        .map(str::trim)
+        .filter(|id| !id.is_empty())
+    {
+        return task_id.to_string();
+    }
+    if let Some(group_id) = event.semantic_group_id() {
+        return group_id.to_string();
+    }
+    "main".to_string()
+}
+
+fn find_objective_event(session: &Session) -> Option<&Event> {
+    session
+        .events
+        .iter()
+        .find(|event| matches!(event.event_type, EventType::UserMessage))
+        .or_else(|| {
+            session.events.iter().find(|event| {
+                matches!(
+                    event.event_type,
+                    EventType::TaskStart { .. } | EventType::TaskEnd { .. }
+                )
+            })
+        })
+}
+
+fn find_task_summary_event<'a>(events: &'a [Event], summary: &str) -> Option<&'a Event> {
+    let normalized_target = collapse_whitespace(summary);
+    events.iter().find(|event| {
+        let EventType::TaskEnd {
+            summary: Some(candidate),
+        } = &event.event_type
+        else {
+            return false;
+        };
+        collapse_whitespace(candidate) == normalized_target
+    })
+}
+
+fn find_decision_event<'a>(events: &'a [Event], decision: &str) -> Option<&'a Event> {
+    if decision.to_ascii_lowercase().contains("turn aborted") {
+        return events.iter().find(|event| {
+            matches!(
+                &event.event_type,
+                EventType::Custom { kind } if kind == "turn_aborted"
+            )
+        });
+    }
+    if decision.to_ascii_lowercase().contains("open question") {
+        return events
+            .iter()
+            .find(|event| event.attr_str("source") == Some("interactive_question"));
+    }
+    None
+}
+
+pub(super) fn collect_open_questions(events: &[Event]) -> Vec<String> {
+    let mut question_meta: BTreeMap<String, String> = BTreeMap::new();
+    let mut asked_order = Vec::new();
+    let mut answered_ids = HashSet::new();
+
+    for event in events {
+        if event.attr_str("source") == Some("interactive_question") {
+            if let Some(items) = event
+                .attributes
+                .get("question_meta")
+                .and_then(|v| v.as_array())
+            {
+                for item in items {
+                    let Some(id) = item
+                        .get("id")
+                        .and_then(|v| v.as_str())
+                        .map(str::trim)
+                        .filter(|v| !v.is_empty())
+                    else {
+                        continue;
+                    };
+                    let text = item
+                        .get("question")
+                        .or_else(|| item.get("header"))
+                        .and_then(|v| v.as_str())
+                        .map(str::trim)
+                        .filter(|v| !v.is_empty())
+                        .unwrap_or(id);
+                    if !question_meta.contains_key(id) {
+                        asked_order.push(id.to_string());
+                    }
+                    question_meta.insert(id.to_string(), text.to_string());
+                }
+            } else if let Some(ids) = event
+                .attributes
+                .get("question_ids")
+                .and_then(|v| v.as_array())
+                .map(|arr| {
+                    arr.iter()
+                        .filter_map(|v| v.as_str())
+                        .map(str::trim)
+                        .filter(|v| !v.is_empty())
+                        .map(String::from)
+                        .collect::<Vec<_>>()
+                })
+            {
+                for id in ids {
+                    if !question_meta.contains_key(&id) {
+                        asked_order.push(id.clone());
+                    }
+                    question_meta.entry(id.clone()).or_insert(id);
+                }
+            }
+        }
+
+        if event.attr_str("source") == Some("interactive")
+            && let Some(ids) = event
+                .attributes
+                .get("question_ids")
+                .and_then(|v| v.as_array())
+        {
+            for id in ids
+                .iter()
+                .filter_map(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+            {
+                answered_ids.insert(id.to_string());
+            }
+        }
+    }
+
+    asked_order
+        .into_iter()
+        .filter(|id| !answered_ids.contains(id))
+        .map(|id| {
+            let text = question_meta
+                .get(&id)
+                .cloned()
+                .unwrap_or_else(|| id.clone());
+            format!("{id}: {text}")
+        })
+        .collect()
+}
+
+pub(super) fn unresolved_failed_commands(checks_run: &[CheckRun]) -> Vec<String> {
+    let mut unresolved = Vec::new();
+    for (idx, run) in checks_run.iter().enumerate() {
+        if run.status != "failed" {
+            continue;
+        }
+        let resolved = checks_run
+            .iter()
+            .skip(idx + 1)
+            .any(|later| later.command == run.command && later.status == "passed");
+        if !resolved {
+            unresolved.push(run.command.clone());
+        }
+    }
+    dedupe_keep_order(&mut unresolved);
+    unresolved
+}
+
+pub(super) fn dedupe_keep_order(values: &mut Vec<String>) {
+    let mut seen = HashSet::new();
+    values.retain(|value| seen.insert(value.clone()));
+}
+
+pub(super) fn collect_undefined_fields(
+    objective_undefined_reason: Option<&str>,
+    execution_contract: &ExecutionContract,
+    evidence: &[EvidenceRef],
+) -> Vec<UndefinedField> {
+    let mut undefined = Vec::new();
+
+    if let Some(reason) = objective_undefined_reason {
+        undefined.push(UndefinedField {
+            path: "objective".to_string(),
+            undefined_reason: reason.to_string(),
+        });
+    }
+
+    if let Some(reason) = execution_contract
+        .rollback_hint_undefined_reason
+        .as_deref()
+        .or(execution_contract.rollback_hint_missing_reason.as_deref())
+    {
+        undefined.push(UndefinedField {
+            path: "execution_contract.rollback_hint".to_string(),
+            undefined_reason: reason.to_string(),
+        });
+    }
+
+    if evidence.is_empty() {
+        undefined.push(UndefinedField {
+            path: "evidence".to_string(),
+            undefined_reason:
+                "No objective/task/decision evidence could be mapped to source events.".to_string(),
+        });
+    }
+
+    undefined
+}
+
+fn event_source_type(event: &Event) -> String {
+    event
+        .source_raw_type()
+        .map(String::from)
+        .unwrap_or_else(|| match &event.event_type {
+            EventType::UserMessage => "UserMessage".to_string(),
+            EventType::AgentMessage => "AgentMessage".to_string(),
+            EventType::SystemMessage => "SystemMessage".to_string(),
+            EventType::Thinking => "Thinking".to_string(),
+            EventType::ToolCall { .. } => "ToolCall".to_string(),
+            EventType::ToolResult { .. } => "ToolResult".to_string(),
+            EventType::FileRead { .. } => "FileRead".to_string(),
+            EventType::CodeSearch { .. } => "CodeSearch".to_string(),
+            EventType::FileSearch { .. } => "FileSearch".to_string(),
+            EventType::FileEdit { .. } => "FileEdit".to_string(),
+            EventType::FileCreate { .. } => "FileCreate".to_string(),
+            EventType::FileDelete { .. } => "FileDelete".to_string(),
+            EventType::ShellCommand { .. } => "ShellCommand".to_string(),
+            EventType::ImageGenerate { .. } => "ImageGenerate".to_string(),
+            EventType::VideoGenerate { .. } => "VideoGenerate".to_string(),
+            EventType::AudioGenerate { .. } => "AudioGenerate".to_string(),
+            EventType::WebSearch { .. } => "WebSearch".to_string(),
+            EventType::WebFetch { .. } => "WebFetch".to_string(),
+            EventType::TaskStart { .. } => "TaskStart".to_string(),
+            EventType::TaskEnd { .. } => "TaskEnd".to_string(),
+            EventType::Custom { kind } => format!("Custom:{kind}"),
+        })
+}
diff --git a/crates/core/src/handoff/hail_export.rs b/crates/core/src/handoff/hail_export.rs
new file mode 100644
index 00000000..079a6b1e
--- /dev/null
+++ b/crates/core/src/handoff/hail_export.rs
@@ -0,0 +1,88 @@
+use std::collections::HashMap;
+
+use crate::extract::truncate_str;
+use crate::{Content, ContentBlock, Event, EventType, Session, SessionContext};
+
+/// Generate a summary HAIL session from an original session.
+///
+/// Filters events to only include important ones and truncates content.
+pub fn generate_handoff_hail(session: &Session) -> Session {
+    let mut summary_session = Session {
+        version: session.version.clone(),
+        session_id: format!("handoff-{}", session.session_id),
+        agent: session.agent.clone(),
+        context: SessionContext {
+            title: Some(format!(
+                "Handoff: {}",
+                session.context.title.as_deref().unwrap_or("(untitled)")
+            )),
+            description: session.context.description.clone(),
+            tags: {
+                let mut tags = session.context.tags.clone();
+                if !tags.contains(&"handoff".to_string()) {
+                    tags.push("handoff".to_string());
+                }
+                tags
+            },
+            created_at: session.context.created_at,
+            updated_at: chrono::Utc::now(),
+            related_session_ids: vec![session.session_id.clone()],
+            attributes: HashMap::new(),
+        },
+        events: Vec::new(),
+        stats: session.stats.clone(),
+    };
+
+    for event in &session.events {
+        let keep = matches!(
+            &event.event_type,
+            EventType::UserMessage
+                | EventType::AgentMessage
+                | EventType::FileEdit { .. }
+                | EventType::FileCreate { .. }
+                | EventType::FileDelete { .. }
+                | EventType::TaskStart { .. }
+                | EventType::TaskEnd { .. }
+        ) || matches!(&event.event_type, EventType::ShellCommand { exit_code, .. } if *exit_code != Some(0));
+
+        if !keep {
+            continue;
+        }
+
+        let truncated_blocks: Vec<ContentBlock> = event
+            .content
+            .blocks
+            .iter()
+            .map(|block| match block {
+                ContentBlock::Text { text } => ContentBlock::Text {
+                    text: truncate_str(text, 300),
+                },
+                ContentBlock::Code {
+                    code,
+                    language,
+                    start_line,
+                } => ContentBlock::Code {
+                    code: truncate_str(code, 300),
+                    language: language.clone(),
+                    start_line: *start_line,
+                },
+                other => other.clone(),
+            })
+            .collect();
+
+        summary_session.events.push(Event {
+            event_id: event.event_id.clone(),
+            timestamp: event.timestamp,
+            event_type: event.event_type.clone(),
+            task_id: event.task_id.clone(),
+            content: Content {
+                blocks: truncated_blocks,
+            },
+            duration_ms: event.duration_ms,
+            attributes: HashMap::new(),
+        });
+    }
+
+    summary_session.recompute_stats();
+    summary_session
+}
diff --git a/crates/core/src/handoff/markdown.rs b/crates/core/src/handoff/markdown.rs
new file mode 100644
index 00000000..f01b2bb7
--- /dev/null
+++ b/crates/core/src/handoff/markdown.rs
@@ -0,0 +1,392 @@
+use crate::extract::truncate_str;
+
+use super::{HandoffSummary, MergedHandoff, format_duration};
+
+/// Generate a v2 Markdown handoff document from a single session summary.
+pub fn generate_handoff_markdown_v2(summary: &HandoffSummary) -> String {
+    let mut md = String::new();
+    md.push_str("# Session Handoff\n\n");
+    append_v2_markdown_sections(&mut md, summary);
+    md
+}
+
+/// Generate a v2 Markdown handoff document from merged summaries.
+pub fn generate_merged_handoff_markdown_v2(merged: &MergedHandoff) -> String {
+    let mut md = String::new();
+    md.push_str("# Merged Session Handoff\n\n");
+    md.push_str(&format!(
+        "**Sessions:** {} | **Total Duration:** {}\n\n",
+        merged.source_session_ids.len(),
+        format_duration(merged.total_duration_seconds)
+    ));
+
+    for (idx, summary) in merged.summaries.iter().enumerate() {
+        md.push_str(&format!(
+            "---\n\n## Session {} — {}\n\n",
+            idx + 1,
+            summary.source_session_id
+        ));
+        append_v2_markdown_sections(&mut md, summary);
+        md.push('\n');
+    }
+
+    md
+}
+
+fn append_v2_markdown_sections(md: &mut String, summary: &HandoffSummary) {
+    md.push_str("## Objective\n");
+    md.push_str(&summary.objective);
+    md.push_str("\n\n");
+
+    md.push_str("## Current State\n");
+    md.push_str(&format!(
+        "- **Tool:** {} ({})\n- **Duration:** {}\n- **Messages:** {} | Tool calls: {} | Events: {}\n",
+        summary.tool,
+        summary.model,
+        format_duration(summary.duration_seconds),
+        summary.stats.message_count,
+        summary.stats.tool_call_count,
+        summary.stats.event_count
+    ));
+    if !summary.execution_contract.done_definition.is_empty() {
+        md.push_str("- **Done:**\n");
+        for done in &summary.execution_contract.done_definition {
+            md.push_str(&format!("  - {done}\n"));
+        }
+    }
+    if !summary.execution_contract.ordered_steps.is_empty() {
+        md.push_str("- **Execution Timeline (ordered):**\n");
+        for step in &summary.execution_contract.ordered_steps {
+            let started = step.started_at.as_deref().unwrap_or("?");
+            let completed = step.completed_at.as_deref().unwrap_or("-");
+            if step.depends_on.is_empty() {
+                md.push_str(&format!(
+                    "  - [{}] `{}` [{}] status={} start={} done={}\n",
+                    step.sequence,
+                    step.title,
+                    step.work_package_id,
+                    step.status,
+                    started,
+                    completed
+                ));
+            } else {
+                md.push_str(&format!(
+                    "  - [{}] `{}` [{}] status={} start={} done={} deps=[{}]\n",
+                    step.sequence,
+                    step.title,
+                    step.work_package_id,
+                    step.status,
+                    started,
+                    completed,
+                    step.depends_on.join(", ")
+                ));
+            }
+        }
+    }
+    md.push('\n');
+
+    md.push_str("## Next Actions (ordered)\n");
+    if summary.execution_contract.next_actions.is_empty() {
+        md.push_str("_(none)_\n");
+    } else {
+        for (idx, action) in summary.execution_contract.next_actions.iter().enumerate() {
+            md.push_str(&format!("{}. {}\n", idx + 1, action));
+        }
+    }
+    if !summary.execution_contract.parallel_actions.is_empty() {
+        md.push_str("\nParallelizable Work Packages:\n");
+        for action in &summary.execution_contract.parallel_actions {
+            md.push_str(&format!("- {action}\n"));
+        }
+    }
+    md.push('\n');
+
+    md.push_str("## Verification\n");
+    if summary.verification.checks_run.is_empty() {
+        md.push_str("- checks_run: _(none)_\n");
+    } else {
+        for check in &summary.verification.checks_run {
+            let code = check
+                .exit_code
+                .map(|c| c.to_string())
+                .unwrap_or_else(|| "?".to_string());
+            md.push_str(&format!(
+                "- [{}] `{}` (exit: {}, event: {})\n",
+                check.status, check.command, code, check.event_id
+            ));
+        }
+    }
+    if !summary.verification.required_checks_missing.is_empty() {
+        md.push_str("- required_checks_missing:\n");
+        for item in &summary.verification.required_checks_missing {
+            md.push_str(&format!("  - {item}\n"));
+        }
+    }
+    md.push('\n');
+
+    md.push_str("## Blockers / Decisions\n");
+    if summary.uncertainty.decision_required.is_empty()
+        && summary.uncertainty.open_questions.is_empty()
+    {
+        md.push_str("_(none)_\n");
+    } else {
+        for item in &summary.uncertainty.decision_required {
+            md.push_str(&format!("- {item}\n"));
+        }
+        if !summary.uncertainty.open_questions.is_empty() {
+            md.push_str("- open_questions:\n");
+            for item in &summary.uncertainty.open_questions {
+                md.push_str(&format!("  - {item}\n"));
+            }
+        }
+    }
+    md.push('\n');
+
+    md.push_str("## Evidence Index\n");
+    if summary.evidence.is_empty() {
+        md.push_str("_(none)_\n");
+    } else {
+        for evidence in &summary.evidence {
+            md.push_str(&format!(
+                "- `{}` {} ({}, {}, {})\n",
+                evidence.id,
+                evidence.claim,
+                evidence.event_id,
+                evidence.source_type,
+                evidence.timestamp
+            ));
+        }
+    }
+    md.push('\n');
+
+    md.push_str("## Conversations\n");
+    if summary.key_conversations.is_empty() {
+        md.push_str("_(none)_\n");
+    } else {
+        for (idx, conversation) in summary.key_conversations.iter().enumerate() {
+            md.push_str(&format!(
+                "### {}. User\n{}\n\n### {}. Agent\n{}\n\n",
+                idx + 1,
+                truncate_str(&conversation.user, 300),
+                idx + 1,
+                truncate_str(&conversation.agent, 300)
+            ));
+        }
+    }
+
+    md.push_str("## User Messages\n");
+    if summary.user_messages.is_empty() {
+        md.push_str("_(none)_\n");
+    } else {
+        for (idx, message) in summary.user_messages.iter().enumerate() {
+            md.push_str(&format!("{}. {}\n", idx + 1, truncate_str(message, 150)));
+        }
+    }
+}
+
+/// Generate a Markdown handoff document from a single session summary.
+pub fn generate_handoff_markdown(summary: &HandoffSummary) -> String {
+    const MAX_TASK_SUMMARIES_DISPLAY: usize = 5;
+    let mut md = String::new();
+
+    md.push_str("# Session Handoff\n\n");
+
+    md.push_str("## Objective\n");
+    md.push_str(&summary.objective);
+    md.push_str("\n\n");
+
+    md.push_str("## Summary\n");
+    md.push_str(&format!(
+        "- **Tool:** {} ({})\n",
+        summary.tool, summary.model
+    ));
+    md.push_str(&format!(
+        "- **Duration:** {}\n",
+        format_duration(summary.duration_seconds)
+    ));
+    md.push_str(&format!(
+        "- **Messages:** {} | Tool calls: {} | Events: {}\n",
+        summary.stats.message_count, summary.stats.tool_call_count, summary.stats.event_count
+    ));
+    md.push('\n');
+
+    if !summary.task_summaries.is_empty() {
+        md.push_str("## Task Summaries\n");
+        for (idx, task_summary) in summary
+            .task_summaries
+            .iter()
+            .take(MAX_TASK_SUMMARIES_DISPLAY)
+            .enumerate()
+        {
+            md.push_str(&format!("{}. {}\n", idx + 1, task_summary));
+        }
+        if summary.task_summaries.len() > MAX_TASK_SUMMARIES_DISPLAY {
+            md.push_str(&format!(
+                "- ... and {} more\n",
+                summary.task_summaries.len() - MAX_TASK_SUMMARIES_DISPLAY
+            ));
+        }
+        md.push('\n');
+    }
+
+    if !summary.files_modified.is_empty() {
+        md.push_str("## Files Modified\n");
+        for file_change in &summary.files_modified {
+            md.push_str(&format!(
+                "- `{}` ({})\n",
+                file_change.path, file_change.action
+            ));
+        }
+        md.push('\n');
+    }
+
+    if !summary.files_read.is_empty() {
+        md.push_str("## Files Read\n");
+        for path in &summary.files_read {
+            md.push_str(&format!("- `{path}`\n"));
+        }
+        md.push('\n');
+    }
+
+    if !summary.shell_commands.is_empty() {
+        md.push_str("## Shell Commands\n");
+        for command in &summary.shell_commands {
+            let code_str = match command.exit_code {
+                Some(code) => code.to_string(),
+                None => "?".to_string(),
+            };
+            md.push_str(&format!(
+                "- `{}` → {}\n",
+                truncate_str(&command.command, 80),
+                code_str
+            ));
+        }
+        md.push('\n');
+    }
+
+    if !summary.errors.is_empty() {
+        md.push_str("## Errors\n");
+        for error in &summary.errors {
+            md.push_str(&format!("- {error}\n"));
+        }
+        md.push('\n');
+    }
+
+    if !summary.key_conversations.is_empty() {
+        md.push_str("## Key Conversations\n");
+        for (idx, conversation) in summary.key_conversations.iter().enumerate() {
+            md.push_str(&format!(
+                "### {}. User\n{}\n\n### {}. Agent\n{}\n\n",
+                idx + 1,
+                truncate_str(&conversation.user, 300),
+                idx + 1,
+                truncate_str(&conversation.agent, 300),
+            ));
+        }
+    }
+
+    if summary.key_conversations.is_empty() && !summary.user_messages.is_empty() {
+        md.push_str("## User Messages\n");
+        for (idx, message) in summary.user_messages.iter().enumerate() {
+            md.push_str(&format!("{}. {}\n", idx + 1, truncate_str(message, 150)));
+        }
+        md.push('\n');
+    }
+
+    md
+}
+
+/// Generate a Markdown handoff document from a merged multi-session handoff.
+pub fn generate_merged_handoff_markdown(merged: &MergedHandoff) -> String {
+    const MAX_TASK_SUMMARIES_DISPLAY: usize = 3;
+    let mut md = String::new();
+
+    md.push_str("# Merged Session Handoff\n\n");
+    md.push_str(&format!(
+        "**Sessions:** {} | **Total Duration:** {}\n\n",
+        merged.source_session_ids.len(),
+        format_duration(merged.total_duration_seconds)
+    ));
+
+    for (idx, summary) in merged.summaries.iter().enumerate() {
+        md.push_str(&format!(
+            "---\n\n## Session {} — {}\n\n",
+            idx + 1,
+            summary.source_session_id
+        ));
+        md.push_str(&format!("**Objective:** {}\n\n", summary.objective));
+        md.push_str(&format!(
+            "- **Tool:** {} ({}) | **Duration:** {}\n",
+            summary.tool,
+            summary.model,
+            format_duration(summary.duration_seconds)
+        ));
+        md.push_str(&format!(
+            "- **Messages:** {} | Tool calls: {} | Events: {}\n\n",
+            summary.stats.message_count, summary.stats.tool_call_count, summary.stats.event_count
+        ));
+
+        if !summary.task_summaries.is_empty() {
+            md.push_str("### Task Summaries\n");
+            for (task_idx, task_summary) in summary
+                .task_summaries
+                .iter()
+                .take(MAX_TASK_SUMMARIES_DISPLAY)
+                .enumerate()
+            {
+                md.push_str(&format!("{}. {}\n", task_idx + 1, task_summary));
+            }
+            if summary.task_summaries.len() > MAX_TASK_SUMMARIES_DISPLAY {
+                md.push_str(&format!(
+                    "- ... and {} more\n",
+                    summary.task_summaries.len() - MAX_TASK_SUMMARIES_DISPLAY
+                ));
+            }
+            md.push('\n');
+        }
+
+        if !summary.key_conversations.is_empty() {
+            md.push_str("### Conversations\n");
+            for (conversation_idx, conversation) in summary.key_conversations.iter().enumerate() {
+                md.push_str(&format!(
+                    "**{}. User:** {}\n\n**{}. Agent:** {}\n\n",
+                    conversation_idx + 1,
+                    truncate_str(&conversation.user, 200),
+                    conversation_idx + 1,
+                    truncate_str(&conversation.agent, 200),
+                ));
+            }
+        }
+    }
+
+    md.push_str("---\n\n## All Files Modified\n");
+    if merged.all_files_modified.is_empty() {
+        md.push_str("_(none)_\n");
+    } else {
+        for file_change in &merged.all_files_modified {
+            md.push_str(&format!(
+                "- `{}` ({})\n",
+                file_change.path, file_change.action
+            ));
+        }
+    }
+    md.push('\n');
+
+    if !merged.all_files_read.is_empty() {
+        md.push_str("## All Files Read\n");
+        for path in &merged.all_files_read {
+            md.push_str(&format!("- `{path}`\n"));
+        }
+        md.push('\n');
+    }
+
+    if !merged.total_errors.is_empty() {
+        md.push_str("## All Errors\n");
+        for error in &merged.total_errors {
+            md.push_str(&format!("- {error}\n"));
+        }
+        md.push('\n');
+    }
+
+    md
+}
diff --git a/crates/core/src/handoff/merge.rs b/crates/core/src/handoff/merge.rs
new file mode 100644
index 00000000..8a699bdf
--- /dev/null
+++ b/crates/core/src/handoff/merge.rs
@@ -0,0 +1,58 @@
+use std::collections::{HashMap, HashSet};
+
+use super::{FileChange, HandoffSummary, MergedHandoff};
+
+/// Merge multiple session summaries into a single handoff context.
+pub fn merge_summaries(summaries: &[HandoffSummary]) -> MergedHandoff {
+    let session_ids: Vec<String> = summaries
+        .iter()
+        .map(|summary| summary.source_session_id.clone())
+        .collect();
+    let total_duration: u64 = summaries
+        .iter()
+        .map(|summary| summary.duration_seconds)
+        .sum();
+    let total_errors: Vec<String> = summaries
+        .iter()
+        .flat_map(|summary| {
+            summary
+                .errors
+                .iter()
+                .map(move |err| format!("[{}] {}", summary.source_session_id, err))
+        })
+        .collect();
+
+    let all_modified: HashMap<String, &str> = summaries
+        .iter()
+        .flat_map(|summary| &summary.files_modified)
+        .fold(HashMap::new(), |mut map, file_change| {
+            map.entry(file_change.path.clone())
+                .or_insert(file_change.action);
+            map
+        });
+
+    let mut sorted_read: Vec<String> = summaries
+        .iter()
+        .flat_map(|summary| &summary.files_read)
+        .filter(|path| !all_modified.contains_key(path.as_str()))
+        .cloned()
+        .collect::<HashSet<_>>()
+        .into_iter()
+        .collect();
+    sorted_read.sort();
+
+    let mut sorted_modified: Vec<FileChange> = all_modified
+        .into_iter()
+        .map(|(path, action)| FileChange { path, action })
+        .collect();
+    sorted_modified.sort_by(|left, right| left.path.cmp(&right.path));
+
+    MergedHandoff {
+        source_session_ids: session_ids,
+        summaries: summaries.to_vec(),
+        all_files_modified: sorted_modified,
+        all_files_read: sorted_read,
+        total_duration_seconds: total_duration,
+        total_errors,
+    }
+}
diff --git a/crates/core/src/handoff/tests.rs b/crates/core/src/handoff/tests.rs
new file mode 100644
index 00000000..0a60443d
--- /dev/null
+++ b/crates/core/src/handoff/tests.rs
@@ -0,0 +1,803 @@
+use super::*;
+use crate::{Agent, testing};
+
+fn make_agent() -> Agent {
+    testing::agent()
+}
+
+fn make_event(event_type: EventType, text: &str) -> Event {
+    testing::event(event_type, text)
+}
+
+#[test]
+fn test_format_duration() {
+    assert_eq!(format_duration(0), "0s");
+    assert_eq!(format_duration(45), "45s");
+    assert_eq!(format_duration(90), "1m 30s");
+    assert_eq!(format_duration(750), "12m 30s");
+    assert_eq!(format_duration(3661), "1h 1m 1s");
+}
+
+#[test]
+fn test_handoff_summary_from_session() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session.stats = Stats {
+        event_count: 10,
+        message_count: 3,
+        tool_call_count: 5,
+        duration_seconds: 750,
+        ..Default::default()
+    };
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Fix the build error"));
+    session
+        .events
+        .push(make_event(EventType::AgentMessage, "I'll fix it now"));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "src/main.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::FileRead {
+            path: "Cargo.toml".to_string(),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo build".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some("Build now passes in local env".to_string()),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+
+    assert_eq!(summary.source_session_id, "test-id");
+    assert_eq!(summary.objective, "Fix the build error");
+    assert_eq!(summary.files_modified.len(), 1);
+    assert_eq!(summary.files_modified[0].path, "src/main.rs");
+    assert_eq!(summary.files_modified[0].action, "edited");
+    assert_eq!(summary.files_read, vec!["Cargo.toml"]);
+    assert_eq!(summary.shell_commands.len(), 1);
+    assert_eq!(
+        summary.task_summaries,
+        vec!["Build now passes in local env".to_string()]
+    );
+    assert_eq!(summary.key_conversations.len(), 1);
+    assert_eq!(summary.key_conversations[0].user, "Fix the build error");
+    assert_eq!(summary.key_conversations[0].agent, "I'll fix it now");
+}
+
+#[test]
+fn test_handoff_objective_falls_back_to_task_title() {
+    let mut session = Session::new("task-title-fallback".to_string(), make_agent());
+    session.context.title = Some("session-019c-example.jsonl".to_string());
+    session.events.push(make_event(
+        EventType::TaskStart {
+            title: Some("Refactor auth middleware for oauth callback".to_string()),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(
+        summary.objective,
+        "Refactor auth middleware for oauth callback"
+    );
+}
+
+#[test]
+fn test_handoff_task_summaries_are_deduplicated() {
+    let mut session = Session::new("task-summary-dedupe".to_string(), make_agent());
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some("Add worker profile guard".to_string()),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some(" ".to_string()),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some("Add worker profile guard".to_string()),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some("Hide teams nav for worker profile".to_string()),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(
+        summary.task_summaries,
+        vec![
+            "Add worker profile guard".to_string(),
+            "Hide teams nav for worker profile".to_string()
+        ]
+    );
+}
+
+#[test]
+fn test_files_read_excludes_modified() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test"));
+    session.events.push(make_event(
+        EventType::FileRead {
+            path: "src/main.rs".to_string(),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "src/main.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::FileRead {
+            path: "README.md".to_string(),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(summary.files_read, vec!["README.md"]);
+    assert_eq!(summary.files_modified.len(), 1);
+}
+
+#[test]
+fn test_file_create_not_overwritten_by_edit() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test"));
+    session.events.push(make_event(
+        EventType::FileCreate {
+            path: "new_file.rs".to_string(),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "new_file.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(summary.files_modified[0].action, "created");
+}
+
+#[test]
+fn test_shell_error_captured() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test"));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo test".to_string(),
+            exit_code: Some(1),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(summary.errors.len(), 1);
+    assert!(summary.errors[0].contains("cargo test"));
+}
+
+#[test]
+fn test_generate_handoff_markdown() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session.stats = Stats {
+        event_count: 10,
+        message_count: 3,
+        tool_call_count: 5,
+        duration_seconds: 750,
+        ..Default::default()
+    };
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Fix the build error"));
+    session
+        .events
+        .push(make_event(EventType::AgentMessage, "I'll fix it now"));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "src/main.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo build".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::TaskEnd {
+            summary: Some("Compile error fixed by updating trait bounds".to_string()),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    let md = generate_handoff_markdown(&summary);
+
+    assert!(md.contains("# Session Handoff"));
+    assert!(md.contains("Fix the build error"));
+    assert!(md.contains("claude-code (claude-opus-4-6)"));
+    assert!(md.contains("12m 30s"));
+    assert!(md.contains("## Task Summaries"));
+    assert!(md.contains("Compile error fixed by updating trait bounds"));
+    assert!(md.contains("`src/main.rs` (edited)"));
+    assert!(md.contains("`cargo build` → 0"));
+    assert!(md.contains("## Key Conversations"));
+}
+
+#[test]
+fn test_merge_summaries() {
+    let mut s1 = Session::new("session-a".to_string(), make_agent());
+    s1.stats.duration_seconds = 100;
+    s1.events.push(make_event(EventType::UserMessage, "task A"));
+    s1.events.push(make_event(
+        EventType::FileEdit {
+            path: "a.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+
+    let mut s2 = Session::new("session-b".to_string(), make_agent());
+    s2.stats.duration_seconds = 200;
+    s2.events.push(make_event(EventType::UserMessage, "task B"));
+    s2.events.push(make_event(
+        EventType::FileEdit {
+            path: "b.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+
+    let sum1 = HandoffSummary::from_session(&s1);
+    let sum2 = HandoffSummary::from_session(&s2);
+    let merged = merge_summaries(&[sum1, sum2]);
+
+    assert_eq!(merged.source_session_ids.len(), 2);
+    assert_eq!(merged.total_duration_seconds, 300);
+    assert_eq!(merged.all_files_modified.len(), 2);
+}
+
+#[test]
+fn test_generate_handoff_hail() {
+    let mut session = Session::new("test-id".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Hello"));
+    session
+        .events
+        .push(make_event(EventType::AgentMessage, "Hi there"));
+    session.events.push(make_event(
+        EventType::FileRead {
+            path: "foo.rs".to_string(),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "foo.rs".to_string(),
+            diff: Some("+added line".to_string()),
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo build".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    ));
+
+    let hail = generate_handoff_hail(&session);
+
+    assert!(hail.session_id.starts_with("handoff-"));
+    assert_eq!(hail.context.related_session_ids, vec!["test-id"]);
+    assert!(hail.context.tags.contains(&"handoff".to_string()));
+    assert_eq!(hail.events.len(), 3);
+    let jsonl = hail.to_jsonl().unwrap();
+    let parsed = Session::from_jsonl(&jsonl).unwrap();
+    assert_eq!(parsed.session_id, hail.session_id);
+}
+
+#[test]
+fn test_generate_handoff_markdown_v2_section_order() {
+    let mut session = Session::new("v2-sections".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Implement handoff v2"));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "crates/core/src/handoff.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo test".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    let md = generate_handoff_markdown_v2(&summary);
+
+    let order = [
+        "## Objective",
+        "## Current State",
+        "## Next Actions (ordered)",
+        "## Verification",
+        "## Blockers / Decisions",
+        "## Evidence Index",
+        "## Conversations",
+        "## User Messages",
+    ];
+
+    let mut last_idx = 0usize;
+    for section in order {
+        let idx = md.find(section).unwrap();
+        assert!(
+            idx >= last_idx,
+            "section order mismatch for {section}: idx={idx}, last={last_idx}"
+        );
+        last_idx = idx;
+    }
+}
+
+#[test]
+fn test_execution_contract_and_verification_from_failed_command() {
+    let mut session = Session::new("failed-check".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Fix failing tests"));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "src/lib.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo test".to_string(),
+            exit_code: Some(1),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert!(
+        summary
+            .verification
+            .checks_failed
+            .contains(&"cargo test".to_string())
+    );
+    assert!(
+        summary
+            .execution_contract
+            .next_actions
+            .iter()
+            .any(|action| action.contains("cargo test"))
+    );
+    assert_eq!(
+        summary.execution_contract.ordered_commands.first(),
+        Some(&"cargo test".to_string())
+    );
+    assert!(summary.execution_contract.parallel_actions.is_empty());
+    assert!(summary.execution_contract.rollback_hint.is_none());
+    assert!(
+        summary
+            .execution_contract
+            .rollback_hint_missing_reason
+            .is_some()
+    );
+    assert!(
+        summary
+            .execution_contract
+            .rollback_hint_undefined_reason
+            .is_some()
+    );
+}
+
+#[test]
+fn test_validate_handoff_summary_flags_missing_objective() {
+    let session = Session::new("missing-objective".to_string(), make_agent());
+    let summary = HandoffSummary::from_session(&session);
+    assert!(summary.objective_undefined_reason.is_some());
+    assert!(
+        summary
+            .undefined_fields
+            .iter()
+            .any(|field| field.path == "objective")
+    );
+    let report = validate_handoff_summary(&summary);
+
+    assert!(!report.passed);
+    assert!(
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.code == "objective_missing")
+    );
+}
+
+#[test]
+fn test_validate_handoff_summary_flags_cycle() {
+    let mut session = Session::new("cycle-case".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test"));
+    let mut summary = HandoffSummary::from_session(&session);
+    summary.work_packages = vec![
+        WorkPackage {
+            id: "a".to_string(),
+            title: "A".to_string(),
+            status: "pending".to_string(),
+            sequence: 1,
+            started_at: None,
+            completed_at: None,
+            outcome: None,
+            depends_on: vec!["b".to_string()],
+            files: Vec::new(),
+            commands: Vec::new(),
+            evidence_refs: Vec::new(),
+        },
+        WorkPackage {
+            id: "b".to_string(),
+            title: "B".to_string(),
+            status: "pending".to_string(),
+            sequence: 2,
+            started_at: None,
+            completed_at: None,
+            outcome: None,
+            depends_on: vec!["a".to_string()],
+            files: Vec::new(),
+            commands: Vec::new(),
+            evidence_refs: Vec::new(),
+        },
+    ];
+
+    let report = validate_handoff_summary(&summary);
+    assert!(
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.code == "work_package_cycle")
+    );
+}
+
+#[test]
+fn test_validate_handoff_summary_requires_next_actions_for_failed_checks() {
+    let mut session = Session::new("missing-next-action".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test"));
+    let mut summary = HandoffSummary::from_session(&session);
+    summary.verification.checks_run = vec![CheckRun {
+        command: "cargo test".to_string(),
+        status: "failed".to_string(),
+        exit_code: Some(1),
+        event_id: "evt-1".to_string(),
+    }];
+    summary.execution_contract.next_actions.clear();
+
+    let report = validate_handoff_summary(&summary);
+    assert!(
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.code == "next_actions_missing")
+    );
+}
+
+#[test]
+fn test_validate_handoff_summary_flags_missing_objective_evidence() {
+    let mut session = Session::new("missing-objective-evidence".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "keep objective"));
+    let mut summary = HandoffSummary::from_session(&session);
+    summary.evidence = vec![EvidenceRef {
+        id: "evidence-1".to_string(),
+        claim: "task_done: something".to_string(),
+        event_id: "evt".to_string(),
+        timestamp: "2026-02-01T00:00:00Z".to_string(),
+        source_type: "TaskEnd".to_string(),
+    }];
+
+    let report = validate_handoff_summary(&summary);
+    assert!(
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.code == "objective_evidence_missing")
+    );
+}
+
+#[test]
+fn test_execution_contract_includes_parallel_actions_for_independent_work_packages() {
+    let mut session = Session::new("parallel-actions".to_string(), make_agent());
+    session.events.push(make_event(
+        EventType::UserMessage,
+        "Refactor two independent modules",
+    ));
+
+    let mut auth_start = make_event(
+        EventType::TaskStart {
+            title: Some("Refactor auth".to_string()),
+        },
+        "",
+    );
+    auth_start.task_id = Some("auth".to_string());
+    session.events.push(auth_start);
+
+    let mut auth_edit = make_event(
+        EventType::FileEdit {
+            path: "src/auth.rs".to_string(),
+            diff: None,
+        },
+        "",
+    );
+    auth_edit.task_id = Some("auth".to_string());
+    session.events.push(auth_edit);
+
+    let mut billing_start = make_event(
+        EventType::TaskStart {
+            title: Some("Refactor billing".to_string()),
+        },
+        "",
+    );
+    billing_start.task_id = Some("billing".to_string());
+    session.events.push(billing_start);
+
+    let mut billing_edit = make_event(
+        EventType::FileEdit {
+            path: "src/billing.rs".to_string(),
+            diff: None,
+        },
+        "",
+    );
+    billing_edit.task_id = Some("billing".to_string());
+    session.events.push(billing_edit);
+
+    let summary = HandoffSummary::from_session(&session);
+    assert!(
+        summary
+            .execution_contract
+            .parallel_actions
+            .iter()
+            .any(|action| action.contains("auth"))
+    );
+    assert!(
+        summary
+            .execution_contract
+            .parallel_actions
+            .iter()
+            .any(|action| action.contains("billing"))
+    );
+    let md = generate_handoff_markdown_v2(&summary);
+    assert!(md.contains("Parallelizable Work Packages"));
+}
+
+#[test]
+fn test_done_definition_prefers_material_signals() {
+    let mut session = Session::new("material-signals".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Implement feature X"));
+    session.events.push(make_event(
+        EventType::FileEdit {
+            path: "src/lib.rs".to_string(),
+            diff: None,
+        },
+        "",
+    ));
+    session.events.push(make_event(
+        EventType::ShellCommand {
+            command: "cargo test".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    ));
+
+    let summary = HandoffSummary::from_session(&session);
+    assert!(
+        summary
+            .execution_contract
+            .done_definition
+            .iter()
+            .any(|item| item.contains("Verification passed: `cargo test`"))
+    );
+    assert!(
+        summary
+            .execution_contract
+            .done_definition
+            .iter()
+            .any(|item| item.contains("Changed 1 file(s): `src/lib.rs`"))
+    );
+    assert!(
+        summary
+            .execution_contract
+            .ordered_steps
+            .iter()
+            .any(|step| step.work_package_id == "main")
+    );
+}
+
+#[test]
+fn test_ordered_steps_keep_temporal_and_task_context() {
+    let mut session = Session::new("ordered-steps".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "Process two tasks"));
+
+    let mut task1_start = make_event(
+        EventType::TaskStart {
+            title: Some("Prepare migration".to_string()),
+        },
+        "",
+    );
+    task1_start.task_id = Some("task-1".to_string());
+    session.events.push(task1_start);
+
+    let mut task1_end = make_event(
+        EventType::TaskEnd {
+            summary: Some("Migration script prepared".to_string()),
+        },
+        "",
+    );
+    task1_end.task_id = Some("task-1".to_string());
+    session.events.push(task1_end);
+
+    let mut task2_start = make_event(
+        EventType::TaskStart {
+            title: Some("Run verification".to_string()),
+        },
+        "",
+    );
+    task2_start.task_id = Some("task-2".to_string());
+    session.events.push(task2_start);
+
+    let mut task2_cmd = make_event(
+        EventType::ShellCommand {
+            command: "cargo test".to_string(),
+            exit_code: Some(0),
+        },
+        "",
+    );
+    task2_cmd.task_id = Some("task-2".to_string());
+    session.events.push(task2_cmd);
+
+    let summary = HandoffSummary::from_session(&session);
+    let steps = &summary.execution_contract.ordered_steps;
+    assert_eq!(steps.len(), 2);
+    assert!(steps[0].sequence < steps[1].sequence);
+    assert_eq!(steps[0].work_package_id, "task-1");
+    assert_eq!(steps[1].work_package_id, "task-2");
+    assert!(steps[0].completed_at.is_some());
+    assert!(
+        summary
+            .work_packages
+            .iter()
+            .find(|pkg| pkg.id == "task-1")
+            .and_then(|pkg| pkg.outcome.as_deref())
+            .is_some()
+    );
+}
+
+#[test]
+fn test_validate_handoff_summary_flags_inconsistent_ordered_steps() {
+    let mut session = Session::new("invalid-ordered-steps".to_string(), make_agent());
+    session
+        .events
+        .push(make_event(EventType::UserMessage, "test ordered steps"));
+    let mut summary = HandoffSummary::from_session(&session);
+    summary.work_packages = vec![WorkPackage {
+        id: "main".to_string(),
+        title: "Main flow".to_string(),
+        status: "completed".to_string(),
+        sequence: 1,
+        started_at: Some("2026-02-19T00:00:00Z".to_string()),
+        completed_at: Some("2026-02-19T00:01:00Z".to_string()),
+        outcome: Some("done".to_string()),
+        depends_on: Vec::new(),
+        files: vec!["src/lib.rs".to_string()],
+        commands: Vec::new(),
+        evidence_refs: Vec::new(),
+    }];
+    summary.execution_contract.ordered_steps = vec![OrderedStep {
+        sequence: 1,
+        work_package_id: "missing".to_string(),
+        title: "missing".to_string(),
+        status: "completed".to_string(),
+        depends_on: Vec::new(),
+        started_at: Some("2026-02-19T00:00:00Z".to_string()),
+        completed_at: Some("2026-02-19T00:01:00Z".to_string()),
+        evidence_refs: Vec::new(),
+    }];
+
+    let report = validate_handoff_summary(&summary);
+    assert!(
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.code == "ordered_steps_inconsistent")
+    );
+}
+
+#[test]
+fn test_message_and_conversation_collections_are_condensed() {
+    let mut session = Session::new("condense".to_string(), make_agent());
+
+    for idx in 0..24 {
+        session
+            .events
+            .push(make_event(EventType::UserMessage, &format!("user-{idx}")));
+        session
+            .events
+            .push(make_event(EventType::AgentMessage, &format!("agent-{idx}")));
+    }
+
+    let summary = HandoffSummary::from_session(&session);
+    assert_eq!(summary.user_messages.len(), MAX_USER_MESSAGES);
+    assert_eq!(
+        summary.user_messages.first().map(String::as_str),
+        Some("user-0")
+    );
+    assert_eq!(
+        summary.user_messages.last().map(String::as_str),
+        Some("user-23")
+    );
+
+    assert_eq!(summary.key_conversations.len(), MAX_KEY_CONVERSATIONS);
+    assert_eq!(
+        summary
+            .key_conversations
+            .first()
+            .map(|conversation| conversation.user.as_str()),
+        Some("user-0")
+    );
+    assert_eq!(
+        summary
+            .key_conversations
+            .last()
+            .map(|conversation| conversation.user.as_str()),
+        Some("user-23")
+    );
+}
diff --git a/crates/core/src/handoff/validation.rs b/crates/core/src/handoff/validation.rs
new file mode 100644
index 00000000..db9fe7f1
--- /dev/null
+++ b/crates/core/src/handoff/validation.rs
@@ -0,0 +1,194 @@
+use std::collections::{HashMap, HashSet};
+
+use super::execution::{is_material_work_package, unresolved_failed_commands};
+use super::{HandoffSummary, OrderedStep, WorkPackage};
+
+#[derive(Debug, Clone, serde::Serialize)]
+pub struct ValidationFinding {
+    pub code: String,
+    pub severity: String,
+    pub message: String,
+}
+
+#[derive(Debug, Clone, serde::Serialize)]
+pub struct HandoffValidationReport {
+    pub session_id: String,
+    pub passed: bool,
+    pub findings: Vec<ValidationFinding>,
+}
+
+pub fn validate_handoff_summary(summary: &HandoffSummary) -> HandoffValidationReport {
+    let mut findings = Vec::new();
+
+    if summary.objective.trim().is_empty() || summary.objective == "(objective unavailable)" {
+        findings.push(ValidationFinding {
+            code: "objective_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "Objective is unavailable.".to_string(),
+        });
+    }
+
+    let unresolved_failures = unresolved_failed_commands(&summary.verification.checks_run);
+    if !unresolved_failures.is_empty() && summary.execution_contract.next_actions.is_empty() {
+        findings.push(ValidationFinding {
+            code: "next_actions_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "Unresolved failed checks exist but no next action was generated.".to_string(),
+        });
+    }
+
+    if !summary.files_modified.is_empty() && summary.verification.checks_run.is_empty() {
+        findings.push(ValidationFinding {
+            code: "verification_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "Files were modified but no verification check was recorded.".to_string(),
+        });
+    }
+
+    if summary.evidence.is_empty() {
+        findings.push(ValidationFinding {
+            code: "evidence_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "No evidence references were generated.".to_string(),
+        });
+    } else if !summary
+        .evidence
+        .iter()
+        .any(|evidence| evidence.claim.starts_with("objective:"))
+    {
+        findings.push(ValidationFinding {
+            code: "objective_evidence_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "Objective exists but objective evidence is missing.".to_string(),
+        });
+    }
+
+    if has_work_package_cycle(&summary.work_packages) {
+        findings.push(ValidationFinding {
+            code: "work_package_cycle".to_string(),
+            severity: "error".to_string(),
+            message: "work_packages.depends_on contains a cycle.".to_string(),
+        });
+    }
+
+    let has_material_packages = summary.work_packages.iter().any(is_material_work_package);
+    if has_material_packages && summary.execution_contract.ordered_steps.is_empty() {
+        findings.push(ValidationFinding {
+            code: "ordered_steps_missing".to_string(),
+            severity: "warning".to_string(),
+            message: "Material work packages exist but execution_contract.ordered_steps is empty."
+                .to_string(),
+        });
+    } else if !ordered_steps_are_consistent(
+        &summary.execution_contract.ordered_steps,
+        &summary.work_packages,
+    ) {
+        findings.push(ValidationFinding {
+            code: "ordered_steps_inconsistent".to_string(),
+            severity: "error".to_string(),
+            message:
+                "execution_contract.ordered_steps is not temporally or referentially consistent."
+                    .to_string(),
+        });
+    }
+
+    HandoffValidationReport {
+        session_id: summary.source_session_id.clone(),
+        passed: findings.is_empty(),
+        findings,
+    }
+}
+
+pub fn validate_handoff_summaries(summaries: &[HandoffSummary]) -> Vec<HandoffValidationReport> {
+    summaries.iter().map(validate_handoff_summary).collect()
+}
+
+fn has_work_package_cycle(packages: &[WorkPackage]) -> bool {
+    let mut state: HashMap<&str, u8> = HashMap::new();
+    let deps: HashMap<&str, Vec<&str>> = packages
+        .iter()
+        .map(|pkg| {
+            (
+                pkg.id.as_str(),
+                pkg.depends_on
+                    .iter()
+                    .map(String::as_str)
+                    .collect::<Vec<_>>(),
+            )
+        })
+        .collect();
+
+    fn dfs<'a>(
+        node: &'a str,
+        state: &mut HashMap<&'a str, u8>,
+        deps: &HashMap<&'a str, Vec<&'a str>>,
+    ) -> bool {
+        match state.get(node).copied() {
+            Some(1) => return true,
+            Some(2) => return false,
+            _ => {}
+        }
+        state.insert(node, 1);
+        if let Some(children) = deps.get(node) {
+            for child in children {
+                if !deps.contains_key(child) {
+                    continue;
+                }
+                if dfs(child, state, deps) {
+                    return true;
+                }
+            }
+        }
+        state.insert(node, 2);
+        false
+    }
+
+    for node in deps.keys().copied() {
+        if dfs(node, &mut state, &deps) {
+            return true;
+        }
+    }
+    false
+}
+
+fn ordered_steps_are_consistent(steps: &[OrderedStep], work_packages: &[WorkPackage]) -> bool {
+    if steps.is_empty() {
+        return true;
+    }
+
+    if !steps
+        .windows(2)
+        .all(|pair| pair[0].sequence < pair[1].sequence)
+    {
+        return false;
+    }
+
+    let known_ids = work_packages
+        .iter()
+        .map(|pkg| pkg.id.as_str())
+        .collect::<HashSet<_>>();
+    if !steps
+        .iter()
+        .all(|step| known_ids.contains(step.work_package_id.as_str()))
+    {
+        return false;
+    }
+
+    let is_monotonic_time = |left: Option<&str>, right: Option<&str>| -> bool {
+        match (left, right) {
+            (Some(left), Some(right)) => {
+                let left = chrono::DateTime::parse_from_rfc3339(left).ok();
+                let right = chrono::DateTime::parse_from_rfc3339(right).ok();
+                match (left, right) {
+                    (Some(left), Some(right)) => left <= right,
+                    _ => false,
+                }
+            }
+            _ => true,
+        }
+    };
+
+    steps
+        .windows(2)
+        .all(|pair| is_monotonic_time(pair[0].started_at.as_deref(), pair[1].started_at.as_deref()))
+}
diff --git a/desktop/src-tauri/src/app/handoff.rs b/desktop/src-tauri/src/app/handoff.rs
new file mode 100644
index 00000000..a3736f0f
--- /dev/null
+++ b/desktop/src-tauri/src/app/handoff.rs
@@ -0,0 +1,480 @@
+use super::change_reader::require_non_empty_request_field;
+use opensession_api::{
+    DesktopHandoffBuildRequest, DesktopHandoffBuildResponse, DesktopQuickShareRequest,
+    DesktopQuickShareResponse,
+};
+use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
+use opensession_core::object_store::{
+    find_repo_root, global_store_root, sha256_hex, store_local_object,
+};
+use opensession_core::session::working_directory;
+use opensession_core::source_uri::SourceUri;
+use opensession_core::trace::Session as HailSession;
+use serde::{Deserialize, Serialize};
+use serde_json::json;
+use std::collections::BTreeSet;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+use crate::{
+    DesktopApiResult, desktop_error, enum_label, load_normalized_session_body,
+    load_runtime_config, open_local_db,
+};
+
+const HANDOFF_RECORD_VERSION: &str = "v1";
+const HANDOFF_LATEST_PIN_ALIAS: &str = "latest";
+
+fn normalize_optional_remote(value: Option<String>) -> Option<String> {
+    value
+        .map(|raw| raw.trim().to_string())
+        .and_then(|trimmed| (!trimmed.is_empty()).then_some(trimmed))
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+struct DesktopHandoffArtifactRecord {
+    version: String,
+    sha256: String,
+    created_at: String,
+    source_uris: Vec<String>,
+    canonical_jsonl: String,
+    raw_sessions: Vec<HailSession>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    summary_meta: Option<DesktopHandoffSummaryMeta>,
+    #[serde(default)]
+    validation_reports: Vec<serde_json::Value>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+struct DesktopHandoffSummaryMeta {
+    session_default_view: String,
+    summary_source_mode: String,
+    summary_provider: String,
+}
+
+#[derive(Debug, Deserialize)]
+struct CliQuickSharePayload {
+    uri: String,
+    source_uri: String,
+    remote: String,
+    push_cmd: String,
+    pushed: bool,
+    #[serde(default)]
+    auto_push_consent: bool,
+}
+
+pub(crate) fn parse_cli_quick_share_response(
+    stdout: &str,
+) -> DesktopApiResult<DesktopQuickShareResponse> {
+    let payload: CliQuickSharePayload = serde_json::from_str(stdout).map_err(|error| {
+        desktop_error(
+            "desktop.quick_share_parse_failed",
+            500,
+            "failed to decode quick-share response from CLI",
+            Some(json!({ "cause": error.to_string(), "stdout": stdout })),
+        )
+    })?;
+    Ok(DesktopQuickShareResponse {
+        source_uri: payload.source_uri,
+        shared_uri: payload.uri,
+        remote: payload.remote,
+        push_cmd: payload.push_cmd,
+        pushed: payload.pushed,
+        auto_push_consent: payload.auto_push_consent,
+    })
+}
+
+pub(crate) fn canonicalize_summaries(summaries: &[HandoffSummary]) -> DesktopApiResult<String> {
+    let mut sorted = summaries
+        .iter()
+        .map(|summary| {
+            serde_json::to_value(summary)
+                .map(|value| (summary.source_session_id.clone(), value))
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.handoff_serialize_failed",
+                        500,
+                        "failed to serialize handoff summary",
+                        Some(json!({ "cause": error.to_string() })),
+                    )
+                })
+        })
+        .collect::<DesktopApiResult<Vec<_>>>()?;
+    sorted.sort_by(|left, right| left.0.cmp(&right.0));
+
+    let mut out = String::new();
+    for (_session_id, value) in sorted {
+        let line = serde_json::to_string(&value).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_serialize_failed",
+                500,
+                "failed to serialize canonical handoff line",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+        out.push_str(&line);
+        out.push('\n');
+    }
+    Ok(out)
+}
+
+fn artifact_root_for_cwd(cwd: &Path) -> DesktopApiResult<PathBuf> {
+    if let Some(repo_root) = find_repo_root(cwd) {
+        return Ok(repo_root.join(".opensession").join("artifacts"));
+    }
+    let global_objects_root = global_store_root().map_err(|error| {
+        desktop_error(
+            "desktop.handoff_store_unavailable",
+            500,
+            "failed to resolve global object store",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let parent = global_objects_root.parent().ok_or_else(|| {
+        desktop_error(
+            "desktop.handoff_store_unavailable",
+            500,
+            "invalid global object store path",
+            Some(json!({ "path": global_objects_root })),
+        )
+    })?;
+    Ok(parent.join("artifacts"))
+}
+
+fn is_valid_sha256(hash: &str) -> bool {
+    hash.len() == 64 && hash.bytes().all(|byte| byte.is_ascii_hexdigit())
+}
+
+pub(crate) fn artifact_path_for_hash(root: &Path, hash: &str) -> DesktopApiResult<PathBuf> {
+    if !is_valid_sha256(hash) {
+        return Err(desktop_error(
+            "desktop.handoff_invalid_hash",
+            400,
+            "invalid artifact hash",
+            Some(json!({ "hash": hash })),
+        ));
+    }
+    Ok(root
+        .join("sha256")
+        .join(&hash[0..2])
+        .join(&hash[2..4])
+        .join(format!("{hash}.json")))
+}
+
+pub(crate) fn validate_pin_alias(alias: &str) -> DesktopApiResult<()> {
+    let trimmed = alias.trim();
+    if trimmed.is_empty() {
+        return Err(desktop_error(
+            "desktop.handoff_invalid_alias",
+            400,
+            "pin alias cannot be empty",
+            Some(json!({ "alias": alias })),
+        ));
+    }
+    if !trimmed
+        .bytes()
+        .all(|byte| byte.is_ascii_alphanumeric() || byte == b'.' || byte == b'_' || byte == b'-')
+    {
+        return Err(desktop_error(
+            "desktop.handoff_invalid_alias",
+            400,
+            "pin alias contains invalid characters",
+            Some(json!({ "alias": alias })),
+        ));
+    }
+    Ok(())
+}
+
+fn pin_path_for_alias(root: &Path, alias: &str) -> DesktopApiResult<PathBuf> {
+    validate_pin_alias(alias)?;
+    Ok(root.join("pins").join(alias))
+}
+
+fn store_handoff_artifact_record(
+    record: &DesktopHandoffArtifactRecord,
+    cwd: &Path,
+) -> DesktopApiResult<()> {
+    let root = artifact_root_for_cwd(cwd)?;
+    let path = artifact_path_for_hash(&root, &record.sha256)?;
+    if let Some(parent) = path.parent() {
+        std::fs::create_dir_all(parent).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_store_failed",
+                500,
+                "failed to prepare handoff artifact directory",
+                Some(json!({ "cause": error.to_string(), "path": parent })),
+            )
+        })?;
+    }
+    if !path.exists() {
+        let bytes = serde_json::to_vec_pretty(record).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_store_failed",
+                500,
+                "failed to serialize handoff artifact record",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+        std::fs::write(&path, bytes).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_store_failed",
+                500,
+                "failed to store handoff artifact",
+                Some(json!({ "cause": error.to_string(), "path": path })),
+            )
+        })?;
+    }
+    Ok(())
+}
+
+fn set_handoff_pin(alias: &str, hash: &str, cwd: &Path) -> DesktopApiResult<()> {
+    validate_pin_alias(alias)?;
+    if !is_valid_sha256(hash) {
+        return Err(desktop_error(
+            "desktop.handoff_invalid_hash",
+            400,
+            "invalid artifact hash",
+            Some(json!({ "hash": hash })),
+        ));
+    }
+
+    let root = artifact_root_for_cwd(cwd)?;
+    let pin_path = pin_path_for_alias(&root, alias)?;
+    if let Some(parent) = pin_path.parent() {
+        std::fs::create_dir_all(parent).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_store_failed",
+                500,
+                "failed to prepare handoff pin directory",
+                Some(json!({ "cause": error.to_string(), "path": parent })),
+            )
+        })?;
+    }
+
+    std::fs::write(&pin_path, format!("{hash}\n")).map_err(|error| {
+        desktop_error(
+            "desktop.handoff_store_failed",
+            500,
+            "failed to write handoff pin alias",
+            Some(json!({ "cause": error.to_string(), "path": pin_path, "alias": alias })),
+        )
+    })
+}
+
+pub(crate) fn build_handoff_artifact_record(
+    normalized_session: &str,
+    session: HailSession,
+    pin_latest: bool,
+    cwd: &Path,
+) -> DesktopApiResult<DesktopHandoffBuildResponse> {
+    let summaries = vec![HandoffSummary::from_session(&session)];
+    let reports = validate_handoff_summaries(&summaries);
+    let has_error_level = reports.iter().any(|report| {
+        report
+            .findings
+            .iter()
+            .any(|finding| finding.severity == "error")
+    });
+    if has_error_level {
+        return Err(desktop_error(
+            "desktop.handoff_validation_failed",
+            422,
+            "handoff validation failed with error-level findings",
+            Some(json!({ "reports": reports })),
+        ));
+    }
+
+    let canonical_jsonl = canonicalize_summaries(&summaries)?;
+    let artifact_hash = sha256_hex(canonical_jsonl.as_bytes());
+
+    let source_object = store_local_object(normalized_session.as_bytes(), cwd).map_err(|error| {
+        desktop_error(
+            "desktop.handoff_store_failed",
+            500,
+            "failed to store canonical source object for handoff",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    let validation_reports = reports
+        .iter()
+        .map(serde_json::to_value)
+        .collect::<Result<Vec<_>, _>>()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.handoff_serialize_failed",
+                500,
+                "failed to serialize handoff validation report",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    let mut deduped_source_uris = BTreeSet::new();
+    deduped_source_uris.insert(source_object.uri.to_string());
+    let runtime = load_runtime_config().unwrap_or_default();
+
+    let record = DesktopHandoffArtifactRecord {
+        version: HANDOFF_RECORD_VERSION.to_string(),
+        sha256: artifact_hash.clone(),
+        created_at: chrono::Utc::now().to_rfc3339(),
+        source_uris: deduped_source_uris.into_iter().collect(),
+        canonical_jsonl,
+        raw_sessions: vec![session],
+        summary_meta: Some(DesktopHandoffSummaryMeta {
+            session_default_view: enum_label(&runtime.daemon.session_default_view),
+            summary_source_mode: enum_label(&runtime.summary.source_mode),
+            summary_provider: enum_label(&runtime.summary.provider.id),
+        }),
+        validation_reports,
+    };
+    store_handoff_artifact_record(&record, cwd)?;
+
+    if pin_latest {
+        set_handoff_pin(HANDOFF_LATEST_PIN_ALIAS, &artifact_hash, cwd)?;
+    }
+
+    let artifact_uri = SourceUri::Artifact {
+        sha256: artifact_hash,
+    }
+    .to_string();
+    let download_file_name = artifact_uri
+        .strip_prefix("os://artifact/")
+        .map(|hash| format!("handoff-{hash}.jsonl"));
+
+    Ok(DesktopHandoffBuildResponse {
+        artifact_uri,
+        pinned_alias: pin_latest.then_some(HANDOFF_LATEST_PIN_ALIAS.to_string()),
+        download_file_name,
+        download_content: Some(record.canonical_jsonl),
+    })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_build_handoff(
+    request: DesktopHandoffBuildRequest,
+) -> DesktopApiResult<DesktopHandoffBuildResponse> {
+    let session_id = require_non_empty_request_field(
+        &request.session_id,
+        "desktop.handoff_invalid_request",
+        "session_id",
+    )?;
+
+    let db = open_local_db()?;
+    let normalized_session = load_normalized_session_body(&db, &session_id)?;
+    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
+        desktop_error(
+            "desktop.handoff_parse_failed",
+            422,
+            "failed to decode normalized session for handoff build",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    let cwd = std::env::current_dir().map_err(|error| {
+        desktop_error(
+            "desktop.handoff_store_unavailable",
+            500,
+            "failed to resolve current workspace directory",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    build_handoff_artifact_record(&normalized_session, session, request.pin_latest, &cwd)
+}
+
+#[tauri::command]
+pub(crate) fn desktop_share_session_quick(
+    request: DesktopQuickShareRequest,
+) -> DesktopApiResult<DesktopQuickShareResponse> {
+    let session_id = require_non_empty_request_field(
+        &request.session_id,
+        "desktop.quick_share_invalid_request",
+        "session_id",
+    )?;
+
+    let db = open_local_db()?;
+    let normalized_session = load_normalized_session_body(&db, &session_id)?;
+    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
+        desktop_error(
+            "desktop.quick_share_parse_failed",
+            422,
+            "failed to decode normalized session for quick share",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+
+    let command_cwd = working_directory(&session)
+        .map(PathBuf::from)
+        .filter(|path| path.exists())
+        .or_else(|| std::env::current_dir().ok())
+        .ok_or_else(|| {
+            desktop_error(
+                "desktop.quick_share_cwd_unavailable",
+                500,
+                "failed to resolve command working directory",
+                Some(json!({ "session_id": session_id })),
+            )
+        })?;
+
+    let source_object =
+        store_local_object(normalized_session.as_bytes(), &command_cwd).map_err(|error| {
+            desktop_error(
+                "desktop.quick_share_source_store_failed",
+                500,
+                "failed to store normalized source object for quick share",
+                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+            )
+        })?;
+
+    let mut command = Command::new("opensession");
+    command
+        .arg("share")
+        .arg(source_object.uri.to_string())
+        .arg("--quick")
+        .arg("--json")
+        .current_dir(&command_cwd);
+    if let Some(remote) = normalize_optional_remote(request.remote) {
+        command.arg("--remote").arg(remote);
+    }
+
+    let output = command.output().map_err(|error| {
+        if error.kind() == std::io::ErrorKind::NotFound {
+            return desktop_error(
+                "desktop.quick_share_cli_missing",
+                501,
+                "opensession CLI is unavailable. Install/enable the CLI bundle and retry.",
+                Some(json!({ "cause": error.to_string() })),
+            );
+        }
+        desktop_error(
+            "desktop.quick_share_spawn_failed",
+            500,
+            "failed to start opensession CLI quick-share command",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    if !output.status.success() {
+        let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
+        let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
+        return Err(desktop_error(
+            "desktop.quick_share_failed",
+            422,
+            "quick-share command failed",
+            Some(json!({
+                "session_id": session_id,
+                "source_uri": source_object.uri.to_string(),
+                "stdout": stdout,
+                "stderr": stderr,
+            })),
+        ));
+    }
+
+    let stdout = String::from_utf8(output.stdout).map_err(|error| {
+        desktop_error(
+            "desktop.quick_share_invalid_utf8",
+            500,
+            "quick-share command returned non-UTF8 output",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    parse_cli_quick_share_response(&stdout)
+}
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index 5dba52e2..eec7ae2b 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -1,4 +1,5 @@
 pub(crate) mod change_reader;
+pub(crate) mod handoff;
 pub(crate) mod launch_route;
 pub(crate) mod lifecycle_cleanup;
 pub(crate) mod session_query;
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 54d541e2..ae7aa9bf 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -6,6 +6,7 @@ use app::change_reader::{
     desktop_ask_session_changes, desktop_change_reader_tts, desktop_read_session_changes,
     require_non_empty_request_field,
 };
+use app::handoff::{desktop_build_handoff, desktop_share_session_quick};
 use app::launch_route::desktop_take_launch_route;
 use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
 use app::session_query::{SearchMode, build_local_filter_with_mode};
@@ -22,9 +23,8 @@ use app::{
 use opensession_api::{
     CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
     DesktopChangeReaderScope, DesktopChangeReaderVoiceProvider,
-    DesktopContractVersionResponse, DesktopHandoffBuildRequest, DesktopHandoffBuildResponse,
-    DesktopLifecycleCleanupState, DesktopLifecycleCleanupStatusResponse, DesktopQuickShareRequest,
-    DesktopQuickShareResponse, DesktopRuntimeChangeReaderSettings,
+    DesktopContractVersionResponse, DesktopLifecycleCleanupState,
+    DesktopLifecycleCleanupStatusResponse, DesktopRuntimeChangeReaderSettings,
     DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeLifecycleSettings,
     DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
     DesktopRuntimeSummaryBatchSettings, DesktopRuntimeSummaryPromptSettings,
@@ -43,12 +43,8 @@ use opensession_api::{
     SessionRepoListResponse, SessionSummary,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
-use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
-use opensession_core::object_store::{
-    find_repo_root, global_store_root, sha256_hex, store_local_object,
-};
+use opensession_core::object_store::sha256_hex;
 use opensession_core::session::{is_auxiliary_session, working_directory};
-use opensession_core::source_uri::SourceUri;
 use opensession_core::trace::Session as HailSession;
 use opensession_git_native::{
     extract_git_context, ops::find_repo_root as find_git_repo_root,
@@ -70,7 +66,6 @@ use opensession_runtime_config::{
 use opensession_summary::{
     GitSummaryRequest, summarize_session, validate_summary_prompt_template,
 };
-use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::collections::{BTreeSet, HashMap, HashSet};
 use std::fs;
@@ -82,8 +77,6 @@ use std::time::Duration;
 
 pub(crate) type DesktopApiResult<T> = Result<T, DesktopApiError>;
 
-const HANDOFF_RECORD_VERSION: &str = "v1";
-const HANDOFF_LATEST_PIN_ALIAS: &str = "latest";
 const VECTOR_EMBED_BATCH_SIZE: usize = 24;
 const VECTOR_FTS_CANDIDATE_LIMIT_MULTIPLIER: u32 = 8;
 const CHANGE_READER_MAX_EVENTS: usize = 180;
@@ -121,27 +114,6 @@ static VECTOR_INDEX_REBUILD_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mu
 static SUMMARY_BATCH_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 static LIFECYCLE_CLEANUP_LOOP_STARTED: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 
-#[derive(Debug, Clone, Serialize, Deserialize)]
-struct DesktopHandoffArtifactRecord {
-    version: String,
-    sha256: String,
-    created_at: String,
-    source_uris: Vec<String>,
-    canonical_jsonl: String,
-    raw_sessions: Vec<HailSession>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    summary_meta: Option<DesktopHandoffSummaryMeta>,
-    #[serde(default)]
-    validation_reports: Vec<serde_json::Value>,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-struct DesktopHandoffSummaryMeta {
-    session_default_view: String,
-    summary_source_mode: String,
-    summary_provider: String,
-}
-
 pub(crate) fn desktop_error(
     code: &str,
     status: u16,
@@ -164,12 +136,6 @@ pub(crate) fn enum_label<T: serde::Serialize>(value: &T) -> String {
         .unwrap_or_else(|| "unknown".to_string())
 }
 
-fn normalize_non_empty(value: Option<String>) -> Option<String> {
-    value
-        .map(|raw| raw.trim().to_string())
-        .and_then(|trimmed| (!trimmed.is_empty()).then_some(trimmed))
-}
-
 fn force_refresh_discovery_tools() -> &'static [&'static str] {
     // Cursor workspace DBs are high-volume and often metadata-only. Exclude them from the
     // synchronous force-refresh path so recent sessions show up immediately.
@@ -2275,302 +2241,6 @@ fn load_normalized_session_body(db: &LocalDb, session_id: &str) -> DesktopApiRes
     ))
 }
 
-#[derive(Debug, Deserialize)]
-struct CliQuickSharePayload {
-    uri: String,
-    source_uri: String,
-    remote: String,
-    push_cmd: String,
-    pushed: bool,
-    #[serde(default)]
-    auto_push_consent: bool,
-}
-
-fn parse_cli_quick_share_response(stdout: &str) -> DesktopApiResult<DesktopQuickShareResponse> {
-    let payload: CliQuickSharePayload = serde_json::from_str(stdout).map_err(|error| {
-        desktop_error(
-            "desktop.quick_share_parse_failed",
-            500,
-            "failed to decode quick-share response from CLI",
-            Some(json!({ "cause": error.to_string(), "stdout": stdout })),
-        )
-    })?;
-    Ok(DesktopQuickShareResponse {
-        source_uri: payload.source_uri,
-        shared_uri: payload.uri,
-        remote: payload.remote,
-        push_cmd: payload.push_cmd,
-        pushed: payload.pushed,
-        auto_push_consent: payload.auto_push_consent,
-    })
-}
-
-fn canonicalize_summaries(summaries: &[HandoffSummary]) -> DesktopApiResult<String> {
-    let mut sorted = summaries
-        .iter()
-        .map(|summary| {
-            serde_json::to_value(summary)
-                .map(|value| (summary.source_session_id.clone(), value))
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.handoff_serialize_failed",
-                        500,
-                        "failed to serialize handoff summary",
-                        Some(json!({ "cause": error.to_string() })),
-                    )
-                })
-        })
-        .collect::<DesktopApiResult<Vec<_>>>()?;
-    sorted.sort_by(|left, right| left.0.cmp(&right.0));
-
-    let mut out = String::new();
-    for (_session_id, value) in sorted {
-        let line = serde_json::to_string(&value).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_serialize_failed",
-                500,
-                "failed to serialize canonical handoff line",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-        out.push_str(&line);
-        out.push('\n');
-    }
-    Ok(out)
-}
-
-fn artifact_root_for_cwd(cwd: &Path) -> DesktopApiResult<PathBuf> {
-    if let Some(repo_root) = find_repo_root(cwd) {
-        return Ok(repo_root.join(".opensession").join("artifacts"));
-    }
-    let global_objects_root = global_store_root().map_err(|error| {
-        desktop_error(
-            "desktop.handoff_store_unavailable",
-            500,
-            "failed to resolve global object store",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let parent = global_objects_root.parent().ok_or_else(|| {
-        desktop_error(
-            "desktop.handoff_store_unavailable",
-            500,
-            "invalid global object store path",
-            Some(json!({ "path": global_objects_root })),
-        )
-    })?;
-    Ok(parent.join("artifacts"))
-}
-
-fn is_valid_sha256(hash: &str) -> bool {
-    hash.len() == 64 && hash.bytes().all(|byte| byte.is_ascii_hexdigit())
-}
-
-fn artifact_path_for_hash(root: &Path, hash: &str) -> DesktopApiResult<PathBuf> {
-    if !is_valid_sha256(hash) {
-        return Err(desktop_error(
-            "desktop.handoff_invalid_hash",
-            400,
-            "invalid artifact hash",
-            Some(json!({ "hash": hash })),
-        ));
-    }
-    Ok(root
-        .join("sha256")
-        .join(&hash[0..2])
-        .join(&hash[2..4])
-        .join(format!("{hash}.json")))
-}
-
-fn validate_pin_alias(alias: &str) -> DesktopApiResult<()> {
-    let trimmed = alias.trim();
-    if trimmed.is_empty() {
-        return Err(desktop_error(
-            "desktop.handoff_invalid_alias",
-            400,
-            "pin alias cannot be empty",
-            Some(json!({ "alias": alias })),
-        ));
-    }
-    if !trimmed
-        .bytes()
-        .all(|byte| byte.is_ascii_alphanumeric() || byte == b'.' || byte == b'_' || byte == b'-')
-    {
-        return Err(desktop_error(
-            "desktop.handoff_invalid_alias",
-            400,
-            "pin alias contains invalid characters",
-            Some(json!({ "alias": alias })),
-        ));
-    }
-    Ok(())
-}
-
-fn pin_path_for_alias(root: &Path, alias: &str) -> DesktopApiResult<PathBuf> {
-    validate_pin_alias(alias)?;
-    Ok(root.join("pins").join(alias))
-}
-
-fn store_handoff_artifact_record(
-    record: &DesktopHandoffArtifactRecord,
-    cwd: &Path,
-) -> DesktopApiResult<()> {
-    let root = artifact_root_for_cwd(cwd)?;
-    let path = artifact_path_for_hash(&root, &record.sha256)?;
-    if let Some(parent) = path.parent() {
-        std::fs::create_dir_all(parent).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_store_failed",
-                500,
-                "failed to prepare handoff artifact directory",
-                Some(json!({ "cause": error.to_string(), "path": parent })),
-            )
-        })?;
-    }
-    if !path.exists() {
-        let bytes = serde_json::to_vec_pretty(record).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_store_failed",
-                500,
-                "failed to serialize handoff artifact record",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-        std::fs::write(&path, bytes).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_store_failed",
-                500,
-                "failed to store handoff artifact",
-                Some(json!({ "cause": error.to_string(), "path": path })),
-            )
-        })?;
-    }
-    Ok(())
-}
-
-fn set_handoff_pin(alias: &str, hash: &str, cwd: &Path) -> DesktopApiResult<()> {
-    validate_pin_alias(alias)?;
-    if !is_valid_sha256(hash) {
-        return Err(desktop_error(
-            "desktop.handoff_invalid_hash",
-            400,
-            "invalid artifact hash",
-            Some(json!({ "hash": hash })),
-        ));
-    }
-
-    let root = artifact_root_for_cwd(cwd)?;
-    let pin_path = pin_path_for_alias(&root, alias)?;
-    if let Some(parent) = pin_path.parent() {
-        std::fs::create_dir_all(parent).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_store_failed",
-                500,
-                "failed to prepare handoff pin directory",
-                Some(json!({ "cause": error.to_string(), "path": parent })),
-            )
-        })?;
-    }
-
-    std::fs::write(&pin_path, format!("{hash}\n")).map_err(|error| {
-        desktop_error(
-            "desktop.handoff_store_failed",
-            500,
-            "failed to write handoff pin alias",
-            Some(json!({ "cause": error.to_string(), "path": pin_path, "alias": alias })),
-        )
-    })
-}
-
-fn build_handoff_artifact_record(
-    normalized_session: &str,
-    session: HailSession,
-    pin_latest: bool,
-    cwd: &Path,
-) -> DesktopApiResult<DesktopHandoffBuildResponse> {
-    let summaries = vec![HandoffSummary::from_session(&session)];
-    let reports = validate_handoff_summaries(&summaries);
-    let has_error_level = reports.iter().any(|report| {
-        report
-            .findings
-            .iter()
-            .any(|finding| finding.severity == "error")
-    });
-    if has_error_level {
-        return Err(desktop_error(
-            "desktop.handoff_validation_failed",
-            422,
-            "handoff validation failed with error-level findings",
-            Some(json!({ "reports": reports })),
-        ));
-    }
-
-    let canonical_jsonl = canonicalize_summaries(&summaries)?;
-    let artifact_hash = sha256_hex(canonical_jsonl.as_bytes());
-
-    let source_object =
-        store_local_object(normalized_session.as_bytes(), cwd).map_err(|error| {
-            desktop_error(
-                "desktop.handoff_store_failed",
-                500,
-                "failed to store canonical source object for handoff",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let validation_reports = reports
-        .iter()
-        .map(serde_json::to_value)
-        .collect::<Result<Vec<_>, _>>()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.handoff_serialize_failed",
-                500,
-                "failed to serialize handoff validation report",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let mut deduped_source_uris = BTreeSet::new();
-    deduped_source_uris.insert(source_object.uri.to_string());
-    let runtime = load_runtime_config().unwrap_or_default();
-
-    let record = DesktopHandoffArtifactRecord {
-        version: HANDOFF_RECORD_VERSION.to_string(),
-        sha256: artifact_hash.clone(),
-        created_at: chrono::Utc::now().to_rfc3339(),
-        source_uris: deduped_source_uris.into_iter().collect(),
-        canonical_jsonl,
-        raw_sessions: vec![session],
-        summary_meta: Some(DesktopHandoffSummaryMeta {
-            session_default_view: enum_label(&runtime.daemon.session_default_view),
-            summary_source_mode: enum_label(&runtime.summary.source_mode),
-            summary_provider: enum_label(&runtime.summary.provider.id),
-        }),
-        validation_reports,
-    };
-    store_handoff_artifact_record(&record, cwd)?;
-
-    if pin_latest {
-        set_handoff_pin(HANDOFF_LATEST_PIN_ALIAS, &artifact_hash, cwd)?;
-    }
-
-    let artifact_uri = SourceUri::Artifact {
-        sha256: artifact_hash,
-    }
-    .to_string();
-    let download_file_name = artifact_uri
-        .strip_prefix("os://artifact/")
-        .map(|hash| format!("handoff-{hash}.jsonl"));
-
-    Ok(DesktopHandoffBuildResponse {
-        artifact_uri,
-        pinned_alias: pin_latest.then_some(HANDOFF_LATEST_PIN_ALIAS.to_string()),
-        download_file_name,
-        download_content: Some(record.canonical_jsonl),
-    })
-}
-
 #[tauri::command]
 fn desktop_get_capabilities() -> CapabilitiesResponse {
     CapabilitiesResponse::for_runtime(false, false)
@@ -3447,134 +3117,6 @@ fn desktop_get_session_raw(id: String) -> DesktopApiResult<String> {
     load_normalized_session_body(&db, &id)
 }
 
-#[tauri::command]
-fn desktop_build_handoff(
-    request: DesktopHandoffBuildRequest,
-) -> DesktopApiResult<DesktopHandoffBuildResponse> {
-    let session_id =
-        require_non_empty_request_field(&request.session_id, "desktop.handoff_invalid_request", "session_id")?;
-
-    let db = open_local_db()?;
-    let normalized_session = load_normalized_session_body(&db, &session_id)?;
-    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
-        desktop_error(
-            "desktop.handoff_parse_failed",
-            422,
-            "failed to decode normalized session for handoff build",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    let cwd = std::env::current_dir().map_err(|error| {
-        desktop_error(
-            "desktop.handoff_store_unavailable",
-            500,
-            "failed to resolve current workspace directory",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    build_handoff_artifact_record(&normalized_session, session, request.pin_latest, &cwd)
-}
-
-#[tauri::command]
-fn desktop_share_session_quick(
-    request: DesktopQuickShareRequest,
-) -> DesktopApiResult<DesktopQuickShareResponse> {
-    let session_id = require_non_empty_request_field(
-        &request.session_id,
-        "desktop.quick_share_invalid_request",
-        "session_id",
-    )?;
-
-    let db = open_local_db()?;
-    let normalized_session = load_normalized_session_body(&db, &session_id)?;
-    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
-        desktop_error(
-            "desktop.quick_share_parse_failed",
-            422,
-            "failed to decode normalized session for quick share",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-
-    let command_cwd = working_directory(&session)
-        .map(PathBuf::from)
-        .filter(|path| path.exists())
-        .or_else(|| std::env::current_dir().ok())
-        .ok_or_else(|| {
-            desktop_error(
-                "desktop.quick_share_cwd_unavailable",
-                500,
-                "failed to resolve command working directory",
-                Some(json!({ "session_id": session_id })),
-            )
-        })?;
-
-    let source_object =
-        store_local_object(normalized_session.as_bytes(), &command_cwd).map_err(|error| {
-            desktop_error(
-                "desktop.quick_share_source_store_failed",
-                500,
-                "failed to store normalized source object for quick share",
-                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-            )
-        })?;
-
-    let mut command = Command::new("opensession");
-    command
-        .arg("share")
-        .arg(source_object.uri.to_string())
-        .arg("--quick")
-        .arg("--json")
-        .current_dir(&command_cwd);
-    if let Some(remote) = normalize_non_empty(request.remote) {
-        command.arg("--remote").arg(remote);
-    }
-
-    let output = command.output().map_err(|error| {
-        if error.kind() == std::io::ErrorKind::NotFound {
-            return desktop_error(
-                "desktop.quick_share_cli_missing",
-                501,
-                "opensession CLI is unavailable. Install/enable the CLI bundle and retry.",
-                Some(json!({ "cause": error.to_string() })),
-            );
-        }
-        desktop_error(
-            "desktop.quick_share_spawn_failed",
-            500,
-            "failed to start opensession CLI quick-share command",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    if !output.status.success() {
-        let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
-        return Err(desktop_error(
-            "desktop.quick_share_failed",
-            422,
-            "quick-share command failed",
-            Some(json!({
-                "session_id": session_id,
-                "source_uri": source_object.uri.to_string(),
-                "stdout": stdout,
-                "stderr": stderr,
-            })),
-        ));
-    }
-
-    let stdout = String::from_utf8(output.stdout).map_err(|error| {
-        desktop_error(
-            "desktop.quick_share_invalid_utf8",
-            500,
-            "quick-share command returned non-UTF8 output",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    parse_cli_quick_share_response(&stdout)
-}
-
 fn maybe_start_summary_batch_on_app_start() {
     let runtime = match load_runtime_config() {
         Ok(runtime) => runtime,
@@ -3640,16 +3182,19 @@ fn main() {
 #[cfg(test)]
 mod tests {
     use super::{
-        DesktopSessionListQuery, SearchMode, artifact_path_for_hash, build_handoff_artifact_record,
-        build_local_filter_with_mode, build_vector_chunks_for_session, canonicalize_summaries,
-        cosine_similarity, desktop_ask_session_changes, desktop_change_reader_tts,
-        desktop_get_contract_version, desktop_get_runtime_settings, desktop_get_session_detail,
-        desktop_get_session_raw, desktop_list_sessions, desktop_read_session_changes,
-        desktop_share_session_quick, desktop_summary_batch_run, desktop_summary_batch_status,
+        DesktopSessionListQuery, SearchMode, build_local_filter_with_mode,
+        build_vector_chunks_for_session, cosine_similarity, desktop_ask_session_changes,
+        desktop_change_reader_tts, desktop_get_contract_version, desktop_get_runtime_settings,
+        desktop_get_session_detail, desktop_get_session_raw, desktop_list_sessions,
+        desktop_read_session_changes, desktop_summary_batch_run, desktop_summary_batch_status,
         desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
         map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
-        parse_cli_quick_share_response, require_non_empty_request_field,
-        session_summary_from_local_row, validate_pin_alias, validate_vector_preflight_ready,
+        require_non_empty_request_field, session_summary_from_local_row,
+        validate_vector_preflight_ready,
+    };
+    use crate::app::handoff::{
+        artifact_path_for_hash, build_handoff_artifact_record, canonicalize_summaries,
+        desktop_share_session_quick, parse_cli_quick_share_response, validate_pin_alias,
     };
     use crate::app::session_query::split_search_mode;
     use opensession_api::{

From f7ca30aebf617062ec11d341239e46c797361ff3 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 18:50:36 +0900
Subject: [PATCH 09/30] extract setup doctor helpers

---
 crates/cli/src/setup_cmd.rs        | 80 +++++-----------------------
 crates/cli/src/setup_cmd/doctor.rs | 84 ++++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+), 68 deletions(-)
 create mode 100644 crates/cli/src/setup_cmd/doctor.rs

diff --git a/crates/cli/src/setup_cmd.rs b/crates/cli/src/setup_cmd.rs
index 9847def8..5f3aa928 100644
--- a/crates/cli/src/setup_cmd.rs
+++ b/crates/cli/src/setup_cmd.rs
@@ -19,42 +19,15 @@ use std::io::{self, IsTerminal, Write};
 use std::path::{Path, PathBuf};
 use std::process::Command;
 
+#[path = "setup_cmd/doctor.rs"]
+mod doctor;
+use doctor::{DoctorLevel, DoctorSummary};
+
 const FANOUT_MODE_GIT_CONFIG_KEY: &str = "opensession.fanout-mode";
 const SYNC_MAX_CANDIDATES: usize = 128;
 const SYNC_BRANCH_COMMITS_MAX: usize = 4096;
 const COMMIT_HINT_GRACE_SECONDS: i64 = 6 * 60 * 60;
 
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum DoctorLevel {
-    Ok,
-    Info,
-    Warn,
-    Fail,
-}
-
-#[derive(Debug, Default, Clone, Copy)]
-struct DoctorSummary {
-    ok: usize,
-    info: usize,
-    warn: usize,
-    fail: usize,
-}
-
-impl DoctorSummary {
-    fn record(&mut self, level: DoctorLevel) {
-        match level {
-            DoctorLevel::Ok => self.ok += 1,
-            DoctorLevel::Info => self.info += 1,
-            DoctorLevel::Warn => self.warn += 1,
-            DoctorLevel::Fail => self.fail += 1,
-        }
-    }
-
-    fn issue_categories(&self) -> usize {
-        self.warn + self.fail
-    }
-}
-
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 enum FanoutMode {
     HiddenRef,
@@ -367,12 +340,7 @@ fn run_install(
 }
 
 fn suggested_doctor_command(mode: FanoutMode, target: OpenTarget, profile: SetupProfile) -> String {
-    format!(
-        "opensession doctor --fix --yes --profile {} --fanout-mode {} --open-target {}",
-        profile.as_str(),
-        mode.as_str(),
-        target.as_str(),
-    )
+    doctor::suggested_doctor_command(mode, target, profile)
 }
 
 fn enforce_apply_mode_requirements(
@@ -1066,39 +1034,15 @@ fn run_check(repo_root: &PathBuf) -> Result<()> {
 }
 
 fn doctor_colors_enabled() -> bool {
-    io::stdout().is_terminal() && std::env::var_os("NO_COLOR").is_none()
-}
-
-fn doctor_tag(level: DoctorLevel, colors: bool) -> String {
-    let plain = match level {
-        DoctorLevel::Ok => "[ OK ]",
-        DoctorLevel::Info => "[INFO]",
-        DoctorLevel::Warn => "[WARN]",
-        DoctorLevel::Fail => "[FAIL]",
-    };
-    if !colors {
-        return plain.to_string();
-    }
-    let code = match level {
-        DoctorLevel::Ok => "32",
-        DoctorLevel::Info => "36",
-        DoctorLevel::Warn => "33",
-        DoctorLevel::Fail => "31",
-    };
-    format!("\x1b[1;{code}m{plain}\x1b[0m")
+    doctor::doctor_colors_enabled()
 }
 
 fn print_doctor_item(colors: bool, level: DoctorLevel, label: &str, detail: &str) {
-    println!(
-        "{} {:<18} {}",
-        doctor_tag(level, colors),
-        format!("{label}:"),
-        detail
-    );
+    doctor::print_doctor_item(colors, level, label, detail);
 }
 
 fn print_doctor_hint(detail: &str) {
-    println!("       hint: {detail}");
+    doctor::print_doctor_hint(detail);
 }
 
 fn ensure_fanout_mode(
@@ -1577,10 +1521,10 @@ mod tests {
 
     #[test]
     fn doctor_tag_plain_is_ascii_stable() {
-        assert_eq!(doctor_tag(DoctorLevel::Ok, false), "[ OK ]");
-        assert_eq!(doctor_tag(DoctorLevel::Info, false), "[INFO]");
-        assert_eq!(doctor_tag(DoctorLevel::Warn, false), "[WARN]");
-        assert_eq!(doctor_tag(DoctorLevel::Fail, false), "[FAIL]");
+        assert_eq!(doctor::doctor_tag(DoctorLevel::Ok, false), "[ OK ]");
+        assert_eq!(doctor::doctor_tag(DoctorLevel::Info, false), "[INFO]");
+        assert_eq!(doctor::doctor_tag(DoctorLevel::Warn, false), "[WARN]");
+        assert_eq!(doctor::doctor_tag(DoctorLevel::Fail, false), "[FAIL]");
     }
 
     #[test]
diff --git a/crates/cli/src/setup_cmd/doctor.rs b/crates/cli/src/setup_cmd/doctor.rs
new file mode 100644
index 00000000..a6e2231b
--- /dev/null
+++ b/crates/cli/src/setup_cmd/doctor.rs
@@ -0,0 +1,84 @@
+use crate::open_target::OpenTarget;
+use std::io::{self, IsTerminal};
+
+use super::{FanoutMode, SetupProfile};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub(super) enum DoctorLevel {
+    Ok,
+    Info,
+    Warn,
+    Fail,
+}
+
+#[derive(Debug, Default, Clone, Copy)]
+pub(super) struct DoctorSummary {
+    ok: usize,
+    info: usize,
+    warn: usize,
+    fail: usize,
+}
+
+impl DoctorSummary {
+    pub(super) fn record(&mut self, level: DoctorLevel) {
+        match level {
+            DoctorLevel::Ok => self.ok += 1,
+            DoctorLevel::Info => self.info += 1,
+            DoctorLevel::Warn => self.warn += 1,
+            DoctorLevel::Fail => self.fail += 1,
+        }
+    }
+
+    pub(super) fn issue_categories(&self) -> usize {
+        self.warn + self.fail
+    }
+}
+
+pub(super) fn suggested_doctor_command(
+    mode: FanoutMode,
+    target: OpenTarget,
+    profile: SetupProfile,
+) -> String {
+    format!(
+        "opensession doctor --fix --yes --profile {} --fanout-mode {} --open-target {}",
+        profile.as_str(),
+        mode.as_str(),
+        target.as_str(),
+    )
+}
+
+pub(super) fn doctor_colors_enabled() -> bool {
+    io::stdout().is_terminal() && std::env::var_os("NO_COLOR").is_none()
+}
+
+pub(super) fn doctor_tag(level: DoctorLevel, colors: bool) -> String {
+    let plain = match level {
+        DoctorLevel::Ok => "[ OK ]",
+        DoctorLevel::Info => "[INFO]",
+        DoctorLevel::Warn => "[WARN]",
+        DoctorLevel::Fail => "[FAIL]",
+    };
+    if !colors {
+        return plain.to_string();
+    }
+    let code = match level {
+        DoctorLevel::Ok => "32",
+        DoctorLevel::Info => "36",
+        DoctorLevel::Warn => "33",
+        DoctorLevel::Fail => "31",
+    };
+    format!("\x1b[1;{code}m{plain}\x1b[0m")
+}
+
+pub(super) fn print_doctor_item(colors: bool, level: DoctorLevel, label: &str, detail: &str) {
+    println!(
+        "{} {:<18} {}",
+        doctor_tag(level, colors),
+        format!("{label}:"),
+        detail
+    );
+}
+
+pub(super) fn print_doctor_hint(detail: &str) {
+    println!("       hint: {detail}");
+}

From 21a681d7867b2bc2c00079f2e08bb0489917ea04 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 20:02:21 +0900
Subject: [PATCH 10/30] extract desktop vector and summary modules

---
 desktop/src-tauri/src/app/change_reader.rs    |    8 +-
 desktop/src-tauri/src/app/handoff.rs          |   21 +-
 .../src-tauri/src/app/lifecycle_cleanup.rs    |    2 +-
 desktop/src-tauri/src/app/mod.rs              |    1 +
 desktop/src-tauri/src/app/session_summary.rs  |  514 ++++-
 desktop/src-tauri/src/app/vector.rs           | 1418 ++++++++++++
 desktop/src-tauri/src/main.rs                 | 1975 +----------------
 7 files changed, 1987 insertions(+), 1952 deletions(-)
 create mode 100644 desktop/src-tauri/src/app/vector.rs

diff --git a/desktop/src-tauri/src/app/change_reader.rs b/desktop/src-tauri/src/app/change_reader.rs
index 39c1b591..77f8601d 100644
--- a/desktop/src-tauri/src/app/change_reader.rs
+++ b/desktop/src-tauri/src/app/change_reader.rs
@@ -2,14 +2,12 @@ use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
 use opensession_api::{
     DesktopApiError, DesktopChangeQuestionRequest, DesktopChangeQuestionResponse,
     DesktopChangeReadRequest, DesktopChangeReadResponse, DesktopChangeReaderScope,
-    DesktopChangeReaderTtsRequest, DesktopChangeReaderTtsResponse,
-    DesktopSessionSummaryResponse, DesktopSummaryProviderId,
+    DesktopChangeReaderTtsRequest, DesktopChangeReaderTtsResponse, DesktopSessionSummaryResponse,
+    DesktopSummaryProviderId,
 };
 use opensession_core::trace::{ContentBlock, Event, EventType, Session as HailSession};
 use opensession_local_db::LocalDb;
-use opensession_runtime_config::{
-    ChangeReaderVoiceProvider, DaemonConfig, SummaryProvider,
-};
+use opensession_runtime_config::{ChangeReaderVoiceProvider, DaemonConfig, SummaryProvider};
 use opensession_summary::provider::generate_text;
 use serde_json::json;
 use std::time::Duration;
diff --git a/desktop/src-tauri/src/app/handoff.rs b/desktop/src-tauri/src/app/handoff.rs
index a3736f0f..0bdc606a 100644
--- a/desktop/src-tauri/src/app/handoff.rs
+++ b/desktop/src-tauri/src/app/handoff.rs
@@ -17,8 +17,8 @@ use std::path::{Path, PathBuf};
 use std::process::Command;
 
 use crate::{
-    DesktopApiResult, desktop_error, enum_label, load_normalized_session_body,
-    load_runtime_config, open_local_db,
+    DesktopApiResult, desktop_error, enum_label, load_normalized_session_body, load_runtime_config,
+    open_local_db,
 };
 
 const HANDOFF_RECORD_VERSION: &str = "v1";
@@ -286,14 +286,15 @@ pub(crate) fn build_handoff_artifact_record(
     let canonical_jsonl = canonicalize_summaries(&summaries)?;
     let artifact_hash = sha256_hex(canonical_jsonl.as_bytes());
 
-    let source_object = store_local_object(normalized_session.as_bytes(), cwd).map_err(|error| {
-        desktop_error(
-            "desktop.handoff_store_failed",
-            500,
-            "failed to store canonical source object for handoff",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
+    let source_object =
+        store_local_object(normalized_session.as_bytes(), cwd).map_err(|error| {
+            desktop_error(
+                "desktop.handoff_store_failed",
+                500,
+                "failed to store canonical source object for handoff",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
 
     let validation_reports = reports
         .iter()
diff --git a/desktop/src-tauri/src/app/lifecycle_cleanup.rs b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
index 8f1c8960..2392aa34 100644
--- a/desktop/src-tauri/src/app/lifecycle_cleanup.rs
+++ b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
@@ -1,8 +1,8 @@
+use crate::app::session_summary::resolve_repo_root_from_session_row;
 use crate::{
     DesktopApiResult, LIFECYCLE_CLEANUP_LOOP_STARTED, desktop_error, load_runtime_config,
     open_local_db, set_lifecycle_cleanup_job_snapshot,
 };
-use crate::app::session_summary::resolve_repo_root_from_session_row;
 use opensession_git_native::{BRANCH_LEDGER_REF_PREFIX, NativeGitStorage, SUMMARY_LEDGER_REF};
 use opensession_local_db::{LifecycleCleanupJobRow, LocalDb, LocalSessionFilter};
 use opensession_runtime_config::{DaemonConfig, GitStorageMethod};
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index eec7ae2b..73ae9714 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -4,3 +4,4 @@ pub(crate) mod launch_route;
 pub(crate) mod lifecycle_cleanup;
 pub(crate) mod session_query;
 pub(crate) mod session_summary;
+pub(crate) mod vector;
diff --git a/desktop/src-tauri/src/app/session_summary.rs b/desktop/src-tauri/src/app/session_summary.rs
index 5cd1e0c5..cc8f3b1c 100644
--- a/desktop/src-tauri/src/app/session_summary.rs
+++ b/desktop/src-tauri/src/app/session_summary.rs
@@ -1,13 +1,26 @@
-use crate::{DesktopApiResult, desktop_error, enum_label};
-use opensession_api::DesktopSessionSummaryResponse;
+use crate::{
+    DesktopApiError, DesktopApiResult, desktop_error, enum_label, load_normalized_session_body,
+    load_runtime_config, open_local_db,
+};
+use opensession_api::{
+    DesktopSessionSummaryResponse, DesktopSummaryBatchState, DesktopSummaryBatchStatusResponse,
+};
+use opensession_core::{session::working_directory, trace::Session as HailSession};
 use opensession_git_native::{
-    NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
+    NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, extract_git_context,
     ops::find_repo_root as find_git_repo_root,
 };
-use opensession_local_db::{LocalDb, LocalSessionRow};
-use opensession_runtime_config::{DaemonConfig, SummaryStorageBackend};
+use opensession_local_db::{LocalDb, LocalSessionFilter, LocalSessionRow, SummaryBatchJobRow};
+use opensession_runtime_config::{
+    DaemonConfig, SummaryBatchScope as RuntimeSummaryBatchScope, SummaryStorageBackend,
+};
+use opensession_summary::{GitSummaryRequest, SemanticSummaryArtifact, summarize_session};
 use serde_json::json;
+use std::collections::HashSet;
 use std::path::{Path, PathBuf};
+use std::sync::{LazyLock, Mutex};
+
+static SUMMARY_BATCH_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 
 fn session_summary_response_from_row(
     row: opensession_local_db::SessionSemanticSummaryRow,
@@ -655,6 +668,495 @@ pub(crate) fn persist_summary_to_hidden_ref(
                     json!({ "cause": error.to_string(), "session_id": session_id, "repo_root": repo_root }),
                 ),
             )
-        })?;
+    })?;
     Ok(())
 }
+
+fn map_summary_batch_state(raw: &str) -> DesktopSummaryBatchState {
+    match raw {
+        "running" => DesktopSummaryBatchState::Running,
+        "complete" => DesktopSummaryBatchState::Complete,
+        "failed" => DesktopSummaryBatchState::Failed,
+        _ => DesktopSummaryBatchState::Idle,
+    }
+}
+
+fn desktop_summary_batch_status_from_db(
+    db: &LocalDb,
+) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
+    let row = db.get_summary_batch_job().map_err(|error| {
+        desktop_error(
+            "desktop.summary_batch_status_failed",
+            500,
+            "failed to read summary batch status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    let Some(row) = row else {
+        return Ok(DesktopSummaryBatchStatusResponse {
+            state: DesktopSummaryBatchState::Idle,
+            processed_sessions: 0,
+            total_sessions: 0,
+            failed_sessions: 0,
+            message: None,
+            started_at: None,
+            finished_at: None,
+        });
+    };
+
+    Ok(DesktopSummaryBatchStatusResponse {
+        state: map_summary_batch_state(&row.status),
+        processed_sessions: row.processed_sessions,
+        total_sessions: row.total_sessions,
+        failed_sessions: row.failed_sessions,
+        message: row.message,
+        started_at: row.started_at,
+        finished_at: row.finished_at,
+    })
+}
+
+fn set_summary_batch_job_snapshot(
+    db: &LocalDb,
+    payload: SummaryBatchJobRow,
+) -> DesktopApiResult<()> {
+    db.set_summary_batch_job(&payload).map_err(|error| {
+        desktop_error(
+            "desktop.summary_batch_status_failed",
+            500,
+            "failed to persist summary batch status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })
+}
+
+fn is_summary_batch_skippable_error(error: &DesktopApiError) -> bool {
+    matches!(
+        error.code.as_str(),
+        "desktop.session_source_unavailable" | "desktop.session_body_not_found"
+    )
+}
+
+#[derive(Debug, Default)]
+struct SummaryBatchSelection {
+    pending_session_ids: Vec<String>,
+    already_summarized_sessions: u32,
+}
+
+fn summary_batch_session_ids_for_scope(
+    db: &LocalDb,
+    scope: &RuntimeSummaryBatchScope,
+    recent_days: u16,
+) -> DesktopApiResult<SummaryBatchSelection> {
+    let filter = LocalSessionFilter {
+        limit: None,
+        offset: None,
+        ..LocalSessionFilter::default()
+    };
+    let mut rows = db.list_sessions(&filter).map_err(|error| {
+        desktop_error(
+            "desktop.summary_batch_list_failed",
+            500,
+            "failed to list sessions for summary batch",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    if matches!(scope, RuntimeSummaryBatchScope::RecentDays) {
+        let cutoff = chrono::Utc::now() - chrono::Duration::days(i64::from(recent_days.max(1)));
+        rows.retain(|row| {
+            chrono::DateTime::parse_from_rfc3339(&row.created_at)
+                .map(|parsed| parsed.with_timezone(&chrono::Utc) >= cutoff)
+                .unwrap_or(true)
+        });
+    }
+
+    let local_summary_ids = db
+        .list_session_semantic_summary_ids()
+        .map(|ids| ids.into_iter().collect::<HashSet<_>>())
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_query_failed",
+                500,
+                "failed to list existing local_db session summaries",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    let mut selection = SummaryBatchSelection {
+        pending_session_ids: Vec::with_capacity(rows.len()),
+        already_summarized_sessions: 0,
+    };
+    for row in rows {
+        let session_id = row.id;
+        let already_summarized = local_summary_ids.contains(&session_id)
+            || has_hidden_ref_summary_for_session(db, &session_id)?;
+        if already_summarized {
+            selection.already_summarized_sessions =
+                selection.already_summarized_sessions.saturating_add(1);
+            continue;
+        }
+        selection.pending_session_ids.push(session_id);
+    }
+
+    Ok(selection)
+}
+
+fn build_git_summary_request_for_session(
+    session: &HailSession,
+    runtime: &DaemonConfig,
+) -> Option<GitSummaryRequest> {
+    if !runtime.summary.allows_git_changes_fallback() {
+        return None;
+    }
+    working_directory(session)
+        .and_then(|cwd| find_git_repo_root(Path::new(cwd)).map(|repo_root| (cwd, repo_root)))
+        .map(|(cwd, repo_root)| GitSummaryRequest {
+            repo_root,
+            commit: extract_git_context(cwd).commit,
+        })
+}
+
+async fn generate_session_summary_artifact_for_id(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    session_id: &str,
+) -> DesktopApiResult<SemanticSummaryArtifact> {
+    let normalized_session = load_normalized_session_body(db, session_id)?;
+    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
+        desktop_error(
+            "desktop.session_summary_parse_failed",
+            422,
+            "failed to decode session body for summary regeneration",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+    let git_request = build_git_summary_request_for_session(&session, runtime);
+    summarize_session(&session, &runtime.summary, git_request.as_ref())
+        .await
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_summary_generate_failed",
+                500,
+                "failed to generate semantic summary",
+                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+            )
+        })
+}
+
+fn summary_repo_required_error(session_id: &str) -> DesktopApiError {
+    desktop_error(
+        "desktop.session_summary_repo_required",
+        422,
+        "hidden_ref summary backend requires a git repository",
+        Some(json!({ "session_id": session_id })),
+    )
+}
+
+fn summary_response_from_artifact(
+    session_id: &str,
+    artifact: &SemanticSummaryArtifact,
+) -> DesktopSessionSummaryResponse {
+    DesktopSessionSummaryResponse {
+        session_id: session_id.to_string(),
+        summary: serde_json::to_value(&artifact.summary).ok(),
+        source_details: if artifact.source_details.is_empty() {
+            None
+        } else {
+            serde_json::to_value(&artifact.source_details).ok()
+        },
+        diff_tree: serde_json::to_value(&artifact.diff_tree)
+            .ok()
+            .and_then(|value| value.as_array().cloned())
+            .unwrap_or_default(),
+        source_kind: Some(enum_label(&artifact.source_kind)),
+        generation_kind: Some(enum_label(&artifact.generation_kind)),
+        error: artifact.error.clone(),
+    }
+}
+
+fn persist_summary_for_runtime(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    session_id: &str,
+    artifact: &SemanticSummaryArtifact,
+) -> DesktopApiResult<()> {
+    match runtime.summary.storage.backend {
+        SummaryStorageBackend::LocalDb => persist_summary_to_local_db(db, session_id, artifact),
+        SummaryStorageBackend::HiddenRef => {
+            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
+                return Err(summary_repo_required_error(session_id));
+            };
+            persist_summary_to_hidden_ref(&repo_root, session_id, artifact)
+        }
+        SummaryStorageBackend::None => Ok(()),
+    }
+}
+
+fn summary_response_after_persist(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    session_id: &str,
+    artifact: &SemanticSummaryArtifact,
+) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    if matches!(runtime.summary.storage.backend, SummaryStorageBackend::None) {
+        return Ok(summary_response_from_artifact(session_id, artifact));
+    }
+    load_session_summary_for_runtime(db, runtime, session_id)
+}
+
+pub(crate) fn run_summary_batch_for_runtime(
+    runtime: DaemonConfig,
+) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
+    let db = open_local_db()?;
+    {
+        let mut running = SUMMARY_BATCH_RUNNING
+            .lock()
+            .expect("summary batch mutex poisoned");
+        if *running {
+            return desktop_summary_batch_status_from_db(&db);
+        }
+        *running = true;
+    }
+
+    let started_at = chrono::Utc::now().to_rfc3339();
+    set_summary_batch_job_snapshot(
+        &db,
+        SummaryBatchJobRow {
+            status: "running".to_string(),
+            processed_sessions: 0,
+            total_sessions: 0,
+            failed_sessions: 0,
+            message: Some("starting summary batch".to_string()),
+            started_at: Some(started_at),
+            finished_at: None,
+        },
+    )?;
+
+    std::thread::spawn(move || {
+        let run_result: DesktopApiResult<()> = (|| {
+            let db = open_local_db()?;
+            let selection = summary_batch_session_ids_for_scope(
+                &db,
+                &runtime.summary.batch.scope,
+                runtime.summary.batch.recent_days,
+            )?;
+            let total_sessions = selection.pending_session_ids.len() as u32;
+            let already_summarized_sessions = selection.already_summarized_sessions;
+            let started_at = chrono::Utc::now().to_rfc3339();
+            let initial_message = if already_summarized_sessions > 0 {
+                format!(
+                    "processing semantic summaries ({already_summarized_sessions} already summarized)"
+                )
+            } else {
+                "processing semantic summaries".to_string()
+            };
+            set_summary_batch_job_snapshot(
+                &db,
+                SummaryBatchJobRow {
+                    status: "running".to_string(),
+                    processed_sessions: 0,
+                    total_sessions,
+                    failed_sessions: 0,
+                    message: Some(initial_message),
+                    started_at: Some(started_at.clone()),
+                    finished_at: None,
+                },
+            )?;
+
+            if total_sessions == 0 {
+                let message = if already_summarized_sessions > 0 {
+                    format!(
+                        "summary batch complete ({already_summarized_sessions} already summarized)"
+                    )
+                } else {
+                    "summary batch complete (no pending sessions)".to_string()
+                };
+                set_summary_batch_job_snapshot(
+                    &db,
+                    SummaryBatchJobRow {
+                        status: "complete".to_string(),
+                        processed_sessions: 0,
+                        total_sessions: 0,
+                        failed_sessions: 0,
+                        message: Some(message),
+                        started_at: Some(started_at),
+                        finished_at: Some(chrono::Utc::now().to_rfc3339()),
+                    },
+                )?;
+                return Ok(());
+            }
+
+            let mut processed_sessions = 0u32;
+            let mut failed_sessions = 0u32;
+            let mut skipped_sessions = 0u32;
+            for session_id in selection.pending_session_ids {
+                set_summary_batch_job_snapshot(
+                    &db,
+                    SummaryBatchJobRow {
+                        status: "running".to_string(),
+                        processed_sessions,
+                        total_sessions,
+                        failed_sessions,
+                        message: Some(format!("processing {session_id}")),
+                        started_at: Some(started_at.clone()),
+                        finished_at: None,
+                    },
+                )?;
+
+                let generated = tauri::async_runtime::block_on(
+                    generate_session_summary_artifact_for_id(&db, &runtime, &session_id),
+                );
+                if let Err(error) = generated.and_then(|artifact| {
+                    persist_summary_for_runtime(&db, &runtime, &session_id, &artifact)
+                }) {
+                    if is_summary_batch_skippable_error(&error) {
+                        skipped_sessions = skipped_sessions.saturating_add(1);
+                        eprintln!("summary batch: skipped {session_id}: {}", error.message);
+                    } else {
+                        failed_sessions = failed_sessions.saturating_add(1);
+                        eprintln!(
+                            "summary batch: failed to process {session_id}: {}",
+                            error.message
+                        );
+                    }
+                }
+
+                processed_sessions = processed_sessions.saturating_add(1);
+                set_summary_batch_job_snapshot(
+                    &db,
+                    SummaryBatchJobRow {
+                        status: "running".to_string(),
+                        processed_sessions,
+                        total_sessions,
+                        failed_sessions,
+                        message: Some(format!(
+                            "processed {processed_sessions}/{total_sessions} sessions"
+                        )),
+                        started_at: Some(started_at.clone()),
+                        finished_at: None,
+                    },
+                )?;
+            }
+
+            let status = if failed_sessions > 0 {
+                "failed"
+            } else {
+                "complete"
+            };
+            let mut message = if failed_sessions > 0 {
+                if skipped_sessions > 0 {
+                    format!(
+                        "summary batch finished with {failed_sessions} failures ({skipped_sessions} skipped missing sources)"
+                    )
+                } else {
+                    format!("summary batch finished with {failed_sessions} failures")
+                }
+            } else if skipped_sessions > 0 {
+                format!("summary batch complete ({skipped_sessions} skipped missing sources)")
+            } else {
+                "summary batch complete".to_string()
+            };
+            if already_summarized_sessions > 0 {
+                message.push_str(&format!(
+                    "; {already_summarized_sessions} already summarized"
+                ));
+            }
+            set_summary_batch_job_snapshot(
+                &db,
+                SummaryBatchJobRow {
+                    status: status.to_string(),
+                    processed_sessions,
+                    total_sessions,
+                    failed_sessions,
+                    message: Some(message),
+                    started_at: Some(started_at),
+                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
+                },
+            )?;
+            Ok(())
+        })();
+
+        if let Err(error) = run_result {
+            if let Ok(db) = open_local_db() {
+                let now = chrono::Utc::now().to_rfc3339();
+                let _ = set_summary_batch_job_snapshot(
+                    &db,
+                    SummaryBatchJobRow {
+                        status: "failed".to_string(),
+                        processed_sessions: 0,
+                        total_sessions: 0,
+                        failed_sessions: 0,
+                        message: Some(error.message.clone()),
+                        started_at: Some(now.clone()),
+                        finished_at: Some(now),
+                    },
+                );
+            }
+            eprintln!("summary batch run failed: {}", error.message);
+        }
+
+        if let Ok(mut running) = SUMMARY_BATCH_RUNNING.lock() {
+            *running = false;
+        }
+    });
+
+    desktop_summary_batch_status_from_db(&db)
+}
+
+pub(crate) fn maybe_start_summary_batch_on_app_start() {
+    let runtime = match load_runtime_config() {
+        Ok(runtime) => runtime,
+        Err(error) => {
+            eprintln!(
+                "failed to load runtime config for app-start summary batch: {}",
+                error.message
+            );
+            return;
+        }
+    };
+
+    if !matches!(
+        runtime.summary.batch.execution_mode,
+        opensession_runtime_config::SummaryBatchExecutionMode::OnAppStart
+    ) {
+        return;
+    }
+
+    if let Err(error) = run_summary_batch_for_runtime(runtime) {
+        eprintln!("failed to start app-start summary batch: {}", error.message);
+    }
+}
+
+#[tauri::command]
+pub(crate) fn desktop_get_session_summary(
+    id: String,
+) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    let db = open_local_db()?;
+    let runtime = load_runtime_config()?;
+    load_session_summary_for_runtime(&db, &runtime, &id)
+}
+
+#[tauri::command]
+pub(crate) async fn desktop_regenerate_session_summary(
+    id: String,
+) -> DesktopApiResult<DesktopSessionSummaryResponse> {
+    let db = open_local_db()?;
+    let runtime = load_runtime_config()?;
+    let artifact = generate_session_summary_artifact_for_id(&db, &runtime, &id).await?;
+    persist_summary_for_runtime(&db, &runtime, &id, &artifact)?;
+    summary_response_after_persist(&db, &runtime, &id, &artifact)
+}
+
+#[tauri::command]
+pub(crate) fn desktop_summary_batch_status() -> DesktopApiResult<DesktopSummaryBatchStatusResponse>
+{
+    let db = open_local_db()?;
+    desktop_summary_batch_status_from_db(&db)
+}
+
+#[tauri::command]
+pub(crate) fn desktop_summary_batch_run() -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
+    let runtime = load_runtime_config()?;
+    run_summary_batch_for_runtime(runtime)
+}
diff --git a/desktop/src-tauri/src/app/vector.rs b/desktop/src-tauri/src/app/vector.rs
new file mode 100644
index 00000000..25a4c34d
--- /dev/null
+++ b/desktop/src-tauri/src/app/vector.rs
@@ -0,0 +1,1418 @@
+use opensession_api::{
+    DesktopApiError, DesktopVectorIndexState, DesktopVectorIndexStatusResponse,
+    DesktopVectorInstallState, DesktopVectorInstallStatusResponse, DesktopVectorPreflightResponse,
+    DesktopVectorSearchProvider, DesktopVectorSearchResponse, DesktopVectorSessionMatch,
+    SessionListResponse, SessionSummary,
+};
+use opensession_core::object_store::sha256_hex;
+use opensession_core::trace::Session as HailSession;
+use opensession_local_db::{LocalDb, LocalSessionFilter, VectorChunkUpsert, VectorIndexJobRow};
+use opensession_runtime_config::{DaemonConfig, VectorChunkingMode};
+use serde_json::json;
+use std::collections::HashMap;
+use std::io::{BufRead, BufReader};
+use std::process::Command;
+use std::sync::{LazyLock, Mutex};
+use std::time::Duration;
+
+use crate::{
+    DesktopApiResult, desktop_error, load_normalized_session_body, load_runtime_config,
+    open_local_db, session_summary_from_local_row_with_score,
+};
+
+const VECTOR_EMBED_BATCH_SIZE: usize = 24;
+const VECTOR_FTS_CANDIDATE_LIMIT_MULTIPLIER: u32 = 8;
+
+#[derive(Debug, Clone)]
+struct VectorInstallRuntimeState {
+    state: DesktopVectorInstallState,
+    model: String,
+    progress_pct: u8,
+    message: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+struct VectorMatchScore {
+    session_id: String,
+    chunk_id: String,
+    start_line: u32,
+    end_line: u32,
+    snippet: String,
+    best_score: f32,
+    hit_count: u32,
+}
+
+static VECTOR_INSTALL_STATE: LazyLock<Mutex<VectorInstallRuntimeState>> = LazyLock::new(|| {
+    Mutex::new(VectorInstallRuntimeState {
+        state: DesktopVectorInstallState::NotInstalled,
+        model: "bge-m3".to_string(),
+        progress_pct: 0,
+        message: None,
+    })
+});
+
+static VECTOR_INDEX_REBUILD_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
+
+pub(crate) fn vector_embed_endpoint(runtime: &DaemonConfig) -> String {
+    let configured = runtime.vector_search.endpoint.trim();
+    if !configured.is_empty() {
+        return configured.trim_end_matches('/').to_string();
+    }
+    "http://127.0.0.1:11434".to_string()
+}
+
+pub(crate) fn vector_embed_model(runtime: &DaemonConfig) -> String {
+    let configured = runtime.vector_search.model.trim();
+    if configured.is_empty() {
+        return "bge-m3".to_string();
+    }
+    configured.to_string()
+}
+
+fn truncate_vector_error_body(raw: &str, max_len: usize) -> String {
+    let compact = raw.split_whitespace().collect::<Vec<_>>().join(" ");
+    if compact.chars().count() <= max_len {
+        return compact;
+    }
+    let truncated = compact.chars().take(max_len).collect::<String>();
+    format!("{truncated}...")
+}
+
+fn extract_vector_error_reason(raw: &str) -> Option<String> {
+    let trimmed = raw.trim();
+    if trimmed.is_empty() {
+        return None;
+    }
+    serde_json::from_str::<serde_json::Value>(trimmed)
+        .ok()
+        .and_then(|payload| {
+            payload
+                .get("error")
+                .and_then(serde_json::Value::as_str)
+                .or_else(|| payload.get("message").and_then(serde_json::Value::as_str))
+                .map(str::trim)
+                .filter(|value| !value.is_empty())
+                .map(|value| value.to_string())
+        })
+        .or_else(|| Some(truncate_vector_error_body(trimmed, 220)))
+}
+
+fn detail_string(details: Option<&serde_json::Value>, key: &str) -> Option<String> {
+    details
+        .and_then(|value| value.get(key))
+        .and_then(serde_json::Value::as_str)
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .map(|value| value.to_string())
+}
+
+fn detail_u64(details: Option<&serde_json::Value>, key: &str) -> Option<u64> {
+    details
+        .and_then(|value| value.get(key))
+        .and_then(serde_json::Value::as_u64)
+}
+
+fn format_vector_error_message(error: &DesktopApiError) -> String {
+    let details = error.details.as_ref();
+    let mut lines = vec![error.message.clone()];
+    if let Some(reason) = detail_string(details, "reason").or_else(|| {
+        detail_string(details, "body").and_then(|body| extract_vector_error_reason(&body))
+    }) {
+        lines.push(format!("Reason: {reason}"));
+    }
+    if let Some(status) = detail_u64(details, "status") {
+        lines.push(format!("HTTP: {status}"));
+    }
+    if let Some(endpoint) = detail_string(details, "endpoint") {
+        lines.push(format!("Endpoint: {endpoint}"));
+    }
+    if let Some(batch_reason) = detail_string(details, "batch_reason").or_else(|| {
+        detail_string(details, "batch_body").and_then(|body| extract_vector_error_reason(&body))
+    }) {
+        lines.push(format!("Batch reason: {batch_reason}"));
+    }
+    if let Some(batch_status) = detail_u64(details, "batch_status") {
+        lines.push(format!("Batch HTTP: {batch_status}"));
+    }
+    if let Some(batch_endpoint) = detail_string(details, "batch_endpoint") {
+        lines.push(format!("Batch endpoint: {batch_endpoint}"));
+    }
+    if let Some(model) = detail_string(details, "model") {
+        lines.push(format!("Model: {model}"));
+    }
+    if let Some(hint) = detail_string(details, "hint") {
+        lines.push(format!("Action: {hint}"));
+    }
+    lines.join("\n")
+}
+
+fn parse_embedding_vector(value: &serde_json::Value) -> Option<Vec<f32>> {
+    let items = value.as_array()?;
+    let mut output = Vec::with_capacity(items.len());
+    for item in items {
+        if let Some(number) = item.as_f64() {
+            output.push(number as f32);
+            continue;
+        }
+        if let Some(number) = item.as_i64() {
+            output.push(number as f32);
+            continue;
+        }
+        if let Some(number) = item.as_u64() {
+            output.push(number as f32);
+            continue;
+        }
+        return None;
+    }
+    Some(output)
+}
+
+fn parse_embeddings_payload(payload: &serde_json::Value) -> Option<Vec<Vec<f32>>> {
+    if let Some(vectors) = payload.get("embeddings").and_then(|value| value.as_array()) {
+        let mut out = Vec::with_capacity(vectors.len());
+        for value in vectors {
+            out.push(parse_embedding_vector(value)?);
+        }
+        return Some(out);
+    }
+    payload
+        .get("embedding")
+        .and_then(parse_embedding_vector)
+        .map(|vector| vec![vector])
+}
+
+fn request_ollama_embeddings(
+    endpoint: &str,
+    model: &str,
+    inputs: &[String],
+) -> DesktopApiResult<Vec<Vec<f32>>> {
+    if inputs.is_empty() {
+        return Ok(Vec::new());
+    }
+
+    let client = reqwest::blocking::Client::builder()
+        .timeout(Duration::from_secs(25))
+        .build()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.vector_search_client_failed",
+                500,
+                "failed to initialize vector search client",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    let base = endpoint.trim_end_matches('/');
+    let batch_url = format!("{base}/api/embed");
+    let (batch_status, batch_body, batch_reason) = match client
+        .post(&batch_url)
+        .json(&json!({ "model": model, "input": inputs }))
+        .send()
+    {
+        Ok(response) if response.status().is_success() => {
+            let payload: serde_json::Value = response.json().map_err(|error| {
+                desktop_error(
+                    "desktop.vector_search_parse_failed",
+                    502,
+                    "failed to parse embedding response",
+                    Some(json!({ "cause": error.to_string(), "endpoint": batch_url })),
+                )
+            })?;
+            if let Some(vectors) = parse_embeddings_payload(&payload) {
+                if vectors.len() == inputs.len() {
+                    return Ok(vectors);
+                }
+            }
+            (
+                None,
+                None,
+                Some(format!(
+                    "expected {} embeddings but received a different payload shape",
+                    inputs.len()
+                )),
+            )
+        }
+        Ok(response) => {
+            let status = response.status().as_u16();
+            let body = response.text().unwrap_or_default();
+            (
+                Some(status),
+                Some(body.clone()),
+                extract_vector_error_reason(&body),
+            )
+        }
+        Err(error) => (None, None, Some(error.to_string())),
+    };
+
+    let single_url = format!("{base}/api/embeddings");
+    let mut vectors = Vec::with_capacity(inputs.len());
+    for input in inputs {
+        let response = client
+            .post(&single_url)
+            .json(&json!({ "model": model, "prompt": input }))
+            .send()
+            .map_err(|error| {
+                desktop_error(
+                    "desktop.vector_search_unavailable",
+                    422,
+                    "vector search endpoint is unavailable",
+                    Some(json!({
+                        "cause": error.to_string(),
+                        "endpoint": single_url,
+                        "batch_endpoint": batch_url.clone(),
+                        "batch_status": batch_status,
+                        "batch_body": batch_body.clone(),
+                        "batch_reason": batch_reason.clone(),
+                        "model": model.to_string(),
+                        "hint": "start local ollama and ensure embeddings endpoint is reachable"
+                    })),
+                )
+            })?;
+        if !response.status().is_success() {
+            let status = response.status().as_u16();
+            let body = response.text().unwrap_or_default();
+            let reason = extract_vector_error_reason(&body);
+            return Err(desktop_error(
+                "desktop.vector_search_unavailable",
+                422,
+                format!("vector search endpoint returned HTTP {status}"),
+                Some(json!({
+                    "endpoint": single_url,
+                    "status": status,
+                    "body": body,
+                    "reason": reason,
+                    "batch_endpoint": batch_url.clone(),
+                    "batch_status": batch_status,
+                    "batch_body": batch_body.clone(),
+                    "batch_reason": batch_reason.clone(),
+                    "model": model.to_string(),
+                    "hint": "verify embedding model exists in local ollama"
+                })),
+            ));
+        }
+        let payload: serde_json::Value = response.json().map_err(|error| {
+            desktop_error(
+                "desktop.vector_search_parse_failed",
+                502,
+                "failed to parse embedding response",
+                Some(json!({ "cause": error.to_string(), "endpoint": single_url })),
+            )
+        })?;
+        let vector = parse_embeddings_payload(&payload)
+            .and_then(|mut list| list.pop())
+            .ok_or_else(|| {
+                desktop_error(
+                    "desktop.vector_search_parse_failed",
+                    502,
+                    "embedding response missing vector payload",
+                    Some(json!({ "endpoint": single_url })),
+                )
+            })?;
+        vectors.push(vector);
+    }
+
+    Ok(vectors)
+}
+
+fn request_ollama_embeddings_in_batches(
+    endpoint: &str,
+    model: &str,
+    inputs: &[String],
+) -> DesktopApiResult<Vec<Vec<f32>>> {
+    if inputs.is_empty() {
+        return Ok(Vec::new());
+    }
+    let mut out = Vec::with_capacity(inputs.len());
+    for chunk in inputs.chunks(VECTOR_EMBED_BATCH_SIZE) {
+        let vectors = request_ollama_embeddings(endpoint, model, chunk)?;
+        out.extend(vectors);
+    }
+    Ok(out)
+}
+
+fn current_vector_install_state() -> VectorInstallRuntimeState {
+    VECTOR_INSTALL_STATE
+        .lock()
+        .expect("vector install state mutex poisoned")
+        .clone()
+}
+
+fn set_vector_install_state(update: VectorInstallRuntimeState) {
+    *VECTOR_INSTALL_STATE
+        .lock()
+        .expect("vector install state mutex poisoned") = update;
+}
+
+fn update_vector_install_progress(
+    state: DesktopVectorInstallState,
+    model: &str,
+    progress_pct: u8,
+    message: Option<String>,
+) {
+    set_vector_install_state(VectorInstallRuntimeState {
+        state,
+        model: model.to_string(),
+        progress_pct: progress_pct.min(100),
+        message,
+    });
+}
+
+fn parse_ollama_model_list(payload: &serde_json::Value, target_model: &str) -> bool {
+    let Some(models) = payload.get("models").and_then(|value| value.as_array()) else {
+        return false;
+    };
+    let target = target_model.trim();
+    if target.is_empty() {
+        return false;
+    }
+    models.iter().any(|item| {
+        item.get("name")
+            .and_then(|value| value.as_str())
+            .map(|name| name == target || name.starts_with(&format!("{target}:")))
+            .unwrap_or(false)
+    })
+}
+
+fn ollama_cli_available() -> bool {
+    Command::new("ollama")
+        .arg("--version")
+        .output()
+        .map(|output| {
+            output.status.success() || !output.stdout.is_empty() || !output.stderr.is_empty()
+        })
+        .unwrap_or(false)
+}
+
+fn ollama_unreachable_message(endpoint: &str, error: &reqwest::Error) -> String {
+    if ollama_cli_available() {
+        format!(
+            "ollama is installed but not reachable at {endpoint}; start it with `ollama serve` ({error})"
+        )
+    } else {
+        "ollama CLI is not installed. Install from https://ollama.com/download, then run `ollama serve`.".to_string()
+    }
+}
+
+pub(crate) fn vector_preflight_for_runtime(
+    runtime: &DaemonConfig,
+) -> DesktopVectorPreflightResponse {
+    let endpoint = vector_embed_endpoint(runtime);
+    let model = vector_embed_model(runtime);
+    let mut response = DesktopVectorPreflightResponse {
+        provider: DesktopVectorSearchProvider::Ollama,
+        endpoint: endpoint.clone(),
+        model: model.clone(),
+        ollama_reachable: false,
+        model_installed: false,
+        install_state: DesktopVectorInstallState::NotInstalled,
+        progress_pct: 0,
+        message: None,
+    };
+
+    let install_state = current_vector_install_state();
+    response.install_state = install_state.state;
+    response.progress_pct = install_state.progress_pct;
+    response.message = install_state.message;
+
+    let client = match reqwest::blocking::Client::builder()
+        .timeout(Duration::from_secs(8))
+        .build()
+    {
+        Ok(client) => client,
+        Err(error) => {
+            response.message = Some(format!("failed to initialize HTTP client: {error}"));
+            return response;
+        }
+    };
+
+    let tags_url = format!("{}/api/tags", endpoint.trim_end_matches('/'));
+    let tags_response = match client.get(tags_url).send() {
+        Ok(resp) => resp,
+        Err(error) => {
+            response.message = Some(ollama_unreachable_message(&endpoint, &error));
+            return response;
+        }
+    };
+    if !tags_response.status().is_success() {
+        response.message = Some(format!(
+            "ollama endpoint {endpoint} returned status {}; verify `ollama serve` and endpoint configuration",
+            tags_response.status()
+        ));
+        return response;
+    }
+
+    response.ollama_reachable = true;
+    let payload: serde_json::Value = match tags_response.json() {
+        Ok(payload) => payload,
+        Err(error) => {
+            response.message = Some(format!("failed to parse ollama model list: {error}"));
+            return response;
+        }
+    };
+    response.model_installed = parse_ollama_model_list(&payload, &model);
+    if response.model_installed {
+        response.install_state = DesktopVectorInstallState::Ready;
+        response.progress_pct = 100;
+        if response.message.is_none() {
+            response.message = Some("model is installed and ready".to_string());
+        }
+    } else if matches!(response.install_state, DesktopVectorInstallState::Ready) {
+        response.install_state = DesktopVectorInstallState::NotInstalled;
+        response.progress_pct = 0;
+    } else if response.message.is_none() {
+        response.message = Some(format!(
+            "model `{model}` is not installed. Run `ollama pull {model}` or use Install model."
+        ));
+    }
+    response
+}
+
+fn install_ollama_model_blocking(endpoint: &str, model: &str) -> DesktopApiResult<()> {
+    let client = reqwest::blocking::Client::builder()
+        .timeout(Duration::from_secs(600))
+        .build()
+        .map_err(|error| {
+            desktop_error(
+                "desktop.vector_install_client_failed",
+                500,
+                "failed to initialize vector install client",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+
+    let pull_url = format!("{}/api/pull", endpoint.trim_end_matches('/'));
+    let response = client
+        .post(&pull_url)
+        .json(&json!({ "model": model, "stream": true }))
+        .send()
+        .map_err(|error| {
+            let (message, hint) = if ollama_cli_available() {
+                (
+                    "failed to connect to ollama model pull endpoint",
+                    "start local ollama with `ollama serve`".to_string(),
+                )
+            } else {
+                (
+                    "ollama CLI is not installed",
+                    "install Ollama from https://ollama.com/download and run `ollama serve`"
+                        .to_string(),
+                )
+            };
+            desktop_error(
+                "desktop.vector_install_unavailable",
+                422,
+                message,
+                Some(json!({
+                    "cause": error.to_string(),
+                    "endpoint": pull_url,
+                    "hint": hint
+                })),
+            )
+        })?;
+
+    if !response.status().is_success() {
+        let status = response.status().as_u16();
+        let body = response.text().unwrap_or_default();
+        return Err(desktop_error(
+            "desktop.vector_install_failed",
+            422,
+            "ollama model pull failed",
+            Some(json!({ "endpoint": pull_url, "status": status, "body": body })),
+        ));
+    }
+
+    let mut reader = BufReader::new(response);
+    let mut line = String::new();
+    loop {
+        line.clear();
+        let bytes = reader.read_line(&mut line).map_err(|error| {
+            desktop_error(
+                "desktop.vector_install_failed",
+                500,
+                "failed while reading model pull stream",
+                Some(json!({ "cause": error.to_string(), "endpoint": pull_url })),
+            )
+        })?;
+        if bytes == 0 {
+            break;
+        }
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        if let Ok(payload) = serde_json::from_str::<serde_json::Value>(trimmed) {
+            if let Some(error_text) = payload.get("error").and_then(|value| value.as_str()) {
+                return Err(desktop_error(
+                    "desktop.vector_install_failed",
+                    422,
+                    "ollama model pull failed",
+                    Some(json!({ "endpoint": pull_url, "error": error_text })),
+                ));
+            }
+            let status = payload
+                .get("status")
+                .and_then(|value| value.as_str())
+                .map(str::to_string);
+            let completed = payload.get("completed").and_then(|value| value.as_u64());
+            let total = payload.get("total").and_then(|value| value.as_u64());
+            let progress_pct = match (completed, total) {
+                (Some(done), Some(total)) if total > 0 => ((done * 100) / total).min(100) as u8,
+                _ => 0,
+            };
+            if status.is_some() || progress_pct > 0 {
+                update_vector_install_progress(
+                    DesktopVectorInstallState::Installing,
+                    model,
+                    progress_pct,
+                    status,
+                );
+            }
+        }
+    }
+
+    Ok(())
+}
+
+pub(crate) fn cosine_similarity(lhs: &[f32], rhs: &[f32]) -> f32 {
+    if lhs.is_empty() || rhs.is_empty() || lhs.len() != rhs.len() {
+        return 0.0;
+    }
+    let mut dot = 0.0f32;
+    let mut lhs_norm = 0.0f32;
+    let mut rhs_norm = 0.0f32;
+    for (l, r) in lhs.iter().zip(rhs.iter()) {
+        dot += l * r;
+        lhs_norm += l * l;
+        rhs_norm += r * r;
+    }
+    if lhs_norm <= f32::EPSILON || rhs_norm <= f32::EPSILON {
+        return 0.0;
+    }
+    dot / (lhs_norm.sqrt() * rhs_norm.sqrt())
+}
+
+fn parse_vector_cursor(cursor: Option<String>) -> usize {
+    cursor
+        .as_deref()
+        .and_then(|raw| raw.trim().parse::<usize>().ok())
+        .unwrap_or(0)
+}
+
+fn truncate_snippet(raw: &str, max_chars: usize) -> String {
+    let trimmed = raw.trim();
+    if trimmed.chars().count() <= max_chars {
+        return trimmed.to_string();
+    }
+    let mut out = String::with_capacity(max_chars + 3);
+    for ch in trimmed.chars().take(max_chars) {
+        out.push(ch);
+    }
+    out.push_str("...");
+    out
+}
+
+fn ensure_vector_enabled_and_ready(
+    runtime: &DaemonConfig,
+) -> DesktopApiResult<DesktopVectorPreflightResponse> {
+    ensure_vector_provider_ready(runtime, true)
+}
+
+pub(crate) fn validate_vector_preflight_ready(
+    preflight: &DesktopVectorPreflightResponse,
+    runtime_enabled: bool,
+    require_enabled: bool,
+) -> DesktopApiResult<()> {
+    if require_enabled && !runtime_enabled {
+        return Err(desktop_error(
+            "desktop.vector_search_disabled",
+            422,
+            "semantic vector search is disabled in runtime settings",
+            Some(json!({ "hint": "enable vector_search in Settings and save runtime settings" })),
+        ));
+    }
+    if !preflight.ollama_reachable {
+        return Err(desktop_error(
+            "desktop.vector_search_unavailable",
+            422,
+            "ollama endpoint is not reachable",
+            Some(json!({
+                "endpoint": preflight.endpoint,
+                "hint": "start local ollama with `ollama serve`"
+            })),
+        ));
+    }
+    if !preflight.model_installed {
+        return Err(desktop_error(
+            "desktop.vector_model_not_installed",
+            422,
+            "embedding model is not installed",
+            Some(json!({
+                "model": preflight.model,
+                "hint": "use Settings > Vector Search > Install model"
+            })),
+        ));
+    }
+    Ok(())
+}
+
+fn ensure_vector_provider_ready(
+    runtime: &DaemonConfig,
+    require_enabled: bool,
+) -> DesktopApiResult<DesktopVectorPreflightResponse> {
+    let preflight = vector_preflight_for_runtime(runtime);
+    validate_vector_preflight_ready(&preflight, runtime.vector_search.enabled, require_enabled)?;
+    Ok(preflight)
+}
+
+fn score_vector_sessions(
+    query_vector: &[f32],
+    candidates: Vec<opensession_local_db::VectorChunkCandidateRow>,
+) -> Vec<VectorMatchScore> {
+    let mut by_session: HashMap<String, VectorMatchScore> = HashMap::new();
+    for candidate in candidates {
+        let score = cosine_similarity(query_vector, &candidate.embedding);
+        if !score.is_finite() {
+            continue;
+        }
+        let entry = by_session
+            .entry(candidate.session_id.clone())
+            .or_insert_with(|| VectorMatchScore {
+                session_id: candidate.session_id.clone(),
+                chunk_id: candidate.chunk_id.clone(),
+                start_line: candidate.start_line,
+                end_line: candidate.end_line,
+                snippet: truncate_snippet(&candidate.content, 260),
+                best_score: score,
+                hit_count: 0,
+            });
+        entry.hit_count = entry.hit_count.saturating_add(1);
+        if score > entry.best_score {
+            entry.best_score = score;
+            entry.chunk_id = candidate.chunk_id;
+            entry.start_line = candidate.start_line;
+            entry.end_line = candidate.end_line;
+            entry.snippet = truncate_snippet(&candidate.content, 260);
+        }
+    }
+    let mut ranked = by_session.into_values().collect::<Vec<_>>();
+    ranked.sort_by(|left, right| {
+        let right_weighted = right.best_score + (right.hit_count as f32 * 0.01);
+        let left_weighted = left.best_score + (left.hit_count as f32 * 0.01);
+        right_weighted.total_cmp(&left_weighted)
+    });
+    ranked
+}
+
+fn session_matches_vector_filter(
+    summary: &SessionSummary,
+    filter: Option<&LocalSessionFilter>,
+) -> bool {
+    let Some(filter) = filter else {
+        return true;
+    };
+
+    if let Some(tool) = filter.tool.as_deref() {
+        if summary.tool != tool {
+            return false;
+        }
+    }
+    if let Some(repo) = filter.git_repo_name.as_deref() {
+        if summary.git_repo_name.as_deref() != Some(repo) {
+            return false;
+        }
+    }
+
+    if !matches!(filter.time_range, opensession_local_db::LocalTimeRange::All) {
+        let created_at = match chrono::DateTime::parse_from_rfc3339(&summary.created_at) {
+            Ok(parsed) => parsed.with_timezone(&chrono::Utc),
+            Err(_) => return false,
+        };
+        let now = chrono::Utc::now();
+        let min_allowed = match filter.time_range {
+            opensession_local_db::LocalTimeRange::Hours24 => now - chrono::Duration::hours(24),
+            opensession_local_db::LocalTimeRange::Days7 => now - chrono::Duration::days(7),
+            opensession_local_db::LocalTimeRange::Days30 => now - chrono::Duration::days(30),
+            opensession_local_db::LocalTimeRange::All => now - chrono::Duration::days(36500),
+        };
+        if created_at < min_allowed {
+            return false;
+        }
+    }
+
+    true
+}
+
+fn search_sessions_vector_internal(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+    query_text: &str,
+    cursor: Option<String>,
+    limit: Option<u32>,
+    filter: Option<&LocalSessionFilter>,
+) -> DesktopApiResult<DesktopVectorSearchResponse> {
+    let normalized_query = query_text.trim();
+    if normalized_query.is_empty() {
+        return Err(desktop_error(
+            "desktop.vector_search_query_required",
+            422,
+            "vector search query is empty",
+            Some(json!({ "hint": "provide a non-empty query" })),
+        ));
+    }
+
+    let _preflight = ensure_vector_enabled_and_ready(runtime)?;
+    let endpoint = vector_embed_endpoint(runtime);
+    let model = vector_embed_model(runtime);
+    let query_embeddings =
+        request_ollama_embeddings(&endpoint, &model, &[normalized_query.to_string()])?;
+    let query_vector = query_embeddings.into_iter().next().unwrap_or_default();
+    if query_vector.is_empty() {
+        return Err(desktop_error(
+            "desktop.vector_search_parse_failed",
+            502,
+            "embedding response missing query vector",
+            Some(json!({ "model": model, "endpoint": endpoint })),
+        ));
+    }
+
+    let candidate_limit = (runtime.vector_search.top_k_chunks.max(1) as u32)
+        .saturating_mul(VECTOR_FTS_CANDIDATE_LIMIT_MULTIPLIER);
+    let mut candidates = db
+        .list_vector_chunk_candidates(normalized_query, &model, candidate_limit)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.vector_search_db_failed",
+                500,
+                "failed to load vector chunk candidates",
+                Some(json!({ "cause": error.to_string() })),
+            )
+        })?;
+    if candidates.is_empty() {
+        candidates = db
+            .list_recent_vector_chunks_for_model(&model, candidate_limit)
+            .map_err(|error| {
+                desktop_error(
+                    "desktop.vector_search_db_failed",
+                    500,
+                    "failed to load fallback vector chunk candidates",
+                    Some(json!({ "cause": error.to_string() })),
+                )
+            })?;
+    }
+
+    let mut ranked = score_vector_sessions(&query_vector, candidates);
+    let top_sessions = runtime.vector_search.top_k_sessions.max(1) as usize;
+    if ranked.len() > top_sessions {
+        ranked.truncate(top_sessions);
+    }
+    let offset = parse_vector_cursor(cursor);
+    let page_limit = limit.unwrap_or(20).clamp(1, 100) as usize;
+
+    let mut materialized = Vec::new();
+    for scored in ranked {
+        let Some(row) = db.get_session_by_id(&scored.session_id).map_err(|error| {
+            desktop_error(
+                "desktop.vector_search_db_failed",
+                500,
+                "failed to read session row for vector search result",
+                Some(json!({ "cause": error.to_string(), "session_id": scored.session_id })),
+            )
+        })?
+        else {
+            continue;
+        };
+        let normalized = (scored.best_score.clamp(-1.0, 1.0) * 10_000.0).round() as i64;
+        let summary =
+            session_summary_from_local_row_with_score(row, normalized, "vector_ollama_bge_m3_v2");
+        if !session_matches_vector_filter(&summary, filter) {
+            continue;
+        }
+        materialized.push(DesktopVectorSessionMatch {
+            session: summary,
+            score: scored.best_score,
+            chunk_id: scored.chunk_id,
+            start_line: scored.start_line,
+            end_line: scored.end_line,
+            snippet: scored.snippet,
+        });
+    }
+
+    let total_candidates = materialized.len() as u32;
+    let sessions = materialized
+        .into_iter()
+        .skip(offset)
+        .take(page_limit)
+        .collect::<Vec<_>>();
+
+    let next_offset = offset.saturating_add(sessions.len());
+    let next_cursor = (next_offset < total_candidates as usize).then_some(next_offset.to_string());
+
+    Ok(DesktopVectorSearchResponse {
+        query: normalized_query.to_string(),
+        sessions,
+        next_cursor,
+        total_candidates,
+    })
+}
+
+pub(crate) fn list_sessions_with_vector_rank(
+    db: &LocalDb,
+    base_filter: &LocalSessionFilter,
+    query_text: &str,
+    page: u32,
+    per_page: u32,
+) -> DesktopApiResult<SessionListResponse> {
+    let runtime = load_runtime_config()?;
+    let offset = (page.saturating_sub(1)).saturating_mul(per_page) as usize;
+    let response = search_sessions_vector_internal(
+        db,
+        &runtime,
+        query_text,
+        Some(offset.to_string()),
+        Some(per_page),
+        Some(base_filter),
+    )?;
+    Ok(SessionListResponse {
+        sessions: response
+            .sessions
+            .into_iter()
+            .map(|hit| hit.session)
+            .collect(),
+        total: response.total_candidates as i64,
+        page,
+        per_page,
+    })
+}
+
+fn push_non_empty_lines(raw: &str, lines: &mut Vec<String>) {
+    for line in raw.lines() {
+        let normalized = line.trim_end_matches('\r');
+        if normalized.trim().is_empty() {
+            continue;
+        }
+        lines.push(normalized.to_string());
+    }
+}
+
+pub(crate) fn extract_vector_lines(session: &HailSession) -> Vec<String> {
+    let mut lines: Vec<String> = Vec::new();
+    if let Some(title) = session.context.title.as_deref() {
+        push_non_empty_lines(title, &mut lines);
+    }
+    if let Some(description) = session.context.description.as_deref() {
+        push_non_empty_lines(description, &mut lines);
+    }
+
+    for event in &session.events {
+        for block in &event.content.blocks {
+            match block {
+                opensession_core::trace::ContentBlock::Text { text } => {
+                    push_non_empty_lines(text, &mut lines);
+                }
+                opensession_core::trace::ContentBlock::Code { code, .. } => {
+                    push_non_empty_lines(code, &mut lines);
+                }
+                opensession_core::trace::ContentBlock::File { path, content } => {
+                    push_non_empty_lines(path, &mut lines);
+                    if let Some(content) = content.as_deref() {
+                        push_non_empty_lines(content, &mut lines);
+                    }
+                }
+                opensession_core::trace::ContentBlock::Json { data } => {
+                    if let Ok(serialized) = serde_json::to_string(data) {
+                        push_non_empty_lines(&serialized, &mut lines);
+                    }
+                }
+                opensession_core::trace::ContentBlock::Reference { uri, .. } => {
+                    push_non_empty_lines(uri, &mut lines);
+                }
+                opensession_core::trace::ContentBlock::Image { alt, .. } => {
+                    if let Some(alt) = alt.as_deref() {
+                        push_non_empty_lines(alt, &mut lines);
+                    }
+                }
+                opensession_core::trace::ContentBlock::Video { .. }
+                | opensession_core::trace::ContentBlock::Audio { .. } => {}
+                _ => {}
+            }
+        }
+    }
+
+    if lines.is_empty() {
+        lines.push(session.session_id.clone());
+    }
+    lines
+}
+
+fn resolve_vector_chunking_profile(line_count: usize, runtime: &DaemonConfig) -> (usize, usize) {
+    if matches!(
+        runtime.vector_search.chunking_mode,
+        VectorChunkingMode::Manual
+    ) {
+        let chunk_size = runtime.vector_search.chunk_size_lines.max(1) as usize;
+        let overlap = runtime
+            .vector_search
+            .chunk_overlap_lines
+            .min(runtime.vector_search.chunk_size_lines.saturating_sub(1))
+            as usize;
+        return (chunk_size, overlap);
+    }
+
+    if line_count <= 40 {
+        (8, 2)
+    } else if line_count <= 120 {
+        (12, 3)
+    } else if line_count <= 300 {
+        (18, 4)
+    } else if line_count <= 800 {
+        (24, 6)
+    } else {
+        (32, 8)
+    }
+}
+
+pub(crate) fn build_vector_chunks_for_session(
+    session: &HailSession,
+    source_hash: &str,
+    runtime: &DaemonConfig,
+) -> Vec<VectorChunkUpsert> {
+    let lines = extract_vector_lines(session);
+    let (chunk_size, overlap) = resolve_vector_chunking_profile(lines.len(), runtime);
+    let step = chunk_size.saturating_sub(overlap).max(1);
+
+    let mut chunks = Vec::new();
+    let mut start = 0usize;
+    let mut chunk_index = 0u32;
+    while start < lines.len() {
+        let end = (start + chunk_size).min(lines.len());
+        let content = lines[start..end].join("\n");
+        let content_hash = sha256_hex(content.as_bytes());
+        let chunk_key = format!(
+            "{}:{}:{}:{}:{}",
+            session.session_id,
+            source_hash,
+            chunk_index,
+            start + 1,
+            end
+        );
+        chunks.push(VectorChunkUpsert {
+            chunk_id: sha256_hex(chunk_key.as_bytes()),
+            session_id: session.session_id.clone(),
+            chunk_index,
+            start_line: (start + 1) as u32,
+            end_line: end as u32,
+            line_count: (end - start) as u32,
+            content,
+            content_hash,
+            embedding: Vec::new(),
+        });
+
+        if end == lines.len() {
+            break;
+        }
+        start = start.saturating_add(step);
+        chunk_index = chunk_index.saturating_add(1);
+    }
+    chunks
+}
+
+fn map_vector_index_state(raw: &str) -> DesktopVectorIndexState {
+    match raw {
+        "running" => DesktopVectorIndexState::Running,
+        "complete" => DesktopVectorIndexState::Complete,
+        "failed" => DesktopVectorIndexState::Failed,
+        _ => DesktopVectorIndexState::Idle,
+    }
+}
+
+fn desktop_vector_index_status_from_db(
+    db: &LocalDb,
+) -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
+    let row = db.get_vector_index_job().map_err(|error| {
+        desktop_error(
+            "desktop.vector_index_status_failed",
+            500,
+            "failed to read vector indexing status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    let Some(row) = row else {
+        return Ok(DesktopVectorIndexStatusResponse {
+            state: DesktopVectorIndexState::Idle,
+            processed_sessions: 0,
+            total_sessions: 0,
+            message: None,
+            started_at: None,
+            finished_at: None,
+        });
+    };
+
+    Ok(DesktopVectorIndexStatusResponse {
+        state: map_vector_index_state(&row.status),
+        processed_sessions: row.processed_sessions,
+        total_sessions: row.total_sessions,
+        message: row.message,
+        started_at: row.started_at,
+        finished_at: row.finished_at,
+    })
+}
+
+fn set_vector_index_job_snapshot(db: &LocalDb, payload: VectorIndexJobRow) -> DesktopApiResult<()> {
+    db.set_vector_index_job(&payload).map_err(|error| {
+        desktop_error(
+            "desktop.vector_index_status_failed",
+            500,
+            "failed to persist vector indexing status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })
+}
+
+fn is_vector_index_skippable_error(error: &DesktopApiError) -> bool {
+    matches!(
+        error.code.as_str(),
+        "desktop.vector_search_unavailable"
+            | "desktop.vector_search_parse_failed"
+            | "desktop.vector_index_embedding_mismatch"
+    )
+}
+
+pub(crate) fn persist_vector_index_failure_snapshot(
+    db: &LocalDb,
+    error: &DesktopApiError,
+) -> DesktopApiResult<()> {
+    let now = chrono::Utc::now().to_rfc3339();
+    let previous = db.get_vector_index_job().ok().flatten();
+    set_vector_index_job_snapshot(
+        db,
+        VectorIndexJobRow {
+            status: "failed".to_string(),
+            processed_sessions: previous
+                .as_ref()
+                .map(|row| row.processed_sessions)
+                .unwrap_or(0),
+            total_sessions: previous.as_ref().map(|row| row.total_sessions).unwrap_or(0),
+            message: Some(format_vector_error_message(error)),
+            started_at: previous
+                .and_then(|row| row.started_at)
+                .or(Some(now.clone())),
+            finished_at: Some(now),
+        },
+    )
+}
+
+pub(crate) fn rebuild_vector_index_blocking(
+    db: &LocalDb,
+    runtime: &DaemonConfig,
+) -> DesktopApiResult<()> {
+    let mut filter = LocalSessionFilter::default();
+    filter.limit = None;
+    filter.offset = None;
+    let sessions = db.list_sessions(&filter).map_err(|error| {
+        desktop_error(
+            "desktop.vector_index_list_failed",
+            500,
+            "failed to list sessions for vector indexing",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let total_sessions = sessions.len() as u32;
+    let started_at = chrono::Utc::now().to_rfc3339();
+    set_vector_index_job_snapshot(
+        db,
+        VectorIndexJobRow {
+            status: "running".to_string(),
+            processed_sessions: 0,
+            total_sessions,
+            message: Some("indexing session chunks".to_string()),
+            started_at: Some(started_at.clone()),
+            finished_at: None,
+        },
+    )?;
+
+    let endpoint = vector_embed_endpoint(runtime);
+    let model = vector_embed_model(runtime);
+    let mut failed_sessions = 0u32;
+    let mut skipped_sessions = 0u32;
+    let mut last_failure: Option<String> = None;
+    for (idx, row) in sessions.iter().enumerate() {
+        let processed_sessions = idx as u32;
+        set_vector_index_job_snapshot(
+            db,
+            VectorIndexJobRow {
+                status: "running".to_string(),
+                processed_sessions,
+                total_sessions,
+                message: Some(format!("indexing {}", row.id)),
+                started_at: Some(started_at.clone()),
+                finished_at: None,
+            },
+        )?;
+
+        let session_result: DesktopApiResult<bool> = (|| {
+            let normalized = match load_normalized_session_body(db, &row.id) {
+                Ok(body) => body,
+                Err(_) => return Ok(false),
+            };
+            let source_hash = sha256_hex(normalized.as_bytes());
+            let already_indexed = db
+                .vector_index_source_hash(&row.id)
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.vector_index_status_failed",
+                        500,
+                        "failed to read vector source hash",
+                        Some(json!({ "cause": error.to_string(), "session_id": row.id })),
+                    )
+                })?
+                .is_some_and(|hash| hash == source_hash);
+            if already_indexed {
+                return Ok(false);
+            }
+
+            let session = match HailSession::from_jsonl(&normalized) {
+                Ok(session) => session,
+                Err(_) => return Ok(false),
+            };
+            let mut chunks = build_vector_chunks_for_session(&session, &source_hash, runtime);
+            if chunks.is_empty() {
+                db.replace_session_vector_chunks(&row.id, &source_hash, &model, &[])
+                    .map_err(|error| {
+                        desktop_error(
+                            "desktop.vector_index_write_failed",
+                            500,
+                            "failed to clear vector chunks for empty session",
+                            Some(json!({ "cause": error.to_string(), "session_id": row.id })),
+                        )
+                    })?;
+                return Ok(false);
+            }
+
+            let inputs = chunks
+                .iter()
+                .map(|chunk| chunk.content.clone())
+                .collect::<Vec<_>>();
+            let embeddings = request_ollama_embeddings_in_batches(&endpoint, &model, &inputs)?;
+            if embeddings.len() != chunks.len() {
+                return Err(desktop_error(
+                    "desktop.vector_index_embedding_mismatch",
+                    502,
+                    "embedding response count mismatch while indexing session",
+                    Some(json!({
+                        "session_id": row.id,
+                        "requested": chunks.len(),
+                        "received": embeddings.len(),
+                        "model": model,
+                    })),
+                ));
+            }
+
+            for (chunk, embedding) in chunks.iter_mut().zip(embeddings.into_iter()) {
+                chunk.embedding = embedding;
+            }
+            db.replace_session_vector_chunks(&row.id, &source_hash, &model, &chunks)
+                .map_err(|error| {
+                    desktop_error(
+                        "desktop.vector_index_write_failed",
+                        500,
+                        "failed to persist vector chunks",
+                        Some(json!({ "cause": error.to_string(), "session_id": row.id })),
+                    )
+                })?;
+            Ok(true)
+        })();
+
+        match session_result {
+            Ok(indexed) => {
+                if !indexed {
+                    skipped_sessions = skipped_sessions.saturating_add(1);
+                }
+            }
+            Err(error) if is_vector_index_skippable_error(&error) => {
+                failed_sessions = failed_sessions.saturating_add(1);
+                last_failure = Some(format!("{}: {}", row.id, error.message));
+                eprintln!(
+                    "vector index rebuild: skipped {}: {}",
+                    row.id, error.message
+                );
+            }
+            Err(error) => return Err(error),
+        }
+
+        let processed_sessions = idx.saturating_add(1) as u32;
+        let progress_message = match (failed_sessions, skipped_sessions, last_failure.as_deref()) {
+            (0, 0, _) => format!("processed {processed_sessions}/{total_sessions} sessions"),
+            (0, skipped, _) => format!(
+                "processed {processed_sessions}/{total_sessions} sessions ({skipped} skipped)"
+            ),
+            (failed, 0, Some(last)) => format!(
+                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed) | last failure: {last}"
+            ),
+            (failed, skipped, Some(last)) => format!(
+                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed, {skipped} skipped) | last failure: {last}"
+            ),
+            (failed, 0, _) => format!(
+                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed)"
+            ),
+            (failed, skipped, _) => format!(
+                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed, {skipped} skipped)"
+            ),
+        };
+        set_vector_index_job_snapshot(
+            db,
+            VectorIndexJobRow {
+                status: "running".to_string(),
+                processed_sessions,
+                total_sessions,
+                message: Some(progress_message),
+                started_at: Some(started_at.clone()),
+                finished_at: None,
+            },
+        )?;
+    }
+
+    let message = match (failed_sessions, skipped_sessions) {
+        (0, 0) => "vector indexing complete".to_string(),
+        (0, skipped) => format!("vector indexing complete ({skipped} skipped)"),
+        (failed, 0) => format!("vector indexing complete ({failed} failed)"),
+        (failed, skipped) => {
+            format!("vector indexing complete ({failed} failed, {skipped} skipped)")
+        }
+    };
+    set_vector_index_job_snapshot(
+        db,
+        VectorIndexJobRow {
+            status: "complete".to_string(),
+            processed_sessions: total_sessions,
+            total_sessions,
+            message: Some(message),
+            started_at: Some(started_at),
+            finished_at: Some(chrono::Utc::now().to_rfc3339()),
+        },
+    )?;
+    Ok(())
+}
+
+fn install_status_response_from_state(
+    state: VectorInstallRuntimeState,
+) -> DesktopVectorInstallStatusResponse {
+    DesktopVectorInstallStatusResponse {
+        state: state.state,
+        model: state.model,
+        progress_pct: state.progress_pct,
+        message: state.message,
+    }
+}
+
+#[tauri::command]
+pub(crate) fn desktop_vector_preflight() -> DesktopApiResult<DesktopVectorPreflightResponse> {
+    let runtime = load_runtime_config()?;
+    Ok(vector_preflight_for_runtime(&runtime))
+}
+
+#[tauri::command]
+pub(crate) fn desktop_vector_install_model(
+    model: String,
+) -> DesktopApiResult<DesktopVectorInstallStatusResponse> {
+    let runtime = load_runtime_config()?;
+    let endpoint = vector_embed_endpoint(&runtime);
+    let selected_model = model.trim().to_string().chars().collect::<String>();
+    let selected_model = if selected_model.trim().is_empty() {
+        vector_embed_model(&runtime)
+    } else {
+        selected_model
+    };
+
+    let current = current_vector_install_state();
+    if matches!(current.state, DesktopVectorInstallState::Installing)
+        && current.model == selected_model
+    {
+        return Ok(install_status_response_from_state(current));
+    }
+
+    update_vector_install_progress(
+        DesktopVectorInstallState::Installing,
+        &selected_model,
+        0,
+        Some("starting model download".to_string()),
+    );
+
+    let endpoint_for_thread = endpoint.clone();
+    let model_for_thread = selected_model.clone();
+    std::thread::spawn(move || {
+        match install_ollama_model_blocking(&endpoint_for_thread, &model_for_thread) {
+            Ok(()) => update_vector_install_progress(
+                DesktopVectorInstallState::Ready,
+                &model_for_thread,
+                100,
+                Some("model download complete".to_string()),
+            ),
+            Err(error) => update_vector_install_progress(
+                DesktopVectorInstallState::Failed,
+                &model_for_thread,
+                0,
+                Some(error.message),
+            ),
+        }
+    });
+
+    Ok(install_status_response_from_state(
+        current_vector_install_state(),
+    ))
+}
+
+#[tauri::command]
+pub(crate) fn desktop_vector_index_rebuild() -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
+    let runtime = load_runtime_config()?;
+    ensure_vector_provider_ready(&runtime, false)?;
+
+    {
+        let mut running = VECTOR_INDEX_REBUILD_RUNNING
+            .lock()
+            .expect("vector index rebuild mutex poisoned");
+        if *running {
+            let db = open_local_db()?;
+            return desktop_vector_index_status_from_db(&db);
+        }
+        *running = true;
+    }
+
+    std::thread::spawn(move || {
+        let result: DesktopApiResult<()> = (|| {
+            let db = open_local_db()?;
+            if let Err(error) = rebuild_vector_index_blocking(&db, &runtime) {
+                let _ = persist_vector_index_failure_snapshot(&db, &error);
+                return Err(error);
+            }
+            Ok(())
+        })();
+
+        if let Err(error) = result {
+            eprintln!("vector index rebuild failed: {}", error.message);
+        }
+        if let Ok(mut running) = VECTOR_INDEX_REBUILD_RUNNING.lock() {
+            *running = false;
+        }
+    });
+
+    let db = open_local_db()?;
+    desktop_vector_index_status_from_db(&db)
+}
+
+#[tauri::command]
+pub(crate) fn desktop_vector_index_status() -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
+    let db = open_local_db()?;
+    desktop_vector_index_status_from_db(&db)
+}
+
+#[tauri::command]
+pub(crate) fn desktop_search_sessions_vector(
+    query: String,
+    cursor: Option<String>,
+    limit: Option<u32>,
+) -> DesktopApiResult<DesktopVectorSearchResponse> {
+    let db = open_local_db()?;
+    let runtime = load_runtime_config()?;
+    search_sessions_vector_internal(&db, &runtime, &query, cursor, limit, None)
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index ae7aa9bf..20e4c1a9 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -11,9 +11,20 @@ use app::launch_route::desktop_take_launch_route;
 use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
 use app::session_query::{SearchMode, build_local_filter_with_mode};
 use app::session_summary::{
-    has_hidden_ref_summary_for_session, load_session_summary_for_runtime,
-    migrate_summary_storage_backend, persist_summary_to_hidden_ref,
-    persist_summary_to_local_db, resolve_summary_repo_root,
+    desktop_get_session_summary, desktop_regenerate_session_summary, desktop_summary_batch_run,
+    desktop_summary_batch_status, maybe_start_summary_batch_on_app_start,
+    migrate_summary_storage_backend,
+};
+#[cfg(test)]
+use app::vector::{
+    build_vector_chunks_for_session, cosine_similarity, extract_vector_lines,
+    persist_vector_index_failure_snapshot, rebuild_vector_index_blocking,
+    validate_vector_preflight_ready,
+};
+use app::vector::{
+    desktop_search_sessions_vector, desktop_vector_index_rebuild, desktop_vector_index_status,
+    desktop_vector_install_model, desktop_vector_preflight, list_sessions_with_vector_rank,
+    vector_embed_endpoint, vector_embed_model, vector_preflight_for_runtime,
 };
 #[cfg(test)]
 use app::{
@@ -21,9 +32,8 @@ use app::{
     lifecycle_cleanup::run_desktop_lifecycle_cleanup_once_with_db,
 };
 use opensession_api::{
-    CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
-    DesktopChangeReaderScope, DesktopChangeReaderVoiceProvider,
-    DesktopContractVersionResponse, DesktopLifecycleCleanupState,
+    CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError, DesktopChangeReaderScope,
+    DesktopChangeReaderVoiceProvider, DesktopContractVersionResponse, DesktopLifecycleCleanupState,
     DesktopLifecycleCleanupStatusResponse, DesktopRuntimeChangeReaderSettings,
     DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeLifecycleSettings,
     DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
@@ -31,28 +41,18 @@ use opensession_api::{
     DesktopRuntimeSummaryProviderSettings, DesktopRuntimeSummaryResponseSettings,
     DesktopRuntimeSummarySettings, DesktopRuntimeSummaryStorageSettings,
     DesktopRuntimeSummaryUiConstraints, DesktopRuntimeVectorSearchSettings,
-    DesktopSessionListQuery, DesktopSessionSummaryResponse, DesktopSummaryBatchExecutionMode,
-    DesktopSummaryBatchScope, DesktopSummaryBatchState, DesktopSummaryBatchStatusResponse,
+    DesktopSessionListQuery, DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope,
     DesktopSummaryOutputShape, DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
     DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
     DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
-    DesktopVectorIndexState, DesktopVectorIndexStatusResponse, DesktopVectorInstallState,
-    DesktopVectorInstallStatusResponse, DesktopVectorPreflightResponse,
-    DesktopVectorSearchGranularity, DesktopVectorSearchProvider, DesktopVectorSearchResponse,
-    DesktopVectorSessionMatch, LinkType, SessionDetail, SessionLink, SessionListResponse,
-    SessionRepoListResponse, SessionSummary,
+    DesktopVectorSearchGranularity, DesktopVectorSearchProvider, LinkType, SessionDetail,
+    SessionLink, SessionListResponse, SessionRepoListResponse, SessionSummary,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
-use opensession_core::object_store::sha256_hex;
 use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::trace::Session as HailSession;
-use opensession_git_native::{
-    extract_git_context, ops::find_repo_root as find_git_repo_root,
-};
-use opensession_local_db::{
-    LifecycleCleanupJobRow, LocalDb, LocalSessionFilter, LocalSessionLink, LocalSessionRow,
-    SummaryBatchJobRow, VectorChunkUpsert, VectorIndexJobRow,
-};
+use opensession_git_native::extract_git_context;
+use opensession_local_db::{LifecycleCleanupJobRow, LocalDb, LocalSessionLink, LocalSessionRow};
 use opensession_parsers::{
     discover::discover_for_tool, ingest::preview_parse_bytes, parse_with_default_parsers,
 };
@@ -63,55 +63,18 @@ use opensession_runtime_config::{
     SummaryResponseStyle, SummarySourceMode, SummaryStorageBackend, SummaryTriggerMode,
     VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
 };
-use opensession_summary::{
-    GitSummaryRequest, summarize_session, validate_summary_prompt_template,
-};
+use opensession_summary::validate_summary_prompt_template;
 use serde_json::json;
-use std::collections::{BTreeSet, HashMap, HashSet};
+use std::collections::BTreeSet;
 use std::fs;
-use std::io::{BufRead, BufReader};
 use std::path::{Path, PathBuf};
-use std::process::Command;
 use std::sync::{LazyLock, Mutex};
-use std::time::Duration;
 
 pub(crate) type DesktopApiResult<T> = Result<T, DesktopApiError>;
 
-const VECTOR_EMBED_BATCH_SIZE: usize = 24;
-const VECTOR_FTS_CANDIDATE_LIMIT_MULTIPLIER: u32 = 8;
 const CHANGE_READER_MAX_EVENTS: usize = 180;
 const CHANGE_READER_MAX_LINE_CHARS: usize = 220;
 const FORCE_REFRESH_MAX_DISCOVERY_PATHS: usize = 240;
-
-#[derive(Debug, Clone)]
-struct VectorInstallRuntimeState {
-    state: DesktopVectorInstallState,
-    model: String,
-    progress_pct: u8,
-    message: Option<String>,
-}
-
-#[derive(Debug, Clone)]
-struct VectorMatchScore {
-    session_id: String,
-    chunk_id: String,
-    start_line: u32,
-    end_line: u32,
-    snippet: String,
-    best_score: f32,
-    hit_count: u32,
-}
-
-static VECTOR_INSTALL_STATE: LazyLock<Mutex<VectorInstallRuntimeState>> = LazyLock::new(|| {
-    Mutex::new(VectorInstallRuntimeState {
-        state: DesktopVectorInstallState::NotInstalled,
-        model: "bge-m3".to_string(),
-        progress_pct: 0,
-        message: None,
-    })
-});
-static VECTOR_INDEX_REBUILD_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
-static SUMMARY_BATCH_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 static LIFECYCLE_CLEANUP_LOOP_STARTED: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 
 pub(crate) fn desktop_error(
@@ -357,1142 +320,37 @@ fn load_runtime_config() -> DesktopApiResult<DaemonConfig> {
             "failed to parse runtime config",
             Some(json!({ "cause": error.to_string(), "path": path })),
         )
-    })
-}
-
-fn save_runtime_config(config: &DaemonConfig) -> DesktopApiResult<()> {
-    let path = runtime_config_path()?;
-    if let Some(parent) = path.parent() {
-        std::fs::create_dir_all(parent).map_err(|error| {
-            desktop_error(
-                "desktop.runtime_config_write_failed",
-                500,
-                "failed to create runtime config directory",
-                Some(json!({ "cause": error.to_string(), "path": parent })),
-            )
-        })?;
-    }
-
-    let body = toml::to_string_pretty(config).map_err(|error| {
-        desktop_error(
-            "desktop.runtime_config_serialize_failed",
-            500,
-            "failed to serialize runtime config",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    std::fs::write(&path, body).map_err(|error| {
-        desktop_error(
-            "desktop.runtime_config_write_failed",
-            500,
-            "failed to write runtime config",
-            Some(json!({ "cause": error.to_string(), "path": path })),
-        )
-    })
-}
-
-fn vector_embed_endpoint(runtime: &DaemonConfig) -> String {
-    let configured = runtime.vector_search.endpoint.trim();
-    if !configured.is_empty() {
-        return configured.trim_end_matches('/').to_string();
-    }
-    "http://127.0.0.1:11434".to_string()
-}
-
-fn vector_embed_model(runtime: &DaemonConfig) -> String {
-    let configured = runtime.vector_search.model.trim();
-    if configured.is_empty() {
-        return "bge-m3".to_string();
-    }
-    configured.to_string()
-}
-
-fn truncate_vector_error_body(raw: &str, max_len: usize) -> String {
-    let compact = raw.split_whitespace().collect::<Vec<_>>().join(" ");
-    if compact.chars().count() <= max_len {
-        return compact;
-    }
-    let truncated = compact.chars().take(max_len).collect::<String>();
-    format!("{truncated}...")
-}
-
-fn extract_vector_error_reason(raw: &str) -> Option<String> {
-    let trimmed = raw.trim();
-    if trimmed.is_empty() {
-        return None;
-    }
-    serde_json::from_str::<serde_json::Value>(trimmed)
-        .ok()
-        .and_then(|payload| {
-            payload
-                .get("error")
-                .and_then(serde_json::Value::as_str)
-                .or_else(|| payload.get("message").and_then(serde_json::Value::as_str))
-                .map(str::trim)
-                .filter(|value| !value.is_empty())
-                .map(|value| value.to_string())
-        })
-        .or_else(|| Some(truncate_vector_error_body(trimmed, 220)))
-}
-
-fn detail_string(details: Option<&serde_json::Value>, key: &str) -> Option<String> {
-    details
-        .and_then(|value| value.get(key))
-        .and_then(serde_json::Value::as_str)
-        .map(str::trim)
-        .filter(|value| !value.is_empty())
-        .map(|value| value.to_string())
-}
-
-fn detail_u64(details: Option<&serde_json::Value>, key: &str) -> Option<u64> {
-    details
-        .and_then(|value| value.get(key))
-        .and_then(serde_json::Value::as_u64)
-}
-
-fn format_vector_error_message(error: &DesktopApiError) -> String {
-    let details = error.details.as_ref();
-    let mut lines = vec![error.message.clone()];
-    if let Some(reason) = detail_string(details, "reason").or_else(|| {
-        detail_string(details, "body").and_then(|body| extract_vector_error_reason(&body))
-    }) {
-        lines.push(format!("Reason: {reason}"));
-    }
-    if let Some(status) = detail_u64(details, "status") {
-        lines.push(format!("HTTP: {status}"));
-    }
-    if let Some(endpoint) = detail_string(details, "endpoint") {
-        lines.push(format!("Endpoint: {endpoint}"));
-    }
-    if let Some(batch_reason) = detail_string(details, "batch_reason").or_else(|| {
-        detail_string(details, "batch_body").and_then(|body| extract_vector_error_reason(&body))
-    }) {
-        lines.push(format!("Batch reason: {batch_reason}"));
-    }
-    if let Some(batch_status) = detail_u64(details, "batch_status") {
-        lines.push(format!("Batch HTTP: {batch_status}"));
-    }
-    if let Some(batch_endpoint) = detail_string(details, "batch_endpoint") {
-        lines.push(format!("Batch endpoint: {batch_endpoint}"));
-    }
-    if let Some(model) = detail_string(details, "model") {
-        lines.push(format!("Model: {model}"));
-    }
-    if let Some(hint) = detail_string(details, "hint") {
-        lines.push(format!("Action: {hint}"));
-    }
-    lines.join("\n")
-}
-
-fn parse_embedding_vector(value: &serde_json::Value) -> Option<Vec<f32>> {
-    let items = value.as_array()?;
-    let mut output = Vec::with_capacity(items.len());
-    for item in items {
-        if let Some(number) = item.as_f64() {
-            output.push(number as f32);
-            continue;
-        }
-        if let Some(number) = item.as_i64() {
-            output.push(number as f32);
-            continue;
-        }
-        if let Some(number) = item.as_u64() {
-            output.push(number as f32);
-            continue;
-        }
-        return None;
-    }
-    Some(output)
-}
-
-fn parse_embeddings_payload(payload: &serde_json::Value) -> Option<Vec<Vec<f32>>> {
-    if let Some(vectors) = payload.get("embeddings").and_then(|value| value.as_array()) {
-        let mut out = Vec::with_capacity(vectors.len());
-        for value in vectors {
-            out.push(parse_embedding_vector(value)?);
-        }
-        return Some(out);
-    }
-    payload
-        .get("embedding")
-        .and_then(parse_embedding_vector)
-        .map(|vector| vec![vector])
-}
-
-fn request_ollama_embeddings(
-    endpoint: &str,
-    model: &str,
-    inputs: &[String],
-) -> DesktopApiResult<Vec<Vec<f32>>> {
-    if inputs.is_empty() {
-        return Ok(Vec::new());
-    }
-
-    let client = reqwest::blocking::Client::builder()
-        .timeout(Duration::from_secs(25))
-        .build()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.vector_search_client_failed",
-                500,
-                "failed to initialize vector search client",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let base = endpoint.trim_end_matches('/');
-    let batch_url = format!("{base}/api/embed");
-    let (batch_status, batch_body, batch_reason) = match client
-        .post(&batch_url)
-        .json(&json!({ "model": model, "input": inputs }))
-        .send()
-    {
-        Ok(response) if response.status().is_success() => {
-            let payload: serde_json::Value = response.json().map_err(|error| {
-                desktop_error(
-                    "desktop.vector_search_parse_failed",
-                    502,
-                    "failed to parse embedding response",
-                    Some(json!({ "cause": error.to_string(), "endpoint": batch_url })),
-                )
-            })?;
-            if let Some(vectors) = parse_embeddings_payload(&payload) {
-                if vectors.len() == inputs.len() {
-                    return Ok(vectors);
-                }
-            }
-            (
-                None,
-                None,
-                Some(format!(
-                    "expected {} embeddings but received a different payload shape",
-                    inputs.len()
-                )),
-            )
-        }
-        Ok(response) => {
-            let status = response.status().as_u16();
-            let body = response.text().unwrap_or_default();
-            (
-                Some(status),
-                Some(body.clone()),
-                extract_vector_error_reason(&body),
-            )
-        }
-        Err(error) => (None, None, Some(error.to_string())),
-    };
-
-    let single_url = format!("{base}/api/embeddings");
-    let mut vectors = Vec::with_capacity(inputs.len());
-    for input in inputs {
-        let response = client
-            .post(&single_url)
-            .json(&json!({ "model": model, "prompt": input }))
-            .send()
-            .map_err(|error| {
-                desktop_error(
-                    "desktop.vector_search_unavailable",
-                    422,
-                    "vector search endpoint is unavailable",
-                    Some(json!({
-                        "cause": error.to_string(),
-                        "endpoint": single_url,
-                        "batch_endpoint": batch_url.clone(),
-                        "batch_status": batch_status,
-                        "batch_body": batch_body.clone(),
-                        "batch_reason": batch_reason.clone(),
-                        "model": model.to_string(),
-                        "hint": "start local ollama and ensure embeddings endpoint is reachable"
-                    })),
-                )
-            })?;
-        if !response.status().is_success() {
-            let status = response.status().as_u16();
-            let body = response.text().unwrap_or_default();
-            let reason = extract_vector_error_reason(&body);
-            return Err(desktop_error(
-                "desktop.vector_search_unavailable",
-                422,
-                format!("vector search endpoint returned HTTP {status}"),
-                Some(json!({
-                    "endpoint": single_url,
-                    "status": status,
-                    "body": body,
-                    "reason": reason,
-                    "batch_endpoint": batch_url.clone(),
-                    "batch_status": batch_status,
-                    "batch_body": batch_body.clone(),
-                    "batch_reason": batch_reason.clone(),
-                    "model": model.to_string(),
-                    "hint": "verify embedding model exists in local ollama"
-                })),
-            ));
-        }
-        let payload: serde_json::Value = response.json().map_err(|error| {
-            desktop_error(
-                "desktop.vector_search_parse_failed",
-                502,
-                "failed to parse embedding response",
-                Some(json!({ "cause": error.to_string(), "endpoint": single_url })),
-            )
-        })?;
-        let vector = parse_embeddings_payload(&payload)
-            .and_then(|mut list| list.pop())
-            .ok_or_else(|| {
-                desktop_error(
-                    "desktop.vector_search_parse_failed",
-                    502,
-                    "embedding response missing vector payload",
-                    Some(json!({ "endpoint": single_url })),
-                )
-            })?;
-        vectors.push(vector);
-    }
-
-    Ok(vectors)
-}
-
-fn request_ollama_embeddings_in_batches(
-    endpoint: &str,
-    model: &str,
-    inputs: &[String],
-) -> DesktopApiResult<Vec<Vec<f32>>> {
-    if inputs.is_empty() {
-        return Ok(Vec::new());
-    }
-    let mut out = Vec::with_capacity(inputs.len());
-    for chunk in inputs.chunks(VECTOR_EMBED_BATCH_SIZE) {
-        let vectors = request_ollama_embeddings(endpoint, model, chunk)?;
-        out.extend(vectors);
-    }
-    Ok(out)
-}
-
-fn current_vector_install_state() -> VectorInstallRuntimeState {
-    VECTOR_INSTALL_STATE
-        .lock()
-        .expect("vector install state mutex poisoned")
-        .clone()
-}
-
-fn set_vector_install_state(update: VectorInstallRuntimeState) {
-    *VECTOR_INSTALL_STATE
-        .lock()
-        .expect("vector install state mutex poisoned") = update;
-}
-
-fn update_vector_install_progress(
-    state: DesktopVectorInstallState,
-    model: &str,
-    progress_pct: u8,
-    message: Option<String>,
-) {
-    set_vector_install_state(VectorInstallRuntimeState {
-        state,
-        model: model.to_string(),
-        progress_pct: progress_pct.min(100),
-        message,
-    });
-}
-
-fn parse_ollama_model_list(payload: &serde_json::Value, target_model: &str) -> bool {
-    let Some(models) = payload.get("models").and_then(|value| value.as_array()) else {
-        return false;
-    };
-    let target = target_model.trim();
-    if target.is_empty() {
-        return false;
-    }
-    models.iter().any(|item| {
-        item.get("name")
-            .and_then(|value| value.as_str())
-            .map(|name| name == target || name.starts_with(&format!("{target}:")))
-            .unwrap_or(false)
-    })
-}
-
-fn ollama_cli_available() -> bool {
-    Command::new("ollama")
-        .arg("--version")
-        .output()
-        .map(|output| {
-            output.status.success() || !output.stdout.is_empty() || !output.stderr.is_empty()
-        })
-        .unwrap_or(false)
-}
-
-fn ollama_unreachable_message(endpoint: &str, error: &reqwest::Error) -> String {
-    if ollama_cli_available() {
-        format!(
-            "ollama is installed but not reachable at {endpoint}; start it with `ollama serve` ({error})"
-        )
-    } else {
-        "ollama CLI is not installed. Install from https://ollama.com/download, then run `ollama serve`.".to_string()
-    }
-}
-
-fn vector_preflight_for_runtime(runtime: &DaemonConfig) -> DesktopVectorPreflightResponse {
-    let endpoint = vector_embed_endpoint(runtime);
-    let model = vector_embed_model(runtime);
-    let mut response = DesktopVectorPreflightResponse {
-        provider: DesktopVectorSearchProvider::Ollama,
-        endpoint: endpoint.clone(),
-        model: model.clone(),
-        ollama_reachable: false,
-        model_installed: false,
-        install_state: DesktopVectorInstallState::NotInstalled,
-        progress_pct: 0,
-        message: None,
-    };
-
-    let install_state = current_vector_install_state();
-    response.install_state = install_state.state;
-    response.progress_pct = install_state.progress_pct;
-    response.message = install_state.message;
-
-    let client = match reqwest::blocking::Client::builder()
-        .timeout(Duration::from_secs(8))
-        .build()
-    {
-        Ok(client) => client,
-        Err(error) => {
-            response.message = Some(format!("failed to initialize HTTP client: {error}"));
-            return response;
-        }
-    };
-
-    let tags_url = format!("{}/api/tags", endpoint.trim_end_matches('/'));
-    let tags_response = match client.get(tags_url).send() {
-        Ok(resp) => resp,
-        Err(error) => {
-            response.message = Some(ollama_unreachable_message(&endpoint, &error));
-            return response;
-        }
-    };
-    if !tags_response.status().is_success() {
-        response.message = Some(format!(
-            "ollama endpoint {endpoint} returned status {}; verify `ollama serve` and endpoint configuration",
-            tags_response.status()
-        ));
-        return response;
-    }
-
-    response.ollama_reachable = true;
-    let payload: serde_json::Value = match tags_response.json() {
-        Ok(payload) => payload,
-        Err(error) => {
-            response.message = Some(format!("failed to parse ollama model list: {error}"));
-            return response;
-        }
-    };
-    response.model_installed = parse_ollama_model_list(&payload, &model);
-    if response.model_installed {
-        response.install_state = DesktopVectorInstallState::Ready;
-        response.progress_pct = 100;
-        if response.message.is_none() {
-            response.message = Some("model is installed and ready".to_string());
-        }
-    } else if matches!(response.install_state, DesktopVectorInstallState::Ready) {
-        response.install_state = DesktopVectorInstallState::NotInstalled;
-        response.progress_pct = 0;
-    } else if response.message.is_none() {
-        response.message = Some(format!(
-            "model `{model}` is not installed. Run `ollama pull {model}` or use Install model."
-        ));
-    }
-    response
-}
-
-fn install_ollama_model_blocking(endpoint: &str, model: &str) -> DesktopApiResult<()> {
-    let client = reqwest::blocking::Client::builder()
-        .timeout(Duration::from_secs(600))
-        .build()
-        .map_err(|error| {
-            desktop_error(
-                "desktop.vector_install_client_failed",
-                500,
-                "failed to initialize vector install client",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let pull_url = format!("{}/api/pull", endpoint.trim_end_matches('/'));
-    let response = client
-        .post(&pull_url)
-        .json(&json!({ "model": model, "stream": true }))
-        .send()
-        .map_err(|error| {
-            let (message, hint) = if ollama_cli_available() {
-                (
-                    "failed to connect to ollama model pull endpoint",
-                    "start local ollama with `ollama serve`".to_string(),
-                )
-            } else {
-                (
-                    "ollama CLI is not installed",
-                    "install Ollama from https://ollama.com/download and run `ollama serve`"
-                        .to_string(),
-                )
-            };
-            desktop_error(
-                "desktop.vector_install_unavailable",
-                422,
-                message,
-                Some(json!({
-                    "cause": error.to_string(),
-                    "endpoint": pull_url,
-                    "hint": hint
-                })),
-            )
-        })?;
-
-    if !response.status().is_success() {
-        let status = response.status().as_u16();
-        let body = response.text().unwrap_or_default();
-        return Err(desktop_error(
-            "desktop.vector_install_failed",
-            422,
-            "ollama model pull failed",
-            Some(json!({ "endpoint": pull_url, "status": status, "body": body })),
-        ));
-    }
-
-    let mut reader = BufReader::new(response);
-    let mut line = String::new();
-    loop {
-        line.clear();
-        let bytes = reader.read_line(&mut line).map_err(|error| {
-            desktop_error(
-                "desktop.vector_install_failed",
-                500,
-                "failed while reading model pull stream",
-                Some(json!({ "cause": error.to_string(), "endpoint": pull_url })),
-            )
-        })?;
-        if bytes == 0 {
-            break;
-        }
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        if let Ok(payload) = serde_json::from_str::<serde_json::Value>(trimmed) {
-            if let Some(error_text) = payload.get("error").and_then(|value| value.as_str()) {
-                return Err(desktop_error(
-                    "desktop.vector_install_failed",
-                    422,
-                    "ollama model pull failed",
-                    Some(json!({ "endpoint": pull_url, "error": error_text })),
-                ));
-            }
-            let status = payload
-                .get("status")
-                .and_then(|value| value.as_str())
-                .map(str::to_string);
-            let completed = payload.get("completed").and_then(|value| value.as_u64());
-            let total = payload.get("total").and_then(|value| value.as_u64());
-            let progress_pct = match (completed, total) {
-                (Some(done), Some(total)) if total > 0 => ((done * 100) / total).min(100) as u8,
-                _ => 0,
-            };
-            if status.is_some() || progress_pct > 0 {
-                update_vector_install_progress(
-                    DesktopVectorInstallState::Installing,
-                    model,
-                    progress_pct,
-                    status,
-                );
-            }
-        }
-    }
-
-    Ok(())
-}
-
-fn cosine_similarity(lhs: &[f32], rhs: &[f32]) -> f32 {
-    if lhs.is_empty() || rhs.is_empty() || lhs.len() != rhs.len() {
-        return 0.0;
-    }
-    let mut dot = 0.0f32;
-    let mut lhs_norm = 0.0f32;
-    let mut rhs_norm = 0.0f32;
-    for (l, r) in lhs.iter().zip(rhs.iter()) {
-        dot += l * r;
-        lhs_norm += l * l;
-        rhs_norm += r * r;
-    }
-    if lhs_norm <= f32::EPSILON || rhs_norm <= f32::EPSILON {
-        return 0.0;
-    }
-    dot / (lhs_norm.sqrt() * rhs_norm.sqrt())
-}
-
-fn parse_vector_cursor(cursor: Option<String>) -> usize {
-    cursor
-        .as_deref()
-        .and_then(|raw| raw.trim().parse::<usize>().ok())
-        .unwrap_or(0)
-}
-
-fn truncate_snippet(raw: &str, max_chars: usize) -> String {
-    let trimmed = raw.trim();
-    if trimmed.chars().count() <= max_chars {
-        return trimmed.to_string();
-    }
-    let mut out = String::with_capacity(max_chars + 3);
-    for ch in trimmed.chars().take(max_chars) {
-        out.push(ch);
-    }
-    out.push_str("...");
-    out
-}
-
-fn ensure_vector_enabled_and_ready(
-    runtime: &DaemonConfig,
-) -> DesktopApiResult<DesktopVectorPreflightResponse> {
-    ensure_vector_provider_ready(runtime, true)
-}
-
-fn validate_vector_preflight_ready(
-    preflight: &DesktopVectorPreflightResponse,
-    runtime_enabled: bool,
-    require_enabled: bool,
-) -> DesktopApiResult<()> {
-    if require_enabled && !runtime_enabled {
-        return Err(desktop_error(
-            "desktop.vector_search_disabled",
-            422,
-            "semantic vector search is disabled in runtime settings",
-            Some(json!({ "hint": "enable vector_search in Settings and save runtime settings" })),
-        ));
-    }
-    if !preflight.ollama_reachable {
-        return Err(desktop_error(
-            "desktop.vector_search_unavailable",
-            422,
-            "ollama endpoint is not reachable",
-            Some(json!({
-                "endpoint": preflight.endpoint,
-                "hint": "start local ollama with `ollama serve`"
-            })),
-        ));
-    }
-    if !preflight.model_installed {
-        return Err(desktop_error(
-            "desktop.vector_model_not_installed",
-            422,
-            "embedding model is not installed",
-            Some(json!({
-                "model": preflight.model,
-                "hint": "use Settings > Vector Search > Install model"
-            })),
-        ));
-    }
-    Ok(())
-}
-
-fn ensure_vector_provider_ready(
-    runtime: &DaemonConfig,
-    require_enabled: bool,
-) -> DesktopApiResult<DesktopVectorPreflightResponse> {
-    let preflight = vector_preflight_for_runtime(runtime);
-    validate_vector_preflight_ready(&preflight, runtime.vector_search.enabled, require_enabled)?;
-    Ok(preflight)
-}
-
-fn score_vector_sessions(
-    query_vector: &[f32],
-    candidates: Vec<opensession_local_db::VectorChunkCandidateRow>,
-) -> Vec<VectorMatchScore> {
-    let mut by_session: HashMap<String, VectorMatchScore> = HashMap::new();
-    for candidate in candidates {
-        let score = cosine_similarity(query_vector, &candidate.embedding);
-        if !score.is_finite() {
-            continue;
-        }
-        let entry = by_session
-            .entry(candidate.session_id.clone())
-            .or_insert_with(|| VectorMatchScore {
-                session_id: candidate.session_id.clone(),
-                chunk_id: candidate.chunk_id.clone(),
-                start_line: candidate.start_line,
-                end_line: candidate.end_line,
-                snippet: truncate_snippet(&candidate.content, 260),
-                best_score: score,
-                hit_count: 0,
-            });
-        entry.hit_count = entry.hit_count.saturating_add(1);
-        if score > entry.best_score {
-            entry.best_score = score;
-            entry.chunk_id = candidate.chunk_id;
-            entry.start_line = candidate.start_line;
-            entry.end_line = candidate.end_line;
-            entry.snippet = truncate_snippet(&candidate.content, 260);
-        }
-    }
-    let mut ranked = by_session.into_values().collect::<Vec<_>>();
-    ranked.sort_by(|left, right| {
-        let right_weighted = right.best_score + (right.hit_count as f32 * 0.01);
-        let left_weighted = left.best_score + (left.hit_count as f32 * 0.01);
-        right_weighted.total_cmp(&left_weighted)
-    });
-    ranked
-}
-
-fn session_matches_vector_filter(
-    summary: &SessionSummary,
-    filter: Option<&LocalSessionFilter>,
-) -> bool {
-    let Some(filter) = filter else {
-        return true;
-    };
-
-    if let Some(tool) = filter.tool.as_deref() {
-        if summary.tool != tool {
-            return false;
-        }
-    }
-    if let Some(repo) = filter.git_repo_name.as_deref() {
-        if summary.git_repo_name.as_deref() != Some(repo) {
-            return false;
-        }
-    }
-
-    if !matches!(filter.time_range, opensession_local_db::LocalTimeRange::All) {
-        let created_at = match chrono::DateTime::parse_from_rfc3339(&summary.created_at) {
-            Ok(parsed) => parsed.with_timezone(&chrono::Utc),
-            Err(_) => return false,
-        };
-        let now = chrono::Utc::now();
-        let min_allowed = match filter.time_range {
-            opensession_local_db::LocalTimeRange::Hours24 => now - chrono::Duration::hours(24),
-            opensession_local_db::LocalTimeRange::Days7 => now - chrono::Duration::days(7),
-            opensession_local_db::LocalTimeRange::Days30 => now - chrono::Duration::days(30),
-            opensession_local_db::LocalTimeRange::All => now - chrono::Duration::days(36500),
-        };
-        if created_at < min_allowed {
-            return false;
-        }
-    }
-
-    true
-}
-
-fn search_sessions_vector_internal(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    query_text: &str,
-    cursor: Option<String>,
-    limit: Option<u32>,
-    filter: Option<&LocalSessionFilter>,
-) -> DesktopApiResult<DesktopVectorSearchResponse> {
-    let normalized_query = query_text.trim();
-    if normalized_query.is_empty() {
-        return Err(desktop_error(
-            "desktop.vector_search_query_required",
-            422,
-            "vector search query is empty",
-            Some(json!({ "hint": "provide a non-empty query" })),
-        ));
-    }
-
-    let _preflight = ensure_vector_enabled_and_ready(runtime)?;
-    let endpoint = vector_embed_endpoint(runtime);
-    let model = vector_embed_model(runtime);
-    let query_embeddings =
-        request_ollama_embeddings(&endpoint, &model, &[normalized_query.to_string()])?;
-    let query_vector = query_embeddings.into_iter().next().unwrap_or_default();
-    if query_vector.is_empty() {
-        return Err(desktop_error(
-            "desktop.vector_search_parse_failed",
-            502,
-            "embedding response missing query vector",
-            Some(json!({ "model": model, "endpoint": endpoint })),
-        ));
-    }
-
-    let candidate_limit = (runtime.vector_search.top_k_chunks.max(1) as u32)
-        .saturating_mul(VECTOR_FTS_CANDIDATE_LIMIT_MULTIPLIER);
-    let mut candidates = db
-        .list_vector_chunk_candidates(normalized_query, &model, candidate_limit)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.vector_search_db_failed",
-                500,
-                "failed to load vector chunk candidates",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-    if candidates.is_empty() {
-        candidates = db
-            .list_recent_vector_chunks_for_model(&model, candidate_limit)
-            .map_err(|error| {
-                desktop_error(
-                    "desktop.vector_search_db_failed",
-                    500,
-                    "failed to load fallback vector chunk candidates",
-                    Some(json!({ "cause": error.to_string() })),
-                )
-            })?;
-    }
-
-    let mut ranked = score_vector_sessions(&query_vector, candidates);
-    let top_sessions = runtime.vector_search.top_k_sessions.max(1) as usize;
-    if ranked.len() > top_sessions {
-        ranked.truncate(top_sessions);
-    }
-    let offset = parse_vector_cursor(cursor);
-    let page_limit = limit.unwrap_or(20).clamp(1, 100) as usize;
-
-    let mut materialized = Vec::new();
-    for scored in ranked {
-        let Some(row) = db.get_session_by_id(&scored.session_id).map_err(|error| {
-            desktop_error(
-                "desktop.vector_search_db_failed",
-                500,
-                "failed to read session row for vector search result",
-                Some(json!({ "cause": error.to_string(), "session_id": scored.session_id })),
-            )
-        })?
-        else {
-            continue;
-        };
-        let normalized = (scored.best_score.clamp(-1.0, 1.0) * 10_000.0).round() as i64;
-        let summary =
-            session_summary_from_local_row_with_score(row, normalized, "vector_ollama_bge_m3_v2");
-        if !session_matches_vector_filter(&summary, filter) {
-            continue;
-        }
-        materialized.push(DesktopVectorSessionMatch {
-            session: summary,
-            score: scored.best_score,
-            chunk_id: scored.chunk_id,
-            start_line: scored.start_line,
-            end_line: scored.end_line,
-            snippet: scored.snippet,
-        });
-    }
-
-    let total_candidates = materialized.len() as u32;
-    let sessions = materialized
-        .into_iter()
-        .skip(offset)
-        .take(page_limit)
-        .collect::<Vec<_>>();
-
-    let next_offset = offset.saturating_add(sessions.len());
-    let next_cursor = (next_offset < total_candidates as usize).then_some(next_offset.to_string());
-
-    Ok(DesktopVectorSearchResponse {
-        query: normalized_query.to_string(),
-        sessions,
-        next_cursor,
-        total_candidates,
-    })
-}
-
-fn list_sessions_with_vector_rank(
-    db: &LocalDb,
-    base_filter: &LocalSessionFilter,
-    query_text: &str,
-    page: u32,
-    per_page: u32,
-) -> DesktopApiResult<SessionListResponse> {
-    let runtime = load_runtime_config()?;
-    let offset = (page.saturating_sub(1)).saturating_mul(per_page) as usize;
-    let response = search_sessions_vector_internal(
-        db,
-        &runtime,
-        query_text,
-        Some(offset.to_string()),
-        Some(per_page),
-        Some(base_filter),
-    )?;
-    Ok(SessionListResponse {
-        sessions: response
-            .sessions
-            .into_iter()
-            .map(|hit| hit.session)
-            .collect(),
-        total: response.total_candidates as i64,
-        page,
-        per_page,
-    })
-}
-
-fn push_non_empty_lines(raw: &str, lines: &mut Vec<String>) {
-    for line in raw.lines() {
-        let normalized = line.trim_end_matches('\r');
-        if normalized.trim().is_empty() {
-            continue;
-        }
-        lines.push(normalized.to_string());
-    }
-}
-
-fn extract_vector_lines(session: &HailSession) -> Vec<String> {
-    let mut lines: Vec<String> = Vec::new();
-    if let Some(title) = session.context.title.as_deref() {
-        push_non_empty_lines(title, &mut lines);
-    }
-    if let Some(description) = session.context.description.as_deref() {
-        push_non_empty_lines(description, &mut lines);
-    }
-
-    for event in &session.events {
-        for block in &event.content.blocks {
-            match block {
-                opensession_core::trace::ContentBlock::Text { text } => {
-                    push_non_empty_lines(text, &mut lines);
-                }
-                opensession_core::trace::ContentBlock::Code { code, .. } => {
-                    push_non_empty_lines(code, &mut lines);
-                }
-                opensession_core::trace::ContentBlock::File { path, content } => {
-                    push_non_empty_lines(path, &mut lines);
-                    if let Some(content) = content.as_deref() {
-                        push_non_empty_lines(content, &mut lines);
-                    }
-                }
-                opensession_core::trace::ContentBlock::Json { data } => {
-                    if let Ok(serialized) = serde_json::to_string(data) {
-                        push_non_empty_lines(&serialized, &mut lines);
-                    }
-                }
-                opensession_core::trace::ContentBlock::Reference { uri, .. } => {
-                    push_non_empty_lines(uri, &mut lines);
-                }
-                opensession_core::trace::ContentBlock::Image { alt, .. } => {
-                    if let Some(alt) = alt.as_deref() {
-                        push_non_empty_lines(alt, &mut lines);
-                    }
-                }
-                opensession_core::trace::ContentBlock::Video { .. }
-                | opensession_core::trace::ContentBlock::Audio { .. } => {}
-                _ => {}
-            }
-        }
-    }
-
-    if lines.is_empty() {
-        lines.push(session.session_id.clone());
-    }
-    lines
-}
-
-fn resolve_vector_chunking_profile(line_count: usize, runtime: &DaemonConfig) -> (usize, usize) {
-    if matches!(
-        runtime.vector_search.chunking_mode,
-        VectorChunkingMode::Manual
-    ) {
-        let chunk_size = runtime.vector_search.chunk_size_lines.max(1) as usize;
-        let overlap = runtime
-            .vector_search
-            .chunk_overlap_lines
-            .min(runtime.vector_search.chunk_size_lines.saturating_sub(1))
-            as usize;
-        return (chunk_size, overlap);
-    }
-
-    if line_count <= 40 {
-        (8, 2)
-    } else if line_count <= 120 {
-        (12, 3)
-    } else if line_count <= 300 {
-        (18, 4)
-    } else if line_count <= 800 {
-        (24, 6)
-    } else {
-        (32, 8)
-    }
-}
-
-fn build_vector_chunks_for_session(
-    session: &HailSession,
-    source_hash: &str,
-    runtime: &DaemonConfig,
-) -> Vec<VectorChunkUpsert> {
-    let lines = extract_vector_lines(session);
-    let (chunk_size, overlap) = resolve_vector_chunking_profile(lines.len(), runtime);
-    let step = chunk_size.saturating_sub(overlap).max(1);
-
-    let mut chunks = Vec::new();
-    let mut start = 0usize;
-    let mut chunk_index = 0u32;
-    while start < lines.len() {
-        let end = (start + chunk_size).min(lines.len());
-        let content = lines[start..end].join("\n");
-        let content_hash = sha256_hex(content.as_bytes());
-        let chunk_key = format!(
-            "{}:{}:{}:{}:{}",
-            session.session_id,
-            source_hash,
-            chunk_index,
-            start + 1,
-            end
-        );
-        chunks.push(VectorChunkUpsert {
-            chunk_id: sha256_hex(chunk_key.as_bytes()),
-            session_id: session.session_id.clone(),
-            chunk_index,
-            start_line: (start + 1) as u32,
-            end_line: end as u32,
-            line_count: (end - start) as u32,
-            content,
-            content_hash,
-            embedding: Vec::new(),
-        });
-
-        if end == lines.len() {
-            break;
-        }
-        start = start.saturating_add(step);
-        chunk_index = chunk_index.saturating_add(1);
-    }
-    chunks
-}
-
-fn map_vector_index_state(raw: &str) -> DesktopVectorIndexState {
-    match raw {
-        "running" => DesktopVectorIndexState::Running,
-        "complete" => DesktopVectorIndexState::Complete,
-        "failed" => DesktopVectorIndexState::Failed,
-        _ => DesktopVectorIndexState::Idle,
-    }
-}
-
-fn desktop_vector_index_status_from_db(
-    db: &LocalDb,
-) -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
-    let row = db.get_vector_index_job().map_err(|error| {
-        desktop_error(
-            "desktop.vector_index_status_failed",
-            500,
-            "failed to read vector indexing status",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    let Some(row) = row else {
-        return Ok(DesktopVectorIndexStatusResponse {
-            state: DesktopVectorIndexState::Idle,
-            processed_sessions: 0,
-            total_sessions: 0,
-            message: None,
-            started_at: None,
-            finished_at: None,
-        });
-    };
-
-    Ok(DesktopVectorIndexStatusResponse {
-        state: map_vector_index_state(&row.status),
-        processed_sessions: row.processed_sessions,
-        total_sessions: row.total_sessions,
-        message: row.message,
-        started_at: row.started_at,
-        finished_at: row.finished_at,
-    })
-}
-
-fn set_vector_index_job_snapshot(db: &LocalDb, payload: VectorIndexJobRow) -> DesktopApiResult<()> {
-    db.set_vector_index_job(&payload).map_err(|error| {
-        desktop_error(
-            "desktop.vector_index_status_failed",
-            500,
-            "failed to persist vector indexing status",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })
-}
-
-fn is_vector_index_skippable_error(error: &DesktopApiError) -> bool {
-    matches!(
-        error.code.as_str(),
-        "desktop.vector_search_unavailable"
-            | "desktop.vector_search_parse_failed"
-            | "desktop.vector_index_embedding_mismatch"
-    )
-}
-
-fn persist_vector_index_failure_snapshot(
-    db: &LocalDb,
-    error: &DesktopApiError,
-) -> DesktopApiResult<()> {
-    let now = chrono::Utc::now().to_rfc3339();
-    let previous = db.get_vector_index_job().ok().flatten();
-    set_vector_index_job_snapshot(
-        db,
-        VectorIndexJobRow {
-            status: "failed".to_string(),
-            processed_sessions: previous
-                .as_ref()
-                .map(|row| row.processed_sessions)
-                .unwrap_or(0),
-            total_sessions: previous.as_ref().map(|row| row.total_sessions).unwrap_or(0),
-            message: Some(format_vector_error_message(error)),
-            started_at: previous
-                .and_then(|row| row.started_at)
-                .or(Some(now.clone())),
-            finished_at: Some(now),
-        },
-    )
+    })
 }
 
-fn map_summary_batch_state(raw: &str) -> DesktopSummaryBatchState {
-    match raw {
-        "running" => DesktopSummaryBatchState::Running,
-        "complete" => DesktopSummaryBatchState::Complete,
-        "failed" => DesktopSummaryBatchState::Failed,
-        _ => DesktopSummaryBatchState::Idle,
+fn save_runtime_config(config: &DaemonConfig) -> DesktopApiResult<()> {
+    let path = runtime_config_path()?;
+    if let Some(parent) = path.parent() {
+        std::fs::create_dir_all(parent).map_err(|error| {
+            desktop_error(
+                "desktop.runtime_config_write_failed",
+                500,
+                "failed to create runtime config directory",
+                Some(json!({ "cause": error.to_string(), "path": parent })),
+            )
+        })?;
     }
-}
 
-fn desktop_summary_batch_status_from_db(
-    db: &LocalDb,
-) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
-    let row = db.get_summary_batch_job().map_err(|error| {
+    let body = toml::to_string_pretty(config).map_err(|error| {
         desktop_error(
-            "desktop.summary_batch_status_failed",
+            "desktop.runtime_config_serialize_failed",
             500,
-            "failed to read summary batch status",
+            "failed to serialize runtime config",
             Some(json!({ "cause": error.to_string() })),
         )
     })?;
 
-    let Some(row) = row else {
-        return Ok(DesktopSummaryBatchStatusResponse {
-            state: DesktopSummaryBatchState::Idle,
-            processed_sessions: 0,
-            total_sessions: 0,
-            failed_sessions: 0,
-            message: None,
-            started_at: None,
-            finished_at: None,
-        });
-    };
-
-    Ok(DesktopSummaryBatchStatusResponse {
-        state: map_summary_batch_state(&row.status),
-        processed_sessions: row.processed_sessions,
-        total_sessions: row.total_sessions,
-        failed_sessions: row.failed_sessions,
-        message: row.message,
-        started_at: row.started_at,
-        finished_at: row.finished_at,
-    })
-}
-
-fn set_summary_batch_job_snapshot(
-    db: &LocalDb,
-    payload: SummaryBatchJobRow,
-) -> DesktopApiResult<()> {
-    db.set_summary_batch_job(&payload).map_err(|error| {
+    std::fs::write(&path, body).map_err(|error| {
         desktop_error(
-            "desktop.summary_batch_status_failed",
+            "desktop.runtime_config_write_failed",
             500,
-            "failed to persist summary batch status",
-            Some(json!({ "cause": error.to_string() })),
+            "failed to write runtime config",
+            Some(json!({ "cause": error.to_string(), "path": path })),
         )
     })
 }
@@ -1553,265 +411,6 @@ fn set_lifecycle_cleanup_job_snapshot(
     })
 }
 
-fn is_summary_batch_skippable_error(error: &DesktopApiError) -> bool {
-    matches!(
-        error.code.as_str(),
-        "desktop.session_source_unavailable" | "desktop.session_body_not_found"
-    )
-}
-
-#[derive(Debug, Default)]
-struct SummaryBatchSelection {
-    pending_session_ids: Vec<String>,
-    already_summarized_sessions: u32,
-}
-
-fn summary_batch_session_ids_for_scope(
-    db: &LocalDb,
-    scope: &RuntimeSummaryBatchScope,
-    recent_days: u16,
-) -> DesktopApiResult<SummaryBatchSelection> {
-    let mut filter = LocalSessionFilter::default();
-    filter.limit = None;
-    filter.offset = None;
-    let mut rows = db.list_sessions(&filter).map_err(|error| {
-        desktop_error(
-            "desktop.summary_batch_list_failed",
-            500,
-            "failed to list sessions for summary batch",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    if matches!(scope, RuntimeSummaryBatchScope::RecentDays) {
-        let cutoff = chrono::Utc::now() - chrono::Duration::days(i64::from(recent_days.max(1)));
-        rows.retain(|row| {
-            chrono::DateTime::parse_from_rfc3339(&row.created_at)
-                .map(|parsed| parsed.with_timezone(&chrono::Utc) >= cutoff)
-                .unwrap_or(true)
-        });
-    }
-
-    let local_summary_ids = db
-        .list_session_semantic_summary_ids()
-        .map(|ids| ids.into_iter().collect::<HashSet<_>>())
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_query_failed",
-                500,
-                "failed to list existing local_db session summaries",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-
-    let mut selection = SummaryBatchSelection {
-        pending_session_ids: Vec::with_capacity(rows.len()),
-        already_summarized_sessions: 0,
-    };
-    for row in rows {
-        let session_id = row.id;
-        let already_summarized = local_summary_ids.contains(&session_id)
-            || has_hidden_ref_summary_for_session(db, &session_id)?;
-        if already_summarized {
-            selection.already_summarized_sessions =
-                selection.already_summarized_sessions.saturating_add(1);
-            continue;
-        }
-        selection.pending_session_ids.push(session_id);
-    }
-
-    Ok(selection)
-}
-
-fn rebuild_vector_index_blocking(db: &LocalDb, runtime: &DaemonConfig) -> DesktopApiResult<()> {
-    let mut filter = LocalSessionFilter::default();
-    filter.limit = None;
-    filter.offset = None;
-    let sessions = db.list_sessions(&filter).map_err(|error| {
-        desktop_error(
-            "desktop.vector_index_list_failed",
-            500,
-            "failed to list sessions for vector indexing",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let total_sessions = sessions.len() as u32;
-    let started_at = chrono::Utc::now().to_rfc3339();
-    set_vector_index_job_snapshot(
-        db,
-        VectorIndexJobRow {
-            status: "running".to_string(),
-            processed_sessions: 0,
-            total_sessions,
-            message: Some("indexing session chunks".to_string()),
-            started_at: Some(started_at.clone()),
-            finished_at: None,
-        },
-    )?;
-
-    let endpoint = vector_embed_endpoint(runtime);
-    let model = vector_embed_model(runtime);
-    let mut failed_sessions = 0u32;
-    let mut skipped_sessions = 0u32;
-    let mut last_failure: Option<String> = None;
-    for (idx, row) in sessions.iter().enumerate() {
-        let processed_sessions = idx as u32;
-        set_vector_index_job_snapshot(
-            db,
-            VectorIndexJobRow {
-                status: "running".to_string(),
-                processed_sessions,
-                total_sessions,
-                message: Some(format!("indexing {}", row.id)),
-                started_at: Some(started_at.clone()),
-                finished_at: None,
-            },
-        )?;
-
-        let session_result: DesktopApiResult<bool> = (|| {
-            let normalized = match load_normalized_session_body(db, &row.id) {
-                Ok(body) => body,
-                Err(_) => return Ok(false),
-            };
-            let source_hash = sha256_hex(normalized.as_bytes());
-            let already_indexed = db
-                .vector_index_source_hash(&row.id)
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.vector_index_status_failed",
-                        500,
-                        "failed to read vector source hash",
-                        Some(json!({ "cause": error.to_string(), "session_id": row.id })),
-                    )
-                })?
-                .is_some_and(|hash| hash == source_hash);
-            if already_indexed {
-                return Ok(false);
-            }
-
-            let session = match HailSession::from_jsonl(&normalized) {
-                Ok(session) => session,
-                Err(_) => return Ok(false),
-            };
-            let mut chunks = build_vector_chunks_for_session(&session, &source_hash, runtime);
-            if chunks.is_empty() {
-                db.replace_session_vector_chunks(&row.id, &source_hash, &model, &[])
-                    .map_err(|error| {
-                        desktop_error(
-                            "desktop.vector_index_write_failed",
-                            500,
-                            "failed to clear vector chunks for empty session",
-                            Some(json!({ "cause": error.to_string(), "session_id": row.id })),
-                        )
-                    })?;
-                return Ok(false);
-            }
-
-            let inputs = chunks
-                .iter()
-                .map(|chunk| chunk.content.clone())
-                .collect::<Vec<_>>();
-            let embeddings = request_ollama_embeddings_in_batches(&endpoint, &model, &inputs)?;
-            if embeddings.len() != chunks.len() {
-                return Err(desktop_error(
-                    "desktop.vector_index_embedding_mismatch",
-                    502,
-                    "embedding response count mismatch while indexing session",
-                    Some(json!({
-                        "session_id": row.id,
-                        "requested": chunks.len(),
-                        "received": embeddings.len(),
-                        "model": model,
-                    })),
-                ));
-            }
-
-            for (chunk, embedding) in chunks.iter_mut().zip(embeddings.into_iter()) {
-                chunk.embedding = embedding;
-            }
-            db.replace_session_vector_chunks(&row.id, &source_hash, &model, &chunks)
-                .map_err(|error| {
-                    desktop_error(
-                        "desktop.vector_index_write_failed",
-                        500,
-                        "failed to persist vector chunks",
-                        Some(json!({ "cause": error.to_string(), "session_id": row.id })),
-                    )
-                })?;
-            Ok(true)
-        })();
-
-        match session_result {
-            Ok(indexed) => {
-                if !indexed {
-                    skipped_sessions = skipped_sessions.saturating_add(1);
-                }
-            }
-            Err(error) if is_vector_index_skippable_error(&error) => {
-                failed_sessions = failed_sessions.saturating_add(1);
-                last_failure = Some(format!("{}: {}", row.id, error.message));
-                eprintln!(
-                    "vector index rebuild: skipped {}: {}",
-                    row.id, error.message
-                );
-            }
-            Err(error) => return Err(error),
-        }
-
-        let processed_sessions = idx.saturating_add(1) as u32;
-        let progress_message = match (failed_sessions, skipped_sessions, last_failure.as_deref()) {
-            (0, 0, _) => format!("processed {processed_sessions}/{total_sessions} sessions"),
-            (0, skipped, _) => format!(
-                "processed {processed_sessions}/{total_sessions} sessions ({skipped} skipped)"
-            ),
-            (failed, 0, Some(last)) => format!(
-                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed) | last failure: {last}"
-            ),
-            (failed, skipped, Some(last)) => format!(
-                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed, {skipped} skipped) | last failure: {last}"
-            ),
-            (failed, 0, _) => format!(
-                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed)"
-            ),
-            (failed, skipped, _) => format!(
-                "processed {processed_sessions}/{total_sessions} sessions ({failed} failed, {skipped} skipped)"
-            ),
-        };
-        set_vector_index_job_snapshot(
-            db,
-            VectorIndexJobRow {
-                status: "running".to_string(),
-                processed_sessions,
-                total_sessions,
-                message: Some(progress_message),
-                started_at: Some(started_at.clone()),
-                finished_at: None,
-            },
-        )?;
-    }
-
-    let message = match (failed_sessions, skipped_sessions) {
-        (0, 0) => "vector indexing complete".to_string(),
-        (0, skipped) => format!("vector indexing complete ({skipped} skipped)"),
-        (failed, 0) => format!("vector indexing complete ({failed} failed)"),
-        (failed, skipped) => {
-            format!("vector indexing complete ({failed} failed, {skipped} skipped)")
-        }
-    };
-    set_vector_index_job_snapshot(
-        db,
-        VectorIndexJobRow {
-            status: "complete".to_string(),
-            processed_sessions: total_sessions,
-            total_sessions,
-            message: Some(message),
-            started_at: Some(started_at),
-            finished_at: Some(chrono::Utc::now().to_rfc3339()),
-        },
-    )?;
-    Ok(())
-}
-
 fn map_summary_provider_id_from_runtime(value: &SummaryProvider) -> DesktopSummaryProviderId {
     match value {
         SummaryProvider::Disabled => DesktopSummaryProviderId::Disabled,
@@ -2547,469 +1146,12 @@ fn desktop_detect_summary_provider() -> DesktopSummaryProviderDetectResponse {
     }
 }
 
-fn install_status_response_from_state(
-    state: VectorInstallRuntimeState,
-) -> DesktopVectorInstallStatusResponse {
-    DesktopVectorInstallStatusResponse {
-        state: state.state,
-        model: state.model,
-        progress_pct: state.progress_pct,
-        message: state.message,
-    }
-}
-
-#[tauri::command]
-fn desktop_vector_preflight() -> DesktopApiResult<DesktopVectorPreflightResponse> {
-    let runtime = load_runtime_config()?;
-    Ok(vector_preflight_for_runtime(&runtime))
-}
-
-#[tauri::command]
-fn desktop_vector_install_model(
-    model: String,
-) -> DesktopApiResult<DesktopVectorInstallStatusResponse> {
-    let runtime = load_runtime_config()?;
-    let endpoint = vector_embed_endpoint(&runtime);
-    let selected_model = model.trim().to_string().chars().collect::<String>();
-    let selected_model = if selected_model.trim().is_empty() {
-        vector_embed_model(&runtime)
-    } else {
-        selected_model
-    };
-
-    let current = current_vector_install_state();
-    if matches!(current.state, DesktopVectorInstallState::Installing)
-        && current.model == selected_model
-    {
-        return Ok(install_status_response_from_state(current));
-    }
-
-    update_vector_install_progress(
-        DesktopVectorInstallState::Installing,
-        &selected_model,
-        0,
-        Some("starting model download".to_string()),
-    );
-
-    let endpoint_for_thread = endpoint.clone();
-    let model_for_thread = selected_model.clone();
-    std::thread::spawn(move || {
-        match install_ollama_model_blocking(&endpoint_for_thread, &model_for_thread) {
-            Ok(()) => update_vector_install_progress(
-                DesktopVectorInstallState::Ready,
-                &model_for_thread,
-                100,
-                Some("model download complete".to_string()),
-            ),
-            Err(error) => update_vector_install_progress(
-                DesktopVectorInstallState::Failed,
-                &model_for_thread,
-                0,
-                Some(error.message),
-            ),
-        }
-    });
-
-    Ok(install_status_response_from_state(
-        current_vector_install_state(),
-    ))
-}
-
-#[tauri::command]
-fn desktop_vector_index_rebuild() -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
-    let runtime = load_runtime_config()?;
-    ensure_vector_provider_ready(&runtime, false)?;
-
-    {
-        let mut running = VECTOR_INDEX_REBUILD_RUNNING
-            .lock()
-            .expect("vector index rebuild mutex poisoned");
-        if *running {
-            let db = open_local_db()?;
-            return desktop_vector_index_status_from_db(&db);
-        }
-        *running = true;
-    }
-
-    std::thread::spawn(move || {
-        let result: DesktopApiResult<()> = (|| {
-            let db = open_local_db()?;
-            if let Err(error) = rebuild_vector_index_blocking(&db, &runtime) {
-                let _ = persist_vector_index_failure_snapshot(&db, &error);
-                return Err(error);
-            }
-            Ok(())
-        })();
-
-        if let Err(error) = result {
-            eprintln!("vector index rebuild failed: {}", error.message);
-        }
-        if let Ok(mut running) = VECTOR_INDEX_REBUILD_RUNNING.lock() {
-            *running = false;
-        }
-    });
-
-    let db = open_local_db()?;
-    desktop_vector_index_status_from_db(&db)
-}
-
-#[tauri::command]
-fn desktop_vector_index_status() -> DesktopApiResult<DesktopVectorIndexStatusResponse> {
-    let db = open_local_db()?;
-    desktop_vector_index_status_from_db(&db)
-}
-
-#[tauri::command]
-fn desktop_search_sessions_vector(
-    query: String,
-    cursor: Option<String>,
-    limit: Option<u32>,
-) -> DesktopApiResult<DesktopVectorSearchResponse> {
-    let db = open_local_db()?;
-    let runtime = load_runtime_config()?;
-    search_sessions_vector_internal(&db, &runtime, &query, cursor, limit, None)
-}
-
-#[tauri::command]
-fn desktop_get_session_summary(id: String) -> DesktopApiResult<DesktopSessionSummaryResponse> {
-    let db = open_local_db()?;
-    let runtime = load_runtime_config()?;
-    load_session_summary_for_runtime(&db, &runtime, &id)
-}
-
-fn build_git_summary_request_for_session(
-    session: &HailSession,
-    runtime: &DaemonConfig,
-) -> Option<GitSummaryRequest> {
-    if !runtime.summary.allows_git_changes_fallback() {
-        return None;
-    }
-    working_directory(session)
-        .and_then(|cwd| find_git_repo_root(Path::new(cwd)).map(|repo_root| (cwd, repo_root)))
-        .map(|(cwd, repo_root)| GitSummaryRequest {
-            repo_root,
-            commit: extract_git_context(cwd).commit,
-        })
-}
-
-async fn generate_session_summary_artifact_for_id(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-) -> DesktopApiResult<opensession_summary::SemanticSummaryArtifact> {
-    let normalized_session = load_normalized_session_body(db, session_id)?;
-    let session = HailSession::from_jsonl(&normalized_session).map_err(|error| {
-        desktop_error(
-            "desktop.session_summary_parse_failed",
-            422,
-            "failed to decode session body for summary regeneration",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-    let git_request = build_git_summary_request_for_session(&session, runtime);
-    summarize_session(&session, &runtime.summary, git_request.as_ref())
-        .await
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_summary_generate_failed",
-                500,
-                "failed to generate semantic summary",
-                Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-            )
-        })
-}
-
-fn persist_summary_for_runtime(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopApiResult<()> {
-    match runtime.summary.storage.backend {
-        SummaryStorageBackend::LocalDb => persist_summary_to_local_db(db, session_id, artifact),
-        SummaryStorageBackend::HiddenRef => {
-            let Some(repo_root) = resolve_summary_repo_root(db, session_id)? else {
-                return Err(summary_repo_required_error(session_id));
-            };
-            persist_summary_to_hidden_ref(&repo_root, session_id, artifact)
-        }
-        SummaryStorageBackend::None => Ok(()),
-    }
-}
-
-fn summary_repo_required_error(session_id: &str) -> DesktopApiError {
-    desktop_error(
-        "desktop.session_summary_repo_required",
-        422,
-        "hidden_ref summary backend requires a git repository",
-        Some(json!({ "session_id": session_id })),
-    )
-}
-
-fn summary_response_from_artifact(
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopSessionSummaryResponse {
-    DesktopSessionSummaryResponse {
-        session_id: session_id.to_string(),
-        summary: serde_json::to_value(&artifact.summary).ok(),
-        source_details: if artifact.source_details.is_empty() {
-            None
-        } else {
-            serde_json::to_value(&artifact.source_details).ok()
-        },
-        diff_tree: serde_json::to_value(&artifact.diff_tree)
-            .ok()
-            .and_then(|value| value.as_array().cloned())
-            .unwrap_or_default(),
-        source_kind: Some(enum_label(&artifact.source_kind)),
-        generation_kind: Some(enum_label(&artifact.generation_kind)),
-        error: artifact.error.clone(),
-    }
-}
-
-fn summary_response_after_persist(
-    db: &LocalDb,
-    runtime: &DaemonConfig,
-    session_id: &str,
-    artifact: &opensession_summary::SemanticSummaryArtifact,
-) -> DesktopApiResult<DesktopSessionSummaryResponse> {
-    if matches!(runtime.summary.storage.backend, SummaryStorageBackend::None) {
-        return Ok(summary_response_from_artifact(session_id, artifact));
-    }
-    load_session_summary_for_runtime(db, runtime, session_id)
-}
-
-fn run_summary_batch_for_runtime(
-    runtime: DaemonConfig,
-) -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
-    let db = open_local_db()?;
-    {
-        let mut running = SUMMARY_BATCH_RUNNING
-            .lock()
-            .expect("summary batch mutex poisoned");
-        if *running {
-            return desktop_summary_batch_status_from_db(&db);
-        }
-        *running = true;
-    }
-
-    let started_at = chrono::Utc::now().to_rfc3339();
-    set_summary_batch_job_snapshot(
-        &db,
-        SummaryBatchJobRow {
-            status: "running".to_string(),
-            processed_sessions: 0,
-            total_sessions: 0,
-            failed_sessions: 0,
-            message: Some("starting summary batch".to_string()),
-            started_at: Some(started_at),
-            finished_at: None,
-        },
-    )?;
-
-    std::thread::spawn(move || {
-        let run_result: DesktopApiResult<()> = (|| {
-            let db = open_local_db()?;
-            let selection = summary_batch_session_ids_for_scope(
-                &db,
-                &runtime.summary.batch.scope,
-                runtime.summary.batch.recent_days,
-            )?;
-            let total_sessions = selection.pending_session_ids.len() as u32;
-            let already_summarized_sessions = selection.already_summarized_sessions;
-            let started_at = chrono::Utc::now().to_rfc3339();
-            let initial_message = if already_summarized_sessions > 0 {
-                format!(
-                    "processing semantic summaries ({already_summarized_sessions} already summarized)"
-                )
-            } else {
-                "processing semantic summaries".to_string()
-            };
-            set_summary_batch_job_snapshot(
-                &db,
-                SummaryBatchJobRow {
-                    status: "running".to_string(),
-                    processed_sessions: 0,
-                    total_sessions,
-                    failed_sessions: 0,
-                    message: Some(initial_message),
-                    started_at: Some(started_at.clone()),
-                    finished_at: None,
-                },
-            )?;
-
-            if total_sessions == 0 {
-                let message = if already_summarized_sessions > 0 {
-                    format!(
-                        "summary batch complete ({already_summarized_sessions} already summarized)"
-                    )
-                } else {
-                    "summary batch complete (no pending sessions)".to_string()
-                };
-                set_summary_batch_job_snapshot(
-                    &db,
-                    SummaryBatchJobRow {
-                        status: "complete".to_string(),
-                        processed_sessions: 0,
-                        total_sessions: 0,
-                        failed_sessions: 0,
-                        message: Some(message),
-                        started_at: Some(started_at),
-                        finished_at: Some(chrono::Utc::now().to_rfc3339()),
-                    },
-                )?;
-                return Ok(());
-            }
-
-            let mut processed_sessions = 0u32;
-            let mut failed_sessions = 0u32;
-            let mut skipped_sessions = 0u32;
-            for session_id in selection.pending_session_ids {
-                set_summary_batch_job_snapshot(
-                    &db,
-                    SummaryBatchJobRow {
-                        status: "running".to_string(),
-                        processed_sessions,
-                        total_sessions,
-                        failed_sessions,
-                        message: Some(format!("processing {session_id}")),
-                        started_at: Some(started_at.clone()),
-                        finished_at: None,
-                    },
-                )?;
-
-                let generated = tauri::async_runtime::block_on(
-                    generate_session_summary_artifact_for_id(&db, &runtime, &session_id),
-                );
-                if let Err(error) = generated.and_then(|artifact| {
-                    persist_summary_for_runtime(&db, &runtime, &session_id, &artifact)
-                }) {
-                    if is_summary_batch_skippable_error(&error) {
-                        skipped_sessions = skipped_sessions.saturating_add(1);
-                        eprintln!("summary batch: skipped {session_id}: {}", error.message);
-                    } else {
-                        failed_sessions = failed_sessions.saturating_add(1);
-                        eprintln!(
-                            "summary batch: failed to process {session_id}: {}",
-                            error.message
-                        );
-                    }
-                }
-
-                processed_sessions = processed_sessions.saturating_add(1);
-                set_summary_batch_job_snapshot(
-                    &db,
-                    SummaryBatchJobRow {
-                        status: "running".to_string(),
-                        processed_sessions,
-                        total_sessions,
-                        failed_sessions,
-                        message: Some(format!(
-                            "processed {processed_sessions}/{total_sessions} sessions"
-                        )),
-                        started_at: Some(started_at.clone()),
-                        finished_at: None,
-                    },
-                )?;
-            }
-
-            let status = if failed_sessions > 0 {
-                "failed"
-            } else {
-                "complete"
-            };
-            let mut message = if failed_sessions > 0 {
-                if skipped_sessions > 0 {
-                    format!(
-                        "summary batch finished with {failed_sessions} failures ({skipped_sessions} skipped missing sources)"
-                    )
-                } else {
-                    format!("summary batch finished with {failed_sessions} failures")
-                }
-            } else {
-                if skipped_sessions > 0 {
-                    format!("summary batch complete ({skipped_sessions} skipped missing sources)")
-                } else {
-                    "summary batch complete".to_string()
-                }
-            };
-            if already_summarized_sessions > 0 {
-                message.push_str(&format!(
-                    "; {already_summarized_sessions} already summarized"
-                ));
-            };
-            set_summary_batch_job_snapshot(
-                &db,
-                SummaryBatchJobRow {
-                    status: status.to_string(),
-                    processed_sessions,
-                    total_sessions,
-                    failed_sessions,
-                    message: Some(message),
-                    started_at: Some(started_at),
-                    finished_at: Some(chrono::Utc::now().to_rfc3339()),
-                },
-            )?;
-            Ok(())
-        })();
-
-        if let Err(error) = run_result {
-            if let Ok(db) = open_local_db() {
-                let now = chrono::Utc::now().to_rfc3339();
-                let _ = set_summary_batch_job_snapshot(
-                    &db,
-                    SummaryBatchJobRow {
-                        status: "failed".to_string(),
-                        processed_sessions: 0,
-                        total_sessions: 0,
-                        failed_sessions: 0,
-                        message: Some(error.message.clone()),
-                        started_at: Some(now.clone()),
-                        finished_at: Some(now),
-                    },
-                );
-            }
-            eprintln!("summary batch run failed: {}", error.message);
-        }
-
-        if let Ok(mut running) = SUMMARY_BATCH_RUNNING.lock() {
-            *running = false;
-        }
-    });
-
-    desktop_summary_batch_status_from_db(&db)
-}
-
-#[tauri::command]
-async fn desktop_regenerate_session_summary(
-    id: String,
-) -> DesktopApiResult<DesktopSessionSummaryResponse> {
-    let db = open_local_db()?;
-    let runtime = load_runtime_config()?;
-    let artifact = generate_session_summary_artifact_for_id(&db, &runtime, &id).await?;
-    persist_summary_for_runtime(&db, &runtime, &id, &artifact)?;
-    summary_response_after_persist(&db, &runtime, &id, &artifact)
-}
-
-#[tauri::command]
-fn desktop_summary_batch_status() -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
-    let db = open_local_db()?;
-    desktop_summary_batch_status_from_db(&db)
-}
-
 #[tauri::command]
 fn desktop_lifecycle_cleanup_status() -> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
     let db = open_local_db()?;
     desktop_lifecycle_cleanup_status_from_db(&db)
 }
 
-#[tauri::command]
-fn desktop_summary_batch_run() -> DesktopApiResult<DesktopSummaryBatchStatusResponse> {
-    let runtime = load_runtime_config()?;
-    run_summary_batch_for_runtime(runtime)
-}
-
 #[tauri::command]
 fn desktop_list_sessions(
     query: Option<DesktopSessionListQuery>,
@@ -3117,30 +1259,6 @@ fn desktop_get_session_raw(id: String) -> DesktopApiResult<String> {
     load_normalized_session_body(&db, &id)
 }
 
-fn maybe_start_summary_batch_on_app_start() {
-    let runtime = match load_runtime_config() {
-        Ok(runtime) => runtime,
-        Err(error) => {
-            eprintln!(
-                "failed to load runtime config for app-start summary batch: {}",
-                error.message
-            );
-            return;
-        }
-    };
-
-    if !matches!(
-        runtime.summary.batch.execution_mode,
-        RuntimeSummaryBatchExecutionMode::OnAppStart
-    ) {
-        return;
-    }
-
-    if let Err(error) = run_summary_batch_for_runtime(runtime) {
-        eprintln!("failed to start app-start summary batch: {}", error.message);
-    }
-}
-
 fn main() {
     maybe_start_summary_batch_on_app_start();
     maybe_start_lifecycle_cleanup_loop();
@@ -4917,12 +3035,9 @@ mod tests {
 
     #[test]
     fn require_non_empty_request_field_rejects_blank_values() {
-        let error = require_non_empty_request_field(
-            " \n\t ",
-            "desktop.test_invalid_request",
-            "session_id",
-        )
-        .expect_err("blank field should be rejected");
+        let error =
+            require_non_empty_request_field(" \n\t ", "desktop.test_invalid_request", "session_id")
+                .expect_err("blank field should be rejected");
         assert_eq!(error.status, 400);
         assert_eq!(error.code, "desktop.test_invalid_request");
         assert_eq!(error.message, "session_id is required");

From dba83dc1d961d141585e3a05924132f9d07a5873 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 20:12:00 +0900
Subject: [PATCH 11/30] extract desktop session access module

---
 desktop/src-tauri/src/app/mod.rs            |   1 +
 desktop/src-tauri/src/app/session_access.rs | 400 +++++++++++++++++++
 desktop/src-tauri/src/main.rs               | 409 +-------------------
 3 files changed, 418 insertions(+), 392 deletions(-)
 create mode 100644 desktop/src-tauri/src/app/session_access.rs

diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index 73ae9714..0b0f8120 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -2,6 +2,7 @@ pub(crate) mod change_reader;
 pub(crate) mod handoff;
 pub(crate) mod launch_route;
 pub(crate) mod lifecycle_cleanup;
+pub(crate) mod session_access;
 pub(crate) mod session_query;
 pub(crate) mod session_summary;
 pub(crate) mod vector;
diff --git a/desktop/src-tauri/src/app/session_access.rs b/desktop/src-tauri/src/app/session_access.rs
new file mode 100644
index 00000000..3286402d
--- /dev/null
+++ b/desktop/src-tauri/src/app/session_access.rs
@@ -0,0 +1,400 @@
+use crate::app::session_query::{SearchMode, build_local_filter_with_mode};
+use crate::app::vector::list_sessions_with_vector_rank;
+use crate::{DesktopApiResult, desktop_error, open_local_db};
+use opensession_api::{
+    DesktopSessionListQuery, LinkType, SessionDetail, SessionLink, SessionListResponse,
+    SessionRepoListResponse, SessionSummary,
+};
+use opensession_core::session::{is_auxiliary_session, working_directory};
+use opensession_core::trace::Session as HailSession;
+use opensession_git_native::extract_git_context;
+use opensession_local_db::{LocalDb, LocalSessionLink, LocalSessionRow};
+use opensession_parsers::{
+    discover::discover_for_tool, ingest::preview_parse_bytes, parse_with_default_parsers,
+};
+use serde_json::json;
+use std::collections::BTreeSet;
+use std::fs;
+use std::path::{Path, PathBuf};
+
+const FORCE_REFRESH_MAX_DISCOVERY_PATHS: usize = 240;
+
+pub(crate) fn force_refresh_discovery_tools() -> &'static [&'static str] {
+    // Cursor workspace DBs are high-volume and often metadata-only. Exclude them from the
+    // synchronous force-refresh path so recent sessions show up immediately.
+    &["codex", "claude-code", "opencode", "cline", "amp", "gemini"]
+}
+
+fn force_refresh_discovered_paths() -> Vec<PathBuf> {
+    let mut unique_paths = BTreeSet::new();
+    for tool in force_refresh_discovery_tools() {
+        for path in discover_for_tool(tool) {
+            if path.exists() {
+                unique_paths.insert(path);
+            }
+        }
+    }
+
+    let mut paths: Vec<PathBuf> = unique_paths.into_iter().collect();
+    paths.sort_by(|left, right| {
+        let left_modified = fs::metadata(left).and_then(|meta| meta.modified()).ok();
+        let right_modified = fs::metadata(right).and_then(|meta| meta.modified()).ok();
+        right_modified
+            .cmp(&left_modified)
+            .then_with(|| left.cmp(right))
+    });
+    paths.truncate(FORCE_REFRESH_MAX_DISCOVERY_PATHS);
+    paths
+}
+
+fn refresh_local_session_index(db: &LocalDb) {
+    let mut parse_errors = 0usize;
+    let mut upsert_errors = 0usize;
+    let mut upserted = 0usize;
+
+    for path in force_refresh_discovered_paths() {
+        let parsed = match parse_with_default_parsers(&path) {
+            Ok(session) => session,
+            Err(error) => {
+                parse_errors = parse_errors.saturating_add(1);
+                if parse_errors <= 5 {
+                    eprintln!(
+                        "failed to parse discovered session {}: {error}",
+                        path.display()
+                    );
+                }
+                continue;
+            }
+        };
+        let Some(session) = parsed else {
+            continue;
+        };
+        if is_auxiliary_session(&session) {
+            continue;
+        }
+
+        let git = working_directory(&session)
+            .map(extract_git_context)
+            .unwrap_or_default();
+        let local_git = opensession_local_db::git::GitContext {
+            remote: git.remote.clone(),
+            branch: git.branch.clone(),
+            commit: git.commit.clone(),
+            repo_name: git.repo_name.clone(),
+        };
+        let path_str = path.to_string_lossy().to_string();
+
+        if let Err(error) = db.upsert_local_session(&session, &path_str, &local_git) {
+            upsert_errors = upsert_errors.saturating_add(1);
+            if upsert_errors <= 5 {
+                eprintln!(
+                    "failed to upsert discovered session {}: {error}",
+                    path.display()
+                );
+            }
+            continue;
+        }
+
+        upserted = upserted.saturating_add(1);
+    }
+
+    if parse_errors > 5 {
+        eprintln!(
+            "force refresh parse errors suppressed: {} additional failures",
+            parse_errors - 5
+        );
+    }
+    if upsert_errors > 5 {
+        eprintln!(
+            "force refresh upsert errors suppressed: {} additional failures",
+            upsert_errors - 5
+        );
+    }
+    eprintln!("force refresh reindex complete: upserted={upserted}");
+}
+
+pub(crate) fn session_summary_from_local_row(row: LocalSessionRow) -> SessionSummary {
+    session_summary_from_local_row_with_score(
+        row,
+        0,
+        opensession_core::scoring::DEFAULT_SCORE_PLUGIN,
+    )
+}
+
+pub(crate) fn session_summary_from_local_row_with_score(
+    row: LocalSessionRow,
+    session_score: i64,
+    score_plugin: &str,
+) -> SessionSummary {
+    SessionSummary {
+        id: row.id,
+        user_id: row.user_id,
+        nickname: row.nickname,
+        tool: row.tool,
+        agent_provider: row.agent_provider,
+        agent_model: row.agent_model,
+        title: row.title,
+        description: row.description,
+        tags: row.tags,
+        created_at: row.created_at.clone(),
+        uploaded_at: row.uploaded_at.unwrap_or(row.created_at),
+        message_count: row.message_count,
+        task_count: row.task_count,
+        event_count: row.event_count,
+        duration_seconds: row.duration_seconds,
+        total_input_tokens: row.total_input_tokens,
+        total_output_tokens: row.total_output_tokens,
+        git_remote: row.git_remote,
+        git_branch: row.git_branch,
+        git_commit: row.git_commit,
+        git_repo_name: row.git_repo_name,
+        pr_number: row.pr_number,
+        pr_url: row.pr_url,
+        working_directory: row.working_directory,
+        files_modified: row.files_modified,
+        files_read: row.files_read,
+        has_errors: row.has_errors,
+        max_active_agents: row.max_active_agents,
+        session_score,
+        score_plugin: score_plugin.to_string(),
+    }
+}
+
+pub(crate) fn map_link_type(raw: &str) -> LinkType {
+    match raw {
+        "related" => LinkType::Related,
+        "parent" => LinkType::Parent,
+        "child" => LinkType::Child,
+        _ => LinkType::Handoff,
+    }
+}
+
+fn session_link_from_local(link: LocalSessionLink) -> SessionLink {
+    SessionLink {
+        session_id: link.session_id,
+        linked_session_id: link.linked_session_id,
+        link_type: map_link_type(&link.link_type),
+        created_at: link.created_at,
+    }
+}
+
+fn session_to_hail_jsonl(session: HailSession) -> DesktopApiResult<String> {
+    session.to_jsonl().map_err(|error| {
+        desktop_error(
+            "desktop.hail_encode_failed",
+            500,
+            "failed to encode normalized HAIL JSONL",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })
+}
+
+pub(crate) fn normalize_session_body_to_hail_jsonl(
+    body: &str,
+    source_path: Option<&str>,
+) -> DesktopApiResult<String> {
+    if let Ok(session) = HailSession::from_jsonl(body) {
+        return session_to_hail_jsonl(session);
+    }
+
+    if let Ok(session) = serde_json::from_str::<HailSession>(body) {
+        return session_to_hail_jsonl(session);
+    }
+
+    if let Some(path_text) = source_path {
+        let path = Path::new(path_text);
+        if let Ok(Some(session)) = parse_with_default_parsers(path) {
+            return session_to_hail_jsonl(session);
+        }
+    }
+
+    let filename = source_path
+        .and_then(|path| Path::new(path).file_name())
+        .and_then(|name| name.to_str())
+        .unwrap_or("session.jsonl");
+
+    let preview = preview_parse_bytes(filename, body.as_bytes(), None).map_err(|error| {
+        desktop_error(
+            "desktop.session_parse_failed",
+            422,
+            "failed to parse source session into HAIL format",
+            Some(json!({ "cause": error.to_string(), "filename": filename })),
+        )
+    })?;
+
+    session_to_hail_jsonl(preview.session)
+}
+
+fn read_source_session_text(source_path: &str) -> DesktopApiResult<String> {
+    std::fs::read_to_string(source_path).map_err(|error| {
+        desktop_error(
+            "desktop.session_source_unavailable",
+            404,
+            format!("session source file is unavailable ({source_path})"),
+            Some(json!({ "cause": error.to_string(), "source_path": source_path })),
+        )
+    })
+}
+
+pub(crate) fn load_normalized_session_body(
+    db: &LocalDb,
+    session_id: &str,
+) -> DesktopApiResult<String> {
+    let source_path = db.get_session_source_path(session_id).map_err(|error| {
+        desktop_error(
+            "desktop.session_source_path_failed",
+            500,
+            "failed to resolve session source path",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })?;
+
+    if let Some(cached) = db.get_cached_body(session_id).map_err(|error| {
+        desktop_error(
+            "desktop.session_cache_read_failed",
+            500,
+            "failed to read cached session body",
+            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+        )
+    })? {
+        match String::from_utf8(cached) {
+            Ok(text) => match normalize_session_body_to_hail_jsonl(&text, source_path.as_deref()) {
+                Ok(normalized) => return Ok(normalized),
+                Err(error) if source_path.is_none() => return Err(error),
+                Err(_) => {}
+            },
+            Err(error) if source_path.is_none() => {
+                return Err(desktop_error(
+                    "desktop.session_cache_invalid_utf8",
+                    500,
+                    "session body is not valid UTF-8",
+                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
+                ));
+            }
+            Err(_) => {}
+        }
+    }
+
+    if let Some(source_path) = source_path {
+        let source_body = read_source_session_text(&source_path)?;
+        let normalized = normalize_session_body_to_hail_jsonl(&source_body, Some(&source_path))?;
+        if let Err(error) = db.cache_body(session_id, source_body.as_bytes()) {
+            eprintln!("failed to cache normalized session source for {session_id}: {error}");
+        }
+        return Ok(normalized);
+    }
+
+    Err(desktop_error(
+        "desktop.session_body_not_found",
+        404,
+        "session body not found in local cache",
+        Some(json!({ "session_id": session_id })),
+    ))
+}
+
+#[tauri::command]
+pub(crate) fn desktop_list_sessions(
+    query: Option<DesktopSessionListQuery>,
+) -> DesktopApiResult<SessionListResponse> {
+    let db = open_local_db()?;
+    let query = query.unwrap_or_default();
+    if query.force_refresh.unwrap_or(false) {
+        refresh_local_session_index(&db);
+    }
+    let (filter, page, per_page, search_mode) = build_local_filter_with_mode(query);
+
+    if search_mode == SearchMode::Vector {
+        let vector_query = filter.search.clone().unwrap_or_default();
+        return list_sessions_with_vector_rank(&db, &filter, &vector_query, page, per_page);
+    }
+
+    let total = db.count_sessions_filtered(&filter).map_err(|error| {
+        desktop_error(
+            "desktop.session_count_failed",
+            500,
+            "failed to count local sessions",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let sessions = db.list_sessions(&filter).map_err(|error| {
+        desktop_error(
+            "desktop.session_list_failed",
+            500,
+            "failed to list local sessions",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    let mapped = sessions
+        .into_iter()
+        .map(session_summary_from_local_row)
+        .collect::<Vec<_>>();
+
+    Ok(SessionListResponse {
+        sessions: mapped,
+        total,
+        page,
+        per_page,
+    })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_list_repos() -> DesktopApiResult<SessionRepoListResponse> {
+    let db = open_local_db()?;
+    let repos = db.list_repos().map_err(|error| {
+        desktop_error(
+            "desktop.repo_list_failed",
+            500,
+            "failed to list repository names",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+    Ok(SessionRepoListResponse { repos })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_get_session_detail(id: String) -> DesktopApiResult<SessionDetail> {
+    let db = open_local_db()?;
+    let row = db
+        .get_session_by_id(&id)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_detail_failed",
+                500,
+                "failed to load session detail",
+                Some(json!({ "cause": error.to_string(), "session_id": id })),
+            )
+        })?
+        .ok_or_else(|| {
+            desktop_error(
+                "desktop.session_not_found",
+                404,
+                "session not found",
+                Some(json!({ "session_id": id })),
+            )
+        })?;
+
+    let links = db
+        .list_session_links(&id)
+        .map_err(|error| {
+            desktop_error(
+                "desktop.session_links_failed",
+                500,
+                "failed to load session links",
+                Some(json!({ "cause": error.to_string(), "session_id": id })),
+            )
+        })?
+        .into_iter()
+        .map(session_link_from_local)
+        .collect::<Vec<_>>();
+
+    Ok(SessionDetail {
+        summary: session_summary_from_local_row(row),
+        linked_sessions: links,
+    })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_get_session_raw(id: String) -> DesktopApiResult<String> {
+    let db = open_local_db()?;
+    load_normalized_session_body(&db, &id)
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 20e4c1a9..b4c72ddc 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -9,6 +9,18 @@ use app::change_reader::{
 use app::handoff::{desktop_build_handoff, desktop_share_session_quick};
 use app::launch_route::desktop_take_launch_route;
 use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
+use app::session_access::{
+    desktop_get_session_detail, desktop_get_session_raw, desktop_list_repos, desktop_list_sessions,
+};
+#[cfg(test)]
+use app::session_access::{
+    force_refresh_discovery_tools, map_link_type, normalize_session_body_to_hail_jsonl,
+    session_summary_from_local_row,
+};
+pub(crate) use app::session_access::{
+    load_normalized_session_body, session_summary_from_local_row_with_score,
+};
+#[cfg(test)]
 use app::session_query::{SearchMode, build_local_filter_with_mode};
 use app::session_summary::{
     desktop_get_session_summary, desktop_regenerate_session_summary, desktop_summary_batch_run,
@@ -23,8 +35,8 @@ use app::vector::{
 };
 use app::vector::{
     desktop_search_sessions_vector, desktop_vector_index_rebuild, desktop_vector_index_status,
-    desktop_vector_install_model, desktop_vector_preflight, list_sessions_with_vector_rank,
-    vector_embed_endpoint, vector_embed_model, vector_preflight_for_runtime,
+    desktop_vector_install_model, desktop_vector_preflight, vector_embed_endpoint,
+    vector_embed_model, vector_preflight_for_runtime,
 };
 #[cfg(test)]
 use app::{
@@ -45,17 +57,10 @@ use opensession_api::{
     DesktopSummaryOutputShape, DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
     DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
     DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
-    DesktopVectorSearchGranularity, DesktopVectorSearchProvider, LinkType, SessionDetail,
-    SessionLink, SessionListResponse, SessionRepoListResponse, SessionSummary,
+    DesktopVectorSearchGranularity, DesktopVectorSearchProvider,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
-use opensession_core::session::{is_auxiliary_session, working_directory};
-use opensession_core::trace::Session as HailSession;
-use opensession_git_native::extract_git_context;
-use opensession_local_db::{LifecycleCleanupJobRow, LocalDb, LocalSessionLink, LocalSessionRow};
-use opensession_parsers::{
-    discover::discover_for_tool, ingest::preview_parse_bytes, parse_with_default_parsers,
-};
+use opensession_local_db::{LifecycleCleanupJobRow, LocalDb};
 use opensession_runtime_config::{
     ChangeReaderScope, ChangeReaderVoiceProvider, DaemonConfig, LifecycleSettings,
     SessionDefaultView, SummaryBatchExecutionMode as RuntimeSummaryBatchExecutionMode,
@@ -65,16 +70,13 @@ use opensession_runtime_config::{
 };
 use opensession_summary::validate_summary_prompt_template;
 use serde_json::json;
-use std::collections::BTreeSet;
-use std::fs;
-use std::path::{Path, PathBuf};
+use std::path::PathBuf;
 use std::sync::{LazyLock, Mutex};
 
 pub(crate) type DesktopApiResult<T> = Result<T, DesktopApiError>;
 
 const CHANGE_READER_MAX_EVENTS: usize = 180;
 const CHANGE_READER_MAX_LINE_CHARS: usize = 220;
-const FORCE_REFRESH_MAX_DISCOVERY_PATHS: usize = 240;
 static LIFECYCLE_CLEANUP_LOOP_STARTED: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 
 pub(crate) fn desktop_error(
@@ -99,165 +101,6 @@ pub(crate) fn enum_label<T: serde::Serialize>(value: &T) -> String {
         .unwrap_or_else(|| "unknown".to_string())
 }
 
-fn force_refresh_discovery_tools() -> &'static [&'static str] {
-    // Cursor workspace DBs are high-volume and often metadata-only. Exclude them from the
-    // synchronous force-refresh path so recent sessions show up immediately.
-    &["codex", "claude-code", "opencode", "cline", "amp", "gemini"]
-}
-
-fn force_refresh_discovered_paths() -> Vec<PathBuf> {
-    let mut unique_paths = BTreeSet::new();
-    for tool in force_refresh_discovery_tools() {
-        for path in discover_for_tool(tool) {
-            if path.exists() {
-                unique_paths.insert(path);
-            }
-        }
-    }
-
-    let mut paths: Vec<PathBuf> = unique_paths.into_iter().collect();
-    paths.sort_by(|left, right| {
-        let left_modified = fs::metadata(left).and_then(|meta| meta.modified()).ok();
-        let right_modified = fs::metadata(right).and_then(|meta| meta.modified()).ok();
-        right_modified
-            .cmp(&left_modified)
-            .then_with(|| left.cmp(right))
-    });
-    paths.truncate(FORCE_REFRESH_MAX_DISCOVERY_PATHS);
-    paths
-}
-
-fn refresh_local_session_index(db: &LocalDb) {
-    let mut parse_errors = 0usize;
-    let mut upsert_errors = 0usize;
-    let mut upserted = 0usize;
-
-    for path in force_refresh_discovered_paths() {
-        let parsed = match parse_with_default_parsers(&path) {
-            Ok(session) => session,
-            Err(error) => {
-                parse_errors = parse_errors.saturating_add(1);
-                if parse_errors <= 5 {
-                    eprintln!(
-                        "failed to parse discovered session {}: {error}",
-                        path.display()
-                    );
-                }
-                continue;
-            }
-        };
-        let Some(session) = parsed else {
-            continue;
-        };
-        if is_auxiliary_session(&session) {
-            continue;
-        }
-
-        let git = working_directory(&session)
-            .map(extract_git_context)
-            .unwrap_or_default();
-        let local_git = opensession_local_db::git::GitContext {
-            remote: git.remote.clone(),
-            branch: git.branch.clone(),
-            commit: git.commit.clone(),
-            repo_name: git.repo_name.clone(),
-        };
-        let path_str = path.to_string_lossy().to_string();
-
-        if let Err(error) = db.upsert_local_session(&session, &path_str, &local_git) {
-            upsert_errors = upsert_errors.saturating_add(1);
-            if upsert_errors <= 5 {
-                eprintln!(
-                    "failed to upsert discovered session {}: {error}",
-                    path.display()
-                );
-            }
-            continue;
-        }
-
-        upserted = upserted.saturating_add(1);
-    }
-
-    if parse_errors > 5 {
-        eprintln!(
-            "force refresh parse errors suppressed: {} additional failures",
-            parse_errors - 5
-        );
-    }
-    if upsert_errors > 5 {
-        eprintln!(
-            "force refresh upsert errors suppressed: {} additional failures",
-            upsert_errors - 5
-        );
-    }
-    eprintln!("force refresh reindex complete: upserted={upserted}");
-}
-
-fn session_summary_from_local_row(row: LocalSessionRow) -> SessionSummary {
-    session_summary_from_local_row_with_score(
-        row,
-        0,
-        opensession_core::scoring::DEFAULT_SCORE_PLUGIN,
-    )
-}
-
-fn session_summary_from_local_row_with_score(
-    row: LocalSessionRow,
-    session_score: i64,
-    score_plugin: &str,
-) -> SessionSummary {
-    SessionSummary {
-        id: row.id,
-        user_id: row.user_id,
-        nickname: row.nickname,
-        tool: row.tool,
-        agent_provider: row.agent_provider,
-        agent_model: row.agent_model,
-        title: row.title,
-        description: row.description,
-        tags: row.tags,
-        created_at: row.created_at.clone(),
-        uploaded_at: row.uploaded_at.unwrap_or(row.created_at),
-        message_count: row.message_count,
-        task_count: row.task_count,
-        event_count: row.event_count,
-        duration_seconds: row.duration_seconds,
-        total_input_tokens: row.total_input_tokens,
-        total_output_tokens: row.total_output_tokens,
-        git_remote: row.git_remote,
-        git_branch: row.git_branch,
-        git_commit: row.git_commit,
-        git_repo_name: row.git_repo_name,
-        pr_number: row.pr_number,
-        pr_url: row.pr_url,
-        working_directory: row.working_directory,
-        files_modified: row.files_modified,
-        files_read: row.files_read,
-        has_errors: row.has_errors,
-        max_active_agents: row.max_active_agents,
-        session_score,
-        score_plugin: score_plugin.to_string(),
-    }
-}
-
-fn map_link_type(raw: &str) -> LinkType {
-    match raw {
-        "related" => LinkType::Related,
-        "parent" => LinkType::Parent,
-        "child" => LinkType::Child,
-        _ => LinkType::Handoff,
-    }
-}
-
-fn session_link_from_local(link: LocalSessionLink) -> SessionLink {
-    SessionLink {
-        session_id: link.session_id,
-        linked_session_id: link.linked_session_id,
-        link_type: map_link_type(&link.link_type),
-        created_at: link.created_at,
-    }
-}
-
 fn open_local_db() -> DesktopApiResult<LocalDb> {
     let custom_path = std::env::var("OPENSESSION_LOCAL_DB_PATH")
         .ok()
@@ -729,117 +572,6 @@ fn map_session_default_view_from_str(raw: &str) -> Option<SessionDefaultView> {
     }
 }
 
-fn session_to_hail_jsonl(session: HailSession) -> DesktopApiResult<String> {
-    session.to_jsonl().map_err(|error| {
-        desktop_error(
-            "desktop.hail_encode_failed",
-            500,
-            "failed to encode normalized HAIL JSONL",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })
-}
-
-fn normalize_session_body_to_hail_jsonl(
-    body: &str,
-    source_path: Option<&str>,
-) -> DesktopApiResult<String> {
-    if let Ok(session) = HailSession::from_jsonl(body) {
-        return session_to_hail_jsonl(session);
-    }
-
-    if let Ok(session) = serde_json::from_str::<HailSession>(body) {
-        return session_to_hail_jsonl(session);
-    }
-
-    if let Some(path_text) = source_path {
-        let path = Path::new(path_text);
-        if let Ok(Some(session)) = parse_with_default_parsers(path) {
-            return session_to_hail_jsonl(session);
-        }
-    }
-
-    let filename = source_path
-        .and_then(|path| Path::new(path).file_name())
-        .and_then(|name| name.to_str())
-        .unwrap_or("session.jsonl");
-
-    let preview = preview_parse_bytes(filename, body.as_bytes(), None).map_err(|error| {
-        desktop_error(
-            "desktop.session_parse_failed",
-            422,
-            "failed to parse source session into HAIL format",
-            Some(json!({ "cause": error.to_string(), "filename": filename })),
-        )
-    })?;
-
-    session_to_hail_jsonl(preview.session)
-}
-
-fn read_source_session_text(source_path: &str) -> DesktopApiResult<String> {
-    std::fs::read_to_string(source_path).map_err(|error| {
-        desktop_error(
-            "desktop.session_source_unavailable",
-            404,
-            format!("session source file is unavailable ({source_path})"),
-            Some(json!({ "cause": error.to_string(), "source_path": source_path })),
-        )
-    })
-}
-
-fn load_normalized_session_body(db: &LocalDb, session_id: &str) -> DesktopApiResult<String> {
-    let source_path = db.get_session_source_path(session_id).map_err(|error| {
-        desktop_error(
-            "desktop.session_source_path_failed",
-            500,
-            "failed to resolve session source path",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })?;
-
-    if let Some(cached) = db.get_cached_body(session_id).map_err(|error| {
-        desktop_error(
-            "desktop.session_cache_read_failed",
-            500,
-            "failed to read cached session body",
-            Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-        )
-    })? {
-        match String::from_utf8(cached) {
-            Ok(text) => match normalize_session_body_to_hail_jsonl(&text, source_path.as_deref()) {
-                Ok(normalized) => return Ok(normalized),
-                Err(error) if source_path.is_none() => return Err(error),
-                Err(_) => {}
-            },
-            Err(error) if source_path.is_none() => {
-                return Err(desktop_error(
-                    "desktop.session_cache_invalid_utf8",
-                    500,
-                    "session body is not valid UTF-8",
-                    Some(json!({ "cause": error.to_string(), "session_id": session_id })),
-                ));
-            }
-            Err(_) => {}
-        }
-    }
-
-    if let Some(source_path) = source_path {
-        let source_body = read_source_session_text(&source_path)?;
-        let normalized = normalize_session_body_to_hail_jsonl(&source_body, Some(&source_path))?;
-        if let Err(error) = db.cache_body(session_id, source_body.as_bytes()) {
-            eprintln!("failed to cache normalized session source for {session_id}: {error}");
-        }
-        return Ok(normalized);
-    }
-
-    Err(desktop_error(
-        "desktop.session_body_not_found",
-        404,
-        "session body not found in local cache",
-        Some(json!({ "session_id": session_id })),
-    ))
-}
-
 #[tauri::command]
 fn desktop_get_capabilities() -> CapabilitiesResponse {
     CapabilitiesResponse::for_runtime(false, false)
@@ -1152,113 +884,6 @@ fn desktop_lifecycle_cleanup_status() -> DesktopApiResult<DesktopLifecycleCleanu
     desktop_lifecycle_cleanup_status_from_db(&db)
 }
 
-#[tauri::command]
-fn desktop_list_sessions(
-    query: Option<DesktopSessionListQuery>,
-) -> DesktopApiResult<SessionListResponse> {
-    let db = open_local_db()?;
-    let query = query.unwrap_or_default();
-    if query.force_refresh.unwrap_or(false) {
-        refresh_local_session_index(&db);
-    }
-    let (filter, page, per_page, search_mode) = build_local_filter_with_mode(query);
-
-    if search_mode == SearchMode::Vector {
-        let vector_query = filter.search.clone().unwrap_or_default();
-        return list_sessions_with_vector_rank(&db, &filter, &vector_query, page, per_page);
-    }
-
-    let total = db.count_sessions_filtered(&filter).map_err(|error| {
-        desktop_error(
-            "desktop.session_count_failed",
-            500,
-            "failed to count local sessions",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let sessions = db.list_sessions(&filter).map_err(|error| {
-        desktop_error(
-            "desktop.session_list_failed",
-            500,
-            "failed to list local sessions",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    let mapped = sessions
-        .into_iter()
-        .map(session_summary_from_local_row)
-        .collect::<Vec<_>>();
-
-    Ok(SessionListResponse {
-        sessions: mapped,
-        total,
-        page,
-        per_page,
-    })
-}
-
-#[tauri::command]
-fn desktop_list_repos() -> DesktopApiResult<SessionRepoListResponse> {
-    let db = open_local_db()?;
-    let repos = db.list_repos().map_err(|error| {
-        desktop_error(
-            "desktop.repo_list_failed",
-            500,
-            "failed to list repository names",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-    Ok(SessionRepoListResponse { repos })
-}
-
-#[tauri::command]
-fn desktop_get_session_detail(id: String) -> DesktopApiResult<SessionDetail> {
-    let db = open_local_db()?;
-    let row = db
-        .get_session_by_id(&id)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_detail_failed",
-                500,
-                "failed to load session detail",
-                Some(json!({ "cause": error.to_string(), "session_id": id })),
-            )
-        })?
-        .ok_or_else(|| {
-            desktop_error(
-                "desktop.session_not_found",
-                404,
-                "session not found",
-                Some(json!({ "session_id": id })),
-            )
-        })?;
-
-    let links = db
-        .list_session_links(&id)
-        .map_err(|error| {
-            desktop_error(
-                "desktop.session_links_failed",
-                500,
-                "failed to load session links",
-                Some(json!({ "cause": error.to_string(), "session_id": id })),
-            )
-        })?
-        .into_iter()
-        .map(session_link_from_local)
-        .collect::<Vec<_>>();
-
-    Ok(SessionDetail {
-        summary: session_summary_from_local_row(row),
-        linked_sessions: links,
-    })
-}
-
-#[tauri::command]
-fn desktop_get_session_raw(id: String) -> DesktopApiResult<String> {
-    let db = open_local_db()?;
-    load_normalized_session_body(&db, &id)
-}
-
 fn main() {
     maybe_start_summary_batch_on_app_start();
     maybe_start_lifecycle_cleanup_loop();

From eaeac8750eb10320a36b80df98b61c82c46b71bc Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 20:21:28 +0900
Subject: [PATCH 12/30] extract desktop runtime settings module

---
 desktop/src-tauri/src/app/change_reader.rs    |   6 +-
 desktop/src-tauri/src/app/mod.rs              |   1 +
 desktop/src-tauri/src/app/runtime_settings.rs | 632 ++++++++++++++++++
 desktop/src-tauri/src/main.rs                 | 632 +-----------------
 4 files changed, 645 insertions(+), 626 deletions(-)
 create mode 100644 desktop/src-tauri/src/app/runtime_settings.rs

diff --git a/desktop/src-tauri/src/app/change_reader.rs b/desktop/src-tauri/src/app/change_reader.rs
index 77f8601d..df5960dd 100644
--- a/desktop/src-tauri/src/app/change_reader.rs
+++ b/desktop/src-tauri/src/app/change_reader.rs
@@ -12,11 +12,13 @@ use opensession_summary::provider::generate_text;
 use serde_json::json;
 use std::time::Duration;
 
+use crate::app::runtime_settings::{
+    map_change_reader_scope_from_runtime, map_summary_provider_id_from_runtime,
+};
 use crate::app::session_summary::load_session_summary_for_runtime;
 use crate::{
     CHANGE_READER_MAX_EVENTS, CHANGE_READER_MAX_LINE_CHARS, DesktopApiResult, desktop_error,
-    load_normalized_session_body, load_runtime_config, map_change_reader_scope_from_runtime,
-    map_summary_provider_id_from_runtime, open_local_db,
+    load_normalized_session_body, load_runtime_config, open_local_db,
 };
 
 #[derive(Debug, Clone)]
diff --git a/desktop/src-tauri/src/app/mod.rs b/desktop/src-tauri/src/app/mod.rs
index 0b0f8120..bb932813 100644
--- a/desktop/src-tauri/src/app/mod.rs
+++ b/desktop/src-tauri/src/app/mod.rs
@@ -2,6 +2,7 @@ pub(crate) mod change_reader;
 pub(crate) mod handoff;
 pub(crate) mod launch_route;
 pub(crate) mod lifecycle_cleanup;
+pub(crate) mod runtime_settings;
 pub(crate) mod session_access;
 pub(crate) mod session_query;
 pub(crate) mod session_summary;
diff --git a/desktop/src-tauri/src/app/runtime_settings.rs b/desktop/src-tauri/src/app/runtime_settings.rs
new file mode 100644
index 00000000..f6a72586
--- /dev/null
+++ b/desktop/src-tauri/src/app/runtime_settings.rs
@@ -0,0 +1,632 @@
+use crate::app::session_summary::migrate_summary_storage_backend;
+use crate::app::vector::{vector_embed_endpoint, vector_embed_model, vector_preflight_for_runtime};
+use crate::{
+    DesktopApiResult, desktop_error, enum_label, load_runtime_config, open_local_db,
+    save_runtime_config,
+};
+use opensession_api::{
+    DesktopChangeReaderScope, DesktopChangeReaderVoiceProvider, DesktopRuntimeChangeReaderSettings,
+    DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeLifecycleSettings,
+    DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
+    DesktopRuntimeSummaryBatchSettings, DesktopRuntimeSummaryPromptSettings,
+    DesktopRuntimeSummaryProviderSettings, DesktopRuntimeSummaryResponseSettings,
+    DesktopRuntimeSummarySettings, DesktopRuntimeSummaryStorageSettings,
+    DesktopRuntimeSummaryUiConstraints, DesktopRuntimeVectorSearchSettings,
+    DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope, DesktopSummaryOutputShape,
+    DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
+    DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
+    DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
+    DesktopVectorSearchGranularity, DesktopVectorSearchProvider,
+};
+use opensession_runtime_config::{
+    ChangeReaderScope, ChangeReaderVoiceProvider, DaemonConfig, LifecycleSettings,
+    SessionDefaultView, SummaryBatchExecutionMode as RuntimeSummaryBatchExecutionMode,
+    SummaryBatchScope as RuntimeSummaryBatchScope, SummaryOutputShape, SummaryProvider,
+    SummaryResponseStyle, SummarySourceMode, SummaryStorageBackend, SummaryTriggerMode,
+    VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
+};
+use opensession_summary::validate_summary_prompt_template;
+use serde_json::json;
+
+pub(crate) fn map_summary_provider_id_from_runtime(
+    value: &SummaryProvider,
+) -> DesktopSummaryProviderId {
+    match value {
+        SummaryProvider::Disabled => DesktopSummaryProviderId::Disabled,
+        SummaryProvider::Ollama => DesktopSummaryProviderId::Ollama,
+        SummaryProvider::CodexExec => DesktopSummaryProviderId::CodexExec,
+        SummaryProvider::ClaudeCli => DesktopSummaryProviderId::ClaudeCli,
+    }
+}
+
+fn map_summary_provider_id_to_runtime(value: &DesktopSummaryProviderId) -> SummaryProvider {
+    match value {
+        DesktopSummaryProviderId::Disabled => SummaryProvider::Disabled,
+        DesktopSummaryProviderId::Ollama => SummaryProvider::Ollama,
+        DesktopSummaryProviderId::CodexExec => SummaryProvider::CodexExec,
+        DesktopSummaryProviderId::ClaudeCli => SummaryProvider::ClaudeCli,
+    }
+}
+
+fn map_summary_transport_from_runtime(
+    value: &opensession_runtime_config::SummaryProviderTransport,
+) -> DesktopSummaryProviderTransport {
+    match value {
+        opensession_runtime_config::SummaryProviderTransport::None => {
+            DesktopSummaryProviderTransport::None
+        }
+        opensession_runtime_config::SummaryProviderTransport::Cli => {
+            DesktopSummaryProviderTransport::Cli
+        }
+        opensession_runtime_config::SummaryProviderTransport::Http => {
+            DesktopSummaryProviderTransport::Http
+        }
+    }
+}
+
+fn map_summary_source_mode_from_runtime(value: &SummarySourceMode) -> DesktopSummarySourceMode {
+    match value {
+        SummarySourceMode::SessionOnly => DesktopSummarySourceMode::SessionOnly,
+        SummarySourceMode::SessionOrGitChanges => DesktopSummarySourceMode::SessionOrGitChanges,
+    }
+}
+
+fn map_summary_source_mode_to_runtime(value: &DesktopSummarySourceMode) -> SummarySourceMode {
+    match value {
+        DesktopSummarySourceMode::SessionOnly => SummarySourceMode::SessionOnly,
+        DesktopSummarySourceMode::SessionOrGitChanges => SummarySourceMode::SessionOrGitChanges,
+    }
+}
+
+fn map_summary_response_style_from_runtime(
+    value: &SummaryResponseStyle,
+) -> DesktopSummaryResponseStyle {
+    match value {
+        SummaryResponseStyle::Compact => DesktopSummaryResponseStyle::Compact,
+        SummaryResponseStyle::Standard => DesktopSummaryResponseStyle::Standard,
+        SummaryResponseStyle::Detailed => DesktopSummaryResponseStyle::Detailed,
+    }
+}
+
+fn map_summary_response_style_to_runtime(
+    value: &DesktopSummaryResponseStyle,
+) -> SummaryResponseStyle {
+    match value {
+        DesktopSummaryResponseStyle::Compact => SummaryResponseStyle::Compact,
+        DesktopSummaryResponseStyle::Standard => SummaryResponseStyle::Standard,
+        DesktopSummaryResponseStyle::Detailed => SummaryResponseStyle::Detailed,
+    }
+}
+
+fn map_summary_output_shape_from_runtime(value: &SummaryOutputShape) -> DesktopSummaryOutputShape {
+    match value {
+        SummaryOutputShape::Layered => DesktopSummaryOutputShape::Layered,
+        SummaryOutputShape::FileList => DesktopSummaryOutputShape::FileList,
+        SummaryOutputShape::SecurityFirst => DesktopSummaryOutputShape::SecurityFirst,
+    }
+}
+
+fn map_summary_output_shape_to_runtime(value: &DesktopSummaryOutputShape) -> SummaryOutputShape {
+    match value {
+        DesktopSummaryOutputShape::Layered => SummaryOutputShape::Layered,
+        DesktopSummaryOutputShape::FileList => SummaryOutputShape::FileList,
+        DesktopSummaryOutputShape::SecurityFirst => SummaryOutputShape::SecurityFirst,
+    }
+}
+
+fn map_summary_trigger_mode_from_runtime(value: &SummaryTriggerMode) -> DesktopSummaryTriggerMode {
+    match value {
+        SummaryTriggerMode::Manual => DesktopSummaryTriggerMode::Manual,
+        SummaryTriggerMode::OnSessionSave => DesktopSummaryTriggerMode::OnSessionSave,
+    }
+}
+
+fn map_summary_trigger_mode_to_runtime(value: &DesktopSummaryTriggerMode) -> SummaryTriggerMode {
+    match value {
+        DesktopSummaryTriggerMode::Manual => SummaryTriggerMode::Manual,
+        DesktopSummaryTriggerMode::OnSessionSave => SummaryTriggerMode::OnSessionSave,
+    }
+}
+
+fn map_summary_storage_backend_from_runtime(
+    value: &SummaryStorageBackend,
+) -> DesktopSummaryStorageBackend {
+    match value {
+        SummaryStorageBackend::HiddenRef => DesktopSummaryStorageBackend::HiddenRef,
+        SummaryStorageBackend::LocalDb => DesktopSummaryStorageBackend::LocalDb,
+        SummaryStorageBackend::None => DesktopSummaryStorageBackend::None,
+    }
+}
+
+fn map_summary_storage_backend_to_runtime(
+    value: &DesktopSummaryStorageBackend,
+) -> SummaryStorageBackend {
+    match value {
+        DesktopSummaryStorageBackend::HiddenRef => SummaryStorageBackend::HiddenRef,
+        DesktopSummaryStorageBackend::LocalDb => SummaryStorageBackend::LocalDb,
+        DesktopSummaryStorageBackend::None => SummaryStorageBackend::None,
+    }
+}
+
+fn map_summary_batch_execution_mode_from_runtime(
+    value: &RuntimeSummaryBatchExecutionMode,
+) -> DesktopSummaryBatchExecutionMode {
+    match value {
+        RuntimeSummaryBatchExecutionMode::Manual => DesktopSummaryBatchExecutionMode::Manual,
+        RuntimeSummaryBatchExecutionMode::OnAppStart => {
+            DesktopSummaryBatchExecutionMode::OnAppStart
+        }
+    }
+}
+
+fn map_summary_batch_execution_mode_to_runtime(
+    value: &DesktopSummaryBatchExecutionMode,
+) -> RuntimeSummaryBatchExecutionMode {
+    match value {
+        DesktopSummaryBatchExecutionMode::Manual => RuntimeSummaryBatchExecutionMode::Manual,
+        DesktopSummaryBatchExecutionMode::OnAppStart => {
+            RuntimeSummaryBatchExecutionMode::OnAppStart
+        }
+    }
+}
+
+fn map_summary_batch_scope_from_runtime(
+    value: &RuntimeSummaryBatchScope,
+) -> DesktopSummaryBatchScope {
+    match value {
+        RuntimeSummaryBatchScope::RecentDays => DesktopSummaryBatchScope::RecentDays,
+        RuntimeSummaryBatchScope::All => DesktopSummaryBatchScope::All,
+    }
+}
+
+fn map_summary_batch_scope_to_runtime(
+    value: &DesktopSummaryBatchScope,
+) -> RuntimeSummaryBatchScope {
+    match value {
+        DesktopSummaryBatchScope::RecentDays => RuntimeSummaryBatchScope::RecentDays,
+        DesktopSummaryBatchScope::All => RuntimeSummaryBatchScope::All,
+    }
+}
+
+fn map_vector_provider_from_runtime(value: &VectorSearchProvider) -> DesktopVectorSearchProvider {
+    match value {
+        VectorSearchProvider::Ollama => DesktopVectorSearchProvider::Ollama,
+    }
+}
+
+fn map_vector_provider_to_runtime(value: &DesktopVectorSearchProvider) -> VectorSearchProvider {
+    match value {
+        DesktopVectorSearchProvider::Ollama => VectorSearchProvider::Ollama,
+    }
+}
+
+fn map_vector_granularity_from_runtime(
+    value: &VectorSearchGranularity,
+) -> DesktopVectorSearchGranularity {
+    match value {
+        VectorSearchGranularity::EventLineChunk => DesktopVectorSearchGranularity::EventLineChunk,
+    }
+}
+
+fn map_vector_granularity_to_runtime(
+    value: &DesktopVectorSearchGranularity,
+) -> VectorSearchGranularity {
+    match value {
+        DesktopVectorSearchGranularity::EventLineChunk => VectorSearchGranularity::EventLineChunk,
+    }
+}
+
+fn map_vector_chunking_mode_from_runtime(value: &VectorChunkingMode) -> DesktopVectorChunkingMode {
+    match value {
+        VectorChunkingMode::Auto => DesktopVectorChunkingMode::Auto,
+        VectorChunkingMode::Manual => DesktopVectorChunkingMode::Manual,
+    }
+}
+
+fn map_vector_chunking_mode_to_runtime(value: &DesktopVectorChunkingMode) -> VectorChunkingMode {
+    match value {
+        DesktopVectorChunkingMode::Auto => VectorChunkingMode::Auto,
+        DesktopVectorChunkingMode::Manual => VectorChunkingMode::Manual,
+    }
+}
+
+pub(crate) fn map_change_reader_scope_from_runtime(
+    value: &ChangeReaderScope,
+) -> DesktopChangeReaderScope {
+    match value {
+        ChangeReaderScope::SummaryOnly => DesktopChangeReaderScope::SummaryOnly,
+        ChangeReaderScope::FullContext => DesktopChangeReaderScope::FullContext,
+    }
+}
+
+fn map_change_reader_scope_to_runtime(value: &DesktopChangeReaderScope) -> ChangeReaderScope {
+    match value {
+        DesktopChangeReaderScope::SummaryOnly => ChangeReaderScope::SummaryOnly,
+        DesktopChangeReaderScope::FullContext => ChangeReaderScope::FullContext,
+    }
+}
+
+fn map_change_reader_voice_provider_from_runtime(
+    value: &ChangeReaderVoiceProvider,
+) -> DesktopChangeReaderVoiceProvider {
+    match value {
+        ChangeReaderVoiceProvider::Openai => DesktopChangeReaderVoiceProvider::Openai,
+    }
+}
+
+fn map_change_reader_voice_provider_to_runtime(
+    value: &DesktopChangeReaderVoiceProvider,
+) -> ChangeReaderVoiceProvider {
+    match value {
+        DesktopChangeReaderVoiceProvider::Openai => ChangeReaderVoiceProvider::Openai,
+    }
+}
+
+fn desktop_summary_settings_from_runtime(config: &DaemonConfig) -> DesktopRuntimeSummarySettings {
+    let source_mode = SummarySourceMode::SessionOnly;
+    DesktopRuntimeSummarySettings {
+        provider: DesktopRuntimeSummaryProviderSettings {
+            id: map_summary_provider_id_from_runtime(&config.summary.provider.id),
+            transport: map_summary_transport_from_runtime(&config.summary.provider_transport()),
+            endpoint: config.summary.provider.endpoint.clone(),
+            model: config.summary.provider.model.clone(),
+        },
+        prompt: DesktopRuntimeSummaryPromptSettings {
+            template: config.summary.prompt.template.clone(),
+            default_template: opensession_summary::DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+        },
+        response: DesktopRuntimeSummaryResponseSettings {
+            style: map_summary_response_style_from_runtime(&config.summary.response.style),
+            shape: map_summary_output_shape_from_runtime(&config.summary.response.shape),
+        },
+        storage: DesktopRuntimeSummaryStorageSettings {
+            trigger: map_summary_trigger_mode_from_runtime(&config.summary.storage.trigger),
+            backend: map_summary_storage_backend_from_runtime(&config.summary.storage.backend),
+        },
+        source_mode: map_summary_source_mode_from_runtime(&source_mode),
+        batch: DesktopRuntimeSummaryBatchSettings {
+            execution_mode: map_summary_batch_execution_mode_from_runtime(
+                &config.summary.batch.execution_mode,
+            ),
+            scope: map_summary_batch_scope_from_runtime(&config.summary.batch.scope),
+            recent_days: config.summary.batch.recent_days.max(1),
+        },
+    }
+}
+
+fn desktop_lifecycle_settings_from_runtime(
+    config: &DaemonConfig,
+) -> DesktopRuntimeLifecycleSettings {
+    DesktopRuntimeLifecycleSettings {
+        enabled: config.lifecycle.enabled,
+        session_ttl_days: config.lifecycle.session_ttl_days.max(1),
+        summary_ttl_days: config.lifecycle.summary_ttl_days.max(1),
+        cleanup_interval_secs: config.lifecycle.cleanup_interval_secs.max(60),
+    }
+}
+
+fn desktop_vector_settings_from_runtime(
+    config: &DaemonConfig,
+) -> DesktopRuntimeVectorSearchSettings {
+    DesktopRuntimeVectorSearchSettings {
+        enabled: config.vector_search.enabled,
+        provider: map_vector_provider_from_runtime(&config.vector_search.provider),
+        model: vector_embed_model(config),
+        endpoint: vector_embed_endpoint(config),
+        granularity: map_vector_granularity_from_runtime(&config.vector_search.granularity),
+        chunking_mode: map_vector_chunking_mode_from_runtime(&config.vector_search.chunking_mode),
+        chunk_size_lines: config.vector_search.chunk_size_lines.max(1),
+        chunk_overlap_lines: config.vector_search.chunk_overlap_lines,
+        top_k_chunks: config.vector_search.top_k_chunks.max(1),
+        top_k_sessions: config.vector_search.top_k_sessions.max(1),
+    }
+}
+
+fn desktop_change_reader_settings_from_runtime(
+    config: &DaemonConfig,
+) -> DesktopRuntimeChangeReaderSettings {
+    DesktopRuntimeChangeReaderSettings {
+        enabled: config.change_reader.enabled,
+        scope: map_change_reader_scope_from_runtime(&config.change_reader.scope),
+        qa_enabled: config.change_reader.qa_enabled,
+        max_context_chars: config.change_reader.max_context_chars.max(1),
+        voice: DesktopRuntimeChangeReaderVoiceSettings {
+            enabled: config.change_reader.voice.enabled,
+            provider: map_change_reader_voice_provider_from_runtime(
+                &config.change_reader.voice.provider,
+            ),
+            model: config.change_reader.voice.model.clone(),
+            voice: config.change_reader.voice.voice.clone(),
+            api_key_configured: !config.change_reader.voice.api_key.trim().is_empty(),
+        },
+    }
+}
+
+fn map_session_default_view_from_str(raw: &str) -> Option<SessionDefaultView> {
+    match raw.trim() {
+        "full" => Some(SessionDefaultView::Full),
+        "compressed" => Some(SessionDefaultView::Compressed),
+        _ => None,
+    }
+}
+
+#[tauri::command]
+pub(crate) fn desktop_get_runtime_settings() -> DesktopApiResult<DesktopRuntimeSettingsResponse> {
+    let config = load_runtime_config()?;
+    let session_default_view = match config.daemon.session_default_view {
+        SessionDefaultView::Full => "full",
+        SessionDefaultView::Compressed => "compressed",
+    }
+    .to_string();
+
+    Ok(DesktopRuntimeSettingsResponse {
+        session_default_view,
+        summary: desktop_summary_settings_from_runtime(&config),
+        vector_search: desktop_vector_settings_from_runtime(&config),
+        change_reader: desktop_change_reader_settings_from_runtime(&config),
+        lifecycle: desktop_lifecycle_settings_from_runtime(&config),
+        ui_constraints: DesktopRuntimeSummaryUiConstraints {
+            source_mode_locked: true,
+            source_mode_locked_value: DesktopSummarySourceMode::SessionOnly,
+        },
+    })
+}
+
+#[tauri::command]
+pub(crate) fn desktop_update_runtime_settings(
+    request: DesktopRuntimeSettingsUpdateRequest,
+) -> DesktopApiResult<DesktopRuntimeSettingsResponse> {
+    let mut config = load_runtime_config()?;
+    let current_summary_backend = config.summary.storage.backend.clone();
+    let mut requested_summary_backend: Option<SummaryStorageBackend> = None;
+
+    if let Some(session_default_view) = request.session_default_view.as_deref() {
+        let mapped = map_session_default_view_from_str(session_default_view).ok_or_else(|| {
+            desktop_error(
+                "desktop.runtime_settings_invalid_view",
+                422,
+                "invalid session_default_view (expected full|compressed)",
+                Some(json!({ "session_default_view": session_default_view })),
+            )
+        })?;
+        config.daemon.session_default_view = mapped;
+    }
+
+    if let Some(summary) = request.summary {
+        if !matches!(summary.source_mode, DesktopSummarySourceMode::SessionOnly) {
+            return Err(desktop_error(
+                "desktop.runtime_settings_source_mode_locked",
+                422,
+                "desktop source_mode is locked to session_only",
+                Some(json!({ "source_mode": summary.source_mode })),
+            ));
+        }
+        validate_summary_prompt_template(summary.prompt.template.as_str()).map_err(|cause| {
+            desktop_error(
+                "desktop.runtime_settings_invalid_prompt_template",
+                422,
+                "invalid summary.prompt.template",
+                Some(json!({ "cause": cause })),
+            )
+        })?;
+
+        config.summary.provider.id = map_summary_provider_id_to_runtime(&summary.provider.id);
+        config.summary.provider.endpoint = summary.provider.endpoint.trim().to_string();
+        config.summary.provider.model = summary.provider.model.trim().to_string();
+        config.summary.prompt.template = summary.prompt.template;
+        config.summary.response.style =
+            map_summary_response_style_to_runtime(&summary.response.style);
+        config.summary.response.shape =
+            map_summary_output_shape_to_runtime(&summary.response.shape);
+        config.summary.storage.trigger =
+            map_summary_trigger_mode_to_runtime(&summary.storage.trigger);
+        let mapped_backend = map_summary_storage_backend_to_runtime(&summary.storage.backend);
+        config.summary.storage.backend = mapped_backend.clone();
+        requested_summary_backend = Some(mapped_backend);
+        config.summary.source_mode = map_summary_source_mode_to_runtime(&summary.source_mode);
+        if summary.batch.recent_days == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_summary_batch_recent_days",
+                422,
+                "summary.batch.recent_days must be greater than zero",
+                Some(json!({ "recent_days": summary.batch.recent_days })),
+            ));
+        }
+        config.summary.batch.execution_mode =
+            map_summary_batch_execution_mode_to_runtime(&summary.batch.execution_mode);
+        config.summary.batch.scope = map_summary_batch_scope_to_runtime(&summary.batch.scope);
+        config.summary.batch.recent_days = summary.batch.recent_days.max(1);
+    }
+
+    if let Some(vector_search) = request.vector_search {
+        if vector_search.chunk_size_lines == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_vector_chunk_size",
+                422,
+                "vector_search.chunk_size_lines must be greater than zero",
+                Some(json!({ "chunk_size_lines": vector_search.chunk_size_lines })),
+            ));
+        }
+        if vector_search.chunk_overlap_lines >= vector_search.chunk_size_lines {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_vector_overlap",
+                422,
+                "vector_search.chunk_overlap_lines must be smaller than chunk_size_lines",
+                Some(json!({
+                    "chunk_size_lines": vector_search.chunk_size_lines,
+                    "chunk_overlap_lines": vector_search.chunk_overlap_lines
+                })),
+            ));
+        }
+        if vector_search.top_k_chunks == 0 || vector_search.top_k_sessions == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_vector_limits",
+                422,
+                "vector_search.top_k_chunks and vector_search.top_k_sessions must be greater than zero",
+                Some(json!({
+                    "top_k_chunks": vector_search.top_k_chunks,
+                    "top_k_sessions": vector_search.top_k_sessions
+                })),
+            ));
+        }
+
+        config.vector_search.enabled = vector_search.enabled;
+        config.vector_search.provider = map_vector_provider_to_runtime(&vector_search.provider);
+        config.vector_search.model = vector_search.model.trim().to_string();
+        config.vector_search.endpoint = vector_search.endpoint.trim().to_string();
+        config.vector_search.granularity =
+            map_vector_granularity_to_runtime(&vector_search.granularity);
+        config.vector_search.chunking_mode =
+            map_vector_chunking_mode_to_runtime(&vector_search.chunking_mode);
+        config.vector_search.chunk_size_lines = vector_search.chunk_size_lines.max(1);
+        config.vector_search.chunk_overlap_lines = vector_search.chunk_overlap_lines;
+        config.vector_search.top_k_chunks = vector_search.top_k_chunks.max(1);
+        config.vector_search.top_k_sessions = vector_search.top_k_sessions.max(1);
+
+        if config.vector_search.model.trim().is_empty() {
+            config.vector_search.model = "bge-m3".to_string();
+        }
+        if config.vector_search.endpoint.trim().is_empty() {
+            config.vector_search.endpoint = "http://127.0.0.1:11434".to_string();
+        }
+
+        if config.vector_search.enabled {
+            let preflight = vector_preflight_for_runtime(&config);
+            if !preflight.model_installed {
+                return Err(desktop_error(
+                    "desktop.vector_model_not_installed",
+                    422,
+                    "cannot enable vector search because model is not installed",
+                    Some(json!({
+                        "model": preflight.model,
+                        "endpoint": preflight.endpoint,
+                        "hint": "install model from Settings > Vector Search first"
+                    })),
+                ));
+            }
+        }
+    }
+
+    if let Some(change_reader) = request.change_reader {
+        if change_reader.max_context_chars == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_change_reader_context",
+                422,
+                "change_reader.max_context_chars must be greater than zero",
+                Some(json!({ "max_context_chars": change_reader.max_context_chars })),
+            ));
+        }
+        config.change_reader.enabled = change_reader.enabled;
+        config.change_reader.scope = map_change_reader_scope_to_runtime(&change_reader.scope);
+        config.change_reader.qa_enabled = change_reader.qa_enabled;
+        config.change_reader.max_context_chars = change_reader.max_context_chars.max(1);
+        config.change_reader.voice.enabled = change_reader.voice.enabled;
+        config.change_reader.voice.provider =
+            map_change_reader_voice_provider_to_runtime(&change_reader.voice.provider);
+        config.change_reader.voice.model = change_reader.voice.model.trim().to_string();
+        config.change_reader.voice.voice = change_reader.voice.voice.trim().to_string();
+        if let Some(api_key) = change_reader.voice.api_key {
+            config.change_reader.voice.api_key = api_key.trim().to_string();
+        }
+        if config.change_reader.voice.model.trim().is_empty() {
+            config.change_reader.voice.model = "gpt-4o-mini-tts".to_string();
+        }
+        if config.change_reader.voice.voice.trim().is_empty() {
+            config.change_reader.voice.voice = "alloy".to_string();
+        }
+        if config.change_reader.voice.enabled
+            && config.change_reader.voice.api_key.trim().is_empty()
+        {
+            return Err(desktop_error(
+                "desktop.runtime_settings_change_reader_voice_api_key_required",
+                422,
+                "voice playback requires a configured API key",
+                Some(json!({
+                    "provider": enum_label(&config.change_reader.voice.provider),
+                    "hint": "add a Voice API key in Settings > Runtime > Change Reader before enabling voice playback"
+                })),
+            ));
+        }
+    }
+
+    if let Some(lifecycle) = request.lifecycle {
+        if lifecycle.session_ttl_days == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_session_ttl_days",
+                422,
+                "lifecycle.session_ttl_days must be greater than zero",
+                Some(json!({ "session_ttl_days": lifecycle.session_ttl_days })),
+            ));
+        }
+        if lifecycle.summary_ttl_days == 0 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_summary_ttl_days",
+                422,
+                "lifecycle.summary_ttl_days must be greater than zero",
+                Some(json!({ "summary_ttl_days": lifecycle.summary_ttl_days })),
+            ));
+        }
+        if lifecycle.cleanup_interval_secs < 60 {
+            return Err(desktop_error(
+                "desktop.runtime_settings_invalid_cleanup_interval",
+                422,
+                "lifecycle.cleanup_interval_secs must be at least 60 seconds",
+                Some(json!({ "cleanup_interval_secs": lifecycle.cleanup_interval_secs })),
+            ));
+        }
+
+        config.lifecycle = LifecycleSettings {
+            enabled: lifecycle.enabled,
+            session_ttl_days: lifecycle.session_ttl_days.max(1),
+            summary_ttl_days: lifecycle.summary_ttl_days.max(1),
+            cleanup_interval_secs: lifecycle.cleanup_interval_secs.max(60),
+        };
+    }
+
+    if let Some(target_summary_backend) = requested_summary_backend {
+        if target_summary_backend != current_summary_backend {
+            let db = open_local_db()?;
+            let stats = migrate_summary_storage_backend(
+                &db,
+                &current_summary_backend,
+                &target_summary_backend,
+            )?;
+            if stats.migrated_summaries > 0 {
+                eprintln!(
+                    "summary storage migration complete: {} -> {} (migrated {} of {} summaries across {} sessions)",
+                    enum_label(&current_summary_backend),
+                    enum_label(&target_summary_backend),
+                    stats.migrated_summaries,
+                    stats.found_summaries,
+                    stats.scanned_sessions,
+                );
+            }
+        }
+    }
+
+    save_runtime_config(&config)?;
+    desktop_get_runtime_settings()
+}
+
+#[tauri::command]
+pub(crate) fn desktop_detect_summary_provider() -> DesktopSummaryProviderDetectResponse {
+    if let Some(profile) = opensession_summary::detect_summary_provider() {
+        return DesktopSummaryProviderDetectResponse {
+            detected: true,
+            provider: Some(map_summary_provider_id_from_runtime(&profile.provider)),
+            transport: Some(map_summary_transport_from_runtime(
+                &profile.provider.transport(),
+            )),
+            model: (!profile.model.trim().is_empty()).then_some(profile.model),
+            endpoint: (!profile.endpoint.trim().is_empty()).then_some(profile.endpoint),
+        };
+    }
+
+    DesktopSummaryProviderDetectResponse {
+        detected: false,
+        provider: None,
+        transport: None,
+        model: None,
+        endpoint: None,
+    }
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index b4c72ddc..30652f6f 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -9,6 +9,9 @@ use app::change_reader::{
 use app::handoff::{desktop_build_handoff, desktop_share_session_quick};
 use app::launch_route::desktop_take_launch_route;
 use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
+use app::runtime_settings::{
+    desktop_detect_summary_provider, desktop_get_runtime_settings, desktop_update_runtime_settings,
+};
 use app::session_access::{
     desktop_get_session_detail, desktop_get_session_raw, desktop_list_repos, desktop_list_sessions,
 };
@@ -25,7 +28,6 @@ use app::session_query::{SearchMode, build_local_filter_with_mode};
 use app::session_summary::{
     desktop_get_session_summary, desktop_regenerate_session_summary, desktop_summary_batch_run,
     desktop_summary_batch_status, maybe_start_summary_batch_on_app_start,
-    migrate_summary_storage_backend,
 };
 #[cfg(test)]
 use app::vector::{
@@ -35,8 +37,7 @@ use app::vector::{
 };
 use app::vector::{
     desktop_search_sessions_vector, desktop_vector_index_rebuild, desktop_vector_index_status,
-    desktop_vector_install_model, desktop_vector_preflight, vector_embed_endpoint,
-    vector_embed_model, vector_preflight_for_runtime,
+    desktop_vector_install_model, desktop_vector_preflight,
 };
 #[cfg(test)]
 use app::{
@@ -44,31 +45,13 @@ use app::{
     lifecycle_cleanup::run_desktop_lifecycle_cleanup_once_with_db,
 };
 use opensession_api::{
-    CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError, DesktopChangeReaderScope,
-    DesktopChangeReaderVoiceProvider, DesktopContractVersionResponse, DesktopLifecycleCleanupState,
-    DesktopLifecycleCleanupStatusResponse, DesktopRuntimeChangeReaderSettings,
-    DesktopRuntimeChangeReaderVoiceSettings, DesktopRuntimeLifecycleSettings,
-    DesktopRuntimeSettingsResponse, DesktopRuntimeSettingsUpdateRequest,
-    DesktopRuntimeSummaryBatchSettings, DesktopRuntimeSummaryPromptSettings,
-    DesktopRuntimeSummaryProviderSettings, DesktopRuntimeSummaryResponseSettings,
-    DesktopRuntimeSummarySettings, DesktopRuntimeSummaryStorageSettings,
-    DesktopRuntimeSummaryUiConstraints, DesktopRuntimeVectorSearchSettings,
-    DesktopSessionListQuery, DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope,
-    DesktopSummaryOutputShape, DesktopSummaryProviderDetectResponse, DesktopSummaryProviderId,
-    DesktopSummaryProviderTransport, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
-    DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorChunkingMode,
-    DesktopVectorSearchGranularity, DesktopVectorSearchProvider,
+    CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
+    DesktopContractVersionResponse, DesktopLifecycleCleanupState,
+    DesktopLifecycleCleanupStatusResponse, DesktopSessionListQuery,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
 use opensession_local_db::{LifecycleCleanupJobRow, LocalDb};
-use opensession_runtime_config::{
-    ChangeReaderScope, ChangeReaderVoiceProvider, DaemonConfig, LifecycleSettings,
-    SessionDefaultView, SummaryBatchExecutionMode as RuntimeSummaryBatchExecutionMode,
-    SummaryBatchScope as RuntimeSummaryBatchScope, SummaryOutputShape, SummaryProvider,
-    SummaryResponseStyle, SummarySourceMode, SummaryStorageBackend, SummaryTriggerMode,
-    VectorChunkingMode, VectorSearchGranularity, VectorSearchProvider,
-};
-use opensession_summary::validate_summary_prompt_template;
+use opensession_runtime_config::DaemonConfig;
 use serde_json::json;
 use std::path::PathBuf;
 use std::sync::{LazyLock, Mutex};
@@ -254,324 +237,6 @@ fn set_lifecycle_cleanup_job_snapshot(
     })
 }
 
-fn map_summary_provider_id_from_runtime(value: &SummaryProvider) -> DesktopSummaryProviderId {
-    match value {
-        SummaryProvider::Disabled => DesktopSummaryProviderId::Disabled,
-        SummaryProvider::Ollama => DesktopSummaryProviderId::Ollama,
-        SummaryProvider::CodexExec => DesktopSummaryProviderId::CodexExec,
-        SummaryProvider::ClaudeCli => DesktopSummaryProviderId::ClaudeCli,
-    }
-}
-
-fn map_summary_provider_id_to_runtime(value: &DesktopSummaryProviderId) -> SummaryProvider {
-    match value {
-        DesktopSummaryProviderId::Disabled => SummaryProvider::Disabled,
-        DesktopSummaryProviderId::Ollama => SummaryProvider::Ollama,
-        DesktopSummaryProviderId::CodexExec => SummaryProvider::CodexExec,
-        DesktopSummaryProviderId::ClaudeCli => SummaryProvider::ClaudeCli,
-    }
-}
-
-fn map_summary_transport_from_runtime(
-    value: &opensession_runtime_config::SummaryProviderTransport,
-) -> DesktopSummaryProviderTransport {
-    match value {
-        opensession_runtime_config::SummaryProviderTransport::None => {
-            DesktopSummaryProviderTransport::None
-        }
-        opensession_runtime_config::SummaryProviderTransport::Cli => {
-            DesktopSummaryProviderTransport::Cli
-        }
-        opensession_runtime_config::SummaryProviderTransport::Http => {
-            DesktopSummaryProviderTransport::Http
-        }
-    }
-}
-
-fn map_summary_source_mode_from_runtime(value: &SummarySourceMode) -> DesktopSummarySourceMode {
-    match value {
-        SummarySourceMode::SessionOnly => DesktopSummarySourceMode::SessionOnly,
-        SummarySourceMode::SessionOrGitChanges => DesktopSummarySourceMode::SessionOrGitChanges,
-    }
-}
-
-fn map_summary_source_mode_to_runtime(value: &DesktopSummarySourceMode) -> SummarySourceMode {
-    match value {
-        DesktopSummarySourceMode::SessionOnly => SummarySourceMode::SessionOnly,
-        DesktopSummarySourceMode::SessionOrGitChanges => SummarySourceMode::SessionOrGitChanges,
-    }
-}
-
-fn map_summary_response_style_from_runtime(
-    value: &SummaryResponseStyle,
-) -> DesktopSummaryResponseStyle {
-    match value {
-        SummaryResponseStyle::Compact => DesktopSummaryResponseStyle::Compact,
-        SummaryResponseStyle::Standard => DesktopSummaryResponseStyle::Standard,
-        SummaryResponseStyle::Detailed => DesktopSummaryResponseStyle::Detailed,
-    }
-}
-
-fn map_summary_response_style_to_runtime(
-    value: &DesktopSummaryResponseStyle,
-) -> SummaryResponseStyle {
-    match value {
-        DesktopSummaryResponseStyle::Compact => SummaryResponseStyle::Compact,
-        DesktopSummaryResponseStyle::Standard => SummaryResponseStyle::Standard,
-        DesktopSummaryResponseStyle::Detailed => SummaryResponseStyle::Detailed,
-    }
-}
-
-fn map_summary_output_shape_from_runtime(value: &SummaryOutputShape) -> DesktopSummaryOutputShape {
-    match value {
-        SummaryOutputShape::Layered => DesktopSummaryOutputShape::Layered,
-        SummaryOutputShape::FileList => DesktopSummaryOutputShape::FileList,
-        SummaryOutputShape::SecurityFirst => DesktopSummaryOutputShape::SecurityFirst,
-    }
-}
-
-fn map_summary_output_shape_to_runtime(value: &DesktopSummaryOutputShape) -> SummaryOutputShape {
-    match value {
-        DesktopSummaryOutputShape::Layered => SummaryOutputShape::Layered,
-        DesktopSummaryOutputShape::FileList => SummaryOutputShape::FileList,
-        DesktopSummaryOutputShape::SecurityFirst => SummaryOutputShape::SecurityFirst,
-    }
-}
-
-fn map_summary_trigger_mode_from_runtime(value: &SummaryTriggerMode) -> DesktopSummaryTriggerMode {
-    match value {
-        SummaryTriggerMode::Manual => DesktopSummaryTriggerMode::Manual,
-        SummaryTriggerMode::OnSessionSave => DesktopSummaryTriggerMode::OnSessionSave,
-    }
-}
-
-fn map_summary_trigger_mode_to_runtime(value: &DesktopSummaryTriggerMode) -> SummaryTriggerMode {
-    match value {
-        DesktopSummaryTriggerMode::Manual => SummaryTriggerMode::Manual,
-        DesktopSummaryTriggerMode::OnSessionSave => SummaryTriggerMode::OnSessionSave,
-    }
-}
-
-fn map_summary_storage_backend_from_runtime(
-    value: &SummaryStorageBackend,
-) -> DesktopSummaryStorageBackend {
-    match value {
-        SummaryStorageBackend::HiddenRef => DesktopSummaryStorageBackend::HiddenRef,
-        SummaryStorageBackend::LocalDb => DesktopSummaryStorageBackend::LocalDb,
-        SummaryStorageBackend::None => DesktopSummaryStorageBackend::None,
-    }
-}
-
-fn map_summary_storage_backend_to_runtime(
-    value: &DesktopSummaryStorageBackend,
-) -> SummaryStorageBackend {
-    match value {
-        DesktopSummaryStorageBackend::HiddenRef => SummaryStorageBackend::HiddenRef,
-        DesktopSummaryStorageBackend::LocalDb => SummaryStorageBackend::LocalDb,
-        DesktopSummaryStorageBackend::None => SummaryStorageBackend::None,
-    }
-}
-
-fn map_summary_batch_execution_mode_from_runtime(
-    value: &RuntimeSummaryBatchExecutionMode,
-) -> DesktopSummaryBatchExecutionMode {
-    match value {
-        RuntimeSummaryBatchExecutionMode::Manual => DesktopSummaryBatchExecutionMode::Manual,
-        RuntimeSummaryBatchExecutionMode::OnAppStart => {
-            DesktopSummaryBatchExecutionMode::OnAppStart
-        }
-    }
-}
-
-fn map_summary_batch_execution_mode_to_runtime(
-    value: &DesktopSummaryBatchExecutionMode,
-) -> RuntimeSummaryBatchExecutionMode {
-    match value {
-        DesktopSummaryBatchExecutionMode::Manual => RuntimeSummaryBatchExecutionMode::Manual,
-        DesktopSummaryBatchExecutionMode::OnAppStart => {
-            RuntimeSummaryBatchExecutionMode::OnAppStart
-        }
-    }
-}
-
-fn map_summary_batch_scope_from_runtime(
-    value: &RuntimeSummaryBatchScope,
-) -> DesktopSummaryBatchScope {
-    match value {
-        RuntimeSummaryBatchScope::RecentDays => DesktopSummaryBatchScope::RecentDays,
-        RuntimeSummaryBatchScope::All => DesktopSummaryBatchScope::All,
-    }
-}
-
-fn map_summary_batch_scope_to_runtime(
-    value: &DesktopSummaryBatchScope,
-) -> RuntimeSummaryBatchScope {
-    match value {
-        DesktopSummaryBatchScope::RecentDays => RuntimeSummaryBatchScope::RecentDays,
-        DesktopSummaryBatchScope::All => RuntimeSummaryBatchScope::All,
-    }
-}
-
-fn map_vector_provider_from_runtime(value: &VectorSearchProvider) -> DesktopVectorSearchProvider {
-    match value {
-        VectorSearchProvider::Ollama => DesktopVectorSearchProvider::Ollama,
-    }
-}
-
-fn map_vector_provider_to_runtime(value: &DesktopVectorSearchProvider) -> VectorSearchProvider {
-    match value {
-        DesktopVectorSearchProvider::Ollama => VectorSearchProvider::Ollama,
-    }
-}
-
-fn map_vector_granularity_from_runtime(
-    value: &VectorSearchGranularity,
-) -> DesktopVectorSearchGranularity {
-    match value {
-        VectorSearchGranularity::EventLineChunk => DesktopVectorSearchGranularity::EventLineChunk,
-    }
-}
-
-fn map_vector_granularity_to_runtime(
-    value: &DesktopVectorSearchGranularity,
-) -> VectorSearchGranularity {
-    match value {
-        DesktopVectorSearchGranularity::EventLineChunk => VectorSearchGranularity::EventLineChunk,
-    }
-}
-
-fn map_vector_chunking_mode_from_runtime(value: &VectorChunkingMode) -> DesktopVectorChunkingMode {
-    match value {
-        VectorChunkingMode::Auto => DesktopVectorChunkingMode::Auto,
-        VectorChunkingMode::Manual => DesktopVectorChunkingMode::Manual,
-    }
-}
-
-fn map_vector_chunking_mode_to_runtime(value: &DesktopVectorChunkingMode) -> VectorChunkingMode {
-    match value {
-        DesktopVectorChunkingMode::Auto => VectorChunkingMode::Auto,
-        DesktopVectorChunkingMode::Manual => VectorChunkingMode::Manual,
-    }
-}
-
-fn map_change_reader_scope_from_runtime(value: &ChangeReaderScope) -> DesktopChangeReaderScope {
-    match value {
-        ChangeReaderScope::SummaryOnly => DesktopChangeReaderScope::SummaryOnly,
-        ChangeReaderScope::FullContext => DesktopChangeReaderScope::FullContext,
-    }
-}
-
-fn map_change_reader_scope_to_runtime(value: &DesktopChangeReaderScope) -> ChangeReaderScope {
-    match value {
-        DesktopChangeReaderScope::SummaryOnly => ChangeReaderScope::SummaryOnly,
-        DesktopChangeReaderScope::FullContext => ChangeReaderScope::FullContext,
-    }
-}
-
-fn map_change_reader_voice_provider_from_runtime(
-    value: &ChangeReaderVoiceProvider,
-) -> DesktopChangeReaderVoiceProvider {
-    match value {
-        ChangeReaderVoiceProvider::Openai => DesktopChangeReaderVoiceProvider::Openai,
-    }
-}
-
-fn map_change_reader_voice_provider_to_runtime(
-    value: &DesktopChangeReaderVoiceProvider,
-) -> ChangeReaderVoiceProvider {
-    match value {
-        DesktopChangeReaderVoiceProvider::Openai => ChangeReaderVoiceProvider::Openai,
-    }
-}
-
-fn desktop_summary_settings_from_runtime(config: &DaemonConfig) -> DesktopRuntimeSummarySettings {
-    let source_mode = SummarySourceMode::SessionOnly;
-    DesktopRuntimeSummarySettings {
-        provider: DesktopRuntimeSummaryProviderSettings {
-            id: map_summary_provider_id_from_runtime(&config.summary.provider.id),
-            transport: map_summary_transport_from_runtime(&config.summary.provider_transport()),
-            endpoint: config.summary.provider.endpoint.clone(),
-            model: config.summary.provider.model.clone(),
-        },
-        prompt: DesktopRuntimeSummaryPromptSettings {
-            template: config.summary.prompt.template.clone(),
-            default_template: opensession_summary::DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-        },
-        response: DesktopRuntimeSummaryResponseSettings {
-            style: map_summary_response_style_from_runtime(&config.summary.response.style),
-            shape: map_summary_output_shape_from_runtime(&config.summary.response.shape),
-        },
-        storage: DesktopRuntimeSummaryStorageSettings {
-            trigger: map_summary_trigger_mode_from_runtime(&config.summary.storage.trigger),
-            backend: map_summary_storage_backend_from_runtime(&config.summary.storage.backend),
-        },
-        source_mode: map_summary_source_mode_from_runtime(&source_mode),
-        batch: DesktopRuntimeSummaryBatchSettings {
-            execution_mode: map_summary_batch_execution_mode_from_runtime(
-                &config.summary.batch.execution_mode,
-            ),
-            scope: map_summary_batch_scope_from_runtime(&config.summary.batch.scope),
-            recent_days: config.summary.batch.recent_days.max(1),
-        },
-    }
-}
-
-fn desktop_lifecycle_settings_from_runtime(
-    config: &DaemonConfig,
-) -> DesktopRuntimeLifecycleSettings {
-    DesktopRuntimeLifecycleSettings {
-        enabled: config.lifecycle.enabled,
-        session_ttl_days: config.lifecycle.session_ttl_days.max(1),
-        summary_ttl_days: config.lifecycle.summary_ttl_days.max(1),
-        cleanup_interval_secs: config.lifecycle.cleanup_interval_secs.max(60),
-    }
-}
-
-fn desktop_vector_settings_from_runtime(
-    config: &DaemonConfig,
-) -> DesktopRuntimeVectorSearchSettings {
-    DesktopRuntimeVectorSearchSettings {
-        enabled: config.vector_search.enabled,
-        provider: map_vector_provider_from_runtime(&config.vector_search.provider),
-        model: vector_embed_model(config),
-        endpoint: vector_embed_endpoint(config),
-        granularity: map_vector_granularity_from_runtime(&config.vector_search.granularity),
-        chunking_mode: map_vector_chunking_mode_from_runtime(&config.vector_search.chunking_mode),
-        chunk_size_lines: config.vector_search.chunk_size_lines.max(1),
-        chunk_overlap_lines: config.vector_search.chunk_overlap_lines,
-        top_k_chunks: config.vector_search.top_k_chunks.max(1),
-        top_k_sessions: config.vector_search.top_k_sessions.max(1),
-    }
-}
-
-fn desktop_change_reader_settings_from_runtime(
-    config: &DaemonConfig,
-) -> DesktopRuntimeChangeReaderSettings {
-    DesktopRuntimeChangeReaderSettings {
-        enabled: config.change_reader.enabled,
-        scope: map_change_reader_scope_from_runtime(&config.change_reader.scope),
-        qa_enabled: config.change_reader.qa_enabled,
-        max_context_chars: config.change_reader.max_context_chars.max(1),
-        voice: DesktopRuntimeChangeReaderVoiceSettings {
-            enabled: config.change_reader.voice.enabled,
-            provider: map_change_reader_voice_provider_from_runtime(
-                &config.change_reader.voice.provider,
-            ),
-            model: config.change_reader.voice.model.clone(),
-            voice: config.change_reader.voice.voice.clone(),
-            api_key_configured: !config.change_reader.voice.api_key.trim().is_empty(),
-        },
-    }
-}
-
-fn map_session_default_view_from_str(raw: &str) -> Option<SessionDefaultView> {
-    match raw.trim() {
-        "full" => Some(SessionDefaultView::Full),
-        "compressed" => Some(SessionDefaultView::Compressed),
-        _ => None,
-    }
-}
-
 #[tauri::command]
 fn desktop_get_capabilities() -> CapabilitiesResponse {
     CapabilitiesResponse::for_runtime(false, false)
@@ -597,287 +262,6 @@ fn desktop_get_docs_markdown() -> String {
     include_str!("../../../docs.md").to_string()
 }
 
-#[tauri::command]
-fn desktop_get_runtime_settings() -> DesktopApiResult<DesktopRuntimeSettingsResponse> {
-    let config = load_runtime_config()?;
-    let session_default_view = match config.daemon.session_default_view {
-        SessionDefaultView::Full => "full",
-        SessionDefaultView::Compressed => "compressed",
-    }
-    .to_string();
-
-    Ok(DesktopRuntimeSettingsResponse {
-        session_default_view,
-        summary: desktop_summary_settings_from_runtime(&config),
-        vector_search: desktop_vector_settings_from_runtime(&config),
-        change_reader: desktop_change_reader_settings_from_runtime(&config),
-        lifecycle: desktop_lifecycle_settings_from_runtime(&config),
-        ui_constraints: DesktopRuntimeSummaryUiConstraints {
-            source_mode_locked: true,
-            source_mode_locked_value: DesktopSummarySourceMode::SessionOnly,
-        },
-    })
-}
-
-#[tauri::command]
-fn desktop_update_runtime_settings(
-    request: DesktopRuntimeSettingsUpdateRequest,
-) -> DesktopApiResult<DesktopRuntimeSettingsResponse> {
-    let mut config = load_runtime_config()?;
-    let current_summary_backend = config.summary.storage.backend.clone();
-    let mut requested_summary_backend: Option<SummaryStorageBackend> = None;
-
-    if let Some(session_default_view) = request.session_default_view.as_deref() {
-        let mapped = map_session_default_view_from_str(session_default_view).ok_or_else(|| {
-            desktop_error(
-                "desktop.runtime_settings_invalid_view",
-                422,
-                "invalid session_default_view (expected full|compressed)",
-                Some(json!({ "session_default_view": session_default_view })),
-            )
-        })?;
-        config.daemon.session_default_view = mapped;
-    }
-
-    if let Some(summary) = request.summary {
-        if !matches!(summary.source_mode, DesktopSummarySourceMode::SessionOnly) {
-            return Err(desktop_error(
-                "desktop.runtime_settings_source_mode_locked",
-                422,
-                "desktop source_mode is locked to session_only",
-                Some(json!({ "source_mode": summary.source_mode })),
-            ));
-        }
-        validate_summary_prompt_template(summary.prompt.template.as_str()).map_err(|cause| {
-            desktop_error(
-                "desktop.runtime_settings_invalid_prompt_template",
-                422,
-                "invalid summary.prompt.template",
-                Some(json!({ "cause": cause })),
-            )
-        })?;
-
-        config.summary.provider.id = map_summary_provider_id_to_runtime(&summary.provider.id);
-        config.summary.provider.endpoint = summary.provider.endpoint.trim().to_string();
-        config.summary.provider.model = summary.provider.model.trim().to_string();
-        config.summary.prompt.template = summary.prompt.template;
-        config.summary.response.style =
-            map_summary_response_style_to_runtime(&summary.response.style);
-        config.summary.response.shape =
-            map_summary_output_shape_to_runtime(&summary.response.shape);
-        config.summary.storage.trigger =
-            map_summary_trigger_mode_to_runtime(&summary.storage.trigger);
-        let mapped_backend = map_summary_storage_backend_to_runtime(&summary.storage.backend);
-        config.summary.storage.backend = mapped_backend.clone();
-        requested_summary_backend = Some(mapped_backend);
-        config.summary.source_mode = map_summary_source_mode_to_runtime(&summary.source_mode);
-        if summary.batch.recent_days == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_summary_batch_recent_days",
-                422,
-                "summary.batch.recent_days must be greater than zero",
-                Some(json!({ "recent_days": summary.batch.recent_days })),
-            ));
-        }
-        config.summary.batch.execution_mode =
-            map_summary_batch_execution_mode_to_runtime(&summary.batch.execution_mode);
-        config.summary.batch.scope = map_summary_batch_scope_to_runtime(&summary.batch.scope);
-        config.summary.batch.recent_days = summary.batch.recent_days.max(1);
-    }
-
-    if let Some(vector_search) = request.vector_search {
-        if vector_search.chunk_size_lines == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_vector_chunk_size",
-                422,
-                "vector_search.chunk_size_lines must be greater than zero",
-                Some(json!({ "chunk_size_lines": vector_search.chunk_size_lines })),
-            ));
-        }
-        if vector_search.chunk_overlap_lines >= vector_search.chunk_size_lines {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_vector_overlap",
-                422,
-                "vector_search.chunk_overlap_lines must be smaller than chunk_size_lines",
-                Some(json!({
-                    "chunk_size_lines": vector_search.chunk_size_lines,
-                    "chunk_overlap_lines": vector_search.chunk_overlap_lines
-                })),
-            ));
-        }
-        if vector_search.top_k_chunks == 0 || vector_search.top_k_sessions == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_vector_limits",
-                422,
-                "vector_search.top_k_chunks and vector_search.top_k_sessions must be greater than zero",
-                Some(json!({
-                    "top_k_chunks": vector_search.top_k_chunks,
-                    "top_k_sessions": vector_search.top_k_sessions
-                })),
-            ));
-        }
-
-        config.vector_search.enabled = vector_search.enabled;
-        config.vector_search.provider = map_vector_provider_to_runtime(&vector_search.provider);
-        config.vector_search.model = vector_search.model.trim().to_string();
-        config.vector_search.endpoint = vector_search.endpoint.trim().to_string();
-        config.vector_search.granularity =
-            map_vector_granularity_to_runtime(&vector_search.granularity);
-        config.vector_search.chunking_mode =
-            map_vector_chunking_mode_to_runtime(&vector_search.chunking_mode);
-        config.vector_search.chunk_size_lines = vector_search.chunk_size_lines.max(1);
-        config.vector_search.chunk_overlap_lines = vector_search.chunk_overlap_lines;
-        config.vector_search.top_k_chunks = vector_search.top_k_chunks.max(1);
-        config.vector_search.top_k_sessions = vector_search.top_k_sessions.max(1);
-
-        if config.vector_search.model.trim().is_empty() {
-            config.vector_search.model = "bge-m3".to_string();
-        }
-        if config.vector_search.endpoint.trim().is_empty() {
-            config.vector_search.endpoint = "http://127.0.0.1:11434".to_string();
-        }
-
-        if config.vector_search.enabled {
-            let preflight = vector_preflight_for_runtime(&config);
-            if !preflight.model_installed {
-                return Err(desktop_error(
-                    "desktop.vector_model_not_installed",
-                    422,
-                    "cannot enable vector search because model is not installed",
-                    Some(json!({
-                        "model": preflight.model,
-                        "endpoint": preflight.endpoint,
-                        "hint": "install model from Settings > Vector Search first"
-                    })),
-                ));
-            }
-        }
-    }
-
-    if let Some(change_reader) = request.change_reader {
-        if change_reader.max_context_chars == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_change_reader_context",
-                422,
-                "change_reader.max_context_chars must be greater than zero",
-                Some(json!({ "max_context_chars": change_reader.max_context_chars })),
-            ));
-        }
-        config.change_reader.enabled = change_reader.enabled;
-        config.change_reader.scope = map_change_reader_scope_to_runtime(&change_reader.scope);
-        config.change_reader.qa_enabled = change_reader.qa_enabled;
-        config.change_reader.max_context_chars = change_reader.max_context_chars.max(1);
-        config.change_reader.voice.enabled = change_reader.voice.enabled;
-        config.change_reader.voice.provider =
-            map_change_reader_voice_provider_to_runtime(&change_reader.voice.provider);
-        config.change_reader.voice.model = change_reader.voice.model.trim().to_string();
-        config.change_reader.voice.voice = change_reader.voice.voice.trim().to_string();
-        if let Some(api_key) = change_reader.voice.api_key {
-            config.change_reader.voice.api_key = api_key.trim().to_string();
-        }
-        if config.change_reader.voice.model.trim().is_empty() {
-            config.change_reader.voice.model = "gpt-4o-mini-tts".to_string();
-        }
-        if config.change_reader.voice.voice.trim().is_empty() {
-            config.change_reader.voice.voice = "alloy".to_string();
-        }
-        if config.change_reader.voice.enabled
-            && config.change_reader.voice.api_key.trim().is_empty()
-        {
-            return Err(desktop_error(
-                "desktop.runtime_settings_change_reader_voice_api_key_required",
-                422,
-                "voice playback requires a configured API key",
-                Some(json!({
-                    "provider": enum_label(&config.change_reader.voice.provider),
-                    "hint": "add a Voice API key in Settings > Runtime > Change Reader before enabling voice playback"
-                })),
-            ));
-        }
-    }
-
-    if let Some(lifecycle) = request.lifecycle {
-        if lifecycle.session_ttl_days == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_session_ttl_days",
-                422,
-                "lifecycle.session_ttl_days must be greater than zero",
-                Some(json!({ "session_ttl_days": lifecycle.session_ttl_days })),
-            ));
-        }
-        if lifecycle.summary_ttl_days == 0 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_summary_ttl_days",
-                422,
-                "lifecycle.summary_ttl_days must be greater than zero",
-                Some(json!({ "summary_ttl_days": lifecycle.summary_ttl_days })),
-            ));
-        }
-        if lifecycle.cleanup_interval_secs < 60 {
-            return Err(desktop_error(
-                "desktop.runtime_settings_invalid_cleanup_interval",
-                422,
-                "lifecycle.cleanup_interval_secs must be at least 60 seconds",
-                Some(json!({ "cleanup_interval_secs": lifecycle.cleanup_interval_secs })),
-            ));
-        }
-
-        config.lifecycle = LifecycleSettings {
-            enabled: lifecycle.enabled,
-            session_ttl_days: lifecycle.session_ttl_days.max(1),
-            summary_ttl_days: lifecycle.summary_ttl_days.max(1),
-            cleanup_interval_secs: lifecycle.cleanup_interval_secs.max(60),
-        };
-    }
-
-    if let Some(target_summary_backend) = requested_summary_backend {
-        if target_summary_backend != current_summary_backend {
-            let db = open_local_db()?;
-            let stats = migrate_summary_storage_backend(
-                &db,
-                &current_summary_backend,
-                &target_summary_backend,
-            )?;
-            if stats.migrated_summaries > 0 {
-                eprintln!(
-                    "summary storage migration complete: {} -> {} (migrated {} of {} summaries across {} sessions)",
-                    enum_label(&current_summary_backend),
-                    enum_label(&target_summary_backend),
-                    stats.migrated_summaries,
-                    stats.found_summaries,
-                    stats.scanned_sessions,
-                );
-            }
-        }
-    }
-
-    save_runtime_config(&config)?;
-    desktop_get_runtime_settings()
-}
-
-#[tauri::command]
-fn desktop_detect_summary_provider() -> DesktopSummaryProviderDetectResponse {
-    if let Some(profile) = opensession_summary::detect_summary_provider() {
-        return DesktopSummaryProviderDetectResponse {
-            detected: true,
-            provider: Some(map_summary_provider_id_from_runtime(&profile.provider)),
-            transport: Some(map_summary_transport_from_runtime(
-                &profile.provider.transport(),
-            )),
-            model: (!profile.model.trim().is_empty()).then_some(profile.model),
-            endpoint: (!profile.endpoint.trim().is_empty()).then_some(profile.endpoint),
-        };
-    }
-
-    DesktopSummaryProviderDetectResponse {
-        detected: false,
-        provider: None,
-        transport: None,
-        model: None,
-        endpoint: None,
-    }
-}
-
 #[tauri::command]
 fn desktop_lifecycle_cleanup_status() -> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
     let db = open_local_db()?;

From fc49067c4f88e97393c573b6e9824e8e3b397bde Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 20:27:28 +0900
Subject: [PATCH 13/30] split desktop main tests and lifecycle status

---
 .../src-tauri/src/app/lifecycle_cleanup.rs    |   66 +-
 desktop/src-tauri/src/main.rs                 | 2050 +----------------
 desktop/src-tauri/src/main_tests.rs           | 1968 ++++++++++++++++
 3 files changed, 2041 insertions(+), 2043 deletions(-)
 create mode 100644 desktop/src-tauri/src/main_tests.rs

diff --git a/desktop/src-tauri/src/app/lifecycle_cleanup.rs b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
index 2392aa34..8a9dd4fa 100644
--- a/desktop/src-tauri/src/app/lifecycle_cleanup.rs
+++ b/desktop/src-tauri/src/app/lifecycle_cleanup.rs
@@ -1,8 +1,9 @@
 use crate::app::session_summary::resolve_repo_root_from_session_row;
 use crate::{
     DesktopApiResult, LIFECYCLE_CLEANUP_LOOP_STARTED, desktop_error, load_runtime_config,
-    open_local_db, set_lifecycle_cleanup_job_snapshot,
+    open_local_db,
 };
+use opensession_api::{DesktopLifecycleCleanupState, DesktopLifecycleCleanupStatusResponse};
 use opensession_git_native::{BRANCH_LEDGER_REF_PREFIX, NativeGitStorage, SUMMARY_LEDGER_REF};
 use opensession_local_db::{LifecycleCleanupJobRow, LocalDb, LocalSessionFilter};
 use opensession_runtime_config::{DaemonConfig, GitStorageMethod};
@@ -112,6 +113,62 @@ fn run_desktop_git_retention_once(repo_roots: &BTreeSet<PathBuf>, keep_days: u32
     }
 }
 
+fn map_lifecycle_cleanup_state(raw: &str) -> DesktopLifecycleCleanupState {
+    match raw {
+        "running" => DesktopLifecycleCleanupState::Running,
+        "complete" => DesktopLifecycleCleanupState::Complete,
+        "failed" => DesktopLifecycleCleanupState::Failed,
+        _ => DesktopLifecycleCleanupState::Idle,
+    }
+}
+
+pub(crate) fn desktop_lifecycle_cleanup_status_from_db(
+    db: &LocalDb,
+) -> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
+    let row = db.get_lifecycle_cleanup_job().map_err(|error| {
+        desktop_error(
+            "desktop.lifecycle_cleanup_status_failed",
+            500,
+            "failed to read lifecycle cleanup status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })?;
+
+    let Some(row) = row else {
+        return Ok(DesktopLifecycleCleanupStatusResponse {
+            state: DesktopLifecycleCleanupState::Idle,
+            deleted_sessions: 0,
+            deleted_summaries: 0,
+            message: None,
+            started_at: None,
+            finished_at: None,
+        });
+    };
+
+    Ok(DesktopLifecycleCleanupStatusResponse {
+        state: map_lifecycle_cleanup_state(&row.status),
+        deleted_sessions: row.deleted_sessions,
+        deleted_summaries: row.deleted_summaries,
+        message: row.message,
+        started_at: row.started_at,
+        finished_at: row.finished_at,
+    })
+}
+
+pub(crate) fn set_lifecycle_cleanup_job_snapshot(
+    db: &LocalDb,
+    payload: LifecycleCleanupJobRow,
+) -> DesktopApiResult<()> {
+    db.set_lifecycle_cleanup_job(&payload).map_err(|error| {
+        desktop_error(
+            "desktop.lifecycle_cleanup_status_failed",
+            500,
+            "failed to persist lifecycle cleanup status",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })
+}
+
 pub(crate) fn run_desktop_lifecycle_cleanup_once_with_db(
     config: &DaemonConfig,
     db: &LocalDb,
@@ -339,3 +396,10 @@ pub(crate) fn maybe_start_lifecycle_cleanup_loop() {
         }
     });
 }
+
+#[tauri::command]
+pub(crate) fn desktop_lifecycle_cleanup_status()
+-> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
+    let db = open_local_db()?;
+    desktop_lifecycle_cleanup_status_from_db(&db)
+}
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 30652f6f..c571687f 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -8,7 +8,11 @@ use app::change_reader::{
 };
 use app::handoff::{desktop_build_handoff, desktop_share_session_quick};
 use app::launch_route::desktop_take_launch_route;
-use app::lifecycle_cleanup::maybe_start_lifecycle_cleanup_loop;
+#[cfg(test)]
+pub(crate) use app::lifecycle_cleanup::desktop_lifecycle_cleanup_status_from_db;
+use app::lifecycle_cleanup::{
+    desktop_lifecycle_cleanup_status, maybe_start_lifecycle_cleanup_loop,
+};
 use app::runtime_settings::{
     desktop_detect_summary_provider, desktop_get_runtime_settings, desktop_update_runtime_settings,
 };
@@ -46,11 +50,10 @@ use app::{
 };
 use opensession_api::{
     CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
-    DesktopContractVersionResponse, DesktopLifecycleCleanupState,
-    DesktopLifecycleCleanupStatusResponse, DesktopSessionListQuery,
+    DesktopContractVersionResponse, DesktopSessionListQuery,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
-use opensession_local_db::{LifecycleCleanupJobRow, LocalDb};
+use opensession_local_db::LocalDb;
 use opensession_runtime_config::DaemonConfig;
 use serde_json::json;
 use std::path::PathBuf;
@@ -181,62 +184,6 @@ fn save_runtime_config(config: &DaemonConfig) -> DesktopApiResult<()> {
     })
 }
 
-fn map_lifecycle_cleanup_state(raw: &str) -> DesktopLifecycleCleanupState {
-    match raw {
-        "running" => DesktopLifecycleCleanupState::Running,
-        "complete" => DesktopLifecycleCleanupState::Complete,
-        "failed" => DesktopLifecycleCleanupState::Failed,
-        _ => DesktopLifecycleCleanupState::Idle,
-    }
-}
-
-fn desktop_lifecycle_cleanup_status_from_db(
-    db: &LocalDb,
-) -> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
-    let row = db.get_lifecycle_cleanup_job().map_err(|error| {
-        desktop_error(
-            "desktop.lifecycle_cleanup_status_failed",
-            500,
-            "failed to read lifecycle cleanup status",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })?;
-
-    let Some(row) = row else {
-        return Ok(DesktopLifecycleCleanupStatusResponse {
-            state: DesktopLifecycleCleanupState::Idle,
-            deleted_sessions: 0,
-            deleted_summaries: 0,
-            message: None,
-            started_at: None,
-            finished_at: None,
-        });
-    };
-
-    Ok(DesktopLifecycleCleanupStatusResponse {
-        state: map_lifecycle_cleanup_state(&row.status),
-        deleted_sessions: row.deleted_sessions,
-        deleted_summaries: row.deleted_summaries,
-        message: row.message,
-        started_at: row.started_at,
-        finished_at: row.finished_at,
-    })
-}
-
-fn set_lifecycle_cleanup_job_snapshot(
-    db: &LocalDb,
-    payload: LifecycleCleanupJobRow,
-) -> DesktopApiResult<()> {
-    db.set_lifecycle_cleanup_job(&payload).map_err(|error| {
-        desktop_error(
-            "desktop.lifecycle_cleanup_status_failed",
-            500,
-            "failed to persist lifecycle cleanup status",
-            Some(json!({ "cause": error.to_string() })),
-        )
-    })
-}
-
 #[tauri::command]
 fn desktop_get_capabilities() -> CapabilitiesResponse {
     CapabilitiesResponse::for_runtime(false, false)
@@ -262,12 +209,6 @@ fn desktop_get_docs_markdown() -> String {
     include_str!("../../../docs.md").to_string()
 }
 
-#[tauri::command]
-fn desktop_lifecycle_cleanup_status() -> DesktopApiResult<DesktopLifecycleCleanupStatusResponse> {
-    let db = open_local_db()?;
-    desktop_lifecycle_cleanup_status_from_db(&db)
-}
-
 fn main() {
     maybe_start_summary_batch_on_app_start();
     maybe_start_lifecycle_cleanup_loop();
@@ -307,1979 +248,4 @@ fn main() {
 }
 
 #[cfg(test)]
-mod tests {
-    use super::{
-        DesktopSessionListQuery, SearchMode, build_local_filter_with_mode,
-        build_vector_chunks_for_session, cosine_similarity, desktop_ask_session_changes,
-        desktop_change_reader_tts, desktop_get_contract_version, desktop_get_runtime_settings,
-        desktop_get_session_detail, desktop_get_session_raw, desktop_list_sessions,
-        desktop_read_session_changes, desktop_summary_batch_run, desktop_summary_batch_status,
-        desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
-        map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
-        require_non_empty_request_field, session_summary_from_local_row,
-        validate_vector_preflight_ready,
-    };
-    use crate::app::handoff::{
-        artifact_path_for_hash, build_handoff_artifact_record, canonicalize_summaries,
-        desktop_share_session_quick, parse_cli_quick_share_response, validate_pin_alias,
-    };
-    use crate::app::session_query::split_search_mode;
-    use opensession_api::{
-        DesktopChangeQuestionRequest, DesktopChangeReadRequest, DesktopChangeReaderScope,
-        DesktopChangeReaderTtsRequest, DesktopChangeReaderVoiceProvider,
-        DesktopLifecycleCleanupState, DesktopQuickShareRequest,
-        DesktopRuntimeChangeReaderSettingsUpdate, DesktopRuntimeChangeReaderVoiceSettingsUpdate,
-        DesktopRuntimeLifecycleSettingsUpdate, DesktopRuntimeSettingsUpdateRequest,
-        DesktopRuntimeSummaryBatchSettingsUpdate, DesktopRuntimeSummaryPromptSettingsUpdate,
-        DesktopRuntimeSummaryProviderSettingsUpdate, DesktopRuntimeSummaryResponseSettingsUpdate,
-        DesktopRuntimeSummarySettingsUpdate, DesktopRuntimeSummaryStorageSettingsUpdate,
-        DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope, DesktopSummaryBatchState,
-        DesktopSummaryOutputShape, DesktopSummaryProviderId, DesktopSummaryResponseStyle,
-        DesktopSummarySourceMode, DesktopSummaryStorageBackend, DesktopSummaryTriggerMode,
-        DesktopVectorInstallState, DesktopVectorPreflightResponse, DesktopVectorSearchProvider,
-    };
-    use opensession_core::handoff::HandoffSummary;
-    use opensession_core::trace::{Agent, Content, Event, EventType, Session as HailSession};
-    use opensession_git_native::{
-        NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
-    };
-    use opensession_local_db::git::GitContext;
-    use opensession_local_db::{LocalDb, VectorIndexJobRow};
-    use opensession_runtime_config::DaemonConfig;
-    use opensession_summary::DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2;
-    use serde_json::json;
-    use std::path::{Path, PathBuf};
-    use std::process::Command;
-    use std::sync::{LazyLock, Mutex};
-    use std::time::{Duration, SystemTime, UNIX_EPOCH};
-
-    static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
-
-    fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
-        // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
-        // which serializes the affected test cases and avoids concurrent environment access.
-        unsafe { std::env::set_var(key, value) };
-    }
-
-    fn remove_env_for_test(key: &str) {
-        // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
-        // which serializes the affected test cases and avoids concurrent environment access.
-        unsafe { std::env::remove_var(key) };
-    }
-
-    struct EnvVarGuard {
-        key: String,
-        previous: Option<String>,
-    }
-
-    impl EnvVarGuard {
-        fn set(key: &str, value: impl AsRef<std::ffi::OsStr>) -> Self {
-            let previous = std::env::var(key).ok();
-            set_env_for_test(key, value);
-            Self {
-                key: key.to_string(),
-                previous,
-            }
-        }
-    }
-
-    impl Drop for EnvVarGuard {
-        fn drop(&mut self) {
-            if let Some(previous) = self.previous.take() {
-                set_env_for_test(&self.key, previous);
-            } else {
-                remove_env_for_test(&self.key);
-            }
-        }
-    }
-
-    fn unique_temp_dir(prefix: &str) -> PathBuf {
-        let unique = SystemTime::now()
-            .duration_since(UNIX_EPOCH)
-            .expect("time should be monotonic")
-            .as_nanos();
-        let path = std::env::temp_dir().join(format!("{prefix}-{unique}"));
-        std::fs::create_dir_all(&path).expect("create test temp dir");
-        path
-    }
-
-    fn init_test_git_repo(path: &Path) {
-        let output = Command::new("git")
-            .arg("init")
-            .arg("--quiet")
-            .arg(path)
-            .output()
-            .expect("run git init");
-        assert!(
-            output.status.success(),
-            "git init failed: {}",
-            String::from_utf8_lossy(&output.stderr)
-        );
-    }
-
-    fn build_test_session(session_id: &str) -> HailSession {
-        let mut session = HailSession::new(
-            session_id.to_string(),
-            Agent {
-                provider: "openai".to_string(),
-                model: "gpt-5".to_string(),
-                tool: "codex".to_string(),
-                tool_version: None,
-            },
-        );
-        session.events.push(Event {
-            event_id: "evt-1".to_string(),
-            timestamp: chrono::Utc::now(),
-            event_type: EventType::UserMessage,
-            task_id: None,
-            content: Content::text("desktop test message"),
-            duration_ms: None,
-            attributes: std::collections::HashMap::new(),
-        });
-        session.recompute_stats();
-        session
-    }
-
-    fn summary_settings_update_with_backend(
-        backend: DesktopSummaryStorageBackend,
-    ) -> DesktopRuntimeSummarySettingsUpdate {
-        DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Standard,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                backend,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOnly,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                scope: DesktopSummaryBatchScope::All,
-                recent_days: 30,
-            },
-        }
-    }
-
-    fn sample_row() -> opensession_local_db::LocalSessionRow {
-        opensession_local_db::LocalSessionRow {
-            id: "s1".to_string(),
-            source_path: Some("/tmp/s1.hail.jsonl".to_string()),
-            sync_status: "local_only".to_string(),
-            last_synced_at: None,
-            user_id: None,
-            nickname: None,
-            team_id: Some("personal".to_string()),
-            tool: "codex".to_string(),
-            agent_provider: Some("openai".to_string()),
-            agent_model: Some("gpt-5".to_string()),
-            title: Some("Sample".to_string()),
-            description: Some("sample session".to_string()),
-            tags: Some("tag1,tag2".to_string()),
-            created_at: "2026-03-03T00:00:00Z".to_string(),
-            uploaded_at: None,
-            message_count: 5,
-            user_message_count: 2,
-            task_count: 1,
-            event_count: 20,
-            duration_seconds: 120,
-            total_input_tokens: 100,
-            total_output_tokens: 40,
-            git_remote: None,
-            git_branch: None,
-            git_commit: None,
-            git_repo_name: None,
-            pr_number: None,
-            pr_url: None,
-            working_directory: None,
-            files_modified: None,
-            files_read: None,
-            has_errors: false,
-            max_active_agents: 1,
-            is_auxiliary: false,
-        }
-    }
-
-    #[test]
-    fn list_filter_defaults_page_and_per_page() {
-        let (filter, page, per_page, mode) =
-            build_local_filter_with_mode(DesktopSessionListQuery::default());
-        assert_eq!(page, 1);
-        assert_eq!(per_page, 20);
-        assert_eq!(mode, SearchMode::Keyword);
-        assert_eq!(filter.limit, Some(20));
-        assert_eq!(filter.offset, Some(0));
-        assert!(filter.exclude_low_signal);
-    }
-
-    #[test]
-    fn list_filter_parses_sort_and_range_values() {
-        let (filter, page, per_page, mode) =
-            build_local_filter_with_mode(DesktopSessionListQuery {
-                page: Some("2".to_string()),
-                per_page: Some("30".to_string()),
-                search: Some("fix".to_string()),
-                tool: Some("codex".to_string()),
-                git_repo_name: Some("org/repo".to_string()),
-                sort: Some("popular".to_string()),
-                time_range: Some("7d".to_string()),
-                force_refresh: None,
-            });
-        assert_eq!(page, 2);
-        assert_eq!(per_page, 30);
-        assert_eq!(mode, SearchMode::Keyword);
-        assert_eq!(filter.search.as_deref(), Some("fix"));
-        assert_eq!(filter.tool.as_deref(), Some("codex"));
-        assert_eq!(filter.git_repo_name.as_deref(), Some("org/repo"));
-        assert_eq!(filter.offset, Some(30));
-    }
-
-    #[test]
-    fn split_search_mode_detects_vector_prefix() {
-        let (query, mode) = split_search_mode(Some("vector: auth regression".to_string()));
-        assert_eq!(query.as_deref(), Some("auth regression"));
-        assert_eq!(mode, SearchMode::Vector);
-
-        let (query, mode) = split_search_mode(Some("fix parser".to_string()));
-        assert_eq!(query.as_deref(), Some("fix parser"));
-        assert_eq!(mode, SearchMode::Keyword);
-    }
-
-    #[test]
-    fn list_filter_with_mode_keeps_vector_query_text() {
-        let (filter, page, per_page, mode) =
-            build_local_filter_with_mode(DesktopSessionListQuery {
-                search: Some("vec: paging bug".to_string()),
-                ..DesktopSessionListQuery::default()
-            });
-        assert_eq!(page, 1);
-        assert_eq!(per_page, 20);
-        assert_eq!(mode, SearchMode::Vector);
-        assert_eq!(filter.search.as_deref(), Some("paging bug"));
-    }
-
-    #[test]
-    fn desktop_list_sessions_hides_low_signal_metadata_only_rows() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_root = unique_temp_dir("opensession-desktop-low-signal-filter");
-        let db_path = temp_root.join("local.db");
-        let source_path = temp_root
-            .join(".claude")
-            .join("projects")
-            .join("fixture")
-            .join("metadata-only.jsonl");
-        let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
-
-        std::fs::create_dir_all(
-            source_path
-                .parent()
-                .expect("metadata-only source parent must exist"),
-        )
-        .expect("create metadata-only source dir");
-        std::fs::write(
-            &source_path,
-            r#"{"type":"file-history-snapshot","files":[]}"#,
-        )
-        .expect("write metadata-only source fixture");
-
-        let session = HailSession::new(
-            "metadata-only-session".to_string(),
-            Agent {
-                provider: "anthropic".to_string(),
-                model: "claude-3-5-sonnet".to_string(),
-                tool: "claude-code".to_string(),
-                tool_version: None,
-            },
-        );
-        let db = LocalDb::open_path(&db_path).expect("open isolated local db");
-        db.upsert_local_session(
-            &session,
-            source_path
-                .to_str()
-                .expect("metadata-only source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert metadata-only local session");
-
-        let listed = desktop_list_sessions(None).expect("list sessions");
-        assert!(
-            !listed
-                .sessions
-                .iter()
-                .any(|row| row.id == "metadata-only-session"),
-            "metadata-only sessions must be excluded from the default desktop session list",
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_root);
-    }
-
-    #[test]
-    fn desktop_list_sessions_force_refresh_reindexes_discovered_sessions() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-force-refresh-home");
-        let temp_db = unique_temp_dir("opensession-desktop-force-refresh-db");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _codex_home_env = EnvVarGuard::set("CODEX_HOME", temp_home.join(".codex").as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-
-        let session_jsonl = [
-            r#"{"timestamp":"2026-03-05T00:00:00.097Z","type":"session_meta","payload":{"id":"force-refresh-session","timestamp":"2026-03-05T00:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-03-05T00:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"force refresh regression fixture"}}"#,
-            r#"{"timestamp":"2026-03-05T00:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"done"}]}}"#,
-        ]
-        .join("\n");
-        let discovered_path = temp_home
-            .join(".codex")
-            .join("sessions")
-            .join("2026")
-            .join("03")
-            .join("05")
-            .join("rollout-force-refresh-session.jsonl");
-        std::fs::create_dir_all(
-            discovered_path
-                .parent()
-                .expect("session discovery parent must exist"),
-        )
-        .expect("create session discovery dir");
-        std::fs::write(&discovered_path, session_jsonl).expect("write discovered session");
-
-        let before = desktop_list_sessions(None).expect("list sessions before force refresh");
-        assert!(
-            !before
-                .sessions
-                .iter()
-                .any(|row| row.id == "force-refresh-session"),
-            "session should not exist in DB before force refresh reindex"
-        );
-
-        let after = desktop_list_sessions(Some(DesktopSessionListQuery {
-            force_refresh: Some(true),
-            ..DesktopSessionListQuery::default()
-        }))
-        .expect("list sessions after force refresh");
-        assert!(
-            after
-                .sessions
-                .iter()
-                .any(|row| row.id == "force-refresh-session"),
-            "force refresh should reindex discovered session"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-    }
-
-    #[test]
-    fn force_refresh_discovery_tools_skip_cursor_for_fast_path() {
-        let tools = force_refresh_discovery_tools();
-        assert!(tools.contains(&"codex"));
-        assert!(!tools.contains(&"cursor"));
-    }
-
-    fn ready_vector_preflight_fixture() -> DesktopVectorPreflightResponse {
-        DesktopVectorPreflightResponse {
-            provider: DesktopVectorSearchProvider::Ollama,
-            endpoint: "http://127.0.0.1:11434".to_string(),
-            model: "bge-m3".to_string(),
-            ollama_reachable: true,
-            model_installed: true,
-            install_state: DesktopVectorInstallState::Ready,
-            progress_pct: 100,
-            message: Some("model is installed and ready".to_string()),
-        }
-    }
-
-    #[test]
-    fn validate_vector_preflight_allows_rebuild_when_vector_disabled() {
-        let preflight = ready_vector_preflight_fixture();
-        let result = validate_vector_preflight_ready(&preflight, false, false);
-        assert!(result.is_ok());
-    }
-
-    #[test]
-    fn validate_vector_preflight_requires_enabled_for_search_path() {
-        let preflight = ready_vector_preflight_fixture();
-        let err = validate_vector_preflight_ready(&preflight, false, true)
-            .expect_err("search path should require vector enabled");
-        assert_eq!(err.code, "desktop.vector_search_disabled");
-        assert_eq!(err.status, 422);
-    }
-
-    #[test]
-    fn persist_vector_index_failure_snapshot_preserves_progress() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_db = unique_temp_dir("opensession-desktop-vector-failure-snapshot");
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-
-        db.set_vector_index_job(&VectorIndexJobRow {
-            status: "running".to_string(),
-            processed_sessions: 7,
-            total_sessions: 42,
-            message: Some("indexing session-7".to_string()),
-            started_at: Some("2026-03-06T00:00:00Z".to_string()),
-            finished_at: None,
-        })
-        .expect("seed running vector job");
-
-        let error = super::desktop_error(
-            "desktop.vector_search_unavailable",
-            422,
-            "vector search endpoint returned HTTP 404",
-            Some(json!({
-                "endpoint": "http://127.0.0.1:11434/api/embeddings",
-                "status": 404,
-                "body": "{\"error\":\"model 'bge-m3' not found\"}",
-                "batch_endpoint": "http://127.0.0.1:11434/api/embed",
-                "batch_status": 400,
-                "batch_body": "{\"error\":\"bad request\"}",
-                "model": "bge-m3",
-                "hint": "verify embedding model exists in local ollama"
-            })),
-        );
-        super::persist_vector_index_failure_snapshot(&db, &error)
-            .expect("persist vector failure snapshot");
-
-        let snapshot = db
-            .get_vector_index_job()
-            .expect("read vector job")
-            .expect("vector job should exist");
-        assert_eq!(snapshot.status, "failed");
-        assert_eq!(snapshot.processed_sessions, 7);
-        assert_eq!(snapshot.total_sessions, 42);
-        assert_eq!(
-            snapshot.message.as_deref(),
-            Some(
-                "vector search endpoint returned HTTP 404\nReason: model 'bge-m3' not found\nHTTP: 404\nEndpoint: http://127.0.0.1:11434/api/embeddings\nBatch reason: bad request\nBatch HTTP: 400\nBatch endpoint: http://127.0.0.1:11434/api/embed\nModel: bge-m3\nAction: verify embedding model exists in local ollama"
-            )
-        );
-        assert_eq!(snapshot.started_at.as_deref(), Some("2026-03-06T00:00:00Z"));
-        assert!(snapshot.finished_at.is_some());
-
-        let _ = std::fs::remove_dir_all(&temp_db);
-    }
-
-    #[test]
-    fn rebuild_vector_index_blocking_continues_after_embedding_failures() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_root = unique_temp_dir("opensession-desktop-vector-failure-continue");
-        let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
-
-        for session_id in ["vector-failure-a", "vector-failure-b"] {
-            let session = build_test_session(session_id);
-            let source_path = temp_root.join(format!("{session_id}.jsonl"));
-            std::fs::write(
-                &source_path,
-                session.to_jsonl().expect("serialize session jsonl"),
-            )
-            .expect("write session source");
-            db.upsert_local_session(
-                &session,
-                source_path
-                    .to_str()
-                    .expect("session source path must be valid utf-8"),
-                &GitContext::default(),
-            )
-            .expect("upsert local session");
-        }
-
-        let mut runtime = DaemonConfig::default();
-        runtime.vector_search.enabled = true;
-        runtime.vector_search.endpoint = "http://127.0.0.1:1".to_string();
-        runtime.vector_search.model = "bge-m3".to_string();
-
-        super::rebuild_vector_index_blocking(&db, &runtime)
-            .expect("skippable embedding failures should not abort rebuild");
-
-        let snapshot = db
-            .get_vector_index_job()
-            .expect("read vector job")
-            .expect("vector job should exist");
-        assert_eq!(snapshot.status, "complete");
-        assert_eq!(snapshot.processed_sessions, 2);
-        assert_eq!(snapshot.total_sessions, 2);
-        assert!(
-            snapshot
-                .message
-                .as_deref()
-                .is_some_and(|message| message.contains("2 failed"))
-        );
-        assert!(
-            db.list_recent_vector_chunks_for_model("bge-m3", 10)
-                .expect("list vector chunks")
-                .is_empty(),
-            "failed sessions should not leave partial vector chunks behind"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_root);
-    }
-
-    #[test]
-    fn cosine_similarity_handles_basic_cases() {
-        let same = cosine_similarity(&[1.0, 0.0, 1.0], &[1.0, 0.0, 1.0]);
-        assert!((same - 1.0).abs() < 1e-6);
-
-        let orthogonal = cosine_similarity(&[1.0, 0.0], &[0.0, 1.0]);
-        assert!(orthogonal.abs() < 1e-6);
-
-        let mismatch = cosine_similarity(&[1.0, 2.0], &[1.0]);
-        assert_eq!(mismatch, 0.0);
-    }
-
-    #[test]
-    fn extract_vector_lines_preserves_dot_line_tokens() {
-        let mut session = build_test_session("vector-lines");
-        session.events.push(Event {
-            event_id: "evt-dot".to_string(),
-            timestamp: chrono::Utc::now(),
-            event_type: EventType::AgentMessage,
-            task_id: None,
-            content: Content::text(".\nkeep-this-line"),
-            duration_ms: None,
-            attributes: std::collections::HashMap::new(),
-        });
-        let lines = extract_vector_lines(&session);
-        assert!(lines.iter().any(|line| line == "."));
-        assert!(lines.iter().any(|line| line.contains("keep-this-line")));
-    }
-
-    #[test]
-    fn build_vector_chunks_applies_overlap_rules() {
-        let mut session = build_test_session("vector-chunks");
-        session.events.push(Event {
-            event_id: "evt-overlap".to_string(),
-            timestamp: chrono::Utc::now(),
-            event_type: EventType::AgentMessage,
-            task_id: None,
-            content: Content::text("l1\nl2\nl3"),
-            duration_ms: None,
-            attributes: std::collections::HashMap::new(),
-        });
-        let mut runtime = DaemonConfig::default();
-        runtime.vector_search.chunking_mode =
-            opensession_runtime_config::VectorChunkingMode::Manual;
-        runtime.vector_search.chunk_size_lines = 2;
-        runtime.vector_search.chunk_overlap_lines = 1;
-        let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
-        assert!(chunks.len() >= 2);
-        assert_eq!(chunks[0].start_line, 1);
-        assert_eq!(chunks[0].end_line, 2);
-        assert_eq!(chunks[1].start_line, 2);
-    }
-
-    #[test]
-    fn build_vector_chunks_auto_tunes_for_small_session() {
-        let mut session = build_test_session("vector-chunks-auto");
-        session.events.push(Event {
-            event_id: "evt-auto".to_string(),
-            timestamp: chrono::Utc::now(),
-            event_type: EventType::AgentMessage,
-            task_id: None,
-            content: Content::text("a\nb\nc\nd\ne\nf"),
-            duration_ms: None,
-            attributes: std::collections::HashMap::new(),
-        });
-        let runtime = DaemonConfig::default();
-        let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
-        assert_eq!(chunks[0].start_line, 1);
-        assert_eq!(chunks[0].end_line, 7);
-    }
-
-    #[test]
-    fn normalize_launch_route_accepts_relative_session_path() {
-        assert_eq!(
-            normalize_launch_route("/sessions?git_repo_name=org%2Frepo"),
-            Some("/sessions?git_repo_name=org%2Frepo".to_string())
-        );
-    }
-
-    #[test]
-    fn normalize_launch_route_rejects_invalid_values() {
-        assert_eq!(normalize_launch_route(""), None);
-        assert_eq!(
-            normalize_launch_route("https://opensession.io/sessions"),
-            None
-        );
-        assert_eq!(normalize_launch_route("//sessions"), None);
-    }
-
-    #[test]
-    fn local_row_uses_created_at_when_uploaded_at_missing() {
-        let summary = session_summary_from_local_row(sample_row());
-        assert_eq!(summary.uploaded_at, "2026-03-03T00:00:00Z");
-        assert_eq!(
-            summary.score_plugin,
-            opensession_core::scoring::DEFAULT_SCORE_PLUGIN
-        );
-    }
-
-    #[test]
-    fn unknown_link_type_falls_back_to_handoff() {
-        let link = map_link_type("unknown-link");
-        assert!(matches!(link, opensession_api::LinkType::Handoff));
-    }
-
-    #[test]
-    fn normalize_session_body_preserves_hail_jsonl() {
-        let hail_jsonl = [
-            r#"{"type":"header","version":"hail-1.0.0","session_id":"hail-1","agent":{"provider":"openai","model":"gpt-5","tool":"codex"},"context":{"title":"Title","description":"Desc","tags":[],"created_at":"2026-03-03T00:00:00Z","updated_at":"2026-03-03T00:00:00Z","related_session_ids":[],"attributes":{}}}"#,
-            r#"{"type":"event","event_id":"e1","timestamp":"2026-03-03T00:00:00Z","event_type":{"type":"UserMessage"},"content":{"blocks":[{"type":"Text","text":"hello"}]},"attributes":{}}"#,
-            r#"{"type":"stats","event_count":1,"message_count":1,"tool_call_count":0,"task_count":0,"duration_seconds":0,"total_input_tokens":0,"total_output_tokens":0,"user_message_count":1,"files_changed":0,"lines_added":0,"lines_removed":0}"#,
-        ]
-        .join("\n");
-
-        let normalized = normalize_session_body_to_hail_jsonl(&hail_jsonl, None)
-            .expect("hail JSONL should normalize");
-        let parsed = HailSession::from_jsonl(&normalized).expect("must remain valid hail");
-        assert_eq!(parsed.session_id, "hail-1");
-    }
-
-    #[test]
-    fn normalize_session_body_converts_claude_jsonl() {
-        let claude_jsonl = r#"{"type":"user","uuid":"u1","sessionId":"claude-1","timestamp":"2026-03-03T00:00:00Z","message":{"role":"user","content":"hello from claude"},"cwd":"/tmp/project","gitBranch":"main"}"#;
-
-        let normalized = normalize_session_body_to_hail_jsonl(
-            claude_jsonl,
-            Some("/tmp/70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl"),
-        )
-        .expect("claude JSONL should parse into HAIL");
-        let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
-        assert_eq!(parsed.session_id, "claude-1");
-        assert_eq!(parsed.agent.tool, "claude-code");
-        assert!(!parsed.events.is_empty());
-    }
-
-    #[test]
-    fn normalize_session_body_prefers_source_path_parser_over_extension_fallback() {
-        let temp_root = unique_temp_dir("opensession-desktop-normalize-source-path");
-        let source_path = temp_root
-            .join(".claude")
-            .join("projects")
-            .join("fixture")
-            .join("f0639ede-3aac-4f67-a979-b175ea5f9557.jsonl");
-        std::fs::create_dir_all(
-            source_path
-                .parent()
-                .expect("claude fixture parent directory must exist"),
-        )
-        .expect("create claude fixture directory");
-
-        let snapshot_only = r#"{"type":"file-history-snapshot","files":[]}"#;
-        std::fs::write(&source_path, snapshot_only).expect("write claude snapshot fixture");
-
-        let normalized = normalize_session_body_to_hail_jsonl(
-            snapshot_only,
-            Some(
-                source_path
-                    .to_str()
-                    .expect("fixture source path must be valid utf-8"),
-            ),
-        )
-        .expect("source-path parser should normalize claude snapshot fixture");
-        let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
-        assert_eq!(parsed.agent.tool, "claude-code");
-        assert_eq!(parsed.session_id, "f0639ede-3aac-4f67-a979-b175ea5f9557");
-
-        let _ = std::fs::remove_dir_all(&temp_root);
-    }
-
-    #[test]
-    fn desktop_contract_version_matches_shared_constant() {
-        let payload = desktop_get_contract_version();
-        assert_eq!(
-            payload.version,
-            opensession_api::DESKTOP_IPC_CONTRACT_VERSION
-        );
-    }
-
-    #[test]
-    fn parse_cli_quick_share_response_decodes_expected_fields() {
-        let stdout = r#"{
-  "uri": "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl",
-  "source_uri": "os://src/local/abc123",
-  "remote": "https://github.com/org/repo.git",
-  "push_cmd": "git push origin refs/opensession/branches/bWFpbg:refs/opensession/branches/bWFpbg",
-  "quick": true,
-  "pushed": true,
-  "auto_push_consent": true
-}"#;
-        let parsed = parse_cli_quick_share_response(stdout).expect("parse quick-share payload");
-        assert_eq!(parsed.source_uri, "os://src/local/abc123");
-        assert_eq!(
-            parsed.shared_uri,
-            "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl"
-        );
-        assert_eq!(parsed.remote, "https://github.com/org/repo.git");
-        assert!(parsed.pushed);
-        assert!(parsed.auto_push_consent);
-    }
-
-    #[test]
-    fn desktop_quick_share_rejects_empty_session_id() {
-        let err = desktop_share_session_quick(DesktopQuickShareRequest {
-            session_id: "   ".to_string(),
-            remote: None,
-        })
-        .expect_err("empty session_id should fail");
-        assert_eq!(err.code, "desktop.quick_share_invalid_request");
-        assert_eq!(err.status, 400);
-    }
-
-    #[test]
-    fn handoff_canonicalization_orders_by_session_id() {
-        let mut session_b = HailSession::new(
-            "session-b".to_string(),
-            Agent {
-                provider: "openai".to_string(),
-                model: "gpt-5".to_string(),
-                tool: "codex".to_string(),
-                tool_version: None,
-            },
-        );
-        session_b.recompute_stats();
-        let mut session_a = HailSession::new(
-            "session-a".to_string(),
-            Agent {
-                provider: "openai".to_string(),
-                model: "gpt-5".to_string(),
-                tool: "codex".to_string(),
-                tool_version: None,
-            },
-        );
-        session_a.recompute_stats();
-
-        let summaries = vec![
-            HandoffSummary::from_session(&session_b),
-            HandoffSummary::from_session(&session_a),
-        ];
-        let canonical = canonicalize_summaries(&summaries).expect("canonicalize summaries");
-        let first_line = canonical.lines().next().expect("canonical line");
-        assert!(first_line.contains("\"source_session_id\":\"session-a\""));
-    }
-
-    #[test]
-    fn handoff_pin_alias_validation_rejects_spaces() {
-        assert!(validate_pin_alias("latest").is_ok());
-        assert!(validate_pin_alias("bad alias").is_err());
-    }
-
-    #[test]
-    fn artifact_path_rejects_invalid_hash() {
-        assert!(artifact_path_for_hash(Path::new("/tmp"), "abc").is_err());
-    }
-
-    #[test]
-    fn desktop_list_detail_raw_flow_uses_isolated_db() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_root = unique_temp_dir("opensession-desktop-list-detail-raw");
-        let db_path = temp_root.join("local.db");
-        let source_path = temp_root.join("session.hail.jsonl");
-        let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
-
-        let session = build_test_session("desktop-flow-session");
-        let session_jsonl = session.to_jsonl().expect("serialize session jsonl");
-        std::fs::write(&source_path, &session_jsonl).expect("write session source");
-
-        let db = LocalDb::open_path(&db_path).expect("open isolated local db");
-        db.upsert_local_session(
-            &session,
-            source_path
-                .to_str()
-                .expect("session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session");
-
-        let listed = desktop_list_sessions(None).expect("list sessions");
-        assert!(
-            listed
-                .sessions
-                .iter()
-                .any(|row| row.id == session.session_id),
-            "session list must include inserted session",
-        );
-
-        let detail =
-            desktop_get_session_detail(session.session_id.clone()).expect("get session detail");
-        assert_eq!(detail.summary.id, session.session_id);
-
-        let raw = desktop_get_session_raw(detail.summary.id.clone()).expect("get raw session");
-        assert!(
-            raw.contains("\"session_id\":\"desktop-flow-session\""),
-            "raw session output should include the normalized session id",
-        );
-
-        drop(db);
-        let _ = std::fs::remove_dir_all(&temp_root);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_update_persists_values() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-home");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: Some("compressed".to_string()),
-            summary: Some(DesktopRuntimeSummarySettingsUpdate {
-                provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                    id: DesktopSummaryProviderId::Disabled,
-                    endpoint: String::new(),
-                    model: String::new(),
-                },
-                prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                    template: format!("{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2}\n# customized"),
-                },
-                response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                    style: DesktopSummaryResponseStyle::Compact,
-                    shape: DesktopSummaryOutputShape::Layered,
-                },
-                storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                    trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                    backend: DesktopSummaryStorageBackend::HiddenRef,
-                },
-                source_mode: DesktopSummarySourceMode::SessionOnly,
-                batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                    execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                    scope: DesktopSummaryBatchScope::All,
-                    recent_days: 45,
-                },
-            }),
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::FullContext,
-                qa_enabled: true,
-                max_context_chars: 18_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: true,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: Some("sk-test-key".to_string()),
-                },
-            }),
-            lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
-                enabled: true,
-                session_ttl_days: 45,
-                summary_ttl_days: 60,
-                cleanup_interval_secs: 120,
-            }),
-        })
-        .expect("update runtime settings");
-        assert_eq!(updated.session_default_view, "compressed");
-
-        let loaded = desktop_get_runtime_settings().expect("load runtime settings");
-        assert_eq!(loaded.session_default_view, "compressed");
-        assert_eq!(
-            loaded.summary.provider.id,
-            DesktopSummaryProviderId::Disabled
-        );
-        assert_eq!(
-            loaded.summary.response.style,
-            DesktopSummaryResponseStyle::Compact
-        );
-        assert_eq!(
-            loaded.summary.storage.backend,
-            DesktopSummaryStorageBackend::HiddenRef
-        );
-        assert_eq!(
-            loaded.summary.source_mode,
-            DesktopSummarySourceMode::SessionOnly
-        );
-        assert_eq!(
-            loaded.summary.batch.execution_mode,
-            DesktopSummaryBatchExecutionMode::Manual
-        );
-        assert_eq!(loaded.summary.batch.scope, DesktopSummaryBatchScope::All);
-        assert_eq!(loaded.summary.batch.recent_days, 45);
-        assert!(loaded.summary.prompt.template.contains("customized"));
-        assert!(loaded.change_reader.enabled);
-        assert_eq!(
-            loaded.change_reader.scope,
-            DesktopChangeReaderScope::FullContext
-        );
-        assert!(loaded.change_reader.qa_enabled);
-        assert_eq!(loaded.change_reader.max_context_chars, 18_000);
-        assert!(loaded.change_reader.voice.enabled);
-        assert_eq!(
-            loaded.change_reader.voice.provider,
-            DesktopChangeReaderVoiceProvider::Openai
-        );
-        assert_eq!(loaded.change_reader.voice.model, "gpt-4o-mini-tts");
-        assert_eq!(loaded.change_reader.voice.voice, "alloy");
-        assert!(loaded.change_reader.voice.api_key_configured);
-        assert!(loaded.lifecycle.enabled);
-        assert_eq!(loaded.lifecycle.session_ttl_days, 45);
-        assert_eq!(loaded.lifecycle.summary_ttl_days, 60);
-        assert_eq!(loaded.lifecycle.cleanup_interval_secs, 120);
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_migrates_summary_storage_local_db_to_hidden_ref() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-home");
-        let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-db");
-        let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-repo");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-        init_test_git_repo(&repo_root);
-
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-        let mut session = build_test_session("storage-migrate-local-to-hidden");
-        session.context.attributes.insert(
-            "cwd".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        let source_path = repo_root.join("storage-migrate-local-to-hidden.hail.jsonl");
-        std::fs::write(
-            &source_path,
-            session.to_jsonl().expect("serialize session jsonl"),
-        )
-        .expect("write session source");
-        db.upsert_local_session(
-            &session,
-            source_path
-                .to_str()
-                .expect("session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session");
-        db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "storage-migrate-local-to-hidden",
-            summary_json: r#"{"changes":"migrated","auth_security":"none detected","layer_file_changes":[]}"#,
-            generated_at: "2026-03-05T10:00:00Z",
-            provider: "codex_exec",
-            model: Some("gpt-5"),
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: Some("migrate-fingerprint"),
-            source_details_json: Some(r#"{"source":"session"}"#),
-            diff_tree_json: Some(r#"[]"#),
-            error: None,
-        })
-        .expect("insert local summary");
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::LocalDb,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary backend to local_db");
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::HiddenRef,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("switch summary backend to hidden_ref");
-
-        let migrated = NativeGitStorage
-            .load_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                "storage-migrate-local-to-hidden",
-            )
-            .expect("load migrated hidden_ref summary")
-            .expect("migrated hidden_ref summary should exist");
-        assert_eq!(migrated.provider, "codex_exec");
-        assert_eq!(migrated.summary["changes"], "migrated");
-        assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-        let _ = std::fs::remove_dir_all(&repo_root);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_migrates_summary_storage_hidden_ref_to_local_db() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-home");
-        let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-db");
-        let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-repo");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-        init_test_git_repo(&repo_root);
-
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-        let mut session = build_test_session("storage-migrate-hidden-to-local");
-        session.context.attributes.insert(
-            "cwd".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        let source_path = repo_root.join("storage-migrate-hidden-to-local.hail.jsonl");
-        std::fs::write(
-            &source_path,
-            session.to_jsonl().expect("serialize session jsonl"),
-        )
-        .expect("write session source");
-        db.upsert_local_session(
-            &session,
-            source_path
-                .to_str()
-                .expect("session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session");
-
-        let hidden_record = SessionSummaryLedgerRecord {
-            session_id: "storage-migrate-hidden-to-local".to_string(),
-            generated_at: "2026-03-05T11:00:00Z".to_string(),
-            provider: "codex_exec".to_string(),
-            model: Some("gpt-5".to_string()),
-            source_kind: "session_signals".to_string(),
-            generation_kind: "provider".to_string(),
-            prompt_fingerprint: Some("hidden-fingerprint".to_string()),
-            summary: json!({
-                "changes": "from-hidden",
-                "auth_security": "none detected",
-                "layer_file_changes": []
-            }),
-            source_details: json!({ "source": "hidden_ref" }),
-            diff_tree: Vec::new(),
-            error: None,
-        };
-        NativeGitStorage
-            .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &hidden_record)
-            .expect("store hidden_ref summary");
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::HiddenRef,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary backend to hidden_ref");
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::LocalDb,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("switch summary backend to local_db");
-
-        let migrated = db
-            .get_session_semantic_summary("storage-migrate-hidden-to-local")
-            .expect("read migrated local summary")
-            .expect("migrated local summary should exist");
-        assert_eq!(migrated.provider, "codex_exec");
-        let migrated_summary: serde_json::Value =
-            serde_json::from_str(&migrated.summary_json).expect("parse migrated summary");
-        assert_eq!(migrated_summary["changes"], "from-hidden");
-        assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-        let _ = std::fs::remove_dir_all(&repo_root);
-    }
-
-    #[test]
-    fn desktop_lifecycle_cleanup_deletes_expired_sessions_without_daemon() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_root = unique_temp_dir("opensession-desktop-lifecycle-cleanup");
-        let repo_root = temp_root.join("repo");
-        std::fs::create_dir_all(&repo_root).expect("create repo root");
-        init_test_git_repo(&repo_root);
-
-        let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
-
-        let mut expired = build_test_session("expired-session");
-        expired.context.created_at = chrono::Utc::now() - chrono::Duration::days(45);
-        expired.context.updated_at = expired.context.created_at;
-        expired.context.attributes.insert(
-            "cwd".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        let expired_source = repo_root.join("expired-session.hail.jsonl");
-        std::fs::write(
-            &expired_source,
-            expired.to_jsonl().expect("serialize expired session"),
-        )
-        .expect("write expired session source");
-        db.upsert_local_session(
-            &expired,
-            expired_source
-                .to_str()
-                .expect("expired session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert expired session");
-
-        let mut recent = build_test_session("recent-session");
-        recent.context.created_at = chrono::Utc::now() - chrono::Duration::days(5);
-        recent.context.updated_at = recent.context.created_at;
-        recent.context.attributes.insert(
-            "cwd".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        let recent_source = repo_root.join("recent-session.hail.jsonl");
-        std::fs::write(
-            &recent_source,
-            recent.to_jsonl().expect("serialize recent session"),
-        )
-        .expect("write recent session source");
-        db.upsert_local_session(
-            &recent,
-            recent_source
-                .to_str()
-                .expect("recent session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert recent session");
-
-        let storage = NativeGitStorage;
-        storage
-            .store_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                &SessionSummaryLedgerRecord {
-                    session_id: "expired-session".to_string(),
-                    generated_at: "2026-01-01T00:00:00Z".to_string(),
-                    provider: "codex_exec".to_string(),
-                    model: None,
-                    source_kind: "session_signals".to_string(),
-                    generation_kind: "provider".to_string(),
-                    prompt_fingerprint: None,
-                    summary: json!({ "changes": "expired" }),
-                    source_details: json!({}),
-                    diff_tree: vec![],
-                    error: None,
-                },
-            )
-            .expect("store expired hidden_ref summary");
-        storage
-            .store_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                &SessionSummaryLedgerRecord {
-                    session_id: "recent-session".to_string(),
-                    generated_at: "2026-01-01T00:00:00Z".to_string(),
-                    provider: "codex_exec".to_string(),
-                    model: None,
-                    source_kind: "session_signals".to_string(),
-                    generation_kind: "provider".to_string(),
-                    prompt_fingerprint: None,
-                    summary: json!({ "changes": "recent" }),
-                    source_details: json!({}),
-                    diff_tree: vec![],
-                    error: None,
-                },
-            )
-            .expect("store recent hidden_ref summary");
-
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = true;
-        config.lifecycle.session_ttl_days = 30;
-        config.lifecycle.summary_ttl_days = 30;
-        config.lifecycle.cleanup_interval_secs = 60;
-
-        super::run_desktop_lifecycle_cleanup_once_with_db(&config, &db)
-            .expect("run desktop lifecycle cleanup");
-
-        let lifecycle_status = super::desktop_lifecycle_cleanup_status_from_db(&db)
-            .expect("read lifecycle cleanup status");
-        assert_eq!(
-            lifecycle_status.state,
-            DesktopLifecycleCleanupState::Complete
-        );
-        assert_eq!(lifecycle_status.deleted_sessions, 1);
-        assert_eq!(lifecycle_status.deleted_summaries, 1);
-        assert!(
-            lifecycle_status
-                .message
-                .as_deref()
-                .unwrap_or_default()
-                .contains("Deleted 1 sessions"),
-            "cleanup status should summarize deleted rows"
-        );
-        assert!(lifecycle_status.started_at.is_some());
-        assert!(lifecycle_status.finished_at.is_some());
-
-        assert!(
-            db.get_session_by_id("expired-session")
-                .expect("query expired session")
-                .is_none(),
-            "expired session should be deleted by desktop lifecycle cleanup"
-        );
-        assert!(
-            db.get_session_by_id("recent-session")
-                .expect("query recent session")
-                .is_some(),
-            "recent session should remain after desktop lifecycle cleanup"
-        );
-        assert!(
-            storage
-                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
-                .expect("load expired hidden_ref summary")
-                .is_none(),
-            "expired hidden_ref summary should be deleted by desktop lifecycle cleanup"
-        );
-        assert!(
-            storage
-                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "recent-session")
-                .expect("load recent hidden_ref summary")
-                .is_some(),
-            "recent hidden_ref summary should remain after desktop lifecycle cleanup"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_root);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_rejects_non_session_only_source_mode() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-source-lock");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(DesktopRuntimeSummarySettingsUpdate {
-                provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                    id: DesktopSummaryProviderId::Disabled,
-                    endpoint: String::new(),
-                    model: String::new(),
-                },
-                prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                    template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-                },
-                response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                    style: DesktopSummaryResponseStyle::Standard,
-                    shape: DesktopSummaryOutputShape::Layered,
-                },
-                storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                    trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                    backend: DesktopSummaryStorageBackend::HiddenRef,
-                },
-                source_mode: DesktopSummarySourceMode::SessionOrGitChanges,
-                batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                    execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                    scope: DesktopSummaryBatchScope::RecentDays,
-                    recent_days: 30,
-                },
-            }),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        });
-
-        let error = result.expect_err("source mode lock should reject update");
-        assert_eq!(error.status, 422);
-        assert_eq!(error.code, "desktop.runtime_settings_source_mode_locked");
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_rejects_zero_summary_batch_recent_days() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-summary-batch-invalid");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(DesktopRuntimeSummarySettingsUpdate {
-                provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                    id: DesktopSummaryProviderId::Disabled,
-                    endpoint: String::new(),
-                    model: String::new(),
-                },
-                prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                    template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-                },
-                response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                    style: DesktopSummaryResponseStyle::Standard,
-                    shape: DesktopSummaryOutputShape::Layered,
-                },
-                storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                    trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                    backend: DesktopSummaryStorageBackend::HiddenRef,
-                },
-                source_mode: DesktopSummarySourceMode::SessionOnly,
-                batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                    execution_mode: DesktopSummaryBatchExecutionMode::OnAppStart,
-                    scope: DesktopSummaryBatchScope::RecentDays,
-                    recent_days: 0,
-                },
-            }),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        });
-
-        let error = result.expect_err("recent_days=0 should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(
-            error.code,
-            "desktop.runtime_settings_invalid_summary_batch_recent_days"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_rejects_short_lifecycle_interval() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-runtime-lifecycle-invalid");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: None,
-            lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
-                enabled: true,
-                session_ttl_days: 30,
-                summary_ttl_days: 30,
-                cleanup_interval_secs: 59,
-            }),
-        });
-
-        let error = result.expect_err("cleanup interval under 60 should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(
-            error.code,
-            "desktop.runtime_settings_invalid_cleanup_interval"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_summary_batch_run_and_status_complete_when_no_sessions() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-summary-batch-home");
-        let temp_db = unique_temp_dir("opensession-desktop-summary-batch-db");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(DesktopRuntimeSummarySettingsUpdate {
-                provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                    id: DesktopSummaryProviderId::Disabled,
-                    endpoint: String::new(),
-                    model: String::new(),
-                },
-                prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                    template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-                },
-                response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                    style: DesktopSummaryResponseStyle::Standard,
-                    shape: DesktopSummaryOutputShape::Layered,
-                },
-                storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                    trigger: DesktopSummaryTriggerMode::Manual,
-                    backend: DesktopSummaryStorageBackend::None,
-                },
-                source_mode: DesktopSummarySourceMode::SessionOnly,
-                batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                    execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                    scope: DesktopSummaryBatchScope::All,
-                    recent_days: 30,
-                },
-            }),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary batch config");
-
-        let started = desktop_summary_batch_run().expect("start summary batch");
-        assert!(
-            matches!(
-                started.state,
-                DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-            ),
-            "initial state should be running or complete"
-        );
-
-        let mut final_state = started;
-        for _ in 0..40 {
-            final_state = desktop_summary_batch_status().expect("read batch status");
-            if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-                break;
-            }
-            std::thread::sleep(Duration::from_millis(25));
-        }
-
-        assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-        assert_eq!(final_state.total_sessions, 0);
-        assert_eq!(final_state.processed_sessions, 0);
-        assert_eq!(final_state.failed_sessions, 0);
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-    }
-
-    #[test]
-    fn desktop_summary_batch_skips_sessions_with_missing_source_files() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-summary-batch-skip-home");
-        let temp_db = unique_temp_dir("opensession-desktop-summary-batch-skip-db");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(DesktopRuntimeSummarySettingsUpdate {
-                provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                    id: DesktopSummaryProviderId::Disabled,
-                    endpoint: String::new(),
-                    model: String::new(),
-                },
-                prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                    template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-                },
-                response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                    style: DesktopSummaryResponseStyle::Standard,
-                    shape: DesktopSummaryOutputShape::Layered,
-                },
-                storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                    trigger: DesktopSummaryTriggerMode::Manual,
-                    backend: DesktopSummaryStorageBackend::None,
-                },
-                source_mode: DesktopSummarySourceMode::SessionOnly,
-                batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                    execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                    scope: DesktopSummaryBatchScope::All,
-                    recent_days: 30,
-                },
-            }),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary batch config");
-
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-        let session = build_test_session("missing-source-session");
-        let missing_source = temp_db.join("missing-source-session.jsonl");
-        db.upsert_local_session(
-            &session,
-            missing_source
-                .to_str()
-                .expect("missing source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session with missing source path");
-
-        let started = desktop_summary_batch_run().expect("start summary batch");
-        assert!(
-            matches!(
-                started.state,
-                DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-            ),
-            "initial state should be running or complete"
-        );
-
-        let mut final_state = started;
-        for _ in 0..40 {
-            final_state = desktop_summary_batch_status().expect("read batch status");
-            if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-                break;
-            }
-            std::thread::sleep(Duration::from_millis(25));
-        }
-
-        assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-        assert_eq!(final_state.total_sessions, 1);
-        assert_eq!(final_state.processed_sessions, 1);
-        assert_eq!(final_state.failed_sessions, 0);
-        assert!(
-            final_state
-                .message
-                .as_deref()
-                .is_some_and(|message| message.contains("skipped missing sources"))
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-    }
-
-    #[test]
-    fn desktop_summary_batch_skips_sessions_with_existing_local_db_summaries() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-summary-batch-local-summary-home");
-        let temp_db = unique_temp_dir("opensession-desktop-summary-batch-local-summary-db");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::HiddenRef,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary batch config");
-
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-        let session = build_test_session("existing-local-summary-session");
-        let missing_source = temp_db.join("existing-local-summary-session.jsonl");
-        db.upsert_local_session(
-            &session,
-            missing_source
-                .to_str()
-                .expect("missing source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session with missing source path");
-        db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "existing-local-summary-session",
-            summary_json: r#"{"changes":"cached","auth_security":"none detected","layer_file_changes":[]}"#,
-            generated_at: "2026-03-06T01:00:00Z",
-            provider: "codex_exec",
-            model: Some("gpt-5"),
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: Some("local-cache"),
-            source_details_json: Some(r#"{"source":"local_db"}"#),
-            diff_tree_json: Some(r#"[]"#),
-            error: None,
-        })
-        .expect("insert local summary");
-
-        let started = desktop_summary_batch_run().expect("start summary batch");
-        assert!(
-            matches!(
-                started.state,
-                DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-            ),
-            "initial state should be running or complete"
-        );
-
-        let mut final_state = started;
-        for _ in 0..40 {
-            final_state = desktop_summary_batch_status().expect("read batch status");
-            if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-                break;
-            }
-            std::thread::sleep(Duration::from_millis(25));
-        }
-
-        assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-        assert_eq!(final_state.total_sessions, 0);
-        assert_eq!(final_state.processed_sessions, 0);
-        assert_eq!(final_state.failed_sessions, 0);
-        assert!(
-            final_state
-                .message
-                .as_deref()
-                .is_some_and(|message| message.contains("already summarized"))
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-    }
-
-    #[test]
-    fn desktop_summary_batch_skips_sessions_with_existing_hidden_ref_summaries() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-home");
-        let temp_db = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-db");
-        let repo_root = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-repo");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-        let _db_env = EnvVarGuard::set(
-            "OPENSESSION_LOCAL_DB_PATH",
-            temp_db.join("local.db").as_os_str(),
-        );
-        init_test_git_repo(&repo_root);
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: Some(summary_settings_update_with_backend(
-                DesktopSummaryStorageBackend::LocalDb,
-            )),
-            vector_search: None,
-            change_reader: None,
-            lifecycle: None,
-        })
-        .expect("set summary batch config");
-
-        let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-        let mut session = build_test_session("existing-hidden-summary-session");
-        session.context.attributes.insert(
-            "cwd".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        let missing_source = repo_root.join("existing-hidden-summary-session.jsonl");
-        db.upsert_local_session(
-            &session,
-            missing_source
-                .to_str()
-                .expect("missing source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session with missing source path");
-        NativeGitStorage
-            .store_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                &SessionSummaryLedgerRecord {
-                    session_id: "existing-hidden-summary-session".to_string(),
-                    generated_at: "2026-03-06T02:00:00Z".to_string(),
-                    provider: "codex_exec".to_string(),
-                    model: Some("gpt-5".to_string()),
-                    source_kind: "session_signals".to_string(),
-                    generation_kind: "provider".to_string(),
-                    prompt_fingerprint: Some("hidden-cache".to_string()),
-                    summary: json!({
-                        "changes": "cached",
-                        "auth_security": "none detected",
-                        "layer_file_changes": []
-                    }),
-                    source_details: json!({ "source": "hidden_ref" }),
-                    diff_tree: Vec::new(),
-                    error: None,
-                },
-            )
-            .expect("store hidden_ref summary");
-
-        let started = desktop_summary_batch_run().expect("start summary batch");
-        assert!(
-            matches!(
-                started.state,
-                DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-            ),
-            "initial state should be running or complete"
-        );
-
-        let mut final_state = started;
-        for _ in 0..40 {
-            final_state = desktop_summary_batch_status().expect("read batch status");
-            if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-                break;
-            }
-            std::thread::sleep(Duration::from_millis(25));
-        }
-
-        assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-        assert_eq!(final_state.total_sessions, 0);
-        assert_eq!(final_state.processed_sessions, 0);
-        assert_eq!(final_state.failed_sessions, 0);
-        assert!(
-            final_state
-                .message
-                .as_deref()
-                .is_some_and(|message| message.contains("already summarized"))
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-        let _ = std::fs::remove_dir_all(&temp_db);
-        let _ = std::fs::remove_dir_all(&repo_root);
-    }
-
-    #[test]
-    fn desktop_change_reader_requires_enabled_setting() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-change-reader-disabled");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let result = tauri::async_runtime::block_on(desktop_read_session_changes(
-            DesktopChangeReadRequest {
-                session_id: "session-1".to_string(),
-                scope: None,
-            },
-        ));
-        let error = result.expect_err("disabled change reader should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(error.code, "desktop.change_reader_disabled");
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn require_non_empty_request_field_trims_surrounding_whitespace() {
-        let value = require_non_empty_request_field(
-            "  session-1 \n",
-            "desktop.test_invalid_request",
-            "session_id",
-        )
-        .expect("trimmed field should be accepted");
-        assert_eq!(value, "session-1");
-    }
-
-    #[test]
-    fn require_non_empty_request_field_rejects_blank_values() {
-        let error =
-            require_non_empty_request_field(" \n\t ", "desktop.test_invalid_request", "session_id")
-                .expect_err("blank field should be rejected");
-        assert_eq!(error.status, 400);
-        assert_eq!(error.code, "desktop.test_invalid_request");
-        assert_eq!(error.message, "session_id is required");
-    }
-
-    #[test]
-    fn desktop_change_reader_qa_respects_toggle() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-change-reader-qa-disabled");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::SummaryOnly,
-                qa_enabled: false,
-                max_context_chars: 12_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: false,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: None,
-                },
-            }),
-            lifecycle: None,
-        })
-        .expect("enable change reader with qa disabled");
-
-        let result = tauri::async_runtime::block_on(desktop_ask_session_changes(
-            DesktopChangeQuestionRequest {
-                session_id: "session-1".to_string(),
-                question: "무엇이 바뀌었나요?".to_string(),
-                scope: None,
-            },
-        ));
-        let error = result.expect_err("qa disabled should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(error.code, "desktop.change_reader_qa_disabled");
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_rejects_voice_playback_without_api_key() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-required");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::SummaryOnly,
-                qa_enabled: true,
-                max_context_chars: 12_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: true,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: None,
-                },
-            }),
-            lifecycle: None,
-        });
-
-        let error = result.expect_err("voice playback without api key should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(
-            error.code,
-            "desktop.runtime_settings_change_reader_voice_api_key_required"
-        );
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_runtime_settings_allows_voice_playback_with_existing_api_key() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-existing");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::SummaryOnly,
-                qa_enabled: true,
-                max_context_chars: 12_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: false,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: Some("sk-existing-voice-key".to_string()),
-                },
-            }),
-            lifecycle: None,
-        })
-        .expect("store existing voice api key");
-
-        let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::SummaryOnly,
-                qa_enabled: true,
-                max_context_chars: 12_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: true,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: None,
-                },
-            }),
-            lifecycle: None,
-        })
-        .expect("enable voice playback with existing api key");
-
-        assert!(updated.change_reader.voice.enabled);
-        assert!(updated.change_reader.voice.api_key_configured);
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn desktop_change_reader_tts_requires_voice_enable() {
-        let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-        let temp_home = unique_temp_dir("opensession-desktop-change-reader-tts-disabled");
-        let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-        desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-            session_default_view: None,
-            summary: None,
-            vector_search: None,
-            change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-                enabled: true,
-                scope: DesktopChangeReaderScope::SummaryOnly,
-                qa_enabled: true,
-                max_context_chars: 12_000,
-                voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                    enabled: false,
-                    provider: DesktopChangeReaderVoiceProvider::Openai,
-                    model: "gpt-4o-mini-tts".to_string(),
-                    voice: "alloy".to_string(),
-                    api_key: None,
-                },
-            }),
-            lifecycle: None,
-        })
-        .expect("enable change reader with voice disabled");
-
-        let result = desktop_change_reader_tts(DesktopChangeReaderTtsRequest {
-            text: "변경 내용을 읽어줘".to_string(),
-            session_id: None,
-            scope: None,
-        });
-        let error = result.expect_err("voice disabled should fail");
-        assert_eq!(error.status, 422);
-        assert_eq!(error.code, "desktop.change_reader_tts_disabled");
-
-        let _ = std::fs::remove_dir_all(&temp_home);
-    }
-
-    #[test]
-    fn handoff_build_writes_artifact_record_and_pin() {
-        let unique = SystemTime::now()
-            .duration_since(UNIX_EPOCH)
-            .expect("time should be monotonic")
-            .as_nanos();
-        let repo_root = std::env::temp_dir().join(format!("opensession-desktop-handoff-{unique}"));
-        let git_dir = repo_root.join(".git");
-        std::fs::create_dir_all(&git_dir).expect("create repo .git");
-
-        let mut session = HailSession::new(
-            "session-handoff-test".to_string(),
-            Agent {
-                provider: "openai".to_string(),
-                model: "gpt-5".to_string(),
-                tool: "codex".to_string(),
-                tool_version: None,
-            },
-        );
-        session.recompute_stats();
-        let normalized = session.to_jsonl().expect("serialize session");
-
-        let response =
-            build_handoff_artifact_record(&normalized, session, true, &repo_root).expect("build");
-        let hash = response
-            .artifact_uri
-            .strip_prefix("os://artifact/")
-            .expect("artifact uri prefix");
-        assert_eq!(hash.len(), 64);
-        assert_eq!(response.pinned_alias.as_deref(), Some("latest"));
-        let expected_download_file_name = format!("handoff-{hash}.jsonl");
-        assert_eq!(
-            response.download_file_name.as_deref(),
-            Some(expected_download_file_name.as_str())
-        );
-        assert!(
-            response.download_content.as_deref().is_some_and(
-                |value| value.contains("\"source_session_id\":\"session-handoff-test\"")
-            )
-        );
-
-        let artifact_path = repo_root
-            .join(".opensession")
-            .join("artifacts")
-            .join("sha256")
-            .join(&hash[0..2])
-            .join(&hash[2..4])
-            .join(format!("{hash}.json"));
-        assert!(artifact_path.exists());
-
-        let pin_path = repo_root
-            .join(".opensession")
-            .join("artifacts")
-            .join("pins")
-            .join("latest");
-        let pin_hash = std::fs::read_to_string(&pin_path).expect("read pin hash");
-        assert_eq!(pin_hash.trim(), hash);
-
-        let _ = std::fs::remove_dir_all(&repo_root);
-    }
-}
+mod main_tests;
diff --git a/desktop/src-tauri/src/main_tests.rs b/desktop/src-tauri/src/main_tests.rs
new file mode 100644
index 00000000..432d1b3e
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests.rs
@@ -0,0 +1,1968 @@
+use super::{
+    DesktopSessionListQuery, SearchMode, build_local_filter_with_mode,
+    build_vector_chunks_for_session, cosine_similarity, desktop_ask_session_changes,
+    desktop_change_reader_tts, desktop_get_contract_version, desktop_get_runtime_settings,
+    desktop_get_session_detail, desktop_get_session_raw, desktop_list_sessions,
+    desktop_read_session_changes, desktop_summary_batch_run, desktop_summary_batch_status,
+    desktop_update_runtime_settings, extract_vector_lines, force_refresh_discovery_tools,
+    map_link_type, normalize_launch_route, normalize_session_body_to_hail_jsonl,
+    require_non_empty_request_field, session_summary_from_local_row,
+    validate_vector_preflight_ready,
+};
+use crate::app::handoff::{
+    artifact_path_for_hash, build_handoff_artifact_record, canonicalize_summaries,
+    desktop_share_session_quick, parse_cli_quick_share_response, validate_pin_alias,
+};
+use crate::app::session_query::split_search_mode;
+use opensession_api::{
+    DesktopChangeQuestionRequest, DesktopChangeReadRequest, DesktopChangeReaderScope,
+    DesktopChangeReaderTtsRequest, DesktopChangeReaderVoiceProvider, DesktopLifecycleCleanupState,
+    DesktopQuickShareRequest, DesktopRuntimeChangeReaderSettingsUpdate,
+    DesktopRuntimeChangeReaderVoiceSettingsUpdate, DesktopRuntimeLifecycleSettingsUpdate,
+    DesktopRuntimeSettingsUpdateRequest, DesktopRuntimeSummaryBatchSettingsUpdate,
+    DesktopRuntimeSummaryPromptSettingsUpdate, DesktopRuntimeSummaryProviderSettingsUpdate,
+    DesktopRuntimeSummaryResponseSettingsUpdate, DesktopRuntimeSummarySettingsUpdate,
+    DesktopRuntimeSummaryStorageSettingsUpdate, DesktopSummaryBatchExecutionMode,
+    DesktopSummaryBatchScope, DesktopSummaryBatchState, DesktopSummaryOutputShape,
+    DesktopSummaryProviderId, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
+    DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorInstallState,
+    DesktopVectorPreflightResponse, DesktopVectorSearchProvider,
+};
+use opensession_core::handoff::HandoffSummary;
+use opensession_core::trace::{Agent, Content, Event, EventType, Session as HailSession};
+use opensession_git_native::{NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord};
+use opensession_local_db::git::GitContext;
+use opensession_local_db::{LocalDb, VectorIndexJobRow};
+use opensession_runtime_config::DaemonConfig;
+use opensession_summary::DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2;
+use serde_json::json;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use std::sync::{LazyLock, Mutex};
+use std::time::{Duration, SystemTime, UNIX_EPOCH};
+
+static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
+
+fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
+    // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
+    // which serializes the affected test cases and avoids concurrent environment access.
+    unsafe { std::env::set_var(key, value) };
+}
+
+fn remove_env_for_test(key: &str) {
+    // SAFETY: desktop tests mutate process environment only while holding TEST_ENV_LOCK,
+    // which serializes the affected test cases and avoids concurrent environment access.
+    unsafe { std::env::remove_var(key) };
+}
+
+struct EnvVarGuard {
+    key: String,
+    previous: Option<String>,
+}
+
+impl EnvVarGuard {
+    fn set(key: &str, value: impl AsRef<std::ffi::OsStr>) -> Self {
+        let previous = std::env::var(key).ok();
+        set_env_for_test(key, value);
+        Self {
+            key: key.to_string(),
+            previous,
+        }
+    }
+}
+
+impl Drop for EnvVarGuard {
+    fn drop(&mut self) {
+        if let Some(previous) = self.previous.take() {
+            set_env_for_test(&self.key, previous);
+        } else {
+            remove_env_for_test(&self.key);
+        }
+    }
+}
+
+fn unique_temp_dir(prefix: &str) -> PathBuf {
+    let unique = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("time should be monotonic")
+        .as_nanos();
+    let path = std::env::temp_dir().join(format!("{prefix}-{unique}"));
+    std::fs::create_dir_all(&path).expect("create test temp dir");
+    path
+}
+
+fn init_test_git_repo(path: &Path) {
+    let output = Command::new("git")
+        .arg("init")
+        .arg("--quiet")
+        .arg(path)
+        .output()
+        .expect("run git init");
+    assert!(
+        output.status.success(),
+        "git init failed: {}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}
+
+fn build_test_session(session_id: &str) -> HailSession {
+    let mut session = HailSession::new(
+        session_id.to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session.events.push(Event {
+        event_id: "evt-1".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::UserMessage,
+        task_id: None,
+        content: Content::text("desktop test message"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    session.recompute_stats();
+    session
+}
+
+fn summary_settings_update_with_backend(
+    backend: DesktopSummaryStorageBackend,
+) -> DesktopRuntimeSummarySettingsUpdate {
+    DesktopRuntimeSummarySettingsUpdate {
+        provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+            id: DesktopSummaryProviderId::Disabled,
+            endpoint: String::new(),
+            model: String::new(),
+        },
+        prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+            template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+        },
+        response: DesktopRuntimeSummaryResponseSettingsUpdate {
+            style: DesktopSummaryResponseStyle::Standard,
+            shape: DesktopSummaryOutputShape::Layered,
+        },
+        storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+            trigger: DesktopSummaryTriggerMode::OnSessionSave,
+            backend,
+        },
+        source_mode: DesktopSummarySourceMode::SessionOnly,
+        batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+            execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+            scope: DesktopSummaryBatchScope::All,
+            recent_days: 30,
+        },
+    }
+}
+
+fn sample_row() -> opensession_local_db::LocalSessionRow {
+    opensession_local_db::LocalSessionRow {
+        id: "s1".to_string(),
+        source_path: Some("/tmp/s1.hail.jsonl".to_string()),
+        sync_status: "local_only".to_string(),
+        last_synced_at: None,
+        user_id: None,
+        nickname: None,
+        team_id: Some("personal".to_string()),
+        tool: "codex".to_string(),
+        agent_provider: Some("openai".to_string()),
+        agent_model: Some("gpt-5".to_string()),
+        title: Some("Sample".to_string()),
+        description: Some("sample session".to_string()),
+        tags: Some("tag1,tag2".to_string()),
+        created_at: "2026-03-03T00:00:00Z".to_string(),
+        uploaded_at: None,
+        message_count: 5,
+        user_message_count: 2,
+        task_count: 1,
+        event_count: 20,
+        duration_seconds: 120,
+        total_input_tokens: 100,
+        total_output_tokens: 40,
+        git_remote: None,
+        git_branch: None,
+        git_commit: None,
+        git_repo_name: None,
+        pr_number: None,
+        pr_url: None,
+        working_directory: None,
+        files_modified: None,
+        files_read: None,
+        has_errors: false,
+        max_active_agents: 1,
+        is_auxiliary: false,
+    }
+}
+
+#[test]
+fn list_filter_defaults_page_and_per_page() {
+    let (filter, page, per_page, mode) =
+        build_local_filter_with_mode(DesktopSessionListQuery::default());
+    assert_eq!(page, 1);
+    assert_eq!(per_page, 20);
+    assert_eq!(mode, SearchMode::Keyword);
+    assert_eq!(filter.limit, Some(20));
+    assert_eq!(filter.offset, Some(0));
+    assert!(filter.exclude_low_signal);
+}
+
+#[test]
+fn list_filter_parses_sort_and_range_values() {
+    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
+        page: Some("2".to_string()),
+        per_page: Some("30".to_string()),
+        search: Some("fix".to_string()),
+        tool: Some("codex".to_string()),
+        git_repo_name: Some("org/repo".to_string()),
+        sort: Some("popular".to_string()),
+        time_range: Some("7d".to_string()),
+        force_refresh: None,
+    });
+    assert_eq!(page, 2);
+    assert_eq!(per_page, 30);
+    assert_eq!(mode, SearchMode::Keyword);
+    assert_eq!(filter.search.as_deref(), Some("fix"));
+    assert_eq!(filter.tool.as_deref(), Some("codex"));
+    assert_eq!(filter.git_repo_name.as_deref(), Some("org/repo"));
+    assert_eq!(filter.offset, Some(30));
+}
+
+#[test]
+fn split_search_mode_detects_vector_prefix() {
+    let (query, mode) = split_search_mode(Some("vector: auth regression".to_string()));
+    assert_eq!(query.as_deref(), Some("auth regression"));
+    assert_eq!(mode, SearchMode::Vector);
+
+    let (query, mode) = split_search_mode(Some("fix parser".to_string()));
+    assert_eq!(query.as_deref(), Some("fix parser"));
+    assert_eq!(mode, SearchMode::Keyword);
+}
+
+#[test]
+fn list_filter_with_mode_keeps_vector_query_text() {
+    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
+        search: Some("vec: paging bug".to_string()),
+        ..DesktopSessionListQuery::default()
+    });
+    assert_eq!(page, 1);
+    assert_eq!(per_page, 20);
+    assert_eq!(mode, SearchMode::Vector);
+    assert_eq!(filter.search.as_deref(), Some("paging bug"));
+}
+
+#[test]
+fn desktop_list_sessions_hides_low_signal_metadata_only_rows() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-low-signal-filter");
+    let db_path = temp_root.join("local.db");
+    let source_path = temp_root
+        .join(".claude")
+        .join("projects")
+        .join("fixture")
+        .join("metadata-only.jsonl");
+    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
+
+    std::fs::create_dir_all(
+        source_path
+            .parent()
+            .expect("metadata-only source parent must exist"),
+    )
+    .expect("create metadata-only source dir");
+    std::fs::write(
+        &source_path,
+        r#"{"type":"file-history-snapshot","files":[]}"#,
+    )
+    .expect("write metadata-only source fixture");
+
+    let session = HailSession::new(
+        "metadata-only-session".to_string(),
+        Agent {
+            provider: "anthropic".to_string(),
+            model: "claude-3-5-sonnet".to_string(),
+            tool: "claude-code".to_string(),
+            tool_version: None,
+        },
+    );
+    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("metadata-only source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert metadata-only local session");
+
+    let listed = desktop_list_sessions(None).expect("list sessions");
+    assert!(
+        !listed
+            .sessions
+            .iter()
+            .any(|row| row.id == "metadata-only-session"),
+        "metadata-only sessions must be excluded from the default desktop session list",
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_list_sessions_force_refresh_reindexes_discovered_sessions() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-force-refresh-home");
+    let temp_db = unique_temp_dir("opensession-desktop-force-refresh-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _codex_home_env = EnvVarGuard::set("CODEX_HOME", temp_home.join(".codex").as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    let session_jsonl = [
+            r#"{"timestamp":"2026-03-05T00:00:00.097Z","type":"session_meta","payload":{"id":"force-refresh-session","timestamp":"2026-03-05T00:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+            r#"{"timestamp":"2026-03-05T00:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"force refresh regression fixture"}}"#,
+            r#"{"timestamp":"2026-03-05T00:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"done"}]}}"#,
+        ]
+        .join("\n");
+    let discovered_path = temp_home
+        .join(".codex")
+        .join("sessions")
+        .join("2026")
+        .join("03")
+        .join("05")
+        .join("rollout-force-refresh-session.jsonl");
+    std::fs::create_dir_all(
+        discovered_path
+            .parent()
+            .expect("session discovery parent must exist"),
+    )
+    .expect("create session discovery dir");
+    std::fs::write(&discovered_path, session_jsonl).expect("write discovered session");
+
+    let before = desktop_list_sessions(None).expect("list sessions before force refresh");
+    assert!(
+        !before
+            .sessions
+            .iter()
+            .any(|row| row.id == "force-refresh-session"),
+        "session should not exist in DB before force refresh reindex"
+    );
+
+    let after = desktop_list_sessions(Some(DesktopSessionListQuery {
+        force_refresh: Some(true),
+        ..DesktopSessionListQuery::default()
+    }))
+    .expect("list sessions after force refresh");
+    assert!(
+        after
+            .sessions
+            .iter()
+            .any(|row| row.id == "force-refresh-session"),
+        "force refresh should reindex discovered session"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn force_refresh_discovery_tools_skip_cursor_for_fast_path() {
+    let tools = force_refresh_discovery_tools();
+    assert!(tools.contains(&"codex"));
+    assert!(!tools.contains(&"cursor"));
+}
+
+fn ready_vector_preflight_fixture() -> DesktopVectorPreflightResponse {
+    DesktopVectorPreflightResponse {
+        provider: DesktopVectorSearchProvider::Ollama,
+        endpoint: "http://127.0.0.1:11434".to_string(),
+        model: "bge-m3".to_string(),
+        ollama_reachable: true,
+        model_installed: true,
+        install_state: DesktopVectorInstallState::Ready,
+        progress_pct: 100,
+        message: Some("model is installed and ready".to_string()),
+    }
+}
+
+#[test]
+fn validate_vector_preflight_allows_rebuild_when_vector_disabled() {
+    let preflight = ready_vector_preflight_fixture();
+    let result = validate_vector_preflight_ready(&preflight, false, false);
+    assert!(result.is_ok());
+}
+
+#[test]
+fn validate_vector_preflight_requires_enabled_for_search_path() {
+    let preflight = ready_vector_preflight_fixture();
+    let err = validate_vector_preflight_ready(&preflight, false, true)
+        .expect_err("search path should require vector enabled");
+    assert_eq!(err.code, "desktop.vector_search_disabled");
+    assert_eq!(err.status, 422);
+}
+
+#[test]
+fn persist_vector_index_failure_snapshot_preserves_progress() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_db = unique_temp_dir("opensession-desktop-vector-failure-snapshot");
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+
+    db.set_vector_index_job(&VectorIndexJobRow {
+        status: "running".to_string(),
+        processed_sessions: 7,
+        total_sessions: 42,
+        message: Some("indexing session-7".to_string()),
+        started_at: Some("2026-03-06T00:00:00Z".to_string()),
+        finished_at: None,
+    })
+    .expect("seed running vector job");
+
+    let error = super::desktop_error(
+        "desktop.vector_search_unavailable",
+        422,
+        "vector search endpoint returned HTTP 404",
+        Some(json!({
+            "endpoint": "http://127.0.0.1:11434/api/embeddings",
+            "status": 404,
+            "body": "{\"error\":\"model 'bge-m3' not found\"}",
+            "batch_endpoint": "http://127.0.0.1:11434/api/embed",
+            "batch_status": 400,
+            "batch_body": "{\"error\":\"bad request\"}",
+            "model": "bge-m3",
+            "hint": "verify embedding model exists in local ollama"
+        })),
+    );
+    super::persist_vector_index_failure_snapshot(&db, &error)
+        .expect("persist vector failure snapshot");
+
+    let snapshot = db
+        .get_vector_index_job()
+        .expect("read vector job")
+        .expect("vector job should exist");
+    assert_eq!(snapshot.status, "failed");
+    assert_eq!(snapshot.processed_sessions, 7);
+    assert_eq!(snapshot.total_sessions, 42);
+    assert_eq!(
+        snapshot.message.as_deref(),
+        Some(
+            "vector search endpoint returned HTTP 404\nReason: model 'bge-m3' not found\nHTTP: 404\nEndpoint: http://127.0.0.1:11434/api/embeddings\nBatch reason: bad request\nBatch HTTP: 400\nBatch endpoint: http://127.0.0.1:11434/api/embed\nModel: bge-m3\nAction: verify embedding model exists in local ollama"
+        )
+    );
+    assert_eq!(snapshot.started_at.as_deref(), Some("2026-03-06T00:00:00Z"));
+    assert!(snapshot.finished_at.is_some());
+
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn rebuild_vector_index_blocking_continues_after_embedding_failures() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-vector-failure-continue");
+    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
+
+    for session_id in ["vector-failure-a", "vector-failure-b"] {
+        let session = build_test_session(session_id);
+        let source_path = temp_root.join(format!("{session_id}.jsonl"));
+        std::fs::write(
+            &source_path,
+            session.to_jsonl().expect("serialize session jsonl"),
+        )
+        .expect("write session source");
+        db.upsert_local_session(
+            &session,
+            source_path
+                .to_str()
+                .expect("session source path must be valid utf-8"),
+            &GitContext::default(),
+        )
+        .expect("upsert local session");
+    }
+
+    let mut runtime = DaemonConfig::default();
+    runtime.vector_search.enabled = true;
+    runtime.vector_search.endpoint = "http://127.0.0.1:1".to_string();
+    runtime.vector_search.model = "bge-m3".to_string();
+
+    super::rebuild_vector_index_blocking(&db, &runtime)
+        .expect("skippable embedding failures should not abort rebuild");
+
+    let snapshot = db
+        .get_vector_index_job()
+        .expect("read vector job")
+        .expect("vector job should exist");
+    assert_eq!(snapshot.status, "complete");
+    assert_eq!(snapshot.processed_sessions, 2);
+    assert_eq!(snapshot.total_sessions, 2);
+    assert!(
+        snapshot
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("2 failed"))
+    );
+    assert!(
+        db.list_recent_vector_chunks_for_model("bge-m3", 10)
+            .expect("list vector chunks")
+            .is_empty(),
+        "failed sessions should not leave partial vector chunks behind"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn cosine_similarity_handles_basic_cases() {
+    let same = cosine_similarity(&[1.0, 0.0, 1.0], &[1.0, 0.0, 1.0]);
+    assert!((same - 1.0).abs() < 1e-6);
+
+    let orthogonal = cosine_similarity(&[1.0, 0.0], &[0.0, 1.0]);
+    assert!(orthogonal.abs() < 1e-6);
+
+    let mismatch = cosine_similarity(&[1.0, 2.0], &[1.0]);
+    assert_eq!(mismatch, 0.0);
+}
+
+#[test]
+fn extract_vector_lines_preserves_dot_line_tokens() {
+    let mut session = build_test_session("vector-lines");
+    session.events.push(Event {
+        event_id: "evt-dot".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text(".\nkeep-this-line"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let lines = extract_vector_lines(&session);
+    assert!(lines.iter().any(|line| line == "."));
+    assert!(lines.iter().any(|line| line.contains("keep-this-line")));
+}
+
+#[test]
+fn build_vector_chunks_applies_overlap_rules() {
+    let mut session = build_test_session("vector-chunks");
+    session.events.push(Event {
+        event_id: "evt-overlap".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text("l1\nl2\nl3"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let mut runtime = DaemonConfig::default();
+    runtime.vector_search.chunking_mode = opensession_runtime_config::VectorChunkingMode::Manual;
+    runtime.vector_search.chunk_size_lines = 2;
+    runtime.vector_search.chunk_overlap_lines = 1;
+    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
+    assert!(chunks.len() >= 2);
+    assert_eq!(chunks[0].start_line, 1);
+    assert_eq!(chunks[0].end_line, 2);
+    assert_eq!(chunks[1].start_line, 2);
+}
+
+#[test]
+fn build_vector_chunks_auto_tunes_for_small_session() {
+    let mut session = build_test_session("vector-chunks-auto");
+    session.events.push(Event {
+        event_id: "evt-auto".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text("a\nb\nc\nd\ne\nf"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let runtime = DaemonConfig::default();
+    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
+    assert_eq!(chunks[0].start_line, 1);
+    assert_eq!(chunks[0].end_line, 7);
+}
+
+#[test]
+fn normalize_launch_route_accepts_relative_session_path() {
+    assert_eq!(
+        normalize_launch_route("/sessions?git_repo_name=org%2Frepo"),
+        Some("/sessions?git_repo_name=org%2Frepo".to_string())
+    );
+}
+
+#[test]
+fn normalize_launch_route_rejects_invalid_values() {
+    assert_eq!(normalize_launch_route(""), None);
+    assert_eq!(
+        normalize_launch_route("https://opensession.io/sessions"),
+        None
+    );
+    assert_eq!(normalize_launch_route("//sessions"), None);
+}
+
+#[test]
+fn local_row_uses_created_at_when_uploaded_at_missing() {
+    let summary = session_summary_from_local_row(sample_row());
+    assert_eq!(summary.uploaded_at, "2026-03-03T00:00:00Z");
+    assert_eq!(
+        summary.score_plugin,
+        opensession_core::scoring::DEFAULT_SCORE_PLUGIN
+    );
+}
+
+#[test]
+fn unknown_link_type_falls_back_to_handoff() {
+    let link = map_link_type("unknown-link");
+    assert!(matches!(link, opensession_api::LinkType::Handoff));
+}
+
+#[test]
+fn normalize_session_body_preserves_hail_jsonl() {
+    let hail_jsonl = [
+            r#"{"type":"header","version":"hail-1.0.0","session_id":"hail-1","agent":{"provider":"openai","model":"gpt-5","tool":"codex"},"context":{"title":"Title","description":"Desc","tags":[],"created_at":"2026-03-03T00:00:00Z","updated_at":"2026-03-03T00:00:00Z","related_session_ids":[],"attributes":{}}}"#,
+            r#"{"type":"event","event_id":"e1","timestamp":"2026-03-03T00:00:00Z","event_type":{"type":"UserMessage"},"content":{"blocks":[{"type":"Text","text":"hello"}]},"attributes":{}}"#,
+            r#"{"type":"stats","event_count":1,"message_count":1,"tool_call_count":0,"task_count":0,"duration_seconds":0,"total_input_tokens":0,"total_output_tokens":0,"user_message_count":1,"files_changed":0,"lines_added":0,"lines_removed":0}"#,
+        ]
+        .join("\n");
+
+    let normalized = normalize_session_body_to_hail_jsonl(&hail_jsonl, None)
+        .expect("hail JSONL should normalize");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must remain valid hail");
+    assert_eq!(parsed.session_id, "hail-1");
+}
+
+#[test]
+fn normalize_session_body_converts_claude_jsonl() {
+    let claude_jsonl = r#"{"type":"user","uuid":"u1","sessionId":"claude-1","timestamp":"2026-03-03T00:00:00Z","message":{"role":"user","content":"hello from claude"},"cwd":"/tmp/project","gitBranch":"main"}"#;
+
+    let normalized = normalize_session_body_to_hail_jsonl(
+        claude_jsonl,
+        Some("/tmp/70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl"),
+    )
+    .expect("claude JSONL should parse into HAIL");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
+    assert_eq!(parsed.session_id, "claude-1");
+    assert_eq!(parsed.agent.tool, "claude-code");
+    assert!(!parsed.events.is_empty());
+}
+
+#[test]
+fn normalize_session_body_prefers_source_path_parser_over_extension_fallback() {
+    let temp_root = unique_temp_dir("opensession-desktop-normalize-source-path");
+    let source_path = temp_root
+        .join(".claude")
+        .join("projects")
+        .join("fixture")
+        .join("f0639ede-3aac-4f67-a979-b175ea5f9557.jsonl");
+    std::fs::create_dir_all(
+        source_path
+            .parent()
+            .expect("claude fixture parent directory must exist"),
+    )
+    .expect("create claude fixture directory");
+
+    let snapshot_only = r#"{"type":"file-history-snapshot","files":[]}"#;
+    std::fs::write(&source_path, snapshot_only).expect("write claude snapshot fixture");
+
+    let normalized = normalize_session_body_to_hail_jsonl(
+        snapshot_only,
+        Some(
+            source_path
+                .to_str()
+                .expect("fixture source path must be valid utf-8"),
+        ),
+    )
+    .expect("source-path parser should normalize claude snapshot fixture");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
+    assert_eq!(parsed.agent.tool, "claude-code");
+    assert_eq!(parsed.session_id, "f0639ede-3aac-4f67-a979-b175ea5f9557");
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_contract_version_matches_shared_constant() {
+    let payload = desktop_get_contract_version();
+    assert_eq!(
+        payload.version,
+        opensession_api::DESKTOP_IPC_CONTRACT_VERSION
+    );
+}
+
+#[test]
+fn parse_cli_quick_share_response_decodes_expected_fields() {
+    let stdout = r#"{
+  "uri": "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl",
+  "source_uri": "os://src/local/abc123",
+  "remote": "https://github.com/org/repo.git",
+  "push_cmd": "git push origin refs/opensession/branches/bWFpbg:refs/opensession/branches/bWFpbg",
+  "quick": true,
+  "pushed": true,
+  "auto_push_consent": true
+}"#;
+    let parsed = parse_cli_quick_share_response(stdout).expect("parse quick-share payload");
+    assert_eq!(parsed.source_uri, "os://src/local/abc123");
+    assert_eq!(
+        parsed.shared_uri,
+        "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl"
+    );
+    assert_eq!(parsed.remote, "https://github.com/org/repo.git");
+    assert!(parsed.pushed);
+    assert!(parsed.auto_push_consent);
+}
+
+#[test]
+fn desktop_quick_share_rejects_empty_session_id() {
+    let err = desktop_share_session_quick(DesktopQuickShareRequest {
+        session_id: "   ".to_string(),
+        remote: None,
+    })
+    .expect_err("empty session_id should fail");
+    assert_eq!(err.code, "desktop.quick_share_invalid_request");
+    assert_eq!(err.status, 400);
+}
+
+#[test]
+fn handoff_canonicalization_orders_by_session_id() {
+    let mut session_b = HailSession::new(
+        "session-b".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session_b.recompute_stats();
+    let mut session_a = HailSession::new(
+        "session-a".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session_a.recompute_stats();
+
+    let summaries = vec![
+        HandoffSummary::from_session(&session_b),
+        HandoffSummary::from_session(&session_a),
+    ];
+    let canonical = canonicalize_summaries(&summaries).expect("canonicalize summaries");
+    let first_line = canonical.lines().next().expect("canonical line");
+    assert!(first_line.contains("\"source_session_id\":\"session-a\""));
+}
+
+#[test]
+fn handoff_pin_alias_validation_rejects_spaces() {
+    assert!(validate_pin_alias("latest").is_ok());
+    assert!(validate_pin_alias("bad alias").is_err());
+}
+
+#[test]
+fn artifact_path_rejects_invalid_hash() {
+    assert!(artifact_path_for_hash(Path::new("/tmp"), "abc").is_err());
+}
+
+#[test]
+fn desktop_list_detail_raw_flow_uses_isolated_db() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-list-detail-raw");
+    let db_path = temp_root.join("local.db");
+    let source_path = temp_root.join("session.hail.jsonl");
+    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
+
+    let session = build_test_session("desktop-flow-session");
+    let session_jsonl = session.to_jsonl().expect("serialize session jsonl");
+    std::fs::write(&source_path, &session_jsonl).expect("write session source");
+
+    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+
+    let listed = desktop_list_sessions(None).expect("list sessions");
+    assert!(
+        listed
+            .sessions
+            .iter()
+            .any(|row| row.id == session.session_id),
+        "session list must include inserted session",
+    );
+
+    let detail =
+        desktop_get_session_detail(session.session_id.clone()).expect("get session detail");
+    assert_eq!(detail.summary.id, session.session_id);
+
+    let raw = desktop_get_session_raw(detail.summary.id.clone()).expect("get raw session");
+    assert!(
+        raw.contains("\"session_id\":\"desktop-flow-session\""),
+        "raw session output should include the normalized session id",
+    );
+
+    drop(db);
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_runtime_settings_update_persists_values() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-home");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: Some("compressed".to_string()),
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: format!("{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2}\n# customized"),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Compact,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::All,
+                recent_days: 45,
+            },
+        }),
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::FullContext,
+            qa_enabled: true,
+            max_context_chars: 18_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: true,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: Some("sk-test-key".to_string()),
+            },
+        }),
+        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
+            enabled: true,
+            session_ttl_days: 45,
+            summary_ttl_days: 60,
+            cleanup_interval_secs: 120,
+        }),
+    })
+    .expect("update runtime settings");
+    assert_eq!(updated.session_default_view, "compressed");
+
+    let loaded = desktop_get_runtime_settings().expect("load runtime settings");
+    assert_eq!(loaded.session_default_view, "compressed");
+    assert_eq!(
+        loaded.summary.provider.id,
+        DesktopSummaryProviderId::Disabled
+    );
+    assert_eq!(
+        loaded.summary.response.style,
+        DesktopSummaryResponseStyle::Compact
+    );
+    assert_eq!(
+        loaded.summary.storage.backend,
+        DesktopSummaryStorageBackend::HiddenRef
+    );
+    assert_eq!(
+        loaded.summary.source_mode,
+        DesktopSummarySourceMode::SessionOnly
+    );
+    assert_eq!(
+        loaded.summary.batch.execution_mode,
+        DesktopSummaryBatchExecutionMode::Manual
+    );
+    assert_eq!(loaded.summary.batch.scope, DesktopSummaryBatchScope::All);
+    assert_eq!(loaded.summary.batch.recent_days, 45);
+    assert!(loaded.summary.prompt.template.contains("customized"));
+    assert!(loaded.change_reader.enabled);
+    assert_eq!(
+        loaded.change_reader.scope,
+        DesktopChangeReaderScope::FullContext
+    );
+    assert!(loaded.change_reader.qa_enabled);
+    assert_eq!(loaded.change_reader.max_context_chars, 18_000);
+    assert!(loaded.change_reader.voice.enabled);
+    assert_eq!(
+        loaded.change_reader.voice.provider,
+        DesktopChangeReaderVoiceProvider::Openai
+    );
+    assert_eq!(loaded.change_reader.voice.model, "gpt-4o-mini-tts");
+    assert_eq!(loaded.change_reader.voice.voice, "alloy");
+    assert!(loaded.change_reader.voice.api_key_configured);
+    assert!(loaded.lifecycle.enabled);
+    assert_eq!(loaded.lifecycle.session_ttl_days, 45);
+    assert_eq!(loaded.lifecycle.summary_ttl_days, 60);
+    assert_eq!(loaded.lifecycle.cleanup_interval_secs, 120);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_migrates_summary_storage_local_db_to_hidden_ref() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-home");
+    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-db");
+    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("storage-migrate-local-to-hidden");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let source_path = repo_root.join("storage-migrate-local-to-hidden.hail.jsonl");
+    std::fs::write(
+        &source_path,
+        session.to_jsonl().expect("serialize session jsonl"),
+    )
+    .expect("write session source");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+            session_id: "storage-migrate-local-to-hidden",
+            summary_json: r#"{"changes":"migrated","auth_security":"none detected","layer_file_changes":[]}"#,
+            generated_at: "2026-03-05T10:00:00Z",
+            provider: "codex_exec",
+            model: Some("gpt-5"),
+            source_kind: "session_signals",
+            generation_kind: "provider",
+            prompt_fingerprint: Some("migrate-fingerprint"),
+            source_details_json: Some(r#"{"source":"session"}"#),
+            diff_tree_json: Some(r#"[]"#),
+            error: None,
+        })
+        .expect("insert local summary");
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary backend to local_db");
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("switch summary backend to hidden_ref");
+
+    let migrated = NativeGitStorage
+        .load_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            "storage-migrate-local-to-hidden",
+        )
+        .expect("load migrated hidden_ref summary")
+        .expect("migrated hidden_ref summary should exist");
+    assert_eq!(migrated.provider, "codex_exec");
+    assert_eq!(migrated.summary["changes"], "migrated");
+    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
+
+#[test]
+fn desktop_runtime_settings_migrates_summary_storage_hidden_ref_to_local_db() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-home");
+    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-db");
+    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("storage-migrate-hidden-to-local");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let source_path = repo_root.join("storage-migrate-hidden-to-local.hail.jsonl");
+    std::fs::write(
+        &source_path,
+        session.to_jsonl().expect("serialize session jsonl"),
+    )
+    .expect("write session source");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+
+    let hidden_record = SessionSummaryLedgerRecord {
+        session_id: "storage-migrate-hidden-to-local".to_string(),
+        generated_at: "2026-03-05T11:00:00Z".to_string(),
+        provider: "codex_exec".to_string(),
+        model: Some("gpt-5".to_string()),
+        source_kind: "session_signals".to_string(),
+        generation_kind: "provider".to_string(),
+        prompt_fingerprint: Some("hidden-fingerprint".to_string()),
+        summary: json!({
+            "changes": "from-hidden",
+            "auth_security": "none detected",
+            "layer_file_changes": []
+        }),
+        source_details: json!({ "source": "hidden_ref" }),
+        diff_tree: Vec::new(),
+        error: None,
+    };
+    NativeGitStorage
+        .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &hidden_record)
+        .expect("store hidden_ref summary");
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary backend to hidden_ref");
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("switch summary backend to local_db");
+
+    let migrated = db
+        .get_session_semantic_summary("storage-migrate-hidden-to-local")
+        .expect("read migrated local summary")
+        .expect("migrated local summary should exist");
+    assert_eq!(migrated.provider, "codex_exec");
+    let migrated_summary: serde_json::Value =
+        serde_json::from_str(&migrated.summary_json).expect("parse migrated summary");
+    assert_eq!(migrated_summary["changes"], "from-hidden");
+    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
+
+#[test]
+fn desktop_lifecycle_cleanup_deletes_expired_sessions_without_daemon() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-lifecycle-cleanup");
+    let repo_root = temp_root.join("repo");
+    std::fs::create_dir_all(&repo_root).expect("create repo root");
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
+
+    let mut expired = build_test_session("expired-session");
+    expired.context.created_at = chrono::Utc::now() - chrono::Duration::days(45);
+    expired.context.updated_at = expired.context.created_at;
+    expired.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let expired_source = repo_root.join("expired-session.hail.jsonl");
+    std::fs::write(
+        &expired_source,
+        expired.to_jsonl().expect("serialize expired session"),
+    )
+    .expect("write expired session source");
+    db.upsert_local_session(
+        &expired,
+        expired_source
+            .to_str()
+            .expect("expired session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert expired session");
+
+    let mut recent = build_test_session("recent-session");
+    recent.context.created_at = chrono::Utc::now() - chrono::Duration::days(5);
+    recent.context.updated_at = recent.context.created_at;
+    recent.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let recent_source = repo_root.join("recent-session.hail.jsonl");
+    std::fs::write(
+        &recent_source,
+        recent.to_jsonl().expect("serialize recent session"),
+    )
+    .expect("write recent session source");
+    db.upsert_local_session(
+        &recent,
+        recent_source
+            .to_str()
+            .expect("recent session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert recent session");
+
+    let storage = NativeGitStorage;
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "expired-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "expired" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store expired hidden_ref summary");
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "recent-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "recent" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store recent hidden_ref summary");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 30;
+    config.lifecycle.summary_ttl_days = 30;
+    config.lifecycle.cleanup_interval_secs = 60;
+
+    super::run_desktop_lifecycle_cleanup_once_with_db(&config, &db)
+        .expect("run desktop lifecycle cleanup");
+
+    let lifecycle_status = super::desktop_lifecycle_cleanup_status_from_db(&db)
+        .expect("read lifecycle cleanup status");
+    assert_eq!(
+        lifecycle_status.state,
+        DesktopLifecycleCleanupState::Complete
+    );
+    assert_eq!(lifecycle_status.deleted_sessions, 1);
+    assert_eq!(lifecycle_status.deleted_summaries, 1);
+    assert!(
+        lifecycle_status
+            .message
+            .as_deref()
+            .unwrap_or_default()
+            .contains("Deleted 1 sessions"),
+        "cleanup status should summarize deleted rows"
+    );
+    assert!(lifecycle_status.started_at.is_some());
+    assert!(lifecycle_status.finished_at.is_some());
+
+    assert!(
+        db.get_session_by_id("expired-session")
+            .expect("query expired session")
+            .is_none(),
+        "expired session should be deleted by desktop lifecycle cleanup"
+    );
+    assert!(
+        db.get_session_by_id("recent-session")
+            .expect("query recent session")
+            .is_some(),
+        "recent session should remain after desktop lifecycle cleanup"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
+            .expect("load expired hidden_ref summary")
+            .is_none(),
+        "expired hidden_ref summary should be deleted by desktop lifecycle cleanup"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "recent-session")
+            .expect("load recent hidden_ref summary")
+            .is_some(),
+        "recent hidden_ref summary should remain after desktop lifecycle cleanup"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_non_session_only_source_mode() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-source-lock");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOrGitChanges,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::RecentDays,
+                recent_days: 30,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("source mode lock should reject update");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.runtime_settings_source_mode_locked");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_zero_summary_batch_recent_days() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-summary-batch-invalid");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::OnAppStart,
+                scope: DesktopSummaryBatchScope::RecentDays,
+                recent_days: 0,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("recent_days=0 should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_invalid_summary_batch_recent_days"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_short_lifecycle_interval() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-lifecycle-invalid");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: None,
+        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
+            enabled: true,
+            session_ttl_days: 30,
+            summary_ttl_days: 30,
+            cleanup_interval_secs: 59,
+        }),
+    });
+
+    let error = result.expect_err("cleanup interval under 60 should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_invalid_cleanup_interval"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_summary_batch_run_and_status_complete_when_no_sessions() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::Manual,
+                backend: DesktopSummaryStorageBackend::None,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::All,
+                recent_days: 30,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let mut final_state = started;
+    for _ in 0..40 {
+        final_state = desktop_summary_batch_status().expect("read batch status");
+        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
+            break;
+        }
+        std::thread::sleep(Duration::from_millis(25));
+    }
+
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_missing_source_files() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-skip-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-skip-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::Manual,
+                backend: DesktopSummaryStorageBackend::None,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::All,
+                recent_days: 30,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let session = build_test_session("missing-source-session");
+    let missing_source = temp_db.join("missing-source-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let mut final_state = started;
+    for _ in 0..40 {
+        final_state = desktop_summary_batch_status().expect("read batch status");
+        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
+            break;
+        }
+        std::thread::sleep(Duration::from_millis(25));
+    }
+
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 1);
+    assert_eq!(final_state.processed_sessions, 1);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("skipped missing sources"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_existing_local_db_summaries() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-local-summary-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-local-summary-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let session = build_test_session("existing-local-summary-session");
+    let missing_source = temp_db.join("existing-local-summary-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+            session_id: "existing-local-summary-session",
+            summary_json: r#"{"changes":"cached","auth_security":"none detected","layer_file_changes":[]}"#,
+            generated_at: "2026-03-06T01:00:00Z",
+            provider: "codex_exec",
+            model: Some("gpt-5"),
+            source_kind: "session_signals",
+            generation_kind: "provider",
+            prompt_fingerprint: Some("local-cache"),
+            source_details_json: Some(r#"{"source":"local_db"}"#),
+            diff_tree_json: Some(r#"[]"#),
+            error: None,
+        })
+        .expect("insert local summary");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let mut final_state = started;
+    for _ in 0..40 {
+        final_state = desktop_summary_batch_status().expect("read batch status");
+        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
+            break;
+        }
+        std::thread::sleep(Duration::from_millis(25));
+    }
+
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("already summarized"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_existing_hidden_ref_summaries() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-db");
+    let repo_root = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("existing-hidden-summary-session");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let missing_source = repo_root.join("existing-hidden-summary-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+    NativeGitStorage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "existing-hidden-summary-session".to_string(),
+                generated_at: "2026-03-06T02:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: Some("gpt-5".to_string()),
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: Some("hidden-cache".to_string()),
+                summary: json!({
+                    "changes": "cached",
+                    "auth_security": "none detected",
+                    "layer_file_changes": []
+                }),
+                source_details: json!({ "source": "hidden_ref" }),
+                diff_tree: Vec::new(),
+                error: None,
+            },
+        )
+        .expect("store hidden_ref summary");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let mut final_state = started;
+    for _ in 0..40 {
+        final_state = desktop_summary_batch_status().expect("read batch status");
+        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
+            break;
+        }
+        std::thread::sleep(Duration::from_millis(25));
+    }
+
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("already summarized"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
+
+#[test]
+fn desktop_change_reader_requires_enabled_setting() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result =
+        tauri::async_runtime::block_on(desktop_read_session_changes(DesktopChangeReadRequest {
+            session_id: "session-1".to_string(),
+            scope: None,
+        }));
+    let error = result.expect_err("disabled change reader should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn require_non_empty_request_field_trims_surrounding_whitespace() {
+    let value = require_non_empty_request_field(
+        "  session-1 \n",
+        "desktop.test_invalid_request",
+        "session_id",
+    )
+    .expect("trimmed field should be accepted");
+    assert_eq!(value, "session-1");
+}
+
+#[test]
+fn require_non_empty_request_field_rejects_blank_values() {
+    let error =
+        require_non_empty_request_field(" \n\t ", "desktop.test_invalid_request", "session_id")
+            .expect_err("blank field should be rejected");
+    assert_eq!(error.status, 400);
+    assert_eq!(error.code, "desktop.test_invalid_request");
+    assert_eq!(error.message, "session_id is required");
+}
+
+#[test]
+fn desktop_change_reader_qa_respects_toggle() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-qa-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::SummaryOnly,
+            qa_enabled: false,
+            max_context_chars: 12_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: false,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: None,
+            },
+        }),
+        lifecycle: None,
+    })
+    .expect("enable change reader with qa disabled");
+
+    let result =
+        tauri::async_runtime::block_on(desktop_ask_session_changes(DesktopChangeQuestionRequest {
+            session_id: "session-1".to_string(),
+            question: "무엇이 바뀌었나요?".to_string(),
+            scope: None,
+        }));
+    let error = result.expect_err("qa disabled should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_qa_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_voice_playback_without_api_key() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-required");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::SummaryOnly,
+            qa_enabled: true,
+            max_context_chars: 12_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: true,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: None,
+            },
+        }),
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("voice playback without api key should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_change_reader_voice_api_key_required"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_allows_voice_playback_with_existing_api_key() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-existing");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::SummaryOnly,
+            qa_enabled: true,
+            max_context_chars: 12_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: false,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: Some("sk-existing-voice-key".to_string()),
+            },
+        }),
+        lifecycle: None,
+    })
+    .expect("store existing voice api key");
+
+    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::SummaryOnly,
+            qa_enabled: true,
+            max_context_chars: 12_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: true,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: None,
+            },
+        }),
+        lifecycle: None,
+    })
+    .expect("enable voice playback with existing api key");
+
+    assert!(updated.change_reader.voice.enabled);
+    assert!(updated.change_reader.voice.api_key_configured);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_change_reader_tts_requires_voice_enable() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-tts-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::SummaryOnly,
+            qa_enabled: true,
+            max_context_chars: 12_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: false,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: None,
+            },
+        }),
+        lifecycle: None,
+    })
+    .expect("enable change reader with voice disabled");
+
+    let result = desktop_change_reader_tts(DesktopChangeReaderTtsRequest {
+        text: "변경 내용을 읽어줘".to_string(),
+        session_id: None,
+        scope: None,
+    });
+    let error = result.expect_err("voice disabled should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_tts_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn handoff_build_writes_artifact_record_and_pin() {
+    let unique = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("time should be monotonic")
+        .as_nanos();
+    let repo_root = std::env::temp_dir().join(format!("opensession-desktop-handoff-{unique}"));
+    let git_dir = repo_root.join(".git");
+    std::fs::create_dir_all(&git_dir).expect("create repo .git");
+
+    let mut session = HailSession::new(
+        "session-handoff-test".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session.recompute_stats();
+    let normalized = session.to_jsonl().expect("serialize session");
+
+    let response =
+        build_handoff_artifact_record(&normalized, session, true, &repo_root).expect("build");
+    let hash = response
+        .artifact_uri
+        .strip_prefix("os://artifact/")
+        .expect("artifact uri prefix");
+    assert_eq!(hash.len(), 64);
+    assert_eq!(response.pinned_alias.as_deref(), Some("latest"));
+    let expected_download_file_name = format!("handoff-{hash}.jsonl");
+    assert_eq!(
+        response.download_file_name.as_deref(),
+        Some(expected_download_file_name.as_str())
+    );
+    assert!(
+        response
+            .download_content
+            .as_deref()
+            .is_some_and(|value| value.contains("\"source_session_id\":\"session-handoff-test\""))
+    );
+
+    let artifact_path = repo_root
+        .join(".opensession")
+        .join("artifacts")
+        .join("sha256")
+        .join(&hash[0..2])
+        .join(&hash[2..4])
+        .join(format!("{hash}.json"));
+    assert!(artifact_path.exists());
+
+    let pin_path = repo_root
+        .join(".opensession")
+        .join("artifacts")
+        .join("pins")
+        .join("latest");
+    let pin_hash = std::fs::read_to_string(&pin_path).expect("read pin hash");
+    assert_eq!(pin_hash.trim(), hash);
+
+    let _ = std::fs::remove_dir_all(&repo_root);
+}

From 35c7fab10fcde5402d2a080a3bfbed5b2f2f0d37 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Fri, 6 Mar 2026 20:39:50 +0900
Subject: [PATCH 14/30] split desktop main tests by concern

---
 desktop/src-tauri/src/main_tests.rs           | 1806 +----------------
 .../src-tauri/src/main_tests/change_reader.rs |  169 ++
 desktop/src-tauri/src/main_tests/handoff.rs   |  139 ++
 .../src/main_tests/runtime_settings.rs        |  555 +++++
 .../src/main_tests/session_access.rs          |  330 +++
 .../src-tauri/src/main_tests/summary_batch.rs |  259 +++
 desktop/src-tauri/src/main_tests/vector.rs    |  208 ++
 7 files changed, 1694 insertions(+), 1772 deletions(-)
 create mode 100644 desktop/src-tauri/src/main_tests/change_reader.rs
 create mode 100644 desktop/src-tauri/src/main_tests/handoff.rs
 create mode 100644 desktop/src-tauri/src/main_tests/runtime_settings.rs
 create mode 100644 desktop/src-tauri/src/main_tests/session_access.rs
 create mode 100644 desktop/src-tauri/src/main_tests/summary_batch.rs
 create mode 100644 desktop/src-tauri/src/main_tests/vector.rs

diff --git a/desktop/src-tauri/src/main_tests.rs b/desktop/src-tauri/src/main_tests.rs
index 432d1b3e..177e3588 100644
--- a/desktop/src-tauri/src/main_tests.rs
+++ b/desktop/src-tauri/src/main_tests.rs
@@ -16,17 +16,17 @@ use crate::app::handoff::{
 use crate::app::session_query::split_search_mode;
 use opensession_api::{
     DesktopChangeQuestionRequest, DesktopChangeReadRequest, DesktopChangeReaderScope,
-    DesktopChangeReaderTtsRequest, DesktopChangeReaderVoiceProvider, DesktopLifecycleCleanupState,
-    DesktopQuickShareRequest, DesktopRuntimeChangeReaderSettingsUpdate,
-    DesktopRuntimeChangeReaderVoiceSettingsUpdate, DesktopRuntimeLifecycleSettingsUpdate,
-    DesktopRuntimeSettingsUpdateRequest, DesktopRuntimeSummaryBatchSettingsUpdate,
-    DesktopRuntimeSummaryPromptSettingsUpdate, DesktopRuntimeSummaryProviderSettingsUpdate,
-    DesktopRuntimeSummaryResponseSettingsUpdate, DesktopRuntimeSummarySettingsUpdate,
-    DesktopRuntimeSummaryStorageSettingsUpdate, DesktopSummaryBatchExecutionMode,
-    DesktopSummaryBatchScope, DesktopSummaryBatchState, DesktopSummaryOutputShape,
-    DesktopSummaryProviderId, DesktopSummaryResponseStyle, DesktopSummarySourceMode,
-    DesktopSummaryStorageBackend, DesktopSummaryTriggerMode, DesktopVectorInstallState,
-    DesktopVectorPreflightResponse, DesktopVectorSearchProvider,
+    DesktopChangeReaderTtsRequest, DesktopChangeReaderVoiceProvider, DesktopQuickShareRequest,
+    DesktopRuntimeChangeReaderSettingsUpdate, DesktopRuntimeChangeReaderVoiceSettingsUpdate,
+    DesktopRuntimeLifecycleSettingsUpdate, DesktopRuntimeSettingsUpdateRequest,
+    DesktopRuntimeSummaryBatchSettingsUpdate, DesktopRuntimeSummaryPromptSettingsUpdate,
+    DesktopRuntimeSummaryProviderSettingsUpdate, DesktopRuntimeSummaryResponseSettingsUpdate,
+    DesktopRuntimeSummarySettingsUpdate, DesktopRuntimeSummaryStorageSettingsUpdate,
+    DesktopSummaryBatchExecutionMode, DesktopSummaryBatchScope, DesktopSummaryBatchState,
+    DesktopSummaryBatchStatusResponse, DesktopSummaryOutputShape, DesktopSummaryProviderId,
+    DesktopSummaryResponseStyle, DesktopSummarySourceMode, DesktopSummaryStorageBackend,
+    DesktopSummaryTriggerMode, DesktopVectorInstallState, DesktopVectorPreflightResponse,
+    DesktopVectorSearchProvider,
 };
 use opensession_core::handoff::HandoffSummary;
 use opensession_core::trace::{Agent, Content, Event, EventType, Session as HailSession};
@@ -41,6 +41,13 @@ use std::process::Command;
 use std::sync::{LazyLock, Mutex};
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
+mod change_reader;
+mod handoff;
+mod runtime_settings;
+mod session_access;
+mod summary_batch;
+mod vector;
+
 static TEST_ENV_LOCK: LazyLock<Mutex<()>> = LazyLock::new(|| Mutex::new(()));
 
 fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
@@ -157,6 +164,18 @@ fn summary_settings_update_with_backend(
     }
 }
 
+fn manual_summary_batch_settings(
+    backend: DesktopSummaryStorageBackend,
+) -> DesktopRuntimeSummarySettingsUpdate {
+    DesktopRuntimeSummarySettingsUpdate {
+        storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+            trigger: DesktopSummaryTriggerMode::Manual,
+            backend: backend.clone(),
+        },
+        ..summary_settings_update_with_backend(backend)
+    }
+}
+
 fn sample_row() -> opensession_local_db::LocalSessionRow {
     opensession_local_db::LocalSessionRow {
         id: "s1".to_string(),
@@ -196,1223 +215,9 @@ fn sample_row() -> opensession_local_db::LocalSessionRow {
     }
 }
 
-#[test]
-fn list_filter_defaults_page_and_per_page() {
-    let (filter, page, per_page, mode) =
-        build_local_filter_with_mode(DesktopSessionListQuery::default());
-    assert_eq!(page, 1);
-    assert_eq!(per_page, 20);
-    assert_eq!(mode, SearchMode::Keyword);
-    assert_eq!(filter.limit, Some(20));
-    assert_eq!(filter.offset, Some(0));
-    assert!(filter.exclude_low_signal);
-}
-
-#[test]
-fn list_filter_parses_sort_and_range_values() {
-    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
-        page: Some("2".to_string()),
-        per_page: Some("30".to_string()),
-        search: Some("fix".to_string()),
-        tool: Some("codex".to_string()),
-        git_repo_name: Some("org/repo".to_string()),
-        sort: Some("popular".to_string()),
-        time_range: Some("7d".to_string()),
-        force_refresh: None,
-    });
-    assert_eq!(page, 2);
-    assert_eq!(per_page, 30);
-    assert_eq!(mode, SearchMode::Keyword);
-    assert_eq!(filter.search.as_deref(), Some("fix"));
-    assert_eq!(filter.tool.as_deref(), Some("codex"));
-    assert_eq!(filter.git_repo_name.as_deref(), Some("org/repo"));
-    assert_eq!(filter.offset, Some(30));
-}
-
-#[test]
-fn split_search_mode_detects_vector_prefix() {
-    let (query, mode) = split_search_mode(Some("vector: auth regression".to_string()));
-    assert_eq!(query.as_deref(), Some("auth regression"));
-    assert_eq!(mode, SearchMode::Vector);
-
-    let (query, mode) = split_search_mode(Some("fix parser".to_string()));
-    assert_eq!(query.as_deref(), Some("fix parser"));
-    assert_eq!(mode, SearchMode::Keyword);
-}
-
-#[test]
-fn list_filter_with_mode_keeps_vector_query_text() {
-    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
-        search: Some("vec: paging bug".to_string()),
-        ..DesktopSessionListQuery::default()
-    });
-    assert_eq!(page, 1);
-    assert_eq!(per_page, 20);
-    assert_eq!(mode, SearchMode::Vector);
-    assert_eq!(filter.search.as_deref(), Some("paging bug"));
-}
-
-#[test]
-fn desktop_list_sessions_hides_low_signal_metadata_only_rows() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_root = unique_temp_dir("opensession-desktop-low-signal-filter");
-    let db_path = temp_root.join("local.db");
-    let source_path = temp_root
-        .join(".claude")
-        .join("projects")
-        .join("fixture")
-        .join("metadata-only.jsonl");
-    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
-
-    std::fs::create_dir_all(
-        source_path
-            .parent()
-            .expect("metadata-only source parent must exist"),
-    )
-    .expect("create metadata-only source dir");
-    std::fs::write(
-        &source_path,
-        r#"{"type":"file-history-snapshot","files":[]}"#,
-    )
-    .expect("write metadata-only source fixture");
-
-    let session = HailSession::new(
-        "metadata-only-session".to_string(),
-        Agent {
-            provider: "anthropic".to_string(),
-            model: "claude-3-5-sonnet".to_string(),
-            tool: "claude-code".to_string(),
-            tool_version: None,
-        },
-    );
-    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
-    db.upsert_local_session(
-        &session,
-        source_path
-            .to_str()
-            .expect("metadata-only source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert metadata-only local session");
-
-    let listed = desktop_list_sessions(None).expect("list sessions");
-    assert!(
-        !listed
-            .sessions
-            .iter()
-            .any(|row| row.id == "metadata-only-session"),
-        "metadata-only sessions must be excluded from the default desktop session list",
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_root);
-}
-
-#[test]
-fn desktop_list_sessions_force_refresh_reindexes_discovered_sessions() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-force-refresh-home");
-    let temp_db = unique_temp_dir("opensession-desktop-force-refresh-db");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _codex_home_env = EnvVarGuard::set("CODEX_HOME", temp_home.join(".codex").as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-
-    let session_jsonl = [
-            r#"{"timestamp":"2026-03-05T00:00:00.097Z","type":"session_meta","payload":{"id":"force-refresh-session","timestamp":"2026-03-05T00:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-03-05T00:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"force refresh regression fixture"}}"#,
-            r#"{"timestamp":"2026-03-05T00:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"done"}]}}"#,
-        ]
-        .join("\n");
-    let discovered_path = temp_home
-        .join(".codex")
-        .join("sessions")
-        .join("2026")
-        .join("03")
-        .join("05")
-        .join("rollout-force-refresh-session.jsonl");
-    std::fs::create_dir_all(
-        discovered_path
-            .parent()
-            .expect("session discovery parent must exist"),
-    )
-    .expect("create session discovery dir");
-    std::fs::write(&discovered_path, session_jsonl).expect("write discovered session");
-
-    let before = desktop_list_sessions(None).expect("list sessions before force refresh");
-    assert!(
-        !before
-            .sessions
-            .iter()
-            .any(|row| row.id == "force-refresh-session"),
-        "session should not exist in DB before force refresh reindex"
-    );
-
-    let after = desktop_list_sessions(Some(DesktopSessionListQuery {
-        force_refresh: Some(true),
-        ..DesktopSessionListQuery::default()
-    }))
-    .expect("list sessions after force refresh");
-    assert!(
-        after
-            .sessions
-            .iter()
-            .any(|row| row.id == "force-refresh-session"),
-        "force refresh should reindex discovered session"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-}
-
-#[test]
-fn force_refresh_discovery_tools_skip_cursor_for_fast_path() {
-    let tools = force_refresh_discovery_tools();
-    assert!(tools.contains(&"codex"));
-    assert!(!tools.contains(&"cursor"));
-}
-
-fn ready_vector_preflight_fixture() -> DesktopVectorPreflightResponse {
-    DesktopVectorPreflightResponse {
-        provider: DesktopVectorSearchProvider::Ollama,
-        endpoint: "http://127.0.0.1:11434".to_string(),
-        model: "bge-m3".to_string(),
-        ollama_reachable: true,
-        model_installed: true,
-        install_state: DesktopVectorInstallState::Ready,
-        progress_pct: 100,
-        message: Some("model is installed and ready".to_string()),
-    }
-}
-
-#[test]
-fn validate_vector_preflight_allows_rebuild_when_vector_disabled() {
-    let preflight = ready_vector_preflight_fixture();
-    let result = validate_vector_preflight_ready(&preflight, false, false);
-    assert!(result.is_ok());
-}
-
-#[test]
-fn validate_vector_preflight_requires_enabled_for_search_path() {
-    let preflight = ready_vector_preflight_fixture();
-    let err = validate_vector_preflight_ready(&preflight, false, true)
-        .expect_err("search path should require vector enabled");
-    assert_eq!(err.code, "desktop.vector_search_disabled");
-    assert_eq!(err.status, 422);
-}
-
-#[test]
-fn persist_vector_index_failure_snapshot_preserves_progress() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_db = unique_temp_dir("opensession-desktop-vector-failure-snapshot");
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-
-    db.set_vector_index_job(&VectorIndexJobRow {
-        status: "running".to_string(),
-        processed_sessions: 7,
-        total_sessions: 42,
-        message: Some("indexing session-7".to_string()),
-        started_at: Some("2026-03-06T00:00:00Z".to_string()),
-        finished_at: None,
-    })
-    .expect("seed running vector job");
-
-    let error = super::desktop_error(
-        "desktop.vector_search_unavailable",
-        422,
-        "vector search endpoint returned HTTP 404",
-        Some(json!({
-            "endpoint": "http://127.0.0.1:11434/api/embeddings",
-            "status": 404,
-            "body": "{\"error\":\"model 'bge-m3' not found\"}",
-            "batch_endpoint": "http://127.0.0.1:11434/api/embed",
-            "batch_status": 400,
-            "batch_body": "{\"error\":\"bad request\"}",
-            "model": "bge-m3",
-            "hint": "verify embedding model exists in local ollama"
-        })),
-    );
-    super::persist_vector_index_failure_snapshot(&db, &error)
-        .expect("persist vector failure snapshot");
-
-    let snapshot = db
-        .get_vector_index_job()
-        .expect("read vector job")
-        .expect("vector job should exist");
-    assert_eq!(snapshot.status, "failed");
-    assert_eq!(snapshot.processed_sessions, 7);
-    assert_eq!(snapshot.total_sessions, 42);
-    assert_eq!(
-        snapshot.message.as_deref(),
-        Some(
-            "vector search endpoint returned HTTP 404\nReason: model 'bge-m3' not found\nHTTP: 404\nEndpoint: http://127.0.0.1:11434/api/embeddings\nBatch reason: bad request\nBatch HTTP: 400\nBatch endpoint: http://127.0.0.1:11434/api/embed\nModel: bge-m3\nAction: verify embedding model exists in local ollama"
-        )
-    );
-    assert_eq!(snapshot.started_at.as_deref(), Some("2026-03-06T00:00:00Z"));
-    assert!(snapshot.finished_at.is_some());
-
-    let _ = std::fs::remove_dir_all(&temp_db);
-}
-
-#[test]
-fn rebuild_vector_index_blocking_continues_after_embedding_failures() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_root = unique_temp_dir("opensession-desktop-vector-failure-continue");
-    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
-
-    for session_id in ["vector-failure-a", "vector-failure-b"] {
-        let session = build_test_session(session_id);
-        let source_path = temp_root.join(format!("{session_id}.jsonl"));
-        std::fs::write(
-            &source_path,
-            session.to_jsonl().expect("serialize session jsonl"),
-        )
-        .expect("write session source");
-        db.upsert_local_session(
-            &session,
-            source_path
-                .to_str()
-                .expect("session source path must be valid utf-8"),
-            &GitContext::default(),
-        )
-        .expect("upsert local session");
-    }
-
-    let mut runtime = DaemonConfig::default();
-    runtime.vector_search.enabled = true;
-    runtime.vector_search.endpoint = "http://127.0.0.1:1".to_string();
-    runtime.vector_search.model = "bge-m3".to_string();
-
-    super::rebuild_vector_index_blocking(&db, &runtime)
-        .expect("skippable embedding failures should not abort rebuild");
-
-    let snapshot = db
-        .get_vector_index_job()
-        .expect("read vector job")
-        .expect("vector job should exist");
-    assert_eq!(snapshot.status, "complete");
-    assert_eq!(snapshot.processed_sessions, 2);
-    assert_eq!(snapshot.total_sessions, 2);
-    assert!(
-        snapshot
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("2 failed"))
-    );
-    assert!(
-        db.list_recent_vector_chunks_for_model("bge-m3", 10)
-            .expect("list vector chunks")
-            .is_empty(),
-        "failed sessions should not leave partial vector chunks behind"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_root);
-}
-
-#[test]
-fn cosine_similarity_handles_basic_cases() {
-    let same = cosine_similarity(&[1.0, 0.0, 1.0], &[1.0, 0.0, 1.0]);
-    assert!((same - 1.0).abs() < 1e-6);
-
-    let orthogonal = cosine_similarity(&[1.0, 0.0], &[0.0, 1.0]);
-    assert!(orthogonal.abs() < 1e-6);
-
-    let mismatch = cosine_similarity(&[1.0, 2.0], &[1.0]);
-    assert_eq!(mismatch, 0.0);
-}
-
-#[test]
-fn extract_vector_lines_preserves_dot_line_tokens() {
-    let mut session = build_test_session("vector-lines");
-    session.events.push(Event {
-        event_id: "evt-dot".to_string(),
-        timestamp: chrono::Utc::now(),
-        event_type: EventType::AgentMessage,
-        task_id: None,
-        content: Content::text(".\nkeep-this-line"),
-        duration_ms: None,
-        attributes: std::collections::HashMap::new(),
-    });
-    let lines = extract_vector_lines(&session);
-    assert!(lines.iter().any(|line| line == "."));
-    assert!(lines.iter().any(|line| line.contains("keep-this-line")));
-}
-
-#[test]
-fn build_vector_chunks_applies_overlap_rules() {
-    let mut session = build_test_session("vector-chunks");
-    session.events.push(Event {
-        event_id: "evt-overlap".to_string(),
-        timestamp: chrono::Utc::now(),
-        event_type: EventType::AgentMessage,
-        task_id: None,
-        content: Content::text("l1\nl2\nl3"),
-        duration_ms: None,
-        attributes: std::collections::HashMap::new(),
-    });
-    let mut runtime = DaemonConfig::default();
-    runtime.vector_search.chunking_mode = opensession_runtime_config::VectorChunkingMode::Manual;
-    runtime.vector_search.chunk_size_lines = 2;
-    runtime.vector_search.chunk_overlap_lines = 1;
-    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
-    assert!(chunks.len() >= 2);
-    assert_eq!(chunks[0].start_line, 1);
-    assert_eq!(chunks[0].end_line, 2);
-    assert_eq!(chunks[1].start_line, 2);
-}
-
-#[test]
-fn build_vector_chunks_auto_tunes_for_small_session() {
-    let mut session = build_test_session("vector-chunks-auto");
-    session.events.push(Event {
-        event_id: "evt-auto".to_string(),
-        timestamp: chrono::Utc::now(),
-        event_type: EventType::AgentMessage,
-        task_id: None,
-        content: Content::text("a\nb\nc\nd\ne\nf"),
-        duration_ms: None,
-        attributes: std::collections::HashMap::new(),
-    });
-    let runtime = DaemonConfig::default();
-    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
-    assert_eq!(chunks[0].start_line, 1);
-    assert_eq!(chunks[0].end_line, 7);
-}
-
-#[test]
-fn normalize_launch_route_accepts_relative_session_path() {
-    assert_eq!(
-        normalize_launch_route("/sessions?git_repo_name=org%2Frepo"),
-        Some("/sessions?git_repo_name=org%2Frepo".to_string())
-    );
-}
-
-#[test]
-fn normalize_launch_route_rejects_invalid_values() {
-    assert_eq!(normalize_launch_route(""), None);
-    assert_eq!(
-        normalize_launch_route("https://opensession.io/sessions"),
-        None
-    );
-    assert_eq!(normalize_launch_route("//sessions"), None);
-}
-
-#[test]
-fn local_row_uses_created_at_when_uploaded_at_missing() {
-    let summary = session_summary_from_local_row(sample_row());
-    assert_eq!(summary.uploaded_at, "2026-03-03T00:00:00Z");
-    assert_eq!(
-        summary.score_plugin,
-        opensession_core::scoring::DEFAULT_SCORE_PLUGIN
-    );
-}
-
-#[test]
-fn unknown_link_type_falls_back_to_handoff() {
-    let link = map_link_type("unknown-link");
-    assert!(matches!(link, opensession_api::LinkType::Handoff));
-}
-
-#[test]
-fn normalize_session_body_preserves_hail_jsonl() {
-    let hail_jsonl = [
-            r#"{"type":"header","version":"hail-1.0.0","session_id":"hail-1","agent":{"provider":"openai","model":"gpt-5","tool":"codex"},"context":{"title":"Title","description":"Desc","tags":[],"created_at":"2026-03-03T00:00:00Z","updated_at":"2026-03-03T00:00:00Z","related_session_ids":[],"attributes":{}}}"#,
-            r#"{"type":"event","event_id":"e1","timestamp":"2026-03-03T00:00:00Z","event_type":{"type":"UserMessage"},"content":{"blocks":[{"type":"Text","text":"hello"}]},"attributes":{}}"#,
-            r#"{"type":"stats","event_count":1,"message_count":1,"tool_call_count":0,"task_count":0,"duration_seconds":0,"total_input_tokens":0,"total_output_tokens":0,"user_message_count":1,"files_changed":0,"lines_added":0,"lines_removed":0}"#,
-        ]
-        .join("\n");
-
-    let normalized = normalize_session_body_to_hail_jsonl(&hail_jsonl, None)
-        .expect("hail JSONL should normalize");
-    let parsed = HailSession::from_jsonl(&normalized).expect("must remain valid hail");
-    assert_eq!(parsed.session_id, "hail-1");
-}
-
-#[test]
-fn normalize_session_body_converts_claude_jsonl() {
-    let claude_jsonl = r#"{"type":"user","uuid":"u1","sessionId":"claude-1","timestamp":"2026-03-03T00:00:00Z","message":{"role":"user","content":"hello from claude"},"cwd":"/tmp/project","gitBranch":"main"}"#;
-
-    let normalized = normalize_session_body_to_hail_jsonl(
-        claude_jsonl,
-        Some("/tmp/70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl"),
-    )
-    .expect("claude JSONL should parse into HAIL");
-    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
-    assert_eq!(parsed.session_id, "claude-1");
-    assert_eq!(parsed.agent.tool, "claude-code");
-    assert!(!parsed.events.is_empty());
-}
-
-#[test]
-fn normalize_session_body_prefers_source_path_parser_over_extension_fallback() {
-    let temp_root = unique_temp_dir("opensession-desktop-normalize-source-path");
-    let source_path = temp_root
-        .join(".claude")
-        .join("projects")
-        .join("fixture")
-        .join("f0639ede-3aac-4f67-a979-b175ea5f9557.jsonl");
-    std::fs::create_dir_all(
-        source_path
-            .parent()
-            .expect("claude fixture parent directory must exist"),
-    )
-    .expect("create claude fixture directory");
-
-    let snapshot_only = r#"{"type":"file-history-snapshot","files":[]}"#;
-    std::fs::write(&source_path, snapshot_only).expect("write claude snapshot fixture");
-
-    let normalized = normalize_session_body_to_hail_jsonl(
-        snapshot_only,
-        Some(
-            source_path
-                .to_str()
-                .expect("fixture source path must be valid utf-8"),
-        ),
-    )
-    .expect("source-path parser should normalize claude snapshot fixture");
-    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
-    assert_eq!(parsed.agent.tool, "claude-code");
-    assert_eq!(parsed.session_id, "f0639ede-3aac-4f67-a979-b175ea5f9557");
-
-    let _ = std::fs::remove_dir_all(&temp_root);
-}
-
-#[test]
-fn desktop_contract_version_matches_shared_constant() {
-    let payload = desktop_get_contract_version();
-    assert_eq!(
-        payload.version,
-        opensession_api::DESKTOP_IPC_CONTRACT_VERSION
-    );
-}
-
-#[test]
-fn parse_cli_quick_share_response_decodes_expected_fields() {
-    let stdout = r#"{
-  "uri": "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl",
-  "source_uri": "os://src/local/abc123",
-  "remote": "https://github.com/org/repo.git",
-  "push_cmd": "git push origin refs/opensession/branches/bWFpbg:refs/opensession/branches/bWFpbg",
-  "quick": true,
-  "pushed": true,
-  "auto_push_consent": true
-}"#;
-    let parsed = parse_cli_quick_share_response(stdout).expect("parse quick-share payload");
-    assert_eq!(parsed.source_uri, "os://src/local/abc123");
-    assert_eq!(
-        parsed.shared_uri,
-        "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl"
-    );
-    assert_eq!(parsed.remote, "https://github.com/org/repo.git");
-    assert!(parsed.pushed);
-    assert!(parsed.auto_push_consent);
-}
-
-#[test]
-fn desktop_quick_share_rejects_empty_session_id() {
-    let err = desktop_share_session_quick(DesktopQuickShareRequest {
-        session_id: "   ".to_string(),
-        remote: None,
-    })
-    .expect_err("empty session_id should fail");
-    assert_eq!(err.code, "desktop.quick_share_invalid_request");
-    assert_eq!(err.status, 400);
-}
-
-#[test]
-fn handoff_canonicalization_orders_by_session_id() {
-    let mut session_b = HailSession::new(
-        "session-b".to_string(),
-        Agent {
-            provider: "openai".to_string(),
-            model: "gpt-5".to_string(),
-            tool: "codex".to_string(),
-            tool_version: None,
-        },
-    );
-    session_b.recompute_stats();
-    let mut session_a = HailSession::new(
-        "session-a".to_string(),
-        Agent {
-            provider: "openai".to_string(),
-            model: "gpt-5".to_string(),
-            tool: "codex".to_string(),
-            tool_version: None,
-        },
-    );
-    session_a.recompute_stats();
-
-    let summaries = vec![
-        HandoffSummary::from_session(&session_b),
-        HandoffSummary::from_session(&session_a),
-    ];
-    let canonical = canonicalize_summaries(&summaries).expect("canonicalize summaries");
-    let first_line = canonical.lines().next().expect("canonical line");
-    assert!(first_line.contains("\"source_session_id\":\"session-a\""));
-}
-
-#[test]
-fn handoff_pin_alias_validation_rejects_spaces() {
-    assert!(validate_pin_alias("latest").is_ok());
-    assert!(validate_pin_alias("bad alias").is_err());
-}
-
-#[test]
-fn artifact_path_rejects_invalid_hash() {
-    assert!(artifact_path_for_hash(Path::new("/tmp"), "abc").is_err());
-}
-
-#[test]
-fn desktop_list_detail_raw_flow_uses_isolated_db() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_root = unique_temp_dir("opensession-desktop-list-detail-raw");
-    let db_path = temp_root.join("local.db");
-    let source_path = temp_root.join("session.hail.jsonl");
-    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
-
-    let session = build_test_session("desktop-flow-session");
-    let session_jsonl = session.to_jsonl().expect("serialize session jsonl");
-    std::fs::write(&source_path, &session_jsonl).expect("write session source");
-
-    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
-    db.upsert_local_session(
-        &session,
-        source_path
-            .to_str()
-            .expect("session source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session");
-
-    let listed = desktop_list_sessions(None).expect("list sessions");
-    assert!(
-        listed
-            .sessions
-            .iter()
-            .any(|row| row.id == session.session_id),
-        "session list must include inserted session",
-    );
-
-    let detail =
-        desktop_get_session_detail(session.session_id.clone()).expect("get session detail");
-    assert_eq!(detail.summary.id, session.session_id);
-
-    let raw = desktop_get_session_raw(detail.summary.id.clone()).expect("get raw session");
-    assert!(
-        raw.contains("\"session_id\":\"desktop-flow-session\""),
-        "raw session output should include the normalized session id",
-    );
-
-    drop(db);
-    let _ = std::fs::remove_dir_all(&temp_root);
-}
-
-#[test]
-fn desktop_runtime_settings_update_persists_values() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-home");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: Some("compressed".to_string()),
-        summary: Some(DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: format!("{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2}\n# customized"),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Compact,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                backend: DesktopSummaryStorageBackend::HiddenRef,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOnly,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                scope: DesktopSummaryBatchScope::All,
-                recent_days: 45,
-            },
-        }),
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::FullContext,
-            qa_enabled: true,
-            max_context_chars: 18_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: true,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: Some("sk-test-key".to_string()),
-            },
-        }),
-        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
-            enabled: true,
-            session_ttl_days: 45,
-            summary_ttl_days: 60,
-            cleanup_interval_secs: 120,
-        }),
-    })
-    .expect("update runtime settings");
-    assert_eq!(updated.session_default_view, "compressed");
-
-    let loaded = desktop_get_runtime_settings().expect("load runtime settings");
-    assert_eq!(loaded.session_default_view, "compressed");
-    assert_eq!(
-        loaded.summary.provider.id,
-        DesktopSummaryProviderId::Disabled
-    );
-    assert_eq!(
-        loaded.summary.response.style,
-        DesktopSummaryResponseStyle::Compact
-    );
-    assert_eq!(
-        loaded.summary.storage.backend,
-        DesktopSummaryStorageBackend::HiddenRef
-    );
-    assert_eq!(
-        loaded.summary.source_mode,
-        DesktopSummarySourceMode::SessionOnly
-    );
-    assert_eq!(
-        loaded.summary.batch.execution_mode,
-        DesktopSummaryBatchExecutionMode::Manual
-    );
-    assert_eq!(loaded.summary.batch.scope, DesktopSummaryBatchScope::All);
-    assert_eq!(loaded.summary.batch.recent_days, 45);
-    assert!(loaded.summary.prompt.template.contains("customized"));
-    assert!(loaded.change_reader.enabled);
-    assert_eq!(
-        loaded.change_reader.scope,
-        DesktopChangeReaderScope::FullContext
-    );
-    assert!(loaded.change_reader.qa_enabled);
-    assert_eq!(loaded.change_reader.max_context_chars, 18_000);
-    assert!(loaded.change_reader.voice.enabled);
-    assert_eq!(
-        loaded.change_reader.voice.provider,
-        DesktopChangeReaderVoiceProvider::Openai
-    );
-    assert_eq!(loaded.change_reader.voice.model, "gpt-4o-mini-tts");
-    assert_eq!(loaded.change_reader.voice.voice, "alloy");
-    assert!(loaded.change_reader.voice.api_key_configured);
-    assert!(loaded.lifecycle.enabled);
-    assert_eq!(loaded.lifecycle.session_ttl_days, 45);
-    assert_eq!(loaded.lifecycle.summary_ttl_days, 60);
-    assert_eq!(loaded.lifecycle.cleanup_interval_secs, 120);
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_runtime_settings_migrates_summary_storage_local_db_to_hidden_ref() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-home");
-    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-db");
-    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-repo");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-    init_test_git_repo(&repo_root);
-
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-    let mut session = build_test_session("storage-migrate-local-to-hidden");
-    session.context.attributes.insert(
-        "cwd".to_string(),
-        json!(repo_root.to_string_lossy().to_string()),
-    );
-    let source_path = repo_root.join("storage-migrate-local-to-hidden.hail.jsonl");
-    std::fs::write(
-        &source_path,
-        session.to_jsonl().expect("serialize session jsonl"),
-    )
-    .expect("write session source");
-    db.upsert_local_session(
-        &session,
-        source_path
-            .to_str()
-            .expect("session source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session");
-    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "storage-migrate-local-to-hidden",
-            summary_json: r#"{"changes":"migrated","auth_security":"none detected","layer_file_changes":[]}"#,
-            generated_at: "2026-03-05T10:00:00Z",
-            provider: "codex_exec",
-            model: Some("gpt-5"),
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: Some("migrate-fingerprint"),
-            source_details_json: Some(r#"{"source":"session"}"#),
-            diff_tree_json: Some(r#"[]"#),
-            error: None,
-        })
-        .expect("insert local summary");
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::LocalDb,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary backend to local_db");
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::HiddenRef,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("switch summary backend to hidden_ref");
-
-    let migrated = NativeGitStorage
-        .load_summary_at_ref(
-            &repo_root,
-            SUMMARY_LEDGER_REF,
-            "storage-migrate-local-to-hidden",
-        )
-        .expect("load migrated hidden_ref summary")
-        .expect("migrated hidden_ref summary should exist");
-    assert_eq!(migrated.provider, "codex_exec");
-    assert_eq!(migrated.summary["changes"], "migrated");
-    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-    let _ = std::fs::remove_dir_all(&repo_root);
-}
-
-#[test]
-fn desktop_runtime_settings_migrates_summary_storage_hidden_ref_to_local_db() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-home");
-    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-db");
-    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-repo");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-    init_test_git_repo(&repo_root);
-
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-    let mut session = build_test_session("storage-migrate-hidden-to-local");
-    session.context.attributes.insert(
-        "cwd".to_string(),
-        json!(repo_root.to_string_lossy().to_string()),
-    );
-    let source_path = repo_root.join("storage-migrate-hidden-to-local.hail.jsonl");
-    std::fs::write(
-        &source_path,
-        session.to_jsonl().expect("serialize session jsonl"),
-    )
-    .expect("write session source");
-    db.upsert_local_session(
-        &session,
-        source_path
-            .to_str()
-            .expect("session source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session");
-
-    let hidden_record = SessionSummaryLedgerRecord {
-        session_id: "storage-migrate-hidden-to-local".to_string(),
-        generated_at: "2026-03-05T11:00:00Z".to_string(),
-        provider: "codex_exec".to_string(),
-        model: Some("gpt-5".to_string()),
-        source_kind: "session_signals".to_string(),
-        generation_kind: "provider".to_string(),
-        prompt_fingerprint: Some("hidden-fingerprint".to_string()),
-        summary: json!({
-            "changes": "from-hidden",
-            "auth_security": "none detected",
-            "layer_file_changes": []
-        }),
-        source_details: json!({ "source": "hidden_ref" }),
-        diff_tree: Vec::new(),
-        error: None,
-    };
-    NativeGitStorage
-        .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &hidden_record)
-        .expect("store hidden_ref summary");
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::HiddenRef,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary backend to hidden_ref");
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::LocalDb,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("switch summary backend to local_db");
-
-    let migrated = db
-        .get_session_semantic_summary("storage-migrate-hidden-to-local")
-        .expect("read migrated local summary")
-        .expect("migrated local summary should exist");
-    assert_eq!(migrated.provider, "codex_exec");
-    let migrated_summary: serde_json::Value =
-        serde_json::from_str(&migrated.summary_json).expect("parse migrated summary");
-    assert_eq!(migrated_summary["changes"], "from-hidden");
-    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-    let _ = std::fs::remove_dir_all(&repo_root);
-}
-
-#[test]
-fn desktop_lifecycle_cleanup_deletes_expired_sessions_without_daemon() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_root = unique_temp_dir("opensession-desktop-lifecycle-cleanup");
-    let repo_root = temp_root.join("repo");
-    std::fs::create_dir_all(&repo_root).expect("create repo root");
-    init_test_git_repo(&repo_root);
-
-    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
-
-    let mut expired = build_test_session("expired-session");
-    expired.context.created_at = chrono::Utc::now() - chrono::Duration::days(45);
-    expired.context.updated_at = expired.context.created_at;
-    expired.context.attributes.insert(
-        "cwd".to_string(),
-        json!(repo_root.to_string_lossy().to_string()),
-    );
-    let expired_source = repo_root.join("expired-session.hail.jsonl");
-    std::fs::write(
-        &expired_source,
-        expired.to_jsonl().expect("serialize expired session"),
-    )
-    .expect("write expired session source");
-    db.upsert_local_session(
-        &expired,
-        expired_source
-            .to_str()
-            .expect("expired session source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert expired session");
-
-    let mut recent = build_test_session("recent-session");
-    recent.context.created_at = chrono::Utc::now() - chrono::Duration::days(5);
-    recent.context.updated_at = recent.context.created_at;
-    recent.context.attributes.insert(
-        "cwd".to_string(),
-        json!(repo_root.to_string_lossy().to_string()),
-    );
-    let recent_source = repo_root.join("recent-session.hail.jsonl");
-    std::fs::write(
-        &recent_source,
-        recent.to_jsonl().expect("serialize recent session"),
-    )
-    .expect("write recent session source");
-    db.upsert_local_session(
-        &recent,
-        recent_source
-            .to_str()
-            .expect("recent session source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert recent session");
-
-    let storage = NativeGitStorage;
-    storage
-        .store_summary_at_ref(
-            &repo_root,
-            SUMMARY_LEDGER_REF,
-            &SessionSummaryLedgerRecord {
-                session_id: "expired-session".to_string(),
-                generated_at: "2026-01-01T00:00:00Z".to_string(),
-                provider: "codex_exec".to_string(),
-                model: None,
-                source_kind: "session_signals".to_string(),
-                generation_kind: "provider".to_string(),
-                prompt_fingerprint: None,
-                summary: json!({ "changes": "expired" }),
-                source_details: json!({}),
-                diff_tree: vec![],
-                error: None,
-            },
-        )
-        .expect("store expired hidden_ref summary");
-    storage
-        .store_summary_at_ref(
-            &repo_root,
-            SUMMARY_LEDGER_REF,
-            &SessionSummaryLedgerRecord {
-                session_id: "recent-session".to_string(),
-                generated_at: "2026-01-01T00:00:00Z".to_string(),
-                provider: "codex_exec".to_string(),
-                model: None,
-                source_kind: "session_signals".to_string(),
-                generation_kind: "provider".to_string(),
-                prompt_fingerprint: None,
-                summary: json!({ "changes": "recent" }),
-                source_details: json!({}),
-                diff_tree: vec![],
-                error: None,
-            },
-        )
-        .expect("store recent hidden_ref summary");
-
-    let mut config = DaemonConfig::default();
-    config.lifecycle.enabled = true;
-    config.lifecycle.session_ttl_days = 30;
-    config.lifecycle.summary_ttl_days = 30;
-    config.lifecycle.cleanup_interval_secs = 60;
-
-    super::run_desktop_lifecycle_cleanup_once_with_db(&config, &db)
-        .expect("run desktop lifecycle cleanup");
-
-    let lifecycle_status = super::desktop_lifecycle_cleanup_status_from_db(&db)
-        .expect("read lifecycle cleanup status");
-    assert_eq!(
-        lifecycle_status.state,
-        DesktopLifecycleCleanupState::Complete
-    );
-    assert_eq!(lifecycle_status.deleted_sessions, 1);
-    assert_eq!(lifecycle_status.deleted_summaries, 1);
-    assert!(
-        lifecycle_status
-            .message
-            .as_deref()
-            .unwrap_or_default()
-            .contains("Deleted 1 sessions"),
-        "cleanup status should summarize deleted rows"
-    );
-    assert!(lifecycle_status.started_at.is_some());
-    assert!(lifecycle_status.finished_at.is_some());
-
-    assert!(
-        db.get_session_by_id("expired-session")
-            .expect("query expired session")
-            .is_none(),
-        "expired session should be deleted by desktop lifecycle cleanup"
-    );
-    assert!(
-        db.get_session_by_id("recent-session")
-            .expect("query recent session")
-            .is_some(),
-        "recent session should remain after desktop lifecycle cleanup"
-    );
-    assert!(
-        storage
-            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
-            .expect("load expired hidden_ref summary")
-            .is_none(),
-        "expired hidden_ref summary should be deleted by desktop lifecycle cleanup"
-    );
-    assert!(
-        storage
-            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "recent-session")
-            .expect("load recent hidden_ref summary")
-            .is_some(),
-        "recent hidden_ref summary should remain after desktop lifecycle cleanup"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_root);
-}
-
-#[test]
-fn desktop_runtime_settings_rejects_non_session_only_source_mode() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-source-lock");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Standard,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                backend: DesktopSummaryStorageBackend::HiddenRef,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOrGitChanges,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                scope: DesktopSummaryBatchScope::RecentDays,
-                recent_days: 30,
-            },
-        }),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    });
-
-    let error = result.expect_err("source mode lock should reject update");
-    assert_eq!(error.status, 422);
-    assert_eq!(error.code, "desktop.runtime_settings_source_mode_locked");
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_runtime_settings_rejects_zero_summary_batch_recent_days() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-summary-batch-invalid");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Standard,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::OnSessionSave,
-                backend: DesktopSummaryStorageBackend::HiddenRef,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOnly,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::OnAppStart,
-                scope: DesktopSummaryBatchScope::RecentDays,
-                recent_days: 0,
-            },
-        }),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    });
-
-    let error = result.expect_err("recent_days=0 should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(
-        error.code,
-        "desktop.runtime_settings_invalid_summary_batch_recent_days"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_runtime_settings_rejects_short_lifecycle_interval() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-runtime-lifecycle-invalid");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: None,
-        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
-            enabled: true,
-            session_ttl_days: 30,
-            summary_ttl_days: 30,
-            cleanup_interval_secs: 59,
-        }),
-    });
-
-    let error = result.expect_err("cleanup interval under 60 should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(
-        error.code,
-        "desktop.runtime_settings_invalid_cleanup_interval"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_summary_batch_run_and_status_complete_when_no_sessions() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-home");
-    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-db");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Standard,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::Manual,
-                backend: DesktopSummaryStorageBackend::None,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOnly,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                scope: DesktopSummaryBatchScope::All,
-                recent_days: 30,
-            },
-        }),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary batch config");
-
-    let started = desktop_summary_batch_run().expect("start summary batch");
-    assert!(
-        matches!(
-            started.state,
-            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-        ),
-        "initial state should be running or complete"
-    );
-
+fn wait_for_summary_batch_completion(
+    started: DesktopSummaryBatchStatusResponse,
+) -> DesktopSummaryBatchStatusResponse {
     let mut final_state = started;
     for _ in 0..40 {
         final_state = desktop_summary_batch_status().expect("read batch status");
@@ -1421,548 +226,5 @@ fn desktop_summary_batch_run_and_status_complete_when_no_sessions() {
         }
         std::thread::sleep(Duration::from_millis(25));
     }
-
-    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-    assert_eq!(final_state.total_sessions, 0);
-    assert_eq!(final_state.processed_sessions, 0);
-    assert_eq!(final_state.failed_sessions, 0);
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-}
-
-#[test]
-fn desktop_summary_batch_skips_sessions_with_missing_source_files() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-skip-home");
-    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-skip-db");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(DesktopRuntimeSummarySettingsUpdate {
-            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
-                id: DesktopSummaryProviderId::Disabled,
-                endpoint: String::new(),
-                model: String::new(),
-            },
-            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
-                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
-            },
-            response: DesktopRuntimeSummaryResponseSettingsUpdate {
-                style: DesktopSummaryResponseStyle::Standard,
-                shape: DesktopSummaryOutputShape::Layered,
-            },
-            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
-                trigger: DesktopSummaryTriggerMode::Manual,
-                backend: DesktopSummaryStorageBackend::None,
-            },
-            source_mode: DesktopSummarySourceMode::SessionOnly,
-            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
-                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
-                scope: DesktopSummaryBatchScope::All,
-                recent_days: 30,
-            },
-        }),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary batch config");
-
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-    let session = build_test_session("missing-source-session");
-    let missing_source = temp_db.join("missing-source-session.jsonl");
-    db.upsert_local_session(
-        &session,
-        missing_source
-            .to_str()
-            .expect("missing source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session with missing source path");
-
-    let started = desktop_summary_batch_run().expect("start summary batch");
-    assert!(
-        matches!(
-            started.state,
-            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-        ),
-        "initial state should be running or complete"
-    );
-
-    let mut final_state = started;
-    for _ in 0..40 {
-        final_state = desktop_summary_batch_status().expect("read batch status");
-        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-            break;
-        }
-        std::thread::sleep(Duration::from_millis(25));
-    }
-
-    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-    assert_eq!(final_state.total_sessions, 1);
-    assert_eq!(final_state.processed_sessions, 1);
-    assert_eq!(final_state.failed_sessions, 0);
-    assert!(
-        final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("skipped missing sources"))
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-}
-
-#[test]
-fn desktop_summary_batch_skips_sessions_with_existing_local_db_summaries() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-local-summary-home");
-    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-local-summary-db");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::HiddenRef,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary batch config");
-
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-    let session = build_test_session("existing-local-summary-session");
-    let missing_source = temp_db.join("existing-local-summary-session.jsonl");
-    db.upsert_local_session(
-        &session,
-        missing_source
-            .to_str()
-            .expect("missing source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session with missing source path");
-    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "existing-local-summary-session",
-            summary_json: r#"{"changes":"cached","auth_security":"none detected","layer_file_changes":[]}"#,
-            generated_at: "2026-03-06T01:00:00Z",
-            provider: "codex_exec",
-            model: Some("gpt-5"),
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: Some("local-cache"),
-            source_details_json: Some(r#"{"source":"local_db"}"#),
-            diff_tree_json: Some(r#"[]"#),
-            error: None,
-        })
-        .expect("insert local summary");
-
-    let started = desktop_summary_batch_run().expect("start summary batch");
-    assert!(
-        matches!(
-            started.state,
-            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-        ),
-        "initial state should be running or complete"
-    );
-
-    let mut final_state = started;
-    for _ in 0..40 {
-        final_state = desktop_summary_batch_status().expect("read batch status");
-        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-            break;
-        }
-        std::thread::sleep(Duration::from_millis(25));
-    }
-
-    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-    assert_eq!(final_state.total_sessions, 0);
-    assert_eq!(final_state.processed_sessions, 0);
-    assert_eq!(final_state.failed_sessions, 0);
-    assert!(
-        final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("already summarized"))
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-}
-
-#[test]
-fn desktop_summary_batch_skips_sessions_with_existing_hidden_ref_summaries() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-home");
-    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-db");
-    let repo_root = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-repo");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-    let _db_env = EnvVarGuard::set(
-        "OPENSESSION_LOCAL_DB_PATH",
-        temp_db.join("local.db").as_os_str(),
-    );
-    init_test_git_repo(&repo_root);
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: Some(summary_settings_update_with_backend(
-            DesktopSummaryStorageBackend::LocalDb,
-        )),
-        vector_search: None,
-        change_reader: None,
-        lifecycle: None,
-    })
-    .expect("set summary batch config");
-
-    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
-    let mut session = build_test_session("existing-hidden-summary-session");
-    session.context.attributes.insert(
-        "cwd".to_string(),
-        json!(repo_root.to_string_lossy().to_string()),
-    );
-    let missing_source = repo_root.join("existing-hidden-summary-session.jsonl");
-    db.upsert_local_session(
-        &session,
-        missing_source
-            .to_str()
-            .expect("missing source path must be valid utf-8"),
-        &GitContext::default(),
-    )
-    .expect("upsert local session with missing source path");
-    NativeGitStorage
-        .store_summary_at_ref(
-            &repo_root,
-            SUMMARY_LEDGER_REF,
-            &SessionSummaryLedgerRecord {
-                session_id: "existing-hidden-summary-session".to_string(),
-                generated_at: "2026-03-06T02:00:00Z".to_string(),
-                provider: "codex_exec".to_string(),
-                model: Some("gpt-5".to_string()),
-                source_kind: "session_signals".to_string(),
-                generation_kind: "provider".to_string(),
-                prompt_fingerprint: Some("hidden-cache".to_string()),
-                summary: json!({
-                    "changes": "cached",
-                    "auth_security": "none detected",
-                    "layer_file_changes": []
-                }),
-                source_details: json!({ "source": "hidden_ref" }),
-                diff_tree: Vec::new(),
-                error: None,
-            },
-        )
-        .expect("store hidden_ref summary");
-
-    let started = desktop_summary_batch_run().expect("start summary batch");
-    assert!(
-        matches!(
-            started.state,
-            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
-        ),
-        "initial state should be running or complete"
-    );
-
-    let mut final_state = started;
-    for _ in 0..40 {
-        final_state = desktop_summary_batch_status().expect("read batch status");
-        if !matches!(final_state.state, DesktopSummaryBatchState::Running) {
-            break;
-        }
-        std::thread::sleep(Duration::from_millis(25));
-    }
-
-    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
-    assert_eq!(final_state.total_sessions, 0);
-    assert_eq!(final_state.processed_sessions, 0);
-    assert_eq!(final_state.failed_sessions, 0);
-    assert!(
-        final_state
-            .message
-            .as_deref()
-            .is_some_and(|message| message.contains("already summarized"))
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-    let _ = std::fs::remove_dir_all(&temp_db);
-    let _ = std::fs::remove_dir_all(&repo_root);
-}
-
-#[test]
-fn desktop_change_reader_requires_enabled_setting() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-change-reader-disabled");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let result =
-        tauri::async_runtime::block_on(desktop_read_session_changes(DesktopChangeReadRequest {
-            session_id: "session-1".to_string(),
-            scope: None,
-        }));
-    let error = result.expect_err("disabled change reader should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(error.code, "desktop.change_reader_disabled");
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn require_non_empty_request_field_trims_surrounding_whitespace() {
-    let value = require_non_empty_request_field(
-        "  session-1 \n",
-        "desktop.test_invalid_request",
-        "session_id",
-    )
-    .expect("trimmed field should be accepted");
-    assert_eq!(value, "session-1");
-}
-
-#[test]
-fn require_non_empty_request_field_rejects_blank_values() {
-    let error =
-        require_non_empty_request_field(" \n\t ", "desktop.test_invalid_request", "session_id")
-            .expect_err("blank field should be rejected");
-    assert_eq!(error.status, 400);
-    assert_eq!(error.code, "desktop.test_invalid_request");
-    assert_eq!(error.message, "session_id is required");
-}
-
-#[test]
-fn desktop_change_reader_qa_respects_toggle() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-change-reader-qa-disabled");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::SummaryOnly,
-            qa_enabled: false,
-            max_context_chars: 12_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: false,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: None,
-            },
-        }),
-        lifecycle: None,
-    })
-    .expect("enable change reader with qa disabled");
-
-    let result =
-        tauri::async_runtime::block_on(desktop_ask_session_changes(DesktopChangeQuestionRequest {
-            session_id: "session-1".to_string(),
-            question: "무엇이 바뀌었나요?".to_string(),
-            scope: None,
-        }));
-    let error = result.expect_err("qa disabled should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(error.code, "desktop.change_reader_qa_disabled");
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_runtime_settings_rejects_voice_playback_without_api_key() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-required");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::SummaryOnly,
-            qa_enabled: true,
-            max_context_chars: 12_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: true,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: None,
-            },
-        }),
-        lifecycle: None,
-    });
-
-    let error = result.expect_err("voice playback without api key should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(
-        error.code,
-        "desktop.runtime_settings_change_reader_voice_api_key_required"
-    );
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_runtime_settings_allows_voice_playback_with_existing_api_key() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-existing");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::SummaryOnly,
-            qa_enabled: true,
-            max_context_chars: 12_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: false,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: Some("sk-existing-voice-key".to_string()),
-            },
-        }),
-        lifecycle: None,
-    })
-    .expect("store existing voice api key");
-
-    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::SummaryOnly,
-            qa_enabled: true,
-            max_context_chars: 12_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: true,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: None,
-            },
-        }),
-        lifecycle: None,
-    })
-    .expect("enable voice playback with existing api key");
-
-    assert!(updated.change_reader.voice.enabled);
-    assert!(updated.change_reader.voice.api_key_configured);
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn desktop_change_reader_tts_requires_voice_enable() {
-    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
-    let temp_home = unique_temp_dir("opensession-desktop-change-reader-tts-disabled");
-    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
-
-    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
-        session_default_view: None,
-        summary: None,
-        vector_search: None,
-        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
-            enabled: true,
-            scope: DesktopChangeReaderScope::SummaryOnly,
-            qa_enabled: true,
-            max_context_chars: 12_000,
-            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
-                enabled: false,
-                provider: DesktopChangeReaderVoiceProvider::Openai,
-                model: "gpt-4o-mini-tts".to_string(),
-                voice: "alloy".to_string(),
-                api_key: None,
-            },
-        }),
-        lifecycle: None,
-    })
-    .expect("enable change reader with voice disabled");
-
-    let result = desktop_change_reader_tts(DesktopChangeReaderTtsRequest {
-        text: "변경 내용을 읽어줘".to_string(),
-        session_id: None,
-        scope: None,
-    });
-    let error = result.expect_err("voice disabled should fail");
-    assert_eq!(error.status, 422);
-    assert_eq!(error.code, "desktop.change_reader_tts_disabled");
-
-    let _ = std::fs::remove_dir_all(&temp_home);
-}
-
-#[test]
-fn handoff_build_writes_artifact_record_and_pin() {
-    let unique = SystemTime::now()
-        .duration_since(UNIX_EPOCH)
-        .expect("time should be monotonic")
-        .as_nanos();
-    let repo_root = std::env::temp_dir().join(format!("opensession-desktop-handoff-{unique}"));
-    let git_dir = repo_root.join(".git");
-    std::fs::create_dir_all(&git_dir).expect("create repo .git");
-
-    let mut session = HailSession::new(
-        "session-handoff-test".to_string(),
-        Agent {
-            provider: "openai".to_string(),
-            model: "gpt-5".to_string(),
-            tool: "codex".to_string(),
-            tool_version: None,
-        },
-    );
-    session.recompute_stats();
-    let normalized = session.to_jsonl().expect("serialize session");
-
-    let response =
-        build_handoff_artifact_record(&normalized, session, true, &repo_root).expect("build");
-    let hash = response
-        .artifact_uri
-        .strip_prefix("os://artifact/")
-        .expect("artifact uri prefix");
-    assert_eq!(hash.len(), 64);
-    assert_eq!(response.pinned_alias.as_deref(), Some("latest"));
-    let expected_download_file_name = format!("handoff-{hash}.jsonl");
-    assert_eq!(
-        response.download_file_name.as_deref(),
-        Some(expected_download_file_name.as_str())
-    );
-    assert!(
-        response
-            .download_content
-            .as_deref()
-            .is_some_and(|value| value.contains("\"source_session_id\":\"session-handoff-test\""))
-    );
-
-    let artifact_path = repo_root
-        .join(".opensession")
-        .join("artifacts")
-        .join("sha256")
-        .join(&hash[0..2])
-        .join(&hash[2..4])
-        .join(format!("{hash}.json"));
-    assert!(artifact_path.exists());
-
-    let pin_path = repo_root
-        .join(".opensession")
-        .join("artifacts")
-        .join("pins")
-        .join("latest");
-    let pin_hash = std::fs::read_to_string(&pin_path).expect("read pin hash");
-    assert_eq!(pin_hash.trim(), hash);
-
-    let _ = std::fs::remove_dir_all(&repo_root);
+    final_state
 }
diff --git a/desktop/src-tauri/src/main_tests/change_reader.rs b/desktop/src-tauri/src/main_tests/change_reader.rs
new file mode 100644
index 00000000..fc1e7563
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/change_reader.rs
@@ -0,0 +1,169 @@
+use super::*;
+
+fn change_reader_update(
+    qa_enabled: bool,
+    voice_enabled: bool,
+    api_key: Option<&str>,
+) -> DesktopRuntimeChangeReaderSettingsUpdate {
+    DesktopRuntimeChangeReaderSettingsUpdate {
+        enabled: true,
+        scope: DesktopChangeReaderScope::SummaryOnly,
+        qa_enabled,
+        max_context_chars: 12_000,
+        voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+            enabled: voice_enabled,
+            provider: DesktopChangeReaderVoiceProvider::Openai,
+            model: "gpt-4o-mini-tts".to_string(),
+            voice: "alloy".to_string(),
+            api_key: api_key.map(str::to_string),
+        },
+    }
+}
+
+#[test]
+fn desktop_change_reader_requires_enabled_setting() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result =
+        tauri::async_runtime::block_on(desktop_read_session_changes(DesktopChangeReadRequest {
+            session_id: "session-1".to_string(),
+            scope: None,
+        }));
+    let error = result.expect_err("disabled change reader should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn require_non_empty_request_field_trims_surrounding_whitespace() {
+    let value = require_non_empty_request_field(
+        "  session-1 \n",
+        "desktop.test_invalid_request",
+        "session_id",
+    )
+    .expect("trimmed field should be accepted");
+    assert_eq!(value, "session-1");
+}
+
+#[test]
+fn require_non_empty_request_field_rejects_blank_values() {
+    let error =
+        require_non_empty_request_field(" \n\t ", "desktop.test_invalid_request", "session_id")
+            .expect_err("blank field should be rejected");
+    assert_eq!(error.status, 400);
+    assert_eq!(error.code, "desktop.test_invalid_request");
+    assert_eq!(error.message, "session_id is required");
+}
+
+#[test]
+fn desktop_change_reader_qa_respects_toggle() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-qa-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(change_reader_update(false, false, None)),
+        lifecycle: None,
+    })
+    .expect("enable change reader with qa disabled");
+
+    let result =
+        tauri::async_runtime::block_on(desktop_ask_session_changes(DesktopChangeQuestionRequest {
+            session_id: "session-1".to_string(),
+            question: "무엇이 바뀌었나요?".to_string(),
+            scope: None,
+        }));
+    let error = result.expect_err("qa disabled should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_qa_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_voice_playback_without_api_key() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-required");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(change_reader_update(true, true, None)),
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("voice playback without api key should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_change_reader_voice_api_key_required"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_allows_voice_playback_with_existing_api_key() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-voice-key-existing");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(change_reader_update(true, false, Some("sk-existing-voice-key"))),
+        lifecycle: None,
+    })
+    .expect("store existing voice api key");
+
+    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(change_reader_update(true, true, None)),
+        lifecycle: None,
+    })
+    .expect("enable voice playback with existing api key");
+
+    assert!(updated.change_reader.voice.enabled);
+    assert!(updated.change_reader.voice.api_key_configured);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_change_reader_tts_requires_voice_enable() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-change-reader-tts-disabled");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: Some(change_reader_update(true, false, None)),
+        lifecycle: None,
+    })
+    .expect("enable change reader with voice disabled");
+
+    let result = desktop_change_reader_tts(DesktopChangeReaderTtsRequest {
+        text: "변경 내용을 읽어줘".to_string(),
+        session_id: None,
+        scope: None,
+    });
+    let error = result.expect_err("voice disabled should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.change_reader_tts_disabled");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
diff --git a/desktop/src-tauri/src/main_tests/handoff.rs b/desktop/src-tauri/src/main_tests/handoff.rs
new file mode 100644
index 00000000..76b4322c
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/handoff.rs
@@ -0,0 +1,139 @@
+use super::*;
+
+#[test]
+fn parse_cli_quick_share_response_decodes_expected_fields() {
+    let stdout = r#"{
+  "uri": "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl",
+  "source_uri": "os://src/local/abc123",
+  "remote": "https://github.com/org/repo.git",
+  "push_cmd": "git push origin refs/opensession/branches/bWFpbg:refs/opensession/branches/bWFpbg",
+  "quick": true,
+  "pushed": true,
+  "auto_push_consent": true
+}"#;
+    let parsed = parse_cli_quick_share_response(stdout).expect("parse quick-share payload");
+    assert_eq!(parsed.source_uri, "os://src/local/abc123");
+    assert_eq!(
+        parsed.shared_uri,
+        "os://src/git/cmVtb3Rl/ref/refs%2Fheads%2Fmain/path/sessions%2Fa.jsonl"
+    );
+    assert_eq!(parsed.remote, "https://github.com/org/repo.git");
+    assert!(parsed.pushed);
+    assert!(parsed.auto_push_consent);
+}
+
+#[test]
+fn desktop_quick_share_rejects_empty_session_id() {
+    let err = desktop_share_session_quick(DesktopQuickShareRequest {
+        session_id: "   ".to_string(),
+        remote: None,
+    })
+    .expect_err("empty session_id should fail");
+    assert_eq!(err.code, "desktop.quick_share_invalid_request");
+    assert_eq!(err.status, 400);
+}
+
+#[test]
+fn handoff_canonicalization_orders_by_session_id() {
+    let mut session_b = HailSession::new(
+        "session-b".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session_b.recompute_stats();
+    let mut session_a = HailSession::new(
+        "session-a".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session_a.recompute_stats();
+
+    let summaries = vec![
+        HandoffSummary::from_session(&session_b),
+        HandoffSummary::from_session(&session_a),
+    ];
+    let canonical = canonicalize_summaries(&summaries).expect("canonicalize summaries");
+    let first_line = canonical.lines().next().expect("canonical line");
+    assert!(first_line.contains("\"source_session_id\":\"session-a\""));
+}
+
+#[test]
+fn handoff_pin_alias_validation_rejects_spaces() {
+    assert!(validate_pin_alias("latest").is_ok());
+    assert!(validate_pin_alias("bad alias").is_err());
+}
+
+#[test]
+fn artifact_path_rejects_invalid_hash() {
+    assert!(artifact_path_for_hash(Path::new("/tmp"), "abc").is_err());
+}
+
+#[test]
+fn handoff_build_writes_artifact_record_and_pin() {
+    let unique = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("time should be monotonic")
+        .as_nanos();
+    let repo_root = std::env::temp_dir().join(format!("opensession-desktop-handoff-{unique}"));
+    let git_dir = repo_root.join(".git");
+    std::fs::create_dir_all(&git_dir).expect("create repo .git");
+
+    let mut session = HailSession::new(
+        "session-handoff-test".to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session.recompute_stats();
+    let normalized = session.to_jsonl().expect("serialize session");
+
+    let response =
+        build_handoff_artifact_record(&normalized, session, true, &repo_root).expect("build");
+    let hash = response
+        .artifact_uri
+        .strip_prefix("os://artifact/")
+        .expect("artifact uri prefix");
+    assert_eq!(hash.len(), 64);
+    assert_eq!(response.pinned_alias.as_deref(), Some("latest"));
+    let expected_download_file_name = format!("handoff-{hash}.jsonl");
+    assert_eq!(
+        response.download_file_name.as_deref(),
+        Some(expected_download_file_name.as_str())
+    );
+    assert!(
+        response
+            .download_content
+            .as_deref()
+            .is_some_and(|value| value.contains("\"source_session_id\":\"session-handoff-test\""))
+    );
+
+    let artifact_path = repo_root
+        .join(".opensession")
+        .join("artifacts")
+        .join("sha256")
+        .join(&hash[0..2])
+        .join(&hash[2..4])
+        .join(format!("{hash}.json"));
+    assert!(artifact_path.exists());
+
+    let pin_path = repo_root
+        .join(".opensession")
+        .join("artifacts")
+        .join("pins")
+        .join("latest");
+    let pin_hash = std::fs::read_to_string(&pin_path).expect("read pin hash");
+    assert_eq!(pin_hash.trim(), hash);
+
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
diff --git a/desktop/src-tauri/src/main_tests/runtime_settings.rs b/desktop/src-tauri/src/main_tests/runtime_settings.rs
new file mode 100644
index 00000000..7b5220a7
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/runtime_settings.rs
@@ -0,0 +1,555 @@
+use super::*;
+use opensession_api::DesktopLifecycleCleanupState;
+
+#[test]
+fn desktop_runtime_settings_update_persists_values() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-home");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let updated = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: Some("compressed".to_string()),
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: format!("{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2}\n# customized"),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Compact,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::All,
+                recent_days: 45,
+            },
+        }),
+        vector_search: None,
+        change_reader: Some(DesktopRuntimeChangeReaderSettingsUpdate {
+            enabled: true,
+            scope: DesktopChangeReaderScope::FullContext,
+            qa_enabled: true,
+            max_context_chars: 18_000,
+            voice: DesktopRuntimeChangeReaderVoiceSettingsUpdate {
+                enabled: true,
+                provider: DesktopChangeReaderVoiceProvider::Openai,
+                model: "gpt-4o-mini-tts".to_string(),
+                voice: "alloy".to_string(),
+                api_key: Some("sk-test-key".to_string()),
+            },
+        }),
+        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
+            enabled: true,
+            session_ttl_days: 45,
+            summary_ttl_days: 60,
+            cleanup_interval_secs: 120,
+        }),
+    })
+    .expect("update runtime settings");
+    assert_eq!(updated.session_default_view, "compressed");
+
+    let loaded = desktop_get_runtime_settings().expect("load runtime settings");
+    assert_eq!(loaded.session_default_view, "compressed");
+    assert_eq!(
+        loaded.summary.provider.id,
+        DesktopSummaryProviderId::Disabled
+    );
+    assert_eq!(
+        loaded.summary.response.style,
+        DesktopSummaryResponseStyle::Compact
+    );
+    assert_eq!(
+        loaded.summary.storage.backend,
+        DesktopSummaryStorageBackend::HiddenRef
+    );
+    assert_eq!(
+        loaded.summary.source_mode,
+        DesktopSummarySourceMode::SessionOnly
+    );
+    assert_eq!(
+        loaded.summary.batch.execution_mode,
+        DesktopSummaryBatchExecutionMode::Manual
+    );
+    assert_eq!(loaded.summary.batch.scope, DesktopSummaryBatchScope::All);
+    assert_eq!(loaded.summary.batch.recent_days, 45);
+    assert!(loaded.summary.prompt.template.contains("customized"));
+    assert!(loaded.change_reader.enabled);
+    assert_eq!(
+        loaded.change_reader.scope,
+        DesktopChangeReaderScope::FullContext
+    );
+    assert!(loaded.change_reader.qa_enabled);
+    assert_eq!(loaded.change_reader.max_context_chars, 18_000);
+    assert!(loaded.change_reader.voice.enabled);
+    assert_eq!(
+        loaded.change_reader.voice.provider,
+        DesktopChangeReaderVoiceProvider::Openai
+    );
+    assert_eq!(loaded.change_reader.voice.model, "gpt-4o-mini-tts");
+    assert_eq!(loaded.change_reader.voice.voice, "alloy");
+    assert!(loaded.change_reader.voice.api_key_configured);
+    assert!(loaded.lifecycle.enabled);
+    assert_eq!(loaded.lifecycle.session_ttl_days, 45);
+    assert_eq!(loaded.lifecycle.summary_ttl_days, 60);
+    assert_eq!(loaded.lifecycle.cleanup_interval_secs, 120);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_migrates_summary_storage_local_db_to_hidden_ref() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-home");
+    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-db");
+    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("storage-migrate-local-to-hidden");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let source_path = repo_root.join("storage-migrate-local-to-hidden.hail.jsonl");
+    std::fs::write(
+        &source_path,
+        session.to_jsonl().expect("serialize session jsonl"),
+    )
+    .expect("write session source");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id: "storage-migrate-local-to-hidden",
+        summary_json: r#"{"changes":"migrated","auth_security":"none detected","layer_file_changes":[]}"#,
+        generated_at: "2026-03-05T10:00:00Z",
+        provider: "codex_exec",
+        model: Some("gpt-5"),
+        source_kind: "session_signals",
+        generation_kind: "provider",
+        prompt_fingerprint: Some("migrate-fingerprint"),
+        source_details_json: Some(r#"{"source":"session"}"#),
+        diff_tree_json: Some(r#"[]"#),
+        error: None,
+    })
+    .expect("insert local summary");
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary backend to local_db");
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("switch summary backend to hidden_ref");
+
+    let migrated = NativeGitStorage
+        .load_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            "storage-migrate-local-to-hidden",
+        )
+        .expect("load migrated hidden_ref summary")
+        .expect("migrated hidden_ref summary should exist");
+    assert_eq!(migrated.provider, "codex_exec");
+    assert_eq!(migrated.summary["changes"], "migrated");
+    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
+
+#[test]
+fn desktop_runtime_settings_migrates_summary_storage_hidden_ref_to_local_db() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-home");
+    let temp_db = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-db");
+    let repo_root = unique_temp_dir("opensession-desktop-runtime-migrate-hidden-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("storage-migrate-hidden-to-local");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let source_path = repo_root.join("storage-migrate-hidden-to-local.hail.jsonl");
+    std::fs::write(
+        &source_path,
+        session.to_jsonl().expect("serialize session jsonl"),
+    )
+    .expect("write session source");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+
+    let hidden_record = SessionSummaryLedgerRecord {
+        session_id: "storage-migrate-hidden-to-local".to_string(),
+        generated_at: "2026-03-05T11:00:00Z".to_string(),
+        provider: "codex_exec".to_string(),
+        model: Some("gpt-5".to_string()),
+        source_kind: "session_signals".to_string(),
+        generation_kind: "provider".to_string(),
+        prompt_fingerprint: Some("hidden-fingerprint".to_string()),
+        summary: json!({
+            "changes": "from-hidden",
+            "auth_security": "none detected",
+            "layer_file_changes": []
+        }),
+        source_details: json!({ "source": "hidden_ref" }),
+        diff_tree: Vec::new(),
+        error: None,
+    };
+    NativeGitStorage
+        .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &hidden_record)
+        .expect("store hidden_ref summary");
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary backend to hidden_ref");
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(summary_settings_update_with_backend(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("switch summary backend to local_db");
+
+    let migrated = db
+        .get_session_semantic_summary("storage-migrate-hidden-to-local")
+        .expect("read migrated local summary")
+        .expect("migrated local summary should exist");
+    assert_eq!(migrated.provider, "codex_exec");
+    let migrated_summary: serde_json::Value =
+        serde_json::from_str(&migrated.summary_json).expect("parse migrated summary");
+    assert_eq!(migrated_summary["changes"], "from-hidden");
+    assert_eq!(migrated.model.as_deref(), Some("gpt-5"));
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
+
+#[test]
+fn desktop_lifecycle_cleanup_deletes_expired_sessions_without_daemon() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-lifecycle-cleanup");
+    let repo_root = temp_root.join("repo");
+    std::fs::create_dir_all(&repo_root).expect("create repo root");
+    init_test_git_repo(&repo_root);
+
+    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
+
+    let mut expired = build_test_session("expired-session");
+    expired.context.created_at = chrono::Utc::now() - chrono::Duration::days(45);
+    expired.context.updated_at = expired.context.created_at;
+    expired.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let expired_source = repo_root.join("expired-session.hail.jsonl");
+    std::fs::write(
+        &expired_source,
+        expired.to_jsonl().expect("serialize expired session"),
+    )
+    .expect("write expired session source");
+    db.upsert_local_session(
+        &expired,
+        expired_source
+            .to_str()
+            .expect("expired session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert expired session");
+
+    let mut recent = build_test_session("recent-session");
+    recent.context.created_at = chrono::Utc::now() - chrono::Duration::days(5);
+    recent.context.updated_at = recent.context.created_at;
+    recent.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let recent_source = repo_root.join("recent-session.hail.jsonl");
+    std::fs::write(
+        &recent_source,
+        recent.to_jsonl().expect("serialize recent session"),
+    )
+    .expect("write recent session source");
+    db.upsert_local_session(
+        &recent,
+        recent_source
+            .to_str()
+            .expect("recent session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert recent session");
+
+    let storage = NativeGitStorage;
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "expired-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "expired" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store expired hidden_ref summary");
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "recent-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "recent" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store recent hidden_ref summary");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 30;
+    config.lifecycle.summary_ttl_days = 30;
+    config.lifecycle.cleanup_interval_secs = 60;
+
+    super::super::run_desktop_lifecycle_cleanup_once_with_db(&config, &db)
+        .expect("run desktop lifecycle cleanup");
+
+    let lifecycle_status = super::super::desktop_lifecycle_cleanup_status_from_db(&db)
+        .expect("read lifecycle cleanup status");
+    assert_eq!(
+        lifecycle_status.state,
+        DesktopLifecycleCleanupState::Complete
+    );
+    assert_eq!(lifecycle_status.deleted_sessions, 1);
+    assert_eq!(lifecycle_status.deleted_summaries, 1);
+    assert!(
+        lifecycle_status
+            .message
+            .as_deref()
+            .unwrap_or_default()
+            .contains("Deleted 1 sessions"),
+        "cleanup status should summarize deleted rows"
+    );
+    assert!(lifecycle_status.started_at.is_some());
+    assert!(lifecycle_status.finished_at.is_some());
+
+    assert!(
+        db.get_session_by_id("expired-session")
+            .expect("query expired session")
+            .is_none(),
+        "expired session should be deleted by desktop lifecycle cleanup"
+    );
+    assert!(
+        db.get_session_by_id("recent-session")
+            .expect("query recent session")
+            .is_some(),
+        "recent session should remain after desktop lifecycle cleanup"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
+            .expect("load expired hidden_ref summary")
+            .is_none(),
+        "expired hidden_ref summary should be deleted by desktop lifecycle cleanup"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "recent-session")
+            .expect("load recent hidden_ref summary")
+            .is_some(),
+        "recent hidden_ref summary should remain after desktop lifecycle cleanup"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_non_session_only_source_mode() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-source-lock");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOrGitChanges,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::Manual,
+                scope: DesktopSummaryBatchScope::RecentDays,
+                recent_days: 30,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("source mode lock should reject update");
+    assert_eq!(error.status, 422);
+    assert_eq!(error.code, "desktop.runtime_settings_source_mode_locked");
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_zero_summary_batch_recent_days() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-summary-batch-invalid");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(DesktopRuntimeSummarySettingsUpdate {
+            provider: DesktopRuntimeSummaryProviderSettingsUpdate {
+                id: DesktopSummaryProviderId::Disabled,
+                endpoint: String::new(),
+                model: String::new(),
+            },
+            prompt: DesktopRuntimeSummaryPromptSettingsUpdate {
+                template: DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2.to_string(),
+            },
+            response: DesktopRuntimeSummaryResponseSettingsUpdate {
+                style: DesktopSummaryResponseStyle::Standard,
+                shape: DesktopSummaryOutputShape::Layered,
+            },
+            storage: DesktopRuntimeSummaryStorageSettingsUpdate {
+                trigger: DesktopSummaryTriggerMode::OnSessionSave,
+                backend: DesktopSummaryStorageBackend::HiddenRef,
+            },
+            source_mode: DesktopSummarySourceMode::SessionOnly,
+            batch: DesktopRuntimeSummaryBatchSettingsUpdate {
+                execution_mode: DesktopSummaryBatchExecutionMode::OnAppStart,
+                scope: DesktopSummaryBatchScope::RecentDays,
+                recent_days: 0,
+            },
+        }),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    });
+
+    let error = result.expect_err("recent_days=0 should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_invalid_summary_batch_recent_days"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
+
+#[test]
+fn desktop_runtime_settings_rejects_short_lifecycle_interval() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-runtime-lifecycle-invalid");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+
+    let result = desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: None,
+        vector_search: None,
+        change_reader: None,
+        lifecycle: Some(DesktopRuntimeLifecycleSettingsUpdate {
+            enabled: true,
+            session_ttl_days: 30,
+            summary_ttl_days: 30,
+            cleanup_interval_secs: 59,
+        }),
+    });
+
+    let error = result.expect_err("cleanup interval under 60 should fail");
+    assert_eq!(error.status, 422);
+    assert_eq!(
+        error.code,
+        "desktop.runtime_settings_invalid_cleanup_interval"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+}
diff --git a/desktop/src-tauri/src/main_tests/session_access.rs b/desktop/src-tauri/src/main_tests/session_access.rs
new file mode 100644
index 00000000..ac858c05
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/session_access.rs
@@ -0,0 +1,330 @@
+use super::*;
+
+#[test]
+fn list_filter_defaults_page_and_per_page() {
+    let (filter, page, per_page, mode) =
+        build_local_filter_with_mode(DesktopSessionListQuery::default());
+    assert_eq!(page, 1);
+    assert_eq!(per_page, 20);
+    assert_eq!(mode, SearchMode::Keyword);
+    assert_eq!(filter.limit, Some(20));
+    assert_eq!(filter.offset, Some(0));
+    assert!(filter.exclude_low_signal);
+}
+
+#[test]
+fn list_filter_parses_sort_and_range_values() {
+    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
+        page: Some("2".to_string()),
+        per_page: Some("30".to_string()),
+        search: Some("fix".to_string()),
+        tool: Some("codex".to_string()),
+        git_repo_name: Some("org/repo".to_string()),
+        sort: Some("popular".to_string()),
+        time_range: Some("7d".to_string()),
+        force_refresh: None,
+    });
+    assert_eq!(page, 2);
+    assert_eq!(per_page, 30);
+    assert_eq!(mode, SearchMode::Keyword);
+    assert_eq!(filter.search.as_deref(), Some("fix"));
+    assert_eq!(filter.tool.as_deref(), Some("codex"));
+    assert_eq!(filter.git_repo_name.as_deref(), Some("org/repo"));
+    assert_eq!(filter.offset, Some(30));
+}
+
+#[test]
+fn split_search_mode_detects_vector_prefix() {
+    let (query, mode) = split_search_mode(Some("vector: auth regression".to_string()));
+    assert_eq!(query.as_deref(), Some("auth regression"));
+    assert_eq!(mode, SearchMode::Vector);
+
+    let (query, mode) = split_search_mode(Some("fix parser".to_string()));
+    assert_eq!(query.as_deref(), Some("fix parser"));
+    assert_eq!(mode, SearchMode::Keyword);
+}
+
+#[test]
+fn list_filter_with_mode_keeps_vector_query_text() {
+    let (filter, page, per_page, mode) = build_local_filter_with_mode(DesktopSessionListQuery {
+        search: Some("vec: paging bug".to_string()),
+        ..DesktopSessionListQuery::default()
+    });
+    assert_eq!(page, 1);
+    assert_eq!(per_page, 20);
+    assert_eq!(mode, SearchMode::Vector);
+    assert_eq!(filter.search.as_deref(), Some("paging bug"));
+}
+
+#[test]
+fn desktop_list_sessions_hides_low_signal_metadata_only_rows() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-low-signal-filter");
+    let db_path = temp_root.join("local.db");
+    let source_path = temp_root
+        .join(".claude")
+        .join("projects")
+        .join("fixture")
+        .join("metadata-only.jsonl");
+    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
+
+    std::fs::create_dir_all(
+        source_path
+            .parent()
+            .expect("metadata-only source parent must exist"),
+    )
+    .expect("create metadata-only source dir");
+    std::fs::write(
+        &source_path,
+        r#"{"type":"file-history-snapshot","files":[]}"#,
+    )
+    .expect("write metadata-only source fixture");
+
+    let session = HailSession::new(
+        "metadata-only-session".to_string(),
+        Agent {
+            provider: "anthropic".to_string(),
+            model: "claude-3-5-sonnet".to_string(),
+            tool: "claude-code".to_string(),
+            tool_version: None,
+        },
+    );
+    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("metadata-only source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert metadata-only local session");
+
+    let listed = desktop_list_sessions(None).expect("list sessions");
+    assert!(
+        !listed
+            .sessions
+            .iter()
+            .any(|row| row.id == "metadata-only-session"),
+        "metadata-only sessions must be excluded from the default desktop session list",
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_list_sessions_force_refresh_reindexes_discovered_sessions() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-force-refresh-home");
+    let temp_db = unique_temp_dir("opensession-desktop-force-refresh-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _codex_home_env = EnvVarGuard::set("CODEX_HOME", temp_home.join(".codex").as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    let session_jsonl = [
+        r#"{"timestamp":"2026-03-05T00:00:00.097Z","type":"session_meta","payload":{"id":"force-refresh-session","timestamp":"2026-03-05T00:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-03-05T00:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"force refresh regression fixture"}}"#,
+        r#"{"timestamp":"2026-03-05T00:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"done"}]}}"#,
+    ]
+    .join("\n");
+    let discovered_path = temp_home
+        .join(".codex")
+        .join("sessions")
+        .join("2026")
+        .join("03")
+        .join("05")
+        .join("rollout-force-refresh-session.jsonl");
+    std::fs::create_dir_all(
+        discovered_path
+            .parent()
+            .expect("session discovery parent must exist"),
+    )
+    .expect("create session discovery dir");
+    std::fs::write(&discovered_path, session_jsonl).expect("write discovered session");
+
+    let before = desktop_list_sessions(None).expect("list sessions before force refresh");
+    assert!(
+        !before
+            .sessions
+            .iter()
+            .any(|row| row.id == "force-refresh-session"),
+        "session should not exist in DB before force refresh reindex"
+    );
+
+    let after = desktop_list_sessions(Some(DesktopSessionListQuery {
+        force_refresh: Some(true),
+        ..DesktopSessionListQuery::default()
+    }))
+    .expect("list sessions after force refresh");
+    assert!(
+        after
+            .sessions
+            .iter()
+            .any(|row| row.id == "force-refresh-session"),
+        "force refresh should reindex discovered session"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn force_refresh_discovery_tools_skip_cursor_for_fast_path() {
+    let tools = force_refresh_discovery_tools();
+    assert!(tools.contains(&"codex"));
+    assert!(!tools.contains(&"cursor"));
+}
+
+#[test]
+fn normalize_launch_route_accepts_relative_session_path() {
+    assert_eq!(
+        normalize_launch_route("/sessions?git_repo_name=org%2Frepo"),
+        Some("/sessions?git_repo_name=org%2Frepo".to_string())
+    );
+}
+
+#[test]
+fn normalize_launch_route_rejects_invalid_values() {
+    assert_eq!(normalize_launch_route(""), None);
+    assert_eq!(
+        normalize_launch_route("https://opensession.io/sessions"),
+        None
+    );
+    assert_eq!(normalize_launch_route("//sessions"), None);
+}
+
+#[test]
+fn local_row_uses_created_at_when_uploaded_at_missing() {
+    let summary = session_summary_from_local_row(sample_row());
+    assert_eq!(summary.uploaded_at, "2026-03-03T00:00:00Z");
+    assert_eq!(
+        summary.score_plugin,
+        opensession_core::scoring::DEFAULT_SCORE_PLUGIN
+    );
+}
+
+#[test]
+fn unknown_link_type_falls_back_to_handoff() {
+    let link = map_link_type("unknown-link");
+    assert!(matches!(link, opensession_api::LinkType::Handoff));
+}
+
+#[test]
+fn normalize_session_body_preserves_hail_jsonl() {
+    let hail_jsonl = [
+        r#"{"type":"header","version":"hail-1.0.0","session_id":"hail-1","agent":{"provider":"openai","model":"gpt-5","tool":"codex"},"context":{"title":"Title","description":"Desc","tags":[],"created_at":"2026-03-03T00:00:00Z","updated_at":"2026-03-03T00:00:00Z","related_session_ids":[],"attributes":{}}}"#,
+        r#"{"type":"event","event_id":"e1","timestamp":"2026-03-03T00:00:00Z","event_type":{"type":"UserMessage"},"content":{"blocks":[{"type":"Text","text":"hello"}]},"attributes":{}}"#,
+        r#"{"type":"stats","event_count":1,"message_count":1,"tool_call_count":0,"task_count":0,"duration_seconds":0,"total_input_tokens":0,"total_output_tokens":0,"user_message_count":1,"files_changed":0,"lines_added":0,"lines_removed":0}"#,
+    ]
+    .join("\n");
+
+    let normalized = normalize_session_body_to_hail_jsonl(&hail_jsonl, None)
+        .expect("hail JSONL should normalize");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must remain valid hail");
+    assert_eq!(parsed.session_id, "hail-1");
+}
+
+#[test]
+fn normalize_session_body_converts_claude_jsonl() {
+    let claude_jsonl = r#"{"type":"user","uuid":"u1","sessionId":"claude-1","timestamp":"2026-03-03T00:00:00Z","message":{"role":"user","content":"hello from claude"},"cwd":"/tmp/project","gitBranch":"main"}"#;
+
+    let normalized = normalize_session_body_to_hail_jsonl(
+        claude_jsonl,
+        Some("/tmp/70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl"),
+    )
+    .expect("claude JSONL should parse into HAIL");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
+    assert_eq!(parsed.session_id, "claude-1");
+    assert_eq!(parsed.agent.tool, "claude-code");
+    assert!(!parsed.events.is_empty());
+}
+
+#[test]
+fn normalize_session_body_prefers_source_path_parser_over_extension_fallback() {
+    let temp_root = unique_temp_dir("opensession-desktop-normalize-source-path");
+    let source_path = temp_root
+        .join(".claude")
+        .join("projects")
+        .join("fixture")
+        .join("f0639ede-3aac-4f67-a979-b175ea5f9557.jsonl");
+    std::fs::create_dir_all(
+        source_path
+            .parent()
+            .expect("claude fixture parent directory must exist"),
+    )
+    .expect("create claude fixture directory");
+
+    let snapshot_only = r#"{"type":"file-history-snapshot","files":[]}"#;
+    std::fs::write(&source_path, snapshot_only).expect("write claude snapshot fixture");
+
+    let normalized = normalize_session_body_to_hail_jsonl(
+        snapshot_only,
+        Some(
+            source_path
+                .to_str()
+                .expect("fixture source path must be valid utf-8"),
+        ),
+    )
+    .expect("source-path parser should normalize claude snapshot fixture");
+    let parsed = HailSession::from_jsonl(&normalized).expect("must be valid hail");
+    assert_eq!(parsed.agent.tool, "claude-code");
+    assert_eq!(parsed.session_id, "f0639ede-3aac-4f67-a979-b175ea5f9557");
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn desktop_contract_version_matches_shared_constant() {
+    let payload = desktop_get_contract_version();
+    assert_eq!(
+        payload.version,
+        opensession_api::DESKTOP_IPC_CONTRACT_VERSION
+    );
+}
+
+#[test]
+fn desktop_list_detail_raw_flow_uses_isolated_db() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-list-detail-raw");
+    let db_path = temp_root.join("local.db");
+    let source_path = temp_root.join("session.hail.jsonl");
+    let _db_env = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", db_path.as_os_str());
+
+    let session = build_test_session("desktop-flow-session");
+    let session_jsonl = session.to_jsonl().expect("serialize session jsonl");
+    std::fs::write(&source_path, &session_jsonl).expect("write session source");
+
+    let db = LocalDb::open_path(&db_path).expect("open isolated local db");
+    db.upsert_local_session(
+        &session,
+        source_path
+            .to_str()
+            .expect("session source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session");
+
+    let listed = desktop_list_sessions(None).expect("list sessions");
+    assert!(
+        listed
+            .sessions
+            .iter()
+            .any(|row| row.id == session.session_id),
+        "session list must include inserted session",
+    );
+
+    let detail =
+        desktop_get_session_detail(session.session_id.clone()).expect("get session detail");
+    assert_eq!(detail.summary.id, session.session_id);
+
+    let raw = desktop_get_session_raw(detail.summary.id.clone()).expect("get raw session");
+    assert!(
+        raw.contains("\"session_id\":\"desktop-flow-session\""),
+        "raw session output should include the normalized session id",
+    );
+
+    drop(db);
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
diff --git a/desktop/src-tauri/src/main_tests/summary_batch.rs b/desktop/src-tauri/src/main_tests/summary_batch.rs
new file mode 100644
index 00000000..f560695a
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/summary_batch.rs
@@ -0,0 +1,259 @@
+use super::*;
+
+#[test]
+fn desktop_summary_batch_run_and_status_complete_when_no_sessions() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(manual_summary_batch_settings(DesktopSummaryStorageBackend::None)),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let final_state = wait_for_summary_batch_completion(started);
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_missing_source_files() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-skip-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-skip-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(manual_summary_batch_settings(DesktopSummaryStorageBackend::None)),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let session = build_test_session("missing-source-session");
+    let missing_source = temp_db.join("missing-source-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let final_state = wait_for_summary_batch_completion(started);
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 1);
+    assert_eq!(final_state.processed_sessions, 1);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("skipped missing sources"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_existing_local_db_summaries() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-local-summary-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-local-summary-db");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(manual_summary_batch_settings(
+            DesktopSummaryStorageBackend::HiddenRef,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let session = build_test_session("existing-local-summary-session");
+    let missing_source = temp_db.join("existing-local-summary-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id: "existing-local-summary-session",
+        summary_json: r#"{"changes":"cached","auth_security":"none detected","layer_file_changes":[]}"#,
+        generated_at: "2026-03-06T01:00:00Z",
+        provider: "codex_exec",
+        model: Some("gpt-5"),
+        source_kind: "session_signals",
+        generation_kind: "provider",
+        prompt_fingerprint: Some("local-cache"),
+        source_details_json: Some(r#"{"source":"local_db"}"#),
+        diff_tree_json: Some(r#"[]"#),
+        error: None,
+    })
+    .expect("insert local summary");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let final_state = wait_for_summary_batch_completion(started);
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("already summarized"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn desktop_summary_batch_skips_sessions_with_existing_hidden_ref_summaries() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_home = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-home");
+    let temp_db = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-db");
+    let repo_root = unique_temp_dir("opensession-desktop-summary-batch-hidden-summary-repo");
+    let _home_env = EnvVarGuard::set("HOME", temp_home.as_os_str());
+    let _db_env = EnvVarGuard::set(
+        "OPENSESSION_LOCAL_DB_PATH",
+        temp_db.join("local.db").as_os_str(),
+    );
+    init_test_git_repo(&repo_root);
+
+    desktop_update_runtime_settings(DesktopRuntimeSettingsUpdateRequest {
+        session_default_view: None,
+        summary: Some(manual_summary_batch_settings(
+            DesktopSummaryStorageBackend::LocalDb,
+        )),
+        vector_search: None,
+        change_reader: None,
+        lifecycle: None,
+    })
+    .expect("set summary batch config");
+
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+    let mut session = build_test_session("existing-hidden-summary-session");
+    session.context.attributes.insert(
+        "cwd".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    let missing_source = repo_root.join("existing-hidden-summary-session.jsonl");
+    db.upsert_local_session(
+        &session,
+        missing_source
+            .to_str()
+            .expect("missing source path must be valid utf-8"),
+        &GitContext::default(),
+    )
+    .expect("upsert local session with missing source path");
+    NativeGitStorage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "existing-hidden-summary-session".to_string(),
+                generated_at: "2026-03-06T02:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: Some("gpt-5".to_string()),
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: Some("hidden-cache".to_string()),
+                summary: json!({
+                    "changes": "cached",
+                    "auth_security": "none detected",
+                    "layer_file_changes": []
+                }),
+                source_details: json!({ "source": "hidden_ref" }),
+                diff_tree: Vec::new(),
+                error: None,
+            },
+        )
+        .expect("store hidden_ref summary");
+
+    let started = desktop_summary_batch_run().expect("start summary batch");
+    assert!(
+        matches!(
+            started.state,
+            DesktopSummaryBatchState::Running | DesktopSummaryBatchState::Complete
+        ),
+        "initial state should be running or complete"
+    );
+
+    let final_state = wait_for_summary_batch_completion(started);
+    assert_eq!(final_state.state, DesktopSummaryBatchState::Complete);
+    assert_eq!(final_state.total_sessions, 0);
+    assert_eq!(final_state.processed_sessions, 0);
+    assert_eq!(final_state.failed_sessions, 0);
+    assert!(
+        final_state
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("already summarized"))
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_home);
+    let _ = std::fs::remove_dir_all(&temp_db);
+    let _ = std::fs::remove_dir_all(&repo_root);
+}
diff --git a/desktop/src-tauri/src/main_tests/vector.rs b/desktop/src-tauri/src/main_tests/vector.rs
new file mode 100644
index 00000000..b7661f7f
--- /dev/null
+++ b/desktop/src-tauri/src/main_tests/vector.rs
@@ -0,0 +1,208 @@
+use super::*;
+
+fn ready_vector_preflight_fixture() -> DesktopVectorPreflightResponse {
+    DesktopVectorPreflightResponse {
+        provider: DesktopVectorSearchProvider::Ollama,
+        endpoint: "http://127.0.0.1:11434".to_string(),
+        model: "bge-m3".to_string(),
+        ollama_reachable: true,
+        model_installed: true,
+        install_state: DesktopVectorInstallState::Ready,
+        progress_pct: 100,
+        message: Some("model is installed and ready".to_string()),
+    }
+}
+
+#[test]
+fn validate_vector_preflight_allows_rebuild_when_vector_disabled() {
+    let preflight = ready_vector_preflight_fixture();
+    let result = validate_vector_preflight_ready(&preflight, false, false);
+    assert!(result.is_ok());
+}
+
+#[test]
+fn validate_vector_preflight_requires_enabled_for_search_path() {
+    let preflight = ready_vector_preflight_fixture();
+    let err = validate_vector_preflight_ready(&preflight, false, true)
+        .expect_err("search path should require vector enabled");
+    assert_eq!(err.code, "desktop.vector_search_disabled");
+    assert_eq!(err.status, 422);
+}
+
+#[test]
+fn persist_vector_index_failure_snapshot_preserves_progress() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_db = unique_temp_dir("opensession-desktop-vector-failure-snapshot");
+    let db = LocalDb::open_path(&temp_db.join("local.db")).expect("open local db");
+
+    db.set_vector_index_job(&VectorIndexJobRow {
+        status: "running".to_string(),
+        processed_sessions: 7,
+        total_sessions: 42,
+        message: Some("indexing session-7".to_string()),
+        started_at: Some("2026-03-06T00:00:00Z".to_string()),
+        finished_at: None,
+    })
+    .expect("seed running vector job");
+
+    let error = super::super::desktop_error(
+        "desktop.vector_search_unavailable",
+        422,
+        "vector search endpoint returned HTTP 404",
+        Some(json!({
+            "endpoint": "http://127.0.0.1:11434/api/embeddings",
+            "status": 404,
+            "body": "{\"error\":\"model 'bge-m3' not found\"}",
+            "batch_endpoint": "http://127.0.0.1:11434/api/embed",
+            "batch_status": 400,
+            "batch_body": "{\"error\":\"bad request\"}",
+            "model": "bge-m3",
+            "hint": "verify embedding model exists in local ollama"
+        })),
+    );
+    super::super::persist_vector_index_failure_snapshot(&db, &error)
+        .expect("persist vector failure snapshot");
+
+    let snapshot = db
+        .get_vector_index_job()
+        .expect("read vector job")
+        .expect("vector job should exist");
+    assert_eq!(snapshot.status, "failed");
+    assert_eq!(snapshot.processed_sessions, 7);
+    assert_eq!(snapshot.total_sessions, 42);
+    assert_eq!(
+        snapshot.message.as_deref(),
+        Some(
+            "vector search endpoint returned HTTP 404\nReason: model 'bge-m3' not found\nHTTP: 404\nEndpoint: http://127.0.0.1:11434/api/embeddings\nBatch reason: bad request\nBatch HTTP: 400\nBatch endpoint: http://127.0.0.1:11434/api/embed\nModel: bge-m3\nAction: verify embedding model exists in local ollama"
+        )
+    );
+    assert_eq!(snapshot.started_at.as_deref(), Some("2026-03-06T00:00:00Z"));
+    assert!(snapshot.finished_at.is_some());
+
+    let _ = std::fs::remove_dir_all(&temp_db);
+}
+
+#[test]
+fn rebuild_vector_index_blocking_continues_after_embedding_failures() {
+    let _env_lock = TEST_ENV_LOCK.lock().expect("test env lock");
+    let temp_root = unique_temp_dir("opensession-desktop-vector-failure-continue");
+    let db = LocalDb::open_path(&temp_root.join("local.db")).expect("open local db");
+
+    for session_id in ["vector-failure-a", "vector-failure-b"] {
+        let session = build_test_session(session_id);
+        let source_path = temp_root.join(format!("{session_id}.jsonl"));
+        std::fs::write(
+            &source_path,
+            session.to_jsonl().expect("serialize session jsonl"),
+        )
+        .expect("write session source");
+        db.upsert_local_session(
+            &session,
+            source_path
+                .to_str()
+                .expect("session source path must be valid utf-8"),
+            &GitContext::default(),
+        )
+        .expect("upsert local session");
+    }
+
+    let mut runtime = DaemonConfig::default();
+    runtime.vector_search.enabled = true;
+    runtime.vector_search.endpoint = "http://127.0.0.1:1".to_string();
+    runtime.vector_search.model = "bge-m3".to_string();
+
+    super::super::rebuild_vector_index_blocking(&db, &runtime)
+        .expect("skippable embedding failures should not abort rebuild");
+
+    let snapshot = db
+        .get_vector_index_job()
+        .expect("read vector job")
+        .expect("vector job should exist");
+    assert_eq!(snapshot.status, "complete");
+    assert_eq!(snapshot.processed_sessions, 2);
+    assert_eq!(snapshot.total_sessions, 2);
+    assert!(
+        snapshot
+            .message
+            .as_deref()
+            .is_some_and(|message| message.contains("2 failed"))
+    );
+    assert!(
+        db.list_recent_vector_chunks_for_model("bge-m3", 10)
+            .expect("list vector chunks")
+            .is_empty(),
+        "failed sessions should not leave partial vector chunks behind"
+    );
+
+    let _ = std::fs::remove_dir_all(&temp_root);
+}
+
+#[test]
+fn cosine_similarity_handles_basic_cases() {
+    let same = cosine_similarity(&[1.0, 0.0, 1.0], &[1.0, 0.0, 1.0]);
+    assert!((same - 1.0).abs() < 1e-6);
+
+    let orthogonal = cosine_similarity(&[1.0, 0.0], &[0.0, 1.0]);
+    assert!(orthogonal.abs() < 1e-6);
+
+    let mismatch = cosine_similarity(&[1.0, 2.0], &[1.0]);
+    assert_eq!(mismatch, 0.0);
+}
+
+#[test]
+fn extract_vector_lines_preserves_dot_line_tokens() {
+    let mut session = build_test_session("vector-lines");
+    session.events.push(Event {
+        event_id: "evt-dot".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text(".\nkeep-this-line"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let lines = extract_vector_lines(&session);
+    assert!(lines.iter().any(|line| line == "."));
+    assert!(lines.iter().any(|line| line.contains("keep-this-line")));
+}
+
+#[test]
+fn build_vector_chunks_applies_overlap_rules() {
+    let mut session = build_test_session("vector-chunks");
+    session.events.push(Event {
+        event_id: "evt-overlap".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text("l1\nl2\nl3"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let mut runtime = DaemonConfig::default();
+    runtime.vector_search.chunking_mode = opensession_runtime_config::VectorChunkingMode::Manual;
+    runtime.vector_search.chunk_size_lines = 2;
+    runtime.vector_search.chunk_overlap_lines = 1;
+    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
+    assert!(chunks.len() >= 2);
+    assert_eq!(chunks[0].start_line, 1);
+    assert_eq!(chunks[0].end_line, 2);
+    assert_eq!(chunks[1].start_line, 2);
+}
+
+#[test]
+fn build_vector_chunks_auto_tunes_for_small_session() {
+    let mut session = build_test_session("vector-chunks-auto");
+    session.events.push(Event {
+        event_id: "evt-auto".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text("a\nb\nc\nd\ne\nf"),
+        duration_ms: None,
+        attributes: std::collections::HashMap::new(),
+    });
+    let runtime = DaemonConfig::default();
+    let chunks = build_vector_chunks_for_session(&session, "source-hash", &runtime);
+    assert_eq!(chunks[0].start_line, 1);
+    assert_eq!(chunks[0].end_line, 7);
+}

From cc9c385ebbcc00be44af24e05b014676f4fa1e3c Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 12:59:32 +0900
Subject: [PATCH 15/30] refactor(core): extract local store adapter

---
 Cargo.lock                                    |  13 +-
 Cargo.toml                                    |   3 +
 crates/cli/Cargo.toml                         |   1 +
 crates/cli/src/cat_cmd.rs                     |   2 +-
 crates/cli/src/config_cmd.rs                  |   3 +-
 crates/cli/src/handoff.rs                     | 201 +++++++++++++++---
 crates/cli/src/handoff_v1.rs                  |   9 +-
 crates/cli/src/inspect.rs                     |   2 +-
 crates/cli/src/register.rs                    |   2 +-
 crates/cli/src/share.rs                       |   2 +-
 crates/cli/src/summary_cmd.rs                 |  12 +-
 crates/cli/src/url_opener.rs                  |   2 +-
 crates/cli/src/view.rs                        |   2 +-
 crates/core/Cargo.toml                        |   4 -
 crates/core/src/handoff_artifact.rs           | 111 ++--------
 crates/core/src/lib.rs                        |   1 -
 crates/local-store/Cargo.toml                 |  23 ++
 .../src/lib.rs}                               |  63 +++---
 crates/worker/Cargo.lock                      |   1 -
 desktop/src-tauri/Cargo.lock                  |  11 +-
 desktop/src-tauri/Cargo.toml                  |   1 +
 desktop/src-tauri/src/app/handoff.rs          |   4 +-
 desktop/src-tauri/src/app/launch_route.rs     |   2 +-
 desktop/src-tauri/src/app/vector.rs           |   2 +-
 rustfmt.toml                                  |   2 +
 25 files changed, 303 insertions(+), 176 deletions(-)
 create mode 100644 crates/local-store/Cargo.toml
 rename crates/{core/src/object_store.rs => local-store/src/lib.rs} (72%)
 create mode 100644 rustfmt.toml

diff --git a/Cargo.lock b/Cargo.lock
index 4d131ecf..1110934d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2171,6 +2171,7 @@ dependencies = [
  "opensession-core",
  "opensession-git-native",
  "opensession-local-db",
+ "opensession-local-store",
  "opensession-parsers",
  "opensession-runtime-config",
  "opensession-summary",
@@ -2229,8 +2230,6 @@ dependencies = [
  "regex",
  "serde",
  "serde_json",
- "sha2",
- "tempfile",
  "thiserror 2.0.18",
  "urlencoding",
  "uuid",
@@ -2313,6 +2312,16 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "opensession-local-store"
+version = "0.2.34"
+dependencies = [
+ "opensession-core",
+ "sha2",
+ "tempfile",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "opensession-parsers"
 version = "0.2.34"
diff --git a/Cargo.toml b/Cargo.toml
index 828557a7..2273ed94 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -2,6 +2,7 @@
 resolver = "3"
 members = [
     "crates/core",
+    "crates/local-store",
     "crates/runtime-config",
     "crates/summary",
     "crates/parsers",
@@ -16,6 +17,7 @@ members = [
 ]
 default-members = [
     "crates/core",
+    "crates/local-store",
     "crates/runtime-config",
     "crates/summary",
     "crates/parsers",
@@ -54,6 +56,7 @@ authors = ["opensession.io contributors"]
 
 [workspace.dependencies]
 opensession-core = { version = "0.2.34", path = "crates/core" }
+opensession-local-store = { version = "0.2.34", path = "crates/local-store" }
 opensession-runtime-config = { version = "0.2.34", path = "crates/runtime-config" }
 opensession-summary = { version = "0.2.34", path = "crates/summary" }
 opensession-parsers = { version = "0.2.34", path = "crates/parsers" }
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 0ed79950..5f1f8e35 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -27,6 +27,7 @@ workspace = true
 
 [dependencies]
 opensession-core = { workspace = true }
+opensession-local-store = { workspace = true }
 opensession-runtime-config = { workspace = true }
 opensession-summary = { workspace = true }
 opensession-parsers = { workspace = true }
diff --git a/crates/cli/src/cat_cmd.rs b/crates/cli/src/cat_cmd.rs
index 08c43975..25b2e614 100644
--- a/crates/cli/src/cat_cmd.rs
+++ b/crates/cli/src/cat_cmd.rs
@@ -1,7 +1,7 @@
 use anyhow::{Context, Result};
 use clap::Args;
-use opensession_core::object_store::read_local_object_from_uri;
 use opensession_core::source_uri::SourceUri;
+use opensession_local_store::read_local_object_from_uri;
 
 #[derive(Debug, Clone, Args)]
 pub struct CatArgs {
diff --git a/crates/cli/src/config_cmd.rs b/crates/cli/src/config_cmd.rs
index c3dc42c1..5655a828 100644
--- a/crates/cli/src/config_cmd.rs
+++ b/crates/cli/src/config_cmd.rs
@@ -399,8 +399,7 @@ fn run_summary(action: SummaryConfigAction) -> Result<()> {
 }
 
 fn config_path(cwd: &Path) -> Result<PathBuf> {
-    let root =
-        opensession_core::object_store::find_repo_root(cwd).unwrap_or_else(|| cwd.to_path_buf());
+    let root = opensession_local_store::find_repo_root(cwd).unwrap_or_else(|| cwd.to_path_buf());
     Ok(root.join(".opensession").join("config.toml"))
 }
 
diff --git a/crates/cli/src/handoff.rs b/crates/cli/src/handoff.rs
index 6df0a889..5db62809 100644
--- a/crates/cli/src/handoff.rs
+++ b/crates/cli/src/handoff.rs
@@ -2,23 +2,25 @@ use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 use std::process::{Command, Stdio};
 
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
+use opensession_core::Session;
 use opensession_core::handoff::{
-    generate_handoff_markdown_v2, generate_merged_handoff_markdown_v2, merge_summaries,
-    validate_handoff_summaries, HandoffSummary, HandoffValidationReport,
+    HandoffSummary, HandoffValidationReport, generate_handoff_markdown_v2,
+    generate_merged_handoff_markdown_v2, merge_summaries, validate_handoff_summaries,
 };
 use opensession_core::handoff_artifact::{
-    sort_sessions_time_asc, source_from_session, HandoffArtifact, HandoffPayloadFormat,
-    HANDOFF_ARTIFACT_VERSION, HANDOFF_MERGE_POLICY_TIME_ASC,
+    HANDOFF_ARTIFACT_VERSION, HANDOFF_MERGE_POLICY_TIME_ASC, HandoffArtifact,
+    HandoffArtifactSource, HandoffPayloadFormat, HandoffSourceStaleReason, SourceFingerprint,
+    sort_sessions_time_asc, source_from_session,
 };
-use opensession_core::Session;
 use opensession_git_native::{
     artifact_ref_name, list_handoff_artifact_refs, load_handoff_artifact, ops,
     store_handoff_artifact,
 };
+use opensession_parsers::ParserRegistry;
 use opensession_parsers::discover::discover_sessions;
-use opensession_parsers::{all_parsers, SessionParser};
 use std::io::{IsTerminal, Write};
+use std::time::UNIX_EPOCH;
 
 #[derive(Debug, Clone)]
 struct ResolvedSession {
@@ -122,7 +124,7 @@ pub async fn run_handoff_save(
             "artifact_id": artifact.artifact_id,
             "ref": ref_name,
             "source_count": artifact.sources.len(),
-            "stale": artifact.is_stale(),
+            "stale": artifact_is_stale(&artifact),
         }))?
     );
     Ok(())
@@ -140,7 +142,7 @@ pub async fn run_handoff_artifact_list() -> Result<()> {
             "created_at": artifact.created_at,
             "payload_format": artifact.payload_format,
             "source_count": artifact.sources.len(),
-            "stale": artifact.is_stale(),
+            "stale": artifact_is_stale(&artifact),
         }));
     }
     println!("{}", serde_json::to_string_pretty(&rows)?);
@@ -150,7 +152,7 @@ pub async fn run_handoff_artifact_list() -> Result<()> {
 pub async fn run_handoff_artifact_show(id_or_ref: &str) -> Result<()> {
     let repo_root = resolve_repo_root()?;
     let artifact = load_artifact(&repo_root, id_or_ref)?;
-    let stale_reasons = artifact.stale_reasons();
+    let stale_reasons = stale_reasons(&artifact);
     let output = serde_json::json!({
         "artifact": artifact,
         "stale": !stale_reasons.is_empty(),
@@ -167,7 +169,7 @@ pub async fn run_handoff_artifact_refresh(id_or_ref: &str) -> Result<()> {
         bail!("Artifact has no source files to refresh.");
     }
 
-    let stale_reasons = artifact.stale_reasons();
+    let stale_reasons = stale_reasons(&artifact);
     if stale_reasons.is_empty() {
         println!(
             "{}",
@@ -182,13 +184,13 @@ pub async fn run_handoff_artifact_refresh(id_or_ref: &str) -> Result<()> {
     }
 
     let mut resolved = Vec::new();
-    let parsers = all_parsers();
+    let registry = ParserRegistry::default();
     for source in &artifact.sources {
         let path = PathBuf::from(&source.source_path);
         if !path.exists() {
             continue;
         }
-        let session = parse_file(&parsers, &path)?;
+        let session = parse_file(&registry, &path)?;
         resolved.push(ResolvedSession {
             session,
             source_path: Some(path),
@@ -218,7 +220,7 @@ pub async fn run_handoff_artifact_refresh(id_or_ref: &str) -> Result<()> {
             "ref": ref_name,
             "refreshed": true,
             "stale_before": stale_reasons.len(),
-            "stale_after": artifact.is_stale(),
+            "stale_after": artifact_is_stale(&artifact),
         }))?
     );
     Ok(())
@@ -264,6 +266,61 @@ fn load_artifact(repo_root: &Path, id_or_ref: &str) -> Result<HandoffArtifact> {
     Ok(artifact)
 }
 
+fn artifact_is_stale(artifact: &HandoffArtifact) -> bool {
+    !stale_reasons(artifact).is_empty()
+}
+
+fn stale_reasons(artifact: &HandoffArtifact) -> Vec<HandoffSourceStaleReason> {
+    let mut reasons = Vec::new();
+    for source in &artifact.sources {
+        let path = Path::new(&source.source_path);
+        let current = match source_fingerprint(path) {
+            Ok(fingerprint) => fingerprint,
+            Err(error) if error.kind() == std::io::ErrorKind::NotFound => {
+                reasons.push(HandoffSourceStaleReason {
+                    session_id: source.session_id.clone(),
+                    source_path: source.source_path.clone(),
+                    reason: "missing_source_file".to_string(),
+                });
+                continue;
+            }
+            Err(_) => {
+                reasons.push(HandoffSourceStaleReason {
+                    session_id: source.session_id.clone(),
+                    source_path: source.source_path.clone(),
+                    reason: "unreadable_source_file".to_string(),
+                });
+                continue;
+            }
+        };
+
+        if current.mtime_ms != source.source_mtime_ms || current.size != source.source_size {
+            reasons.push(HandoffSourceStaleReason {
+                session_id: source.session_id.clone(),
+                source_path: source.source_path.clone(),
+                reason: "source_fingerprint_changed".to_string(),
+            });
+        }
+    }
+
+    reasons
+}
+
+fn source_fingerprint(path: &Path) -> std::io::Result<SourceFingerprint> {
+    let metadata = std::fs::metadata(path)?;
+    let mtime_ms = metadata
+        .modified()
+        .ok()
+        .and_then(|value| value.duration_since(UNIX_EPOCH).ok())
+        .map(|duration| duration.as_millis() as u64)
+        .unwrap_or(0);
+
+    Ok(SourceFingerprint {
+        mtime_ms,
+        size: metadata.len(),
+    })
+}
+
 fn build_artifact_from_resolved(
     artifact_id: Option<&str>,
     payload_format: HandoffPayloadFormat,
@@ -311,7 +368,9 @@ fn build_artifact_from_resolved(
         if !path.exists() {
             continue;
         }
-        if let Ok(source) = source_from_session(&item.session, &path) {
+        if let Ok(fingerprint) = source_fingerprint(&path) {
+            let source =
+                source_from_session(&item.session, path.to_string_lossy().into_owned(), fingerprint);
             sources.push(source);
         }
     }
@@ -527,9 +586,9 @@ fn resolve_sessions_with_sources(
     gemini: Option<&str>,
     tool_refs: &[String],
 ) -> Result<Vec<ResolvedSession>> {
-    use crate::session_ref::{tool_flag_to_name, SessionRef};
+    use crate::session_ref::{SessionRef, tool_flag_to_name};
 
-    let parsers = all_parsers();
+    let registry = ParserRegistry::default();
 
     // If explicit files are given, parse them all
     if !files.is_empty() {
@@ -538,7 +597,7 @@ fn resolve_sessions_with_sources(
             if !file.exists() {
                 bail!("File not found: {}", file.display());
             }
-            let session = parse_file(&parsers, file)?;
+            let session = parse_file(&registry, file)?;
             sessions.push(ResolvedSession {
                 session,
                 source_path: Some(file.clone()),
@@ -575,7 +634,7 @@ fn resolve_sessions_with_sources(
             match sref {
                 SessionRef::File(path) => {
                     sessions.push(ResolvedSession {
-                        session: parse_file(&parsers, path)?,
+                        session: parse_file(&registry, path)?,
                         source_path: Some(path.clone()),
                     });
                 }
@@ -588,7 +647,7 @@ fn resolve_sessions_with_sources(
                             .with_context(|| format!("Session {} has no source_path", row.id))?;
                         let path = PathBuf::from(source);
                         sessions.push(ResolvedSession {
-                            session: parse_file(&parsers, &path)?,
+                            session: parse_file(&registry, &path)?,
                             source_path: Some(path),
                         });
                     }
@@ -604,20 +663,15 @@ fn resolve_sessions_with_sources(
     let mut sessions = Vec::new();
     for path in resolved {
         sessions.push(ResolvedSession {
-            session: parse_file(&parsers, &path)?,
+            session: parse_file(&registry, &path)?,
             source_path: Some(path),
         });
     }
     Ok(sessions)
 }
 
-fn parse_file(parsers: &[Box<dyn SessionParser>], file: &Path) -> Result<Session> {
-    let parser: Option<&dyn SessionParser> = parsers
-        .iter()
-        .find(|p| p.can_parse(file))
-        .map(|p| p.as_ref());
-
-    let parser = match parser {
+fn parse_file(registry: &ParserRegistry, file: &Path) -> Result<Session> {
+    let parser = match registry.parser_for_path(file) {
         Some(p) => p,
         None => bail!(
             "No parser found for file: {}\nSupported formats: Claude Code (.jsonl), Codex (.jsonl), OpenCode (.json), Cline, Amp, Cursor, Gemini",
@@ -771,10 +825,12 @@ fn collect_all_session_paths() -> Result<Vec<(PathBuf, String)>> {
 #[cfg(test)]
 mod tests {
     use super::{
-        has_error_findings, parse_last_count, populate_prompt, select_existing_session_paths,
-        write_handoff_to_writer, PopulateProvider, PopulateSpec,
+        HandoffArtifact, HandoffArtifactSource, HandoffPayloadFormat, HandoffSourceStaleReason,
+        PopulateProvider, PopulateSpec, SourceFingerprint, artifact_is_stale, has_error_findings,
+        parse_last_count, populate_prompt, select_existing_session_paths, source_fingerprint,
+        stale_reasons, write_handoff_to_writer,
     };
-    use opensession_core::handoff::{format_duration, generate_handoff_markdown, HandoffSummary};
+    use opensession_core::handoff::{HandoffSummary, format_duration, generate_handoff_markdown};
     use opensession_core::handoff::{HandoffValidationReport, ValidationFinding};
     use opensession_core::testing;
     use opensession_core::{Agent, Event, EventType, Session, Stats};
@@ -1010,4 +1066,87 @@ mod tests {
         assert_eq!(selected[0], path_a);
         assert_eq!(selected[1], path_b);
     }
+
+    fn make_artifact(source: HandoffArtifactSource) -> HandoffArtifact {
+        HandoffArtifact {
+            version: "1".to_string(),
+            artifact_id: "artifact-1".to_string(),
+            created_at: chrono::Utc::now(),
+            merge_policy: "time_asc".to_string(),
+            sources: vec![source],
+            payload_format: HandoffPayloadFormat::Json,
+            payload: serde_json::json!([]),
+            derived_markdown: None,
+        }
+    }
+
+    #[test]
+    fn test_stale_reasons_detects_missing_source_file() {
+        let artifact = make_artifact(HandoffArtifactSource {
+            session_id: "s1".to_string(),
+            tool: "codex".to_string(),
+            model: "gpt-5".to_string(),
+            source_path: "/definitely/missing/session.jsonl".to_string(),
+            source_mtime_ms: 0,
+            source_size: 0,
+        });
+
+        let reasons = stale_reasons(&artifact);
+        assert_eq!(reasons.len(), 1);
+        assert_eq!(
+            reasons[0],
+            HandoffSourceStaleReason {
+                session_id: "s1".to_string(),
+                source_path: "/definitely/missing/session.jsonl".to_string(),
+                reason: "missing_source_file".to_string(),
+            }
+        );
+        assert!(artifact_is_stale(&artifact));
+    }
+
+    #[test]
+    fn test_stale_reasons_detects_fingerprint_changes() {
+        let tmp = tempfile::tempdir().unwrap();
+        let path = tmp.path().join("session.jsonl");
+        std::fs::write(&path, b"before").unwrap();
+        let fingerprint = source_fingerprint(&path).unwrap();
+        let artifact = make_artifact(HandoffArtifactSource {
+            session_id: "s1".to_string(),
+            tool: "codex".to_string(),
+            model: "gpt-5".to_string(),
+            source_path: path.to_string_lossy().into_owned(),
+            source_mtime_ms: fingerprint.mtime_ms,
+            source_size: fingerprint.size,
+        });
+
+        std::thread::sleep(std::time::Duration::from_millis(5));
+        std::fs::write(&path, b"after-after").unwrap();
+
+        let reasons = stale_reasons(&artifact);
+        assert_eq!(reasons.len(), 1);
+        assert_eq!(reasons[0].reason, "source_fingerprint_changed");
+        assert!(artifact_is_stale(&artifact));
+    }
+
+    #[test]
+    fn test_source_fingerprint_and_source_from_session_round_trip() {
+        let tmp = tempfile::tempdir().unwrap();
+        let path = tmp.path().join("session.jsonl");
+        std::fs::write(&path, b"payload").unwrap();
+
+        let fingerprint = source_fingerprint(&path).unwrap();
+        let session = Session::new("session-1".to_string(), make_agent());
+        let source = opensession_core::handoff_artifact::source_from_session(
+            &session,
+            path.to_string_lossy().into_owned(),
+            SourceFingerprint {
+                mtime_ms: fingerprint.mtime_ms,
+                size: fingerprint.size,
+            },
+        );
+
+        assert_eq!(source.session_id, "session-1");
+        assert_eq!(source.source_size, fingerprint.size);
+        assert_eq!(source.source_mtime_ms, fingerprint.mtime_ms);
+    }
 }
diff --git a/crates/cli/src/handoff_v1.rs b/crates/cli/src/handoff_v1.rs
index bfc5625f..ed28c303 100644
--- a/crates/cli/src/handoff_v1.rs
+++ b/crates/cli/src/handoff_v1.rs
@@ -2,12 +2,12 @@ use anyhow::{Context, Result, bail};
 use clap::{Args, Subcommand, ValueEnum};
 use opensession_core::Session;
 use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
-use opensession_core::object_store::{
-    find_repo_root, global_store_root, read_local_object_from_uri, sha256_hex, store_local_object,
-};
 use opensession_core::source_uri::SourceUri;
 use opensession_core::validate::validate_session;
 use opensession_local_db::{LocalDb, LocalSessionFilter};
+use opensession_local_store::{
+    find_repo_root, global_store_root, read_local_object_from_uri, sha256_hex, store_local_object,
+};
 use serde::{Deserialize, Serialize};
 use std::collections::{BTreeMap, BTreeSet};
 use std::path::{Path, PathBuf};
@@ -390,7 +390,8 @@ fn parse_session_input(path: &Path) -> Result<Session> {
         return Ok(session);
     }
 
-    if let Some(session) = opensession_parsers::parse_with_default_parsers(path)
+    if let Some(session) = opensession_parsers::ParserRegistry::default()
+        .parse_path(path)
         .with_context(|| format!("parse {}", path.display()))?
     {
         return Ok(session);
diff --git a/crates/cli/src/inspect.rs b/crates/cli/src/inspect.rs
index 7fc54500..42d06705 100644
--- a/crates/cli/src/inspect.rs
+++ b/crates/cli/src/inspect.rs
@@ -2,8 +2,8 @@ use crate::handoff_v1::{load_artifact_by_hash, resolve_artifact_hash};
 use anyhow::{Context, Result};
 use clap::Args;
 use opensession_core::Session;
-use opensession_core::object_store::read_local_object_from_uri;
 use opensession_core::source_uri::SourceUri;
+use opensession_local_store::read_local_object_from_uri;
 
 #[derive(Debug, Clone, Args)]
 pub struct InspectArgs {
diff --git a/crates/cli/src/register.rs b/crates/cli/src/register.rs
index ae7ca649..af4d609c 100644
--- a/crates/cli/src/register.rs
+++ b/crates/cli/src/register.rs
@@ -2,7 +2,7 @@ use crate::user_guidance::{guided_error, guided_error_with_doc};
 use anyhow::{Context, Result, bail};
 use clap::Args;
 use opensession_core::Session;
-use opensession_core::object_store::store_local_object;
+use opensession_local_store::store_local_object;
 use std::path::PathBuf;
 
 #[derive(Debug, Clone, Args)]
diff --git a/crates/cli/src/share.rs b/crates/cli/src/share.rs
index 61cba945..e123c4fb 100644
--- a/crates/cli/src/share.rs
+++ b/crates/cli/src/share.rs
@@ -3,8 +3,8 @@ use crate::config_cmd::load_repo_config;
 use crate::user_guidance::guided_error;
 use anyhow::{Context, Result, bail};
 use clap::Args;
-use opensession_core::object_store::{find_repo_root, read_local_object_from_uri};
 use opensession_core::source_uri::{SourceSpec, SourceUri};
+use opensession_local_store::{find_repo_root, read_local_object_from_uri};
 use std::fs::OpenOptions;
 use std::io::{self, IsTerminal, Write};
 use std::path::{Path, PathBuf};
diff --git a/crates/cli/src/summary_cmd.rs b/crates/cli/src/summary_cmd.rs
index e2dbead2..2eb99ee8 100644
--- a/crates/cli/src/summary_cmd.rs
+++ b/crates/cli/src/summary_cmd.rs
@@ -4,7 +4,8 @@ use clap::{Args, Subcommand};
 use opensession_core::session::working_directory;
 use opensession_git_native::extract_git_context;
 use opensession_local_db::{LocalDb, SessionSemanticSummaryUpsert};
-use opensession_parsers::parse_with_default_parsers;
+use opensession_local_store::find_repo_root;
+use opensession_parsers::ParserRegistry;
 use opensession_summary::{
     GitSummaryRequest, SemanticSummaryArtifact, summarize_git_commit, summarize_git_working_tree,
     summarize_session,
@@ -109,13 +110,15 @@ fn run_show(session_id: &str) -> Result<()> {
 async fn run_generate(args: SummaryRunArgs) -> Result<()> {
     let runtime = load_runtime_config().context("load runtime config")?;
     let settings = &runtime.summary;
+    let parser_registry = ParserRegistry::default();
 
     if let Some(file) = args.file.as_deref() {
         let artifact = run_from_file(file, settings).await?;
         println!("{}", serde_json::to_string_pretty(&artifact)?);
 
         if !args.no_store && settings.persists_to_local_db() {
-            let session = parse_with_default_parsers(file)
+            let session = parser_registry
+                .parse_path(file)
                 .with_context(|| format!("parse session file {}", file.display()))?
                 .ok_or_else(|| anyhow!("unsupported session source format"))?;
             let db = LocalDb::open().context("open local db")?;
@@ -148,13 +151,14 @@ async fn run_from_file(
     path: &Path,
     settings: &opensession_runtime_config::SummarySettings,
 ) -> Result<SemanticSummaryArtifact> {
-    let session = parse_with_default_parsers(path)
+    let session = ParserRegistry::default()
+        .parse_path(path)
         .with_context(|| format!("parse session file {}", path.display()))?
         .ok_or_else(|| anyhow!("unsupported session source format"))?;
 
     let git_request = if settings.allows_git_changes_fallback() {
         working_directory(&session)
-            .and_then(|cwd| opensession_core::object_store::find_repo_root(Path::new(cwd)))
+            .and_then(|cwd| find_repo_root(Path::new(cwd)))
             .map(|repo_root| GitSummaryRequest {
                 repo_root,
                 commit: working_directory(&session).and_then(|cwd| extract_git_context(cwd).commit),
diff --git a/crates/cli/src/url_opener.rs b/crates/cli/src/url_opener.rs
index 2170b6b0..4ea10cd7 100644
--- a/crates/cli/src/url_opener.rs
+++ b/crates/cli/src/url_opener.rs
@@ -1,6 +1,6 @@
 use crate::open_target::{OpenTarget, read_repo_open_target};
 use anyhow::{Context, Result, anyhow, bail};
-use opensession_core::object_store::global_store_root;
+use opensession_local_store::global_store_root;
 use reqwest::Url;
 use std::fs;
 use std::path::{Path, PathBuf};
diff --git a/crates/cli/src/view.rs b/crates/cli/src/view.rs
index a63a4c39..7ea97873 100644
--- a/crates/cli/src/view.rs
+++ b/crates/cli/src/view.rs
@@ -11,9 +11,9 @@ use opensession_api::{
 };
 use opensession_core::{
     Session,
-    object_store::read_local_object_from_uri,
     source_uri::{SourceSpec, SourceUri},
 };
+use opensession_local_store::read_local_object_from_uri;
 use reqwest::Url;
 use serde::Deserialize;
 use std::collections::{HashMap, HashSet};
diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml
index a6fa5da6..172a5d5a 100644
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@@ -26,7 +26,3 @@ thiserror = { workspace = true }
 regex = { workspace = true }
 base64 = { workspace = true }
 urlencoding = { workspace = true }
-sha2 = { workspace = true }
-
-[dev-dependencies]
-tempfile = { workspace = true }
diff --git a/crates/core/src/handoff_artifact.rs b/crates/core/src/handoff_artifact.rs
index f6e535dd..3093ec82 100644
--- a/crates/core/src/handoff_artifact.rs
+++ b/crates/core/src/handoff_artifact.rs
@@ -1,6 +1,4 @@
 use std::cmp::Ordering;
-use std::path::Path;
-use std::time::UNIX_EPOCH;
 
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
@@ -49,16 +47,6 @@ pub struct HandoffArtifact {
     pub derived_markdown: Option<String>,
 }
 
-impl HandoffArtifact {
-    pub fn stale_reasons(&self) -> Vec<HandoffSourceStaleReason> {
-        stale_reasons(&self.sources)
-    }
-
-    pub fn is_stale(&self) -> bool {
-        !self.stale_reasons().is_empty()
-    }
-}
-
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 pub struct HandoffSourceStaleReason {
     pub session_id: String,
@@ -94,76 +82,19 @@ pub fn sort_sessions_time_asc(sessions: &mut [Session]) {
     });
 }
 
-pub fn source_fingerprint(path: &Path) -> std::io::Result<SourceFingerprint> {
-    let metadata = std::fs::metadata(path)?;
-    let mtime_ms = metadata
-        .modified()
-        .ok()
-        .and_then(|value| value.duration_since(UNIX_EPOCH).ok())
-        .map(|duration| duration.as_millis() as u64)
-        .unwrap_or(0);
-    Ok(SourceFingerprint {
-        mtime_ms,
-        size: metadata.len(),
-    })
-}
-
 pub fn source_from_session(
     session: &Session,
-    source_path: &Path,
-) -> std::io::Result<HandoffArtifactSource> {
-    let fp = source_fingerprint(source_path)?;
-    Ok(HandoffArtifactSource {
+    source_path: impl Into<String>,
+    fingerprint: SourceFingerprint,
+) -> HandoffArtifactSource {
+    HandoffArtifactSource {
         session_id: session.session_id.clone(),
         tool: session.agent.tool.clone(),
         model: session.agent.model.clone(),
-        source_path: source_path.to_string_lossy().into_owned(),
-        source_mtime_ms: fp.mtime_ms,
-        source_size: fp.size,
-    })
-}
-
-pub fn stale_reasons(sources: &[HandoffArtifactSource]) -> Vec<HandoffSourceStaleReason> {
-    let mut reasons = Vec::new();
-    for source in sources {
-        let path = Path::new(&source.source_path);
-        let metadata = match std::fs::metadata(path) {
-            Ok(metadata) => metadata,
-            Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
-                reasons.push(HandoffSourceStaleReason {
-                    session_id: source.session_id.clone(),
-                    source_path: source.source_path.clone(),
-                    reason: "missing_source_file".to_string(),
-                });
-                continue;
-            }
-            Err(_) => {
-                reasons.push(HandoffSourceStaleReason {
-                    session_id: source.session_id.clone(),
-                    source_path: source.source_path.clone(),
-                    reason: "unreadable_source_file".to_string(),
-                });
-                continue;
-            }
-        };
-
-        let current_mtime_ms = metadata
-            .modified()
-            .ok()
-            .and_then(|value| value.duration_since(UNIX_EPOCH).ok())
-            .map(|duration| duration.as_millis() as u64)
-            .unwrap_or(0);
-        let current_size = metadata.len();
-
-        if current_mtime_ms != source.source_mtime_ms || current_size != source.source_size {
-            reasons.push(HandoffSourceStaleReason {
-                session_id: source.session_id.clone(),
-                source_path: source.source_path.clone(),
-                reason: "source_fingerprint_changed".to_string(),
-            });
-        }
+        source_path: source_path.into(),
+        source_mtime_ms: fingerprint.mtime_ms,
+        source_size: fingerprint.size,
     }
-    reasons
 }
 
 #[cfg(test)]
@@ -202,23 +133,21 @@ mod tests {
     }
 
     #[test]
-    fn stale_reasons_detects_fingerprint_changes() {
-        let temp_path = std::env::temp_dir().join(format!(
-            "opensession-handoff-artifact-{}.jsonl",
-            Utc::now().timestamp_nanos_opt().unwrap_or_default()
-        ));
-        std::fs::write(&temp_path, b"before").expect("write temp file");
-
+    fn source_from_session_preserves_supplied_fingerprint() {
         let mut session = Session::new("session-1".to_string(), testing::agent());
         session.context.created_at = Utc::now();
-        let source = source_from_session(&session, &temp_path).expect("source fingerprint");
-        assert!(stale_reasons(std::slice::from_ref(&source)).is_empty());
-
-        std::fs::write(&temp_path, b"after-after").expect("rewrite temp file");
-        let reasons = stale_reasons(&[source]);
-        assert_eq!(reasons.len(), 1);
-        assert_eq!(reasons[0].reason, "source_fingerprint_changed");
+        let source = source_from_session(
+            &session,
+            "/tmp/session.jsonl",
+            SourceFingerprint {
+                mtime_ms: 42,
+                size: 128,
+            },
+        );
 
-        let _ = std::fs::remove_file(&temp_path);
+        assert_eq!(source.session_id, "session-1");
+        assert_eq!(source.source_path, "/tmp/session.jsonl");
+        assert_eq!(source.source_mtime_ms, 42);
+        assert_eq!(source.source_size, 128);
     }
 }
diff --git a/crates/core/src/lib.rs b/crates/core/src/lib.rs
index 51932854..e07cfb3f 100644
--- a/crates/core/src/lib.rs
+++ b/crates/core/src/lib.rs
@@ -3,7 +3,6 @@ pub mod extract;
 pub mod handoff;
 pub mod handoff_artifact;
 pub mod jsonl;
-pub mod object_store;
 pub mod sanitize;
 pub mod scoring;
 pub mod session;
diff --git a/crates/local-store/Cargo.toml b/crates/local-store/Cargo.toml
new file mode 100644
index 00000000..c107c376
--- /dev/null
+++ b/crates/local-store/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "opensession-local-store"
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+repository.workspace = true
+description = "Local source object storage helpers for OpenSession"
+include = ["src/**/*.rs", "Cargo.toml", "LICENSE", "README.md"]
+
+[lib]
+doctest = false
+
+[lints]
+workspace = true
+
+[dependencies]
+opensession-core = { workspace = true }
+sha2 = { workspace = true }
+thiserror = { workspace = true }
+
+[dev-dependencies]
+tempfile = { workspace = true }
diff --git a/crates/core/src/object_store.rs b/crates/local-store/src/lib.rs
similarity index 72%
rename from crates/core/src/object_store.rs
rename to crates/local-store/src/lib.rs
index e7d35fef..23902c89 100644
--- a/crates/core/src/object_store.rs
+++ b/crates/local-store/src/lib.rs
@@ -1,4 +1,4 @@
-use crate::source_uri::{SourceSpec, SourceUri, SourceUriError};
+use opensession_core::source_uri::{SourceSpec, SourceUri, SourceUriError};
 use sha2::{Digest, Sha256};
 use std::path::{Path, PathBuf};
 
@@ -11,7 +11,7 @@ pub struct StoredObject {
 }
 
 #[derive(Debug, thiserror::Error)]
-pub enum ObjectStoreError {
+pub enum LocalStoreError {
     #[error("could not determine home directory")]
     HomeUnavailable,
     #[error("invalid hash: {0}")]
@@ -35,7 +35,7 @@ pub fn sha256_hex(bytes: &[u8]) -> String {
     out
 }
 
-pub fn store_local_object(bytes: &[u8], cwd: &Path) -> Result<StoredObject, ObjectStoreError> {
+pub fn store_local_object(bytes: &[u8], cwd: &Path) -> Result<StoredObject, LocalStoreError> {
     let sha256 = sha256_hex(bytes);
     validate_hash(&sha256)?;
     let root = default_store_root(cwd)?;
@@ -59,7 +59,7 @@ pub fn store_local_object(bytes: &[u8], cwd: &Path) -> Result<StoredObject, Obje
 pub fn read_local_object(
     hash: &str,
     cwd: &Path,
-) -> Result<(SourceUri, PathBuf, Vec<u8>), ObjectStoreError> {
+) -> Result<(SourceUri, PathBuf, Vec<u8>), LocalStoreError> {
     validate_hash(hash)?;
     for root in candidate_roots(cwd)? {
         let path = object_path(&root, hash)?;
@@ -74,32 +74,32 @@ pub fn read_local_object(
             ));
         }
     }
-    Err(ObjectStoreError::NotFound(hash.to_string()))
+    Err(LocalStoreError::NotFound(hash.to_string()))
 }
 
 pub fn read_local_object_from_uri(
     uri: &SourceUri,
     cwd: &Path,
-) -> Result<(PathBuf, Vec<u8>), ObjectStoreError> {
-    let hash = uri.as_local_hash().ok_or_else(|| {
-        ObjectStoreError::NotFound("uri is not a local source object".to_string())
-    })?;
+) -> Result<(PathBuf, Vec<u8>), LocalStoreError> {
+    let hash = uri
+        .as_local_hash()
+        .ok_or_else(|| LocalStoreError::NotFound("uri is not a local source object".to_string()))?;
     let (_uri, path, bytes) = read_local_object(hash, cwd)?;
     Ok((path, bytes))
 }
 
-pub fn default_store_root(cwd: &Path) -> Result<PathBuf, ObjectStoreError> {
+fn default_store_root(cwd: &Path) -> Result<PathBuf, LocalStoreError> {
     if let Some(repo_root) = find_repo_root(cwd) {
         return Ok(repo_root.join(".opensession").join("objects"));
     }
     global_store_root()
 }
 
-pub fn global_store_root() -> Result<PathBuf, ObjectStoreError> {
+pub fn global_store_root() -> Result<PathBuf, LocalStoreError> {
     let home = std::env::var("HOME")
         .or_else(|_| std::env::var("USERPROFILE"))
         .map(PathBuf::from)
-        .map_err(|_| ObjectStoreError::HomeUnavailable)?;
+        .map_err(|_| LocalStoreError::HomeUnavailable)?;
     Ok(home
         .join(".local")
         .join("share")
@@ -107,7 +107,7 @@ pub fn global_store_root() -> Result<PathBuf, ObjectStoreError> {
         .join("objects"))
 }
 
-pub fn object_path(root: &Path, hash: &str) -> Result<PathBuf, ObjectStoreError> {
+fn object_path(root: &Path, hash: &str) -> Result<PathBuf, LocalStoreError> {
     validate_hash(hash)?;
     Ok(root
         .join("sha256")
@@ -116,7 +116,7 @@ pub fn object_path(root: &Path, hash: &str) -> Result<PathBuf, ObjectStoreError>
         .join(format!("{hash}.jsonl")))
 }
 
-pub fn candidate_roots(cwd: &Path) -> Result<Vec<PathBuf>, ObjectStoreError> {
+pub fn candidate_roots(cwd: &Path) -> Result<Vec<PathBuf>, LocalStoreError> {
     let mut roots = Vec::new();
     if let Some(repo_root) = find_repo_root(cwd) {
         roots.push(repo_root.join(".opensession").join("objects"));
@@ -141,18 +141,20 @@ pub fn find_repo_root(from: &Path) -> Option<PathBuf> {
     }
 }
 
-fn validate_hash(hash: &str) -> Result<(), ObjectStoreError> {
+fn validate_hash(hash: &str) -> Result<(), LocalStoreError> {
     let is_valid = hash.len() == 64 && hash.bytes().all(|b| b.is_ascii_hexdigit());
     if is_valid {
         Ok(())
     } else {
-        Err(ObjectStoreError::InvalidHash(hash.to_string()))
+        Err(LocalStoreError::InvalidHash(hash.to_string()))
     }
 }
 
 #[cfg(test)]
 mod tests {
-    use super::{find_repo_root, object_path, read_local_object, sha256_hex, store_local_object};
+    use super::{
+        LocalStoreError, find_repo_root, read_local_object, sha256_hex, store_local_object,
+    };
     use tempfile::tempdir;
 
     #[test]
@@ -164,13 +166,9 @@ mod tests {
     }
 
     #[test]
-    fn object_path_layout_matches_spec() {
-        let hash = "a".repeat(64);
-        let path = object_path(std::path::Path::new("/tmp/objects"), &hash).expect("path");
-        assert_eq!(
-            path,
-            std::path::PathBuf::from(format!("/tmp/objects/sha256/aa/aa/{hash}.jsonl"))
-        );
+    fn global_store_root_uses_standard_home_fallback() {
+        let root = super::global_store_root().expect("global store root");
+        assert!(root.ends_with("opensession/objects"));
     }
 
     #[test]
@@ -187,6 +185,23 @@ mod tests {
         assert_eq!(uri.to_string(), stored.uri.to_string());
         assert_eq!(path, stored.path);
         assert_eq!(bytes, b"{\"type\":\"header\"}\n");
+        assert!(
+            stored
+                .path
+                .to_string_lossy()
+                .contains("/.opensession/objects/")
+        );
+    }
+
+    #[test]
+    fn read_local_object_returns_not_found_for_missing_hash() {
+        let tmp = tempdir().expect("tempdir");
+        let error = read_local_object(
+            "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+            tmp.path(),
+        )
+        .expect_err("missing object");
+        assert!(matches!(error, LocalStoreError::NotFound(_)));
     }
 
     #[test]
diff --git a/crates/worker/Cargo.lock b/crates/worker/Cargo.lock
index 52a59d91..fe86e7be 100644
--- a/crates/worker/Cargo.lock
+++ b/crates/worker/Cargo.lock
@@ -703,7 +703,6 @@ dependencies = [
  "regex",
  "serde",
  "serde_json",
- "sha2",
  "thiserror",
  "urlencoding",
  "uuid",
diff --git a/desktop/src-tauri/Cargo.lock b/desktop/src-tauri/Cargo.lock
index e4c2a1c4..06979fd5 100644
--- a/desktop/src-tauri/Cargo.lock
+++ b/desktop/src-tauri/Cargo.lock
@@ -3193,7 +3193,6 @@ dependencies = [
  "regex",
  "serde",
  "serde_json",
- "sha2",
  "thiserror 2.0.18",
  "urlencoding",
  "uuid",
@@ -3209,6 +3208,7 @@ dependencies = [
  "opensession-core",
  "opensession-git-native",
  "opensession-local-db",
+ "opensession-local-store",
  "opensession-parsers",
  "opensession-runtime-config",
  "opensession-summary",
@@ -3248,6 +3248,15 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "opensession-local-store"
+version = "0.2.34"
+dependencies = [
+ "opensession-core",
+ "sha2",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "opensession-parsers"
 version = "0.2.34"
diff --git a/desktop/src-tauri/Cargo.toml b/desktop/src-tauri/Cargo.toml
index 23a2afb3..53bad706 100644
--- a/desktop/src-tauri/Cargo.toml
+++ b/desktop/src-tauri/Cargo.toml
@@ -13,6 +13,7 @@ tauri-build = { version = "2", features = [] }
 tauri = { version = "2", features = [] }
 opensession-api = { path = "../../crates/api" }
 opensession-local-db = { path = "../../crates/local-db" }
+opensession-local-store = { path = "../../crates/local-store" }
 opensession-core = { path = "../../crates/core" }
 opensession-parsers = { path = "../../crates/parsers" }
 opensession-runtime-config = { path = "../../crates/runtime-config" }
diff --git a/desktop/src-tauri/src/app/handoff.rs b/desktop/src-tauri/src/app/handoff.rs
index 0bdc606a..92fdcdc9 100644
--- a/desktop/src-tauri/src/app/handoff.rs
+++ b/desktop/src-tauri/src/app/handoff.rs
@@ -4,12 +4,10 @@ use opensession_api::{
     DesktopQuickShareResponse,
 };
 use opensession_core::handoff::{HandoffSummary, validate_handoff_summaries};
-use opensession_core::object_store::{
-    find_repo_root, global_store_root, sha256_hex, store_local_object,
-};
 use opensession_core::session::working_directory;
 use opensession_core::source_uri::SourceUri;
 use opensession_core::trace::Session as HailSession;
+use opensession_local_store::{find_repo_root, global_store_root, sha256_hex, store_local_object};
 use serde::{Deserialize, Serialize};
 use serde_json::json;
 use std::collections::BTreeSet;
diff --git a/desktop/src-tauri/src/app/launch_route.rs b/desktop/src-tauri/src/app/launch_route.rs
index cff7b3c2..8cf65f13 100644
--- a/desktop/src-tauri/src/app/launch_route.rs
+++ b/desktop/src-tauri/src/app/launch_route.rs
@@ -1,5 +1,5 @@
 use crate::{DesktopApiResult, desktop_error};
-use opensession_core::object_store::global_store_root;
+use opensession_local_store::global_store_root;
 use serde_json::json;
 use std::fs;
 use std::path::PathBuf;
diff --git a/desktop/src-tauri/src/app/vector.rs b/desktop/src-tauri/src/app/vector.rs
index 25a4c34d..149fbf41 100644
--- a/desktop/src-tauri/src/app/vector.rs
+++ b/desktop/src-tauri/src/app/vector.rs
@@ -4,9 +4,9 @@ use opensession_api::{
     DesktopVectorSearchProvider, DesktopVectorSearchResponse, DesktopVectorSessionMatch,
     SessionListResponse, SessionSummary,
 };
-use opensession_core::object_store::sha256_hex;
 use opensession_core::trace::Session as HailSession;
 use opensession_local_db::{LocalDb, LocalSessionFilter, VectorChunkUpsert, VectorIndexJobRow};
+use opensession_local_store::sha256_hex;
 use opensession_runtime_config::{DaemonConfig, VectorChunkingMode};
 use serde_json::json;
 use std::collections::HashMap;
diff --git a/rustfmt.toml b/rustfmt.toml
new file mode 100644
index 00000000..f3e454b6
--- /dev/null
+++ b/rustfmt.toml
@@ -0,0 +1,2 @@
+edition = "2024"
+style_edition = "2024"

From 45103ec0edca94ddd5cf8268a00bf57fe4860bbb Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 13:00:34 +0900
Subject: [PATCH 16/30] refactor(parsers): make ParserRegistry the main
 entrypoint

---
 crates/cli/src/index.rs                       |    3 +-
 crates/cli/src/parse_cmd.rs                   |    7 +-
 crates/cli/src/setup_cmd.rs                   | 1423 +------
 crates/cli/src/setup_cmd/branch_sync.rs       |  319 ++
 crates/cli/src/setup_cmd/planning.rs          |  270 ++
 crates/cli/src/setup_cmd/shims.rs             |  105 +
 crates/cli/src/setup_cmd/status.rs            |  421 ++
 crates/cli/src/setup_cmd/validation.rs        |   75 +
 crates/cli/src/stream_push.rs                 |    3 +-
 crates/cli/src/upload.rs                      |    6 +-
 crates/daemon/src/scheduler.rs                | 1602 +-------
 .../daemon/src/scheduler/config_resolution.rs |   48 +
 crates/daemon/src/scheduler/git_retention.rs  |  176 +
 crates/daemon/src/scheduler/helpers.rs        |   43 +
 crates/daemon/src/scheduler/lifecycle.rs      |  172 +
 crates/daemon/src/scheduler/pipeline.rs       |  358 ++
 crates/daemon/src/scheduler/runtime.rs        |  134 +
 crates/daemon/src/scheduler/tests.rs          |  712 ++++
 crates/parsers/src/codex.rs                   | 3498 -----------------
 crates/parsers/src/codex/dedupe.rs            |  222 ++
 crates/parsers/src/codex/detect.rs            |    8 +
 crates/parsers/src/codex/helpers.rs           |  450 +++
 crates/parsers/src/codex/interactive.rs       |  116 +
 crates/parsers/src/codex/metrics.rs           |  167 +
 crates/parsers/src/codex/mod.rs               |   58 +
 crates/parsers/src/codex/parse.rs             |  614 +++
 crates/parsers/src/codex/tests/config.rs      |  214 +
 crates/parsers/src/codex/tests/desktop_a.rs   |  314 ++
 crates/parsers/src/codex/tests/desktop_b.rs   |  564 +++
 crates/parsers/src/codex/tests/interaction.rs |  169 +
 crates/parsers/src/codex/tests/mod.rs         |   19 +
 crates/parsers/src/codex/transform.rs         |  608 +++
 crates/parsers/src/ingest.rs                  |    4 +-
 crates/parsers/src/lib.rs                     |  121 +-
 crates/parsers/tests/cursor_real_db.rs        |    9 +-
 crates/parsers/tests/parser_conformance.rs    |  102 +-
 crates/parsers/tests/real_data.rs             |   27 +-
 crates/server/src/routes/ingest.rs            | 1142 ------
 crates/server/src/routes/ingest/auth.rs       |  111 +
 crates/server/src/routes/ingest/errors.rs     |  111 +
 crates/server/src/routes/ingest/fetch.rs      |  154 +
 crates/server/src/routes/ingest/input.rs      |  157 +
 crates/server/src/routes/ingest/mod.rs        |   87 +
 crates/server/src/routes/ingest/remote.rs     |  304 ++
 crates/server/src/routes/ingest/tests.rs      |  298 ++
 desktop/src-tauri/src/app/session_access.rs   |   13 +-
 46 files changed, 7946 insertions(+), 7592 deletions(-)
 create mode 100644 crates/cli/src/setup_cmd/branch_sync.rs
 create mode 100644 crates/cli/src/setup_cmd/planning.rs
 create mode 100644 crates/cli/src/setup_cmd/shims.rs
 create mode 100644 crates/cli/src/setup_cmd/status.rs
 create mode 100644 crates/cli/src/setup_cmd/validation.rs
 create mode 100644 crates/daemon/src/scheduler/config_resolution.rs
 create mode 100644 crates/daemon/src/scheduler/git_retention.rs
 create mode 100644 crates/daemon/src/scheduler/helpers.rs
 create mode 100644 crates/daemon/src/scheduler/lifecycle.rs
 create mode 100644 crates/daemon/src/scheduler/pipeline.rs
 create mode 100644 crates/daemon/src/scheduler/runtime.rs
 create mode 100644 crates/daemon/src/scheduler/tests.rs
 delete mode 100644 crates/parsers/src/codex.rs
 create mode 100644 crates/parsers/src/codex/dedupe.rs
 create mode 100644 crates/parsers/src/codex/detect.rs
 create mode 100644 crates/parsers/src/codex/helpers.rs
 create mode 100644 crates/parsers/src/codex/interactive.rs
 create mode 100644 crates/parsers/src/codex/metrics.rs
 create mode 100644 crates/parsers/src/codex/mod.rs
 create mode 100644 crates/parsers/src/codex/parse.rs
 create mode 100644 crates/parsers/src/codex/tests/config.rs
 create mode 100644 crates/parsers/src/codex/tests/desktop_a.rs
 create mode 100644 crates/parsers/src/codex/tests/desktop_b.rs
 create mode 100644 crates/parsers/src/codex/tests/interaction.rs
 create mode 100644 crates/parsers/src/codex/tests/mod.rs
 create mode 100644 crates/parsers/src/codex/transform.rs
 delete mode 100644 crates/server/src/routes/ingest.rs
 create mode 100644 crates/server/src/routes/ingest/auth.rs
 create mode 100644 crates/server/src/routes/ingest/errors.rs
 create mode 100644 crates/server/src/routes/ingest/fetch.rs
 create mode 100644 crates/server/src/routes/ingest/input.rs
 create mode 100644 crates/server/src/routes/ingest/mod.rs
 create mode 100644 crates/server/src/routes/ingest/remote.rs
 create mode 100644 crates/server/src/routes/ingest/tests.rs

diff --git a/crates/cli/src/index.rs b/crates/cli/src/index.rs
index 7c68aa18..8e7ac071 100644
--- a/crates/cli/src/index.rs
+++ b/crates/cli/src/index.rs
@@ -3,6 +3,7 @@ use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_git_native::extract_git_context;
 use opensession_local_db::LocalDb;
 use opensession_parsers::discover::discover_sessions;
+use opensession_parsers::ParserRegistry;
 use std::path::Path;
 
 /// Run the index command: discover all local sessions and build/update the local DB index.
@@ -42,7 +43,7 @@ pub fn run_index() -> Result<()> {
 
 /// Index a single session file. Returns Ok(true) if indexed, Ok(false) if skipped.
 fn index_one_file(db: &LocalDb, path: &Path) -> Result<bool> {
-    let session = match opensession_parsers::parse_with_default_parsers(path)? {
+    let session = match ParserRegistry::default().parse_path(path)? {
         Some(session) => session,
         None => return Ok(false),
     };
diff --git a/crates/cli/src/parse_cmd.rs b/crates/cli/src/parse_cmd.rs
index 96f38176..ffb9e28c 100644
--- a/crates/cli/src/parse_cmd.rs
+++ b/crates/cli/src/parse_cmd.rs
@@ -2,7 +2,7 @@ use crate::user_guidance::guided_error;
 use anyhow::{Context, Result};
 use clap::Args;
 use opensession_core::validate::validate_session;
-use opensession_parsers::ingest::{ParseError, preview_parse_bytes};
+use opensession_parsers::{ParseError, ParserRegistry};
 use std::path::PathBuf;
 
 #[derive(Debug, Clone, Args)]
@@ -42,8 +42,9 @@ pub fn run(args: ParseArgs) -> Result<()> {
         .and_then(|value| value.to_str())
         .unwrap_or("session");
 
-    let preview =
-        preview_parse_bytes(filename, &bytes, Some(args.profile.as_str())).map_err(|err| {
+    let preview = ParserRegistry::default()
+        .preview_bytes(filename, &bytes, Some(args.profile.as_str()))
+        .map_err(|err| {
             match err {
                 ParseError::InvalidParserHint { .. }
                 | ParseError::ParserSelectionRequired { .. }
diff --git a/crates/cli/src/setup_cmd.rs b/crates/cli/src/setup_cmd.rs
index 5f3aa928..eb923a74 100644
--- a/crates/cli/src/setup_cmd.rs
+++ b/crates/cli/src/setup_cmd.rs
@@ -1,27 +1,29 @@
-use crate::cleanup_cmd::{self, CleanupDoctorLevel};
-use crate::hooks::{
-    HookInstallAction, HookType, install_hooks_with_report, list_installed_hooks, plan_hook_install,
-};
-use crate::open_target::{OpenTarget, read_repo_open_target, write_repo_open_target};
+use crate::hooks::{HookType, install_hooks_with_report, plan_hook_install};
+use crate::open_target::{OpenTarget, read_repo_open_target};
 use anyhow::{Context, Result, bail};
 use clap::{Args, ValueEnum};
-use opensession_core::Session;
-use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
-use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
-use opensession_git_native::{
-    NativeGitStorage, branch_ledger_ref, extract_git_context, resolve_ledger_branch,
-};
-use opensession_parsers::{discover::discover_sessions, parse_with_default_parsers};
-use opensession_runtime_config::{CONFIG_FILE_NAME, DaemonConfig};
-use std::cmp::Reverse;
-use std::collections::HashSet;
-use std::io::{self, IsTerminal, Write};
-use std::path::{Path, PathBuf};
-use std::process::Command;
+use opensession_git_native::branch_ledger_ref;
+use std::path::Path;
 
-#[path = "setup_cmd/doctor.rs"]
+mod branch_sync;
 mod doctor;
-use doctor::{DoctorLevel, DoctorSummary};
+mod planning;
+mod shims;
+mod status;
+mod validation;
+
+use branch_sync::sync_branch_session_to_hidden_ledger;
+use planning::{
+    ensure_fanout_mode, ensure_open_target, print_applied_setup, print_setup_plan, read_fanout_mode,
+};
+use shims::{install_cli_shims, plan_cli_shims};
+use status::{
+    current_branch, ledger_branch_name, print_daemon_status, print_review_readiness, run_check,
+};
+use validation::{
+    enforce_apply_mode_requirements, is_interactive_terminal, prompt_apply_confirmation,
+    validate_setup_args,
+};
 
 const FANOUT_MODE_GIT_CONFIG_KEY: &str = "opensession.fanout-mode";
 const SYNC_MAX_CANDIDATES: usize = 128;
@@ -116,64 +118,6 @@ impl SetupProfile {
     }
 }
 
-pub fn run(args: SetupArgs) -> Result<()> {
-    if let Some(branch) = args.print_ledger_ref {
-        println!("{}", branch_ledger_ref(&branch));
-        return Ok(());
-    }
-
-    if args.sync_branch_session.is_none() && args.sync_branch_commit.is_some() {
-        bail!("--sync-branch-commit requires --sync-branch-session");
-    }
-
-    if let Some(branch) = args.sync_branch_session {
-        let cwd = std::env::current_dir().context("read current directory")?;
-        let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
-            .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
-        sync_branch_session_to_hidden_ledger(&repo_root, &branch, args.sync_branch_commit)?;
-        return Ok(());
-    }
-
-    if args.print_fanout_mode {
-        let cwd = std::env::current_dir().context("read current directory")?;
-        let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
-            .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
-        let mode = read_fanout_mode(&repo_root)?.unwrap_or(FanoutMode::HiddenRef);
-        println!("{}", mode.as_str());
-        return Ok(());
-    }
-
-    let cwd = std::env::current_dir().context("read current directory")?;
-    let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
-        .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
-
-    validate_setup_args(&args)?;
-    if args.check {
-        return run_check(&repo_root);
-    }
-    run_install(
-        &repo_root,
-        args.yes,
-        args.fanout_mode.map(SetupFanoutMode::as_fanout_mode),
-        args.open_target,
-        args.profile,
-    )
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum ShimInstallAction {
-    InstallNew,
-    ReplaceExisting,
-    KeepExisting,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-struct ShimInstallPlan {
-    name: &'static str,
-    path: PathBuf,
-    action: ShimInstallAction,
-}
-
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 struct FanoutInstallPlan {
     existing: Option<FanoutMode>,
@@ -241,7 +185,7 @@ impl OpenTargetInstallPlan {
             (Some(existing), None) => format!("keep {existing}", existing = existing.as_str()),
             (None, None) => format!(
                 "choose interactively (default: {})",
-                default_open_target_for_profile(profile).as_str()
+                planning::default_open_target_for_profile(profile).as_str()
             ),
         }
     }
@@ -249,29 +193,56 @@ impl OpenTargetInstallPlan {
     fn suggested_target(self, profile: SetupProfile) -> OpenTarget {
         self.requested
             .or(self.existing)
-            .unwrap_or(default_open_target_for_profile(profile))
+            .unwrap_or(planning::default_open_target_for_profile(profile))
     }
 }
 
-fn validate_setup_args(args: &SetupArgs) -> Result<()> {
-    if args.check && args.yes {
-        bail!("`--yes` cannot be used with `--check`");
+pub fn run(args: SetupArgs) -> Result<()> {
+    if let Some(branch) = args.print_ledger_ref {
+        println!("{}", branch_ledger_ref(&branch));
+        return Ok(());
     }
-    if args.check && args.fanout_mode.is_some() {
-        bail!(
-            "`--fanout-mode` requires apply mode. next: run `opensession doctor --fix --yes --profile local --fanout-mode hidden_ref`"
-        );
+
+    if args.sync_branch_session.is_none() && args.sync_branch_commit.is_some() {
+        bail!("--sync-branch-commit requires --sync-branch-session");
     }
-    if args.check && args.open_target.is_some() {
-        bail!(
-            "`--open-target` requires apply mode. next: run `opensession doctor --fix --yes --profile local --open-target web`"
-        );
+
+    if let Some(branch) = args.sync_branch_session {
+        let cwd = std::env::current_dir().context("read current directory")?;
+        let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
+            .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
+        sync_branch_session_to_hidden_ledger(&repo_root, &branch, args.sync_branch_commit)?;
+        return Ok(());
     }
-    Ok(())
+
+    if args.print_fanout_mode {
+        let cwd = std::env::current_dir().context("read current directory")?;
+        let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
+            .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
+        let mode = read_fanout_mode(&repo_root)?.unwrap_or(FanoutMode::HiddenRef);
+        println!("{}", mode.as_str());
+        return Ok(());
+    }
+
+    let cwd = std::env::current_dir().context("read current directory")?;
+    let repo_root = opensession_git_native::ops::find_repo_root(&cwd)
+        .ok_or_else(|| anyhow::anyhow!("current directory is not inside a git repository"))?;
+
+    validate_setup_args(&args)?;
+    if args.check {
+        return run_check(&repo_root);
+    }
+    run_install(
+        &repo_root,
+        args.yes,
+        args.fanout_mode.map(SetupFanoutMode::as_fanout_mode),
+        args.open_target,
+        args.profile,
+    )
 }
 
 fn run_install(
-    repo_root: &PathBuf,
+    repo_root: &Path,
     yes: bool,
     requested_fanout: Option<FanoutMode>,
     requested_open_target: Option<OpenTarget>,
@@ -339,1134 +310,11 @@ fn run_install(
     Ok(())
 }
 
-fn suggested_doctor_command(mode: FanoutMode, target: OpenTarget, profile: SetupProfile) -> String {
-    doctor::suggested_doctor_command(mode, target, profile)
-}
-
-fn enforce_apply_mode_requirements(
-    interactive: bool,
-    yes: bool,
-    fanout_plan: FanoutInstallPlan,
-) -> Result<()> {
-    let suggested_mode = fanout_plan.suggested_mode();
-    if !interactive && !yes {
-        bail!(
-            "setup requires explicit approval in non-interactive mode.\nnext: run `{}`",
-            suggested_doctor_command(suggested_mode, OpenTarget::Web, SetupProfile::Local)
-        );
-    }
-    if !interactive && fanout_plan.existing.is_none() && fanout_plan.requested.is_none() {
-        bail!(
-            "fanout mode is not configured for this repository, and setup cannot prompt in non-interactive mode.\nnext: run `{}`",
-            suggested_doctor_command(FanoutMode::HiddenRef, OpenTarget::Web, SetupProfile::Local)
-        );
-    }
-    Ok(())
-}
-
-fn is_interactive_terminal() -> bool {
-    io::stdin().is_terminal() && io::stdout().is_terminal()
-}
-
-fn prompt_apply_confirmation(
-    mode_hint: FanoutMode,
-    open_target_hint: OpenTarget,
-    profile: SetupProfile,
-) -> Result<()> {
-    print!("Apply these changes? [y/N]: ");
-    io::stdout().flush().context("flush stdout")?;
-    let mut line = String::new();
-    io::stdin()
-        .read_line(&mut line)
-        .context("read setup confirmation")?;
-    if parse_apply_confirmation(&line) {
-        return Ok(());
-    }
-    bail!(
-        "setup cancelled by user.\nnext: run `{}`",
-        suggested_doctor_command(mode_hint, open_target_hint, profile)
-    );
-}
-
-fn parse_apply_confirmation(input: &str) -> bool {
-    matches!(input.trim().to_ascii_lowercase().as_str(), "y" | "yes")
-}
-
-fn plan_cli_shims() -> Result<Vec<ShimInstallPlan>> {
-    let exe = std::env::current_exe().context("resolve current opensession executable path")?;
-    let mut plans = Vec::new();
-    for name in ["opensession", "ops"] {
-        plans.push(plan_cli_shim(name, &exe)?);
-    }
-    Ok(plans)
-}
-
-fn plan_cli_shim(name: &'static str, exe: &Path) -> Result<ShimInstallPlan> {
-    let path = shim_path(name)?;
-    let action = if !path.exists() {
-        ShimInstallAction::InstallNew
-    } else if std::fs::canonicalize(&path).ok() == std::fs::canonicalize(exe).ok() {
-        ShimInstallAction::KeepExisting
-    } else {
-        ShimInstallAction::ReplaceExisting
-    };
-    Ok(ShimInstallPlan { name, path, action })
-}
-
-fn shim_action_label(action: ShimInstallAction) -> &'static str {
-    match action {
-        ShimInstallAction::InstallNew => "install",
-        ShimInstallAction::ReplaceExisting => "replace",
-        ShimInstallAction::KeepExisting => "keep",
-    }
-}
-
-fn hook_action_summary(action: HookInstallAction) -> &'static str {
-    match action {
-        HookInstallAction::InstallNew => "install",
-        HookInstallAction::ReplaceManaged => "refresh",
-        HookInstallAction::BackupAndReplace => "preserve-original+replace",
-    }
-}
-
-fn print_setup_plan(
-    repo_root: &Path,
-    fanout_plan: FanoutInstallPlan,
-    open_target_plan: OpenTargetInstallPlan,
-    profile: SetupProfile,
-    hook_plans: &[crate::hooks::HookInstallPlan],
-    shim_plans: &[ShimInstallPlan],
-    yes: bool,
-) {
-    println!("repo: {}", repo_root.display());
-    println!("setup plan:");
-    println!("  - profile: {}", profile.as_str());
-    println!("  - fanout mode: {}", fanout_plan.summary());
-    println!("  - open target: {}", open_target_plan.summary(profile));
-    for plan in hook_plans {
-        println!(
-            "  - hook {}: {} ({})",
-            plan.hook_type.filename(),
-            hook_action_summary(plan.action),
-            plan.hook_path.display()
-        );
-        if let Some(backup_path) = &plan.backup_path {
-            println!("    original hook saved as: {}", backup_path.display());
-            println!(
-                "    restore: mv '{}' '{}'",
-                backup_path.display(),
-                plan.hook_path.display()
-            );
-        }
-    }
-    for plan in shim_plans {
-        println!(
-            "  - shim {}: {} ({})",
-            plan.name,
-            shim_action_label(plan.action),
-            plan.path.display()
-        );
-    }
-    if yes {
-        println!("  - confirmation: skipped (--yes)");
-    } else {
-        println!("  - confirmation: required (use --yes to skip)");
-    }
-}
-
-fn print_applied_setup(
-    repo_root: &Path,
-    fanout_mode: FanoutMode,
-    open_target: OpenTarget,
-    hook_reports: &[crate::hooks::HookInstallReport],
-    shim_plans: &[ShimInstallPlan],
-    shim_paths: &ShimPaths,
-) {
-    println!("Applied setup in {}:", repo_root.display());
-    println!("  - fanout mode: {}", fanout_mode.as_str());
-    println!("  - open target: {}", open_target.as_str());
-    for report in hook_reports {
-        println!(
-            "  - hook {}: {} ({})",
-            report.hook_type.filename(),
-            hook_action_summary(report.action),
-            report.hook_path.display()
-        );
-        if report.backup_created {
-            if let Some(backup_path) = &report.backup_path {
-                println!("    original hook saved as: {}", backup_path.display());
-                println!(
-                    "    restore: mv '{}' '{}'",
-                    backup_path.display(),
-                    report.hook_path.display()
-                );
-            }
-        }
-    }
-
-    for plan in shim_plans {
-        let path = match plan.name {
-            "opensession" => &shim_paths.opensession,
-            _ => &shim_paths.ops,
-        };
-        println!(
-            "  - shim {}: {} ({})",
-            plan.name,
-            shim_action_label(plan.action),
-            path.display()
-        );
-    }
-}
-
-#[derive(Debug, Clone)]
-struct SessionCandidate {
-    path: PathBuf,
-    modified: std::time::SystemTime,
-}
-
-fn collect_recent_candidates() -> Vec<SessionCandidate> {
-    let mut candidates = Vec::new();
-    for location in discover_sessions() {
-        for path in location.paths {
-            let Ok(metadata) = std::fs::metadata(&path) else {
-                continue;
-            };
-            let Ok(modified) = metadata.modified() else {
-                continue;
-            };
-            candidates.push(SessionCandidate { path, modified });
-        }
-    }
-
-    candidates.sort_by_key(|candidate| Reverse(candidate.modified));
-    candidates.into_iter().take(SYNC_MAX_CANDIDATES).collect()
-}
-
-fn same_repo_root(left: &Path, right: &Path) -> bool {
-    let left = std::fs::canonicalize(left).unwrap_or_else(|_| left.to_path_buf());
-    let right = std::fs::canonicalize(right).unwrap_or_else(|_| right.to_path_buf());
-    left == right
-}
-
-fn parse_session_candidate(path: &Path) -> Option<Session> {
-    match parse_with_default_parsers(path) {
-        Ok(Some(session)) => {
-            if working_directory(&session).is_some() {
-                Some(session)
-            } else {
-                std::fs::read_to_string(path)
-                    .ok()
-                    .and_then(|content| Session::from_jsonl(&content).ok())
-            }
-        }
-        Ok(None) | Err(_) => std::fs::read_to_string(path)
-            .ok()
-            .and_then(|content| Session::from_jsonl(&content).ok()),
-    }
-}
-
-fn normalize_commit_hint(commit_hint: Option<String>) -> Option<String> {
-    commit_hint
-        .and_then(|raw| {
-            let trimmed = raw.trim();
-            if trimmed.is_empty() {
-                None
-            } else {
-                Some(trimmed.to_string())
-            }
-        })
-        .filter(|sha| sha != "0000000000000000000000000000000000000000")
-}
-
-fn list_branch_commits(repo_root: &Path, branch: &str, max_count: usize) -> HashSet<String> {
-    let rev = format!("refs/heads/{branch}");
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("rev-list")
-        .arg("--max-count")
-        .arg(max_count.to_string())
-        .arg(rev)
-        .output();
-    let Ok(output) = output else {
-        return HashSet::new();
-    };
-    if !output.status.success() {
-        return HashSet::new();
-    }
-    String::from_utf8_lossy(&output.stdout)
-        .lines()
-        .map(str::trim)
-        .filter(|line| !line.is_empty())
-        .map(ToOwned::to_owned)
-        .collect()
-}
-
-fn commit_time_unix(repo_root: &Path, commit: &str) -> Option<i64> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("show")
-        .arg("-s")
-        .arg("--format=%ct")
-        .arg(commit)
-        .output()
-        .ok()?;
-    if !output.status.success() {
-        return None;
-    }
-    let raw = String::from_utf8_lossy(&output.stdout).trim().to_string();
-    raw.parse::<i64>().ok()
-}
-
-fn commit_shas_from_reflog(repo_root: &Path, start_ts: i64, end_ts: i64) -> Vec<String> {
-    let git_dir_output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("rev-parse")
-        .arg("--git-dir")
-        .output();
-    let Ok(git_dir_output) = git_dir_output else {
-        return Vec::new();
-    };
-    if !git_dir_output.status.success() {
-        return Vec::new();
-    }
-    let git_dir = String::from_utf8_lossy(&git_dir_output.stdout)
-        .trim()
-        .to_string();
-    if git_dir.is_empty() {
-        return Vec::new();
-    }
-
-    let git_dir_path = if Path::new(&git_dir).is_absolute() {
-        PathBuf::from(git_dir)
-    } else {
-        repo_root.join(git_dir)
-    };
-    let reflog_path = git_dir_path.join("logs").join("HEAD");
-    let raw = std::fs::read_to_string(reflog_path);
-    let Ok(raw) = raw else {
-        return Vec::new();
-    };
-
-    let mut seen = HashSet::new();
-    let mut commits = Vec::new();
-    for line in raw.lines() {
-        let Some((left, _)) = line.split_once('\t') else {
-            continue;
-        };
-        let mut parts = left.split_whitespace();
-        let _old = parts.next();
-        let Some(new_sha) = parts.next() else {
-            continue;
-        };
-        if new_sha.len() < 7 || !new_sha.chars().all(|ch| ch.is_ascii_hexdigit()) {
-            continue;
-        }
-        let mut tail = left.split_whitespace().rev();
-        let _tz = tail.next();
-        let Some(ts_raw) = tail.next() else {
-            continue;
-        };
-        let Ok(ts) = ts_raw.parse::<i64>() else {
-            continue;
-        };
-        if ts < start_ts || ts > end_ts {
-            continue;
-        }
-        if seen.insert(new_sha.to_string()) {
-            commits.push(new_sha.to_string());
-        }
-    }
-    commits
-}
-
-fn session_commit_links(
-    repo_root: &Path,
-    branch_commits: &HashSet<String>,
-    session: &Session,
-    commit_hint: Option<&str>,
-) -> Vec<String> {
-    let created = session.context.created_at.timestamp();
-    let updated = session.context.updated_at.timestamp();
-    let (start, end) = if created <= updated {
-        (created, updated)
-    } else {
-        (updated, created)
-    };
-    let mut commits = commit_shas_from_reflog(repo_root, start, end)
-        .into_iter()
-        .filter(|sha| branch_commits.contains(sha))
-        .collect::<Vec<_>>();
-
-    if let Some(hint) = commit_hint {
-        if branch_commits.contains(hint) && !commits.iter().any(|sha| sha == hint) {
-            if let Some(hint_ts) = commit_time_unix(repo_root, hint) {
-                let window_start = start.saturating_sub(COMMIT_HINT_GRACE_SECONDS);
-                let window_end = end.saturating_add(COMMIT_HINT_GRACE_SECONDS);
-                if hint_ts >= window_start && hint_ts <= window_end {
-                    commits.push(hint.to_string());
-                }
-            }
-        }
-    }
-
-    commits
-}
-
-fn load_daemon_config() -> DaemonConfig {
-    let home = match std::env::var("HOME").or_else(|_| std::env::var("USERPROFILE")) {
-        Ok(home) => home,
-        Err(_) => return DaemonConfig::default(),
-    };
-    let path = PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
-        .join(CONFIG_FILE_NAME);
-    let content = match std::fs::read_to_string(path) {
-        Ok(content) => content,
-        Err(_) => return DaemonConfig::default(),
-    };
-    toml::from_str(&content).unwrap_or_default()
-}
-
-fn sync_branch_session_to_hidden_ledger(
-    repo_root: &Path,
-    branch: &str,
-    commit_hint: Option<String>,
-) -> Result<()> {
-    let candidates = collect_recent_candidates();
-    if candidates.is_empty() {
-        return Ok(());
-    }
-
-    let config = load_daemon_config();
-    let branch_commits = list_branch_commits(repo_root, branch, SYNC_BRANCH_COMMITS_MAX);
-    if branch_commits.is_empty() {
-        return Ok(());
-    }
-    let commit_hint = normalize_commit_hint(commit_hint);
-    let mut synced_any = false;
-    let mut seen_sessions = HashSet::new();
-
-    for candidate in candidates {
-        let Some(mut session) = parse_session_candidate(&candidate.path) else {
-            continue;
-        };
-        let Some(cwd) = working_directory(&session).map(str::to_owned) else {
-            continue;
-        };
-        let Some(session_repo) = opensession_git_native::ops::find_repo_root(Path::new(&cwd))
-        else {
-            continue;
-        };
-        if !same_repo_root(repo_root, &session_repo) {
-            continue;
-        }
-
-        if config
-            .privacy
-            .exclude_tools
-            .iter()
-            .any(|tool| tool.eq_ignore_ascii_case(&session.agent.tool))
-        {
-            continue;
-        }
-        if !seen_sessions.insert(session.session_id.clone()) {
-            continue;
-        }
-
-        let commit_shas =
-            session_commit_links(repo_root, &branch_commits, &session, commit_hint.as_deref());
-        if commit_shas.is_empty() {
-            continue;
-        }
-
-        sanitize_session(
-            &mut session,
-            &SanitizeConfig {
-                strip_paths: config.privacy.strip_paths,
-                strip_env_vars: config.privacy.strip_env_vars,
-                exclude_patterns: config.privacy.exclude_patterns.clone(),
-            },
-        );
-
-        let git_ctx = extract_git_context(&cwd);
-        let meta = build_git_storage_meta_json_with_git(
-            &session,
-            Some(&GitMeta {
-                remote: git_ctx.remote.clone(),
-                repo_name: git_ctx.repo_name.clone(),
-                branch: Some(branch.to_string()),
-                head: commit_hint
-                    .clone()
-                    .or_else(|| commit_shas.last().cloned())
-                    .or(git_ctx.commit.clone()),
-                commits: commit_shas.clone(),
-            }),
-        );
-        let hail = session
-            .to_jsonl()
-            .context("serialize session to canonical HAIL JSONL")?;
-
-        NativeGitStorage.store_session_at_ref(
-            repo_root,
-            &branch_ledger_ref(branch),
-            &session.session_id,
-            hail.as_bytes(),
-            &meta,
-            &commit_shas,
-        )?;
-        synced_any = true;
-    }
-
-    let _ = synced_any;
-    Ok(())
-}
-
-fn run_check(repo_root: &PathBuf) -> Result<()> {
-    let colors = doctor_colors_enabled();
-    let mut summary = DoctorSummary::default();
-    let installed = list_installed_hooks(repo_root);
-    let fanout_mode = read_fanout_mode(repo_root)?.unwrap_or(FanoutMode::HiddenRef);
-    let branch = current_branch(repo_root)?;
-    let ledger_branch = ledger_branch_name(repo_root);
-    let ledger = branch_ledger_ref(&ledger_branch);
-
-    println!("repo: {}", repo_root.display());
-    println!("doctor checks:");
-
-    let hooks_summary = if installed.is_empty() {
-        "none".to_string()
-    } else {
-        installed
-            .iter()
-            .map(HookType::filename)
-            .collect::<Vec<_>>()
-            .join(", ")
-    };
-    let hook_level = if installed.is_empty() {
-        DoctorLevel::Warn
-    } else {
-        DoctorLevel::Ok
-    };
-    print_doctor_item(colors, hook_level, "opensession hooks", &hooks_summary);
-    summary.record(hook_level);
-
-    let mut required_actions = Vec::new();
-    let mut optional_actions = Vec::new();
-
-    match shim_path("opensession") {
-        Ok(path) => {
-            let present = path.exists();
-            let level = if present {
-                DoctorLevel::Ok
-            } else {
-                DoctorLevel::Warn
-            };
-            print_doctor_item(
-                colors,
-                level,
-                "opensession shim",
-                &format!(
-                    "{} ({})",
-                    path.display(),
-                    if present { "present" } else { "missing" }
-                ),
-            );
-            summary.record(level);
-            if !present {
-                required_actions.push(
-                    "run `opensession doctor --fix` to install hooks/shims for this repo"
-                        .to_string(),
-                );
-            }
-        }
-        Err(err) => {
-            print_doctor_item(
-                colors,
-                DoctorLevel::Fail,
-                "opensession shim",
-                &format!("unavailable ({err})"),
-            );
-            summary.record(DoctorLevel::Fail);
-        }
-    }
-
-    match shim_path("ops") {
-        Ok(path) => {
-            let present = path.exists();
-            let level = if present {
-                DoctorLevel::Ok
-            } else {
-                DoctorLevel::Info
-            };
-            print_doctor_item(
-                colors,
-                level,
-                "ops shim",
-                &format!(
-                    "{} ({})",
-                    path.display(),
-                    if present { "present" } else { "missing" }
-                ),
-            );
-            summary.record(level);
-            if !present {
-                optional_actions.push(
-                    "optional: install `ops` shim via `opensession doctor --fix` for alias UX"
-                        .to_string(),
-                );
-            }
-        }
-        Err(err) => {
-            print_doctor_item(
-                colors,
-                DoctorLevel::Fail,
-                "ops shim",
-                &format!("unavailable ({err})"),
-            );
-            summary.record(DoctorLevel::Fail);
-        }
-    }
-
-    if let Ok(exe) = std::env::current_exe() {
-        print_doctor_item(
-            colors,
-            DoctorLevel::Ok,
-            "active binary",
-            &exe.display().to_string(),
-        );
-        summary.record(DoctorLevel::Ok);
-    }
-
-    print_doctor_item(colors, DoctorLevel::Ok, "fanout mode", fanout_mode.as_str());
-    summary.record(DoctorLevel::Ok);
-
-    let daemon_pid = daemon_pid_path()?;
-    let daemon = daemon_status(&daemon_pid);
-    let (daemon_level, daemon_summary, daemon_hint) = daemon_status_summary(&daemon, &daemon_pid);
-    print_doctor_item(colors, daemon_level, "daemon", &daemon_summary);
-    summary.record(daemon_level);
-    if let Some(hint) = daemon_hint {
-        print_doctor_hint(&hint);
-        if daemon_level == DoctorLevel::Info {
-            optional_actions.push(hint);
-        } else {
-            required_actions.push(hint);
-        }
-    }
-
-    let readiness = review_readiness(repo_root);
-    let (readiness_level, readiness_summary, readiness_hint) =
-        review_readiness_summary(readiness.hidden_fanout_ready, readiness.remote_hidden_refs);
-    print_doctor_item(
-        colors,
-        readiness_level,
-        "review readiness",
-        &readiness_summary,
-    );
-    summary.record(readiness_level);
-    if let Some(hint) = readiness_hint {
-        print_doctor_hint(&hint);
-        if readiness_level == DoctorLevel::Info {
-            optional_actions.push(hint);
-        } else {
-            required_actions.push(hint);
-        }
-    }
-
-    let cleanup = cleanup_cmd::doctor_status(repo_root);
-    let cleanup_level = match cleanup.level {
-        CleanupDoctorLevel::Ok => DoctorLevel::Ok,
-        CleanupDoctorLevel::Warn => DoctorLevel::Warn,
-    };
-    print_doctor_item(colors, cleanup_level, "cleanup", &cleanup.detail);
-    summary.record(cleanup_level);
-    if let Some(hint) = cleanup.hint {
-        print_doctor_hint(&hint);
-        required_actions.push(hint);
-    }
-
-    print_doctor_item(colors, DoctorLevel::Ok, "current branch", &branch);
-    summary.record(DoctorLevel::Ok);
-    if branch != ledger_branch {
-        print_doctor_item(colors, DoctorLevel::Info, "ledger branch", &ledger_branch);
-        summary.record(DoctorLevel::Info);
-        optional_actions.push(
-            "optional: branch/ledger mismatch is expected on detached HEAD; verify before sharing"
-                .to_string(),
-        );
-    }
-    print_doctor_item(colors, DoctorLevel::Ok, "expected ledger ref", &ledger);
-    summary.record(DoctorLevel::Ok);
-
-    if !required_actions.is_empty() {
-        let mut dedup = HashSet::new();
-        println!("next actions (recommended):");
-        for suggestion in required_actions {
-            if dedup.insert(suggestion.clone()) {
-                println!("  - {suggestion}");
-            }
-        }
-    }
-    if !optional_actions.is_empty() {
-        let mut dedup = HashSet::new();
-        println!("next actions (optional):");
-        for suggestion in optional_actions {
-            if dedup.insert(suggestion.clone()) {
-                println!("  - {suggestion}");
-            }
-        }
-    }
-
-    if summary.issue_categories() == 0 {
-        println!("doctor summary: no blocking issues.");
-    } else {
-        println!(
-            "doctor summary: found issues in {} categories.",
-            summary.issue_categories()
-        );
-    }
-
-    Ok(())
-}
-
-fn doctor_colors_enabled() -> bool {
-    doctor::doctor_colors_enabled()
-}
-
-fn print_doctor_item(colors: bool, level: DoctorLevel, label: &str, detail: &str) {
-    doctor::print_doctor_item(colors, level, label, detail);
-}
-
-fn print_doctor_hint(detail: &str) {
-    doctor::print_doctor_hint(detail);
-}
-
-fn ensure_fanout_mode(
-    repo_root: &std::path::Path,
-    requested: Option<FanoutMode>,
-    interactive: bool,
-) -> Result<FanoutMode> {
-    if let Some(mode) = requested {
-        write_fanout_mode(repo_root, mode)?;
-        println!("fanout mode set: {}", mode.as_str());
-        return Ok(mode);
-    }
-    if let Some(mode) = read_fanout_mode(repo_root)? {
-        return Ok(mode);
-    }
-
-    if !interactive {
-        bail!(
-            "fanout mode is not configured for this repository.\nnext: run `{}`",
-            suggested_doctor_command(FanoutMode::HiddenRef, OpenTarget::Web, SetupProfile::Local)
-        );
-    }
-
-    let mode = prompt_fanout_mode()?;
-    write_fanout_mode(repo_root, mode)?;
-    println!("fanout mode initialized: {}", mode.as_str());
-    Ok(mode)
-}
-
-fn ensure_open_target(
-    repo_root: &std::path::Path,
-    requested: Option<OpenTarget>,
-    interactive: bool,
-    profile: SetupProfile,
-) -> Result<OpenTarget> {
-    if let Some(target) = requested {
-        write_repo_open_target(repo_root, target)?;
-        println!("open target set: {}", target.as_str());
-        return Ok(target);
-    }
-    if let Some(target) = read_repo_open_target(repo_root)? {
-        return Ok(target);
-    }
-
-    let default_target = default_open_target_for_profile(profile);
-    let target = if interactive {
-        let selected = prompt_open_target(default_target, profile)?;
-        println!("open target initialized: {}", selected.as_str());
-        selected
-    } else {
-        println!(
-            "open target defaulted: {} (non-interactive)",
-            default_target.as_str()
-        );
-        default_target
-    };
-    write_repo_open_target(repo_root, target)?;
-    Ok(target)
-}
-
-fn default_open_target_for_profile(profile: SetupProfile) -> OpenTarget {
-    match profile {
-        SetupProfile::Local => OpenTarget::Web,
-        SetupProfile::App => OpenTarget::App,
-    }
-}
-
-fn read_fanout_mode(repo_root: &std::path::Path) -> Result<Option<FanoutMode>> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("config")
-        .arg("--local")
-        .arg("--get")
-        .arg(FANOUT_MODE_GIT_CONFIG_KEY)
-        .output()
-        .context("read git fanout mode")?;
-
-    if !output.status.success() {
-        return Ok(None);
-    }
-
-    let raw = String::from_utf8_lossy(&output.stdout).trim().to_string();
-    if raw.is_empty() {
-        return Ok(None);
-    }
-
-    Ok(Some(
-        FanoutMode::parse(&raw).unwrap_or(FanoutMode::HiddenRef),
-    ))
-}
-
-fn write_fanout_mode(repo_root: &std::path::Path, mode: FanoutMode) -> Result<()> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("config")
-        .arg("--local")
-        .arg(FANOUT_MODE_GIT_CONFIG_KEY)
-        .arg(mode.as_str())
-        .output()
-        .context("write git fanout mode")?;
-    if !output.status.success() {
-        bail!(
-            "failed to store fanout mode in git config: {}",
-            String::from_utf8_lossy(&output.stderr).trim()
-        );
-    }
-    Ok(())
-}
-
-fn prompt_fanout_mode() -> Result<FanoutMode> {
-    if !io::stdin().is_terminal() || !io::stdout().is_terminal() {
-        bail!(
-            "fanout mode prompt requires an interactive terminal.\nnext: run `{}`",
-            suggested_doctor_command(FanoutMode::HiddenRef, OpenTarget::Web, SetupProfile::Local)
-        );
-    }
-
-    println!("Choose OpenSession fanout mode for this repository:");
-    println!("  1) hidden refs (default)");
-    println!("  2) git notes");
-    print!("select [1/2]: ");
-    io::stdout().flush().context("flush stdout")?;
-
-    let mut line = String::new();
-    io::stdin().read_line(&mut line).context("read selection")?;
-    Ok(parse_fanout_choice(&line).unwrap_or(FanoutMode::HiddenRef))
-}
-
-fn parse_fanout_choice(input: &str) -> Option<FanoutMode> {
-    FanoutMode::parse(input)
-}
-
-fn prompt_open_target(default_target: OpenTarget, profile: SetupProfile) -> Result<OpenTarget> {
-    if !io::stdin().is_terminal() || !io::stdout().is_terminal() {
-        bail!(
-            "open target prompt requires an interactive terminal.\nnext: run `{}`",
-            suggested_doctor_command(FanoutMode::HiddenRef, default_target, profile)
-        );
-    }
-
-    println!("Choose OpenSession review opener for this repository:");
-    println!("  1) app");
-    println!("  2) web");
-    println!("  default: {}", default_target.as_str());
-    print!("select [1/2]: ");
-    io::stdout().flush().context("flush stdout")?;
-
-    let mut line = String::new();
-    io::stdin().read_line(&mut line).context("read selection")?;
-    Ok(parse_open_target_choice(&line).unwrap_or(default_target))
-}
-
-fn parse_open_target_choice(input: &str) -> Option<OpenTarget> {
-    OpenTarget::parse(input)
-}
-
-fn print_daemon_status() -> Result<()> {
-    let pid_path = daemon_pid_path()?;
-    let status = daemon_status(&pid_path);
-    let (_, summary, hint) = daemon_status_summary(&status, &pid_path);
-    println!("daemon: {summary}");
-    if let Some(hint) = hint {
-        println!("daemon hint: {hint}");
-    }
-    Ok(())
-}
-
-fn daemon_status_summary(
-    status: &DaemonStatus,
-    pid_path: &std::path::Path,
-) -> (DoctorLevel, String, Option<String>) {
-    match status {
-        DaemonStatus::Running(pid) => (DoctorLevel::Ok, format!("running (pid {pid})"), None),
-        DaemonStatus::NotRunning => (
-            DoctorLevel::Info,
-            format!("not running (pid file missing: {})", pid_path.display()),
-            Some(
-                "optional: start daemon for auto-capture with `opensession-daemon` (or `cargo run -p opensession-daemon -- run` in a source checkout)"
-                    .to_string(),
-            ),
-        ),
-        DaemonStatus::StalePid(pid) => (
-            DoctorLevel::Info,
-            format!(
-                "not running (stale pid file: {} -> pid {pid})",
-                pid_path.display()
-            ),
-            Some(
-                "optional: restart daemon for auto-capture with `opensession-daemon` (or `cargo run -p opensession-daemon -- run` in a source checkout)"
-                    .to_string(),
-            ),
-        ),
-        DaemonStatus::Unreadable(err) => (
-            DoctorLevel::Fail,
-            format!("status unavailable ({err})"),
-            None,
-        ),
-    }
-}
-
-fn daemon_pid_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("HOME/USERPROFILE is not set; cannot resolve daemon pid path")?;
-    Ok(PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
-        .join("daemon.pid"))
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-enum DaemonStatus {
-    Running(u32),
-    NotRunning,
-    StalePid(u32),
-    Unreadable(String),
-}
-
-fn daemon_status(pid_path: &std::path::Path) -> DaemonStatus {
-    if !pid_path.exists() {
-        return DaemonStatus::NotRunning;
-    }
-
-    let pid_raw = match std::fs::read_to_string(pid_path) {
-        Ok(raw) => raw,
-        Err(err) => return DaemonStatus::Unreadable(format!("read {}: {err}", pid_path.display())),
-    };
-    let pid = match pid_raw.trim().parse::<u32>() {
-        Ok(pid) if pid > 0 => pid,
-        Ok(_) | Err(_) => {
-            return DaemonStatus::Unreadable(format!(
-                "invalid pid content in {}",
-                pid_path.display()
-            ));
-        }
-    };
-
-    if process_running(pid) {
-        DaemonStatus::Running(pid)
-    } else {
-        DaemonStatus::StalePid(pid)
-    }
-}
-
-#[cfg(unix)]
-fn process_running(pid: u32) -> bool {
-    // SAFETY: kill(pid, 0) does not deliver a signal. It is the standard Unix probe for
-    // process existence and permissions, and we pass the parsed PID value directly to libc.
-    let rc = unsafe { libc::kill(pid as i32, 0) };
-    if rc == 0 {
-        return true;
-    }
-    matches!(
-        std::io::Error::last_os_error().raw_os_error(),
-        Some(libc::EPERM)
-    )
-}
-
-#[cfg(not(unix))]
-fn process_running(_pid: u32) -> bool {
-    false
-}
-
-fn ledger_branch_name(repo_root: &std::path::Path) -> String {
-    let cwd = repo_root.to_string_lossy().to_string();
-    let git_ctx = extract_git_context(&cwd);
-    resolve_ledger_branch(git_ctx.branch.as_deref(), git_ctx.commit.as_deref())
-}
-
-fn current_branch(repo_root: &PathBuf) -> Result<String> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("rev-parse")
-        .arg("--abbrev-ref")
-        .arg("HEAD")
-        .output()
-        .context("resolve current git branch")?;
-    if !output.status.success() {
-        bail!(
-            "failed to read current branch: {}",
-            String::from_utf8_lossy(&output.stderr).trim()
-        );
-    }
-    Ok(String::from_utf8_lossy(&output.stdout).trim().to_string())
-}
-
-fn shim_path(name: &str) -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .context("HOME environment variable is not set; cannot resolve shim path")?;
-    Ok(PathBuf::from(home)
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("bin")
-        .join(name))
-}
-
-#[derive(Debug, Clone)]
-struct ShimPaths {
-    opensession: PathBuf,
-    ops: PathBuf,
-}
-
-fn install_cli_shims() -> Result<ShimPaths> {
-    let exe = std::env::current_exe().context("resolve current opensession executable path")?;
-    let opensession = install_cli_shim("opensession", &exe)?;
-    let ops = install_cli_shim("ops", &exe)?;
-    Ok(ShimPaths { opensession, ops })
-}
-
-fn install_cli_shim(name: &str, exe: &std::path::Path) -> Result<PathBuf> {
-    let shim = shim_path(name)?;
-    if let Some(parent) = shim.parent() {
-        std::fs::create_dir_all(parent)
-            .with_context(|| format!("create shim directory {}", parent.display()))?;
-    }
-
-    let existing_matches = if shim.exists() {
-        std::fs::canonicalize(&shim).ok() == std::fs::canonicalize(exe).ok()
-    } else {
-        false
-    };
-    if existing_matches {
-        return Ok(shim);
-    }
-
-    if shim.exists() {
-        std::fs::remove_file(&shim)
-            .with_context(|| format!("remove existing shim {}", shim.display()))?;
-    }
-
-    #[cfg(unix)]
-    {
-        std::os::unix::fs::symlink(exe, &shim)
-            .with_context(|| format!("create shim symlink {}", shim.display()))?;
-    }
-
-    #[cfg(not(unix))]
-    {
-        std::fs::copy(exe, &shim)
-            .with_context(|| format!("create shim copy {}", shim.display()))?;
-    }
-
-    Ok(shim)
-}
-
-#[derive(Debug, Clone, Copy)]
-struct ReviewReadiness {
-    hidden_fanout_ready: bool,
-    remote_hidden_refs: bool,
-}
-
-fn review_readiness(repo_root: &PathBuf) -> ReviewReadiness {
-    let hidden_fanout_ready = list_installed_hooks(repo_root).contains(&HookType::PrePush);
-
-    let remote_hidden_refs = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("for-each-ref")
-        .arg("--count=1")
-        .arg("--format=%(refname)")
-        .arg("refs/remotes/*/opensession/branches")
-        .output()
-        .ok()
-        .filter(|out| out.status.success())
-        .map(|out| !String::from_utf8_lossy(&out.stdout).trim().is_empty())
-        .unwrap_or(false);
-
-    ReviewReadiness {
-        hidden_fanout_ready,
-        remote_hidden_refs,
-    }
-}
-
-fn review_readiness_summary(
-    hidden_fanout_ready: bool,
-    remote_hidden_refs: bool,
-) -> (DoctorLevel, String, Option<String>) {
-    let summary = format!(
-        "hidden-fanout={} hidden-refs={}",
-        if hidden_fanout_ready { "ok" } else { "missing" },
-        if remote_hidden_refs {
-            "present"
-        } else {
-            "none-fetched"
-        }
-    );
-
-    if hidden_fanout_ready && remote_hidden_refs {
-        return (DoctorLevel::Ok, summary, None);
-    }
-
-    if !hidden_fanout_ready {
-        return (
-            DoctorLevel::Warn,
-            summary,
-            Some("run `opensession doctor --fix` to install the pre-push fanout hook".to_string()),
-        );
-    }
-
-    (
-        DoctorLevel::Info,
-        summary,
-        Some(
-            "optional: fetch hidden refs before local review: `git fetch origin 'refs/opensession/branches/*:refs/remotes/origin/opensession/branches/*'`".to_string(),
-        ),
-    )
-}
-
-fn print_review_readiness(repo_root: &PathBuf) -> Result<()> {
-    let readiness = review_readiness(repo_root);
-    let (_, summary, _) =
-        review_readiness_summary(readiness.hidden_fanout_ready, readiness.remote_hidden_refs);
-    println!("review readiness: {summary}");
-    Ok(())
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
     use std::fs;
+    use std::process::Command;
 
     #[test]
     fn print_ledger_ref_matches_helper() {
@@ -1477,8 +325,8 @@ mod tests {
     #[test]
     fn daemon_status_reports_not_running_when_pid_file_missing() {
         let tmp = tempfile::tempdir().expect("tempdir");
-        let status = daemon_status(&tmp.path().join("daemon.pid"));
-        assert_eq!(status, DaemonStatus::NotRunning);
+        let status = status::daemon_status(&tmp.path().join("daemon.pid"));
+        assert_eq!(status, status::DaemonStatus::NotRunning);
     }
 
     #[test]
@@ -1486,24 +334,25 @@ mod tests {
         let tmp = tempfile::tempdir().expect("tempdir");
         let pid_path = tmp.path().join("daemon.pid");
         fs::write(&pid_path, "not-a-pid").expect("write pid");
-        let status = daemon_status(&pid_path);
-        assert!(matches!(status, DaemonStatus::Unreadable(_)));
+        let status = status::daemon_status(&pid_path);
+        assert!(matches!(status, status::DaemonStatus::Unreadable(_)));
     }
 
     #[test]
     fn daemon_status_summary_includes_hint_when_not_running() {
         let tmp = tempfile::tempdir().expect("tempdir");
         let pid_path = tmp.path().join("daemon.pid");
-        let (level, summary, hint) = daemon_status_summary(&DaemonStatus::NotRunning, &pid_path);
-        assert_eq!(level, DoctorLevel::Info);
+        let (level, summary, hint) =
+            status::daemon_status_summary(&status::DaemonStatus::NotRunning, &pid_path);
+        assert_eq!(level, doctor::DoctorLevel::Info);
         assert!(summary.contains("not running"));
         assert!(hint.expect("hint should exist").contains("optional:"));
     }
 
     #[test]
     fn review_readiness_summary_warns_when_hidden_fanout_missing() {
-        let (level, summary, hint) = review_readiness_summary(false, false);
-        assert_eq!(level, DoctorLevel::Warn);
+        let (level, summary, hint) = status::review_readiness_summary(false, false);
+        assert_eq!(level, doctor::DoctorLevel::Warn);
         assert!(summary.contains("hidden-fanout=missing"));
         assert!(
             hint.expect("hint should exist")
@@ -1513,18 +362,27 @@ mod tests {
 
     #[test]
     fn review_readiness_summary_marks_missing_refs_as_optional_info() {
-        let (level, summary, hint) = review_readiness_summary(true, false);
-        assert_eq!(level, DoctorLevel::Info);
+        let (level, summary, hint) = status::review_readiness_summary(true, false);
+        assert_eq!(level, doctor::DoctorLevel::Info);
         assert!(summary.contains("hidden-refs=none-fetched"));
         assert!(hint.expect("hint should exist").contains("optional:"));
     }
 
     #[test]
     fn doctor_tag_plain_is_ascii_stable() {
-        assert_eq!(doctor::doctor_tag(DoctorLevel::Ok, false), "[ OK ]");
-        assert_eq!(doctor::doctor_tag(DoctorLevel::Info, false), "[INFO]");
-        assert_eq!(doctor::doctor_tag(DoctorLevel::Warn, false), "[WARN]");
-        assert_eq!(doctor::doctor_tag(DoctorLevel::Fail, false), "[FAIL]");
+        assert_eq!(doctor::doctor_tag(doctor::DoctorLevel::Ok, false), "[ OK ]");
+        assert_eq!(
+            doctor::doctor_tag(doctor::DoctorLevel::Info, false),
+            "[INFO]"
+        );
+        assert_eq!(
+            doctor::doctor_tag(doctor::DoctorLevel::Warn, false),
+            "[WARN]"
+        );
+        assert_eq!(
+            doctor::doctor_tag(doctor::DoctorLevel::Fail, false),
+            "[FAIL]"
+        );
     }
 
     #[test]
@@ -1540,7 +398,7 @@ mod tests {
             sync_branch_commit: None,
             profile: None,
         };
-        let err = validate_setup_args(&args).expect_err("validate");
+        let err = validation::validate_setup_args(&args).expect_err("validate");
         assert!(err.to_string().contains("cannot be used"));
     }
 
@@ -1557,7 +415,7 @@ mod tests {
             sync_branch_commit: None,
             profile: None,
         };
-        let err = validate_setup_args(&args).expect_err("validate");
+        let err = validation::validate_setup_args(&args).expect_err("validate");
         assert!(err.to_string().contains("requires apply mode"));
     }
 
@@ -1574,7 +432,7 @@ mod tests {
             sync_branch_commit: None,
             profile: None,
         };
-        let err = validate_setup_args(&args).expect_err("validate");
+        let err = validation::validate_setup_args(&args).expect_err("validate");
         assert!(
             err.to_string()
                 .contains("`--open-target` requires apply mode")
@@ -1583,18 +441,18 @@ mod tests {
 
     #[test]
     fn parse_apply_confirmation_accepts_yes_aliases() {
-        assert!(parse_apply_confirmation("y"));
-        assert!(parse_apply_confirmation("Y"));
-        assert!(parse_apply_confirmation("yes"));
-        assert!(parse_apply_confirmation(" YES "));
+        assert!(validation::parse_apply_confirmation("y"));
+        assert!(validation::parse_apply_confirmation("Y"));
+        assert!(validation::parse_apply_confirmation("yes"));
+        assert!(validation::parse_apply_confirmation(" YES "));
     }
 
     #[test]
     fn parse_apply_confirmation_rejects_non_yes_values() {
-        assert!(!parse_apply_confirmation(""));
-        assert!(!parse_apply_confirmation("n"));
-        assert!(!parse_apply_confirmation("no"));
-        assert!(!parse_apply_confirmation("anything"));
+        assert!(!validation::parse_apply_confirmation(""));
+        assert!(!validation::parse_apply_confirmation("n"));
+        assert!(!validation::parse_apply_confirmation("no"));
+        assert!(!validation::parse_apply_confirmation("anything"));
     }
 
     #[test]
@@ -1603,7 +461,8 @@ mod tests {
             existing: Some(FanoutMode::HiddenRef),
             requested: None,
         };
-        let err = enforce_apply_mode_requirements(false, false, plan).expect_err("validate");
+        let err =
+            validation::enforce_apply_mode_requirements(false, false, plan).expect_err("validate");
         assert!(err.to_string().contains("requires explicit approval"));
     }
 
@@ -1613,51 +472,85 @@ mod tests {
             existing: None,
             requested: None,
         };
-        let err = enforce_apply_mode_requirements(false, true, plan).expect_err("validate");
+        let err =
+            validation::enforce_apply_mode_requirements(false, true, plan).expect_err("validate");
         assert!(err.to_string().contains("fanout mode is not configured"));
     }
 
     #[test]
     fn parse_fanout_choice_accepts_hidden_ref_aliases() {
-        assert_eq!(parse_fanout_choice("1"), Some(FanoutMode::HiddenRef));
         assert_eq!(
-            parse_fanout_choice("hidden_ref"),
+            planning::parse_fanout_choice("1"),
+            Some(FanoutMode::HiddenRef)
+        );
+        assert_eq!(
+            planning::parse_fanout_choice("hidden_ref"),
+            Some(FanoutMode::HiddenRef)
+        );
+        assert_eq!(
+            planning::parse_fanout_choice("hidden"),
             Some(FanoutMode::HiddenRef)
         );
-        assert_eq!(parse_fanout_choice("hidden"), Some(FanoutMode::HiddenRef));
     }
 
     #[test]
     fn parse_fanout_choice_accepts_git_notes_aliases() {
-        assert_eq!(parse_fanout_choice("2"), Some(FanoutMode::GitNotes));
-        assert_eq!(parse_fanout_choice("git_notes"), Some(FanoutMode::GitNotes));
-        assert_eq!(parse_fanout_choice("notes"), Some(FanoutMode::GitNotes));
+        assert_eq!(
+            planning::parse_fanout_choice("2"),
+            Some(FanoutMode::GitNotes)
+        );
+        assert_eq!(
+            planning::parse_fanout_choice("git_notes"),
+            Some(FanoutMode::GitNotes)
+        );
+        assert_eq!(
+            planning::parse_fanout_choice("notes"),
+            Some(FanoutMode::GitNotes)
+        );
     }
 
     #[test]
     fn parse_fanout_choice_rejects_unknown_values() {
-        assert_eq!(parse_fanout_choice(""), None);
-        assert_eq!(parse_fanout_choice("unknown"), None);
+        assert_eq!(planning::parse_fanout_choice(""), None);
+        assert_eq!(planning::parse_fanout_choice("unknown"), None);
     }
 
     #[test]
     fn parse_open_target_choice_accepts_aliases() {
-        assert_eq!(parse_open_target_choice("1"), Some(OpenTarget::App));
-        assert_eq!(parse_open_target_choice("app"), Some(OpenTarget::App));
-        assert_eq!(parse_open_target_choice("desktop"), Some(OpenTarget::App));
-        assert_eq!(parse_open_target_choice("2"), Some(OpenTarget::Web));
-        assert_eq!(parse_open_target_choice("web"), Some(OpenTarget::Web));
-        assert_eq!(parse_open_target_choice("browser"), Some(OpenTarget::Web));
+        assert_eq!(
+            planning::parse_open_target_choice("1"),
+            Some(OpenTarget::App)
+        );
+        assert_eq!(
+            planning::parse_open_target_choice("app"),
+            Some(OpenTarget::App)
+        );
+        assert_eq!(
+            planning::parse_open_target_choice("desktop"),
+            Some(OpenTarget::App)
+        );
+        assert_eq!(
+            planning::parse_open_target_choice("2"),
+            Some(OpenTarget::Web)
+        );
+        assert_eq!(
+            planning::parse_open_target_choice("web"),
+            Some(OpenTarget::Web)
+        );
+        assert_eq!(
+            planning::parse_open_target_choice("browser"),
+            Some(OpenTarget::Web)
+        );
     }
 
     #[test]
     fn default_open_target_depends_on_setup_profile() {
         assert_eq!(
-            default_open_target_for_profile(SetupProfile::Local),
+            planning::default_open_target_for_profile(SetupProfile::Local),
             OpenTarget::Web
         );
         assert_eq!(
-            default_open_target_for_profile(SetupProfile::App),
+            planning::default_open_target_for_profile(SetupProfile::App),
             OpenTarget::App
         );
     }
@@ -1689,17 +582,17 @@ mod tests {
             String::from_utf8_lossy(&init.stderr)
         );
 
-        assert_eq!(read_fanout_mode(&repo).expect("read"), None);
+        assert_eq!(planning::read_fanout_mode(&repo).expect("read"), None);
 
-        write_fanout_mode(&repo, FanoutMode::GitNotes).expect("write");
+        planning::write_fanout_mode(&repo, FanoutMode::GitNotes).expect("write");
         assert_eq!(
-            read_fanout_mode(&repo).expect("read"),
+            planning::read_fanout_mode(&repo).expect("read"),
             Some(FanoutMode::GitNotes)
         );
 
-        write_fanout_mode(&repo, FanoutMode::HiddenRef).expect("write");
+        planning::write_fanout_mode(&repo, FanoutMode::HiddenRef).expect("write");
         assert_eq!(
-            read_fanout_mode(&repo).expect("read"),
+            planning::read_fanout_mode(&repo).expect("read"),
             Some(FanoutMode::HiddenRef)
         );
     }
diff --git a/crates/cli/src/setup_cmd/branch_sync.rs b/crates/cli/src/setup_cmd/branch_sync.rs
new file mode 100644
index 00000000..da75b0c7
--- /dev/null
+++ b/crates/cli/src/setup_cmd/branch_sync.rs
@@ -0,0 +1,319 @@
+use super::{COMMIT_HINT_GRACE_SECONDS, SYNC_BRANCH_COMMITS_MAX, SYNC_MAX_CANDIDATES};
+use anyhow::{Context, Result};
+use opensession_core::Session;
+use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
+use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
+use opensession_git_native::{NativeGitStorage, extract_git_context};
+use opensession_parsers::{ParserRegistry, discover::discover_sessions};
+use opensession_runtime_config::{CONFIG_FILE_NAME, DaemonConfig};
+use std::cmp::Reverse;
+use std::collections::HashSet;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+#[derive(Debug, Clone)]
+struct SessionCandidate {
+    path: PathBuf,
+    modified: std::time::SystemTime,
+}
+
+fn collect_recent_candidates() -> Vec<SessionCandidate> {
+    let mut candidates = Vec::new();
+    for location in discover_sessions() {
+        for path in location.paths {
+            let Ok(metadata) = std::fs::metadata(&path) else {
+                continue;
+            };
+            let Ok(modified) = metadata.modified() else {
+                continue;
+            };
+            candidates.push(SessionCandidate { path, modified });
+        }
+    }
+
+    candidates.sort_by_key(|candidate| Reverse(candidate.modified));
+    candidates.into_iter().take(SYNC_MAX_CANDIDATES).collect()
+}
+
+fn same_repo_root(left: &Path, right: &Path) -> bool {
+    let left = std::fs::canonicalize(left).unwrap_or_else(|_| left.to_path_buf());
+    let right = std::fs::canonicalize(right).unwrap_or_else(|_| right.to_path_buf());
+    left == right
+}
+
+fn parse_session_candidate(path: &Path) -> Option<Session> {
+    match ParserRegistry::default().parse_path(path) {
+        Ok(Some(session)) => {
+            if working_directory(&session).is_some() {
+                Some(session)
+            } else {
+                std::fs::read_to_string(path)
+                    .ok()
+                    .and_then(|content| Session::from_jsonl(&content).ok())
+            }
+        }
+        Ok(None) | Err(_) => std::fs::read_to_string(path)
+            .ok()
+            .and_then(|content| Session::from_jsonl(&content).ok()),
+    }
+}
+
+fn normalize_commit_hint(commit_hint: Option<String>) -> Option<String> {
+    commit_hint
+        .and_then(|raw| {
+            let trimmed = raw.trim();
+            if trimmed.is_empty() {
+                None
+            } else {
+                Some(trimmed.to_string())
+            }
+        })
+        .filter(|sha| sha != "0000000000000000000000000000000000000000")
+}
+
+fn list_branch_commits(repo_root: &Path, branch: &str, max_count: usize) -> HashSet<String> {
+    let rev = format!("refs/heads/{branch}");
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("rev-list")
+        .arg("--max-count")
+        .arg(max_count.to_string())
+        .arg(rev)
+        .output();
+    let Ok(output) = output else {
+        return HashSet::new();
+    };
+    if !output.status.success() {
+        return HashSet::new();
+    }
+    String::from_utf8_lossy(&output.stdout)
+        .lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty())
+        .map(ToOwned::to_owned)
+        .collect()
+}
+
+fn commit_time_unix(repo_root: &Path, commit: &str) -> Option<i64> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("show")
+        .arg("-s")
+        .arg("--format=%ct")
+        .arg(commit)
+        .output()
+        .ok()?;
+    if !output.status.success() {
+        return None;
+    }
+    let raw = String::from_utf8_lossy(&output.stdout).trim().to_string();
+    raw.parse::<i64>().ok()
+}
+
+fn commit_shas_from_reflog(repo_root: &Path, start_ts: i64, end_ts: i64) -> Vec<String> {
+    let git_dir_output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("rev-parse")
+        .arg("--git-dir")
+        .output();
+    let Ok(git_dir_output) = git_dir_output else {
+        return Vec::new();
+    };
+    if !git_dir_output.status.success() {
+        return Vec::new();
+    }
+    let git_dir = String::from_utf8_lossy(&git_dir_output.stdout)
+        .trim()
+        .to_string();
+    if git_dir.is_empty() {
+        return Vec::new();
+    }
+
+    let git_dir_path = if Path::new(&git_dir).is_absolute() {
+        PathBuf::from(git_dir)
+    } else {
+        repo_root.join(git_dir)
+    };
+    let reflog_path = git_dir_path.join("logs").join("HEAD");
+    let raw = std::fs::read_to_string(reflog_path);
+    let Ok(raw) = raw else {
+        return Vec::new();
+    };
+
+    let mut seen = HashSet::new();
+    let mut commits = Vec::new();
+    for line in raw.lines() {
+        let Some((left, _)) = line.split_once('\t') else {
+            continue;
+        };
+        let mut parts = left.split_whitespace();
+        let _old = parts.next();
+        let Some(new_sha) = parts.next() else {
+            continue;
+        };
+        if new_sha.len() < 7 || !new_sha.chars().all(|ch| ch.is_ascii_hexdigit()) {
+            continue;
+        }
+        let mut tail = left.split_whitespace().rev();
+        let _tz = tail.next();
+        let Some(ts_raw) = tail.next() else {
+            continue;
+        };
+        let Ok(ts) = ts_raw.parse::<i64>() else {
+            continue;
+        };
+        if ts < start_ts || ts > end_ts {
+            continue;
+        }
+        if seen.insert(new_sha.to_string()) {
+            commits.push(new_sha.to_string());
+        }
+    }
+    commits
+}
+
+fn session_commit_links(
+    repo_root: &Path,
+    branch_commits: &HashSet<String>,
+    session: &Session,
+    commit_hint: Option<&str>,
+) -> Vec<String> {
+    let created = session.context.created_at.timestamp();
+    let updated = session.context.updated_at.timestamp();
+    let (start, end) = if created <= updated {
+        (created, updated)
+    } else {
+        (updated, created)
+    };
+    let mut commits = commit_shas_from_reflog(repo_root, start, end)
+        .into_iter()
+        .filter(|sha| branch_commits.contains(sha))
+        .collect::<Vec<_>>();
+
+    if let Some(hint) = commit_hint {
+        if branch_commits.contains(hint) && !commits.iter().any(|sha| sha == hint) {
+            if let Some(hint_ts) = commit_time_unix(repo_root, hint) {
+                let window_start = start.saturating_sub(COMMIT_HINT_GRACE_SECONDS);
+                let window_end = end.saturating_add(COMMIT_HINT_GRACE_SECONDS);
+                if hint_ts >= window_start && hint_ts <= window_end {
+                    commits.push(hint.to_string());
+                }
+            }
+        }
+    }
+
+    commits
+}
+
+fn load_daemon_config() -> DaemonConfig {
+    let home = match std::env::var("HOME").or_else(|_| std::env::var("USERPROFILE")) {
+        Ok(home) => home,
+        Err(_) => return DaemonConfig::default(),
+    };
+    let path = PathBuf::from(home)
+        .join(".config")
+        .join("opensession")
+        .join(CONFIG_FILE_NAME);
+    let content = match std::fs::read_to_string(path) {
+        Ok(content) => content,
+        Err(_) => return DaemonConfig::default(),
+    };
+    toml::from_str(&content).unwrap_or_default()
+}
+
+pub(super) fn sync_branch_session_to_hidden_ledger(
+    repo_root: &Path,
+    branch: &str,
+    commit_hint: Option<String>,
+) -> Result<()> {
+    let candidates = collect_recent_candidates();
+    if candidates.is_empty() {
+        return Ok(());
+    }
+
+    let config = load_daemon_config();
+    let branch_commits = list_branch_commits(repo_root, branch, SYNC_BRANCH_COMMITS_MAX);
+    if branch_commits.is_empty() {
+        return Ok(());
+    }
+    let commit_hint = normalize_commit_hint(commit_hint);
+    let mut synced_any = false;
+    let mut seen_sessions = HashSet::new();
+
+    for candidate in candidates {
+        let Some(mut session) = parse_session_candidate(&candidate.path) else {
+            continue;
+        };
+        let Some(cwd) = working_directory(&session).map(str::to_owned) else {
+            continue;
+        };
+        let Some(session_repo) = opensession_git_native::ops::find_repo_root(Path::new(&cwd))
+        else {
+            continue;
+        };
+        if !same_repo_root(repo_root, &session_repo) {
+            continue;
+        }
+
+        if config
+            .privacy
+            .exclude_tools
+            .iter()
+            .any(|tool| tool.eq_ignore_ascii_case(&session.agent.tool))
+        {
+            continue;
+        }
+        if !seen_sessions.insert(session.session_id.clone()) {
+            continue;
+        }
+
+        let commit_shas =
+            session_commit_links(repo_root, &branch_commits, &session, commit_hint.as_deref());
+        if commit_shas.is_empty() {
+            continue;
+        }
+
+        sanitize_session(
+            &mut session,
+            &SanitizeConfig {
+                strip_paths: config.privacy.strip_paths,
+                strip_env_vars: config.privacy.strip_env_vars,
+                exclude_patterns: config.privacy.exclude_patterns.clone(),
+            },
+        );
+
+        let git_ctx = extract_git_context(&cwd);
+        let meta = build_git_storage_meta_json_with_git(
+            &session,
+            Some(&GitMeta {
+                remote: git_ctx.remote.clone(),
+                repo_name: git_ctx.repo_name.clone(),
+                branch: Some(branch.to_string()),
+                head: commit_hint
+                    .clone()
+                    .or_else(|| commit_shas.last().cloned())
+                    .or(git_ctx.commit.clone()),
+                commits: commit_shas.clone(),
+            }),
+        );
+        let hail = session
+            .to_jsonl()
+            .context("serialize session to canonical HAIL JSONL")?;
+
+        NativeGitStorage.store_session_at_ref(
+            repo_root,
+            &opensession_git_native::branch_ledger_ref(branch),
+            &session.session_id,
+            hail.as_bytes(),
+            &meta,
+            &commit_shas,
+        )?;
+        synced_any = true;
+    }
+
+    let _ = synced_any;
+    Ok(())
+}
diff --git a/crates/cli/src/setup_cmd/planning.rs b/crates/cli/src/setup_cmd/planning.rs
new file mode 100644
index 00000000..4e65a9c3
--- /dev/null
+++ b/crates/cli/src/setup_cmd/planning.rs
@@ -0,0 +1,270 @@
+use super::doctor;
+use super::shims::{ShimInstallPlan, ShimPaths, shim_action_label};
+use super::{FANOUT_MODE_GIT_CONFIG_KEY, FanoutMode, OpenTargetInstallPlan, SetupProfile};
+use crate::hooks::{HookInstallAction, HookInstallPlan, HookInstallReport};
+use crate::open_target::{OpenTarget, read_repo_open_target, write_repo_open_target};
+use anyhow::{Context, Result, bail};
+use std::io::{self, IsTerminal, Write};
+use std::path::Path;
+use std::process::Command;
+
+pub(super) fn print_setup_plan(
+    repo_root: &Path,
+    fanout_plan: super::FanoutInstallPlan,
+    open_target_plan: OpenTargetInstallPlan,
+    profile: SetupProfile,
+    hook_plans: &[HookInstallPlan],
+    shim_plans: &[ShimInstallPlan],
+    yes: bool,
+) {
+    println!("repo: {}", repo_root.display());
+    println!("setup plan:");
+    println!("  - profile: {}", profile.as_str());
+    println!("  - fanout mode: {}", fanout_plan.summary());
+    println!("  - open target: {}", open_target_plan.summary(profile));
+    for plan in hook_plans {
+        println!(
+            "  - hook {}: {} ({})",
+            plan.hook_type.filename(),
+            hook_action_summary(plan.action),
+            plan.hook_path.display()
+        );
+        if let Some(backup_path) = &plan.backup_path {
+            println!("    original hook saved as: {}", backup_path.display());
+            println!(
+                "    restore: mv '{}' '{}'",
+                backup_path.display(),
+                plan.hook_path.display()
+            );
+        }
+    }
+    for plan in shim_plans {
+        println!(
+            "  - shim {}: {} ({})",
+            plan.name,
+            shim_action_label(plan.action),
+            plan.path.display()
+        );
+    }
+    if yes {
+        println!("  - confirmation: skipped (--yes)");
+    } else {
+        println!("  - confirmation: required (use --yes to skip)");
+    }
+}
+
+pub(super) fn print_applied_setup(
+    repo_root: &Path,
+    fanout_mode: FanoutMode,
+    open_target: OpenTarget,
+    hook_reports: &[HookInstallReport],
+    shim_plans: &[ShimInstallPlan],
+    shim_paths: &ShimPaths,
+) {
+    println!("Applied setup in {}:", repo_root.display());
+    println!("  - fanout mode: {}", fanout_mode.as_str());
+    println!("  - open target: {}", open_target.as_str());
+    for report in hook_reports {
+        println!(
+            "  - hook {}: {} ({})",
+            report.hook_type.filename(),
+            hook_action_summary(report.action),
+            report.hook_path.display()
+        );
+        if report.backup_created {
+            if let Some(backup_path) = &report.backup_path {
+                println!("    original hook saved as: {}", backup_path.display());
+                println!(
+                    "    restore: mv '{}' '{}'",
+                    backup_path.display(),
+                    report.hook_path.display()
+                );
+            }
+        }
+    }
+
+    for plan in shim_plans {
+        let path = match plan.name {
+            "opensession" => &shim_paths.opensession,
+            _ => &shim_paths.ops,
+        };
+        println!(
+            "  - shim {}: {} ({})",
+            plan.name,
+            shim_action_label(plan.action),
+            path.display()
+        );
+    }
+}
+
+fn hook_action_summary(action: HookInstallAction) -> &'static str {
+    match action {
+        HookInstallAction::InstallNew => "install",
+        HookInstallAction::ReplaceManaged => "refresh",
+        HookInstallAction::BackupAndReplace => "preserve-original+replace",
+    }
+}
+
+pub(super) fn ensure_fanout_mode(
+    repo_root: &Path,
+    requested: Option<FanoutMode>,
+    interactive: bool,
+) -> Result<FanoutMode> {
+    if let Some(mode) = requested {
+        write_fanout_mode(repo_root, mode)?;
+        println!("fanout mode set: {}", mode.as_str());
+        return Ok(mode);
+    }
+    if let Some(mode) = read_fanout_mode(repo_root)? {
+        return Ok(mode);
+    }
+
+    if !interactive {
+        bail!(
+            "fanout mode is not configured for this repository.\nnext: run `{}`",
+            doctor::suggested_doctor_command(
+                FanoutMode::HiddenRef,
+                OpenTarget::Web,
+                SetupProfile::Local
+            )
+        );
+    }
+
+    let mode = prompt_fanout_mode()?;
+    write_fanout_mode(repo_root, mode)?;
+    println!("fanout mode initialized: {}", mode.as_str());
+    Ok(mode)
+}
+
+pub(super) fn ensure_open_target(
+    repo_root: &Path,
+    requested: Option<OpenTarget>,
+    interactive: bool,
+    profile: SetupProfile,
+) -> Result<OpenTarget> {
+    if let Some(target) = requested {
+        write_repo_open_target(repo_root, target)?;
+        println!("open target set: {}", target.as_str());
+        return Ok(target);
+    }
+    if let Some(target) = read_repo_open_target(repo_root)? {
+        return Ok(target);
+    }
+
+    let default_target = default_open_target_for_profile(profile);
+    let target = if interactive {
+        let selected = prompt_open_target(default_target, profile)?;
+        println!("open target initialized: {}", selected.as_str());
+        selected
+    } else {
+        println!(
+            "open target defaulted: {} (non-interactive)",
+            default_target.as_str()
+        );
+        default_target
+    };
+    write_repo_open_target(repo_root, target)?;
+    Ok(target)
+}
+
+pub(super) fn default_open_target_for_profile(profile: SetupProfile) -> OpenTarget {
+    match profile {
+        SetupProfile::Local => OpenTarget::Web,
+        SetupProfile::App => OpenTarget::App,
+    }
+}
+
+pub(super) fn read_fanout_mode(repo_root: &Path) -> Result<Option<FanoutMode>> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("config")
+        .arg("--local")
+        .arg("--get")
+        .arg(FANOUT_MODE_GIT_CONFIG_KEY)
+        .output()
+        .context("read git fanout mode")?;
+
+    if !output.status.success() {
+        return Ok(None);
+    }
+
+    let raw = String::from_utf8_lossy(&output.stdout).trim().to_string();
+    if raw.is_empty() {
+        return Ok(None);
+    }
+
+    Ok(Some(
+        FanoutMode::parse(&raw).unwrap_or(FanoutMode::HiddenRef),
+    ))
+}
+
+pub(super) fn write_fanout_mode(repo_root: &Path, mode: FanoutMode) -> Result<()> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("config")
+        .arg("--local")
+        .arg(FANOUT_MODE_GIT_CONFIG_KEY)
+        .arg(mode.as_str())
+        .output()
+        .context("write git fanout mode")?;
+    if !output.status.success() {
+        bail!(
+            "failed to store fanout mode in git config: {}",
+            String::from_utf8_lossy(&output.stderr).trim()
+        );
+    }
+    Ok(())
+}
+
+fn prompt_fanout_mode() -> Result<FanoutMode> {
+    if !io::stdin().is_terminal() || !io::stdout().is_terminal() {
+        bail!(
+            "fanout mode prompt requires an interactive terminal.\nnext: run `{}`",
+            doctor::suggested_doctor_command(
+                FanoutMode::HiddenRef,
+                OpenTarget::Web,
+                SetupProfile::Local
+            )
+        );
+    }
+
+    println!("Choose OpenSession fanout mode for this repository:");
+    println!("  1) hidden refs (default)");
+    println!("  2) git notes");
+    print!("select [1/2]: ");
+    io::stdout().flush().context("flush stdout")?;
+
+    let mut line = String::new();
+    io::stdin().read_line(&mut line).context("read selection")?;
+    Ok(parse_fanout_choice(&line).unwrap_or(FanoutMode::HiddenRef))
+}
+
+pub(super) fn parse_fanout_choice(input: &str) -> Option<FanoutMode> {
+    FanoutMode::parse(input)
+}
+
+fn prompt_open_target(default_target: OpenTarget, profile: SetupProfile) -> Result<OpenTarget> {
+    if !io::stdin().is_terminal() || !io::stdout().is_terminal() {
+        bail!(
+            "open target prompt requires an interactive terminal.\nnext: run `{}`",
+            doctor::suggested_doctor_command(FanoutMode::HiddenRef, default_target, profile)
+        );
+    }
+
+    println!("Choose OpenSession review opener for this repository:");
+    println!("  1) app");
+    println!("  2) web");
+    println!("  default: {}", default_target.as_str());
+    print!("select [1/2]: ");
+    io::stdout().flush().context("flush stdout")?;
+
+    let mut line = String::new();
+    io::stdin().read_line(&mut line).context("read selection")?;
+    Ok(parse_open_target_choice(&line).unwrap_or(default_target))
+}
+
+pub(super) fn parse_open_target_choice(input: &str) -> Option<OpenTarget> {
+    OpenTarget::parse(input)
+}
diff --git a/crates/cli/src/setup_cmd/shims.rs b/crates/cli/src/setup_cmd/shims.rs
new file mode 100644
index 00000000..fda791ce
--- /dev/null
+++ b/crates/cli/src/setup_cmd/shims.rs
@@ -0,0 +1,105 @@
+use anyhow::{Context, Result};
+use std::path::{Path, PathBuf};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub(super) enum ShimInstallAction {
+    InstallNew,
+    ReplaceExisting,
+    KeepExisting,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(super) struct ShimInstallPlan {
+    pub(super) name: &'static str,
+    pub(super) path: PathBuf,
+    pub(super) action: ShimInstallAction,
+}
+
+#[derive(Debug, Clone)]
+pub(super) struct ShimPaths {
+    pub(super) opensession: PathBuf,
+    pub(super) ops: PathBuf,
+}
+
+pub(super) fn plan_cli_shims() -> Result<Vec<ShimInstallPlan>> {
+    let exe = std::env::current_exe().context("resolve current opensession executable path")?;
+    let mut plans = Vec::new();
+    for name in ["opensession", "ops"] {
+        plans.push(plan_cli_shim(name, &exe)?);
+    }
+    Ok(plans)
+}
+
+fn plan_cli_shim(name: &'static str, exe: &Path) -> Result<ShimInstallPlan> {
+    let path = shim_path(name)?;
+    let action = if !path.exists() {
+        ShimInstallAction::InstallNew
+    } else if std::fs::canonicalize(&path).ok() == std::fs::canonicalize(exe).ok() {
+        ShimInstallAction::KeepExisting
+    } else {
+        ShimInstallAction::ReplaceExisting
+    };
+    Ok(ShimInstallPlan { name, path, action })
+}
+
+pub(super) fn shim_action_label(action: ShimInstallAction) -> &'static str {
+    match action {
+        ShimInstallAction::InstallNew => "install",
+        ShimInstallAction::ReplaceExisting => "replace",
+        ShimInstallAction::KeepExisting => "keep",
+    }
+}
+
+pub(super) fn shim_path(name: &str) -> Result<PathBuf> {
+    let home = std::env::var("HOME")
+        .context("HOME environment variable is not set; cannot resolve shim path")?;
+    Ok(PathBuf::from(home)
+        .join(".local")
+        .join("share")
+        .join("opensession")
+        .join("bin")
+        .join(name))
+}
+
+pub(super) fn install_cli_shims() -> Result<ShimPaths> {
+    let exe = std::env::current_exe().context("resolve current opensession executable path")?;
+    let opensession = install_cli_shim("opensession", &exe)?;
+    let ops = install_cli_shim("ops", &exe)?;
+    Ok(ShimPaths { opensession, ops })
+}
+
+fn install_cli_shim(name: &str, exe: &Path) -> Result<PathBuf> {
+    let shim = shim_path(name)?;
+    if let Some(parent) = shim.parent() {
+        std::fs::create_dir_all(parent)
+            .with_context(|| format!("create shim directory {}", parent.display()))?;
+    }
+
+    let existing_matches = if shim.exists() {
+        std::fs::canonicalize(&shim).ok() == std::fs::canonicalize(exe).ok()
+    } else {
+        false
+    };
+    if existing_matches {
+        return Ok(shim);
+    }
+
+    if shim.exists() {
+        std::fs::remove_file(&shim)
+            .with_context(|| format!("remove existing shim {}", shim.display()))?;
+    }
+
+    #[cfg(unix)]
+    {
+        std::os::unix::fs::symlink(exe, &shim)
+            .with_context(|| format!("create shim symlink {}", shim.display()))?;
+    }
+
+    #[cfg(not(unix))]
+    {
+        std::fs::copy(exe, &shim)
+            .with_context(|| format!("create shim copy {}", shim.display()))?;
+    }
+
+    Ok(shim)
+}
diff --git a/crates/cli/src/setup_cmd/status.rs b/crates/cli/src/setup_cmd/status.rs
new file mode 100644
index 00000000..12f94e09
--- /dev/null
+++ b/crates/cli/src/setup_cmd/status.rs
@@ -0,0 +1,421 @@
+use super::FanoutMode;
+use super::doctor::{self, DoctorLevel, DoctorSummary};
+use super::planning::read_fanout_mode;
+use super::shims::shim_path;
+use crate::cleanup_cmd::{self, CleanupDoctorLevel};
+use crate::hooks::{HookType, list_installed_hooks};
+use anyhow::{Context, Result, bail};
+use opensession_git_native::{branch_ledger_ref, extract_git_context, resolve_ledger_branch};
+use std::collections::HashSet;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+
+pub(super) fn run_check(repo_root: &Path) -> Result<()> {
+    let colors = doctor::doctor_colors_enabled();
+    let mut summary = DoctorSummary::default();
+    let installed = list_installed_hooks(repo_root);
+    let fanout_mode = read_fanout_mode(repo_root)?.unwrap_or(FanoutMode::HiddenRef);
+    let branch = current_branch(repo_root)?;
+    let ledger_branch = ledger_branch_name(repo_root);
+    let ledger = branch_ledger_ref(&ledger_branch);
+
+    println!("repo: {}", repo_root.display());
+    println!("doctor checks:");
+
+    let hooks_summary = if installed.is_empty() {
+        "none".to_string()
+    } else {
+        installed
+            .iter()
+            .map(HookType::filename)
+            .collect::<Vec<_>>()
+            .join(", ")
+    };
+    let hook_level = if installed.is_empty() {
+        DoctorLevel::Warn
+    } else {
+        DoctorLevel::Ok
+    };
+    doctor::print_doctor_item(colors, hook_level, "opensession hooks", &hooks_summary);
+    summary.record(hook_level);
+
+    let mut required_actions = Vec::new();
+    let mut optional_actions = Vec::new();
+
+    match shim_path("opensession") {
+        Ok(path) => {
+            let present = path.exists();
+            let level = if present {
+                DoctorLevel::Ok
+            } else {
+                DoctorLevel::Warn
+            };
+            doctor::print_doctor_item(
+                colors,
+                level,
+                "opensession shim",
+                &format!(
+                    "{} ({})",
+                    path.display(),
+                    if present { "present" } else { "missing" }
+                ),
+            );
+            summary.record(level);
+            if !present {
+                required_actions.push(
+                    "run `opensession doctor --fix` to install hooks/shims for this repo"
+                        .to_string(),
+                );
+            }
+        }
+        Err(err) => {
+            doctor::print_doctor_item(
+                colors,
+                DoctorLevel::Fail,
+                "opensession shim",
+                &format!("unavailable ({err})"),
+            );
+            summary.record(DoctorLevel::Fail);
+        }
+    }
+
+    match shim_path("ops") {
+        Ok(path) => {
+            let present = path.exists();
+            let level = if present {
+                DoctorLevel::Ok
+            } else {
+                DoctorLevel::Info
+            };
+            doctor::print_doctor_item(
+                colors,
+                level,
+                "ops shim",
+                &format!(
+                    "{} ({})",
+                    path.display(),
+                    if present { "present" } else { "missing" }
+                ),
+            );
+            summary.record(level);
+            if !present {
+                optional_actions.push(
+                    "optional: install `ops` shim via `opensession doctor --fix` for alias UX"
+                        .to_string(),
+                );
+            }
+        }
+        Err(err) => {
+            doctor::print_doctor_item(
+                colors,
+                DoctorLevel::Fail,
+                "ops shim",
+                &format!("unavailable ({err})"),
+            );
+            summary.record(DoctorLevel::Fail);
+        }
+    }
+
+    if let Ok(exe) = std::env::current_exe() {
+        doctor::print_doctor_item(
+            colors,
+            DoctorLevel::Ok,
+            "active binary",
+            &exe.display().to_string(),
+        );
+        summary.record(DoctorLevel::Ok);
+    }
+
+    doctor::print_doctor_item(colors, DoctorLevel::Ok, "fanout mode", fanout_mode.as_str());
+    summary.record(DoctorLevel::Ok);
+
+    let daemon_pid = daemon_pid_path()?;
+    let daemon = daemon_status(&daemon_pid);
+    let (daemon_level, daemon_summary, daemon_hint) = daemon_status_summary(&daemon, &daemon_pid);
+    doctor::print_doctor_item(colors, daemon_level, "daemon", &daemon_summary);
+    summary.record(daemon_level);
+    if let Some(hint) = daemon_hint {
+        doctor::print_doctor_hint(&hint);
+        if daemon_level == DoctorLevel::Info {
+            optional_actions.push(hint);
+        } else {
+            required_actions.push(hint);
+        }
+    }
+
+    let readiness = review_readiness(repo_root);
+    let (readiness_level, readiness_summary, readiness_hint) =
+        review_readiness_summary(readiness.hidden_fanout_ready, readiness.remote_hidden_refs);
+    doctor::print_doctor_item(
+        colors,
+        readiness_level,
+        "review readiness",
+        &readiness_summary,
+    );
+    summary.record(readiness_level);
+    if let Some(hint) = readiness_hint {
+        doctor::print_doctor_hint(&hint);
+        if readiness_level == DoctorLevel::Info {
+            optional_actions.push(hint);
+        } else {
+            required_actions.push(hint);
+        }
+    }
+
+    let cleanup = cleanup_cmd::doctor_status(repo_root);
+    let cleanup_level = match cleanup.level {
+        CleanupDoctorLevel::Ok => DoctorLevel::Ok,
+        CleanupDoctorLevel::Warn => DoctorLevel::Warn,
+    };
+    doctor::print_doctor_item(colors, cleanup_level, "cleanup", &cleanup.detail);
+    summary.record(cleanup_level);
+    if let Some(hint) = cleanup.hint {
+        doctor::print_doctor_hint(&hint);
+        required_actions.push(hint);
+    }
+
+    doctor::print_doctor_item(colors, DoctorLevel::Ok, "current branch", &branch);
+    summary.record(DoctorLevel::Ok);
+    if branch != ledger_branch {
+        doctor::print_doctor_item(colors, DoctorLevel::Info, "ledger branch", &ledger_branch);
+        summary.record(DoctorLevel::Info);
+        optional_actions.push(
+            "optional: branch/ledger mismatch is expected on detached HEAD; verify before sharing"
+                .to_string(),
+        );
+    }
+    doctor::print_doctor_item(colors, DoctorLevel::Ok, "expected ledger ref", &ledger);
+    summary.record(DoctorLevel::Ok);
+
+    if !required_actions.is_empty() {
+        let mut dedup = HashSet::new();
+        println!("next actions (recommended):");
+        for suggestion in required_actions {
+            if dedup.insert(suggestion.clone()) {
+                println!("  - {suggestion}");
+            }
+        }
+    }
+    if !optional_actions.is_empty() {
+        let mut dedup = HashSet::new();
+        println!("next actions (optional):");
+        for suggestion in optional_actions {
+            if dedup.insert(suggestion.clone()) {
+                println!("  - {suggestion}");
+            }
+        }
+    }
+
+    if summary.issue_categories() == 0 {
+        println!("doctor summary: no blocking issues.");
+    } else {
+        println!(
+            "doctor summary: found issues in {} categories.",
+            summary.issue_categories()
+        );
+    }
+
+    Ok(())
+}
+
+pub(super) fn print_daemon_status() -> Result<()> {
+    let pid_path = daemon_pid_path()?;
+    let status = daemon_status(&pid_path);
+    let (_, summary, hint) = daemon_status_summary(&status, &pid_path);
+    println!("daemon: {summary}");
+    if let Some(hint) = hint {
+        println!("daemon hint: {hint}");
+    }
+    Ok(())
+}
+
+pub(super) fn daemon_status_summary(
+    status: &DaemonStatus,
+    pid_path: &Path,
+) -> (DoctorLevel, String, Option<String>) {
+    match status {
+        DaemonStatus::Running(pid) => (DoctorLevel::Ok, format!("running (pid {pid})"), None),
+        DaemonStatus::NotRunning => (
+            DoctorLevel::Info,
+            format!("not running (pid file missing: {})", pid_path.display()),
+            Some(
+                "optional: start daemon for auto-capture with `opensession-daemon` (or `cargo run -p opensession-daemon -- run` in a source checkout)"
+                    .to_string(),
+            ),
+        ),
+        DaemonStatus::StalePid(pid) => (
+            DoctorLevel::Info,
+            format!(
+                "not running (stale pid file: {} -> pid {pid})",
+                pid_path.display()
+            ),
+            Some(
+                "optional: restart daemon for auto-capture with `opensession-daemon` (or `cargo run -p opensession-daemon -- run` in a source checkout)"
+                    .to_string(),
+            ),
+        ),
+        DaemonStatus::Unreadable(err) => (
+            DoctorLevel::Fail,
+            format!("status unavailable ({err})"),
+            None,
+        ),
+    }
+}
+
+fn daemon_pid_path() -> Result<PathBuf> {
+    let home = std::env::var("HOME")
+        .or_else(|_| std::env::var("USERPROFILE"))
+        .context("HOME/USERPROFILE is not set; cannot resolve daemon pid path")?;
+    Ok(PathBuf::from(home)
+        .join(".config")
+        .join("opensession")
+        .join("daemon.pid"))
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(super) enum DaemonStatus {
+    Running(u32),
+    NotRunning,
+    StalePid(u32),
+    Unreadable(String),
+}
+
+pub(super) fn daemon_status(pid_path: &Path) -> DaemonStatus {
+    if !pid_path.exists() {
+        return DaemonStatus::NotRunning;
+    }
+
+    let pid_raw = match std::fs::read_to_string(pid_path) {
+        Ok(raw) => raw,
+        Err(err) => return DaemonStatus::Unreadable(format!("read {}: {err}", pid_path.display())),
+    };
+    let pid = match pid_raw.trim().parse::<u32>() {
+        Ok(pid) if pid > 0 => pid,
+        Ok(_) | Err(_) => {
+            return DaemonStatus::Unreadable(format!(
+                "invalid pid content in {}",
+                pid_path.display()
+            ));
+        }
+    };
+
+    if process_running(pid) {
+        DaemonStatus::Running(pid)
+    } else {
+        DaemonStatus::StalePid(pid)
+    }
+}
+
+#[cfg(unix)]
+fn process_running(pid: u32) -> bool {
+    // SAFETY: kill(pid, 0) does not deliver a signal. It is the standard Unix probe for
+    // process existence and permissions, and we pass the parsed PID value directly to libc.
+    let rc = unsafe { libc::kill(pid as i32, 0) };
+    if rc == 0 {
+        return true;
+    }
+    matches!(
+        std::io::Error::last_os_error().raw_os_error(),
+        Some(libc::EPERM)
+    )
+}
+
+#[cfg(not(unix))]
+fn process_running(_pid: u32) -> bool {
+    false
+}
+
+pub(super) fn ledger_branch_name(repo_root: &Path) -> String {
+    let cwd = repo_root.to_string_lossy().to_string();
+    let git_ctx = extract_git_context(&cwd);
+    resolve_ledger_branch(git_ctx.branch.as_deref(), git_ctx.commit.as_deref())
+}
+
+pub(super) fn current_branch(repo_root: &Path) -> Result<String> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("rev-parse")
+        .arg("--abbrev-ref")
+        .arg("HEAD")
+        .output()
+        .context("resolve current git branch")?;
+    if !output.status.success() {
+        bail!(
+            "failed to read current branch: {}",
+            String::from_utf8_lossy(&output.stderr).trim()
+        );
+    }
+    Ok(String::from_utf8_lossy(&output.stdout).trim().to_string())
+}
+
+#[derive(Debug, Clone, Copy)]
+struct ReviewReadiness {
+    hidden_fanout_ready: bool,
+    remote_hidden_refs: bool,
+}
+
+fn review_readiness(repo_root: &Path) -> ReviewReadiness {
+    let hidden_fanout_ready = list_installed_hooks(repo_root).contains(&HookType::PrePush);
+
+    let remote_hidden_refs = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("for-each-ref")
+        .arg("--count=1")
+        .arg("--format=%(refname)")
+        .arg("refs/remotes/*/opensession/branches")
+        .output()
+        .ok()
+        .filter(|out| out.status.success())
+        .map(|out| !String::from_utf8_lossy(&out.stdout).trim().is_empty())
+        .unwrap_or(false);
+
+    ReviewReadiness {
+        hidden_fanout_ready,
+        remote_hidden_refs,
+    }
+}
+
+pub(super) fn review_readiness_summary(
+    hidden_fanout_ready: bool,
+    remote_hidden_refs: bool,
+) -> (DoctorLevel, String, Option<String>) {
+    let summary = format!(
+        "hidden-fanout={} hidden-refs={}",
+        if hidden_fanout_ready { "ok" } else { "missing" },
+        if remote_hidden_refs {
+            "present"
+        } else {
+            "none-fetched"
+        }
+    );
+
+    if hidden_fanout_ready && remote_hidden_refs {
+        return (DoctorLevel::Ok, summary, None);
+    }
+
+    if !hidden_fanout_ready {
+        return (
+            DoctorLevel::Warn,
+            summary,
+            Some("run `opensession doctor --fix` to install the pre-push fanout hook".to_string()),
+        );
+    }
+
+    (
+        DoctorLevel::Info,
+        summary,
+        Some(
+            "optional: fetch hidden refs before local review: `git fetch origin 'refs/opensession/branches/*:refs/remotes/origin/opensession/branches/*'`".to_string(),
+        ),
+    )
+}
+
+pub(super) fn print_review_readiness(repo_root: &Path) -> Result<()> {
+    let readiness = review_readiness(repo_root);
+    let (_, summary, _) =
+        review_readiness_summary(readiness.hidden_fanout_ready, readiness.remote_hidden_refs);
+    println!("review readiness: {summary}");
+    Ok(())
+}
diff --git a/crates/cli/src/setup_cmd/validation.rs b/crates/cli/src/setup_cmd/validation.rs
new file mode 100644
index 00000000..bc0daf3b
--- /dev/null
+++ b/crates/cli/src/setup_cmd/validation.rs
@@ -0,0 +1,75 @@
+use super::doctor;
+use super::{FanoutInstallPlan, FanoutMode, SetupArgs, SetupProfile};
+use crate::open_target::OpenTarget;
+use anyhow::{Context, Result, bail};
+use std::io::{self, IsTerminal, Write};
+
+pub(super) fn validate_setup_args(args: &SetupArgs) -> Result<()> {
+    if args.check && args.yes {
+        bail!("`--yes` cannot be used with `--check`");
+    }
+    if args.check && args.fanout_mode.is_some() {
+        bail!(
+            "`--fanout-mode` requires apply mode. next: run `opensession doctor --fix --yes --profile local --fanout-mode hidden_ref`"
+        );
+    }
+    if args.check && args.open_target.is_some() {
+        bail!(
+            "`--open-target` requires apply mode. next: run `opensession doctor --fix --yes --profile local --open-target web`"
+        );
+    }
+    Ok(())
+}
+
+pub(super) fn enforce_apply_mode_requirements(
+    interactive: bool,
+    yes: bool,
+    fanout_plan: FanoutInstallPlan,
+) -> Result<()> {
+    let suggested_mode = fanout_plan.suggested_mode();
+    if !interactive && !yes {
+        bail!(
+            "setup requires explicit approval in non-interactive mode.\nnext: run `{}`",
+            doctor::suggested_doctor_command(suggested_mode, OpenTarget::Web, SetupProfile::Local)
+        );
+    }
+    if !interactive && fanout_plan.existing.is_none() && fanout_plan.requested.is_none() {
+        bail!(
+            "fanout mode is not configured for this repository, and setup cannot prompt in non-interactive mode.\nnext: run `{}`",
+            doctor::suggested_doctor_command(
+                FanoutMode::HiddenRef,
+                OpenTarget::Web,
+                SetupProfile::Local
+            )
+        );
+    }
+    Ok(())
+}
+
+pub(super) fn is_interactive_terminal() -> bool {
+    io::stdin().is_terminal() && io::stdout().is_terminal()
+}
+
+pub(super) fn prompt_apply_confirmation(
+    mode_hint: FanoutMode,
+    open_target_hint: OpenTarget,
+    profile: SetupProfile,
+) -> Result<()> {
+    print!("Apply these changes? [y/N]: ");
+    io::stdout().flush().context("flush stdout")?;
+    let mut line = String::new();
+    io::stdin()
+        .read_line(&mut line)
+        .context("read setup confirmation")?;
+    if parse_apply_confirmation(&line) {
+        return Ok(());
+    }
+    bail!(
+        "setup cancelled by user.\nnext: run `{}`",
+        doctor::suggested_doctor_command(mode_hint, open_target_hint, profile)
+    );
+}
+
+pub(super) fn parse_apply_confirmation(input: &str) -> bool {
+    matches!(input.trim().to_ascii_lowercase().as_str(), "y" | "yes")
+}
diff --git a/crates/cli/src/stream_push.rs b/crates/cli/src/stream_push.rs
index aeef762d..a98b8e18 100644
--- a/crates/cli/src/stream_push.rs
+++ b/crates/cli/src/stream_push.rs
@@ -140,7 +140,8 @@ pub fn run_stream_push(agent: &str) -> Result<()> {
     }
 
     // Parse the full file with the standard parser.
-    let session = opensession_parsers::parse_with_default_parsers(&session_file)?
+    let session = opensession_parsers::ParserRegistry::default()
+        .parse_path(&session_file)?
         .ok_or_else(|| anyhow::anyhow!("No parser for {}", session_file.display()))?;
     if is_auxiliary_session(&session) {
         return Ok(());
diff --git a/crates/cli/src/upload.rs b/crates/cli/src/upload.rs
index ddf594e4..0999111b 100644
--- a/crates/cli/src/upload.rs
+++ b/crates/cli/src/upload.rs
@@ -8,7 +8,7 @@ use std::time::Duration;
 
 use crate::config::{load_config, load_daemon_config};
 use opensession_api_client::ApiClient;
-use opensession_parsers::{all_parsers, parser_for_path};
+use opensession_parsers::ParserRegistry;
 
 /// Upload a session file to the configured server (or git branch with --git)
 pub async fn run_upload(file: &Path, parent_ids: &[String], use_git: bool) -> Result<()> {
@@ -20,8 +20,8 @@ pub async fn run_upload(file: &Path, parent_ids: &[String], use_git: bool) -> Re
     let daemon_config = load_daemon_config()?;
 
     // Find a parser that can handle this file
-    let parsers = all_parsers();
-    let parser = parser_for_path(&parsers, file);
+    let registry = ParserRegistry::default();
+    let parser = registry.parser_for_path(file);
 
     let parser = match parser {
         Some(p) => p,
diff --git a/crates/daemon/src/scheduler.rs b/crates/daemon/src/scheduler.rs
index e595f5a3..1cf81856 100644
--- a/crates/daemon/src/scheduler.rs
+++ b/crates/daemon/src/scheduler.rs
@@ -1,1597 +1,11 @@
-use anyhow::Result;
-use chrono::{DateTime, Utc};
-use opensession_core::Session;
-use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
-use opensession_core::session::{
-    GitMeta, build_git_storage_meta_json_with_git, interaction_compressed_session,
-    is_auxiliary_session, working_directory,
-};
-use opensession_git_native::{
-    PruneStats, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, branch_ledger_ref,
-    extract_git_context, resolve_ledger_branch,
-};
-use opensession_local_db::LocalDb;
-use opensession_parsers::parse_with_default_parsers;
-use opensession_summary::{GitSummaryRequest, summarize_session};
-use std::collections::{HashMap, HashSet};
-use std::path::{Path, PathBuf};
-use std::process::Command;
-use std::time::Duration;
-use tokio::sync::mpsc;
-use tokio::time::Instant;
-use tracing::{debug, error, info, warn};
-
-use crate::config::{
-    DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode, SessionDefaultView,
-};
-use crate::repo_registry::RepoRegistry;
-use crate::watcher::FileChangeEvent;
-
-// ── Helpers ──────────────────────────────────────────────────────────────
-
-/// Extract the working directory from session context attributes.
-fn session_cwd(session: &Session) -> Option<&str> {
-    working_directory(session)
-}
-
-/// Build a JSON metadata blob for git storage from a session.
-fn build_session_meta_json(session: &Session, git: Option<&GitMeta>) -> Vec<u8> {
-    build_git_storage_meta_json_with_git(session, git)
-}
-
-fn session_to_hail_jsonl_bytes(session: &Session) -> Option<Vec<u8>> {
-    match session.to_jsonl() {
-        Ok(jsonl) => Some(jsonl.into_bytes()),
-        Err(e) => {
-            warn!(
-                "Failed to serialize session {} to HAIL JSONL: {}",
-                session.session_id, e
-            );
-            None
-        }
-    }
-}
-
-/// Resolve the effective publish mode from canonical runtime config.
-fn resolve_publish_mode(settings: &DaemonSettings) -> PublishMode {
-    settings.publish_on.clone()
-}
-
-fn should_auto_upload(mode: &PublishMode) -> bool {
-    !matches!(mode, PublishMode::Manual)
-}
-
-/// Resolve retention schedule for git-native session pruning.
-fn resolve_git_retention_schedule(config: &DaemonConfig) -> Option<(u32, Duration)> {
-    if config.git_storage.method == GitStorageMethod::Sqlite {
-        return None;
-    }
-    if !config.git_storage.retention.enabled {
-        return None;
-    }
-
-    let keep_days = config.git_storage.retention.keep_days;
-    let interval_secs = config.git_storage.retention.interval_secs.max(60);
-    Some((keep_days, Duration::from_secs(interval_secs)))
-}
-
-fn resolve_lifecycle_schedule(config: &DaemonConfig) -> Option<Duration> {
-    if !config.lifecycle.enabled {
-        return None;
-    }
-    Some(Duration::from_secs(
-        config.lifecycle.cleanup_interval_secs.max(60),
-    ))
-}
-
-fn run_lifecycle_cleanup_on_start(config: &DaemonConfig, db: &LocalDb, registry: &RepoRegistry) {
-    if resolve_lifecycle_schedule(config).is_none() {
-        return;
-    }
-    if let Err(e) = run_lifecycle_cleanup_once(config, db, registry) {
-        warn!("Lifecycle startup cleanup failed: {e}");
-    }
-}
-
-fn run_git_retention_once(registry: &RepoRegistry, keep_days: u32) -> Result<()> {
-    let repo_roots = registry.repo_roots();
-    if repo_roots.is_empty() {
-        debug!("Git retention: no tracked repositories");
-        return Ok(());
-    }
-
-    let storage = opensession_git_native::NativeGitStorage;
-    for repo_root in repo_roots {
-        let refs = list_branch_ledger_refs(&repo_root);
-        if refs.is_empty() {
-            continue;
-        }
-        for ref_name in refs {
-            let prune_result = storage.prune_by_age_at_ref(&repo_root, &ref_name, keep_days);
-            match prune_result {
-                Ok(PruneStats {
-                    scanned_sessions,
-                    expired_sessions,
-                    rewritten,
-                }) => {
-                    if rewritten {
-                        info!(
-                            repo = %repo_root.display(),
-                            ref_name,
-                            keep_days,
-                            scanned_sessions,
-                            expired_sessions,
-                            "Git retention: pruned expired sessions"
-                        );
-                    } else {
-                        debug!(
-                            repo = %repo_root.display(),
-                            ref_name,
-                            keep_days,
-                            scanned_sessions,
-                            "Git retention: no expired sessions"
-                        );
-                    }
-                }
-                Err(e) => {
-                    warn!(
-                        repo = %repo_root.display(),
-                        ref_name,
-                        keep_days,
-                        "Git retention failed: {e}"
-                    );
-                }
-            }
-        }
-    }
-
-    Ok(())
-}
-
-fn resolve_repo_root_from_working_directory(cwd: Option<&str>) -> Option<PathBuf> {
-    cwd.and_then(crate::config::find_repo_root)
-}
-
-fn collect_lifecycle_repo_roots(db: &LocalDb, registry: &RepoRegistry) -> Result<Vec<PathBuf>> {
-    let mut deduped: HashSet<PathBuf> = registry.repo_roots().into_iter().collect();
-
-    let filter = opensession_local_db::LocalSessionFilter {
-        limit: None,
-        offset: None,
-        ..Default::default()
-    };
-    let rows = db.list_sessions(&filter)?;
-    for row in rows {
-        if let Some(repo_root) =
-            resolve_repo_root_from_working_directory(row.working_directory.as_deref())
-        {
-            deduped.insert(repo_root);
-        }
-    }
-
-    let mut roots = deduped.into_iter().collect::<Vec<_>>();
-    roots.sort();
-    Ok(roots)
-}
-
-fn source_parent_directory_missing(source_path: &str) -> bool {
-    let path = Path::new(source_path);
-    path.parent()
-        .filter(|parent| !parent.as_os_str().is_empty())
-        .is_some_and(|parent| !parent.exists())
-}
-
-fn list_sessions_with_missing_source_parent_dirs(db: &LocalDb) -> Result<Vec<String>> {
-    let mut orphaned = db
-        .list_session_source_paths()?
-        .into_iter()
-        .filter_map(|(session_id, source_path)| {
-            if source_parent_directory_missing(&source_path) {
-                Some(session_id)
-            } else {
-                None
-            }
-        })
-        .collect::<Vec<_>>();
-    orphaned.sort();
-    orphaned.dedup();
-    Ok(orphaned)
-}
-
-fn run_lifecycle_cleanup_once(
-    config: &DaemonConfig,
-    db: &LocalDb,
-    registry: &RepoRegistry,
-) -> Result<()> {
-    if !config.lifecycle.enabled {
-        return Ok(());
-    }
-
-    let storage = opensession_git_native::NativeGitStorage;
-    let expired_sessions = db.list_expired_session_ids(config.lifecycle.session_ttl_days)?;
-    let orphaned_sessions = list_sessions_with_missing_source_parent_dirs(db)?;
-    let mut sessions_to_delete = expired_sessions
-        .into_iter()
-        .collect::<std::collections::BTreeSet<_>>();
-    sessions_to_delete.extend(orphaned_sessions);
-    let total_sessions_to_delete = sessions_to_delete.len();
-    let mut deleted_sessions = 0usize;
-
-    for session_id in sessions_to_delete {
-        let row = db.get_session_by_id(&session_id)?;
-        let repo_root = resolve_repo_root_from_working_directory(
-            row.as_ref()
-                .and_then(|row| row.working_directory.as_deref()),
-        );
-        if let Some(repo_root) = repo_root {
-            let delete_result =
-                storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &session_id);
-            if let Err(e) = delete_result {
-                warn!(
-                    repo = %repo_root.display(),
-                    session_id,
-                    "Lifecycle cleanup: failed to delete hidden-ref summary for expired session: {e}"
-                );
-            }
-        }
-        db.delete_session(&session_id)?;
-        deleted_sessions = deleted_sessions.saturating_add(1);
-    }
-
-    let deleted_local_summaries =
-        db.delete_expired_session_summaries(config.lifecycle.summary_ttl_days)? as usize;
-
-    let repo_roots = collect_lifecycle_repo_roots(db, registry)?;
-    for repo_root in repo_roots {
-        let prune_result = storage.prune_summaries_by_age_at_ref(
-            &repo_root,
-            SUMMARY_LEDGER_REF,
-            config.lifecycle.summary_ttl_days,
-        );
-        match prune_result {
-            Ok(PruneStats {
-                scanned_sessions,
-                expired_sessions,
-                rewritten,
-            }) => {
-                if rewritten {
-                    info!(
-                        repo = %repo_root.display(),
-                        scanned_sessions,
-                        expired_sessions,
-                        keep_days = config.lifecycle.summary_ttl_days,
-                        "Lifecycle cleanup: pruned hidden-ref summaries"
-                    );
-                } else {
-                    debug!(
-                        repo = %repo_root.display(),
-                        scanned_sessions,
-                        keep_days = config.lifecycle.summary_ttl_days,
-                        "Lifecycle cleanup: no hidden-ref summary pruning required"
-                    );
-                }
-            }
-            Err(e) => {
-                warn!(
-                    repo = %repo_root.display(),
-                    "Lifecycle cleanup: hidden-ref summary pruning failed: {e}"
-                );
-            }
-        }
-    }
-
-    if config.git_storage.method != GitStorageMethod::Sqlite {
-        run_git_retention_once(registry, config.lifecycle.session_ttl_days)?;
-    }
-
-    info!(
-        deleted_sessions,
-        total_sessions_to_delete,
-        deleted_local_summaries,
-        session_ttl_days = config.lifecycle.session_ttl_days,
-        summary_ttl_days = config.lifecycle.summary_ttl_days,
-        "Lifecycle cleanup: cycle complete"
-    );
-    Ok(())
-}
-
-fn list_branch_ledger_refs(repo_root: &Path) -> Vec<String> {
-    let output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("for-each-ref")
-        .arg("--format=%(refname)")
-        .arg(opensession_git_native::BRANCH_LEDGER_REF_PREFIX)
-        .output();
-    let Ok(output) = output else {
-        return Vec::new();
-    };
-    if !output.status.success() {
-        return Vec::new();
-    }
-    String::from_utf8_lossy(&output.stdout)
-        .lines()
-        .map(str::trim)
-        .filter(|line| !line.is_empty())
-        .map(ToOwned::to_owned)
-        .collect()
-}
-
-fn commit_shas_from_reflog(repo_root: &Path, start_ts: i64, end_ts: i64) -> Vec<String> {
-    let git_dir_output = Command::new("git")
-        .arg("-C")
-        .arg(repo_root)
-        .arg("rev-parse")
-        .arg("--git-dir")
-        .output();
-    let Ok(git_dir_output) = git_dir_output else {
-        return Vec::new();
-    };
-    if !git_dir_output.status.success() {
-        return Vec::new();
-    }
-    let git_dir = String::from_utf8_lossy(&git_dir_output.stdout)
-        .trim()
-        .to_string();
-    if git_dir.is_empty() {
-        return Vec::new();
-    }
-    let git_dir_path = if Path::new(&git_dir).is_absolute() {
-        PathBuf::from(git_dir)
-    } else {
-        repo_root.join(git_dir)
-    };
-    let reflog_path = git_dir_path.join("logs").join("HEAD");
-    let raw = std::fs::read_to_string(&reflog_path);
-    let Ok(raw) = raw else {
-        return Vec::new();
-    };
-
-    let mut seen = HashSet::new();
-    let mut commits = Vec::new();
-    for line in raw.lines() {
-        let Some((left, _msg)) = line.split_once('\t') else {
-            continue;
-        };
-        let mut pieces = left.split_whitespace();
-        let _old = pieces.next();
-        let new = pieces.next();
-        let Some(new_sha) = new else {
-            continue;
-        };
-        if new_sha.len() < 7 || !new_sha.chars().all(|c| c.is_ascii_hexdigit()) {
-            continue;
-        }
-        let mut tail = left.split_whitespace().rev();
-        let _tz = tail.next();
-        let ts_raw = tail.next();
-        let Some(ts_raw) = ts_raw else {
-            continue;
-        };
-        let Ok(ts) = ts_raw.parse::<i64>() else {
-            continue;
-        };
-        if ts < start_ts || ts > end_ts {
-            continue;
-        }
-        if seen.insert(new_sha.to_string()) {
-            commits.push(new_sha.to_string());
-        }
-    }
-    commits
-}
-
-fn collect_commit_shas_for_session(repo_root: &Path, session: &Session) -> Vec<String> {
-    let created = session.context.created_at.timestamp();
-    let updated = session.context.updated_at.timestamp();
-    let start = created.min(updated);
-    let end = created.max(updated);
-
-    let mut commits = commit_shas_from_reflog(repo_root, start, end);
-    if commits.is_empty() {
-        let output = Command::new("git")
-            .arg("-C")
-            .arg(repo_root)
-            .arg("rev-parse")
-            .arg("HEAD")
-            .output();
-        if let Ok(output) = output {
-            if output.status.success() {
-                let head = String::from_utf8_lossy(&output.stdout).trim().to_string();
-                if !head.is_empty() {
-                    commits.push(head);
-                }
-            }
-        }
-    }
-    commits
-}
-
-/// Run the scheduler loop: receives file change events, debounces, parses, and marks share-ready state.
-pub async fn run_scheduler(
-    config: DaemonConfig,
-    mut rx: mpsc::UnboundedReceiver<FileChangeEvent>,
-    mut shutdown: tokio::sync::watch::Receiver<bool>,
-    db: std::sync::Arc<LocalDb>,
-) {
-    let debounce_duration = Duration::from_secs(config.daemon.debounce_secs);
-
-    let effective_mode = resolve_publish_mode(&config.daemon);
-    let mut repo_registry = match RepoRegistry::load_default() {
-        Ok(registry) => registry,
-        Err(e) => {
-            warn!("failed to load repo registry: {e}");
-            RepoRegistry::default()
-        }
-    };
-
-    // Run lifecycle cleanup once at startup before interval-driven cycles.
-    run_lifecycle_cleanup_on_start(&config, &db, &repo_registry);
-
-    // Pending changes: path -> when we last saw a change
-    let mut pending: HashMap<PathBuf, Instant> = HashMap::new();
-
-    let mut tick = tokio::time::interval(Duration::from_secs(1));
-    let retention_schedule = resolve_git_retention_schedule(&config);
-    let mut next_retention_run = retention_schedule.map(|(_, interval)| Instant::now() + interval);
-    let lifecycle_interval = resolve_lifecycle_schedule(&config);
-    let mut next_lifecycle_run = lifecycle_interval.map(|interval| Instant::now() + interval);
-
-    loop {
-        tokio::select! {
-            // Receive new file change events
-            Some(event) = rx.recv() => {
-                debug!("Scheduling: {:?}", event.path.display());
-                pending.insert(event.path, Instant::now());
-            }
-
-            // Periodic tick to check for debounced items
-            _ = tick.tick() => {
-                let now = Instant::now();
-                let effective_debounce = match effective_mode {
-                    PublishMode::Realtime => Duration::from_millis(config.daemon.realtime_debounce_ms),
-                    _ => debounce_duration,
-                };
-
-                let ready: Vec<PathBuf> = pending
-                    .iter()
-                    .filter(|(_, last_change)| now.duration_since(**last_change) >= effective_debounce)
-                    .map(|(path, _)| path.clone())
-                    .collect();
-
-                for path in ready {
-                    pending.remove(&path);
-                    if matches!(effective_mode, PublishMode::Manual) {
-                        debug!(
-                            "Manual mode, indexing locally without auto-publish: {}",
-                            path.display()
-                        );
-                    }
-                    let process_result = process_file(
-                        &path,
-                        &config,
-                        &db,
-                        &mut repo_registry,
-                        should_auto_upload(&effective_mode),
-                    )
-                    .await;
-                    if let Err(e) = process_result {
-                        error!("Failed to process {}: {:#}", path.display(), e);
-                    }
-                }
-
-                if let (Some((keep_days, interval)), Some(next_at)) =
-                    (retention_schedule, next_retention_run)
-                {
-                    if now >= next_at {
-                        let retention_result = run_git_retention_once(&repo_registry, keep_days);
-                        if let Err(e) = retention_result {
-                            warn!("Git retention scan failed: {e}");
-                        }
-                        next_retention_run = Some(now + interval);
-                    }
-                }
-
-                if let (Some(interval), Some(next_at)) = (lifecycle_interval, next_lifecycle_run) {
-                    if now >= next_at {
-                        let cleanup_result =
-                            run_lifecycle_cleanup_once(&config, &db, &repo_registry);
-                        if let Err(e) = cleanup_result {
-                            warn!("Lifecycle cleanup failed: {e}");
-                        }
-                        next_lifecycle_run = Some(now + interval);
-                    }
-                }
-
-            }
-
-            // Shutdown signal
-            _ = shutdown.changed() => {
-                let should_shutdown = {
-                    let borrowed = shutdown.borrow();
-                    *borrowed
-                };
-                if should_shutdown {
-                    info!("Scheduler shutting down");
-                    break;
-                }
-            }
-        }
-    }
-}
-
-// ---------------------------------------------------------------------------
-// process_file: orchestrator + helpers
-// ---------------------------------------------------------------------------
-
-/// Process a single file: parse, store in local DB, sanitize, and prepare share state.
-async fn process_file(
-    path: &PathBuf,
-    config: &DaemonConfig,
-    db: &LocalDb,
-    repo_registry: &mut RepoRegistry,
-    auto_upload: bool,
-) -> Result<()> {
-    if was_already_uploaded(path, db)? {
-        return Ok(());
-    }
-
-    let mut session = match parse_session(path)? {
-        Some(s) => s,
-        None => return Ok(()),
-    };
-
-    // Resolve effective config (global + project-level)
-    let effective_config = resolve_effective_config(&session, config);
-
-    if is_tool_excluded(&session, &effective_config) {
-        return Ok(());
-    }
-
-    store_locally(&session, path, db, &effective_config)?;
-    if let Err(error) = maybe_generate_semantic_summary(&session, db, &effective_config).await {
-        warn!(
-            session_id = %session.session_id,
-            "semantic summary generation skipped/failed: {error}"
-        );
-    }
-
-    if !auto_upload {
-        return Ok(());
-    }
-
-    sanitize(&mut session, &effective_config);
-
-    let git_store = maybe_git_store(&session, &effective_config);
-    if let Some(ref stored) = git_store {
-        if let Err(e) = repo_registry.add(&stored.repo_root) {
-            warn!(
-                repo = %stored.repo_root.display(),
-                "failed to update repo registry: {e}"
-            );
-        }
-    }
-
-    mark_session_share_ready(
-        &session,
-        db,
-        git_store
-            .as_ref()
-            .and_then(|stored| stored.body_url.as_deref()),
-    )
-}
-
-fn resolve_effective_config(session: &Session, config: &DaemonConfig) -> DaemonConfig {
-    if let Some(cwd) = session_cwd(session) {
-        if let Some(repo_root) = crate::config::find_repo_root(cwd) {
-            if let Some(project) = crate::config::load_effective_project_config(&repo_root) {
-                return crate::config::merge_project_config(config, &project);
-            }
-        }
-    }
-
-    config.clone()
-}
-
-fn was_already_uploaded(path: &PathBuf, db: &LocalDb) -> Result<bool> {
-    let modified: DateTime<Utc> = std::fs::metadata(path)?.modified()?.into();
-    let path_str = path.to_string_lossy().to_string();
-    if db.was_uploaded_after(&path_str, &modified)? {
-        debug!("Skipping already-uploaded file: {}", path.display());
-        return Ok(true);
-    }
-    Ok(false)
-}
-
-fn parse_session(path: &Path) -> Result<Option<Session>> {
-    let session = match parse_with_default_parsers(path)? {
-        Some(session) => session,
-        None => {
-            warn!("No parser for: {}", path.display());
-            return Ok(None);
-        }
-    };
-    if is_auxiliary_session(&session) {
-        debug!("Skipping auxiliary session from {}", path.display());
-        return Ok(None);
-    }
-
-    info!("Parsing: {}", path.display());
-    Ok(Some(session))
-}
-
-fn is_tool_excluded(session: &Session, config: &DaemonConfig) -> bool {
-    let excluded = config
-        .privacy
-        .exclude_tools
-        .iter()
-        .any(|t| t.eq_ignore_ascii_case(&session.agent.tool));
-
-    if excluded {
-        info!(
-            "Excluding tool '{}': source file excluded by config",
-            session.agent.tool,
-        );
-    }
-    excluded
-}
-
-fn store_locally(
-    session: &Session,
-    path: &Path,
-    db: &LocalDb,
-    config: &DaemonConfig,
-) -> Result<()> {
-    let path_str = path.to_string_lossy().to_string();
-    let local_session = if matches!(
-        config.daemon.session_default_view,
-        SessionDefaultView::Compressed
-    ) {
-        interaction_compressed_session(session)
-    } else {
-        session.clone()
-    };
-
-    let git = session_cwd(&local_session)
-        .map(extract_git_context)
-        .unwrap_or_default();
-    let local_git = opensession_local_db::git::GitContext {
-        remote: git.remote.clone(),
-        branch: git.branch.clone(),
-        commit: git.commit.clone(),
-        repo_name: git.repo_name.clone(),
-    };
-
-    db.upsert_local_session(&local_session, &path_str, &local_git)?;
-    // Keep original source bytes so summary/vector rebuild can survive source-file cleanup.
-    match std::fs::read(path) {
-        Ok(body) => {
-            if let Err(error) = db.cache_body(&session.session_id, &body) {
-                warn!(
-                    "Failed to cache source body for session {}: {}",
-                    session.session_id, error
-                );
-            }
-        }
-        Err(error) => {
-            warn!(
-                "Failed to read source file for session {} while caching body: {}",
-                session.session_id, error
-            );
-        }
-    }
-    Ok(())
-}
-
-async fn maybe_generate_semantic_summary(
-    session: &Session,
-    db: &LocalDb,
-    config: &DaemonConfig,
-) -> Result<()> {
-    let settings = &config.summary;
-    if !settings.should_generate_on_session_save() {
-        return Ok(());
-    }
-    if settings.storage.backend == opensession_runtime_config::SummaryStorageBackend::None {
-        return Ok(());
-    }
-    if !settings.is_configured() {
-        return Ok(());
-    }
-
-    let git_request = if settings.allows_git_changes_fallback() {
-        session_cwd(session).and_then(|cwd| {
-            crate::config::find_repo_root(cwd).map(|repo_root| GitSummaryRequest {
-                repo_root,
-                commit: extract_git_context(cwd).commit,
-            })
-        })
-    } else {
-        None
-    };
-
-    let artifact = summarize_session(session, settings, git_request.as_ref())
-        .await
-        .map_err(anyhow::Error::msg)?;
-
-    match settings.storage.backend {
-        opensession_runtime_config::SummaryStorageBackend::LocalDb => {
-            let summary_json = serde_json::to_string(&artifact.summary)?;
-            let source_details_json = if artifact.source_details.is_empty() {
-                None
-            } else {
-                Some(serde_json::to_string(&artifact.source_details)?)
-            };
-            let diff_tree_json = if artifact.diff_tree.is_empty() {
-                None
-            } else {
-                Some(serde_json::to_string(&artifact.diff_tree)?)
-            };
-            let generated_at = chrono::Utc::now().to_rfc3339();
-            let provider = enum_label(&artifact.provider);
-            let source_kind = enum_label(&artifact.source_kind);
-            let generation_kind = enum_label(&artifact.generation_kind);
-            let model = if artifact.model.trim().is_empty() {
-                None
-            } else {
-                Some(artifact.model.clone())
-            };
-            let prompt_fingerprint = if artifact.prompt_fingerprint.trim().is_empty() {
-                None
-            } else {
-                Some(artifact.prompt_fingerprint)
-            };
-
-            db.upsert_session_semantic_summary(
-                &opensession_local_db::SessionSemanticSummaryUpsert {
-                    session_id: &session.session_id,
-                    summary_json: &summary_json,
-                    generated_at: &generated_at,
-                    provider: &provider,
-                    model: model.as_deref(),
-                    source_kind: &source_kind,
-                    generation_kind: &generation_kind,
-                    prompt_fingerprint: prompt_fingerprint.as_deref(),
-                    source_details_json: source_details_json.as_deref(),
-                    diff_tree_json: diff_tree_json.as_deref(),
-                    error: artifact.error.as_deref(),
-                },
-            )?;
-        }
-        opensession_runtime_config::SummaryStorageBackend::HiddenRef => {
-            let cwd = session_cwd(session)
-                .ok_or_else(|| anyhow::anyhow!("session working directory is missing"))?;
-            let repo_root = crate::config::find_repo_root(cwd)
-                .ok_or_else(|| anyhow::anyhow!("failed to resolve git repo root"))?;
-            let summary_value = serde_json::to_value(&artifact.summary)?;
-            let source_details = serde_json::to_value(&artifact.source_details)?;
-            let diff_tree_value = serde_json::to_value(&artifact.diff_tree)?;
-            let diff_tree = diff_tree_value.as_array().cloned().unwrap_or_default();
-            let record = SessionSummaryLedgerRecord {
-                session_id: session.session_id.clone(),
-                generated_at: chrono::Utc::now().to_rfc3339(),
-                provider: enum_label(&artifact.provider),
-                model: (!artifact.model.trim().is_empty()).then_some(artifact.model.clone()),
-                source_kind: enum_label(&artifact.source_kind),
-                generation_kind: enum_label(&artifact.generation_kind),
-                prompt_fingerprint: (!artifact.prompt_fingerprint.trim().is_empty())
-                    .then_some(artifact.prompt_fingerprint),
-                summary: summary_value,
-                source_details,
-                diff_tree,
-                error: artifact.error.clone(),
-            };
-            opensession_git_native::NativeGitStorage
-                .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &record)
-                .map_err(anyhow::Error::msg)?;
-        }
-        opensession_runtime_config::SummaryStorageBackend::None => {}
-    }
-
-    Ok(())
-}
-
-fn enum_label<T: serde::Serialize>(value: &T) -> String {
-    serde_json::to_string(value)
-        .ok()
-        .map(|raw| raw.trim_matches('"').to_string())
-        .filter(|raw| !raw.trim().is_empty())
-        .unwrap_or_else(|| "unknown".to_string())
-}
-
-fn sanitize(session: &mut Session, config: &DaemonConfig) {
-    let sanitize_config = SanitizeConfig {
-        strip_paths: config.privacy.strip_paths,
-        strip_env_vars: config.privacy.strip_env_vars,
-        exclude_patterns: config.privacy.exclude_patterns.clone(),
-    };
-    sanitize_session(session, &sanitize_config);
-}
-
-/// Store a session to the local git-native branch when Git-Native mode is enabled.
-/// Returns the body_url (raw content URL) on success, or None on failure/not configured.
-struct GitStoreOutcome {
-    body_url: Option<String>,
-    repo_root: PathBuf,
-}
-
-fn maybe_git_store(session: &Session, config: &DaemonConfig) -> Option<GitStoreOutcome> {
-    if config.git_storage.method == GitStorageMethod::Sqlite {
-        return None;
-    }
-
-    let cwd = session_cwd(session)?;
-    let repo_root = crate::config::find_repo_root(cwd)?;
-    let git_ctx = extract_git_context(cwd);
-    let branch = resolve_ledger_branch(git_ctx.branch.as_deref(), git_ctx.commit.as_deref());
-    let ref_name = branch_ledger_ref(&branch);
-    let commit_shas = collect_commit_shas_for_session(&repo_root, session);
-
-    let hail_jsonl = session_to_hail_jsonl_bytes(session)?;
-    let git_meta = GitMeta {
-        remote: git_ctx.remote.clone(),
-        repo_name: git_ctx.repo_name.clone(),
-        branch: Some(branch),
-        head: git_ctx.commit.clone(),
-        commits: commit_shas.clone(),
-    };
-    let meta_json = build_session_meta_json(session, Some(&git_meta));
-
-    let storage = opensession_git_native::NativeGitStorage;
-    match storage.store_session_at_ref(
-        &repo_root,
-        &ref_name,
-        &session.session_id,
-        &hail_jsonl,
-        &meta_json,
-        &commit_shas,
-    ) {
-        Ok(stored) => {
-            info!(
-                "Stored session {} to git ref {} at {}",
-                session.session_id, stored.ref_name, stored.hail_path
-            );
-            // Try to generate raw URL from git remote
-            let body_url = git_ctx.remote.as_ref().map(|remote| {
-                opensession_git_native::generate_raw_url(
-                    remote,
-                    &stored.commit_id,
-                    &stored.hail_path,
-                )
-            });
-            Some(GitStoreOutcome {
-                body_url,
-                repo_root,
-            })
-        }
-        Err(e) => {
-            warn!(
-                "Git-native store failed for session {}: {}",
-                session.session_id, e
-            );
-            None
-        }
-    }
-}
-
-fn mark_session_share_ready(session: &Session, db: &LocalDb, body_url: Option<&str>) -> Result<()> {
-    if let Some(url) = body_url {
-        info!(
-            "Session {} stored in git-native ledger and share-ready ({})",
-            session.session_id, url
-        );
-    } else {
-        info!(
-            "Session {} indexed locally. Share with CLI quick flow: opensession share os://src/local/<sha256> --quick",
-            session.session_id
-        );
-    }
-    db.mark_synced(&session.session_id)?;
-    Ok(())
-}
+mod config_resolution;
+mod git_retention;
+mod helpers;
+mod lifecycle;
+mod pipeline;
+mod runtime;
 
 #[cfg(test)]
-mod tests {
-    use super::*;
-    use opensession_core::{Agent, Content, Event, EventType, Session};
-    use opensession_git_native::{
-        NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord,
-    };
-    use opensession_runtime_config::{SummaryProvider, SummaryStorageBackend, SummaryTriggerMode};
-    use serde_json::json;
-    use std::collections::HashMap;
-    use std::path::PathBuf;
-    use std::process::Command;
-    use tempfile::tempdir;
-
-    /// Helper: build a minimal Session with the given context attributes.
-    fn make_session_with_attrs(attrs: HashMap<String, serde_json::Value>) -> Session {
-        let mut s = Session::new(
-            "test-session-id".into(),
-            Agent {
-                provider: "anthropic".into(),
-                model: "claude-opus-4-6".into(),
-                tool: "claude-code".into(),
-                tool_version: None,
-            },
-        );
-        s.context.attributes = attrs;
-        s
-    }
-
-    fn make_interaction_fixture_session(session_id: &str) -> Session {
-        let mut session = Session::new(
-            session_id.to_string(),
-            Agent {
-                provider: "anthropic".into(),
-                model: "claude-opus-4-6".into(),
-                tool: "claude-code".into(),
-                tool_version: None,
-            },
-        );
-        session.events = vec![
-            Event {
-                event_id: format!("{session_id}-user"),
-                timestamp: Utc::now(),
-                event_type: EventType::UserMessage,
-                task_id: None,
-                content: Content::text("hello"),
-                duration_ms: None,
-                attributes: HashMap::new(),
-            },
-            Event {
-                event_id: format!("{session_id}-tool"),
-                timestamp: Utc::now(),
-                event_type: EventType::ToolCall {
-                    name: "write_file".to_string(),
-                },
-                task_id: None,
-                content: Content::text(""),
-                duration_ms: None,
-                attributes: HashMap::new(),
-            },
-        ];
-        session.recompute_stats();
-        session
-    }
-
-    fn init_git_repo(path: &Path) {
-        let status = Command::new("git")
-            .arg("init")
-            .current_dir(path)
-            .status()
-            .expect("git init should run");
-        assert!(status.success(), "git init should succeed");
-
-        let status = Command::new("git")
-            .args(["config", "user.email", "test@opensession.local"])
-            .current_dir(path)
-            .status()
-            .expect("git config user.email should run");
-        assert!(status.success(), "git config user.email should succeed");
-
-        let status = Command::new("git")
-            .args(["config", "user.name", "OpenSession Tests"])
-            .current_dir(path)
-            .status()
-            .expect("git config user.name should run");
-        assert!(status.success(), "git config user.name should succeed");
-    }
-
-    #[test]
-    fn test_session_cwd_from_cwd_key() {
-        let mut attrs = HashMap::new();
-        attrs.insert("cwd".into(), json!("/home/user/project"));
-        let session = make_session_with_attrs(attrs);
-        assert_eq!(session_cwd(&session), Some("/home/user/project"));
-    }
-
-    #[test]
-    fn test_session_cwd_from_working_directory() {
-        let mut attrs = HashMap::new();
-        attrs.insert("working_directory".into(), json!("/tmp/work"));
-        let session = make_session_with_attrs(attrs);
-        assert_eq!(session_cwd(&session), Some("/tmp/work"));
-    }
-
-    #[test]
-    fn test_session_cwd_prefers_cwd_over_working_directory() {
-        let mut attrs = HashMap::new();
-        attrs.insert("cwd".into(), json!("/preferred"));
-        attrs.insert("working_directory".into(), json!("/fallback"));
-        let session = make_session_with_attrs(attrs);
-        assert_eq!(session_cwd(&session), Some("/preferred"));
-    }
-
-    #[test]
-    fn test_session_cwd_missing() {
-        let session = make_session_with_attrs(HashMap::new());
-        assert_eq!(session_cwd(&session), None);
-    }
-
-    #[test]
-    fn test_session_cwd_non_string_value_returns_none() {
-        let mut attrs = HashMap::new();
-        attrs.insert("cwd".into(), json!(42));
-        let session = make_session_with_attrs(attrs);
-        assert_eq!(session_cwd(&session), None);
-    }
-
-    #[test]
-    fn test_build_session_meta_json_with_title() {
-        let mut session = make_session_with_attrs(HashMap::new());
-        session.context.title = Some("My Session Title".into());
-
-        let bytes = build_session_meta_json(&session, None);
-        let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
-
-        assert_eq!(parsed["session_id"], "test-session-id");
-        assert_eq!(parsed["schema_version"], 2);
-        assert_eq!(parsed["title"], "My Session Title");
-        assert_eq!(parsed["tool"], "claude-code");
-        assert_eq!(parsed["model"], "claude-opus-4-6");
-        assert!(parsed["stats"].is_object());
-    }
-
-    #[test]
-    fn test_build_session_meta_json_no_title() {
-        let session = make_session_with_attrs(HashMap::new());
-
-        let bytes = build_session_meta_json(&session, None);
-        let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
-
-        assert_eq!(parsed["session_id"], "test-session-id");
-        assert!(parsed["title"].is_null());
-        assert_eq!(parsed["tool"], "claude-code");
-        assert_eq!(parsed["model"], "claude-opus-4-6");
-    }
-
-    #[test]
-    fn test_build_session_meta_json_includes_git_block() {
-        let session = make_session_with_attrs(HashMap::new());
-        let git = GitMeta {
-            remote: Some("git@github.com:org/repo.git".to_string()),
-            repo_name: Some("org/repo".to_string()),
-            branch: Some("feature/x".to_string()),
-            head: Some("abcd1234".to_string()),
-            commits: vec!["abcd1234".to_string()],
-        };
-
-        let bytes = build_session_meta_json(&session, Some(&git));
-        let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
-        assert_eq!(parsed["schema_version"], 2);
-        assert_eq!(parsed["git"]["repo_name"], "org/repo");
-        assert_eq!(parsed["git"]["head"], "abcd1234");
-    }
-
-    #[test]
-    fn test_session_to_hail_jsonl_bytes_uses_header_event_stats_lines() {
-        let mut session = make_session_with_attrs(HashMap::new());
-        session.events.push(opensession_core::Event {
-            event_id: "e1".into(),
-            timestamp: Utc::now(),
-            event_type: opensession_core::EventType::UserMessage,
-            task_id: None,
-            content: opensession_core::Content::text("hello"),
-            duration_ms: None,
-            attributes: HashMap::new(),
-        });
-        session.recompute_stats();
-
-        let body = session_to_hail_jsonl_bytes(&session).expect("serialize HAIL JSONL");
-        let text = String::from_utf8(body).expect("jsonl must be utf-8");
-        let lines: Vec<&str> = text.lines().filter(|line| !line.is_empty()).collect();
-        assert_eq!(lines.len(), 3, "expected header/event/stats lines");
-
-        let header: serde_json::Value = serde_json::from_str(lines[0]).unwrap();
-        assert_eq!(header["type"], "header");
-        let event: serde_json::Value = serde_json::from_str(lines[1]).unwrap();
-        assert_eq!(event["type"], "event");
-        let stats: serde_json::Value = serde_json::from_str(lines[2]).unwrap();
-        assert_eq!(stats["type"], "stats");
-    }
-
-    #[test]
-    fn test_resolve_publish_mode_auto_publish_true() {
-        let settings = DaemonSettings {
-            auto_publish: true,
-            publish_on: PublishMode::SessionEnd,
-            ..Default::default()
-        };
-        assert_eq!(resolve_publish_mode(&settings), PublishMode::SessionEnd);
-    }
-
-    #[test]
-    fn test_resolve_publish_mode_auto_publish_false_manual() {
-        let settings = DaemonSettings {
-            auto_publish: false,
-            publish_on: PublishMode::Manual,
-            ..Default::default()
-        };
-        assert_eq!(resolve_publish_mode(&settings), PublishMode::Manual);
-    }
-
-    #[test]
-    fn test_resolve_publish_mode_uses_publish_on_even_when_auto_publish_false() {
-        let settings = DaemonSettings {
-            auto_publish: false,
-            publish_on: PublishMode::Realtime,
-            ..Default::default()
-        };
-        assert_eq!(resolve_publish_mode(&settings), PublishMode::Realtime);
-    }
-
-    #[test]
-    fn test_should_auto_upload_is_false_for_manual_mode() {
-        assert!(!should_auto_upload(&PublishMode::Manual));
-    }
-
-    #[test]
-    fn test_should_auto_upload_is_true_for_session_end_and_realtime() {
-        assert!(should_auto_upload(&PublishMode::SessionEnd));
-        assert!(should_auto_upload(&PublishMode::Realtime));
-    }
-
-    #[test]
-    fn test_resolve_git_retention_schedule_disabled_by_default() {
-        let config = DaemonConfig::default();
-        assert!(resolve_git_retention_schedule(&config).is_none());
-    }
-
-    #[test]
-    fn test_resolve_git_retention_schedule_enabled_native_mode() {
-        let mut config = DaemonConfig::default();
-        config.git_storage.method = GitStorageMethod::Native;
-        config.git_storage.retention.enabled = true;
-        config.git_storage.retention.keep_days = 14;
-        config.git_storage.retention.interval_secs = 120;
-
-        let (keep_days, interval) =
-            resolve_git_retention_schedule(&config).expect("retention should be enabled");
-        assert_eq!(keep_days, 14);
-        assert_eq!(interval, Duration::from_secs(120));
-    }
-
-    #[test]
-    fn test_resolve_git_retention_schedule_enforces_min_interval() {
-        let mut config = DaemonConfig::default();
-        config.git_storage.method = GitStorageMethod::Native;
-        config.git_storage.retention.enabled = true;
-        config.git_storage.retention.interval_secs = 0;
-
-        let (_, interval) =
-            resolve_git_retention_schedule(&config).expect("retention should be enabled");
-        assert_eq!(interval, Duration::from_secs(60));
-    }
-
-    #[test]
-    fn test_resolve_lifecycle_schedule_honors_enabled_and_min_interval() {
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = false;
-        assert!(resolve_lifecycle_schedule(&config).is_none());
-
-        config.lifecycle.enabled = true;
-        config.lifecycle.cleanup_interval_secs = 12;
-        assert_eq!(
-            resolve_lifecycle_schedule(&config),
-            Some(Duration::from_secs(60))
-        );
-
-        config.lifecycle.cleanup_interval_secs = 120;
-        assert_eq!(
-            resolve_lifecycle_schedule(&config),
-            Some(Duration::from_secs(120))
-        );
-    }
-
-    #[test]
-    fn test_run_lifecycle_cleanup_on_start_runs_immediately() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = tmp.path().join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let mut expired = make_interaction_fixture_session("startup-expired-session");
-        expired.context.created_at = Utc::now() - chrono::Duration::days(90);
-        expired.context.updated_at = expired.context.created_at;
-        db.upsert_local_session(
-            &expired,
-            "/tmp/startup-expired-session.jsonl",
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert expired session");
-
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = true;
-        config.lifecycle.session_ttl_days = 30;
-        config.lifecycle.summary_ttl_days = 30;
-        config.lifecycle.cleanup_interval_secs = 3600;
-
-        run_lifecycle_cleanup_on_start(&config, &db, &RepoRegistry::default());
-
-        assert!(
-            db.get_session_by_id("startup-expired-session")
-                .expect("query expired session")
-                .is_none(),
-            "expired session should be deleted during startup lifecycle cleanup"
-        );
-    }
-
-    #[test]
-    fn test_run_lifecycle_cleanup_deletes_expired_sessions_and_hidden_ref_summaries() {
-        let tmp = tempdir().expect("tempdir");
-        let repo_root = tmp.path().join("repo");
-        std::fs::create_dir_all(&repo_root).expect("create repo root");
-        init_git_repo(&repo_root);
-
-        let db_path = tmp.path().join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-        let mut expired = make_interaction_fixture_session("expired-session");
-        expired.context.created_at = Utc::now() - chrono::Duration::days(90);
-        expired.context.updated_at = expired.context.created_at;
-        expired.context.attributes.insert(
-            "working_directory".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        db.upsert_local_session(
-            &expired,
-            "/tmp/expired-session.jsonl",
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert expired session");
-
-        let mut active = make_interaction_fixture_session("active-session");
-        active.context.attributes.insert(
-            "working_directory".to_string(),
-            json!(repo_root.to_string_lossy().to_string()),
-        );
-        db.upsert_local_session(
-            &active,
-            "/tmp/active-session.jsonl",
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert active session");
-
-        let storage = NativeGitStorage;
-        storage
-            .store_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                &SessionSummaryLedgerRecord {
-                    session_id: "expired-session".to_string(),
-                    generated_at: "2026-01-01T00:00:00Z".to_string(),
-                    provider: "codex_exec".to_string(),
-                    model: None,
-                    source_kind: "session_signals".to_string(),
-                    generation_kind: "provider".to_string(),
-                    prompt_fingerprint: None,
-                    summary: json!({ "changes": "expired" }),
-                    source_details: json!({}),
-                    diff_tree: vec![],
-                    error: None,
-                },
-            )
-            .expect("store expired summary");
-        storage
-            .store_summary_at_ref(
-                &repo_root,
-                SUMMARY_LEDGER_REF,
-                &SessionSummaryLedgerRecord {
-                    session_id: "active-session".to_string(),
-                    generated_at: "2026-01-01T00:00:00Z".to_string(),
-                    provider: "codex_exec".to_string(),
-                    model: None,
-                    source_kind: "session_signals".to_string(),
-                    generation_kind: "provider".to_string(),
-                    prompt_fingerprint: None,
-                    summary: json!({ "changes": "active" }),
-                    source_details: json!({}),
-                    diff_tree: vec![],
-                    error: None,
-                },
-            )
-            .expect("store active summary");
-
-        let mut registry = RepoRegistry::default();
-        registry
-            .add(&repo_root)
-            .expect("repo registry should accept repo root");
-
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = true;
-        config.lifecycle.session_ttl_days = 30;
-        config.lifecycle.summary_ttl_days = 10_000;
-        config.lifecycle.cleanup_interval_secs = 60;
-
-        run_lifecycle_cleanup_once(&config, &db, &registry).expect("run lifecycle cleanup");
-
-        assert!(
-            db.get_session_by_id("expired-session")
-                .expect("query expired session")
-                .is_none(),
-            "expired session should be deleted"
-        );
-        assert!(
-            db.get_session_by_id("active-session")
-                .expect("query active session")
-                .is_some(),
-            "active session should remain"
-        );
-        assert!(
-            storage
-                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
-                .expect("load expired summary")
-                .is_none(),
-            "hidden-ref summary for expired session should be deleted"
-        );
-        assert!(
-            storage
-                .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "active-session")
-                .expect("load active summary")
-                .is_some(),
-            "active session summary should remain"
-        );
-    }
-
-    #[test]
-    fn test_run_lifecycle_cleanup_prunes_local_summary_rows_by_ttl() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = tmp.path().join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let session_old = make_interaction_fixture_session("summary-old");
-        db.upsert_local_session(
-            &session_old,
-            "/tmp/summary-old.jsonl",
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert old summary session");
-        let session_new = make_interaction_fixture_session("summary-new");
-        db.upsert_local_session(
-            &session_new,
-            "/tmp/summary-new.jsonl",
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert new summary session");
-
-        db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "summary-old",
-            summary_json: r#"{"changes":"old"}"#,
-            generated_at: "2020-01-01T00:00:00Z",
-            provider: "codex_exec",
-            model: None,
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: None,
-            source_details_json: None,
-            diff_tree_json: None,
-            error: None,
-        })
-        .expect("insert old summary");
-        db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
-            session_id: "summary-new",
-            summary_json: r#"{"changes":"new"}"#,
-            generated_at: "2999-01-01T00:00:00Z",
-            provider: "codex_exec",
-            model: None,
-            source_kind: "session_signals",
-            generation_kind: "provider",
-            prompt_fingerprint: None,
-            source_details_json: None,
-            diff_tree_json: None,
-            error: None,
-        })
-        .expect("insert new summary");
-
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = true;
-        config.lifecycle.session_ttl_days = 10_000;
-        config.lifecycle.summary_ttl_days = 30;
-        config.lifecycle.cleanup_interval_secs = 60;
-
-        run_lifecycle_cleanup_once(&config, &db, &RepoRegistry::default())
-            .expect("run lifecycle cleanup");
-
-        assert!(
-            db.get_session_semantic_summary("summary-old")
-                .expect("query old summary")
-                .is_none(),
-            "old summary should be pruned"
-        );
-        assert!(
-            db.get_session_semantic_summary("summary-new")
-                .expect("query new summary")
-                .is_some(),
-            "new summary should remain"
-        );
-    }
-
-    #[test]
-    fn test_run_lifecycle_cleanup_deletes_sessions_with_missing_source_parent_dir() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = tmp.path().join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let missing_parent_root = tmp.path().join("deleted-source-root");
-        std::fs::create_dir_all(&missing_parent_root).expect("create missing parent root");
-        let missing_parent_source = missing_parent_root.join("missing-parent.jsonl");
-
-        let existing_parent_root = tmp.path().join("existing-source-root");
-        std::fs::create_dir_all(&existing_parent_root).expect("create existing parent root");
-        let existing_parent_source = existing_parent_root.join("missing-file.jsonl");
-
-        let missing_parent_session = make_interaction_fixture_session("missing-parent-session");
-        db.upsert_local_session(
-            &missing_parent_session,
-            missing_parent_source
-                .to_str()
-                .expect("missing parent source path should be utf-8"),
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert missing-parent session");
-
-        let existing_parent_session = make_interaction_fixture_session("existing-parent-session");
-        db.upsert_local_session(
-            &existing_parent_session,
-            existing_parent_source
-                .to_str()
-                .expect("existing parent source path should be utf-8"),
-            &opensession_local_db::git::GitContext::default(),
-        )
-        .expect("upsert existing-parent session");
-
-        std::fs::remove_dir_all(&missing_parent_root).expect("remove missing parent root");
-
-        let mut config = DaemonConfig::default();
-        config.lifecycle.enabled = true;
-        config.lifecycle.session_ttl_days = 10_000;
-        config.lifecycle.summary_ttl_days = 10_000;
-        config.lifecycle.cleanup_interval_secs = 60;
-
-        run_lifecycle_cleanup_once(&config, &db, &RepoRegistry::default())
-            .expect("run lifecycle cleanup");
-
-        assert!(
-            db.get_session_by_id("missing-parent-session")
-                .expect("query missing-parent session")
-                .is_none(),
-            "session should be deleted when source parent directory is gone"
-        );
-        assert!(
-            db.get_session_by_id("existing-parent-session")
-                .expect("query existing-parent session")
-                .is_some(),
-            "session should remain when source parent directory still exists"
-        );
-    }
-
-    #[test]
-    fn test_store_locally_uses_compressed_session_only_when_default_view_is_compressed() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = PathBuf::from(tmp.path()).join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let full_session = make_interaction_fixture_session("store-full");
-        let mut full_config = DaemonConfig::default();
-        full_config.daemon.session_default_view = SessionDefaultView::Full;
-        store_locally(
-            &full_session,
-            Path::new("/tmp/store-full.jsonl"),
-            &db,
-            &full_config,
-        )
-        .expect("store full session");
-
-        let stored_full = db
-            .get_session_by_id("store-full")
-            .expect("query full")
-            .expect("full session exists");
-        assert_eq!(stored_full.event_count, 2);
-
-        let compressed_session = make_interaction_fixture_session("store-compressed");
-        let mut compressed_config = DaemonConfig::default();
-        compressed_config.daemon.session_default_view = SessionDefaultView::Compressed;
-        store_locally(
-            &compressed_session,
-            Path::new("/tmp/store-compressed.jsonl"),
-            &db,
-            &compressed_config,
-        )
-        .expect("store compressed session");
-
-        let stored_compressed = db
-            .get_session_by_id("store-compressed")
-            .expect("query compressed")
-            .expect("compressed session exists");
-        assert_eq!(stored_compressed.event_count, 1);
-    }
-
-    #[test]
-    fn test_store_locally_caches_source_body() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = PathBuf::from(tmp.path()).join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-        let session = make_interaction_fixture_session("store-cache");
-        let source_path = PathBuf::from(tmp.path()).join("store-cache.jsonl");
-        let source_body = b"{\"source\":\"fixture\"}\n".to_vec();
-        std::fs::write(&source_path, &source_body).expect("write source fixture");
-
-        let mut config = DaemonConfig::default();
-        config.daemon.session_default_view = SessionDefaultView::Full;
-        store_locally(&session, &source_path, &db, &config).expect("store cached session");
-
-        let cached = db
-            .get_cached_body("store-cache")
-            .expect("query body cache")
-            .expect("cache row should exist");
-        assert_eq!(cached, source_body);
-    }
-
-    #[tokio::test]
-    async fn test_auto_summary_runs_on_session_save_and_persists_row() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = PathBuf::from(tmp.path()).join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let session = make_interaction_fixture_session("summary-auto");
-        let mut config = DaemonConfig::default();
-        config.summary.provider.id = SummaryProvider::CodexExec;
-        config.summary.storage.trigger = SummaryTriggerMode::OnSessionSave;
-        config.summary.storage.backend = SummaryStorageBackend::LocalDb;
-
-        maybe_generate_semantic_summary(&session, &db, &config)
-            .await
-            .expect("summary generation should not fail hard");
-
-        let row = db
-            .get_session_semantic_summary("summary-auto")
-            .expect("query summary")
-            .expect("summary row should exist");
-        assert_eq!(row.provider, "codex_exec");
-        assert_eq!(row.source_kind, "session_signals");
-        assert!(!row.summary_json.trim().is_empty());
-    }
-
-    #[tokio::test]
-    async fn test_auto_summary_skips_when_trigger_mode_is_manual() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = PathBuf::from(tmp.path()).join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let session = make_interaction_fixture_session("summary-manual");
-        let mut config = DaemonConfig::default();
-        config.summary.provider.id = SummaryProvider::CodexExec;
-        config.summary.storage.trigger = SummaryTriggerMode::Manual;
-        config.summary.storage.backend = SummaryStorageBackend::LocalDb;
-
-        maybe_generate_semantic_summary(&session, &db, &config)
-            .await
-            .expect("manual trigger should no-op");
-
-        let row = db
-            .get_session_semantic_summary("summary-manual")
-            .expect("query summary");
-        assert!(row.is_none());
-    }
-
-    #[tokio::test]
-    async fn test_auto_summary_skips_when_storage_backend_is_none() {
-        let tmp = tempdir().expect("tempdir");
-        let db_path = PathBuf::from(tmp.path()).join("local.db");
-        let db = LocalDb::open_path(&db_path).expect("open local db");
-
-        let session = make_interaction_fixture_session("summary-no-persist");
-        let mut config = DaemonConfig::default();
-        config.summary.provider.id = SummaryProvider::CodexExec;
-        config.summary.storage.trigger = SummaryTriggerMode::OnSessionSave;
-        config.summary.storage.backend = SummaryStorageBackend::None;
-
-        maybe_generate_semantic_summary(&session, &db, &config)
-            .await
-            .expect("none persist should no-op");
+mod tests;
 
-        let row = db
-            .get_session_semantic_summary("summary-no-persist")
-            .expect("query summary");
-        assert!(row.is_none());
-    }
-}
+pub use runtime::run_scheduler;
diff --git a/crates/daemon/src/scheduler/config_resolution.rs b/crates/daemon/src/scheduler/config_resolution.rs
new file mode 100644
index 00000000..4e098d24
--- /dev/null
+++ b/crates/daemon/src/scheduler/config_resolution.rs
@@ -0,0 +1,48 @@
+use std::time::Duration;
+
+use opensession_core::Session;
+
+use super::helpers::session_cwd;
+use crate::config::{DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode};
+
+pub(super) fn resolve_publish_mode(settings: &DaemonSettings) -> PublishMode {
+    settings.publish_on.clone()
+}
+
+pub(super) fn should_auto_upload(mode: &PublishMode) -> bool {
+    !matches!(mode, PublishMode::Manual)
+}
+
+pub(super) fn resolve_git_retention_schedule(config: &DaemonConfig) -> Option<(u32, Duration)> {
+    if config.git_storage.method == GitStorageMethod::Sqlite {
+        return None;
+    }
+    if !config.git_storage.retention.enabled {
+        return None;
+    }
+
+    let keep_days = config.git_storage.retention.keep_days;
+    let interval_secs = config.git_storage.retention.interval_secs.max(60);
+    Some((keep_days, Duration::from_secs(interval_secs)))
+}
+
+pub(super) fn resolve_lifecycle_schedule(config: &DaemonConfig) -> Option<Duration> {
+    if !config.lifecycle.enabled {
+        return None;
+    }
+    Some(Duration::from_secs(
+        config.lifecycle.cleanup_interval_secs.max(60),
+    ))
+}
+
+pub(super) fn resolve_effective_config(session: &Session, config: &DaemonConfig) -> DaemonConfig {
+    if let Some(cwd) = session_cwd(session) {
+        if let Some(repo_root) = crate::config::find_repo_root(cwd) {
+            if let Some(project) = crate::config::load_effective_project_config(&repo_root) {
+                return crate::config::merge_project_config(config, &project);
+            }
+        }
+    }
+
+    config.clone()
+}
diff --git a/crates/daemon/src/scheduler/git_retention.rs b/crates/daemon/src/scheduler/git_retention.rs
new file mode 100644
index 00000000..63d46385
--- /dev/null
+++ b/crates/daemon/src/scheduler/git_retention.rs
@@ -0,0 +1,176 @@
+use anyhow::Result;
+use opensession_core::Session;
+use opensession_git_native::PruneStats;
+use std::collections::HashSet;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use tracing::{debug, info, warn};
+
+use crate::repo_registry::RepoRegistry;
+
+pub(super) fn run_git_retention_once(registry: &RepoRegistry, keep_days: u32) -> Result<()> {
+    let repo_roots = registry.repo_roots();
+    if repo_roots.is_empty() {
+        debug!("Git retention: no tracked repositories");
+        return Ok(());
+    }
+
+    let storage = opensession_git_native::NativeGitStorage;
+    for repo_root in repo_roots {
+        let refs = list_branch_ledger_refs(&repo_root);
+        if refs.is_empty() {
+            continue;
+        }
+        for ref_name in refs {
+            let prune_result = storage.prune_by_age_at_ref(&repo_root, &ref_name, keep_days);
+            match prune_result {
+                Ok(PruneStats {
+                    scanned_sessions,
+                    expired_sessions,
+                    rewritten,
+                }) => {
+                    if rewritten {
+                        info!(
+                            repo = %repo_root.display(),
+                            ref_name,
+                            keep_days,
+                            scanned_sessions,
+                            expired_sessions,
+                            "Git retention: pruned expired sessions"
+                        );
+                    } else {
+                        debug!(
+                            repo = %repo_root.display(),
+                            ref_name,
+                            keep_days,
+                            scanned_sessions,
+                            "Git retention: no expired sessions"
+                        );
+                    }
+                }
+                Err(error) => {
+                    warn!(
+                        repo = %repo_root.display(),
+                        ref_name,
+                        keep_days,
+                        "Git retention failed: {error}"
+                    );
+                }
+            }
+        }
+    }
+
+    Ok(())
+}
+
+fn list_branch_ledger_refs(repo_root: &Path) -> Vec<String> {
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("for-each-ref")
+        .arg("--format=%(refname)")
+        .arg(opensession_git_native::BRANCH_LEDGER_REF_PREFIX)
+        .output();
+    let Ok(output) = output else {
+        return Vec::new();
+    };
+    if !output.status.success() {
+        return Vec::new();
+    }
+    String::from_utf8_lossy(&output.stdout)
+        .lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty())
+        .map(ToOwned::to_owned)
+        .collect()
+}
+
+fn commit_shas_from_reflog(repo_root: &Path, start_ts: i64, end_ts: i64) -> Vec<String> {
+    let git_dir_output = Command::new("git")
+        .arg("-C")
+        .arg(repo_root)
+        .arg("rev-parse")
+        .arg("--git-dir")
+        .output();
+    let Ok(git_dir_output) = git_dir_output else {
+        return Vec::new();
+    };
+    if !git_dir_output.status.success() {
+        return Vec::new();
+    }
+    let git_dir = String::from_utf8_lossy(&git_dir_output.stdout)
+        .trim()
+        .to_string();
+    if git_dir.is_empty() {
+        return Vec::new();
+    }
+    let git_dir_path = if Path::new(&git_dir).is_absolute() {
+        PathBuf::from(git_dir)
+    } else {
+        repo_root.join(git_dir)
+    };
+    let reflog_path = git_dir_path.join("logs").join("HEAD");
+    let raw = std::fs::read_to_string(&reflog_path);
+    let Ok(raw) = raw else {
+        return Vec::new();
+    };
+
+    let mut seen = HashSet::new();
+    let mut commits = Vec::new();
+    for line in raw.lines() {
+        let Some((left, _msg)) = line.split_once('\t') else {
+            continue;
+        };
+        let mut pieces = left.split_whitespace();
+        let _old = pieces.next();
+        let new = pieces.next();
+        let Some(new_sha) = new else {
+            continue;
+        };
+        if new_sha.len() < 7 || !new_sha.chars().all(|c| c.is_ascii_hexdigit()) {
+            continue;
+        }
+        let mut tail = left.split_whitespace().rev();
+        let _tz = tail.next();
+        let ts_raw = tail.next();
+        let Some(ts_raw) = ts_raw else {
+            continue;
+        };
+        let Ok(ts) = ts_raw.parse::<i64>() else {
+            continue;
+        };
+        if ts < start_ts || ts > end_ts {
+            continue;
+        }
+        if seen.insert(new_sha.to_string()) {
+            commits.push(new_sha.to_string());
+        }
+    }
+    commits
+}
+
+pub(super) fn collect_commit_shas_for_session(repo_root: &Path, session: &Session) -> Vec<String> {
+    let created = session.context.created_at.timestamp();
+    let updated = session.context.updated_at.timestamp();
+    let start = created.min(updated);
+    let end = created.max(updated);
+
+    let mut commits = commit_shas_from_reflog(repo_root, start, end);
+    if commits.is_empty() {
+        let output = Command::new("git")
+            .arg("-C")
+            .arg(repo_root)
+            .arg("rev-parse")
+            .arg("HEAD")
+            .output();
+        if let Ok(output) = output {
+            if output.status.success() {
+                let head = String::from_utf8_lossy(&output.stdout).trim().to_string();
+                if !head.is_empty() {
+                    commits.push(head);
+                }
+            }
+        }
+    }
+    commits
+}
diff --git a/crates/daemon/src/scheduler/helpers.rs b/crates/daemon/src/scheduler/helpers.rs
new file mode 100644
index 00000000..5817818c
--- /dev/null
+++ b/crates/daemon/src/scheduler/helpers.rs
@@ -0,0 +1,43 @@
+use crate::config::DaemonConfig;
+use opensession_core::Session;
+use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
+use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
+
+pub(super) fn session_cwd(session: &Session) -> Option<&str> {
+    working_directory(session)
+}
+
+pub(super) fn build_session_meta_json(session: &Session, git: Option<&GitMeta>) -> Vec<u8> {
+    build_git_storage_meta_json_with_git(session, git)
+}
+
+pub(super) fn session_to_hail_jsonl_bytes(session: &Session) -> Option<Vec<u8>> {
+    match session.to_jsonl() {
+        Ok(jsonl) => Some(jsonl.into_bytes()),
+        Err(error) => {
+            tracing::warn!(
+                "Failed to serialize session {} to HAIL JSONL: {}",
+                session.session_id,
+                error
+            );
+            None
+        }
+    }
+}
+
+pub(super) fn enum_label<T: serde::Serialize>(value: &T) -> String {
+    serde_json::to_string(value)
+        .ok()
+        .map(|raw| raw.trim_matches('"').to_string())
+        .filter(|raw| !raw.trim().is_empty())
+        .unwrap_or_else(|| "unknown".to_string())
+}
+
+pub(super) fn sanitize(session: &mut Session, config: &DaemonConfig) {
+    let sanitize_config = SanitizeConfig {
+        strip_paths: config.privacy.strip_paths,
+        strip_env_vars: config.privacy.strip_env_vars,
+        exclude_patterns: config.privacy.exclude_patterns.clone(),
+    };
+    sanitize_session(session, &sanitize_config);
+}
diff --git a/crates/daemon/src/scheduler/lifecycle.rs b/crates/daemon/src/scheduler/lifecycle.rs
new file mode 100644
index 00000000..1eca810a
--- /dev/null
+++ b/crates/daemon/src/scheduler/lifecycle.rs
@@ -0,0 +1,172 @@
+use anyhow::Result;
+use opensession_git_native::{PruneStats, SUMMARY_LEDGER_REF};
+use opensession_local_db::LocalDb;
+use std::collections::HashSet;
+use std::path::{Path, PathBuf};
+use tracing::{debug, info, warn};
+
+use crate::config::{DaemonConfig, GitStorageMethod};
+use crate::repo_registry::RepoRegistry;
+
+use super::config_resolution::resolve_lifecycle_schedule;
+use super::git_retention::run_git_retention_once;
+
+pub(super) fn run_lifecycle_cleanup_on_start(
+    config: &DaemonConfig,
+    db: &LocalDb,
+    registry: &RepoRegistry,
+) {
+    if resolve_lifecycle_schedule(config).is_none() {
+        return;
+    }
+    if let Err(error) = run_lifecycle_cleanup_once(config, db, registry) {
+        warn!("Lifecycle startup cleanup failed: {error}");
+    }
+}
+
+fn resolve_repo_root_from_working_directory(cwd: Option<&str>) -> Option<PathBuf> {
+    cwd.and_then(crate::config::find_repo_root)
+}
+
+fn collect_lifecycle_repo_roots(db: &LocalDb, registry: &RepoRegistry) -> Result<Vec<PathBuf>> {
+    let mut deduped: HashSet<PathBuf> = registry.repo_roots().into_iter().collect();
+
+    let filter = opensession_local_db::LocalSessionFilter {
+        limit: None,
+        offset: None,
+        ..Default::default()
+    };
+    let rows = db.list_sessions(&filter)?;
+    for row in rows {
+        if let Some(repo_root) =
+            resolve_repo_root_from_working_directory(row.working_directory.as_deref())
+        {
+            deduped.insert(repo_root);
+        }
+    }
+
+    let mut roots = deduped.into_iter().collect::<Vec<_>>();
+    roots.sort();
+    Ok(roots)
+}
+
+fn source_parent_directory_missing(source_path: &str) -> bool {
+    let path = Path::new(source_path);
+    path.parent()
+        .filter(|parent| !parent.as_os_str().is_empty())
+        .is_some_and(|parent| !parent.exists())
+}
+
+fn list_sessions_with_missing_source_parent_dirs(db: &LocalDb) -> Result<Vec<String>> {
+    let mut orphaned = db
+        .list_session_source_paths()?
+        .into_iter()
+        .filter_map(|(session_id, source_path)| {
+            if source_parent_directory_missing(&source_path) {
+                Some(session_id)
+            } else {
+                None
+            }
+        })
+        .collect::<Vec<_>>();
+    orphaned.sort();
+    orphaned.dedup();
+    Ok(orphaned)
+}
+
+pub(super) fn run_lifecycle_cleanup_once(
+    config: &DaemonConfig,
+    db: &LocalDb,
+    registry: &RepoRegistry,
+) -> Result<()> {
+    if !config.lifecycle.enabled {
+        return Ok(());
+    }
+
+    let storage = opensession_git_native::NativeGitStorage;
+    let expired_sessions = db.list_expired_session_ids(config.lifecycle.session_ttl_days)?;
+    let orphaned_sessions = list_sessions_with_missing_source_parent_dirs(db)?;
+    let mut sessions_to_delete = expired_sessions
+        .into_iter()
+        .collect::<std::collections::BTreeSet<_>>();
+    sessions_to_delete.extend(orphaned_sessions);
+    let total_sessions_to_delete = sessions_to_delete.len();
+    let mut deleted_sessions = 0usize;
+
+    for session_id in sessions_to_delete {
+        let row = db.get_session_by_id(&session_id)?;
+        let repo_root = resolve_repo_root_from_working_directory(
+            row.as_ref()
+                .and_then(|row| row.working_directory.as_deref()),
+        );
+        if let Some(repo_root) = repo_root {
+            let delete_result =
+                storage.delete_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &session_id);
+            if let Err(error) = delete_result {
+                warn!(
+                    repo = %repo_root.display(),
+                    session_id,
+                    "Lifecycle cleanup: failed to delete hidden-ref summary for expired session: {error}"
+                );
+            }
+        }
+        db.delete_session(&session_id)?;
+        deleted_sessions = deleted_sessions.saturating_add(1);
+    }
+
+    let deleted_local_summaries =
+        db.delete_expired_session_summaries(config.lifecycle.summary_ttl_days)? as usize;
+
+    let repo_roots = collect_lifecycle_repo_roots(db, registry)?;
+    for repo_root in repo_roots {
+        let prune_result = storage.prune_summaries_by_age_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            config.lifecycle.summary_ttl_days,
+        );
+        match prune_result {
+            Ok(PruneStats {
+                scanned_sessions,
+                expired_sessions,
+                rewritten,
+            }) => {
+                if rewritten {
+                    info!(
+                        repo = %repo_root.display(),
+                        scanned_sessions,
+                        expired_sessions,
+                        keep_days = config.lifecycle.summary_ttl_days,
+                        "Lifecycle cleanup: pruned hidden-ref summaries"
+                    );
+                } else {
+                    debug!(
+                        repo = %repo_root.display(),
+                        scanned_sessions,
+                        keep_days = config.lifecycle.summary_ttl_days,
+                        "Lifecycle cleanup: no hidden-ref summary pruning required"
+                    );
+                }
+            }
+            Err(error) => {
+                warn!(
+                    repo = %repo_root.display(),
+                    "Lifecycle cleanup: hidden-ref summary pruning failed: {error}"
+                );
+            }
+        }
+    }
+
+    if config.git_storage.method != GitStorageMethod::Sqlite {
+        run_git_retention_once(registry, config.lifecycle.session_ttl_days)?;
+    }
+
+    info!(
+        deleted_sessions,
+        total_sessions_to_delete,
+        deleted_local_summaries,
+        session_ttl_days = config.lifecycle.session_ttl_days,
+        summary_ttl_days = config.lifecycle.summary_ttl_days,
+        "Lifecycle cleanup: cycle complete"
+    );
+    Ok(())
+}
diff --git a/crates/daemon/src/scheduler/pipeline.rs b/crates/daemon/src/scheduler/pipeline.rs
new file mode 100644
index 00000000..3f4723ad
--- /dev/null
+++ b/crates/daemon/src/scheduler/pipeline.rs
@@ -0,0 +1,358 @@
+use anyhow::Result;
+use chrono::{DateTime, Utc};
+use opensession_core::Session;
+use opensession_core::session::{GitMeta, interaction_compressed_session, is_auxiliary_session};
+use opensession_git_native::{
+    SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord, branch_ledger_ref, extract_git_context,
+    resolve_ledger_branch,
+};
+use opensession_local_db::LocalDb;
+use opensession_parsers::ParserRegistry;
+use opensession_runtime_config::SummaryStorageBackend;
+use opensession_summary::{GitSummaryRequest, summarize_session};
+use std::path::{Path, PathBuf};
+use tracing::{debug, info, warn};
+
+use crate::config::{DaemonConfig, GitStorageMethod, SessionDefaultView};
+use crate::repo_registry::RepoRegistry;
+
+use super::config_resolution::resolve_effective_config;
+use super::git_retention::collect_commit_shas_for_session;
+use super::helpers::{
+    build_session_meta_json, enum_label, sanitize, session_cwd, session_to_hail_jsonl_bytes,
+};
+
+pub(super) async fn process_file(
+    path: &PathBuf,
+    config: &DaemonConfig,
+    db: &LocalDb,
+    repo_registry: &mut RepoRegistry,
+    auto_upload: bool,
+) -> Result<()> {
+    if was_already_uploaded(path, db)? {
+        return Ok(());
+    }
+
+    let mut session = match parse_session(path)? {
+        Some(session) => session,
+        None => return Ok(()),
+    };
+
+    let effective_config = resolve_effective_config(&session, config);
+
+    if is_tool_excluded(&session, &effective_config) {
+        return Ok(());
+    }
+
+    store_locally(&session, path, db, &effective_config)?;
+    if let Err(error) = maybe_generate_semantic_summary(&session, db, &effective_config).await {
+        warn!(
+            session_id = %session.session_id,
+            "semantic summary generation skipped/failed: {error}"
+        );
+    }
+
+    if !auto_upload {
+        return Ok(());
+    }
+
+    sanitize(&mut session, &effective_config);
+
+    let git_store = maybe_git_store(&session, &effective_config);
+    if let Some(ref stored) = git_store {
+        if let Err(error) = repo_registry.add(&stored.repo_root) {
+            warn!(
+                repo = %stored.repo_root.display(),
+                "failed to update repo registry: {error}"
+            );
+        }
+    }
+
+    mark_session_share_ready(
+        &session,
+        db,
+        git_store
+            .as_ref()
+            .and_then(|stored| stored.body_url.as_deref()),
+    )
+}
+
+pub(super) fn was_already_uploaded(path: &PathBuf, db: &LocalDb) -> Result<bool> {
+    let modified: DateTime<Utc> = std::fs::metadata(path)?.modified()?.into();
+    let path_str = path.to_string_lossy().to_string();
+    if db.was_uploaded_after(&path_str, &modified)? {
+        debug!("Skipping already-uploaded file: {}", path.display());
+        return Ok(true);
+    }
+    Ok(false)
+}
+
+pub(super) fn parse_session(path: &Path) -> Result<Option<Session>> {
+    let session = match ParserRegistry::default().parse_path(path)? {
+        Some(session) => session,
+        None => {
+            warn!("No parser for: {}", path.display());
+            return Ok(None);
+        }
+    };
+    if is_auxiliary_session(&session) {
+        debug!("Skipping auxiliary session from {}", path.display());
+        return Ok(None);
+    }
+
+    info!("Parsing: {}", path.display());
+    Ok(Some(session))
+}
+
+pub(super) fn is_tool_excluded(session: &Session, config: &DaemonConfig) -> bool {
+    let excluded = config
+        .privacy
+        .exclude_tools
+        .iter()
+        .any(|tool| tool.eq_ignore_ascii_case(&session.agent.tool));
+
+    if excluded {
+        info!(
+            "Excluding tool '{}': source file excluded by config",
+            session.agent.tool,
+        );
+    }
+    excluded
+}
+
+pub(super) fn store_locally(
+    session: &Session,
+    path: &Path,
+    db: &LocalDb,
+    config: &DaemonConfig,
+) -> Result<()> {
+    let path_str = path.to_string_lossy().to_string();
+    let local_session = if matches!(
+        config.daemon.session_default_view,
+        SessionDefaultView::Compressed
+    ) {
+        interaction_compressed_session(session)
+    } else {
+        session.clone()
+    };
+
+    let git = session_cwd(&local_session)
+        .map(extract_git_context)
+        .unwrap_or_default();
+    let local_git = opensession_local_db::git::GitContext {
+        remote: git.remote.clone(),
+        branch: git.branch.clone(),
+        commit: git.commit.clone(),
+        repo_name: git.repo_name.clone(),
+    };
+
+    db.upsert_local_session(&local_session, &path_str, &local_git)?;
+    match std::fs::read(path) {
+        Ok(body) => {
+            if let Err(error) = db.cache_body(&session.session_id, &body) {
+                warn!(
+                    "Failed to cache source body for session {}: {}",
+                    session.session_id, error
+                );
+            }
+        }
+        Err(error) => {
+            warn!(
+                "Failed to read source file for session {} while caching body: {}",
+                session.session_id, error
+            );
+        }
+    }
+    Ok(())
+}
+
+pub(super) async fn maybe_generate_semantic_summary(
+    session: &Session,
+    db: &LocalDb,
+    config: &DaemonConfig,
+) -> Result<()> {
+    let settings = &config.summary;
+    if !settings.should_generate_on_session_save() {
+        return Ok(());
+    }
+    if settings.storage.backend == SummaryStorageBackend::None {
+        return Ok(());
+    }
+    if !settings.is_configured() {
+        return Ok(());
+    }
+
+    let git_request = if settings.allows_git_changes_fallback() {
+        session_cwd(session).and_then(|cwd| {
+            crate::config::find_repo_root(cwd).map(|repo_root| GitSummaryRequest {
+                repo_root,
+                commit: extract_git_context(cwd).commit,
+            })
+        })
+    } else {
+        None
+    };
+
+    let artifact = summarize_session(session, settings, git_request.as_ref())
+        .await
+        .map_err(anyhow::Error::msg)?;
+
+    match settings.storage.backend {
+        SummaryStorageBackend::LocalDb => {
+            let summary_json = serde_json::to_string(&artifact.summary)?;
+            let source_details_json = if artifact.source_details.is_empty() {
+                None
+            } else {
+                Some(serde_json::to_string(&artifact.source_details)?)
+            };
+            let diff_tree_json = if artifact.diff_tree.is_empty() {
+                None
+            } else {
+                Some(serde_json::to_string(&artifact.diff_tree)?)
+            };
+            let generated_at = chrono::Utc::now().to_rfc3339();
+            let provider = enum_label(&artifact.provider);
+            let source_kind = enum_label(&artifact.source_kind);
+            let generation_kind = enum_label(&artifact.generation_kind);
+            let model = if artifact.model.trim().is_empty() {
+                None
+            } else {
+                Some(artifact.model.clone())
+            };
+            let prompt_fingerprint = if artifact.prompt_fingerprint.trim().is_empty() {
+                None
+            } else {
+                Some(artifact.prompt_fingerprint)
+            };
+
+            db.upsert_session_semantic_summary(
+                &opensession_local_db::SessionSemanticSummaryUpsert {
+                    session_id: &session.session_id,
+                    summary_json: &summary_json,
+                    generated_at: &generated_at,
+                    provider: &provider,
+                    model: model.as_deref(),
+                    source_kind: &source_kind,
+                    generation_kind: &generation_kind,
+                    prompt_fingerprint: prompt_fingerprint.as_deref(),
+                    source_details_json: source_details_json.as_deref(),
+                    diff_tree_json: diff_tree_json.as_deref(),
+                    error: artifact.error.as_deref(),
+                },
+            )?;
+        }
+        SummaryStorageBackend::HiddenRef => {
+            let cwd = session_cwd(session)
+                .ok_or_else(|| anyhow::anyhow!("session working directory is missing"))?;
+            let repo_root = crate::config::find_repo_root(cwd)
+                .ok_or_else(|| anyhow::anyhow!("failed to resolve git repo root"))?;
+            let summary_value = serde_json::to_value(&artifact.summary)?;
+            let source_details = serde_json::to_value(&artifact.source_details)?;
+            let diff_tree_value = serde_json::to_value(&artifact.diff_tree)?;
+            let diff_tree = diff_tree_value.as_array().cloned().unwrap_or_default();
+            let record = SessionSummaryLedgerRecord {
+                session_id: session.session_id.clone(),
+                generated_at: chrono::Utc::now().to_rfc3339(),
+                provider: enum_label(&artifact.provider),
+                model: (!artifact.model.trim().is_empty()).then_some(artifact.model.clone()),
+                source_kind: enum_label(&artifact.source_kind),
+                generation_kind: enum_label(&artifact.generation_kind),
+                prompt_fingerprint: (!artifact.prompt_fingerprint.trim().is_empty())
+                    .then_some(artifact.prompt_fingerprint),
+                summary: summary_value,
+                source_details,
+                diff_tree,
+                error: artifact.error.clone(),
+            };
+            opensession_git_native::NativeGitStorage
+                .store_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, &record)
+                .map_err(anyhow::Error::msg)?;
+        }
+        SummaryStorageBackend::None => {}
+    }
+
+    Ok(())
+}
+
+pub(super) struct GitStoreOutcome {
+    pub(super) body_url: Option<String>,
+    pub(super) repo_root: PathBuf,
+}
+
+pub(super) fn maybe_git_store(session: &Session, config: &DaemonConfig) -> Option<GitStoreOutcome> {
+    if config.git_storage.method == GitStorageMethod::Sqlite {
+        return None;
+    }
+
+    let cwd = session_cwd(session)?;
+    let repo_root = crate::config::find_repo_root(cwd)?;
+    let git_ctx = extract_git_context(cwd);
+    let branch = resolve_ledger_branch(git_ctx.branch.as_deref(), git_ctx.commit.as_deref());
+    let ref_name = branch_ledger_ref(&branch);
+    let commit_shas = collect_commit_shas_for_session(&repo_root, session);
+
+    let hail_jsonl = session_to_hail_jsonl_bytes(session)?;
+    let git_meta = GitMeta {
+        remote: git_ctx.remote.clone(),
+        repo_name: git_ctx.repo_name.clone(),
+        branch: Some(branch),
+        head: git_ctx.commit.clone(),
+        commits: commit_shas.clone(),
+    };
+    let meta_json = build_session_meta_json(session, Some(&git_meta));
+
+    let storage = opensession_git_native::NativeGitStorage;
+    match storage.store_session_at_ref(
+        &repo_root,
+        &ref_name,
+        &session.session_id,
+        &hail_jsonl,
+        &meta_json,
+        &commit_shas,
+    ) {
+        Ok(stored) => {
+            info!(
+                "Stored session {} to git ref {} at {}",
+                session.session_id, stored.ref_name, stored.hail_path
+            );
+            let body_url = git_ctx.remote.as_ref().map(|remote| {
+                opensession_git_native::generate_raw_url(
+                    remote,
+                    &stored.commit_id,
+                    &stored.hail_path,
+                )
+            });
+            Some(GitStoreOutcome {
+                body_url,
+                repo_root,
+            })
+        }
+        Err(error) => {
+            warn!(
+                "Git-native store failed for session {}: {}",
+                session.session_id, error
+            );
+            None
+        }
+    }
+}
+
+pub(super) fn mark_session_share_ready(
+    session: &Session,
+    db: &LocalDb,
+    body_url: Option<&str>,
+) -> Result<()> {
+    if let Some(url) = body_url {
+        info!(
+            "Session {} stored in git-native ledger and share-ready ({})",
+            session.session_id, url
+        );
+    } else {
+        info!(
+            "Session {} indexed locally. Share with CLI quick flow: opensession share os://src/local/<sha256> --quick",
+            session.session_id
+        );
+    }
+    db.mark_synced(&session.session_id)?;
+    Ok(())
+}
diff --git a/crates/daemon/src/scheduler/runtime.rs b/crates/daemon/src/scheduler/runtime.rs
new file mode 100644
index 00000000..bae6413e
--- /dev/null
+++ b/crates/daemon/src/scheduler/runtime.rs
@@ -0,0 +1,134 @@
+use opensession_local_db::LocalDb;
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::time::Duration;
+use tokio::sync::mpsc;
+use tokio::time::Instant;
+use tracing::{debug, error, info, warn};
+
+use crate::config::{DaemonConfig, PublishMode};
+use crate::repo_registry::RepoRegistry;
+use crate::watcher::FileChangeEvent;
+
+use super::config_resolution::{
+    resolve_git_retention_schedule, resolve_lifecycle_schedule, resolve_publish_mode,
+    should_auto_upload,
+};
+use super::git_retention::run_git_retention_once;
+use super::lifecycle::{run_lifecycle_cleanup_on_start, run_lifecycle_cleanup_once};
+use super::pipeline::process_file;
+
+pub async fn run_scheduler(
+    config: DaemonConfig,
+    mut rx: mpsc::UnboundedReceiver<FileChangeEvent>,
+    mut shutdown: tokio::sync::watch::Receiver<bool>,
+    db: std::sync::Arc<LocalDb>,
+) {
+    let debounce_duration = Duration::from_secs(config.daemon.debounce_secs);
+
+    let effective_mode = resolve_publish_mode(&config.daemon);
+    let mut repo_registry = match RepoRegistry::load_default() {
+        Ok(registry) => registry,
+        Err(error) => {
+            warn!("failed to load repo registry: {error}");
+            RepoRegistry::default()
+        }
+    };
+
+    run_lifecycle_cleanup_on_start(&config, &db, &repo_registry);
+
+    let mut pending: HashMap<PathBuf, Instant> = HashMap::new();
+
+    let mut tick = tokio::time::interval(Duration::from_secs(1));
+    let retention_schedule = resolve_git_retention_schedule(&config);
+    let mut next_retention_run = retention_schedule.map(|(_, interval)| Instant::now() + interval);
+    let lifecycle_interval = resolve_lifecycle_schedule(&config);
+    let mut next_lifecycle_run = lifecycle_interval.map(|interval| Instant::now() + interval);
+
+    loop {
+        tokio::select! {
+            Some(event) = rx.recv() => {
+                debug!("Scheduling: {:?}", event.path.display());
+                pending.insert(event.path, Instant::now());
+            }
+            _ = tick.tick() => {
+                let now = Instant::now();
+                let effective_debounce = match effective_mode {
+                    PublishMode::Realtime => Duration::from_millis(config.daemon.realtime_debounce_ms),
+                    _ => debounce_duration,
+                };
+
+                let ready: Vec<PathBuf> = pending
+                    .iter()
+                    .filter(|(_, last_change)| now.duration_since(**last_change) >= effective_debounce)
+                    .map(|(path, _)| path.clone())
+                    .collect();
+
+                for path in ready {
+                    pending.remove(&path);
+                    if matches!(effective_mode, PublishMode::Manual) {
+                        debug!(
+                            "Manual mode, indexing locally without auto-publish: {}",
+                            path.display()
+                        );
+                    }
+                    if let Err(error) = process_file(
+                        &path,
+                        &config,
+                        &db,
+                        &mut repo_registry,
+                        should_auto_upload(&effective_mode),
+                    )
+                    .await
+                    {
+                        error!("Failed to process {}: {:#}", path.display(), error);
+                    }
+                }
+
+                maybe_run_retention_cycle(now, retention_schedule, &mut next_retention_run, &repo_registry);
+                maybe_run_lifecycle_cycle(now, lifecycle_interval, &mut next_lifecycle_run, &config, &db, &repo_registry);
+            }
+            _ = shutdown.changed() => {
+                if *shutdown.borrow() {
+                    info!("Scheduler shutting down");
+                    break;
+                }
+            }
+        }
+    }
+}
+
+fn maybe_run_retention_cycle(
+    now: Instant,
+    retention_schedule: Option<(u32, Duration)>,
+    next_retention_run: &mut Option<Instant>,
+    repo_registry: &RepoRegistry,
+) {
+    if let (Some((keep_days, interval)), Some(next_at)) = (retention_schedule, *next_retention_run)
+    {
+        if now >= next_at {
+            if let Err(error) = run_git_retention_once(repo_registry, keep_days) {
+                warn!("Git retention scan failed: {error}");
+            }
+            *next_retention_run = Some(now + interval);
+        }
+    }
+}
+
+fn maybe_run_lifecycle_cycle(
+    now: Instant,
+    lifecycle_interval: Option<Duration>,
+    next_lifecycle_run: &mut Option<Instant>,
+    config: &DaemonConfig,
+    db: &LocalDb,
+    repo_registry: &RepoRegistry,
+) {
+    if let (Some(interval), Some(next_at)) = (lifecycle_interval, *next_lifecycle_run) {
+        if now >= next_at {
+            if let Err(error) = run_lifecycle_cleanup_once(config, db, repo_registry) {
+                warn!("Lifecycle cleanup failed: {error}");
+            }
+            *next_lifecycle_run = Some(now + interval);
+        }
+    }
+}
diff --git a/crates/daemon/src/scheduler/tests.rs b/crates/daemon/src/scheduler/tests.rs
new file mode 100644
index 00000000..76542cf8
--- /dev/null
+++ b/crates/daemon/src/scheduler/tests.rs
@@ -0,0 +1,712 @@
+use super::config_resolution::{
+    resolve_git_retention_schedule, resolve_lifecycle_schedule, resolve_publish_mode,
+    should_auto_upload,
+};
+use super::helpers::{build_session_meta_json, session_cwd, session_to_hail_jsonl_bytes};
+use super::lifecycle::{run_lifecycle_cleanup_on_start, run_lifecycle_cleanup_once};
+use super::pipeline::{maybe_generate_semantic_summary, store_locally};
+use crate::config::{
+    DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode, SessionDefaultView,
+};
+use crate::repo_registry::RepoRegistry;
+use chrono::Utc;
+use opensession_core::{Agent, Content, Event, EventType, Session};
+use opensession_git_native::{NativeGitStorage, SUMMARY_LEDGER_REF, SessionSummaryLedgerRecord};
+use opensession_local_db::LocalDb;
+use opensession_runtime_config::{SummaryProvider, SummaryStorageBackend, SummaryTriggerMode};
+use serde_json::json;
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use std::time::Duration;
+use tempfile::tempdir;
+
+fn make_session_with_attrs(attrs: HashMap<String, serde_json::Value>) -> Session {
+    let mut session = Session::new(
+        "test-session-id".into(),
+        Agent {
+            provider: "anthropic".into(),
+            model: "claude-opus-4-6".into(),
+            tool: "claude-code".into(),
+            tool_version: None,
+        },
+    );
+    session.context.attributes = attrs;
+    session
+}
+
+fn make_interaction_fixture_session(session_id: &str) -> Session {
+    let mut session = Session::new(
+        session_id.to_string(),
+        Agent {
+            provider: "anthropic".into(),
+            model: "claude-opus-4-6".into(),
+            tool: "claude-code".into(),
+            tool_version: None,
+        },
+    );
+    session.events = vec![
+        Event {
+            event_id: format!("{session_id}-user"),
+            timestamp: Utc::now(),
+            event_type: EventType::UserMessage,
+            task_id: None,
+            content: Content::text("hello"),
+            duration_ms: None,
+            attributes: HashMap::new(),
+        },
+        Event {
+            event_id: format!("{session_id}-tool"),
+            timestamp: Utc::now(),
+            event_type: EventType::ToolCall {
+                name: "write_file".to_string(),
+            },
+            task_id: None,
+            content: Content::text(""),
+            duration_ms: None,
+            attributes: HashMap::new(),
+        },
+    ];
+    session.recompute_stats();
+    session
+}
+
+fn init_git_repo(path: &Path) {
+    let status = Command::new("git")
+        .arg("init")
+        .current_dir(path)
+        .status()
+        .expect("git init should run");
+    assert!(status.success(), "git init should succeed");
+
+    let status = Command::new("git")
+        .args(["config", "user.email", "test@opensession.local"])
+        .current_dir(path)
+        .status()
+        .expect("git config user.email should run");
+    assert!(status.success(), "git config user.email should succeed");
+
+    let status = Command::new("git")
+        .args(["config", "user.name", "OpenSession Tests"])
+        .current_dir(path)
+        .status()
+        .expect("git config user.name should run");
+    assert!(status.success(), "git config user.name should succeed");
+}
+
+#[test]
+fn test_session_cwd_from_cwd_key() {
+    let mut attrs = HashMap::new();
+    attrs.insert("cwd".into(), json!("/home/user/project"));
+    let session = make_session_with_attrs(attrs);
+    assert_eq!(session_cwd(&session), Some("/home/user/project"));
+}
+
+#[test]
+fn test_session_cwd_from_working_directory() {
+    let mut attrs = HashMap::new();
+    attrs.insert("working_directory".into(), json!("/tmp/work"));
+    let session = make_session_with_attrs(attrs);
+    assert_eq!(session_cwd(&session), Some("/tmp/work"));
+}
+
+#[test]
+fn test_session_cwd_prefers_cwd_over_working_directory() {
+    let mut attrs = HashMap::new();
+    attrs.insert("cwd".into(), json!("/preferred"));
+    attrs.insert("working_directory".into(), json!("/fallback"));
+    let session = make_session_with_attrs(attrs);
+    assert_eq!(session_cwd(&session), Some("/preferred"));
+}
+
+#[test]
+fn test_session_cwd_missing() {
+    let session = make_session_with_attrs(HashMap::new());
+    assert_eq!(session_cwd(&session), None);
+}
+
+#[test]
+fn test_session_cwd_non_string_value_returns_none() {
+    let mut attrs = HashMap::new();
+    attrs.insert("cwd".into(), json!(42));
+    let session = make_session_with_attrs(attrs);
+    assert_eq!(session_cwd(&session), None);
+}
+
+#[test]
+fn test_build_session_meta_json_with_title() {
+    let mut session = make_session_with_attrs(HashMap::new());
+    session.context.title = Some("My Session Title".into());
+
+    let bytes = build_session_meta_json(&session, None);
+    let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
+
+    assert_eq!(parsed["session_id"], "test-session-id");
+    assert_eq!(parsed["schema_version"], 2);
+    assert_eq!(parsed["title"], "My Session Title");
+    assert_eq!(parsed["tool"], "claude-code");
+    assert_eq!(parsed["model"], "claude-opus-4-6");
+    assert!(parsed["stats"].is_object());
+}
+
+#[test]
+fn test_build_session_meta_json_no_title() {
+    let session = make_session_with_attrs(HashMap::new());
+
+    let bytes = build_session_meta_json(&session, None);
+    let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
+
+    assert_eq!(parsed["session_id"], "test-session-id");
+    assert!(parsed["title"].is_null());
+    assert_eq!(parsed["tool"], "claude-code");
+    assert_eq!(parsed["model"], "claude-opus-4-6");
+}
+
+#[test]
+fn test_build_session_meta_json_includes_git_block() {
+    let session = make_session_with_attrs(HashMap::new());
+    let git = opensession_core::session::GitMeta {
+        remote: Some("git@github.com:org/repo.git".to_string()),
+        repo_name: Some("org/repo".to_string()),
+        branch: Some("feature/x".to_string()),
+        head: Some("abcd1234".to_string()),
+        commits: vec!["abcd1234".to_string()],
+    };
+
+    let bytes = build_session_meta_json(&session, Some(&git));
+    let parsed: serde_json::Value = serde_json::from_slice(&bytes).unwrap();
+    assert_eq!(parsed["schema_version"], 2);
+    assert_eq!(parsed["git"]["repo_name"], "org/repo");
+    assert_eq!(parsed["git"]["head"], "abcd1234");
+}
+
+#[test]
+fn test_session_to_hail_jsonl_bytes_uses_header_event_stats_lines() {
+    let mut session = make_session_with_attrs(HashMap::new());
+    session.events.push(opensession_core::Event {
+        event_id: "e1".into(),
+        timestamp: Utc::now(),
+        event_type: opensession_core::EventType::UserMessage,
+        task_id: None,
+        content: opensession_core::Content::text("hello"),
+        duration_ms: None,
+        attributes: HashMap::new(),
+    });
+    session.recompute_stats();
+
+    let body = session_to_hail_jsonl_bytes(&session).expect("serialize HAIL JSONL");
+    let text = String::from_utf8(body).expect("jsonl must be utf-8");
+    let lines: Vec<&str> = text.lines().filter(|line| !line.is_empty()).collect();
+    assert_eq!(lines.len(), 3, "expected header/event/stats lines");
+
+    let header: serde_json::Value = serde_json::from_str(lines[0]).unwrap();
+    assert_eq!(header["type"], "header");
+    let event: serde_json::Value = serde_json::from_str(lines[1]).unwrap();
+    assert_eq!(event["type"], "event");
+    let stats: serde_json::Value = serde_json::from_str(lines[2]).unwrap();
+    assert_eq!(stats["type"], "stats");
+}
+
+#[test]
+fn test_resolve_publish_mode_auto_publish_true() {
+    let settings = DaemonSettings {
+        auto_publish: true,
+        publish_on: PublishMode::SessionEnd,
+        ..Default::default()
+    };
+    assert_eq!(resolve_publish_mode(&settings), PublishMode::SessionEnd);
+}
+
+#[test]
+fn test_resolve_publish_mode_auto_publish_false_manual() {
+    let settings = DaemonSettings {
+        auto_publish: false,
+        publish_on: PublishMode::Manual,
+        ..Default::default()
+    };
+    assert_eq!(resolve_publish_mode(&settings), PublishMode::Manual);
+}
+
+#[test]
+fn test_resolve_publish_mode_uses_publish_on_even_when_auto_publish_false() {
+    let settings = DaemonSettings {
+        auto_publish: false,
+        publish_on: PublishMode::Realtime,
+        ..Default::default()
+    };
+    assert_eq!(resolve_publish_mode(&settings), PublishMode::Realtime);
+}
+
+#[test]
+fn test_should_auto_upload_is_false_for_manual_mode() {
+    assert!(!should_auto_upload(&PublishMode::Manual));
+}
+
+#[test]
+fn test_should_auto_upload_is_true_for_session_end_and_realtime() {
+    assert!(should_auto_upload(&PublishMode::SessionEnd));
+    assert!(should_auto_upload(&PublishMode::Realtime));
+}
+
+#[test]
+fn test_resolve_git_retention_schedule_disabled_by_default() {
+    let config = DaemonConfig::default();
+    assert!(resolve_git_retention_schedule(&config).is_none());
+}
+
+#[test]
+fn test_resolve_git_retention_schedule_enabled_native_mode() {
+    let mut config = DaemonConfig::default();
+    config.git_storage.method = GitStorageMethod::Native;
+    config.git_storage.retention.enabled = true;
+    config.git_storage.retention.keep_days = 14;
+    config.git_storage.retention.interval_secs = 120;
+
+    let (keep_days, interval) =
+        resolve_git_retention_schedule(&config).expect("retention should be enabled");
+    assert_eq!(keep_days, 14);
+    assert_eq!(interval, Duration::from_secs(120));
+}
+
+#[test]
+fn test_resolve_git_retention_schedule_enforces_min_interval() {
+    let mut config = DaemonConfig::default();
+    config.git_storage.method = GitStorageMethod::Native;
+    config.git_storage.retention.enabled = true;
+    config.git_storage.retention.interval_secs = 0;
+
+    let (_, interval) =
+        resolve_git_retention_schedule(&config).expect("retention should be enabled");
+    assert_eq!(interval, Duration::from_secs(60));
+}
+
+#[test]
+fn test_resolve_lifecycle_schedule_honors_enabled_and_min_interval() {
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = false;
+    assert!(resolve_lifecycle_schedule(&config).is_none());
+
+    config.lifecycle.enabled = true;
+    config.lifecycle.cleanup_interval_secs = 12;
+    assert_eq!(
+        resolve_lifecycle_schedule(&config),
+        Some(Duration::from_secs(60))
+    );
+
+    config.lifecycle.cleanup_interval_secs = 120;
+    assert_eq!(
+        resolve_lifecycle_schedule(&config),
+        Some(Duration::from_secs(120))
+    );
+}
+
+#[test]
+fn test_run_lifecycle_cleanup_on_start_runs_immediately() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = tmp.path().join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let mut expired = make_interaction_fixture_session("startup-expired-session");
+    expired.context.created_at = Utc::now() - chrono::Duration::days(90);
+    expired.context.updated_at = expired.context.created_at;
+    db.upsert_local_session(
+        &expired,
+        "/tmp/startup-expired-session.jsonl",
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert expired session");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 30;
+    config.lifecycle.summary_ttl_days = 30;
+    config.lifecycle.cleanup_interval_secs = 3600;
+
+    run_lifecycle_cleanup_on_start(&config, &db, &RepoRegistry::default());
+
+    assert!(
+        db.get_session_by_id("startup-expired-session")
+            .expect("query expired session")
+            .is_none(),
+        "expired session should be deleted during startup lifecycle cleanup"
+    );
+}
+
+#[test]
+fn test_run_lifecycle_cleanup_deletes_expired_sessions_and_hidden_ref_summaries() {
+    let tmp = tempdir().expect("tempdir");
+    let repo_root = tmp.path().join("repo");
+    std::fs::create_dir_all(&repo_root).expect("create repo root");
+    init_git_repo(&repo_root);
+
+    let db_path = tmp.path().join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+    let mut expired = make_interaction_fixture_session("expired-session");
+    expired.context.created_at = Utc::now() - chrono::Duration::days(90);
+    expired.context.updated_at = expired.context.created_at;
+    expired.context.attributes.insert(
+        "working_directory".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    db.upsert_local_session(
+        &expired,
+        "/tmp/expired-session.jsonl",
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert expired session");
+
+    let mut active = make_interaction_fixture_session("active-session");
+    active.context.attributes.insert(
+        "working_directory".to_string(),
+        json!(repo_root.to_string_lossy().to_string()),
+    );
+    db.upsert_local_session(
+        &active,
+        "/tmp/active-session.jsonl",
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert active session");
+
+    let storage = NativeGitStorage;
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "expired-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "expired" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store expired summary");
+    storage
+        .store_summary_at_ref(
+            &repo_root,
+            SUMMARY_LEDGER_REF,
+            &SessionSummaryLedgerRecord {
+                session_id: "active-session".to_string(),
+                generated_at: "2026-01-01T00:00:00Z".to_string(),
+                provider: "codex_exec".to_string(),
+                model: None,
+                source_kind: "session_signals".to_string(),
+                generation_kind: "provider".to_string(),
+                prompt_fingerprint: None,
+                summary: json!({ "changes": "active" }),
+                source_details: json!({}),
+                diff_tree: vec![],
+                error: None,
+            },
+        )
+        .expect("store active summary");
+
+    let mut registry = RepoRegistry::default();
+    registry
+        .add(&repo_root)
+        .expect("repo registry should accept repo root");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 30;
+    config.lifecycle.summary_ttl_days = 10_000;
+    config.lifecycle.cleanup_interval_secs = 60;
+
+    run_lifecycle_cleanup_once(&config, &db, &registry).expect("run lifecycle cleanup");
+
+    assert!(
+        db.get_session_by_id("expired-session")
+            .expect("query expired session")
+            .is_none(),
+        "expired session should be deleted"
+    );
+    assert!(
+        db.get_session_by_id("active-session")
+            .expect("query active session")
+            .is_some(),
+        "active session should remain"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "expired-session")
+            .expect("load expired summary")
+            .is_none(),
+        "hidden-ref summary for expired session should be deleted"
+    );
+    assert!(
+        storage
+            .load_summary_at_ref(&repo_root, SUMMARY_LEDGER_REF, "active-session")
+            .expect("load active summary")
+            .is_some(),
+        "active session summary should remain"
+    );
+}
+
+#[test]
+fn test_run_lifecycle_cleanup_prunes_local_summary_rows_by_ttl() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = tmp.path().join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let session_old = make_interaction_fixture_session("summary-old");
+    db.upsert_local_session(
+        &session_old,
+        "/tmp/summary-old.jsonl",
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert old summary session");
+    let session_new = make_interaction_fixture_session("summary-new");
+    db.upsert_local_session(
+        &session_new,
+        "/tmp/summary-new.jsonl",
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert new summary session");
+
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id: "summary-old",
+        summary_json: r#"{"changes":"old"}"#,
+        generated_at: "2020-01-01T00:00:00Z",
+        provider: "codex_exec",
+        model: None,
+        source_kind: "session_signals",
+        generation_kind: "provider",
+        prompt_fingerprint: None,
+        source_details_json: None,
+        diff_tree_json: None,
+        error: None,
+    })
+    .expect("insert old summary");
+    db.upsert_session_semantic_summary(&opensession_local_db::SessionSemanticSummaryUpsert {
+        session_id: "summary-new",
+        summary_json: r#"{"changes":"new"}"#,
+        generated_at: "2999-01-01T00:00:00Z",
+        provider: "codex_exec",
+        model: None,
+        source_kind: "session_signals",
+        generation_kind: "provider",
+        prompt_fingerprint: None,
+        source_details_json: None,
+        diff_tree_json: None,
+        error: None,
+    })
+    .expect("insert new summary");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 10_000;
+    config.lifecycle.summary_ttl_days = 30;
+    config.lifecycle.cleanup_interval_secs = 60;
+
+    run_lifecycle_cleanup_once(&config, &db, &RepoRegistry::default())
+        .expect("run lifecycle cleanup");
+
+    assert!(
+        db.get_session_semantic_summary("summary-old")
+            .expect("query old summary")
+            .is_none(),
+        "old summary should be pruned"
+    );
+    assert!(
+        db.get_session_semantic_summary("summary-new")
+            .expect("query new summary")
+            .is_some(),
+        "new summary should remain"
+    );
+}
+
+#[test]
+fn test_run_lifecycle_cleanup_deletes_sessions_with_missing_source_parent_dir() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = tmp.path().join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let missing_parent_root = tmp.path().join("deleted-source-root");
+    std::fs::create_dir_all(&missing_parent_root).expect("create missing parent root");
+    let missing_parent_source = missing_parent_root.join("missing-parent.jsonl");
+
+    let existing_parent_root = tmp.path().join("existing-source-root");
+    std::fs::create_dir_all(&existing_parent_root).expect("create existing parent root");
+    let existing_parent_source = existing_parent_root.join("missing-file.jsonl");
+
+    let missing_parent_session = make_interaction_fixture_session("missing-parent-session");
+    db.upsert_local_session(
+        &missing_parent_session,
+        missing_parent_source
+            .to_str()
+            .expect("missing parent source path should be utf-8"),
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert missing-parent session");
+
+    let existing_parent_session = make_interaction_fixture_session("existing-parent-session");
+    db.upsert_local_session(
+        &existing_parent_session,
+        existing_parent_source
+            .to_str()
+            .expect("existing parent source path should be utf-8"),
+        &opensession_local_db::git::GitContext::default(),
+    )
+    .expect("upsert existing-parent session");
+
+    std::fs::remove_dir_all(&missing_parent_root).expect("remove missing parent root");
+
+    let mut config = DaemonConfig::default();
+    config.lifecycle.enabled = true;
+    config.lifecycle.session_ttl_days = 10_000;
+    config.lifecycle.summary_ttl_days = 10_000;
+    config.lifecycle.cleanup_interval_secs = 60;
+
+    run_lifecycle_cleanup_once(&config, &db, &RepoRegistry::default())
+        .expect("run lifecycle cleanup");
+
+    assert!(
+        db.get_session_by_id("missing-parent-session")
+            .expect("query missing-parent session")
+            .is_none(),
+        "session should be deleted when source parent directory is gone"
+    );
+    assert!(
+        db.get_session_by_id("existing-parent-session")
+            .expect("query existing-parent session")
+            .is_some(),
+        "session should remain when source parent directory still exists"
+    );
+}
+
+#[test]
+fn test_store_locally_uses_compressed_session_only_when_default_view_is_compressed() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = PathBuf::from(tmp.path()).join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let full_session = make_interaction_fixture_session("store-full");
+    let mut full_config = DaemonConfig::default();
+    full_config.daemon.session_default_view = SessionDefaultView::Full;
+    store_locally(
+        &full_session,
+        Path::new("/tmp/store-full.jsonl"),
+        &db,
+        &full_config,
+    )
+    .expect("store full session");
+
+    let stored_full = db
+        .get_session_by_id("store-full")
+        .expect("query full")
+        .expect("full session exists");
+    assert_eq!(stored_full.event_count, 2);
+
+    let compressed_session = make_interaction_fixture_session("store-compressed");
+    let mut compressed_config = DaemonConfig::default();
+    compressed_config.daemon.session_default_view = SessionDefaultView::Compressed;
+    store_locally(
+        &compressed_session,
+        Path::new("/tmp/store-compressed.jsonl"),
+        &db,
+        &compressed_config,
+    )
+    .expect("store compressed session");
+
+    let stored_compressed = db
+        .get_session_by_id("store-compressed")
+        .expect("query compressed")
+        .expect("compressed session exists");
+    assert_eq!(stored_compressed.event_count, 1);
+}
+
+#[test]
+fn test_store_locally_caches_source_body() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = PathBuf::from(tmp.path()).join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+    let session = make_interaction_fixture_session("store-cache");
+    let source_path = PathBuf::from(tmp.path()).join("store-cache.jsonl");
+    let source_body = b"{\"source\":\"fixture\"}\n".to_vec();
+    std::fs::write(&source_path, &source_body).expect("write source fixture");
+
+    let mut config = DaemonConfig::default();
+    config.daemon.session_default_view = SessionDefaultView::Full;
+    store_locally(&session, &source_path, &db, &config).expect("store cached session");
+
+    let cached = db
+        .get_cached_body("store-cache")
+        .expect("query body cache")
+        .expect("cache row should exist");
+    assert_eq!(cached, source_body);
+}
+
+#[tokio::test]
+async fn test_auto_summary_runs_on_session_save_and_persists_row() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = PathBuf::from(tmp.path()).join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let session = make_interaction_fixture_session("summary-auto");
+    let mut config = DaemonConfig::default();
+    config.summary.provider.id = SummaryProvider::CodexExec;
+    config.summary.storage.trigger = SummaryTriggerMode::OnSessionSave;
+    config.summary.storage.backend = SummaryStorageBackend::LocalDb;
+
+    maybe_generate_semantic_summary(&session, &db, &config)
+        .await
+        .expect("summary generation should not fail hard");
+
+    let row = db
+        .get_session_semantic_summary("summary-auto")
+        .expect("query summary")
+        .expect("summary row should exist");
+    assert_eq!(row.provider, "codex_exec");
+    assert_eq!(row.source_kind, "session_signals");
+    assert!(!row.summary_json.trim().is_empty());
+}
+
+#[tokio::test]
+async fn test_auto_summary_skips_when_trigger_mode_is_manual() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = PathBuf::from(tmp.path()).join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let session = make_interaction_fixture_session("summary-manual");
+    let mut config = DaemonConfig::default();
+    config.summary.provider.id = SummaryProvider::CodexExec;
+    config.summary.storage.trigger = SummaryTriggerMode::Manual;
+    config.summary.storage.backend = SummaryStorageBackend::LocalDb;
+
+    maybe_generate_semantic_summary(&session, &db, &config)
+        .await
+        .expect("manual trigger should no-op");
+
+    let row = db
+        .get_session_semantic_summary("summary-manual")
+        .expect("query summary");
+    assert!(row.is_none());
+}
+
+#[tokio::test]
+async fn test_auto_summary_skips_when_storage_backend_is_none() {
+    let tmp = tempdir().expect("tempdir");
+    let db_path = PathBuf::from(tmp.path()).join("local.db");
+    let db = LocalDb::open_path(&db_path).expect("open local db");
+
+    let session = make_interaction_fixture_session("summary-no-persist");
+    let mut config = DaemonConfig::default();
+    config.summary.provider.id = SummaryProvider::CodexExec;
+    config.summary.storage.trigger = SummaryTriggerMode::OnSessionSave;
+    config.summary.storage.backend = SummaryStorageBackend::None;
+
+    maybe_generate_semantic_summary(&session, &db, &config)
+        .await
+        .expect("none persist should no-op");
+
+    let row = db
+        .get_session_semantic_summary("summary-no-persist")
+        .expect("query summary");
+    assert!(row.is_none());
+}
diff --git a/crates/parsers/src/codex.rs b/crates/parsers/src/codex.rs
deleted file mode 100644
index 5e7e5e68..00000000
--- a/crates/parsers/src/codex.rs
+++ /dev/null
@@ -1,3498 +0,0 @@
-use crate::SessionParser;
-use crate::common::{
-    INTERACTIVE_USER_INPUT_TOOL, attach_semantic_attrs, attach_source_attrs, canonical_tool_name,
-    infer_tool_kind, set_first,
-};
-use anyhow::{Context, Result};
-use chrono::{DateTime, Utc};
-use opensession_core::session::{ATTR_PARENT_SESSION_ID, ATTR_SESSION_ROLE};
-use opensession_core::trace::{
-    Agent, Content, ContentBlock, Event, EventType, Session, SessionContext,
-};
-use std::collections::{BTreeMap, HashMap};
-use std::io::BufRead;
-use std::path::{Path, PathBuf};
-
-pub struct CodexParser;
-
-impl SessionParser for CodexParser {
-    fn name(&self) -> &str {
-        "codex"
-    }
-
-    fn can_parse(&self, path: &Path) -> bool {
-        path.extension().is_some_and(|ext| ext == "jsonl")
-            && path
-                .to_str()
-                .is_some_and(|s| s.contains(".codex/sessions") || s.contains("codex/sessions"))
-    }
-
-    fn parse(&self, path: &Path) -> Result<Session> {
-        parse_codex_jsonl(path)
-    }
-}
-
-#[derive(Debug, Clone, Default)]
-struct RequestUserInputCallMeta {
-    questions: Vec<InteractiveQuestionMeta>,
-}
-
-#[derive(Debug, Clone, Default)]
-struct InteractiveQuestionMeta {
-    id: String,
-    header: Option<String>,
-    question: Option<String>,
-}
-
-// ── Parsing logic ───────────────────────────────────────────────────────────
-//
-// Codex CLI JSONL format:
-//   Line 1:  {id, timestamp, instructions, git?}     — session header (no `type` field)
-//   Line 2+: {record_type: "state"}                   — state markers (skip)
-//   Line 3+: {type: "message"|"reasoning"|"function_call"|..., ...}  — entries
-//
-// Model is NOT stored in the JSONL — it's in ~/.codex/config.toml globally.
-
-fn parse_codex_jsonl(path: &Path) -> Result<Session> {
-    let file = std::fs::File::open(path)
-        .with_context(|| format!("Failed to open Codex JSONL: {}", path.display()))?;
-    let reader = std::io::BufReader::new(file);
-
-    let mut events: Vec<Event> = Vec::new();
-    let mut session_id: Option<String> = None;
-    let mut event_counter = 0u64;
-    let mut first_user_text: Option<String> = None;
-    let mut last_function_name = "unknown".to_string();
-    // call_id → (event_id, function_name) for correlating function_call_output
-    let mut call_map: HashMap<String, (String, String)> = HashMap::new();
-    let mut session_ts: Option<DateTime<Utc>> = None;
-    let mut git_info: Option<serde_json::Value> = None;
-    let mut cwd: Option<String> = None;
-    let mut tool_version: Option<String> = None;
-    let mut originator: Option<String> = None;
-    let mut parent_session_id: Option<String> = None;
-    let mut is_auxiliary_session = false;
-    let mut is_desktop = false;
-    let mut open_tasks: BTreeMap<String, Option<String>> = BTreeMap::new();
-    let mut interactive_call_meta: HashMap<String, RequestUserInputCallMeta> = HashMap::new();
-
-    for line_result in reader.lines() {
-        let line = match line_result {
-            Ok(l) => l,
-            Err(_) => continue,
-        };
-        if line.trim().is_empty() {
-            continue;
-        }
-
-        let v: serde_json::Value = match serde_json::from_str(&line) {
-            Ok(v) => v,
-            Err(_) => continue,
-        };
-
-        let obj = match v.as_object() {
-            Some(o) => o,
-            None => continue,
-        };
-
-        // State marker — skip
-        if obj.contains_key("record_type") {
-            continue;
-        }
-
-        // Codex Desktop "session_meta" header (has `type: "session_meta"` + `payload`)
-        if obj.get("type").and_then(|v| v.as_str()) == Some("session_meta") {
-            is_desktop = true;
-            if let Some(payload) = obj.get("payload") {
-                set_first(
-                    &mut session_id,
-                    payload.get("id").and_then(|v| v.as_str()).map(String::from),
-                );
-                if let Some(ts_str) = payload.get("timestamp").and_then(|v| v.as_str()) {
-                    set_first(&mut session_ts, parse_timestamp(ts_str).ok());
-                }
-                if let Some(git) = payload.get("git") {
-                    set_first(&mut git_info, Some(git.clone()));
-                }
-                set_first(
-                    &mut cwd,
-                    payload
-                        .get("cwd")
-                        .and_then(|v| v.as_str())
-                        .map(String::from),
-                );
-                set_first(
-                    &mut tool_version,
-                    payload
-                        .get("cli_version")
-                        .and_then(|v| v.as_str())
-                        .map(String::from),
-                );
-                set_first(
-                    &mut originator,
-                    payload
-                        .get("originator")
-                        .and_then(|v| v.as_str())
-                        .map(String::from),
-                );
-                if codex_desktop_payload_is_auxiliary(payload) {
-                    is_auxiliary_session = true;
-                }
-                set_first(
-                    &mut parent_session_id,
-                    codex_desktop_parent_session_id(payload),
-                );
-            }
-            continue;
-        }
-
-        // Session header — no `type` field, has `id` + `timestamp` (legacy CLI format)
-        if !obj.contains_key("type") {
-            set_first(
-                &mut session_id,
-                obj.get("id").and_then(|v| v.as_str()).map(String::from),
-            );
-            if let Some(ts_str) = obj.get("timestamp").and_then(|v| v.as_str()) {
-                set_first(&mut session_ts, parse_timestamp(ts_str).ok());
-            }
-            if let Some(git) = obj.get("git") {
-                git_info = Some(git.clone());
-            }
-            continue;
-        }
-
-        let top_type = obj.get("type").and_then(|v| v.as_str()).unwrap_or("");
-
-        // Per-entry timestamp (Desktop format includes timestamp on each line)
-        let entry_ts = obj
-            .get("timestamp")
-            .and_then(|v| v.as_str())
-            .and_then(|s| parse_timestamp(s).ok())
-            .or(session_ts)
-            .unwrap_or_else(Utc::now);
-
-        // Codex Desktop: `response_item` wraps the payload which has the same
-        // structure as legacy flat entries (message, reasoning, function_call, etc.)
-        if top_type == "response_item" {
-            if let Some(payload) = obj.get("payload") {
-                if payload.get("type").and_then(|v| v.as_str()) == Some("message")
-                    && payload.get("role").and_then(|v| v.as_str()) == Some("user")
-                    && looks_like_summary_batch_prompt(&extract_message_text_blocks(
-                        payload.get("content"),
-                    ))
-                {
-                    is_auxiliary_session = true;
-                }
-                // In Desktop format, response_item/message/role=user includes
-                // system-injected content (AGENTS.md, env context). The real user
-                // message comes from event_msg/user_message, so skip first_user_text
-                // extraction here for Desktop sessions.
-                let mut discard_user_text: Option<String> = None;
-                let user_text_target = if is_desktop {
-                    &mut discard_user_text
-                } else {
-                    &mut first_user_text
-                };
-                process_item_with_options(
-                    payload,
-                    entry_ts,
-                    &mut events,
-                    &mut event_counter,
-                    user_text_target,
-                    &mut last_function_name,
-                    &mut call_map,
-                    &mut interactive_call_meta,
-                    is_desktop,
-                );
-            }
-            continue;
-        }
-
-        // Codex Desktop: `event_msg` contains UI-level events
-        if top_type == "event_msg" {
-            if let Some(payload) = obj.get("payload") {
-                let payload_type = payload.get("type").and_then(|v| v.as_str()).unwrap_or("");
-                match payload_type {
-                    "user_message" => {
-                        if let Some(msg) = payload.get("message").and_then(|v| v.as_str()) {
-                            let text = msg.trim().to_string();
-                            if looks_like_summary_batch_prompt(&text) {
-                                is_auxiliary_session = true;
-                            }
-                            if text.is_empty() || looks_like_injected_codex_user_text(&text) {
-                                continue;
-                            }
-                            set_first(&mut first_user_text, Some(text.clone()));
-                            push_user_message_event(
-                                &mut events,
-                                &mut event_counter,
-                                entry_ts,
-                                &text,
-                                Some("event_msg"),
-                            );
-                        }
-                    }
-                    "agent_message" => {
-                        if let Some(msg) = payload
-                            .get("message")
-                            .or_else(|| payload.get("text"))
-                            .or_else(|| payload.get("content"))
-                            .and_then(|v| v.as_str())
-                        {
-                            push_agent_message_event(
-                                &mut events,
-                                &mut event_counter,
-                                entry_ts,
-                                msg,
-                                Some("event_msg"),
-                            );
-                        }
-                    }
-                    "agent_reasoning" | "agent_reasoning_raw_content" => {
-                        if let Some(reasoning) = payload
-                            .get("message")
-                            .or_else(|| payload.get("text"))
-                            .or_else(|| payload.get("content"))
-                            .and_then(|v| v.as_str())
-                            .map(str::trim)
-                            .filter(|v| !v.is_empty())
-                        {
-                            event_counter += 1;
-                            let mut attributes = HashMap::new();
-                            let raw_type = if payload_type == "agent_reasoning_raw_content" {
-                                "event_msg:agent_reasoning_raw_content"
-                            } else {
-                                "event_msg:agent_reasoning"
-                            };
-                            attach_source_attrs(
-                                &mut attributes,
-                                Some("codex-desktop-v1"),
-                                Some(raw_type),
-                            );
-                            events.push(Event {
-                                event_id: format!("codex-{}", event_counter),
-                                timestamp: entry_ts,
-                                event_type: EventType::Thinking,
-                                task_id: None,
-                                content: Content::text(reasoning),
-                                duration_ms: None,
-                                attributes,
-                            });
-                        }
-                    }
-                    "token_count" => {
-                        let sampled = extract_token_counts(payload);
-                        let cumulative = extract_total_token_counts(payload);
-                        if sampled.is_some() || cumulative.is_some() {
-                            event_counter += 1;
-                            let mut attributes = HashMap::new();
-                            attach_source_attrs(
-                                &mut attributes,
-                                Some("codex-desktop-v1"),
-                                Some("event_msg:token_count"),
-                            );
-                            if let Some((input_tokens, output_tokens)) = sampled {
-                                if let Some(input_tokens) = input_tokens {
-                                    attributes.insert(
-                                        "input_tokens".to_string(),
-                                        serde_json::Value::Number(input_tokens.into()),
-                                    );
-                                }
-                                if let Some(output_tokens) = output_tokens {
-                                    attributes.insert(
-                                        "output_tokens".to_string(),
-                                        serde_json::Value::Number(output_tokens.into()),
-                                    );
-                                }
-                            }
-                            if let Some((input_total_tokens, output_total_tokens)) = cumulative {
-                                if let Some(input_total_tokens) = input_total_tokens {
-                                    attributes.insert(
-                                        "input_tokens_total".to_string(),
-                                        serde_json::Value::Number(input_total_tokens.into()),
-                                    );
-                                }
-                                if let Some(output_total_tokens) = output_total_tokens {
-                                    attributes.insert(
-                                        "output_tokens_total".to_string(),
-                                        serde_json::Value::Number(output_total_tokens.into()),
-                                    );
-                                }
-                            }
-                            events.push(Event {
-                                event_id: format!("codex-{}", event_counter),
-                                timestamp: entry_ts,
-                                event_type: EventType::Custom {
-                                    kind: "token_count".to_string(),
-                                },
-                                task_id: payload
-                                    .get("turn_id")
-                                    .or_else(|| payload.get("task_id"))
-                                    .and_then(|v| v.as_str())
-                                    .map(str::to_string),
-                                content: Content::empty(),
-                                duration_ms: None,
-                                attributes,
-                            });
-                        }
-                    }
-                    "context_compacted" => {
-                        event_counter += 1;
-                        let mut attributes = HashMap::new();
-                        attach_source_attrs(
-                            &mut attributes,
-                            Some("codex-desktop-v1"),
-                            Some("event_msg:context_compacted"),
-                        );
-                        events.push(Event {
-                            event_id: format!("codex-{}", event_counter),
-                            timestamp: entry_ts,
-                            event_type: EventType::Custom {
-                                kind: "context_compacted".to_string(),
-                            },
-                            task_id: payload
-                                .get("turn_id")
-                                .or_else(|| payload.get("task_id"))
-                                .and_then(|v| v.as_str())
-                                .map(str::to_string),
-                            content: Content::text("context compacted"),
-                            duration_ms: None,
-                            attributes,
-                        });
-                    }
-                    "item_completed" => {
-                        let item = payload.get("item").unwrap_or(&serde_json::Value::Null);
-                        let item_type = item
-                            .get("type")
-                            .and_then(|v| v.as_str())
-                            .map(str::trim)
-                            .unwrap_or("");
-                        if item_type.eq_ignore_ascii_case("plan") {
-                            event_counter += 1;
-                            let mut attributes = HashMap::new();
-                            attach_source_attrs(
-                                &mut attributes,
-                                Some("codex-desktop-v1"),
-                                Some("event_msg:item_completed"),
-                            );
-                            if let Some(plan_id) = item.get("id").and_then(|v| v.as_str()) {
-                                attributes.insert(
-                                    "plan_id".to_string(),
-                                    serde_json::Value::String(plan_id.to_string()),
-                                );
-                            }
-                            if let Some(turn_id) = payload.get("turn_id").and_then(|v| v.as_str()) {
-                                attributes.insert(
-                                    "turn_id".to_string(),
-                                    serde_json::Value::String(turn_id.to_string()),
-                                );
-                            }
-                            let plan_preview = item
-                                .get("text")
-                                .and_then(|v| v.as_str())
-                                .map(str::trim)
-                                .filter(|v| !v.is_empty())
-                                .and_then(|v| v.lines().find(|line| !line.trim().is_empty()))
-                                .map(str::trim)
-                                .unwrap_or("plan completed");
-                            events.push(Event {
-                                event_id: format!("codex-{}", event_counter),
-                                timestamp: entry_ts,
-                                event_type: EventType::Custom {
-                                    kind: "plan_completed".to_string(),
-                                },
-                                task_id: payload
-                                    .get("turn_id")
-                                    .or_else(|| payload.get("task_id"))
-                                    .and_then(|v| v.as_str())
-                                    .map(str::to_string),
-                                content: Content::text(format!("Plan completed: {plan_preview}")),
-                                duration_ms: None,
-                                attributes,
-                            });
-                        }
-                    }
-                    "turn_aborted" => {
-                        event_counter += 1;
-                        let mut attributes = HashMap::new();
-                        if let Some(reason) = payload
-                            .get("reason")
-                            .or_else(|| payload.get("message"))
-                            .or_else(|| payload.get("error"))
-                            .and_then(|v| v.as_str())
-                        {
-                            attributes.insert(
-                                "reason".to_string(),
-                                serde_json::Value::String(reason.to_string()),
-                            );
-                        }
-                        let task_id = payload
-                            .get("turn_id")
-                            .and_then(|v| v.as_str())
-                            .map(String::from);
-                        events.push(Event {
-                            event_id: format!("codex-{}", event_counter),
-                            timestamp: entry_ts,
-                            event_type: EventType::Custom {
-                                kind: "turn_aborted".to_string(),
-                            },
-                            task_id,
-                            content: Content::text("turn aborted"),
-                            duration_ms: None,
-                            attributes,
-                        });
-                    }
-                    "task_started" => {
-                        let turn_id = payload
-                            .get("turn_id")
-                            .or_else(|| payload.get("task_id"))
-                            .and_then(|v| v.as_str())
-                            .map(str::trim)
-                            .filter(|v| !v.is_empty())
-                            .map(String::from);
-                        if let Some(task_id) = turn_id {
-                            let title = payload
-                                .get("title")
-                                .or_else(|| payload.get("task"))
-                                .or_else(|| payload.get("name"))
-                                .and_then(|v| v.as_str())
-                                .map(str::trim)
-                                .filter(|v| !v.is_empty())
-                                .map(String::from);
-                            open_tasks.insert(task_id.clone(), title.clone());
-                            event_counter += 1;
-                            events.push(Event {
-                                event_id: format!("codex-{}", event_counter),
-                                timestamp: entry_ts,
-                                event_type: EventType::TaskStart {
-                                    title: title.clone(),
-                                },
-                                task_id: Some(task_id),
-                                content: Content::text(
-                                    title.unwrap_or_else(|| "task started".to_string()),
-                                ),
-                                duration_ms: None,
-                                attributes: HashMap::new(),
-                            });
-                        }
-                    }
-                    "task_complete" | "task_completed" | "task_finished" => {
-                        let turn_id = payload
-                            .get("turn_id")
-                            .or_else(|| payload.get("task_id"))
-                            .and_then(|v| v.as_str())
-                            .map(str::trim)
-                            .filter(|v| !v.is_empty())
-                            .map(String::from);
-                        if let Some(task_id) = turn_id {
-                            let summary = payload
-                                .get("last_agent_message")
-                                .or_else(|| payload.get("summary"))
-                                .or_else(|| payload.get("message"))
-                                .and_then(|v| v.as_str())
-                                .map(str::trim)
-                                .filter(|v| !v.is_empty())
-                                .map(String::from);
-                            if let Some(summary_text) = summary.as_deref() {
-                                push_agent_message_event(
-                                    &mut events,
-                                    &mut event_counter,
-                                    entry_ts,
-                                    summary_text,
-                                    Some("event_msg"),
-                                );
-                            }
-                            open_tasks.remove(&task_id);
-                            event_counter += 1;
-                            events.push(Event {
-                                event_id: format!("codex-{}", event_counter),
-                                timestamp: entry_ts,
-                                event_type: EventType::TaskEnd {
-                                    summary: summary.clone(),
-                                },
-                                task_id: Some(task_id),
-                                content: Content::text(
-                                    summary.unwrap_or_else(|| "task completed".to_string()),
-                                ),
-                                duration_ms: None,
-                                attributes: HashMap::new(),
-                            });
-                        }
-                    }
-                    _ => {}
-                }
-            }
-            continue;
-        }
-
-        // Skip other Desktop-only wrapper types
-        if top_type == "turn_context" {
-            continue;
-        }
-
-        // Legacy flat entry with type field (message, reasoning, function_call, etc.)
-        process_item_with_options(
-            &v,
-            entry_ts,
-            &mut events,
-            &mut event_counter,
-            &mut first_user_text,
-            &mut last_function_name,
-            &mut call_map,
-            &mut interactive_call_meta,
-            is_desktop,
-        );
-    }
-
-    if !open_tasks.is_empty() {
-        let synthetic_ts = events
-            .last()
-            .map(|event| event.timestamp)
-            .or(session_ts)
-            .unwrap_or_else(Utc::now);
-        for (task_id, title) in open_tasks {
-            event_counter += 1;
-            events.push(Event {
-                event_id: format!("codex-{}", event_counter),
-                timestamp: synthetic_ts,
-                event_type: EventType::TaskEnd {
-                    summary: Some("synthetic end (missing task_complete)".to_string()),
-                },
-                task_id: Some(task_id),
-                content: Content::text(title.unwrap_or_else(|| "synthetic task end".to_string())),
-                duration_ms: None,
-                attributes: HashMap::new(),
-            });
-        }
-    }
-
-    // ── Build Session ───────────────────────────────────────────────────────
-
-    let session_id = session_id.unwrap_or_else(|| {
-        path.file_stem()
-            .and_then(|s| s.to_str())
-            .unwrap_or("unknown")
-            .to_string()
-    });
-
-    let (provider, model) = load_codex_agent_identity();
-    let agent = Agent {
-        provider,
-        model,
-        tool: "codex".to_string(),
-        tool_version,
-    };
-
-    let (created_at, updated_at) =
-        if let (Some(first), Some(last)) = (events.first(), events.last()) {
-            (first.timestamp, last.timestamp)
-        } else {
-            let now = session_ts.unwrap_or_else(Utc::now);
-            (now, now)
-        };
-
-    let mut attributes = HashMap::new();
-    if let Some(git) = git_info {
-        if let Some(branch) = json_object_string(
-            &git,
-            &["branch", "git_branch", "current_branch", "ref", "head"],
-        ) {
-            attributes.insert("git_branch".to_string(), serde_json::Value::String(branch));
-        }
-        if let Some(repo_name) =
-            json_object_string(&git, &["repo_name", "repository", "repo", "name"])
-        {
-            attributes.insert(
-                "git_repo_name".to_string(),
-                serde_json::Value::String(repo_name),
-            );
-        }
-        attributes.insert("git".to_string(), git);
-    }
-    if let Some(ref dir) = cwd {
-        attributes.insert("cwd".to_string(), serde_json::Value::String(dir.clone()));
-    }
-    if let Some(ref orig) = originator {
-        attributes.insert(
-            "originator".to_string(),
-            serde_json::Value::String(orig.clone()),
-        );
-    }
-    if first_user_text
-        .as_deref()
-        .is_some_and(looks_like_summary_batch_prompt)
-    {
-        is_auxiliary_session = true;
-    }
-    let mut related_session_ids = Vec::new();
-    if is_auxiliary_session {
-        attributes.insert(
-            ATTR_SESSION_ROLE.to_string(),
-            serde_json::Value::String("auxiliary".to_string()),
-        );
-        if let Some(parent_id) = parent_session_id.as_ref() {
-            attributes.insert(
-                ATTR_PARENT_SESSION_ID.to_string(),
-                serde_json::Value::String(parent_id.clone()),
-            );
-            related_session_ids.push(parent_id.clone());
-        }
-    }
-
-    let title = first_user_text.map(|t| {
-        if t.chars().count() > 80 {
-            let truncated: String = t.chars().take(77).collect();
-            format!("{}...", truncated)
-        } else {
-            t
-        }
-    });
-
-    let context = SessionContext {
-        title,
-        description: None,
-        tags: vec!["codex".to_string()],
-        created_at,
-        updated_at,
-        related_session_ids,
-        attributes,
-    };
-
-    let mut session = Session::new(session_id, agent);
-    session.context = context;
-    session.events = events;
-    session.recompute_stats();
-
-    Ok(session)
-}
-
-/// Process a flat entry with `type` at the top level.
-#[cfg(test)]
-fn process_item(
-    item: &serde_json::Value,
-    ts: DateTime<Utc>,
-    events: &mut Vec<Event>,
-    counter: &mut u64,
-    first_user_text: &mut Option<String>,
-    last_function_name: &mut String,
-    call_map: &mut HashMap<String, (String, String)>,
-) {
-    let mut interactive_call_meta = HashMap::new();
-    process_item_with_options(
-        item,
-        ts,
-        events,
-        counter,
-        first_user_text,
-        last_function_name,
-        call_map,
-        &mut interactive_call_meta,
-        false,
-    );
-}
-
-#[allow(clippy::too_many_arguments)]
-fn process_item_with_options(
-    item: &serde_json::Value,
-    ts: DateTime<Utc>,
-    events: &mut Vec<Event>,
-    counter: &mut u64,
-    first_user_text: &mut Option<String>,
-    last_function_name: &mut String,
-    call_map: &mut HashMap<String, (String, String)>,
-    interactive_call_meta: &mut HashMap<String, RequestUserInputCallMeta>,
-    filter_injected_user_text: bool,
-) {
-    let item_type = match item.get("type").and_then(|v| v.as_str()) {
-        Some(t) => t,
-        None => return,
-    };
-
-    match item_type {
-        "message" => {
-            let role = item.get("role").and_then(|v| v.as_str()).unwrap_or("");
-            let text = extract_message_text_blocks(item.get("content"));
-
-            if text.is_empty() {
-                return;
-            }
-
-            if role == "user"
-                && filter_injected_user_text
-                && looks_like_injected_codex_user_text(&text)
-            {
-                return;
-            }
-
-            let event_type = match role {
-                "user" => EventType::UserMessage,
-                "assistant" => EventType::AgentMessage,
-                "developer" | "system" => return,
-                _ => return,
-            };
-
-            if role == "user" {
-                set_first(first_user_text, Some(text.clone()));
-            }
-
-            if matches!(event_type, EventType::UserMessage) {
-                let source = if filter_injected_user_text {
-                    Some("response_fallback")
-                } else {
-                    None
-                };
-                push_user_message_event(events, counter, ts, &text, source);
-            } else {
-                let source = if filter_injected_user_text {
-                    Some("response_fallback")
-                } else {
-                    None
-                };
-                push_agent_message_event(events, counter, ts, &text, source);
-            }
-        }
-        "reasoning" => {
-            let summaries = item
-                .get("summary")
-                .and_then(|v| v.as_array())
-                .cloned()
-                .unwrap_or_default();
-            let text: String = summaries
-                .iter()
-                .filter_map(|s| {
-                    let stype = s.get("type").and_then(|v| v.as_str())?;
-                    if stype == "summary_text" {
-                        s.get("text").and_then(|v| v.as_str()).map(String::from)
-                    } else {
-                        None
-                    }
-                })
-                .collect::<Vec<_>>()
-                .join("\n");
-
-            if !text.is_empty() {
-                *counter += 1;
-                let mut attributes = HashMap::new();
-                attach_source_attrs(&mut attributes, Some("codex-jsonl-v1"), Some("reasoning"));
-                events.push(Event {
-                    event_id: format!("codex-{}", counter),
-                    timestamp: ts,
-                    event_type: EventType::Thinking,
-                    task_id: None,
-                    content: Content::text(&text),
-                    duration_ms: None,
-                    attributes,
-                });
-            }
-        }
-        "function_call" | "custom_tool_call" => {
-            let raw_name = item
-                .get("name")
-                .and_then(|v| v.as_str())
-                .unwrap_or("unknown");
-            let name = canonical_tool_name(raw_name);
-            let custom_input = item.get("input").and_then(|v| v.as_str()).unwrap_or("");
-            // function_call: arguments is a JSON string
-            // custom_tool_call: input is a raw string (patch content, etc.)
-            let args: serde_json::Value = if item_type == "custom_tool_call" {
-                serde_json::json!({ "input": custom_input })
-            } else {
-                let args_str = item
-                    .get("arguments")
-                    .and_then(|v| v.as_str())
-                    .unwrap_or("{}");
-                serde_json::from_str(args_str).unwrap_or(serde_json::Value::Null)
-            };
-
-            let call_id = item
-                .get("call_id")
-                .and_then(|v| v.as_str())
-                .map(str::to_string);
-            if name == INTERACTIVE_USER_INPUT_TOOL {
-                if let Some(call_id) = call_id.as_ref() {
-                    let meta = parse_request_user_input_call_meta(&args);
-                    if !meta.questions.is_empty() {
-                        interactive_call_meta.insert(call_id.clone(), meta);
-                    }
-                }
-            }
-
-            let event_type = classify_codex_function(&name, &args);
-            let content = if item_type == "custom_tool_call" {
-                // Custom tools store input as raw text (e.g. patch content)
-                Content::text(custom_input)
-            } else {
-                codex_function_content(&name, &args)
-            };
-
-            *counter += 1;
-            let event_id = format!("codex-{}", counter);
-            let mut attributes = HashMap::new();
-            attach_source_attrs(
-                &mut attributes,
-                Some("codex-jsonl-v1"),
-                Some(if item_type == "custom_tool_call" {
-                    "custom_tool_call"
-                } else {
-                    "function_call"
-                }),
-            );
-            attach_semantic_attrs(
-                &mut attributes,
-                None,
-                call_id.as_deref(),
-                Some(infer_tool_kind(&name)),
-            );
-
-            if let Some(call_id) = call_id.as_deref() {
-                call_map.insert(call_id.to_string(), (event_id.clone(), name.clone()));
-            }
-            *last_function_name = name;
-
-            events.push(Event {
-                event_id,
-                timestamp: ts,
-                event_type,
-                task_id: None,
-                content,
-                duration_ms: None,
-                attributes,
-            });
-        }
-        "function_call_output" | "custom_tool_call_output" => {
-            let raw_output = item.get("output").and_then(|v| v.as_str()).unwrap_or("");
-
-            let (output_text, is_error, duration_ms) = parse_function_output(raw_output);
-
-            // Correlate with function_call via call_id
-            let (call_id_ref, call_name) =
-                if let Some(cid) = item.get("call_id").and_then(|v| v.as_str()) {
-                    if let Some((eid, name)) = call_map.get(cid) {
-                        (Some(eid.clone()), name.clone())
-                    } else {
-                        (None, last_function_name.clone())
-                    }
-                } else {
-                    let prev_id = if *counter > 0 {
-                        Some(format!("codex-{}", counter))
-                    } else {
-                        None
-                    };
-                    (prev_id, last_function_name.clone())
-                };
-
-            if call_name == INTERACTIVE_USER_INPUT_TOOL {
-                let call_meta = item
-                    .get("call_id")
-                    .and_then(|v| v.as_str())
-                    .and_then(|call_id| interactive_call_meta.remove(call_id));
-                if let Some((interactive_text, question_ids, raw_answers)) =
-                    parse_request_user_input_answers(&output_text)
-                {
-                    if let Some(meta) = call_meta {
-                        if !meta.questions.is_empty() {
-                            *counter += 1;
-                            let mut attributes = HashMap::new();
-                            attributes.insert(
-                                "source".to_string(),
-                                serde_json::Value::String("interactive_question".to_string()),
-                            );
-                            if let Some(call_id) = item.get("call_id").and_then(|v| v.as_str()) {
-                                attributes.insert(
-                                    "call_id".to_string(),
-                                    serde_json::Value::String(call_id.to_string()),
-                                );
-                            }
-                            attributes.insert(
-                                "question_ids".to_string(),
-                                serde_json::Value::Array(
-                                    meta.questions
-                                        .iter()
-                                        .map(|q| serde_json::Value::String(q.id.clone()))
-                                        .collect(),
-                                ),
-                            );
-                            attributes.insert(
-                                "question_meta".to_string(),
-                                serde_json::Value::Array(
-                                    meta.questions
-                                        .iter()
-                                        .map(|q| {
-                                            let mut row = serde_json::Map::new();
-                                            row.insert(
-                                                "id".to_string(),
-                                                serde_json::Value::String(q.id.clone()),
-                                            );
-                                            if let Some(header) = q.header.as_ref() {
-                                                row.insert(
-                                                    "header".to_string(),
-                                                    serde_json::Value::String(header.clone()),
-                                                );
-                                            }
-                                            if let Some(question) = q.question.as_ref() {
-                                                row.insert(
-                                                    "question".to_string(),
-                                                    serde_json::Value::String(question.clone()),
-                                                );
-                                            }
-                                            serde_json::Value::Object(row)
-                                        })
-                                        .collect(),
-                                ),
-                            );
-                            events.push(Event {
-                                event_id: format!("codex-{}", counter),
-                                timestamp: ts,
-                                event_type: EventType::SystemMessage,
-                                task_id: None,
-                                content: Content::text(render_interactive_questions(
-                                    &meta.questions,
-                                )),
-                                duration_ms: None,
-                                attributes,
-                            });
-                        }
-                    }
-                    set_first(first_user_text, Some(interactive_text.clone()));
-                    *counter += 1;
-                    let mut attributes = HashMap::new();
-                    attributes.insert(
-                        "source".to_string(),
-                        serde_json::Value::String("interactive".to_string()),
-                    );
-                    attributes.insert(
-                        "question_ids".to_string(),
-                        serde_json::Value::Array(
-                            question_ids
-                                .iter()
-                                .map(|id| serde_json::Value::String(id.clone()))
-                                .collect(),
-                        ),
-                    );
-                    if let Some(call_id) = item.get("call_id").and_then(|v| v.as_str()) {
-                        attributes.insert(
-                            "call_id".to_string(),
-                            serde_json::Value::String(call_id.to_string()),
-                        );
-                    }
-                    attributes.insert("raw_answers".to_string(), raw_answers);
-                    events.push(Event {
-                        event_id: format!("codex-{}", counter),
-                        timestamp: ts,
-                        event_type: EventType::UserMessage,
-                        task_id: None,
-                        content: Content::text(interactive_text),
-                        duration_ms: None,
-                        attributes,
-                    });
-                }
-            }
-
-            *counter += 1;
-            let semantic_call_id = item.get("call_id").and_then(|v| v.as_str());
-            let mut attributes = HashMap::new();
-            attach_source_attrs(
-                &mut attributes,
-                Some("codex-jsonl-v1"),
-                Some(if item_type == "custom_tool_call_output" {
-                    "custom_tool_call_output"
-                } else {
-                    "function_call_output"
-                }),
-            );
-            attach_semantic_attrs(
-                &mut attributes,
-                None,
-                semantic_call_id,
-                Some(infer_tool_kind(&call_name)),
-            );
-            events.push(Event {
-                event_id: format!("codex-{}", counter),
-                timestamp: ts,
-                event_type: EventType::ToolResult {
-                    name: call_name,
-                    is_error,
-                    call_id: call_id_ref,
-                },
-                task_id: None,
-                content: Content::text(&output_text),
-                duration_ms,
-                attributes,
-            });
-        }
-        "web_search_call" => {
-            let action = item.get("action").unwrap_or(&serde_json::Value::Null);
-            let action_type = action
-                .get("type")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-                .unwrap_or("");
-            let status = item
-                .get("status")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-                .map(String::from);
-            let semantic_call_id = item
-                .get("id")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty());
-            let mut query_candidates: Vec<String> = action
-                .get("queries")
-                .and_then(|v| v.as_array())
-                .into_iter()
-                .flatten()
-                .filter_map(|value| value.as_str())
-                .map(str::trim)
-                .filter(|value| !value.is_empty())
-                .map(String::from)
-                .collect();
-            if let Some(query) = action
-                .get("query")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-            {
-                if !query_candidates.iter().any(|existing| existing == query) {
-                    query_candidates.insert(0, query.to_string());
-                }
-            }
-            let url = action
-                .get("url")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-                .map(String::from);
-            let pattern = action
-                .get("pattern")
-                .and_then(|v| v.as_str())
-                .map(str::trim)
-                .filter(|v| !v.is_empty())
-                .map(String::from);
-
-            let web_event = match action_type {
-                "search" => {
-                    if query_candidates.is_empty() {
-                        None
-                    } else {
-                        let joined = query_candidates.join(" | ");
-                        let primary = query_candidates
-                            .first()
-                            .cloned()
-                            .unwrap_or_else(|| joined.clone());
-                        Some((
-                            EventType::WebSearch { query: primary },
-                            Content::text(joined),
-                        ))
-                    }
-                }
-                "open_page" | "openPage" => {
-                    if let Some(url) = url.clone() {
-                        Some((EventType::WebFetch { url: url.clone() }, Content::text(url)))
-                    } else {
-                        Some((
-                            EventType::ToolCall {
-                                name: "web_search".to_string(),
-                            },
-                            Content::text("open_page"),
-                        ))
-                    }
-                }
-                "find_in_page" | "findInPage" => {
-                    if let Some(url) = url.clone() {
-                        let mut details = url.clone();
-                        if let Some(pattern) = pattern.as_deref() {
-                            details.push_str("\npattern: ");
-                            details.push_str(pattern);
-                        }
-                        Some((EventType::WebFetch { url }, Content::text(details)))
-                    } else {
-                        pattern.clone().map(|pattern| {
-                            (
-                                EventType::ToolCall {
-                                    name: "web_search".to_string(),
-                                },
-                                Content::text(format!("find_in_page: {pattern}")),
-                            )
-                        })
-                    }
-                }
-                _ => {
-                    if !query_candidates.is_empty() {
-                        let joined = query_candidates.join(" | ");
-                        Some((
-                            EventType::WebSearch {
-                                query: query_candidates
-                                    .first()
-                                    .cloned()
-                                    .unwrap_or_else(|| joined.clone()),
-                            },
-                            Content::text(joined),
-                        ))
-                    } else if let Some(url) = url.clone() {
-                        Some((EventType::WebFetch { url: url.clone() }, Content::text(url)))
-                    } else {
-                        pattern.clone().map(|pattern| {
-                            (
-                                EventType::ToolCall {
-                                    name: "web_search".to_string(),
-                                },
-                                Content::text(pattern),
-                            )
-                        })
-                    }
-                }
-            };
-
-            if let Some((event_type, content)) = web_event {
-                *counter += 1;
-                let mut attributes = HashMap::new();
-                let raw_type = if action_type.is_empty() {
-                    "web_search_call".to_string()
-                } else {
-                    format!("web_search_call:{action_type}")
-                };
-                attach_source_attrs(
-                    &mut attributes,
-                    Some("codex-jsonl-v1"),
-                    Some(raw_type.as_str()),
-                );
-                attach_semantic_attrs(&mut attributes, None, semantic_call_id, Some("web"));
-                if let Some(status) = status {
-                    attributes.insert(
-                        "web_search.status".to_string(),
-                        serde_json::Value::String(status),
-                    );
-                }
-                if !query_candidates.is_empty() {
-                    attributes.insert(
-                        "web_search.queries".to_string(),
-                        serde_json::Value::Array(
-                            query_candidates
-                                .iter()
-                                .map(|query| serde_json::Value::String(query.clone()))
-                                .collect(),
-                        ),
-                    );
-                }
-                if let Some(pattern) = pattern {
-                    attributes.insert(
-                        "web_search.pattern".to_string(),
-                        serde_json::Value::String(pattern),
-                    );
-                }
-                events.push(Event {
-                    event_id: format!("codex-{}", counter),
-                    timestamp: ts,
-                    event_type,
-                    task_id: None,
-                    content,
-                    duration_ms: None,
-                    attributes,
-                });
-            }
-        }
-        _ => {}
-    }
-}
-
-fn push_user_message_event(
-    events: &mut Vec<Event>,
-    counter: &mut u64,
-    ts: DateTime<Utc>,
-    text: &str,
-    source: Option<&str>,
-) {
-    let trimmed = text.trim();
-    if trimmed.is_empty() {
-        return;
-    }
-    if matches!(source, Some("event_msg")) {
-        remove_duplicate_response_fallback(events, ts, trimmed);
-    }
-    if should_skip_duplicate_user_event(events, ts, trimmed, source) {
-        return;
-    }
-
-    *counter += 1;
-    let mut attributes = HashMap::new();
-    if let Some(source) = source {
-        attributes.insert(
-            "source".to_string(),
-            serde_json::Value::String(source.to_string()),
-        );
-        attach_source_attrs(&mut attributes, Some("codex-desktop-v1"), Some(source));
-    }
-    events.push(Event {
-        event_id: format!("codex-{}", counter),
-        timestamp: ts,
-        event_type: EventType::UserMessage,
-        task_id: None,
-        content: Content::text(trimmed),
-        duration_ms: None,
-        attributes,
-    });
-}
-
-fn push_agent_message_event(
-    events: &mut Vec<Event>,
-    counter: &mut u64,
-    ts: DateTime<Utc>,
-    text: &str,
-    source: Option<&str>,
-) {
-    let trimmed = text.trim();
-    if trimmed.is_empty() {
-        return;
-    }
-    if matches!(source, Some("event_msg")) {
-        remove_duplicate_agent_response_fallback(events, ts, trimmed);
-    }
-    if should_skip_duplicate_agent_event(events, ts, trimmed, source) {
-        return;
-    }
-
-    *counter += 1;
-    let mut attributes = HashMap::new();
-    if let Some(source) = source {
-        attributes.insert(
-            "source".to_string(),
-            serde_json::Value::String(source.to_string()),
-        );
-        attach_source_attrs(&mut attributes, Some("codex-desktop-v1"), Some(source));
-    }
-    events.push(Event {
-        event_id: format!("codex-{}", counter),
-        timestamp: ts,
-        event_type: EventType::AgentMessage,
-        task_id: None,
-        content: Content::text(trimmed),
-        duration_ms: None,
-        attributes,
-    });
-}
-
-fn remove_duplicate_response_fallback(events: &mut Vec<Event>, ts: DateTime<Utc>, text: &str) {
-    let normalized = normalize_user_text_for_dedupe(text);
-    events.retain(|event| {
-        if !matches!(event.event_type, EventType::UserMessage) {
-            return true;
-        }
-        if event
-            .attributes
-            .get("source")
-            .and_then(|value| value.as_str())
-            != Some("response_fallback")
-        {
-            return true;
-        }
-        if (event.timestamp - ts).num_seconds().abs() > 12 {
-            return true;
-        }
-        event_user_text(event)
-            .map(|existing| !user_texts_equivalent(&existing, &normalized))
-            .unwrap_or(true)
-    });
-}
-
-fn remove_duplicate_agent_response_fallback(
-    events: &mut Vec<Event>,
-    ts: DateTime<Utc>,
-    text: &str,
-) {
-    let normalized = normalize_user_text_for_dedupe(text);
-    events.retain(|event| {
-        if !matches!(event.event_type, EventType::AgentMessage) {
-            return true;
-        }
-        if event
-            .attributes
-            .get("source")
-            .and_then(|value| value.as_str())
-            != Some("response_fallback")
-        {
-            return true;
-        }
-        if (event.timestamp - ts).num_seconds().abs() > 12 {
-            return true;
-        }
-        event_agent_text(event)
-            .map(|existing| !user_texts_equivalent(&existing, &normalized))
-            .unwrap_or(true)
-    });
-}
-
-fn should_skip_duplicate_user_event(
-    events: &[Event],
-    ts: DateTime<Utc>,
-    text: &str,
-    source: Option<&str>,
-) -> bool {
-    let source = match source {
-        Some(source) => source,
-        None => return false,
-    };
-    let opposite = match opposite_dedupe_source(source) {
-        Some(opposite) => opposite,
-        None => return false,
-    };
-    let normalized = normalize_user_text_for_dedupe(text);
-    events.iter().any(|event| {
-        if !matches!(event.event_type, EventType::UserMessage) {
-            return false;
-        }
-        let event_source = event
-            .attributes
-            .get("source")
-            .and_then(|value| value.as_str());
-        if event_source != Some(opposite) && event_source != Some(source) {
-            return false;
-        }
-        let duplicate_window_secs = if event_source == Some(source) { 2 } else { 12 };
-        if (event.timestamp - ts).num_seconds().abs() > duplicate_window_secs {
-            return false;
-        }
-        event_user_text(event)
-            .map(|existing| user_texts_equivalent(&existing, &normalized))
-            .unwrap_or(false)
-    })
-}
-
-fn should_skip_duplicate_agent_event(
-    events: &[Event],
-    ts: DateTime<Utc>,
-    text: &str,
-    source: Option<&str>,
-) -> bool {
-    let source = match source {
-        Some(source) => source,
-        None => return false,
-    };
-    let opposite = match opposite_dedupe_source(source) {
-        Some(opposite) => opposite,
-        None => return false,
-    };
-    let normalized = normalize_user_text_for_dedupe(text);
-    events.iter().any(|event| {
-        if !matches!(event.event_type, EventType::AgentMessage) {
-            return false;
-        }
-        let event_source = event
-            .attributes
-            .get("source")
-            .and_then(|value| value.as_str());
-        if event_source != Some(opposite) && event_source != Some(source) {
-            return false;
-        }
-        let duplicate_window_secs = if event_source == Some(source) { 2 } else { 12 };
-        if (event.timestamp - ts).num_seconds().abs() > duplicate_window_secs {
-            return false;
-        }
-        event_agent_text(event)
-            .map(|existing| user_texts_equivalent(&existing, &normalized))
-            .unwrap_or(false)
-    })
-}
-
-fn opposite_dedupe_source(source: &str) -> Option<&'static str> {
-    match source {
-        "event_msg" => Some("response_fallback"),
-        "response_fallback" => Some("event_msg"),
-        _ => None,
-    }
-}
-
-fn event_user_text(event: &Event) -> Option<String> {
-    if !matches!(event.event_type, EventType::UserMessage) {
-        return None;
-    }
-    let mut out = Vec::new();
-    for block in &event.content.blocks {
-        if let ContentBlock::Text { text } = block {
-            for line in text.lines() {
-                let trimmed = line.trim();
-                if !trimmed.is_empty() {
-                    out.push(trimmed.to_string());
-                }
-            }
-        }
-    }
-    if out.is_empty() {
-        None
-    } else {
-        Some(out.join("\n"))
-    }
-}
-
-fn event_agent_text(event: &Event) -> Option<String> {
-    if !matches!(event.event_type, EventType::AgentMessage) {
-        return None;
-    }
-    let mut out = Vec::new();
-    for block in &event.content.blocks {
-        if let ContentBlock::Text { text } = block {
-            for line in text.lines() {
-                let trimmed = line.trim();
-                if !trimmed.is_empty() {
-                    out.push(trimmed.to_string());
-                }
-            }
-        }
-    }
-    if out.is_empty() {
-        None
-    } else {
-        Some(out.join("\n"))
-    }
-}
-
-fn normalize_user_text_for_dedupe(text: &str) -> String {
-    let normalized = text
-        .lines()
-        .map(str::trim)
-        .filter(|line| !line.is_empty())
-        .filter(|line| {
-            let lower = line.to_ascii_lowercase();
-            !matches!(
-                lower.as_str(),
-                "<image>" | "<file>" | "<audio>" | "<video>" | "[image]" | "[file]"
-            )
-        })
-        .collect::<Vec<_>>()
-        .join(" ");
-
-    normalized
-        .split_whitespace()
-        .collect::<Vec<_>>()
-        .join(" ")
-        .trim()
-        .to_ascii_lowercase()
-}
-
-fn user_texts_equivalent(lhs: &str, rhs: &str) -> bool {
-    let left = normalize_user_text_for_dedupe(lhs);
-    let right = normalize_user_text_for_dedupe(rhs);
-    if left == right {
-        return true;
-    }
-
-    let min_len = left.chars().count().min(right.chars().count());
-    min_len >= 16 && (left.contains(&right) || right.contains(&left))
-}
-
-#[allow(dead_code)]
-fn normalize_user_text(text: &str) -> String {
-    text.split_whitespace()
-        .collect::<Vec<_>>()
-        .join(" ")
-        .trim()
-        .to_ascii_lowercase()
-}
-
-fn parse_request_user_input_call_meta(args: &serde_json::Value) -> RequestUserInputCallMeta {
-    let mut questions = Vec::new();
-    let Some(items) = args.get("questions").and_then(|v| v.as_array()) else {
-        return RequestUserInputCallMeta { questions };
-    };
-
-    for item in items {
-        let id = item
-            .get("id")
-            .and_then(|v| v.as_str())
-            .map(str::trim)
-            .filter(|v| !v.is_empty())
-            .unwrap_or("question")
-            .to_string();
-        let header = item
-            .get("header")
-            .and_then(|v| v.as_str())
-            .map(str::trim)
-            .filter(|v| !v.is_empty())
-            .map(str::to_string);
-        let question = item
-            .get("question")
-            .and_then(|v| v.as_str())
-            .map(str::trim)
-            .filter(|v| !v.is_empty())
-            .map(str::to_string);
-        questions.push(InteractiveQuestionMeta {
-            id,
-            header,
-            question,
-        });
-    }
-
-    RequestUserInputCallMeta { questions }
-}
-
-fn render_interactive_questions(questions: &[InteractiveQuestionMeta]) -> String {
-    let mut lines = Vec::new();
-    for q in questions {
-        let mut label = q.id.clone();
-        if let Some(header) = q.header.as_deref() {
-            label = format!("{label} ({header})");
-        }
-        let body = q.question.as_deref().unwrap_or("(no question text)");
-        lines.push(format!("- {label}: {body}"));
-    }
-    if lines.is_empty() {
-        "(no interactive questions)".to_string()
-    } else {
-        lines.join("\n")
-    }
-}
-
-fn parse_request_user_input_answers(
-    output_text: &str,
-) -> Option<(String, Vec<String>, serde_json::Value)> {
-    let parsed: serde_json::Value = serde_json::from_str(output_text).ok()?;
-    let answers = parsed.get("answers").and_then(|v| v.as_object())?;
-    if answers.is_empty() {
-        return None;
-    }
-
-    let mut question_ids: Vec<String> = Vec::new();
-    let mut lines: Vec<String> = Vec::new();
-    for (question_id, value) in answers {
-        question_ids.push(question_id.clone());
-        let mut picks: Vec<String> = Vec::new();
-        if let Some(arr) = value.get("answers").and_then(|v| v.as_array()) {
-            for answer in arr {
-                let rendered = answer
-                    .as_str()
-                    .map(|s| s.trim().to_string())
-                    .filter(|s| !s.is_empty())
-                    .or_else(|| {
-                        answer
-                            .as_object()
-                            .and_then(|obj| obj.get("value").and_then(|v| v.as_str()))
-                            .map(|s| s.trim().to_string())
-                            .filter(|s| !s.is_empty())
-                    })
-                    .unwrap_or_else(|| answer.to_string());
-                if !rendered.trim().is_empty() {
-                    picks.push(rendered);
-                }
-            }
-        } else if let Some(s) = value.as_str() {
-            if !s.trim().is_empty() {
-                picks.push(s.trim().to_string());
-            }
-        } else if !value.is_null() {
-            picks.push(value.to_string());
-        }
-        if picks.is_empty() {
-            lines.push(format!("{question_id}: (no answer)"));
-        } else {
-            lines.push(format!("{question_id}: {}", picks.join(" | ")));
-        }
-    }
-
-    let rendered = lines.join("\n");
-    Some((rendered, question_ids, parsed))
-}
-
-fn extract_token_counts(payload: &serde_json::Value) -> Option<(Option<u64>, Option<u64>)> {
-    let pick = |v: &serde_json::Value, keys: &[&str]| -> Option<u64> {
-        for key in keys {
-            if let Some(num) = v.get(*key).and_then(|value| value.as_u64()) {
-                return Some(num);
-            }
-            if let Some(num) = v
-                .get(*key)
-                .and_then(|value| value.as_i64())
-                .filter(|value| *value >= 0)
-                .map(|value| value as u64)
-            {
-                return Some(num);
-            }
-        }
-        None
-    };
-
-    let usage_pick_input = |value: &serde_json::Value| {
-        pick(
-            value,
-            &[
-                "input_tokens",
-                "prompt_tokens",
-                "inputTokens",
-                "promptTokens",
-                "token_input",
-                "tokenInput",
-            ],
-        )
-    };
-    let usage_pick_output = |value: &serde_json::Value| {
-        pick(
-            value,
-            &[
-                "output_tokens",
-                "completion_tokens",
-                "outputTokens",
-                "completionTokens",
-                "token_output",
-                "tokenOutput",
-            ],
-        )
-    };
-    fn info_usage<'a>(
-        info: &'a serde_json::Value,
-        snake_case_key: &str,
-        camel_case_key: &str,
-    ) -> Option<&'a serde_json::Value> {
-        if let Some(value) = info.get(snake_case_key) {
-            Some(value)
-        } else {
-            info.get(camel_case_key)
-        }
-    }
-
-    let input = pick(
-        payload,
-        &[
-            "input_tokens",
-            "prompt_tokens",
-            "inputTokens",
-            "promptTokens",
-            "token_input",
-            "tokenInput",
-        ],
-    )
-    .or_else(|| payload.get("usage").and_then(usage_pick_input))
-    .or_else(|| {
-        payload
-            .get("info")
-            .and_then(|info| info_usage(info, "last_token_usage", "lastTokenUsage"))
-            .and_then(usage_pick_input)
-    })
-    .or_else(|| {
-        payload
-            .get("info")
-            .and_then(|info| info_usage(info, "total_token_usage", "totalTokenUsage"))
-            .and_then(usage_pick_input)
-    });
-    let output = pick(
-        payload,
-        &[
-            "output_tokens",
-            "completion_tokens",
-            "outputTokens",
-            "completionTokens",
-            "token_output",
-            "tokenOutput",
-        ],
-    )
-    .or_else(|| payload.get("usage").and_then(usage_pick_output))
-    .or_else(|| {
-        payload
-            .get("info")
-            .and_then(|info| info_usage(info, "last_token_usage", "lastTokenUsage"))
-            .and_then(usage_pick_output)
-    })
-    .or_else(|| {
-        payload
-            .get("info")
-            .and_then(|info| info_usage(info, "total_token_usage", "totalTokenUsage"))
-            .and_then(usage_pick_output)
-    });
-    if input.is_none() && output.is_none() {
-        None
-    } else {
-        Some((input, output))
-    }
-}
-
-fn extract_total_token_counts(payload: &serde_json::Value) -> Option<(Option<u64>, Option<u64>)> {
-    let pick = |v: &serde_json::Value, keys: &[&str]| -> Option<u64> {
-        for key in keys {
-            if let Some(num) = v.get(*key).and_then(|value| value.as_u64()) {
-                return Some(num);
-            }
-            if let Some(num) = v
-                .get(*key)
-                .and_then(|value| value.as_i64())
-                .filter(|value| *value >= 0)
-                .map(|value| value as u64)
-            {
-                return Some(num);
-            }
-        }
-        None
-    };
-
-    let total_usage = payload.get("info").and_then(|info| {
-        info.get("total_token_usage")
-            .or_else(|| info.get("totalTokenUsage"))
-    })?;
-
-    let input = pick(
-        total_usage,
-        &[
-            "input_tokens",
-            "prompt_tokens",
-            "inputTokens",
-            "promptTokens",
-            "token_input",
-            "tokenInput",
-        ],
-    );
-    let output = pick(
-        total_usage,
-        &[
-            "output_tokens",
-            "completion_tokens",
-            "outputTokens",
-            "completionTokens",
-            "token_output",
-            "tokenOutput",
-        ],
-    );
-
-    if input.is_none() && output.is_none() {
-        None
-    } else {
-        Some((input, output))
-    }
-}
-
-/// Parse the output string from function_call_output.
-/// Format: `{"output":"command output\n","metadata":{"exit_code":0,"duration_seconds":0.5}}`
-/// Returns (text, is_error, duration_ms).
-fn parse_function_output(raw: &str) -> (String, bool, Option<u64>) {
-    if let Ok(v) = serde_json::from_str::<serde_json::Value>(raw) {
-        let mut output = v
-            .get("output")
-            .and_then(|v| v.as_str())
-            .unwrap_or(raw)
-            .to_string();
-        let exit_code = v
-            .get("metadata")
-            .and_then(|m| m.get("exit_code"))
-            .and_then(|c| c.as_i64());
-        let duration = v
-            .get("metadata")
-            .and_then(|m| m.get("duration_seconds"))
-            .and_then(|d| d.as_f64())
-            .map(|s| (s * 1000.0) as u64);
-        let is_error = exit_code.is_some_and(|c| c != 0);
-        if is_low_signal_output_marker(&output) || output.trim().is_empty() {
-            let metadata = v.get("metadata");
-            let recovered = [
-                v.get("stdout"),
-                v.get("stderr"),
-                v.get("message"),
-                v.get("result"),
-                v.get("content"),
-                metadata.and_then(|value| value.get("stdout")),
-                metadata.and_then(|value| value.get("stderr")),
-                metadata.and_then(|value| value.get("message")),
-            ]
-            .into_iter()
-            .flatten()
-            .filter_map(|value| value.as_str())
-            .map(str::trim)
-            .find(|value| !value.is_empty() && !is_low_signal_output_marker(value))
-            .map(str::to_string);
-
-            if let Some(restored) = recovered {
-                output = restored;
-            } else if let Ok(serialized) = serde_json::to_string(&v) {
-                if !serialized.trim().is_empty() && !is_low_signal_output_marker(&serialized) {
-                    output = serialized;
-                }
-            }
-        }
-        (output, is_error, duration)
-    } else {
-        (raw.to_string(), false, None)
-    }
-}
-
-fn is_low_signal_output_marker(text: &str) -> bool {
-    let trimmed = text.trim();
-    !trimmed.is_empty()
-        && trimmed.chars().count() <= 8
-        && trimmed.chars().all(|ch| {
-            matches!(
-                ch,
-                '.' | '\u{00B7}' | '\u{2022}' | '-' | '_' | '=' | '~' | '`'
-            )
-        })
-}
-
-fn extract_message_text_blocks(content: Option<&serde_json::Value>) -> String {
-    let Some(content) = content else {
-        return String::new();
-    };
-    if let Some(text) = content.as_str() {
-        return text.trim().to_string();
-    }
-    let Some(blocks) = content.as_array() else {
-        return String::new();
-    };
-
-    blocks
-        .iter()
-        .filter_map(|block| {
-            if let Some(text) = block.as_str() {
-                let trimmed = text.trim();
-                if trimmed.is_empty() {
-                    return None;
-                }
-                return Some(trimmed.to_string());
-            }
-            let btype = block.get("type").and_then(|v| v.as_str()).unwrap_or("");
-            match btype {
-                "text" | "input_text" | "output_text" => block
-                    .get("text")
-                    .and_then(|v| v.as_str())
-                    .map(str::trim)
-                    .filter(|v| !v.is_empty())
-                    .map(String::from),
-                _ => block
-                    .get("text")
-                    .and_then(|v| v.as_str())
-                    .map(str::trim)
-                    .filter(|v| !v.is_empty())
-                    .map(String::from),
-            }
-        })
-        .collect::<Vec<_>>()
-        .join("\n")
-}
-
-fn looks_like_injected_codex_user_text(text: &str) -> bool {
-    let trimmed = text.trim();
-    if trimmed.is_empty() {
-        return false;
-    }
-
-    if looks_like_summary_batch_prompt(trimmed) {
-        return true;
-    }
-
-    let lower = trimmed.to_ascii_lowercase();
-
-    if lower.contains("apply_patch was requested via exec_command")
-        && lower.contains("use the apply_patch tool instead")
-    {
-        return true;
-    }
-
-    lower == "agents.md instructions"
-        || lower.starts_with("# agents.md instructions")
-        || lower.contains("<instructions>")
-        || lower.contains("</instructions>")
-        || lower.contains("<environment_context>")
-        || lower.contains("</environment_context>")
-        || lower.contains("<subagent_notification")
-        || lower.contains("&lt;subagent_notification")
-        || lower.contains("</subagent_notification>")
-        || lower.contains("subagent_notification>")
-        || lower.contains("<turn_aborted>")
-        || lower.contains("</turn_aborted>")
-}
-
-fn looks_like_summary_batch_prompt(text: &str) -> bool {
-    let trimmed = text.trim();
-    if trimmed.is_empty() {
-        return false;
-    }
-    let lower = trimmed.to_ascii_lowercase();
-    lower.starts_with("convert a real coding session into semantic compression.")
-        && lower.contains("pipeline: session -> hail compact -> semantic summary")
-        && lower.contains("hail_compact=")
-}
-
-fn codex_desktop_parent_session_id(payload: &serde_json::Value) -> Option<String> {
-    non_empty_json_str(payload.pointer("/source/subagent/thread_spawn/parent_thread_id"))
-        .or_else(|| non_empty_json_str(payload.pointer("/source/subagent/parent_thread_id")))
-        .or_else(|| non_empty_json_str(payload.pointer("/source/parent_thread_id")))
-        .or_else(|| non_empty_json_str(payload.get("parent_thread_id")))
-}
-
-fn codex_desktop_payload_is_auxiliary(payload: &serde_json::Value) -> bool {
-    if payload.pointer("/source/subagent").is_some() {
-        return true;
-    }
-
-    payload
-        .get("agent_role")
-        .and_then(|value| value.as_str())
-        .map(str::trim)
-        .filter(|value| !value.is_empty())
-        .is_some_and(|role| {
-            matches!(
-                role.to_ascii_lowercase().as_str(),
-                "awaiter" | "worker" | "explorer" | "subagent"
-            )
-        })
-}
-
-fn non_empty_json_str(value: Option<&serde_json::Value>) -> Option<String> {
-    value
-        .and_then(|entry| entry.as_str())
-        .map(str::trim)
-        .filter(|entry| !entry.is_empty())
-        .map(str::to_string)
-}
-
-fn json_object_string(value: &serde_json::Value, keys: &[&str]) -> Option<String> {
-    match value {
-        serde_json::Value::Object(map) => {
-            for key in keys {
-                if let Some(s) = map.get(*key).and_then(|entry| entry.as_str()) {
-                    let trimmed = s.trim();
-                    if !trimmed.is_empty() {
-                        return Some(trimmed.to_string());
-                    }
-                }
-            }
-            for nested in map.values() {
-                if let Some(found) = json_object_string(nested, keys) {
-                    return Some(found);
-                }
-            }
-            None
-        }
-        serde_json::Value::Array(values) => {
-            for nested in values {
-                if let Some(found) = json_object_string(nested, keys) {
-                    return Some(found);
-                }
-            }
-            None
-        }
-        _ => None,
-    }
-}
-
-fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
-    DateTime::parse_from_rfc3339(ts)
-        .map(|dt| dt.with_timezone(&Utc))
-        .or_else(|_| {
-            chrono::NaiveDateTime::parse_from_str(ts, "%Y-%m-%dT%H:%M:%S%.f")
-                .map(|ndt| ndt.and_utc())
-        })
-        .with_context(|| format!("Failed to parse timestamp: {}", ts))
-}
-
-fn load_codex_agent_identity() -> (String, String) {
-    let model = read_codex_model_from_config().unwrap_or_else(|| "unknown".to_string());
-    let provider = read_codex_provider_from_config()
-        .or_else(|| infer_provider_from_model(&model))
-        .unwrap_or_else(|| "openai".to_string());
-    (provider, model)
-}
-
-fn codex_config_path() -> Option<PathBuf> {
-    if let Ok(codex_home) = std::env::var("CODEX_HOME") {
-        let home = codex_home.trim();
-        if !home.is_empty() {
-            return Some(PathBuf::from(home).join("config.toml"));
-        }
-    }
-    let home = std::env::var("HOME").ok()?;
-    let home = home.trim();
-    if home.is_empty() {
-        return None;
-    }
-    Some(PathBuf::from(home).join(".codex").join("config.toml"))
-}
-
-fn read_codex_model_from_config() -> Option<String> {
-    read_codex_setting_from_config("model")
-}
-
-fn read_codex_provider_from_config() -> Option<String> {
-    read_codex_setting_from_config("provider")
-        .or_else(|| read_codex_setting_from_config("model_provider"))
-        .and_then(|provider| {
-            let normalized = provider.trim().to_ascii_lowercase();
-            if normalized.is_empty() || normalized == "auto" {
-                None
-            } else {
-                Some(normalized)
-            }
-        })
-}
-
-fn read_codex_setting_from_config(key: &str) -> Option<String> {
-    let path = codex_config_path()?;
-    let text = std::fs::read_to_string(path).ok()?;
-    parse_codex_config_value(&text, key)
-}
-
-fn parse_codex_config_value(config_toml: &str, key: &str) -> Option<String> {
-    let value: toml::Value = toml::from_str(config_toml).ok()?;
-    let active_profile = value
-        .get("profile")
-        .or_else(|| value.get("default_profile"))
-        .and_then(|v| v.as_str())
-        .map(str::trim)
-        .filter(|s| !s.is_empty());
-    if let Some(profile) = active_profile {
-        if let Some(profile_value) = value
-            .get("profiles")
-            .and_then(|profiles| profiles.get(profile))
-            .and_then(|entry| entry.get(key))
-            .and_then(|v| v.as_str())
-            .map(str::trim)
-            .filter(|s| !s.is_empty())
-        {
-            return Some(profile_value.to_string());
-        }
-    }
-    if let Some(defaults_value) = value
-        .get("defaults")
-        .and_then(|defaults| defaults.get(key))
-        .and_then(|v| v.as_str())
-        .map(str::trim)
-        .filter(|s| !s.is_empty())
-    {
-        return Some(defaults_value.to_string());
-    }
-    value
-        .get(key)
-        .and_then(|v| v.as_str())
-        .map(str::trim)
-        .filter(|s| !s.is_empty())
-        .map(str::to_string)
-}
-
-fn infer_provider_from_model(model: &str) -> Option<String> {
-    let lower = model.trim().to_ascii_lowercase();
-    if lower.is_empty() || lower == "unknown" {
-        return None;
-    }
-    if lower.contains("claude") {
-        return Some("anthropic".to_string());
-    }
-    if lower.contains("gemini") {
-        return Some("google".to_string());
-    }
-    if lower.contains("gpt")
-        || lower.contains("openai")
-        || lower.contains("codex")
-        || lower.starts_with("o1")
-        || lower.starts_with("o3")
-        || lower.starts_with("o4")
-    {
-        return Some("openai".to_string());
-    }
-    None
-}
-
-/// Extract a shell command string from function arguments.
-/// Handles: `{cmd: "..."}`, `{command: ["bash", "-lc", "cmd"]}`, `{command: "cmd"}`.
-fn extract_shell_command(args: &serde_json::Value) -> String {
-    if let Some(cmd) = args.get("cmd").and_then(|v| v.as_str()) {
-        return cmd.to_string();
-    }
-    if let Some(arr) = args.get("command").and_then(|v| v.as_array()) {
-        let parts: Vec<&str> = arr.iter().filter_map(|v| v.as_str()).collect();
-        // Skip shell prefix (e.g. "bash -lc") and take the actual command
-        if parts.len() >= 3 {
-            return parts[2..].join(" ");
-        }
-        return parts.join(" ");
-    }
-    if let Some(cmd) = args.get("command").and_then(|v| v.as_str()) {
-        return cmd.to_string();
-    }
-    String::new()
-}
-
-fn normalize_codex_function_name(name: &str) -> &str {
-    name.rsplit('.').next().unwrap_or(name)
-}
-
-fn extract_patch_target_path(args: &serde_json::Value) -> Option<String> {
-    if let Some(path) = args
-        .get("path")
-        .or_else(|| args.get("file"))
-        .or_else(|| args.get("file_path"))
-        .and_then(|v| v.as_str())
-        .map(str::trim)
-        .filter(|v| !v.is_empty())
-    {
-        return Some(path.to_string());
-    }
-
-    for key in ["input", "patch"] {
-        if let Some(path) = args
-            .get(key)
-            .and_then(|v| v.as_str())
-            .and_then(extract_patch_target_path_from_text)
-        {
-            return Some(path);
-        }
-    }
-
-    None
-}
-
-fn extract_patch_target_path_from_text(input: &str) -> Option<String> {
-    const PREFIXES: [&str; 3] = ["*** Update File:", "*** Add File:", "*** Delete File:"];
-    for line in input.lines() {
-        let trimmed = line.trim();
-        for prefix in PREFIXES {
-            if let Some(rest) = trimmed.strip_prefix(prefix) {
-                let path = rest.trim().trim_matches('"').trim_matches('\'').trim();
-                if !path.is_empty() {
-                    return Some(path.to_string());
-                }
-            }
-        }
-    }
-    None
-}
-
-fn classify_codex_function(name: &str, args: &serde_json::Value) -> EventType {
-    let normalized_name = normalize_codex_function_name(name);
-    match normalized_name {
-        "exec_command" | "shell" => {
-            let cmd = extract_shell_command(args);
-            EventType::ShellCommand {
-                command: cmd,
-                exit_code: None,
-            }
-        }
-        "write_stdin" => EventType::ToolCall {
-            name: "write_stdin".to_string(),
-        },
-        "apply_diff" | "apply_patch" => {
-            let path = extract_patch_target_path(args).unwrap_or_else(|| "unknown".to_string());
-            EventType::FileEdit { path, diff: None }
-        }
-        "create_file" | "write_file" => {
-            let path = args
-                .get("path")
-                .or_else(|| args.get("file_path"))
-                .and_then(|v| v.as_str())
-                .unwrap_or("unknown")
-                .to_string();
-            EventType::FileCreate { path }
-        }
-        "read_file" => {
-            let path = args
-                .get("path")
-                .or_else(|| args.get("file_path"))
-                .and_then(|v| v.as_str())
-                .unwrap_or("unknown")
-                .to_string();
-            EventType::FileRead { path }
-        }
-        _ => EventType::ToolCall {
-            name: canonical_tool_name(normalized_name),
-        },
-    }
-}
-
-fn codex_function_content(name: &str, args: &serde_json::Value) -> Content {
-    match normalize_codex_function_name(name) {
-        "exec_command" | "shell" => {
-            let cmd = extract_shell_command(args);
-            Content {
-                blocks: vec![ContentBlock::Code {
-                    code: cmd,
-                    language: Some("bash".to_string()),
-                    start_line: None,
-                }],
-            }
-        }
-        _ => Content {
-            blocks: vec![ContentBlock::Json { data: args.clone() }],
-        },
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_parse_codex_config_value_model_root() {
-        let config = r#"
-model = "gpt-5.3-codex"
-model_reasoning_effort = "high"
-"#;
-        assert_eq!(
-            parse_codex_config_value(config, "model"),
-            Some("gpt-5.3-codex".to_string())
-        );
-    }
-
-    #[test]
-    fn test_parse_codex_config_value_profile_override() {
-        let config = r#"
-profile = "work"
-model = "gpt-5.3-codex"
-[profiles.work]
-model = "claude-sonnet-4-5"
-provider = "anthropic"
-"#;
-        assert_eq!(
-            parse_codex_config_value(config, "model"),
-            Some("claude-sonnet-4-5".to_string())
-        );
-        assert_eq!(
-            parse_codex_config_value(config, "provider"),
-            Some("anthropic".to_string())
-        );
-    }
-
-    #[test]
-    fn test_infer_provider_from_model() {
-        assert_eq!(
-            infer_provider_from_model("gpt-5.3-codex"),
-            Some("openai".to_string())
-        );
-        assert_eq!(
-            infer_provider_from_model("claude-sonnet-4-5"),
-            Some("anthropic".to_string())
-        );
-        assert_eq!(
-            infer_provider_from_model("gemini-2.0-flash"),
-            Some("google".to_string())
-        );
-        assert_eq!(infer_provider_from_model("unknown"), None);
-    }
-
-    #[test]
-    fn test_json_object_string_extracts_nested_branch_and_repo() {
-        let git = serde_json::json!({
-            "meta": {"repository": "ops"},
-            "current": {"branch": "main"}
-        });
-        assert_eq!(
-            json_object_string(&git, &["branch", "current_branch", "ref"]).as_deref(),
-            Some("main")
-        );
-        assert_eq!(
-            json_object_string(&git, &["repo_name", "repository", "repo"]).as_deref(),
-            Some("ops")
-        );
-    }
-
-    #[test]
-    fn test_session_header() {
-        let line = r#"{"id":"c3c4b301-27c8-4c70-b6e4-46b99fdf0236","timestamp":"2025-08-18T01:16:13.522Z","instructions":null,"git":{"commit_hash":"abc123","branch":"main"}}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let obj = v.as_object().unwrap();
-        assert!(!obj.contains_key("type"));
-        assert!(obj.contains_key("id"));
-        assert_eq!(
-            obj["id"].as_str().unwrap(),
-            "c3c4b301-27c8-4c70-b6e4-46b99fdf0236"
-        );
-        assert!(obj["git"]["branch"].as_str().unwrap() == "main");
-    }
-
-    #[test]
-    fn test_state_marker_skipped() {
-        let line = r#"{"record_type":"state"}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let obj = v.as_object().unwrap();
-        assert!(obj.contains_key("record_type"));
-        assert!(!obj.contains_key("type"));
-    }
-
-    #[test]
-    fn test_user_message() {
-        let line = r#"{"type":"message","id":null,"role":"user","content":[{"type":"input_text","text":"hello codex"}]}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        process_item(
-            &v,
-            Utc::now(),
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        assert_eq!(events.len(), 1);
-        assert!(matches!(events[0].event_type, EventType::UserMessage));
-        assert_eq!(first_text.as_deref(), Some("hello codex"));
-    }
-
-    #[test]
-    fn test_assistant_message() {
-        let line = r#"{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Here is the analysis..."}]}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        process_item(
-            &v,
-            Utc::now(),
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        assert_eq!(events.len(), 1);
-        assert!(matches!(events[0].event_type, EventType::AgentMessage));
-    }
-
-    #[test]
-    fn test_shell_command_array() {
-        let line = r#"{"type":"function_call","id":"fc_123","name":"shell","arguments":"{\"command\":[\"bash\",\"-lc\",\"cat README.md\"]}","call_id":"call_xyz"}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        process_item(
-            &v,
-            Utc::now(),
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        assert_eq!(events.len(), 1);
-        match &events[0].event_type {
-            EventType::ShellCommand { command, .. } => assert_eq!(command, "cat README.md"),
-            other => panic!("Expected ShellCommand, got {:?}", other),
-        }
-        assert!(call_map.contains_key("call_xyz"));
-    }
-
-    #[test]
-    fn test_shell_command_single_element() {
-        let args = serde_json::json!({"command": ["pwd"]});
-        assert_eq!(extract_shell_command(&args), "pwd");
-    }
-
-    #[test]
-    fn test_extract_shell_command_variants() {
-        // Array with shell prefix
-        let args = serde_json::json!({"command": ["bash", "-lc", "cargo test"], "workdir": "/tmp"});
-        assert_eq!(extract_shell_command(&args), "cargo test");
-
-        // Simple cmd field
-        let args = serde_json::json!({"cmd": "cargo test"});
-        assert_eq!(extract_shell_command(&args), "cargo test");
-
-        // String command field
-        let args = serde_json::json!({"command": "ls -la"});
-        assert_eq!(extract_shell_command(&args), "ls -la");
-    }
-
-    #[test]
-    fn test_parse_function_output_json() {
-        let raw = r#"{"output":"hello world\n","metadata":{"exit_code":0,"duration_seconds":0.5}}"#;
-        let (text, is_error, duration) = parse_function_output(raw);
-        assert_eq!(text, "hello world\n");
-        assert!(!is_error);
-        assert_eq!(duration, Some(500));
-    }
-
-    #[test]
-    fn test_parse_function_output_recovers_meaningful_stdout_when_output_is_dot() {
-        let raw = r#"{"output":".","stdout":"Session still running (pid=1234)","metadata":{"exit_code":0,"duration_seconds":0.01}}"#;
-        let (text, is_error, duration) = parse_function_output(raw);
-        assert_eq!(text, "Session still running (pid=1234)");
-        assert!(!is_error);
-        assert_eq!(duration, Some(10));
-    }
-
-    #[test]
-    fn test_parse_function_output_error() {
-        let raw = r#"{"output":"command not found","metadata":{"exit_code":127,"duration_seconds":0.01}}"#;
-        let (_, is_error, _) = parse_function_output(raw);
-        assert!(is_error);
-    }
-
-    #[test]
-    fn test_parse_function_output_plain() {
-        let (text, is_error, duration) = parse_function_output("Plan updated");
-        assert_eq!(text, "Plan updated");
-        assert!(!is_error);
-        assert!(duration.is_none());
-    }
-
-    #[test]
-    fn test_call_id_correlation() {
-        let call_line = r#"{"type":"function_call","name":"shell","arguments":"{\"command\":[\"bash\",\"-lc\",\"echo hi\"]}","call_id":"call_abc"}"#;
-        let output_line = r#"{"type":"function_call_output","call_id":"call_abc","output":"{\"output\":\"hi\\n\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.01}}"}"#;
-
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        let ts = Utc::now();
-
-        let v1: serde_json::Value = serde_json::from_str(call_line).unwrap();
-        process_item(
-            &v1,
-            ts,
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-
-        let v2: serde_json::Value = serde_json::from_str(output_line).unwrap();
-        process_item(
-            &v2,
-            ts,
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-
-        assert_eq!(events.len(), 2);
-        match &events[1].event_type {
-            EventType::ToolResult {
-                name,
-                is_error,
-                call_id,
-            } => {
-                assert_eq!(name, "shell");
-                assert!(!is_error);
-                assert_eq!(call_id.as_deref(), Some("codex-1"));
-            }
-            other => panic!("Expected ToolResult, got {:?}", other),
-        }
-        assert_eq!(events[1].duration_ms, Some(10));
-    }
-
-    #[test]
-    fn test_reasoning_with_summary() {
-        let line = r#"{"type":"reasoning","id":"rs_123","summary":[{"type":"summary_text","text":"Analyzing the code"}],"encrypted_content":"gAAAAA..."}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        process_item(
-            &v,
-            Utc::now(),
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        assert_eq!(events.len(), 1);
-        assert!(matches!(events[0].event_type, EventType::Thinking));
-    }
-
-    #[test]
-    fn test_reasoning_empty_summary_skipped() {
-        let line =
-            r#"{"type":"reasoning","id":"rs_456","summary":[],"encrypted_content":"gAAAAA..."}"#;
-        let v: serde_json::Value = serde_json::from_str(line).unwrap();
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        process_item(
-            &v,
-            Utc::now(),
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        assert_eq!(events.len(), 0);
-    }
-
-    #[test]
-    fn test_function_call_includes_semantic_metadata() {
-        let call_line = r#"{"type":"function_call","name":"exec_command","arguments":"{\"cmd\":\"ls\"}","call_id":"call_meta_1"}"#;
-        let output_line = r#"{"type":"function_call_output","call_id":"call_meta_1","output":"{\"output\":\"ok\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.01}}"}"#;
-        let mut events = Vec::new();
-        let mut counter = 0u64;
-        let mut first_text = None;
-        let mut last_fn = "unknown".to_string();
-        let mut call_map = HashMap::new();
-        let ts = Utc::now();
-
-        let call_value: serde_json::Value = serde_json::from_str(call_line).unwrap();
-        process_item(
-            &call_value,
-            ts,
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-        let output_value: serde_json::Value = serde_json::from_str(output_line).unwrap();
-        process_item(
-            &output_value,
-            ts,
-            &mut events,
-            &mut counter,
-            &mut first_text,
-            &mut last_fn,
-            &mut call_map,
-        );
-
-        assert_eq!(events.len(), 2);
-        assert_eq!(
-            events[0]
-                .attributes
-                .get("semantic.call_id")
-                .and_then(|v| v.as_str()),
-            Some("call_meta_1")
-        );
-        assert_eq!(
-            events[0]
-                .attributes
-                .get("semantic.tool_kind")
-                .and_then(|v| v.as_str()),
-            Some("shell")
-        );
-        assert_eq!(
-            events[1]
-                .attributes
-                .get("semantic.call_id")
-                .and_then(|v| v.as_str()),
-            Some("call_meta_1")
-        );
-    }
-
-    #[test]
-    fn test_classify_update_plan() {
-        let args = serde_json::json!({"plan": [{"step": "analyze", "status": "in_progress"}]});
-        let et = classify_codex_function("update_plan", &args);
-        assert!(matches!(et, EventType::ToolCall { name } if name == "update_plan"));
-    }
-
-    #[test]
-    fn test_classify_apply_patch_uses_path_from_patch_input() {
-        let args = serde_json::json!({
-            "input": "*** Begin Patch\n*** Update File: crates/tui/src/ui.rs\n@@\n- old\n+ new\n*** End Patch\n"
-        });
-        let et = classify_codex_function("functions.apply_patch", &args);
-        assert!(matches!(
-            et,
-            EventType::FileEdit { path, diff: None } if path == "crates/tui/src/ui.rs"
-        ));
-    }
-
-    #[test]
-    fn test_desktop_format_response_item() {
-        // Desktop wraps entries in response_item with payload
-        let lines = [
-            r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"session_meta","payload":{"id":"desktop-test","timestamp":"2026-02-03T04:11:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"response_item","payload":{"type":"message","role":"developer","content":[{"type":"input_text","text":"system instructions"}]}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"AGENTS.md instructions"}]}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"fix the bug"}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:03.355Z","type":"response_item","payload":{"type":"reasoning","summary":[{"type":"summary_text","text":"Analyzing"}]}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:03.624Z","type":"response_item","payload":{"type":"function_call","name":"exec_command","arguments":"{\"cmd\":\"ls\"}","call_id":"call_1"}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:04.000Z","type":"response_item","payload":{"type":"function_call_output","call_id":"call_1","output":"{\"output\":\"file.txt\\n\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.1}}"}}"#,
-            r#"{"timestamp":"2026-02-03T04:11:05.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let _parser = CodexParser;
-        // can_parse won't match (no .codex/sessions in path), so call parse directly
-        let session = parse_codex_jsonl(&path).unwrap();
-
-        assert_eq!(session.session_id, "desktop-test");
-        assert_eq!(session.agent.tool, "codex");
-        // Title should come from event_msg/user_message, not AGENTS.md
-        assert_eq!(session.context.title.as_deref(), Some("fix the bug"));
-        // developer and injected user instruction messages are skipped.
-        // Events: reasoning + shell_command + tool_result + assistant (+optional user)
-        assert!(session.events.len() >= 4);
-        assert!(!session.events.iter().any(|e| {
-            matches!(e.event_type, EventType::UserMessage)
-                && e.content.blocks.iter().any(|b| {
-                    matches!(b, ContentBlock::Text { text } if text.contains("AGENTS.md instructions"))
-                })
-        }));
-        // Check originator attribute
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get("originator")
-                .and_then(|v| v.as_str()),
-            Some("Codex Desktop")
-        );
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_warning_prompt_not_parsed_as_user_message() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-test-2","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"Warning: apply_patch was requested via exec_command. Use the apply_patch tool instead of exec_command."}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"user_message","message":"actual task please continue"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_warning_filter_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(
-            session.context.title.as_deref(),
-            Some("actual task please continue")
-        );
-        assert!(!session.events.iter().any(|e| {
-            matches!(e.event_type, EventType::UserMessage)
-                && e.content.blocks.iter().any(|b| {
-                    matches!(b, ContentBlock::Text { text } if text.contains("apply_patch was requested via exec_command"))
-                })
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_subagent_thread_spawn_marks_session_auxiliary() {
-        let lines = [
-            r#"{"timestamp":"2026-02-27T04:49:06.449Z","type":"session_meta","payload":{"id":"desktop-subagent","timestamp":"2026-02-27T04:49:05.467Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.105.0","source":{"subagent":{"thread_spawn":{"parent_thread_id":"parent-thread-1","depth":1,"agent_role":"awaiter"}}},"agent_role":"awaiter"}}"#,
-            r#"{"timestamp":"2026-02-27T04:49:06.451Z","type":"event_msg","payload":{"type":"agent_message","message":"child response"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_subagent_auxiliary_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get(ATTR_SESSION_ROLE)
-                .and_then(|value| value.as_str()),
-            Some("auxiliary")
-        );
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get(ATTR_PARENT_SESSION_ID)
-                .and_then(|value| value.as_str()),
-            Some("parent-thread-1")
-        );
-        assert_eq!(
-            session.context.related_session_ids,
-            vec!["parent-thread-1".to_string()]
-        );
-        assert!(opensession_core::session::is_auxiliary_session(&session));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_agent_role_awaiter_marks_session_auxiliary() {
-        let lines = [
-            r#"{"timestamp":"2026-02-27T04:49:06.449Z","type":"session_meta","payload":{"id":"desktop-agent-role-subagent","timestamp":"2026-02-27T04:49:05.467Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.105.0","agent_role":"awaiter"}}"#,
-            r#"{"timestamp":"2026-02-27T04:49:06.451Z","type":"event_msg","payload":{"type":"agent_message","message":"child response"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_agent_role_auxiliary_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get(ATTR_SESSION_ROLE)
-                .and_then(|value| value.as_str()),
-            Some("auxiliary")
-        );
-        assert!(opensession_core::session::is_auxiliary_session(&session));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_summary_batch_prompt_marks_session_auxiliary() {
-        let lines = [
-            r#"{"timestamp":"2026-03-05T02:06:54.719Z","type":"session_meta","payload":{"id":"desktop-summary-worker","timestamp":"2026-03-05T02:06:54.649Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.104.0","source":"exec"}}"#,
-            r#"{"timestamp":"2026-03-05T02:06:54.721Z","type":"event_msg","payload":{"type":"user_message","message":"Convert a real coding session into semantic compression.\nPipeline: session -> HAIL compact -> semantic summary.\nHAIL_COMPACT={\"session\":{\"id\":\"s1\"}}"}}"#,
-            r#"{"timestamp":"2026-03-05T02:07:01.792Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"{\"changes\":\"none\"}"}],"phase":"final_answer"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_summary_worker_auxiliary_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get(ATTR_SESSION_ROLE)
-                .and_then(|value| value.as_str()),
-            Some("auxiliary")
-        );
-        assert!(
-            session.context.title.is_none(),
-            "summary worker prompt should be excluded from visible title"
-        );
-        assert!(opensession_core::session::is_auxiliary_session(&session));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_agent_reasoning_event_msg_maps_to_thinking() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:00:00.097Z","type":"session_meta","payload":{"id":"desktop-reasoning","timestamp":"2026-02-14T13:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:00:01.000Z","type":"event_msg","payload":{"type":"agent_reasoning","message":"analyzing dependencies"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_agent_reasoning_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let reasoning_event = session.events.iter().find(|event| {
-            matches!(event.event_type, EventType::Thinking)
-                && event
-                    .attributes
-                    .get("source.raw_type")
-                    .and_then(|v| v.as_str())
-                    == Some("event_msg:agent_reasoning")
-        });
-        assert!(reasoning_event.is_some());
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_token_count_event_msg_maps_to_custom_tokens() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:10:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count","timestamp":"2026-02-14T13:10:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:10:01.000Z","type":"event_msg","payload":{"type":"token_count","input_tokens":21,"output_tokens":8,"turn_id":"turn-xyz"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_token_count_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let token_event = session.events.iter().find(|event| {
-            matches!(
-                event.event_type,
-                EventType::Custom { ref kind } if kind == "token_count"
-            )
-        });
-        assert!(token_event.is_some());
-        let token_event = token_event.unwrap();
-        assert_eq!(
-            token_event
-                .attributes
-                .get("input_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(21)
-        );
-        assert_eq!(
-            token_event
-                .attributes
-                .get("output_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(8)
-        );
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_token_count_event_msg_info_usage_maps_to_custom_tokens() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:11:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count-info","timestamp":"2026-02-14T13:11:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:11:01.000Z","type":"event_msg","payload":{"type":"token_count","info":{"last_token_usage":{"input_tokens":34,"output_tokens":13}},"turn_id":"turn-info"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_token_count_info_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let token_event = session.events.iter().find(|event| {
-            matches!(
-                event.event_type,
-                EventType::Custom { ref kind } if kind == "token_count"
-            )
-        });
-        assert!(token_event.is_some());
-        let token_event = token_event.unwrap();
-        assert_eq!(
-            token_event
-                .attributes
-                .get("input_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(34)
-        );
-        assert_eq!(
-            token_event
-                .attributes
-                .get("output_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(13)
-        );
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_token_count_event_msg_includes_cumulative_totals() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:13:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count-total","timestamp":"2026-02-14T13:13:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:13:01.000Z","type":"event_msg","payload":{"type":"token_count","info":{"last_token_usage":{"input_tokens":34,"output_tokens":13},"total_token_usage":{"input_tokens":340,"output_tokens":130}},"turn_id":"turn-total"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_token_count_total_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let token_event = session.events.iter().find(|event| {
-            matches!(
-                event.event_type,
-                EventType::Custom { ref kind } if kind == "token_count"
-            )
-        });
-        assert!(token_event.is_some());
-        let token_event = token_event.unwrap();
-        assert_eq!(
-            token_event
-                .attributes
-                .get("input_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(34)
-        );
-        assert_eq!(
-            token_event
-                .attributes
-                .get("output_tokens")
-                .and_then(|v| v.as_u64()),
-            Some(13)
-        );
-        assert_eq!(
-            token_event
-                .attributes
-                .get("input_tokens_total")
-                .and_then(|v| v.as_u64()),
-            Some(340)
-        );
-        assert_eq!(
-            token_event
-                .attributes
-                .get("output_tokens_total")
-                .and_then(|v| v.as_u64()),
-            Some(130)
-        );
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_agent_reasoning_raw_content_maps_to_thinking() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:12:00.097Z","type":"session_meta","payload":{"id":"desktop-raw-reasoning","timestamp":"2026-02-14T13:12:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:12:01.000Z","type":"event_msg","payload":{"type":"agent_reasoning_raw_content","text":"hidden chain tokenized text"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_reasoning_raw_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let reasoning_event = session.events.iter().find(|event| {
-            matches!(event.event_type, EventType::Thinking)
-                && event
-                    .attributes
-                    .get("source.raw_type")
-                    .and_then(|v| v.as_str())
-                    == Some("event_msg:agent_reasoning_raw_content")
-        });
-        assert!(reasoning_event.is_some());
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_web_search_call_actions_map_to_web_events() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:20:00.097Z","type":"session_meta","payload":{"id":"desktop-web-search","timestamp":"2026-02-14T13:20:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:20:01.000Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","id":"ws_1","action":{"type":"search","query":"weather seattle","queries":["weather seattle","seattle forecast"]}}}"#,
-            r#"{"timestamp":"2026-02-14T13:20:01.500Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"open_page","url":"https://example.com/weather"}}}"#,
-            r#"{"timestamp":"2026-02-14T13:20:02.000Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"find_in_page","url":"https://example.com/weather","pattern":"rain"}}}"#,
-            r#"{"timestamp":"2026-02-14T13:20:02.500Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"open_page"}}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_web_search_actions_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            matches!(&event.event_type, EventType::WebSearch { query } if query == "weather seattle")
-                && event
-                    .attributes
-                    .get("source.raw_type")
-                    .and_then(|v| v.as_str())
-                    == Some("web_search_call:search")
-                && event
-                    .attributes
-                    .get("semantic.call_id")
-                    .and_then(|v| v.as_str())
-                    == Some("ws_1")
-                && event
-                    .attributes
-                    .get("web_search.queries")
-                    .and_then(|v| v.as_array())
-                    .map(|queries| queries.len())
-                    == Some(2)
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::WebFetch { url } if url == "https://example.com/weather"
-            ) && event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("web_search_call:open_page")
-        }));
-        assert!(session.events.iter().any(|event| {
-            event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("web_search_call:find_in_page")
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("pattern: rain"))
-                })
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(&event.event_type, EventType::ToolCall { name } if name == "web_search")
-                && event
-                    .attributes
-                    .get("source.raw_type")
-                    .and_then(|v| v.as_str())
-                    == Some("web_search_call:open_page")
-                && event.content.blocks.iter().any(
-                    |block| matches!(block, ContentBlock::Text { text } if text == "open_page"),
-                )
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_context_compacted_event_msg_maps_to_custom() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:30:00.097Z","type":"session_meta","payload":{"id":"desktop-context-compacted","timestamp":"2026-02-14T13:30:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:30:01.000Z","type":"event_msg","payload":{"type":"context_compacted","turn_id":"turn_cc_1"}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_context_compacted_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::Custom { kind } if kind == "context_compacted"
-            ) && event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("event_msg:context_compacted")
-                && event.task_id.as_deref() == Some("turn_cc_1")
-        }));
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_item_completed_plan_maps_to_custom() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T13:31:00.097Z","type":"session_meta","payload":{"id":"desktop-item-completed","timestamp":"2026-02-14T13:31:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
-            r#"{"timestamp":"2026-02-14T13:31:01.000Z","type":"event_msg","payload":{"type":"item_completed","turn_id":"turn_plan_1","item":{"type":"Plan","id":"plan_1","text":"Investigate parser drift\n- check fixtures"}}}"#,
-        ];
-        let dir = std::env::temp_dir().join("codex_desktop_item_completed_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::Custom { kind } if kind == "plan_completed"
-            ) && event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("event_msg:item_completed")
-                && event
-                    .attributes
-                    .get("plan_id")
-                    .and_then(|v| v.as_str())
-                    == Some("plan_1")
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("Investigate parser drift"))
-                })
-        }));
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_turn_aborted_filtered_from_user_messages() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-test-3","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"<turn_aborted>Request interrupted by user for tool use</turn_aborted>"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.150Z","type":"event_msg","payload":{"type":"turn_aborted","turn_id":"turn_1","message":"user interrupted"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_turn_aborted_filter_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                event.event_type,
-                EventType::Custom { ref kind } if kind == "turn_aborted"
-            )
-        }));
-        assert!(!session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::UserMessage)
-                && event.content.blocks.iter().any(
-                    |block| matches!(block, ContentBlock::Text { text } if text.contains("turn_aborted"))
-                )
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_subagent_notification_filtered_from_user_messages() {
-        let lines = [
-            r#"{"timestamp":"2026-03-03T06:39:35.000Z","type":"session_meta","payload":{"id":"desktop-subagent-notification","timestamp":"2026-03-03T06:39:35.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.108.0"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:35.100Z","type":"event_msg","payload":{"type":"user_message","message":"<subagent_notification>Event: 99/110</subagent_notification>"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:35.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:36.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_subagent_notification_filter_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
-        assert!(!session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::UserMessage)
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("subagent_notification"))
-                })
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_subagent_notification_prefix_line_filtered_from_user_messages() {
-        let lines = [
-            r#"{"timestamp":"2026-03-03T06:39:35.000Z","type":"session_meta","payload":{"id":"desktop-subagent-notification-2","timestamp":"2026-03-03T06:39:35.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.108.0"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:35.100Z","type":"event_msg","payload":{"type":"user_message","message":"[USER] <subagent_notification>\nEvent: 99/110"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:35.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
-            r#"{"timestamp":"2026-03-03T06:39:36.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_subagent_notification_filter_test_2");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
-        assert!(!session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::UserMessage)
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("subagent_notification"))
-                })
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_task_lifecycle_event_msg_maps_to_task_events() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-task-map","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_42","title":"Investigate bug"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.500Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"working"}]}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_42","last_agent_message":"fixed and validated"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_task_map_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::TaskStart { .. })
-                && event.task_id.as_deref() == Some("turn_42")
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::TaskEnd { .. })
-                && event.task_id.as_deref() == Some("turn_42")
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_task_complete_last_agent_message_promoted_to_agent_message() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:05:00.097Z","type":"session_meta","payload":{"id":"desktop-task-summary-promote","timestamp":"2026-02-14T10:05:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:05:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_55","title":"Investigate bug"}}"#,
-            r#"{"timestamp":"2026-02-14T10:05:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_55","last_agent_message":"fixed and validated"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_task_summary_promote_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let agent_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::AgentMessage))
-            .collect();
-        assert_eq!(agent_events.len(), 1);
-        assert_eq!(
-            agent_events[0]
-                .attributes
-                .get("source")
-                .and_then(|value| value.as_str()),
-            Some("event_msg")
-        );
-        assert!(agent_events[0].content.blocks.iter().any(
-            |block| matches!(block, ContentBlock::Text { text } if text.contains("fixed and validated"))
-        ));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_task_complete_last_agent_message_dedupes_with_agent_message() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:06:00.097Z","type":"session_meta","payload":{"id":"desktop-task-summary-dedupe","timestamp":"2026-02-14T10:06:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:06:00.300Z","type":"event_msg","payload":{"type":"agent_message","message":"fixed and validated"}}"#,
-            r#"{"timestamp":"2026-02-14T10:06:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_56","last_agent_message":"fixed and validated"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_task_summary_dedupe_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let agent_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::AgentMessage))
-            .collect();
-        assert_eq!(agent_events.len(), 1);
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_unmatched_task_started_is_synthetically_closed() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-task-close","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_99","title":"Long task"}}"#,
-            r#"{"timestamp":"2026-02-14T10:00:00.500Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"still running"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_task_close_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let maybe_end = session.events.iter().find(|event| {
-            matches!(
-                event.event_type,
-                EventType::TaskEnd {
-                    summary: Some(ref s)
-                } if s.contains("synthetic end")
-            ) && event.task_id.as_deref() == Some("turn_99")
-        });
-        assert!(maybe_end.is_some());
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_event_msg_user_message_preferred_over_response_fallback() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:00:00.000Z","type":"session_meta","payload":{"id":"desktop-user-priority","timestamp":"2026-02-14T11:00:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:00:00.100Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"same user prompt"}]}}"#,
-            r#"{"timestamp":"2026-02-14T11:00:01.000Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
-            r#"{"timestamp":"2026-02-14T11:00:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_user_priority_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let user_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::UserMessage))
-            .collect();
-        assert_eq!(user_events.len(), 1);
-        assert_eq!(
-            user_events[0]
-                .attributes
-                .get("source")
-                .and_then(|value| value.as_str()),
-            Some("event_msg")
-        );
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_event_msg_dedupes_response_fallback_with_image_marker() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:10:00.000Z","type":"session_meta","payload":{"id":"desktop-user-image-dedupe","timestamp":"2026-02-14T11:10:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:10:00.100Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"same user prompt\n<image>"}]}}"#,
-            r#"{"timestamp":"2026-02-14T11:10:01.000Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
-            r#"{"timestamp":"2026-02-14T11:10:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_user_image_dedupe_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let user_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::UserMessage))
-            .collect();
-        assert_eq!(user_events.len(), 1);
-        assert_eq!(
-            user_events[0]
-                .attributes
-                .get("source")
-                .and_then(|value| value.as_str()),
-            Some("event_msg")
-        );
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_event_msg_same_source_duplicates_are_collapsed() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:20:00.000Z","type":"session_meta","payload":{"id":"desktop-user-same-source-dedupe","timestamp":"2026-02-14T11:20:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:20:00.100Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
-            r#"{"timestamp":"2026-02-14T11:20:00.900Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
-            r#"{"timestamp":"2026-02-14T11:20:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_same_source_dedupe_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let user_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::UserMessage))
-            .collect();
-        assert_eq!(user_events.len(), 1);
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_event_msg_agent_message_preferred_over_response_fallback() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:30:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-priority","timestamp":"2026-02-14T11:30:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:30:00.100Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"same assistant reply"}]}}"#,
-            r#"{"timestamp":"2026-02-14T11:30:01.000Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_agent_priority_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let agent_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::AgentMessage))
-            .collect();
-        assert_eq!(agent_events.len(), 1);
-        assert_eq!(
-            agent_events[0]
-                .attributes
-                .get("source")
-                .and_then(|value| value.as_str()),
-            Some("event_msg")
-        );
-        assert!(agent_events[0].content.blocks.iter().any(
-            |block| matches!(block, ContentBlock::Text { text } if text.contains("same assistant reply"))
-        ));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_event_msg_agent_message_same_source_duplicates_are_collapsed() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:40:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-same-source-dedupe","timestamp":"2026-02-14T11:40:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:40:00.100Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
-            r#"{"timestamp":"2026-02-14T11:40:00.900Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_agent_same_source_dedupe_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let agent_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::AgentMessage))
-            .collect();
-        assert_eq!(agent_events.len(), 1);
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_desktop_response_fallback_agent_message_kept_without_event_msg() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T11:50:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-response-fallback","timestamp":"2026-02-14T11:50:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T11:50:00.100Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"assistant only response"}]}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_agent_response_fallback_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        let agent_events: Vec<&Event> = session
-            .events
-            .iter()
-            .filter(|event| matches!(event.event_type, EventType::AgentMessage))
-            .collect();
-        assert_eq!(agent_events.len(), 1);
-        assert_eq!(
-            agent_events[0]
-                .attributes
-                .get("source")
-                .and_then(|value| value.as_str()),
-            Some("response_fallback")
-        );
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-
-    #[test]
-    fn test_request_user_input_output_promoted_to_interactive_user_message() {
-        let lines = [
-            r#"{"timestamp":"2026-02-14T12:00:00.000Z","type":"session_meta","payload":{"id":"desktop-request-user-input","timestamp":"2026-02-14T12:00:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
-            r#"{"timestamp":"2026-02-14T12:00:00.100Z","type":"response_item","payload":{"type":"function_call","name":"request_user_input","arguments":"{\"questions\":[{\"id\":\"layout_mode\",\"header\":\"Layout\",\"question\":\"Select mode\"}] }","call_id":"call_req_1"}}"#,
-            r#"{"timestamp":"2026-02-14T12:00:01.000Z","type":"response_item","payload":{"type":"function_call_output","call_id":"call_req_1","output":"{\"answers\":{\"layout_mode\":{\"answers\":[\"Always multi-column\"]}}}"}}"#,
-        ];
-
-        let dir = std::env::temp_dir().join("codex_desktop_request_user_input_test");
-        let _ = std::fs::create_dir_all(&dir);
-        let path = dir.join("rollout-test.jsonl");
-        std::fs::write(&path, lines.join("\n")).unwrap();
-
-        let session = parse_codex_jsonl(&path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::UserMessage)
-                && event
-                    .attributes
-                    .get("source")
-                    .and_then(|value| value.as_str())
-                    == Some("interactive")
-                && event
-                    .attributes
-                    .get("call_id")
-                    .and_then(|value| value.as_str())
-                    == Some("call_req_1")
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("layout_mode: Always multi-column") && !text.contains("Interactive response"))
-                })
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::SystemMessage)
-                && event
-                    .attributes
-                    .get("source")
-                    .and_then(|value| value.as_str())
-                    == Some("interactive_question")
-                && event
-                    .attributes
-                    .get("question_meta")
-                    .and_then(|value| value.as_array())
-                    .is_some()
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, ContentBlock::Text { text } if text.contains("Select mode"))
-                })
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::ToolResult { ref name, .. } if name == "request_user_input")
-        }));
-
-        let _ = std::fs::remove_dir_all(&dir);
-    }
-}
diff --git a/crates/parsers/src/codex/dedupe.rs b/crates/parsers/src/codex/dedupe.rs
new file mode 100644
index 00000000..6e5c1860
--- /dev/null
+++ b/crates/parsers/src/codex/dedupe.rs
@@ -0,0 +1,222 @@
+use super::*;
+
+pub(super) fn remove_duplicate_response_fallback(
+    events: &mut Vec<Event>,
+    ts: DateTime<Utc>,
+    text: &str,
+) {
+    let normalized = normalize_user_text_for_dedupe(text);
+    events.retain(|event| {
+        if !matches!(event.event_type, EventType::UserMessage) {
+            return true;
+        }
+        if event
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str())
+            != Some("response_fallback")
+        {
+            return true;
+        }
+        if (event.timestamp - ts).num_seconds().abs() > 12 {
+            return true;
+        }
+        event_user_text(event)
+            .map(|existing| !user_texts_equivalent(&existing, &normalized))
+            .unwrap_or(true)
+    });
+}
+
+pub(super) fn remove_duplicate_agent_response_fallback(
+    events: &mut Vec<Event>,
+    ts: DateTime<Utc>,
+    text: &str,
+) {
+    let normalized = normalize_user_text_for_dedupe(text);
+    events.retain(|event| {
+        if !matches!(event.event_type, EventType::AgentMessage) {
+            return true;
+        }
+        if event
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str())
+            != Some("response_fallback")
+        {
+            return true;
+        }
+        if (event.timestamp - ts).num_seconds().abs() > 12 {
+            return true;
+        }
+        event_agent_text(event)
+            .map(|existing| !user_texts_equivalent(&existing, &normalized))
+            .unwrap_or(true)
+    });
+}
+
+pub(super) fn should_skip_duplicate_user_event(
+    events: &[Event],
+    ts: DateTime<Utc>,
+    text: &str,
+    source: Option<&str>,
+) -> bool {
+    let source = match source {
+        Some(source) => source,
+        None => return false,
+    };
+    let opposite = match opposite_dedupe_source(source) {
+        Some(opposite) => opposite,
+        None => return false,
+    };
+    let normalized = normalize_user_text_for_dedupe(text);
+    events.iter().any(|event| {
+        if !matches!(event.event_type, EventType::UserMessage) {
+            return false;
+        }
+        let event_source = event
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str());
+        if event_source != Some(opposite) && event_source != Some(source) {
+            return false;
+        }
+        let duplicate_window_secs = if event_source == Some(source) { 2 } else { 12 };
+        if (event.timestamp - ts).num_seconds().abs() > duplicate_window_secs {
+            return false;
+        }
+        event_user_text(event)
+            .map(|existing| user_texts_equivalent(&existing, &normalized))
+            .unwrap_or(false)
+    })
+}
+
+pub(super) fn should_skip_duplicate_agent_event(
+    events: &[Event],
+    ts: DateTime<Utc>,
+    text: &str,
+    source: Option<&str>,
+) -> bool {
+    let source = match source {
+        Some(source) => source,
+        None => return false,
+    };
+    let opposite = match opposite_dedupe_source(source) {
+        Some(opposite) => opposite,
+        None => return false,
+    };
+    let normalized = normalize_user_text_for_dedupe(text);
+    events.iter().any(|event| {
+        if !matches!(event.event_type, EventType::AgentMessage) {
+            return false;
+        }
+        let event_source = event
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str());
+        if event_source != Some(opposite) && event_source != Some(source) {
+            return false;
+        }
+        let duplicate_window_secs = if event_source == Some(source) { 2 } else { 12 };
+        if (event.timestamp - ts).num_seconds().abs() > duplicate_window_secs {
+            return false;
+        }
+        event_agent_text(event)
+            .map(|existing| user_texts_equivalent(&existing, &normalized))
+            .unwrap_or(false)
+    })
+}
+
+pub(super) fn opposite_dedupe_source(source: &str) -> Option<&'static str> {
+    match source {
+        "event_msg" => Some("response_fallback"),
+        "response_fallback" => Some("event_msg"),
+        _ => None,
+    }
+}
+
+pub(super) fn event_user_text(event: &Event) -> Option<String> {
+    if !matches!(event.event_type, EventType::UserMessage) {
+        return None;
+    }
+    let mut out = Vec::new();
+    for block in &event.content.blocks {
+        if let ContentBlock::Text { text } = block {
+            for line in text.lines() {
+                let trimmed = line.trim();
+                if !trimmed.is_empty() {
+                    out.push(trimmed.to_string());
+                }
+            }
+        }
+    }
+    if out.is_empty() {
+        None
+    } else {
+        Some(out.join("\n"))
+    }
+}
+
+pub(super) fn event_agent_text(event: &Event) -> Option<String> {
+    if !matches!(event.event_type, EventType::AgentMessage) {
+        return None;
+    }
+    let mut out = Vec::new();
+    for block in &event.content.blocks {
+        if let ContentBlock::Text { text } = block {
+            for line in text.lines() {
+                let trimmed = line.trim();
+                if !trimmed.is_empty() {
+                    out.push(trimmed.to_string());
+                }
+            }
+        }
+    }
+    if out.is_empty() {
+        None
+    } else {
+        Some(out.join("\n"))
+    }
+}
+
+pub(super) fn normalize_user_text_for_dedupe(text: &str) -> String {
+    let normalized = text
+        .lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty())
+        .filter(|line| {
+            let lower = line.to_ascii_lowercase();
+            !matches!(
+                lower.as_str(),
+                "<image>" | "<file>" | "<audio>" | "<video>" | "[image]" | "[file]"
+            )
+        })
+        .collect::<Vec<_>>()
+        .join(" ");
+
+    normalized
+        .split_whitespace()
+        .collect::<Vec<_>>()
+        .join(" ")
+        .trim()
+        .to_ascii_lowercase()
+}
+
+pub(super) fn user_texts_equivalent(lhs: &str, rhs: &str) -> bool {
+    let left = normalize_user_text_for_dedupe(lhs);
+    let right = normalize_user_text_for_dedupe(rhs);
+    if left == right {
+        return true;
+    }
+
+    let min_len = left.chars().count().min(right.chars().count());
+    min_len >= 16 && (left.contains(&right) || right.contains(&left))
+}
+
+#[allow(dead_code)]
+pub(super) fn normalize_user_text(text: &str) -> String {
+    text.split_whitespace()
+        .collect::<Vec<_>>()
+        .join(" ")
+        .trim()
+        .to_ascii_lowercase()
+}
diff --git a/crates/parsers/src/codex/detect.rs b/crates/parsers/src/codex/detect.rs
new file mode 100644
index 00000000..859de97f
--- /dev/null
+++ b/crates/parsers/src/codex/detect.rs
@@ -0,0 +1,8 @@
+use std::path::Path;
+
+pub(super) fn can_parse_codex_path(path: &Path) -> bool {
+    path.extension().is_some_and(|ext| ext == "jsonl")
+        && path
+            .to_str()
+            .is_some_and(|s| s.contains(".codex/sessions") || s.contains("codex/sessions"))
+}
diff --git a/crates/parsers/src/codex/helpers.rs b/crates/parsers/src/codex/helpers.rs
new file mode 100644
index 00000000..8759660d
--- /dev/null
+++ b/crates/parsers/src/codex/helpers.rs
@@ -0,0 +1,450 @@
+use super::*;
+
+pub(super) fn parse_function_output(raw: &str) -> (String, bool, Option<u64>) {
+    if let Ok(v) = serde_json::from_str::<serde_json::Value>(raw) {
+        let mut output = v
+            .get("output")
+            .and_then(|v| v.as_str())
+            .unwrap_or(raw)
+            .to_string();
+        let exit_code = v
+            .get("metadata")
+            .and_then(|m| m.get("exit_code"))
+            .and_then(|c| c.as_i64());
+        let duration = v
+            .get("metadata")
+            .and_then(|m| m.get("duration_seconds"))
+            .and_then(|d| d.as_f64())
+            .map(|s| (s * 1000.0) as u64);
+        let is_error = exit_code.is_some_and(|c| c != 0);
+        if is_low_signal_output_marker(&output) || output.trim().is_empty() {
+            let metadata = v.get("metadata");
+            let recovered = [
+                v.get("stdout"),
+                v.get("stderr"),
+                v.get("message"),
+                v.get("result"),
+                v.get("content"),
+                metadata.and_then(|value| value.get("stdout")),
+                metadata.and_then(|value| value.get("stderr")),
+                metadata.and_then(|value| value.get("message")),
+            ]
+            .into_iter()
+            .flatten()
+            .filter_map(|value| value.as_str())
+            .map(str::trim)
+            .find(|value| !value.is_empty() && !is_low_signal_output_marker(value))
+            .map(str::to_string);
+
+            if let Some(restored) = recovered {
+                output = restored;
+            } else if let Ok(serialized) = serde_json::to_string(&v) {
+                if !serialized.trim().is_empty() && !is_low_signal_output_marker(&serialized) {
+                    output = serialized;
+                }
+            }
+        }
+        (output, is_error, duration)
+    } else {
+        (raw.to_string(), false, None)
+    }
+}
+
+pub(super) fn is_low_signal_output_marker(text: &str) -> bool {
+    let trimmed = text.trim();
+    !trimmed.is_empty()
+        && trimmed.chars().count() <= 8
+        && trimmed.chars().all(|ch| {
+            matches!(
+                ch,
+                '.' | '\u{00B7}' | '\u{2022}' | '-' | '_' | '=' | '~' | '`'
+            )
+        })
+}
+
+pub(super) fn extract_message_text_blocks(content: Option<&serde_json::Value>) -> String {
+    let Some(content) = content else {
+        return String::new();
+    };
+    if let Some(text) = content.as_str() {
+        return text.trim().to_string();
+    }
+    let Some(blocks) = content.as_array() else {
+        return String::new();
+    };
+
+    blocks
+        .iter()
+        .filter_map(|block| {
+            if let Some(text) = block.as_str() {
+                let trimmed = text.trim();
+                if trimmed.is_empty() {
+                    return None;
+                }
+                return Some(trimmed.to_string());
+            }
+            let btype = block.get("type").and_then(|v| v.as_str()).unwrap_or("");
+            match btype {
+                "text" | "input_text" | "output_text" => block
+                    .get("text")
+                    .and_then(|v| v.as_str())
+                    .map(str::trim)
+                    .filter(|v| !v.is_empty())
+                    .map(String::from),
+                _ => block
+                    .get("text")
+                    .and_then(|v| v.as_str())
+                    .map(str::trim)
+                    .filter(|v| !v.is_empty())
+                    .map(String::from),
+            }
+        })
+        .collect::<Vec<_>>()
+        .join("\n")
+}
+
+pub(super) fn looks_like_injected_codex_user_text(text: &str) -> bool {
+    let trimmed = text.trim();
+    if trimmed.is_empty() {
+        return false;
+    }
+
+    if looks_like_summary_batch_prompt(trimmed) {
+        return true;
+    }
+
+    let lower = trimmed.to_ascii_lowercase();
+
+    if lower.contains("apply_patch was requested via exec_command")
+        && lower.contains("use the apply_patch tool instead")
+    {
+        return true;
+    }
+
+    lower == "agents.md instructions"
+        || lower.starts_with("# agents.md instructions")
+        || lower.contains("<instructions>")
+        || lower.contains("</instructions>")
+        || lower.contains("<environment_context>")
+        || lower.contains("</environment_context>")
+        || lower.contains("<subagent_notification")
+        || lower.contains("&lt;subagent_notification")
+        || lower.contains("</subagent_notification>")
+        || lower.contains("subagent_notification>")
+        || lower.contains("<turn_aborted>")
+        || lower.contains("</turn_aborted>")
+}
+
+pub(super) fn looks_like_summary_batch_prompt(text: &str) -> bool {
+    let trimmed = text.trim();
+    if trimmed.is_empty() {
+        return false;
+    }
+    let lower = trimmed.to_ascii_lowercase();
+    lower.starts_with("convert a real coding session into semantic compression.")
+        && lower.contains("pipeline: session -> hail compact -> semantic summary")
+        && lower.contains("hail_compact=")
+}
+
+pub(super) fn codex_desktop_parent_session_id(payload: &serde_json::Value) -> Option<String> {
+    non_empty_json_str(payload.pointer("/source/subagent/thread_spawn/parent_thread_id"))
+        .or_else(|| non_empty_json_str(payload.pointer("/source/subagent/parent_thread_id")))
+        .or_else(|| non_empty_json_str(payload.pointer("/source/parent_thread_id")))
+        .or_else(|| non_empty_json_str(payload.get("parent_thread_id")))
+}
+
+pub(super) fn codex_desktop_payload_is_auxiliary(payload: &serde_json::Value) -> bool {
+    if payload.pointer("/source/subagent").is_some() {
+        return true;
+    }
+
+    payload
+        .get("agent_role")
+        .and_then(|value| value.as_str())
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .is_some_and(|role| {
+            matches!(
+                role.to_ascii_lowercase().as_str(),
+                "awaiter" | "worker" | "explorer" | "subagent"
+            )
+        })
+}
+
+pub(super) fn non_empty_json_str(value: Option<&serde_json::Value>) -> Option<String> {
+    value
+        .and_then(|entry| entry.as_str())
+        .map(str::trim)
+        .filter(|entry| !entry.is_empty())
+        .map(str::to_string)
+}
+
+pub(super) fn json_object_string(value: &serde_json::Value, keys: &[&str]) -> Option<String> {
+    match value {
+        serde_json::Value::Object(map) => {
+            for key in keys {
+                if let Some(s) = map.get(*key).and_then(|entry| entry.as_str()) {
+                    let trimmed = s.trim();
+                    if !trimmed.is_empty() {
+                        return Some(trimmed.to_string());
+                    }
+                }
+            }
+            for nested in map.values() {
+                if let Some(found) = json_object_string(nested, keys) {
+                    return Some(found);
+                }
+            }
+            None
+        }
+        serde_json::Value::Array(values) => {
+            for nested in values {
+                if let Some(found) = json_object_string(nested, keys) {
+                    return Some(found);
+                }
+            }
+            None
+        }
+        _ => None,
+    }
+}
+
+pub(super) fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
+    DateTime::parse_from_rfc3339(ts)
+        .map(|dt| dt.with_timezone(&Utc))
+        .or_else(|_| {
+            chrono::NaiveDateTime::parse_from_str(ts, "%Y-%m-%dT%H:%M:%S%.f")
+                .map(|ndt| ndt.and_utc())
+        })
+        .with_context(|| format!("Failed to parse timestamp: {}", ts))
+}
+
+pub(super) fn load_codex_agent_identity() -> (String, String) {
+    let model = read_codex_model_from_config().unwrap_or_else(|| "unknown".to_string());
+    let provider = read_codex_provider_from_config()
+        .or_else(|| infer_provider_from_model(&model))
+        .unwrap_or_else(|| "openai".to_string());
+    (provider, model)
+}
+
+pub(super) fn codex_config_path() -> Option<PathBuf> {
+    if let Ok(codex_home) = std::env::var("CODEX_HOME") {
+        let home = codex_home.trim();
+        if !home.is_empty() {
+            return Some(PathBuf::from(home).join("config.toml"));
+        }
+    }
+    let home = std::env::var("HOME").ok()?;
+    let home = home.trim();
+    if home.is_empty() {
+        return None;
+    }
+    Some(PathBuf::from(home).join(".codex").join("config.toml"))
+}
+
+pub(super) fn read_codex_model_from_config() -> Option<String> {
+    read_codex_setting_from_config("model")
+}
+
+pub(super) fn read_codex_provider_from_config() -> Option<String> {
+    read_codex_setting_from_config("provider")
+        .or_else(|| read_codex_setting_from_config("model_provider"))
+        .and_then(|provider| {
+            let normalized = provider.trim().to_ascii_lowercase();
+            if normalized.is_empty() || normalized == "auto" {
+                None
+            } else {
+                Some(normalized)
+            }
+        })
+}
+
+pub(super) fn read_codex_setting_from_config(key: &str) -> Option<String> {
+    let path = codex_config_path()?;
+    let text = std::fs::read_to_string(path).ok()?;
+    parse_codex_config_value(&text, key)
+}
+
+pub(super) fn parse_codex_config_value(config_toml: &str, key: &str) -> Option<String> {
+    let value: toml::Value = toml::from_str(config_toml).ok()?;
+    let active_profile = value
+        .get("profile")
+        .or_else(|| value.get("default_profile"))
+        .and_then(|v| v.as_str())
+        .map(str::trim)
+        .filter(|s| !s.is_empty());
+    if let Some(profile) = active_profile {
+        if let Some(profile_value) = value
+            .get("profiles")
+            .and_then(|profiles| profiles.get(profile))
+            .and_then(|entry| entry.get(key))
+            .and_then(|v| v.as_str())
+            .map(str::trim)
+            .filter(|s| !s.is_empty())
+        {
+            return Some(profile_value.to_string());
+        }
+    }
+    if let Some(defaults_value) = value
+        .get("defaults")
+        .and_then(|defaults| defaults.get(key))
+        .and_then(|v| v.as_str())
+        .map(str::trim)
+        .filter(|s| !s.is_empty())
+    {
+        return Some(defaults_value.to_string());
+    }
+    value
+        .get(key)
+        .and_then(|v| v.as_str())
+        .map(str::trim)
+        .filter(|s| !s.is_empty())
+        .map(str::to_string)
+}
+
+pub(super) fn infer_provider_from_model(model: &str) -> Option<String> {
+    let lower = model.trim().to_ascii_lowercase();
+    if lower.is_empty() || lower == "unknown" {
+        return None;
+    }
+    if lower.contains("claude") {
+        return Some("anthropic".to_string());
+    }
+    if lower.contains("gemini") {
+        return Some("google".to_string());
+    }
+    if lower.contains("gpt")
+        || lower.contains("openai")
+        || lower.contains("codex")
+        || lower.starts_with("o1")
+        || lower.starts_with("o3")
+        || lower.starts_with("o4")
+    {
+        return Some("openai".to_string());
+    }
+    None
+}
+
+/// Extract a shell command string from function arguments.
+/// Handles: `{cmd: "..."}`, `{command: ["bash", "-lc", "cmd"]}`, `{command: "cmd"}`.
+pub(super) fn extract_shell_command(args: &serde_json::Value) -> String {
+    if let Some(cmd) = args.get("cmd").and_then(|v| v.as_str()) {
+        return cmd.to_string();
+    }
+    if let Some(arr) = args.get("command").and_then(|v| v.as_array()) {
+        let parts: Vec<&str> = arr.iter().filter_map(|v| v.as_str()).collect();
+        // Skip shell prefix (e.g. "bash -lc") and take the actual command
+        if parts.len() >= 3 {
+            return parts[2..].join(" ");
+        }
+        return parts.join(" ");
+    }
+    if let Some(cmd) = args.get("command").and_then(|v| v.as_str()) {
+        return cmd.to_string();
+    }
+    String::new()
+}
+
+pub(super) fn normalize_codex_function_name(name: &str) -> &str {
+    name.rsplit('.').next().unwrap_or(name)
+}
+
+pub(super) fn extract_patch_target_path(args: &serde_json::Value) -> Option<String> {
+    if let Some(path) = args
+        .get("path")
+        .or_else(|| args.get("file"))
+        .or_else(|| args.get("file_path"))
+        .and_then(|v| v.as_str())
+        .map(str::trim)
+        .filter(|v| !v.is_empty())
+    {
+        return Some(path.to_string());
+    }
+
+    for key in ["input", "patch"] {
+        if let Some(path) = args
+            .get(key)
+            .and_then(|v| v.as_str())
+            .and_then(extract_patch_target_path_from_text)
+        {
+            return Some(path);
+        }
+    }
+
+    None
+}
+
+pub(super) fn extract_patch_target_path_from_text(input: &str) -> Option<String> {
+    const PREFIXES: [&str; 3] = ["*** Update File:", "*** Add File:", "*** Delete File:"];
+    for line in input.lines() {
+        let trimmed = line.trim();
+        for prefix in PREFIXES {
+            if let Some(rest) = trimmed.strip_prefix(prefix) {
+                let path = rest.trim().trim_matches('"').trim_matches('\'').trim();
+                if !path.is_empty() {
+                    return Some(path.to_string());
+                }
+            }
+        }
+    }
+    None
+}
+
+pub(super) fn classify_codex_function(name: &str, args: &serde_json::Value) -> EventType {
+    let normalized_name = normalize_codex_function_name(name);
+    match normalized_name {
+        "exec_command" | "shell" => {
+            let cmd = extract_shell_command(args);
+            EventType::ShellCommand {
+                command: cmd,
+                exit_code: None,
+            }
+        }
+        "write_stdin" => EventType::ToolCall {
+            name: "write_stdin".to_string(),
+        },
+        "apply_diff" | "apply_patch" => {
+            let path = extract_patch_target_path(args).unwrap_or_else(|| "unknown".to_string());
+            EventType::FileEdit { path, diff: None }
+        }
+        "create_file" | "write_file" => {
+            let path = args
+                .get("path")
+                .or_else(|| args.get("file_path"))
+                .and_then(|v| v.as_str())
+                .unwrap_or("unknown")
+                .to_string();
+            EventType::FileCreate { path }
+        }
+        "read_file" => {
+            let path = args
+                .get("path")
+                .or_else(|| args.get("file_path"))
+                .and_then(|v| v.as_str())
+                .unwrap_or("unknown")
+                .to_string();
+            EventType::FileRead { path }
+        }
+        _ => EventType::ToolCall {
+            name: canonical_tool_name(normalized_name),
+        },
+    }
+}
+
+pub(super) fn codex_function_content(name: &str, args: &serde_json::Value) -> Content {
+    match normalize_codex_function_name(name) {
+        "exec_command" | "shell" => {
+            let cmd = extract_shell_command(args);
+            Content {
+                blocks: vec![ContentBlock::Code {
+                    code: cmd,
+                    language: Some("bash".to_string()),
+                    start_line: None,
+                }],
+            }
+        }
+        _ => Content {
+            blocks: vec![ContentBlock::Json { data: args.clone() }],
+        },
+    }
+}
diff --git a/crates/parsers/src/codex/interactive.rs b/crates/parsers/src/codex/interactive.rs
new file mode 100644
index 00000000..b73a9fb7
--- /dev/null
+++ b/crates/parsers/src/codex/interactive.rs
@@ -0,0 +1,116 @@
+#[derive(Debug, Clone, Default)]
+pub(super) struct RequestUserInputCallMeta {
+    pub(super) questions: Vec<InteractiveQuestionMeta>,
+}
+
+#[derive(Debug, Clone, Default)]
+pub(super) struct InteractiveQuestionMeta {
+    pub(super) id: String,
+    pub(super) header: Option<String>,
+    pub(super) question: Option<String>,
+}
+
+pub(super) fn parse_request_user_input_call_meta(
+    args: &serde_json::Value,
+) -> RequestUserInputCallMeta {
+    let mut questions = Vec::new();
+    let Some(items) = args.get("questions").and_then(|v| v.as_array()) else {
+        return RequestUserInputCallMeta { questions };
+    };
+
+    for item in items {
+        let id = item
+            .get("id")
+            .and_then(|v| v.as_str())
+            .map(str::trim)
+            .filter(|v| !v.is_empty())
+            .unwrap_or("question")
+            .to_string();
+        let header = item
+            .get("header")
+            .and_then(|v| v.as_str())
+            .map(str::trim)
+            .filter(|v| !v.is_empty())
+            .map(str::to_string);
+        let question = item
+            .get("question")
+            .and_then(|v| v.as_str())
+            .map(str::trim)
+            .filter(|v| !v.is_empty())
+            .map(str::to_string);
+        questions.push(InteractiveQuestionMeta {
+            id,
+            header,
+            question,
+        });
+    }
+
+    RequestUserInputCallMeta { questions }
+}
+
+pub(super) fn render_interactive_questions(questions: &[InteractiveQuestionMeta]) -> String {
+    let mut lines = Vec::new();
+    for q in questions {
+        let mut label = q.id.clone();
+        if let Some(header) = q.header.as_deref() {
+            label = format!("{label} ({header})");
+        }
+        let body = q.question.as_deref().unwrap_or("(no question text)");
+        lines.push(format!("- {label}: {body}"));
+    }
+    if lines.is_empty() {
+        "(no interactive questions)".to_string()
+    } else {
+        lines.join("\n")
+    }
+}
+
+pub(super) fn parse_request_user_input_answers(
+    output_text: &str,
+) -> Option<(String, Vec<String>, serde_json::Value)> {
+    let parsed: serde_json::Value = serde_json::from_str(output_text).ok()?;
+    let answers = parsed.get("answers").and_then(|v| v.as_object())?;
+    if answers.is_empty() {
+        return None;
+    }
+
+    let mut question_ids: Vec<String> = Vec::new();
+    let mut lines: Vec<String> = Vec::new();
+    for (question_id, value) in answers {
+        question_ids.push(question_id.clone());
+        let mut picks: Vec<String> = Vec::new();
+        if let Some(arr) = value.get("answers").and_then(|v| v.as_array()) {
+            for answer in arr {
+                let rendered = answer
+                    .as_str()
+                    .map(|s| s.trim().to_string())
+                    .filter(|s| !s.is_empty())
+                    .or_else(|| {
+                        answer
+                            .as_object()
+                            .and_then(|obj| obj.get("value").and_then(|v| v.as_str()))
+                            .map(|s| s.trim().to_string())
+                            .filter(|s| !s.is_empty())
+                    })
+                    .unwrap_or_else(|| answer.to_string());
+                if !rendered.trim().is_empty() {
+                    picks.push(rendered);
+                }
+            }
+        } else if let Some(s) = value.as_str() {
+            if !s.trim().is_empty() {
+                picks.push(s.trim().to_string());
+            }
+        } else if !value.is_null() {
+            picks.push(value.to_string());
+        }
+        if picks.is_empty() {
+            lines.push(format!("{question_id}: (no answer)"));
+        } else {
+            lines.push(format!("{question_id}: {}", picks.join(" | ")));
+        }
+    }
+
+    let rendered = lines.join("\n");
+    Some((rendered, question_ids, parsed))
+}
diff --git a/crates/parsers/src/codex/metrics.rs b/crates/parsers/src/codex/metrics.rs
new file mode 100644
index 00000000..9ca0010e
--- /dev/null
+++ b/crates/parsers/src/codex/metrics.rs
@@ -0,0 +1,167 @@
+pub(super) fn extract_token_counts(
+    payload: &serde_json::Value,
+) -> Option<(Option<u64>, Option<u64>)> {
+    let pick = |v: &serde_json::Value, keys: &[&str]| -> Option<u64> {
+        for key in keys {
+            if let Some(num) = v.get(*key).and_then(|value| value.as_u64()) {
+                return Some(num);
+            }
+            if let Some(num) = v
+                .get(*key)
+                .and_then(|value| value.as_i64())
+                .filter(|value| *value >= 0)
+                .map(|value| value as u64)
+            {
+                return Some(num);
+            }
+        }
+        None
+    };
+
+    let usage_pick_input = |value: &serde_json::Value| {
+        pick(
+            value,
+            &[
+                "input_tokens",
+                "prompt_tokens",
+                "inputTokens",
+                "promptTokens",
+                "token_input",
+                "tokenInput",
+            ],
+        )
+    };
+    let usage_pick_output = |value: &serde_json::Value| {
+        pick(
+            value,
+            &[
+                "output_tokens",
+                "completion_tokens",
+                "outputTokens",
+                "completionTokens",
+                "token_output",
+                "tokenOutput",
+            ],
+        )
+    };
+    fn info_usage<'a>(
+        info: &'a serde_json::Value,
+        snake_case_key: &str,
+        camel_case_key: &str,
+    ) -> Option<&'a serde_json::Value> {
+        if let Some(value) = info.get(snake_case_key) {
+            Some(value)
+        } else {
+            info.get(camel_case_key)
+        }
+    }
+
+    let input = pick(
+        payload,
+        &[
+            "input_tokens",
+            "prompt_tokens",
+            "inputTokens",
+            "promptTokens",
+            "token_input",
+            "tokenInput",
+        ],
+    )
+    .or_else(|| payload.get("usage").and_then(usage_pick_input))
+    .or_else(|| {
+        payload
+            .get("info")
+            .and_then(|info| info_usage(info, "last_token_usage", "lastTokenUsage"))
+            .and_then(usage_pick_input)
+    })
+    .or_else(|| {
+        payload
+            .get("info")
+            .and_then(|info| info_usage(info, "total_token_usage", "totalTokenUsage"))
+            .and_then(usage_pick_input)
+    });
+    let output = pick(
+        payload,
+        &[
+            "output_tokens",
+            "completion_tokens",
+            "outputTokens",
+            "completionTokens",
+            "token_output",
+            "tokenOutput",
+        ],
+    )
+    .or_else(|| payload.get("usage").and_then(usage_pick_output))
+    .or_else(|| {
+        payload
+            .get("info")
+            .and_then(|info| info_usage(info, "last_token_usage", "lastTokenUsage"))
+            .and_then(usage_pick_output)
+    })
+    .or_else(|| {
+        payload
+            .get("info")
+            .and_then(|info| info_usage(info, "total_token_usage", "totalTokenUsage"))
+            .and_then(usage_pick_output)
+    });
+    if input.is_none() && output.is_none() {
+        None
+    } else {
+        Some((input, output))
+    }
+}
+
+pub(super) fn extract_total_token_counts(
+    payload: &serde_json::Value,
+) -> Option<(Option<u64>, Option<u64>)> {
+    let pick = |v: &serde_json::Value, keys: &[&str]| -> Option<u64> {
+        for key in keys {
+            if let Some(num) = v.get(*key).and_then(|value| value.as_u64()) {
+                return Some(num);
+            }
+            if let Some(num) = v
+                .get(*key)
+                .and_then(|value| value.as_i64())
+                .filter(|value| *value >= 0)
+                .map(|value| value as u64)
+            {
+                return Some(num);
+            }
+        }
+        None
+    };
+
+    let total_usage = payload.get("info").and_then(|info| {
+        info.get("total_token_usage")
+            .or_else(|| info.get("totalTokenUsage"))
+    })?;
+
+    let input = pick(
+        total_usage,
+        &[
+            "input_tokens",
+            "prompt_tokens",
+            "inputTokens",
+            "promptTokens",
+            "token_input",
+            "tokenInput",
+        ],
+    );
+    let output = pick(
+        total_usage,
+        &[
+            "output_tokens",
+            "completion_tokens",
+            "outputTokens",
+            "completionTokens",
+            "token_output",
+            "tokenOutput",
+        ],
+    );
+
+    if input.is_none() && output.is_none() {
+        None
+    } else {
+        Some((input, output))
+    }
+}
diff --git a/crates/parsers/src/codex/mod.rs b/crates/parsers/src/codex/mod.rs
new file mode 100644
index 00000000..82441ab3
--- /dev/null
+++ b/crates/parsers/src/codex/mod.rs
@@ -0,0 +1,58 @@
+use crate::SessionParser;
+use crate::common::{
+    INTERACTIVE_USER_INPUT_TOOL, attach_semantic_attrs, attach_source_attrs, canonical_tool_name,
+    infer_tool_kind, set_first,
+};
+use anyhow::{Context, Result};
+use chrono::{DateTime, Utc};
+#[allow(unused_imports)]
+use opensession_core::session::{ATTR_PARENT_SESSION_ID, ATTR_SESSION_ROLE};
+#[allow(unused_imports)]
+use opensession_core::trace::{
+    Agent, Content, ContentBlock, Event, EventType, Session, SessionContext,
+};
+#[allow(unused_imports)]
+use std::collections::{BTreeMap, HashMap};
+#[allow(unused_imports)]
+use std::io::BufRead;
+use std::path::{Path, PathBuf};
+
+mod dedupe;
+mod detect;
+mod helpers;
+mod interactive;
+mod metrics;
+mod parse;
+mod transform;
+
+#[cfg(test)]
+mod tests;
+
+pub struct CodexParser;
+
+impl SessionParser for CodexParser {
+    fn name(&self) -> &str {
+        "codex"
+    }
+
+    fn can_parse(&self, path: &Path) -> bool {
+        detect::can_parse_codex_path(path)
+    }
+
+    fn parse(&self, path: &Path) -> Result<Session> {
+        parse_codex_jsonl(path)
+    }
+}
+
+#[allow(unused_imports)]
+pub(super) use dedupe::*;
+#[allow(unused_imports)]
+pub(super) use helpers::*;
+#[allow(unused_imports)]
+pub(super) use interactive::*;
+#[allow(unused_imports)]
+pub(super) use metrics::*;
+#[allow(unused_imports)]
+pub(super) use parse::parse_codex_jsonl;
+#[allow(unused_imports)]
+pub(super) use transform::*;
diff --git a/crates/parsers/src/codex/parse.rs b/crates/parsers/src/codex/parse.rs
new file mode 100644
index 00000000..71736496
--- /dev/null
+++ b/crates/parsers/src/codex/parse.rs
@@ -0,0 +1,614 @@
+use super::*;
+
+pub(crate) fn parse_codex_jsonl(path: &Path) -> Result<Session> {
+    let file = std::fs::File::open(path)
+        .with_context(|| format!("Failed to open Codex JSONL: {}", path.display()))?;
+    let reader = std::io::BufReader::new(file);
+
+    let mut events: Vec<Event> = Vec::new();
+    let mut session_id: Option<String> = None;
+    let mut event_counter = 0u64;
+    let mut first_user_text: Option<String> = None;
+    let mut last_function_name = "unknown".to_string();
+    // call_id → (event_id, function_name) for correlating function_call_output
+    let mut call_map: HashMap<String, (String, String)> = HashMap::new();
+    let mut session_ts: Option<DateTime<Utc>> = None;
+    let mut git_info: Option<serde_json::Value> = None;
+    let mut cwd: Option<String> = None;
+    let mut tool_version: Option<String> = None;
+    let mut originator: Option<String> = None;
+    let mut parent_session_id: Option<String> = None;
+    let mut is_auxiliary_session = false;
+    let mut is_desktop = false;
+    let mut open_tasks: BTreeMap<String, Option<String>> = BTreeMap::new();
+    let mut interactive_call_meta: HashMap<String, RequestUserInputCallMeta> = HashMap::new();
+
+    for line_result in reader.lines() {
+        let line = match line_result {
+            Ok(l) => l,
+            Err(_) => continue,
+        };
+        if line.trim().is_empty() {
+            continue;
+        }
+
+        let v: serde_json::Value = match serde_json::from_str(&line) {
+            Ok(v) => v,
+            Err(_) => continue,
+        };
+
+        let obj = match v.as_object() {
+            Some(o) => o,
+            None => continue,
+        };
+
+        // State marker — skip
+        if obj.contains_key("record_type") {
+            continue;
+        }
+
+        // Codex Desktop "session_meta" header (has `type: "session_meta"` + `payload`)
+        if obj.get("type").and_then(|v| v.as_str()) == Some("session_meta") {
+            is_desktop = true;
+            if let Some(payload) = obj.get("payload") {
+                set_first(
+                    &mut session_id,
+                    payload.get("id").and_then(|v| v.as_str()).map(String::from),
+                );
+                if let Some(ts_str) = payload.get("timestamp").and_then(|v| v.as_str()) {
+                    set_first(&mut session_ts, parse_timestamp(ts_str).ok());
+                }
+                if let Some(git) = payload.get("git") {
+                    set_first(&mut git_info, Some(git.clone()));
+                }
+                set_first(
+                    &mut cwd,
+                    payload
+                        .get("cwd")
+                        .and_then(|v| v.as_str())
+                        .map(String::from),
+                );
+                set_first(
+                    &mut tool_version,
+                    payload
+                        .get("cli_version")
+                        .and_then(|v| v.as_str())
+                        .map(String::from),
+                );
+                set_first(
+                    &mut originator,
+                    payload
+                        .get("originator")
+                        .and_then(|v| v.as_str())
+                        .map(String::from),
+                );
+                if codex_desktop_payload_is_auxiliary(payload) {
+                    is_auxiliary_session = true;
+                }
+                set_first(
+                    &mut parent_session_id,
+                    codex_desktop_parent_session_id(payload),
+                );
+            }
+            continue;
+        }
+
+        // Session header — no `type` field, has `id` + `timestamp` (legacy CLI format)
+        if !obj.contains_key("type") {
+            set_first(
+                &mut session_id,
+                obj.get("id").and_then(|v| v.as_str()).map(String::from),
+            );
+            if let Some(ts_str) = obj.get("timestamp").and_then(|v| v.as_str()) {
+                set_first(&mut session_ts, parse_timestamp(ts_str).ok());
+            }
+            if let Some(git) = obj.get("git") {
+                git_info = Some(git.clone());
+            }
+            continue;
+        }
+
+        let top_type = obj.get("type").and_then(|v| v.as_str()).unwrap_or("");
+
+        // Per-entry timestamp (Desktop format includes timestamp on each line)
+        let entry_ts = obj
+            .get("timestamp")
+            .and_then(|v| v.as_str())
+            .and_then(|s| parse_timestamp(s).ok())
+            .or(session_ts)
+            .unwrap_or_else(Utc::now);
+
+        // Codex Desktop: `response_item` wraps the payload which has the same
+        // structure as legacy flat entries (message, reasoning, function_call, etc.)
+        if top_type == "response_item" {
+            if let Some(payload) = obj.get("payload") {
+                if payload.get("type").and_then(|v| v.as_str()) == Some("message")
+                    && payload.get("role").and_then(|v| v.as_str()) == Some("user")
+                    && looks_like_summary_batch_prompt(&extract_message_text_blocks(
+                        payload.get("content"),
+                    ))
+                {
+                    is_auxiliary_session = true;
+                }
+                // In Desktop format, response_item/message/role=user includes
+                // system-injected content (AGENTS.md, env context). The real user
+                // message comes from event_msg/user_message, so skip first_user_text
+                // extraction here for Desktop sessions.
+                let mut discard_user_text: Option<String> = None;
+                let user_text_target = if is_desktop {
+                    &mut discard_user_text
+                } else {
+                    &mut first_user_text
+                };
+                process_item_with_options(
+                    payload,
+                    entry_ts,
+                    &mut events,
+                    &mut event_counter,
+                    user_text_target,
+                    &mut last_function_name,
+                    &mut call_map,
+                    &mut interactive_call_meta,
+                    is_desktop,
+                );
+            }
+            continue;
+        }
+
+        // Codex Desktop: `event_msg` contains UI-level events
+        if top_type == "event_msg" {
+            if let Some(payload) = obj.get("payload") {
+                let payload_type = payload.get("type").and_then(|v| v.as_str()).unwrap_or("");
+                match payload_type {
+                    "user_message" => {
+                        if let Some(msg) = payload.get("message").and_then(|v| v.as_str()) {
+                            let text = msg.trim().to_string();
+                            if looks_like_summary_batch_prompt(&text) {
+                                is_auxiliary_session = true;
+                            }
+                            if text.is_empty() || looks_like_injected_codex_user_text(&text) {
+                                continue;
+                            }
+                            set_first(&mut first_user_text, Some(text.clone()));
+                            push_user_message_event(
+                                &mut events,
+                                &mut event_counter,
+                                entry_ts,
+                                &text,
+                                Some("event_msg"),
+                            );
+                        }
+                    }
+                    "agent_message" => {
+                        if let Some(msg) = payload
+                            .get("message")
+                            .or_else(|| payload.get("text"))
+                            .or_else(|| payload.get("content"))
+                            .and_then(|v| v.as_str())
+                        {
+                            push_agent_message_event(
+                                &mut events,
+                                &mut event_counter,
+                                entry_ts,
+                                msg,
+                                Some("event_msg"),
+                            );
+                        }
+                    }
+                    "agent_reasoning" | "agent_reasoning_raw_content" => {
+                        if let Some(reasoning) = payload
+                            .get("message")
+                            .or_else(|| payload.get("text"))
+                            .or_else(|| payload.get("content"))
+                            .and_then(|v| v.as_str())
+                            .map(str::trim)
+                            .filter(|v| !v.is_empty())
+                        {
+                            event_counter += 1;
+                            let mut attributes = HashMap::new();
+                            let raw_type = if payload_type == "agent_reasoning_raw_content" {
+                                "event_msg:agent_reasoning_raw_content"
+                            } else {
+                                "event_msg:agent_reasoning"
+                            };
+                            attach_source_attrs(
+                                &mut attributes,
+                                Some("codex-desktop-v1"),
+                                Some(raw_type),
+                            );
+                            events.push(Event {
+                                event_id: format!("codex-{}", event_counter),
+                                timestamp: entry_ts,
+                                event_type: EventType::Thinking,
+                                task_id: None,
+                                content: Content::text(reasoning),
+                                duration_ms: None,
+                                attributes,
+                            });
+                        }
+                    }
+                    "token_count" => {
+                        let sampled = extract_token_counts(payload);
+                        let cumulative = extract_total_token_counts(payload);
+                        if sampled.is_some() || cumulative.is_some() {
+                            event_counter += 1;
+                            let mut attributes = HashMap::new();
+                            attach_source_attrs(
+                                &mut attributes,
+                                Some("codex-desktop-v1"),
+                                Some("event_msg:token_count"),
+                            );
+                            if let Some((input_tokens, output_tokens)) = sampled {
+                                if let Some(input_tokens) = input_tokens {
+                                    attributes.insert(
+                                        "input_tokens".to_string(),
+                                        serde_json::Value::Number(input_tokens.into()),
+                                    );
+                                }
+                                if let Some(output_tokens) = output_tokens {
+                                    attributes.insert(
+                                        "output_tokens".to_string(),
+                                        serde_json::Value::Number(output_tokens.into()),
+                                    );
+                                }
+                            }
+                            if let Some((input_total_tokens, output_total_tokens)) = cumulative {
+                                if let Some(input_total_tokens) = input_total_tokens {
+                                    attributes.insert(
+                                        "input_tokens_total".to_string(),
+                                        serde_json::Value::Number(input_total_tokens.into()),
+                                    );
+                                }
+                                if let Some(output_total_tokens) = output_total_tokens {
+                                    attributes.insert(
+                                        "output_tokens_total".to_string(),
+                                        serde_json::Value::Number(output_total_tokens.into()),
+                                    );
+                                }
+                            }
+                            events.push(Event {
+                                event_id: format!("codex-{}", event_counter),
+                                timestamp: entry_ts,
+                                event_type: EventType::Custom {
+                                    kind: "token_count".to_string(),
+                                },
+                                task_id: payload
+                                    .get("turn_id")
+                                    .or_else(|| payload.get("task_id"))
+                                    .and_then(|v| v.as_str())
+                                    .map(str::to_string),
+                                content: Content::empty(),
+                                duration_ms: None,
+                                attributes,
+                            });
+                        }
+                    }
+                    "context_compacted" => {
+                        event_counter += 1;
+                        let mut attributes = HashMap::new();
+                        attach_source_attrs(
+                            &mut attributes,
+                            Some("codex-desktop-v1"),
+                            Some("event_msg:context_compacted"),
+                        );
+                        events.push(Event {
+                            event_id: format!("codex-{}", event_counter),
+                            timestamp: entry_ts,
+                            event_type: EventType::Custom {
+                                kind: "context_compacted".to_string(),
+                            },
+                            task_id: payload
+                                .get("turn_id")
+                                .or_else(|| payload.get("task_id"))
+                                .and_then(|v| v.as_str())
+                                .map(str::to_string),
+                            content: Content::text("context compacted"),
+                            duration_ms: None,
+                            attributes,
+                        });
+                    }
+                    "item_completed" => {
+                        let item = payload.get("item").unwrap_or(&serde_json::Value::Null);
+                        let item_type = item
+                            .get("type")
+                            .and_then(|v| v.as_str())
+                            .map(str::trim)
+                            .unwrap_or("");
+                        if item_type.eq_ignore_ascii_case("plan") {
+                            event_counter += 1;
+                            let mut attributes = HashMap::new();
+                            attach_source_attrs(
+                                &mut attributes,
+                                Some("codex-desktop-v1"),
+                                Some("event_msg:item_completed"),
+                            );
+                            if let Some(plan_id) = item.get("id").and_then(|v| v.as_str()) {
+                                attributes.insert(
+                                    "plan_id".to_string(),
+                                    serde_json::Value::String(plan_id.to_string()),
+                                );
+                            }
+                            if let Some(turn_id) = payload.get("turn_id").and_then(|v| v.as_str()) {
+                                attributes.insert(
+                                    "turn_id".to_string(),
+                                    serde_json::Value::String(turn_id.to_string()),
+                                );
+                            }
+                            let plan_preview = item
+                                .get("text")
+                                .and_then(|v| v.as_str())
+                                .map(str::trim)
+                                .filter(|v| !v.is_empty())
+                                .and_then(|v| v.lines().find(|line| !line.trim().is_empty()))
+                                .map(str::trim)
+                                .unwrap_or("plan completed");
+                            events.push(Event {
+                                event_id: format!("codex-{}", event_counter),
+                                timestamp: entry_ts,
+                                event_type: EventType::Custom {
+                                    kind: "plan_completed".to_string(),
+                                },
+                                task_id: payload
+                                    .get("turn_id")
+                                    .or_else(|| payload.get("task_id"))
+                                    .and_then(|v| v.as_str())
+                                    .map(str::to_string),
+                                content: Content::text(format!("Plan completed: {plan_preview}")),
+                                duration_ms: None,
+                                attributes,
+                            });
+                        }
+                    }
+                    "turn_aborted" => {
+                        event_counter += 1;
+                        let mut attributes = HashMap::new();
+                        if let Some(reason) = payload
+                            .get("reason")
+                            .or_else(|| payload.get("message"))
+                            .or_else(|| payload.get("error"))
+                            .and_then(|v| v.as_str())
+                        {
+                            attributes.insert(
+                                "reason".to_string(),
+                                serde_json::Value::String(reason.to_string()),
+                            );
+                        }
+                        let task_id = payload
+                            .get("turn_id")
+                            .and_then(|v| v.as_str())
+                            .map(String::from);
+                        events.push(Event {
+                            event_id: format!("codex-{}", event_counter),
+                            timestamp: entry_ts,
+                            event_type: EventType::Custom {
+                                kind: "turn_aborted".to_string(),
+                            },
+                            task_id,
+                            content: Content::text("turn aborted"),
+                            duration_ms: None,
+                            attributes,
+                        });
+                    }
+                    "task_started" => {
+                        let turn_id = payload
+                            .get("turn_id")
+                            .or_else(|| payload.get("task_id"))
+                            .and_then(|v| v.as_str())
+                            .map(str::trim)
+                            .filter(|v| !v.is_empty())
+                            .map(String::from);
+                        if let Some(task_id) = turn_id {
+                            let title = payload
+                                .get("title")
+                                .or_else(|| payload.get("task"))
+                                .or_else(|| payload.get("name"))
+                                .and_then(|v| v.as_str())
+                                .map(str::trim)
+                                .filter(|v| !v.is_empty())
+                                .map(String::from);
+                            open_tasks.insert(task_id.clone(), title.clone());
+                            event_counter += 1;
+                            events.push(Event {
+                                event_id: format!("codex-{}", event_counter),
+                                timestamp: entry_ts,
+                                event_type: EventType::TaskStart {
+                                    title: title.clone(),
+                                },
+                                task_id: Some(task_id),
+                                content: Content::text(
+                                    title.unwrap_or_else(|| "task started".to_string()),
+                                ),
+                                duration_ms: None,
+                                attributes: HashMap::new(),
+                            });
+                        }
+                    }
+                    "task_complete" | "task_completed" | "task_finished" => {
+                        let turn_id = payload
+                            .get("turn_id")
+                            .or_else(|| payload.get("task_id"))
+                            .and_then(|v| v.as_str())
+                            .map(str::trim)
+                            .filter(|v| !v.is_empty())
+                            .map(String::from);
+                        if let Some(task_id) = turn_id {
+                            let summary = payload
+                                .get("last_agent_message")
+                                .or_else(|| payload.get("summary"))
+                                .or_else(|| payload.get("message"))
+                                .and_then(|v| v.as_str())
+                                .map(str::trim)
+                                .filter(|v| !v.is_empty())
+                                .map(String::from);
+                            if let Some(summary_text) = summary.as_deref() {
+                                push_agent_message_event(
+                                    &mut events,
+                                    &mut event_counter,
+                                    entry_ts,
+                                    summary_text,
+                                    Some("event_msg"),
+                                );
+                            }
+                            open_tasks.remove(&task_id);
+                            event_counter += 1;
+                            events.push(Event {
+                                event_id: format!("codex-{}", event_counter),
+                                timestamp: entry_ts,
+                                event_type: EventType::TaskEnd {
+                                    summary: summary.clone(),
+                                },
+                                task_id: Some(task_id),
+                                content: Content::text(
+                                    summary.unwrap_or_else(|| "task completed".to_string()),
+                                ),
+                                duration_ms: None,
+                                attributes: HashMap::new(),
+                            });
+                        }
+                    }
+                    _ => {}
+                }
+            }
+            continue;
+        }
+
+        // Skip other Desktop-only wrapper types
+        if top_type == "turn_context" {
+            continue;
+        }
+
+        // Legacy flat entry with type field (message, reasoning, function_call, etc.)
+        process_item_with_options(
+            &v,
+            entry_ts,
+            &mut events,
+            &mut event_counter,
+            &mut first_user_text,
+            &mut last_function_name,
+            &mut call_map,
+            &mut interactive_call_meta,
+            is_desktop,
+        );
+    }
+
+    if !open_tasks.is_empty() {
+        let synthetic_ts = events
+            .last()
+            .map(|event| event.timestamp)
+            .or(session_ts)
+            .unwrap_or_else(Utc::now);
+        for (task_id, title) in open_tasks {
+            event_counter += 1;
+            events.push(Event {
+                event_id: format!("codex-{}", event_counter),
+                timestamp: synthetic_ts,
+                event_type: EventType::TaskEnd {
+                    summary: Some("synthetic end (missing task_complete)".to_string()),
+                },
+                task_id: Some(task_id),
+                content: Content::text(title.unwrap_or_else(|| "synthetic task end".to_string())),
+                duration_ms: None,
+                attributes: HashMap::new(),
+            });
+        }
+    }
+
+    // ── Build Session ───────────────────────────────────────────────────────
+
+    let session_id = session_id.unwrap_or_else(|| {
+        path.file_stem()
+            .and_then(|s| s.to_str())
+            .unwrap_or("unknown")
+            .to_string()
+    });
+
+    let (provider, model) = load_codex_agent_identity();
+    let agent = Agent {
+        provider,
+        model,
+        tool: "codex".to_string(),
+        tool_version,
+    };
+
+    let (created_at, updated_at) =
+        if let (Some(first), Some(last)) = (events.first(), events.last()) {
+            (first.timestamp, last.timestamp)
+        } else {
+            let now = session_ts.unwrap_or_else(Utc::now);
+            (now, now)
+        };
+
+    let mut attributes = HashMap::new();
+    if let Some(git) = git_info {
+        if let Some(branch) = json_object_string(
+            &git,
+            &["branch", "git_branch", "current_branch", "ref", "head"],
+        ) {
+            attributes.insert("git_branch".to_string(), serde_json::Value::String(branch));
+        }
+        if let Some(repo_name) =
+            json_object_string(&git, &["repo_name", "repository", "repo", "name"])
+        {
+            attributes.insert(
+                "git_repo_name".to_string(),
+                serde_json::Value::String(repo_name),
+            );
+        }
+        attributes.insert("git".to_string(), git);
+    }
+    if let Some(ref dir) = cwd {
+        attributes.insert("cwd".to_string(), serde_json::Value::String(dir.clone()));
+    }
+    if let Some(ref orig) = originator {
+        attributes.insert(
+            "originator".to_string(),
+            serde_json::Value::String(orig.clone()),
+        );
+    }
+    if first_user_text
+        .as_deref()
+        .is_some_and(looks_like_summary_batch_prompt)
+    {
+        is_auxiliary_session = true;
+    }
+    let mut related_session_ids = Vec::new();
+    if is_auxiliary_session {
+        attributes.insert(
+            ATTR_SESSION_ROLE.to_string(),
+            serde_json::Value::String("auxiliary".to_string()),
+        );
+        if let Some(parent_id) = parent_session_id.as_ref() {
+            attributes.insert(
+                ATTR_PARENT_SESSION_ID.to_string(),
+                serde_json::Value::String(parent_id.clone()),
+            );
+            related_session_ids.push(parent_id.clone());
+        }
+    }
+
+    let title = first_user_text.map(|t| {
+        if t.chars().count() > 80 {
+            let truncated: String = t.chars().take(77).collect();
+            format!("{}...", truncated)
+        } else {
+            t
+        }
+    });
+
+    let context = SessionContext {
+        title,
+        description: None,
+        tags: vec!["codex".to_string()],
+        created_at,
+        updated_at,
+        related_session_ids,
+        attributes,
+    };
+
+    let mut session = Session::new(session_id, agent);
+    session.context = context;
+    session.events = events;
+    session.recompute_stats();
+
+    Ok(session)
+}
diff --git a/crates/parsers/src/codex/tests/config.rs b/crates/parsers/src/codex/tests/config.rs
new file mode 100644
index 00000000..748bf713
--- /dev/null
+++ b/crates/parsers/src/codex/tests/config.rs
@@ -0,0 +1,214 @@
+use super::*;
+
+#[test]
+fn test_parse_codex_config_value_model_root() {
+    let config = r#"
+model = "gpt-5.3-codex"
+model_reasoning_effort = "high"
+"#;
+    assert_eq!(
+        parse_codex_config_value(config, "model"),
+        Some("gpt-5.3-codex".to_string())
+    );
+}
+
+#[test]
+fn test_parse_codex_config_value_profile_override() {
+    let config = r#"
+profile = "work"
+model = "gpt-5.3-codex"
+[profiles.work]
+model = "claude-sonnet-4-5"
+provider = "anthropic"
+"#;
+    assert_eq!(
+        parse_codex_config_value(config, "model"),
+        Some("claude-sonnet-4-5".to_string())
+    );
+    assert_eq!(
+        parse_codex_config_value(config, "provider"),
+        Some("anthropic".to_string())
+    );
+}
+
+#[test]
+fn test_infer_provider_from_model() {
+    assert_eq!(
+        infer_provider_from_model("gpt-5.3-codex"),
+        Some("openai".to_string())
+    );
+    assert_eq!(
+        infer_provider_from_model("claude-sonnet-4-5"),
+        Some("anthropic".to_string())
+    );
+    assert_eq!(
+        infer_provider_from_model("gemini-2.0-flash"),
+        Some("google".to_string())
+    );
+    assert_eq!(infer_provider_from_model("unknown"), None);
+}
+
+#[test]
+fn test_json_object_string_extracts_nested_branch_and_repo() {
+    let git = serde_json::json!({
+        "meta": {"repository": "ops"},
+        "current": {"branch": "main"}
+    });
+    assert_eq!(
+        json_object_string(&git, &["branch", "current_branch", "ref"]).as_deref(),
+        Some("main")
+    );
+    assert_eq!(
+        json_object_string(&git, &["repo_name", "repository", "repo"]).as_deref(),
+        Some("ops")
+    );
+}
+
+#[test]
+fn test_session_header() {
+    let line = r#"{"id":"c3c4b301-27c8-4c70-b6e4-46b99fdf0236","timestamp":"2025-08-18T01:16:13.522Z","instructions":null,"git":{"commit_hash":"abc123","branch":"main"}}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let obj = v.as_object().unwrap();
+    assert!(!obj.contains_key("type"));
+    assert!(obj.contains_key("id"));
+    assert_eq!(
+        obj["id"].as_str().unwrap(),
+        "c3c4b301-27c8-4c70-b6e4-46b99fdf0236"
+    );
+    assert!(obj["git"]["branch"].as_str().unwrap() == "main");
+}
+
+#[test]
+fn test_state_marker_skipped() {
+    let line = r#"{"record_type":"state"}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let obj = v.as_object().unwrap();
+    assert!(obj.contains_key("record_type"));
+    assert!(!obj.contains_key("type"));
+}
+
+#[test]
+fn test_user_message() {
+    let line = r#"{"type":"message","id":null,"role":"user","content":[{"type":"input_text","text":"hello codex"}]}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    process_item(
+        &v,
+        Utc::now(),
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    assert_eq!(events.len(), 1);
+    assert!(matches!(events[0].event_type, EventType::UserMessage));
+    assert_eq!(first_text.as_deref(), Some("hello codex"));
+}
+
+#[test]
+fn test_assistant_message() {
+    let line = r#"{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Here is the analysis..."}]}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    process_item(
+        &v,
+        Utc::now(),
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    assert_eq!(events.len(), 1);
+    assert!(matches!(events[0].event_type, EventType::AgentMessage));
+}
+
+#[test]
+fn test_shell_command_array() {
+    let line = r#"{"type":"function_call","id":"fc_123","name":"shell","arguments":"{\"command\":[\"bash\",\"-lc\",\"cat README.md\"]}","call_id":"call_xyz"}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    process_item(
+        &v,
+        Utc::now(),
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    assert_eq!(events.len(), 1);
+    match &events[0].event_type {
+        EventType::ShellCommand { command, .. } => assert_eq!(command, "cat README.md"),
+        other => panic!("Expected ShellCommand, got {:?}", other),
+    }
+    assert!(call_map.contains_key("call_xyz"));
+}
+
+#[test]
+fn test_shell_command_single_element() {
+    let args = serde_json::json!({"command": ["pwd"]});
+    assert_eq!(extract_shell_command(&args), "pwd");
+}
+
+#[test]
+fn test_extract_shell_command_variants() {
+    // Array with shell prefix
+    let args = serde_json::json!({"command": ["bash", "-lc", "cargo test"], "workdir": "/tmp"});
+    assert_eq!(extract_shell_command(&args), "cargo test");
+
+    // Simple cmd field
+    let args = serde_json::json!({"cmd": "cargo test"});
+    assert_eq!(extract_shell_command(&args), "cargo test");
+
+    // String command field
+    let args = serde_json::json!({"command": "ls -la"});
+    assert_eq!(extract_shell_command(&args), "ls -la");
+}
+
+#[test]
+fn test_parse_function_output_json() {
+    let raw = r#"{"output":"hello world\n","metadata":{"exit_code":0,"duration_seconds":0.5}}"#;
+    let (text, is_error, duration) = parse_function_output(raw);
+    assert_eq!(text, "hello world\n");
+    assert!(!is_error);
+    assert_eq!(duration, Some(500));
+}
+
+#[test]
+fn test_parse_function_output_recovers_meaningful_stdout_when_output_is_dot() {
+    let raw = r#"{"output":".","stdout":"Session still running (pid=1234)","metadata":{"exit_code":0,"duration_seconds":0.01}}"#;
+    let (text, is_error, duration) = parse_function_output(raw);
+    assert_eq!(text, "Session still running (pid=1234)");
+    assert!(!is_error);
+    assert_eq!(duration, Some(10));
+}
+
+#[test]
+fn test_parse_function_output_error() {
+    let raw =
+        r#"{"output":"command not found","metadata":{"exit_code":127,"duration_seconds":0.01}}"#;
+    let (_, is_error, _) = parse_function_output(raw);
+    assert!(is_error);
+}
+
+#[test]
+fn test_parse_function_output_plain() {
+    let (text, is_error, duration) = parse_function_output("Plan updated");
+    assert_eq!(text, "Plan updated");
+    assert!(!is_error);
+    assert!(duration.is_none());
+}
diff --git a/crates/parsers/src/codex/tests/desktop_a.rs b/crates/parsers/src/codex/tests/desktop_a.rs
new file mode 100644
index 00000000..379a5037
--- /dev/null
+++ b/crates/parsers/src/codex/tests/desktop_a.rs
@@ -0,0 +1,314 @@
+use super::*;
+
+#[test]
+fn test_desktop_format_response_item() {
+    // Desktop wraps entries in response_item with payload
+    let lines = [
+        r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"session_meta","payload":{"id":"desktop-test","timestamp":"2026-02-03T04:11:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"response_item","payload":{"type":"message","role":"developer","content":[{"type":"input_text","text":"system instructions"}]}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:00.097Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"AGENTS.md instructions"}]}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"fix the bug"}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:03.355Z","type":"response_item","payload":{"type":"reasoning","summary":[{"type":"summary_text","text":"Analyzing"}]}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:03.624Z","type":"response_item","payload":{"type":"function_call","name":"exec_command","arguments":"{\"cmd\":\"ls\"}","call_id":"call_1"}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:04.000Z","type":"response_item","payload":{"type":"function_call_output","call_id":"call_1","output":"{\"output\":\"file.txt\\n\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.1}}"}}"#,
+        r#"{"timestamp":"2026-02-03T04:11:05.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let _parser = CodexParser;
+    // can_parse won't match (no .codex/sessions in path), so call parse directly
+    let session = parse_codex_jsonl(&path).unwrap();
+
+    assert_eq!(session.session_id, "desktop-test");
+    assert_eq!(session.agent.tool, "codex");
+    // Title should come from event_msg/user_message, not AGENTS.md
+    assert_eq!(session.context.title.as_deref(), Some("fix the bug"));
+    // developer and injected user instruction messages are skipped.
+    // Events: reasoning + shell_command + tool_result + assistant (+optional user)
+    assert!(session.events.len() >= 4);
+    assert!(!session.events.iter().any(|e| {
+            matches!(e.event_type, EventType::UserMessage)
+                && e.content.blocks.iter().any(|b| {
+                    matches!(b, ContentBlock::Text { text } if text.contains("AGENTS.md instructions"))
+                })
+        }));
+    // Check originator attribute
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get("originator")
+            .and_then(|v| v.as_str()),
+        Some("Codex Desktop")
+    );
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_warning_prompt_not_parsed_as_user_message() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-test-2","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"Warning: apply_patch was requested via exec_command. Use the apply_patch tool instead of exec_command."}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"user_message","message":"actual task please continue"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_warning_filter_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(
+        session.context.title.as_deref(),
+        Some("actual task please continue")
+    );
+    assert!(!session.events.iter().any(|e| {
+            matches!(e.event_type, EventType::UserMessage)
+                && e.content.blocks.iter().any(|b| {
+                    matches!(b, ContentBlock::Text { text } if text.contains("apply_patch was requested via exec_command"))
+                })
+        }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_subagent_thread_spawn_marks_session_auxiliary() {
+    let lines = [
+        r#"{"timestamp":"2026-02-27T04:49:06.449Z","type":"session_meta","payload":{"id":"desktop-subagent","timestamp":"2026-02-27T04:49:05.467Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.105.0","source":{"subagent":{"thread_spawn":{"parent_thread_id":"parent-thread-1","depth":1,"agent_role":"awaiter"}}},"agent_role":"awaiter"}}"#,
+        r#"{"timestamp":"2026-02-27T04:49:06.451Z","type":"event_msg","payload":{"type":"agent_message","message":"child response"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_subagent_auxiliary_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get(ATTR_SESSION_ROLE)
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get(ATTR_PARENT_SESSION_ID)
+            .and_then(|value| value.as_str()),
+        Some("parent-thread-1")
+    );
+    assert_eq!(
+        session.context.related_session_ids,
+        vec!["parent-thread-1".to_string()]
+    );
+    assert!(opensession_core::session::is_auxiliary_session(&session));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_agent_role_awaiter_marks_session_auxiliary() {
+    let lines = [
+        r#"{"timestamp":"2026-02-27T04:49:06.449Z","type":"session_meta","payload":{"id":"desktop-agent-role-subagent","timestamp":"2026-02-27T04:49:05.467Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.105.0","agent_role":"awaiter"}}"#,
+        r#"{"timestamp":"2026-02-27T04:49:06.451Z","type":"event_msg","payload":{"type":"agent_message","message":"child response"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_agent_role_auxiliary_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get(ATTR_SESSION_ROLE)
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert!(opensession_core::session::is_auxiliary_session(&session));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_summary_batch_prompt_marks_session_auxiliary() {
+    let lines = [
+        r#"{"timestamp":"2026-03-05T02:06:54.719Z","type":"session_meta","payload":{"id":"desktop-summary-worker","timestamp":"2026-03-05T02:06:54.649Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.104.0","source":"exec"}}"#,
+        r#"{"timestamp":"2026-03-05T02:06:54.721Z","type":"event_msg","payload":{"type":"user_message","message":"Convert a real coding session into semantic compression.\nPipeline: session -> HAIL compact -> semantic summary.\nHAIL_COMPACT={\"session\":{\"id\":\"s1\"}}"}}"#,
+        r#"{"timestamp":"2026-03-05T02:07:01.792Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"{\"changes\":\"none\"}"}],"phase":"final_answer"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_summary_worker_auxiliary_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get(ATTR_SESSION_ROLE)
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert!(
+        session.context.title.is_none(),
+        "summary worker prompt should be excluded from visible title"
+    );
+    assert!(opensession_core::session::is_auxiliary_session(&session));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_agent_reasoning_event_msg_maps_to_thinking() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:00:00.097Z","type":"session_meta","payload":{"id":"desktop-reasoning","timestamp":"2026-02-14T13:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:00:01.000Z","type":"event_msg","payload":{"type":"agent_reasoning","message":"analyzing dependencies"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_agent_reasoning_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let reasoning_event = session.events.iter().find(|event| {
+        matches!(event.event_type, EventType::Thinking)
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("event_msg:agent_reasoning")
+    });
+    assert!(reasoning_event.is_some());
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_token_count_event_msg_maps_to_custom_tokens() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:10:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count","timestamp":"2026-02-14T13:10:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:10:01.000Z","type":"event_msg","payload":{"type":"token_count","input_tokens":21,"output_tokens":8,"turn_id":"turn-xyz"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_token_count_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let token_event = session.events.iter().find(|event| {
+        matches!(
+            event.event_type,
+            EventType::Custom { ref kind } if kind == "token_count"
+        )
+    });
+    assert!(token_event.is_some());
+    let token_event = token_event.unwrap();
+    assert_eq!(
+        token_event
+            .attributes
+            .get("input_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(21)
+    );
+    assert_eq!(
+        token_event
+            .attributes
+            .get("output_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(8)
+    );
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_token_count_event_msg_info_usage_maps_to_custom_tokens() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:11:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count-info","timestamp":"2026-02-14T13:11:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:11:01.000Z","type":"event_msg","payload":{"type":"token_count","info":{"last_token_usage":{"input_tokens":34,"output_tokens":13}},"turn_id":"turn-info"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_token_count_info_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let token_event = session.events.iter().find(|event| {
+        matches!(
+            event.event_type,
+            EventType::Custom { ref kind } if kind == "token_count"
+        )
+    });
+    assert!(token_event.is_some());
+    let token_event = token_event.unwrap();
+    assert_eq!(
+        token_event
+            .attributes
+            .get("input_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(34)
+    );
+    assert_eq!(
+        token_event
+            .attributes
+            .get("output_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(13)
+    );
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_token_count_event_msg_includes_cumulative_totals() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:13:00.097Z","type":"session_meta","payload":{"id":"desktop-token-count-total","timestamp":"2026-02-14T13:13:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:13:01.000Z","type":"event_msg","payload":{"type":"token_count","info":{"last_token_usage":{"input_tokens":34,"output_tokens":13},"total_token_usage":{"input_tokens":340,"output_tokens":130}},"turn_id":"turn-total"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_token_count_total_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let token_event = session.events.iter().find(|event| {
+        matches!(
+            event.event_type,
+            EventType::Custom { ref kind } if kind == "token_count"
+        )
+    });
+    assert!(token_event.is_some());
+    let token_event = token_event.unwrap();
+    assert_eq!(
+        token_event
+            .attributes
+            .get("input_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(34)
+    );
+    assert_eq!(
+        token_event
+            .attributes
+            .get("output_tokens")
+            .and_then(|v| v.as_u64()),
+        Some(13)
+    );
+    assert_eq!(
+        token_event
+            .attributes
+            .get("input_tokens_total")
+            .and_then(|v| v.as_u64()),
+        Some(340)
+    );
+    assert_eq!(
+        token_event
+            .attributes
+            .get("output_tokens_total")
+            .and_then(|v| v.as_u64()),
+        Some(130)
+    );
+    let _ = std::fs::remove_dir_all(&dir);
+}
diff --git a/crates/parsers/src/codex/tests/desktop_b.rs b/crates/parsers/src/codex/tests/desktop_b.rs
new file mode 100644
index 00000000..0785d687
--- /dev/null
+++ b/crates/parsers/src/codex/tests/desktop_b.rs
@@ -0,0 +1,564 @@
+use super::*;
+
+#[test]
+fn test_desktop_agent_reasoning_raw_content_maps_to_thinking() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:12:00.097Z","type":"session_meta","payload":{"id":"desktop-raw-reasoning","timestamp":"2026-02-14T13:12:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:12:01.000Z","type":"event_msg","payload":{"type":"agent_reasoning_raw_content","text":"hidden chain tokenized text"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_reasoning_raw_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let reasoning_event = session.events.iter().find(|event| {
+        matches!(event.event_type, EventType::Thinking)
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("event_msg:agent_reasoning_raw_content")
+    });
+    assert!(reasoning_event.is_some());
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_web_search_call_actions_map_to_web_events() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:20:00.097Z","type":"session_meta","payload":{"id":"desktop-web-search","timestamp":"2026-02-14T13:20:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:20:01.000Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","id":"ws_1","action":{"type":"search","query":"weather seattle","queries":["weather seattle","seattle forecast"]}}}"#,
+        r#"{"timestamp":"2026-02-14T13:20:01.500Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"open_page","url":"https://example.com/weather"}}}"#,
+        r#"{"timestamp":"2026-02-14T13:20:02.000Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"find_in_page","url":"https://example.com/weather","pattern":"rain"}}}"#,
+        r#"{"timestamp":"2026-02-14T13:20:02.500Z","type":"response_item","payload":{"type":"web_search_call","status":"completed","action":{"type":"open_page"}}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_web_search_actions_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::WebSearch { query } if query == "weather seattle")
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("web_search_call:search")
+            && event
+                .attributes
+                .get("semantic.call_id")
+                .and_then(|v| v.as_str())
+                == Some("ws_1")
+            && event
+                .attributes
+                .get("web_search.queries")
+                .and_then(|v| v.as_array())
+                .map(|queries| queries.len())
+                == Some(2)
+    }));
+    assert!(session.events.iter().any(|event| {
+        matches!(
+            &event.event_type,
+            EventType::WebFetch { url } if url == "https://example.com/weather"
+        ) && event
+            .attributes
+            .get("source.raw_type")
+            .and_then(|v| v.as_str())
+            == Some("web_search_call:open_page")
+    }));
+    assert!(session.events.iter().any(|event| {
+        event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("web_search_call:find_in_page")
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("pattern: rain"))
+                })
+    }));
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::ToolCall { name } if name == "web_search")
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("web_search_call:open_page")
+            && event
+                .content
+                .blocks
+                .iter()
+                .any(|block| matches!(block, ContentBlock::Text { text } if text == "open_page"))
+    }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_context_compacted_event_msg_maps_to_custom() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:30:00.097Z","type":"session_meta","payload":{"id":"desktop-context-compacted","timestamp":"2026-02-14T13:30:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:30:01.000Z","type":"event_msg","payload":{"type":"context_compacted","turn_id":"turn_cc_1"}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_context_compacted_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert!(session.events.iter().any(|event| {
+        matches!(
+            &event.event_type,
+            EventType::Custom { kind } if kind == "context_compacted"
+        ) && event
+            .attributes
+            .get("source.raw_type")
+            .and_then(|v| v.as_str())
+            == Some("event_msg:context_compacted")
+            && event.task_id.as_deref() == Some("turn_cc_1")
+    }));
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_item_completed_plan_maps_to_custom() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T13:31:00.097Z","type":"session_meta","payload":{"id":"desktop-item-completed","timestamp":"2026-02-14T13:31:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.101.0"}}"#,
+        r#"{"timestamp":"2026-02-14T13:31:01.000Z","type":"event_msg","payload":{"type":"item_completed","turn_id":"turn_plan_1","item":{"type":"Plan","id":"plan_1","text":"Investigate parser drift\n- check fixtures"}}}"#,
+    ];
+    let dir = temp_test_dir("codex_desktop_item_completed_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert!(session.events.iter().any(|event| {
+            matches!(
+                &event.event_type,
+                EventType::Custom { kind } if kind == "plan_completed"
+            ) && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|v| v.as_str())
+                == Some("event_msg:item_completed")
+                && event
+                    .attributes
+                    .get("plan_id")
+                    .and_then(|v| v.as_str())
+                    == Some("plan_1")
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("Investigate parser drift"))
+                })
+        }));
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_turn_aborted_filtered_from_user_messages() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-test-3","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.119Z","type":"event_msg","payload":{"type":"user_message","message":"<turn_aborted>Request interrupted by user for tool use</turn_aborted>"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.150Z","type":"event_msg","payload":{"type":"turn_aborted","turn_id":"turn_1","message":"user interrupted"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:01.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_turn_aborted_filter_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
+    assert!(session.events.iter().any(|event| {
+        matches!(
+            event.event_type,
+            EventType::Custom { ref kind } if kind == "turn_aborted"
+        )
+    }));
+    assert!(!session.events.iter().any(|event| {
+            matches!(event.event_type, EventType::UserMessage)
+                && event.content.blocks.iter().any(
+                    |block| matches!(block, ContentBlock::Text { text } if text.contains("turn_aborted"))
+                )
+        }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_subagent_notification_filtered_from_user_messages() {
+    let lines = [
+        r#"{"timestamp":"2026-03-03T06:39:35.000Z","type":"session_meta","payload":{"id":"desktop-subagent-notification","timestamp":"2026-03-03T06:39:35.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.108.0"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:35.100Z","type":"event_msg","payload":{"type":"user_message","message":"<subagent_notification>Event: 99/110</subagent_notification>"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:35.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:36.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_subagent_notification_filter_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
+    assert!(!session.events.iter().any(|event| {
+            matches!(event.event_type, EventType::UserMessage)
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("subagent_notification"))
+                })
+        }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_subagent_notification_prefix_line_filtered_from_user_messages() {
+    let lines = [
+        r#"{"timestamp":"2026-03-03T06:39:35.000Z","type":"session_meta","payload":{"id":"desktop-subagent-notification-2","timestamp":"2026-03-03T06:39:35.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.108.0"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:35.100Z","type":"event_msg","payload":{"type":"user_message","message":"[USER] <subagent_notification>\nEvent: 99/110"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:35.200Z","type":"event_msg","payload":{"type":"user_message","message":"real user prompt"}}"#,
+        r#"{"timestamp":"2026-03-03T06:39:36.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"Done"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_subagent_notification_filter_test_2");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert_eq!(session.context.title.as_deref(), Some("real user prompt"));
+    assert!(!session.events.iter().any(|event| {
+            matches!(event.event_type, EventType::UserMessage)
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("subagent_notification"))
+                })
+        }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_task_lifecycle_event_msg_maps_to_task_events() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-task-map","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_42","title":"Investigate bug"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.500Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"working"}]}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_42","last_agent_message":"fixed and validated"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_task_map_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::TaskStart { .. })
+            && event.task_id.as_deref() == Some("turn_42")
+    }));
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::TaskEnd { .. })
+            && event.task_id.as_deref() == Some("turn_42")
+    }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_task_complete_last_agent_message_promoted_to_agent_message() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:05:00.097Z","type":"session_meta","payload":{"id":"desktop-task-summary-promote","timestamp":"2026-02-14T10:05:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:05:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_55","title":"Investigate bug"}}"#,
+        r#"{"timestamp":"2026-02-14T10:05:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_55","last_agent_message":"fixed and validated"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_task_summary_promote_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let agent_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::AgentMessage))
+        .collect();
+    assert_eq!(agent_events.len(), 1);
+    assert_eq!(
+        agent_events[0]
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str()),
+        Some("event_msg")
+    );
+    assert!(agent_events[0].content.blocks.iter().any(
+        |block| matches!(block, ContentBlock::Text { text } if text.contains("fixed and validated"))
+    ));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_task_complete_last_agent_message_dedupes_with_agent_message() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:06:00.097Z","type":"session_meta","payload":{"id":"desktop-task-summary-dedupe","timestamp":"2026-02-14T10:06:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:06:00.300Z","type":"event_msg","payload":{"type":"agent_message","message":"fixed and validated"}}"#,
+        r#"{"timestamp":"2026-02-14T10:06:00.900Z","type":"event_msg","payload":{"type":"task_complete","turn_id":"turn_56","last_agent_message":"fixed and validated"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_task_summary_dedupe_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let agent_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::AgentMessage))
+        .collect();
+    assert_eq!(agent_events.len(), 1);
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_unmatched_task_started_is_synthetically_closed() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T10:00:00.097Z","type":"session_meta","payload":{"id":"desktop-task-close","timestamp":"2026-02-14T10:00:00.075Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.120Z","type":"event_msg","payload":{"type":"task_started","turn_id":"turn_99","title":"Long task"}}"#,
+        r#"{"timestamp":"2026-02-14T10:00:00.500Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"still running"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_task_close_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let maybe_end = session.events.iter().find(|event| {
+        matches!(
+            event.event_type,
+            EventType::TaskEnd {
+                summary: Some(ref s)
+            } if s.contains("synthetic end")
+        ) && event.task_id.as_deref() == Some("turn_99")
+    });
+    assert!(maybe_end.is_some());
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_event_msg_user_message_preferred_over_response_fallback() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:00:00.000Z","type":"session_meta","payload":{"id":"desktop-user-priority","timestamp":"2026-02-14T11:00:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:00:00.100Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"same user prompt"}]}}"#,
+        r#"{"timestamp":"2026-02-14T11:00:01.000Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
+        r#"{"timestamp":"2026-02-14T11:00:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_user_priority_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let user_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::UserMessage))
+        .collect();
+    assert_eq!(user_events.len(), 1);
+    assert_eq!(
+        user_events[0]
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str()),
+        Some("event_msg")
+    );
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_event_msg_dedupes_response_fallback_with_image_marker() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:10:00.000Z","type":"session_meta","payload":{"id":"desktop-user-image-dedupe","timestamp":"2026-02-14T11:10:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:10:00.100Z","type":"response_item","payload":{"type":"message","role":"user","content":[{"type":"input_text","text":"same user prompt\n<image>"}]}}"#,
+        r#"{"timestamp":"2026-02-14T11:10:01.000Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
+        r#"{"timestamp":"2026-02-14T11:10:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_user_image_dedupe_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let user_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::UserMessage))
+        .collect();
+    assert_eq!(user_events.len(), 1);
+    assert_eq!(
+        user_events[0]
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str()),
+        Some("event_msg")
+    );
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_event_msg_same_source_duplicates_are_collapsed() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:20:00.000Z","type":"session_meta","payload":{"id":"desktop-user-same-source-dedupe","timestamp":"2026-02-14T11:20:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:20:00.100Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
+        r#"{"timestamp":"2026-02-14T11:20:00.900Z","type":"event_msg","payload":{"type":"user_message","message":"same user prompt"}}"#,
+        r#"{"timestamp":"2026-02-14T11:20:02.000Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"ok"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_same_source_dedupe_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let user_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::UserMessage))
+        .collect();
+    assert_eq!(user_events.len(), 1);
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_event_msg_agent_message_preferred_over_response_fallback() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:30:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-priority","timestamp":"2026-02-14T11:30:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:30:00.100Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"same assistant reply"}]}}"#,
+        r#"{"timestamp":"2026-02-14T11:30:01.000Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_agent_priority_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let agent_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::AgentMessage))
+        .collect();
+    assert_eq!(agent_events.len(), 1);
+    assert_eq!(
+        agent_events[0]
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str()),
+        Some("event_msg")
+    );
+    assert!(agent_events[0].content.blocks.iter().any(
+            |block| matches!(block, ContentBlock::Text { text } if text.contains("same assistant reply"))
+        ));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_event_msg_agent_message_same_source_duplicates_are_collapsed() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:40:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-same-source-dedupe","timestamp":"2026-02-14T11:40:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:40:00.100Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
+        r#"{"timestamp":"2026-02-14T11:40:00.900Z","type":"event_msg","payload":{"type":"agent_message","message":"same assistant reply"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_agent_same_source_dedupe_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let agent_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::AgentMessage))
+        .collect();
+    assert_eq!(agent_events.len(), 1);
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_desktop_response_fallback_agent_message_kept_without_event_msg() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T11:50:00.000Z","type":"session_meta","payload":{"id":"desktop-agent-response-fallback","timestamp":"2026-02-14T11:50:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T11:50:00.100Z","type":"response_item","payload":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"assistant only response"}]}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_agent_response_fallback_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    let agent_events: Vec<&Event> = session
+        .events
+        .iter()
+        .filter(|event| matches!(event.event_type, EventType::AgentMessage))
+        .collect();
+    assert_eq!(agent_events.len(), 1);
+    assert_eq!(
+        agent_events[0]
+            .attributes
+            .get("source")
+            .and_then(|value| value.as_str()),
+        Some("response_fallback")
+    );
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
+
+#[test]
+fn test_request_user_input_output_promoted_to_interactive_user_message() {
+    let lines = [
+        r#"{"timestamp":"2026-02-14T12:00:00.000Z","type":"session_meta","payload":{"id":"desktop-request-user-input","timestamp":"2026-02-14T12:00:00.000Z","cwd":"/tmp","originator":"Codex Desktop","cli_version":"0.94.0"}}"#,
+        r#"{"timestamp":"2026-02-14T12:00:00.100Z","type":"response_item","payload":{"type":"function_call","name":"request_user_input","arguments":"{\"questions\":[{\"id\":\"layout_mode\",\"header\":\"Layout\",\"question\":\"Select mode\"}] }","call_id":"call_req_1"}}"#,
+        r#"{"timestamp":"2026-02-14T12:00:01.000Z","type":"response_item","payload":{"type":"function_call_output","call_id":"call_req_1","output":"{\"answers\":{\"layout_mode\":{\"answers\":[\"Always multi-column\"]}}}"}}"#,
+    ];
+
+    let dir = temp_test_dir("codex_desktop_request_user_input_test");
+    let path = dir.join("rollout-test.jsonl");
+    std::fs::write(&path, lines.join("\n")).unwrap();
+
+    let session = parse_codex_jsonl(&path).unwrap();
+    assert!(session.events.iter().any(|event| {
+            matches!(event.event_type, EventType::UserMessage)
+                && event
+                    .attributes
+                    .get("source")
+                    .and_then(|value| value.as_str())
+                    == Some("interactive")
+                && event
+                    .attributes
+                    .get("call_id")
+                    .and_then(|value| value.as_str())
+                    == Some("call_req_1")
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("layout_mode: Always multi-column") && !text.contains("Interactive response"))
+                })
+        }));
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::SystemMessage)
+                && event
+                    .attributes
+                    .get("source")
+                    .and_then(|value| value.as_str())
+                    == Some("interactive_question")
+                && event
+                    .attributes
+                    .get("question_meta")
+                    .and_then(|value| value.as_array())
+                    .is_some()
+                && event.content.blocks.iter().any(|block| {
+                    matches!(block, ContentBlock::Text { text } if text.contains("Select mode"))
+                })
+    }));
+    assert!(session.events.iter().any(|event| {
+            matches!(event.event_type, EventType::ToolResult { ref name, .. } if name == "request_user_input")
+        }));
+
+    let _ = std::fs::remove_dir_all(&dir);
+}
diff --git a/crates/parsers/src/codex/tests/interaction.rs b/crates/parsers/src/codex/tests/interaction.rs
new file mode 100644
index 00000000..d78eb548
--- /dev/null
+++ b/crates/parsers/src/codex/tests/interaction.rs
@@ -0,0 +1,169 @@
+use super::*;
+
+#[test]
+fn test_call_id_correlation() {
+    let call_line = r#"{"type":"function_call","name":"shell","arguments":"{\"command\":[\"bash\",\"-lc\",\"echo hi\"]}","call_id":"call_abc"}"#;
+    let output_line = r#"{"type":"function_call_output","call_id":"call_abc","output":"{\"output\":\"hi\\n\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.01}}"}"#;
+
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    let ts = Utc::now();
+
+    let v1: serde_json::Value = serde_json::from_str(call_line).unwrap();
+    process_item(
+        &v1,
+        ts,
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+
+    let v2: serde_json::Value = serde_json::from_str(output_line).unwrap();
+    process_item(
+        &v2,
+        ts,
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+
+    assert_eq!(events.len(), 2);
+    match &events[1].event_type {
+        EventType::ToolResult {
+            name,
+            is_error,
+            call_id,
+        } => {
+            assert_eq!(name, "shell");
+            assert!(!is_error);
+            assert_eq!(call_id.as_deref(), Some("codex-1"));
+        }
+        other => panic!("Expected ToolResult, got {:?}", other),
+    }
+    assert_eq!(events[1].duration_ms, Some(10));
+}
+
+#[test]
+fn test_reasoning_with_summary() {
+    let line = r#"{"type":"reasoning","id":"rs_123","summary":[{"type":"summary_text","text":"Analyzing the code"}],"encrypted_content":"gAAAAA..."}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    process_item(
+        &v,
+        Utc::now(),
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    assert_eq!(events.len(), 1);
+    assert!(matches!(events[0].event_type, EventType::Thinking));
+}
+
+#[test]
+fn test_reasoning_empty_summary_skipped() {
+    let line = r#"{"type":"reasoning","id":"rs_456","summary":[],"encrypted_content":"gAAAAA..."}"#;
+    let v: serde_json::Value = serde_json::from_str(line).unwrap();
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    process_item(
+        &v,
+        Utc::now(),
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    assert_eq!(events.len(), 0);
+}
+
+#[test]
+fn test_function_call_includes_semantic_metadata() {
+    let call_line = r#"{"type":"function_call","name":"exec_command","arguments":"{\"cmd\":\"ls\"}","call_id":"call_meta_1"}"#;
+    let output_line = r#"{"type":"function_call_output","call_id":"call_meta_1","output":"{\"output\":\"ok\",\"metadata\":{\"exit_code\":0,\"duration_seconds\":0.01}}"}"#;
+    let mut events = Vec::new();
+    let mut counter = 0u64;
+    let mut first_text = None;
+    let mut last_fn = "unknown".to_string();
+    let mut call_map = HashMap::new();
+    let ts = Utc::now();
+
+    let call_value: serde_json::Value = serde_json::from_str(call_line).unwrap();
+    process_item(
+        &call_value,
+        ts,
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+    let output_value: serde_json::Value = serde_json::from_str(output_line).unwrap();
+    process_item(
+        &output_value,
+        ts,
+        &mut events,
+        &mut counter,
+        &mut first_text,
+        &mut last_fn,
+        &mut call_map,
+    );
+
+    assert_eq!(events.len(), 2);
+    assert_eq!(
+        events[0]
+            .attributes
+            .get("semantic.call_id")
+            .and_then(|v| v.as_str()),
+        Some("call_meta_1")
+    );
+    assert_eq!(
+        events[0]
+            .attributes
+            .get("semantic.tool_kind")
+            .and_then(|v| v.as_str()),
+        Some("shell")
+    );
+    assert_eq!(
+        events[1]
+            .attributes
+            .get("semantic.call_id")
+            .and_then(|v| v.as_str()),
+        Some("call_meta_1")
+    );
+}
+
+#[test]
+fn test_classify_update_plan() {
+    let args = serde_json::json!({"plan": [{"step": "analyze", "status": "in_progress"}]});
+    let et = classify_codex_function("update_plan", &args);
+    assert!(matches!(et, EventType::ToolCall { name } if name == "update_plan"));
+}
+
+#[test]
+fn test_classify_apply_patch_uses_path_from_patch_input() {
+    let args = serde_json::json!({
+        "input": "*** Begin Patch\n*** Update File: crates/tui/src/ui.rs\n@@\n- old\n+ new\n*** End Patch\n"
+    });
+    let et = classify_codex_function("functions.apply_patch", &args);
+    assert!(matches!(
+        et,
+        EventType::FileEdit { path, diff: None } if path == "crates/tui/src/ui.rs"
+    ));
+}
diff --git a/crates/parsers/src/codex/tests/mod.rs b/crates/parsers/src/codex/tests/mod.rs
new file mode 100644
index 00000000..3cdf737d
--- /dev/null
+++ b/crates/parsers/src/codex/tests/mod.rs
@@ -0,0 +1,19 @@
+pub(super) use super::*;
+
+use std::path::PathBuf;
+use std::sync::atomic::{AtomicU64, Ordering};
+
+static TEST_DIR_COUNTER: AtomicU64 = AtomicU64::new(0);
+
+pub(super) fn temp_test_dir(prefix: &str) -> PathBuf {
+    let sequence = TEST_DIR_COUNTER.fetch_add(1, Ordering::Relaxed);
+    let dir = std::env::temp_dir().join(format!("{prefix}-{}-{sequence}", std::process::id()));
+    std::fs::create_dir_all(&dir)
+        .unwrap_or_else(|_| panic!("create temp dir for {}", dir.display()));
+    dir
+}
+
+mod config;
+mod desktop_a;
+mod desktop_b;
+mod interaction;
diff --git a/crates/parsers/src/codex/transform.rs b/crates/parsers/src/codex/transform.rs
new file mode 100644
index 00000000..26c5a680
--- /dev/null
+++ b/crates/parsers/src/codex/transform.rs
@@ -0,0 +1,608 @@
+use super::*;
+
+#[cfg(test)]
+pub(super) fn process_item(
+    item: &serde_json::Value,
+    ts: DateTime<Utc>,
+    events: &mut Vec<Event>,
+    counter: &mut u64,
+    first_user_text: &mut Option<String>,
+    last_function_name: &mut String,
+    call_map: &mut HashMap<String, (String, String)>,
+) {
+    let mut interactive_call_meta = HashMap::new();
+    process_item_with_options(
+        item,
+        ts,
+        events,
+        counter,
+        first_user_text,
+        last_function_name,
+        call_map,
+        &mut interactive_call_meta,
+        false,
+    );
+}
+
+#[allow(clippy::too_many_arguments)]
+pub(super) fn process_item_with_options(
+    item: &serde_json::Value,
+    ts: DateTime<Utc>,
+    events: &mut Vec<Event>,
+    counter: &mut u64,
+    first_user_text: &mut Option<String>,
+    last_function_name: &mut String,
+    call_map: &mut HashMap<String, (String, String)>,
+    interactive_call_meta: &mut HashMap<String, RequestUserInputCallMeta>,
+    filter_injected_user_text: bool,
+) {
+    let item_type = match item.get("type").and_then(|v| v.as_str()) {
+        Some(t) => t,
+        None => return,
+    };
+
+    match item_type {
+        "message" => {
+            let role = item.get("role").and_then(|v| v.as_str()).unwrap_or("");
+            let text = extract_message_text_blocks(item.get("content"));
+
+            if text.is_empty() {
+                return;
+            }
+
+            if role == "user"
+                && filter_injected_user_text
+                && looks_like_injected_codex_user_text(&text)
+            {
+                return;
+            }
+
+            let event_type = match role {
+                "user" => EventType::UserMessage,
+                "assistant" => EventType::AgentMessage,
+                "developer" | "system" => return,
+                _ => return,
+            };
+
+            if role == "user" {
+                set_first(first_user_text, Some(text.clone()));
+            }
+
+            if matches!(event_type, EventType::UserMessage) {
+                let source = if filter_injected_user_text {
+                    Some("response_fallback")
+                } else {
+                    None
+                };
+                push_user_message_event(events, counter, ts, &text, source);
+            } else {
+                let source = if filter_injected_user_text {
+                    Some("response_fallback")
+                } else {
+                    None
+                };
+                push_agent_message_event(events, counter, ts, &text, source);
+            }
+        }
+        "reasoning" => {
+            let summaries = item
+                .get("summary")
+                .and_then(|v| v.as_array())
+                .cloned()
+                .unwrap_or_default();
+            let text: String = summaries
+                .iter()
+                .filter_map(|s| {
+                    let stype = s.get("type").and_then(|v| v.as_str())?;
+                    if stype == "summary_text" {
+                        s.get("text").and_then(|v| v.as_str()).map(String::from)
+                    } else {
+                        None
+                    }
+                })
+                .collect::<Vec<_>>()
+                .join("\n");
+
+            if !text.is_empty() {
+                *counter += 1;
+                let mut attributes = HashMap::new();
+                attach_source_attrs(&mut attributes, Some("codex-jsonl-v1"), Some("reasoning"));
+                events.push(Event {
+                    event_id: format!("codex-{}", counter),
+                    timestamp: ts,
+                    event_type: EventType::Thinking,
+                    task_id: None,
+                    content: Content::text(&text),
+                    duration_ms: None,
+                    attributes,
+                });
+            }
+        }
+        "function_call" | "custom_tool_call" => {
+            let raw_name = item
+                .get("name")
+                .and_then(|v| v.as_str())
+                .unwrap_or("unknown");
+            let name = canonical_tool_name(raw_name);
+            let custom_input = item.get("input").and_then(|v| v.as_str()).unwrap_or("");
+            // function_call: arguments is a JSON string
+            // custom_tool_call: input is a raw string (patch content, etc.)
+            let args: serde_json::Value = if item_type == "custom_tool_call" {
+                serde_json::json!({ "input": custom_input })
+            } else {
+                let args_str = item
+                    .get("arguments")
+                    .and_then(|v| v.as_str())
+                    .unwrap_or("{}");
+                serde_json::from_str(args_str).unwrap_or(serde_json::Value::Null)
+            };
+
+            let call_id = item
+                .get("call_id")
+                .and_then(|v| v.as_str())
+                .map(str::to_string);
+            if name == INTERACTIVE_USER_INPUT_TOOL {
+                if let Some(call_id) = call_id.as_ref() {
+                    let meta = parse_request_user_input_call_meta(&args);
+                    if !meta.questions.is_empty() {
+                        interactive_call_meta.insert(call_id.clone(), meta);
+                    }
+                }
+            }
+
+            let event_type = classify_codex_function(&name, &args);
+            let content = if item_type == "custom_tool_call" {
+                // Custom tools store input as raw text (e.g. patch content)
+                Content::text(custom_input)
+            } else {
+                codex_function_content(&name, &args)
+            };
+
+            *counter += 1;
+            let event_id = format!("codex-{}", counter);
+            let mut attributes = HashMap::new();
+            attach_source_attrs(
+                &mut attributes,
+                Some("codex-jsonl-v1"),
+                Some(if item_type == "custom_tool_call" {
+                    "custom_tool_call"
+                } else {
+                    "function_call"
+                }),
+            );
+            attach_semantic_attrs(
+                &mut attributes,
+                None,
+                call_id.as_deref(),
+                Some(infer_tool_kind(&name)),
+            );
+
+            if let Some(call_id) = call_id.as_deref() {
+                call_map.insert(call_id.to_string(), (event_id.clone(), name.clone()));
+            }
+            *last_function_name = name;
+
+            events.push(Event {
+                event_id,
+                timestamp: ts,
+                event_type,
+                task_id: None,
+                content,
+                duration_ms: None,
+                attributes,
+            });
+        }
+        "function_call_output" | "custom_tool_call_output" => {
+            let raw_output = item.get("output").and_then(|v| v.as_str()).unwrap_or("");
+
+            let (output_text, is_error, duration_ms) = parse_function_output(raw_output);
+
+            // Correlate with function_call via call_id
+            let (call_id_ref, call_name) =
+                if let Some(cid) = item.get("call_id").and_then(|v| v.as_str()) {
+                    if let Some((eid, name)) = call_map.get(cid) {
+                        (Some(eid.clone()), name.clone())
+                    } else {
+                        (None, last_function_name.clone())
+                    }
+                } else {
+                    let prev_id = if *counter > 0 {
+                        Some(format!("codex-{}", counter))
+                    } else {
+                        None
+                    };
+                    (prev_id, last_function_name.clone())
+                };
+
+            if call_name == INTERACTIVE_USER_INPUT_TOOL {
+                let call_meta = item
+                    .get("call_id")
+                    .and_then(|v| v.as_str())
+                    .and_then(|call_id| interactive_call_meta.remove(call_id));
+                if let Some((interactive_text, question_ids, raw_answers)) =
+                    parse_request_user_input_answers(&output_text)
+                {
+                    if let Some(meta) = call_meta {
+                        if !meta.questions.is_empty() {
+                            *counter += 1;
+                            let mut attributes = HashMap::new();
+                            attributes.insert(
+                                "source".to_string(),
+                                serde_json::Value::String("interactive_question".to_string()),
+                            );
+                            if let Some(call_id) = item.get("call_id").and_then(|v| v.as_str()) {
+                                attributes.insert(
+                                    "call_id".to_string(),
+                                    serde_json::Value::String(call_id.to_string()),
+                                );
+                            }
+                            attributes.insert(
+                                "question_ids".to_string(),
+                                serde_json::Value::Array(
+                                    meta.questions
+                                        .iter()
+                                        .map(|q| serde_json::Value::String(q.id.clone()))
+                                        .collect(),
+                                ),
+                            );
+                            attributes.insert(
+                                "question_meta".to_string(),
+                                serde_json::Value::Array(
+                                    meta.questions
+                                        .iter()
+                                        .map(|q| {
+                                            let mut row = serde_json::Map::new();
+                                            row.insert(
+                                                "id".to_string(),
+                                                serde_json::Value::String(q.id.clone()),
+                                            );
+                                            if let Some(header) = q.header.as_ref() {
+                                                row.insert(
+                                                    "header".to_string(),
+                                                    serde_json::Value::String(header.clone()),
+                                                );
+                                            }
+                                            if let Some(question) = q.question.as_ref() {
+                                                row.insert(
+                                                    "question".to_string(),
+                                                    serde_json::Value::String(question.clone()),
+                                                );
+                                            }
+                                            serde_json::Value::Object(row)
+                                        })
+                                        .collect(),
+                                ),
+                            );
+                            events.push(Event {
+                                event_id: format!("codex-{}", counter),
+                                timestamp: ts,
+                                event_type: EventType::SystemMessage,
+                                task_id: None,
+                                content: Content::text(render_interactive_questions(
+                                    &meta.questions,
+                                )),
+                                duration_ms: None,
+                                attributes,
+                            });
+                        }
+                    }
+                    set_first(first_user_text, Some(interactive_text.clone()));
+                    *counter += 1;
+                    let mut attributes = HashMap::new();
+                    attributes.insert(
+                        "source".to_string(),
+                        serde_json::Value::String("interactive".to_string()),
+                    );
+                    attributes.insert(
+                        "question_ids".to_string(),
+                        serde_json::Value::Array(
+                            question_ids
+                                .iter()
+                                .map(|id| serde_json::Value::String(id.clone()))
+                                .collect(),
+                        ),
+                    );
+                    if let Some(call_id) = item.get("call_id").and_then(|v| v.as_str()) {
+                        attributes.insert(
+                            "call_id".to_string(),
+                            serde_json::Value::String(call_id.to_string()),
+                        );
+                    }
+                    attributes.insert("raw_answers".to_string(), raw_answers);
+                    events.push(Event {
+                        event_id: format!("codex-{}", counter),
+                        timestamp: ts,
+                        event_type: EventType::UserMessage,
+                        task_id: None,
+                        content: Content::text(interactive_text),
+                        duration_ms: None,
+                        attributes,
+                    });
+                }
+            }
+
+            *counter += 1;
+            let semantic_call_id = item.get("call_id").and_then(|v| v.as_str());
+            let mut attributes = HashMap::new();
+            attach_source_attrs(
+                &mut attributes,
+                Some("codex-jsonl-v1"),
+                Some(if item_type == "custom_tool_call_output" {
+                    "custom_tool_call_output"
+                } else {
+                    "function_call_output"
+                }),
+            );
+            attach_semantic_attrs(
+                &mut attributes,
+                None,
+                semantic_call_id,
+                Some(infer_tool_kind(&call_name)),
+            );
+            events.push(Event {
+                event_id: format!("codex-{}", counter),
+                timestamp: ts,
+                event_type: EventType::ToolResult {
+                    name: call_name,
+                    is_error,
+                    call_id: call_id_ref,
+                },
+                task_id: None,
+                content: Content::text(&output_text),
+                duration_ms,
+                attributes,
+            });
+        }
+        "web_search_call" => {
+            let action = item.get("action").unwrap_or(&serde_json::Value::Null);
+            let action_type = action
+                .get("type")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+                .unwrap_or("");
+            let status = item
+                .get("status")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+                .map(String::from);
+            let semantic_call_id = item
+                .get("id")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty());
+            let mut query_candidates: Vec<String> = action
+                .get("queries")
+                .and_then(|v| v.as_array())
+                .into_iter()
+                .flatten()
+                .filter_map(|value| value.as_str())
+                .map(str::trim)
+                .filter(|value| !value.is_empty())
+                .map(String::from)
+                .collect();
+            if let Some(query) = action
+                .get("query")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+            {
+                if !query_candidates.iter().any(|existing| existing == query) {
+                    query_candidates.insert(0, query.to_string());
+                }
+            }
+            let url = action
+                .get("url")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+                .map(String::from);
+            let pattern = action
+                .get("pattern")
+                .and_then(|v| v.as_str())
+                .map(str::trim)
+                .filter(|v| !v.is_empty())
+                .map(String::from);
+
+            let web_event = match action_type {
+                "search" => {
+                    if query_candidates.is_empty() {
+                        None
+                    } else {
+                        let joined = query_candidates.join(" | ");
+                        let primary = query_candidates
+                            .first()
+                            .cloned()
+                            .unwrap_or_else(|| joined.clone());
+                        Some((
+                            EventType::WebSearch { query: primary },
+                            Content::text(joined),
+                        ))
+                    }
+                }
+                "open_page" | "openPage" => {
+                    if let Some(url) = url.clone() {
+                        Some((EventType::WebFetch { url: url.clone() }, Content::text(url)))
+                    } else {
+                        Some((
+                            EventType::ToolCall {
+                                name: "web_search".to_string(),
+                            },
+                            Content::text("open_page"),
+                        ))
+                    }
+                }
+                "find_in_page" | "findInPage" => {
+                    if let Some(url) = url.clone() {
+                        let mut details = url.clone();
+                        if let Some(pattern) = pattern.as_deref() {
+                            details.push_str("\npattern: ");
+                            details.push_str(pattern);
+                        }
+                        Some((EventType::WebFetch { url }, Content::text(details)))
+                    } else {
+                        pattern.clone().map(|pattern| {
+                            (
+                                EventType::ToolCall {
+                                    name: "web_search".to_string(),
+                                },
+                                Content::text(format!("find_in_page: {pattern}")),
+                            )
+                        })
+                    }
+                }
+                _ => {
+                    if !query_candidates.is_empty() {
+                        let joined = query_candidates.join(" | ");
+                        Some((
+                            EventType::WebSearch {
+                                query: query_candidates
+                                    .first()
+                                    .cloned()
+                                    .unwrap_or_else(|| joined.clone()),
+                            },
+                            Content::text(joined),
+                        ))
+                    } else if let Some(url) = url.clone() {
+                        Some((EventType::WebFetch { url: url.clone() }, Content::text(url)))
+                    } else {
+                        pattern.clone().map(|pattern| {
+                            (
+                                EventType::ToolCall {
+                                    name: "web_search".to_string(),
+                                },
+                                Content::text(pattern),
+                            )
+                        })
+                    }
+                }
+            };
+
+            if let Some((event_type, content)) = web_event {
+                *counter += 1;
+                let mut attributes = HashMap::new();
+                let raw_type = if action_type.is_empty() {
+                    "web_search_call".to_string()
+                } else {
+                    format!("web_search_call:{action_type}")
+                };
+                attach_source_attrs(
+                    &mut attributes,
+                    Some("codex-jsonl-v1"),
+                    Some(raw_type.as_str()),
+                );
+                attach_semantic_attrs(&mut attributes, None, semantic_call_id, Some("web"));
+                if let Some(status) = status {
+                    attributes.insert(
+                        "web_search.status".to_string(),
+                        serde_json::Value::String(status),
+                    );
+                }
+                if !query_candidates.is_empty() {
+                    attributes.insert(
+                        "web_search.queries".to_string(),
+                        serde_json::Value::Array(
+                            query_candidates
+                                .iter()
+                                .map(|query| serde_json::Value::String(query.clone()))
+                                .collect(),
+                        ),
+                    );
+                }
+                if let Some(pattern) = pattern {
+                    attributes.insert(
+                        "web_search.pattern".to_string(),
+                        serde_json::Value::String(pattern),
+                    );
+                }
+                events.push(Event {
+                    event_id: format!("codex-{}", counter),
+                    timestamp: ts,
+                    event_type,
+                    task_id: None,
+                    content,
+                    duration_ms: None,
+                    attributes,
+                });
+            }
+        }
+        _ => {}
+    }
+}
+
+pub(super) fn push_user_message_event(
+    events: &mut Vec<Event>,
+    counter: &mut u64,
+    ts: DateTime<Utc>,
+    text: &str,
+    source: Option<&str>,
+) {
+    let trimmed = text.trim();
+    if trimmed.is_empty() {
+        return;
+    }
+    if matches!(source, Some("event_msg")) {
+        remove_duplicate_response_fallback(events, ts, trimmed);
+    }
+    if should_skip_duplicate_user_event(events, ts, trimmed, source) {
+        return;
+    }
+
+    *counter += 1;
+    let mut attributes = HashMap::new();
+    if let Some(source) = source {
+        attributes.insert(
+            "source".to_string(),
+            serde_json::Value::String(source.to_string()),
+        );
+        attach_source_attrs(&mut attributes, Some("codex-desktop-v1"), Some(source));
+    }
+    events.push(Event {
+        event_id: format!("codex-{}", counter),
+        timestamp: ts,
+        event_type: EventType::UserMessage,
+        task_id: None,
+        content: Content::text(trimmed),
+        duration_ms: None,
+        attributes,
+    });
+}
+
+pub(super) fn push_agent_message_event(
+    events: &mut Vec<Event>,
+    counter: &mut u64,
+    ts: DateTime<Utc>,
+    text: &str,
+    source: Option<&str>,
+) {
+    let trimmed = text.trim();
+    if trimmed.is_empty() {
+        return;
+    }
+    if matches!(source, Some("event_msg")) {
+        remove_duplicate_agent_response_fallback(events, ts, trimmed);
+    }
+    if should_skip_duplicate_agent_event(events, ts, trimmed, source) {
+        return;
+    }
+
+    *counter += 1;
+    let mut attributes = HashMap::new();
+    if let Some(source) = source {
+        attributes.insert(
+            "source".to_string(),
+            serde_json::Value::String(source.to_string()),
+        );
+        attach_source_attrs(&mut attributes, Some("codex-desktop-v1"), Some(source));
+    }
+    events.push(Event {
+        event_id: format!("codex-{}", counter),
+        timestamp: ts,
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text(trimmed),
+        duration_ms: None,
+        attributes,
+    });
+}
diff --git a/crates/parsers/src/ingest.rs b/crates/parsers/src/ingest.rs
index 6240a944..a38a6c20 100644
--- a/crates/parsers/src/ingest.rs
+++ b/crates/parsers/src/ingest.rs
@@ -63,7 +63,7 @@ const SUPPORTED_PARSER_IDS: &[&str] = &[
 ];
 
 /// Detect parser candidates from filename and content text.
-pub fn detect_candidates(filename: &str, content: &str) -> Vec<ParseCandidate> {
+pub(crate) fn detect_candidates(filename: &str, content: &str) -> Vec<ParseCandidate> {
     let mut candidates: Vec<ParseCandidate> = Vec::new();
     let lower_name = filename.to_ascii_lowercase();
     let trimmed = content.trim();
@@ -141,7 +141,7 @@ pub fn detect_candidates(filename: &str, content: &str) -> Vec<ParseCandidate> {
 }
 
 /// Parse content bytes with hint + detector fallback.
-pub fn preview_parse_bytes(
+pub(crate) fn preview_parse_bytes(
     filename: &str,
     content_bytes: &[u8],
     parser_hint: Option<&str>,
diff --git a/crates/parsers/src/lib.rs b/crates/parsers/src/lib.rs
index 596644f8..4e9f44a5 100644
--- a/crates/parsers/src/lib.rs
+++ b/crates/parsers/src/lib.rs
@@ -1,7 +1,6 @@
 pub mod claude_code;
 pub mod discover;
 pub mod incremental;
-pub mod ingest;
 
 mod amp;
 mod cline;
@@ -10,12 +9,15 @@ pub(crate) mod common;
 mod cursor;
 pub mod external;
 mod gemini;
+mod ingest;
 mod opencode;
 
 use anyhow::Result;
 use opensession_core::trace::Session;
 use std::path::Path;
 
+pub use ingest::{ParseCandidate, ParseError, ParsePreview};
+
 /// Trait for parsing AI tool session data into HAIL format
 pub trait SessionParser: Send + Sync {
     /// Parser name (e.g. "claude-code", "codex")
@@ -28,40 +30,50 @@ pub trait SessionParser: Send + Sync {
     fn parse(&self, path: &std::path::Path) -> Result<Session>;
 }
 
-/// Get all available parsers
-pub fn all_parsers() -> Vec<Box<dyn SessionParser>> {
-    vec![
-        Box::new(codex::CodexParser),
-        Box::new(opencode::OpenCodeParser),
-        Box::new(cline::ClineParser),
-        Box::new(amp::AmpParser),
-        Box::new(cursor::CursorParser),
-        Box::new(gemini::GeminiParser),
-        Box::new(claude_code::ClaudeCodeParser),
-    ]
+pub struct ParserRegistry {
+    parsers: Vec<Box<dyn SessionParser>>,
 }
 
-/// Return the first parser that can parse the given path.
-pub fn parser_for_path<'a>(
-    parsers: &'a [Box<dyn SessionParser>],
-    path: &Path,
-) -> Option<&'a dyn SessionParser> {
-    parsers
-        .iter()
-        .find(|parser| parser.can_parse(path))
-        .map(|parser| parser.as_ref())
+impl Default for ParserRegistry {
+    fn default() -> Self {
+        Self {
+            parsers: vec![
+                Box::new(codex::CodexParser),
+                Box::new(opencode::OpenCodeParser),
+                Box::new(cline::ClineParser),
+                Box::new(amp::AmpParser),
+                Box::new(cursor::CursorParser),
+                Box::new(gemini::GeminiParser),
+                Box::new(claude_code::ClaudeCodeParser),
+            ],
+        }
+    }
 }
 
-/// Parse one path with the default parser set.
-///
-/// Returns `Ok(None)` when no parser matches the input path.
-pub fn parse_with_default_parsers(path: &Path) -> Result<Option<Session>> {
-    let parsers = all_parsers();
-    let Some(parser) = parser_for_path(&parsers, path) else {
-        return Ok(None);
-    };
-    let session = parser.parse(path)?;
-    Ok(Some(session))
+impl ParserRegistry {
+    pub fn parser_for_path(&self, path: &Path) -> Option<&dyn SessionParser> {
+        self.parsers
+            .iter()
+            .find(|parser| parser.can_parse(path))
+            .map(|parser| parser.as_ref())
+    }
+
+    pub fn parse_path(&self, path: &Path) -> Result<Option<Session>> {
+        let Some(parser) = self.parser_for_path(path) else {
+            return Ok(None);
+        };
+        let session = parser.parse(path)?;
+        Ok(Some(session))
+    }
+
+    pub fn preview_bytes(
+        &self,
+        filename: &str,
+        content_bytes: &[u8],
+        parser_hint: Option<&str>,
+    ) -> Result<ParsePreview, ParseError> {
+        ingest::preview_parse_bytes(filename, content_bytes, parser_hint)
+    }
 }
 
 /// Returns true when the path points to an auxiliary child/sub-agent session log.
@@ -85,4 +97,51 @@ mod tests {
             "/Users/test/.claude/projects/foo/session.jsonl"
         )));
     }
+
+    #[test]
+    fn parser_registry_exposes_default_parsers() {
+        let registry = ParserRegistry::default();
+        assert!(
+            registry
+                .parser_for_path(Path::new("/tmp/.codex/sessions/session.jsonl"))
+                .is_some()
+        );
+        assert!(
+            registry
+                .parser_for_path(Path::new("/tmp/.claude/projects/demo/session.jsonl"))
+                .is_some()
+        );
+    }
+
+    #[test]
+    fn parser_registry_parses_known_fixture_paths() {
+        let registry = ParserRegistry::default();
+        let fixture_src = Path::new(env!("CARGO_MANIFEST_DIR"))
+            .join("tests/fixtures/codex/rollout-desktop.jsonl");
+        let fixture_dir = std::env::temp_dir().join(format!(
+            "opensession-parser-registry-{}",
+            std::process::id()
+        ));
+        let fixture = fixture_dir.join(".codex/sessions/rollout-desktop.jsonl");
+        std::fs::create_dir_all(
+            fixture
+                .parent()
+                .expect("fixture path should include a parent directory"),
+        )
+        .expect("temp codex fixture directory should exist");
+        std::fs::copy(&fixture_src, &fixture).expect("fixture should copy to codex temp path");
+
+        let parser = registry
+            .parser_for_path(&fixture)
+            .expect("fixture should resolve to a parser");
+        assert_eq!(parser.name(), "codex");
+
+        let session = registry
+            .parse_path(&fixture)
+            .expect("fixture parse should succeed")
+            .expect("fixture should produce a session");
+        assert_eq!(session.agent.tool, "codex");
+
+        std::fs::remove_dir_all(fixture_dir).expect("temp fixture directory should be removable");
+    }
 }
diff --git a/crates/parsers/tests/cursor_real_db.rs b/crates/parsers/tests/cursor_real_db.rs
index 35f218b6..adb19243 100644
--- a/crates/parsers/tests/cursor_real_db.rs
+++ b/crates/parsers/tests/cursor_real_db.rs
@@ -30,11 +30,10 @@ fn parse_real_cursor_database() {
         return;
     }
 
-    let parsers = opensession_parsers::all_parsers();
-    let cursor_parser = parsers
-        .iter()
-        .find(|p| p.name() == "cursor")
-        .expect("CursorParser not found in all_parsers()");
+    let registry = opensession_parsers::ParserRegistry::default();
+    let cursor_parser = registry
+        .parser_for_path(path)
+        .expect("Cursor parser not found in ParserRegistry");
 
     assert!(
         cursor_parser.can_parse(path),
diff --git a/crates/parsers/tests/parser_conformance.rs b/crates/parsers/tests/parser_conformance.rs
index 0c335211..2c941693 100644
--- a/crates/parsers/tests/parser_conformance.rs
+++ b/crates/parsers/tests/parser_conformance.rs
@@ -1,7 +1,7 @@
 use opensession_core::trace::{
     ATTR_SEMANTIC_CALL_ID, ATTR_SOURCE_RAW_TYPE, ATTR_SOURCE_SCHEMA_VERSION, EventType,
 };
-use opensession_parsers::{SessionParser, all_parsers};
+use opensession_parsers::{ParserRegistry, SessionParser};
 use rusqlite::Connection;
 use std::path::{Path, PathBuf};
 
@@ -9,11 +9,29 @@ fn fixture_root() -> PathBuf {
     PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures")
 }
 
-fn parser_by_name(name: &str) -> Box<dyn SessionParser> {
-    all_parsers()
-        .into_iter()
-        .find(|parser| parser.name() == name)
-        .unwrap_or_else(|| panic!("parser {name} not found"))
+fn parser_for_fixture<'a>(registry: &'a ParserRegistry, path: &Path) -> &'a dyn SessionParser {
+    registry
+        .parser_for_path(path)
+        .unwrap_or_else(|| panic!("parser not found for {}", path.display()))
+}
+
+fn stage_fixture(
+    temp_root: &Path,
+    fixtures: &Path,
+    fixture_relative: &str,
+    staged_relative: &str,
+) -> PathBuf {
+    let source = fixtures.join(fixture_relative);
+    let staged = temp_root.join(staged_relative);
+    std::fs::create_dir_all(
+        staged
+            .parent()
+            .unwrap_or_else(|| panic!("missing parent for {}", staged.display())),
+    )
+    .unwrap_or_else(|_| panic!("create dir for {}", staged.display()));
+    std::fs::copy(&source, &staged)
+        .unwrap_or_else(|_| panic!("copy {} to {}", source.display(), staged.display()));
+    staged
 }
 
 fn build_cursor_fixture_db(fixtures: &Path) -> PathBuf {
@@ -61,10 +79,17 @@ fn build_cursor_fixture_db(fixtures: &Path) -> PathBuf {
 #[test]
 fn parser_conformance_fixtures_cover_five_tools() {
     let fixtures = fixture_root();
+    let registry = ParserRegistry::default();
+    let staged = tempfile::tempdir().expect("create staged parser fixtures");
 
-    let codex = parser_by_name("codex");
-    let codex_session = codex
-        .parse(&fixtures.join("codex/rollout-desktop.jsonl"))
+    let codex_fixture = stage_fixture(
+        staged.path(),
+        &fixtures,
+        "codex/rollout-desktop.jsonl",
+        ".codex/sessions/rollout-desktop.jsonl",
+    );
+    let codex_session = parser_for_fixture(&registry, &codex_fixture)
+        .parse(&codex_fixture)
         .expect("parse codex fixture");
     assert!(
         codex_session
@@ -78,8 +103,14 @@ fn parser_conformance_fixtures_cover_five_tools() {
             EventType::Custom { ref kind } if kind == "token_count"
         )
     }));
-    let codex_web_session = codex
-        .parse(&fixtures.join("codex/web-search-actions.jsonl"))
+    let codex_web_fixture = stage_fixture(
+        staged.path(),
+        &fixtures,
+        "codex/web-search-actions.jsonl",
+        ".codex/sessions/web-search-actions.jsonl",
+    );
+    let codex_web_session = parser_for_fixture(&registry, &codex_web_fixture)
+        .parse(&codex_web_fixture)
         .expect("parse codex web fixture");
     assert!(codex_web_session.events.iter().any(|event| {
         matches!(
@@ -150,9 +181,14 @@ fn parser_conformance_fixtures_cover_five_tools() {
             == Some("plan_fixture_1")
     }));
 
-    let claude = parser_by_name("claude-code");
-    let claude_session = claude
-        .parse(&fixtures.join("claude/session-fallback.jsonl"))
+    let claude_fixture = stage_fixture(
+        staged.path(),
+        &fixtures,
+        "claude/session-fallback.jsonl",
+        ".claude/projects/demo/session-fallback.jsonl",
+    );
+    let claude_session = parser_for_fixture(&registry, &claude_fixture)
+        .parse(&claude_fixture)
         .expect("parse claude fixture");
     assert!(claude_session.events.iter().any(|event| {
         matches!(
@@ -161,9 +197,14 @@ fn parser_conformance_fixtures_cover_five_tools() {
         )
     }));
 
-    let gemini = parser_by_name("gemini");
-    let gemini_session = gemini
-        .parse(&fixtures.join("gemini/session-parts.json"))
+    let gemini_fixture = stage_fixture(
+        staged.path(),
+        &fixtures,
+        "gemini/session-parts.json",
+        ".gemini/tmp/demo/chats/session-parts.json",
+    );
+    let gemini_session = parser_for_fixture(&registry, &gemini_fixture)
+        .parse(&gemini_fixture)
         .expect("parse gemini fixture");
     assert!(
         gemini_session
@@ -184,8 +225,14 @@ fn parser_conformance_fixtures_cover_five_tools() {
             .and_then(|value| value.as_str())
             .is_some()
     }));
-    let gemini_tool_session = gemini
-        .parse(&fixtures.join("gemini/session-toolcalls.json"))
+    let gemini_tool_fixture = stage_fixture(
+        staged.path(),
+        &fixtures,
+        "gemini/session-toolcalls.json",
+        ".gemini/tmp/demo/chats/session-toolcalls.json",
+    );
+    let gemini_tool_session = parser_for_fixture(&registry, &gemini_tool_fixture)
+        .parse(&gemini_tool_fixture)
         .expect("parse gemini toolCalls fixture");
     assert!(gemini_tool_session.events.iter().any(|event| {
         matches!(
@@ -208,9 +255,9 @@ fn parser_conformance_fixtures_cover_five_tools() {
             == Some("gemini-json-v3-toolcalls")
     }));
 
-    let opencode = parser_by_name("opencode");
-    let opencode_session = opencode
-        .parse(&fixtures.join("opencode/storage/session/project/ses_fixture.json"))
+    let opencode_fixture = fixtures.join("opencode/storage/session/project/ses_fixture.json");
+    let opencode_session = parser_for_fixture(&registry, &opencode_fixture)
+        .parse(&opencode_fixture)
         .expect("parse opencode fixture");
     assert_eq!(opencode_session.agent.provider, "openai");
     assert_eq!(opencode_session.agent.model, "gpt-5.2-codex");
@@ -222,8 +269,10 @@ fn parser_conformance_fixtures_cover_five_tools() {
                 .and_then(|v| v.as_str())
                 == Some("part:text")
     }));
-    let opencode_company_session = opencode
-        .parse(&fixtures.join("opencode/storage/session/project/ses_company_logic.json"))
+    let opencode_company_fixture =
+        fixtures.join("opencode/storage/session/project/ses_company_logic.json");
+    let opencode_company_session = parser_for_fixture(&registry, &opencode_company_fixture)
+        .parse(&opencode_company_fixture)
         .expect("parse opencode company fixture");
     assert!(opencode_company_session.events.iter().any(|event| {
         matches!(event.event_type, EventType::Thinking)
@@ -277,8 +326,9 @@ fn parser_conformance_fixtures_cover_five_tools() {
     }));
 
     let cursor_db = build_cursor_fixture_db(&fixtures);
-    let cursor = parser_by_name("cursor");
-    let cursor_session = cursor.parse(&cursor_db).expect("parse cursor fixture db");
+    let cursor_session = parser_for_fixture(&registry, &cursor_db)
+        .parse(&cursor_db)
+        .expect("parse cursor fixture db");
     assert!(
         cursor_session
             .events
diff --git a/crates/parsers/tests/real_data.rs b/crates/parsers/tests/real_data.rs
index 3ea0bc3d..b53da3c4 100644
--- a/crates/parsers/tests/real_data.rs
+++ b/crates/parsers/tests/real_data.rs
@@ -4,15 +4,14 @@
 #[test]
 #[ignore = "requires real Codex session files"]
 fn parse_real_codex_session() {
-    let codex = opensession_parsers::all_parsers()
-        .into_iter()
-        .find(|p| p.name() == "codex")
-        .unwrap();
-
+    let registry = opensession_parsers::ParserRegistry::default();
     let paths = opensession_parsers::discover::discover_for_tool("codex");
     assert!(!paths.is_empty(), "No Codex session files found");
 
     for path in &paths {
+        let codex = registry
+            .parser_for_path(path)
+            .unwrap_or_else(|| panic!("No parser found for {}", path.display()));
         assert!(
             codex.can_parse(path),
             "can_parse failed for {}",
@@ -38,15 +37,14 @@ fn parse_real_codex_session() {
 #[test]
 #[ignore = "requires real Gemini session files"]
 fn parse_real_gemini_session() {
-    let gemini = opensession_parsers::all_parsers()
-        .into_iter()
-        .find(|p| p.name() == "gemini")
-        .unwrap();
-
+    let registry = opensession_parsers::ParserRegistry::default();
     let paths = opensession_parsers::discover::discover_for_tool("gemini");
     assert!(!paths.is_empty(), "No Gemini session files found");
 
     for path in &paths {
+        let gemini = registry
+            .parser_for_path(path)
+            .unwrap_or_else(|| panic!("No parser found for {}", path.display()));
         assert!(
             gemini.can_parse(path),
             "can_parse failed for {}",
@@ -71,15 +69,14 @@ fn parse_real_gemini_session() {
 #[test]
 #[ignore = "requires real OpenCode session files"]
 fn parse_real_opencode_session() {
-    let opencode = opensession_parsers::all_parsers()
-        .into_iter()
-        .find(|p| p.name() == "opencode")
-        .unwrap();
-
+    let registry = opensession_parsers::ParserRegistry::default();
     let paths = opensession_parsers::discover::discover_for_tool("opencode");
     assert!(!paths.is_empty(), "No OpenCode session files found");
 
     for path in &paths {
+        let opencode = registry
+            .parser_for_path(path)
+            .unwrap_or_else(|| panic!("No parser found for {}", path.display()));
         assert!(
             opencode.can_parse(path),
             "can_parse failed for {}",
diff --git a/crates/server/src/routes/ingest.rs b/crates/server/src/routes/ingest.rs
deleted file mode 100644
index 52872ecc..00000000
--- a/crates/server/src/routes/ingest.rs
+++ /dev/null
@@ -1,1142 +0,0 @@
-use std::collections::HashSet;
-use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
-use std::time::Duration;
-
-use axum::{
-    Json,
-    extract::State,
-    http::{HeaderMap, StatusCode},
-};
-#[cfg(test)]
-use base64::Engine;
-use opensession_api::{
-    ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
-    ParsePreviewResponse, ParseSource, db as dbq,
-    parse_preview_source::{self as preview_source, GitSource, GithubSource},
-};
-use opensession_parsers::ingest::{self as parser_ingest, ParseError as ParserParseError};
-use reqwest::header::CONTENT_TYPE;
-
-use crate::AppConfig;
-use crate::storage::{Db, sq_execute, sq_query_map, sq_query_row};
-
-const FETCH_TIMEOUT_SECS: u64 = 10;
-const MAX_SOURCE_SIZE_BYTES: usize = 10 * 1024 * 1024;
-
-#[derive(Debug, Clone)]
-struct ParseInput {
-    source: ParseSource,
-    filename: String,
-    bytes: Vec<u8>,
-}
-
-#[derive(Debug, Clone)]
-struct PreviewRouteError {
-    status: StatusCode,
-    code: &'static str,
-    message: String,
-    parser_candidates: Vec<ApiParseCandidate>,
-}
-
-impl PreviewRouteError {
-    fn unauthorized(message: impl Into<String>) -> Self {
-        Self {
-            status: StatusCode::UNAUTHORIZED,
-            code: "unauthorized",
-            message: message.into(),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn invalid_source(message: impl Into<String>) -> Self {
-        Self {
-            status: StatusCode::BAD_REQUEST,
-            code: "invalid_source",
-            message: message.into(),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn fetch_failed(message: impl Into<String>) -> Self {
-        Self {
-            status: StatusCode::UNPROCESSABLE_ENTITY,
-            code: "fetch_failed",
-            message: message.into(),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn missing_git_credential(status_code: u16) -> Self {
-        Self {
-            status: StatusCode::UNAUTHORIZED,
-            code: "missing_git_credential",
-            message: format!(
-                "remote source returned status {status_code}; connect provider OAuth or register a git credential for this host"
-            ),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn git_credential_forbidden(status_code: u16) -> Self {
-        Self {
-            status: StatusCode::FORBIDDEN,
-            code: "git_credential_forbidden",
-            message: format!(
-                "configured credential was rejected by remote source (status {status_code})"
-            ),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn file_too_large(size: usize) -> Self {
-        Self {
-            status: StatusCode::UNPROCESSABLE_ENTITY,
-            code: "file_too_large",
-            message: format!(
-                "source is too large ({} bytes, max {} bytes)",
-                size, MAX_SOURCE_SIZE_BYTES
-            ),
-            parser_candidates: Vec::new(),
-        }
-    }
-
-    fn parse_failed(
-        message: impl Into<String>,
-        parser_candidates: Vec<parser_ingest::ParseCandidate>,
-    ) -> Self {
-        Self {
-            status: StatusCode::UNPROCESSABLE_ENTITY,
-            code: "parse_failed",
-            message: message.into(),
-            parser_candidates: to_api_candidates(parser_candidates),
-        }
-    }
-
-    fn parser_selection_required(
-        message: impl Into<String>,
-        parser_candidates: Vec<parser_ingest::ParseCandidate>,
-    ) -> Self {
-        Self {
-            status: StatusCode::UNPROCESSABLE_ENTITY,
-            code: "parser_selection_required",
-            message: message.into(),
-            parser_candidates: to_api_candidates(parser_candidates),
-        }
-    }
-
-    fn into_http(self) -> (StatusCode, Json<ParsePreviewErrorResponse>) {
-        (
-            self.status,
-            Json(ParsePreviewErrorResponse {
-                code: self.code.to_string(),
-                message: self.message,
-                parser_candidates: self.parser_candidates,
-            }),
-        )
-    }
-}
-
-/// POST /api/parse/preview
-pub async fn preview(
-    State(db): State<Db>,
-    State(config): State<AppConfig>,
-    headers: HeaderMap,
-    Json(req): Json<ParsePreviewRequest>,
-) -> Result<Json<ParsePreviewResponse>, (StatusCode, Json<ParsePreviewErrorResponse>)> {
-    let user_id =
-        resolve_optional_user_id(&headers, &db, &config).map_err(PreviewRouteError::into_http)?;
-    let input =
-        prepare_parse_input_with_ctx(req.source, Some(&db), Some(&config), user_id.as_deref())
-            .await
-            .map_err(PreviewRouteError::into_http)?;
-
-    let preview = parser_ingest::preview_parse_bytes(
-        &input.filename,
-        &input.bytes,
-        req.parser_hint.as_deref(),
-    )
-    .map_err(map_parser_error)
-    .map_err(PreviewRouteError::into_http)?;
-
-    Ok(Json(ParsePreviewResponse {
-        parser_used: preview.parser_used,
-        parser_candidates: to_api_candidates(preview.parser_candidates),
-        session: preview.session,
-        source: input.source,
-        warnings: preview.warnings,
-        native_adapter: preview.native_adapter,
-    }))
-}
-
-fn map_parser_error(err: ParserParseError) -> PreviewRouteError {
-    match err {
-        ParserParseError::InvalidParserHint { hint } => {
-            PreviewRouteError::invalid_source(format!("unsupported parser_hint '{hint}'"))
-        }
-        ParserParseError::ParserSelectionRequired {
-            message,
-            parser_candidates,
-        } => PreviewRouteError::parser_selection_required(message, parser_candidates),
-        ParserParseError::ParseFailed {
-            message,
-            parser_candidates,
-        } => PreviewRouteError::parse_failed(message, parser_candidates),
-    }
-}
-
-fn resolve_optional_user_id(
-    headers: &HeaderMap,
-    db: &Db,
-    config: &AppConfig,
-) -> Result<Option<String>, PreviewRouteError> {
-    super::auth::try_auth_from_headers(headers, db, config)
-        .map(|user| user.map(|row| row.user_id))
-        .map_err(|_| PreviewRouteError::unauthorized("invalid authorization token"))
-}
-
-#[cfg(test)]
-async fn prepare_parse_input(source: ParseSource) -> Result<ParseInput, PreviewRouteError> {
-    prepare_parse_input_with_ctx(source, None, None, None).await
-}
-
-async fn prepare_parse_input_with_ctx(
-    source: ParseSource,
-    db: Option<&Db>,
-    config: Option<&AppConfig>,
-    user_id: Option<&str>,
-) -> Result<ParseInput, PreviewRouteError> {
-    match source {
-        ParseSource::Git {
-            remote,
-            r#ref,
-            path,
-        } => {
-            let normalized = normalize_git_source(&remote, &r#ref, &path)?;
-            let db = db.ok_or_else(|| {
-                PreviewRouteError::fetch_failed("git source fetch is unavailable in this context")
-            })?;
-            let config = config.ok_or_else(|| {
-                PreviewRouteError::fetch_failed("git source fetch is unavailable in this context")
-            })?;
-            let bytes = fetch_git_source(&normalized, db, config, user_id).await?;
-            let filename = file_name_from_path(&normalized.path);
-
-            Ok(ParseInput {
-                source: ParseSource::Git {
-                    remote: normalized.remote,
-                    r#ref: normalized.r#ref,
-                    path: normalized.path,
-                },
-                filename,
-                bytes,
-            })
-        }
-        ParseSource::Github {
-            owner,
-            repo,
-            r#ref,
-            path,
-        } => {
-            let normalized = normalize_github_source(&owner, &repo, &r#ref, &path)?;
-            let db = db.ok_or_else(|| {
-                PreviewRouteError::fetch_failed(
-                    "github source fetch is unavailable in this context",
-                )
-            })?;
-            let config = config.ok_or_else(|| {
-                PreviewRouteError::fetch_failed(
-                    "github source fetch is unavailable in this context",
-                )
-            })?;
-            let bytes = fetch_git_source(
-                &GitSource {
-                    remote: format!(
-                        "https://github.com/{}/{}",
-                        normalized.owner, normalized.repo
-                    ),
-                    r#ref: normalized.r#ref.clone(),
-                    path: normalized.path.clone(),
-                },
-                db,
-                config,
-                user_id,
-            )
-            .await?;
-            let filename = file_name_from_path(&normalized.path);
-
-            Ok(ParseInput {
-                source: ParseSource::Github {
-                    owner: normalized.owner,
-                    repo: normalized.repo,
-                    r#ref: normalized.r#ref,
-                    path: normalized.path,
-                },
-                filename,
-                bytes,
-            })
-        }
-        ParseSource::Inline {
-            filename,
-            content_base64,
-        } => {
-            let filename = normalize_filename(&filename)?;
-            let bytes = decode_inline_content(&content_base64)?;
-            if bytes.len() > MAX_SOURCE_SIZE_BYTES {
-                return Err(PreviewRouteError::file_too_large(bytes.len()));
-            }
-
-            Ok(ParseInput {
-                source: ParseSource::Inline {
-                    filename: filename.clone(),
-                    // Do not echo full inline payload in preview responses.
-                    content_base64: String::new(),
-                },
-                filename,
-                bytes,
-            })
-        }
-    }
-}
-
-fn normalize_git_source(
-    remote: &str,
-    r#ref: &str,
-    path: &str,
-) -> Result<GitSource, PreviewRouteError> {
-    preview_source::normalize_git_source(remote, r#ref, path)
-        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
-}
-
-fn normalize_github_source(
-    owner: &str,
-    repo: &str,
-    r#ref: &str,
-    path: &str,
-) -> Result<GithubSource, PreviewRouteError> {
-    preview_source::normalize_github_source(owner, repo, r#ref, path)
-        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
-}
-
-fn normalize_filename(filename: &str) -> Result<String, PreviewRouteError> {
-    preview_source::normalize_filename(filename)
-        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
-}
-
-fn decode_inline_content(content_base64: &str) -> Result<Vec<u8>, PreviewRouteError> {
-    preview_source::decode_inline_content(content_base64)
-        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
-}
-
-fn file_name_from_path(path: &str) -> String {
-    preview_source::file_name_from_path(path)
-}
-
-fn validate_remote_url(remote: &str) -> Result<reqwest::Url, PreviewRouteError> {
-    let parsed = reqwest::Url::parse(remote)
-        .map_err(|_| PreviewRouteError::invalid_source("remote must be an absolute http(s) URL"))?;
-
-    let scheme = parsed.scheme().to_ascii_lowercase();
-    if scheme != "https" {
-        return Err(PreviewRouteError::invalid_source("remote must use https"));
-    }
-
-    if !parsed.username().is_empty() || parsed.password().is_some() {
-        return Err(PreviewRouteError::invalid_source(
-            "remote cannot include credentials",
-        ));
-    }
-
-    if parsed.query().is_some() || parsed.fragment().is_some() {
-        return Err(PreviewRouteError::invalid_source(
-            "remote cannot include query or fragment",
-        ));
-    }
-
-    let host = parsed
-        .host_str()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
-
-    if is_disallowed_remote_host(host) {
-        return Err(PreviewRouteError::invalid_source(
-            "remote host is not allowed",
-        ));
-    }
-
-    let repo_path = parsed.path().trim_matches('/');
-    if repo_path.is_empty() {
-        return Err(PreviewRouteError::invalid_source(
-            "remote must include repository path",
-        ));
-    }
-
-    Ok(parsed)
-}
-
-fn is_disallowed_remote_host(host: &str) -> bool {
-    let lowered = host.to_ascii_lowercase();
-    if lowered == "localhost" || lowered.ends_with(".localhost") {
-        return true;
-    }
-
-    match host.parse::<IpAddr>() {
-        Ok(IpAddr::V4(v4)) => is_disallowed_ipv4(v4),
-        Ok(IpAddr::V6(v6)) => is_disallowed_ipv6(v6),
-        Err(_) => false,
-    }
-}
-
-fn is_disallowed_ipv4(ip: Ipv4Addr) -> bool {
-    ip.is_private()
-        || ip.is_loopback()
-        || ip.is_link_local()
-        || ip.is_broadcast()
-        || ip.is_documentation()
-        || ip.is_multicast()
-        || ip.is_unspecified()
-}
-
-fn is_disallowed_ipv6(ip: Ipv6Addr) -> bool {
-    ip.is_loopback()
-        || ip.is_unspecified()
-        || ip.is_unique_local()
-        || ip.is_unicast_link_local()
-        || ip.is_multicast()
-        || is_ipv6_documentation(ip)
-}
-
-fn is_ipv6_documentation(ip: Ipv6Addr) -> bool {
-    let segments = ip.segments();
-    segments[0] == 0x2001 && segments[1] == 0x0db8
-}
-
-fn oauth_provider_host_from_url(raw: &str) -> Option<String> {
-    reqwest::Url::parse(raw)
-        .ok()
-        .and_then(|url| url.host_str().map(|value| value.to_ascii_lowercase()))
-}
-
-fn configured_gitlab_hosts(config: &AppConfig) -> HashSet<String> {
-    config
-        .oauth_providers
-        .iter()
-        .filter(|provider| provider.id == "gitlab")
-        .filter_map(|provider| oauth_provider_host_from_url(&provider.token_url))
-        .collect()
-}
-
-fn is_gitlab_host(host: &str, gitlab_hosts: &HashSet<String>) -> bool {
-    host == "gitlab.com" || gitlab_hosts.contains(host)
-}
-
-fn origin_from_url(url: &reqwest::Url) -> Result<String, PreviewRouteError> {
-    let host = url
-        .host_str()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
-    let mut origin = format!("{}://{host}", url.scheme());
-    if let Some(port) = url.port() {
-        origin.push(':');
-        origin.push_str(&port.to_string());
-    }
-    Ok(origin)
-}
-
-fn encode_segments(value: &str) -> String {
-    value
-        .split('/')
-        .map(|segment| urlencoding::encode(segment).into_owned())
-        .collect::<Vec<_>>()
-        .join("/")
-}
-
-fn strip_git_suffix(value: &str) -> &str {
-    value.strip_suffix(".git").unwrap_or(value)
-}
-
-fn repo_path_segments(url: &reqwest::Url) -> Result<Vec<String>, PreviewRouteError> {
-    let mut segments: Vec<String> = url
-        .path_segments()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote repository path is invalid"))?
-        .filter(|segment| !segment.is_empty())
-        .map(|segment| {
-            urlencoding::decode(segment)
-                .map(|decoded| decoded.trim().to_string())
-                .map_err(|_| {
-                    PreviewRouteError::invalid_source(
-                        "remote repository path contains invalid percent encoding",
-                    )
-                })
-        })
-        .collect::<Result<Vec<_>, _>>()?;
-
-    if segments.len() < 2 {
-        return Err(PreviewRouteError::invalid_source(
-            "remote must include owner/group and repository",
-        ));
-    }
-
-    if let Some(last) = segments.last_mut() {
-        *last = strip_git_suffix(last).to_string();
-    }
-
-    if segments
-        .iter()
-        .any(|segment| segment.is_empty() || segment == "." || segment == "..")
-    {
-        return Err(PreviewRouteError::invalid_source(
-            "remote repository path contains invalid segments",
-        ));
-    }
-
-    Ok(segments)
-}
-
-fn build_github_raw_url(
-    url: &reqwest::Url,
-    r#ref: &str,
-    path: &str,
-) -> Result<String, PreviewRouteError> {
-    let segments = repo_path_segments(url)?;
-    if segments.len() != 2 {
-        return Err(PreviewRouteError::invalid_source(
-            "github remote must look like https://github.com/{owner}/{repo}",
-        ));
-    }
-
-    Ok(format!(
-        "https://raw.githubusercontent.com/{}/{}/{}/{}",
-        segments[0],
-        segments[1],
-        encode_segments(r#ref),
-        encode_segments(path)
-    ))
-}
-
-fn build_gitlab_raw_url(
-    url: &reqwest::Url,
-    r#ref: &str,
-    path: &str,
-) -> Result<String, PreviewRouteError> {
-    let project_path = repo_path_segments(url)?.join("/");
-    let origin = origin_from_url(url)?;
-    Ok(format!(
-        "{}/{}/-/raw/{}/{}",
-        origin,
-        encode_segments(&project_path),
-        encode_segments(r#ref),
-        encode_segments(path)
-    ))
-}
-
-fn build_generic_raw_url(
-    url: &reqwest::Url,
-    r#ref: &str,
-    path: &str,
-) -> Result<String, PreviewRouteError> {
-    let repo_path = repo_path_segments(url)?.join("/");
-    let origin = origin_from_url(url)?;
-    Ok(format!(
-        "{}/{}/raw/{}/{}",
-        origin,
-        encode_segments(&repo_path),
-        encode_segments(r#ref),
-        encode_segments(path)
-    ))
-}
-
-fn build_git_raw_url(
-    source: &GitSource,
-    gitlab_hosts: &HashSet<String>,
-) -> Result<String, PreviewRouteError> {
-    let remote = validate_remote_url(&source.remote)?;
-    let host = remote
-        .host_str()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?
-        .to_ascii_lowercase();
-
-    if host == "github.com" {
-        return build_github_raw_url(&remote, &source.r#ref, &source.path);
-    }
-    if is_gitlab_host(&host, gitlab_hosts) {
-        return build_gitlab_raw_url(&remote, &source.r#ref, &source.path);
-    }
-
-    build_generic_raw_url(&remote, &source.r#ref, &source.path)
-}
-
-#[derive(Debug, Clone)]
-enum GitCredentialSource {
-    Provider,
-    Manual {
-        credential_id: String,
-        user_id: String,
-    },
-}
-
-#[derive(Debug, Clone)]
-struct GitFetchAuthHeader {
-    header_name: String,
-    header_value: String,
-    source: GitCredentialSource,
-}
-
-fn provider_for_host(host: &str, gitlab_hosts: &HashSet<String>) -> Option<&'static str> {
-    if host == "github.com" {
-        return Some("github");
-    }
-    if is_gitlab_host(host, gitlab_hosts) {
-        return Some("gitlab");
-    }
-    None
-}
-
-fn repo_path_from_remote(url: &reqwest::Url) -> Result<String, PreviewRouteError> {
-    Ok(repo_path_segments(url)?.join("/"))
-}
-
-fn path_prefix_matches(repo_path: &str, prefix: &str) -> bool {
-    if prefix.is_empty() {
-        return true;
-    }
-    repo_path == prefix
-        || repo_path
-            .strip_prefix(prefix)
-            .is_some_and(|rest| rest.starts_with('/'))
-}
-
-async fn ensure_remote_resolves_public(remote: &reqwest::Url) -> Result<(), PreviewRouteError> {
-    let host = remote
-        .host_str()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
-    if host.parse::<IpAddr>().is_ok() {
-        return Ok(());
-    }
-
-    let port = remote.port_or_known_default().unwrap_or(443);
-    let mut resolved = tokio::net::lookup_host((host, port))
-        .await
-        .map_err(|_| PreviewRouteError::fetch_failed("remote host DNS lookup failed"))?;
-    let mut found_any = false;
-    for addr in &mut resolved {
-        found_any = true;
-        let ip = addr.ip();
-        let disallowed = match ip {
-            IpAddr::V4(v4) => is_disallowed_ipv4(v4),
-            IpAddr::V6(v6) => is_disallowed_ipv6(v6),
-        };
-        if disallowed {
-            tracing::warn!(host = %host, ip = %ip, "blocked remote host resolving to disallowed IP");
-            return Err(PreviewRouteError::invalid_source(
-                "remote host resolves to a disallowed address",
-            ));
-        }
-    }
-    if !found_any {
-        return Err(PreviewRouteError::fetch_failed(
-            "remote host DNS lookup returned no addresses",
-        ));
-    }
-    Ok(())
-}
-
-fn resolve_fetch_auth_header(
-    source: &GitSource,
-    db: &Db,
-    config: &AppConfig,
-    user_id: Option<&str>,
-) -> Result<Option<GitFetchAuthHeader>, PreviewRouteError> {
-    let Some(user_id) = user_id else {
-        return Ok(None);
-    };
-    let Some(keyring) = config.credential_keyring.as_ref() else {
-        return Ok(None);
-    };
-
-    let remote = validate_remote_url(&source.remote)?;
-    let host = remote
-        .host_str()
-        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?
-        .to_ascii_lowercase();
-    let repo_path = repo_path_from_remote(&remote)?;
-    let conn = db.conn();
-    let gitlab_hosts = configured_gitlab_hosts(config);
-
-    if let Some(provider) = provider_for_host(&host, &gitlab_hosts) {
-        let provider_token_enc: Option<String> = sq_query_row(
-            &conn,
-            dbq::oauth_provider_tokens::get_by_user_provider_host(user_id, provider, &host),
-            |row| row.get(1),
-        )
-        .ok();
-        if let Some(enc) = provider_token_enc {
-            let token = keyring.decrypt(&enc).map_err(|_| {
-                PreviewRouteError::fetch_failed("failed to decrypt provider credential")
-            })?;
-            return Ok(Some(GitFetchAuthHeader {
-                header_name: "Authorization".to_string(),
-                header_value: format!("Bearer {token}"),
-                source: GitCredentialSource::Provider,
-            }));
-        }
-    }
-
-    let manual_rows: Vec<(String, String, String, String)> = sq_query_map(
-        &conn,
-        dbq::git_credentials::list_for_host_with_secret(user_id, &host),
-        |row| {
-            Ok((
-                row.get::<_, String>(0)?,
-                row.get::<_, String>(3)?,
-                row.get::<_, String>(4)?,
-                row.get::<_, String>(5)?,
-            ))
-        },
-    )
-    .map_err(|_| PreviewRouteError::fetch_failed("failed loading git credentials"))?;
-
-    for (credential_id, path_prefix, header_name, secret_enc) in manual_rows {
-        if !path_prefix_matches(&repo_path, &path_prefix) {
-            continue;
-        }
-        let secret = keyring
-            .decrypt(&secret_enc)
-            .map_err(|_| PreviewRouteError::fetch_failed("failed to decrypt git credential"))?;
-        return Ok(Some(GitFetchAuthHeader {
-            header_name,
-            header_value: secret,
-            source: GitCredentialSource::Manual {
-                credential_id,
-                user_id: user_id.to_string(),
-            },
-        }));
-    }
-
-    Ok(None)
-}
-
-async fn fetch_git_source(
-    source: &GitSource,
-    db: &Db,
-    config: &AppConfig,
-    user_id: Option<&str>,
-) -> Result<Vec<u8>, PreviewRouteError> {
-    let remote = validate_remote_url(&source.remote)?;
-    ensure_remote_resolves_public(&remote).await?;
-    let gitlab_hosts = configured_gitlab_hosts(config);
-    let url = build_git_raw_url(source, &gitlab_hosts)?;
-    let fetch_auth = resolve_fetch_auth_header(source, db, config, user_id)?;
-    let client = reqwest::Client::builder()
-        .redirect(reqwest::redirect::Policy::none())
-        .timeout(Duration::from_secs(FETCH_TIMEOUT_SECS))
-        .build()
-        .map_err(|_| PreviewRouteError::fetch_failed("failed to initialize fetch client"))?;
-
-    let mut request = client
-        .get(&url)
-        .header(reqwest::header::USER_AGENT, "opensession-ingest-preview");
-    if let Some(auth_header) = fetch_auth.as_ref() {
-        request = request.header(
-            auth_header.header_name.as_str(),
-            auth_header.header_value.as_str(),
-        );
-    }
-
-    let response = request
-        .send()
-        .await
-        .map_err(|_| PreviewRouteError::fetch_failed("failed to fetch source"))?;
-
-    if response.status().is_redirection() {
-        tracing::warn!(url = %url, status = %response.status(), "blocked redirect response from remote source");
-        return Err(PreviewRouteError::fetch_failed(
-            "redirect responses are not allowed",
-        ));
-    }
-
-    if matches!(response.status().as_u16(), 401 | 403) && user_id.is_some() {
-        tracing::warn!(
-            url = %url,
-            status = response.status().as_u16(),
-            has_auth = fetch_auth.is_some(),
-            "remote source authentication failed"
-        );
-        return Err(match fetch_auth {
-            Some(_) => PreviewRouteError::git_credential_forbidden(response.status().as_u16()),
-            None => PreviewRouteError::missing_git_credential(response.status().as_u16()),
-        });
-    }
-
-    if !response.status().is_success() {
-        return Err(PreviewRouteError::fetch_failed(format!(
-            "source fetch failed with status {}",
-            response.status().as_u16()
-        )));
-    }
-
-    if let Some(content_len) = response.content_length() {
-        if content_len > MAX_SOURCE_SIZE_BYTES as u64 {
-            return Err(PreviewRouteError::file_too_large(content_len as usize));
-        }
-    }
-
-    if let Some(content_type) = response
-        .headers()
-        .get(CONTENT_TYPE)
-        .and_then(|v| v.to_str().ok())
-    {
-        if !is_allowed_content_type(content_type) {
-            return Err(PreviewRouteError::fetch_failed(format!(
-                "unsupported content-type '{content_type}', expected text/json content",
-            )));
-        }
-    }
-
-    let body = response
-        .bytes()
-        .await
-        .map_err(|_| PreviewRouteError::fetch_failed("failed reading source body"))?;
-
-    if body.len() > MAX_SOURCE_SIZE_BYTES {
-        return Err(PreviewRouteError::file_too_large(body.len()));
-    }
-
-    if looks_binary(body.as_ref()) {
-        return Err(PreviewRouteError::fetch_failed(
-            "binary files are not supported",
-        ));
-    }
-
-    if let Some(GitFetchAuthHeader {
-        source:
-            GitCredentialSource::Manual {
-                credential_id,
-                user_id,
-            },
-        ..
-    }) = fetch_auth
-    {
-        let conn = db.conn();
-        let _ = sq_execute(
-            &conn,
-            dbq::git_credentials::touch_last_used(credential_id.as_str(), user_id.as_str()),
-        );
-    }
-
-    Ok(body.to_vec())
-}
-
-fn is_allowed_content_type(content_type: &str) -> bool {
-    let media_type = content_type
-        .split(';')
-        .next()
-        .unwrap_or_default()
-        .trim()
-        .to_ascii_lowercase();
-    if media_type.is_empty() {
-        return true;
-    }
-    if media_type.starts_with("text/") {
-        return true;
-    }
-    media_type == "application/json"
-        || media_type == "application/jsonl"
-        || media_type == "application/x-ndjson"
-        || media_type.ends_with("+json")
-}
-
-fn looks_binary(bytes: &[u8]) -> bool {
-    if bytes.contains(&0) {
-        return true;
-    }
-    std::str::from_utf8(bytes).is_err()
-}
-
-fn to_api_candidates(candidates: Vec<parser_ingest::ParseCandidate>) -> Vec<ApiParseCandidate> {
-    candidates
-        .into_iter()
-        .map(|candidate| ApiParseCandidate {
-            id: candidate.id,
-            confidence: candidate.confidence,
-            reason: candidate.reason,
-        })
-        .collect()
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use opensession_api::ParsePreviewRequest;
-
-    fn parse_request_for_inline(filename: &str, raw: &[u8]) -> ParsePreviewRequest {
-        ParsePreviewRequest {
-            source: ParseSource::Inline {
-                filename: filename.to_string(),
-                content_base64: base64::engine::general_purpose::STANDARD.encode(raw),
-            },
-            parser_hint: None,
-        }
-    }
-
-    #[test]
-    fn github_source_rejects_invalid_owner() {
-        let err = normalize_github_source("bad owner!", "repo", "main", "sessions/a.hail.jsonl")
-            .expect_err("owner validation must fail");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn github_source_rejects_invalid_ref() {
-        let err = normalize_github_source("owner", "repo", "main:prod", "sessions/a.hail.jsonl")
-            .expect_err("ref validation must fail");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn github_source_rejects_path_traversal_segments() {
-        let err = normalize_github_source("owner", "repo", "main", "sessions/../a.hail.jsonl")
-            .expect_err("path traversal must fail");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn github_source_accepts_normalized_path() {
-        let source = normalize_github_source(
-            "hwisu",
-            "opensession",
-            "main",
-            "sessions/foo%20bar.hail.jsonl",
-        )
-        .expect("source should be valid");
-        assert_eq!(source.path, "sessions/foo bar.hail.jsonl");
-        let remote = reqwest::Url::parse("https://github.com/hwisu/opensession")
-            .expect("remote url should parse");
-        assert_eq!(
-            build_github_raw_url(&remote, &source.r#ref, &source.path)
-                .expect("github raw url should build"),
-            "https://raw.githubusercontent.com/hwisu/opensession/main/sessions/foo%20bar.hail.jsonl"
-        );
-    }
-
-    #[test]
-    fn git_source_rejects_localhost_remote() {
-        let err = normalize_git_source(
-            "http://localhost:3000/hwisu/opensession",
-            "main",
-            "sessions/demo.hail.jsonl",
-        )
-        .expect_err("localhost remote must be rejected");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn git_source_rejects_private_ip_remote() {
-        let err = normalize_git_source(
-            "http://192.168.0.10/hwisu/opensession",
-            "main",
-            "sessions/demo.hail.jsonl",
-        )
-        .expect_err("private ip remote must be rejected");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn git_source_rejects_credentials_and_query() {
-        let with_credentials = normalize_git_source(
-            "https://user:secret@example.com/org/repo",
-            "main",
-            "sessions/demo.hail.jsonl",
-        )
-        .expect_err("remote credentials must be rejected");
-        assert_eq!(with_credentials.code, "invalid_source");
-
-        let with_query = normalize_git_source(
-            "https://example.com/org/repo?token=1",
-            "main",
-            "sessions/demo.hail.jsonl",
-        )
-        .expect_err("remote query must be rejected");
-        assert_eq!(with_query.code, "invalid_source");
-    }
-
-    #[test]
-    fn build_git_raw_url_uses_provider_aware_patterns() {
-        let no_gitlab_hosts = HashSet::new();
-        let mut configured_gitlab_hosts = HashSet::new();
-        configured_gitlab_hosts.insert("gitlab.internal.example.com".to_string());
-
-        let github = build_git_raw_url(
-            &GitSource {
-                remote: "https://github.com/hwisu/opensession".to_string(),
-                r#ref: "main".to_string(),
-                path: "sessions/demo.hail.jsonl".to_string(),
-            },
-            &no_gitlab_hosts,
-        )
-        .expect("github raw url should build");
-        assert_eq!(
-            github,
-            "https://raw.githubusercontent.com/hwisu/opensession/main/sessions/demo.hail.jsonl"
-        );
-
-        let gitlab = build_git_raw_url(
-            &GitSource {
-                remote: "https://gitlab.com/group/subgroup/repo".to_string(),
-                r#ref: "main".to_string(),
-                path: "sessions/demo.hail.jsonl".to_string(),
-            },
-            &no_gitlab_hosts,
-        )
-        .expect("gitlab raw url should build");
-        assert_eq!(
-            gitlab,
-            "https://gitlab.com/group/subgroup/repo/-/raw/main/sessions/demo.hail.jsonl"
-        );
-
-        let gitlab_self_managed = build_git_raw_url(
-            &GitSource {
-                remote: "https://gitlab.internal.example.com/group/subgroup/repo.git".to_string(),
-                r#ref: "main".to_string(),
-                path: "sessions/demo.hail.jsonl".to_string(),
-            },
-            &configured_gitlab_hosts,
-        )
-        .expect("self-managed gitlab raw url should build");
-        assert_eq!(
-            gitlab_self_managed,
-            "https://gitlab.internal.example.com/group/subgroup/repo/-/raw/main/sessions/demo.hail.jsonl"
-        );
-
-        let generic = build_git_raw_url(
-            &GitSource {
-                remote: "https://code.example.com/team/repo.git".to_string(),
-                r#ref: "main".to_string(),
-                path: "sessions/demo.hail.jsonl".to_string(),
-            },
-            &no_gitlab_hosts,
-        )
-        .expect("generic raw url should build");
-        assert_eq!(
-            generic,
-            "https://code.example.com/team/repo/raw/main/sessions/demo.hail.jsonl"
-        );
-    }
-
-    #[tokio::test]
-    async fn inline_source_too_large_returns_file_too_large() {
-        let oversized = vec![b'a'; MAX_SOURCE_SIZE_BYTES + 1];
-        let req = parse_request_for_inline("session.hail.jsonl", &oversized);
-        let err = prepare_parse_input(req.source)
-            .await
-            .expect_err("oversized inline source should fail");
-        assert_eq!(err.code, "file_too_large");
-        assert_eq!(err.status, StatusCode::UNPROCESSABLE_ENTITY);
-    }
-
-    #[test]
-    fn parser_selection_required_maps_to_expected_code() {
-        let mapped = map_parser_error(ParserParseError::ParserSelectionRequired {
-            message: "select parser".to_string(),
-            parser_candidates: vec![parser_ingest::ParseCandidate {
-                id: "codex".to_string(),
-                confidence: 91,
-                reason: "fixture".to_string(),
-            }],
-        });
-
-        assert_eq!(mapped.code, "parser_selection_required");
-        assert_eq!(mapped.status, StatusCode::UNPROCESSABLE_ENTITY);
-        assert_eq!(mapped.parser_candidates.len(), 1);
-        assert_eq!(mapped.parser_candidates[0].id, "codex");
-    }
-
-    #[tokio::test]
-    async fn parse_failed_maps_to_expected_code() {
-        let req = parse_request_for_inline("unknown.txt", b"not jsonl");
-        let input = prepare_parse_input(req.source)
-            .await
-            .expect("inline source should decode");
-
-        let err = parser_ingest::preview_parse_bytes(&input.filename, &input.bytes, None)
-            .expect_err("unrecognized source should fail parsing");
-        let mapped = map_parser_error(err);
-
-        assert_eq!(mapped.code, "parse_failed");
-        assert_eq!(mapped.status, StatusCode::UNPROCESSABLE_ENTITY);
-    }
-
-    #[test]
-    fn invalid_parser_hint_maps_to_invalid_source() {
-        let mapped = map_parser_error(ParserParseError::InvalidParserHint {
-            hint: "nope".to_string(),
-        });
-        assert_eq!(mapped.code, "invalid_source");
-        assert_eq!(mapped.status, StatusCode::BAD_REQUEST);
-    }
-
-    #[test]
-    fn content_type_validation_accepts_text_and_json() {
-        assert!(is_allowed_content_type("text/plain; charset=utf-8"));
-        assert!(is_allowed_content_type("application/json"));
-        assert!(is_allowed_content_type("application/x-ndjson"));
-        assert!(!is_allowed_content_type("application/octet-stream"));
-    }
-
-    #[test]
-    fn provider_detection_and_path_prefix_matching_are_stable() {
-        let no_gitlab_hosts = HashSet::new();
-        let mut configured_gitlab_hosts = HashSet::new();
-        configured_gitlab_hosts.insert("gitlab.internal.example.com".to_string());
-
-        assert_eq!(
-            provider_for_host("github.com", &no_gitlab_hosts),
-            Some("github")
-        );
-        assert_eq!(
-            provider_for_host("gitlab.com", &no_gitlab_hosts),
-            Some("gitlab")
-        );
-        assert_eq!(
-            provider_for_host("gitlab.internal.example.com", &no_gitlab_hosts),
-            None
-        );
-        assert_eq!(
-            provider_for_host("gitlab.internal.example.com", &configured_gitlab_hosts),
-            Some("gitlab")
-        );
-        assert_eq!(
-            provider_for_host("evil-gitlab.example", &no_gitlab_hosts),
-            None
-        );
-        assert_eq!(
-            provider_for_host("code.example.com", &no_gitlab_hosts),
-            None
-        );
-
-        assert!(path_prefix_matches("group/sub/repo", ""));
-        assert!(path_prefix_matches("group/sub/repo", "group/sub"));
-        assert!(path_prefix_matches("group/sub/repo", "group/sub/repo"));
-        assert!(!path_prefix_matches("group/sub/repo", "group/su"));
-        assert!(!path_prefix_matches("group/sub/repo", "group/sub/repo2"));
-    }
-
-    #[test]
-    fn git_source_rejects_http_remote() {
-        let err = normalize_git_source(
-            "http://code.example.com/team/repo",
-            "main",
-            "sessions/demo.hail.jsonl",
-        )
-        .expect_err("http remote must be rejected");
-        assert_eq!(err.code, "invalid_source");
-    }
-
-    #[test]
-    fn git_credential_error_codes_are_stable() {
-        let missing = PreviewRouteError::missing_git_credential(401);
-        assert_eq!(missing.code, "missing_git_credential");
-        assert_eq!(missing.status, StatusCode::UNAUTHORIZED);
-
-        let forbidden = PreviewRouteError::git_credential_forbidden(403);
-        assert_eq!(forbidden.code, "git_credential_forbidden");
-        assert_eq!(forbidden.status, StatusCode::FORBIDDEN);
-    }
-}
diff --git a/crates/server/src/routes/ingest/auth.rs b/crates/server/src/routes/ingest/auth.rs
new file mode 100644
index 00000000..46564cee
--- /dev/null
+++ b/crates/server/src/routes/ingest/auth.rs
@@ -0,0 +1,111 @@
+use opensession_api::{db as dbq, parse_preview_source::GitSource};
+
+use crate::AppConfig;
+use crate::storage::{Db, sq_query_map, sq_query_row};
+
+use super::errors::PreviewRouteError;
+use super::remote::{
+    configured_gitlab_hosts, path_prefix_matches, provider_for_host, repo_path_from_remote,
+    validate_remote_url,
+};
+
+pub(super) fn resolve_optional_user_id(
+    headers: &axum::http::HeaderMap,
+    db: &Db,
+    config: &AppConfig,
+) -> Result<Option<String>, PreviewRouteError> {
+    super::super::auth::try_auth_from_headers(headers, db, config)
+        .map(|user| user.map(|row| row.user_id))
+        .map_err(|_| PreviewRouteError::unauthorized("invalid authorization token"))
+}
+
+#[derive(Debug, Clone)]
+pub(super) enum GitCredentialSource {
+    Provider,
+    Manual {
+        credential_id: String,
+        user_id: String,
+    },
+}
+
+#[derive(Debug, Clone)]
+pub(super) struct GitFetchAuthHeader {
+    pub(super) header_name: String,
+    pub(super) header_value: String,
+    pub(super) source: GitCredentialSource,
+}
+
+pub(super) fn resolve_fetch_auth_header(
+    source: &GitSource,
+    db: &Db,
+    config: &AppConfig,
+    user_id: Option<&str>,
+) -> Result<Option<GitFetchAuthHeader>, PreviewRouteError> {
+    let Some(user_id) = user_id else {
+        return Ok(None);
+    };
+    let Some(keyring) = config.credential_keyring.as_ref() else {
+        return Ok(None);
+    };
+
+    let remote = validate_remote_url(&source.remote)?;
+    let host = remote
+        .host_str()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?
+        .to_ascii_lowercase();
+    let repo_path = repo_path_from_remote(&remote)?;
+    let conn = db.conn();
+    let gitlab_hosts = configured_gitlab_hosts(config);
+
+    if let Some(provider) = provider_for_host(&host, &gitlab_hosts) {
+        let provider_token_enc: Option<String> = sq_query_row(
+            &conn,
+            dbq::oauth_provider_tokens::get_by_user_provider_host(user_id, provider, &host),
+            |row| row.get(1),
+        )
+        .ok();
+        if let Some(enc) = provider_token_enc {
+            let token = keyring.decrypt(&enc).map_err(|_| {
+                PreviewRouteError::fetch_failed("failed to decrypt provider credential")
+            })?;
+            return Ok(Some(GitFetchAuthHeader {
+                header_name: "Authorization".to_string(),
+                header_value: format!("Bearer {token}"),
+                source: GitCredentialSource::Provider,
+            }));
+        }
+    }
+
+    let manual_rows: Vec<(String, String, String, String)> = sq_query_map(
+        &conn,
+        dbq::git_credentials::list_for_host_with_secret(user_id, &host),
+        |row| {
+            Ok((
+                row.get::<_, String>(0)?,
+                row.get::<_, String>(3)?,
+                row.get::<_, String>(4)?,
+                row.get::<_, String>(5)?,
+            ))
+        },
+    )
+    .map_err(|_| PreviewRouteError::fetch_failed("failed loading git credentials"))?;
+
+    for (credential_id, path_prefix, header_name, secret_enc) in manual_rows {
+        if !path_prefix_matches(&repo_path, &path_prefix) {
+            continue;
+        }
+        let secret = keyring
+            .decrypt(&secret_enc)
+            .map_err(|_| PreviewRouteError::fetch_failed("failed to decrypt git credential"))?;
+        return Ok(Some(GitFetchAuthHeader {
+            header_name,
+            header_value: secret,
+            source: GitCredentialSource::Manual {
+                credential_id,
+                user_id: user_id.to_string(),
+            },
+        }));
+    }
+
+    Ok(None)
+}
diff --git a/crates/server/src/routes/ingest/errors.rs b/crates/server/src/routes/ingest/errors.rs
new file mode 100644
index 00000000..370d3b5b
--- /dev/null
+++ b/crates/server/src/routes/ingest/errors.rs
@@ -0,0 +1,111 @@
+use axum::{Json, http::StatusCode};
+use opensession_api::{ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse};
+use opensession_parsers::ParseCandidate as ParserParseCandidate;
+
+use super::{MAX_SOURCE_SIZE_BYTES, to_api_candidates};
+
+#[derive(Debug, Clone)]
+pub(super) struct PreviewRouteError {
+    pub(super) status: StatusCode,
+    pub(super) code: &'static str,
+    pub(super) message: String,
+    pub(super) parser_candidates: Vec<ApiParseCandidate>,
+}
+
+impl PreviewRouteError {
+    pub(super) fn unauthorized(message: impl Into<String>) -> Self {
+        Self {
+            status: StatusCode::UNAUTHORIZED,
+            code: "unauthorized",
+            message: message.into(),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn invalid_source(message: impl Into<String>) -> Self {
+        Self {
+            status: StatusCode::BAD_REQUEST,
+            code: "invalid_source",
+            message: message.into(),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn fetch_failed(message: impl Into<String>) -> Self {
+        Self {
+            status: StatusCode::UNPROCESSABLE_ENTITY,
+            code: "fetch_failed",
+            message: message.into(),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn missing_git_credential(status_code: u16) -> Self {
+        Self {
+            status: StatusCode::UNAUTHORIZED,
+            code: "missing_git_credential",
+            message: format!(
+                "remote source returned status {status_code}; connect provider OAuth or register a git credential for this host"
+            ),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn git_credential_forbidden(status_code: u16) -> Self {
+        Self {
+            status: StatusCode::FORBIDDEN,
+            code: "git_credential_forbidden",
+            message: format!(
+                "configured credential was rejected by remote source (status {status_code})"
+            ),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn file_too_large(size: usize) -> Self {
+        Self {
+            status: StatusCode::UNPROCESSABLE_ENTITY,
+            code: "file_too_large",
+            message: format!(
+                "source is too large ({} bytes, max {} bytes)",
+                size, MAX_SOURCE_SIZE_BYTES
+            ),
+            parser_candidates: Vec::new(),
+        }
+    }
+
+    pub(super) fn parse_failed(
+        message: impl Into<String>,
+        parser_candidates: Vec<ParserParseCandidate>,
+    ) -> Self {
+        Self {
+            status: StatusCode::UNPROCESSABLE_ENTITY,
+            code: "parse_failed",
+            message: message.into(),
+            parser_candidates: to_api_candidates(parser_candidates),
+        }
+    }
+
+    pub(super) fn parser_selection_required(
+        message: impl Into<String>,
+        parser_candidates: Vec<ParserParseCandidate>,
+    ) -> Self {
+        Self {
+            status: StatusCode::UNPROCESSABLE_ENTITY,
+            code: "parser_selection_required",
+            message: message.into(),
+            parser_candidates: to_api_candidates(parser_candidates),
+        }
+    }
+
+    pub(super) fn into_http(self) -> (StatusCode, Json<ParsePreviewErrorResponse>) {
+        (
+            self.status,
+            Json(ParsePreviewErrorResponse {
+                code: self.code.to_string(),
+                message: self.message,
+                parser_candidates: self.parser_candidates,
+            }),
+        )
+    }
+}
diff --git a/crates/server/src/routes/ingest/fetch.rs b/crates/server/src/routes/ingest/fetch.rs
new file mode 100644
index 00000000..c43daca3
--- /dev/null
+++ b/crates/server/src/routes/ingest/fetch.rs
@@ -0,0 +1,154 @@
+use std::time::Duration;
+
+use opensession_api::parse_preview_source::GitSource;
+use reqwest::header::CONTENT_TYPE;
+
+use crate::AppConfig;
+use crate::storage::{Db, sq_execute};
+
+use super::auth::{GitCredentialSource, GitFetchAuthHeader, resolve_fetch_auth_header};
+use super::errors::PreviewRouteError;
+use super::remote::{
+    build_git_raw_url, configured_gitlab_hosts, ensure_remote_resolves_public, validate_remote_url,
+};
+use super::{FETCH_TIMEOUT_SECS, MAX_SOURCE_SIZE_BYTES};
+
+pub(super) async fn fetch_git_source(
+    source: &GitSource,
+    db: &Db,
+    config: &AppConfig,
+    user_id: Option<&str>,
+) -> Result<Vec<u8>, PreviewRouteError> {
+    let remote = validate_remote_url(&source.remote)?;
+    ensure_remote_resolves_public(&remote).await?;
+    let gitlab_hosts = configured_gitlab_hosts(config);
+    let url = build_git_raw_url(source, &gitlab_hosts)?;
+    let fetch_auth = resolve_fetch_auth_header(source, db, config, user_id)?;
+    let client = reqwest::Client::builder()
+        .redirect(reqwest::redirect::Policy::none())
+        .timeout(Duration::from_secs(FETCH_TIMEOUT_SECS))
+        .build()
+        .map_err(|_| PreviewRouteError::fetch_failed("failed to initialize fetch client"))?;
+
+    let mut request = client
+        .get(&url)
+        .header(reqwest::header::USER_AGENT, "opensession-ingest-preview");
+    if let Some(auth_header) = fetch_auth.as_ref() {
+        request = request.header(
+            auth_header.header_name.as_str(),
+            auth_header.header_value.as_str(),
+        );
+    }
+
+    let response = request
+        .send()
+        .await
+        .map_err(|_| PreviewRouteError::fetch_failed("failed to fetch source"))?;
+
+    if response.status().is_redirection() {
+        tracing::warn!(url = %url, status = %response.status(), "blocked redirect response from remote source");
+        return Err(PreviewRouteError::fetch_failed(
+            "redirect responses are not allowed",
+        ));
+    }
+
+    if matches!(response.status().as_u16(), 401 | 403) && user_id.is_some() {
+        tracing::warn!(
+            url = %url,
+            status = response.status().as_u16(),
+            has_auth = fetch_auth.is_some(),
+            "remote source authentication failed"
+        );
+        return Err(match fetch_auth {
+            Some(_) => PreviewRouteError::git_credential_forbidden(response.status().as_u16()),
+            None => PreviewRouteError::missing_git_credential(response.status().as_u16()),
+        });
+    }
+
+    if !response.status().is_success() {
+        return Err(PreviewRouteError::fetch_failed(format!(
+            "source fetch failed with status {}",
+            response.status().as_u16()
+        )));
+    }
+
+    if let Some(content_len) = response.content_length() {
+        if content_len > MAX_SOURCE_SIZE_BYTES as u64 {
+            return Err(PreviewRouteError::file_too_large(content_len as usize));
+        }
+    }
+
+    if let Some(content_type) = response
+        .headers()
+        .get(CONTENT_TYPE)
+        .and_then(|v| v.to_str().ok())
+    {
+        if !is_allowed_content_type(content_type) {
+            return Err(PreviewRouteError::fetch_failed(format!(
+                "unsupported content-type '{content_type}', expected text/json content",
+            )));
+        }
+    }
+
+    let body = response
+        .bytes()
+        .await
+        .map_err(|_| PreviewRouteError::fetch_failed("failed reading source body"))?;
+
+    if body.len() > MAX_SOURCE_SIZE_BYTES {
+        return Err(PreviewRouteError::file_too_large(body.len()));
+    }
+
+    if looks_binary(body.as_ref()) {
+        return Err(PreviewRouteError::fetch_failed(
+            "binary files are not supported",
+        ));
+    }
+
+    if let Some(GitFetchAuthHeader {
+        source:
+            GitCredentialSource::Manual {
+                credential_id,
+                user_id,
+            },
+        ..
+    }) = fetch_auth
+    {
+        let conn = db.conn();
+        let _ = sq_execute(
+            &conn,
+            opensession_api::db::git_credentials::touch_last_used(
+                credential_id.as_str(),
+                user_id.as_str(),
+            ),
+        );
+    }
+
+    Ok(body.to_vec())
+}
+
+pub(super) fn is_allowed_content_type(content_type: &str) -> bool {
+    let media_type = content_type
+        .split(';')
+        .next()
+        .unwrap_or_default()
+        .trim()
+        .to_ascii_lowercase();
+    if media_type.is_empty() {
+        return true;
+    }
+    if media_type.starts_with("text/") {
+        return true;
+    }
+    media_type == "application/json"
+        || media_type == "application/jsonl"
+        || media_type == "application/x-ndjson"
+        || media_type.ends_with("+json")
+}
+
+fn looks_binary(bytes: &[u8]) -> bool {
+    if bytes.contains(&0) {
+        return true;
+    }
+    std::str::from_utf8(bytes).is_err()
+}
diff --git a/crates/server/src/routes/ingest/input.rs b/crates/server/src/routes/ingest/input.rs
new file mode 100644
index 00000000..447cd21f
--- /dev/null
+++ b/crates/server/src/routes/ingest/input.rs
@@ -0,0 +1,157 @@
+use opensession_api::{
+    ParseSource,
+    parse_preview_source::{self as preview_source, GitSource, GithubSource},
+};
+
+use crate::AppConfig;
+use crate::storage::Db;
+
+use super::MAX_SOURCE_SIZE_BYTES;
+use super::errors::PreviewRouteError;
+use super::fetch::fetch_git_source;
+
+#[derive(Debug, Clone)]
+pub(super) struct ParseInput {
+    pub(super) source: ParseSource,
+    pub(super) filename: String,
+    pub(super) bytes: Vec<u8>,
+}
+
+#[cfg(test)]
+pub(super) async fn prepare_parse_input(
+    source: ParseSource,
+) -> Result<ParseInput, PreviewRouteError> {
+    prepare_parse_input_with_ctx(source, None, None, None).await
+}
+
+pub(super) async fn prepare_parse_input_with_ctx(
+    source: ParseSource,
+    db: Option<&Db>,
+    config: Option<&AppConfig>,
+    user_id: Option<&str>,
+) -> Result<ParseInput, PreviewRouteError> {
+    match source {
+        ParseSource::Git {
+            remote,
+            r#ref,
+            path,
+        } => {
+            let normalized = normalize_git_source(&remote, &r#ref, &path)?;
+            let db = db.ok_or_else(|| {
+                PreviewRouteError::fetch_failed("git source fetch is unavailable in this context")
+            })?;
+            let config = config.ok_or_else(|| {
+                PreviewRouteError::fetch_failed("git source fetch is unavailable in this context")
+            })?;
+            let bytes = fetch_git_source(&normalized, db, config, user_id).await?;
+            let filename = file_name_from_path(&normalized.path);
+
+            Ok(ParseInput {
+                source: ParseSource::Git {
+                    remote: normalized.remote,
+                    r#ref: normalized.r#ref,
+                    path: normalized.path,
+                },
+                filename,
+                bytes,
+            })
+        }
+        ParseSource::Github {
+            owner,
+            repo,
+            r#ref,
+            path,
+        } => {
+            let normalized = normalize_github_source(&owner, &repo, &r#ref, &path)?;
+            let db = db.ok_or_else(|| {
+                PreviewRouteError::fetch_failed(
+                    "github source fetch is unavailable in this context",
+                )
+            })?;
+            let config = config.ok_or_else(|| {
+                PreviewRouteError::fetch_failed(
+                    "github source fetch is unavailable in this context",
+                )
+            })?;
+            let bytes = fetch_git_source(
+                &GitSource {
+                    remote: format!(
+                        "https://github.com/{}/{}",
+                        normalized.owner, normalized.repo
+                    ),
+                    r#ref: normalized.r#ref.clone(),
+                    path: normalized.path.clone(),
+                },
+                db,
+                config,
+                user_id,
+            )
+            .await?;
+            let filename = file_name_from_path(&normalized.path);
+
+            Ok(ParseInput {
+                source: ParseSource::Github {
+                    owner: normalized.owner,
+                    repo: normalized.repo,
+                    r#ref: normalized.r#ref,
+                    path: normalized.path,
+                },
+                filename,
+                bytes,
+            })
+        }
+        ParseSource::Inline {
+            filename,
+            content_base64,
+        } => {
+            let filename = normalize_filename(&filename)?;
+            let bytes = decode_inline_content(&content_base64)?;
+            if bytes.len() > MAX_SOURCE_SIZE_BYTES {
+                return Err(PreviewRouteError::file_too_large(bytes.len()));
+            }
+
+            Ok(ParseInput {
+                source: ParseSource::Inline {
+                    filename: filename.clone(),
+                    // Do not echo full inline payload in preview responses.
+                    content_base64: String::new(),
+                },
+                filename,
+                bytes,
+            })
+        }
+    }
+}
+
+pub(super) fn normalize_git_source(
+    remote: &str,
+    r#ref: &str,
+    path: &str,
+) -> Result<GitSource, PreviewRouteError> {
+    preview_source::normalize_git_source(remote, r#ref, path)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
+}
+
+pub(super) fn normalize_github_source(
+    owner: &str,
+    repo: &str,
+    r#ref: &str,
+    path: &str,
+) -> Result<GithubSource, PreviewRouteError> {
+    preview_source::normalize_github_source(owner, repo, r#ref, path)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
+}
+
+fn normalize_filename(filename: &str) -> Result<String, PreviewRouteError> {
+    preview_source::normalize_filename(filename)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
+}
+
+fn decode_inline_content(content_base64: &str) -> Result<Vec<u8>, PreviewRouteError> {
+    preview_source::decode_inline_content(content_base64)
+        .map_err(|error| PreviewRouteError::invalid_source(error.message()))
+}
+
+pub(super) fn file_name_from_path(path: &str) -> String {
+    preview_source::file_name_from_path(path)
+}
diff --git a/crates/server/src/routes/ingest/mod.rs b/crates/server/src/routes/ingest/mod.rs
new file mode 100644
index 00000000..77b3df8f
--- /dev/null
+++ b/crates/server/src/routes/ingest/mod.rs
@@ -0,0 +1,87 @@
+use axum::{
+    Json,
+    extract::State,
+    http::{HeaderMap, StatusCode},
+};
+use opensession_api::{
+    ParseCandidate as ApiParseCandidate, ParsePreviewErrorResponse, ParsePreviewRequest,
+    ParsePreviewResponse,
+};
+use opensession_parsers::{
+    ParseCandidate as ParserParseCandidate, ParseError as ParserParseError, ParserRegistry,
+};
+
+use crate::AppConfig;
+use crate::storage::Db;
+
+mod auth;
+mod errors;
+mod fetch;
+mod input;
+mod remote;
+
+#[cfg(test)]
+mod tests;
+
+use auth::resolve_optional_user_id;
+use errors::PreviewRouteError;
+use input::prepare_parse_input_with_ctx;
+
+const FETCH_TIMEOUT_SECS: u64 = 10;
+const MAX_SOURCE_SIZE_BYTES: usize = 10 * 1024 * 1024;
+
+/// POST /api/parse/preview
+pub async fn preview(
+    State(db): State<Db>,
+    State(config): State<AppConfig>,
+    headers: HeaderMap,
+    Json(req): Json<ParsePreviewRequest>,
+) -> Result<Json<ParsePreviewResponse>, (StatusCode, Json<ParsePreviewErrorResponse>)> {
+    let user_id =
+        resolve_optional_user_id(&headers, &db, &config).map_err(PreviewRouteError::into_http)?;
+    let input =
+        prepare_parse_input_with_ctx(req.source, Some(&db), Some(&config), user_id.as_deref())
+            .await
+            .map_err(PreviewRouteError::into_http)?;
+
+    let preview = ParserRegistry::default()
+        .preview_bytes(&input.filename, &input.bytes, req.parser_hint.as_deref())
+        .map_err(map_parser_error)
+        .map_err(PreviewRouteError::into_http)?;
+
+    Ok(Json(ParsePreviewResponse {
+        parser_used: preview.parser_used,
+        parser_candidates: to_api_candidates(preview.parser_candidates),
+        session: preview.session,
+        source: input.source,
+        warnings: preview.warnings,
+        native_adapter: preview.native_adapter,
+    }))
+}
+
+fn map_parser_error(err: ParserParseError) -> PreviewRouteError {
+    match err {
+        ParserParseError::InvalidParserHint { hint } => {
+            PreviewRouteError::invalid_source(format!("unsupported parser_hint '{hint}'"))
+        }
+        ParserParseError::ParserSelectionRequired {
+            message,
+            parser_candidates,
+        } => PreviewRouteError::parser_selection_required(message, parser_candidates),
+        ParserParseError::ParseFailed {
+            message,
+            parser_candidates,
+        } => PreviewRouteError::parse_failed(message, parser_candidates),
+    }
+}
+
+pub(super) fn to_api_candidates(candidates: Vec<ParserParseCandidate>) -> Vec<ApiParseCandidate> {
+    candidates
+        .into_iter()
+        .map(|candidate| ApiParseCandidate {
+            id: candidate.id,
+            confidence: candidate.confidence,
+            reason: candidate.reason,
+        })
+        .collect()
+}
diff --git a/crates/server/src/routes/ingest/remote.rs b/crates/server/src/routes/ingest/remote.rs
new file mode 100644
index 00000000..19425e6f
--- /dev/null
+++ b/crates/server/src/routes/ingest/remote.rs
@@ -0,0 +1,304 @@
+use std::collections::HashSet;
+use std::net::{IpAddr, Ipv4Addr, Ipv6Addr};
+
+use opensession_api::parse_preview_source::GitSource;
+
+use crate::AppConfig;
+
+use super::errors::PreviewRouteError;
+
+pub(super) fn validate_remote_url(remote: &str) -> Result<reqwest::Url, PreviewRouteError> {
+    let parsed = reqwest::Url::parse(remote)
+        .map_err(|_| PreviewRouteError::invalid_source("remote must be an absolute http(s) URL"))?;
+
+    let scheme = parsed.scheme().to_ascii_lowercase();
+    if scheme != "https" {
+        return Err(PreviewRouteError::invalid_source("remote must use https"));
+    }
+
+    if !parsed.username().is_empty() || parsed.password().is_some() {
+        return Err(PreviewRouteError::invalid_source(
+            "remote cannot include credentials",
+        ));
+    }
+
+    if parsed.query().is_some() || parsed.fragment().is_some() {
+        return Err(PreviewRouteError::invalid_source(
+            "remote cannot include query or fragment",
+        ));
+    }
+
+    let host = parsed
+        .host_str()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
+
+    if is_disallowed_remote_host(host) {
+        return Err(PreviewRouteError::invalid_source(
+            "remote host is not allowed",
+        ));
+    }
+
+    let repo_path = parsed.path().trim_matches('/');
+    if repo_path.is_empty() {
+        return Err(PreviewRouteError::invalid_source(
+            "remote must include repository path",
+        ));
+    }
+
+    Ok(parsed)
+}
+
+fn is_disallowed_remote_host(host: &str) -> bool {
+    let lowered = host.to_ascii_lowercase();
+    if lowered == "localhost" || lowered.ends_with(".localhost") {
+        return true;
+    }
+
+    match host.parse::<IpAddr>() {
+        Ok(IpAddr::V4(v4)) => is_disallowed_ipv4(v4),
+        Ok(IpAddr::V6(v6)) => is_disallowed_ipv6(v6),
+        Err(_) => false,
+    }
+}
+
+fn is_disallowed_ipv4(ip: Ipv4Addr) -> bool {
+    ip.is_private()
+        || ip.is_loopback()
+        || ip.is_link_local()
+        || ip.is_broadcast()
+        || ip.is_documentation()
+        || ip.is_multicast()
+        || ip.is_unspecified()
+}
+
+fn is_disallowed_ipv6(ip: Ipv6Addr) -> bool {
+    ip.is_loopback()
+        || ip.is_unspecified()
+        || ip.is_unique_local()
+        || ip.is_unicast_link_local()
+        || ip.is_multicast()
+        || is_ipv6_documentation(ip)
+}
+
+fn is_ipv6_documentation(ip: Ipv6Addr) -> bool {
+    let segments = ip.segments();
+    segments[0] == 0x2001 && segments[1] == 0x0db8
+}
+
+pub(super) fn oauth_provider_host_from_url(raw: &str) -> Option<String> {
+    reqwest::Url::parse(raw)
+        .ok()
+        .and_then(|url| url.host_str().map(|value| value.to_ascii_lowercase()))
+}
+
+pub(super) fn configured_gitlab_hosts(config: &AppConfig) -> HashSet<String> {
+    config
+        .oauth_providers
+        .iter()
+        .filter(|provider| provider.id == "gitlab")
+        .filter_map(|provider| oauth_provider_host_from_url(&provider.token_url))
+        .collect()
+}
+
+pub(super) fn is_gitlab_host(host: &str, gitlab_hosts: &HashSet<String>) -> bool {
+    host == "gitlab.com" || gitlab_hosts.contains(host)
+}
+
+fn origin_from_url(url: &reqwest::Url) -> Result<String, PreviewRouteError> {
+    let host = url
+        .host_str()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
+    let mut origin = format!("{}://{host}", url.scheme());
+    if let Some(port) = url.port() {
+        origin.push(':');
+        origin.push_str(&port.to_string());
+    }
+    Ok(origin)
+}
+
+fn encode_segments(value: &str) -> String {
+    value
+        .split('/')
+        .map(|segment| urlencoding::encode(segment).into_owned())
+        .collect::<Vec<_>>()
+        .join("/")
+}
+
+fn strip_git_suffix(value: &str) -> &str {
+    value.strip_suffix(".git").unwrap_or(value)
+}
+
+fn repo_path_segments(url: &reqwest::Url) -> Result<Vec<String>, PreviewRouteError> {
+    let mut segments: Vec<String> = url
+        .path_segments()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote repository path is invalid"))?
+        .filter(|segment| !segment.is_empty())
+        .map(|segment| {
+            urlencoding::decode(segment)
+                .map(|decoded| decoded.trim().to_string())
+                .map_err(|_| {
+                    PreviewRouteError::invalid_source(
+                        "remote repository path contains invalid percent encoding",
+                    )
+                })
+        })
+        .collect::<Result<Vec<_>, _>>()?;
+
+    if segments.len() < 2 {
+        return Err(PreviewRouteError::invalid_source(
+            "remote must include owner/group and repository",
+        ));
+    }
+
+    if let Some(last) = segments.last_mut() {
+        *last = strip_git_suffix(last).to_string();
+    }
+
+    if segments
+        .iter()
+        .any(|segment| segment.is_empty() || segment == "." || segment == "..")
+    {
+        return Err(PreviewRouteError::invalid_source(
+            "remote repository path contains invalid segments",
+        ));
+    }
+
+    Ok(segments)
+}
+
+fn build_github_raw_url(
+    url: &reqwest::Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, PreviewRouteError> {
+    let segments = repo_path_segments(url)?;
+    if segments.len() != 2 {
+        return Err(PreviewRouteError::invalid_source(
+            "github remote must look like https://github.com/{owner}/{repo}",
+        ));
+    }
+
+    Ok(format!(
+        "https://raw.githubusercontent.com/{}/{}/{}/{}",
+        segments[0],
+        segments[1],
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+fn build_gitlab_raw_url(
+    url: &reqwest::Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, PreviewRouteError> {
+    let project_path = repo_path_segments(url)?.join("/");
+    let origin = origin_from_url(url)?;
+    Ok(format!(
+        "{}/{}/-/raw/{}/{}",
+        origin,
+        encode_segments(&project_path),
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+fn build_generic_raw_url(
+    url: &reqwest::Url,
+    r#ref: &str,
+    path: &str,
+) -> Result<String, PreviewRouteError> {
+    let repo_path = repo_path_segments(url)?.join("/");
+    let origin = origin_from_url(url)?;
+    Ok(format!(
+        "{}/{}/raw/{}/{}",
+        origin,
+        encode_segments(&repo_path),
+        encode_segments(r#ref),
+        encode_segments(path)
+    ))
+}
+
+pub(super) fn build_git_raw_url(
+    source: &GitSource,
+    gitlab_hosts: &HashSet<String>,
+) -> Result<String, PreviewRouteError> {
+    let remote = validate_remote_url(&source.remote)?;
+    let host = remote
+        .host_str()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?
+        .to_ascii_lowercase();
+
+    if host == "github.com" {
+        return build_github_raw_url(&remote, &source.r#ref, &source.path);
+    }
+    if is_gitlab_host(&host, gitlab_hosts) {
+        return build_gitlab_raw_url(&remote, &source.r#ref, &source.path);
+    }
+
+    build_generic_raw_url(&remote, &source.r#ref, &source.path)
+}
+
+pub(super) fn provider_for_host(
+    host: &str,
+    gitlab_hosts: &HashSet<String>,
+) -> Option<&'static str> {
+    if host == "github.com" {
+        return Some("github");
+    }
+    if is_gitlab_host(host, gitlab_hosts) {
+        return Some("gitlab");
+    }
+    None
+}
+
+pub(super) fn repo_path_from_remote(url: &reqwest::Url) -> Result<String, PreviewRouteError> {
+    Ok(repo_path_segments(url)?.join("/"))
+}
+
+pub(super) fn path_prefix_matches(repo_path: &str, prefix: &str) -> bool {
+    if prefix.is_empty() {
+        return true;
+    }
+    repo_path == prefix
+        || repo_path
+            .strip_prefix(prefix)
+            .is_some_and(|rest| rest.starts_with('/'))
+}
+
+pub(super) async fn ensure_remote_resolves_public(
+    remote: &reqwest::Url,
+) -> Result<(), PreviewRouteError> {
+    let host = remote
+        .host_str()
+        .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?;
+    if host.parse::<IpAddr>().is_ok() {
+        return Ok(());
+    }
+
+    let port = remote.port_or_known_default().unwrap_or(443);
+    let mut resolved = tokio::net::lookup_host((host, port))
+        .await
+        .map_err(|_| PreviewRouteError::fetch_failed("remote host DNS lookup failed"))?;
+    let mut found_any = false;
+    for addr in &mut resolved {
+        found_any = true;
+        let ip = addr.ip();
+        let disallowed = match ip {
+            IpAddr::V4(v4) => is_disallowed_ipv4(v4),
+            IpAddr::V6(v6) => is_disallowed_ipv6(v6),
+        };
+        if disallowed {
+            tracing::warn!(host = %host, ip = %ip, "blocked remote host resolving to disallowed IP");
+            return Err(PreviewRouteError::invalid_source(
+                "remote host resolves to a disallowed address",
+            ));
+        }
+    }
+    if !found_any {
+        return Err(PreviewRouteError::fetch_failed(
+            "remote host DNS lookup returned no addresses",
+        ));
+    }
+    Ok(())
+}
diff --git a/crates/server/src/routes/ingest/tests.rs b/crates/server/src/routes/ingest/tests.rs
new file mode 100644
index 00000000..139d7d82
--- /dev/null
+++ b/crates/server/src/routes/ingest/tests.rs
@@ -0,0 +1,298 @@
+use std::collections::HashSet;
+
+use axum::http::StatusCode;
+use base64::Engine;
+use opensession_api::{ParsePreviewRequest, ParseSource};
+use opensession_parsers::{
+    ParseCandidate as ParserParseCandidate, ParseError as ParserParseError, ParserRegistry,
+};
+
+use super::MAX_SOURCE_SIZE_BYTES;
+use super::errors::PreviewRouteError;
+use super::fetch::is_allowed_content_type;
+use super::input::{normalize_git_source, normalize_github_source, prepare_parse_input};
+use super::map_parser_error;
+use super::remote::{build_git_raw_url, path_prefix_matches, provider_for_host};
+
+fn parse_request_for_inline(filename: &str, raw: &[u8]) -> ParsePreviewRequest {
+    ParsePreviewRequest {
+        source: ParseSource::Inline {
+            filename: filename.to_string(),
+            content_base64: base64::engine::general_purpose::STANDARD.encode(raw),
+        },
+        parser_hint: None,
+    }
+}
+
+#[test]
+fn github_source_rejects_invalid_owner() {
+    let err = normalize_github_source("bad owner!", "repo", "main", "sessions/a.hail.jsonl")
+        .expect_err("owner validation must fail");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn github_source_rejects_invalid_ref() {
+    let err = normalize_github_source("owner", "repo", "main:prod", "sessions/a.hail.jsonl")
+        .expect_err("ref validation must fail");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn github_source_rejects_path_traversal_segments() {
+    let err = normalize_github_source("owner", "repo", "main", "sessions/../a.hail.jsonl")
+        .expect_err("path traversal must fail");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn github_source_accepts_normalized_path() {
+    let source = normalize_github_source(
+        "hwisu",
+        "opensession",
+        "main",
+        "sessions/foo%20bar.hail.jsonl",
+    )
+    .expect("source should be valid");
+    assert_eq!(source.path, "sessions/foo bar.hail.jsonl");
+    let remote = reqwest::Url::parse("https://github.com/hwisu/opensession")
+        .expect("remote url should parse");
+    assert_eq!(
+        build_git_raw_url(
+            &super::input::normalize_git_source(remote.as_str(), "main", &source.path)
+                .expect("normalized"),
+            &HashSet::new()
+        )
+        .expect("github raw url should build"),
+        "https://raw.githubusercontent.com/hwisu/opensession/main/sessions/foo%20bar.hail.jsonl"
+    );
+}
+
+#[test]
+fn git_source_rejects_localhost_remote() {
+    let err = normalize_git_source(
+        "http://localhost:3000/hwisu/opensession",
+        "main",
+        "sessions/demo.hail.jsonl",
+    )
+    .expect_err("localhost remote must be rejected");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn git_source_rejects_private_ip_remote() {
+    let err = normalize_git_source(
+        "http://192.168.0.10/hwisu/opensession",
+        "main",
+        "sessions/demo.hail.jsonl",
+    )
+    .expect_err("private ip remote must be rejected");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn git_source_rejects_credentials_and_query() {
+    let with_credentials = normalize_git_source(
+        "https://user:secret@example.com/org/repo",
+        "main",
+        "sessions/demo.hail.jsonl",
+    )
+    .expect_err("remote credentials must be rejected");
+    assert_eq!(with_credentials.code, "invalid_source");
+
+    let with_query = normalize_git_source(
+        "https://example.com/org/repo?token=1",
+        "main",
+        "sessions/demo.hail.jsonl",
+    )
+    .expect_err("remote query must be rejected");
+    assert_eq!(with_query.code, "invalid_source");
+}
+
+#[test]
+fn build_git_raw_url_uses_provider_aware_patterns() {
+    let no_gitlab_hosts = HashSet::new();
+    let mut configured_gitlab_hosts = HashSet::new();
+    configured_gitlab_hosts.insert("gitlab.internal.example.com".to_string());
+
+    let github = build_git_raw_url(
+        &super::input::normalize_git_source(
+            "https://github.com/hwisu/opensession",
+            "main",
+            "sessions/demo.hail.jsonl",
+        )
+        .expect("github source should normalize"),
+        &no_gitlab_hosts,
+    )
+    .expect("github raw url should build");
+    assert_eq!(
+        github,
+        "https://raw.githubusercontent.com/hwisu/opensession/main/sessions/demo.hail.jsonl"
+    );
+
+    let gitlab = build_git_raw_url(
+        &super::input::normalize_git_source(
+            "https://gitlab.com/group/subgroup/repo",
+            "main",
+            "sessions/demo.hail.jsonl",
+        )
+        .expect("gitlab source should normalize"),
+        &no_gitlab_hosts,
+    )
+    .expect("gitlab raw url should build");
+    assert_eq!(
+        gitlab,
+        "https://gitlab.com/group/subgroup/repo/-/raw/main/sessions/demo.hail.jsonl"
+    );
+
+    let gitlab_self_managed = build_git_raw_url(
+        &super::input::normalize_git_source(
+            "https://gitlab.internal.example.com/group/subgroup/repo.git",
+            "main",
+            "sessions/demo.hail.jsonl",
+        )
+        .expect("self-managed gitlab source should normalize"),
+        &configured_gitlab_hosts,
+    )
+    .expect("self-managed gitlab raw url should build");
+    assert_eq!(
+        gitlab_self_managed,
+        "https://gitlab.internal.example.com/group/subgroup/repo/-/raw/main/sessions/demo.hail.jsonl"
+    );
+
+    let generic = build_git_raw_url(
+        &super::input::normalize_git_source(
+            "https://code.example.com/team/repo.git",
+            "main",
+            "sessions/demo.hail.jsonl",
+        )
+        .expect("generic source should normalize"),
+        &no_gitlab_hosts,
+    )
+    .expect("generic raw url should build");
+    assert_eq!(
+        generic,
+        "https://code.example.com/team/repo/raw/main/sessions/demo.hail.jsonl"
+    );
+}
+
+#[tokio::test]
+async fn inline_source_too_large_returns_file_too_large() {
+    let oversized = vec![b'a'; MAX_SOURCE_SIZE_BYTES + 1];
+    let req = parse_request_for_inline("session.hail.jsonl", &oversized);
+    let err = prepare_parse_input(req.source)
+        .await
+        .expect_err("oversized inline source should fail");
+    assert_eq!(err.code, "file_too_large");
+    assert_eq!(err.status, StatusCode::UNPROCESSABLE_ENTITY);
+}
+
+#[test]
+fn parser_selection_required_maps_to_expected_code() {
+    let mapped = map_parser_error(ParserParseError::ParserSelectionRequired {
+        message: "select parser".to_string(),
+        parser_candidates: vec![ParserParseCandidate {
+            id: "codex".to_string(),
+            confidence: 91,
+            reason: "fixture".to_string(),
+        }],
+    });
+
+    assert_eq!(mapped.code, "parser_selection_required");
+    assert_eq!(mapped.status, StatusCode::UNPROCESSABLE_ENTITY);
+    assert_eq!(mapped.parser_candidates.len(), 1);
+    assert_eq!(mapped.parser_candidates[0].id, "codex");
+}
+
+#[tokio::test]
+async fn parse_failed_maps_to_expected_code() {
+    let req = parse_request_for_inline("unknown.txt", b"not jsonl");
+    let input = prepare_parse_input(req.source)
+        .await
+        .expect("inline source should decode");
+
+    let err = ParserRegistry::default()
+        .preview_bytes(&input.filename, &input.bytes, None)
+        .expect_err("unrecognized source should fail parsing");
+    let mapped = map_parser_error(err);
+
+    assert_eq!(mapped.code, "parse_failed");
+    assert_eq!(mapped.status, StatusCode::UNPROCESSABLE_ENTITY);
+}
+
+#[test]
+fn invalid_parser_hint_maps_to_invalid_source() {
+    let mapped = map_parser_error(ParserParseError::InvalidParserHint {
+        hint: "nope".to_string(),
+    });
+    assert_eq!(mapped.code, "invalid_source");
+    assert_eq!(mapped.status, StatusCode::BAD_REQUEST);
+}
+
+#[test]
+fn content_type_validation_accepts_text_and_json() {
+    assert!(is_allowed_content_type("text/plain; charset=utf-8"));
+    assert!(is_allowed_content_type("application/json"));
+    assert!(is_allowed_content_type("application/x-ndjson"));
+    assert!(!is_allowed_content_type("application/octet-stream"));
+}
+
+#[test]
+fn provider_detection_and_path_prefix_matching_are_stable() {
+    let no_gitlab_hosts = HashSet::new();
+    let mut configured_gitlab_hosts = HashSet::new();
+    configured_gitlab_hosts.insert("gitlab.internal.example.com".to_string());
+
+    assert_eq!(
+        provider_for_host("github.com", &no_gitlab_hosts),
+        Some("github")
+    );
+    assert_eq!(
+        provider_for_host("gitlab.com", &no_gitlab_hosts),
+        Some("gitlab")
+    );
+    assert_eq!(
+        provider_for_host("gitlab.internal.example.com", &no_gitlab_hosts),
+        None
+    );
+    assert_eq!(
+        provider_for_host("gitlab.internal.example.com", &configured_gitlab_hosts),
+        Some("gitlab")
+    );
+    assert_eq!(
+        provider_for_host("evil-gitlab.example", &no_gitlab_hosts),
+        None
+    );
+    assert_eq!(
+        provider_for_host("code.example.com", &no_gitlab_hosts),
+        None
+    );
+
+    assert!(path_prefix_matches("group/sub/repo", ""));
+    assert!(path_prefix_matches("group/sub/repo", "group/sub"));
+    assert!(path_prefix_matches("group/sub/repo", "group/sub/repo"));
+    assert!(!path_prefix_matches("group/sub/repo", "group/su"));
+    assert!(!path_prefix_matches("group/sub/repo", "group/sub/repo2"));
+}
+
+#[test]
+fn git_source_rejects_http_remote() {
+    let err = normalize_git_source(
+        "http://code.example.com/team/repo",
+        "main",
+        "sessions/demo.hail.jsonl",
+    )
+    .expect_err("http remote must be rejected");
+    assert_eq!(err.code, "invalid_source");
+}
+
+#[test]
+fn git_credential_error_codes_are_stable() {
+    let missing = PreviewRouteError::missing_git_credential(401);
+    assert_eq!(missing.code, "missing_git_credential");
+    assert_eq!(missing.status, StatusCode::UNAUTHORIZED);
+
+    let forbidden = PreviewRouteError::git_credential_forbidden(403);
+    assert_eq!(forbidden.code, "git_credential_forbidden");
+    assert_eq!(forbidden.status, StatusCode::FORBIDDEN);
+}
diff --git a/desktop/src-tauri/src/app/session_access.rs b/desktop/src-tauri/src/app/session_access.rs
index 3286402d..bb68dd93 100644
--- a/desktop/src-tauri/src/app/session_access.rs
+++ b/desktop/src-tauri/src/app/session_access.rs
@@ -9,9 +9,7 @@ use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::trace::Session as HailSession;
 use opensession_git_native::extract_git_context;
 use opensession_local_db::{LocalDb, LocalSessionLink, LocalSessionRow};
-use opensession_parsers::{
-    discover::discover_for_tool, ingest::preview_parse_bytes, parse_with_default_parsers,
-};
+use opensession_parsers::{ParserRegistry, discover::discover_for_tool};
 use serde_json::json;
 use std::collections::BTreeSet;
 use std::fs;
@@ -51,9 +49,10 @@ fn refresh_local_session_index(db: &LocalDb) {
     let mut parse_errors = 0usize;
     let mut upsert_errors = 0usize;
     let mut upserted = 0usize;
+    let parser_registry = ParserRegistry::default();
 
     for path in force_refresh_discovered_paths() {
-        let parsed = match parse_with_default_parsers(&path) {
+        let parsed = match parser_registry.parse_path(&path) {
             Ok(session) => session,
             Err(error) => {
                 parse_errors = parse_errors.saturating_add(1);
@@ -203,7 +202,7 @@ pub(crate) fn normalize_session_body_to_hail_jsonl(
 
     if let Some(path_text) = source_path {
         let path = Path::new(path_text);
-        if let Ok(Some(session)) = parse_with_default_parsers(path) {
+        if let Ok(Some(session)) = ParserRegistry::default().parse_path(path) {
             return session_to_hail_jsonl(session);
         }
     }
@@ -213,7 +212,9 @@ pub(crate) fn normalize_session_body_to_hail_jsonl(
         .and_then(|name| name.to_str())
         .unwrap_or("session.jsonl");
 
-    let preview = preview_parse_bytes(filename, body.as_bytes(), None).map_err(|error| {
+    let preview = ParserRegistry::default()
+        .preview_bytes(filename, body.as_bytes(), None)
+        .map_err(|error| {
         desktop_error(
             "desktop.session_parse_failed",
             422,

From 8230c105693ae3ee98025cd1f2571bc5377c049f Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 13:01:03 +0900
Subject: [PATCH 17/30] refactor(summary): split git collection helpers

---
 crates/summary/src/git.rs         | 734 ------------------------------
 crates/summary/src/git/collect.rs | 292 ++++++++++++
 crates/summary/src/git/mod.rs     |  10 +
 crates/summary/src/git/parse.rs   | 156 +++++++
 crates/summary/src/git/tests.rs   | 278 +++++++++++
 crates/summary/src/git/types.rs   |  11 +
 6 files changed, 747 insertions(+), 734 deletions(-)
 delete mode 100644 crates/summary/src/git.rs
 create mode 100644 crates/summary/src/git/collect.rs
 create mode 100644 crates/summary/src/git/mod.rs
 create mode 100644 crates/summary/src/git/parse.rs
 create mode 100644 crates/summary/src/git/tests.rs
 create mode 100644 crates/summary/src/git/types.rs

diff --git a/crates/summary/src/git.rs b/crates/summary/src/git.rs
deleted file mode 100644
index eec18fff..00000000
--- a/crates/summary/src/git.rs
+++ /dev/null
@@ -1,734 +0,0 @@
-use crate::text::compact_summary_snippet;
-use crate::types::HailCompactFileChange;
-use std::collections::HashMap;
-use std::path::{Path, PathBuf};
-
-#[derive(Debug, Clone)]
-pub struct GitSummaryContext {
-    pub source: String,
-    pub repo_root: PathBuf,
-    pub commit: Option<String>,
-    pub timeline_signals: Vec<String>,
-    pub file_changes: Vec<HailCompactFileChange>,
-}
-
-pub trait GitCommandRunner {
-    fn run(&self, repo_root: &Path, args: &[&str]) -> Result<String, String>;
-}
-
-#[derive(Debug, Clone, Copy, Default)]
-pub struct ShellGitCommandRunner;
-
-impl GitCommandRunner for ShellGitCommandRunner {
-    fn run(&self, repo_root: &Path, args: &[&str]) -> Result<String, String> {
-        let output = std::process::Command::new("git")
-            .arg("-C")
-            .arg(repo_root)
-            .args(args)
-            .output()
-            .map_err(|err| format!("failed to run git {}: {err}", args.join(" ")))?;
-
-        if !output.status.success() {
-            let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
-            if stderr.is_empty() {
-                return Err(format!(
-                    "git {} failed with status {}",
-                    args.join(" "),
-                    output.status
-                ));
-            }
-            return Err(stderr);
-        }
-
-        Ok(String::from_utf8_lossy(&output.stdout).to_string())
-    }
-}
-
-pub struct GitSummaryService<R> {
-    runner: R,
-}
-
-impl<R: GitCommandRunner> GitSummaryService<R> {
-    pub fn new(runner: R) -> Self {
-        Self { runner }
-    }
-
-    pub fn collect_commit_context(
-        &self,
-        repo_root: &Path,
-        commit: &str,
-        max_entries: usize,
-        classify_arch_layer: fn(&str) -> &'static str,
-    ) -> Option<GitSummaryContext> {
-        let name_status = self
-            .runner
-            .run(
-                repo_root,
-                &["show", "--name-status", "--format=", "--no-color", commit],
-            )
-            .ok()?;
-        let numstat = self
-            .runner
-            .run(
-                repo_root,
-                &["show", "--numstat", "--format=", "--no-color", commit],
-            )
-            .unwrap_or_default();
-
-        let file_changes = build_git_file_changes(
-            parse_git_name_status(&name_status),
-            parse_git_numstat(&numstat),
-            Vec::new(),
-            max_entries,
-            classify_arch_layer,
-        );
-        if file_changes.is_empty() {
-            return None;
-        }
-
-        let mut timeline_signals = Vec::new();
-        if let Ok(subject) = self
-            .runner
-            .run(repo_root, &["show", "--no-patch", "--format=%h %s", commit])
-        {
-            let compact = compact_summary_snippet(&subject, 180);
-            if !compact.is_empty() {
-                timeline_signals.push(format!("commit: {compact}"));
-            }
-        }
-        if timeline_signals.is_empty() {
-            timeline_signals.push(format!("commit: {}", compact_summary_snippet(commit, 32)));
-        }
-
-        Some(GitSummaryContext {
-            source: "git_commit".to_string(),
-            repo_root: repo_root.to_path_buf(),
-            commit: Some(commit.to_string()),
-            timeline_signals,
-            file_changes,
-        })
-    }
-
-    pub fn collect_working_tree_context(
-        &self,
-        repo_root: &Path,
-        max_entries: usize,
-        classify_arch_layer: fn(&str) -> &'static str,
-    ) -> Option<GitSummaryContext> {
-        let mut operation_by_path = HashMap::new();
-        for args in [
-            ["diff", "--name-status", "--no-color"].as_slice(),
-            ["diff", "--cached", "--name-status", "--no-color"].as_slice(),
-        ] {
-            let Ok(raw) = self.runner.run(repo_root, args) else {
-                continue;
-            };
-            for (path, operation) in parse_git_name_status(&raw) {
-                operation_by_path.insert(path, operation);
-            }
-        }
-
-        let mut numstat_by_path: HashMap<String, (u64, u64)> = HashMap::new();
-        for args in [
-            ["diff", "--numstat", "--no-color"].as_slice(),
-            ["diff", "--cached", "--numstat", "--no-color"].as_slice(),
-        ] {
-            let Ok(raw) = self.runner.run(repo_root, args) else {
-                continue;
-            };
-            for (path, (added, removed)) in parse_git_numstat(&raw) {
-                let entry = numstat_by_path.entry(path).or_insert((0, 0));
-                entry.0 = entry.0.saturating_add(added);
-                entry.1 = entry.1.saturating_add(removed);
-            }
-        }
-
-        let untracked_paths = self
-            .runner
-            .run(repo_root, &["ls-files", "--others", "--exclude-standard"])
-            .map(|raw| parse_git_untracked_paths(&raw))
-            .unwrap_or_default();
-
-        let file_changes = build_git_file_changes(
-            operation_by_path,
-            numstat_by_path,
-            untracked_paths,
-            max_entries,
-            classify_arch_layer,
-        );
-        if file_changes.is_empty() {
-            return None;
-        }
-
-        let mut timeline_signals = vec![format!(
-            "working_tree: {} files changed",
-            file_changes.len()
-        )];
-        if let Ok(status) = self.runner.run(
-            repo_root,
-            &["status", "--short", "--untracked-files=normal"],
-        ) {
-            for line in status.lines().take(6) {
-                let compact = compact_summary_snippet(line, 140);
-                if compact.is_empty() {
-                    continue;
-                }
-                timeline_signals.push(format!("status: {compact}"));
-            }
-        }
-
-        Some(GitSummaryContext {
-            source: "git_working_tree".to_string(),
-            repo_root: repo_root.to_path_buf(),
-            commit: None,
-            timeline_signals,
-            file_changes,
-        })
-    }
-
-    pub fn build_diff_preview_lines(
-        &self,
-        context: &GitSummaryContext,
-        max_files: usize,
-    ) -> Result<Vec<String>, String> {
-        let mut lines = Vec::new();
-        let commit = context.commit.as_deref();
-        for change in context.file_changes.iter().take(max_files) {
-            let patch = self.git_patch_for_file(
-                &context.repo_root,
-                commit,
-                &change.path,
-                &change.operation,
-            );
-            if patch.trim().is_empty() {
-                continue;
-            }
-
-            lines.push(format!("{} [{}]", change.path, change.operation));
-            for line in diff_preview_lines(&patch, 14, 180) {
-                lines.push(format!("  {line}"));
-            }
-            lines.push(String::new());
-        }
-
-        while lines.last().is_some_and(|line| line.is_empty()) {
-            lines.pop();
-        }
-
-        if lines.is_empty() {
-            return Err("Diff patch is unavailable for detected changes".to_string());
-        }
-        Ok(lines)
-    }
-
-    fn git_patch_for_file(
-        &self,
-        repo_root: &Path,
-        commit: Option<&str>,
-        path: &str,
-        operation: &str,
-    ) -> String {
-        if let Some(commit) = commit {
-            return self
-                .runner
-                .run(
-                    repo_root,
-                    &["show", "--no-color", "--format=", commit, "--", path],
-                )
-                .unwrap_or_default();
-        }
-
-        let staged = self
-            .runner
-            .run(repo_root, &["diff", "--cached", "--no-color", "--", path])
-            .unwrap_or_default();
-        let unstaged = self
-            .runner
-            .run(repo_root, &["diff", "--no-color", "--", path])
-            .unwrap_or_default();
-
-        let mut patch = String::new();
-        if !staged.trim().is_empty() {
-            patch.push_str(&staged);
-            if !staged.ends_with('\n') {
-                patch.push('\n');
-            }
-        }
-        if !unstaged.trim().is_empty() {
-            patch.push_str(&unstaged);
-        }
-        if !patch.trim().is_empty() {
-            return patch;
-        }
-        if operation == "create" {
-            return synthetic_new_file_patch(repo_root, path, 20).unwrap_or_default();
-        }
-        patch
-    }
-}
-
-pub fn parse_git_name_status(raw: &str) -> HashMap<String, String> {
-    let mut operations = HashMap::new();
-    for line in raw.lines() {
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        let parts = trimmed.split('\t').collect::<Vec<_>>();
-        if parts.is_empty() {
-            continue;
-        }
-
-        let status = parts[0].trim();
-        let path = if status.starts_with('R') || status.starts_with('C') {
-            parts.get(2).or_else(|| parts.get(1))
-        } else {
-            parts.get(1)
-        };
-        let Some(path) = path
-            .copied()
-            .map(str::trim)
-            .filter(|value| !value.is_empty())
-        else {
-            continue;
-        };
-
-        let operation = match status.chars().next().unwrap_or('M') {
-            'A' => "create",
-            'D' => "delete",
-            _ => "edit",
-        };
-        operations.insert(path.to_string(), operation.to_string());
-    }
-    operations
-}
-
-pub fn parse_git_numstat(raw: &str) -> HashMap<String, (u64, u64)> {
-    let mut stats = HashMap::new();
-    for line in raw.lines() {
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        let parts = trimmed.split('\t').collect::<Vec<_>>();
-        if parts.len() < 3 {
-            continue;
-        }
-        let path = parts[2].trim();
-        if path.is_empty() {
-            continue;
-        }
-        let added = parts[0].trim().parse::<u64>().unwrap_or(0);
-        let removed = parts[1].trim().parse::<u64>().unwrap_or(0);
-        stats.insert(path.to_string(), (added, removed));
-    }
-    stats
-}
-
-pub fn parse_git_untracked_paths(raw: &str) -> Vec<String> {
-    raw.lines()
-        .map(str::trim)
-        .filter(|line| !line.is_empty())
-        .map(ToString::to_string)
-        .collect()
-}
-
-fn build_git_file_changes(
-    operation_by_path: HashMap<String, String>,
-    numstat_by_path: HashMap<String, (u64, u64)>,
-    untracked_paths: Vec<String>,
-    max_entries: usize,
-    classify_arch_layer: fn(&str) -> &'static str,
-) -> Vec<HailCompactFileChange> {
-    let mut by_path: HashMap<String, HailCompactFileChange> = HashMap::new();
-
-    for (path, operation) in operation_by_path {
-        by_path
-            .entry(path.clone())
-            .and_modify(|entry| {
-                entry.operation = operation.clone();
-                entry.layer = classify_arch_layer(&path).to_string();
-            })
-            .or_insert_with(|| HailCompactFileChange {
-                path: path.clone(),
-                layer: classify_arch_layer(&path).to_string(),
-                operation,
-                lines_added: 0,
-                lines_removed: 0,
-            });
-    }
-
-    for (path, (added, removed)) in numstat_by_path {
-        let entry = by_path
-            .entry(path.clone())
-            .or_insert_with(|| HailCompactFileChange {
-                path: path.clone(),
-                layer: classify_arch_layer(&path).to_string(),
-                operation: "edit".to_string(),
-                lines_added: 0,
-                lines_removed: 0,
-            });
-        entry.lines_added = entry.lines_added.saturating_add(added);
-        entry.lines_removed = entry.lines_removed.saturating_add(removed);
-    }
-
-    for path in untracked_paths {
-        by_path
-            .entry(path.clone())
-            .and_modify(|entry| {
-                entry.operation = "create".to_string();
-                entry.layer = classify_arch_layer(&path).to_string();
-            })
-            .or_insert_with(|| HailCompactFileChange {
-                path: path.clone(),
-                layer: classify_arch_layer(&path).to_string(),
-                operation: "create".to_string(),
-                lines_added: 0,
-                lines_removed: 0,
-            });
-    }
-
-    let mut changes = by_path.into_values().collect::<Vec<_>>();
-    changes.sort_by(|lhs, rhs| lhs.path.cmp(&rhs.path));
-    changes.truncate(max_entries);
-    changes
-}
-
-fn synthetic_new_file_patch(repo_root: &Path, path: &str, max_lines: usize) -> Option<String> {
-    let full_path = repo_root.join(path);
-    if !full_path.exists() {
-        return None;
-    }
-    let bytes = std::fs::read(&full_path).ok()?;
-    let content = String::from_utf8_lossy(&bytes);
-    let mut out = String::new();
-    out.push_str(&format!("diff --git a/{path} b/{path}\n"));
-    out.push_str("new file mode 100644\n");
-    out.push_str("--- /dev/null\n");
-    out.push_str(&format!("+++ b/{path}\n"));
-    out.push_str("@@ new file @@\n");
-
-    let mut wrote_any = false;
-    for line in content.lines().take(max_lines) {
-        out.push('+');
-        out.push_str(line);
-        out.push('\n');
-        wrote_any = true;
-    }
-    if !wrote_any {
-        out.push_str("+(empty file)\n");
-    } else if content.lines().count() > max_lines {
-        out.push_str("+…\n");
-    }
-    Some(out)
-}
-
-fn truncate_preview_line(raw: &str, max_chars: usize) -> String {
-    if raw.chars().count() <= max_chars {
-        return raw.to_string();
-    }
-    let mut out = String::new();
-    for ch in raw.chars().take(max_chars.saturating_sub(1)) {
-        out.push(ch);
-    }
-    out.push('…');
-    out
-}
-
-fn diff_preview_lines(raw: &str, max_lines: usize, max_chars: usize) -> Vec<String> {
-    let mut lines = Vec::new();
-    let mut iter = raw.lines();
-    for _ in 0..max_lines {
-        let Some(line) = iter.next() else {
-            break;
-        };
-        lines.push(truncate_preview_line(line, max_chars));
-    }
-    if iter.next().is_some() {
-        lines.push("…".to_string());
-    }
-    lines
-}
-
-#[cfg(test)]
-mod tests {
-    use super::{
-        GitCommandRunner, GitSummaryContext, GitSummaryService, parse_git_name_status,
-        parse_git_numstat,
-    };
-    use crate::types::HailCompactFileChange;
-    use std::collections::HashMap;
-    use std::path::{Path, PathBuf};
-
-    #[derive(Clone, Default)]
-    struct MockRunner {
-        outputs: HashMap<String, Result<String, String>>,
-    }
-
-    impl MockRunner {
-        fn with(args: &[&str], result: Result<&str, &str>) -> (String, Result<String, String>) {
-            (
-                args.join("\u{1f}"),
-                result.map(ToString::to_string).map_err(ToString::to_string),
-            )
-        }
-    }
-
-    impl GitCommandRunner for MockRunner {
-        fn run(&self, _repo_root: &Path, args: &[&str]) -> Result<String, String> {
-            self.outputs
-                .get(&args.join("\u{1f}"))
-                .cloned()
-                .unwrap_or_else(|| Err(format!("missing mock for {}", args.join(" "))))
-        }
-    }
-
-    fn classify(path: &str) -> &'static str {
-        if path.ends_with(".md") {
-            "docs"
-        } else {
-            "application"
-        }
-    }
-
-    #[test]
-    fn parse_git_name_status_extracts_operations_and_paths() {
-        let raw = "M\tpackages/ui/src/components/SessionDetailPage.svelte\nA\tdocs/summary.md\nR100\told.rs\tnew.rs\n";
-        let parsed = parse_git_name_status(raw);
-        assert_eq!(
-            parsed.get("packages/ui/src/components/SessionDetailPage.svelte"),
-            Some(&"edit".to_string())
-        );
-        assert_eq!(parsed.get("docs/summary.md"), Some(&"create".to_string()));
-        assert_eq!(parsed.get("new.rs"), Some(&"edit".to_string()));
-    }
-
-    #[test]
-    fn parse_git_numstat_extracts_line_counts() {
-        let raw =
-            "12\t3\tpackages/ui/src/components/SessionDetailPage.svelte\n-\t-\tassets/logo.png\n";
-        let parsed = parse_git_numstat(raw);
-        assert_eq!(
-            parsed.get("packages/ui/src/components/SessionDetailPage.svelte"),
-            Some(&(12, 3))
-        );
-        assert_eq!(parsed.get("assets/logo.png"), Some(&(0, 0)));
-    }
-
-    #[test]
-    fn collect_commit_context_uses_subject_and_file_changes() {
-        let runner = MockRunner {
-            outputs: HashMap::from([
-                MockRunner::with(
-                    &["show", "--name-status", "--format=", "--no-color", "abc123"],
-                    Ok("M\tsrc/lib.rs\nA\tdocs/summary.md\n"),
-                ),
-                MockRunner::with(
-                    &["show", "--numstat", "--format=", "--no-color", "abc123"],
-                    Ok("5\t1\tsrc/lib.rs\n2\t0\tdocs/summary.md\n"),
-                ),
-                MockRunner::with(
-                    &["show", "--no-patch", "--format=%h %s", "abc123"],
-                    Ok("abc123 feat: improve auth\n"),
-                ),
-            ]),
-        };
-        let service = GitSummaryService::new(runner);
-
-        let context = service
-            .collect_commit_context(Path::new("/tmp/repo"), "abc123", 10, classify)
-            .expect("commit context");
-
-        assert_eq!(context.source, "git_commit");
-        assert_eq!(context.commit.as_deref(), Some("abc123"));
-        assert_eq!(
-            context.timeline_signals.first().map(String::as_str),
-            Some("commit: abc123 feat: improve auth")
-        );
-        assert_eq!(context.file_changes.len(), 2);
-        assert_eq!(context.file_changes[0].path, "docs/summary.md");
-        assert_eq!(context.file_changes[0].operation, "create");
-        assert_eq!(context.file_changes[0].lines_added, 2);
-        assert_eq!(context.file_changes[1].path, "src/lib.rs");
-        assert_eq!(context.file_changes[1].operation, "edit");
-        assert_eq!(context.file_changes[1].lines_added, 5);
-        assert_eq!(context.file_changes[1].lines_removed, 1);
-    }
-
-    #[test]
-    fn collect_commit_context_falls_back_to_commit_when_subject_missing() {
-        let runner = MockRunner {
-            outputs: HashMap::from([
-                MockRunner::with(
-                    &[
-                        "show",
-                        "--name-status",
-                        "--format=",
-                        "--no-color",
-                        "deadbeef",
-                    ],
-                    Ok("M\tsrc/lib.rs\n"),
-                ),
-                MockRunner::with(
-                    &["show", "--numstat", "--format=", "--no-color", "deadbeef"],
-                    Ok("1\t0\tsrc/lib.rs\n"),
-                ),
-                MockRunner::with(
-                    &["show", "--no-patch", "--format=%h %s", "deadbeef"],
-                    Err("no subject"),
-                ),
-            ]),
-        };
-        let service = GitSummaryService::new(runner);
-
-        let context = service
-            .collect_commit_context(Path::new("/tmp/repo"), "deadbeef", 10, classify)
-            .expect("commit context fallback");
-        assert_eq!(
-            context.timeline_signals.first().map(String::as_str),
-            Some("commit: deadbeef")
-        );
-    }
-
-    #[test]
-    fn collect_working_tree_context_merges_sources_and_limits_status_lines() {
-        let runner = MockRunner {
-            outputs: HashMap::from([
-                MockRunner::with(
-                    &["diff", "--name-status", "--no-color"],
-                    Ok("M\tsrc/app.rs\n"),
-                ),
-                MockRunner::with(
-                    &["diff", "--cached", "--name-status", "--no-color"],
-                    Ok("A\tnew/file.rs\nD\told/file.rs\n"),
-                ),
-                MockRunner::with(
-                    &["diff", "--numstat", "--no-color"],
-                    Ok("3\t1\tsrc/app.rs\n"),
-                ),
-                MockRunner::with(
-                    &["diff", "--cached", "--numstat", "--no-color"],
-                    Ok("10\t0\tnew/file.rs\n0\t4\told/file.rs\n"),
-                ),
-                MockRunner::with(
-                    &["ls-files", "--others", "--exclude-standard"],
-                    Ok("scratch.txt\n"),
-                ),
-                MockRunner::with(
-                    &["status", "--short", "--untracked-files=normal"],
-                    Ok(
-                        "M src/app.rs\nA new/file.rs\nD old/file.rs\n?? scratch.txt\nline5\nline6\nline7\nline8\n",
-                    ),
-                ),
-            ]),
-        };
-        let service = GitSummaryService::new(runner);
-
-        let context = service
-            .collect_working_tree_context(Path::new("/tmp/repo"), 10, classify)
-            .expect("working tree context");
-        assert_eq!(context.source, "git_working_tree");
-        assert!(context.commit.is_none());
-        assert_eq!(
-            context.timeline_signals.first().map(String::as_str),
-            Some("working_tree: 4 files changed")
-        );
-        assert_eq!(context.timeline_signals.len(), 7);
-        assert_eq!(context.file_changes.len(), 4);
-        assert!(
-            context
-                .file_changes
-                .iter()
-                .any(|change| change.path == "scratch.txt" && change.operation == "create")
-        );
-        assert!(
-            context
-                .file_changes
-                .iter()
-                .any(|change| change.path == "old/file.rs" && change.operation == "delete")
-        );
-    }
-
-    #[test]
-    fn build_diff_preview_lines_returns_error_when_patch_missing() {
-        let runner = MockRunner {
-            outputs: HashMap::from([
-                MockRunner::with(
-                    &["diff", "--cached", "--no-color", "--", "src/app.rs"],
-                    Ok(""),
-                ),
-                MockRunner::with(&["diff", "--no-color", "--", "src/app.rs"], Ok("")),
-            ]),
-        };
-        let service = GitSummaryService::new(runner);
-        let context = GitSummaryContext {
-            source: "git_working_tree".to_string(),
-            repo_root: PathBuf::from("/tmp"),
-            commit: None,
-            timeline_signals: Vec::new(),
-            file_changes: vec![HailCompactFileChange {
-                path: "src/app.rs".to_string(),
-                layer: "application".to_string(),
-                operation: "edit".to_string(),
-                lines_added: 0,
-                lines_removed: 0,
-            }],
-        };
-
-        let error = service
-            .build_diff_preview_lines(&context, 4)
-            .expect_err("missing patch should fail");
-        assert!(error.contains("Diff patch is unavailable"));
-    }
-
-    #[test]
-    fn build_diff_preview_lines_uses_synthetic_patch_for_create_operation() {
-        let unique = format!(
-            "ops-summary-git-synthetic-{}",
-            chrono::Utc::now().timestamp_nanos_opt().unwrap_or(0)
-        );
-        let repo_root = std::env::temp_dir().join(unique);
-        std::fs::create_dir_all(&repo_root).expect("create repo dir");
-        std::fs::write(repo_root.join("added.txt"), "line-1\nline-2\n").expect("write new file");
-
-        let runner = MockRunner {
-            outputs: HashMap::from([
-                MockRunner::with(
-                    &["diff", "--cached", "--no-color", "--", "added.txt"],
-                    Ok(""),
-                ),
-                MockRunner::with(&["diff", "--no-color", "--", "added.txt"], Ok("")),
-            ]),
-        };
-        let service = GitSummaryService::new(runner);
-        let context = GitSummaryContext {
-            source: "git_working_tree".to_string(),
-            repo_root: repo_root.clone(),
-            commit: None,
-            timeline_signals: Vec::new(),
-            file_changes: vec![HailCompactFileChange {
-                path: "added.txt".to_string(),
-                layer: "application".to_string(),
-                operation: "create".to_string(),
-                lines_added: 0,
-                lines_removed: 0,
-            }],
-        };
-
-        let lines = service
-            .build_diff_preview_lines(&context, 4)
-            .expect("synthetic diff preview");
-        assert_eq!(
-            lines.first().map(String::as_str),
-            Some("added.txt [create]")
-        );
-        assert!(
-            lines
-                .iter()
-                .any(|line| line.contains("new file mode 100644"))
-        );
-        assert!(lines.iter().any(|line| line.contains("+line-1")));
-
-        std::fs::remove_dir_all(&repo_root).ok();
-    }
-}
diff --git a/crates/summary/src/git/collect.rs b/crates/summary/src/git/collect.rs
new file mode 100644
index 00000000..bc161056
--- /dev/null
+++ b/crates/summary/src/git/collect.rs
@@ -0,0 +1,292 @@
+use crate::git::parse::{
+    build_git_file_changes, diff_preview_lines, parse_git_name_status, parse_git_numstat,
+    parse_git_untracked_paths,
+};
+use crate::git::types::GitSummaryContext;
+use crate::text::compact_summary_snippet;
+use std::collections::HashMap;
+use std::path::Path;
+
+pub trait GitCommandRunner {
+    fn run(&self, repo_root: &Path, args: &[&str]) -> Result<String, String>;
+}
+
+#[derive(Debug, Clone, Copy, Default)]
+pub struct ShellGitCommandRunner;
+
+impl GitCommandRunner for ShellGitCommandRunner {
+    fn run(&self, repo_root: &Path, args: &[&str]) -> Result<String, String> {
+        let output = std::process::Command::new("git")
+            .arg("-C")
+            .arg(repo_root)
+            .args(args)
+            .output()
+            .map_err(|err| format!("failed to run git {}: {err}", args.join(" ")))?;
+
+        if !output.status.success() {
+            let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
+            if stderr.is_empty() {
+                return Err(format!(
+                    "git {} failed with status {}",
+                    args.join(" "),
+                    output.status
+                ));
+            }
+            return Err(stderr);
+        }
+
+        Ok(String::from_utf8_lossy(&output.stdout).to_string())
+    }
+}
+
+pub struct GitSummaryService<R> {
+    runner: R,
+}
+
+impl<R: GitCommandRunner> GitSummaryService<R> {
+    pub fn new(runner: R) -> Self {
+        Self { runner }
+    }
+
+    pub fn collect_commit_context(
+        &self,
+        repo_root: &Path,
+        commit: &str,
+        max_entries: usize,
+        classify_arch_layer: fn(&str) -> &'static str,
+    ) -> Option<GitSummaryContext> {
+        let name_status = self
+            .runner
+            .run(
+                repo_root,
+                &["show", "--name-status", "--format=", "--no-color", commit],
+            )
+            .ok()?;
+        let numstat = self
+            .runner
+            .run(
+                repo_root,
+                &["show", "--numstat", "--format=", "--no-color", commit],
+            )
+            .unwrap_or_default();
+
+        let file_changes = build_git_file_changes(
+            parse_git_name_status(&name_status),
+            parse_git_numstat(&numstat),
+            Vec::new(),
+            max_entries,
+            classify_arch_layer,
+        );
+        if file_changes.is_empty() {
+            return None;
+        }
+
+        let mut timeline_signals = Vec::new();
+        if let Ok(subject) = self
+            .runner
+            .run(repo_root, &["show", "--no-patch", "--format=%h %s", commit])
+        {
+            let compact = compact_summary_snippet(&subject, 180);
+            if !compact.is_empty() {
+                timeline_signals.push(format!("commit: {compact}"));
+            }
+        }
+        if timeline_signals.is_empty() {
+            timeline_signals.push(format!("commit: {}", compact_summary_snippet(commit, 32)));
+        }
+
+        Some(GitSummaryContext {
+            source: "git_commit".to_string(),
+            repo_root: repo_root.to_path_buf(),
+            commit: Some(commit.to_string()),
+            timeline_signals,
+            file_changes,
+        })
+    }
+
+    pub fn collect_working_tree_context(
+        &self,
+        repo_root: &Path,
+        max_entries: usize,
+        classify_arch_layer: fn(&str) -> &'static str,
+    ) -> Option<GitSummaryContext> {
+        let mut operation_by_path = HashMap::new();
+        for args in [
+            ["diff", "--name-status", "--no-color"].as_slice(),
+            ["diff", "--cached", "--name-status", "--no-color"].as_slice(),
+        ] {
+            let Ok(raw) = self.runner.run(repo_root, args) else {
+                continue;
+            };
+            for (path, operation) in parse_git_name_status(&raw) {
+                operation_by_path.insert(path, operation);
+            }
+        }
+
+        let mut numstat_by_path: HashMap<String, (u64, u64)> = HashMap::new();
+        for args in [
+            ["diff", "--numstat", "--no-color"].as_slice(),
+            ["diff", "--cached", "--numstat", "--no-color"].as_slice(),
+        ] {
+            let Ok(raw) = self.runner.run(repo_root, args) else {
+                continue;
+            };
+            for (path, (added, removed)) in parse_git_numstat(&raw) {
+                let entry = numstat_by_path.entry(path).or_insert((0, 0));
+                entry.0 = entry.0.saturating_add(added);
+                entry.1 = entry.1.saturating_add(removed);
+            }
+        }
+
+        let untracked_paths = self
+            .runner
+            .run(repo_root, &["ls-files", "--others", "--exclude-standard"])
+            .map(|raw| parse_git_untracked_paths(&raw))
+            .unwrap_or_default();
+
+        let file_changes = build_git_file_changes(
+            operation_by_path,
+            numstat_by_path,
+            untracked_paths,
+            max_entries,
+            classify_arch_layer,
+        );
+        if file_changes.is_empty() {
+            return None;
+        }
+
+        let mut timeline_signals = vec![format!(
+            "working_tree: {} files changed",
+            file_changes.len()
+        )];
+        if let Ok(status) = self.runner.run(
+            repo_root,
+            &["status", "--short", "--untracked-files=normal"],
+        ) {
+            for line in status.lines().take(6) {
+                let compact = compact_summary_snippet(line, 140);
+                if compact.is_empty() {
+                    continue;
+                }
+                timeline_signals.push(format!("status: {compact}"));
+            }
+        }
+
+        Some(GitSummaryContext {
+            source: "git_working_tree".to_string(),
+            repo_root: repo_root.to_path_buf(),
+            commit: None,
+            timeline_signals,
+            file_changes,
+        })
+    }
+
+    pub fn build_diff_preview_lines(
+        &self,
+        context: &GitSummaryContext,
+        max_files: usize,
+    ) -> Result<Vec<String>, String> {
+        let mut lines = Vec::new();
+        let commit = context.commit.as_deref();
+        for change in context.file_changes.iter().take(max_files) {
+            let patch = self.git_patch_for_file(
+                &context.repo_root,
+                commit,
+                &change.path,
+                &change.operation,
+            );
+            if patch.trim().is_empty() {
+                continue;
+            }
+
+            lines.push(format!("{} [{}]", change.path, change.operation));
+            for line in diff_preview_lines(&patch, 14, 180) {
+                lines.push(format!("  {line}"));
+            }
+            lines.push(String::new());
+        }
+
+        while lines.last().is_some_and(|line| line.is_empty()) {
+            lines.pop();
+        }
+
+        if lines.is_empty() {
+            return Err("Diff patch is unavailable for detected changes".to_string());
+        }
+        Ok(lines)
+    }
+
+    fn git_patch_for_file(
+        &self,
+        repo_root: &Path,
+        commit: Option<&str>,
+        path: &str,
+        operation: &str,
+    ) -> String {
+        if let Some(commit) = commit {
+            return self
+                .runner
+                .run(
+                    repo_root,
+                    &["show", "--no-color", "--format=", commit, "--", path],
+                )
+                .unwrap_or_default();
+        }
+
+        let staged = self
+            .runner
+            .run(repo_root, &["diff", "--cached", "--no-color", "--", path])
+            .unwrap_or_default();
+        let unstaged = self
+            .runner
+            .run(repo_root, &["diff", "--no-color", "--", path])
+            .unwrap_or_default();
+
+        let mut patch = String::new();
+        if !staged.trim().is_empty() {
+            patch.push_str(&staged);
+            if !staged.ends_with('\n') {
+                patch.push('\n');
+            }
+        }
+        if !unstaged.trim().is_empty() {
+            patch.push_str(&unstaged);
+        }
+        if !patch.trim().is_empty() {
+            return patch;
+        }
+        if operation == "create" {
+            return synthetic_new_file_patch(repo_root, path, 20).unwrap_or_default();
+        }
+        patch
+    }
+}
+
+fn synthetic_new_file_patch(repo_root: &Path, path: &str, max_lines: usize) -> Option<String> {
+    let full_path = repo_root.join(path);
+    if !full_path.exists() {
+        return None;
+    }
+    let bytes = std::fs::read(&full_path).ok()?;
+    let content = String::from_utf8_lossy(&bytes);
+    let mut out = String::new();
+    out.push_str(&format!("diff --git a/{path} b/{path}\n"));
+    out.push_str("new file mode 100644\n");
+    out.push_str("--- /dev/null\n");
+    out.push_str(&format!("+++ b/{path}\n"));
+    out.push_str("@@ new file @@\n");
+
+    let mut wrote_any = false;
+    for line in content.lines().take(max_lines) {
+        out.push('+');
+        out.push_str(line);
+        out.push('\n');
+        wrote_any = true;
+    }
+    if !wrote_any {
+        out.push_str("+(empty file)\n");
+    } else if content.lines().count() > max_lines {
+        out.push_str("+…\n");
+    }
+    Some(out)
+}
diff --git a/crates/summary/src/git/mod.rs b/crates/summary/src/git/mod.rs
new file mode 100644
index 00000000..adccd066
--- /dev/null
+++ b/crates/summary/src/git/mod.rs
@@ -0,0 +1,10 @@
+mod collect;
+mod parse;
+mod types;
+
+pub use collect::{GitCommandRunner, GitSummaryService, ShellGitCommandRunner};
+pub use parse::{parse_git_name_status, parse_git_numstat, parse_git_untracked_paths};
+pub use types::GitSummaryContext;
+
+#[cfg(test)]
+mod tests;
diff --git a/crates/summary/src/git/parse.rs b/crates/summary/src/git/parse.rs
new file mode 100644
index 00000000..adcd22e3
--- /dev/null
+++ b/crates/summary/src/git/parse.rs
@@ -0,0 +1,156 @@
+use crate::types::HailCompactFileChange;
+use std::collections::HashMap;
+
+pub fn parse_git_name_status(raw: &str) -> HashMap<String, String> {
+    let mut operations = HashMap::new();
+    for line in raw.lines() {
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        let parts = trimmed.split('\t').collect::<Vec<_>>();
+        if parts.is_empty() {
+            continue;
+        }
+
+        let status = parts[0].trim();
+        let path = if status.starts_with('R') || status.starts_with('C') {
+            parts.get(2).or_else(|| parts.get(1))
+        } else {
+            parts.get(1)
+        };
+        let Some(path) = path
+            .copied()
+            .map(str::trim)
+            .filter(|value| !value.is_empty())
+        else {
+            continue;
+        };
+
+        let operation = match status.chars().next().unwrap_or('M') {
+            'A' => "create",
+            'D' => "delete",
+            _ => "edit",
+        };
+        operations.insert(path.to_string(), operation.to_string());
+    }
+    operations
+}
+
+pub fn parse_git_numstat(raw: &str) -> HashMap<String, (u64, u64)> {
+    let mut stats = HashMap::new();
+    for line in raw.lines() {
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        let parts = trimmed.split('\t').collect::<Vec<_>>();
+        if parts.len() < 3 {
+            continue;
+        }
+        let path = parts[2].trim();
+        if path.is_empty() {
+            continue;
+        }
+        let added = parts[0].trim().parse::<u64>().unwrap_or(0);
+        let removed = parts[1].trim().parse::<u64>().unwrap_or(0);
+        stats.insert(path.to_string(), (added, removed));
+    }
+    stats
+}
+
+pub fn parse_git_untracked_paths(raw: &str) -> Vec<String> {
+    raw.lines()
+        .map(str::trim)
+        .filter(|line| !line.is_empty())
+        .map(ToString::to_string)
+        .collect()
+}
+
+pub(crate) fn build_git_file_changes(
+    operation_by_path: HashMap<String, String>,
+    numstat_by_path: HashMap<String, (u64, u64)>,
+    untracked_paths: Vec<String>,
+    max_entries: usize,
+    classify_arch_layer: fn(&str) -> &'static str,
+) -> Vec<HailCompactFileChange> {
+    let mut by_path: HashMap<String, HailCompactFileChange> = HashMap::new();
+
+    for (path, operation) in operation_by_path {
+        by_path
+            .entry(path.clone())
+            .and_modify(|entry| {
+                entry.operation = operation.clone();
+                entry.layer = classify_arch_layer(&path).to_string();
+            })
+            .or_insert_with(|| HailCompactFileChange {
+                path: path.clone(),
+                layer: classify_arch_layer(&path).to_string(),
+                operation,
+                lines_added: 0,
+                lines_removed: 0,
+            });
+    }
+
+    for (path, (added, removed)) in numstat_by_path {
+        let entry = by_path
+            .entry(path.clone())
+            .or_insert_with(|| HailCompactFileChange {
+                path: path.clone(),
+                layer: classify_arch_layer(&path).to_string(),
+                operation: "edit".to_string(),
+                lines_added: 0,
+                lines_removed: 0,
+            });
+        entry.lines_added = entry.lines_added.saturating_add(added);
+        entry.lines_removed = entry.lines_removed.saturating_add(removed);
+    }
+
+    for path in untracked_paths {
+        by_path
+            .entry(path.clone())
+            .and_modify(|entry| {
+                entry.operation = "create".to_string();
+                entry.layer = classify_arch_layer(&path).to_string();
+            })
+            .or_insert_with(|| HailCompactFileChange {
+                path: path.clone(),
+                layer: classify_arch_layer(&path).to_string(),
+                operation: "create".to_string(),
+                lines_added: 0,
+                lines_removed: 0,
+            });
+    }
+
+    let mut changes = by_path.into_values().collect::<Vec<_>>();
+    changes.sort_by(|lhs, rhs| lhs.path.cmp(&rhs.path));
+    changes.truncate(max_entries);
+    changes
+}
+
+pub(crate) fn diff_preview_lines(raw: &str, max_lines: usize, max_chars: usize) -> Vec<String> {
+    let mut lines = Vec::new();
+    let mut iter = raw.lines();
+    for _ in 0..max_lines {
+        let Some(line) = iter.next() else {
+            break;
+        };
+        lines.push(truncate_preview_line(line, max_chars));
+    }
+    if iter.next().is_some() {
+        lines.push("…".to_string());
+    }
+    lines
+}
+
+fn truncate_preview_line(raw: &str, max_chars: usize) -> String {
+    if raw.chars().count() <= max_chars {
+        return raw.to_string();
+    }
+    let mut out = String::new();
+    for ch in raw.chars().take(max_chars.saturating_sub(1)) {
+        out.push(ch);
+    }
+    out.push('…');
+    out
+}
diff --git a/crates/summary/src/git/tests.rs b/crates/summary/src/git/tests.rs
new file mode 100644
index 00000000..0508dd00
--- /dev/null
+++ b/crates/summary/src/git/tests.rs
@@ -0,0 +1,278 @@
+use super::{
+    GitCommandRunner, GitSummaryContext, GitSummaryService, parse_git_name_status,
+    parse_git_numstat,
+};
+use crate::types::HailCompactFileChange;
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+
+#[derive(Clone, Default)]
+struct MockRunner {
+    outputs: HashMap<String, Result<String, String>>,
+}
+
+impl MockRunner {
+    fn with(args: &[&str], result: Result<&str, &str>) -> (String, Result<String, String>) {
+        (
+            args.join("\u{1f}"),
+            result.map(ToString::to_string).map_err(ToString::to_string),
+        )
+    }
+}
+
+impl GitCommandRunner for MockRunner {
+    fn run(&self, _repo_root: &Path, args: &[&str]) -> Result<String, String> {
+        self.outputs
+            .get(&args.join("\u{1f}"))
+            .cloned()
+            .unwrap_or_else(|| Err(format!("missing mock for {}", args.join(" "))))
+    }
+}
+
+fn classify(path: &str) -> &'static str {
+    if path.ends_with(".md") {
+        "docs"
+    } else {
+        "application"
+    }
+}
+
+#[test]
+fn parse_git_name_status_extracts_operations_and_paths() {
+    let raw = "M\tpackages/ui/src/components/SessionDetailPage.svelte\nA\tdocs/summary.md\nR100\told.rs\tnew.rs\n";
+    let parsed = parse_git_name_status(raw);
+    assert_eq!(
+        parsed.get("packages/ui/src/components/SessionDetailPage.svelte"),
+        Some(&"edit".to_string())
+    );
+    assert_eq!(parsed.get("docs/summary.md"), Some(&"create".to_string()));
+    assert_eq!(parsed.get("new.rs"), Some(&"edit".to_string()));
+}
+
+#[test]
+fn parse_git_numstat_extracts_line_counts() {
+    let raw = "12\t3\tpackages/ui/src/components/SessionDetailPage.svelte\n-\t-\tassets/logo.png\n";
+    let parsed = parse_git_numstat(raw);
+    assert_eq!(
+        parsed.get("packages/ui/src/components/SessionDetailPage.svelte"),
+        Some(&(12, 3))
+    );
+    assert_eq!(parsed.get("assets/logo.png"), Some(&(0, 0)));
+}
+
+#[test]
+fn collect_commit_context_uses_subject_and_file_changes() {
+    let runner = MockRunner {
+        outputs: HashMap::from([
+            MockRunner::with(
+                &["show", "--name-status", "--format=", "--no-color", "abc123"],
+                Ok("M\tsrc/lib.rs\nA\tdocs/summary.md\n"),
+            ),
+            MockRunner::with(
+                &["show", "--numstat", "--format=", "--no-color", "abc123"],
+                Ok("5\t1\tsrc/lib.rs\n2\t0\tdocs/summary.md\n"),
+            ),
+            MockRunner::with(
+                &["show", "--no-patch", "--format=%h %s", "abc123"],
+                Ok("abc123 feat: improve auth\n"),
+            ),
+        ]),
+    };
+    let service = GitSummaryService::new(runner);
+
+    let context = service
+        .collect_commit_context(Path::new("/tmp/repo"), "abc123", 10, classify)
+        .expect("commit context");
+
+    assert_eq!(context.source, "git_commit");
+    assert_eq!(context.commit.as_deref(), Some("abc123"));
+    assert_eq!(
+        context.timeline_signals.first().map(String::as_str),
+        Some("commit: abc123 feat: improve auth")
+    );
+    assert_eq!(context.file_changes.len(), 2);
+    assert_eq!(context.file_changes[0].path, "docs/summary.md");
+    assert_eq!(context.file_changes[0].operation, "create");
+    assert_eq!(context.file_changes[0].lines_added, 2);
+    assert_eq!(context.file_changes[1].path, "src/lib.rs");
+    assert_eq!(context.file_changes[1].operation, "edit");
+    assert_eq!(context.file_changes[1].lines_added, 5);
+    assert_eq!(context.file_changes[1].lines_removed, 1);
+}
+
+#[test]
+fn collect_commit_context_falls_back_to_commit_when_subject_missing() {
+    let runner = MockRunner {
+        outputs: HashMap::from([
+            MockRunner::with(
+                &[
+                    "show",
+                    "--name-status",
+                    "--format=",
+                    "--no-color",
+                    "deadbeef",
+                ],
+                Ok("M\tsrc/lib.rs\n"),
+            ),
+            MockRunner::with(
+                &["show", "--numstat", "--format=", "--no-color", "deadbeef"],
+                Ok("1\t0\tsrc/lib.rs\n"),
+            ),
+            MockRunner::with(
+                &["show", "--no-patch", "--format=%h %s", "deadbeef"],
+                Err("no subject"),
+            ),
+        ]),
+    };
+    let service = GitSummaryService::new(runner);
+
+    let context = service
+        .collect_commit_context(Path::new("/tmp/repo"), "deadbeef", 10, classify)
+        .expect("commit context fallback");
+    assert_eq!(
+        context.timeline_signals.first().map(String::as_str),
+        Some("commit: deadbeef")
+    );
+}
+
+#[test]
+fn collect_working_tree_context_merges_sources_and_limits_status_lines() {
+    let runner = MockRunner {
+        outputs: HashMap::from([
+            MockRunner::with(
+                &["diff", "--name-status", "--no-color"],
+                Ok("M\tsrc/app.rs\n"),
+            ),
+            MockRunner::with(
+                &["diff", "--cached", "--name-status", "--no-color"],
+                Ok("A\tnew/file.rs\nD\told/file.rs\n"),
+            ),
+            MockRunner::with(
+                &["diff", "--numstat", "--no-color"],
+                Ok("3\t1\tsrc/app.rs\n"),
+            ),
+            MockRunner::with(
+                &["diff", "--cached", "--numstat", "--no-color"],
+                Ok("10\t0\tnew/file.rs\n0\t4\told/file.rs\n"),
+            ),
+            MockRunner::with(
+                &["ls-files", "--others", "--exclude-standard"],
+                Ok("scratch.txt\n"),
+            ),
+            MockRunner::with(
+                &["status", "--short", "--untracked-files=normal"],
+                Ok(
+                    "M src/app.rs\nA new/file.rs\nD old/file.rs\n?? scratch.txt\nline5\nline6\nline7\nline8\n",
+                ),
+            ),
+        ]),
+    };
+    let service = GitSummaryService::new(runner);
+
+    let context = service
+        .collect_working_tree_context(Path::new("/tmp/repo"), 10, classify)
+        .expect("working tree context");
+    assert_eq!(context.source, "git_working_tree");
+    assert!(context.commit.is_none());
+    assert_eq!(
+        context.timeline_signals.first().map(String::as_str),
+        Some("working_tree: 4 files changed")
+    );
+    assert_eq!(context.timeline_signals.len(), 7);
+    assert_eq!(context.file_changes.len(), 4);
+    assert!(
+        context
+            .file_changes
+            .iter()
+            .any(|change| change.path == "scratch.txt" && change.operation == "create")
+    );
+    assert!(
+        context
+            .file_changes
+            .iter()
+            .any(|change| change.path == "old/file.rs" && change.operation == "delete")
+    );
+}
+
+#[test]
+fn build_diff_preview_lines_returns_error_when_patch_missing() {
+    let runner = MockRunner {
+        outputs: HashMap::from([
+            MockRunner::with(
+                &["diff", "--cached", "--no-color", "--", "src/app.rs"],
+                Ok(""),
+            ),
+            MockRunner::with(&["diff", "--no-color", "--", "src/app.rs"], Ok("")),
+        ]),
+    };
+    let service = GitSummaryService::new(runner);
+    let context = GitSummaryContext {
+        source: "git_working_tree".to_string(),
+        repo_root: PathBuf::from("/tmp"),
+        commit: None,
+        timeline_signals: Vec::new(),
+        file_changes: vec![HailCompactFileChange {
+            path: "src/app.rs".to_string(),
+            layer: "application".to_string(),
+            operation: "edit".to_string(),
+            lines_added: 0,
+            lines_removed: 0,
+        }],
+    };
+
+    let error = service
+        .build_diff_preview_lines(&context, 4)
+        .expect_err("missing patch should fail");
+    assert!(error.contains("Diff patch is unavailable"));
+}
+
+#[test]
+fn build_diff_preview_lines_uses_synthetic_patch_for_create_operation() {
+    let unique = format!(
+        "ops-summary-git-synthetic-{}",
+        chrono::Utc::now().timestamp_nanos_opt().unwrap_or(0)
+    );
+    let repo_root = std::env::temp_dir().join(unique);
+    std::fs::create_dir_all(&repo_root).expect("create repo dir");
+    std::fs::write(repo_root.join("added.txt"), "line-1\nline-2\n").expect("write new file");
+
+    let runner = MockRunner {
+        outputs: HashMap::from([
+            MockRunner::with(
+                &["diff", "--cached", "--no-color", "--", "added.txt"],
+                Ok(""),
+            ),
+            MockRunner::with(&["diff", "--no-color", "--", "added.txt"], Ok("")),
+        ]),
+    };
+    let service = GitSummaryService::new(runner);
+    let context = GitSummaryContext {
+        source: "git_working_tree".to_string(),
+        repo_root: repo_root.clone(),
+        commit: None,
+        timeline_signals: Vec::new(),
+        file_changes: vec![HailCompactFileChange {
+            path: "added.txt".to_string(),
+            layer: "application".to_string(),
+            operation: "create".to_string(),
+            lines_added: 0,
+            lines_removed: 0,
+        }],
+    };
+
+    let lines = service
+        .build_diff_preview_lines(&context, 4)
+        .expect("synthetic diff preview");
+    assert_eq!(
+        lines.first().map(String::as_str),
+        Some("added.txt [create]")
+    );
+    assert!(
+        lines
+            .iter()
+            .any(|line| line.contains("new file mode 100644"))
+    );
+    assert!(lines.iter().any(|line| line.contains("+line-1")));
+
+    std::fs::remove_dir_all(&repo_root).ok();
+}
diff --git a/crates/summary/src/git/types.rs b/crates/summary/src/git/types.rs
new file mode 100644
index 00000000..376bd3e9
--- /dev/null
+++ b/crates/summary/src/git/types.rs
@@ -0,0 +1,11 @@
+use crate::types::HailCompactFileChange;
+use std::path::PathBuf;
+
+#[derive(Debug, Clone)]
+pub struct GitSummaryContext {
+    pub source: String,
+    pub repo_root: PathBuf,
+    pub commit: Option<String>,
+    pub timeline_signals: Vec<String>,
+    pub file_changes: Vec<HailCompactFileChange>,
+}

From 5784a9695ad39aa577f42f3db5f5b7c958eedeaa Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 13:02:36 +0900
Subject: [PATCH 18/30] test(cli): split handoff CLI integration coverage

---
 crates/cli/tests/handoff_cli.rs               | 2108 +----------------
 crates/cli/tests/handoff_cli/cleanup_cli.rs   |  327 +++
 crates/cli/tests/handoff_cli/handoff_cases.rs |  141 ++
 crates/cli/tests/handoff_cli/help_cli.rs      |  126 +
 crates/cli/tests/handoff_cli/inspect_cli.rs   |   37 +
 crates/cli/tests/handoff_cli/parse_cli.rs     |  125 +
 crates/cli/tests/handoff_cli/review_cli.rs    |   99 +
 crates/cli/tests/handoff_cli/setup_cli.rs     |  331 +++
 crates/cli/tests/handoff_cli/share_cli.rs     |  610 +++++
 crates/cli/tests/handoff_cli/view_cli.rs      |  304 +++
 10 files changed, 2118 insertions(+), 2090 deletions(-)
 create mode 100644 crates/cli/tests/handoff_cli/cleanup_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/handoff_cases.rs
 create mode 100644 crates/cli/tests/handoff_cli/help_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/inspect_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/parse_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/review_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/setup_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/share_cli.rs
 create mode 100644 crates/cli/tests/handoff_cli/view_cli.rs

diff --git a/crates/cli/tests/handoff_cli.rs b/crates/cli/tests/handoff_cli.rs
index 6c3b9e43..a210d9c1 100644
--- a/crates/cli/tests/handoff_cli.rs
+++ b/crates/cli/tests/handoff_cli.rs
@@ -247,2093 +247,21 @@ fn setup_review_fixture(
     )
 }
 
-#[test]
-fn help_shows_v1_commands() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["--help"]);
-    assert!(output.status.success());
-    let stdout = String::from_utf8_lossy(&output.stdout).to_lowercase();
-    assert!(stdout.contains("register"));
-    assert!(stdout.contains("share"));
-    assert!(stdout.contains("view"));
-    assert!(stdout.contains("handoff"));
-    assert!(!stdout.contains("\n  setup  "));
-    assert!(!stdout.contains("publish"));
-    assert!(stdout.contains("first-user flow (5 minutes):"));
-    assert!(stdout.contains("opensession docs quickstart"));
-    assert!(stdout.contains("common next steps:"));
-    assert!(stdout.contains("opensession doctor --fix"));
-}
-
-#[test]
-fn parse_help_shows_recovery_examples() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["parse", "--help"]);
-    assert!(output.status.success());
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    assert!(stdout.contains("Recovery examples:"));
-    assert!(stdout.contains("opensession parse --profile codex ./raw-session.jsonl --preview"));
-    assert!(stdout.contains(
-        "opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl"
-    ));
-}
-
-#[test]
-fn share_help_shows_recovery_examples() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["share", "--help"]);
-    assert!(output.status.success());
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    assert!(stdout.contains("Recovery examples:"));
-    assert!(stdout.contains("opensession share os://src/local/<sha256> --git --remote origin"));
-    assert!(stdout.contains(
-        "opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web"
-    ));
-}
-
-#[test]
-fn view_help_shows_recovery_examples() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["view", "--help"]);
-    assert!(output.status.success());
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    assert!(stdout.contains("Recovery examples:"));
-    assert!(stdout.contains("opensession view --no-open"));
-    assert!(stdout.contains("opensession view os://src/local/<sha256> --no-open"));
-    assert!(stdout.contains("opensession view ./session.hail.jsonl --no-open"));
-    assert!(stdout.contains("opensession view HEAD~3..HEAD --no-open"));
-}
-
-#[test]
-fn doctor_help_shows_recovery_examples() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["doctor", "--help"]);
-    assert!(output.status.success());
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    assert!(stdout.contains("Recovery examples:"));
-    assert!(stdout.contains("opensession doctor --fix --profile local"));
-    assert!(stdout.contains("opensession doctor --fix --yes --profile app"));
-    assert!(stdout.contains("opensession docs quickstart"));
-}
-
-#[test]
-fn doctor_yes_without_fix_shows_next_steps() {
-    let tmp = make_home();
-    let output = run(tmp.path(), tmp.path(), &["doctor", "--yes"]);
-    assert!(!output.status.success());
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    assert!(stderr.contains("`--yes` requires `--fix`"));
-    assert!(stderr.contains("next:"));
-    assert!(
-        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
-    );
-}
-
-#[test]
-fn doctor_fanout_without_fix_shows_next_steps() {
-    let tmp = make_home();
-    let output = run(
-        tmp.path(),
-        tmp.path(),
-        &["doctor", "--fanout-mode", "hidden_ref"],
-    );
-    assert!(!output.status.success());
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    assert!(stderr.contains("`--fanout-mode` requires `--fix`"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession doctor --fix --fanout-mode hidden_ref"));
-}
-
-#[test]
-fn register_and_cat_roundtrip() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-register"));
-
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", input.to_str().expect("path")],
-    );
-    assert!(
-        register_out.status.success(),
-        "register failed: {}",
-        String::from_utf8_lossy(&register_out.stderr)
-    );
-    let uri = first_non_empty_line(&register_out.stdout);
-    assert!(uri.starts_with("os://src/local/"));
-
-    let cat_out = run(tmp.path(), &repo, &["cat", &uri]);
-    assert!(cat_out.status.success());
-    let cat_body = String::from_utf8_lossy(&cat_out.stdout);
-    let parsed = Session::from_jsonl(&cat_body).expect("cat output is valid jsonl");
-    assert_eq!(parsed.session_id, "s-register");
-}
-
-#[test]
-fn share_web_rejects_local_uri() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-web"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let output = run(tmp.path(), &repo, &["share", &local_uri, "--web"]);
-    assert!(!output.status.success());
-    let stderr = String::from_utf8_lossy(&output.stderr);
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("--git --remote"));
-}
-
-#[test]
-fn share_git_requires_remote_guidance() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-missing-remote"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(tmp.path(), &repo, &["share", &local_uri, "--git"]);
-    assert!(!share_out.status.success());
-    let stderr = String::from_utf8_lossy(&share_out.stderr);
-    assert!(stderr.contains("`--remote <name|url>` is required"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession share <local_uri> --git --remote origin"));
-}
-
-#[test]
-fn share_quick_auto_detects_origin_without_push_and_reports_state() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-quick-no-push"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(
-        tmp.path(),
-        &repo,
-        &["share", &local_uri, "--quick", "--json"],
-    );
-    assert!(
-        share_out.status.success(),
-        "share --quick failed: {}",
-        String::from_utf8_lossy(&share_out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&share_out.stdout).expect("quick share json");
-    assert_eq!(payload.get("quick").and_then(Value::as_bool), Some(true));
-    assert_eq!(payload.get("pushed").and_then(Value::as_bool), Some(false));
-    assert_eq!(
-        payload.get("auto_push_consent").and_then(Value::as_bool),
-        Some(false)
-    );
-    assert_eq!(
-        payload.get("remote_target").and_then(Value::as_str),
-        Some("origin")
-    );
-    assert!(
-        payload
-            .get("push_cmd")
-            .and_then(Value::as_str)
-            .unwrap_or_default()
-            .contains("git push origin")
-    );
-}
-
-#[test]
-fn share_quick_push_consent_persists_and_enables_auto_push() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let first_input = repo.join("first.hail.jsonl");
-    write_file(&first_input, &make_hail_jsonl("s-share-quick-first"));
-    let first_register = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", first_input.to_str().expect("path")],
-    );
-    let first_local_uri = first_non_empty_line(&first_register.stdout);
-    let first_share = run(
-        tmp.path(),
-        &repo,
-        &["share", &first_local_uri, "--quick", "--push", "--json"],
-    );
-    assert!(
-        first_share.status.success(),
-        "share --quick --push failed: {}",
-        String::from_utf8_lossy(&first_share.stderr)
-    );
-    let first_payload: Value =
-        serde_json::from_slice(&first_share.stdout).expect("quick share json");
-    assert_eq!(
-        first_payload.get("quick").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        first_payload.get("pushed").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        first_payload
-            .get("auto_push_consent")
-            .and_then(Value::as_bool),
-        Some(true)
-    );
-
-    let consent_config = first_non_empty_line(
-        &run_git(
-            &repo,
-            &[
-                "config",
-                "--local",
-                "--get",
-                "opensession.share.auto-push-consent",
-            ],
-        )
-        .stdout,
-    );
-    assert_eq!(consent_config, "true");
-
-    let second_input = repo.join("second.hail.jsonl");
-    write_file(&second_input, &make_hail_jsonl("s-share-quick-second"));
-    let second_register = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", second_input.to_str().expect("path")],
-    );
-    let second_local_uri = first_non_empty_line(&second_register.stdout);
-    let second_hash = second_local_uri
-        .split('/')
-        .next_back()
-        .expect("local uri hash")
-        .to_string();
-
-    let second_share = run(
-        tmp.path(),
-        &repo,
-        &["share", &second_local_uri, "--quick", "--json"],
-    );
-    assert!(
-        second_share.status.success(),
-        "second share --quick failed: {}",
-        String::from_utf8_lossy(&second_share.stderr)
-    );
-    let second_payload: Value =
-        serde_json::from_slice(&second_share.stdout).expect("second quick share json");
-    assert_eq!(
-        second_payload.get("quick").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        second_payload.get("pushed").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        second_payload
-            .get("auto_push_consent")
-            .and_then(Value::as_bool),
-        Some(true)
-    );
-
-    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
-    run_git(
-        tmp.path(),
-        &[
-            "--git-dir",
-            remote.to_str().expect("remote"),
-            "show",
-            &format!("{ledger_ref}:sessions/{second_hash}.jsonl"),
-        ],
-    );
-}
-
-#[test]
-fn share_quick_requires_remote_when_none_exist() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-quick-no-remote"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(tmp.path(), &repo, &["share", &local_uri, "--quick"]);
-    assert!(!share_out.status.success());
-    let stderr = String::from_utf8_lossy(&share_out.stderr);
-    assert!(stderr.contains("no remotes were found"));
-    assert!(stderr.contains("git remote add origin"));
-}
-
-#[test]
-fn share_quick_rejects_ambiguous_remote_and_allows_explicit_override() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-    run_git(
-        &repo,
-        &[
-            "remote",
-            "add",
-            "upstream",
-            "https://github.com/example/upstream.git",
-        ],
-    );
-    run_git(
-        &repo,
-        &[
-            "remote",
-            "add",
-            "mirror",
-            "https://github.com/example/mirror.git",
-        ],
-    );
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-quick-ambiguous"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let ambiguous = run(tmp.path(), &repo, &["share", &local_uri, "--quick"]);
-    assert!(!ambiguous.status.success());
-    let stderr = String::from_utf8_lossy(&ambiguous.stderr);
-    assert!(stderr.contains("could not choose a remote automatically"));
-    assert!(stderr.contains("--quick --remote origin"));
-
-    let explicit = run(
-        tmp.path(),
-        &repo,
-        &[
-            "share", &local_uri, "--quick", "--remote", "upstream", "--json",
-        ],
-    );
-    assert!(
-        explicit.status.success(),
-        "share --quick --remote upstream failed: {}",
-        String::from_utf8_lossy(&explicit.stderr)
-    );
-    let payload: Value =
-        serde_json::from_slice(&explicit.stdout).expect("explicit quick share json");
-    assert_eq!(payload.get("quick").and_then(Value::as_bool), Some(true));
-    assert_eq!(
-        payload.get("remote_target").and_then(Value::as_str),
-        Some("upstream")
-    );
-}
-
-#[test]
-fn share_web_requires_config_with_next_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let uri = opensession_core::source_uri::SourceUri::Src(
-        opensession_core::source_uri::SourceSpec::Git {
-            remote: "https://git.example/repo.git".to_string(),
-            r#ref: "refs/heads/main".to_string(),
-            path: "sessions/demo.jsonl".to_string(),
-        },
-    )
-    .to_string();
-
-    let out = run(tmp.path(), &repo, &["share", &uri, "--web"]);
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("missing config"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession config init --base-url"));
-}
-
-#[test]
-fn share_git_outside_repo_shows_next_steps() {
-    let tmp = make_home();
-    let outside = tmp.path().join("outside");
-    fs::create_dir_all(&outside).expect("create outside dir");
-
-    let input = outside.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-outside"));
-    let register_out = run(
-        tmp.path(),
-        &outside,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-    assert!(local_uri.starts_with("os://src/local/"));
-
-    let share_out = run(
-        tmp.path(),
-        &outside,
-        &["share", &local_uri, "--git", "--remote", "origin"],
-    );
-    assert!(!share_out.status.success());
-    let stderr = String::from_utf8_lossy(&share_out.stderr);
-    assert!(stderr.contains("current directory is not inside a git repository"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("cd into the target git repository and retry"));
-}
-
-#[test]
-fn share_git_without_push_prints_push_command() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-git"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(
-        tmp.path(),
-        &repo,
-        &["share", &local_uri, "--git", "--remote", "origin"],
-    );
-    assert!(
-        share_out.status.success(),
-        "share --git failed: {}",
-        String::from_utf8_lossy(&share_out.stderr)
-    );
-    let stdout = String::from_utf8_lossy(&share_out.stdout);
-    let shared_uri = stdout.lines().next().unwrap_or_default();
-    assert!(shared_uri.starts_with("os://src/git/") || shared_uri.starts_with("os://src/gh/"));
-    assert!(stdout.contains("push_cmd:"));
-
-    let hash = local_uri.split('/').next_back().expect("local hash in uri");
-
-    run_git(
-        &repo,
-        &[
-            "show",
-            &format!(
-                "{}:sessions/{hash}.jsonl",
-                opensession_git_native::branch_ledger_ref("main")
-            ),
-        ],
-    );
-}
-
-#[test]
-fn share_git_with_gitlab_dot_com_remote_emits_gl_uri() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-gl"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "share",
-            &local_uri,
-            "--git",
-            "--remote",
-            "https://gitlab.com/group/sub/repo.git",
-        ],
-    );
-    assert!(
-        share_out.status.success(),
-        "share --git failed: {}",
-        String::from_utf8_lossy(&share_out.stderr)
-    );
-    let stdout = String::from_utf8_lossy(&share_out.stdout);
-    let shared_uri = stdout.lines().next().unwrap_or_default();
-    assert!(
-        shared_uri.starts_with("os://src/gl/"),
-        "expected gl uri, got: {shared_uri}"
-    );
-}
-
-#[test]
-fn cleanup_init_github_writes_expected_files() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("cleanup-github-remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["cleanup", "init", "--provider", "github", "--yes", "--json"],
-    );
-    assert!(
-        out.status.success(),
-        "cleanup init failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("cleanup init json");
-    assert_eq!(
-        payload.get("configured").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        payload.get("provider").and_then(Value::as_str),
-        Some("github")
-    );
-
-    assert!(
-        repo.join(".opensession")
-            .join("cleanup")
-            .join("config.toml")
-            .exists(),
-        "expected cleanup config to exist"
-    );
-    assert!(
-        repo.join(".opensession")
-            .join("cleanup")
-            .join("janitor.sh")
-            .exists(),
-        "expected janitor script to exist"
-    );
-    assert!(
-        repo.join(".github")
-            .join("workflows")
-            .join("opensession-cleanup.yml")
-            .exists(),
-        "expected github workflow template to exist"
-    );
-    assert!(
-        repo.join(".github")
-            .join("workflows")
-            .join("opensession-session-review.yml")
-            .exists(),
-        "expected github session review workflow template to exist"
-    );
-}
-
-#[test]
-fn cleanup_init_gitlab_without_marker_reports_manual_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("cleanup-gitlab-remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    write_file(&repo.join(".gitlab-ci.yml"), "stages:\n  - test\n");
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["cleanup", "init", "--provider", "gitlab", "--yes", "--json"],
-    );
-    assert!(
-        out.status.success(),
-        "cleanup init failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("cleanup init json");
-    let manual_steps = payload
-        .get("manual_steps")
-        .and_then(Value::as_array)
-        .cloned()
-        .unwrap_or_default();
-    assert!(
-        !manual_steps.is_empty(),
-        "expected manual steps for gitlab-ci"
-    );
-
-    assert!(
-        repo.join(".gitlab")
-            .join("opensession-cleanup.yml")
-            .exists(),
-        "expected gitlab cleanup template to exist"
-    );
-    assert!(
-        repo.join(".gitlab")
-            .join("opensession-session-review.yml")
-            .exists(),
-        "expected gitlab session review template to exist"
-    );
-
-    let gitlab_ci = fs::read_to_string(repo.join(".gitlab-ci.yml")).expect("read gitlab-ci");
-    assert!(gitlab_ci.contains("stages:"));
-    assert!(!gitlab_ci.contains("opensession-managed-cleanup"));
-}
-
-#[test]
-fn cleanup_status_reports_not_configured_then_configured() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("cleanup-status-remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let status_before = run(tmp.path(), &repo, &["cleanup", "status", "--json"]);
-    assert!(
-        status_before.status.success(),
-        "cleanup status failed: {}",
-        String::from_utf8_lossy(&status_before.stderr)
-    );
-    let before_payload: Value =
-        serde_json::from_slice(&status_before.stdout).expect("cleanup status json");
-    assert_eq!(
-        before_payload.get("configured").and_then(Value::as_bool),
-        Some(false)
-    );
-
-    let init = run(
-        tmp.path(),
-        &repo,
-        &["cleanup", "init", "--provider", "generic", "--yes"],
-    );
-    assert!(
-        init.status.success(),
-        "cleanup init failed: {}",
-        String::from_utf8_lossy(&init.stderr)
-    );
-
-    let status_after = run(tmp.path(), &repo, &["cleanup", "status", "--json"]);
-    assert!(
-        status_after.status.success(),
-        "cleanup status failed: {}",
-        String::from_utf8_lossy(&status_after.stderr)
-    );
-    let after_payload: Value =
-        serde_json::from_slice(&status_after.stdout).expect("cleanup status json");
-    assert_eq!(
-        after_payload.get("configured").and_then(Value::as_bool),
-        Some(true)
-    );
-    assert_eq!(
-        after_payload.get("provider").and_then(Value::as_str),
-        Some("generic")
-    );
-}
-
-#[test]
-fn cleanup_run_without_init_shows_next_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["cleanup", "run"]);
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("cleanup janitor is not configured"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession cleanup init --provider auto"));
-}
-
-#[test]
-fn cleanup_run_dry_and_apply_handles_hidden_and_artifact_refs() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("cleanup-remote.git");
-    init_git_repo(&repo);
-
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-    run_git(&repo, &["push", "origin", "main:main"]);
-
-    let head_sha = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
-    let ledger_ref = opensession_git_native::branch_ledger_ref("stale/branch");
-    let session_body = make_hail_jsonl("s-cleanup");
-    let meta_body = serde_json::json!({
-        "schema_version": 2,
-        "session_id": "s-cleanup",
-        "git": { "commits": [head_sha.clone()] }
-    })
-    .to_string();
-    opensession_git_native::NativeGitStorage
-        .store_session_at_ref(
-            &repo,
-            &ledger_ref,
-            "s-cleanup",
-            session_body.as_bytes(),
-            meta_body.as_bytes(),
-            std::slice::from_ref(&head_sha),
-        )
-        .expect("store hidden session");
-    run_git(
-        &repo,
-        &["push", "origin", &format!("{ledger_ref}:{ledger_ref}")],
-    );
-
-    run_git(&repo, &["checkout", "-b", "opensession/pr-77-sessions"]);
-    write_file(&repo.join("artifact.txt"), "artifact branch\n");
-    run_git(&repo, &["add", "."]);
-    run_git(&repo, &["commit", "-m", "artifact branch"]);
-    run_git(
-        &repo,
-        &[
-            "push",
-            "origin",
-            "opensession/pr-77-sessions:opensession/pr-77-sessions",
-        ],
-    );
-    run_git(&repo, &["checkout", "main"]);
-
-    let init_out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "cleanup",
-            "init",
-            "--provider",
-            "generic",
-            "--remote",
-            "origin",
-            "--hidden-ttl-days",
-            "0",
-            "--artifact-ttl-days",
-            "0",
-            "--yes",
-        ],
-    );
-    assert!(
-        init_out.status.success(),
-        "cleanup init failed: {}",
-        String::from_utf8_lossy(&init_out.stderr)
-    );
-
-    let dry_run = run(tmp.path(), &repo, &["cleanup", "run", "--json"]);
-    assert!(
-        dry_run.status.success(),
-        "cleanup dry-run failed: {}",
-        String::from_utf8_lossy(&dry_run.stderr)
-    );
-    let dry_payload: Value = serde_json::from_slice(&dry_run.stdout).expect("cleanup run json");
-    assert!(
-        dry_payload
-            .get("hidden_candidates")
-            .and_then(Value::as_array)
-            .map(|items| !items.is_empty())
-            .unwrap_or(false),
-        "expected hidden ref candidate in dry-run"
-    );
-    assert!(
-        dry_payload
-            .get("artifact_candidates")
-            .and_then(Value::as_array)
-            .map(|items| !items.is_empty())
-            .unwrap_or(false),
-        "expected artifact branch candidate in dry-run"
-    );
-
-    let apply_out = run(tmp.path(), &repo, &["cleanup", "run", "--apply", "--json"]);
-    assert!(
-        apply_out.status.success(),
-        "cleanup apply failed: {}",
-        String::from_utf8_lossy(&apply_out.stderr)
-    );
-    let apply_payload: Value = serde_json::from_slice(&apply_out.stdout).expect("cleanup run json");
-    let deleted = apply_payload
-        .get("deleted")
-        .and_then(Value::as_array)
-        .cloned()
-        .unwrap_or_default();
-    assert!(
-        deleted.iter().any(|item| {
-            item.as_str()
-                .unwrap_or_default()
-                .contains("refs/opensession/branches/")
-        }),
-        "expected hidden ref deletion"
-    );
-    assert!(
-        deleted.iter().any(|item| {
-            item.as_str()
-                .unwrap_or_default()
-                .contains("refs/heads/opensession/pr-77-sessions")
-        }),
-        "expected artifact branch deletion"
-    );
-}
-
-#[test]
-fn share_git_push_in_non_tty_does_not_trigger_cleanup_prompt() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    let remote = tmp.path().join("remote.git");
-    init_git_repo(&repo);
-    run_git(
-        tmp.path(),
-        &["init", "--bare", remote.to_str().expect("remote")],
-    );
-    run_git(
-        &repo,
-        &["remote", "add", "origin", remote.to_str().expect("remote")],
-    );
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-share-push-no-tty"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let share_out = run(
-        tmp.path(),
-        &repo,
-        &["share", &local_uri, "--git", "--remote", "origin", "--push"],
-    );
-    assert!(
-        share_out.status.success(),
-        "share --push failed: {}",
-        String::from_utf8_lossy(&share_out.stderr)
-    );
-
-    assert!(
-        !repo
-            .join(".opensession")
-            .join("cleanup")
-            .join("config.toml")
-            .exists(),
-        "non-tty share should not auto-initialize cleanup config"
-    );
-
-    let prompted = Command::new("git")
-        .arg("-C")
-        .arg(&repo)
-        .arg("config")
-        .arg("--local")
-        .arg("--get")
-        .arg("opensession.cleanup.prompted")
-        .output()
-        .expect("read prompted config");
-    assert!(
-        !prompted.status.success(),
-        "non-tty share should not set cleanup prompt git config"
-    );
-}
-
-#[test]
-fn config_and_share_web_success() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let init_out = run(
-        tmp.path(),
-        &repo,
-        &["config", "init", "--base-url", "https://example.test"],
-    );
-    assert!(init_out.status.success());
-
-    let uri = opensession_core::source_uri::SourceUri::Src(
-        opensession_core::source_uri::SourceSpec::Git {
-            remote: "https://git.example/repo.git".to_string(),
-            r#ref: "refs/heads/main".to_string(),
-            path: "sessions/demo.jsonl".to_string(),
-        },
-    )
-    .to_string();
-    let out = run(tmp.path(), &repo, &["share", &uri, "--web"]);
-    assert!(
-        out.status.success(),
-        "share web failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let stdout = String::from_utf8_lossy(&out.stdout);
-    assert!(stdout.contains("https://example.test/src/git/"));
-    assert!(stdout.contains("base_url: https://example.test"));
-}
-
-#[test]
-fn share_web_supports_gl_and_git_routes() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let init_out = run(
-        tmp.path(),
-        &repo,
-        &["config", "init", "--base-url", "https://example.test"],
-    );
-    assert!(init_out.status.success());
-
-    let gl_uri = opensession_core::source_uri::SourceUri::Src(
-        opensession_core::source_uri::SourceSpec::Gl {
-            project: "group/sub/repo".to_string(),
-            r#ref: "refs/heads/main".to_string(),
-            path: "sessions/demo.jsonl".to_string(),
-        },
-    )
-    .to_string();
-    let gl_out = run(tmp.path(), &repo, &["share", &gl_uri, "--web"]);
-    assert!(
-        gl_out.status.success(),
-        "share web for gl failed: {}",
-        String::from_utf8_lossy(&gl_out.stderr)
-    );
-    let gl_stdout = String::from_utf8_lossy(&gl_out.stdout);
-    assert!(gl_stdout.contains("https://example.test/src/gl/"));
-
-    let git_uri = opensession_core::source_uri::SourceUri::Src(
-        opensession_core::source_uri::SourceSpec::Git {
-            remote: "https://gitlab.internal.example.com/group/repo.git".to_string(),
-            r#ref: "refs/heads/main".to_string(),
-            path: "sessions/demo.jsonl".to_string(),
-        },
-    )
-    .to_string();
-    let git_out = run(tmp.path(), &repo, &["share", &git_uri, "--web"]);
-    assert!(
-        git_out.status.success(),
-        "share web for git failed: {}",
-        String::from_utf8_lossy(&git_out.stderr)
-    );
-    let git_stdout = String::from_utf8_lossy(&git_out.stdout);
-    assert!(git_stdout.contains("https://example.test/src/git/"));
-}
-
-#[test]
-fn view_web_maps_remote_source_uri_to_src_route() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let init_out = run(
-        tmp.path(),
-        &repo,
-        &["config", "init", "--base-url", "https://example.test"],
-    );
-    assert!(init_out.status.success());
-
-    let uri = opensession_core::source_uri::SourceUri::Src(
-        opensession_core::source_uri::SourceSpec::Gl {
-            project: "group/sub/repo".to_string(),
-            r#ref: "refs/heads/main".to_string(),
-            path: "sessions/demo.jsonl".to_string(),
-        },
-    )
-    .to_string();
-    let out = run(tmp.path(), &repo, &["view", &uri, "--no-open", "--json"]);
-    assert!(
-        out.status.success(),
-        "view failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
-    let url = payload
-        .get("url")
-        .and_then(Value::as_str)
-        .unwrap_or_default()
-        .to_string();
-    assert!(
-        url.starts_with("https://example.test/src/gl/"),
-        "unexpected url: {url}"
-    );
-}
-
-#[test]
-fn view_local_uri_emits_local_review_url_without_opening_browser() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-view-local"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let view_out = run(
-        tmp.path(),
-        &repo,
-        &["view", &local_uri, "--no-open", "--json"],
-    );
-    assert!(
-        view_out.status.success(),
-        "view failed: {}",
-        String::from_utf8_lossy(&view_out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&view_out.stdout).expect("view json");
-    assert_eq!(payload.get("mode").and_then(Value::as_str), Some("local"));
-    let url = payload
-        .get("url")
-        .and_then(Value::as_str)
-        .unwrap_or_default();
-    assert!(url.contains("/review/local/"), "unexpected url: {url}");
-}
-
-#[test]
-fn view_commit_target_builds_commit_review_bundle() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["view", "HEAD", "--no-open", "--json"]);
-    assert!(
-        out.status.success(),
-        "view commit failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
-    assert_eq!(payload.get("mode").and_then(Value::as_str), Some("commit"));
-    let url = payload
-        .get("url")
-        .and_then(Value::as_str)
-        .unwrap_or_default();
-    assert!(url.contains("/review/local/"), "unexpected url: {url}");
-}
-
-#[test]
-fn view_without_target_defaults_to_sessions_route() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["view", "--no-open", "--json"]);
-    assert!(
-        out.status.success(),
-        "view default failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
-    assert_eq!(
-        payload.get("mode").and_then(Value::as_str),
-        Some("sessions")
-    );
-    let url = payload
-        .get("url")
-        .and_then(Value::as_str)
-        .unwrap_or_default();
-    assert_eq!(url, "http://127.0.0.1:8788/sessions");
-}
-
-#[test]
-fn view_without_target_prefills_repo_query_when_origin_matches_owner_repo() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-    run_git(
-        &repo,
-        &[
-            "remote",
-            "add",
-            "origin",
-            "https://github.com/acme/repo.git",
-        ],
-    );
-
-    let out = run(tmp.path(), &repo, &["view", "--no-open", "--json"]);
-    assert!(
-        out.status.success(),
-        "view default failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
-    let url = payload
-        .get("url")
-        .and_then(Value::as_str)
-        .unwrap_or_default();
-    assert!(url.contains("/sessions?"), "unexpected url: {url}");
-    assert!(
-        url.contains("git_repo_name=acme%2Frepo"),
-        "unexpected url: {url}"
-    );
-}
-
-#[test]
-fn view_rejects_removed_tui_flag() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["view", "--tui"]);
-    assert!(!out.status.success(), "view --tui should be rejected");
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(
-        stderr.contains("unexpected argument '--tui'"),
-        "unexpected stderr: {stderr}"
-    );
-}
-
-#[test]
-fn view_without_target_open_mode_fails_closed_without_explicit_base_url() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-    run_git(
-        &repo,
-        &["config", "--local", "opensession.open-target", "web"],
-    );
-
-    let out = run(tmp.path(), &repo, &["view", "--json"]);
-    assert!(
-        !out.status.success(),
-        "view default should fail without local server/base URL"
-    );
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("local sessions server is unavailable"));
-    assert!(stderr.contains("opensession view --no-open"));
-    assert!(stderr.contains("opensession config init --base-url"));
-}
-
-#[cfg(target_os = "macos")]
-#[test]
-fn view_without_target_open_mode_suppresses_desktop_open_probe_stderr() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let bin = tmp.path().join("bin");
-    fs::create_dir_all(&bin).expect("create bin");
-    let fake_open = bin.join("open");
-    write_file(
-        &fake_open,
-        "#!/bin/sh\necho OPEN_PROBE_MARKER >&2\nexit 1\n",
-    );
-    let mut perms = fs::metadata(&fake_open)
-        .expect("stat fake open")
-        .permissions();
-    perms.set_mode(0o755);
-    fs::set_permissions(&fake_open, perms).expect("chmod fake open");
-
-    let base_path = std::env::var("PATH").unwrap_or_default();
-    let path_env = if base_path.is_empty() {
-        bin.display().to_string()
-    } else {
-        format!("{}:{}", bin.display(), base_path)
-    };
-
-    let mut cmd = Command::new(env!("CARGO_BIN_EXE_opensession"));
-    let out = cmd
-        .args(["view", "--json"])
-        .current_dir(&repo)
-        .env("HOME", tmp.path())
-        .env("NO_COLOR", "1")
-        .env("PATH", path_env)
-        .output()
-        .expect("run opensession");
-
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(
-        !stderr.contains("OPEN_PROBE_MARKER"),
-        "desktop open probe stderr leaked: {stderr}"
-    );
-}
-
-#[cfg(target_os = "macos")]
-#[test]
-fn view_without_target_web_open_target_skips_desktop_probe() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-    run_git(
-        &repo,
-        &["config", "--local", "opensession.open-target", "web"],
-    );
-
-    let bin = tmp.path().join("bin");
-    fs::create_dir_all(&bin).expect("create bin");
-    let marker_path = tmp.path().join("open-invoked");
-    let fake_open = bin.join("open");
-    write_file(
-        &fake_open,
-        format!(
-            "#!/bin/sh\nprintf invoked > \"{}\"\nexit 1\n",
-            marker_path.display()
-        )
-        .as_str(),
-    );
-    let mut perms = fs::metadata(&fake_open)
-        .expect("stat fake open")
-        .permissions();
-    perms.set_mode(0o755);
-    fs::set_permissions(&fake_open, perms).expect("chmod fake open");
-
-    let base_path = std::env::var("PATH").unwrap_or_default();
-    let path_env = if base_path.is_empty() {
-        bin.display().to_string()
-    } else {
-        format!("{}:{}", bin.display(), base_path)
-    };
-
-    let mut cmd = Command::new(env!("CARGO_BIN_EXE_opensession"));
-    let out = cmd
-        .args(["view", "--json"])
-        .current_dir(&repo)
-        .env("HOME", tmp.path())
-        .env("NO_COLOR", "1")
-        .env("PATH", path_env)
-        .output()
-        .expect("run opensession");
-
-    assert!(!out.status.success());
-    assert!(
-        !marker_path.exists(),
-        "desktop open probe should be skipped for open-target=web"
-    );
-}
-
-#[test]
-fn view_invalid_target_shows_next_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["view", "definitely-not-a-real-target", "--no-open"],
-    );
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("unable to resolve view target"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession view os://src/... --no-open"));
-}
-
-#[test]
-fn register_rejects_non_hail_with_next_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("not-hail.txt");
-    write_file(&input, "this is not hail jsonl\n");
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["register", input.to_str().expect("path")],
-    );
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("register expects canonical HAIL JSONL"));
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession parse --profile codex"));
-}
-
-#[test]
-fn parse_invalid_profile_shows_next_steps() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let raw = repo.join("raw-session.jsonl");
-    write_file(&raw, "{\"not\":\"a valid session format\"}\n");
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "parse",
-            "--profile",
-            "unknown-profile",
-            raw.to_str().expect("path"),
-        ],
-    );
-    assert!(!out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("next:"));
-    assert!(stderr.contains("opensession parse --help"));
-}
-
-#[test]
-fn handoff_build_get_verify_pin_unpin_rm() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input_a = repo.join("a.hail.jsonl");
-    let input_b = repo.join("b.hail.jsonl");
-    write_file(&input_a, &make_hail_jsonl("s-a"));
-    write_file(&input_b, &make_hail_jsonl("s-b"));
-
-    let reg_a = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input_a.to_str().expect("path")],
-    );
-    let reg_b = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input_b.to_str().expect("path")],
-    );
-    let uri_a = first_non_empty_line(&reg_a.stdout);
-    let uri_b = first_non_empty_line(&reg_b.stdout);
-
-    let build = run(
-        tmp.path(),
-        &repo,
-        &[
-            "handoff",
-            "build",
-            "--from",
-            &uri_a,
-            "--from",
-            &uri_b,
-            "--pin",
-            "latest",
-            "--validate",
-        ],
-    );
-    assert!(
-        build.status.success(),
-        "handoff build failed: {}",
-        String::from_utf8_lossy(&build.stderr)
-    );
-    let artifact_uri = first_non_empty_line(&build.stdout);
-    assert!(artifact_uri.starts_with("os://artifact/"));
-
-    let get_json = run(
-        tmp.path(),
-        &repo,
-        &[
-            "handoff",
-            "artifacts",
-            "get",
-            &artifact_uri,
-            "--format",
-            "canonical",
-            "--encode",
-            "json",
-        ],
-    );
-    assert!(get_json.status.success());
-    let parsed: Value = serde_json::from_slice(&get_json.stdout).expect("json output");
-    assert!(parsed.as_array().is_some());
-
-    let verify = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "artifacts", "verify", &artifact_uri],
-    );
-    assert!(verify.status.success());
-
-    let rm_pinned = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "artifacts", "rm", &artifact_uri],
-    );
-    assert!(!rm_pinned.status.success());
-
-    let unpin = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "artifacts", "unpin", "latest"],
-    );
-    assert!(unpin.status.success());
-
-    let rm = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "artifacts", "rm", &artifact_uri],
-    );
-    assert!(rm.status.success());
-}
-
-#[test]
-fn setup_non_tty_requires_yes() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["setup"]);
-    assert!(
-        !out.status.success(),
-        "setup should require --yes in non-tty mode"
-    );
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("requires explicit approval"));
-    assert!(
-        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
-    );
-}
-
-#[test]
-fn setup_non_tty_yes_requires_explicit_fanout_when_unset() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["setup", "--yes"]);
-    assert!(
-        !out.status.success(),
-        "setup --yes should fail without explicit fanout when repo has no fanout config"
-    );
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("fanout mode is not configured"));
-    assert!(
-        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
-    );
-}
-
-#[test]
-fn setup_yes_with_fanout_installs_pre_push_hook_with_original_copy() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    write_file(
-        &repo.join(".git").join("hooks").join("pre-push"),
-        "#!/bin/sh\necho custom\n",
-    );
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["setup", "--yes", "--fanout-mode", "hidden_ref"],
-    );
-    assert!(
-        out.status.success(),
-        "setup failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let backup = repo
-        .join(".git")
-        .join("hooks")
-        .join("pre-push.original.pre-opensession");
-    assert!(backup.exists(), "expected original hook copy");
-    let shim = tmp
-        .path()
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("bin")
-        .join("opensession");
-    assert!(shim.exists(), "expected setup to install opensession shim");
-    let ops_shim = tmp
-        .path()
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("bin")
-        .join("ops");
-    assert!(ops_shim.exists(), "expected setup to install ops shim");
-
-    let hook_body = fs::read_to_string(repo.join(".git").join("hooks").join("pre-push"))
-        .expect("read pre-push hook");
-    assert!(hook_body.contains("opensession-managed"));
-    assert!(hook_body.contains("setup --sync-branch-session"));
-    assert!(hook_body.contains("--sync-branch-commit"));
-    assert!(hook_body.contains("setup --print-ledger-ref"));
-    assert!(hook_body.contains("setup --print-fanout-mode"));
-    assert!(hook_body.contains("git notes --ref=opensession"));
-    assert!(hook_body.contains("git notes --ref=opensession copy -f"));
-    assert!(hook_body.contains(".local/share/opensession/bin/opensession"));
-
-    let fanout = run_git(
-        &repo,
-        &["config", "--local", "--get", "opensession.fanout-mode"],
-    );
-    assert_eq!(String::from_utf8_lossy(&fanout.stdout).trim(), "hidden_ref");
-    let open_target = run_git(
-        &repo,
-        &["config", "--local", "--get", "opensession.open-target"],
-    );
-    assert_eq!(String::from_utf8_lossy(&open_target.stdout).trim(), "web");
-}
-
-#[test]
-fn doctor_fix_yes_with_fanout_mode_applies_setup() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "doctor",
-            "--fix",
-            "--yes",
-            "--fanout-mode",
-            "git_notes",
-            "--open-target",
-            "web",
-        ],
-    );
-    assert!(
-        out.status.success(),
-        "doctor --fix failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let fanout = run_git(
-        &repo,
-        &["config", "--local", "--get", "opensession.fanout-mode"],
-    );
-    assert_eq!(String::from_utf8_lossy(&fanout.stdout).trim(), "git_notes");
-    let open_target = run_git(
-        &repo,
-        &["config", "--local", "--get", "opensession.open-target"],
-    );
-    assert_eq!(String::from_utf8_lossy(&open_target.stdout).trim(), "web");
-    assert!(
-        repo.join(".git").join("hooks").join("pre-push").exists(),
-        "expected pre-push hook to be installed by doctor --fix"
-    );
-}
-
-#[test]
-fn setup_check_prints_expected_ledger_ref() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["setup", "--check"]);
-    assert!(
-        out.status.success(),
-        "setup --check failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let stdout = String::from_utf8_lossy(&out.stdout);
-    assert!(stdout.contains("current branch:"));
-    assert!(stdout.contains("main"));
-    assert!(stdout.contains(&opensession_git_native::branch_ledger_ref("main")));
-    assert!(stdout.contains("ops shim:"));
-    assert!(stdout.contains("review readiness:"));
-}
-
-#[test]
-fn setup_print_fanout_mode_reads_git_config() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let out = run(tmp.path(), &repo, &["setup", "--print-fanout-mode"]);
-    assert!(
-        out.status.success(),
-        "print-fanout-mode failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    assert_eq!(String::from_utf8_lossy(&out.stdout).trim(), "hidden_ref");
-
-    let git_config = Command::new("git")
-        .arg("-C")
-        .arg(&repo)
-        .arg("config")
-        .arg("--local")
-        .arg("opensession.fanout-mode")
-        .arg("git_notes")
-        .output()
-        .expect("set git config");
-    assert!(
-        git_config.status.success(),
-        "{}",
-        String::from_utf8_lossy(&git_config.stderr)
-    );
-
-    let out = run(tmp.path(), &repo, &["setup", "--print-fanout-mode"]);
-    assert!(
-        out.status.success(),
-        "print-fanout-mode failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    assert_eq!(String::from_utf8_lossy(&out.stdout).trim(), "git_notes");
-}
-
-#[test]
-fn setup_sync_branch_session_stores_latest_repo_session_to_hidden_ref() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let head_sha = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
-    let session_path = tmp
-        .path()
-        .join(".codex")
-        .join("sessions")
-        .join("2026")
-        .join("02")
-        .join("26")
-        .join("rollout-2026-02-26T00-00-00-sync-session-1.jsonl");
-    write_file(
-        &session_path,
-        &make_hail_jsonl_with_cwd("sync-session-1", &repo),
-    );
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "setup",
-            "--sync-branch-session",
-            "main",
-            "--sync-branch-commit",
-            &head_sha,
-        ],
-    );
-    assert!(
-        out.status.success(),
-        "sync branch session failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
-    let verify = Command::new("git")
-        .arg("-C")
-        .arg(&repo)
-        .arg("show-ref")
-        .arg("--verify")
-        .arg("--quiet")
-        .arg(&ledger_ref)
-        .output()
-        .expect("verify ledger ref exists");
-    assert!(
-        verify.status.success(),
-        "expected ledger ref to exist after sync"
-    );
-
-    let index_blob = run_git(
-        &repo,
-        &[
-            "show",
-            &format!("{ledger_ref}:v1/index/commits/{head_sha}/sync-session-1.json"),
-        ],
-    );
-    let index_body = String::from_utf8_lossy(&index_blob.stdout);
-    assert!(index_body.contains("\"session_id\":\"sync-session-1\""));
-}
-
-#[test]
-fn setup_sync_branch_session_maps_single_session_to_multiple_commits() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    write_file(&repo.join("a.txt"), "a\n");
-    run_git(&repo, &["add", "."]);
-    run_git(&repo, &["commit", "-m", "feat: a"]);
-    let commit_a = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
-
-    write_file(&repo.join("b.txt"), "b\n");
-    run_git(&repo, &["add", "."]);
-    run_git(&repo, &["commit", "-m", "feat: b"]);
-    let commit_b = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
-
-    let session_path = tmp
-        .path()
-        .join(".codex")
-        .join("sessions")
-        .join("2026")
-        .join("02")
-        .join("26")
-        .join("rollout-2026-02-26T00-00-00-sync-session-multi.jsonl");
-    let created = chrono::Utc::now() - chrono::Duration::hours(2);
-    let updated = chrono::Utc::now() + chrono::Duration::hours(2);
-    write_file(
-        &session_path,
-        &make_hail_jsonl_with_cwd_and_window("sync-session-multi", &repo, created, updated),
-    );
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "setup",
-            "--sync-branch-session",
-            "main",
-            "--sync-branch-commit",
-            &commit_b,
-        ],
-    );
-    assert!(
-        out.status.success(),
-        "sync branch session failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
-    run_git(
-        &repo,
-        &[
-            "show",
-            &format!("{ledger_ref}:v1/index/commits/{commit_a}/sync-session-multi.json"),
-        ],
-    );
-    run_git(
-        &repo,
-        &[
-            "show",
-            &format!("{ledger_ref}:v1/index/commits/{commit_b}/sync-session-multi.json"),
-        ],
-    );
-}
-
-#[test]
-fn parse_profile_codex_outputs_canonical_jsonl() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("codex.jsonl");
-    write_file(
-        &input,
-        r#"{"type":"session_meta","session_id":"abc","timestamp":"2026-02-14T00:00:00Z"}
-{"type":"response_item","timestamp":"2026-02-14T00:00:01Z","payload":{"type":"message","role":"user","content":"hello"}}"#,
-    );
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "parse",
-            "--profile",
-            "codex",
-            input.to_str().expect("path"),
-            "--validate",
-        ],
-    );
-    assert!(
-        out.status.success(),
-        "parse failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let parsed = Session::from_jsonl(&String::from_utf8_lossy(&out.stdout)).expect("jsonl");
-    assert_eq!(parsed.version, Session::CURRENT_VERSION);
-    assert_eq!(parsed.agent.tool, "codex");
-}
-
-#[test]
-fn inspect_local_and_artifact_json() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-inspect"));
-
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let inspect_local = run(tmp.path(), &repo, &["inspect", &local_uri, "--json"]);
-    assert!(inspect_local.status.success());
-    let local_json: Value = serde_json::from_slice(&inspect_local.stdout).expect("inspect local");
-    assert_eq!(local_json["uri"], local_uri);
-
-    let build = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "build", "--from", &local_uri],
-    );
-    assert!(build.status.success());
-    let artifact_uri = first_non_empty_line(&build.stdout);
-
-    let inspect_artifact = run(tmp.path(), &repo, &["inspect", &artifact_uri, "--json"]);
-    assert!(inspect_artifact.status.success());
-    let artifact_json: Value =
-        serde_json::from_slice(&inspect_artifact.stdout).expect("inspect artifact");
-    assert_eq!(artifact_json["uri"], artifact_uri);
-}
-
-#[test]
-fn parse_preview_option_prints_parser_used() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-preview"));
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &[
-            "parse",
-            "--profile",
-            "hail",
-            "--preview",
-            input.to_str().expect("path"),
-        ],
-    );
-    assert!(out.status.success());
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(stderr.contains("parser_used:"));
-}
-
-#[test]
-fn canonical_jsonl_register_rejects_non_hail_input() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("raw.jsonl");
-    write_file(&input, "{\"type\":\"session_meta\"}\n");
-
-    let out = run(
-        tmp.path(),
-        &repo,
-        &["register", input.to_str().expect("path")],
-    );
-    assert!(!out.status.success());
-    assert!(String::from_utf8_lossy(&out.stderr).contains("opensession parse"));
-}
-
-#[test]
-fn docs_completion_still_available() {
-    let tmp = make_home();
-    let out = run(tmp.path(), tmp.path(), &["docs", "completion", "bash"]);
-    assert!(out.status.success());
-    assert!(!out.stdout.is_empty());
-}
-
-#[test]
-fn docs_quickstart_prints_first_user_flow() {
-    let tmp = make_home();
-    let out = run(tmp.path(), tmp.path(), &["docs", "quickstart"]);
-    assert!(out.status.success());
-    let stdout = String::from_utf8_lossy(&out.stdout);
-    assert!(stdout.contains("OpenSession 5-minute first-user flow"));
-    assert!(stdout.contains("opensession doctor --fix"));
-    assert!(stdout.contains("opensession parse --profile codex"));
-    assert!(stdout.contains("opensession register ./session.hail.jsonl"));
-    assert!(stdout.contains("opensession share os://src/local/<sha256> --quick --remote origin"));
-}
-
-#[test]
-fn review_rejects_removed_tui_view_mode() {
-    let tmp = make_home();
-    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, true);
-
-    let out = run(
-        tmp.path(),
-        &reviewer_repo,
-        &["review", &pr_link, "--view", "tui", "--no-fetch"],
-    );
-    assert!(
-        !out.status.success(),
-        "review --view tui should be rejected"
-    );
-    let stderr = String::from_utf8_lossy(&out.stderr);
-    assert!(
-        stderr.contains("invalid value 'tui'"),
-        "unexpected stderr: {stderr}"
-    );
-}
-
-#[test]
-fn review_json_builds_commit_grouped_bundle_from_hidden_refs() {
-    let tmp = make_home();
-    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, true);
-
-    let out = run(
-        tmp.path(),
-        &reviewer_repo,
-        &["review", &pr_link, "--json", "--no-fetch"],
-    );
-    assert!(
-        out.status.success(),
-        "review failed: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("review json payload");
-    assert_eq!(payload["commit_count"].as_u64().unwrap_or(0), 1);
-    assert_eq!(payload["mapped_commit_count"].as_u64().unwrap_or(0), 1);
-    assert!(payload["session_count"].as_u64().unwrap_or(0) >= 1);
-
-    let bundle_path = payload["bundle_path"]
-        .as_str()
-        .expect("bundle path in payload");
-    let bundle_raw = fs::read(bundle_path).expect("read review bundle");
-    let bundle_json: Value = serde_json::from_slice(&bundle_raw).expect("bundle json");
-    let first_commit = bundle_json["commits"]
-        .as_array()
-        .and_then(|rows| rows.first())
-        .expect("first commit row");
-    let first_session = first_commit["session_ids"]
-        .as_array()
-        .and_then(|rows| rows.first())
-        .and_then(|v| v.as_str())
-        .unwrap_or_default();
-    assert_eq!(first_session, "s-review");
-    assert!(
-        first_commit["semantic_summary"].is_object(),
-        "expected commit semantic_summary payload"
-    );
-}
-
-#[test]
-fn review_no_fetch_succeeds_with_empty_session_groups_when_hidden_refs_missing() {
-    let tmp = make_home();
-    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, false);
-
-    let out = run(
-        tmp.path(),
-        &reviewer_repo,
-        &["review", &pr_link, "--json", "--no-fetch"],
-    );
-    assert!(
-        out.status.success(),
-        "review should succeed without hidden refs: {}",
-        String::from_utf8_lossy(&out.stderr)
-    );
-    let payload: Value = serde_json::from_slice(&out.stdout).expect("review json payload");
-    assert_eq!(payload["commit_count"].as_u64().unwrap_or(0), 1);
-    assert_eq!(payload["mapped_commit_count"].as_u64().unwrap_or(0), 0);
-    assert_eq!(payload["session_count"].as_u64().unwrap_or(0), 0);
-
-    let bundle_path = payload["bundle_path"]
-        .as_str()
-        .expect("bundle path in payload");
-    let bundle_raw = fs::read(bundle_path).expect("read review bundle");
-    let bundle_json: Value = serde_json::from_slice(&bundle_raw).expect("bundle json");
-    let first_commit = bundle_json["commits"]
-        .as_array()
-        .and_then(|rows| rows.first())
-        .expect("first commit row");
-    assert!(
-        first_commit["semantic_summary"].is_object(),
-        "expected semantic summary even when mapped sessions are absent"
-    );
-}
-
-#[test]
-fn handoff_get_raw_jsonl_outputs_session_json_rows() {
-    let tmp = make_home();
-    let repo = tmp.path().join("repo");
-    init_git_repo(&repo);
-
-    let input = repo.join("sample.hail.jsonl");
-    write_file(&input, &make_hail_jsonl("s-raw"));
-    let register_out = run(
-        tmp.path(),
-        &repo,
-        &["register", "--quiet", input.to_str().expect("path")],
-    );
-    let local_uri = first_non_empty_line(&register_out.stdout);
-
-    let build = run(
-        tmp.path(),
-        &repo,
-        &["handoff", "build", "--from", &local_uri],
-    );
-    let artifact_uri = first_non_empty_line(&build.stdout);
-
-    let get = run(
-        tmp.path(),
-        &repo,
-        &[
-            "handoff",
-            "artifacts",
-            "get",
-            &artifact_uri,
-            "--format",
-            "raw",
-            "--encode",
-            "jsonl",
-        ],
-    );
-    assert!(get.status.success());
-    let first_line = String::from_utf8_lossy(&get.stdout)
-        .lines()
-        .next()
-        .unwrap_or_default()
-        .to_string();
-    let row: Value = serde_json::from_str(&first_line).expect("json row");
-    assert!(row.get("session_id").is_some());
-}
-
-#[test]
-fn testing_helper_agent_is_available() {
-    // Keep one assertion using opensession_core::testing to ensure dev-dependency path stays valid.
-    let agent = testing::agent();
-    assert!(!agent.tool.is_empty());
-}
+#[path = "handoff_cli/cleanup_cli.rs"]
+mod cleanup_cli;
+#[path = "handoff_cli/handoff_cases.rs"]
+mod handoff_cases;
+#[path = "handoff_cli/help_cli.rs"]
+mod help_cli;
+#[path = "handoff_cli/inspect_cli.rs"]
+mod inspect_cli;
+#[path = "handoff_cli/parse_cli.rs"]
+mod parse_cli;
+#[path = "handoff_cli/review_cli.rs"]
+mod review_cli;
+#[path = "handoff_cli/setup_cli.rs"]
+mod setup_cli;
+#[path = "handoff_cli/share_cli.rs"]
+mod share_cli;
+#[path = "handoff_cli/view_cli.rs"]
+mod view_cli;
diff --git a/crates/cli/tests/handoff_cli/cleanup_cli.rs b/crates/cli/tests/handoff_cli/cleanup_cli.rs
new file mode 100644
index 00000000..3af53475
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/cleanup_cli.rs
@@ -0,0 +1,327 @@
+use super::*;
+
+#[test]
+fn cleanup_init_github_writes_expected_files() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("cleanup-github-remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["cleanup", "init", "--provider", "github", "--yes", "--json"],
+    );
+    assert!(
+        out.status.success(),
+        "cleanup init failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("cleanup init json");
+    assert_eq!(
+        payload.get("configured").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        payload.get("provider").and_then(Value::as_str),
+        Some("github")
+    );
+
+    assert!(
+        repo.join(".opensession")
+            .join("cleanup")
+            .join("config.toml")
+            .exists(),
+        "expected cleanup config to exist"
+    );
+    assert!(
+        repo.join(".opensession")
+            .join("cleanup")
+            .join("janitor.sh")
+            .exists(),
+        "expected janitor script to exist"
+    );
+    assert!(
+        repo.join(".github")
+            .join("workflows")
+            .join("opensession-cleanup.yml")
+            .exists(),
+        "expected github workflow template to exist"
+    );
+    assert!(
+        repo.join(".github")
+            .join("workflows")
+            .join("opensession-session-review.yml")
+            .exists(),
+        "expected github session review workflow template to exist"
+    );
+}
+
+#[test]
+fn cleanup_init_gitlab_without_marker_reports_manual_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("cleanup-gitlab-remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    write_file(&repo.join(".gitlab-ci.yml"), "stages:\n  - test\n");
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["cleanup", "init", "--provider", "gitlab", "--yes", "--json"],
+    );
+    assert!(
+        out.status.success(),
+        "cleanup init failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("cleanup init json");
+    let manual_steps = payload
+        .get("manual_steps")
+        .and_then(Value::as_array)
+        .cloned()
+        .unwrap_or_default();
+    assert!(
+        !manual_steps.is_empty(),
+        "expected manual steps for gitlab-ci"
+    );
+
+    assert!(
+        repo.join(".gitlab")
+            .join("opensession-cleanup.yml")
+            .exists(),
+        "expected gitlab cleanup template to exist"
+    );
+    assert!(
+        repo.join(".gitlab")
+            .join("opensession-session-review.yml")
+            .exists(),
+        "expected gitlab session review template to exist"
+    );
+
+    let gitlab_ci = fs::read_to_string(repo.join(".gitlab-ci.yml")).expect("read gitlab-ci");
+    assert!(gitlab_ci.contains("stages:"));
+    assert!(!gitlab_ci.contains("opensession-managed-cleanup"));
+}
+
+#[test]
+fn cleanup_status_reports_not_configured_then_configured() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("cleanup-status-remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let status_before = run(tmp.path(), &repo, &["cleanup", "status", "--json"]);
+    assert!(
+        status_before.status.success(),
+        "cleanup status failed: {}",
+        String::from_utf8_lossy(&status_before.stderr)
+    );
+    let before_payload: Value =
+        serde_json::from_slice(&status_before.stdout).expect("cleanup status json");
+    assert_eq!(
+        before_payload.get("configured").and_then(Value::as_bool),
+        Some(false)
+    );
+
+    let init = run(
+        tmp.path(),
+        &repo,
+        &["cleanup", "init", "--provider", "generic", "--yes"],
+    );
+    assert!(
+        init.status.success(),
+        "cleanup init failed: {}",
+        String::from_utf8_lossy(&init.stderr)
+    );
+
+    let status_after = run(tmp.path(), &repo, &["cleanup", "status", "--json"]);
+    assert!(
+        status_after.status.success(),
+        "cleanup status failed: {}",
+        String::from_utf8_lossy(&status_after.stderr)
+    );
+    let after_payload: Value =
+        serde_json::from_slice(&status_after.stdout).expect("cleanup status json");
+    assert_eq!(
+        after_payload.get("configured").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        after_payload.get("provider").and_then(Value::as_str),
+        Some("generic")
+    );
+}
+
+#[test]
+fn cleanup_run_without_init_shows_next_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["cleanup", "run"]);
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("cleanup janitor is not configured"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession cleanup init --provider auto"));
+}
+
+#[test]
+fn cleanup_run_dry_and_apply_handles_hidden_and_artifact_refs() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("cleanup-remote.git");
+    init_git_repo(&repo);
+
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+    run_git(&repo, &["push", "origin", "main:main"]);
+
+    let head_sha = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
+    let ledger_ref = opensession_git_native::branch_ledger_ref("stale/branch");
+    let session_body = make_hail_jsonl("s-cleanup");
+    let meta_body = serde_json::json!({
+        "schema_version": 2,
+        "session_id": "s-cleanup",
+        "git": { "commits": [head_sha.clone()] }
+    })
+    .to_string();
+    opensession_git_native::NativeGitStorage
+        .store_session_at_ref(
+            &repo,
+            &ledger_ref,
+            "s-cleanup",
+            session_body.as_bytes(),
+            meta_body.as_bytes(),
+            std::slice::from_ref(&head_sha),
+        )
+        .expect("store hidden session");
+    run_git(
+        &repo,
+        &["push", "origin", &format!("{ledger_ref}:{ledger_ref}")],
+    );
+
+    run_git(&repo, &["checkout", "-b", "opensession/pr-77-sessions"]);
+    write_file(&repo.join("artifact.txt"), "artifact branch\n");
+    run_git(&repo, &["add", "."]);
+    run_git(&repo, &["commit", "-m", "artifact branch"]);
+    run_git(
+        &repo,
+        &[
+            "push",
+            "origin",
+            "opensession/pr-77-sessions:opensession/pr-77-sessions",
+        ],
+    );
+    run_git(&repo, &["checkout", "main"]);
+
+    let init_out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "cleanup",
+            "init",
+            "--provider",
+            "generic",
+            "--remote",
+            "origin",
+            "--hidden-ttl-days",
+            "0",
+            "--artifact-ttl-days",
+            "0",
+            "--yes",
+        ],
+    );
+    assert!(
+        init_out.status.success(),
+        "cleanup init failed: {}",
+        String::from_utf8_lossy(&init_out.stderr)
+    );
+
+    let dry_run = run(tmp.path(), &repo, &["cleanup", "run", "--json"]);
+    assert!(
+        dry_run.status.success(),
+        "cleanup dry-run failed: {}",
+        String::from_utf8_lossy(&dry_run.stderr)
+    );
+    let dry_payload: Value = serde_json::from_slice(&dry_run.stdout).expect("cleanup run json");
+    assert!(
+        dry_payload
+            .get("hidden_candidates")
+            .and_then(Value::as_array)
+            .map(|items| !items.is_empty())
+            .unwrap_or(false),
+        "expected hidden ref candidate in dry-run"
+    );
+    assert!(
+        dry_payload
+            .get("artifact_candidates")
+            .and_then(Value::as_array)
+            .map(|items| !items.is_empty())
+            .unwrap_or(false),
+        "expected artifact branch candidate in dry-run"
+    );
+
+    let apply_out = run(tmp.path(), &repo, &["cleanup", "run", "--apply", "--json"]);
+    assert!(
+        apply_out.status.success(),
+        "cleanup apply failed: {}",
+        String::from_utf8_lossy(&apply_out.stderr)
+    );
+    let apply_payload: Value = serde_json::from_slice(&apply_out.stdout).expect("cleanup run json");
+    let deleted = apply_payload
+        .get("deleted")
+        .and_then(Value::as_array)
+        .cloned()
+        .unwrap_or_default();
+    assert!(
+        deleted.iter().any(|item| {
+            item.as_str()
+                .unwrap_or_default()
+                .contains("refs/opensession/branches/")
+        }),
+        "expected hidden ref deletion"
+    );
+    assert!(
+        deleted.iter().any(|item| {
+            item.as_str()
+                .unwrap_or_default()
+                .contains("refs/heads/opensession/pr-77-sessions")
+        }),
+        "expected artifact branch deletion"
+    );
+}
diff --git a/crates/cli/tests/handoff_cli/handoff_cases.rs b/crates/cli/tests/handoff_cli/handoff_cases.rs
new file mode 100644
index 00000000..412253b0
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/handoff_cases.rs
@@ -0,0 +1,141 @@
+use super::*;
+
+#[test]
+fn handoff_build_get_verify_pin_unpin_rm() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input_a = repo.join("a.hail.jsonl");
+    let input_b = repo.join("b.hail.jsonl");
+    write_file(&input_a, &make_hail_jsonl("s-a"));
+    write_file(&input_b, &make_hail_jsonl("s-b"));
+
+    let reg_a = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input_a.to_str().expect("path")],
+    );
+    let reg_b = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input_b.to_str().expect("path")],
+    );
+    let uri_a = first_non_empty_line(&reg_a.stdout);
+    let uri_b = first_non_empty_line(&reg_b.stdout);
+
+    let build = run(
+        tmp.path(),
+        &repo,
+        &[
+            "handoff",
+            "build",
+            "--from",
+            &uri_a,
+            "--from",
+            &uri_b,
+            "--pin",
+            "latest",
+            "--validate",
+        ],
+    );
+    assert!(
+        build.status.success(),
+        "handoff build failed: {}",
+        String::from_utf8_lossy(&build.stderr)
+    );
+    let artifact_uri = first_non_empty_line(&build.stdout);
+    assert!(artifact_uri.starts_with("os://artifact/"));
+
+    let get_json = run(
+        tmp.path(),
+        &repo,
+        &[
+            "handoff",
+            "artifacts",
+            "get",
+            &artifact_uri,
+            "--format",
+            "canonical",
+            "--encode",
+            "json",
+        ],
+    );
+    assert!(get_json.status.success());
+    let parsed: Value = serde_json::from_slice(&get_json.stdout).expect("json output");
+    assert!(parsed.as_array().is_some());
+
+    let verify = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "artifacts", "verify", &artifact_uri],
+    );
+    assert!(verify.status.success());
+
+    let rm_pinned = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "artifacts", "rm", &artifact_uri],
+    );
+    assert!(!rm_pinned.status.success());
+
+    let unpin = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "artifacts", "unpin", "latest"],
+    );
+    assert!(unpin.status.success());
+
+    let rm = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "artifacts", "rm", &artifact_uri],
+    );
+    assert!(rm.status.success());
+}
+
+#[test]
+fn handoff_get_raw_jsonl_outputs_session_json_rows() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-raw"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let build = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "build", "--from", &local_uri],
+    );
+    let artifact_uri = first_non_empty_line(&build.stdout);
+
+    let get = run(
+        tmp.path(),
+        &repo,
+        &[
+            "handoff",
+            "artifacts",
+            "get",
+            &artifact_uri,
+            "--format",
+            "raw",
+            "--encode",
+            "jsonl",
+        ],
+    );
+    assert!(get.status.success());
+    let first_line = String::from_utf8_lossy(&get.stdout)
+        .lines()
+        .next()
+        .unwrap_or_default()
+        .to_string();
+    let row: Value = serde_json::from_str(&first_line).expect("json row");
+    assert!(row.get("session_id").is_some());
+}
diff --git a/crates/cli/tests/handoff_cli/help_cli.rs b/crates/cli/tests/handoff_cli/help_cli.rs
new file mode 100644
index 00000000..c47266a2
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/help_cli.rs
@@ -0,0 +1,126 @@
+use super::*;
+
+#[test]
+fn help_shows_v1_commands() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["--help"]);
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout).to_lowercase();
+    assert!(stdout.contains("register"));
+    assert!(stdout.contains("share"));
+    assert!(stdout.contains("view"));
+    assert!(stdout.contains("handoff"));
+    assert!(!stdout.contains("\n  setup  "));
+    assert!(!stdout.contains("publish"));
+    assert!(stdout.contains("first-user flow (5 minutes):"));
+    assert!(stdout.contains("opensession docs quickstart"));
+    assert!(stdout.contains("common next steps:"));
+    assert!(stdout.contains("opensession doctor --fix"));
+}
+
+#[test]
+fn parse_help_shows_recovery_examples() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["parse", "--help"]);
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("Recovery examples:"));
+    assert!(stdout.contains("opensession parse --profile codex ./raw-session.jsonl --preview"));
+    assert!(stdout.contains(
+        "opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl"
+    ));
+}
+
+#[test]
+fn share_help_shows_recovery_examples() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["share", "--help"]);
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("Recovery examples:"));
+    assert!(stdout.contains("opensession share os://src/local/<sha256> --git --remote origin"));
+    assert!(stdout.contains(
+        "opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web"
+    ));
+}
+
+#[test]
+fn view_help_shows_recovery_examples() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["view", "--help"]);
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("Recovery examples:"));
+    assert!(stdout.contains("opensession view --no-open"));
+    assert!(stdout.contains("opensession view os://src/local/<sha256> --no-open"));
+    assert!(stdout.contains("opensession view ./session.hail.jsonl --no-open"));
+    assert!(stdout.contains("opensession view HEAD~3..HEAD --no-open"));
+}
+
+#[test]
+fn doctor_help_shows_recovery_examples() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["doctor", "--help"]);
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("Recovery examples:"));
+    assert!(stdout.contains("opensession doctor --fix --profile local"));
+    assert!(stdout.contains("opensession doctor --fix --yes --profile app"));
+    assert!(stdout.contains("opensession docs quickstart"));
+}
+
+#[test]
+fn doctor_yes_without_fix_shows_next_steps() {
+    let tmp = make_home();
+    let output = run(tmp.path(), tmp.path(), &["doctor", "--yes"]);
+    assert!(!output.status.success());
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(stderr.contains("`--yes` requires `--fix`"));
+    assert!(stderr.contains("next:"));
+    assert!(
+        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
+    );
+}
+
+#[test]
+fn doctor_fanout_without_fix_shows_next_steps() {
+    let tmp = make_home();
+    let output = run(
+        tmp.path(),
+        tmp.path(),
+        &["doctor", "--fanout-mode", "hidden_ref"],
+    );
+    assert!(!output.status.success());
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(stderr.contains("`--fanout-mode` requires `--fix`"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession doctor --fix --fanout-mode hidden_ref"));
+}
+
+#[test]
+fn docs_completion_still_available() {
+    let tmp = make_home();
+    let out = run(tmp.path(), tmp.path(), &["docs", "completion", "bash"]);
+    assert!(out.status.success());
+    assert!(!out.stdout.is_empty());
+}
+
+#[test]
+fn docs_quickstart_prints_first_user_flow() {
+    let tmp = make_home();
+    let out = run(tmp.path(), tmp.path(), &["docs", "quickstart"]);
+    assert!(out.status.success());
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    assert!(stdout.contains("OpenSession 5-minute first-user flow"));
+    assert!(stdout.contains("opensession doctor --fix"));
+    assert!(stdout.contains("opensession parse --profile codex"));
+    assert!(stdout.contains("opensession register ./session.hail.jsonl"));
+    assert!(stdout.contains("opensession share os://src/local/<sha256> --quick --remote origin"));
+}
+
+#[test]
+fn testing_helper_agent_is_available() {
+    // Keep one assertion using opensession_core::testing to ensure dev-dependency path stays valid.
+    let agent = testing::agent();
+    assert!(!agent.tool.is_empty());
+}
diff --git a/crates/cli/tests/handoff_cli/inspect_cli.rs b/crates/cli/tests/handoff_cli/inspect_cli.rs
new file mode 100644
index 00000000..09436002
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/inspect_cli.rs
@@ -0,0 +1,37 @@
+use super::*;
+
+#[test]
+fn inspect_local_and_artifact_json() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-inspect"));
+
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let inspect_local = run(tmp.path(), &repo, &["inspect", &local_uri, "--json"]);
+    assert!(inspect_local.status.success());
+    let local_json: Value = serde_json::from_slice(&inspect_local.stdout).expect("inspect local");
+    assert_eq!(local_json["uri"], local_uri);
+
+    let build = run(
+        tmp.path(),
+        &repo,
+        &["handoff", "build", "--from", &local_uri],
+    );
+    assert!(build.status.success());
+    let artifact_uri = first_non_empty_line(&build.stdout);
+
+    let inspect_artifact = run(tmp.path(), &repo, &["inspect", &artifact_uri, "--json"]);
+    assert!(inspect_artifact.status.success());
+    let artifact_json: Value =
+        serde_json::from_slice(&inspect_artifact.stdout).expect("inspect artifact");
+    assert_eq!(artifact_json["uri"], artifact_uri);
+}
diff --git a/crates/cli/tests/handoff_cli/parse_cli.rs b/crates/cli/tests/handoff_cli/parse_cli.rs
new file mode 100644
index 00000000..2ba9f2e6
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/parse_cli.rs
@@ -0,0 +1,125 @@
+use super::*;
+
+#[test]
+fn register_rejects_non_hail_with_next_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("not-hail.txt");
+    write_file(&input, "this is not hail jsonl\n");
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["register", input.to_str().expect("path")],
+    );
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("register expects canonical HAIL JSONL"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession parse --profile codex"));
+}
+
+#[test]
+fn parse_invalid_profile_shows_next_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let raw = repo.join("raw-session.jsonl");
+    write_file(&raw, "{\"not\":\"a valid session format\"}\n");
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "parse",
+            "--profile",
+            "unknown-profile",
+            raw.to_str().expect("path"),
+        ],
+    );
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession parse --help"));
+}
+
+#[test]
+fn parse_profile_codex_outputs_canonical_jsonl() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("codex.jsonl");
+    write_file(
+        &input,
+        r#"{"type":"session_meta","session_id":"abc","timestamp":"2026-02-14T00:00:00Z"}
+{"type":"response_item","timestamp":"2026-02-14T00:00:01Z","payload":{"type":"message","role":"user","content":"hello"}}"#,
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "parse",
+            "--profile",
+            "codex",
+            input.to_str().expect("path"),
+            "--validate",
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "parse failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let parsed = Session::from_jsonl(&String::from_utf8_lossy(&out.stdout)).expect("jsonl");
+    assert_eq!(parsed.version, Session::CURRENT_VERSION);
+    assert_eq!(parsed.agent.tool, "codex");
+}
+
+#[test]
+fn parse_preview_option_prints_parser_used() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-preview"));
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "parse",
+            "--profile",
+            "hail",
+            "--preview",
+            input.to_str().expect("path"),
+        ],
+    );
+    assert!(out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("parser_used:"));
+}
+
+#[test]
+fn canonical_jsonl_register_rejects_non_hail_input() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("raw.jsonl");
+    write_file(&input, "{\"type\":\"session_meta\"}\n");
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["register", input.to_str().expect("path")],
+    );
+    assert!(!out.status.success());
+    assert!(String::from_utf8_lossy(&out.stderr).contains("opensession parse"));
+}
diff --git a/crates/cli/tests/handoff_cli/review_cli.rs b/crates/cli/tests/handoff_cli/review_cli.rs
new file mode 100644
index 00000000..a9c8e4c1
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/review_cli.rs
@@ -0,0 +1,99 @@
+use super::*;
+
+#[test]
+fn review_rejects_removed_tui_view_mode() {
+    let tmp = make_home();
+    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, true);
+
+    let out = run(
+        tmp.path(),
+        &reviewer_repo,
+        &["review", &pr_link, "--view", "tui", "--no-fetch"],
+    );
+    assert!(
+        !out.status.success(),
+        "review --view tui should be rejected"
+    );
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(
+        stderr.contains("invalid value 'tui'"),
+        "unexpected stderr: {stderr}"
+    );
+}
+
+#[test]
+fn review_json_builds_commit_grouped_bundle_from_hidden_refs() {
+    let tmp = make_home();
+    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, true);
+
+    let out = run(
+        tmp.path(),
+        &reviewer_repo,
+        &["review", &pr_link, "--json", "--no-fetch"],
+    );
+    assert!(
+        out.status.success(),
+        "review failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("review json payload");
+    assert_eq!(payload["commit_count"].as_u64().unwrap_or(0), 1);
+    assert_eq!(payload["mapped_commit_count"].as_u64().unwrap_or(0), 1);
+    assert!(payload["session_count"].as_u64().unwrap_or(0) >= 1);
+
+    let bundle_path = payload["bundle_path"]
+        .as_str()
+        .expect("bundle path in payload");
+    let bundle_raw = fs::read(bundle_path).expect("read review bundle");
+    let bundle_json: Value = serde_json::from_slice(&bundle_raw).expect("bundle json");
+    let first_commit = bundle_json["commits"]
+        .as_array()
+        .and_then(|rows| rows.first())
+        .expect("first commit row");
+    let first_session = first_commit["session_ids"]
+        .as_array()
+        .and_then(|rows| rows.first())
+        .and_then(|v| v.as_str())
+        .unwrap_or_default();
+    assert_eq!(first_session, "s-review");
+    assert!(
+        first_commit["semantic_summary"].is_object(),
+        "expected commit semantic_summary payload"
+    );
+}
+
+#[test]
+fn review_no_fetch_succeeds_with_empty_session_groups_when_hidden_refs_missing() {
+    let tmp = make_home();
+    let (reviewer_repo, pr_link) = setup_review_fixture(&tmp, false);
+
+    let out = run(
+        tmp.path(),
+        &reviewer_repo,
+        &["review", &pr_link, "--json", "--no-fetch"],
+    );
+    assert!(
+        out.status.success(),
+        "review should succeed without hidden refs: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("review json payload");
+    assert_eq!(payload["commit_count"].as_u64().unwrap_or(0), 1);
+    assert_eq!(payload["mapped_commit_count"].as_u64().unwrap_or(0), 0);
+    assert_eq!(payload["session_count"].as_u64().unwrap_or(0), 0);
+
+    let bundle_path = payload["bundle_path"]
+        .as_str()
+        .expect("bundle path in payload");
+    let bundle_raw = fs::read(bundle_path).expect("read review bundle");
+    let bundle_json: Value = serde_json::from_slice(&bundle_raw).expect("bundle json");
+    let first_commit = bundle_json["commits"]
+        .as_array()
+        .and_then(|rows| rows.first())
+        .expect("first commit row");
+    assert!(
+        first_commit["semantic_summary"].is_object(),
+        "expected semantic summary even when mapped sessions are absent"
+    );
+}
diff --git a/crates/cli/tests/handoff_cli/setup_cli.rs b/crates/cli/tests/handoff_cli/setup_cli.rs
new file mode 100644
index 00000000..d326252d
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/setup_cli.rs
@@ -0,0 +1,331 @@
+use super::*;
+
+#[test]
+fn setup_non_tty_requires_yes() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["setup"]);
+    assert!(
+        !out.status.success(),
+        "setup should require --yes in non-tty mode"
+    );
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("requires explicit approval"));
+    assert!(
+        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
+    );
+}
+
+#[test]
+fn setup_non_tty_yes_requires_explicit_fanout_when_unset() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["setup", "--yes"]);
+    assert!(
+        !out.status.success(),
+        "setup --yes should fail without explicit fanout when repo has no fanout config"
+    );
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("fanout mode is not configured"));
+    assert!(
+        stderr.contains("opensession doctor --fix --yes --profile local --fanout-mode hidden_ref")
+    );
+}
+
+#[test]
+fn setup_yes_with_fanout_installs_pre_push_hook_with_original_copy() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    write_file(
+        &repo.join(".git").join("hooks").join("pre-push"),
+        "#!/bin/sh\necho custom\n",
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["setup", "--yes", "--fanout-mode", "hidden_ref"],
+    );
+    assert!(
+        out.status.success(),
+        "setup failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let backup = repo
+        .join(".git")
+        .join("hooks")
+        .join("pre-push.original.pre-opensession");
+    assert!(backup.exists(), "expected original hook copy");
+    let shim = tmp
+        .path()
+        .join(".local")
+        .join("share")
+        .join("opensession")
+        .join("bin")
+        .join("opensession");
+    assert!(shim.exists(), "expected setup to install opensession shim");
+    let ops_shim = tmp
+        .path()
+        .join(".local")
+        .join("share")
+        .join("opensession")
+        .join("bin")
+        .join("ops");
+    assert!(ops_shim.exists(), "expected setup to install ops shim");
+
+    let hook_body = fs::read_to_string(repo.join(".git").join("hooks").join("pre-push"))
+        .expect("read pre-push hook");
+    assert!(hook_body.contains("opensession-managed"));
+    assert!(hook_body.contains("setup --sync-branch-session"));
+    assert!(hook_body.contains("--sync-branch-commit"));
+    assert!(hook_body.contains("setup --print-ledger-ref"));
+    assert!(hook_body.contains("setup --print-fanout-mode"));
+    assert!(hook_body.contains("git notes --ref=opensession"));
+    assert!(hook_body.contains("git notes --ref=opensession copy -f"));
+    assert!(hook_body.contains(".local/share/opensession/bin/opensession"));
+
+    let fanout = run_git(
+        &repo,
+        &["config", "--local", "--get", "opensession.fanout-mode"],
+    );
+    assert_eq!(String::from_utf8_lossy(&fanout.stdout).trim(), "hidden_ref");
+    let open_target = run_git(
+        &repo,
+        &["config", "--local", "--get", "opensession.open-target"],
+    );
+    assert_eq!(String::from_utf8_lossy(&open_target.stdout).trim(), "web");
+}
+
+#[test]
+fn doctor_fix_yes_with_fanout_mode_applies_setup() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "doctor",
+            "--fix",
+            "--yes",
+            "--fanout-mode",
+            "git_notes",
+            "--open-target",
+            "web",
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "doctor --fix failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let fanout = run_git(
+        &repo,
+        &["config", "--local", "--get", "opensession.fanout-mode"],
+    );
+    assert_eq!(String::from_utf8_lossy(&fanout.stdout).trim(), "git_notes");
+    let open_target = run_git(
+        &repo,
+        &["config", "--local", "--get", "opensession.open-target"],
+    );
+    assert_eq!(String::from_utf8_lossy(&open_target.stdout).trim(), "web");
+    assert!(
+        repo.join(".git").join("hooks").join("pre-push").exists(),
+        "expected pre-push hook to be installed by doctor --fix"
+    );
+}
+
+#[test]
+fn setup_check_prints_expected_ledger_ref() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["setup", "--check"]);
+    assert!(
+        out.status.success(),
+        "setup --check failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    assert!(stdout.contains("current branch:"));
+    assert!(stdout.contains("main"));
+    assert!(stdout.contains(&opensession_git_native::branch_ledger_ref("main")));
+    assert!(stdout.contains("ops shim:"));
+    assert!(stdout.contains("review readiness:"));
+}
+
+#[test]
+fn setup_print_fanout_mode_reads_git_config() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["setup", "--print-fanout-mode"]);
+    assert!(
+        out.status.success(),
+        "print-fanout-mode failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    assert_eq!(String::from_utf8_lossy(&out.stdout).trim(), "hidden_ref");
+
+    let git_config = Command::new("git")
+        .arg("-C")
+        .arg(&repo)
+        .arg("config")
+        .arg("--local")
+        .arg("opensession.fanout-mode")
+        .arg("git_notes")
+        .output()
+        .expect("set git config");
+    assert!(
+        git_config.status.success(),
+        "{}",
+        String::from_utf8_lossy(&git_config.stderr)
+    );
+
+    let out = run(tmp.path(), &repo, &["setup", "--print-fanout-mode"]);
+    assert!(
+        out.status.success(),
+        "print-fanout-mode failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    assert_eq!(String::from_utf8_lossy(&out.stdout).trim(), "git_notes");
+}
+
+#[test]
+fn setup_sync_branch_session_stores_latest_repo_session_to_hidden_ref() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let head_sha = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
+    let session_path = tmp
+        .path()
+        .join(".codex")
+        .join("sessions")
+        .join("2026")
+        .join("02")
+        .join("26")
+        .join("rollout-2026-02-26T00-00-00-sync-session-1.jsonl");
+    write_file(
+        &session_path,
+        &make_hail_jsonl_with_cwd("sync-session-1", &repo),
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "setup",
+            "--sync-branch-session",
+            "main",
+            "--sync-branch-commit",
+            &head_sha,
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "sync branch session failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
+    let verify = Command::new("git")
+        .arg("-C")
+        .arg(&repo)
+        .arg("show-ref")
+        .arg("--verify")
+        .arg("--quiet")
+        .arg(&ledger_ref)
+        .output()
+        .expect("verify ledger ref exists");
+    assert!(
+        verify.status.success(),
+        "expected ledger ref to exist after sync"
+    );
+
+    let index_blob = run_git(
+        &repo,
+        &[
+            "show",
+            &format!("{ledger_ref}:v1/index/commits/{head_sha}/sync-session-1.json"),
+        ],
+    );
+    let index_body = String::from_utf8_lossy(&index_blob.stdout);
+    assert!(index_body.contains("\"session_id\":\"sync-session-1\""));
+}
+
+#[test]
+fn setup_sync_branch_session_maps_single_session_to_multiple_commits() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    write_file(&repo.join("a.txt"), "a\n");
+    run_git(&repo, &["add", "."]);
+    run_git(&repo, &["commit", "-m", "feat: a"]);
+    let commit_a = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
+
+    write_file(&repo.join("b.txt"), "b\n");
+    run_git(&repo, &["add", "."]);
+    run_git(&repo, &["commit", "-m", "feat: b"]);
+    let commit_b = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
+
+    let session_path = tmp
+        .path()
+        .join(".codex")
+        .join("sessions")
+        .join("2026")
+        .join("02")
+        .join("26")
+        .join("rollout-2026-02-26T00-00-00-sync-session-multi.jsonl");
+    let created = chrono::Utc::now() - chrono::Duration::hours(2);
+    let updated = chrono::Utc::now() + chrono::Duration::hours(2);
+    write_file(
+        &session_path,
+        &make_hail_jsonl_with_cwd_and_window("sync-session-multi", &repo, created, updated),
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "setup",
+            "--sync-branch-session",
+            "main",
+            "--sync-branch-commit",
+            &commit_b,
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "sync branch session failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
+    run_git(
+        &repo,
+        &[
+            "show",
+            &format!("{ledger_ref}:v1/index/commits/{commit_a}/sync-session-multi.json"),
+        ],
+    );
+    run_git(
+        &repo,
+        &[
+            "show",
+            &format!("{ledger_ref}:v1/index/commits/{commit_b}/sync-session-multi.json"),
+        ],
+    );
+}
diff --git a/crates/cli/tests/handoff_cli/share_cli.rs b/crates/cli/tests/handoff_cli/share_cli.rs
new file mode 100644
index 00000000..78d019be
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/share_cli.rs
@@ -0,0 +1,610 @@
+use super::*;
+
+#[test]
+fn register_and_cat_roundtrip() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-register"));
+
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", input.to_str().expect("path")],
+    );
+    assert!(
+        register_out.status.success(),
+        "register failed: {}",
+        String::from_utf8_lossy(&register_out.stderr)
+    );
+    let uri = first_non_empty_line(&register_out.stdout);
+    assert!(uri.starts_with("os://src/local/"));
+
+    let cat_out = run(tmp.path(), &repo, &["cat", &uri]);
+    assert!(cat_out.status.success());
+    let cat_body = String::from_utf8_lossy(&cat_out.stdout);
+    let parsed = Session::from_jsonl(&cat_body).expect("cat output is valid jsonl");
+    assert_eq!(parsed.session_id, "s-register");
+}
+
+#[test]
+fn share_web_rejects_local_uri() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-web"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let output = run(tmp.path(), &repo, &["share", &local_uri, "--web"]);
+    assert!(!output.status.success());
+    let stderr = String::from_utf8_lossy(&output.stderr);
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("--git --remote"));
+}
+
+#[test]
+fn share_git_requires_remote_guidance() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-missing-remote"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(tmp.path(), &repo, &["share", &local_uri, "--git"]);
+    assert!(!share_out.status.success());
+    let stderr = String::from_utf8_lossy(&share_out.stderr);
+    assert!(stderr.contains("`--remote <name|url>` is required"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession share <local_uri> --git --remote origin"));
+}
+
+#[test]
+fn share_quick_auto_detects_origin_without_push_and_reports_state() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-quick-no-push"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(
+        tmp.path(),
+        &repo,
+        &["share", &local_uri, "--quick", "--json"],
+    );
+    assert!(
+        share_out.status.success(),
+        "share --quick failed: {}",
+        String::from_utf8_lossy(&share_out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&share_out.stdout).expect("quick share json");
+    assert_eq!(payload.get("quick").and_then(Value::as_bool), Some(true));
+    assert_eq!(payload.get("pushed").and_then(Value::as_bool), Some(false));
+    assert_eq!(
+        payload.get("auto_push_consent").and_then(Value::as_bool),
+        Some(false)
+    );
+    assert_eq!(
+        payload.get("remote_target").and_then(Value::as_str),
+        Some("origin")
+    );
+    assert!(
+        payload
+            .get("push_cmd")
+            .and_then(Value::as_str)
+            .unwrap_or_default()
+            .contains("git push origin")
+    );
+}
+
+#[test]
+fn share_quick_push_consent_persists_and_enables_auto_push() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let first_input = repo.join("first.hail.jsonl");
+    write_file(&first_input, &make_hail_jsonl("s-share-quick-first"));
+    let first_register = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", first_input.to_str().expect("path")],
+    );
+    let first_local_uri = first_non_empty_line(&first_register.stdout);
+    let first_share = run(
+        tmp.path(),
+        &repo,
+        &["share", &first_local_uri, "--quick", "--push", "--json"],
+    );
+    assert!(
+        first_share.status.success(),
+        "share --quick --push failed: {}",
+        String::from_utf8_lossy(&first_share.stderr)
+    );
+    let first_payload: Value =
+        serde_json::from_slice(&first_share.stdout).expect("quick share json");
+    assert_eq!(
+        first_payload.get("quick").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        first_payload.get("pushed").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        first_payload
+            .get("auto_push_consent")
+            .and_then(Value::as_bool),
+        Some(true)
+    );
+
+    let consent_config = first_non_empty_line(
+        &run_git(
+            &repo,
+            &[
+                "config",
+                "--local",
+                "--get",
+                "opensession.share.auto-push-consent",
+            ],
+        )
+        .stdout,
+    );
+    assert_eq!(consent_config, "true");
+
+    let second_input = repo.join("second.hail.jsonl");
+    write_file(&second_input, &make_hail_jsonl("s-share-quick-second"));
+    let second_register = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", second_input.to_str().expect("path")],
+    );
+    let second_local_uri = first_non_empty_line(&second_register.stdout);
+    let second_hash = second_local_uri
+        .split('/')
+        .next_back()
+        .expect("local uri hash")
+        .to_string();
+
+    let second_share = run(
+        tmp.path(),
+        &repo,
+        &["share", &second_local_uri, "--quick", "--json"],
+    );
+    assert!(
+        second_share.status.success(),
+        "second share --quick failed: {}",
+        String::from_utf8_lossy(&second_share.stderr)
+    );
+    let second_payload: Value =
+        serde_json::from_slice(&second_share.stdout).expect("second quick share json");
+    assert_eq!(
+        second_payload.get("quick").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        second_payload.get("pushed").and_then(Value::as_bool),
+        Some(true)
+    );
+    assert_eq!(
+        second_payload
+            .get("auto_push_consent")
+            .and_then(Value::as_bool),
+        Some(true)
+    );
+
+    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
+    run_git(
+        tmp.path(),
+        &[
+            "--git-dir",
+            remote.to_str().expect("remote"),
+            "show",
+            &format!("{ledger_ref}:sessions/{second_hash}.jsonl"),
+        ],
+    );
+}
+
+#[test]
+fn share_quick_requires_remote_when_none_exist() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-quick-no-remote"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(tmp.path(), &repo, &["share", &local_uri, "--quick"]);
+    assert!(!share_out.status.success());
+    let stderr = String::from_utf8_lossy(&share_out.stderr);
+    assert!(stderr.contains("no remotes were found"));
+    assert!(stderr.contains("git remote add origin"));
+}
+
+#[test]
+fn share_quick_rejects_ambiguous_remote_and_allows_explicit_override() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+    run_git(
+        &repo,
+        &[
+            "remote",
+            "add",
+            "upstream",
+            "https://github.com/example/upstream.git",
+        ],
+    );
+    run_git(
+        &repo,
+        &[
+            "remote",
+            "add",
+            "mirror",
+            "https://github.com/example/mirror.git",
+        ],
+    );
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-quick-ambiguous"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let ambiguous = run(tmp.path(), &repo, &["share", &local_uri, "--quick"]);
+    assert!(!ambiguous.status.success());
+    let stderr = String::from_utf8_lossy(&ambiguous.stderr);
+    assert!(stderr.contains("could not choose a remote automatically"));
+    assert!(stderr.contains("--quick --remote origin"));
+
+    let explicit = run(
+        tmp.path(),
+        &repo,
+        &[
+            "share", &local_uri, "--quick", "--remote", "upstream", "--json",
+        ],
+    );
+    assert!(
+        explicit.status.success(),
+        "share --quick --remote upstream failed: {}",
+        String::from_utf8_lossy(&explicit.stderr)
+    );
+    let payload: Value =
+        serde_json::from_slice(&explicit.stdout).expect("explicit quick share json");
+    assert_eq!(payload.get("quick").and_then(Value::as_bool), Some(true));
+    assert_eq!(
+        payload.get("remote_target").and_then(Value::as_str),
+        Some("upstream")
+    );
+}
+
+#[test]
+fn share_web_requires_config_with_next_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let uri = opensession_core::source_uri::SourceUri::Src(
+        opensession_core::source_uri::SourceSpec::Git {
+            remote: "https://git.example/repo.git".to_string(),
+            r#ref: "refs/heads/main".to_string(),
+            path: "sessions/demo.jsonl".to_string(),
+        },
+    )
+    .to_string();
+
+    let out = run(tmp.path(), &repo, &["share", &uri, "--web"]);
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("missing config"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession config init --base-url"));
+}
+
+#[test]
+fn share_git_outside_repo_shows_next_steps() {
+    let tmp = make_home();
+    let outside = tmp.path().join("outside");
+    fs::create_dir_all(&outside).expect("create outside dir");
+
+    let input = outside.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-outside"));
+    let register_out = run(
+        tmp.path(),
+        &outside,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+    assert!(local_uri.starts_with("os://src/local/"));
+
+    let share_out = run(
+        tmp.path(),
+        &outside,
+        &["share", &local_uri, "--git", "--remote", "origin"],
+    );
+    assert!(!share_out.status.success());
+    let stderr = String::from_utf8_lossy(&share_out.stderr);
+    assert!(stderr.contains("current directory is not inside a git repository"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("cd into the target git repository and retry"));
+}
+
+#[test]
+fn share_git_without_push_prints_push_command() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-git"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(
+        tmp.path(),
+        &repo,
+        &["share", &local_uri, "--git", "--remote", "origin"],
+    );
+    assert!(
+        share_out.status.success(),
+        "share --git failed: {}",
+        String::from_utf8_lossy(&share_out.stderr)
+    );
+    let stdout = String::from_utf8_lossy(&share_out.stdout);
+    let shared_uri = stdout.lines().next().unwrap_or_default();
+    assert!(shared_uri.starts_with("os://src/git/") || shared_uri.starts_with("os://src/gh/"));
+    assert!(stdout.contains("push_cmd:"));
+
+    let hash = local_uri.split('/').next_back().expect("local hash in uri");
+
+    run_git(
+        &repo,
+        &[
+            "show",
+            &format!(
+                "{}:sessions/{hash}.jsonl",
+                opensession_git_native::branch_ledger_ref("main")
+            ),
+        ],
+    );
+}
+
+#[test]
+fn share_git_with_gitlab_dot_com_remote_emits_gl_uri() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-gl"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "share",
+            &local_uri,
+            "--git",
+            "--remote",
+            "https://gitlab.com/group/sub/repo.git",
+        ],
+    );
+    assert!(
+        share_out.status.success(),
+        "share --git failed: {}",
+        String::from_utf8_lossy(&share_out.stderr)
+    );
+    let stdout = String::from_utf8_lossy(&share_out.stdout);
+    let shared_uri = stdout.lines().next().unwrap_or_default();
+    assert!(
+        shared_uri.starts_with("os://src/gl/"),
+        "expected gl uri, got: {shared_uri}"
+    );
+}
+
+#[test]
+fn share_git_push_in_non_tty_does_not_trigger_cleanup_prompt() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-share-push-no-tty"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let share_out = run(
+        tmp.path(),
+        &repo,
+        &["share", &local_uri, "--git", "--remote", "origin", "--push"],
+    );
+    assert!(
+        share_out.status.success(),
+        "share --push failed: {}",
+        String::from_utf8_lossy(&share_out.stderr)
+    );
+
+    assert!(
+        !repo
+            .join(".opensession")
+            .join("cleanup")
+            .join("config.toml")
+            .exists(),
+        "non-tty share should not auto-initialize cleanup config"
+    );
+
+    let prompted = Command::new("git")
+        .arg("-C")
+        .arg(&repo)
+        .arg("config")
+        .arg("--local")
+        .arg("--get")
+        .arg("opensession.cleanup.prompted")
+        .output()
+        .expect("read prompted config");
+    assert!(
+        !prompted.status.success(),
+        "non-tty share should not set cleanup prompt git config"
+    );
+}
+
+#[test]
+fn config_and_share_web_success() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let init_out = run(
+        tmp.path(),
+        &repo,
+        &["config", "init", "--base-url", "https://example.test"],
+    );
+    assert!(init_out.status.success());
+
+    let uri = opensession_core::source_uri::SourceUri::Src(
+        opensession_core::source_uri::SourceSpec::Git {
+            remote: "https://git.example/repo.git".to_string(),
+            r#ref: "refs/heads/main".to_string(),
+            path: "sessions/demo.jsonl".to_string(),
+        },
+    )
+    .to_string();
+    let out = run(tmp.path(), &repo, &["share", &uri, "--web"]);
+    assert!(
+        out.status.success(),
+        "share web failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let stdout = String::from_utf8_lossy(&out.stdout);
+    assert!(stdout.contains("https://example.test/src/git/"));
+    assert!(stdout.contains("base_url: https://example.test"));
+}
+
+#[test]
+fn share_web_supports_gl_and_git_routes() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let init_out = run(
+        tmp.path(),
+        &repo,
+        &["config", "init", "--base-url", "https://example.test"],
+    );
+    assert!(init_out.status.success());
+
+    let gl_uri = opensession_core::source_uri::SourceUri::Src(
+        opensession_core::source_uri::SourceSpec::Gl {
+            project: "group/sub/repo".to_string(),
+            r#ref: "refs/heads/main".to_string(),
+            path: "sessions/demo.jsonl".to_string(),
+        },
+    )
+    .to_string();
+    let gl_out = run(tmp.path(), &repo, &["share", &gl_uri, "--web"]);
+    assert!(
+        gl_out.status.success(),
+        "share web for gl failed: {}",
+        String::from_utf8_lossy(&gl_out.stderr)
+    );
+    let gl_stdout = String::from_utf8_lossy(&gl_out.stdout);
+    assert!(gl_stdout.contains("https://example.test/src/gl/"));
+
+    let git_uri = opensession_core::source_uri::SourceUri::Src(
+        opensession_core::source_uri::SourceSpec::Git {
+            remote: "https://gitlab.internal.example.com/group/repo.git".to_string(),
+            r#ref: "refs/heads/main".to_string(),
+            path: "sessions/demo.jsonl".to_string(),
+        },
+    )
+    .to_string();
+    let git_out = run(tmp.path(), &repo, &["share", &git_uri, "--web"]);
+    assert!(
+        git_out.status.success(),
+        "share web for git failed: {}",
+        String::from_utf8_lossy(&git_out.stderr)
+    );
+    let git_stdout = String::from_utf8_lossy(&git_out.stdout);
+    assert!(git_stdout.contains("https://example.test/src/git/"));
+}
diff --git a/crates/cli/tests/handoff_cli/view_cli.rs b/crates/cli/tests/handoff_cli/view_cli.rs
new file mode 100644
index 00000000..8fff98d4
--- /dev/null
+++ b/crates/cli/tests/handoff_cli/view_cli.rs
@@ -0,0 +1,304 @@
+use super::*;
+
+#[test]
+fn view_web_maps_remote_source_uri_to_src_route() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let init_out = run(
+        tmp.path(),
+        &repo,
+        &["config", "init", "--base-url", "https://example.test"],
+    );
+    assert!(init_out.status.success());
+
+    let uri = opensession_core::source_uri::SourceUri::Src(
+        opensession_core::source_uri::SourceSpec::Gl {
+            project: "group/sub/repo".to_string(),
+            r#ref: "refs/heads/main".to_string(),
+            path: "sessions/demo.jsonl".to_string(),
+        },
+    )
+    .to_string();
+    let out = run(tmp.path(), &repo, &["view", &uri, "--no-open", "--json"]);
+    assert!(
+        out.status.success(),
+        "view failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
+    let url = payload
+        .get("url")
+        .and_then(Value::as_str)
+        .unwrap_or_default()
+        .to_string();
+    assert!(
+        url.starts_with("https://example.test/src/gl/"),
+        "unexpected url: {url}"
+    );
+}
+
+#[test]
+fn view_local_uri_emits_local_review_url_without_opening_browser() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let input = repo.join("sample.hail.jsonl");
+    write_file(&input, &make_hail_jsonl("s-view-local"));
+    let register_out = run(
+        tmp.path(),
+        &repo,
+        &["register", "--quiet", input.to_str().expect("path")],
+    );
+    let local_uri = first_non_empty_line(&register_out.stdout);
+
+    let view_out = run(
+        tmp.path(),
+        &repo,
+        &["view", &local_uri, "--no-open", "--json"],
+    );
+    assert!(
+        view_out.status.success(),
+        "view failed: {}",
+        String::from_utf8_lossy(&view_out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&view_out.stdout).expect("view json");
+    assert_eq!(payload.get("mode").and_then(Value::as_str), Some("local"));
+    let url = payload
+        .get("url")
+        .and_then(Value::as_str)
+        .unwrap_or_default();
+    assert!(url.contains("/review/local/"), "unexpected url: {url}");
+}
+
+#[test]
+fn view_commit_target_builds_commit_review_bundle() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["view", "HEAD", "--no-open", "--json"]);
+    assert!(
+        out.status.success(),
+        "view commit failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
+    assert_eq!(payload.get("mode").and_then(Value::as_str), Some("commit"));
+    let url = payload
+        .get("url")
+        .and_then(Value::as_str)
+        .unwrap_or_default();
+    assert!(url.contains("/review/local/"), "unexpected url: {url}");
+}
+
+#[test]
+fn view_without_target_defaults_to_sessions_route() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["view", "--no-open", "--json"]);
+    assert!(
+        out.status.success(),
+        "view default failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
+    assert_eq!(
+        payload.get("mode").and_then(Value::as_str),
+        Some("sessions")
+    );
+    let url = payload
+        .get("url")
+        .and_then(Value::as_str)
+        .unwrap_or_default();
+    assert_eq!(url, "http://127.0.0.1:8788/sessions");
+}
+
+#[test]
+fn view_without_target_prefills_repo_query_when_origin_matches_owner_repo() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+    run_git(
+        &repo,
+        &[
+            "remote",
+            "add",
+            "origin",
+            "https://github.com/acme/repo.git",
+        ],
+    );
+
+    let out = run(tmp.path(), &repo, &["view", "--no-open", "--json"]);
+    assert!(
+        out.status.success(),
+        "view default failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("view json");
+    let url = payload
+        .get("url")
+        .and_then(Value::as_str)
+        .unwrap_or_default();
+    assert!(url.contains("/sessions?"), "unexpected url: {url}");
+    assert!(
+        url.contains("git_repo_name=acme%2Frepo"),
+        "unexpected url: {url}"
+    );
+}
+
+#[test]
+fn view_rejects_removed_tui_flag() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(tmp.path(), &repo, &["view", "--tui"]);
+    assert!(!out.status.success(), "view --tui should be rejected");
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(
+        stderr.contains("unexpected argument '--tui'"),
+        "unexpected stderr: {stderr}"
+    );
+}
+
+#[test]
+fn view_without_target_open_mode_fails_closed_without_explicit_base_url() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+    run_git(
+        &repo,
+        &["config", "--local", "opensession.open-target", "web"],
+    );
+
+    let out = run(tmp.path(), &repo, &["view", "--json"]);
+    assert!(
+        !out.status.success(),
+        "view default should fail without local server/base URL"
+    );
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("local sessions server is unavailable"));
+    assert!(stderr.contains("opensession view --no-open"));
+    assert!(stderr.contains("opensession config init --base-url"));
+}
+
+#[cfg(target_os = "macos")]
+#[test]
+fn view_without_target_open_mode_suppresses_desktop_open_probe_stderr() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let bin = tmp.path().join("bin");
+    fs::create_dir_all(&bin).expect("create bin");
+    let fake_open = bin.join("open");
+    write_file(
+        &fake_open,
+        "#!/bin/sh\necho OPEN_PROBE_MARKER >&2\nexit 1\n",
+    );
+    let mut perms = fs::metadata(&fake_open)
+        .expect("stat fake open")
+        .permissions();
+    perms.set_mode(0o755);
+    fs::set_permissions(&fake_open, perms).expect("chmod fake open");
+
+    let base_path = std::env::var("PATH").unwrap_or_default();
+    let path_env = if base_path.is_empty() {
+        bin.display().to_string()
+    } else {
+        format!("{}:{}", bin.display(), base_path)
+    };
+
+    let mut cmd = Command::new(env!("CARGO_BIN_EXE_opensession"));
+    let out = cmd
+        .args(["view", "--json"])
+        .current_dir(&repo)
+        .env("HOME", tmp.path())
+        .env("NO_COLOR", "1")
+        .env("PATH", path_env)
+        .output()
+        .expect("run opensession");
+
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(
+        !stderr.contains("OPEN_PROBE_MARKER"),
+        "desktop open probe stderr leaked: {stderr}"
+    );
+}
+
+#[cfg(target_os = "macos")]
+#[test]
+fn view_without_target_web_open_target_skips_desktop_probe() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+    run_git(
+        &repo,
+        &["config", "--local", "opensession.open-target", "web"],
+    );
+
+    let bin = tmp.path().join("bin");
+    fs::create_dir_all(&bin).expect("create bin");
+    let marker_path = tmp.path().join("open-invoked");
+    let fake_open = bin.join("open");
+    write_file(
+        &fake_open,
+        format!(
+            "#!/bin/sh\nprintf invoked > \"{}\"\nexit 1\n",
+            marker_path.display()
+        )
+        .as_str(),
+    );
+    let mut perms = fs::metadata(&fake_open)
+        .expect("stat fake open")
+        .permissions();
+    perms.set_mode(0o755);
+    fs::set_permissions(&fake_open, perms).expect("chmod fake open");
+
+    let base_path = std::env::var("PATH").unwrap_or_default();
+    let path_env = if base_path.is_empty() {
+        bin.display().to_string()
+    } else {
+        format!("{}:{}", bin.display(), base_path)
+    };
+
+    let mut cmd = Command::new(env!("CARGO_BIN_EXE_opensession"));
+    let out = cmd
+        .args(["view", "--json"])
+        .current_dir(&repo)
+        .env("HOME", tmp.path())
+        .env("NO_COLOR", "1")
+        .env("PATH", path_env)
+        .output()
+        .expect("run opensession");
+
+    assert!(!out.status.success());
+    assert!(
+        !marker_path.exists(),
+        "desktop open probe should be skipped for open-target=web"
+    );
+}
+
+#[test]
+fn view_invalid_target_shows_next_steps() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &["view", "definitely-not-a-real-target", "--no-open"],
+    );
+    assert!(!out.status.success());
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("unable to resolve view target"));
+    assert!(stderr.contains("next:"));
+    assert!(stderr.contains("opensession view os://src/... --no-open"));
+}

From b6a7ab6c4efc6573421474182ac793612634418a Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 13:02:55 +0900
Subject: [PATCH 19/30] feat(ui): add settings page panel components

---
 .../GitCredentialEditorPanel.svelte           | 72 ++++++++++++++++++
 .../GitCredentialListPanel.svelte             | 46 ++++++++++++
 .../settings-page/GitCredentialsPanel.svelte  | 75 +++++++++++++++++++
 .../settings-page/SettingsApiKeyPanel.svelte  | 60 +++++++++++++++
 .../SettingsAuthGatePanel.svelte              | 24 ++++++
 .../SettingsOverviewHeaderPanel.svelte        |  8 ++
 .../settings-page/SettingsProfilePanel.svelte | 40 ++++++++++
 7 files changed, 325 insertions(+)
 create mode 100644 packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
 create mode 100644 packages/ui/src/components/settings-page/SettingsProfilePanel.svelte

diff --git a/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
new file mode 100644
index 00000000..c9f805c4
--- /dev/null
+++ b/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
@@ -0,0 +1,72 @@
+<script lang="ts">
+type Props = {
+	credentialLabel: string;
+	credentialHost: string;
+	credentialPathPrefix: string;
+	credentialHeaderName: string;
+	credentialHeaderValue: string;
+	creatingCredential: boolean;
+	onSaveCredential: () => void;
+};
+
+let {
+	credentialLabel = $bindable(),
+	credentialHost = $bindable(),
+	credentialPathPrefix = $bindable(),
+	credentialHeaderName = $bindable(),
+	credentialHeaderValue = $bindable(),
+	creatingCredential,
+	onSaveCredential,
+}: Props = $props();
+</script>
+
+<div class="mt-4 space-y-3">
+	<div class="grid gap-2 sm:grid-cols-2">
+		<input
+			data-testid="git-credential-label"
+			type="text"
+			placeholder="Label"
+			bind:value={credentialLabel}
+			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
+		/>
+		<input
+			data-testid="git-credential-host"
+			type="text"
+			placeholder="Host (e.g. gitlab.internal.example.com)"
+			bind:value={credentialHost}
+			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
+		/>
+		<input
+			data-testid="git-credential-path-prefix"
+			type="text"
+			placeholder="Path prefix (optional, e.g. group/subgroup)"
+			bind:value={credentialPathPrefix}
+			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
+		/>
+		<input
+			data-testid="git-credential-header-name"
+			type="text"
+			placeholder="Header name"
+			bind:value={credentialHeaderName}
+			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
+		/>
+		<input
+			data-testid="git-credential-header-value"
+			type="password"
+			placeholder="Header value (secret)"
+			bind:value={credentialHeaderValue}
+			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary sm:col-span-2"
+		/>
+	</div>
+	<div class="flex justify-end">
+		<button
+			type="button"
+			data-testid="git-credential-save"
+			onclick={onSaveCredential}
+			disabled={creatingCredential}
+			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
+		>
+			{creatingCredential ? 'Saving...' : 'Save credential'}
+		</button>
+	</div>
+</div>
diff --git a/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
new file mode 100644
index 00000000..aa6689d0
--- /dev/null
+++ b/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
@@ -0,0 +1,46 @@
+<script lang="ts">
+import type { GitCredentialSummary } from '../../types';
+
+const {
+	credentials,
+	credentialsLoading,
+	deletingCredentialId,
+	onDeleteCredential,
+}: {
+	credentials: GitCredentialSummary[];
+	credentialsLoading: boolean;
+	deletingCredentialId: string | null;
+	onDeleteCredential: (id: string) => void;
+} = $props();
+</script>
+
+<div class="mt-4 border border-border/70">
+	<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] gap-2 border-b border-border bg-bg-primary px-3 py-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">
+		<span>Label</span>
+		<span>Host</span>
+		<span>Path Prefix</span>
+		<span>Action</span>
+	</div>
+	{#if credentialsLoading}
+		<div class="px-3 py-3 text-xs text-text-muted">Loading credentials...</div>
+	{:else if credentials.length === 0}
+		<div class="px-3 py-3 text-xs text-text-muted">No manual credentials registered.</div>
+	{:else}
+		{#each credentials as credential}
+			<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] items-center gap-2 border-b border-border/60 px-3 py-2 text-xs">
+				<div class="text-text-primary">{credential.label}</div>
+				<div class="font-mono text-[11px] text-text-secondary">{credential.host}</div>
+				<div class="font-mono text-[11px] text-text-secondary">{credential.path_prefix || '*'}</div>
+				<button
+					type="button"
+					data-testid={'git-credential-delete-' + credential.id}
+					disabled={deletingCredentialId === credential.id}
+					onclick={() => onDeleteCredential(credential.id)}
+					class="border border-border px-2 py-1 text-[11px] text-text-secondary hover:text-text-primary disabled:opacity-60"
+				>
+					{deletingCredentialId === credential.id ? 'Deleting...' : 'Delete'}
+				</button>
+			</div>
+		{/each}
+	{/if}
+</div>
diff --git a/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
new file mode 100644
index 00000000..ee7f5f9a
--- /dev/null
+++ b/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
@@ -0,0 +1,75 @@
+<script lang="ts">
+import type { GitCredentialSummary } from '../../types';
+import GitCredentialEditorPanel from './GitCredentialEditorPanel.svelte';
+import GitCredentialListPanel from './GitCredentialListPanel.svelte';
+
+type Props = {
+	credentialsSupported: boolean;
+	credentials: GitCredentialSummary[];
+	credentialsLoading: boolean;
+	deletingCredentialId: string | null;
+	creatingCredential: boolean;
+	credentialLabel: string;
+	credentialHost: string;
+	credentialPathPrefix: string;
+	credentialHeaderName: string;
+	credentialHeaderValue: string;
+	onSaveCredential: () => void;
+	onDeleteCredential: (id: string) => void;
+};
+
+let {
+	credentialsSupported,
+	credentials,
+	credentialsLoading,
+	deletingCredentialId,
+	creatingCredential,
+	credentialLabel = $bindable(),
+	credentialHost = $bindable(),
+	credentialPathPrefix = $bindable(),
+	credentialHeaderName = $bindable(),
+	credentialHeaderValue = $bindable(),
+	onSaveCredential,
+	onDeleteCredential,
+}: Props = $props();
+</script>
+
+<section
+	id="settings-section-git-credentials"
+	class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl"
+	data-testid="git-credential-settings"
+>
+	<div class="space-y-1">
+		<h2 class="text-sm font-semibold text-text-primary">Private Git Credentials</h2>
+		<p class="text-xs text-text-secondary">
+			Preferred: connect GitHub/GitLab OAuth. Manual credentials are used for private self-managed or generic git remotes.
+		</p>
+	</div>
+
+	{#if !credentialsSupported}
+		<p class="mt-3 text-xs text-text-muted">
+			This deployment does not expose credential management endpoints.
+		</p>
+	{:else}
+		<GitCredentialEditorPanel
+			bind:credentialLabel
+			bind:credentialHost
+			bind:credentialPathPrefix
+			bind:credentialHeaderName
+			bind:credentialHeaderValue
+			creatingCredential={creatingCredential}
+			onSaveCredential={onSaveCredential}
+		/>
+
+		<GitCredentialListPanel
+			credentials={credentials}
+			credentialsLoading={credentialsLoading}
+			deletingCredentialId={deletingCredentialId}
+			onDeleteCredential={onDeleteCredential}
+		/>
+
+		<p class="mt-2 text-[11px] text-text-muted">
+			Secrets are never shown again after save. Stored values are encrypted at rest.
+		</p>
+	{/if}
+</section>
diff --git a/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte b/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
new file mode 100644
index 00000000..92d93611
--- /dev/null
+++ b/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
@@ -0,0 +1,60 @@
+<script lang="ts">
+const {
+	issuing,
+	issuedApiKey,
+	copyMessage,
+	onIssueApiKey,
+	onCopyApiKey,
+}: {
+	issuing: boolean;
+	issuedApiKey: string | null;
+	copyMessage: string | null;
+	onIssueApiKey: () => void;
+	onCopyApiKey: () => void;
+} = $props();
+</script>
+
+<section
+	id="settings-section-api-key"
+	class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl"
+>
+	<div class="flex flex-wrap items-center justify-between gap-3">
+		<div>
+			<h2 class="text-sm font-semibold text-text-primary">Personal API Key</h2>
+			<p class="mt-1 text-xs text-text-secondary">
+				Issue a new key for CLI and automation access. Existing active key moves to grace mode.
+			</p>
+		</div>
+		<button
+			type="button"
+			data-testid="issue-api-key-button"
+			onclick={onIssueApiKey}
+			disabled={issuing}
+			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
+		>
+			{issuing ? 'Issuing...' : issuedApiKey ? 'Regenerate key' : 'Issue key'}
+		</button>
+	</div>
+
+	{#if issuedApiKey}
+		<div class="mt-4 border border-border/80 bg-bg-primary p-3">
+			<p class="mb-2 text-xs text-text-muted">Shown once. Save this key now.</p>
+			<code data-testid="issued-api-key" class="block break-all font-mono text-xs text-text-primary">
+				{issuedApiKey}
+			</code>
+			<div class="mt-3 flex items-center gap-2">
+				<button
+					type="button"
+					data-testid="copy-api-key"
+					onclick={onCopyApiKey}
+					class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary"
+				>
+					Copy
+				</button>
+				{#if copyMessage}
+					<span class="text-xs text-text-muted">{copyMessage}</span>
+				{/if}
+			</div>
+		</div>
+	{/if}
+</section>
diff --git a/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte b/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
new file mode 100644
index 00000000..b0bddbd9
--- /dev/null
+++ b/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
@@ -0,0 +1,24 @@
+<script lang="ts">
+const {
+	onNavigateToLogin,
+}: {
+	onNavigateToLogin: () => void;
+} = $props();
+</script>
+
+<section
+	id="settings-section-profile"
+	data-testid="settings-require-auth"
+	class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-6 text-sm text-text-secondary xl:max-w-3xl"
+>
+	<p class="text-text-primary">Sign in is required to view personal settings.</p>
+	<div class="mt-4">
+		<button
+			type="button"
+			onclick={onNavigateToLogin}
+			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85"
+		>
+			Go to login
+		</button>
+	</div>
+</section>
diff --git a/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte b/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
new file mode 100644
index 00000000..e0834655
--- /dev/null
+++ b/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
@@ -0,0 +1,8 @@
+<header
+	id="settings-section-overview"
+	class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-3"
+>
+	<p class="text-[11px] uppercase tracking-[0.12em] text-text-muted">Account</p>
+	<h1 class="mt-1 text-3xl font-semibold tracking-tight text-text-primary">Settings</h1>
+	<p class="mt-1 text-sm text-text-secondary">Personal profile and API access controls.</p>
+</header>
diff --git a/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte b/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte
new file mode 100644
index 00000000..4fabf471
--- /dev/null
+++ b/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte
@@ -0,0 +1,40 @@
+<script lang="ts">
+import type { UserSettings } from '../../types';
+
+const {
+	settings,
+	formatDate,
+}: {
+	settings: UserSettings | null;
+	formatDate: (value: string | null | undefined) => string;
+} = $props();
+</script>
+
+<section
+	id="settings-section-profile"
+	class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl"
+>
+	<h2 class="text-sm font-semibold text-text-primary">Profile</h2>
+	{#if settings}
+		<dl class="mt-3 grid gap-2 text-xs text-text-secondary sm:grid-cols-[10rem_1fr]">
+			<dt>User ID</dt>
+			<dd class="font-mono text-text-primary">{settings.user_id}</dd>
+			<dt>Nickname</dt>
+			<dd class="text-text-primary">{settings.nickname}</dd>
+			<dt>Email</dt>
+			<dd class="text-text-primary">{settings.email ?? 'not linked'}</dd>
+			<dt>Joined</dt>
+			<dd class="text-text-primary">{formatDate(settings.created_at)}</dd>
+			<dt>Linked OAuth</dt>
+			<dd class="text-text-primary">
+				{#if settings.oauth_providers.length === 0}
+					none
+				{:else}
+					{settings.oauth_providers.map((provider) => provider.display_name).join(', ')}
+				{/if}
+			</dd>
+		</dl>
+	{:else}
+		<p class="mt-2 text-xs text-text-muted">No profile data available.</p>
+	{/if}
+</section>

From 0d9210e5dfde689175c596d1272c4f94c467210e Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 14:09:52 +0900
Subject: [PATCH 20/30] refactor(rust): align runtime boundaries with 2026
 practices

---
 Cargo.lock                                    |  145 ++-
 Cargo.toml                                    |   10 +
 crates/api-client/Cargo.toml                  |    5 +-
 crates/api-client/src/client.rs               |  229 +++-
 crates/api-client/src/lib.rs                  |    2 +-
 crates/api-client/src/retry.rs                |    5 +-
 crates/cli/Cargo.toml                         |    3 +
 crates/cli/src/config.rs                      |   27 +-
 crates/cli/src/discover.rs                    |    2 +-
 crates/cli/src/handoff.rs                     |    2 +-
 crates/cli/src/index.rs                       |    2 +-
 crates/cli/src/review.rs                      |    3 +-
 crates/cli/src/runtime_settings.rs            |   12 +-
 crates/cli/src/setup_cmd/branch_sync.rs       |   19 +-
 crates/cli/src/setup_cmd/shims.rs             |    8 +-
 crates/cli/src/setup_cmd/status.rs            |    8 +-
 crates/cli/src/stream_push.rs                 |   26 +-
 crates/cli/src/summary_cmd.rs                 |    6 +-
 crates/daemon/Cargo.toml                      |    3 +
 crates/daemon/src/config.rs                   |   32 +-
 crates/daemon/src/scheduler/pipeline.rs       |    3 +-
 crates/daemon/src/watcher.rs                  |    4 +-
 crates/local-db/Cargo.toml                    |    1 +
 crates/local-db/src/connection.rs             |   70 +-
 crates/local-store/Cargo.toml                 |    1 +
 crates/local-store/src/lib.rs                 |   19 +-
 crates/parser-discovery/Cargo.toml            |   20 +
 .../src/lib.rs}                               |  285 +++--
 crates/parsers/Cargo.toml                     |    3 +
 crates/parsers/src/claude_code/mod.rs         |    7 +-
 crates/parsers/src/claude_code/parse.rs       | 1116 +----------------
 crates/parsers/src/claude_code/parse/tests.rs |  487 +++++++
 crates/parsers/src/claude_code/raw.rs         |  203 +++
 crates/parsers/src/claude_code/subagent.rs    |  402 ++++++
 crates/parsers/src/claude_code/transform.rs   |   10 +-
 crates/parsers/src/cursor/mod.rs              |    2 +
 crates/parsers/src/cursor/parse.rs            |  170 +--
 crates/parsers/src/cursor/time.rs             |   18 +
 crates/parsers/src/cursor/types.rs            |  134 ++
 crates/parsers/src/gemini.rs                  |  357 +-----
 crates/parsers/src/gemini/tests.rs            |  356 ++++++
 crates/parsers/src/lib.rs                     |    1 -
 crates/parsers/src/opencode.rs                |  485 +------
 crates/parsers/src/opencode/tests.rs          |  473 +++++++
 crates/parsers/tests/real_data.rs             |    6 +-
 crates/paths/Cargo.toml                       |   21 +
 crates/paths/src/lib.rs                       |  161 +++
 crates/server/src/routes/admin.rs             |   20 +-
 crates/server/src/routes/auth.rs              |  320 ++---
 crates/server/src/routes/ingest/auth.rs       |   47 +-
 crates/server/src/routes/ingest/fetch.rs      |   15 +-
 crates/server/src/routes/ingest/mod.rs        |    5 +-
 crates/server/src/routes/oauth.rs             |  218 ++--
 crates/server/src/routes/sessions.rs          |   79 +-
 crates/server/src/storage.rs                  | 1003 ++++++++++++++-
 crates/summary-runtime/Cargo.toml             |   25 +
 crates/summary-runtime/src/lib.rs             |   74 ++
 crates/summary-runtime/src/provider.rs        |  376 ++++++
 crates/summary/Cargo.toml                     |    1 -
 crates/summary/src/lib.rs                     |  169 +--
 crates/summary/src/provider.rs                |  349 +-----
 desktop/src-tauri/Cargo.toml                  |    3 +
 desktop/src-tauri/src/app/change_reader.rs    |    2 +-
 desktop/src-tauri/src/app/runtime_settings.rs |    2 +-
 desktop/src-tauri/src/app/session_access.rs   |    3 +-
 desktop/src-tauri/src/app/session_summary.rs  |    3 +-
 desktop/src-tauri/src/app/vector.rs           |   25 +-
 desktop/src-tauri/src/main.rs                 |   22 +-
 68 files changed, 4832 insertions(+), 3293 deletions(-)
 create mode 100644 crates/parser-discovery/Cargo.toml
 rename crates/{parsers/src/discover.rs => parser-discovery/src/lib.rs} (56%)
 create mode 100644 crates/parsers/src/claude_code/parse/tests.rs
 create mode 100644 crates/parsers/src/claude_code/raw.rs
 create mode 100644 crates/parsers/src/claude_code/subagent.rs
 create mode 100644 crates/parsers/src/cursor/time.rs
 create mode 100644 crates/parsers/src/cursor/types.rs
 create mode 100644 crates/parsers/src/gemini/tests.rs
 create mode 100644 crates/parsers/src/opencode/tests.rs
 create mode 100644 crates/paths/Cargo.toml
 create mode 100644 crates/paths/src/lib.rs
 create mode 100644 crates/summary-runtime/Cargo.toml
 create mode 100644 crates/summary-runtime/src/lib.rs
 create mode 100644 crates/summary-runtime/src/provider.rs

diff --git a/Cargo.lock b/Cargo.lock
index 1110934d..db5937df 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -509,13 +509,34 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "directories"
+version = "5.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a49173b84e034382284f27f1af4dcbbd231ffa358c0fe316541a7337f376a35"
+dependencies = [
+ "dirs-sys 0.4.1",
+]
+
 [[package]]
 name = "dirs"
 version = "6.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e"
 dependencies = [
- "dirs-sys",
+ "dirs-sys 0.5.0",
+]
+
+[[package]]
+name = "dirs-sys"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c"
+dependencies = [
+ "libc",
+ "option-ext",
+ "redox_users 0.4.6",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]
@@ -526,7 +547,7 @@ checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab"
 dependencies = [
  "libc",
  "option-ext",
- "redox_users",
+ "redox_users 0.5.2",
  "windows-sys 0.61.2",
 ]
 
@@ -2172,9 +2193,12 @@ dependencies = [
  "opensession-git-native",
  "opensession-local-db",
  "opensession-local-store",
+ "opensession-parser-discovery",
  "opensession-parsers",
+ "opensession-paths",
  "opensession-runtime-config",
  "opensession-summary",
+ "opensession-summary-runtime",
  "regex",
  "reqwest",
  "serde",
@@ -2212,11 +2236,11 @@ dependencies = [
 name = "opensession-api-client"
 version = "0.2.34"
 dependencies = [
- "anyhow",
  "opensession-api",
  "reqwest",
  "serde",
  "serde_json",
+ "thiserror 2.0.18",
  "tokio",
  "tracing",
 ]
@@ -2248,9 +2272,12 @@ dependencies = [
  "opensession-core",
  "opensession-git-native",
  "opensession-local-db",
+ "opensession-parser-discovery",
  "opensession-parsers",
+ "opensession-paths",
  "opensession-runtime-config",
  "opensession-summary",
+ "opensession-summary-runtime",
  "regex",
  "reqwest",
  "serde",
@@ -2305,6 +2332,7 @@ dependencies = [
  "chrono",
  "opensession-api",
  "opensession-core",
+ "opensession-paths",
  "rusqlite",
  "serde",
  "serde_json",
@@ -2317,11 +2345,22 @@ name = "opensession-local-store"
 version = "0.2.34"
 dependencies = [
  "opensession-core",
+ "opensession-paths",
  "sha2",
  "tempfile",
  "thiserror 2.0.18",
 ]
 
+[[package]]
+name = "opensession-parser-discovery"
+version = "0.2.34"
+dependencies = [
+ "glob",
+ "opensession-paths",
+ "rusqlite",
+ "shellexpand",
+]
+
 [[package]]
 name = "opensession-parsers"
 version = "0.2.34"
@@ -2330,6 +2369,7 @@ dependencies = [
  "chrono",
  "glob",
  "opensession-core",
+ "opensession-parser-discovery",
  "regex",
  "rusqlite",
  "serde",
@@ -2341,6 +2381,15 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "opensession-paths"
+version = "0.2.34"
+dependencies = [
+ "directories",
+ "opensession-runtime-config",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "opensession-runtime-config"
 version = "0.2.34"
@@ -2381,13 +2430,24 @@ dependencies = [
  "hex",
  "opensession-core",
  "opensession-runtime-config",
- "reqwest",
  "serde",
  "serde_json",
  "sha2",
  "tokio",
 ]
 
+[[package]]
+name = "opensession-summary-runtime"
+version = "0.2.34"
+dependencies = [
+ "opensession-core",
+ "opensession-runtime-config",
+ "opensession-summary",
+ "reqwest",
+ "serde",
+ "tokio",
+]
+
 [[package]]
 name = "option-ext"
 version = "0.2.0"
@@ -2662,6 +2722,17 @@ dependencies = [
  "bitflags 2.10.0",
 ]
 
+[[package]]
+name = "redox_users"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43"
+dependencies = [
+ "getrandom 0.2.17",
+ "libredox",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "redox_users"
 version = "0.5.2"
@@ -3790,6 +3861,15 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.5",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
@@ -3826,6 +3906,21 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "windows-targets"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.5",
+ "windows_aarch64_msvc 0.48.5",
+ "windows_i686_gnu 0.48.5",
+ "windows_i686_msvc 0.48.5",
+ "windows_x86_64_gnu 0.48.5",
+ "windows_x86_64_gnullvm 0.48.5",
+ "windows_x86_64_msvc 0.48.5",
+]
+
 [[package]]
 name = "windows-targets"
 version = "0.52.6"
@@ -3859,6 +3954,12 @@ dependencies = [
  "windows_x86_64_msvc 0.53.1",
 ]
 
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
+
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.52.6"
@@ -3871,6 +3972,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a9d8416fa8b42f5c947f8482c43e7d89e73a173cead56d044f6a56104a6d1b53"
 
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
+
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.52.6"
@@ -3883,6 +3990,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b9d782e804c2f632e395708e99a94275910eb9100b2114651e04744e9b125006"
 
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
+
 [[package]]
 name = "windows_i686_gnu"
 version = "0.52.6"
@@ -3907,6 +4020,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fa7359d10048f68ab8b09fa71c3daccfb0e9b559aed648a8f95469c27057180c"
 
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
+
 [[package]]
 name = "windows_i686_msvc"
 version = "0.52.6"
@@ -3919,6 +4038,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1e7ac75179f18232fe9c285163565a57ef8d3c89254a30685b57d83a38d326c2"
 
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
+
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.52.6"
@@ -3931,6 +4056,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9c3842cdd74a865a8066ab39c8a7a473c0778a3f29370b5fd6b4b9aa7df4a499"
 
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
+
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.52.6"
@@ -3943,6 +4074,12 @@ version = "0.53.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ffa179e2d07eee8ad8f57493436566c7cc30ac536a3379fdf008f47f6bb7ae1"
 
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
+
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.52.6"
diff --git a/Cargo.toml b/Cargo.toml
index 2273ed94..0f266d9c 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -2,10 +2,13 @@
 resolver = "3"
 members = [
     "crates/core",
+    "crates/paths",
     "crates/local-store",
     "crates/runtime-config",
     "crates/summary",
+    "crates/summary-runtime",
     "crates/parsers",
+    "crates/parser-discovery",
     "crates/api",
     "crates/api-client",
     "crates/local-db",
@@ -17,10 +20,13 @@ members = [
 ]
 default-members = [
     "crates/core",
+    "crates/paths",
     "crates/local-store",
     "crates/runtime-config",
     "crates/summary",
+    "crates/summary-runtime",
     "crates/parsers",
+    "crates/parser-discovery",
     "crates/api",
     "crates/api-client",
     "crates/local-db",
@@ -56,10 +62,13 @@ authors = ["opensession.io contributors"]
 
 [workspace.dependencies]
 opensession-core = { version = "0.2.34", path = "crates/core" }
+opensession-paths = { version = "0.2.34", path = "crates/paths" }
 opensession-local-store = { version = "0.2.34", path = "crates/local-store" }
 opensession-runtime-config = { version = "0.2.34", path = "crates/runtime-config" }
 opensession-summary = { version = "0.2.34", path = "crates/summary" }
+opensession-summary-runtime = { version = "0.2.34", path = "crates/summary-runtime" }
 opensession-parsers = { version = "0.2.34", path = "crates/parsers" }
+opensession-parser-discovery = { version = "0.2.34", path = "crates/parser-discovery" }
 opensession-api = { version = "0.2.34", path = "crates/api", default-features = false }
 opensession-api-client = { version = "0.2.34", path = "crates/api-client" }
 opensession-local-db = { version = "0.2.34", path = "crates/local-db" }
@@ -92,6 +101,7 @@ urlencoding = "2"
 tempfile = "3"
 gix = "0.79"
 sea-query = { version = "0.32", features = ["backend-sqlite", "derive"] }
+directories = "5"
 
 [profile.dev.package."*"]
 opt-level = 1
diff --git a/crates/api-client/Cargo.toml b/crates/api-client/Cargo.toml
index 9caf0ace..3fc2c229 100644
--- a/crates/api-client/Cargo.toml
+++ b/crates/api-client/Cargo.toml
@@ -21,4 +21,7 @@ serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true, features = ["time"] }
 tracing = { workspace = true }
-anyhow = { workspace = true }
+thiserror = { workspace = true }
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["io-util", "macros", "net", "rt-multi-thread"] }
diff --git a/crates/api-client/src/client.rs b/crates/api-client/src/client.rs
index 21649eae..45dd6ea3 100644
--- a/crates/api-client/src/client.rs
+++ b/crates/api-client/src/client.rs
@@ -1,10 +1,27 @@
 use std::time::Duration;
 
-use anyhow::{Result, bail};
 use serde::Serialize;
+use thiserror::Error;
 
 use opensession_api::*;
 
+pub type Result<T> = std::result::Result<T, ApiClientError>;
+
+#[derive(Debug, Error)]
+pub enum ApiClientError {
+    #[error("auth token not set")]
+    AuthTokenMissing,
+    #[error("transport error: {0}")]
+    Transport(reqwest::Error),
+    #[error("unexpected API status {status}: {body}")]
+    UnexpectedStatus {
+        status: reqwest::StatusCode,
+        body: String,
+    },
+    #[error("response decode error: {0}")]
+    Decode(reqwest::Error),
+}
+
 /// Typed HTTP client for the OpenSession API.
 ///
 /// Provides high-level methods for each API endpoint (using the stored auth
@@ -19,7 +36,10 @@ pub struct ApiClient {
 impl ApiClient {
     /// Create a new client with the given base URL and timeout.
     pub fn new(base_url: &str, timeout: Duration) -> Result<Self> {
-        let client = reqwest::Client::builder().timeout(timeout).build()?;
+        let client = reqwest::Client::builder()
+            .timeout(timeout)
+            .build()
+            .map_err(ApiClientError::Transport)?;
         Ok(Self {
             client,
             base_url: base_url.trim_end_matches('/').to_string(),
@@ -62,16 +82,21 @@ impl ApiClient {
         format!("{}/api{}", self.base_url, path)
     }
 
-    fn token_or_bail(&self) -> Result<&str> {
+    fn token_or_err(&self) -> Result<&str> {
         self.auth_token
             .as_deref()
-            .ok_or_else(|| anyhow::anyhow!("auth token not set"))
+            .ok_or(ApiClientError::AuthTokenMissing)
     }
 
     // ── Health ────────────────────────────────────────────────────────────
 
     pub async fn health(&self) -> Result<HealthResponse> {
-        let resp = self.client.get(self.url("/health")).send().await?;
+        let resp = self
+            .client
+            .get(self.url("/health"))
+            .send()
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
@@ -83,7 +108,8 @@ impl ApiClient {
             .post(self.url("/auth/login"))
             .json(req)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
@@ -93,29 +119,32 @@ impl ApiClient {
             .post(self.url("/auth/register"))
             .json(req)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn verify(&self) -> Result<VerifyResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .post(self.url("/auth/verify"))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn me(&self) -> Result<UserSettingsResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .get(self.url("/auth/me"))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
@@ -125,52 +154,68 @@ impl ApiClient {
             .post(self.url("/auth/refresh"))
             .json(req)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn logout(&self, req: &LogoutRequest) -> Result<OkResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .post(self.url("/auth/logout"))
             .bearer_auth(token)
             .json(req)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn change_password(&self, req: &ChangePasswordRequest) -> Result<OkResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .post(self.url("/auth/change-password"))
             .bearer_auth(token)
             .json(req)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn issue_api_key(&self) -> Result<IssueApiKeyResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .post(self.url("/auth/api-keys/issue"))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     // ── Sessions ──────────────────────────────────────────────────────────
 
+    pub async fn upload_session(&self, req: &UploadRequest) -> Result<UploadResponse> {
+        let token = self.token_or_err()?;
+        let resp = self
+            .client
+            .post(self.url("/sessions"))
+            .bearer_auth(token)
+            .json(req)
+            .send()
+            .await
+            .map_err(ApiClientError::Transport)?;
+        parse_response(resp).await
+    }
+
     pub async fn list_sessions(&self, query: &SessionListQuery) -> Result<SessionListResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let mut url = self.url("/sessions");
 
-        // Build query string from the struct fields
         let mut params = Vec::new();
         params.push(format!("page={}", query.page));
         params.push(format!("per_page={}", query.per_page));
@@ -190,40 +235,49 @@ impl ApiClient {
             url = format!("{}?{}", url, params.join("&"));
         }
 
-        let resp = self.client.get(&url).bearer_auth(token).send().await?;
+        let resp = self
+            .client
+            .get(&url)
+            .bearer_auth(token)
+            .send()
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn get_session(&self, id: &str) -> Result<SessionDetail> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .get(self.url(&format!("/sessions/{id}")))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn delete_session(&self, id: &str) -> Result<OkResponse> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .delete(self.url(&format!("/sessions/{id}")))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
     pub async fn get_session_raw(&self, id: &str) -> Result<serde_json::Value> {
-        let token = self.token_or_bail()?;
+        let token = self.token_or_err()?;
         let resp = self
             .client
             .get(self.url(&format!("/sessions/{id}/raw")))
             .bearer_auth(token)
             .send()
-            .await?;
+            .await
+            .map_err(ApiClientError::Transport)?;
         parse_response(resp).await
     }
 
@@ -231,22 +285,22 @@ impl ApiClient {
 
     /// Authenticated GET returning the raw response.
     pub async fn get_with_auth(&self, path: &str, token: &str) -> Result<reqwest::Response> {
-        Ok(self
-            .client
+        self.client
             .get(self.url(path))
             .bearer_auth(token)
             .send()
-            .await?)
+            .await
+            .map_err(ApiClientError::Transport)
     }
 
     /// Authenticated POST (no body) returning the raw response.
     pub async fn post_with_auth(&self, path: &str, token: &str) -> Result<reqwest::Response> {
-        Ok(self
-            .client
+        self.client
             .post(self.url(path))
             .bearer_auth(token)
             .send()
-            .await?)
+            .await
+            .map_err(ApiClientError::Transport)
     }
 
     /// Authenticated POST with JSON body returning the raw response.
@@ -256,13 +310,13 @@ impl ApiClient {
         token: &str,
         body: &T,
     ) -> Result<reqwest::Response> {
-        Ok(self
-            .client
+        self.client
             .post(self.url(path))
             .bearer_auth(token)
             .json(body)
             .send()
-            .await?)
+            .await
+            .map_err(ApiClientError::Transport)
     }
 
     /// Authenticated PUT with JSON body returning the raw response.
@@ -272,23 +326,23 @@ impl ApiClient {
         token: &str,
         body: &T,
     ) -> Result<reqwest::Response> {
-        Ok(self
-            .client
+        self.client
             .put(self.url(path))
             .bearer_auth(token)
             .json(body)
             .send()
-            .await?)
+            .await
+            .map_err(ApiClientError::Transport)
     }
 
     /// Authenticated DELETE returning the raw response.
     pub async fn delete_with_auth(&self, path: &str, token: &str) -> Result<reqwest::Response> {
-        Ok(self
-            .client
+        self.client
             .delete(self.url(path))
             .bearer_auth(token)
             .send()
-            .await?)
+            .await
+            .map_err(ApiClientError::Transport)
     }
 
     /// Unauthenticated POST with JSON body returning the raw response.
@@ -297,25 +351,52 @@ impl ApiClient {
         path: &str,
         body: &T,
     ) -> Result<reqwest::Response> {
-        Ok(self.client.post(self.url(path)).json(body).send().await?)
+        self.client
+            .post(self.url(path))
+            .json(body)
+            .send()
+            .await
+            .map_err(ApiClientError::Transport)
     }
 }
 
-/// Parse an HTTP response: return the deserialized body on 2xx,
-/// or an error containing the status and body text.
 async fn parse_response<T: serde::de::DeserializeOwned>(resp: reqwest::Response) -> Result<T> {
     let status = resp.status();
     if !status.is_success() {
-        let body = resp.text().await.unwrap_or_default();
-        bail!("{status}: {body}");
+        let body = match resp.text().await {
+            Ok(body) => body,
+            Err(err) => format!("<failed to read response body: {err}>"),
+        };
+        return Err(ApiClientError::UnexpectedStatus { status, body });
     }
-    Ok(resp.json().await?)
+    resp.json().await.map_err(ApiClientError::Decode)
 }
 
 #[cfg(test)]
 mod tests {
-    use super::ApiClient;
+    use super::{ApiClient, ApiClientError};
     use std::time::Duration;
+    use tokio::io::{AsyncReadExt, AsyncWriteExt};
+    use tokio::net::TcpListener;
+
+    async fn serve_once(response: &'static str) -> String {
+        let listener = TcpListener::bind("127.0.0.1:0")
+            .await
+            .expect("bind test listener");
+        let addr = listener.local_addr().expect("listener address");
+
+        tokio::spawn(async move {
+            let (mut stream, _) = listener.accept().await.expect("accept request");
+            let mut buf = [0u8; 1024];
+            let _ = stream.read(&mut buf).await;
+            stream
+                .write_all(response.as_bytes())
+                .await
+                .expect("write response");
+        });
+
+        format!("http://{addr}")
+    }
 
     #[test]
     fn set_auth_trims_surrounding_whitespace() {
@@ -337,4 +418,54 @@ mod tests {
         client.set_auth("   ".to_string());
         assert_eq!(client.auth_token(), None);
     }
+
+    #[tokio::test]
+    async fn verify_without_auth_token_returns_typed_error() {
+        let client = ApiClient::new("https://example.com", Duration::from_secs(1))
+            .expect("client should construct");
+
+        let error = client.verify().await.expect_err("verify should fail");
+        assert!(matches!(error, ApiClientError::AuthTokenMissing));
+    }
+
+    #[tokio::test]
+    async fn parse_response_surfaces_unexpected_status_with_body() {
+        let base_url = serve_once(
+            "HTTP/1.1 401 Unauthorized\r\nContent-Length: 12\r\nContent-Type: text/plain\r\nConnection: close\r\n\r\nmissing auth",
+        )
+        .await;
+        let client =
+            ApiClient::new(&base_url, Duration::from_secs(1)).expect("client should construct");
+
+        let error = client.health().await.expect_err("health should fail");
+        match error {
+            ApiClientError::UnexpectedStatus { status, body } => {
+                assert_eq!(status, reqwest::StatusCode::UNAUTHORIZED);
+                assert_eq!(body, "missing auth");
+            }
+            other => panic!("unexpected error variant: {other:?}"),
+        }
+    }
+
+    #[tokio::test]
+    async fn parse_response_surfaces_decode_errors() {
+        let base_url = serve_once(
+            "HTTP/1.1 200 OK\r\nContent-Length: 8\r\nContent-Type: application/json\r\nConnection: close\r\n\r\nnot-json",
+        )
+        .await;
+        let client =
+            ApiClient::new(&base_url, Duration::from_secs(1)).expect("client should construct");
+
+        let error = client.health().await.expect_err("health should fail");
+        assert!(matches!(error, ApiClientError::Decode(_)));
+    }
+
+    #[tokio::test]
+    async fn invalid_base_url_surfaces_transport_error() {
+        let client =
+            ApiClient::new("not-a-url", Duration::from_secs(1)).expect("client should construct");
+
+        let error = client.health().await.expect_err("health should fail");
+        assert!(matches!(error, ApiClientError::Transport(_)));
+    }
 }
diff --git a/crates/api-client/src/lib.rs b/crates/api-client/src/lib.rs
index b25fd938..3a13de5a 100644
--- a/crates/api-client/src/lib.rs
+++ b/crates/api-client/src/lib.rs
@@ -1,6 +1,6 @@
 pub mod client;
 pub mod retry;
 
-pub use client::ApiClient;
+pub use client::{ApiClient, ApiClientError};
 pub use opensession_api;
 pub use retry::RetryConfig;
diff --git a/crates/api-client/src/retry.rs b/crates/api-client/src/retry.rs
index d57be394..d358139d 100644
--- a/crates/api-client/src/retry.rs
+++ b/crates/api-client/src/retry.rs
@@ -1,8 +1,9 @@
 use std::time::Duration;
 
-use anyhow::{Context, Result};
 use tracing::warn;
 
+use crate::client::{ApiClientError, Result};
+
 /// Configuration for retry behaviour on upload-style POST requests.
 pub struct RetryConfig {
     pub max_retries: usize,
@@ -65,7 +66,7 @@ pub async fn retry_post(
                     );
                     tokio::time::sleep(Duration::from_secs(config.delays[attempt])).await;
                 } else {
-                    return Err(e).context("Failed to connect after retries");
+                    return Err(ApiClientError::Transport(e));
                 }
             }
         }
diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml
index 5f1f8e35..201b07c5 100644
--- a/crates/cli/Cargo.toml
+++ b/crates/cli/Cargo.toml
@@ -27,10 +27,13 @@ workspace = true
 
 [dependencies]
 opensession-core = { workspace = true }
+opensession-paths = { workspace = true }
 opensession-local-store = { workspace = true }
 opensession-runtime-config = { workspace = true }
 opensession-summary = { workspace = true }
+opensession-summary-runtime = { workspace = true }
 opensession-parsers = { workspace = true }
+opensession-parser-discovery = { workspace = true }
 opensession-api = { workspace = true, default-features = false }
 opensession-api-client = { workspace = true }
 opensession-local-db = { workspace = true }
diff --git a/crates/cli/src/config.rs b/crates/cli/src/config.rs
index 0d411cb9..ea6ca5eb 100644
--- a/crates/cli/src/config.rs
+++ b/crates/cli/src/config.rs
@@ -1,5 +1,5 @@
 use anyhow::{Context, Result};
-use opensession_runtime_config::{DaemonConfig, CONFIG_FILE_NAME};
+use opensession_runtime_config::DaemonConfig;
 use serde::{Deserialize, Serialize};
 use std::path::{Path, PathBuf};
 
@@ -60,15 +60,12 @@ impl Default for DaemonRefConfig {
 
 /// Get the config directory path (~/.config/opensession/)
 pub fn config_dir() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home).join(".config").join("opensession"))
+    opensession_paths::config_dir().context("Could not determine home directory")
 }
 
 /// Canonical config file path.
 pub fn config_path() -> Result<PathBuf> {
-    Ok(config_dir()?.join(CONFIG_FILE_NAME))
+    opensession_paths::runtime_config_path().context("Could not determine config file path")
 }
 
 fn read_config_doc(path: &Path) -> Result<toml::Value> {
@@ -255,7 +252,7 @@ pub fn set_daemon_watch_paths(repos: Vec<String>) -> Result<()> {
 
 #[cfg(test)]
 mod tests {
-    use super::load_runtime_config_from_doc;
+    use super::{config_dir, config_path, load_runtime_config_from_doc};
 
     #[test]
     fn runtime_config_loads_server_table() {
@@ -272,4 +269,20 @@ api_key = "k"
         assert_eq!(cfg.server.url, "https://opensession.io");
         assert_eq!(cfg.server.api_key, "k");
     }
+
+    #[test]
+    fn cli_config_dir_uses_centralized_path() {
+        assert_eq!(
+            config_dir().expect("config dir"),
+            opensession_paths::config_dir().expect("central config dir")
+        );
+    }
+
+    #[test]
+    fn cli_config_path_uses_centralized_runtime_path() {
+        assert_eq!(
+            config_path().expect("config path"),
+            opensession_paths::runtime_config_path().expect("central runtime config path")
+        );
+    }
 }
diff --git a/crates/cli/src/discover.rs b/crates/cli/src/discover.rs
index e26ee1e9..2345fdf5 100644
--- a/crates/cli/src/discover.rs
+++ b/crates/cli/src/discover.rs
@@ -1,5 +1,5 @@
 use anyhow::Result;
-use opensession_parsers::discover::discover_sessions;
+use opensession_parser_discovery::discover_sessions;
 
 /// List all locally discovered AI sessions
 pub fn run_discover() -> Result<()> {
diff --git a/crates/cli/src/handoff.rs b/crates/cli/src/handoff.rs
index 5db62809..d83ff65c 100644
--- a/crates/cli/src/handoff.rs
+++ b/crates/cli/src/handoff.rs
@@ -18,7 +18,7 @@ use opensession_git_native::{
     store_handoff_artifact,
 };
 use opensession_parsers::ParserRegistry;
-use opensession_parsers::discover::discover_sessions;
+use opensession_parser_discovery::discover_sessions;
 use std::io::{IsTerminal, Write};
 use std::time::UNIX_EPOCH;
 
diff --git a/crates/cli/src/index.rs b/crates/cli/src/index.rs
index 8e7ac071..c6f83d5f 100644
--- a/crates/cli/src/index.rs
+++ b/crates/cli/src/index.rs
@@ -2,7 +2,7 @@ use anyhow::Result;
 use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_git_native::extract_git_context;
 use opensession_local_db::LocalDb;
-use opensession_parsers::discover::discover_sessions;
+use opensession_parser_discovery::discover_sessions;
 use opensession_parsers::ParserRegistry;
 use std::path::Path;
 
diff --git a/crates/cli/src/review.rs b/crates/cli/src/review.rs
index 4e27df25..9dac8e08 100644
--- a/crates/cli/src/review.rs
+++ b/crates/cli/src/review.rs
@@ -8,7 +8,8 @@ use opensession_api::{
 };
 use opensession_core::{ContentBlock, EventType, Session};
 use opensession_runtime_config::SummarySettings;
-use opensession_summary::{SemanticSummaryArtifact, summarize_git_commit};
+use opensession_summary::SemanticSummaryArtifact;
+use opensession_summary_runtime::summarize_git_commit;
 use reqwest::Url;
 use serde::Deserialize;
 use std::collections::{BTreeSet, HashMap, HashSet, VecDeque};
diff --git a/crates/cli/src/runtime_settings.rs b/crates/cli/src/runtime_settings.rs
index 040f33ad..311262d8 100644
--- a/crates/cli/src/runtime_settings.rs
+++ b/crates/cli/src/runtime_settings.rs
@@ -1,16 +1,10 @@
 use anyhow::{Context, Result};
 use opensession_runtime_config::DaemonConfig;
-use opensession_summary::provider::LocalSummaryProfile;
+use opensession_summary_runtime::LocalSummaryProfile;
 use std::path::PathBuf;
 
 pub fn runtime_config_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
-        .join(opensession_runtime_config::CONFIG_FILE_NAME))
+    opensession_paths::runtime_config_path().context("Could not determine home directory")
 }
 
 pub fn load_runtime_config() -> Result<DaemonConfig> {
@@ -37,7 +31,7 @@ pub fn save_runtime_config(config: &DaemonConfig) -> Result<PathBuf> {
 }
 
 pub fn detect_local_summary_profile() -> Option<LocalSummaryProfile> {
-    opensession_summary::detect_summary_provider()
+    opensession_summary_runtime::detect_local_summary_profile()
 }
 
 pub fn apply_summary_profile(config: &mut DaemonConfig, profile: &LocalSummaryProfile) {
diff --git a/crates/cli/src/setup_cmd/branch_sync.rs b/crates/cli/src/setup_cmd/branch_sync.rs
index da75b0c7..0aceffa2 100644
--- a/crates/cli/src/setup_cmd/branch_sync.rs
+++ b/crates/cli/src/setup_cmd/branch_sync.rs
@@ -4,8 +4,9 @@ use opensession_core::Session;
 use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
 use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
 use opensession_git_native::{NativeGitStorage, extract_git_context};
-use opensession_parsers::{ParserRegistry, discover::discover_sessions};
-use opensession_runtime_config::{CONFIG_FILE_NAME, DaemonConfig};
+use opensession_parser_discovery::discover_sessions;
+use opensession_parsers::ParserRegistry;
+use opensession_runtime_config::DaemonConfig;
 use std::cmp::Reverse;
 use std::collections::HashSet;
 use std::path::{Path, PathBuf};
@@ -209,17 +210,11 @@ fn session_commit_links(
 }
 
 fn load_daemon_config() -> DaemonConfig {
-    let home = match std::env::var("HOME").or_else(|_| std::env::var("USERPROFILE")) {
-        Ok(home) => home,
-        Err(_) => return DaemonConfig::default(),
+    let Ok(path) = opensession_paths::runtime_config_path() else {
+        return DaemonConfig::default();
     };
-    let path = PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
-        .join(CONFIG_FILE_NAME);
-    let content = match std::fs::read_to_string(path) {
-        Ok(content) => content,
-        Err(_) => return DaemonConfig::default(),
+    let Ok(content) = std::fs::read_to_string(path) else {
+        return DaemonConfig::default();
     };
     toml::from_str(&content).unwrap_or_default()
 }
diff --git a/crates/cli/src/setup_cmd/shims.rs b/crates/cli/src/setup_cmd/shims.rs
index fda791ce..a55e9229 100644
--- a/crates/cli/src/setup_cmd/shims.rs
+++ b/crates/cli/src/setup_cmd/shims.rs
@@ -51,12 +51,8 @@ pub(super) fn shim_action_label(action: ShimInstallAction) -> &'static str {
 }
 
 pub(super) fn shim_path(name: &str) -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .context("HOME environment variable is not set; cannot resolve shim path")?;
-    Ok(PathBuf::from(home)
-        .join(".local")
-        .join("share")
-        .join("opensession")
+    Ok(opensession_paths::data_dir()
+        .context("Could not determine shim base directory")?
         .join("bin")
         .join(name))
 }
diff --git a/crates/cli/src/setup_cmd/status.rs b/crates/cli/src/setup_cmd/status.rs
index 12f94e09..cd4a597c 100644
--- a/crates/cli/src/setup_cmd/status.rs
+++ b/crates/cli/src/setup_cmd/status.rs
@@ -263,12 +263,8 @@ pub(super) fn daemon_status_summary(
 }
 
 fn daemon_pid_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("HOME/USERPROFILE is not set; cannot resolve daemon pid path")?;
-    Ok(PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
+    Ok(opensession_paths::config_dir()
+        .context("Could not determine daemon pid path")?
         .join("daemon.pid"))
 }
 
diff --git a/crates/cli/src/stream_push.rs b/crates/cli/src/stream_push.rs
index a98b8e18..f54121eb 100644
--- a/crates/cli/src/stream_push.rs
+++ b/crates/cli/src/stream_push.rs
@@ -4,7 +4,7 @@
 //! (< 2s). Parses the full session file and upserts it into the local DB.
 //! The daemon handles uploading to the server via debounced file watching.
 
-use anyhow::{bail, Context, Result};
+use anyhow::{Context, Result, bail};
 use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_git_native::extract_git_context;
 use opensession_local_db::LocalDb;
@@ -24,12 +24,8 @@ struct StreamState {
 }
 
 fn state_dir() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
+    Ok(opensession_paths::config_dir()
+        .context("Could not determine home directory")?
         .join("stream-state"))
 }
 
@@ -74,16 +70,14 @@ fn resolve_session_file(agent: &str) -> Result<PathBuf> {
 /// Claude Code stores sessions under `~/.claude/projects/<project-dir>/`.
 /// The project directory name is the CWD with `/` replaced by `-`.
 fn resolve_claude_code_session() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
+    let home = opensession_paths::home_dir().context("Could not determine home directory")?;
 
     let cwd = std::env::current_dir().context("Could not determine current directory")?;
     let cwd_str = cwd.to_string_lossy();
 
     // Claude Code project dir: CWD with '/' replaced by '-'
     let project_dir_name = cwd_str.replace('/', "-");
-    let projects_dir = PathBuf::from(&home).join(".claude").join("projects");
+    let projects_dir = home.join(".claude").join("projects");
     let project_dir = projects_dir.join(&project_dir_name);
 
     if !project_dir.is_dir() {
@@ -148,7 +142,9 @@ pub fn run_stream_push(agent: &str) -> Result<()> {
     }
 
     // Extract git context from session's working directory
-    let git = working_directory(&session).map(extract_git_context).unwrap_or_default();
+    let git = working_directory(&session)
+        .map(extract_git_context)
+        .unwrap_or_default();
     let local_git = opensession_local_db::git::GitContext {
         remote: git.remote.clone(),
         branch: git.branch.clone(),
@@ -178,10 +174,8 @@ pub fn enable_stream_write(agent: &str) -> Result<()> {
 }
 
 fn claude_settings_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home).join(".claude").join("settings.json"))
+    let home = opensession_paths::home_dir().context("Could not determine home directory")?;
+    Ok(home.join(".claude").join("settings.json"))
 }
 
 const HOOK_MATCHER: &str = "Edit|Write|Bash|NotebookEdit";
diff --git a/crates/cli/src/summary_cmd.rs b/crates/cli/src/summary_cmd.rs
index 2eb99ee8..bc470dc3 100644
--- a/crates/cli/src/summary_cmd.rs
+++ b/crates/cli/src/summary_cmd.rs
@@ -6,9 +6,9 @@ use opensession_git_native::extract_git_context;
 use opensession_local_db::{LocalDb, SessionSemanticSummaryUpsert};
 use opensession_local_store::find_repo_root;
 use opensession_parsers::ParserRegistry;
-use opensession_summary::{
-    GitSummaryRequest, SemanticSummaryArtifact, summarize_git_commit, summarize_git_working_tree,
-    summarize_session,
+use opensession_summary::{GitSummaryRequest, SemanticSummaryArtifact};
+use opensession_summary_runtime::{
+    summarize_git_commit, summarize_git_working_tree, summarize_session,
 };
 use serde::Serialize;
 use std::path::{Path, PathBuf};
diff --git a/crates/daemon/Cargo.toml b/crates/daemon/Cargo.toml
index 3e10ba4b..1ebcdba7 100644
--- a/crates/daemon/Cargo.toml
+++ b/crates/daemon/Cargo.toml
@@ -17,9 +17,12 @@ workspace = true
 
 [dependencies]
 opensession-core = { workspace = true }
+opensession-paths = { workspace = true }
 opensession-runtime-config = { workspace = true }
 opensession-summary = { workspace = true }
+opensession-summary-runtime = { workspace = true }
 opensession-parsers = { workspace = true }
+opensession-parser-discovery = { workspace = true }
 opensession-api = { workspace = true, default-features = false }
 opensession-api-client = { workspace = true }
 opensession-local-db = { workspace = true }
diff --git a/crates/daemon/src/config.rs b/crates/daemon/src/config.rs
index 113e17c6..37521344 100644
--- a/crates/daemon/src/config.rs
+++ b/crates/daemon/src/config.rs
@@ -1,25 +1,22 @@
 use anyhow::{Context, Result};
+use opensession_paths::home_dir;
 use serde::{Deserialize, Serialize};
 use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 
 // Re-export shared runtime config types
 pub use opensession_runtime_config::{
-    CONFIG_FILE_NAME, DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode,
-    SessionDefaultView,
+    DaemonConfig, DaemonSettings, GitStorageMethod, PublishMode, SessionDefaultView,
 };
 
 /// Get the config directory path
 pub fn config_dir() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home).join(".config").join("opensession"))
+    opensession_paths::config_dir().context("Could not determine home directory")
 }
 
 /// Get the daemon config file path
 pub fn config_path() -> Result<PathBuf> {
-    Ok(config_dir()?.join(CONFIG_FILE_NAME))
+    opensession_paths::runtime_config_path().context("Could not determine config file path")
 }
 
 /// Get the PID file path
@@ -53,10 +50,7 @@ fn normalize_fixed_runtime_tuning(config: &mut DaemonConfig) {
 
 /// Resolve watch paths based on watcher config
 pub fn resolve_watch_paths(config: &DaemonConfig) -> Vec<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| PathBuf::from("."));
+    let home = home_dir().unwrap_or_else(|_| PathBuf::from("."));
 
     let raw_paths = config.watchers.custom_paths.clone();
 
@@ -330,6 +324,22 @@ mod tests {
         assert_eq!(cfg.daemon.max_retries, defaults.daemon.max_retries);
     }
 
+    #[test]
+    fn daemon_config_dir_uses_centralized_path() {
+        assert_eq!(
+            config_dir().expect("config dir"),
+            opensession_paths::config_dir().expect("central config dir")
+        );
+    }
+
+    #[test]
+    fn daemon_config_path_uses_centralized_runtime_path() {
+        assert_eq!(
+            config_path().expect("config path"),
+            opensession_paths::runtime_config_path().expect("central runtime config path")
+        );
+    }
+
     #[test]
     fn test_find_repo_root() {
         let tmp = tempfile::tempdir().unwrap();
diff --git a/crates/daemon/src/scheduler/pipeline.rs b/crates/daemon/src/scheduler/pipeline.rs
index 3f4723ad..d4909dfb 100644
--- a/crates/daemon/src/scheduler/pipeline.rs
+++ b/crates/daemon/src/scheduler/pipeline.rs
@@ -9,7 +9,8 @@ use opensession_git_native::{
 use opensession_local_db::LocalDb;
 use opensession_parsers::ParserRegistry;
 use opensession_runtime_config::SummaryStorageBackend;
-use opensession_summary::{GitSummaryRequest, summarize_session};
+use opensession_summary::GitSummaryRequest;
+use opensession_summary_runtime::summarize_session;
 use std::path::{Path, PathBuf};
 use tracing::{debug, info, warn};
 
diff --git a/crates/daemon/src/watcher.rs b/crates/daemon/src/watcher.rs
index d960fb93..5cb8e03e 100644
--- a/crates/daemon/src/watcher.rs
+++ b/crates/daemon/src/watcher.rs
@@ -1,6 +1,6 @@
 use anyhow::{Context, Result};
 use notify::{Event, RecommendedWatcher, RecursiveMode, Watcher};
-use opensession_parsers::discover;
+use opensession_parser_discovery::discover_sessions;
 use std::collections::HashSet;
 use std::path::{Path, PathBuf};
 use tokio::sync::mpsc;
@@ -22,7 +22,7 @@ pub fn seed_existing_session_files(
         return 0;
     }
 
-    let discovered_paths = discover::discover_sessions()
+    let discovered_paths = discover_sessions()
         .into_iter()
         .flat_map(|location| location.paths);
     enqueue_discovered_paths(watch_roots, discovered_paths, tx)
diff --git a/crates/local-db/Cargo.toml b/crates/local-db/Cargo.toml
index 59b1e552..92adabe8 100644
--- a/crates/local-db/Cargo.toml
+++ b/crates/local-db/Cargo.toml
@@ -22,6 +22,7 @@ workspace = true
 [dependencies]
 opensession-core = { workspace = true }
 opensession-api = { workspace = true, default-features = false, features = ["backend"] }
+opensession-paths = { workspace = true }
 rusqlite = { workspace = true }
 chrono = { workspace = true }
 serde = { workspace = true }
diff --git a/crates/local-db/src/connection.rs b/crates/local-db/src/connection.rs
index f67abd36..3f508e3e 100644
--- a/crates/local-db/src/connection.rs
+++ b/crates/local-db/src/connection.rs
@@ -1,4 +1,5 @@
 use anyhow::{Context, Result};
+use opensession_paths::local_db_path;
 use rusqlite::Connection;
 use std::path::PathBuf;
 use std::sync::{Mutex, MutexGuard};
@@ -17,7 +18,7 @@ pub struct LocalDb {
 
 impl LocalDb {
     /// Open (or create) the local database at the default path.
-    /// `~/.local/share/opensession/local.db`
+    /// `~/.local/share/opensession/local.db` or `OPENSESSION_LOCAL_DB_PATH` when set.
     pub fn open() -> Result<Self> {
         let path = default_db_path()?;
         Self::open_path(&path)
@@ -57,12 +58,63 @@ fn open_connection_with_latest_schema(path: &PathBuf) -> Result<Connection> {
 }
 
 fn default_db_path() -> Result<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .context("Could not determine home directory")?;
-    Ok(PathBuf::from(home)
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("local.db"))
+    local_db_path().context("Could not determine local db path")
+}
+
+#[cfg(test)]
+mod tests {
+    use super::default_db_path;
+    use std::ffi::OsString;
+    use std::path::PathBuf;
+    use std::sync::{Mutex, OnceLock};
+
+    fn env_test_lock() -> &'static Mutex<()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+    }
+
+    struct EnvVarGuard {
+        key: &'static str,
+        previous: Option<OsString>,
+    }
+
+    impl EnvVarGuard {
+        fn set(key: &'static str, value: &str) -> Self {
+            let previous = std::env::var_os(key);
+            // SAFETY: tests serialize environment mutation with `env_test_lock`, so process
+            // environment updates do not race with other tests in this module.
+            unsafe { std::env::set_var(key, value) };
+            Self { key, previous }
+        }
+    }
+
+    impl Drop for EnvVarGuard {
+        fn drop(&mut self) {
+            if let Some(value) = &self.previous {
+                // SAFETY: tests serialize environment mutation with `env_test_lock`.
+                unsafe { std::env::set_var(self.key, value) };
+            } else {
+                // SAFETY: tests serialize environment mutation with `env_test_lock`.
+                unsafe { std::env::remove_var(self.key) };
+            }
+        }
+    }
+
+    #[test]
+    fn default_db_path_uses_centralized_location() {
+        let _lock = env_test_lock().lock().expect("env lock");
+        let _guard = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", "");
+        let path = default_db_path().expect("default db path");
+        assert!(path.ends_with(PathBuf::from(".local/share/opensession/local.db")));
+    }
+
+    #[test]
+    fn default_db_path_honors_env_override() {
+        let _lock = env_test_lock().lock().expect("env lock");
+        let _guard = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", "/tmp/custom-local.db");
+        assert_eq!(
+            default_db_path().expect("default db path"),
+            PathBuf::from("/tmp/custom-local.db")
+        );
+    }
 }
diff --git a/crates/local-store/Cargo.toml b/crates/local-store/Cargo.toml
index c107c376..a429f00d 100644
--- a/crates/local-store/Cargo.toml
+++ b/crates/local-store/Cargo.toml
@@ -16,6 +16,7 @@ workspace = true
 
 [dependencies]
 opensession-core = { workspace = true }
+opensession-paths = { workspace = true }
 sha2 = { workspace = true }
 thiserror = { workspace = true }
 
diff --git a/crates/local-store/src/lib.rs b/crates/local-store/src/lib.rs
index 23902c89..cec99b4c 100644
--- a/crates/local-store/src/lib.rs
+++ b/crates/local-store/src/lib.rs
@@ -1,4 +1,5 @@
 use opensession_core::source_uri::{SourceSpec, SourceUri, SourceUriError};
+use opensession_paths::local_store_root;
 use sha2::{Digest, Sha256};
 use std::path::{Path, PathBuf};
 
@@ -96,15 +97,7 @@ fn default_store_root(cwd: &Path) -> Result<PathBuf, LocalStoreError> {
 }
 
 pub fn global_store_root() -> Result<PathBuf, LocalStoreError> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .map(PathBuf::from)
-        .map_err(|_| LocalStoreError::HomeUnavailable)?;
-    Ok(home
-        .join(".local")
-        .join("share")
-        .join("opensession")
-        .join("objects"))
+    local_store_root().map_err(|_| LocalStoreError::HomeUnavailable)
 }
 
 fn object_path(root: &Path, hash: &str) -> Result<PathBuf, LocalStoreError> {
@@ -153,8 +146,10 @@ fn validate_hash(hash: &str) -> Result<(), LocalStoreError> {
 #[cfg(test)]
 mod tests {
     use super::{
-        LocalStoreError, find_repo_root, read_local_object, sha256_hex, store_local_object,
+        LocalStoreError, find_repo_root, global_store_root, read_local_object, sha256_hex,
+        store_local_object,
     };
+    use opensession_paths::local_store_root;
     use tempfile::tempdir;
 
     #[test]
@@ -167,8 +162,8 @@ mod tests {
 
     #[test]
     fn global_store_root_uses_standard_home_fallback() {
-        let root = super::global_store_root().expect("global store root");
-        assert!(root.ends_with("opensession/objects"));
+        let root = global_store_root().expect("global store root");
+        assert_eq!(root, local_store_root().expect("centralized store root"));
     }
 
     #[test]
diff --git a/crates/parser-discovery/Cargo.toml b/crates/parser-discovery/Cargo.toml
new file mode 100644
index 00000000..77272764
--- /dev/null
+++ b/crates/parser-discovery/Cargo.toml
@@ -0,0 +1,20 @@
+[package]
+name = "opensession-parser-discovery"
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+repository.workspace = true
+description = "Session discovery adapters for OpenSession parsers"
+
+[lib]
+doctest = false
+
+[lints]
+workspace = true
+
+[dependencies]
+opensession-paths = { workspace = true }
+glob = { workspace = true }
+shellexpand = { workspace = true }
+rusqlite = { workspace = true }
diff --git a/crates/parsers/src/discover.rs b/crates/parser-discovery/src/lib.rs
similarity index 56%
rename from crates/parsers/src/discover.rs
rename to crates/parser-discovery/src/lib.rs
index 89364684..6b0115cb 100644
--- a/crates/parsers/src/discover.rs
+++ b/crates/parser-discovery/src/lib.rs
@@ -1,57 +1,73 @@
 use rusqlite::{Connection, OpenFlags};
 use std::collections::HashSet;
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 /// Metadata about a discovered session location for a specific AI tool.
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub struct SessionLocation {
     pub tool: String,
     pub paths: Vec<PathBuf>,
 }
 
 /// Discover local session files from known paths for all supported AI tools.
+#[must_use]
 pub fn discover_sessions() -> Vec<SessionLocation> {
-    let home = dirs_home();
+    discover_sessions_from_home(&dirs_home())
+}
+
+/// Discover sessions for a specific tool by name.
+#[must_use]
+pub fn discover_for_tool(tool: &str) -> Vec<PathBuf> {
+    discover_for_tool_in(&dirs_home(), tool)
+}
+
+/// Discover sessions matching an external parser's glob pattern.
+#[must_use]
+pub fn discover_external(glob_pattern: &str) -> Vec<PathBuf> {
+    let expanded = shellexpand::tilde(glob_pattern).to_string();
+    glob::glob(&expanded)
+        .map(|paths| paths.filter_map(Result::ok).collect())
+        .unwrap_or_default()
+}
+
+fn discover_sessions_from_home(home: &Path) -> Vec<SessionLocation> {
     let mut locations = Vec::new();
 
-    discover_claude_code(&home, &mut locations);
-    discover_codex(&home, &mut locations);
-    discover_opencode(&home, &mut locations);
-    discover_cline(&home, &mut locations);
-    discover_amp(&home, &mut locations);
-    discover_cursor(&home, &mut locations);
-    discover_gemini(&home, &mut locations);
+    discover_claude_code(home, &mut locations);
+    discover_codex(home, &mut locations);
+    discover_opencode(home, &mut locations);
+    discover_cline(home, &mut locations);
+    discover_amp(home, &mut locations);
+    discover_cursor(home, &mut locations);
+    discover_gemini(home, &mut locations);
 
     locations
 }
 
-/// Discover sessions for a specific tool by name.
-pub fn discover_for_tool(tool: &str) -> Vec<PathBuf> {
-    let home = dirs_home();
+fn discover_for_tool_in(home: &Path, tool: &str) -> Vec<PathBuf> {
     match tool {
         "claude-code" => find_files_with_ext(&home.join(".claude").join("projects"), "jsonl")
             .into_iter()
-            .filter(|p| !crate::is_auxiliary_session_path(p))
+            .filter(|path| !is_auxiliary_session_path(path))
             .collect(),
-        "codex" => find_codex_sessions(&home),
-        "opencode" => find_opencode_sessions(&home),
-        "cline" => find_cline_sessions(&home),
-        "amp" => find_amp_threads(&home),
-        "cursor" => find_cursor_vscdb(&home),
-        "gemini" => find_gemini_sessions(&home),
+        "codex" => find_codex_sessions(home),
+        "opencode" => find_opencode_sessions(home),
+        "cline" => find_cline_sessions(home),
+        "amp" => find_amp_threads(home),
+        "cursor" => find_cursor_vscdb(home),
+        "gemini" => find_gemini_sessions(home),
         _ => Vec::new(),
     }
 }
 
-// ── Per-tool discovery ──────────────────────────────────────────────────────
-
-fn discover_claude_code(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
+fn discover_claude_code(home: &Path, locations: &mut Vec<SessionLocation>) {
     let claude_path = home.join(".claude").join("projects");
     if !claude_path.exists() {
         return;
     }
     let paths: Vec<_> = find_files_with_ext(&claude_path, "jsonl")
         .into_iter()
-        .filter(|p| !crate::is_auxiliary_session_path(p))
+        .filter(|path| !is_auxiliary_session_path(path))
         .collect();
     if !paths.is_empty() {
         locations.push(SessionLocation {
@@ -61,7 +77,7 @@ fn discover_claude_code(home: &std::path::Path, locations: &mut Vec<SessionLocat
     }
 }
 
-fn discover_codex(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
+fn discover_codex(home: &Path, locations: &mut Vec<SessionLocation>) {
     let paths = find_codex_sessions(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
@@ -71,7 +87,7 @@ fn discover_codex(home: &std::path::Path, locations: &mut Vec<SessionLocation>)
     }
 }
 
-fn discover_opencode(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
+fn discover_opencode(home: &Path, locations: &mut Vec<SessionLocation>) {
     let paths = find_opencode_sessions(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
@@ -81,7 +97,7 @@ fn discover_opencode(home: &std::path::Path, locations: &mut Vec<SessionLocation
     }
 }
 
-fn discover_cline(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
+fn discover_cline(home: &Path, locations: &mut Vec<SessionLocation>) {
     let paths = find_cline_sessions(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
@@ -91,7 +107,7 @@ fn discover_cline(home: &std::path::Path, locations: &mut Vec<SessionLocation>)
     }
 }
 
-fn discover_amp(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
+fn discover_amp(home: &Path, locations: &mut Vec<SessionLocation>) {
     let paths = find_amp_threads(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
@@ -101,45 +117,38 @@ fn discover_amp(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
     }
 }
 
-fn discover_gemini(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
-    let paths = find_gemini_sessions(home);
+fn discover_cursor(home: &Path, locations: &mut Vec<SessionLocation>) {
+    let paths = find_cursor_vscdb(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
-            tool: "gemini".to_string(),
+            tool: "cursor".to_string(),
             paths,
         });
     }
 }
 
-fn discover_cursor(home: &std::path::Path, locations: &mut Vec<SessionLocation>) {
-    let paths = find_cursor_vscdb(home);
+fn discover_gemini(home: &Path, locations: &mut Vec<SessionLocation>) {
+    let paths = find_gemini_sessions(home);
     if !paths.is_empty() {
         locations.push(SessionLocation {
-            tool: "cursor".to_string(),
+            tool: "gemini".to_string(),
             paths,
         });
     }
 }
 
-// ── Utilities ───────────────────────────────────────────────────────────────
-
 fn dirs_home() -> PathBuf {
-    std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .map(PathBuf::from)
-        .unwrap_or_else(|_| PathBuf::from("."))
+    opensession_paths::home_dir().unwrap_or_else(|_| PathBuf::from("."))
 }
 
-/// Recursively find files with a given extension under a directory.
-fn find_files_with_ext(dir: &std::path::Path, ext: &str) -> Vec<PathBuf> {
+fn find_files_with_ext(dir: &Path, ext: &str) -> Vec<PathBuf> {
     let pattern = format!("{}/**/*.{}", dir.display(), ext);
     glob::glob(&pattern)
         .map(|paths| paths.filter_map(Result::ok).collect())
         .unwrap_or_default()
 }
 
-/// Codex stores sessions as JSONL files under ~/.codex/sessions/YYYY/MM/DD/rollout-*.jsonl
-fn find_codex_sessions(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_codex_sessions(home: &Path) -> Vec<PathBuf> {
     let mut roots = Vec::new();
     if let Ok(codex_home) = std::env::var("CODEX_HOME") {
         let codex_home = codex_home.trim();
@@ -167,7 +176,7 @@ fn find_codex_sessions(home: &std::path::Path) -> Vec<PathBuf> {
     out
 }
 
-fn is_codex_rollout_session_file(path: &std::path::Path) -> bool {
+fn is_codex_rollout_session_file(path: &Path) -> bool {
     path.file_name()
         .and_then(|name| name.to_str())
         .map(|name| {
@@ -177,9 +186,7 @@ fn is_codex_rollout_session_file(path: &std::path::Path) -> bool {
         .unwrap_or(false)
 }
 
-/// OpenCode stores session info as JSON files under
-/// ~/.local/share/opencode/storage/session/<project_hash>/<session_id>.json
-fn find_opencode_sessions(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_opencode_sessions(home: &Path) -> Vec<PathBuf> {
     let session_path = home
         .join(".local")
         .join("share")
@@ -195,9 +202,7 @@ fn find_opencode_sessions(home: &std::path::Path) -> Vec<PathBuf> {
         .unwrap_or_default()
 }
 
-/// Cline stores sessions as task directories under ~/.cline/data/tasks/{taskId}/
-/// Each task has api_conversation_history.json as the entry point.
-fn find_cline_sessions(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_cline_sessions(home: &Path) -> Vec<PathBuf> {
     let tasks_dir = home.join(".cline").join("data").join("tasks");
     if !tasks_dir.exists() {
         return Vec::new();
@@ -208,8 +213,7 @@ fn find_cline_sessions(home: &std::path::Path) -> Vec<PathBuf> {
         .unwrap_or_default()
 }
 
-/// Amp stores threads as JSON files under ~/.local/share/amp/threads/T-{uuid}.json
-fn find_amp_threads(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_amp_threads(home: &Path) -> Vec<PathBuf> {
     let threads_dir = home
         .join(".local")
         .join("share")
@@ -224,17 +228,7 @@ fn find_amp_threads(home: &std::path::Path) -> Vec<PathBuf> {
         .unwrap_or_default()
 }
 
-/// Discover sessions matching an external parser's glob pattern.
-pub fn discover_external(glob_pattern: &str) -> Vec<PathBuf> {
-    let expanded = shellexpand::tilde(glob_pattern).to_string();
-    glob::glob(&expanded)
-        .map(|paths| paths.filter_map(Result::ok).collect())
-        .unwrap_or_default()
-}
-
-/// Gemini CLI stores sessions as JSON or JSONL files under
-/// ~/.gemini/tmp/<project_hash>/chats/session-*.{json,jsonl}
-fn find_gemini_sessions(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_gemini_sessions(home: &Path) -> Vec<PathBuf> {
     let gemini_path = home.join(".gemini").join("tmp");
     if !gemini_path.exists() {
         return Vec::new();
@@ -249,20 +243,14 @@ fn find_gemini_sessions(home: &std::path::Path) -> Vec<PathBuf> {
     results
 }
 
-/// Cursor stores conversation data in SQLite databases (state.vscdb).
-/// Global: ~/Library/Application Support/Cursor/User/globalStorage/state.vscdb
-/// Per-workspace: ~/Library/Application Support/Cursor/User/workspaceStorage/<hash>/state.vscdb
-fn find_cursor_vscdb(home: &std::path::Path) -> Vec<PathBuf> {
+fn find_cursor_vscdb(home: &Path) -> Vec<PathBuf> {
     let mut results = Vec::new();
 
-    // macOS path
     let cursor_base = home
         .join("Library")
         .join("Application Support")
         .join("Cursor")
         .join("User");
-
-    // Linux path (XDG)
     let cursor_base_linux = home.join(".config").join("Cursor").join("User");
 
     for base in &[&cursor_base, &cursor_base_linux] {
@@ -270,13 +258,11 @@ fn find_cursor_vscdb(home: &std::path::Path) -> Vec<PathBuf> {
             continue;
         }
 
-        // Global state.vscdb
         let global_db = base.join("globalStorage").join("state.vscdb");
         if global_db.exists() && cursor_db_has_composer_data(&global_db) {
             results.push(global_db);
         }
 
-        // Per-workspace state.vscdb files
         let workspace_dir = base.join("workspaceStorage");
         if workspace_dir.exists() {
             let pattern = format!("{}/*/state.vscdb", workspace_dir.display());
@@ -293,7 +279,7 @@ fn find_cursor_vscdb(home: &std::path::Path) -> Vec<PathBuf> {
     results
 }
 
-fn cursor_db_has_composer_data(path: &std::path::Path) -> bool {
+fn cursor_db_has_composer_data(path: &Path) -> bool {
     let conn = match Connection::open_with_flags(path, OpenFlags::SQLITE_OPEN_READ_ONLY) {
         Ok(conn) => conn,
         Err(_) => return false,
@@ -328,10 +314,31 @@ fn has_cursor_rows(conn: &Connection, table: &str) -> bool {
     conn.query_row(&sql, [], |row| row.get(0)).unwrap_or(false)
 }
 
+fn is_auxiliary_session_path(path: &Path) -> bool {
+    let path_text = path.to_string_lossy();
+    if path_text.contains("/subagents/") || path_text.contains("\\subagents\\") {
+        return true;
+    }
+
+    let Some(name) = path.file_name().and_then(|name| name.to_str()) else {
+        return false;
+    };
+    let lower = name.to_ascii_lowercase();
+    lower.starts_with("agent-")
+        || lower.starts_with("agent_")
+        || lower.starts_with("subagent-")
+        || lower.starts_with("subagent_")
+}
+
 #[cfg(test)]
 mod tests {
-    use super::{find_codex_sessions, is_codex_rollout_session_file};
-    use std::path::Path;
+    use super::{
+        SessionLocation, discover_for_tool_in, discover_sessions_from_home, find_codex_sessions,
+        is_codex_rollout_session_file,
+    };
+    use rusqlite::Connection;
+    use std::fs;
+    use std::path::{Path, PathBuf};
     use std::sync::{Mutex, OnceLock};
 
     fn env_test_lock() -> &'static Mutex<()> {
@@ -355,7 +362,7 @@ mod tests {
 
     impl Drop for EnvVarRestore {
         fn drop(&mut self) {
-            if let Some(ref previous) = self.previous {
+            if let Some(previous) = self.previous.as_ref() {
                 set_env_for_test(self.key, previous);
             } else {
                 remove_env_for_test(self.key);
@@ -364,17 +371,54 @@ mod tests {
     }
 
     fn set_env_for_test(key: &str, value: impl AsRef<std::ffi::OsStr>) {
-        // SAFETY: these tests hold env_test_lock() while mutating process environment, so the
-        // mutation is serialized within the module and not concurrent with other test env access.
+        // SAFETY: tests hold env_test_lock() while mutating process environment.
         unsafe { std::env::set_var(key, value) };
     }
 
     fn remove_env_for_test(key: &str) {
-        // SAFETY: these tests hold env_test_lock() while mutating process environment, so the
-        // mutation is serialized within the module and not concurrent with other test env access.
+        // SAFETY: tests hold env_test_lock() while mutating process environment.
         unsafe { std::env::remove_var(key) };
     }
 
+    fn unique_temp_dir(prefix: &str) -> PathBuf {
+        let root = std::env::temp_dir().join(format!(
+            "{prefix}-{}",
+            std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .expect("clock")
+                .as_nanos()
+        ));
+        fs::create_dir_all(&root).expect("create temp dir");
+        root
+    }
+
+    fn write_cursor_fixture_db(path: &Path) {
+        if let Some(parent) = path.parent() {
+            fs::create_dir_all(parent).expect("create cursor parent");
+        }
+        let conn = Connection::open(path).expect("create cursor db");
+        conn.execute(
+            "CREATE TABLE cursorDiskKV (key TEXT PRIMARY KEY, value TEXT)",
+            [],
+        )
+        .expect("create cursorDiskKV");
+        conn.execute(
+            "INSERT INTO cursorDiskKV (key, value) VALUES (?1, ?2)",
+            (
+                "composerData:test",
+                r#"{"composerId":"comp-1","conversation":[{"type":1,"text":"hello"}]}"#,
+            ),
+        )
+        .expect("insert composer row");
+    }
+
+    fn collect_tools(locations: &[SessionLocation]) -> Vec<&str> {
+        locations
+            .iter()
+            .map(|location| location.tool.as_str())
+            .collect()
+    }
+
     #[test]
     fn codex_rollout_matcher_only_accepts_rollout_files() {
         assert!(is_codex_rollout_session_file(Path::new(
@@ -395,21 +439,14 @@ mod tests {
     fn codex_discovery_ignores_non_rollout_jsonl() {
         let _guard = env_test_lock().lock().expect("env lock");
         let restore = EnvVarRestore::capture("CODEX_HOME");
-        let unique = format!(
-            "opensession-codex-discover-{}",
-            std::time::SystemTime::now()
-                .duration_since(std::time::UNIX_EPOCH)
-                .expect("time")
-                .as_nanos()
-        );
-        let root = std::env::temp_dir().join(unique);
+        let root = unique_temp_dir("opensession-codex-discover");
         let sessions_dir = root.join("sessions").join("2026").join("02").join("20");
-        std::fs::create_dir_all(&sessions_dir).expect("mkdir");
+        fs::create_dir_all(&sessions_dir).expect("mkdir");
 
-        std::fs::write(sessions_dir.join("rollout-1.jsonl"), "{}\n").expect("rollout");
-        std::fs::write(sessions_dir.join("rollout.jsonl"), "{}\n").expect("rollout base");
-        std::fs::write(sessions_dir.join("summary.jsonl"), "{}\n").expect("summary");
-        std::fs::write(sessions_dir.join("notes.jsonl"), "{}\n").expect("notes");
+        fs::write(sessions_dir.join("rollout-1.jsonl"), "{}\n").expect("rollout");
+        fs::write(sessions_dir.join("rollout.jsonl"), "{}\n").expect("rollout base");
+        fs::write(sessions_dir.join("summary.jsonl"), "{}\n").expect("summary");
+        fs::write(sessions_dir.join("notes.jsonl"), "{}\n").expect("notes");
 
         set_env_for_test("CODEX_HOME", &root);
         let found = find_codex_sessions(Path::new("/this/home/path/does/not/exist"));
@@ -435,7 +472,67 @@ mod tests {
                 .any(|path| path.ends_with(Path::new("notes.jsonl")))
         );
 
-        std::fs::remove_dir_all(&root).ok();
+        fs::remove_dir_all(&root).ok();
         drop(restore);
     }
+
+    #[test]
+    fn discover_sessions_preserves_tool_order() {
+        let home = unique_temp_dir("opensession-discovery-order");
+        let claude_dir = home.join(".claude/projects/demo");
+        fs::create_dir_all(claude_dir.join("subagents")).expect("create claude dir");
+        fs::write(claude_dir.join("session.jsonl"), "{}\n").expect("write claude");
+        fs::write(claude_dir.join("subagents/agent-1.jsonl"), "{}\n").expect("write subagent");
+
+        let codex_dir = home.join(".codex/sessions/2026/02/20");
+        fs::create_dir_all(&codex_dir).expect("create codex dir");
+        fs::write(codex_dir.join("rollout.jsonl"), "{}\n").expect("write codex");
+
+        let opencode_dir = home.join(".local/share/opencode/storage/session/project");
+        fs::create_dir_all(&opencode_dir).expect("create opencode dir");
+        fs::write(opencode_dir.join("ses.json"), "{}\n").expect("write opencode");
+
+        let cline_dir = home.join(".cline/data/tasks/task-1");
+        fs::create_dir_all(&cline_dir).expect("create cline dir");
+        fs::write(cline_dir.join("api_conversation_history.json"), "{}\n").expect("write cline");
+
+        let amp_dir = home.join(".local/share/amp/threads");
+        fs::create_dir_all(&amp_dir).expect("create amp dir");
+        fs::write(amp_dir.join("T-1.json"), "{}\n").expect("write amp");
+
+        let cursor_db = home.join(".config/Cursor/User/workspaceStorage/test/state.vscdb");
+        write_cursor_fixture_db(&cursor_db);
+
+        let gemini_dir = home.join(".gemini/tmp/demo/chats");
+        fs::create_dir_all(&gemini_dir).expect("create gemini dir");
+        fs::write(gemini_dir.join("session-demo.json"), "{}\n").expect("write gemini");
+
+        let locations = discover_sessions_from_home(&home);
+        assert_eq!(
+            collect_tools(&locations),
+            vec![
+                "claude-code",
+                "codex",
+                "opencode",
+                "cline",
+                "amp",
+                "cursor",
+                "gemini"
+            ]
+        );
+        assert_eq!(locations[0].paths.len(), 1);
+    }
+
+    #[test]
+    fn discover_for_tool_filters_auxiliary_claude_sessions() {
+        let home = unique_temp_dir("opensession-discovery-claude");
+        let project_dir = home.join(".claude/projects/demo");
+        fs::create_dir_all(project_dir.join("subagents")).expect("create claude project");
+        fs::write(project_dir.join("session.jsonl"), "{}\n").expect("write primary");
+        fs::write(project_dir.join("subagents/agent-123.jsonl"), "{}\n").expect("write agent");
+        fs::write(project_dir.join("subagent-123.jsonl"), "{}\n").expect("write sibling");
+
+        let found = discover_for_tool_in(&home, "claude-code");
+        assert_eq!(found, vec![project_dir.join("session.jsonl")]);
+    }
 }
diff --git a/crates/parsers/Cargo.toml b/crates/parsers/Cargo.toml
index bb2c18a5..06b174ea 100644
--- a/crates/parsers/Cargo.toml
+++ b/crates/parsers/Cargo.toml
@@ -28,3 +28,6 @@ regex = { workspace = true }
 toml = { workspace = true }
 rusqlite = { workspace = true }
 tempfile = { workspace = true }
+
+[dev-dependencies]
+opensession-parser-discovery = { workspace = true }
diff --git a/crates/parsers/src/claude_code/mod.rs b/crates/parsers/src/claude_code/mod.rs
index fc16b2f0..d0728b21 100644
--- a/crates/parsers/src/claude_code/mod.rs
+++ b/crates/parsers/src/claude_code/mod.rs
@@ -1,4 +1,6 @@
 mod parse;
+mod raw;
+mod subagent;
 mod transform;
 
 use crate::SessionParser;
@@ -57,9 +59,8 @@ impl ClaudeCodeParser {
 }
 
 // Re-export pub(crate) items needed by incremental.rs
-pub(crate) use parse::{
-    RawConversationEntry, RawEntry, parse_timestamp, process_assistant_entry, process_user_entry,
-};
+pub(crate) use parse::{parse_timestamp, process_assistant_entry, process_user_entry};
+pub(crate) use raw::{RawConversationEntry, RawEntry};
 
 pub fn is_claude_subagent_path(path: &Path) -> bool {
     let path_text = path.to_string_lossy();
diff --git a/crates/parsers/src/claude_code/parse.rs b/crates/parsers/src/claude_code/parse.rs
index a599184e..35197c16 100644
--- a/crates/parsers/src/claude_code/parse.rs
+++ b/crates/parsers/src/claude_code/parse.rs
@@ -1,4 +1,11 @@
 use super::transform::{build_cc_tool_result_content, classify_tool_use, tool_use_content};
+use super::{
+    raw::{
+        RawContent, RawContentBlock, RawConversationEntry, RawEntry, RawProgressEntry,
+        RawQueueOperationEntry, RawSummaryEntry, RawSystemEntry,
+    },
+    subagent::{merge_subagent_sessions, read_subagent_meta},
+};
 use crate::common::{
     ToolUseInfo, attach_semantic_attrs, attach_source_attrs, infer_tool_kind, set_first,
     strip_system_reminders,
@@ -6,220 +13,9 @@ use crate::common::{
 use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
 use opensession_core::trace::{Agent, Content, Event, EventType, Session, SessionContext};
-use serde::Deserialize;
-use std::collections::{HashMap, HashSet};
+use std::collections::HashMap;
 use std::io::BufRead;
-use std::path::{Path, PathBuf};
-
-// ── Raw JSONL deserialization types ──────────────────────────────────────────
-
-/// Top-level entry in the Claude Code JSONL file.
-/// Each line is one of these.
-#[derive(Debug, Deserialize)]
-#[serde(tag = "type")]
-pub(crate) enum RawEntry {
-    #[serde(rename = "user")]
-    User(RawConversationEntry),
-    #[serde(rename = "assistant")]
-    Assistant(RawConversationEntry),
-    #[serde(rename = "file-history-snapshot")]
-    FileHistorySnapshot {},
-    #[serde(rename = "system")]
-    System(RawSystemEntry),
-    #[serde(rename = "progress")]
-    Progress(RawProgressEntry),
-    #[serde(rename = "queue-operation")]
-    QueueOperation(RawQueueOperationEntry),
-    #[serde(rename = "summary")]
-    Summary(RawSummaryEntry),
-    // Catch-all for unknown types we want to skip
-    #[serde(other)]
-    Unknown,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct RawConversationEntry {
-    pub(crate) uuid: String,
-    #[serde(default)]
-    pub(crate) session_id: Option<String>,
-    pub(crate) timestamp: String,
-    pub(crate) message: RawMessage,
-    #[serde(default)]
-    pub(crate) cwd: Option<String>,
-    #[serde(default)]
-    pub(crate) git_branch: Option<String>,
-    #[serde(default)]
-    pub(crate) version: Option<String>,
-    #[allow(dead_code)]
-    #[serde(default)]
-    agent_id: Option<String>,
-    #[allow(dead_code)]
-    #[serde(default)]
-    slug: Option<String>,
-    #[allow(dead_code)]
-    #[serde(default, rename = "costUSD")]
-    cost_usd: Option<f64>,
-    #[serde(default)]
-    pub(crate) usage: Option<RawUsage>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct RawSystemEntry {
-    #[serde(default)]
-    pub(crate) uuid: Option<String>,
-    #[serde(default)]
-    pub(crate) session_id: Option<String>,
-    #[serde(default)]
-    pub(crate) timestamp: Option<String>,
-    #[serde(default)]
-    pub(crate) content: Option<String>,
-    #[serde(default)]
-    pub(crate) subtype: Option<String>,
-    #[serde(default)]
-    pub(crate) level: Option<String>,
-    #[serde(default)]
-    pub(crate) cwd: Option<String>,
-    #[serde(default)]
-    pub(crate) git_branch: Option<String>,
-    #[serde(default)]
-    pub(crate) version: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct RawProgressEntry {
-    #[serde(default)]
-    pub(crate) uuid: Option<String>,
-    #[serde(default)]
-    pub(crate) session_id: Option<String>,
-    #[serde(default)]
-    pub(crate) timestamp: Option<String>,
-    #[serde(default)]
-    pub(crate) data: Option<serde_json::Value>,
-    #[serde(default)]
-    pub(crate) tool_use_id: Option<String>,
-    #[serde(default)]
-    pub(crate) parent_tool_use_id: Option<String>,
-    #[serde(default)]
-    pub(crate) cwd: Option<String>,
-    #[serde(default)]
-    pub(crate) git_branch: Option<String>,
-    #[serde(default)]
-    pub(crate) version: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct RawQueueOperationEntry {
-    #[serde(default)]
-    pub(crate) session_id: Option<String>,
-    #[serde(default)]
-    pub(crate) timestamp: Option<String>,
-    #[serde(default)]
-    pub(crate) operation: Option<String>,
-    #[serde(default)]
-    pub(crate) content: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct RawSummaryEntry {
-    #[serde(default)]
-    pub(crate) uuid: Option<String>,
-    #[serde(default)]
-    pub(crate) session_id: Option<String>,
-    #[serde(default)]
-    pub(crate) timestamp: Option<String>,
-    #[serde(default)]
-    pub(crate) leaf_uuid: Option<String>,
-    #[serde(default)]
-    pub(crate) summary: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[allow(dead_code)]
-pub(crate) struct RawUsage {
-    #[serde(default)]
-    pub(crate) input_tokens: u64,
-    #[serde(default)]
-    pub(crate) output_tokens: u64,
-    #[serde(default)]
-    cache_read_input_tokens: u64,
-    #[serde(default)]
-    cache_creation_input_tokens: u64,
-}
-
-#[derive(Debug, Deserialize)]
-#[allow(dead_code)]
-pub(crate) struct RawMessage {
-    pub(crate) role: String,
-    pub(crate) content: RawContent,
-    #[serde(default)]
-    pub(crate) model: Option<String>,
-}
-
-/// Claude Code represents user message content as either a plain string
-/// or an array of content blocks.
-#[derive(Debug, Deserialize)]
-#[serde(untagged)]
-pub(crate) enum RawContent {
-    Text(String),
-    Blocks(Vec<RawContentBlock>),
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(tag = "type")]
-pub(crate) enum RawContentBlock {
-    #[serde(rename = "text")]
-    Text { text: String },
-    #[serde(rename = "thinking")]
-    Thinking {
-        #[serde(default)]
-        thinking: Option<String>,
-    },
-    #[serde(rename = "tool_use")]
-    ToolUse {
-        #[serde(default)]
-        id: Option<String>,
-        name: String,
-        #[serde(default)]
-        input: serde_json::Value,
-    },
-    #[serde(rename = "tool_result")]
-    ToolResult {
-        #[serde(default)]
-        tool_use_id: Option<String>,
-        #[serde(default)]
-        content: ToolResultContent,
-        #[serde(default)]
-        is_error: bool,
-    },
-    // Skip unknown block types gracefully
-    #[serde(other)]
-    Other,
-}
-
-/// tool_result content can be a string, array of blocks, or absent
-#[derive(Debug, Deserialize)]
-#[serde(untagged)]
-#[derive(Default)]
-pub(crate) enum ToolResultContent {
-    Text(String),
-    Blocks(Vec<ToolResultBlock>),
-    #[default]
-    Null,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(tag = "type")]
-pub(crate) enum ToolResultBlock {
-    #[serde(rename = "text")]
-    Text { text: String },
-    #[serde(other)]
-    Other,
-}
+use std::path::Path;
 
 // ── Parsing logic ───────────────────────────────────────────────────────────
 
@@ -452,398 +248,6 @@ pub(super) fn parse_claude_code_jsonl(path: &Path) -> Result<Session> {
     Ok(session)
 }
 
-fn is_subagent_file_name(name: &str) -> bool {
-    let lower = name.to_ascii_lowercase();
-    lower.starts_with("agent-")
-        || lower.starts_with("agent_")
-        || lower.starts_with("subagent-")
-        || lower.starts_with("subagent_")
-}
-
-fn collect_subagent_dirs(parent_path: &Path) -> Vec<PathBuf> {
-    let mut dirs = Vec::new();
-    let mut seen = HashSet::new();
-    let mut push_unique = |path: PathBuf| {
-        if seen.insert(path.clone()) {
-            dirs.push(path);
-        }
-    };
-
-    // Parent default layout: `<parent-file-stem>/subagents/*.jsonl`
-    push_unique(parent_path.with_extension("").join("subagents"));
-
-    // Fallback for legacy/alternate layouts in the same project folder.
-    if let Some(parent_dir) = parent_path.parent() {
-        push_unique(parent_dir.join("subagents"));
-        // Newer Claude Code layouts can place child logs directly beside the parent.
-        push_unique(parent_dir.to_path_buf());
-    }
-
-    dirs
-}
-
-fn merge_subagent_session_ids_match(parent_session_id: &str, meta: &SubagentMeta) -> bool {
-    meta.session_id
-        .as_deref()
-        .is_some_and(|id| id == parent_session_id)
-        || meta
-            .parent_session_id
-            .as_deref()
-            .is_some_and(|id| id == parent_session_id)
-}
-
-/// Look for likely subagent files and merge their events into the parent session.
-fn merge_subagent_sessions(parent_path: &Path, parent_session_id: &str, session: &mut Session) {
-    let mut subagent_files: Vec<_> = collect_subagent_dirs(parent_path)
-        .into_iter()
-        .filter(|dir| dir.is_dir())
-        .flat_map(|dir| match std::fs::read_dir(dir) {
-            Ok(entries) => entries
-                .filter_map(|entry| entry.ok())
-                .map(|entry| entry.path())
-                .filter(|p| p.extension().is_some_and(|ext| ext == "jsonl"))
-                .collect(),
-            Err(_) => Vec::new(),
-        })
-        .collect();
-
-    if subagent_files.is_empty() {
-        return;
-    }
-
-    subagent_files.retain(|path| {
-        if path == parent_path {
-            return false;
-        }
-
-        let file_name = match path.file_name().and_then(|n| n.to_str()) {
-            Some(name) => name,
-            None => return false,
-        };
-
-        if file_name.starts_with('.') {
-            return false;
-        }
-
-        let in_subagents_dir = path
-            .parent()
-            .and_then(|dir| dir.file_name())
-            .and_then(|name| name.to_str())
-            .is_some_and(|name| name.eq_ignore_ascii_case("subagents"));
-        if in_subagents_dir && is_subagent_file_name(file_name) {
-            return true;
-        }
-
-        let meta = read_subagent_meta(path);
-        matches!(
-            meta,
-            Some(meta) if merge_subagent_session_ids_match(parent_session_id, &meta)
-        )
-    });
-
-    subagent_files.sort();
-    if subagent_files.is_empty() {
-        return;
-    }
-
-    for subagent_path in subagent_files {
-        let meta = read_subagent_meta(&subagent_path).unwrap_or(SubagentMeta {
-            slug: None,
-            agent_id: None,
-            session_id: None,
-            parent_session_id: None,
-        });
-        let file_agent_id = subagent_path
-            .file_stem()
-            .and_then(|s| s.to_str())
-            .unwrap_or("unknown")
-            .to_string();
-
-        let task_id = meta
-            .agent_id
-            .as_ref()
-            .cloned()
-            .unwrap_or_else(|| file_agent_id.clone());
-
-        // Parse the subagent JSONL (same format as parent, no recursive subagent merging)
-        let sub_session = match parse_subagent_jsonl(&subagent_path) {
-            Ok(s) => s,
-            Err(e) => {
-                tracing::warn!(
-                    "Failed to parse subagent {}: {}",
-                    subagent_path.display(),
-                    e
-                );
-                continue;
-            }
-        };
-
-        if sub_session.events.is_empty() {
-            continue;
-        }
-        let task_title = meta
-            .slug
-            .as_ref()
-            .cloned()
-            .unwrap_or_else(|| task_id.clone());
-
-        let sub_model = if sub_session.agent.model != "unknown" {
-            Some(sub_session.agent.model.clone())
-        } else {
-            None
-        };
-
-        // TaskStart event at the subagent's first event timestamp
-        let start_ts = sub_session.events.first().unwrap().timestamp;
-        let end_ts = sub_session.events.last().unwrap().timestamp;
-
-        let mut start_attrs = HashMap::new();
-        start_attrs.insert(
-            "subagent_id".to_string(),
-            serde_json::Value::String(task_id.clone()),
-        );
-        start_attrs.insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
-        if let Some(ref model) = sub_model {
-            start_attrs.insert(
-                "model".to_string(),
-                serde_json::Value::String(model.clone()),
-            );
-        }
-
-        session.events.push(Event {
-            event_id: format!("{}-start", task_id),
-            timestamp: start_ts,
-            event_type: EventType::TaskStart {
-                title: Some(task_title),
-            },
-            task_id: Some(task_id.clone()),
-            content: Content::text(""),
-            duration_ms: None,
-            attributes: start_attrs,
-        });
-
-        // Add all subagent events with task_id set
-        for mut event in sub_session.events {
-            event.task_id = Some(task_id.clone());
-            // Prefix event_id to avoid collisions with parent
-            event.event_id = format!("{}:{}", task_id, event.event_id);
-            event.attributes.insert(
-                "subagent_id".to_string(),
-                serde_json::Value::String(task_id.clone()),
-            );
-            event
-                .attributes
-                .insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
-            session.events.push(event);
-        }
-
-        // TaskEnd event
-        let duration = (end_ts - start_ts).num_milliseconds().max(0) as u64;
-        let mut end_attrs = HashMap::new();
-        end_attrs.insert(
-            "subagent_id".to_string(),
-            serde_json::Value::String(task_id.clone()),
-        );
-        end_attrs.insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
-        session.events.push(Event {
-            event_id: format!("{}-end", task_id),
-            timestamp: end_ts,
-            event_type: EventType::TaskEnd {
-                summary: Some(format!(
-                    "{} events, {}",
-                    sub_session.stats.event_count, sub_session.agent.model
-                )),
-            },
-            task_id: Some(task_id),
-            content: Content::text(""),
-            duration_ms: Some(duration),
-            attributes: end_attrs,
-        });
-    }
-
-    // Re-sort all events by timestamp
-    session.events.sort_by_key(|e| e.timestamp);
-}
-
-/// Metadata extracted from the first line of a subagent JSONL
-struct SubagentMeta {
-    slug: Option<String>,
-    agent_id: Option<String>,
-    session_id: Option<String>,
-    parent_session_id: Option<String>,
-}
-
-fn read_subagent_meta(path: &Path) -> Option<SubagentMeta> {
-    let file = std::fs::File::open(path).ok()?;
-    let mut reader = std::io::BufReader::new(file);
-    let mut first_line = String::new();
-    reader.read_line(&mut first_line).ok()?;
-
-    #[derive(Deserialize)]
-    #[serde(rename_all = "camelCase")]
-    struct FirstLine {
-        #[serde(default)]
-        slug: Option<String>,
-        #[serde(default)]
-        agent_id: Option<String>,
-        #[serde(default)]
-        session_id: Option<String>,
-        #[serde(default, alias = "parentUuid", alias = "parentID", alias = "parentId")]
-        parent_session_id: Option<String>,
-    }
-
-    let parsed: FirstLine = serde_json::from_str(&first_line).ok()?;
-    Some(SubagentMeta {
-        slug: parsed.slug,
-        agent_id: parsed.agent_id,
-        session_id: parsed.session_id,
-        parent_session_id: parsed.parent_session_id,
-    })
-}
-
-/// Parse a subagent JSONL file (same format, but no recursive subagent merging)
-fn parse_subagent_jsonl(path: &Path) -> Result<Session> {
-    let meta = read_subagent_meta(path);
-    let file = std::fs::File::open(path)
-        .with_context(|| format!("Failed to open subagent JSONL: {}", path.display()))?;
-    let reader = std::io::BufReader::new(file);
-
-    let mut events: Vec<Event> = Vec::new();
-    let mut model_name: Option<String> = None;
-    let mut tool_version: Option<String> = None;
-    let mut session_id: Option<String> = None;
-    let mut cwd: Option<String> = None;
-    let mut git_branch: Option<String> = None;
-    let mut tool_use_info: HashMap<String, ToolUseInfo> = HashMap::new();
-
-    for line_result in reader.lines() {
-        let line = match line_result {
-            Ok(l) => l,
-            Err(_) => continue,
-        };
-        if line.trim().is_empty() {
-            continue;
-        }
-
-        let entry: RawEntry = match serde_json::from_str(&line) {
-            Ok(e) => e,
-            Err(_) => continue,
-        };
-
-        match entry {
-            RawEntry::FileHistorySnapshot {} | RawEntry::Unknown => continue,
-            RawEntry::System(system) => {
-                set_first(&mut session_id, system.session_id.clone());
-                set_first(&mut tool_version, system.version.clone());
-                set_first(&mut cwd, system.cwd.clone());
-                set_first(&mut git_branch, system.git_branch.clone());
-                events.push(system_entry_to_event(&system, &events));
-            }
-            RawEntry::Progress(progress) => {
-                set_first(&mut session_id, progress.session_id.clone());
-                set_first(&mut tool_version, progress.version.clone());
-                set_first(&mut cwd, progress.cwd.clone());
-                set_first(&mut git_branch, progress.git_branch.clone());
-                events.push(progress_entry_to_event(&progress, &events));
-            }
-            RawEntry::QueueOperation(queue_op) => {
-                set_first(&mut session_id, queue_op.session_id.clone());
-                events.push(queue_operation_entry_to_event(&queue_op, &events));
-            }
-            RawEntry::Summary(summary) => {
-                set_first(&mut session_id, summary.session_id.clone());
-                events.push(summary_entry_to_event(&summary, &events));
-            }
-            RawEntry::User(conv) => {
-                set_first(&mut session_id, conv.session_id.clone());
-                set_first(&mut tool_version, conv.version.clone());
-                set_first(&mut cwd, conv.cwd.clone());
-                set_first(&mut git_branch, conv.git_branch.clone());
-                if let Ok(ts) = parse_timestamp(&conv.timestamp) {
-                    process_user_entry(&conv, ts, &mut events, &tool_use_info);
-                }
-            }
-            RawEntry::Assistant(conv) => {
-                set_first(&mut session_id, conv.session_id.clone());
-                set_first(&mut tool_version, conv.version.clone());
-                set_first(&mut model_name, conv.message.model.clone());
-                set_first(&mut git_branch, conv.git_branch.clone());
-                if let Ok(ts) = parse_timestamp(&conv.timestamp) {
-                    process_assistant_entry(&conv, ts, &mut events, &mut tool_use_info);
-                }
-            }
-        }
-    }
-
-    let session_id = session_id.unwrap_or_else(|| {
-        path.file_stem()
-            .and_then(|s| s.to_str())
-            .unwrap_or("unknown")
-            .to_string()
-    });
-
-    let agent = Agent {
-        provider: "anthropic".to_string(),
-        model: model_name.unwrap_or_else(|| "unknown".to_string()),
-        tool: "claude-code".to_string(),
-        tool_version,
-    };
-
-    let (created_at, updated_at) =
-        if let (Some(first), Some(last)) = (events.first(), events.last()) {
-            (first.timestamp, last.timestamp)
-        } else {
-            let now = Utc::now();
-            (now, now)
-        };
-
-    let parent_session_id = meta
-        .as_ref()
-        .and_then(|value| value.parent_session_id.clone())
-        .map(|value| value.trim().to_string())
-        .filter(|value| !value.is_empty());
-    let mut attributes = HashMap::from([(
-        "source_path".to_string(),
-        serde_json::Value::String(path.to_string_lossy().to_string()),
-    )]);
-    attributes.insert(
-        "session_role".to_string(),
-        serde_json::Value::String(if parent_session_id.is_some() {
-            "auxiliary".to_string()
-        } else {
-            "primary".to_string()
-        }),
-    );
-    if let Some(parent_session_id) = parent_session_id.as_ref() {
-        attributes.insert(
-            "parent_session_id".to_string(),
-            serde_json::Value::String(parent_session_id.clone()),
-        );
-    }
-    if let Some(branch) = git_branch.as_ref() {
-        attributes.insert(
-            "git_branch".to_string(),
-            serde_json::Value::String(branch.clone()),
-        );
-    }
-
-    let context = SessionContext {
-        title: None,
-        description: None,
-        tags: vec!["claude-code".to_string()],
-        created_at,
-        updated_at,
-        related_session_ids: parent_session_id.clone().into_iter().collect(),
-        attributes,
-    };
-
-    let mut session = Session::new(session_id, agent);
-    session.context = context;
-    session.events = events;
-    session.recompute_stats();
-    Ok(session)
-}
-
 pub(crate) fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
     // Claude Code timestamps are ISO 8601, e.g. "2026-02-06T04:46:17.839Z"
     DateTime::parse_from_rfc3339(ts)
@@ -907,7 +311,7 @@ fn progress_text(data: Option<&serde_json::Value>) -> String {
     format!("Progress: {data_type}")
 }
 
-fn system_entry_to_event(entry: &RawSystemEntry, events: &[Event]) -> Event {
+pub(super) fn system_entry_to_event(entry: &RawSystemEntry, events: &[Event]) -> Event {
     let fallback = fallback_timestamp(events);
     let timestamp = parse_timestamp_with_fallback(entry.timestamp.as_deref(), fallback);
     let subtype = entry.subtype.as_deref().unwrap_or("unknown");
@@ -947,7 +351,7 @@ fn system_entry_to_event(entry: &RawSystemEntry, events: &[Event]) -> Event {
     }
 }
 
-fn progress_entry_to_event(entry: &RawProgressEntry, events: &[Event]) -> Event {
+pub(super) fn progress_entry_to_event(entry: &RawProgressEntry, events: &[Event]) -> Event {
     let fallback = fallback_timestamp(events);
     let timestamp = parse_timestamp_with_fallback(entry.timestamp.as_deref(), fallback);
     let mut attrs = HashMap::new();
@@ -987,7 +391,10 @@ fn progress_entry_to_event(entry: &RawProgressEntry, events: &[Event]) -> Event
     }
 }
 
-fn queue_operation_entry_to_event(entry: &RawQueueOperationEntry, events: &[Event]) -> Event {
+pub(super) fn queue_operation_entry_to_event(
+    entry: &RawQueueOperationEntry,
+    events: &[Event],
+) -> Event {
     let fallback = fallback_timestamp(events);
     let timestamp = parse_timestamp_with_fallback(entry.timestamp.as_deref(), fallback);
     let operation = entry
@@ -1027,7 +434,7 @@ fn queue_operation_entry_to_event(entry: &RawQueueOperationEntry, events: &[Even
     }
 }
 
-fn summary_entry_to_event(entry: &RawSummaryEntry, events: &[Event]) -> Event {
+pub(super) fn summary_entry_to_event(entry: &RawSummaryEntry, events: &[Event]) -> Event {
     let fallback = fallback_timestamp(events);
     let timestamp = parse_timestamp_with_fallback(entry.timestamp.as_deref(), fallback);
     let summary_text = event_text_or_default(entry.summary.as_deref(), "Summary");
@@ -1545,493 +952,4 @@ pub(super) fn parse_lines_impl(lines: &[String]) -> ParsedLines {
 }
 
 #[cfg(test)]
-mod tests {
-    use super::*;
-    use chrono::Datelike;
-    use chrono::Duration;
-    use std::collections::HashMap;
-    use std::fs::{create_dir_all, write};
-    use std::time::{SystemTime, UNIX_EPOCH};
-
-    fn test_temp_root() -> std::path::PathBuf {
-        let nanos = SystemTime::now()
-            .duration_since(UNIX_EPOCH)
-            .expect("clock")
-            .as_nanos();
-        let path = std::env::temp_dir().join(format!("opensession-claude-parser-{nanos}"));
-        create_dir_all(&path).expect("create test temp root");
-        path
-    }
-
-    #[test]
-    fn test_parse_timestamp() {
-        let ts = parse_timestamp("2026-02-06T04:46:17.839Z").unwrap();
-        assert_eq!(ts.year(), 2026);
-    }
-
-    #[test]
-    fn test_raw_entry_deserialization_user_string() {
-        let json = r#"{"type":"user","uuid":"abc","sessionId":"s1","timestamp":"2026-01-01T00:00:00Z","message":{"role":"user","content":"hello"}}"#;
-        let entry: RawEntry = serde_json::from_str(json).unwrap();
-        match entry {
-            RawEntry::User(conv) => {
-                assert_eq!(conv.uuid, "abc");
-                match conv.message.content {
-                    RawContent::Text(t) => assert_eq!(t, "hello"),
-                    _ => panic!("Expected text content"),
-                }
-            }
-            _ => panic!("Expected User entry"),
-        }
-    }
-
-    #[test]
-    fn test_raw_entry_deserialization_assistant() {
-        let json = r#"{"type":"assistant","uuid":"def","sessionId":"s1","timestamp":"2026-01-01T00:00:00Z","message":{"role":"assistant","model":"claude-opus-4-6","content":[{"type":"text","text":"hi"}]}}"#;
-        let entry: RawEntry = serde_json::from_str(json).unwrap();
-        match entry {
-            RawEntry::Assistant(conv) => {
-                assert_eq!(conv.message.model.as_deref(), Some("claude-opus-4-6"));
-            }
-            _ => panic!("Expected Assistant entry"),
-        }
-    }
-
-    #[test]
-    fn test_raw_entry_skip_file_history() {
-        let json = r#"{"type":"file-history-snapshot","messageId":"abc","snapshot":{},"isSnapshotUpdate":false}"#;
-        let entry: RawEntry = serde_json::from_str(json).unwrap();
-        matches!(entry, RawEntry::FileHistorySnapshot { .. });
-    }
-
-    #[test]
-    fn test_raw_entry_deserialization_queue_operation_and_summary() {
-        let queue_json = r#"{"type":"queue-operation","operation":"enqueue","timestamp":"2026-01-01T00:00:01Z","sessionId":"s1","content":"queued"}"#;
-        let queue_entry: RawEntry = serde_json::from_str(queue_json).unwrap();
-        match queue_entry {
-            RawEntry::QueueOperation(entry) => {
-                assert_eq!(entry.operation.as_deref(), Some("enqueue"));
-                assert_eq!(entry.content.as_deref(), Some("queued"));
-                assert_eq!(entry.session_id.as_deref(), Some("s1"));
-            }
-            _ => panic!("Expected QueueOperation entry"),
-        }
-
-        let summary_json =
-            r#"{"type":"summary","summary":"Fix parser edge case","leafUuid":"leaf-1"}"#;
-        let summary_entry: RawEntry = serde_json::from_str(summary_json).unwrap();
-        match summary_entry {
-            RawEntry::Summary(entry) => {
-                assert_eq!(entry.summary.as_deref(), Some("Fix parser edge case"));
-                assert_eq!(entry.leaf_uuid.as_deref(), Some("leaf-1"));
-            }
-            _ => panic!("Expected Summary entry"),
-        }
-    }
-
-    #[test]
-    fn test_parse_lines_includes_system_progress_queue_and_summary_events() {
-        let lines = vec![
-            serde_json::json!({
-                "type": "system",
-                "uuid": "sys-1",
-                "sessionId": "s1",
-                "timestamp": "2026-01-01T00:00:00Z",
-                "gitBranch": "feature/session-branch",
-                "subtype": "local_command",
-                "content": "<command-name>/usage</command-name>"
-            })
-            .to_string(),
-            serde_json::json!({
-                "type": "progress",
-                "uuid": "prog-1",
-                "sessionId": "s1",
-                "timestamp": "2026-01-01T00:00:01Z",
-                "toolUseID": "tool-123",
-                "data": {
-                    "type": "hook_progress",
-                    "hookEvent": "PreToolUse",
-                    "hookName": "PreToolUse:Task"
-                }
-            })
-            .to_string(),
-            serde_json::json!({
-                "type": "queue-operation",
-                "sessionId": "s1",
-                "timestamp": "2026-01-01T00:00:02Z",
-                "operation": "enqueue",
-                "content": "queued input"
-            })
-            .to_string(),
-            serde_json::json!({
-                "type": "summary",
-                "sessionId": "s1",
-                "leafUuid": "leaf-1",
-                "summary": "Fix parser edge case"
-            })
-            .to_string(),
-        ];
-
-        let parsed = parse_lines_impl(&lines);
-        assert_eq!(parsed.events.len(), 4);
-        assert_eq!(parsed.session_id.as_deref(), Some("s1"));
-        assert!(
-            parsed
-                .events
-                .iter()
-                .all(|event| matches!(event.event_type, EventType::SystemMessage))
-        );
-
-        let mut seen_raw_types = HashMap::new();
-        for event in &parsed.events {
-            let raw_type = event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|value| value.as_str())
-                .unwrap_or("")
-                .to_string();
-            seen_raw_types.insert(raw_type, event.event_id.clone());
-        }
-
-        assert!(seen_raw_types.contains_key("system"));
-        assert!(seen_raw_types.contains_key("progress"));
-        assert!(seen_raw_types.contains_key("queue-operation"));
-        assert!(seen_raw_types.contains_key("summary"));
-        let context = parsed.context.expect("context from parsed lines");
-        assert_eq!(
-            context
-                .attributes
-                .get("git_branch")
-                .and_then(|value| value.as_str()),
-            Some("feature/session-branch")
-        );
-    }
-
-    #[test]
-    fn test_tool_result_without_tool_use_id_falls_back_to_recent_tool_use() {
-        let assistant_json = r#"{
-            "type":"assistant",
-            "uuid":"a1",
-            "sessionId":"s1",
-            "timestamp":"2026-02-01T00:00:00Z",
-            "message":{
-                "role":"assistant",
-                "model":"claude-opus-4-6",
-                "content":[
-                    {"type":"tool_use","name":"Read","input":{"file_path":"src/main.rs"}}
-                ]
-            }
-        }"#;
-        let user_json = r#"{
-            "type":"user",
-            "uuid":"u1",
-            "sessionId":"s1",
-            "timestamp":"2026-02-01T00:00:01Z",
-            "message":{
-                "role":"user",
-                "content":[
-                    {"type":"tool_result","content":"ok","is_error":false}
-                ]
-            }
-        }"#;
-
-        let assistant_entry: RawEntry = serde_json::from_str(assistant_json).unwrap();
-        let user_entry: RawEntry = serde_json::from_str(user_json).unwrap();
-        let mut events = Vec::new();
-        let mut tool_use_info = HashMap::new();
-
-        match assistant_entry {
-            RawEntry::Assistant(conv) => {
-                process_assistant_entry(
-                    &conv,
-                    parse_timestamp(&conv.timestamp).unwrap(),
-                    &mut events,
-                    &mut tool_use_info,
-                );
-            }
-            _ => panic!("expected assistant entry"),
-        }
-        match user_entry {
-            RawEntry::User(conv) => {
-                process_user_entry(
-                    &conv,
-                    parse_timestamp(&conv.timestamp).unwrap(),
-                    &mut events,
-                    &tool_use_info,
-                );
-            }
-            _ => panic!("expected user entry"),
-        }
-
-        let result_event = events
-            .iter()
-            .find(|event| matches!(event.event_type, EventType::ToolResult { .. }))
-            .expect("tool result exists");
-        match &result_event.event_type {
-            EventType::ToolResult { name, .. } => assert_eq!(name, "Read"),
-            _ => unreachable!(),
-        }
-    }
-
-    #[test]
-    fn test_subagent_file_merge_handles_file_name_without_meta() {
-        let dir = test_temp_root();
-        let parent_path = dir.as_path().join("session-parent.jsonl");
-        let subagent_dir = parent_path.with_extension("").join("subagents");
-        create_dir_all(&subagent_dir).unwrap();
-
-        let parent_session = "sess-parent";
-        let subagent_session = "agent-abc123";
-
-        let parent_entry = serde_json::json!({
-            "type": "user",
-            "uuid": "u1",
-            "sessionId": parent_session,
-            "timestamp": Utc::now().to_rfc3339(),
-            "message": {
-                "role": "user",
-                "content": "parent prompt"
-            }
-        })
-        .to_string();
-        write(&parent_path, parent_entry).unwrap();
-
-        let subagent_entry = serde_json::json!({
-            "type": "assistant",
-            "uuid": "a1",
-            "sessionId": subagent_session,
-            "timestamp": Utc::now()
-                .checked_add_signed(Duration::seconds(1))
-                .unwrap()
-                .to_rfc3339(),
-            "message": {
-                "role": "assistant",
-                "model": "claude-3-opus",
-                "content": [{
-                    "type": "text",
-                    "text": "subagent reply"
-                }]
-            }
-        })
-        .to_string();
-        write(
-            subagent_dir.join(format!("{subagent_session}.jsonl")),
-            subagent_entry,
-        )
-        .unwrap();
-
-        let session = parse_claude_code_jsonl(&parent_path).unwrap();
-        assert_eq!(session.events.len(), 4);
-        assert!(
-            session
-                .events
-                .iter()
-                .any(|e| matches!(e.event_type, EventType::TaskStart { .. }))
-        );
-        assert!(session.events.iter().any(|e| {
-            e.attributes
-                .get("merged_subagent")
-                .and_then(|v| v.as_bool())
-                == Some(true)
-        }));
-        assert!(
-            session
-                .events
-                .iter()
-                .any(|e| matches!(e.event_type, EventType::AgentMessage))
-        );
-        assert!(
-            session
-                .events
-                .iter()
-                .any(|e| matches!(e.event_type, EventType::TaskEnd { .. }))
-        );
-        // message_count includes user+agent messages and TaskEnd summaries.
-        assert_eq!(session.stats.message_count, 3);
-    }
-
-    #[test]
-    fn test_subagent_file_merge_handles_sibling_layout_with_parent_id_meta() {
-        let dir = test_temp_root();
-        let parent_path = dir.as_path().join("session-parent-sibling.jsonl");
-        let parent_session = "sess-parent-sibling";
-
-        let parent_entry = serde_json::json!({
-            "type": "user",
-            "uuid": "u1",
-            "sessionId": parent_session,
-            "timestamp": Utc::now().to_rfc3339(),
-            "message": {
-                "role": "user",
-                "content": "parent prompt"
-            }
-        })
-        .to_string();
-        write(&parent_path, parent_entry).unwrap();
-
-        let sibling_subagent_path = dir
-            .as_path()
-            .join("70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl");
-        let subagent_entry = serde_json::json!({
-            "type": "assistant",
-            "uuid": "a1",
-            "sessionId": "subagent-random",
-            "parentUuid": parent_session,
-            "timestamp": Utc::now()
-                .checked_add_signed(Duration::seconds(1))
-                .unwrap()
-                .to_rfc3339(),
-            "message": {
-                "role": "assistant",
-                "model": "claude-3-opus",
-                "content": [{
-                    "type": "text",
-                    "text": "sibling subagent reply"
-                }]
-            }
-        })
-        .to_string();
-        write(&sibling_subagent_path, subagent_entry).unwrap();
-
-        let session = parse_claude_code_jsonl(&parent_path).unwrap();
-        assert!(session.events.iter().any(|event| {
-            event
-                .attributes
-                .get("merged_subagent")
-                .and_then(|value| value.as_bool())
-                == Some(true)
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::TaskStart { .. })
-                && event
-                    .attributes
-                    .get("subagent_id")
-                    .and_then(|value| value.as_str())
-                    .is_some()
-        }));
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::AgentMessage)
-                && event.content.blocks.iter().any(|block| {
-                    matches!(block, opensession_core::trace::ContentBlock::Text { text } if text.contains("sibling subagent reply"))
-                })
-        }));
-    }
-
-    #[test]
-    fn test_parent_id_meta_marks_main_parser_session_as_auxiliary() {
-        let dir = test_temp_root();
-        let path = dir
-            .as_path()
-            .join("70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl");
-        let entry = serde_json::json!({
-            "type": "assistant",
-            "uuid": "a1",
-            "sessionId": "subagent-random",
-            "parentId": "parent-main",
-            "timestamp": Utc::now().to_rfc3339(),
-            "message": {
-                "role": "assistant",
-                "model": "claude-3-opus",
-                "content": [{
-                    "type": "text",
-                    "text": "sub"
-                }]
-            }
-        })
-        .to_string();
-        write(&path, entry).unwrap();
-
-        let parsed = parse_claude_code_jsonl(&path).unwrap();
-        assert_eq!(
-            parsed
-                .context
-                .attributes
-                .get("session_role")
-                .and_then(|value| value.as_str()),
-            Some("auxiliary")
-        );
-        assert_eq!(
-            parsed
-                .context
-                .attributes
-                .get("parent_session_id")
-                .and_then(|value| value.as_str()),
-            Some("parent-main")
-        );
-        assert_eq!(
-            parsed.context.related_session_ids,
-            vec!["parent-main".to_string()]
-        );
-    }
-
-    #[test]
-    fn test_subagent_meta_reads_parent_uuid_aliases() {
-        let dir = test_temp_root();
-        let subagent_path = dir.as_path().join("agent-xyz.jsonl");
-        let subagent_entry = serde_json::json!({
-            "type": "assistant",
-            "uuid": "a1",
-            "sessionId": "sub-1",
-            "timestamp": Utc::now().to_rfc3339(),
-            "parentId": "parent-1",
-            "message": {
-                "role": "assistant",
-                "model": "claude-3-opus",
-                "content": [{
-                    "type": "text",
-                    "text": "sub"
-                }]
-            }
-        })
-        .to_string();
-        write(&subagent_path, subagent_entry).unwrap();
-
-        let meta = read_subagent_meta(&subagent_path).unwrap();
-        assert_eq!(meta.parent_session_id.as_deref(), Some("parent-1"));
-    }
-
-    #[test]
-    fn test_subagent_parse_sets_related_parent_session_id() {
-        let dir = test_temp_root();
-        let subagent_path = dir.as_path().join("agent-related.jsonl");
-        let subagent_entry = serde_json::json!({
-            "type": "assistant",
-            "uuid": "a1",
-            "sessionId": "sub-2",
-            "timestamp": Utc::now().to_rfc3339(),
-            "parentId": "parent-2",
-            "message": {
-                "role": "assistant",
-                "model": "claude-3-opus",
-                "content": [{
-                    "type": "text",
-                    "text": "sub"
-                }]
-            }
-        })
-        .to_string();
-        write(&subagent_path, subagent_entry).unwrap();
-
-        let parsed = parse_subagent_jsonl(&subagent_path).unwrap();
-        assert_eq!(
-            parsed.context.related_session_ids,
-            vec!["parent-2".to_string()]
-        );
-        assert_eq!(
-            parsed
-                .context
-                .attributes
-                .get("session_role")
-                .and_then(|value| value.as_str()),
-            Some("auxiliary")
-        );
-        assert_eq!(
-            parsed
-                .context
-                .attributes
-                .get("parent_session_id")
-                .and_then(|value| value.as_str()),
-            Some("parent-2")
-        );
-    }
-}
+mod tests;
diff --git a/crates/parsers/src/claude_code/parse/tests.rs b/crates/parsers/src/claude_code/parse/tests.rs
new file mode 100644
index 00000000..117e52f5
--- /dev/null
+++ b/crates/parsers/src/claude_code/parse/tests.rs
@@ -0,0 +1,487 @@
+use super::*;
+use chrono::Datelike;
+use chrono::Duration;
+use std::collections::HashMap;
+use std::fs::{create_dir_all, write};
+use std::time::{SystemTime, UNIX_EPOCH};
+
+fn test_temp_root() -> std::path::PathBuf {
+    let nanos = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("clock")
+        .as_nanos();
+    let path = std::env::temp_dir().join(format!("opensession-claude-parser-{nanos}"));
+    create_dir_all(&path).expect("create test temp root");
+    path
+}
+
+#[test]
+fn test_parse_timestamp() {
+    let ts = parse_timestamp("2026-02-06T04:46:17.839Z").unwrap();
+    assert_eq!(ts.year(), 2026);
+}
+
+#[test]
+fn test_raw_entry_deserialization_user_string() {
+    let json = r#"{"type":"user","uuid":"abc","sessionId":"s1","timestamp":"2026-01-01T00:00:00Z","message":{"role":"user","content":"hello"}}"#;
+    let entry: RawEntry = serde_json::from_str(json).unwrap();
+    match entry {
+        RawEntry::User(conv) => {
+            assert_eq!(conv.uuid, "abc");
+            match conv.message.content {
+                RawContent::Text(text) => assert_eq!(text, "hello"),
+                _ => panic!("Expected text content"),
+            }
+        }
+        _ => panic!("Expected User entry"),
+    }
+}
+
+#[test]
+fn test_raw_entry_deserialization_assistant() {
+    let json = r#"{"type":"assistant","uuid":"def","sessionId":"s1","timestamp":"2026-01-01T00:00:00Z","message":{"role":"assistant","model":"claude-opus-4-6","content":[{"type":"text","text":"hi"}]}}"#;
+    let entry: RawEntry = serde_json::from_str(json).unwrap();
+    match entry {
+        RawEntry::Assistant(conv) => {
+            assert_eq!(conv.message.model.as_deref(), Some("claude-opus-4-6"));
+        }
+        _ => panic!("Expected Assistant entry"),
+    }
+}
+
+#[test]
+fn test_raw_entry_skip_file_history() {
+    let json = r#"{"type":"file-history-snapshot","messageId":"abc","snapshot":{},"isSnapshotUpdate":false}"#;
+    let entry: RawEntry = serde_json::from_str(json).unwrap();
+    matches!(entry, RawEntry::FileHistorySnapshot { .. });
+}
+
+#[test]
+fn test_raw_entry_deserialization_queue_operation_and_summary() {
+    let queue_json = r#"{"type":"queue-operation","operation":"enqueue","timestamp":"2026-01-01T00:00:01Z","sessionId":"s1","content":"queued"}"#;
+    let queue_entry: RawEntry = serde_json::from_str(queue_json).unwrap();
+    match queue_entry {
+        RawEntry::QueueOperation(entry) => {
+            assert_eq!(entry.operation.as_deref(), Some("enqueue"));
+            assert_eq!(entry.content.as_deref(), Some("queued"));
+            assert_eq!(entry.session_id.as_deref(), Some("s1"));
+        }
+        _ => panic!("Expected QueueOperation entry"),
+    }
+
+    let summary_json = r#"{"type":"summary","summary":"Fix parser edge case","leafUuid":"leaf-1"}"#;
+    let summary_entry: RawEntry = serde_json::from_str(summary_json).unwrap();
+    match summary_entry {
+        RawEntry::Summary(entry) => {
+            assert_eq!(entry.summary.as_deref(), Some("Fix parser edge case"));
+            assert_eq!(entry.leaf_uuid.as_deref(), Some("leaf-1"));
+        }
+        _ => panic!("Expected Summary entry"),
+    }
+}
+
+#[test]
+fn test_parse_lines_includes_system_progress_queue_and_summary_events() {
+    let lines = vec![
+        serde_json::json!({
+            "type": "system",
+            "uuid": "sys-1",
+            "sessionId": "s1",
+            "timestamp": "2026-01-01T00:00:00Z",
+            "gitBranch": "feature/session-branch",
+            "subtype": "local_command",
+            "content": "<command-name>/usage</command-name>"
+        })
+        .to_string(),
+        serde_json::json!({
+            "type": "progress",
+            "uuid": "prog-1",
+            "sessionId": "s1",
+            "timestamp": "2026-01-01T00:00:01Z",
+            "toolUseID": "tool-123",
+            "data": {
+                "type": "hook_progress",
+                "hookEvent": "PreToolUse",
+                "hookName": "PreToolUse:Task"
+            }
+        })
+        .to_string(),
+        serde_json::json!({
+            "type": "queue-operation",
+            "sessionId": "s1",
+            "timestamp": "2026-01-01T00:00:02Z",
+            "operation": "enqueue",
+            "content": "queued input"
+        })
+        .to_string(),
+        serde_json::json!({
+            "type": "summary",
+            "sessionId": "s1",
+            "leafUuid": "leaf-1",
+            "summary": "Fix parser edge case"
+        })
+        .to_string(),
+    ];
+
+    let parsed = parse_lines_impl(&lines);
+    assert_eq!(parsed.events.len(), 4);
+    assert_eq!(parsed.session_id.as_deref(), Some("s1"));
+    assert!(
+        parsed
+            .events
+            .iter()
+            .all(|event| matches!(event.event_type, EventType::SystemMessage))
+    );
+
+    let mut seen_raw_types = HashMap::new();
+    for event in &parsed.events {
+        let raw_type = event
+            .attributes
+            .get("source.raw_type")
+            .and_then(|value| value.as_str())
+            .unwrap_or("")
+            .to_string();
+        seen_raw_types.insert(raw_type, event.event_id.clone());
+    }
+
+    assert!(seen_raw_types.contains_key("system"));
+    assert!(seen_raw_types.contains_key("progress"));
+    assert!(seen_raw_types.contains_key("queue-operation"));
+    assert!(seen_raw_types.contains_key("summary"));
+    let context = parsed.context.expect("context from parsed lines");
+    assert_eq!(
+        context
+            .attributes
+            .get("git_branch")
+            .and_then(|value| value.as_str()),
+        Some("feature/session-branch")
+    );
+}
+
+#[test]
+fn test_tool_result_without_tool_use_id_falls_back_to_recent_tool_use() {
+    let assistant_json = r#"{
+        "type":"assistant",
+        "uuid":"a1",
+        "sessionId":"s1",
+        "timestamp":"2026-02-01T00:00:00Z",
+        "message":{
+            "role":"assistant",
+            "model":"claude-opus-4-6",
+            "content":[
+                {"type":"tool_use","name":"Read","input":{"file_path":"src/main.rs"}}
+            ]
+        }
+    }"#;
+    let user_json = r#"{
+        "type":"user",
+        "uuid":"u1",
+        "sessionId":"s1",
+        "timestamp":"2026-02-01T00:00:01Z",
+        "message":{
+            "role":"user",
+            "content":[
+                {"type":"tool_result","content":"ok","is_error":false}
+            ]
+        }
+    }"#;
+
+    let assistant_entry: RawEntry = serde_json::from_str(assistant_json).unwrap();
+    let user_entry: RawEntry = serde_json::from_str(user_json).unwrap();
+    let mut events = Vec::new();
+    let mut tool_use_info = HashMap::new();
+
+    match assistant_entry {
+        RawEntry::Assistant(conv) => {
+            process_assistant_entry(
+                &conv,
+                parse_timestamp(&conv.timestamp).unwrap(),
+                &mut events,
+                &mut tool_use_info,
+            );
+        }
+        _ => panic!("expected assistant entry"),
+    }
+    match user_entry {
+        RawEntry::User(conv) => {
+            process_user_entry(
+                &conv,
+                parse_timestamp(&conv.timestamp).unwrap(),
+                &mut events,
+                &tool_use_info,
+            );
+        }
+        _ => panic!("expected user entry"),
+    }
+
+    let result_event = events
+        .iter()
+        .find(|event| matches!(event.event_type, EventType::ToolResult { .. }))
+        .expect("tool result exists");
+    match &result_event.event_type {
+        EventType::ToolResult { name, .. } => assert_eq!(name, "Read"),
+        _ => unreachable!(),
+    }
+}
+
+#[test]
+fn test_subagent_file_merge_handles_file_name_without_meta() {
+    let dir = test_temp_root();
+    let parent_path = dir.as_path().join("session-parent.jsonl");
+    let subagent_dir = parent_path.with_extension("").join("subagents");
+    create_dir_all(&subagent_dir).unwrap();
+
+    let parent_session = "sess-parent";
+    let subagent_session = "agent-abc123";
+
+    let parent_entry = serde_json::json!({
+        "type": "user",
+        "uuid": "u1",
+        "sessionId": parent_session,
+        "timestamp": Utc::now().to_rfc3339(),
+        "message": {
+            "role": "user",
+            "content": "parent prompt"
+        }
+    })
+    .to_string();
+    write(&parent_path, parent_entry).unwrap();
+
+    let subagent_entry = serde_json::json!({
+        "type": "assistant",
+        "uuid": "a1",
+        "sessionId": subagent_session,
+        "timestamp": Utc::now()
+            .checked_add_signed(Duration::seconds(1))
+            .unwrap()
+            .to_rfc3339(),
+        "message": {
+            "role": "assistant",
+            "model": "claude-3-opus",
+            "content": [{
+                "type": "text",
+                "text": "subagent reply"
+            }]
+        }
+    })
+    .to_string();
+    write(
+        subagent_dir.join(format!("{subagent_session}.jsonl")),
+        subagent_entry,
+    )
+    .unwrap();
+
+    let session = parse_claude_code_jsonl(&parent_path).unwrap();
+    assert_eq!(session.events.len(), 4);
+    assert!(
+        session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::TaskStart { .. }))
+    );
+    assert!(session.events.iter().any(|event| {
+        event
+            .attributes
+            .get("merged_subagent")
+            .and_then(|value| value.as_bool())
+            == Some(true)
+    }));
+    assert!(
+        session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::AgentMessage))
+    );
+    assert!(
+        session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::TaskEnd { .. }))
+    );
+    assert_eq!(session.stats.message_count, 3);
+}
+
+#[test]
+fn test_subagent_file_merge_handles_sibling_layout_with_parent_id_meta() {
+    let dir = test_temp_root();
+    let parent_path = dir.as_path().join("session-parent-sibling.jsonl");
+    let parent_session = "sess-parent-sibling";
+
+    let parent_entry = serde_json::json!({
+        "type": "user",
+        "uuid": "u1",
+        "sessionId": parent_session,
+        "timestamp": Utc::now().to_rfc3339(),
+        "message": {
+            "role": "user",
+            "content": "parent prompt"
+        }
+    })
+    .to_string();
+    write(&parent_path, parent_entry).unwrap();
+
+    let sibling_subagent_path = dir
+        .as_path()
+        .join("70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl");
+    let subagent_entry = serde_json::json!({
+        "type": "assistant",
+        "uuid": "a1",
+        "sessionId": "subagent-random",
+        "parentUuid": parent_session,
+        "timestamp": Utc::now()
+            .checked_add_signed(Duration::seconds(1))
+            .unwrap()
+            .to_rfc3339(),
+        "message": {
+            "role": "assistant",
+            "model": "claude-3-opus",
+            "content": [{
+                "type": "text",
+                "text": "sibling subagent reply"
+            }]
+        }
+    })
+    .to_string();
+    write(&sibling_subagent_path, subagent_entry).unwrap();
+
+    let session = parse_claude_code_jsonl(&parent_path).unwrap();
+    assert!(session.events.iter().any(|event| {
+        event
+            .attributes
+            .get("merged_subagent")
+            .and_then(|value| value.as_bool())
+            == Some(true)
+    }));
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::TaskStart { .. })
+            && event
+                .attributes
+                .get("subagent_id")
+                .and_then(|value| value.as_str())
+                .is_some()
+    }));
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::AgentMessage)
+            && event.content.blocks.iter().any(|block| {
+                matches!(block, opensession_core::trace::ContentBlock::Text { text } if text.contains("sibling subagent reply"))
+            })
+    }));
+}
+
+#[test]
+fn test_parent_id_meta_marks_main_parser_session_as_auxiliary() {
+    let dir = test_temp_root();
+    let path = dir
+        .as_path()
+        .join("70dafb43-dbdd-4009-beb0-b6ac2bd9c4d1.jsonl");
+    let entry = serde_json::json!({
+        "type": "assistant",
+        "uuid": "a1",
+        "sessionId": "subagent-random",
+        "parentId": "parent-main",
+        "timestamp": Utc::now().to_rfc3339(),
+        "message": {
+            "role": "assistant",
+            "model": "claude-3-opus",
+            "content": [{
+                "type": "text",
+                "text": "sub"
+            }]
+        }
+    })
+    .to_string();
+    write(&path, entry).unwrap();
+
+    let parsed = parse_claude_code_jsonl(&path).unwrap();
+    assert_eq!(
+        parsed
+            .context
+            .attributes
+            .get("session_role")
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert_eq!(
+        parsed
+            .context
+            .attributes
+            .get("parent_session_id")
+            .and_then(|value| value.as_str()),
+        Some("parent-main")
+    );
+    assert_eq!(
+        parsed.context.related_session_ids,
+        vec!["parent-main".to_string()]
+    );
+}
+
+#[test]
+fn test_subagent_meta_reads_parent_uuid_aliases() {
+    let dir = test_temp_root();
+    let subagent_path = dir.as_path().join("agent-xyz.jsonl");
+    let subagent_entry = serde_json::json!({
+        "type": "assistant",
+        "uuid": "a1",
+        "sessionId": "sub-1",
+        "timestamp": Utc::now().to_rfc3339(),
+        "parentId": "parent-1",
+        "message": {
+            "role": "assistant",
+            "model": "claude-3-opus",
+            "content": [{
+                "type": "text",
+                "text": "sub"
+            }]
+        }
+    })
+    .to_string();
+    write(&subagent_path, subagent_entry).unwrap();
+
+    let meta = read_subagent_meta(&subagent_path).unwrap();
+    assert_eq!(meta.parent_session_id.as_deref(), Some("parent-1"));
+}
+
+#[test]
+fn test_subagent_parse_sets_related_parent_session_id() {
+    let dir = test_temp_root();
+    let subagent_path = dir.as_path().join("agent-related.jsonl");
+    let subagent_entry = serde_json::json!({
+        "type": "assistant",
+        "uuid": "a1",
+        "sessionId": "sub-2",
+        "timestamp": Utc::now().to_rfc3339(),
+        "parentId": "parent-2",
+        "message": {
+            "role": "assistant",
+            "model": "claude-3-opus",
+            "content": [{
+                "type": "text",
+                "text": "sub"
+            }]
+        }
+    })
+    .to_string();
+    write(&subagent_path, subagent_entry).unwrap();
+
+    let parsed = super::super::subagent::parse_subagent_jsonl(&subagent_path).unwrap();
+    assert_eq!(
+        parsed.context.related_session_ids,
+        vec!["parent-2".to_string()]
+    );
+    assert_eq!(
+        parsed
+            .context
+            .attributes
+            .get("session_role")
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert_eq!(
+        parsed
+            .context
+            .attributes
+            .get("parent_session_id")
+            .and_then(|value| value.as_str()),
+        Some("parent-2")
+    );
+}
diff --git a/crates/parsers/src/claude_code/raw.rs b/crates/parsers/src/claude_code/raw.rs
new file mode 100644
index 00000000..53986f62
--- /dev/null
+++ b/crates/parsers/src/claude_code/raw.rs
@@ -0,0 +1,203 @@
+use serde::Deserialize;
+
+/// Top-level entry in the Claude Code JSONL file.
+/// Each line is one of these.
+#[derive(Debug, Deserialize)]
+#[serde(tag = "type")]
+pub(crate) enum RawEntry {
+    #[serde(rename = "user")]
+    User(RawConversationEntry),
+    #[serde(rename = "assistant")]
+    Assistant(RawConversationEntry),
+    #[serde(rename = "file-history-snapshot")]
+    FileHistorySnapshot {},
+    #[serde(rename = "system")]
+    System(RawSystemEntry),
+    #[serde(rename = "progress")]
+    Progress(RawProgressEntry),
+    #[serde(rename = "queue-operation")]
+    QueueOperation(RawQueueOperationEntry),
+    #[serde(rename = "summary")]
+    Summary(RawSummaryEntry),
+    #[serde(other)]
+    Unknown,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct RawConversationEntry {
+    pub(crate) uuid: String,
+    #[serde(default)]
+    pub(crate) session_id: Option<String>,
+    pub(crate) timestamp: String,
+    pub(crate) message: RawMessage,
+    #[serde(default)]
+    pub(crate) cwd: Option<String>,
+    #[serde(default)]
+    pub(crate) git_branch: Option<String>,
+    #[serde(default)]
+    pub(crate) version: Option<String>,
+    #[allow(dead_code)]
+    #[serde(default)]
+    agent_id: Option<String>,
+    #[allow(dead_code)]
+    #[serde(default)]
+    slug: Option<String>,
+    #[allow(dead_code)]
+    #[serde(default, rename = "costUSD")]
+    cost_usd: Option<f64>,
+    #[serde(default)]
+    pub(crate) usage: Option<RawUsage>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct RawSystemEntry {
+    #[serde(default)]
+    pub(crate) uuid: Option<String>,
+    #[serde(default)]
+    pub(crate) session_id: Option<String>,
+    #[serde(default)]
+    pub(crate) timestamp: Option<String>,
+    #[serde(default)]
+    pub(crate) content: Option<String>,
+    #[serde(default)]
+    pub(crate) subtype: Option<String>,
+    #[serde(default)]
+    pub(crate) level: Option<String>,
+    #[serde(default)]
+    pub(crate) cwd: Option<String>,
+    #[serde(default)]
+    pub(crate) git_branch: Option<String>,
+    #[serde(default)]
+    pub(crate) version: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct RawProgressEntry {
+    #[serde(default)]
+    pub(crate) uuid: Option<String>,
+    #[serde(default)]
+    pub(crate) session_id: Option<String>,
+    #[serde(default)]
+    pub(crate) timestamp: Option<String>,
+    #[serde(default)]
+    pub(crate) data: Option<serde_json::Value>,
+    #[serde(default)]
+    pub(crate) tool_use_id: Option<String>,
+    #[serde(default)]
+    pub(crate) parent_tool_use_id: Option<String>,
+    #[serde(default)]
+    pub(crate) cwd: Option<String>,
+    #[serde(default)]
+    pub(crate) git_branch: Option<String>,
+    #[serde(default)]
+    pub(crate) version: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct RawQueueOperationEntry {
+    #[serde(default)]
+    pub(crate) session_id: Option<String>,
+    #[serde(default)]
+    pub(crate) timestamp: Option<String>,
+    #[serde(default)]
+    pub(crate) operation: Option<String>,
+    #[serde(default)]
+    pub(crate) content: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct RawSummaryEntry {
+    #[serde(default)]
+    pub(crate) uuid: Option<String>,
+    #[serde(default)]
+    pub(crate) session_id: Option<String>,
+    #[serde(default)]
+    pub(crate) timestamp: Option<String>,
+    #[serde(default)]
+    pub(crate) leaf_uuid: Option<String>,
+    #[serde(default)]
+    pub(crate) summary: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[allow(dead_code)]
+pub(crate) struct RawUsage {
+    #[serde(default)]
+    pub(crate) input_tokens: u64,
+    #[serde(default)]
+    pub(crate) output_tokens: u64,
+    #[serde(default)]
+    cache_read_input_tokens: u64,
+    #[serde(default)]
+    cache_creation_input_tokens: u64,
+}
+
+#[derive(Debug, Deserialize)]
+#[allow(dead_code)]
+pub(crate) struct RawMessage {
+    pub(crate) role: String,
+    pub(crate) content: RawContent,
+    #[serde(default)]
+    pub(crate) model: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(untagged)]
+pub(crate) enum RawContent {
+    Text(String),
+    Blocks(Vec<RawContentBlock>),
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(tag = "type")]
+pub(crate) enum RawContentBlock {
+    #[serde(rename = "text")]
+    Text { text: String },
+    #[serde(rename = "thinking")]
+    Thinking {
+        #[serde(default)]
+        thinking: Option<String>,
+    },
+    #[serde(rename = "tool_use")]
+    ToolUse {
+        #[serde(default)]
+        id: Option<String>,
+        name: String,
+        #[serde(default)]
+        input: serde_json::Value,
+    },
+    #[serde(rename = "tool_result")]
+    ToolResult {
+        #[serde(default)]
+        tool_use_id: Option<String>,
+        #[serde(default)]
+        content: ToolResultContent,
+        #[serde(default)]
+        is_error: bool,
+    },
+    #[serde(other)]
+    Other,
+}
+
+#[derive(Debug, Default, Deserialize)]
+#[serde(untagged)]
+pub(crate) enum ToolResultContent {
+    Text(String),
+    Blocks(Vec<ToolResultBlock>),
+    #[default]
+    Null,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(tag = "type")]
+pub(crate) enum ToolResultBlock {
+    #[serde(rename = "text")]
+    Text { text: String },
+    #[serde(other)]
+    Other,
+}
diff --git a/crates/parsers/src/claude_code/subagent.rs b/crates/parsers/src/claude_code/subagent.rs
new file mode 100644
index 00000000..5765e90e
--- /dev/null
+++ b/crates/parsers/src/claude_code/subagent.rs
@@ -0,0 +1,402 @@
+use super::parse::{parse_timestamp, process_assistant_entry, process_user_entry};
+use super::raw::RawEntry;
+use crate::common::ToolUseInfo;
+use crate::common::set_first;
+use anyhow::{Context, Result};
+use chrono::Utc;
+use opensession_core::trace::{Agent, Event, EventType, Session, SessionContext};
+use serde::Deserialize;
+use std::collections::{HashMap, HashSet};
+use std::io::BufRead;
+use std::path::{Path, PathBuf};
+
+fn is_subagent_file_name(name: &str) -> bool {
+    let lower = name.to_ascii_lowercase();
+    lower.starts_with("agent-")
+        || lower.starts_with("agent_")
+        || lower.starts_with("subagent-")
+        || lower.starts_with("subagent_")
+}
+
+fn collect_subagent_dirs(parent_path: &Path) -> Vec<PathBuf> {
+    let mut dirs = Vec::new();
+    let mut seen = HashSet::new();
+    let mut push_unique = |path: PathBuf| {
+        if seen.insert(path.clone()) {
+            dirs.push(path);
+        }
+    };
+
+    push_unique(parent_path.with_extension("").join("subagents"));
+
+    if let Some(parent_dir) = parent_path.parent() {
+        push_unique(parent_dir.join("subagents"));
+        push_unique(parent_dir.to_path_buf());
+    }
+
+    dirs
+}
+
+fn merge_subagent_session_ids_match(parent_session_id: &str, meta: &SubagentMeta) -> bool {
+    meta.session_id
+        .as_deref()
+        .is_some_and(|id| id == parent_session_id)
+        || meta
+            .parent_session_id
+            .as_deref()
+            .is_some_and(|id| id == parent_session_id)
+}
+
+pub(super) fn merge_subagent_sessions(
+    parent_path: &Path,
+    parent_session_id: &str,
+    session: &mut Session,
+) {
+    let mut subagent_files: Vec<_> = collect_subagent_dirs(parent_path)
+        .into_iter()
+        .filter(|dir| dir.is_dir())
+        .flat_map(|dir| match std::fs::read_dir(dir) {
+            Ok(entries) => entries
+                .filter_map(|entry| entry.ok())
+                .map(|entry| entry.path())
+                .filter(|path| path.extension().is_some_and(|ext| ext == "jsonl"))
+                .collect(),
+            Err(_) => Vec::new(),
+        })
+        .collect();
+
+    if subagent_files.is_empty() {
+        return;
+    }
+
+    subagent_files.retain(|path| {
+        if path == parent_path {
+            return false;
+        }
+
+        let file_name = match path.file_name().and_then(|name| name.to_str()) {
+            Some(name) => name,
+            None => return false,
+        };
+
+        if file_name.starts_with('.') {
+            return false;
+        }
+
+        let in_subagents_dir = path
+            .parent()
+            .and_then(|dir| dir.file_name())
+            .and_then(|name| name.to_str())
+            .is_some_and(|name| name.eq_ignore_ascii_case("subagents"));
+        if in_subagents_dir && is_subagent_file_name(file_name) {
+            return true;
+        }
+
+        let meta = read_subagent_meta(path);
+        matches!(
+            meta,
+            Some(meta) if merge_subagent_session_ids_match(parent_session_id, &meta)
+        )
+    });
+
+    subagent_files.sort();
+    if subagent_files.is_empty() {
+        return;
+    }
+
+    for subagent_path in subagent_files {
+        let meta = read_subagent_meta(&subagent_path).unwrap_or(SubagentMeta {
+            slug: None,
+            agent_id: None,
+            session_id: None,
+            parent_session_id: None,
+        });
+        let file_agent_id = subagent_path
+            .file_stem()
+            .and_then(|stem| stem.to_str())
+            .unwrap_or("unknown")
+            .to_string();
+
+        let task_id = meta
+            .agent_id
+            .as_ref()
+            .cloned()
+            .unwrap_or_else(|| file_agent_id.clone());
+
+        let sub_session = match parse_subagent_jsonl(&subagent_path) {
+            Ok(session) => session,
+            Err(error) => {
+                tracing::warn!(
+                    "Failed to parse subagent {}: {}",
+                    subagent_path.display(),
+                    error
+                );
+                continue;
+            }
+        };
+
+        if sub_session.events.is_empty() {
+            continue;
+        }
+        let task_title = meta
+            .slug
+            .as_ref()
+            .cloned()
+            .unwrap_or_else(|| task_id.clone());
+
+        let sub_model = if sub_session.agent.model != "unknown" {
+            Some(sub_session.agent.model.clone())
+        } else {
+            None
+        };
+
+        let start_ts = sub_session
+            .events
+            .first()
+            .expect("subagent start")
+            .timestamp;
+        let end_ts = sub_session.events.last().expect("subagent end").timestamp;
+
+        let mut start_attrs = HashMap::new();
+        start_attrs.insert(
+            "subagent_id".to_string(),
+            serde_json::Value::String(task_id.clone()),
+        );
+        start_attrs.insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
+        if let Some(model) = sub_model.as_ref() {
+            start_attrs.insert(
+                "model".to_string(),
+                serde_json::Value::String(model.clone()),
+            );
+        }
+
+        session.events.push(Event {
+            event_id: format!("{task_id}-start"),
+            timestamp: start_ts,
+            event_type: EventType::TaskStart {
+                title: Some(task_title),
+            },
+            task_id: Some(task_id.clone()),
+            content: opensession_core::trace::Content::text(""),
+            duration_ms: None,
+            attributes: start_attrs,
+        });
+
+        for mut event in sub_session.events {
+            event.task_id = Some(task_id.clone());
+            event.event_id = format!("{}:{}", task_id, event.event_id);
+            event.attributes.insert(
+                "subagent_id".to_string(),
+                serde_json::Value::String(task_id.clone()),
+            );
+            event
+                .attributes
+                .insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
+            session.events.push(event);
+        }
+
+        let duration = (end_ts - start_ts).num_milliseconds().max(0) as u64;
+        let mut end_attrs = HashMap::new();
+        end_attrs.insert(
+            "subagent_id".to_string(),
+            serde_json::Value::String(task_id.clone()),
+        );
+        end_attrs.insert("merged_subagent".to_string(), serde_json::Value::Bool(true));
+        session.events.push(Event {
+            event_id: format!("{task_id}-end"),
+            timestamp: end_ts,
+            event_type: EventType::TaskEnd {
+                summary: Some(format!(
+                    "{} events, {}",
+                    sub_session.stats.event_count, sub_session.agent.model
+                )),
+            },
+            task_id: Some(task_id),
+            content: opensession_core::trace::Content::text(""),
+            duration_ms: Some(duration),
+            attributes: end_attrs,
+        });
+    }
+
+    session.events.sort_by_key(|event| event.timestamp);
+}
+
+#[derive(Debug)]
+pub(super) struct SubagentMeta {
+    pub(super) slug: Option<String>,
+    pub(super) agent_id: Option<String>,
+    pub(super) session_id: Option<String>,
+    pub(super) parent_session_id: Option<String>,
+}
+
+pub(super) fn read_subagent_meta(path: &Path) -> Option<SubagentMeta> {
+    let file = std::fs::File::open(path).ok()?;
+    let mut reader = std::io::BufReader::new(file);
+    let mut first_line = String::new();
+    reader.read_line(&mut first_line).ok()?;
+
+    #[derive(Deserialize)]
+    #[serde(rename_all = "camelCase")]
+    struct FirstLine {
+        #[serde(default)]
+        slug: Option<String>,
+        #[serde(default)]
+        agent_id: Option<String>,
+        #[serde(default)]
+        session_id: Option<String>,
+        #[serde(default, alias = "parentUuid", alias = "parentID", alias = "parentId")]
+        parent_session_id: Option<String>,
+    }
+
+    let parsed: FirstLine = serde_json::from_str(&first_line).ok()?;
+    Some(SubagentMeta {
+        slug: parsed.slug,
+        agent_id: parsed.agent_id,
+        session_id: parsed.session_id,
+        parent_session_id: parsed.parent_session_id,
+    })
+}
+
+pub(super) fn parse_subagent_jsonl(path: &Path) -> Result<Session> {
+    let meta = read_subagent_meta(path);
+    let file = std::fs::File::open(path)
+        .with_context(|| format!("Failed to open subagent JSONL: {}", path.display()))?;
+    let reader = std::io::BufReader::new(file);
+
+    let mut events: Vec<Event> = Vec::new();
+    let mut model_name: Option<String> = None;
+    let mut tool_version: Option<String> = None;
+    let mut session_id: Option<String> = None;
+    let mut cwd: Option<String> = None;
+    let mut git_branch: Option<String> = None;
+    let mut tool_use_info: HashMap<String, ToolUseInfo> = HashMap::new();
+
+    for line_result in reader.lines() {
+        let line = match line_result {
+            Ok(line) => line,
+            Err(_) => continue,
+        };
+        if line.trim().is_empty() {
+            continue;
+        }
+
+        let entry: RawEntry = match serde_json::from_str(&line) {
+            Ok(entry) => entry,
+            Err(_) => continue,
+        };
+
+        match entry {
+            RawEntry::FileHistorySnapshot {} | RawEntry::Unknown => continue,
+            RawEntry::System(system) => {
+                set_first(&mut session_id, system.session_id.clone());
+                set_first(&mut tool_version, system.version.clone());
+                set_first(&mut cwd, system.cwd.clone());
+                set_first(&mut git_branch, system.git_branch.clone());
+                events.push(super::parse::system_entry_to_event(&system, &events));
+            }
+            RawEntry::Progress(progress) => {
+                set_first(&mut session_id, progress.session_id.clone());
+                set_first(&mut tool_version, progress.version.clone());
+                set_first(&mut cwd, progress.cwd.clone());
+                set_first(&mut git_branch, progress.git_branch.clone());
+                events.push(super::parse::progress_entry_to_event(&progress, &events));
+            }
+            RawEntry::QueueOperation(queue_op) => {
+                set_first(&mut session_id, queue_op.session_id.clone());
+                events.push(super::parse::queue_operation_entry_to_event(
+                    &queue_op, &events,
+                ));
+            }
+            RawEntry::Summary(summary) => {
+                set_first(&mut session_id, summary.session_id.clone());
+                events.push(super::parse::summary_entry_to_event(&summary, &events));
+            }
+            RawEntry::User(conv) => {
+                set_first(&mut session_id, conv.session_id.clone());
+                set_first(&mut tool_version, conv.version.clone());
+                set_first(&mut cwd, conv.cwd.clone());
+                set_first(&mut git_branch, conv.git_branch.clone());
+                if let Ok(ts) = parse_timestamp(&conv.timestamp) {
+                    process_user_entry(&conv, ts, &mut events, &tool_use_info);
+                }
+            }
+            RawEntry::Assistant(conv) => {
+                set_first(&mut session_id, conv.session_id.clone());
+                set_first(&mut tool_version, conv.version.clone());
+                set_first(&mut model_name, conv.message.model.clone());
+                set_first(&mut git_branch, conv.git_branch.clone());
+                if let Ok(ts) = parse_timestamp(&conv.timestamp) {
+                    process_assistant_entry(&conv, ts, &mut events, &mut tool_use_info);
+                }
+            }
+        }
+    }
+
+    let session_id = session_id.unwrap_or_else(|| {
+        path.file_stem()
+            .and_then(|stem| stem.to_str())
+            .unwrap_or("unknown")
+            .to_string()
+    });
+
+    let agent = Agent {
+        provider: "anthropic".to_string(),
+        model: model_name.unwrap_or_else(|| "unknown".to_string()),
+        tool: "claude-code".to_string(),
+        tool_version,
+    };
+
+    let (created_at, updated_at) =
+        if let (Some(first), Some(last)) = (events.first(), events.last()) {
+            (first.timestamp, last.timestamp)
+        } else {
+            let now = Utc::now();
+            (now, now)
+        };
+
+    let parent_session_id = meta
+        .as_ref()
+        .and_then(|value| value.parent_session_id.clone())
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty());
+    let mut attributes = HashMap::from([(
+        "source_path".to_string(),
+        serde_json::Value::String(path.to_string_lossy().to_string()),
+    )]);
+    attributes.insert(
+        "session_role".to_string(),
+        serde_json::Value::String(if parent_session_id.is_some() {
+            "auxiliary".to_string()
+        } else {
+            "primary".to_string()
+        }),
+    );
+    if let Some(parent_session_id) = parent_session_id.as_ref() {
+        attributes.insert(
+            "parent_session_id".to_string(),
+            serde_json::Value::String(parent_session_id.clone()),
+        );
+    }
+    if let Some(branch) = git_branch.as_ref() {
+        attributes.insert(
+            "git_branch".to_string(),
+            serde_json::Value::String(branch.clone()),
+        );
+    }
+
+    let context = SessionContext {
+        title: None,
+        description: None,
+        tags: vec!["claude-code".to_string()],
+        created_at,
+        updated_at,
+        related_session_ids: parent_session_id.clone().into_iter().collect(),
+        attributes,
+    };
+
+    let mut session = Session::new(session_id, agent);
+    session.context = context;
+    session.events = events;
+    session.recompute_stats();
+    Ok(session)
+}
diff --git a/crates/parsers/src/claude_code/transform.rs b/crates/parsers/src/claude_code/transform.rs
index a435ba39..184203a3 100644
--- a/crates/parsers/src/claude_code/transform.rs
+++ b/crates/parsers/src/claude_code/transform.rs
@@ -4,8 +4,8 @@ use opensession_core::trace::{Content, ContentBlock, EventType};
 // ── Content transformation helpers ──────────────────────────────────────────
 
 /// Extract raw text from ToolResult content
-pub(super) fn tool_result_content_to_string(content: &super::parse::ToolResultContent) -> String {
-    use super::parse::{ToolResultBlock, ToolResultContent};
+pub(super) fn tool_result_content_to_string(content: &super::raw::ToolResultContent) -> String {
+    use super::raw::{ToolResultBlock, ToolResultContent};
     match content {
         ToolResultContent::Text(text) => text.clone(),
         ToolResultContent::Blocks(blocks) => {
@@ -23,7 +23,7 @@ pub(super) fn tool_result_content_to_string(content: &super::parse::ToolResultCo
 
 /// Build structured Content for a ToolResult event (delegates to common helper).
 pub(super) fn build_cc_tool_result_content(
-    raw_content: &super::parse::ToolResultContent,
+    raw_content: &super::raw::ToolResultContent,
     tool_info: &ToolUseInfo,
 ) -> Content {
     let raw_text = tool_result_content_to_string(raw_content);
@@ -231,7 +231,7 @@ pub(super) fn tool_use_content(name: &str, input: &serde_json::Value) -> Content
 
 #[cfg(test)]
 mod tests {
-    use super::super::parse::ToolResultContent;
+    use super::super::raw::ToolResultContent;
     use super::*;
     use crate::common::ToolUseInfo;
 
@@ -304,7 +304,7 @@ mod tests {
 
     #[test]
     fn test_tool_result_content_blocks() {
-        use super::super::parse::ToolResultBlock;
+        use super::super::raw::ToolResultBlock;
         let content = ToolResultContent::Blocks(vec![ToolResultBlock::Text {
             text: "line1".to_string(),
         }]);
diff --git a/crates/parsers/src/cursor/mod.rs b/crates/parsers/src/cursor/mod.rs
index e555cace..9992041d 100644
--- a/crates/parsers/src/cursor/mod.rs
+++ b/crates/parsers/src/cursor/mod.rs
@@ -1,5 +1,7 @@
 mod parse;
+mod time;
 mod transform;
+mod types;
 
 use crate::SessionParser;
 use anyhow::Result;
diff --git a/crates/parsers/src/cursor/parse.rs b/crates/parsers/src/cursor/parse.rs
index 5f7deba3..5940b249 100644
--- a/crates/parsers/src/cursor/parse.rs
+++ b/crates/parsers/src/cursor/parse.rs
@@ -1,162 +1,19 @@
+use super::time::parse_timestamp;
 use super::transform::{
     classify_cursor_tool, extract_model_from_signature, infer_provider, parse_tool_result,
     resolve_tool_name, tool_call_content,
 };
+use super::types::{RawBubble, RawComposerData, RawComposerIndex, RawComposerMeta};
+#[cfg(test)]
+use super::types::{RawBubbleHeader, RawThinking, RawToolFormerData};
 use crate::common::{attach_semantic_attrs, attach_source_attrs, infer_tool_kind};
 use anyhow::{Context, Result};
 use chrono::{DateTime, Utc};
 use opensession_core::trace::{Agent, Content, Event, EventType, Session, SessionContext};
 use rusqlite::Connection;
-use serde::Deserialize;
 use std::collections::{HashMap, HashSet};
 use std::path::{Path, PathBuf};
 
-// ── Raw deserialization types for Cursor's composerData JSON ────────────────
-
-/// Serde helper: deserialize a value that may be a JSON string or number into an Option<String>.
-/// Cursor stores timestamps as integers in some versions and strings in others.
-mod string_or_number {
-    use serde::{self, Deserialize, Deserializer};
-
-    pub fn deserialize<'de, D>(deserializer: D) -> Result<Option<String>, D::Error>
-    where
-        D: Deserializer<'de>,
-    {
-        #[derive(Deserialize)]
-        #[serde(untagged)]
-        enum StringOrNumber {
-            String(String),
-            Integer(i64),
-            Float(f64),
-        }
-
-        match Option::<StringOrNumber>::deserialize(deserializer)? {
-            Some(StringOrNumber::String(s)) => Ok(Some(s)),
-            Some(StringOrNumber::Integer(n)) => Ok(Some(n.to_string())),
-            Some(StringOrNumber::Float(n)) => Ok(Some(n.to_string())),
-            None => Ok(None),
-        }
-    }
-}
-
-/// Top-level composerData JSON stored in cursorDiskKV
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawComposerData {
-    composer_id: String,
-    #[serde(default)]
-    name: Option<String>,
-    #[serde(default, deserialize_with = "string_or_number::deserialize")]
-    created_at: Option<String>,
-    #[serde(default, deserialize_with = "string_or_number::deserialize")]
-    last_updated_at: Option<String>,
-    #[serde(default)]
-    conversation: Vec<RawBubble>,
-    #[serde(default)]
-    is_agentic: Option<bool>,
-    /// Cursor v3: version field for format detection
-    #[serde(default, rename = "_v")]
-    version: Option<u64>,
-    /// Cursor v3: bubble headers (conversation stored separately in bubbleId:* keys)
-    #[serde(default)]
-    full_conversation_headers_only: Option<Vec<RawBubbleHeader>>,
-}
-
-/// Cursor modern workspace index: `composer.composerData` (metadata-only list).
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawComposerIndex {
-    #[serde(default)]
-    all_composers: Vec<RawComposerMeta>,
-}
-
-/// Metadata-only composer entry referenced by modern Cursor workspace DBs.
-#[derive(Debug, Clone, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawComposerMeta {
-    composer_id: String,
-    #[serde(default)]
-    name: Option<String>,
-    #[serde(default, deserialize_with = "string_or_number::deserialize")]
-    created_at: Option<String>,
-    #[serde(default, deserialize_with = "string_or_number::deserialize")]
-    last_updated_at: Option<String>,
-}
-
-/// Cursor v3: header reference to a separately-stored bubble
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawBubbleHeader {
-    bubble_id: String,
-    #[serde(rename = "type")]
-    #[allow(dead_code)]
-    bubble_type: u8,
-}
-
-/// A single "bubble" in the conversation array
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-#[allow(dead_code)]
-struct RawBubble {
-    /// 1 = user, 2 = assistant
-    #[serde(rename = "type")]
-    bubble_type: u8,
-    #[serde(default)]
-    bubble_id: Option<String>,
-    #[serde(default)]
-    text: Option<String>,
-    #[serde(default)]
-    thinking: Option<RawThinking>,
-    #[serde(default)]
-    tool_former_data: Option<RawToolFormerData>,
-    #[serde(default)]
-    timing_info: Option<RawTimingInfo>,
-    #[serde(default)]
-    model_type: Option<String>,
-    #[serde(default)]
-    checkpoint: Option<serde_json::Value>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawThinking {
-    #[serde(default)]
-    text: Option<String>,
-    #[serde(default)]
-    signature: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawToolFormerData {
-    /// Numeric tool ID (e.g., 7 = edit_file)
-    #[serde(default)]
-    tool: Option<u32>,
-    #[serde(default)]
-    name: Option<String>,
-    #[serde(default)]
-    status: Option<String>,
-    #[serde(default)]
-    raw_args: Option<String>,
-    #[serde(default)]
-    result: Option<String>,
-    #[serde(default)]
-    user_decision: Option<String>,
-}
-
-#[derive(Debug, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RawTimingInfo {
-    #[serde(default)]
-    start_time: Option<f64>,
-    #[serde(default)]
-    end_time: Option<f64>,
-    #[serde(default)]
-    client_start_time: Option<f64>,
-    #[serde(default)]
-    client_end_time: Option<f64>,
-}
-
 // ── Core parsing logic ─────────────────────────────────────────────────────
 
 pub(super) fn parse_cursor_vscdb(path: &Path) -> Result<Session> {
@@ -831,25 +688,6 @@ fn convert_bubbles_to_events(
 
 // ── Timestamp parsing ──────────────────────────────────────────────────────
 
-fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
-    // ISO 8601 format: "2025-10-03T12:34:56.789Z"
-    DateTime::parse_from_rfc3339(ts)
-        .map(|dt| dt.with_timezone(&Utc))
-        .or_else(|_| {
-            // Try without timezone
-            chrono::NaiveDateTime::parse_from_str(ts, "%Y-%m-%dT%H:%M:%S%.f")
-                .map(|ndt| ndt.and_utc())
-        })
-        .or_else(|_| {
-            // Try as epoch milliseconds (sometimes Cursor uses numeric timestamps as strings)
-            ts.parse::<f64>()
-                .ok()
-                .and_then(|ms| DateTime::from_timestamp_millis(ms as i64))
-                .ok_or_else(|| anyhow::anyhow!("Not a timestamp"))
-        })
-        .with_context(|| format!("Failed to parse Cursor timestamp: {}", ts))
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
diff --git a/crates/parsers/src/cursor/time.rs b/crates/parsers/src/cursor/time.rs
new file mode 100644
index 00000000..48e02a97
--- /dev/null
+++ b/crates/parsers/src/cursor/time.rs
@@ -0,0 +1,18 @@
+use anyhow::{Context, Result};
+use chrono::{DateTime, Utc};
+
+pub(super) fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
+    DateTime::parse_from_rfc3339(ts)
+        .map(|dt| dt.with_timezone(&Utc))
+        .or_else(|_| {
+            chrono::NaiveDateTime::parse_from_str(ts, "%Y-%m-%dT%H:%M:%S%.f")
+                .map(|ndt| ndt.and_utc())
+        })
+        .or_else(|_| {
+            ts.parse::<f64>()
+                .ok()
+                .and_then(|ms| DateTime::from_timestamp_millis(ms as i64))
+                .ok_or_else(|| anyhow::anyhow!("Not a timestamp"))
+        })
+        .with_context(|| format!("Failed to parse Cursor timestamp: {ts}"))
+}
diff --git a/crates/parsers/src/cursor/types.rs b/crates/parsers/src/cursor/types.rs
new file mode 100644
index 00000000..3b9f6c8a
--- /dev/null
+++ b/crates/parsers/src/cursor/types.rs
@@ -0,0 +1,134 @@
+use serde::Deserialize;
+
+pub(super) mod string_or_number {
+    use serde::{self, Deserialize, Deserializer};
+
+    pub fn deserialize<'de, D>(deserializer: D) -> Result<Option<String>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum StringOrNumber {
+            String(String),
+            Integer(i64),
+            Float(f64),
+        }
+
+        match Option::<StringOrNumber>::deserialize(deserializer)? {
+            Some(StringOrNumber::String(value)) => Ok(Some(value)),
+            Some(StringOrNumber::Integer(value)) => Ok(Some(value.to_string())),
+            Some(StringOrNumber::Float(value)) => Ok(Some(value.to_string())),
+            None => Ok(None),
+        }
+    }
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawComposerData {
+    pub(super) composer_id: String,
+    #[serde(default)]
+    pub(super) name: Option<String>,
+    #[serde(default, deserialize_with = "string_or_number::deserialize")]
+    pub(super) created_at: Option<String>,
+    #[serde(default, deserialize_with = "string_or_number::deserialize")]
+    pub(super) last_updated_at: Option<String>,
+    #[serde(default)]
+    pub(super) conversation: Vec<RawBubble>,
+    #[serde(default)]
+    pub(super) is_agentic: Option<bool>,
+    #[serde(default, rename = "_v")]
+    pub(super) version: Option<u64>,
+    #[serde(default)]
+    pub(super) full_conversation_headers_only: Option<Vec<RawBubbleHeader>>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawComposerIndex {
+    #[serde(default)]
+    pub(super) all_composers: Vec<RawComposerMeta>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawComposerMeta {
+    pub(super) composer_id: String,
+    #[serde(default)]
+    pub(super) name: Option<String>,
+    #[serde(default, deserialize_with = "string_or_number::deserialize")]
+    pub(super) created_at: Option<String>,
+    #[serde(default, deserialize_with = "string_or_number::deserialize")]
+    pub(super) last_updated_at: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawBubbleHeader {
+    pub(super) bubble_id: String,
+    #[serde(rename = "type")]
+    #[allow(dead_code)]
+    pub(super) bubble_type: u8,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+#[allow(dead_code)]
+pub(super) struct RawBubble {
+    #[serde(rename = "type")]
+    pub(super) bubble_type: u8,
+    #[serde(default)]
+    pub(super) bubble_id: Option<String>,
+    #[serde(default)]
+    pub(super) text: Option<String>,
+    #[serde(default)]
+    pub(super) thinking: Option<RawThinking>,
+    #[serde(default)]
+    pub(super) tool_former_data: Option<RawToolFormerData>,
+    #[serde(default)]
+    pub(super) timing_info: Option<RawTimingInfo>,
+    #[serde(default)]
+    pub(super) model_type: Option<String>,
+    #[serde(default)]
+    pub(super) checkpoint: Option<serde_json::Value>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawThinking {
+    #[serde(default)]
+    pub(super) text: Option<String>,
+    #[serde(default)]
+    pub(super) signature: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawToolFormerData {
+    #[serde(default)]
+    pub(super) tool: Option<u32>,
+    #[serde(default)]
+    pub(super) name: Option<String>,
+    #[serde(default)]
+    pub(super) status: Option<String>,
+    #[serde(default)]
+    pub(super) raw_args: Option<String>,
+    #[serde(default)]
+    pub(super) result: Option<String>,
+    #[serde(default)]
+    pub(super) user_decision: Option<String>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(super) struct RawTimingInfo {
+    #[serde(default)]
+    pub(super) start_time: Option<f64>,
+    #[serde(default)]
+    pub(super) end_time: Option<f64>,
+    #[serde(default)]
+    pub(super) client_start_time: Option<f64>,
+    #[serde(default)]
+    pub(super) client_end_time: Option<f64>,
+}
diff --git a/crates/parsers/src/gemini.rs b/crates/parsers/src/gemini.rs
index d4f082aa..7867096c 100644
--- a/crates/parsers/src/gemini.rs
+++ b/crates/parsers/src/gemini.rs
@@ -892,359 +892,4 @@ fn parse_timestamp(ts: &str) -> Result<DateTime<Utc>> {
 }
 
 #[cfg(test)]
-mod tests {
-    use super::*;
-    use std::fs::write;
-
-    #[test]
-    fn test_can_parse() {
-        let parser = GeminiParser;
-        assert!(parser.can_parse(Path::new(
-            "/Users/test/.gemini/tmp/abc123/chats/session-2026-02-09T15-11-8205f040.json"
-        )));
-        assert!(parser.can_parse(Path::new(
-            "/Users/test/.gemini/tmp/abc123/chats/session-2026-02-09T15-11-8205f040.jsonl"
-        )));
-        assert!(!parser.can_parse(Path::new("/tmp/random.json")));
-        assert!(!parser.can_parse(Path::new("/tmp/random.jsonl")));
-        assert!(!parser.can_parse(Path::new("/Users/test/.gemini/settings.json")));
-    }
-
-    #[test]
-    fn test_parse_session() {
-        let json = r#"{
-            "sessionId": "test-123",
-            "projectHash": "abc",
-            "startTime": "2026-02-09T15:11:31.319Z",
-            "lastUpdated": "2026-02-09T15:14:17.522Z",
-            "messages": [
-                {
-                    "id": "m1",
-                    "timestamp": "2026-02-09T15:11:31.319Z",
-                    "type": "user",
-                    "content": "hello gemini"
-                },
-                {
-                    "id": "m2",
-                    "timestamp": "2026-02-09T15:12:00.000Z",
-                    "type": "gemini",
-                    "content": "Hello! How can I help?",
-                    "thoughts": [
-                        {"subject": "Greeting", "description": "User says hello"}
-                    ],
-                    "tokens": {"input": 100, "output": 50, "total": 150},
-                    "model": "gemini-2.5-pro"
-                }
-            ]
-        }"#;
-
-        let session: GeminiSession = serde_json::from_str(json).unwrap();
-        assert_eq!(session.session_id, "test-123");
-        assert_eq!(session.messages.len(), 2);
-        assert_eq!(session.messages[0].msg_type, "user");
-        assert_eq!(session.messages[1].msg_type, "gemini");
-        assert_eq!(session.messages[1].model.as_deref(), Some("gemini-2.5-pro"));
-        assert_eq!(session.messages[1].thoughts.as_ref().unwrap().len(), 1);
-    }
-
-    #[test]
-    fn test_parse_error_message() {
-        let json = r#"{
-            "sessionId": "test-err",
-            "projectHash": "abc",
-            "startTime": "2026-02-09T15:10:00.000Z",
-            "lastUpdated": "2026-02-09T15:10:30.000Z",
-            "messages": [
-                {
-                    "id": "m1",
-                    "timestamp": "2026-02-09T15:10:00.000Z",
-                    "type": "user",
-                    "content": "test"
-                },
-                {
-                    "id": "m2",
-                    "timestamp": "2026-02-09T15:10:30.000Z",
-                    "type": "error",
-                    "content": "[API Error: No capacity]"
-                }
-            ]
-        }"#;
-
-        let session: GeminiSession = serde_json::from_str(json).unwrap();
-        assert_eq!(session.messages[1].msg_type, "error");
-    }
-
-    #[test]
-    fn test_parse_jsonl_records() {
-        // Test that GeminiRecord types deserialize correctly
-        let metadata_line = r#"{"type":"session_metadata","sessionId":"sess-1","startTime":"2026-02-09T15:00:00.000Z"}"#;
-        let record: GeminiRecord = serde_json::from_str(metadata_line).unwrap();
-        match record {
-            GeminiRecord::SessionMetadata {
-                session_id,
-                start_time,
-            } => {
-                assert_eq!(session_id, "sess-1");
-                assert_eq!(start_time.as_deref(), Some("2026-02-09T15:00:00.000Z"));
-            }
-            _ => panic!("Expected SessionMetadata"),
-        }
-
-        let user_line = r#"{"type":"user","id":"u1","timestamp":"2026-02-09T15:01:00.000Z","content":[{"type":"text","text":"hello gemini"}]}"#;
-        let record: GeminiRecord = serde_json::from_str(user_line).unwrap();
-        match record {
-            GeminiRecord::User { id, content, .. } => {
-                assert_eq!(id.as_deref(), Some("u1"));
-                assert_eq!(content.len(), 1);
-                match &content[0] {
-                    GeminiContentBlock::Text { text } => assert_eq!(text, "hello gemini"),
-                    _ => panic!("Expected Text block"),
-                }
-            }
-            _ => panic!("Expected User"),
-        }
-
-        let gemini_line = r#"{"type":"gemini","id":"g1","timestamp":"2026-02-09T15:02:00.000Z","content":[{"type":"thinking","text":"analyzing..."},{"type":"text","text":"Here is my answer"},{"type":"functionCall","name":"readFile","args":{"path":"/tmp/x.rs"}}],"model":"gemini-2.5-pro"}"#;
-        let record: GeminiRecord = serde_json::from_str(gemini_line).unwrap();
-        match record {
-            GeminiRecord::Gemini {
-                id, content, model, ..
-            } => {
-                assert_eq!(id.as_deref(), Some("g1"));
-                assert_eq!(model.as_deref(), Some("gemini-2.5-pro"));
-                assert_eq!(content.len(), 3);
-                assert!(matches!(&content[0], GeminiContentBlock::Thinking { .. }));
-                assert!(matches!(&content[1], GeminiContentBlock::Text { .. }));
-                assert!(matches!(
-                    &content[2],
-                    GeminiContentBlock::FunctionCall { .. }
-                ));
-            }
-            _ => panic!("Expected Gemini"),
-        }
-
-        let update_line =
-            r#"{"type":"message_update","id":"g1","tokens":{"input":100,"output":50,"total":150}}"#;
-        let record: GeminiRecord = serde_json::from_str(update_line).unwrap();
-        match record {
-            GeminiRecord::MessageUpdate { id, tokens } => {
-                assert_eq!(id.as_deref(), Some("g1"));
-                let tokens = tokens.unwrap();
-                assert_eq!(tokens.input, Some(100));
-                assert_eq!(tokens.output, Some(50));
-            }
-            _ => panic!("Expected MessageUpdate"),
-        }
-    }
-
-    #[test]
-    fn test_parse_jsonl_function_response() {
-        let user_with_response = r#"{"type":"user","id":"u2","timestamp":"2026-02-09T15:03:00.000Z","content":[{"type":"functionResponse","name":"readFile","response":{"content":"fn main() {}"}}]}"#;
-        let record: GeminiRecord = serde_json::from_str(user_with_response).unwrap();
-        match record {
-            GeminiRecord::User { content, .. } => {
-                assert_eq!(content.len(), 1);
-                match &content[0] {
-                    GeminiContentBlock::FunctionResponse { name, response } => {
-                        assert_eq!(name, "readFile");
-                        assert!(response.is_some());
-                    }
-                    _ => panic!("Expected FunctionResponse block"),
-                }
-            }
-            _ => panic!("Expected User"),
-        }
-    }
-
-    #[test]
-    fn test_parse_jsonl_unknown_content_block() {
-        // Unknown content block types should be deserialized without error
-        let gemini_line = r#"{"type":"gemini","id":"g2","content":[{"type":"unknownFutureType","data":"something"}]}"#;
-        let record: GeminiRecord = serde_json::from_str(gemini_line).unwrap();
-        match record {
-            GeminiRecord::Gemini { content, .. } => {
-                assert_eq!(content.len(), 1);
-                assert!(matches!(content[0], GeminiContentBlock::Unknown));
-            }
-            _ => panic!("Expected Gemini"),
-        }
-    }
-
-    #[test]
-    fn test_info_message_skipped() {
-        let json = r#"{
-            "sessionId": "test-info",
-            "projectHash": "abc",
-            "startTime": "2026-02-09T15:10:00.000Z",
-            "lastUpdated": "2026-02-09T15:10:00.000Z",
-            "messages": [
-                {
-                    "id": "m1",
-                    "timestamp": "2026-02-09T15:10:00.000Z",
-                    "type": "info",
-                    "content": "Authentication succeeded"
-                }
-            ]
-        }"#;
-
-        // info messages should deserialize but produce no events
-        let session: GeminiSession = serde_json::from_str(json).unwrap();
-        assert_eq!(session.messages.len(), 1);
-        assert_eq!(session.messages[0].msg_type, "info");
-    }
-
-    #[test]
-    fn test_parse_legacy_content_parts_variant() {
-        let content = GeminiMessageContent::Parts(vec![serde_json::json!({
-            "text": "hello from parts"
-        })]);
-        let parsed = parse_legacy_content(Some(&content));
-        assert_eq!(parsed.schema_variant, "parts");
-        assert_eq!(parsed.texts, vec!["hello from parts".to_string()]);
-    }
-
-    #[test]
-    fn test_parse_legacy_content_single_part_variant() {
-        let content = GeminiMessageContent::Part(serde_json::json!({
-            "functionCall": {
-                "name": "read_file",
-                "args": {"path": "/tmp/a.txt"}
-            }
-        }));
-        let parsed = parse_legacy_content(Some(&content));
-        assert_eq!(parsed.schema_variant, "part");
-        assert!(parsed.texts.is_empty());
-    }
-
-    #[test]
-    fn test_parse_json_tool_calls_field() {
-        let dir = std::env::temp_dir().join(format!(
-            "opensession-gemini-toolcalls-{}",
-            std::time::SystemTime::now()
-                .duration_since(std::time::UNIX_EPOCH)
-                .expect("clock")
-                .as_nanos()
-        ));
-        std::fs::create_dir_all(&dir).unwrap();
-        let path = dir.join("session-2026-02-16T09-10-toolcalls.json");
-        let json = r#"{
-            "sessionId": "toolcalls-123",
-            "projectHash": "abc",
-            "startTime": "2026-02-16T09:10:00.000Z",
-            "lastUpdated": "2026-02-16T09:10:10.000Z",
-            "messages": [
-                {
-                    "id": "u1",
-                    "timestamp": "2026-02-16T09:10:01.000Z",
-                    "type": "user",
-                    "content": [{"text":"version"}]
-                },
-                {
-                    "id": "g1",
-                    "timestamp": "2026-02-16T09:10:03.000Z",
-                    "type": "gemini",
-                    "content": "running tool",
-                    "model": "gemini-2.5-flash",
-                    "toolCalls": [
-                        {
-                            "id": "call-1",
-                            "name": "run_shell_command",
-                            "args": {"command":"git status"},
-                            "result": [
-                                {
-                                    "functionResponse": {
-                                        "id": "call-1",
-                                        "name": "run_shell_command",
-                                        "response": {"output":"clean"}
-                                    }
-                                }
-                            ],
-                            "status": "success"
-                        }
-                    ],
-                    "tokens": {"input": 11, "output": 7, "total": 18}
-                }
-            ]
-        }"#;
-        write(&path, json).unwrap();
-
-        let parsed = parse_json(&path).expect("parse gemini json with toolCalls");
-        assert!(parsed.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::ToolCall { name } if name == "run_shell_command"
-            )
-        }));
-        assert!(parsed.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::ToolResult { name, call_id, is_error }
-                    if name == "run_shell_command"
-                        && call_id.as_deref() == Some("call-1")
-                        && !is_error
-            )
-        }));
-        assert!(parsed.events.iter().any(|event| {
-            event
-                .attributes
-                .get("source.schema_version")
-                .and_then(|v| v.as_str())
-                == Some("gemini-json-v3-toolcalls")
-        }));
-    }
-
-    #[test]
-    fn test_parse_json_parts_content_file() {
-        let dir = std::env::temp_dir().join(format!(
-            "opensession-gemini-parts-{}",
-            std::time::SystemTime::now()
-                .duration_since(std::time::UNIX_EPOCH)
-                .expect("clock")
-                .as_nanos()
-        ));
-        std::fs::create_dir_all(&dir).unwrap();
-        let path = dir.join("session-2026-02-14T09-36-test.json");
-        let json = r#"{
-            "sessionId": "parts-123",
-            "startTime": "2026-02-14T09:36:00.000Z",
-            "lastUpdated": "2026-02-14T09:36:05.000Z",
-            "messages": [
-                {
-                    "id": "u1",
-                    "timestamp": "2026-02-14T09:36:01.000Z",
-                    "type": "user",
-                    "content": [{"text":"inspect this repo"}]
-                },
-                {
-                    "id": "g1",
-                    "timestamp": "2026-02-14T09:36:03.000Z",
-                    "type": "gemini",
-                    "content": [{"text":"done"}],
-                    "model": "gemini-2.5-pro"
-                }
-            ]
-        }"#;
-        write(&path, json).unwrap();
-
-        let parsed = parse_json(&path).expect("parse gemini json");
-        assert_eq!(parsed.session_id, "parts-123");
-        assert!(
-            parsed
-                .events
-                .iter()
-                .any(|e| matches!(e.event_type, EventType::UserMessage))
-        );
-        assert!(
-            parsed
-                .events
-                .iter()
-                .any(|e| matches!(e.event_type, EventType::AgentMessage))
-        );
-        assert!(parsed.events.iter().all(|e| {
-            e.attributes
-                .get("source.schema_version")
-                .and_then(|v| v.as_str())
-                .is_some()
-        }));
-    }
-}
+mod tests;
diff --git a/crates/parsers/src/gemini/tests.rs b/crates/parsers/src/gemini/tests.rs
new file mode 100644
index 00000000..01587c9a
--- /dev/null
+++ b/crates/parsers/src/gemini/tests.rs
@@ -0,0 +1,356 @@
+use super::*;
+use std::fs::write;
+
+#[test]
+fn test_can_parse() {
+    let parser = GeminiParser;
+    assert!(parser.can_parse(Path::new(
+        "/Users/test/.gemini/tmp/abc123/chats/session-2026-02-09T15-11-8205f040.json"
+    )));
+    assert!(parser.can_parse(Path::new(
+        "/Users/test/.gemini/tmp/abc123/chats/session-2026-02-09T15-11-8205f040.jsonl"
+    )));
+    assert!(!parser.can_parse(Path::new("/tmp/random.json")));
+    assert!(!parser.can_parse(Path::new("/tmp/random.jsonl")));
+    assert!(!parser.can_parse(Path::new("/Users/test/.gemini/settings.json")));
+}
+
+#[test]
+fn test_parse_session() {
+    let json = r#"{
+        "sessionId": "test-123",
+        "projectHash": "abc",
+        "startTime": "2026-02-09T15:11:31.319Z",
+        "lastUpdated": "2026-02-09T15:14:17.522Z",
+        "messages": [
+            {
+                "id": "m1",
+                "timestamp": "2026-02-09T15:11:31.319Z",
+                "type": "user",
+                "content": "hello gemini"
+            },
+            {
+                "id": "m2",
+                "timestamp": "2026-02-09T15:12:00.000Z",
+                "type": "gemini",
+                "content": "Hello! How can I help?",
+                "thoughts": [
+                    {"subject": "Greeting", "description": "User says hello"}
+                ],
+                "tokens": {"input": 100, "output": 50, "total": 150},
+                "model": "gemini-2.5-pro"
+            }
+        ]
+    }"#;
+
+    let session: GeminiSession = serde_json::from_str(json).unwrap();
+    assert_eq!(session.session_id, "test-123");
+    assert_eq!(session.messages.len(), 2);
+    assert_eq!(session.messages[0].msg_type, "user");
+    assert_eq!(session.messages[1].msg_type, "gemini");
+    assert_eq!(session.messages[1].model.as_deref(), Some("gemini-2.5-pro"));
+    assert_eq!(
+        session.messages[1]
+            .thoughts
+            .as_ref()
+            .expect("thoughts")
+            .len(),
+        1
+    );
+}
+
+#[test]
+fn test_parse_error_message() {
+    let json = r#"{
+        "sessionId": "test-err",
+        "projectHash": "abc",
+        "startTime": "2026-02-09T15:10:00.000Z",
+        "lastUpdated": "2026-02-09T15:10:30.000Z",
+        "messages": [
+            {
+                "id": "m1",
+                "timestamp": "2026-02-09T15:10:00.000Z",
+                "type": "user",
+                "content": "test"
+            },
+            {
+                "id": "m2",
+                "timestamp": "2026-02-09T15:10:30.000Z",
+                "type": "error",
+                "content": "[API Error: No capacity]"
+            }
+        ]
+    }"#;
+
+    let session: GeminiSession = serde_json::from_str(json).unwrap();
+    assert_eq!(session.messages[1].msg_type, "error");
+}
+
+#[test]
+fn test_parse_jsonl_records() {
+    let metadata_line = r#"{"type":"session_metadata","sessionId":"sess-1","startTime":"2026-02-09T15:00:00.000Z"}"#;
+    let record: GeminiRecord = serde_json::from_str(metadata_line).unwrap();
+    match record {
+        GeminiRecord::SessionMetadata {
+            session_id,
+            start_time,
+        } => {
+            assert_eq!(session_id, "sess-1");
+            assert_eq!(start_time.as_deref(), Some("2026-02-09T15:00:00.000Z"));
+        }
+        _ => panic!("Expected SessionMetadata"),
+    }
+
+    let user_line = r#"{"type":"user","id":"u1","timestamp":"2026-02-09T15:01:00.000Z","content":[{"type":"text","text":"hello gemini"}]}"#;
+    let record: GeminiRecord = serde_json::from_str(user_line).unwrap();
+    match record {
+        GeminiRecord::User { id, content, .. } => {
+            assert_eq!(id.as_deref(), Some("u1"));
+            assert_eq!(content.len(), 1);
+            match &content[0] {
+                GeminiContentBlock::Text { text } => assert_eq!(text, "hello gemini"),
+                _ => panic!("Expected Text block"),
+            }
+        }
+        _ => panic!("Expected User"),
+    }
+
+    let gemini_line = r#"{"type":"gemini","id":"g1","timestamp":"2026-02-09T15:02:00.000Z","content":[{"type":"thinking","text":"analyzing..."},{"type":"text","text":"Here is my answer"},{"type":"functionCall","name":"readFile","args":{"path":"/tmp/x.rs"}}],"model":"gemini-2.5-pro"}"#;
+    let record: GeminiRecord = serde_json::from_str(gemini_line).unwrap();
+    match record {
+        GeminiRecord::Gemini {
+            id, content, model, ..
+        } => {
+            assert_eq!(id.as_deref(), Some("g1"));
+            assert_eq!(model.as_deref(), Some("gemini-2.5-pro"));
+            assert_eq!(content.len(), 3);
+            assert!(matches!(&content[0], GeminiContentBlock::Thinking { .. }));
+            assert!(matches!(&content[1], GeminiContentBlock::Text { .. }));
+            assert!(matches!(
+                &content[2],
+                GeminiContentBlock::FunctionCall { .. }
+            ));
+        }
+        _ => panic!("Expected Gemini"),
+    }
+
+    let update_line =
+        r#"{"type":"message_update","id":"g1","tokens":{"input":100,"output":50,"total":150}}"#;
+    let record: GeminiRecord = serde_json::from_str(update_line).unwrap();
+    match record {
+        GeminiRecord::MessageUpdate { id, tokens } => {
+            assert_eq!(id.as_deref(), Some("g1"));
+            let tokens = tokens.expect("tokens");
+            assert_eq!(tokens.input, Some(100));
+            assert_eq!(tokens.output, Some(50));
+        }
+        _ => panic!("Expected MessageUpdate"),
+    }
+}
+
+#[test]
+fn test_parse_jsonl_function_response() {
+    let user_with_response = r#"{"type":"user","id":"u2","timestamp":"2026-02-09T15:03:00.000Z","content":[{"type":"functionResponse","name":"readFile","response":{"content":"fn main() {}"}}]}"#;
+    let record: GeminiRecord = serde_json::from_str(user_with_response).unwrap();
+    match record {
+        GeminiRecord::User { content, .. } => {
+            assert_eq!(content.len(), 1);
+            match &content[0] {
+                GeminiContentBlock::FunctionResponse { name, response } => {
+                    assert_eq!(name, "readFile");
+                    assert!(response.is_some());
+                }
+                _ => panic!("Expected FunctionResponse block"),
+            }
+        }
+        _ => panic!("Expected User"),
+    }
+}
+
+#[test]
+fn test_parse_jsonl_unknown_content_block() {
+    let gemini_line = r#"{"type":"gemini","id":"g2","content":[{"type":"unknownFutureType","data":"something"}]}"#;
+    let record: GeminiRecord = serde_json::from_str(gemini_line).unwrap();
+    match record {
+        GeminiRecord::Gemini { content, .. } => {
+            assert_eq!(content.len(), 1);
+            assert!(matches!(content[0], GeminiContentBlock::Unknown));
+        }
+        _ => panic!("Expected Gemini"),
+    }
+}
+
+#[test]
+fn test_info_message_skipped() {
+    let json = r#"{
+        "sessionId": "test-info",
+        "projectHash": "abc",
+        "startTime": "2026-02-09T15:10:00.000Z",
+        "lastUpdated": "2026-02-09T15:10:00.000Z",
+        "messages": [
+            {
+                "id": "m1",
+                "timestamp": "2026-02-09T15:10:00.000Z",
+                "type": "info",
+                "content": "Authentication succeeded"
+            }
+        ]
+    }"#;
+
+    let session: GeminiSession = serde_json::from_str(json).unwrap();
+    assert_eq!(session.messages.len(), 1);
+    assert_eq!(session.messages[0].msg_type, "info");
+}
+
+#[test]
+fn test_parse_legacy_content_parts_variant() {
+    let content = GeminiMessageContent::Parts(vec![serde_json::json!({
+        "text": "hello from parts"
+    })]);
+    let parsed = parse_legacy_content(Some(&content));
+    assert_eq!(parsed.schema_variant, "parts");
+    assert_eq!(parsed.texts, vec!["hello from parts".to_string()]);
+}
+
+#[test]
+fn test_parse_legacy_content_single_part_variant() {
+    let content = GeminiMessageContent::Part(serde_json::json!({
+        "functionCall": {
+            "name": "read_file",
+            "args": {"path": "/tmp/a.txt"}
+        }
+    }));
+    let parsed = parse_legacy_content(Some(&content));
+    assert_eq!(parsed.schema_variant, "part");
+    assert!(parsed.texts.is_empty());
+}
+
+#[test]
+fn test_parse_json_tool_calls_field() {
+    let dir = std::env::temp_dir().join(format!(
+        "opensession-gemini-toolcalls-{}",
+        std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .expect("clock")
+            .as_nanos()
+    ));
+    std::fs::create_dir_all(&dir).unwrap();
+    let path = dir.join("session-2026-02-16T09-10-toolcalls.json");
+    let json = r#"{
+        "sessionId": "toolcalls-123",
+        "projectHash": "abc",
+        "startTime": "2026-02-16T09:10:00.000Z",
+        "lastUpdated": "2026-02-16T09:10:10.000Z",
+        "messages": [
+            {
+                "id": "u1",
+                "timestamp": "2026-02-16T09:10:01.000Z",
+                "type": "user",
+                "content": [{"text":"version"}]
+            },
+            {
+                "id": "g1",
+                "timestamp": "2026-02-16T09:10:03.000Z",
+                "type": "gemini",
+                "content": "running tool",
+                "model": "gemini-2.5-flash",
+                "toolCalls": [
+                    {
+                        "id": "call-1",
+                        "name": "run_shell_command",
+                        "args": {"command":"git status"},
+                        "result": [
+                            {
+                                "functionResponse": {
+                                    "id": "call-1",
+                                    "name": "run_shell_command",
+                                    "response": {"output":"clean"}
+                                }
+                            }
+                        ],
+                        "status": "success"
+                    }
+                ],
+                "tokens": {"input": 11, "output": 7, "total": 18}
+            }
+        ]
+    }"#;
+    write(&path, json).unwrap();
+
+    let parsed = parse_json(&path).expect("parse gemini json with toolCalls");
+    assert!(parsed.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::ToolCall { name } if name == "run_shell_command")
+    }));
+    assert!(parsed.events.iter().any(|event| {
+        matches!(
+            &event.event_type,
+            EventType::ToolResult { name, call_id, is_error }
+                if name == "run_shell_command"
+                    && call_id.as_deref() == Some("call-1")
+                    && !is_error
+        )
+    }));
+    assert!(parsed.events.iter().any(|event| {
+        event
+            .attributes
+            .get("source.schema_version")
+            .and_then(|value| value.as_str())
+            == Some("gemini-json-v3-toolcalls")
+    }));
+}
+
+#[test]
+fn test_parse_json_parts_content_file() {
+    let dir = std::env::temp_dir().join(format!(
+        "opensession-gemini-parts-{}",
+        std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .expect("clock")
+            .as_nanos()
+    ));
+    std::fs::create_dir_all(&dir).unwrap();
+    let path = dir.join("session-2026-02-14T09-36-test.json");
+    let json = r#"{
+        "sessionId": "parts-123",
+        "startTime": "2026-02-14T09:36:00.000Z",
+        "lastUpdated": "2026-02-14T09:36:05.000Z",
+        "messages": [
+            {
+                "id": "u1",
+                "timestamp": "2026-02-14T09:36:01.000Z",
+                "type": "user",
+                "content": [{"text":"inspect this repo"}]
+            },
+            {
+                "id": "g1",
+                "timestamp": "2026-02-14T09:36:03.000Z",
+                "type": "gemini",
+                "content": [{"text":"done"}],
+                "model": "gemini-2.5-pro"
+            }
+        ]
+    }"#;
+    write(&path, json).unwrap();
+
+    let parsed = parse_json(&path).expect("parse gemini json");
+    assert_eq!(parsed.session_id, "parts-123");
+    assert!(
+        parsed
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::UserMessage))
+    );
+    assert!(
+        parsed
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::AgentMessage))
+    );
+    assert!(parsed.events.iter().all(|event| {
+        event
+            .attributes
+            .get("source.schema_version")
+            .and_then(|value| value.as_str())
+            .is_some()
+    }));
+}
diff --git a/crates/parsers/src/lib.rs b/crates/parsers/src/lib.rs
index 4e9f44a5..d3d46277 100644
--- a/crates/parsers/src/lib.rs
+++ b/crates/parsers/src/lib.rs
@@ -1,5 +1,4 @@
 pub mod claude_code;
-pub mod discover;
 pub mod incremental;
 
 mod amp;
diff --git a/crates/parsers/src/opencode.rs b/crates/parsers/src/opencode.rs
index 9280b11c..8c2dabc1 100644
--- a/crates/parsers/src/opencode.rs
+++ b/crates/parsers/src/opencode.rs
@@ -987,487 +987,4 @@ fn json_find_path(value: &serde_json::Value) -> Option<String> {
 }
 
 #[cfg(test)]
-mod tests {
-    use super::*;
-    use std::fs::{create_dir_all, write};
-    use std::time::{SystemTime, UNIX_EPOCH};
-
-    #[test]
-    fn test_millis_to_datetime() {
-        let dt = millis_to_datetime(1753359830903);
-        assert!(dt.year() >= 2025);
-    }
-
-    #[test]
-    fn test_classify_bash() {
-        let input = Some(serde_json::json!({"command": "ls -la"}));
-        let et = classify_opencode_tool("bash", &input);
-        match et {
-            EventType::ShellCommand { command, .. } => assert_eq!(command, "ls -la"),
-            _ => panic!("Expected ShellCommand"),
-        }
-    }
-
-    #[test]
-    fn test_classify_read_with_camel_case_path() {
-        let input = Some(serde_json::json!({"filePath": "/tmp/demo.rs"}));
-        let et = classify_opencode_tool("read", &input);
-        match et {
-            EventType::FileRead { path } => assert_eq!(path, "/tmp/demo.rs"),
-            _ => panic!("Expected FileRead"),
-        }
-    }
-
-    #[test]
-    fn test_tool_status_terminal_variants() {
-        assert!(is_terminal_tool_status("completed"));
-        assert!(is_terminal_tool_status("FAILED"));
-        assert!(is_terminal_tool_status("canceled"));
-        assert!(!is_terminal_tool_status("running"));
-    }
-
-    #[test]
-    fn test_normalized_call_id_trims_whitespace() {
-        assert_eq!(
-            normalized_call_id(Some("  functions.edit:27 ")).as_deref(),
-            Some("functions.edit:27")
-        );
-        assert_eq!(normalized_call_id(Some("   ")), None);
-    }
-
-    #[test]
-    fn test_extract_tool_output_text_fallbacks() {
-        let state_output = ToolState {
-            status: Some("completed".to_string()),
-            input: None,
-            output: Some(serde_json::json!("done")),
-            error: Some(serde_json::json!("ignored error")),
-            metadata: None,
-            title: None,
-            time: None,
-        };
-        assert_eq!(
-            extract_tool_output_text(Some(&state_output)).as_deref(),
-            Some("done")
-        );
-
-        let state_error = ToolState {
-            status: Some("error".to_string()),
-            input: None,
-            output: None,
-            error: Some(serde_json::json!("failed")),
-            metadata: Some(serde_json::json!({"output": "metadata output"})),
-            title: None,
-            time: None,
-        };
-        assert_eq!(
-            extract_tool_output_text(Some(&state_error)).as_deref(),
-            Some("failed")
-        );
-
-        let state_meta = ToolState {
-            status: Some("error".to_string()),
-            input: None,
-            output: None,
-            error: None,
-            metadata: Some(serde_json::json!({"output": "metadata output"})),
-            title: None,
-            time: None,
-        };
-        assert_eq!(
-            extract_tool_output_text(Some(&state_meta)).as_deref(),
-            Some("metadata output")
-        );
-    }
-
-    #[test]
-    fn test_session_info_deser() {
-        let json = r#"{"id":"ses_abc","version":"1.1.30","title":"Test session","projectID":"abc123","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
-        let info: SessionInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(info.id, "ses_abc");
-        assert_eq!(info.title, Some("Test session".to_string()));
-        assert_eq!(info.directory, Some("/tmp/proj".to_string()));
-    }
-
-    #[test]
-    fn test_session_info_parent_id_deser() {
-        let json = r#"{"id":"ses_child","version":"1.1.30","parentID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
-        let info: SessionInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(info.parent_id, Some("ses_parent".to_string()));
-    }
-
-    #[test]
-    fn test_session_info_parent_id_alias_deser() {
-        let json = r#"{"id":"ses_child","version":"1.1.30","parentId":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
-        let info: SessionInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(info.parent_id, Some("ses_parent".to_string()));
-    }
-
-    #[test]
-    fn test_session_info_parent_uuid_alias_deser() {
-        let json = r#"{"id":"ses_child","version":"1.1.30","parentUUID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
-        let info: SessionInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(info.parent_id, Some("ses_parent".to_string()));
-    }
-
-    #[test]
-    fn test_session_context_has_source_path() {
-        let temp_dir = std::env::temp_dir().join(format!(
-            "opensession-opencode-parser-source-path-{}",
-            std::time::SystemTime::now()
-                .duration_since(std::time::UNIX_EPOCH)
-                .expect("clock ok")
-                .as_nanos()
-        ));
-        std::fs::create_dir_all(&temp_dir).unwrap();
-        let session_path = temp_dir.join("session.json");
-        write(
-            &session_path,
-            r#"{"id":"ses_parent","version":"1.1.30","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
-        )
-        .unwrap();
-
-        let session = parse_opencode_session(&session_path).expect("parse session");
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get("source_path")
-                .and_then(|value| value.as_str()),
-            Some(session_path.to_str().unwrap())
-        );
-    }
-
-    #[test]
-    fn test_message_info_deser() {
-        let json = r#"{"id":"msg_abc","sessionID":"ses_abc","role":"user","model":{"providerID":"openai","modelID":"gpt-5.2-codex"},"time":{"created":1753359830903}}"#;
-        let msg: MessageInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(msg.id, "msg_abc");
-        assert_eq!(msg.role, "user");
-        let model = msg.model.unwrap();
-        assert_eq!(model.provider_id, Some("openai".to_string()));
-        assert_eq!(model.model_id, Some("gpt-5.2-codex".to_string()));
-    }
-
-    #[test]
-    fn test_message_info_deser_top_level_model_fields() {
-        let json = r#"{"id":"msg_xyz","sessionID":"ses_abc","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359830903}}"#;
-        let msg: MessageInfo = serde_json::from_str(json).unwrap();
-        assert_eq!(msg.id, "msg_xyz");
-        assert_eq!(msg.provider_id.as_deref(), Some("openai"));
-        assert_eq!(msg.model_id.as_deref(), Some("gpt-5.2-codex"));
-    }
-
-    #[test]
-    fn test_can_parse() {
-        let parser = OpenCodeParser;
-        assert!(parser.can_parse(Path::new(
-            "/Users/test/.local/share/opencode/storage/session/abc123/ses_xyz.json"
-        )));
-        assert!(!parser.can_parse(Path::new(
-            "/Users/test/.local/share/opencode/storage/message/ses_xyz/msg_abc.json"
-        )));
-    }
-
-    fn tmp_test_root() -> std::path::PathBuf {
-        let since_epoch = SystemTime::now()
-            .duration_since(UNIX_EPOCH)
-            .expect("system time should be valid")
-            .as_nanos();
-        let root = std::env::temp_dir().join(format!("opensession-opencode-parser-{since_epoch}"));
-        std::fs::create_dir_all(&root).expect("create temp dir");
-        root
-    }
-
-    #[test]
-    fn test_parse_relates_child_session_to_parent() {
-        let root = tmp_test_root();
-        let project = root.join("proj-test");
-        let session_dir = project.join("storage").join("session").join("example");
-        let message_dir = project.join("storage").join("message").join("ses_child");
-        let part_dir = project.join("storage").join("part").join("msg_001");
-        create_dir_all(&session_dir).expect("create session dir");
-        create_dir_all(&message_dir).expect("create message dir");
-        create_dir_all(&part_dir).expect("create part dir");
-
-        write(
-            session_dir.join("ses_child.json"),
-            r#"{"id":"ses_child","version":"1.1.30","parentID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
-        )
-        .expect("write session file");
-        write(
-            message_dir.join("msg_001.json"),
-            r#"{"id":"msg_001","sessionID":"ses_child","role":"user","time":{"created":1753359831000}}"#,
-        )
-        .expect("write message file");
-        write(
-            part_dir.join("part_001.json"),
-            r#"{"id":"part_001","messageID":"msg_001","type":"text","text":"hello","time":{"start":1753359831000,"end":1753359831000}}"#,
-        )
-        .expect("write part file");
-
-        let session =
-            parse_opencode_session(&session_dir.join("ses_child.json")).expect("parse session");
-        assert_eq!(
-            session.context.related_session_ids,
-            vec!["ses_parent".to_string()]
-        );
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get("parent_session_id")
-                .and_then(|v| v.as_str()),
-            Some("ses_parent")
-        );
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get("session_role")
-                .and_then(|v| v.as_str()),
-            Some("auxiliary")
-        );
-        assert_eq!(session.stats.event_count, 1);
-    }
-
-    #[test]
-    fn test_parse_part_dir_prefixed_msg_fallback() {
-        let root = tmp_test_root();
-        let project = root.join("proj-prefixed");
-        let session_dir = project.join("storage").join("session").join("example");
-        let message_dir = project.join("storage").join("message").join("ses_fallback");
-        let part_dir = project.join("storage").join("part").join("msg_abc123");
-        create_dir_all(&session_dir).expect("create session dir");
-        create_dir_all(&message_dir).expect("create message dir");
-        create_dir_all(&part_dir).expect("create part dir");
-
-        write(
-            session_dir.join("ses_fallback.json"),
-            r#"{"id":"ses_fallback","version":"1.1.30","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
-        )
-        .expect("write session file");
-        write(
-            message_dir.join("abc123.json"),
-            r#"{"id":"abc123","sessionID":"ses_fallback","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359831000}}"#,
-        )
-        .expect("write message file");
-        write(
-            part_dir.join("part_001.json"),
-            r#"{"id":"part_001","messageID":"abc123","type":"text","text":"assistant reply","time":{"start":1753359831000,"end":1753359831200}}"#,
-        )
-        .expect("write part file");
-
-        let session =
-            parse_opencode_session(&session_dir.join("ses_fallback.json")).expect("parse session");
-        assert!(
-            session
-                .events
-                .iter()
-                .any(|event| matches!(event.event_type, EventType::AgentMessage))
-        );
-        assert_eq!(session.agent.provider, "openai");
-        assert_eq!(session.agent.model, "gpt-5.2-codex");
-        assert_eq!(
-            session
-                .context
-                .attributes
-                .get("session_role")
-                .and_then(|v| v.as_str()),
-            Some("primary")
-        );
-    }
-
-    #[test]
-    fn test_parse_reasoning_and_call_id_normalization() {
-        let root = tmp_test_root();
-        let project = root.join("proj-company");
-        let session_dir = project.join("storage").join("session").join("example");
-        let message_dir = project.join("storage").join("message").join("ses_company");
-        let user_part_dir = project.join("storage").join("part").join("msg_user");
-        let assistant_part_dir = project.join("storage").join("part").join("msg_assistant");
-        create_dir_all(&session_dir).expect("create session dir");
-        create_dir_all(&message_dir).expect("create message dir");
-        create_dir_all(&user_part_dir).expect("create user part dir");
-        create_dir_all(&assistant_part_dir).expect("create assistant part dir");
-
-        write(
-            session_dir.join("ses_company.json"),
-            r#"{"id":"ses_company","version":"1.2.0","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
-        )
-        .expect("write session");
-        write(
-            message_dir.join("msg_user.json"),
-            r#"{"id":"msg_user","sessionID":"ses_company","role":"user","model":{"providerID":"openai","modelID":"gpt-5.2-codex"},"time":{"created":1753359831000}}"#,
-        )
-        .expect("write user message");
-        write(
-            message_dir.join("msg_assistant.json"),
-            r#"{"id":"msg_assistant","sessionID":"ses_company","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359832000,"completed":1753359835000}}"#,
-        )
-        .expect("write assistant message");
-
-        write(
-            user_part_dir.join("part_user_text.json"),
-            r#"{"id":"part_user_text","messageID":"msg_user","type":"text","text":"run diagnostics","time":{"start":1753359831000,"end":1753359831100}}"#,
-        )
-        .expect("write user text part");
-        write(
-            user_part_dir.join("part_user_file.json"),
-            r#"{"id":"part_user_file","messageID":"msg_user","type":"file","filename":"notes.md","url":"file:///tmp/proj/notes.md","time":{"start":1753359831050,"end":1753359831050}}"#,
-        )
-        .expect("write user file part");
-        write(
-            assistant_part_dir.join("part_reasoning.json"),
-            r#"{"id":"part_reasoning","messageID":"msg_assistant","type":"reasoning","text":"","metadata":{"openai":{"reasoningEncryptedContent":"abc"}},"time":{"start":1753359832100,"end":1753359832200}}"#,
-        )
-        .expect("write reasoning part");
-        write(
-            assistant_part_dir.join("part_tool_done.json"),
-            r#"{"id":"part_tool_done","messageID":"msg_assistant","type":"tool","callID":"call_abc","tool":"grep","state":{"status":"Completed","input":{"pattern":"todo","path":"/tmp/proj"},"output":"Found 1 match","title":"todo","time":{"start":1753359832300,"end":1753359832400}}}"#,
-        )
-        .expect("write completed tool part");
-        write(
-            assistant_part_dir.join("part_tool_running.json"),
-            r#"{"id":"part_tool_running","messageID":"msg_assistant","type":"tool","callID":"  functions.edit:27 ","tool":"edit","state":{"status":"running","input":{"filePath":"/tmp/proj/main.rs"},"time":{"start":1753359832500}}}"#,
-        )
-        .expect("write running tool part");
-        write(
-            assistant_part_dir.join("part_patch.json"),
-            r#"{"id":"part_patch","messageID":"msg_assistant","type":"patch","hash":"abc123","files":["/tmp/proj/main.rs","/tmp/proj/lib.rs"],"time":{"start":1753359832450,"end":1753359832450}}"#,
-        )
-        .expect("write patch part");
-
-        let session =
-            parse_opencode_session(&session_dir.join("ses_company.json")).expect("parse session");
-
-        let thinking = session
-            .events
-            .iter()
-            .find(|event| matches!(event.event_type, EventType::Thinking))
-            .expect("thinking event");
-        assert_eq!(
-            thinking
-                .content
-                .blocks
-                .first()
-                .and_then(|block| match block {
-                    opensession_core::trace::ContentBlock::Text { text } => Some(text.as_str()),
-                    _ => None,
-                }),
-            Some("Encrypted reasoning")
-        );
-
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::ToolResult { name, call_id, .. }
-                    if name == "grep" && call_id.as_deref() == Some("call_abc")
-            )
-        }));
-
-        assert!(session.events.iter().any(|event| {
-            matches!(event.event_type, EventType::UserMessage)
-                && event.content.blocks.iter().any(|block| {
-                    matches!(
-                        block,
-                        opensession_core::trace::ContentBlock::Text { text }
-                            if text == "Attached file: notes.md"
-                    )
-                })
-        }));
-
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::FileEdit { path, .. } if path == "/tmp/proj/lib.rs"
-            ) && event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("part:patch:file")
-        }));
-
-        assert!(session.events.iter().any(|event| {
-            matches!(&event.event_type, EventType::FileEdit { .. })
-                && event
-                    .attributes
-                    .get("semantic.call_id")
-                    .and_then(|v| v.as_str())
-                    == Some("functions.edit:27")
-        }));
-
-        assert!(session.events.iter().any(|event| {
-            matches!(&event.event_type, EventType::TaskEnd { .. })
-                && event.task_id.as_deref() == Some("functions.edit:27")
-                && event
-                    .attributes
-                    .get("source.raw_type")
-                    .and_then(|v| v.as_str())
-                    == Some("synthetic:task-end")
-        }));
-    }
-
-    #[test]
-    fn test_patch_with_many_files_emits_summary_event() {
-        let root = tmp_test_root();
-        let project = root.join("proj-patch-summary");
-        let session_dir = project.join("storage").join("session").join("example");
-        let message_dir = project
-            .join("storage")
-            .join("message")
-            .join("ses_patch_summary");
-        let part_dir = project.join("storage").join("part").join("msg_assistant");
-        create_dir_all(&session_dir).expect("create session dir");
-        create_dir_all(&message_dir).expect("create message dir");
-        create_dir_all(&part_dir).expect("create part dir");
-
-        write(
-            session_dir.join("ses_patch_summary.json"),
-            r#"{"id":"ses_patch_summary","version":"1.2.0","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
-        )
-        .expect("write session");
-        write(
-            message_dir.join("msg_assistant.json"),
-            r#"{"id":"msg_assistant","sessionID":"ses_patch_summary","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359832000,"completed":1753359835000}}"#,
-        )
-        .expect("write assistant message");
-        write(
-            part_dir.join("part_patch_many.json"),
-            r#"{"id":"part_patch_many","messageID":"msg_assistant","type":"patch","hash":"manyhash","files":["/tmp/proj/f1.rs","/tmp/proj/f2.rs","/tmp/proj/f3.rs","/tmp/proj/f4.rs","/tmp/proj/f5.rs","/tmp/proj/f6.rs","/tmp/proj/f7.rs","/tmp/proj/f8.rs","/tmp/proj/f9.rs"],"time":{"start":1753359832100,"end":1753359832200}}"#,
-        )
-        .expect("write patch part");
-
-        let session = parse_opencode_session(&session_dir.join("ses_patch_summary.json"))
-            .expect("parse patch summary session");
-
-        assert!(
-            !session
-                .events
-                .iter()
-                .any(|event| matches!(&event.event_type, EventType::FileEdit { .. }))
-        );
-        assert!(session.events.iter().any(|event| {
-            matches!(
-                &event.event_type,
-                EventType::Custom { kind } if kind == "patch"
-            ) && event
-                .attributes
-                .get("source.raw_type")
-                .and_then(|v| v.as_str())
-                == Some("part:patch:summary")
-                && event.content.blocks.iter().any(|block| {
-                    matches!(
-                        block,
-                        opensession_core::trace::ContentBlock::Json { data }
-                            if data
-                                .get("file_count")
-                                .and_then(|v| v.as_u64())
-                                == Some(9)
-                    )
-                })
-        }));
-    }
-
-    use chrono::Datelike;
-}
+mod tests;
diff --git a/crates/parsers/src/opencode/tests.rs b/crates/parsers/src/opencode/tests.rs
new file mode 100644
index 00000000..b14a0d00
--- /dev/null
+++ b/crates/parsers/src/opencode/tests.rs
@@ -0,0 +1,473 @@
+use super::*;
+use chrono::Datelike;
+use std::fs::{create_dir_all, write};
+use std::time::{SystemTime, UNIX_EPOCH};
+
+#[test]
+fn test_millis_to_datetime() {
+    let dt = millis_to_datetime(1753359830903);
+    assert!(dt.year() >= 2025);
+}
+
+#[test]
+fn test_classify_bash() {
+    let input = Some(serde_json::json!({"command": "ls -la"}));
+    let et = classify_opencode_tool("bash", &input);
+    match et {
+        EventType::ShellCommand { command, .. } => assert_eq!(command, "ls -la"),
+        _ => panic!("Expected ShellCommand"),
+    }
+}
+
+#[test]
+fn test_classify_read_with_camel_case_path() {
+    let input = Some(serde_json::json!({"filePath": "/tmp/demo.rs"}));
+    let et = classify_opencode_tool("read", &input);
+    match et {
+        EventType::FileRead { path } => assert_eq!(path, "/tmp/demo.rs"),
+        _ => panic!("Expected FileRead"),
+    }
+}
+
+#[test]
+fn test_tool_status_terminal_variants() {
+    assert!(is_terminal_tool_status("completed"));
+    assert!(is_terminal_tool_status("FAILED"));
+    assert!(is_terminal_tool_status("canceled"));
+    assert!(!is_terminal_tool_status("running"));
+}
+
+#[test]
+fn test_normalized_call_id_trims_whitespace() {
+    assert_eq!(
+        normalized_call_id(Some("  functions.edit:27 ")).as_deref(),
+        Some("functions.edit:27")
+    );
+    assert_eq!(normalized_call_id(Some("   ")), None);
+}
+
+#[test]
+fn test_extract_tool_output_text_fallbacks() {
+    let state_output = ToolState {
+        status: Some("completed".to_string()),
+        input: None,
+        output: Some(serde_json::json!("done")),
+        error: Some(serde_json::json!("ignored error")),
+        metadata: None,
+        title: None,
+        time: None,
+    };
+    assert_eq!(
+        extract_tool_output_text(Some(&state_output)).as_deref(),
+        Some("done")
+    );
+
+    let state_error = ToolState {
+        status: Some("error".to_string()),
+        input: None,
+        output: None,
+        error: Some(serde_json::json!("failed")),
+        metadata: Some(serde_json::json!({"output": "metadata output"})),
+        title: None,
+        time: None,
+    };
+    assert_eq!(
+        extract_tool_output_text(Some(&state_error)).as_deref(),
+        Some("failed")
+    );
+
+    let state_meta = ToolState {
+        status: Some("error".to_string()),
+        input: None,
+        output: None,
+        error: None,
+        metadata: Some(serde_json::json!({"output": "metadata output"})),
+        title: None,
+        time: None,
+    };
+    assert_eq!(
+        extract_tool_output_text(Some(&state_meta)).as_deref(),
+        Some("metadata output")
+    );
+}
+
+#[test]
+fn test_session_info_deser() {
+    let json = r#"{"id":"ses_abc","version":"1.1.30","title":"Test session","projectID":"abc123","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
+    let info: SessionInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(info.id, "ses_abc");
+    assert_eq!(info.title, Some("Test session".to_string()));
+    assert_eq!(info.directory, Some("/tmp/proj".to_string()));
+}
+
+#[test]
+fn test_session_info_parent_id_deser() {
+    let json = r#"{"id":"ses_child","version":"1.1.30","parentID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
+    let info: SessionInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(info.parent_id, Some("ses_parent".to_string()));
+}
+
+#[test]
+fn test_session_info_parent_id_alias_deser() {
+    let json = r#"{"id":"ses_child","version":"1.1.30","parentId":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
+    let info: SessionInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(info.parent_id, Some("ses_parent".to_string()));
+}
+
+#[test]
+fn test_session_info_parent_uuid_alias_deser() {
+    let json = r#"{"id":"ses_child","version":"1.1.30","parentUUID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#;
+    let info: SessionInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(info.parent_id, Some("ses_parent".to_string()));
+}
+
+#[test]
+fn test_session_context_has_source_path() {
+    let temp_dir = std::env::temp_dir().join(format!(
+        "opensession-opencode-parser-source-path-{}",
+        std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .expect("clock ok")
+            .as_nanos()
+    ));
+    std::fs::create_dir_all(&temp_dir).unwrap();
+    let session_path = temp_dir.join("session.json");
+    write(
+        &session_path,
+        r#"{"id":"ses_parent","version":"1.1.30","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
+    )
+    .unwrap();
+
+    let session = parse_opencode_session(&session_path).expect("parse session");
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get("source_path")
+            .and_then(|value| value.as_str()),
+        Some(session_path.to_str().expect("path to str"))
+    );
+}
+
+#[test]
+fn test_message_info_deser() {
+    let json = r#"{"id":"msg_abc","sessionID":"ses_abc","role":"user","model":{"providerID":"openai","modelID":"gpt-5.2-codex"},"time":{"created":1753359830903}}"#;
+    let msg: MessageInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(msg.id, "msg_abc");
+    assert_eq!(msg.role, "user");
+    let model = msg.model.expect("model ref");
+    assert_eq!(model.provider_id, Some("openai".to_string()));
+    assert_eq!(model.model_id, Some("gpt-5.2-codex".to_string()));
+}
+
+#[test]
+fn test_message_info_deser_top_level_model_fields() {
+    let json = r#"{"id":"msg_xyz","sessionID":"ses_abc","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359830903}}"#;
+    let msg: MessageInfo = serde_json::from_str(json).unwrap();
+    assert_eq!(msg.id, "msg_xyz");
+    assert_eq!(msg.provider_id.as_deref(), Some("openai"));
+    assert_eq!(msg.model_id.as_deref(), Some("gpt-5.2-codex"));
+}
+
+#[test]
+fn test_can_parse() {
+    let parser = OpenCodeParser;
+    assert!(parser.can_parse(Path::new(
+        "/Users/test/.local/share/opencode/storage/session/abc123/ses_xyz.json"
+    )));
+    assert!(!parser.can_parse(Path::new(
+        "/Users/test/.local/share/opencode/storage/message/ses_xyz/msg_abc.json"
+    )));
+}
+
+fn tmp_test_root() -> std::path::PathBuf {
+    let since_epoch = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("system time should be valid")
+        .as_nanos();
+    let root = std::env::temp_dir().join(format!("opensession-opencode-parser-{since_epoch}"));
+    std::fs::create_dir_all(&root).expect("create temp dir");
+    root
+}
+
+#[test]
+fn test_parse_relates_child_session_to_parent() {
+    let root = tmp_test_root();
+    let project = root.join("proj-test");
+    let session_dir = project.join("storage").join("session").join("example");
+    let message_dir = project.join("storage").join("message").join("ses_child");
+    let part_dir = project.join("storage").join("part").join("msg_001");
+    create_dir_all(&session_dir).expect("create session dir");
+    create_dir_all(&message_dir).expect("create message dir");
+    create_dir_all(&part_dir).expect("create part dir");
+
+    write(
+        session_dir.join("ses_child.json"),
+        r#"{"id":"ses_child","version":"1.1.30","parentID":"ses_parent","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
+    )
+    .expect("write session file");
+    write(
+        message_dir.join("msg_001.json"),
+        r#"{"id":"msg_001","sessionID":"ses_child","role":"user","time":{"created":1753359831000}}"#,
+    )
+    .expect("write message file");
+    write(
+        part_dir.join("part_001.json"),
+        r#"{"id":"part_001","messageID":"msg_001","type":"text","text":"hello","time":{"start":1753359831000,"end":1753359831000}}"#,
+    )
+    .expect("write part file");
+
+    let session =
+        parse_opencode_session(&session_dir.join("ses_child.json")).expect("parse session");
+    assert_eq!(
+        session.context.related_session_ids,
+        vec!["ses_parent".to_string()]
+    );
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get("parent_session_id")
+            .and_then(|value| value.as_str()),
+        Some("ses_parent")
+    );
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get("session_role")
+            .and_then(|value| value.as_str()),
+        Some("auxiliary")
+    );
+    assert_eq!(session.stats.event_count, 1);
+}
+
+#[test]
+fn test_parse_part_dir_prefixed_msg_fallback() {
+    let root = tmp_test_root();
+    let project = root.join("proj-prefixed");
+    let session_dir = project.join("storage").join("session").join("example");
+    let message_dir = project.join("storage").join("message").join("ses_fallback");
+    let part_dir = project.join("storage").join("part").join("msg_abc123");
+    create_dir_all(&session_dir).expect("create session dir");
+    create_dir_all(&message_dir).expect("create message dir");
+    create_dir_all(&part_dir).expect("create part dir");
+
+    write(
+        session_dir.join("ses_fallback.json"),
+        r#"{"id":"ses_fallback","version":"1.1.30","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
+    )
+    .expect("write session file");
+    write(
+        message_dir.join("abc123.json"),
+        r#"{"id":"abc123","sessionID":"ses_fallback","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359831000}}"#,
+    )
+    .expect("write message file");
+    write(
+        part_dir.join("part_001.json"),
+        r#"{"id":"part_001","messageID":"abc123","type":"text","text":"assistant reply","time":{"start":1753359831000,"end":1753359831200}}"#,
+    )
+    .expect("write part file");
+
+    let session =
+        parse_opencode_session(&session_dir.join("ses_fallback.json")).expect("parse session");
+    assert!(
+        session
+            .events
+            .iter()
+            .any(|event| matches!(event.event_type, EventType::AgentMessage))
+    );
+    assert_eq!(session.agent.provider, "openai");
+    assert_eq!(session.agent.model, "gpt-5.2-codex");
+    assert_eq!(
+        session
+            .context
+            .attributes
+            .get("session_role")
+            .and_then(|value| value.as_str()),
+        Some("primary")
+    );
+}
+
+#[test]
+fn test_parse_reasoning_and_call_id_normalization() {
+    let root = tmp_test_root();
+    let project = root.join("proj-company");
+    let session_dir = project.join("storage").join("session").join("example");
+    let message_dir = project.join("storage").join("message").join("ses_company");
+    let user_part_dir = project.join("storage").join("part").join("msg_user");
+    let assistant_part_dir = project.join("storage").join("part").join("msg_assistant");
+    create_dir_all(&session_dir).expect("create session dir");
+    create_dir_all(&message_dir).expect("create message dir");
+    create_dir_all(&user_part_dir).expect("create user part dir");
+    create_dir_all(&assistant_part_dir).expect("create assistant part dir");
+
+    write(
+        session_dir.join("ses_company.json"),
+        r#"{"id":"ses_company","version":"1.2.0","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
+    )
+    .expect("write session");
+    write(
+        message_dir.join("msg_user.json"),
+        r#"{"id":"msg_user","sessionID":"ses_company","role":"user","model":{"providerID":"openai","modelID":"gpt-5.2-codex"},"time":{"created":1753359831000}}"#,
+    )
+    .expect("write user message");
+    write(
+        message_dir.join("msg_assistant.json"),
+        r#"{"id":"msg_assistant","sessionID":"ses_company","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359832000,"completed":1753359835000}}"#,
+    )
+    .expect("write assistant message");
+
+    write(
+        user_part_dir.join("part_user_text.json"),
+        r#"{"id":"part_user_text","messageID":"msg_user","type":"text","text":"run diagnostics","time":{"start":1753359831000,"end":1753359831100}}"#,
+    )
+    .expect("write user text part");
+    write(
+        user_part_dir.join("part_user_file.json"),
+        r#"{"id":"part_user_file","messageID":"msg_user","type":"file","filename":"notes.md","url":"file:///tmp/proj/notes.md","time":{"start":1753359831050,"end":1753359831050}}"#,
+    )
+    .expect("write user file part");
+    write(
+        assistant_part_dir.join("part_reasoning.json"),
+        r#"{"id":"part_reasoning","messageID":"msg_assistant","type":"reasoning","text":"","metadata":{"openai":{"reasoningEncryptedContent":"abc"}},"time":{"start":1753359832100,"end":1753359832200}}"#,
+    )
+    .expect("write reasoning part");
+    write(
+        assistant_part_dir.join("part_tool_done.json"),
+        r#"{"id":"part_tool_done","messageID":"msg_assistant","type":"tool","callID":"call_abc","tool":"grep","state":{"status":"Completed","input":{"pattern":"todo","path":"/tmp/proj"},"output":"Found 1 match","title":"todo","time":{"start":1753359832300,"end":1753359832400}}}"#,
+    )
+    .expect("write completed tool part");
+    write(
+        assistant_part_dir.join("part_tool_running.json"),
+        r#"{"id":"part_tool_running","messageID":"msg_assistant","type":"tool","callID":"  functions.edit:27 ","tool":"edit","state":{"status":"running","input":{"filePath":"/tmp/proj/main.rs"},"time":{"start":1753359832500}}}"#,
+    )
+    .expect("write running tool part");
+    write(
+        assistant_part_dir.join("part_patch.json"),
+        r#"{"id":"part_patch","messageID":"msg_assistant","type":"patch","hash":"abc123","files":["/tmp/proj/main.rs","/tmp/proj/lib.rs"],"time":{"start":1753359832450,"end":1753359832450}}"#,
+    )
+    .expect("write patch part");
+
+    let session =
+        parse_opencode_session(&session_dir.join("ses_company.json")).expect("parse session");
+
+    let thinking = session
+        .events
+        .iter()
+        .find(|event| matches!(event.event_type, EventType::Thinking))
+        .expect("thinking event");
+    assert_eq!(
+        thinking
+            .content
+            .blocks
+            .first()
+            .and_then(|block| match block {
+                opensession_core::trace::ContentBlock::Text { text } => Some(text.as_str()),
+                _ => None,
+            }),
+        Some("Encrypted reasoning")
+    );
+
+    assert!(session.events.iter().any(|event| {
+        matches!(
+            &event.event_type,
+            EventType::ToolResult { name, call_id, .. }
+                if name == "grep" && call_id.as_deref() == Some("call_abc")
+        )
+    }));
+
+    assert!(session.events.iter().any(|event| {
+        matches!(event.event_type, EventType::UserMessage)
+            && event.content.blocks.iter().any(|block| {
+                matches!(
+                    block,
+                    opensession_core::trace::ContentBlock::Text { text } if text == "Attached file: notes.md"
+                )
+            })
+    }));
+
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::FileEdit { path, .. } if path == "/tmp/proj/lib.rs")
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|value| value.as_str())
+                == Some("part:patch:file")
+    }));
+
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::FileEdit { .. })
+            && event
+                .attributes
+                .get("semantic.call_id")
+                .and_then(|value| value.as_str())
+                == Some("functions.edit:27")
+    }));
+
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::TaskEnd { .. })
+            && event.task_id.as_deref() == Some("functions.edit:27")
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|value| value.as_str())
+                == Some("synthetic:task-end")
+    }));
+}
+
+#[test]
+fn test_patch_with_many_files_emits_summary_event() {
+    let root = tmp_test_root();
+    let project = root.join("proj-patch-summary");
+    let session_dir = project.join("storage").join("session").join("example");
+    let message_dir = project
+        .join("storage")
+        .join("message")
+        .join("ses_patch_summary");
+    let part_dir = project.join("storage").join("part").join("msg_assistant");
+    create_dir_all(&session_dir).expect("create session dir");
+    create_dir_all(&message_dir).expect("create message dir");
+    create_dir_all(&part_dir).expect("create part dir");
+
+    write(
+        session_dir.join("ses_patch_summary.json"),
+        r#"{"id":"ses_patch_summary","version":"1.2.0","directory":"/tmp/proj","time":{"created":1753359830903,"updated":1753360246507}}"#,
+    )
+    .expect("write session");
+    write(
+        message_dir.join("msg_assistant.json"),
+        r#"{"id":"msg_assistant","sessionID":"ses_patch_summary","role":"assistant","providerID":"openai","modelID":"gpt-5.2-codex","time":{"created":1753359832000,"completed":1753359835000}}"#,
+    )
+    .expect("write assistant message");
+    write(
+        part_dir.join("part_patch_many.json"),
+        r#"{"id":"part_patch_many","messageID":"msg_assistant","type":"patch","hash":"manyhash","files":["/tmp/proj/f1.rs","/tmp/proj/f2.rs","/tmp/proj/f3.rs","/tmp/proj/f4.rs","/tmp/proj/f5.rs","/tmp/proj/f6.rs","/tmp/proj/f7.rs","/tmp/proj/f8.rs","/tmp/proj/f9.rs"],"time":{"start":1753359832100,"end":1753359832200}}"#,
+    )
+    .expect("write patch part");
+
+    let session = parse_opencode_session(&session_dir.join("ses_patch_summary.json"))
+        .expect("parse patch summary session");
+
+    assert!(
+        !session
+            .events
+            .iter()
+            .any(|event| matches!(&event.event_type, EventType::FileEdit { .. }))
+    );
+    assert!(session.events.iter().any(|event| {
+        matches!(&event.event_type, EventType::Custom { kind } if kind == "patch")
+            && event
+                .attributes
+                .get("source.raw_type")
+                .and_then(|value| value.as_str())
+                == Some("part:patch:summary")
+            && event.content.blocks.iter().any(|block| {
+                matches!(
+                    block,
+                    opensession_core::trace::ContentBlock::Json { data }
+                        if data.get("file_count").and_then(|value| value.as_u64()) == Some(9)
+                )
+            })
+    }));
+}
diff --git a/crates/parsers/tests/real_data.rs b/crates/parsers/tests/real_data.rs
index b53da3c4..c9d4a457 100644
--- a/crates/parsers/tests/real_data.rs
+++ b/crates/parsers/tests/real_data.rs
@@ -5,7 +5,7 @@
 #[ignore = "requires real Codex session files"]
 fn parse_real_codex_session() {
     let registry = opensession_parsers::ParserRegistry::default();
-    let paths = opensession_parsers::discover::discover_for_tool("codex");
+    let paths = opensession_parser_discovery::discover_for_tool("codex");
     assert!(!paths.is_empty(), "No Codex session files found");
 
     for path in &paths {
@@ -38,7 +38,7 @@ fn parse_real_codex_session() {
 #[ignore = "requires real Gemini session files"]
 fn parse_real_gemini_session() {
     let registry = opensession_parsers::ParserRegistry::default();
-    let paths = opensession_parsers::discover::discover_for_tool("gemini");
+    let paths = opensession_parser_discovery::discover_for_tool("gemini");
     assert!(!paths.is_empty(), "No Gemini session files found");
 
     for path in &paths {
@@ -70,7 +70,7 @@ fn parse_real_gemini_session() {
 #[ignore = "requires real OpenCode session files"]
 fn parse_real_opencode_session() {
     let registry = opensession_parsers::ParserRegistry::default();
-    let paths = opensession_parsers::discover::discover_for_tool("opencode");
+    let paths = opensession_parser_discovery::discover_for_tool("opencode");
     assert!(!paths.is_empty(), "No OpenCode session files found");
 
     for path in &paths {
diff --git a/crates/paths/Cargo.toml b/crates/paths/Cargo.toml
new file mode 100644
index 00000000..a8c14ca0
--- /dev/null
+++ b/crates/paths/Cargo.toml
@@ -0,0 +1,21 @@
+[package]
+name = "opensession-paths"
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+repository.workspace = true
+homepage.workspace = true
+description = "Centralized OpenSession runtime path helpers"
+include = ["src/**/*.rs", "Cargo.toml", "LICENSE", "README.md"]
+
+[lib]
+doctest = false
+
+[lints]
+workspace = true
+
+[dependencies]
+directories = { workspace = true }
+opensession-runtime-config = { workspace = true }
+thiserror = { workspace = true }
diff --git a/crates/paths/src/lib.rs b/crates/paths/src/lib.rs
new file mode 100644
index 00000000..11328c4b
--- /dev/null
+++ b/crates/paths/src/lib.rs
@@ -0,0 +1,161 @@
+use directories::BaseDirs;
+use opensession_runtime_config::CONFIG_FILE_NAME;
+use std::path::{Path, PathBuf};
+
+#[derive(Debug, thiserror::Error)]
+pub enum PathError {
+    #[error("could not determine home directory")]
+    HomeUnavailable,
+}
+
+fn base_dirs() -> Result<BaseDirs, PathError> {
+    BaseDirs::new().ok_or(PathError::HomeUnavailable)
+}
+
+fn join_segments(base: &Path, segments: &[&str]) -> PathBuf {
+    segments
+        .iter()
+        .fold(base.to_path_buf(), |path, segment| path.join(segment))
+}
+
+pub fn home_dir() -> Result<PathBuf, PathError> {
+    Ok(base_dirs()?.home_dir().to_path_buf())
+}
+
+pub fn config_dir() -> Result<PathBuf, PathError> {
+    Ok(join_segments(&home_dir()?, &[".config", "opensession"]))
+}
+
+pub fn data_dir() -> Result<PathBuf, PathError> {
+    Ok(join_segments(
+        &home_dir()?,
+        &[".local", "share", "opensession"],
+    ))
+}
+
+pub fn runtime_config_path() -> Result<PathBuf, PathError> {
+    Ok(config_dir()?.join(CONFIG_FILE_NAME))
+}
+
+pub fn local_db_path() -> Result<PathBuf, PathError> {
+    if let Some(path) = std::env::var_os("OPENSESSION_LOCAL_DB_PATH")
+        .map(PathBuf::from)
+        .filter(|path| !path.as_os_str().is_empty())
+    {
+        return Ok(path);
+    }
+    Ok(data_dir()?.join("local.db"))
+}
+
+pub fn local_store_root() -> Result<PathBuf, PathError> {
+    Ok(data_dir()?.join("objects"))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{
+        config_dir, data_dir, home_dir, local_db_path, local_store_root, runtime_config_path,
+    };
+    use opensession_runtime_config::CONFIG_FILE_NAME;
+    use std::path::PathBuf;
+    use std::sync::{Mutex, OnceLock};
+
+    fn env_test_lock() -> &'static Mutex<()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+    }
+
+    struct EnvVarGuard {
+        key: &'static str,
+        previous: Option<std::ffi::OsString>,
+    }
+
+    impl EnvVarGuard {
+        fn set(key: &'static str, value: &str) -> Self {
+            let previous = std::env::var_os(key);
+            // SAFETY: tests serialize environment mutation with `env_test_lock`, so no
+            // concurrent readers/writers observe partially updated process env state.
+            unsafe { std::env::set_var(key, value) };
+            Self { key, previous }
+        }
+
+        fn clear(key: &'static str) -> Self {
+            let previous = std::env::var_os(key);
+            // SAFETY: tests serialize environment mutation with `env_test_lock`, so no
+            // concurrent readers/writers observe partially updated process env state.
+            unsafe { std::env::remove_var(key) };
+            Self { key, previous }
+        }
+    }
+
+    impl Drop for EnvVarGuard {
+        fn drop(&mut self) {
+            if let Some(value) = &self.previous {
+                // SAFETY: tests serialize environment mutation with `env_test_lock`.
+                unsafe { std::env::set_var(self.key, value) };
+            } else {
+                // SAFETY: tests serialize environment mutation with `env_test_lock`.
+                unsafe { std::env::remove_var(self.key) };
+            }
+        }
+    }
+
+    #[test]
+    fn config_path_uses_opensession_suffix() {
+        let path = config_dir().expect("config dir");
+        assert_eq!(
+            path,
+            home_dir()
+                .expect("home dir")
+                .join(".config")
+                .join("opensession")
+        );
+        assert_eq!(
+            runtime_config_path()
+                .expect("runtime config path")
+                .file_name()
+                .expect("runtime config filename")
+                .to_string_lossy(),
+            CONFIG_FILE_NAME
+        );
+    }
+
+    #[test]
+    fn data_paths_use_opensession_suffix() {
+        let _lock = env_test_lock().lock().expect("env lock");
+        let _guard = EnvVarGuard::clear("OPENSESSION_LOCAL_DB_PATH");
+        let path = data_dir().expect("data dir");
+        assert_eq!(
+            path,
+            home_dir()
+                .expect("home dir")
+                .join(".local")
+                .join("share")
+                .join("opensession")
+        );
+        assert_eq!(
+            local_db_path()
+                .expect("local db path")
+                .parent()
+                .expect("local db parent"),
+            path.as_path()
+        );
+        assert_eq!(
+            local_store_root()
+                .expect("local store root")
+                .parent()
+                .expect("local store parent"),
+            path.as_path()
+        );
+    }
+
+    #[test]
+    fn local_db_path_prefers_env_override() {
+        let _lock = env_test_lock().lock().expect("env lock");
+        let _guard = EnvVarGuard::set("OPENSESSION_LOCAL_DB_PATH", "/tmp/opensession-test.db");
+        assert_eq!(
+            local_db_path().expect("local db path"),
+            PathBuf::from("/tmp/opensession-test.db")
+        );
+    }
+}
diff --git a/crates/server/src/routes/admin.rs b/crates/server/src/routes/admin.rs
index d062c9f9..f804fa80 100644
--- a/crates/server/src/routes/admin.rs
+++ b/crates/server/src/routes/admin.rs
@@ -3,11 +3,11 @@ use axum::{
     extract::{Path, State},
     http::HeaderMap,
 };
-use opensession_api::{OkResponse, SessionSummary, db};
+use opensession_api::OkResponse;
 
 use crate::AppConfig;
 use crate::error::ApiErr;
-use crate::storage::{Db, session_from_row, sq_execute, sq_query_row};
+use crate::storage::Db;
 
 /// DELETE /api/admin/sessions/:id — delete a session (admin key required).
 pub async fn delete_session(
@@ -26,14 +26,12 @@ pub async fn delete_session(
         return Err(ApiErr::unauthorized("invalid admin key"));
     }
 
-    let conn = db.conn();
-    let _summary: SessionSummary =
-        sq_query_row(&conn, db::sessions::get_by_id(&id), session_from_row)
-            .map_err(|_| ApiErr::not_found("session not found"))?;
-
-    sq_execute(&conn, db::sessions::delete_links(&id)).map_err(ApiErr::from_db("delete links"))?;
-    sq_execute(&conn, db::sessions::delete(&id)).map_err(ApiErr::from_db("delete session"))?;
-
-    let _ = sq_execute(&conn, db::sessions::delete_fts(&id));
+    let deleted = db
+        .delete_session(&id)
+        .await
+        .map_err(ApiErr::from_db("delete session"))?;
+    if !deleted {
+        return Err(ApiErr::not_found("session not found"));
+    }
     Ok(Json(OkResponse { ok: true }))
 }
diff --git a/crates/server/src/routes/auth.rs b/crates/server/src/routes/auth.rs
index 4ff3d368..9e18d379 100644
--- a/crates/server/src/routes/auth.rs
+++ b/crates/server/src/routes/auth.rs
@@ -11,13 +11,13 @@ use uuid::Uuid;
 use opensession_api::{
     AuthRegisterRequest, AuthTokenResponse, ChangePasswordRequest, CreateGitCredentialRequest,
     GitCredentialSummary, IssueApiKeyResponse, ListGitCredentialsResponse, LoginRequest,
-    OkResponse, RefreshRequest, UserSettingsResponse, VerifyResponse, crypto, db as dbq, oauth,
-    service, service::AuthToken,
+    OkResponse, RefreshRequest, UserSettingsResponse, VerifyResponse, crypto, service,
+    service::AuthToken,
 };
 
 use crate::AppConfig;
 use crate::error::ApiErr;
-use crate::storage::{Db, sq_execute, sq_query_map, sq_query_row};
+use crate::storage::{Db, NewGitCredentialRecord};
 
 const ACCESS_COOKIE_NAME: &str = "opensession_access_token";
 const REFRESH_COOKIE_NAME: &str = "opensession_refresh_token";
@@ -41,7 +41,7 @@ pub struct AuthUser {
     pub email: Option<String>,
 }
 
-fn resolve_auth_user(
+async fn resolve_auth_user(
     token: &str,
     db: &Db,
     config: &AppConfig,
@@ -51,33 +51,32 @@ fn resolve_auth_user(
     let resolved = service::resolve_auth_token(token, &config.jwt_secret, now)
         .map_err(|e| ApiErr::unauthorized(e.message()))?;
 
-    let conn = db.conn();
     match resolved {
         AuthToken::ApiKey(key) => {
             let key_hash = service::hash_api_key(&key);
-            sq_query_row(
-                &conn,
-                dbq::api_keys::get_user_by_valid_key_hash(&key_hash),
-                |row| {
-                    Ok(AuthUser {
-                        user_id: row.get(0)?,
-                        nickname: row.get(1)?,
-                        auth_via_cookie,
-                        email: row.get(2)?,
-                    })
-                },
-            )
-            .map_err(|_| ApiErr::unauthorized("invalid API key"))
+            let user = db
+                .get_auth_user_by_api_key_hash(&key_hash)
+                .await
+                .map_err(|_| ApiErr::unauthorized("invalid API key"))?;
+            Ok(AuthUser {
+                user_id: user.user_id,
+                nickname: user.nickname,
+                auth_via_cookie,
+                email: user.email,
+            })
         }
-        AuthToken::Jwt(user_id) => sq_query_row(&conn, dbq::users::get_by_id(&user_id), |row| {
+        AuthToken::Jwt(user_id) => {
+            let user = db
+                .get_auth_user_by_id(&user_id)
+                .await
+                .map_err(|_| ApiErr::unauthorized("user not found"))?;
             Ok(AuthUser {
-                user_id: row.get(0)?,
-                nickname: row.get(1)?,
+                user_id: user.user_id,
+                nickname: user.nickname,
                 auth_via_cookie,
-                email: row.get(2)?,
+                email: user.email,
             })
-        })
-        .map_err(|_| ApiErr::unauthorized("user not found")),
+        }
     }
 }
 
@@ -107,16 +106,16 @@ fn header_bearer_token(headers: &HeaderMap) -> Option<String> {
         .map(ToOwned::to_owned)
 }
 
-pub fn try_auth_from_headers(
+pub async fn try_auth_from_headers(
     headers: &HeaderMap,
     db: &Db,
     config: &AppConfig,
 ) -> Result<Option<AuthUser>, ApiErr> {
     if let Some(token) = header_bearer_token(headers) {
-        return resolve_auth_user(&token, db, config, false).map(Some);
+        return resolve_auth_user(&token, db, config, false).await.map(Some);
     }
     if let Some(token) = parse_cookie_value(headers, ACCESS_COOKIE_NAME) {
-        return resolve_auth_user(&token, db, config, true).map(Some);
+        return resolve_auth_user(&token, db, config, true).await.map(Some);
     }
     Ok(None)
 }
@@ -133,9 +132,11 @@ where
         let db = Db::from_ref(state);
         let config = AppConfig::from_ref(state);
 
-        try_auth_from_headers(&parts.headers, &db, &config)?.ok_or(ApiErr::unauthorized(
-            "missing or invalid authentication token",
-        ))
+        try_auth_from_headers(&parts.headers, &db, &config)
+            .await?
+            .ok_or(ApiErr::unauthorized(
+                "missing or invalid authentication token",
+            ))
     }
 }
 
@@ -283,16 +284,16 @@ pub(crate) fn enforce_csrf_if_cookie_auth(
 }
 
 /// Public wrapper for oauth module to issue tokens.
-pub fn issue_tokens_pub(
+pub async fn issue_tokens_pub(
     db: &Db,
     jwt_secret: &str,
     user_id: &str,
     nickname: &str,
 ) -> Result<AuthTokenResponse, ApiErr> {
-    issue_tokens(db, jwt_secret, user_id, nickname)
+    issue_tokens(db, jwt_secret, user_id, nickname).await
 }
 
-fn issue_tokens(
+async fn issue_tokens(
     db: &Db,
     jwt_secret: &str,
     user_id: &str,
@@ -302,16 +303,13 @@ fn issue_tokens(
     let bundle =
         service::prepare_token_bundle(jwt_secret, user_id, nickname, now).map_err(ApiErr::from)?;
 
-    let conn = db.conn();
-    sq_execute(
-        &conn,
-        dbq::users::insert_refresh_token(
-            &bundle.token_id,
-            user_id,
-            &bundle.token_hash,
-            &bundle.expires_at,
-        ),
+    db.insert_refresh_token(
+        &bundle.token_id,
+        user_id,
+        &bundle.token_hash,
+        &bundle.expires_at,
     )
+    .await
     .map_err(ApiErr::from_db("issue_tokens"))?;
 
     Ok(bundle.response)
@@ -361,9 +359,7 @@ pub async fn auth_register(
 
     // Check email uniqueness
     {
-        let conn = db.conn();
-        let exists: bool = sq_query_row(&conn, dbq::users::email_exists(&email), |row| row.get(0))
-            .unwrap_or(false);
+        let exists = db.email_exists(&email).await.unwrap_or(false);
         if exists {
             return Err(ApiErr::conflict("email already registered"));
         }
@@ -374,32 +370,19 @@ pub async fn auth_register(
         crypto::hash_password(&req.password).map_err(ApiErr::from)?;
 
     {
-        let conn = db.conn();
-        let result = sq_execute(
-            &conn,
-            dbq::users::insert_with_email(
-                &user_id,
-                &nickname,
-                &email,
-                &password_hash,
-                &password_salt,
-            ),
-        );
-        match result {
-            Ok(_) => {}
-            Err(rusqlite::Error::SqliteFailure(err, _))
-                if err.code == rusqlite::ErrorCode::ConstraintViolation =>
-            {
+        if let Err(err) = db
+            .insert_user_with_email(&user_id, &nickname, &email, &password_hash, &password_salt)
+            .await
+        {
+            if err.is_constraint_violation() {
                 return Err(ApiErr::conflict("nickname already taken"));
             }
-            Err(e) => {
-                tracing::error!("auth_register error: {e}");
-                return Err(ApiErr::internal("internal server error"));
-            }
+            tracing::error!("auth_register error: {err}");
+            return Err(ApiErr::internal("internal server error"));
         }
     }
 
-    let tokens = issue_tokens(&db, &config.jwt_secret, &user_id, &nickname)?;
+    let tokens = issue_tokens(&db, &config.jwt_secret, &user_id, &nickname).await?;
     let cookies = set_cookie_headers_for_auth(&tokens, &headers, &config)?;
     response_with_cookies(StatusCode::CREATED, &tokens, &cookies)
 }
@@ -417,19 +400,12 @@ pub async fn login(
 
     let email = service::validate_email(&req.email).map_err(ApiErr::from)?;
 
-    let conn = db.conn();
-    let user = sq_query_row(&conn, dbq::users::get_by_email_for_login(&email), |row| {
-        Ok((
-            row.get::<_, String>(0)?,
-            row.get::<_, String>(1)?,
-            row.get::<_, Option<String>>(2)?,
-            row.get::<_, Option<String>>(3)?,
-        ))
-    })
-    .map_err(|_| ApiErr::unauthorized("invalid email or password"))?;
+    let user = db
+        .get_login_user(&email)
+        .await
+        .map_err(|_| ApiErr::unauthorized("invalid email or password"))?;
 
-    let (user_id, nickname, hash, salt) = user;
-    let (hash, salt) = match (hash, salt) {
+    let (hash, salt) = match (user.password_hash, user.password_salt) {
         (Some(h), Some(s)) => (h, s),
         _ => {
             return Err(ApiErr::unauthorized(
@@ -441,9 +417,8 @@ pub async fn login(
     if !crypto::verify_password(&req.password, &hash, &salt) {
         return Err(ApiErr::unauthorized("invalid email or password"));
     }
-    drop(conn);
 
-    let tokens = issue_tokens(&db, &config.jwt_secret, &user_id, &nickname)?;
+    let tokens = issue_tokens(&db, &config.jwt_secret, &user.user_id, &user.nickname).await?;
     let cookies = set_cookie_headers_for_auth(&tokens, &headers, &config)?;
     response_with_cookies(StatusCode::OK, &tokens, &cookies)
 }
@@ -463,34 +438,21 @@ pub async fn refresh(
     enforce_csrf_if_cookie_auth(&headers, &config, using_cookie_refresh)?;
     let token_hash = crypto::hash_token(&refresh_token);
 
-    let conn = db.conn();
-    let row = sq_query_row(
-        &conn,
-        dbq::users::lookup_refresh_token(&token_hash),
-        |row| {
-            Ok((
-                row.get::<_, String>(0)?,
-                row.get::<_, String>(1)?,
-                row.get::<_, String>(2)?,
-                row.get::<_, String>(3)?,
-            ))
-        },
-    )
-    .map_err(|_| ApiErr::unauthorized("invalid refresh token"))?;
-
-    let (rt_id, user_id, expires_at, nickname) = row;
+    let row = db
+        .lookup_refresh_token(&token_hash)
+        .await
+        .map_err(|_| ApiErr::unauthorized("invalid refresh token"))?;
 
     let now = chrono::Utc::now().format("%Y-%m-%d %H:%M:%S").to_string();
-    if expires_at < now {
-        sq_execute(&conn, dbq::users::delete_refresh_token_by_id(&rt_id)).ok();
+    if row.expires_at < now {
+        db.delete_refresh_token_by_id(&row.token_id).await.ok();
         return Err(ApiErr::unauthorized("refresh token expired"));
     }
 
     // Rotate: delete old, issue new
-    sq_execute(&conn, dbq::users::delete_refresh_token(&token_hash)).ok();
-    drop(conn);
+    db.delete_refresh_token(&token_hash).await.ok();
 
-    let tokens = issue_tokens(&db, &config.jwt_secret, &user_id, &nickname)?;
+    let tokens = issue_tokens(&db, &config.jwt_secret, &row.user_id, &row.nickname).await?;
     let cookies = set_cookie_headers_for_auth(&tokens, &headers, &config)?;
     response_with_cookies(StatusCode::OK, &tokens, &cookies)
 }
@@ -505,8 +467,7 @@ pub async fn logout(
     if let Ok((refresh_token, using_cookie_refresh)) = resolve_refresh_token(&headers, &body) {
         enforce_csrf_if_cookie_auth(&headers, &config, using_cookie_refresh)?;
         let token_hash = crypto::hash_token(&refresh_token);
-        let conn = db.conn();
-        sq_execute(&conn, dbq::users::delete_refresh_token(&token_hash)).ok();
+        db.delete_refresh_token(&token_hash).await.ok();
     }
     let payload = OkResponse { ok: true };
     let cookies = clear_cookie_headers(&headers, &config);
@@ -522,15 +483,12 @@ pub async fn change_password(
     Json(req): Json<ChangePasswordRequest>,
 ) -> Result<Json<OkResponse>, ApiErr> {
     enforce_csrf_if_cookie_auth(&headers, &config, user.auth_via_cookie)?;
-    let conn = db.conn();
-    let (hash, salt): (Option<String>, Option<String>) = sq_query_row(
-        &conn,
-        dbq::users::get_password_fields(&user.user_id),
-        |row| Ok((row.get(0)?, row.get(1)?)),
-    )
-    .map_err(ApiErr::from_db("change_password lookup"))?;
+    let fields = db
+        .get_password_fields(&user.user_id)
+        .await
+        .map_err(ApiErr::from_db("change_password lookup"))?;
 
-    let (hash, salt) = match (hash, salt) {
+    let (hash, salt) = match (fields.password_hash, fields.password_salt) {
         (Some(h), Some(s)) => (h, s),
         _ => {
             return Err(ApiErr::bad_request(
@@ -546,11 +504,9 @@ pub async fn change_password(
     service::validate_password(&req.new_password).map_err(ApiErr::from)?;
     let (new_hash, new_salt) = crypto::hash_password(&req.new_password).map_err(ApiErr::from)?;
 
-    sq_execute(
-        &conn,
-        dbq::users::update_password(&user.user_id, &new_hash, &new_salt),
-    )
-    .map_err(ApiErr::from_db("change_password update"))?;
+    db.update_password(&user.user_id, &new_hash, &new_salt)
+        .await
+        .map_err(ApiErr::from_db("change_password update"))?;
 
     Ok(Json(OkResponse { ok: true }))
 }
@@ -576,42 +532,18 @@ pub async fn me(
     State(db): State<Db>,
     user: AuthUser,
 ) -> Result<Json<UserSettingsResponse>, ApiErr> {
-    let conn = db.conn();
-    let (email, avatar_url): (Option<String>, Option<String>) =
-        sq_query_row(&conn, dbq::users::get_email_avatar(&user.user_id), |row| {
-            Ok((row.get(0)?, row.get(1)?))
-        })
+    let settings = db
+        .get_user_settings_data(&user.user_id)
+        .await
         .map_err(ApiErr::from_db("me error"))?;
 
-    // Load linked OAuth providers
-    let providers: Vec<oauth::LinkedProvider> =
-        sq_query_map(&conn, dbq::oauth::find_by_user(&user.user_id), |row| {
-            Ok(oauth::LinkedProvider {
-                provider: row.get(1)?,
-                provider_username: row.get::<_, Option<String>>(3)?.unwrap_or_default(),
-                display_name: match row.get::<_, String>(1)?.as_str() {
-                    "github" => "GitHub".to_string(),
-                    "gitlab" => "GitLab".to_string(),
-                    other => other.to_string(),
-                },
-            })
-        })
-        .map_err(ApiErr::from_db("me query oauth"))?;
-
-    let created_at: String = sq_query_row(
-        &conn,
-        dbq::users::get_settings_fields(&user.user_id),
-        |row| row.get(0),
-    )
-    .unwrap_or_default();
-
     Ok(Json(UserSettingsResponse {
         user_id: user.user_id,
         nickname: user.nickname,
-        created_at,
-        email,
-        avatar_url,
-        oauth_providers: providers,
+        created_at: settings.created_at,
+        email: settings.email,
+        avatar_url: settings.avatar_url,
+        oauth_providers: settings.oauth_providers,
     }))
 }
 
@@ -637,17 +569,12 @@ pub async fn issue_api_key(
     let key_prefix = service::key_prefix(&new_key);
     let key_id = Uuid::new_v4().to_string();
 
-    let conn = db.conn();
-    sq_execute(
-        &conn,
-        dbq::api_keys::move_active_to_grace(&user.user_id, &grace_until),
-    )
-    .map_err(ApiErr::from_db("issue api key move old keys"))?;
-    sq_execute(
-        &conn,
-        dbq::api_keys::insert_active(&key_id, &user.user_id, &key_hash, &key_prefix),
-    )
-    .map_err(ApiErr::from_db("issue api key insert"))?;
+    db.move_active_api_keys_to_grace(&user.user_id, &grace_until)
+        .await
+        .map_err(ApiErr::from_db("issue api key move old keys"))?;
+    db.insert_active_api_key(&key_id, &user.user_id, &key_hash, &key_prefix)
+        .await
+        .map_err(ApiErr::from_db("issue api key insert"))?;
 
     Ok(Json(IssueApiKeyResponse { api_key: new_key }))
 }
@@ -741,24 +668,10 @@ pub async fn list_git_credentials(
     State(db): State<Db>,
     user: AuthUser,
 ) -> Result<Json<ListGitCredentialsResponse>, ApiErr> {
-    let conn = db.conn();
-    let credentials = sq_query_map(
-        &conn,
-        dbq::git_credentials::list_by_user(&user.user_id),
-        |row| {
-            Ok(GitCredentialSummary {
-                id: row.get(0)?,
-                label: row.get(1)?,
-                host: row.get(2)?,
-                path_prefix: row.get(3)?,
-                header_name: row.get(4)?,
-                created_at: row.get(5)?,
-                updated_at: row.get(6)?,
-                last_used_at: row.get(7)?,
-            })
-        },
-    )
-    .map_err(ApiErr::from_db("list git credentials"))?;
+    let credentials = db
+        .list_git_credentials(&user.user_id)
+        .await
+        .map_err(ApiErr::from_db("list git credentials"))?;
 
     Ok(Json(ListGitCredentialsResponse { credentials }))
 }
@@ -794,39 +707,22 @@ pub async fn create_git_credential(
     let header_value_enc = keyring.encrypt(header_value).map_err(ApiErr::from)?;
 
     let id = Uuid::new_v4().to_string();
-    let conn = db.conn();
-    sq_execute(
-        &conn,
-        dbq::git_credentials::insert(
-            &id,
-            &user.user_id,
-            &label,
-            &host,
-            &path_prefix,
-            &header_name,
-            &header_value_enc,
-        ),
-    )
+    db.insert_git_credential(NewGitCredentialRecord {
+        id: id.clone(),
+        user_id: user.user_id.clone(),
+        label,
+        host,
+        path_prefix,
+        header_name,
+        header_value_enc,
+    })
+    .await
     .map_err(ApiErr::from_db("create git credential"))?;
 
-    let created = sq_query_row(
-        &conn,
-        dbq::git_credentials::get_by_id_and_user(&id, &user.user_id),
-        |row| {
-            let current_id: String = row.get(0)?;
-            Ok(GitCredentialSummary {
-                id: current_id,
-                label: row.get(1)?,
-                host: row.get(2)?,
-                path_prefix: row.get(3)?,
-                header_name: row.get(4)?,
-                created_at: row.get(5)?,
-                updated_at: row.get(6)?,
-                last_used_at: row.get(7)?,
-            })
-        },
-    )
-    .map_err(ApiErr::from_db("reload git credential"))?;
+    let created = db
+        .get_git_credential_by_id_and_user(&id, &user.user_id)
+        .await
+        .map_err(ApiErr::from_db("reload git credential"))?;
 
     Ok((StatusCode::CREATED, Json(created)))
 }
@@ -840,12 +736,10 @@ pub async fn delete_git_credential(
     user: AuthUser,
 ) -> Result<Json<OkResponse>, ApiErr> {
     enforce_csrf_if_cookie_auth(&headers, &config, user.auth_via_cookie)?;
-    let conn = db.conn();
-    let affected = sq_execute(
-        &conn,
-        dbq::git_credentials::delete_by_id_and_user(id.as_str(), &user.user_id),
-    )
-    .map_err(ApiErr::from_db("delete git credential"))?;
+    let affected = db
+        .delete_git_credential_by_id_and_user(id.as_str(), &user.user_id)
+        .await
+        .map_err(ApiErr::from_db("delete git credential"))?;
 
     if affected == 0 {
         return Err(ApiErr::not_found("credential not found"));
diff --git a/crates/server/src/routes/ingest/auth.rs b/crates/server/src/routes/ingest/auth.rs
index 46564cee..a75ef2d7 100644
--- a/crates/server/src/routes/ingest/auth.rs
+++ b/crates/server/src/routes/ingest/auth.rs
@@ -1,7 +1,7 @@
-use opensession_api::{db as dbq, parse_preview_source::GitSource};
+use opensession_api::parse_preview_source::GitSource;
 
 use crate::AppConfig;
-use crate::storage::{Db, sq_query_map, sq_query_row};
+use crate::storage::Db;
 
 use super::errors::PreviewRouteError;
 use super::remote::{
@@ -9,12 +9,13 @@ use super::remote::{
     validate_remote_url,
 };
 
-pub(super) fn resolve_optional_user_id(
+pub(super) async fn resolve_optional_user_id(
     headers: &axum::http::HeaderMap,
     db: &Db,
     config: &AppConfig,
 ) -> Result<Option<String>, PreviewRouteError> {
     super::super::auth::try_auth_from_headers(headers, db, config)
+        .await
         .map(|user| user.map(|row| row.user_id))
         .map_err(|_| PreviewRouteError::unauthorized("invalid authorization token"))
 }
@@ -35,7 +36,7 @@ pub(super) struct GitFetchAuthHeader {
     pub(super) source: GitCredentialSource,
 }
 
-pub(super) fn resolve_fetch_auth_header(
+pub(super) async fn resolve_fetch_auth_header(
     source: &GitSource,
     db: &Db,
     config: &AppConfig,
@@ -54,16 +55,13 @@ pub(super) fn resolve_fetch_auth_header(
         .ok_or_else(|| PreviewRouteError::invalid_source("remote host is required"))?
         .to_ascii_lowercase();
     let repo_path = repo_path_from_remote(&remote)?;
-    let conn = db.conn();
     let gitlab_hosts = configured_gitlab_hosts(config);
 
     if let Some(provider) = provider_for_host(&host, &gitlab_hosts) {
-        let provider_token_enc: Option<String> = sq_query_row(
-            &conn,
-            dbq::oauth_provider_tokens::get_by_user_provider_host(user_id, provider, &host),
-            |row| row.get(1),
-        )
-        .ok();
+        let provider_token_enc = db
+            .get_provider_token_enc(user_id, provider, &host)
+            .await
+            .map_err(|_| PreviewRouteError::fetch_failed("failed loading provider credential"))?;
         if let Some(enc) = provider_token_enc {
             let token = keyring.decrypt(&enc).map_err(|_| {
                 PreviewRouteError::fetch_failed("failed to decrypt provider credential")
@@ -76,32 +74,23 @@ pub(super) fn resolve_fetch_auth_header(
         }
     }
 
-    let manual_rows: Vec<(String, String, String, String)> = sq_query_map(
-        &conn,
-        dbq::git_credentials::list_for_host_with_secret(user_id, &host),
-        |row| {
-            Ok((
-                row.get::<_, String>(0)?,
-                row.get::<_, String>(3)?,
-                row.get::<_, String>(4)?,
-                row.get::<_, String>(5)?,
-            ))
-        },
-    )
-    .map_err(|_| PreviewRouteError::fetch_failed("failed loading git credentials"))?;
+    let manual_rows = db
+        .list_git_credential_secrets_for_host(user_id, &host)
+        .await
+        .map_err(|_| PreviewRouteError::fetch_failed("failed loading git credentials"))?;
 
-    for (credential_id, path_prefix, header_name, secret_enc) in manual_rows {
-        if !path_prefix_matches(&repo_path, &path_prefix) {
+    for row in manual_rows {
+        if !path_prefix_matches(&repo_path, &row.path_prefix) {
             continue;
         }
         let secret = keyring
-            .decrypt(&secret_enc)
+            .decrypt(&row.header_value_enc)
             .map_err(|_| PreviewRouteError::fetch_failed("failed to decrypt git credential"))?;
         return Ok(Some(GitFetchAuthHeader {
-            header_name,
+            header_name: row.header_name,
             header_value: secret,
             source: GitCredentialSource::Manual {
-                credential_id,
+                credential_id: row.credential_id,
                 user_id: user_id.to_string(),
             },
         }));
diff --git a/crates/server/src/routes/ingest/fetch.rs b/crates/server/src/routes/ingest/fetch.rs
index c43daca3..cff85493 100644
--- a/crates/server/src/routes/ingest/fetch.rs
+++ b/crates/server/src/routes/ingest/fetch.rs
@@ -4,7 +4,7 @@ use opensession_api::parse_preview_source::GitSource;
 use reqwest::header::CONTENT_TYPE;
 
 use crate::AppConfig;
-use crate::storage::{Db, sq_execute};
+use crate::storage::Db;
 
 use super::auth::{GitCredentialSource, GitFetchAuthHeader, resolve_fetch_auth_header};
 use super::errors::PreviewRouteError;
@@ -23,7 +23,7 @@ pub(super) async fn fetch_git_source(
     ensure_remote_resolves_public(&remote).await?;
     let gitlab_hosts = configured_gitlab_hosts(config);
     let url = build_git_raw_url(source, &gitlab_hosts)?;
-    let fetch_auth = resolve_fetch_auth_header(source, db, config, user_id)?;
+    let fetch_auth = resolve_fetch_auth_header(source, db, config, user_id).await?;
     let client = reqwest::Client::builder()
         .redirect(reqwest::redirect::Policy::none())
         .timeout(Duration::from_secs(FETCH_TIMEOUT_SECS))
@@ -114,14 +114,9 @@ pub(super) async fn fetch_git_source(
         ..
     }) = fetch_auth
     {
-        let conn = db.conn();
-        let _ = sq_execute(
-            &conn,
-            opensession_api::db::git_credentials::touch_last_used(
-                credential_id.as_str(),
-                user_id.as_str(),
-            ),
-        );
+        let _ = db
+            .touch_git_credential_last_used(credential_id.as_str(), user_id.as_str())
+            .await;
     }
 
     Ok(body.to_vec())
diff --git a/crates/server/src/routes/ingest/mod.rs b/crates/server/src/routes/ingest/mod.rs
index 77b3df8f..a5d05085 100644
--- a/crates/server/src/routes/ingest/mod.rs
+++ b/crates/server/src/routes/ingest/mod.rs
@@ -37,8 +37,9 @@ pub async fn preview(
     headers: HeaderMap,
     Json(req): Json<ParsePreviewRequest>,
 ) -> Result<Json<ParsePreviewResponse>, (StatusCode, Json<ParsePreviewErrorResponse>)> {
-    let user_id =
-        resolve_optional_user_id(&headers, &db, &config).map_err(PreviewRouteError::into_http)?;
+    let user_id = resolve_optional_user_id(&headers, &db, &config)
+        .await
+        .map_err(PreviewRouteError::into_http)?;
     let input =
         prepare_parse_input_with_ctx(req.source, Some(&db), Some(&config), user_id.as_deref())
             .await
diff --git a/crates/server/src/routes/oauth.rs b/crates/server/src/routes/oauth.rs
index 7018e3bd..6473cfe1 100644
--- a/crates/server/src/routes/oauth.rs
+++ b/crates/server/src/routes/oauth.rs
@@ -7,13 +7,13 @@ use axum::{
 use uuid::Uuid;
 
 use opensession_api::{
-    OAuthLinkResponse, crypto, db as dbq,
+    OAuthLinkResponse, crypto,
     oauth::{self, AuthProvidersResponse, OAuthProviderConfig, OAuthProviderInfo},
 };
 
 use super::auth::AuthUser;
 use crate::error::ApiErr;
-use crate::storage::{Db, sq_execute, sq_query_row};
+use crate::storage::Db;
 use crate::{AppConfig, AppState};
 
 // ---------------------------------------------------------------------------
@@ -66,7 +66,7 @@ fn resolve_base_url(headers: &HeaderMap, fallback: &str, prefer_request_host: bo
     }
 }
 
-fn maybe_store_provider_access_token(
+async fn maybe_store_provider_access_token(
     db: &Db,
     config: &AppConfig,
     user_id: &str,
@@ -79,18 +79,14 @@ fn maybe_store_provider_access_token(
     let provider_host = oauth_provider_host(provider)?;
     let encrypted = keyring.encrypt(access_token).map_err(ApiErr::from)?;
     let token_id = Uuid::new_v4().to_string();
-    let conn = db.conn();
-    sq_execute(
-        &conn,
-        dbq::oauth_provider_tokens::upsert_access_token(
-            &token_id,
-            user_id,
-            &provider.id,
-            &provider_host,
-            &encrypted,
-            None,
-        ),
+    db.upsert_oauth_provider_access_token(
+        &token_id,
+        user_id,
+        &provider.id,
+        &provider_host,
+        &encrypted,
     )
+    .await
     .map_err(ApiErr::from_db("oauth provider token upsert"))?;
     Ok(())
 }
@@ -145,12 +141,9 @@ pub async fn redirect(
         .format("%Y-%m-%d %H:%M:%S")
         .to_string();
 
-    let conn = db.conn();
-    sq_execute(
-        &conn,
-        dbq::oauth::insert_state(&state, &provider_id, &expires_at, None),
-    )
-    .map_err(ApiErr::from_db("oauth state insert"))?;
+    db.insert_oauth_state(&state, &provider_id, &expires_at, None)
+        .await
+        .map_err(ApiErr::from_db("oauth state insert"))?;
 
     let base_url = resolve_base_url(&headers, &config.base_url, config.oauth_use_request_host);
     let redirect_uri = format!("{}/api/auth/oauth/{}/callback", base_url, provider_id);
@@ -183,32 +176,19 @@ pub async fn callback(
         .ok_or_else(|| ApiErr::bad_request("missing state parameter"))?;
 
     // Validate state (scope the MutexGuard so it's dropped before await)
-    let (_state_provider, linking_user_id) = {
-        let conn = db.conn();
-        let state_row = sq_query_row(&conn, dbq::oauth::validate_state(state_param), |row| {
-            Ok((
-                row.get::<_, String>(1)?,         // provider
-                row.get::<_, String>(2)?,         // expires_at
-                row.get::<_, Option<String>>(3)?, // user_id
-            ))
-        })
+    let state_row = db
+        .validate_oauth_state(state_param)
+        .await
         .map_err(|_| ApiErr::bad_request("invalid OAuth state"))?;
-
-        let (sp, expires_at, lu) = state_row;
-
-        if sp != provider_id {
-            return Err(ApiErr::bad_request("OAuth state provider mismatch"));
-        }
-
-        let now = chrono::Utc::now().format("%Y-%m-%d %H:%M:%S").to_string();
-        if expires_at < now {
-            return Err(ApiErr::bad_request("OAuth state expired"));
-        }
-
-        // Delete used state
-        sq_execute(&conn, dbq::oauth::delete_state(state_param)).ok();
-        (sp, lu)
-    }; // conn dropped here, before any .await
+    if state_row.provider != provider_id {
+        return Err(ApiErr::bad_request("OAuth state provider mismatch"));
+    }
+    let now = chrono::Utc::now().format("%Y-%m-%d %H:%M:%S").to_string();
+    if state_row.expires_at < now {
+        return Err(ApiErr::bad_request("OAuth state expired"));
+    }
+    db.delete_oauth_state(state_param).await.ok();
+    let linking_user_id = state_row.user_id;
 
     // Exchange code for access token
     let redirect_uri = format!("{}/api/auth/oauth/{}/callback", base_url, provider_id);
@@ -280,17 +260,13 @@ pub async fn callback(
     let user_info =
         oauth::extract_user_info(provider, &userinfo, emails.as_deref()).map_err(ApiErr::from)?;
 
-    let conn = db.conn();
-
     // ── Linking mode ──
     if let Some(ref link_uid) = linking_user_id {
         // Check if this provider identity is already linked to another account
-        let existing_user: Option<String> = sq_query_row(
-            &conn,
-            dbq::oauth::find_by_provider(&provider_id, &user_info.provider_user_id),
-            |row| row.get(0),
-        )
-        .ok();
+        let existing_user = db
+            .find_oauth_user_id_by_provider(&provider_id, &user_info.provider_user_id)
+            .await
+            .map_err(ApiErr::from_db("oauth link lookup"))?;
 
         if let Some(ref existing) = existing_user {
             if existing != link_uid {
@@ -302,19 +278,16 @@ pub async fn callback(
             }
         }
 
-        sq_execute(
-            &conn,
-            dbq::oauth::upsert_identity(
-                link_uid,
-                &provider_id,
-                &user_info.provider_user_id,
-                Some(&user_info.username),
-                user_info.avatar_url.as_deref(),
-                None,
-            ),
+        db.upsert_oauth_identity(
+            link_uid,
+            &provider_id,
+            &user_info.provider_user_id,
+            Some(&user_info.username),
+            user_info.avatar_url.as_deref(),
         )
+        .await
         .map_err(ApiErr::from_db("oauth link upsert"))?;
-        maybe_store_provider_access_token(&db, &config, link_uid, provider, &access_token)?;
+        maybe_store_provider_access_token(&db, &config, link_uid, provider, &access_token).await?;
 
         return Ok(
             Redirect::temporary(&format!("{}/settings?oauth_linked=true", base_url))
@@ -325,57 +298,45 @@ pub async fn callback(
     // ── Normal login/register flow ──
 
     // Check if OAuth identity already exists
-    let existing_user_id: Option<String> = sq_query_row(
-        &conn,
-        dbq::oauth::find_by_provider(&provider_id, &user_info.provider_user_id),
-        |row| row.get(0),
-    )
-    .ok();
+    let existing_user_id = db
+        .find_oauth_user_id_by_provider(&provider_id, &user_info.provider_user_id)
+        .await
+        .map_err(ApiErr::from_db("oauth identity lookup"))?;
 
     let (user_id, nickname) = if let Some(uid) = existing_user_id {
         // Update provider info
-        sq_execute(
-            &conn,
-            dbq::oauth::upsert_identity(
-                &uid,
-                &provider_id,
-                &user_info.provider_user_id,
-                Some(&user_info.username),
-                user_info.avatar_url.as_deref(),
-                None,
-            ),
+        db.upsert_oauth_identity(
+            &uid,
+            &provider_id,
+            &user_info.provider_user_id,
+            Some(&user_info.username),
+            user_info.avatar_url.as_deref(),
         )
+        .await
         .ok();
 
-        let nick: String = sq_query_row(
-            &conn,
-            dbq::users::get_by_id(&uid),
-            |row| row.get(1), // col 1 = nickname
-        )
-        .unwrap_or_else(|_| user_info.username.clone());
+        let nick = db
+            .get_user_nickname(&uid)
+            .await
+            .unwrap_or_else(|_| user_info.username.clone());
 
         (uid, nick)
     } else {
         // Check if email matches existing user (auto-link)
-        let by_email = user_info.email.as_ref().and_then(|email| {
-            sq_query_row(&conn, dbq::users::get_by_email_for_login(email), |row| {
-                Ok((row.get::<_, String>(0)?, row.get::<_, String>(1)?))
-            })
-            .ok()
-        });
+        let by_email = match user_info.email.as_deref() {
+            Some(email) => db.get_user_id_and_nickname_by_email(email).await.ok(),
+            None => None,
+        };
 
         if let Some((uid, nick)) = by_email {
-            sq_execute(
-                &conn,
-                dbq::oauth::upsert_identity(
-                    &uid,
-                    &provider_id,
-                    &user_info.provider_user_id,
-                    Some(&user_info.username),
-                    user_info.avatar_url.as_deref(),
-                    None,
-                ),
+            db.upsert_oauth_identity(
+                &uid,
+                &provider_id,
+                &user_info.provider_user_id,
+                Some(&user_info.username),
+                user_info.avatar_url.as_deref(),
             )
+            .await
             .ok();
             (uid, nick)
         } else {
@@ -384,33 +345,28 @@ pub async fn callback(
             let username = user_info.username.clone();
 
             // OAuth users have no password — insert with email but empty hash/salt
-            sq_execute(
-                &conn,
-                dbq::users::insert_oauth(&user_id, &username, user_info.email.as_deref()),
-            )
-            .map_err(ApiErr::from_db("create user from oauth"))?;
-
-            sq_execute(
-                &conn,
-                dbq::oauth::upsert_identity(
-                    &user_id,
-                    &provider_id,
-                    &user_info.provider_user_id,
-                    Some(&user_info.username),
-                    user_info.avatar_url.as_deref(),
-                    None,
-                ),
+            db.insert_oauth_user(&user_id, &username, user_info.email.as_deref())
+                .await
+                .map_err(ApiErr::from_db("create user from oauth"))?;
+
+            db.upsert_oauth_identity(
+                &user_id,
+                &provider_id,
+                &user_info.provider_user_id,
+                Some(&user_info.username),
+                user_info.avatar_url.as_deref(),
             )
+            .await
             .map_err(ApiErr::from_db("oauth identity insert"))?;
 
             (user_id, username)
         }
     };
-    drop(conn);
-    maybe_store_provider_access_token(&db, &config, &user_id, provider, &access_token)?;
+    maybe_store_provider_access_token(&db, &config, &user_id, provider, &access_token).await?;
 
     // Issue tokens
-    let tokens = super::auth::issue_tokens_pub(&db, &config.jwt_secret, &user_id, &nickname)?;
+    let tokens =
+        super::auth::issue_tokens_pub(&db, &config.jwt_secret, &user_id, &nickname).await?;
 
     // Redirect to frontend without exposing tokens in URL fragments.
     let redirect_url = format!("{}/auth/callback", base_url);
@@ -444,14 +400,10 @@ pub async fn link(
     }
 
     // Check if already linked
-    let conn = db.conn();
-    let count: i64 = sq_query_row(
-        &conn,
-        dbq::oauth::has_provider(&user.user_id, &provider_id),
-        |row| row.get(0),
-    )
-    .unwrap_or(0);
-    let already = count > 0;
+    let already = db
+        .user_has_oauth_provider(&user.user_id, &provider_id)
+        .await
+        .unwrap_or(false);
     if already {
         return Err(ApiErr::conflict(format!(
             "{} account already linked",
@@ -464,11 +416,9 @@ pub async fn link(
         .format("%Y-%m-%d %H:%M:%S")
         .to_string();
 
-    sq_execute(
-        &conn,
-        dbq::oauth::insert_state(&state, &provider_id, &expires_at, Some(&user.user_id)),
-    )
-    .map_err(ApiErr::from_db("oauth state insert for link"))?;
+    db.insert_oauth_state(&state, &provider_id, &expires_at, Some(&user.user_id))
+        .await
+        .map_err(ApiErr::from_db("oauth state insert for link"))?;
 
     let base_url = resolve_base_url(&headers, &config.base_url, config.oauth_use_request_host);
     let redirect_uri = format!("{}/api/auth/oauth/{}/callback", base_url, provider_id);
diff --git a/crates/server/src/routes/sessions.rs b/crates/server/src/routes/sessions.rs
index fa077e97..07c3b03b 100644
--- a/crates/server/src/routes/sessions.rs
+++ b/crates/server/src/routes/sessions.rs
@@ -6,14 +6,13 @@ use axum::{
 };
 
 use opensession_api::{
-    LinkType, SessionDetail, SessionLink, SessionListQuery, SessionListResponse,
-    SessionRepoListResponse, SessionSummary, db,
+    SessionDetail, SessionListQuery, SessionListResponse, SessionRepoListResponse,
 };
 
 use crate::AppConfig;
 use crate::error::ApiErr;
 use crate::routes::auth::AuthUser;
-use crate::storage::{Db, session_from_row, sq_query_map, sq_query_row};
+use crate::storage::Db;
 
 const PUBLIC_LIST_CACHE_CONTROL: &str = "public, max-age=30, stale-while-revalidate=60";
 
@@ -61,24 +60,12 @@ pub async fn list_sessions(
         ));
     }
 
-    let built = db::sessions::list(&q);
-    let conn = db.conn();
-
-    // Count total
-    let total: i64 = sq_query_row(&conn, built.count_query, |row| row.get(0))
-        .map_err(ApiErr::from_db("count sessions"))?;
-
-    // Fetch page
-    let sessions: Vec<SessionSummary> = sq_query_map(&conn, built.select_query, session_from_row)
+    let payload: SessionListResponse = db
+        .list_sessions(&q)
+        .await
         .map_err(ApiErr::from_db("list sessions"))?;
 
-    let mut resp = Json(SessionListResponse {
-        sessions,
-        total,
-        page: built.page,
-        per_page: built.per_page,
-    })
-    .into_response();
+    let mut resp = Json(payload).into_response();
 
     let has_session_cookie = headers
         .get(header::COOKIE)
@@ -111,8 +98,9 @@ pub async fn list_session_repos(
         ));
     }
 
-    let conn = db.conn();
-    let repos: Vec<String> = sq_query_map(&conn, db::sessions::list_repo_names(), |row| row.get(0))
+    let repos = db
+        .list_session_repos()
+        .await
         .map_err(ApiErr::from_db("list session repos"))?;
 
     Ok(Json(SessionRepoListResponse { repos }))
@@ -127,34 +115,12 @@ pub async fn get_session(
     State(db): State<Db>,
     Path(id): Path<String>,
 ) -> Result<Json<SessionDetail>, ApiErr> {
-    let conn = db.conn();
-
-    let summary: SessionSummary =
-        sq_query_row(&conn, db::sessions::get_by_id(&id), session_from_row)
-            .map_err(|_| ApiErr::not_found("session not found"))?;
-
-    // Fetch linked sessions
-    let linked_sessions: Vec<SessionLink> =
-        sq_query_map(&conn, db::sessions::links_by_session(&id), |row| {
-            let lt: String = row.get(2)?;
-            Ok(SessionLink {
-                session_id: row.get(0)?,
-                linked_session_id: row.get(1)?,
-                link_type: match lt.as_str() {
-                    "related" => LinkType::Related,
-                    "parent" => LinkType::Parent,
-                    "child" => LinkType::Child,
-                    _ => LinkType::Handoff,
-                },
-                created_at: row.get(3)?,
-            })
-        })
-        .map_err(ApiErr::from_db("query session_links"))?;
-
-    Ok(Json(SessionDetail {
-        summary,
-        linked_sessions,
-    }))
+    let detail: SessionDetail = db
+        .get_session_detail(&id)
+        .await
+        .map_err(|_| ApiErr::not_found("session not found"))?;
+
+    Ok(Json(detail))
 }
 
 // ---------------------------------------------------------------------------
@@ -166,17 +132,12 @@ pub async fn get_session_raw(
     State(db): State<Db>,
     Path(id): Path<String>,
 ) -> Result<axum::response::Response, ApiErr> {
-    let conn = db.conn();
-
-    let (body_storage_key, body_url): (String, Option<String>) =
-        sq_query_row(&conn, db::sessions::get_storage_info(&id), |row| {
-            Ok((row.get(0)?, row.get(1)?))
-        })
+    let info = db
+        .get_session_storage_info(&id)
+        .await
         .map_err(|_| ApiErr::not_found("session not found"))?;
 
-    drop(conn);
-
-    match resolve_raw_body_source(body_storage_key, body_url)? {
+    match resolve_raw_body_source(info.body_storage_key, info.body_url)? {
         RawBodySource::RedirectUrl(url) => {
             let location = HeaderValue::from_str(&url)
                 .map_err(|_| ApiErr::internal("invalid session body URL"))?;
@@ -185,7 +146,7 @@ pub async fn get_session_raw(
             Ok(response)
         }
         RawBodySource::LocalStorage(storage_key) => {
-            let body = db.read_body(&storage_key).map_err(|e| {
+            let body = db.read_body(&storage_key).await.map_err(|e| {
                 tracing::error!("read body: {e}");
                 ApiErr::internal("failed to read session body")
             })?;
diff --git a/crates/server/src/storage.rs b/crates/server/src/storage.rs
index 70ea926b..fddd0eca 100644
--- a/crates/server/src/storage.rs
+++ b/crates/server/src/storage.rs
@@ -1,52 +1,888 @@
 use anyhow::{Context, Result};
 use rusqlite::Connection;
+use std::fmt;
 use std::path::{Path, PathBuf};
 use std::sync::{Arc, Mutex};
 
-use opensession_api::SessionSummary;
-use opensession_api::db;
+use opensession_api::{
+    GitCredentialSummary, LinkType, SessionDetail, SessionLink, SessionListQuery,
+    SessionListResponse, SessionSummary, db, oauth,
+};
 
-/// Shared database state
+/// Shared database state.
 #[derive(Clone)]
 pub struct Db {
     conn: Arc<Mutex<Connection>>,
     data_dir: PathBuf,
 }
 
+#[derive(Debug)]
+pub enum StorageError {
+    Sqlite(rusqlite::Error),
+    Join(tokio::task::JoinError),
+    Poisoned,
+}
+
+impl StorageError {
+    pub fn is_constraint_violation(&self) -> bool {
+        matches!(
+            self,
+            Self::Sqlite(rusqlite::Error::SqliteFailure(err, _))
+                if err.code == rusqlite::ErrorCode::ConstraintViolation
+        )
+    }
+}
+
+impl fmt::Display for StorageError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::Sqlite(err) => write!(f, "{err}"),
+            Self::Join(err) => write!(f, "database worker join failed: {err}"),
+            Self::Poisoned => write!(f, "database mutex poisoned"),
+        }
+    }
+}
+
+impl std::error::Error for StorageError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        match self {
+            Self::Sqlite(err) => Some(err),
+            Self::Join(err) => Some(err),
+            Self::Poisoned => None,
+        }
+    }
+}
+
+impl From<rusqlite::Error> for StorageError {
+    fn from(value: rusqlite::Error) -> Self {
+        Self::Sqlite(value)
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct AuthUserRecord {
+    pub user_id: String,
+    pub nickname: String,
+    pub email: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub struct LoginUserRecord {
+    pub user_id: String,
+    pub nickname: String,
+    pub password_hash: Option<String>,
+    pub password_salt: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub struct RefreshTokenRecord {
+    pub token_id: String,
+    pub user_id: String,
+    pub expires_at: String,
+    pub nickname: String,
+}
+
+#[derive(Debug, Clone)]
+pub struct PasswordFields {
+    pub password_hash: Option<String>,
+    pub password_salt: Option<String>,
+}
+
+#[derive(Debug)]
+pub struct UserSettingsData {
+    pub email: Option<String>,
+    pub avatar_url: Option<String>,
+    pub oauth_providers: Vec<oauth::LinkedProvider>,
+    pub created_at: String,
+}
+
+#[derive(Debug, Clone)]
+pub struct SessionStorageInfo {
+    pub body_storage_key: String,
+    pub body_url: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub struct OAuthStateRecord {
+    pub provider: String,
+    pub expires_at: String,
+    pub user_id: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub struct GitCredentialSecretRecord {
+    pub credential_id: String,
+    pub path_prefix: String,
+    pub header_name: String,
+    pub header_value_enc: String,
+}
+
+#[derive(Debug, Clone)]
+pub struct NewGitCredentialRecord {
+    pub id: String,
+    pub user_id: String,
+    pub label: String,
+    pub host: String,
+    pub path_prefix: String,
+    pub header_name: String,
+    pub header_value_enc: String,
+}
+
 impl Db {
-    pub fn conn(&self) -> std::sync::MutexGuard<'_, Connection> {
-        self.conn.lock().expect("database mutex poisoned")
+    async fn with_conn<T, F>(&self, op: F) -> std::result::Result<T, StorageError>
+    where
+        T: Send + 'static,
+        F: FnOnce(&Connection) -> rusqlite::Result<T> + Send + 'static,
+    {
+        let conn = Arc::clone(&self.conn);
+        tokio::task::spawn_blocking(move || {
+            let conn = conn.lock().map_err(|_| StorageError::Poisoned)?;
+            op(&conn).map_err(StorageError::from)
+        })
+        .await
+        .map_err(StorageError::Join)?
     }
 
-    /// Path to the session body storage directory
-    pub fn bodies_dir(&self) -> PathBuf {
+    fn bodies_dir(&self) -> PathBuf {
         self.data_dir.join("bodies")
     }
 
-    /// Write a session body as HAIL JSONL to disk, return the storage key
-    pub fn write_body(&self, session_id: &str, data: &[u8]) -> Result<String> {
+    /// Write a session body as HAIL JSONL to disk, return the storage key.
+    pub async fn write_body(&self, session_id: &str, data: &[u8]) -> Result<String> {
         let dir = self.bodies_dir();
-        std::fs::create_dir_all(&dir)?;
+        tokio::fs::create_dir_all(&dir).await?;
         let key = format!("{session_id}.hail.jsonl");
         let path = dir.join(&key);
-        std::fs::write(&path, data).context("writing session body")?;
+        tokio::fs::write(&path, data)
+            .await
+            .context("writing session body")?;
         Ok(key)
     }
 
-    /// Read a session body from disk
-    pub fn read_body(&self, storage_key: &str) -> Result<Vec<u8>> {
+    /// Read a session body from disk.
+    pub async fn read_body(&self, storage_key: &str) -> Result<Vec<u8>> {
         let path = self.bodies_dir().join(storage_key);
-        std::fs::read(&path).context("reading session body")
+        tokio::fs::read(&path).await.context("reading session body")
+    }
+
+    pub async fn list_sessions(
+        &self,
+        query: &SessionListQuery,
+    ) -> std::result::Result<SessionListResponse, StorageError> {
+        let query = SessionListQuery {
+            page: query.page,
+            per_page: query.per_page,
+            search: query.search.clone(),
+            tool: query.tool.clone(),
+            git_repo_name: query.git_repo_name.clone(),
+            sort: query.sort.clone(),
+            time_range: query.time_range.clone(),
+        };
+        self.with_conn(move |conn| {
+            let built = db::sessions::list(&query);
+            let total: i64 = sq_query_row(conn, built.count_query, |row| row.get(0))?;
+            let sessions = sq_query_map(conn, built.select_query, session_from_row)?;
+            Ok(SessionListResponse {
+                sessions,
+                total,
+                page: built.page,
+                per_page: built.per_page,
+            })
+        })
+        .await
+    }
+
+    pub async fn list_session_repos(&self) -> std::result::Result<Vec<String>, StorageError> {
+        self.with_conn(move |conn| {
+            sq_query_map(conn, db::sessions::list_repo_names(), |row| row.get(0))
+        })
+        .await
+    }
+
+    pub async fn get_session_detail(
+        &self,
+        id: &str,
+    ) -> std::result::Result<SessionDetail, StorageError> {
+        let id = id.to_string();
+        self.with_conn(move |conn| {
+            let summary = sq_query_row(conn, db::sessions::get_by_id(&id), session_from_row)?;
+            let linked_sessions = sq_query_map(conn, db::sessions::links_by_session(&id), |row| {
+                let link_type: String = row.get(2)?;
+                Ok(SessionLink {
+                    session_id: row.get(0)?,
+                    linked_session_id: row.get(1)?,
+                    link_type: match link_type.as_str() {
+                        "related" => LinkType::Related,
+                        "parent" => LinkType::Parent,
+                        "child" => LinkType::Child,
+                        _ => LinkType::Handoff,
+                    },
+                    created_at: row.get(3)?,
+                })
+            })?;
+            Ok(SessionDetail {
+                summary,
+                linked_sessions,
+            })
+        })
+        .await
+    }
+
+    pub async fn get_session_storage_info(
+        &self,
+        id: &str,
+    ) -> std::result::Result<SessionStorageInfo, StorageError> {
+        let id = id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::sessions::get_storage_info(&id), |row| {
+                Ok(SessionStorageInfo {
+                    body_storage_key: row.get(0)?,
+                    body_url: row.get(1)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn delete_session(&self, id: &str) -> std::result::Result<bool, StorageError> {
+        let id = id.to_string();
+        self.with_conn(move |conn| {
+            let exists = match sq_query_row(conn, db::sessions::get_by_id(&id), |_row| Ok(())) {
+                Ok(()) => true,
+                Err(rusqlite::Error::QueryReturnedNoRows) => false,
+                Err(err) => return Err(err),
+            };
+            if !exists {
+                return Ok(false);
+            }
+
+            sq_execute(conn, db::sessions::delete_links(&id))?;
+            sq_execute(conn, db::sessions::delete(&id))?;
+            let _ = sq_execute(conn, db::sessions::delete_fts(&id));
+            Ok(true)
+        })
+        .await
+    }
+
+    pub async fn get_auth_user_by_api_key_hash(
+        &self,
+        key_hash: &str,
+    ) -> std::result::Result<AuthUserRecord, StorageError> {
+        let key_hash = key_hash.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(
+                conn,
+                db::api_keys::get_user_by_valid_key_hash(&key_hash),
+                |row| {
+                    Ok(AuthUserRecord {
+                        user_id: row.get(0)?,
+                        nickname: row.get(1)?,
+                        email: row.get(2)?,
+                    })
+                },
+            )
+        })
+        .await
+    }
+
+    pub async fn get_auth_user_by_id(
+        &self,
+        user_id: &str,
+    ) -> std::result::Result<AuthUserRecord, StorageError> {
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::get_by_id(&user_id), |row| {
+                Ok(AuthUserRecord {
+                    user_id: row.get(0)?,
+                    nickname: row.get(1)?,
+                    email: row.get(2)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn insert_refresh_token(
+        &self,
+        token_id: &str,
+        user_id: &str,
+        token_hash: &str,
+        expires_at: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let token_id = token_id.to_string();
+        let user_id = user_id.to_string();
+        let token_hash = token_hash.to_string();
+        let expires_at = expires_at.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::users::insert_refresh_token(&token_id, &user_id, &token_hash, &expires_at),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn email_exists(&self, email: &str) -> std::result::Result<bool, StorageError> {
+        let email = email.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::email_exists(&email), |row| row.get(0))
+        })
+        .await
+    }
+
+    pub async fn insert_user_with_email(
+        &self,
+        user_id: &str,
+        nickname: &str,
+        email: &str,
+        password_hash: &str,
+        password_salt: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let user_id = user_id.to_string();
+        let nickname = nickname.to_string();
+        let email = email.to_string();
+        let password_hash = password_hash.to_string();
+        let password_salt = password_salt.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::users::insert_with_email(
+                    &user_id,
+                    &nickname,
+                    &email,
+                    &password_hash,
+                    &password_salt,
+                ),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn get_login_user(
+        &self,
+        email: &str,
+    ) -> std::result::Result<LoginUserRecord, StorageError> {
+        let email = email.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::get_by_email_for_login(&email), |row| {
+                Ok(LoginUserRecord {
+                    user_id: row.get(0)?,
+                    nickname: row.get(1)?,
+                    password_hash: row.get(2)?,
+                    password_salt: row.get(3)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn get_user_id_and_nickname_by_email(
+        &self,
+        email: &str,
+    ) -> std::result::Result<(String, String), StorageError> {
+        let email = email.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::get_by_email_for_login(&email), |row| {
+                Ok((row.get(0)?, row.get(1)?))
+            })
+        })
+        .await
+    }
+
+    pub async fn lookup_refresh_token(
+        &self,
+        token_hash: &str,
+    ) -> std::result::Result<RefreshTokenRecord, StorageError> {
+        let token_hash = token_hash.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::lookup_refresh_token(&token_hash), |row| {
+                Ok(RefreshTokenRecord {
+                    token_id: row.get(0)?,
+                    user_id: row.get(1)?,
+                    expires_at: row.get(2)?,
+                    nickname: row.get(3)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn delete_refresh_token_by_id(
+        &self,
+        token_id: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let token_id = token_id.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(conn, db::users::delete_refresh_token_by_id(&token_id))?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn delete_refresh_token(
+        &self,
+        token_hash: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let token_hash = token_hash.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(conn, db::users::delete_refresh_token(&token_hash))?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn get_password_fields(
+        &self,
+        user_id: &str,
+    ) -> std::result::Result<PasswordFields, StorageError> {
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::get_password_fields(&user_id), |row| {
+                Ok(PasswordFields {
+                    password_hash: row.get(0)?,
+                    password_salt: row.get(1)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn update_password(
+        &self,
+        user_id: &str,
+        password_hash: &str,
+        password_salt: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let user_id = user_id.to_string();
+        let password_hash = password_hash.to_string();
+        let password_salt = password_salt.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::users::update_password(&user_id, &password_hash, &password_salt),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn get_user_settings_data(
+        &self,
+        user_id: &str,
+    ) -> std::result::Result<UserSettingsData, StorageError> {
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            let (email, avatar_url) =
+                sq_query_row(conn, db::users::get_email_avatar(&user_id), |row| {
+                    Ok((row.get(0)?, row.get(1)?))
+                })?;
+
+            let oauth_providers = sq_query_map(conn, db::oauth::find_by_user(&user_id), |row| {
+                let provider: String = row.get(1)?;
+                Ok(oauth::LinkedProvider {
+                    provider: provider.clone(),
+                    provider_username: row.get::<_, Option<String>>(3)?.unwrap_or_default(),
+                    display_name: match provider.as_str() {
+                        "github" => "GitHub".to_string(),
+                        "gitlab" => "GitLab".to_string(),
+                        other => other.to_string(),
+                    },
+                })
+            })?;
+
+            let created_at = sq_query_row(conn, db::users::get_settings_fields(&user_id), |row| {
+                row.get(0)
+            })
+            .unwrap_or_default();
+
+            Ok(UserSettingsData {
+                email,
+                avatar_url,
+                oauth_providers,
+                created_at,
+            })
+        })
+        .await
+    }
+
+    pub async fn move_active_api_keys_to_grace(
+        &self,
+        user_id: &str,
+        grace_until: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let user_id = user_id.to_string();
+        let grace_until = grace_until.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::api_keys::move_active_to_grace(&user_id, &grace_until),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn insert_active_api_key(
+        &self,
+        key_id: &str,
+        user_id: &str,
+        key_hash: &str,
+        key_prefix: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let key_id = key_id.to_string();
+        let user_id = user_id.to_string();
+        let key_hash = key_hash.to_string();
+        let key_prefix = key_prefix.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::api_keys::insert_active(&key_id, &user_id, &key_hash, &key_prefix),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn list_git_credentials(
+        &self,
+        user_id: &str,
+    ) -> std::result::Result<Vec<GitCredentialSummary>, StorageError> {
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_map(conn, db::git_credentials::list_by_user(&user_id), |row| {
+                Ok(GitCredentialSummary {
+                    id: row.get(0)?,
+                    label: row.get(1)?,
+                    host: row.get(2)?,
+                    path_prefix: row.get(3)?,
+                    header_name: row.get(4)?,
+                    created_at: row.get(5)?,
+                    updated_at: row.get(6)?,
+                    last_used_at: row.get(7)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn insert_git_credential(
+        &self,
+        record: NewGitCredentialRecord,
+    ) -> std::result::Result<(), StorageError> {
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::git_credentials::insert(
+                    &record.id,
+                    &record.user_id,
+                    &record.label,
+                    &record.host,
+                    &record.path_prefix,
+                    &record.header_name,
+                    &record.header_value_enc,
+                ),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn get_git_credential_by_id_and_user(
+        &self,
+        id: &str,
+        user_id: &str,
+    ) -> std::result::Result<GitCredentialSummary, StorageError> {
+        let id = id.to_string();
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(
+                conn,
+                db::git_credentials::get_by_id_and_user(&id, &user_id),
+                |row| {
+                    Ok(GitCredentialSummary {
+                        id: row.get(0)?,
+                        label: row.get(1)?,
+                        host: row.get(2)?,
+                        path_prefix: row.get(3)?,
+                        header_name: row.get(4)?,
+                        created_at: row.get(5)?,
+                        updated_at: row.get(6)?,
+                        last_used_at: row.get(7)?,
+                    })
+                },
+            )
+        })
+        .await
+    }
+
+    pub async fn delete_git_credential_by_id_and_user(
+        &self,
+        id: &str,
+        user_id: &str,
+    ) -> std::result::Result<usize, StorageError> {
+        let id = id.to_string();
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::git_credentials::delete_by_id_and_user(&id, &user_id),
+            )
+        })
+        .await
+    }
+
+    pub async fn upsert_oauth_provider_access_token(
+        &self,
+        token_id: &str,
+        user_id: &str,
+        provider: &str,
+        provider_host: &str,
+        encrypted_token: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let token_id = token_id.to_string();
+        let user_id = user_id.to_string();
+        let provider = provider.to_string();
+        let provider_host = provider_host.to_string();
+        let encrypted_token = encrypted_token.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::oauth_provider_tokens::upsert_access_token(
+                    &token_id,
+                    &user_id,
+                    &provider,
+                    &provider_host,
+                    &encrypted_token,
+                    None,
+                ),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn insert_oauth_state(
+        &self,
+        state: &str,
+        provider: &str,
+        expires_at: &str,
+        user_id: Option<&str>,
+    ) -> std::result::Result<(), StorageError> {
+        let state = state.to_string();
+        let provider = provider.to_string();
+        let expires_at = expires_at.to_string();
+        let user_id = user_id.map(ToOwned::to_owned);
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::oauth::insert_state(&state, &provider, &expires_at, user_id.as_deref()),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn validate_oauth_state(
+        &self,
+        state: &str,
+    ) -> std::result::Result<OAuthStateRecord, StorageError> {
+        let state = state.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::oauth::validate_state(&state), |row| {
+                Ok(OAuthStateRecord {
+                    provider: row.get(1)?,
+                    expires_at: row.get(2)?,
+                    user_id: row.get(3)?,
+                })
+            })
+        })
+        .await
+    }
+
+    pub async fn delete_oauth_state(&self, state: &str) -> std::result::Result<(), StorageError> {
+        let state = state.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(conn, db::oauth::delete_state(&state))?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn find_oauth_user_id_by_provider(
+        &self,
+        provider: &str,
+        provider_user_id: &str,
+    ) -> std::result::Result<Option<String>, StorageError> {
+        let provider = provider.to_string();
+        let provider_user_id = provider_user_id.to_string();
+        self.with_conn(move |conn| {
+            match sq_query_row(
+                conn,
+                db::oauth::find_by_provider(&provider, &provider_user_id),
+                |row| row.get(0),
+            ) {
+                Ok(user_id) => Ok(Some(user_id)),
+                Err(rusqlite::Error::QueryReturnedNoRows) => Ok(None),
+                Err(err) => Err(err),
+            }
+        })
+        .await
+    }
+
+    pub async fn upsert_oauth_identity(
+        &self,
+        user_id: &str,
+        provider: &str,
+        provider_user_id: &str,
+        provider_username: Option<&str>,
+        avatar_url: Option<&str>,
+    ) -> std::result::Result<(), StorageError> {
+        let user_id = user_id.to_string();
+        let provider = provider.to_string();
+        let provider_user_id = provider_user_id.to_string();
+        let provider_username = provider_username.map(ToOwned::to_owned);
+        let avatar_url = avatar_url.map(ToOwned::to_owned);
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::oauth::upsert_identity(
+                    &user_id,
+                    &provider,
+                    &provider_user_id,
+                    provider_username.as_deref(),
+                    avatar_url.as_deref(),
+                    None,
+                ),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn get_user_nickname(
+        &self,
+        user_id: &str,
+    ) -> std::result::Result<String, StorageError> {
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_query_row(conn, db::users::get_nickname(&user_id), |row| row.get(0))
+        })
+        .await
+    }
+
+    pub async fn insert_oauth_user(
+        &self,
+        user_id: &str,
+        nickname: &str,
+        email: Option<&str>,
+    ) -> std::result::Result<(), StorageError> {
+        let user_id = user_id.to_string();
+        let nickname = nickname.to_string();
+        let email = email.map(ToOwned::to_owned);
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::users::insert_oauth(&user_id, &nickname, email.as_deref()),
+            )?;
+            Ok(())
+        })
+        .await
+    }
+
+    pub async fn user_has_oauth_provider(
+        &self,
+        user_id: &str,
+        provider: &str,
+    ) -> std::result::Result<bool, StorageError> {
+        let user_id = user_id.to_string();
+        let provider = provider.to_string();
+        self.with_conn(move |conn| {
+            let count: i64 =
+                sq_query_row(conn, db::oauth::has_provider(&user_id, &provider), |row| {
+                    row.get(0)
+                })?;
+            Ok(count > 0)
+        })
+        .await
+    }
+
+    pub async fn get_provider_token_enc(
+        &self,
+        user_id: &str,
+        provider: &str,
+        provider_host: &str,
+    ) -> std::result::Result<Option<String>, StorageError> {
+        let user_id = user_id.to_string();
+        let provider = provider.to_string();
+        let provider_host = provider_host.to_string();
+        self.with_conn(move |conn| {
+            match sq_query_row(
+                conn,
+                db::oauth_provider_tokens::get_by_user_provider_host(
+                    &user_id,
+                    &provider,
+                    &provider_host,
+                ),
+                |row| row.get(1),
+            ) {
+                Ok(token) => Ok(Some(token)),
+                Err(rusqlite::Error::QueryReturnedNoRows) => Ok(None),
+                Err(err) => Err(err),
+            }
+        })
+        .await
+    }
+
+    pub async fn list_git_credential_secrets_for_host(
+        &self,
+        user_id: &str,
+        host: &str,
+    ) -> std::result::Result<Vec<GitCredentialSecretRecord>, StorageError> {
+        let user_id = user_id.to_string();
+        let host = host.to_string();
+        self.with_conn(move |conn| {
+            sq_query_map(
+                conn,
+                db::git_credentials::list_for_host_with_secret(&user_id, &host),
+                |row| {
+                    Ok(GitCredentialSecretRecord {
+                        credential_id: row.get(0)?,
+                        path_prefix: row.get(3)?,
+                        header_name: row.get(4)?,
+                        header_value_enc: row.get(5)?,
+                    })
+                },
+            )
+        })
+        .await
+    }
+
+    pub async fn touch_git_credential_last_used(
+        &self,
+        credential_id: &str,
+        user_id: &str,
+    ) -> std::result::Result<(), StorageError> {
+        let credential_id = credential_id.to_string();
+        let user_id = user_id.to_string();
+        self.with_conn(move |conn| {
+            sq_execute(
+                conn,
+                db::git_credentials::touch_last_used(&credential_id, &user_id),
+            )?;
+            Ok(())
+        })
+        .await
     }
 }
 
 // ── sea-query ↔ rusqlite helpers ──────────────────────────────────────────
 
 /// Built query: `(sql, sea_query::Values)`.
-pub type Built = (String, sea_query::Values);
+type Built = (String, sea_query::Values);
 
-/// Convert `sea_query::Values` to boxed rusqlite params.
-pub fn sq_params(values: &sea_query::Values) -> Vec<Box<dyn rusqlite::types::ToSql>> {
+fn sq_params(values: &sea_query::Values) -> Vec<Box<dyn rusqlite::types::ToSql>> {
     values
         .0
         .iter()
@@ -71,29 +907,26 @@ pub fn sq_params(values: &sea_query::Values) -> Vec<Box<dyn rusqlite::types::ToS
         .collect()
 }
 
-/// Execute a built query (INSERT/UPDATE/DELETE).
-pub fn sq_execute(conn: &Connection, (sql, values): Built) -> rusqlite::Result<usize> {
+fn sq_execute(conn: &Connection, (sql, values): Built) -> rusqlite::Result<usize> {
     let params = sq_params(&values);
     let refs: Vec<&dyn rusqlite::types::ToSql> = params.iter().map(|p| p.as_ref()).collect();
     conn.execute(&sql, refs.as_slice())
 }
 
-/// Query a single row from a built query.
-pub fn sq_query_row<T>(
+fn sq_query_row<T>(
     conn: &Connection,
     (sql, values): Built,
-    f: impl FnOnce(&rusqlite::Row) -> rusqlite::Result<T>,
+    f: impl FnOnce(&rusqlite::Row<'_>) -> rusqlite::Result<T>,
 ) -> rusqlite::Result<T> {
     let params = sq_params(&values);
     let refs: Vec<&dyn rusqlite::types::ToSql> = params.iter().map(|p| p.as_ref()).collect();
     conn.query_row(&sql, refs.as_slice(), f)
 }
 
-/// Prepare + query_map from a built query, collecting into a Vec.
-pub fn sq_query_map<T>(
+fn sq_query_map<T>(
     conn: &Connection,
     (sql, values): Built,
-    f: impl FnMut(&rusqlite::Row) -> rusqlite::Result<T>,
+    f: impl FnMut(&rusqlite::Row<'_>) -> rusqlite::Result<T>,
 ) -> rusqlite::Result<Vec<T>> {
     let params = sq_params(&values);
     let refs: Vec<&dyn rusqlite::types::ToSql> = params.iter().map(|p| p.as_ref()).collect();
@@ -102,10 +935,7 @@ pub fn sq_query_map<T>(
     rows.collect()
 }
 
-// ── Row mappers ───────────────────────────────────────────────────────────
-
-/// Map a `session_columns()` row into a `SessionSummary`.
-pub fn session_from_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<SessionSummary> {
+fn session_from_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<SessionSummary> {
     Ok(SessionSummary {
         id: row.get(0)?,
         user_id: row.get(1)?,
@@ -144,13 +974,12 @@ pub fn session_from_row(row: &rusqlite::Row<'_>) -> rusqlite::Result<SessionSumm
 
 // ── Database init ─────────────────────────────────────────────────────────
 
-/// Initialize the database: open connection, enable WAL, run migrations
+/// Initialize the database: open connection, enable WAL, run migrations.
 pub fn init_db(data_dir: &Path) -> Result<Db> {
     std::fs::create_dir_all(data_dir)?;
     let db_path = data_dir.join("opensession.db");
     let conn = Connection::open(&db_path).context("opening SQLite database")?;
 
-    // Enable WAL mode for better concurrent read performance
     conn.execute_batch("PRAGMA journal_mode=WAL;")?;
     conn.execute_batch("PRAGMA foreign_keys=ON;")?;
 
@@ -195,7 +1024,6 @@ fn run_migrations(conn: &Connection) -> Result<()> {
         rebuild_oauth_provider_tokens_table(conn)?;
     }
 
-    // Bootstrap schema is single-file; ensure newer tables also exist for already-initialized DBs.
     conn.execute_batch(
         r#"
 CREATE TABLE IF NOT EXISTS git_credentials (
@@ -271,3 +1099,114 @@ ON oauth_provider_tokens(user_id, provider, provider_host);
     )
     .context("rebuild oauth_provider_tokens table")
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn test_data_dir(name: &str) -> PathBuf {
+        let path = std::env::temp_dir().join(format!(
+            "opensession-server-{name}-{}",
+            uuid::Uuid::new_v4()
+        ));
+        std::fs::create_dir_all(&path).expect("create temp data dir");
+        path
+    }
+
+    fn cleanup_dir(path: &Path) {
+        std::fs::remove_dir_all(path).expect("remove temp data dir");
+    }
+
+    fn insert_test_user(db: &Db, user_id: &str, nickname: &str) {
+        let conn = db.conn.lock().expect("db conn");
+        sq_execute(
+            &conn,
+            db::users::insert_oauth(user_id, nickname, Some("test@example.com")),
+        )
+        .expect("insert test user");
+    }
+
+    fn insert_test_session(db: &Db, session_id: &str, user_id: &str, storage_key: &str) {
+        let conn = db.conn.lock().expect("db conn");
+        let params = db::sessions::InsertParams {
+            id: session_id,
+            user_id,
+            team_id: "team-1",
+            tool: "codex",
+            agent_provider: "openai",
+            agent_model: "gpt-5",
+            title: "Test Session",
+            description: "Description",
+            tags: "test",
+            created_at: "2026-03-09 12:00:00",
+            message_count: 1,
+            task_count: 1,
+            event_count: 1,
+            duration_seconds: 1,
+            total_input_tokens: 1,
+            total_output_tokens: 1,
+            body_storage_key: storage_key,
+            body_url: None,
+            git_remote: Some("https://github.com/hwisu/opensession"),
+            git_branch: Some("main"),
+            git_commit: Some("abc123"),
+            git_repo_name: Some("opensession"),
+            pr_number: None,
+            pr_url: None,
+            working_directory: Some("/tmp"),
+            files_modified: Some("src/lib.rs"),
+            files_read: Some("src/main.rs"),
+            has_errors: false,
+            max_active_agents: 1,
+            session_score: 42,
+            score_plugin: "default",
+        };
+        sq_execute(&conn, db::sessions::insert(&params)).expect("insert test session");
+    }
+
+    #[tokio::test]
+    async fn body_round_trip_uses_async_fs() {
+        let data_dir = test_data_dir("body-round-trip");
+        let db = init_db(&data_dir).expect("init db");
+
+        let key = db
+            .write_body("session-1", b"{\"type\":\"message\"}\n")
+            .await
+            .expect("write body");
+        let body = db.read_body(&key).await.expect("read body");
+
+        assert_eq!(key, "session-1.hail.jsonl");
+        assert_eq!(body, b"{\"type\":\"message\"}\n");
+
+        cleanup_dir(&data_dir);
+    }
+
+    #[tokio::test]
+    async fn concurrent_session_reads_are_serialized_inside_storage() {
+        let data_dir = test_data_dir("concurrent-session-reads");
+        let db = init_db(&data_dir).expect("init db");
+        insert_test_user(&db, "user-1", "tester");
+        insert_test_session(&db, "session-1", "user-1", "session-1.hail.jsonl");
+
+        let query = SessionListQuery {
+            page: 1,
+            per_page: 20,
+            search: None,
+            tool: None,
+            git_repo_name: None,
+            sort: None,
+            time_range: None,
+        };
+
+        let (list_result, detail_result) =
+            tokio::join!(db.list_sessions(&query), db.get_session_detail("session-1"));
+
+        let list_result = list_result.expect("list sessions");
+        let detail_result = detail_result.expect("session detail");
+        assert_eq!(list_result.total, 1);
+        assert_eq!(list_result.sessions.len(), 1);
+        assert_eq!(detail_result.summary.id, "session-1");
+
+        cleanup_dir(&data_dir);
+    }
+}
diff --git a/crates/summary-runtime/Cargo.toml b/crates/summary-runtime/Cargo.toml
new file mode 100644
index 00000000..d66efd30
--- /dev/null
+++ b/crates/summary-runtime/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "opensession-summary-runtime"
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+repository.workspace = true
+homepage.workspace = true
+description = "Runtime adapters for OpenSession semantic summaries"
+
+[lib]
+doctest = false
+
+[lints]
+workspace = true
+
+[dependencies]
+opensession-summary = { workspace = true }
+opensession-runtime-config = { workspace = true }
+opensession-core = { workspace = true }
+serde = { workspace = true }
+reqwest = { workspace = true }
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
diff --git a/crates/summary-runtime/src/lib.rs b/crates/summary-runtime/src/lib.rs
new file mode 100644
index 00000000..39cfb892
--- /dev/null
+++ b/crates/summary-runtime/src/lib.rs
@@ -0,0 +1,74 @@
+mod provider;
+
+pub use provider::{
+    LocalSummaryProfile, detect_local_summary_profile, generate_summary, generate_text,
+};
+
+use opensession_core::trace::Session;
+use opensession_runtime_config::SummarySettings;
+use opensession_summary::git::{GitSummaryContext, GitSummaryService, ShellGitCommandRunner};
+use opensession_summary::{
+    GitSummaryRequest, SemanticSummaryArtifact, classify_and_summarize_git_context,
+    summarize_session_with_provider,
+};
+use std::path::Path;
+
+fn runtime_generate_summary<'a>(
+    settings: &'a SummarySettings,
+    prompt: &'a str,
+) -> opensession_summary::SummaryGenerateFuture<'a> {
+    Box::pin(provider::generate_summary(settings, prompt))
+}
+
+pub async fn summarize_session(
+    session: &Session,
+    settings: &SummarySettings,
+    git_request: Option<&GitSummaryRequest>,
+) -> Result<SemanticSummaryArtifact, String> {
+    let git_context = if settings.allows_git_changes_fallback() {
+        git_request.and_then(collect_git_context)
+    } else {
+        None
+    };
+
+    summarize_session_with_provider(session, settings, git_context, runtime_generate_summary).await
+}
+
+pub async fn summarize_git_commit(
+    repo_root: &Path,
+    commit: &str,
+    settings: &SummarySettings,
+) -> Result<SemanticSummaryArtifact, String> {
+    let request = GitSummaryRequest::from_commit(repo_root.to_path_buf(), commit.to_string());
+    let context = collect_git_context(&request)
+        .ok_or_else(|| format!("unable to collect git summary context for commit `{commit}`"))?;
+    classify_and_summarize_git_context(context, settings, runtime_generate_summary).await
+}
+
+pub async fn summarize_git_working_tree(
+    repo_root: &Path,
+    settings: &SummarySettings,
+) -> Result<SemanticSummaryArtifact, String> {
+    let request = GitSummaryRequest::working_tree(repo_root.to_path_buf());
+    let context = collect_git_context(&request)
+        .ok_or_else(|| "unable to collect git summary context for working tree".to_string())?;
+    classify_and_summarize_git_context(context, settings, runtime_generate_summary).await
+}
+
+fn collect_git_context(request: &GitSummaryRequest) -> Option<GitSummaryContext> {
+    let service = GitSummaryService::new(ShellGitCommandRunner);
+    if let Some(commit) = request.commit.as_deref() {
+        return service.collect_commit_context(
+            &request.repo_root,
+            commit,
+            opensession_summary::MAX_FILE_CHANGE_ENTRIES,
+            opensession_summary::classify_arch_layer,
+        );
+    }
+
+    service.collect_working_tree_context(
+        &request.repo_root,
+        opensession_summary::MAX_FILE_CHANGE_ENTRIES,
+        opensession_summary::classify_arch_layer,
+    )
+}
diff --git a/crates/summary-runtime/src/provider.rs b/crates/summary-runtime/src/provider.rs
new file mode 100644
index 00000000..13aff3a8
--- /dev/null
+++ b/crates/summary-runtime/src/provider.rs
@@ -0,0 +1,376 @@
+use opensession_runtime_config::{SummaryProvider, SummarySettings};
+use opensession_summary::{SemanticSummary, parse_semantic_summary_or_fallback};
+use serde::{Deserialize, Serialize};
+use std::fs;
+use std::path::PathBuf;
+use std::process::{Command, Output, Stdio};
+use std::thread;
+use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
+
+const DEFAULT_OLLAMA_ENDPOINT: &str = "http://127.0.0.1:11434";
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct LocalSummaryProfile {
+    pub provider: SummaryProvider,
+    pub endpoint: String,
+    pub model: String,
+}
+
+pub fn detect_local_summary_profile() -> Option<LocalSummaryProfile> {
+    first_available_profile([
+        detect_ollama_profile(),
+        detect_codex_exec_profile(),
+        detect_claude_cli_profile(),
+    ])
+}
+
+fn first_available_profile<const N: usize>(
+    profiles: [Option<LocalSummaryProfile>; N],
+) -> Option<LocalSummaryProfile> {
+    profiles.into_iter().flatten().next()
+}
+
+fn detect_ollama_profile() -> Option<LocalSummaryProfile> {
+    let output = Command::new("ollama").arg("list").output().ok()?;
+    if !output.status.success() {
+        return None;
+    }
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    let model = parse_ollama_list_output(&stdout).into_iter().next()?;
+    Some(LocalSummaryProfile {
+        provider: SummaryProvider::Ollama,
+        endpoint: DEFAULT_OLLAMA_ENDPOINT.to_string(),
+        model,
+    })
+}
+
+fn detect_codex_exec_profile() -> Option<LocalSummaryProfile> {
+    if !command_available("codex", &["exec", "--help"]) {
+        return None;
+    }
+    Some(LocalSummaryProfile {
+        provider: SummaryProvider::CodexExec,
+        endpoint: String::new(),
+        model: String::new(),
+    })
+}
+
+fn detect_claude_cli_profile() -> Option<LocalSummaryProfile> {
+    if !command_available("claude", &["--help"]) {
+        return None;
+    }
+    Some(LocalSummaryProfile {
+        provider: SummaryProvider::ClaudeCli,
+        endpoint: String::new(),
+        model: String::new(),
+    })
+}
+
+fn command_available(program: &str, args: &[&str]) -> bool {
+    Command::new(program)
+        .args(args)
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .status()
+        .map(|status| status.success())
+        .unwrap_or(false)
+}
+
+fn parse_ollama_list_output(raw: &str) -> Vec<String> {
+    let mut models = Vec::new();
+    for line in raw.lines() {
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        let lowered = trimmed.to_ascii_lowercase();
+        if lowered.starts_with("name ")
+            || lowered.starts_with("error")
+            || lowered.starts_with("failed")
+        {
+            continue;
+        }
+        let Some(token) = trimmed.split_whitespace().next() else {
+            continue;
+        };
+        let candidate = token.trim().to_string();
+        if candidate.is_empty() || models.contains(&candidate) {
+            continue;
+        }
+        models.push(candidate);
+    }
+    models
+}
+
+#[derive(Debug, Serialize)]
+struct OllamaGenerateRequest<'a> {
+    model: &'a str,
+    prompt: &'a str,
+    stream: bool,
+}
+
+#[derive(Debug, Deserialize)]
+struct OllamaGenerateResponse {
+    response: String,
+}
+
+pub async fn generate_summary(
+    settings: &SummarySettings,
+    prompt: &str,
+) -> Result<SemanticSummary, String> {
+    let raw = generate_text(settings, prompt).await?;
+    Ok(parse_semantic_summary_or_fallback(&raw, settings))
+}
+
+pub async fn generate_text(settings: &SummarySettings, prompt: &str) -> Result<String, String> {
+    if prompt.trim().is_empty() {
+        return Err("summary prompt is empty".to_string());
+    }
+    if !settings.is_configured() {
+        return Err("local summary provider is not configured".to_string());
+    }
+
+    match settings.provider.id {
+        SummaryProvider::Disabled => Err("local summary provider is disabled".to_string()),
+        SummaryProvider::Ollama => generate_text_with_ollama(settings, prompt).await,
+        SummaryProvider::CodexExec => generate_text_with_codex_exec(settings, prompt).await,
+        SummaryProvider::ClaudeCli => generate_text_with_claude_cli(settings, prompt).await,
+    }
+}
+
+async fn generate_text_with_ollama(
+    settings: &SummarySettings,
+    prompt: &str,
+) -> Result<String, String> {
+    let endpoint = if settings.provider.endpoint.trim().is_empty() {
+        DEFAULT_OLLAMA_ENDPOINT
+    } else {
+        settings.provider.endpoint.trim()
+    };
+    let url = format!("{}/api/generate", endpoint.trim_end_matches('/'));
+    let model = settings.provider.model.trim();
+    if model.is_empty() {
+        return Err("ollama model is empty".to_string());
+    }
+
+    let client = reqwest::Client::builder()
+        .connect_timeout(Duration::from_secs(2))
+        .timeout(Duration::from_secs(20))
+        .build()
+        .map_err(|err| format!("failed to build local summary HTTP client: {err}"))?;
+
+    let response = client
+        .post(url)
+        .json(&OllamaGenerateRequest {
+            model,
+            prompt,
+            stream: false,
+        })
+        .send()
+        .await
+        .map_err(|err| format!("failed to call ollama summary API: {err}"))?;
+
+    if !response.status().is_success() {
+        let status = response.status().as_u16();
+        let body = response.text().await.unwrap_or_default();
+        return Err(format!(
+            "ollama summary API returned {status}: {}",
+            body.trim()
+        ));
+    }
+
+    let payload: OllamaGenerateResponse = response
+        .json()
+        .await
+        .map_err(|err| format!("failed to decode ollama summary response: {err}"))?;
+    if payload.response.trim().is_empty() {
+        return Err("ollama summary response was empty".to_string());
+    }
+
+    Ok(payload.response)
+}
+
+async fn generate_text_with_codex_exec(
+    settings: &SummarySettings,
+    prompt: &str,
+) -> Result<String, String> {
+    let output_path = temp_cli_output_path("codex-summary");
+
+    let mut command = Command::new("codex");
+    command
+        .arg("exec")
+        .arg("--skip-git-repo-check")
+        .arg("--sandbox")
+        .arg("read-only")
+        .arg("--output-last-message")
+        .arg(output_path.to_string_lossy().to_string());
+    let model = settings.provider.model.trim();
+    if !model.is_empty() {
+        command.arg("--model").arg(model);
+    }
+    command.arg(prompt);
+
+    let output = run_command_with_timeout(command, Duration::from_secs(60))
+        .map_err(|err| format!("failed to run codex exec summary: {err}"))?;
+
+    let response = read_output_or_stdout(&output_path, &output);
+    if response.trim().is_empty() {
+        return Err("codex exec summary response was empty".to_string());
+    }
+    Ok(response)
+}
+
+async fn generate_text_with_claude_cli(
+    settings: &SummarySettings,
+    prompt: &str,
+) -> Result<String, String> {
+    let model = settings.provider.model.trim().to_string();
+    let timeout = Duration::from_secs(60);
+
+    let mut command = Command::new("claude");
+    command.arg("-c");
+    if !model.is_empty() {
+        command.arg("--model").arg(&model);
+    }
+    command.arg(prompt);
+
+    let output = match run_command_with_timeout(command, timeout) {
+        Ok(output) => output,
+        Err(primary_error) => {
+            let mut fallback = Command::new("claude");
+            fallback
+                .arg("--print")
+                .arg("--output-format")
+                .arg("text")
+                .arg("--no-session-persistence")
+                .arg("--tools")
+                .arg("");
+            if !model.is_empty() {
+                fallback.arg("--model").arg(&model);
+            }
+            fallback.arg(prompt);
+
+            run_command_with_timeout(fallback, timeout).map_err(|fallback_error| {
+                format!(
+                    "failed to run claude summary (`claude -c` => {primary_error}; fallback => {fallback_error})"
+                )
+            })?
+        }
+    };
+
+    let response = String::from_utf8_lossy(&output.stdout).to_string();
+    if response.trim().is_empty() {
+        return Err("claude summary response was empty".to_string());
+    }
+    Ok(response)
+}
+
+fn read_output_or_stdout(path: &PathBuf, output: &Output) -> String {
+    let file_text = fs::read_to_string(path).unwrap_or_default();
+    let _ = fs::remove_file(path);
+    if !file_text.trim().is_empty() {
+        return file_text;
+    }
+    String::from_utf8_lossy(&output.stdout).to_string()
+}
+
+fn temp_cli_output_path(prefix: &str) -> PathBuf {
+    let pid = std::process::id();
+    let timestamp = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .map(|duration| duration.as_nanos())
+        .unwrap_or(0);
+    std::env::temp_dir().join(format!("{prefix}-{pid}-{timestamp}.txt"))
+}
+
+fn run_command_with_timeout(mut command: Command, timeout: Duration) -> Result<Output, String> {
+    command.stdout(Stdio::piped()).stderr(Stdio::piped());
+
+    let program = command.get_program().to_string_lossy().to_string();
+    let mut child = command
+        .spawn()
+        .map_err(|err| format!("failed to spawn `{program}`: {err}"))?;
+    let started = Instant::now();
+
+    loop {
+        match child.try_wait() {
+            Ok(Some(_status)) => {
+                let output = child
+                    .wait_with_output()
+                    .map_err(|err| format!("failed to collect `{program}` output: {err}"))?;
+                if output.status.success() {
+                    return Ok(output);
+                }
+                let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
+                let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
+                let detail = if !stderr.is_empty() {
+                    stderr
+                } else if !stdout.is_empty() {
+                    stdout
+                } else {
+                    format!("exit status {}", output.status)
+                };
+                return Err(format!("`{program}` failed: {detail}"));
+            }
+            Ok(None) => {
+                if started.elapsed() >= timeout {
+                    let _ = child.kill();
+                    let _ = child.wait();
+                    return Err(format!(
+                        "`{program}` timed out after {}s",
+                        timeout.as_secs()
+                    ));
+                }
+                thread::sleep(Duration::from_millis(50));
+            }
+            Err(err) => {
+                return Err(format!("failed while waiting for `{program}`: {err}"));
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::{
+        LocalSummaryProfile, SummaryProvider, first_available_profile, parse_ollama_list_output,
+    };
+
+    #[test]
+    fn parse_ollama_list_output_extracts_model_names() {
+        let output = r#"
+NAME                      ID              SIZE      MODIFIED
+llama3.2:3b               a80c4f17acd5    2.0 GB    3 hours ago
+qwen2.5-coder:7b          2b0496514337    4.7 GB    1 day ago
+"#;
+
+        let models = parse_ollama_list_output(output);
+        assert_eq!(
+            models,
+            vec!["llama3.2:3b".to_string(), "qwen2.5-coder:7b".to_string()]
+        );
+    }
+
+    #[test]
+    fn parse_ollama_list_output_ignores_errors_and_empty_lines() {
+        let output = "\nError: could not connect to ollama\n";
+        assert!(parse_ollama_list_output(output).is_empty());
+    }
+
+    #[test]
+    fn first_available_profile_preserves_provider_priority() {
+        let claude = Some(LocalSummaryProfile {
+            provider: SummaryProvider::ClaudeCli,
+            endpoint: String::new(),
+            model: String::new(),
+        });
+        let codex = Some(LocalSummaryProfile {
+            provider: SummaryProvider::CodexExec,
+            endpoint: String::new(),
+            model: String::new(),
+        });
+
+        let selected = first_available_profile([None, codex.clone(), claude]);
+        assert_eq!(selected, codex);
+    }
+}
diff --git a/crates/summary/Cargo.toml b/crates/summary/Cargo.toml
index f9e53434..a561d204 100644
--- a/crates/summary/Cargo.toml
+++ b/crates/summary/Cargo.toml
@@ -19,7 +19,6 @@ opensession-core = { workspace = true }
 opensession-runtime-config = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
-reqwest = { workspace = true }
 sha2 = { workspace = true }
 hex = "0.4"
 
diff --git a/crates/summary/src/lib.rs b/crates/summary/src/lib.rs
index 1ed39c48..e3544a6b 100644
--- a/crates/summary/src/lib.rs
+++ b/crates/summary/src/lib.rs
@@ -3,14 +3,16 @@ pub mod prompt;
 pub mod provider;
 pub mod text;
 pub mod types;
-pub use prompt::{DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2, validate_summary_prompt_template};
+pub use prompt::{
+    DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2, classify_arch_layer, validate_summary_prompt_template,
+};
+pub use provider::{LayerFileChange, SemanticSummary, parse_semantic_summary_or_fallback};
 
-use crate::git::{GitSummaryContext, GitSummaryService, ShellGitCommandRunner};
+use crate::git::GitSummaryContext;
 use crate::prompt::{
-    SummaryPromptConfig, build_summary_prompt, classify_arch_layer, collect_file_changes,
-    collect_timeline_snippets, contains_auth_security_keyword,
+    SummaryPromptConfig, build_summary_prompt, collect_file_changes, collect_timeline_snippets,
+    contains_auth_security_keyword,
 };
-use crate::provider::{SemanticSummary, generate_summary};
 use crate::text::compact_summary_snippet;
 use crate::types::HailCompactFileChange;
 use opensession_core::trace::{Agent, ContentBlock, Event, EventType, Session};
@@ -18,10 +20,12 @@ use opensession_runtime_config::{SummaryProvider, SummarySettings};
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
 use std::collections::{BTreeMap, HashMap};
-use std::path::{Path, PathBuf};
+use std::future::Future;
+use std::path::PathBuf;
+use std::pin::Pin;
 
 const MAX_TIMELINE_SNIPPETS: usize = 32;
-const MAX_FILE_CHANGE_ENTRIES: usize = 200;
+pub const MAX_FILE_CHANGE_ENTRIES: usize = 200;
 const MAX_DIFF_HUNKS_PER_FILE: usize = 10;
 const MAX_DIFF_LINES_PER_HUNK: usize = 40;
 const MAX_DIFF_FILES_PER_LAYER: usize = 80;
@@ -113,15 +117,18 @@ impl GitSummaryRequest {
     }
 }
 
-pub fn detect_summary_provider() -> Option<provider::LocalSummaryProfile> {
-    provider::detect_local_summary_profile()
-}
+pub type SummaryGenerateFuture<'a> =
+    Pin<Box<dyn Future<Output = Result<SemanticSummary, String>> + Send + 'a>>;
 
-pub async fn summarize_session(
+pub async fn summarize_session_with_provider<Generate>(
     session: &Session,
     settings: &SummarySettings,
-    git_request: Option<&GitSummaryRequest>,
-) -> Result<SemanticSummaryArtifact, String> {
+    git_context: Option<GitSummaryContext>,
+    generate_summary: Generate,
+) -> Result<SemanticSummaryArtifact, String>
+where
+    Generate: for<'a> Fn(&'a SummarySettings, &'a str) -> SummaryGenerateFuture<'a>,
+{
     let timeline = collect_timeline_snippets(session, MAX_TIMELINE_SNIPPETS, default_event_snippet);
     let files = collect_file_changes(session, MAX_FILE_CHANGE_ENTRIES);
 
@@ -135,35 +142,28 @@ pub async fn summarize_session(
     };
 
     if signals.is_empty() && settings.allows_git_changes_fallback() {
-        if let Some(request) = git_request {
-            if let Some(git_ctx) = collect_git_context(request) {
-                signals = summary_signals_from_git(git_ctx)?;
-            }
+        if let Some(git_ctx) = git_context {
+            signals = summary_signals_from_git(git_ctx)?;
         }
     }
 
-    summarize_from_signals(signals, settings).await
-}
-
-pub async fn summarize_git_commit(
-    repo_root: &Path,
-    commit: &str,
-    settings: &SummarySettings,
-) -> Result<SemanticSummaryArtifact, String> {
-    let request = GitSummaryRequest::from_commit(repo_root.to_path_buf(), commit.to_string());
-    let context = collect_git_context(&request)
-        .ok_or_else(|| format!("unable to collect git summary context for commit `{commit}`"))?;
-    summarize_from_signals(summary_signals_from_git(context)?, settings).await
+    summarize_from_signals(signals, settings, generate_summary).await
 }
 
-pub async fn summarize_git_working_tree(
-    repo_root: &Path,
+pub async fn classify_and_summarize_git_context<Generate>(
+    context: GitSummaryContext,
     settings: &SummarySettings,
-) -> Result<SemanticSummaryArtifact, String> {
-    let request = GitSummaryRequest::working_tree(repo_root.to_path_buf());
-    let context = collect_git_context(&request)
-        .ok_or_else(|| "unable to collect git summary context for working tree".to_string())?;
-    summarize_from_signals(summary_signals_from_git(context)?, settings).await
+    generate_summary: Generate,
+) -> Result<SemanticSummaryArtifact, String>
+where
+    Generate: for<'a> Fn(&'a SummarySettings, &'a str) -> SummaryGenerateFuture<'a>,
+{
+    summarize_from_signals(
+        summary_signals_from_git(context)?,
+        settings,
+        generate_summary,
+    )
+    .await
 }
 
 #[derive(Debug, Clone)]
@@ -182,10 +182,14 @@ impl SummarySignals {
     }
 }
 
-async fn summarize_from_signals(
+async fn summarize_from_signals<Generate>(
     signals: SummarySignals,
     settings: &SummarySettings,
-) -> Result<SemanticSummaryArtifact, String> {
+    generate_summary: Generate,
+) -> Result<SemanticSummaryArtifact, String>
+where
+    Generate: for<'a> Fn(&'a SummarySettings, &'a str) -> SummaryGenerateFuture<'a>,
+{
     let prompt_template = if settings.prompt.template.trim().is_empty() {
         DEFAULT_SUMMARY_PROMPT_TEMPLATE_V2
     } else {
@@ -281,24 +285,6 @@ async fn summarize_from_signals(
     }
 }
 
-fn collect_git_context(request: &GitSummaryRequest) -> Option<GitSummaryContext> {
-    let service = GitSummaryService::new(ShellGitCommandRunner);
-    if let Some(commit) = request.commit.as_deref() {
-        return service.collect_commit_context(
-            &request.repo_root,
-            commit,
-            MAX_FILE_CHANGE_ENTRIES,
-            classify_arch_layer,
-        );
-    }
-
-    service.collect_working_tree_context(
-        &request.repo_root,
-        MAX_FILE_CHANGE_ENTRIES,
-        classify_arch_layer,
-    )
-}
-
 fn summary_signals_from_git(context: GitSummaryContext) -> Result<SummarySignals, String> {
     let mut session = Session::new(
         context
@@ -596,10 +582,11 @@ fn parse_diff_hunks(diff: &str) -> Vec<DiffHunkNode> {
 #[cfg(test)]
 mod tests {
     use super::{
-        DiffLayerNode, GitSummaryRequest, SummaryGenerationKind, SummarySourceKind,
-        build_diff_tree, default_event_snippet, heuristic_summary, parse_diff_hunks,
-        summarize_session,
+        DiffLayerNode, SummaryGenerationKind, SummarySourceKind, build_diff_tree,
+        default_event_snippet, heuristic_summary, parse_diff_hunks,
+        summarize_session_with_provider,
     };
+    use crate::git::GitSummaryContext;
     use crate::types::HailCompactFileChange;
     use chrono::Utc;
     use opensession_core::trace::{Agent, Content, Event, EventType, Session};
@@ -712,9 +699,13 @@ mod tests {
         let session = session_with_file_edit("src/auth.rs", "@@ -1 +1 @@\n-a\n+b\n");
         let settings = SummarySettings::default();
 
-        let artifact = summarize_session(&session, &settings, None)
-            .await
-            .expect("summarize");
+        let artifact = summarize_session_with_provider(&session, &settings, None, |_, _| {
+            Box::pin(async {
+                unreachable!("provider should not run when summary settings are disabled")
+            })
+        })
+        .await
+        .expect("summarize");
         assert_eq!(
             artifact.generation_kind,
             SummaryGenerationKind::HeuristicFallback
@@ -726,7 +717,7 @@ mod tests {
     }
 
     #[tokio::test]
-    async fn summarize_session_uses_git_fallback_when_session_has_low_signal() {
+    async fn summarize_session_uses_git_context_when_session_has_low_signal() {
         let mut session = Session::new(
             "s-empty".to_string(),
             Agent {
@@ -740,19 +731,57 @@ mod tests {
 
         let mut settings = SummarySettings::default();
         settings.source_mode = opensession_runtime_config::SummarySourceMode::SessionOrGitChanges;
+        settings.provider.id = SummaryProvider::CodexExec;
 
-        let artifact = summarize_session(
+        let artifact = summarize_session_with_provider(
             &session,
             &settings,
-            Some(&GitSummaryRequest::working_tree(std::env::temp_dir())),
+            Some(GitSummaryContext {
+                source: "git_working_tree".to_string(),
+                repo_root: std::env::temp_dir(),
+                commit: None,
+                timeline_signals: vec!["working_tree: 1 files changed".to_string()],
+                file_changes: vec![HailCompactFileChange {
+                    path: "src/lib.rs".to_string(),
+                    layer: "application".to_string(),
+                    operation: "edit".to_string(),
+                    lines_added: 3,
+                    lines_removed: 1,
+                }],
+            }),
+            |_, _| {
+                Box::pin(async {
+                    Ok(crate::provider::SemanticSummary {
+                        changes: "Updated working tree".to_string(),
+                        auth_security: "none detected".to_string(),
+                        layer_file_changes: Vec::new(),
+                    })
+                })
+            },
         )
         .await
         .expect("summarize");
 
-        // temp dir is typically not a git repo, so fallback remains heuristic/session.
-        assert!(matches!(
-            artifact.source_kind,
-            SummarySourceKind::SessionSignals | SummarySourceKind::Heuristic
-        ));
+        assert_eq!(artifact.source_kind, SummarySourceKind::GitWorkingTree);
+        assert_eq!(artifact.generation_kind, SummaryGenerationKind::Provider);
+    }
+
+    #[tokio::test]
+    async fn summarize_session_records_provider_errors_as_heuristic_fallback() {
+        let session = session_with_file_edit("src/auth.rs", "@@ -1 +1 @@\n-a\n+b\n");
+        let mut settings = SummarySettings::default();
+        settings.provider.id = SummaryProvider::CodexExec;
+
+        let artifact = summarize_session_with_provider(&session, &settings, None, |_, _| {
+            Box::pin(async { Err("codex exec failed".to_string()) })
+        })
+        .await
+        .expect("summarize");
+
+        assert_eq!(
+            artifact.generation_kind,
+            SummaryGenerationKind::HeuristicFallback
+        );
+        assert_eq!(artifact.error.as_deref(), Some("codex exec failed"));
     }
 }
diff --git a/crates/summary/src/provider.rs b/crates/summary/src/provider.rs
index 5a4db35b..6923409c 100644
--- a/crates/summary/src/provider.rs
+++ b/crates/summary/src/provider.rs
@@ -1,14 +1,6 @@
-use opensession_runtime_config::{
-    SummaryOutputShape, SummaryProvider, SummaryResponseStyle, SummarySettings,
-};
+use opensession_runtime_config::{SummaryOutputShape, SummaryResponseStyle, SummarySettings};
 use serde::{Deserialize, Serialize};
-use std::fs;
-use std::path::PathBuf;
-use std::process::{Command, Output, Stdio};
-use std::thread;
-use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
 
-const DEFAULT_OLLAMA_ENDPOINT: &str = "http://127.0.0.1:11434";
 const DEFAULT_SUMMARY_CHAR_LIMIT: usize = 560;
 const DEFAULT_AUTH_SECURITY_CHAR_LIMIT: usize = 320;
 const DEFAULT_LAYER_SUMMARY_CHAR_LIMIT: usize = 260;
@@ -48,13 +40,6 @@ fn summary_limits(settings: &SummarySettings) -> SummaryNormalizationLimits {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct LocalSummaryProfile {
-    pub provider: SummaryProvider,
-    pub endpoint: String,
-    pub model: String,
-}
-
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
 pub struct SemanticSummary {
     pub changes: String,
@@ -123,248 +108,10 @@ impl SemanticSummary {
     }
 }
 
-pub fn detect_local_summary_profile() -> Option<LocalSummaryProfile> {
-    detect_ollama_profile()
-        .or_else(detect_codex_exec_profile)
-        .or_else(detect_claude_cli_profile)
-}
-
-fn detect_ollama_profile() -> Option<LocalSummaryProfile> {
-    let output = Command::new("ollama").arg("list").output().ok()?;
-    if !output.status.success() {
-        return None;
-    }
-    let stdout = String::from_utf8_lossy(&output.stdout);
-    let model = parse_ollama_list_output(&stdout).into_iter().next()?;
-    Some(LocalSummaryProfile {
-        provider: SummaryProvider::Ollama,
-        endpoint: DEFAULT_OLLAMA_ENDPOINT.to_string(),
-        model,
-    })
-}
-
-fn detect_codex_exec_profile() -> Option<LocalSummaryProfile> {
-    if !command_available("codex", &["exec", "--help"]) {
-        return None;
-    }
-    Some(LocalSummaryProfile {
-        provider: SummaryProvider::CodexExec,
-        endpoint: String::new(),
-        model: String::new(),
-    })
-}
-
-fn detect_claude_cli_profile() -> Option<LocalSummaryProfile> {
-    if !command_available("claude", &["--help"]) {
-        return None;
-    }
-    Some(LocalSummaryProfile {
-        provider: SummaryProvider::ClaudeCli,
-        endpoint: String::new(),
-        model: String::new(),
-    })
-}
-
-fn command_available(program: &str, args: &[&str]) -> bool {
-    Command::new(program)
-        .args(args)
-        .stdout(Stdio::null())
-        .stderr(Stdio::null())
-        .status()
-        .map(|status| status.success())
-        .unwrap_or(false)
-}
-
-fn parse_ollama_list_output(raw: &str) -> Vec<String> {
-    let mut models = Vec::new();
-    for line in raw.lines() {
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-        let lowered = trimmed.to_ascii_lowercase();
-        if lowered.starts_with("name ")
-            || lowered.starts_with("error")
-            || lowered.starts_with("failed")
-        {
-            continue;
-        }
-        let Some(token) = trimmed.split_whitespace().next() else {
-            continue;
-        };
-        let candidate = token.trim().to_string();
-        if candidate.is_empty() || models.contains(&candidate) {
-            continue;
-        }
-        models.push(candidate);
-    }
-    models
-}
-
-#[derive(Debug, Serialize)]
-struct OllamaGenerateRequest<'a> {
-    model: &'a str,
-    prompt: &'a str,
-    stream: bool,
-}
-
-#[derive(Debug, Deserialize)]
-struct OllamaGenerateResponse {
-    response: String,
-}
-
-pub async fn generate_summary(
+pub fn parse_semantic_summary_or_fallback(
+    raw: &str,
     settings: &SummarySettings,
-    prompt: &str,
-) -> Result<SemanticSummary, String> {
-    let raw = generate_text(settings, prompt).await?;
-    Ok(parse_semantic_summary_or_fallback(&raw, settings))
-}
-
-pub async fn generate_text(settings: &SummarySettings, prompt: &str) -> Result<String, String> {
-    if prompt.trim().is_empty() {
-        return Err("summary prompt is empty".to_string());
-    }
-    if !settings.is_configured() {
-        return Err("local summary provider is not configured".to_string());
-    }
-
-    match settings.provider.id {
-        SummaryProvider::Disabled => Err("local summary provider is disabled".to_string()),
-        SummaryProvider::Ollama => generate_text_with_ollama(settings, prompt).await,
-        SummaryProvider::CodexExec => generate_text_with_codex_exec(settings, prompt).await,
-        SummaryProvider::ClaudeCli => generate_text_with_claude_cli(settings, prompt).await,
-    }
-}
-
-async fn generate_text_with_ollama(
-    settings: &SummarySettings,
-    prompt: &str,
-) -> Result<String, String> {
-    let endpoint = if settings.provider.endpoint.trim().is_empty() {
-        DEFAULT_OLLAMA_ENDPOINT
-    } else {
-        settings.provider.endpoint.trim()
-    };
-    let url = format!("{}/api/generate", endpoint.trim_end_matches('/'));
-    let model = settings.provider.model.trim();
-    if model.is_empty() {
-        return Err("ollama model is empty".to_string());
-    }
-
-    let client = reqwest::Client::builder()
-        .connect_timeout(Duration::from_secs(2))
-        .timeout(Duration::from_secs(20))
-        .build()
-        .map_err(|err| format!("failed to build local summary HTTP client: {err}"))?;
-
-    let response = client
-        .post(url)
-        .json(&OllamaGenerateRequest {
-            model,
-            prompt,
-            stream: false,
-        })
-        .send()
-        .await
-        .map_err(|err| format!("failed to call ollama summary API: {err}"))?;
-
-    if !response.status().is_success() {
-        let status = response.status().as_u16();
-        let body = response.text().await.unwrap_or_default();
-        return Err(format!(
-            "ollama summary API returned {status}: {}",
-            body.trim()
-        ));
-    }
-
-    let payload: OllamaGenerateResponse = response
-        .json()
-        .await
-        .map_err(|err| format!("failed to decode ollama summary response: {err}"))?;
-    if payload.response.trim().is_empty() {
-        return Err("ollama summary response was empty".to_string());
-    }
-
-    Ok(payload.response)
-}
-
-async fn generate_text_with_codex_exec(
-    settings: &SummarySettings,
-    prompt: &str,
-) -> Result<String, String> {
-    let output_path = temp_cli_output_path("codex-summary");
-
-    let mut command = Command::new("codex");
-    command
-        .arg("exec")
-        .arg("--skip-git-repo-check")
-        .arg("--sandbox")
-        .arg("read-only")
-        .arg("--output-last-message")
-        .arg(output_path.to_string_lossy().to_string());
-    let model = settings.provider.model.trim();
-    if !model.is_empty() {
-        command.arg("--model").arg(model);
-    }
-    command.arg(prompt);
-
-    let output = run_command_with_timeout(command, Duration::from_secs(60))
-        .map_err(|err| format!("failed to run codex exec summary: {err}"))?;
-
-    let response = read_output_or_stdout(&output_path, &output);
-    if response.trim().is_empty() {
-        return Err("codex exec summary response was empty".to_string());
-    }
-    Ok(response)
-}
-
-async fn generate_text_with_claude_cli(
-    settings: &SummarySettings,
-    prompt: &str,
-) -> Result<String, String> {
-    let model = settings.provider.model.trim().to_string();
-    let timeout = Duration::from_secs(60);
-
-    let mut command = Command::new("claude");
-    command.arg("-c");
-    if !model.is_empty() {
-        command.arg("--model").arg(&model);
-    }
-    command.arg(prompt);
-
-    let output = match run_command_with_timeout(command, timeout) {
-        Ok(output) => output,
-        Err(primary_error) => {
-            let mut fallback = Command::new("claude");
-            fallback
-                .arg("--print")
-                .arg("--output-format")
-                .arg("text")
-                .arg("--no-session-persistence")
-                .arg("--tools")
-                .arg("");
-            if !model.is_empty() {
-                fallback.arg("--model").arg(&model);
-            }
-            fallback.arg(prompt);
-
-            run_command_with_timeout(fallback, timeout).map_err(|fallback_error| {
-                format!(
-                    "failed to run claude summary (`claude -c` => {primary_error}; fallback => {fallback_error})"
-                )
-            })?
-        }
-    };
-
-    let response = String::from_utf8_lossy(&output.stdout).to_string();
-    if response.trim().is_empty() {
-        return Err("claude summary response was empty".to_string());
-    }
-    Ok(response)
-}
-
-fn parse_semantic_summary_or_fallback(raw: &str, settings: &SummarySettings) -> SemanticSummary {
+) -> SemanticSummary {
     let limits = summary_limits(settings);
     match parse_semantic_summary(raw) {
         Ok(summary) => summary.normalize(limits),
@@ -372,71 +119,6 @@ fn parse_semantic_summary_or_fallback(raw: &str, settings: &SummarySettings) ->
     }
 }
 
-fn read_output_or_stdout(path: &PathBuf, output: &Output) -> String {
-    let file_text = fs::read_to_string(path).unwrap_or_default();
-    let _ = fs::remove_file(path);
-    if !file_text.trim().is_empty() {
-        return file_text;
-    }
-    String::from_utf8_lossy(&output.stdout).to_string()
-}
-
-fn temp_cli_output_path(prefix: &str) -> PathBuf {
-    let pid = std::process::id();
-    let timestamp = SystemTime::now()
-        .duration_since(UNIX_EPOCH)
-        .map(|duration| duration.as_nanos())
-        .unwrap_or(0);
-    std::env::temp_dir().join(format!("{prefix}-{pid}-{timestamp}.txt"))
-}
-
-fn run_command_with_timeout(mut command: Command, timeout: Duration) -> Result<Output, String> {
-    command.stdout(Stdio::piped()).stderr(Stdio::piped());
-
-    let program = command.get_program().to_string_lossy().to_string();
-    let mut child = command
-        .spawn()
-        .map_err(|err| format!("failed to spawn `{program}`: {err}"))?;
-    let started = Instant::now();
-
-    loop {
-        match child.try_wait() {
-            Ok(Some(_status)) => {
-                let output = child
-                    .wait_with_output()
-                    .map_err(|err| format!("failed to collect `{program}` output: {err}"))?;
-                if output.status.success() {
-                    return Ok(output);
-                }
-                let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
-                let stdout = String::from_utf8_lossy(&output.stdout).trim().to_string();
-                let detail = if !stderr.is_empty() {
-                    stderr
-                } else if !stdout.is_empty() {
-                    stdout
-                } else {
-                    format!("exit status {}", output.status)
-                };
-                return Err(format!("`{program}` failed: {detail}"));
-            }
-            Ok(None) => {
-                if started.elapsed() >= timeout {
-                    let _ = child.kill();
-                    let _ = child.wait();
-                    return Err(format!(
-                        "`{program}` timed out after {}s",
-                        timeout.as_secs()
-                    ));
-                }
-                thread::sleep(Duration::from_millis(50));
-            }
-            Err(err) => {
-                return Err(format!("failed while waiting for `{program}`: {err}"));
-            }
-        }
-    }
-}
-
 #[cfg(test)]
 fn normalize_summary_text(raw: &str) -> String {
     normalize_summary_text_with_limit(raw, DEFAULT_SUMMARY_CHAR_LIMIT)
@@ -507,32 +189,11 @@ fn find_json_object_slice(raw: &str) -> Option<&str> {
 #[cfg(test)]
 mod tests {
     use super::{
-        SemanticSummary, normalize_summary_text, parse_ollama_list_output, parse_semantic_summary,
+        SemanticSummary, normalize_summary_text, parse_semantic_summary,
         parse_semantic_summary_or_fallback,
     };
     use opensession_runtime_config::{SummaryOutputShape, SummaryResponseStyle, SummarySettings};
 
-    #[test]
-    fn parse_ollama_list_output_extracts_model_names() {
-        let output = r#"
-NAME                      ID              SIZE      MODIFIED
-llama3.2:3b               a80c4f17acd5    2.0 GB    3 hours ago
-qwen2.5-coder:7b          2b0496514337    4.7 GB    1 day ago
-"#;
-
-        let models = parse_ollama_list_output(output);
-        assert_eq!(
-            models,
-            vec!["llama3.2:3b".to_string(), "qwen2.5-coder:7b".to_string()]
-        );
-    }
-
-    #[test]
-    fn parse_ollama_list_output_ignores_errors_and_empty_lines() {
-        let output = "\nError: could not connect to ollama\n";
-        assert!(parse_ollama_list_output(output).is_empty());
-    }
-
     #[test]
     fn normalize_summary_text_collapses_whitespace_and_limits_length() {
         let raw = "  fixed   setup flow\nand  added    summary  cache ";
diff --git a/desktop/src-tauri/Cargo.toml b/desktop/src-tauri/Cargo.toml
index 53bad706..50d405c1 100644
--- a/desktop/src-tauri/Cargo.toml
+++ b/desktop/src-tauri/Cargo.toml
@@ -15,9 +15,12 @@ opensession-api = { path = "../../crates/api" }
 opensession-local-db = { path = "../../crates/local-db" }
 opensession-local-store = { path = "../../crates/local-store" }
 opensession-core = { path = "../../crates/core" }
+opensession-paths = { path = "../../crates/paths" }
 opensession-parsers = { path = "../../crates/parsers" }
+opensession-parser-discovery = { path = "../../crates/parser-discovery" }
 opensession-runtime-config = { path = "../../crates/runtime-config" }
 opensession-summary = { path = "../../crates/summary" }
+opensession-summary-runtime = { path = "../../crates/summary-runtime" }
 opensession-git-native = { path = "../../crates/git-native" }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
diff --git a/desktop/src-tauri/src/app/change_reader.rs b/desktop/src-tauri/src/app/change_reader.rs
index df5960dd..9c88095a 100644
--- a/desktop/src-tauri/src/app/change_reader.rs
+++ b/desktop/src-tauri/src/app/change_reader.rs
@@ -8,7 +8,7 @@ use opensession_api::{
 use opensession_core::trace::{ContentBlock, Event, EventType, Session as HailSession};
 use opensession_local_db::LocalDb;
 use opensession_runtime_config::{ChangeReaderVoiceProvider, DaemonConfig, SummaryProvider};
-use opensession_summary::provider::generate_text;
+use opensession_summary_runtime::generate_text;
 use serde_json::json;
 use std::time::Duration;
 
diff --git a/desktop/src-tauri/src/app/runtime_settings.rs b/desktop/src-tauri/src/app/runtime_settings.rs
index f6a72586..fb0fe4e3 100644
--- a/desktop/src-tauri/src/app/runtime_settings.rs
+++ b/desktop/src-tauri/src/app/runtime_settings.rs
@@ -610,7 +610,7 @@ pub(crate) fn desktop_update_runtime_settings(
 
 #[tauri::command]
 pub(crate) fn desktop_detect_summary_provider() -> DesktopSummaryProviderDetectResponse {
-    if let Some(profile) = opensession_summary::detect_summary_provider() {
+    if let Some(profile) = opensession_summary_runtime::detect_local_summary_profile() {
         return DesktopSummaryProviderDetectResponse {
             detected: true,
             provider: Some(map_summary_provider_id_from_runtime(&profile.provider)),
diff --git a/desktop/src-tauri/src/app/session_access.rs b/desktop/src-tauri/src/app/session_access.rs
index bb68dd93..9196db47 100644
--- a/desktop/src-tauri/src/app/session_access.rs
+++ b/desktop/src-tauri/src/app/session_access.rs
@@ -9,7 +9,8 @@ use opensession_core::session::{is_auxiliary_session, working_directory};
 use opensession_core::trace::Session as HailSession;
 use opensession_git_native::extract_git_context;
 use opensession_local_db::{LocalDb, LocalSessionLink, LocalSessionRow};
-use opensession_parsers::{ParserRegistry, discover::discover_for_tool};
+use opensession_parser_discovery::discover_for_tool;
+use opensession_parsers::ParserRegistry;
 use serde_json::json;
 use std::collections::BTreeSet;
 use std::fs;
diff --git a/desktop/src-tauri/src/app/session_summary.rs b/desktop/src-tauri/src/app/session_summary.rs
index cc8f3b1c..c3abe60e 100644
--- a/desktop/src-tauri/src/app/session_summary.rs
+++ b/desktop/src-tauri/src/app/session_summary.rs
@@ -14,7 +14,8 @@ use opensession_local_db::{LocalDb, LocalSessionFilter, LocalSessionRow, Summary
 use opensession_runtime_config::{
     DaemonConfig, SummaryBatchScope as RuntimeSummaryBatchScope, SummaryStorageBackend,
 };
-use opensession_summary::{GitSummaryRequest, SemanticSummaryArtifact, summarize_session};
+use opensession_summary::{GitSummaryRequest, SemanticSummaryArtifact};
+use opensession_summary_runtime::summarize_session;
 use serde_json::json;
 use std::collections::HashSet;
 use std::path::{Path, PathBuf};
diff --git a/desktop/src-tauri/src/app/vector.rs b/desktop/src-tauri/src/app/vector.rs
index 149fbf41..224764a2 100644
--- a/desktop/src-tauri/src/app/vector.rs
+++ b/desktop/src-tauri/src/app/vector.rs
@@ -53,6 +53,21 @@ static VECTOR_INSTALL_STATE: LazyLock<Mutex<VectorInstallRuntimeState>> = LazyLo
 
 static VECTOR_INDEX_REBUILD_RUNNING: LazyLock<Mutex<bool>> = LazyLock::new(|| Mutex::new(false));
 
+fn run_vector_blocking_task<T, F>(task: F) -> DesktopApiResult<T>
+where
+    T: Send + 'static,
+    F: FnOnce() -> DesktopApiResult<T> + Send + 'static,
+{
+    std::thread::spawn(task).join().map_err(|_| {
+        desktop_error(
+            "desktop.vector_runtime_join_failed",
+            500,
+            "vector task terminated unexpectedly",
+            None,
+        )
+    })?
+}
+
 pub(crate) fn vector_embed_endpoint(runtime: &DaemonConfig) -> String {
     let configured = runtime.vector_search.endpoint.trim();
     if !configured.is_empty() {
@@ -1308,7 +1323,7 @@ fn install_status_response_from_state(
 #[tauri::command]
 pub(crate) fn desktop_vector_preflight() -> DesktopApiResult<DesktopVectorPreflightResponse> {
     let runtime = load_runtime_config()?;
-    Ok(vector_preflight_for_runtime(&runtime))
+    run_vector_blocking_task(move || Ok(vector_preflight_for_runtime(&runtime)))
 }
 
 #[tauri::command]
@@ -1412,7 +1427,9 @@ pub(crate) fn desktop_search_sessions_vector(
     cursor: Option<String>,
     limit: Option<u32>,
 ) -> DesktopApiResult<DesktopVectorSearchResponse> {
-    let db = open_local_db()?;
-    let runtime = load_runtime_config()?;
-    search_sessions_vector_internal(&db, &runtime, &query, cursor, limit, None)
+    run_vector_blocking_task(move || {
+        let db = open_local_db()?;
+        let runtime = load_runtime_config()?;
+        search_sessions_vector_internal(&db, &runtime, &query, cursor, limit, None)
+    })
 }
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index c571687f..261222a7 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -113,20 +113,14 @@ fn open_local_db() -> DesktopApiResult<LocalDb> {
 }
 
 fn runtime_config_path() -> DesktopApiResult<PathBuf> {
-    let home = std::env::var("HOME")
-        .or_else(|_| std::env::var("USERPROFILE"))
-        .map_err(|error| {
-            desktop_error(
-                "desktop.runtime_config_home_unavailable",
-                500,
-                "failed to resolve home directory for runtime config",
-                Some(json!({ "cause": error.to_string() })),
-            )
-        })?;
-    Ok(PathBuf::from(home)
-        .join(".config")
-        .join("opensession")
-        .join(opensession_runtime_config::CONFIG_FILE_NAME))
+    opensession_paths::runtime_config_path().map_err(|error| {
+        desktop_error(
+            "desktop.runtime_config_home_unavailable",
+            500,
+            "failed to resolve home directory for runtime config",
+            Some(json!({ "cause": error.to_string() })),
+        )
+    })
 }
 
 fn load_runtime_config() -> DesktopApiResult<DaemonConfig> {

From 91015761dc44afdb36c4a69ade417534741cc7f2 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 14:15:38 +0900
Subject: [PATCH 21/30] chore(platform): drop generated desktop and worker
 artifacts

---
 .gitignore                   |   2 +
 desktop/src-tauri/Cargo.lock | 138 ++++++++++++++++++++++++++++++++++-
 2 files changed, 137 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index caa3b609..dedb8c9d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,8 @@
 /target/
 /target-*/
 /crates/worker/target/
+/crates/worker/build/
+/build/
 
 # Local cargo overrides (dev only)
 .cargo/config.toml
diff --git a/desktop/src-tauri/Cargo.lock b/desktop/src-tauri/Cargo.lock
index 06979fd5..7af5354e 100644
--- a/desktop/src-tauri/Cargo.lock
+++ b/desktop/src-tauri/Cargo.lock
@@ -667,13 +667,34 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "directories"
+version = "5.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a49173b84e034382284f27f1af4dcbbd231ffa358c0fe316541a7337f376a35"
+dependencies = [
+ "dirs-sys 0.4.1",
+]
+
 [[package]]
 name = "dirs"
 version = "6.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c3e8aa94d75141228480295a7d0e7feb620b1a5ad9f12bc40be62411e38cce4e"
 dependencies = [
- "dirs-sys",
+ "dirs-sys 0.5.0",
+]
+
+[[package]]
+name = "dirs-sys"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "520f05a5cbd335fae5a99ff7a6ab8627577660ee5cfd6a94a6a929b52ff0321c"
+dependencies = [
+ "libc",
+ "option-ext",
+ "redox_users 0.4.6",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]
@@ -684,7 +705,7 @@ checksum = "e01a3366d27ee9890022452ee61b2b63a67e6f13f58900b651ff5665f0bb1fab"
 dependencies = [
  "libc",
  "option-ext",
- "redox_users",
+ "redox_users 0.5.2",
  "windows-sys 0.61.2",
 ]
 
@@ -3209,9 +3230,12 @@ dependencies = [
  "opensession-git-native",
  "opensession-local-db",
  "opensession-local-store",
+ "opensession-parser-discovery",
  "opensession-parsers",
+ "opensession-paths",
  "opensession-runtime-config",
  "opensession-summary",
+ "opensession-summary-runtime",
  "reqwest 0.12.28",
  "serde",
  "serde_json",
@@ -3242,6 +3266,7 @@ dependencies = [
  "chrono",
  "opensession-api",
  "opensession-core",
+ "opensession-paths",
  "rusqlite",
  "serde",
  "serde_json",
@@ -3253,10 +3278,21 @@ name = "opensession-local-store"
 version = "0.2.34"
 dependencies = [
  "opensession-core",
+ "opensession-paths",
  "sha2",
  "thiserror 2.0.18",
 ]
 
+[[package]]
+name = "opensession-parser-discovery"
+version = "0.2.34"
+dependencies = [
+ "glob",
+ "opensession-paths",
+ "rusqlite",
+ "shellexpand",
+]
+
 [[package]]
 name = "opensession-parsers"
 version = "0.2.34"
@@ -3276,6 +3312,15 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "opensession-paths"
+version = "0.2.34"
+dependencies = [
+ "directories",
+ "opensession-runtime-config",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "opensession-runtime-config"
 version = "0.2.34"
@@ -3291,12 +3336,22 @@ dependencies = [
  "hex",
  "opensession-core",
  "opensession-runtime-config",
- "reqwest 0.12.28",
  "serde",
  "serde_json",
  "sha2",
 ]
 
+[[package]]
+name = "opensession-summary-runtime"
+version = "0.2.34"
+dependencies = [
+ "opensession-core",
+ "opensession-runtime-config",
+ "opensession-summary",
+ "reqwest 0.12.28",
+ "serde",
+]
+
 [[package]]
 name = "option-ext"
 version = "0.2.0"
@@ -3920,6 +3975,17 @@ dependencies = [
  "bitflags 2.11.0",
 ]
 
+[[package]]
+name = "redox_users"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba009ff324d1fc1b900bd1fdb31564febe58a8ccc8a6fdbb93b543d33b13ca43"
+dependencies = [
+ "getrandom 0.2.17",
+ "libredox",
+ "thiserror 1.0.69",
+]
+
 [[package]]
 name = "redox_users"
 version = "0.5.2"
@@ -5983,6 +6049,15 @@ dependencies = [
  "windows-targets 0.42.2",
 ]
 
+[[package]]
+name = "windows-sys"
+version = "0.48.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
+dependencies = [
+ "windows-targets 0.48.5",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.52.0"
@@ -6034,6 +6109,21 @@ dependencies = [
  "windows_x86_64_msvc 0.42.2",
 ]
 
+[[package]]
+name = "windows-targets"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
+dependencies = [
+ "windows_aarch64_gnullvm 0.48.5",
+ "windows_aarch64_msvc 0.48.5",
+ "windows_i686_gnu 0.48.5",
+ "windows_i686_msvc 0.48.5",
+ "windows_x86_64_gnu 0.48.5",
+ "windows_x86_64_gnullvm 0.48.5",
+ "windows_x86_64_msvc 0.48.5",
+]
+
 [[package]]
 name = "windows-targets"
 version = "0.52.6"
@@ -6091,6 +6181,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "597a5118570b68bc08d8d59125332c54f1ba9d9adeedeef5b99b02ba2b0698f8"
 
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
+
 [[package]]
 name = "windows_aarch64_gnullvm"
 version = "0.52.6"
@@ -6109,6 +6205,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e08e8864a60f06ef0d0ff4ba04124db8b0fb3be5776a5cd47641e942e58c4d43"
 
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
+
 [[package]]
 name = "windows_aarch64_msvc"
 version = "0.52.6"
@@ -6127,6 +6229,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c61d927d8da41da96a81f029489353e68739737d3beca43145c8afec9a31a84f"
 
+[[package]]
+name = "windows_i686_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
+
 [[package]]
 name = "windows_i686_gnu"
 version = "0.52.6"
@@ -6157,6 +6265,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "44d840b6ec649f480a41c8d80f9c65108b92d89345dd94027bfe06ac444d1060"
 
+[[package]]
+name = "windows_i686_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
+
 [[package]]
 name = "windows_i686_msvc"
 version = "0.52.6"
@@ -6175,6 +6289,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8de912b8b8feb55c064867cf047dda097f92d51efad5b491dfb98f6bbb70cb36"
 
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
+
 [[package]]
 name = "windows_x86_64_gnu"
 version = "0.52.6"
@@ -6193,6 +6313,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26d41b46a36d453748aedef1486d5c7a85db22e56aff34643984ea85514e94a3"
 
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
+
 [[package]]
 name = "windows_x86_64_gnullvm"
 version = "0.52.6"
@@ -6211,6 +6337,12 @@ version = "0.42.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9aec5da331524158c6d1a4ac0ab1541149c0b9505fde06423b02f5ef0106b9f0"
 
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.48.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
+
 [[package]]
 name = "windows_x86_64_msvc"
 version = "0.52.6"

From 688f6192176774f86c50aceceb175dc0fb85ddd0 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 16:33:33 +0900
Subject: [PATCH 22/30] Add Korean localization and build cache guardrails

---
 .githooks/pre-commit                          |   1 +
 .gitignore                                    |   2 +
 Cargo.toml                                    |   6 +
 README.ko.md                                  |  49 +-
 README.md                                     |   1 +
 build.sh                                      |  33 +
 crates/cli/src/cli_args.rs                    | 204 +++-
 crates/cli/src/docs_cmd.rs                    |  50 +-
 crates/cli/src/entrypoint.rs                  |  15 +-
 crates/cli/src/locale.rs                      |  40 +
 crates/cli/src/main.rs                        |   1 +
 crates/server/src/routes/docs.rs              |  45 +-
 crates/worker/src/routes/docs.rs              |  37 +-
 desktop/README.ko.md                          | 102 ++
 desktop/README.md                             |   2 +
 desktop/package-lock.json                     |  96 +-
 desktop/package.json                          |   2 +-
 desktop/src-tauri/src/main.rs                 |  22 +-
 desktop/src-tauri/src/main_tests.rs           |  12 +
 docs.ko.md                                    | 390 ++++++++
 packages/ui/package-lock.json                 | 115 +--
 packages/ui/package.json                      |   8 +-
 packages/ui/src/api-internal/runtime.ts       |  35 +
 packages/ui/src/components/AppShell.svelte    | 221 +++--
 .../ui/src/components/AuthCallbackPage.svelte |  12 +-
 .../ui/src/components/CodeBlockView.svelte    |   5 +-
 packages/ui/src/components/DocsPage.svelte    |  73 +-
 packages/ui/src/components/EventView.svelte   |  72 +-
 packages/ui/src/components/FieldHelp.svelte   |   8 +-
 .../src/components/FloatingJobStatus.svelte   |  14 +-
 packages/ui/src/components/LandingPage.svelte | 114 ++-
 .../src/components/LanguageModePicker.svelte  |  54 +
 .../components/LanguageSettingsPanel.svelte   |  16 +
 packages/ui/src/components/LoginPage.svelte   |  44 +-
 .../src/components/ParseSourceBanner.svelte   |  11 +-
 .../src/components/ParserSelectPanel.svelte   |  18 +-
 packages/ui/src/components/SessionCard.svelte |   9 +-
 .../src/components/SessionDetailPage.svelte   | 146 ++-
 .../ui/src/components/SessionListPage.svelte  |  88 +-
 .../src/components/SessionRenderPage.svelte   | 116 ++-
 .../ui/src/components/SessionSidebar.svelte   |  28 +-
 .../ui/src/components/SettingsPage.svelte     | 937 +++++++++++-------
 packages/ui/src/components/ThemeToggle.svelte |   5 +-
 .../ui/src/components/ThreadMinimap.svelte    |  14 +-
 .../ui/src/components/TimelineView.svelte     |  32 +-
 .../GitCredentialEditorPanel.svelte           |  16 +-
 .../GitCredentialListPanel.svelte             |  19 +-
 .../settings-page/GitCredentialsPanel.svelte  |  17 +-
 .../settings-page/RuntimeActivityPanel.svelte |  16 +-
 .../settings-page/RuntimeQuickMenu.svelte     |  71 +-
 .../settings-page/SettingsApiKeyPanel.svelte  |  17 +-
 .../SettingsAuthGatePanel.svelte              |   9 +-
 .../SettingsOverviewHeaderPanel.svelte        |  14 +-
 .../settings-page/SettingsProfilePanel.svelte |  23 +-
 .../settings-page/SettingsSectionNav.svelte   |   5 +-
 packages/ui/src/i18n.test.ts                  | 130 +++
 packages/ui/src/i18n.ts                       | 769 ++++++++++++++
 packages/ui/src/index.ts                      |  13 +
 packages/ui/src/types.ts                      |  34 +-
 packages/ui/src/utils.ts                      |   7 +-
 scripts/check-rust-artifact-guardrails.mjs    |  52 +
 scripts/check-validation-hooks.mjs            |   1 +
 web/README.ko.md                              |  38 +
 web/README.md                                 |   4 +
 web/e2e/navigation.spec.ts                    |  15 +-
 web/e2e/settings.spec.ts                      |   3 +-
 web/package-lock.json                         | 598 +++++------
 web/package.json                              |  12 +-
 web/src/routes/register/+page.svelte          |   5 +-
 .../src/[provider]/[...segments]/+page.svelte |  15 +-
 70 files changed, 3957 insertions(+), 1251 deletions(-)
 create mode 100644 crates/cli/src/locale.rs
 create mode 100644 desktop/README.ko.md
 create mode 100644 docs.ko.md
 create mode 100644 packages/ui/src/components/LanguageModePicker.svelte
 create mode 100644 packages/ui/src/components/LanguageSettingsPanel.svelte
 create mode 100644 packages/ui/src/i18n.test.ts
 create mode 100644 packages/ui/src/i18n.ts
 create mode 100644 scripts/check-rust-artifact-guardrails.mjs
 create mode 100644 web/README.ko.md

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index c9480d00..b19f7f36 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -68,6 +68,7 @@ run_node_check "desktop build preflight" scripts/validate/desktop-build-prefligh
 run_node_check "content contract check" scripts/verify-content-contract.mjs --check
 run_node_check "session-review workflow check" scripts/check-session-review-workflow.mjs
 run_node_check "publishable dependency check" scripts/check-publishable-deps.mjs
+run_node_check "rust artifact guardrail check" scripts/check-rust-artifact-guardrails.mjs
 run_node_check "validation hook guardrail check" scripts/check-validation-hooks.mjs
 run_node_check "docs portability check" scripts/check-doc-portability.mjs
 run_node_check "product version sync check" scripts/sync-product-version.mjs --check
diff --git a/.gitignore b/.gitignore
index dedb8c9d..fc81df41 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 # Build artifacts
+/node_modules/
 /target/
 /target-*/
 /crates/worker/target/
@@ -8,6 +9,7 @@
 # Local cargo overrides (dev only)
 .cargo/config.toml
 web/node_modules/
+packages/ui/node_modules/
 web/build/
 web/.svelte-kit/
 desktop/node_modules/
diff --git a/Cargo.toml b/Cargo.toml
index 0f266d9c..e5e0f538 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -103,9 +103,15 @@ gix = "0.79"
 sea-query = { version = "0.32", features = ["backend-sqlite", "derive"] }
 directories = "5"
 
+[profile.dev]
+incremental = false
+
 [profile.dev.package."*"]
 opt-level = 1
 
+[profile.test]
+incremental = false
+
 [profile.release]
 lto = "thin"
 codegen-units = 4
diff --git a/README.ko.md b/README.ko.md
index 028c0f7b..5f74be07 100644
--- a/README.ko.md
+++ b/README.ko.md
@@ -8,11 +8,13 @@
 OpenSession은 AI 세션 로그를 로컬 우선(local-first)으로 기록/등록/공유/검토하는 워크플로입니다.
 
 웹: [opensession.io](https://opensession.io)  
-문서: [opensession.io/docs](https://opensession.io/docs)
+문서: [opensession.io/docs](https://opensession.io/docs)  
+한국어 제품 문서: [`docs.ko.md`](docs.ko.md)
 
 ## 문서 맵
 
-- 제품 계약/명령 모델: [`docs.md`](docs.md)
+- 제품 계약/명령 모델: [`docs.ko.md`](docs.ko.md)
+- 영문 원본 계약 문서: [`docs.md`](docs.md)
 - 개발/검증 런북: [`docs/development-validation-flow.md`](docs/development-validation-flow.md)
 - 하네스 루프 정책: [`docs/harness-auto-improve-loop.md`](docs/harness-auto-improve-loop.md)
 - 파서 소스/재사용 매트릭스: [`docs/parser-source-matrix.md`](docs/parser-source-matrix.md)
@@ -53,6 +55,19 @@ cargo install opensession
 
 사용자 표면은 `opensession` CLI입니다. 자동 세션 수집(auto-capture)을 쓰려면 daemon 프로세스가 추가로 실행 중이어야 합니다.
 
+CLI 로컬 전용 경로(backup/summary/handoff):
+
+```bash
+opensession doctor
+opensession doctor --fix --profile local
+```
+
+데스크톱 앱 경로(app + CLI + app-first 기본값):
+
+```bash
+opensession doctor --fix --profile app --open-target app
+```
+
 ## 개발 툴체인 (레포 작업 필수)
 
 로컬 환경 편차를 줄이기 위해 레포 훅/검증은 `mise` 관리 툴체인을 필수로 사용합니다.
@@ -75,16 +90,16 @@ cargo install opensession
 opensession doctor
 
 # 3) 권장 설치값 적용 (변경 전 동의 프롬프트)
-opensession doctor --fix
+opensession doctor --fix --profile local
 
 # 선택: fanout 모드를 명시적으로 지정
-opensession doctor --fix --fanout-mode hidden_ref
+opensession doctor --fix --profile local --fanout-mode hidden_ref
 
 # 선택: view/review 오프너를 명시적으로 지정
-opensession doctor --fix --open-target app
+opensession doctor --fix --profile app --open-target app
 
 # 자동화/비대화형(non-TTY)
-opensession doctor --fix --yes --fanout-mode hidden_ref --open-target app
+opensession doctor --fix --yes --profile local --fanout-mode hidden_ref --open-target web
 ```
 
 `doctor`는 내부적으로 기존 setup 파이프라인을 재사용합니다.
@@ -92,7 +107,7 @@ opensession doctor --fix --yes --fanout-mode hidden_ref --open-target app
 첫 interactive 적용 시 fanout 저장 모드(`hidden_ref` 또는 `git_notes`)를 선택하며, 선택값은 로컬 git 설정(`.git/config`)의 `opensession.fanout-mode`에 저장됩니다.
 같은 설정 흐름에서 `opensession view/review` 오프너(`app` 또는 `web`)도 선택하며 `opensession.open-target`으로 저장됩니다.
 비대화형 환경에서는 `--fix`에 `--yes`가 필요하고, 저장된 fanout 모드가 없으면 `--fanout-mode`를 명시해야 합니다.
-`--open-target`은 선택사항이며 기본값은 `app`입니다.
+`--open-target`은 선택사항이며 기본값이 profile을 따릅니다(`local -> web`, `app -> app`).
 
 자동 수집을 위한 daemon 실행:
 
@@ -179,18 +194,26 @@ opensession inspect os://src/local/<sha256>
 ## 공유(share)
 
 ```bash
-# local URI -> git 공유 가능 Source URI
-opensession share os://src/local/<sha256> --git --remote origin
+# 원클릭 git 공유 (첫 push만 한 번 확인, 이후 quick 모드에서 자동 push)
+opensession share os://src/local/<sha256> --quick
 
 # 선택적 네트워크 변경
 opensession share os://src/local/<sha256> --git --remote origin --push
 
+# OpenSession pre-push 훅 설치/업데이트
+opensession doctor
+opensession doctor --fix --profile local
+# 선택: fanout 실패 시 push 자체를 실패시키고 싶다면
+OPENSESSION_STRICT=1 git push
+
 # remote-resolvable URI -> 웹 URL
 opensession config init --base-url https://opensession.io
 opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web
 ```
 
 `share --web`는 `.opensession/config.toml`이 반드시 필요합니다.
+Git-native write는 이제 hidden ledger ref(`refs/opensession/branches/<branch_b64url>`)를 사용하며, 새 write에 레거시 고정 ref는 쓰지 않습니다.
+`opensession doctor --fix`는 훅 안정성을 위해 `~/.local/share/opensession/bin/opensession` shim도 설치합니다.
 
 ## Cleanup 자동화
 
@@ -274,12 +297,12 @@ opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web
 ```
 2. `share --git`에서 remote 누락:
 ```bash
-opensession share os://src/local/<sha256> --git --remote origin
+opensession share os://src/local/<sha256> --quick
 ```
 3. git 저장소 밖에서 `share --git` 실행:
 ```bash
 cd <your-repo>
-opensession share os://src/local/<sha256> --git --remote origin
+opensession share os://src/local/<sha256> --quick
 ```
 4. `.opensession/config.toml` 없이 `share --web` 실행:
 ```bash
@@ -311,10 +334,10 @@ opensession cleanup run
 처음 사용자 5분 복귀 경로:
 ```bash
 opensession doctor
-opensession doctor --fix
+opensession doctor --fix --profile local
 opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl
 opensession register ./session.hail.jsonl
-opensession share os://src/local/<sha256> --git --remote origin
+opensession share os://src/local/<sha256> --quick
 ```
 
 ## 로컬 개발 검증
diff --git a/README.md b/README.md
index df70cc26..da58b4d0 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Docs: [opensession.io/docs](https://opensession.io/docs)
 ## Documentation Map
 
 - Product contract and command model: [`docs.md`](docs.md)
+- Korean product contract: [`docs.ko.md`](docs.ko.md)
 - Development and validation runbook: [`docs/development-validation-flow.md`](docs/development-validation-flow.md)
 - Harness loop policy: [`docs/harness-auto-improve-loop.md`](docs/harness-auto-improve-loop.md)
 - Parser source/reuse matrix: [`docs/parser-source-matrix.md`](docs/parser-source-matrix.md)
diff --git a/build.sh b/build.sh
index 6493f7c1..bef0e87d 100755
--- a/build.sh
+++ b/build.sh
@@ -28,6 +28,39 @@ run_with_stable_rustc() {
     "$@"
 }
 
+stable_target_dir_name() {
+    if command -v rustup >/dev/null 2>&1; then
+        RUSTC_BIN=$(rustup which --toolchain stable rustc 2>/dev/null || true)
+        if [ -n "$RUSTC_BIN" ]; then
+            RELEASE=$("$RUSTC_BIN" -Vv 2>/dev/null | awk '/^release:/ { print $2; exit }')
+            if [ -n "$RELEASE" ]; then
+                printf 'target-rustup-%s\n' "$(printf '%s' "$RELEASE" | tr '.' '_')"
+                return
+            fi
+        fi
+    fi
+}
+
+prune_rust_build_artifacts() {
+    rm -rf target/debug/incremental
+
+    for path in target-rustup-*/debug/incremental; do
+        [ -d "$path" ] || continue
+        rm -rf "$path"
+    done
+
+    current_target_dir=$(stable_target_dir_name)
+    for path in target-rustup-*; do
+        [ -d "$path" ] || continue
+        if [ -n "$current_target_dir" ] && [ "$(basename "$path")" = "$current_target_dir" ]; then
+            continue
+        fi
+        rm -rf "$path"
+    done
+}
+
+prune_rust_build_artifacts
+
 # Frontend
 cd packages/ui && npm install && cd ../..
 cd web && npm install && npm run build && cd ..
diff --git a/crates/cli/src/cli_args.rs b/crates/cli/src/cli_args.rs
index 81916a85..1a8b156f 100644
--- a/crates/cli/src/cli_args.rs
+++ b/crates/cli/src/cli_args.rs
@@ -1,7 +1,7 @@
-use clap::{Parser, Subcommand};
+use clap::{Command, CommandFactory, FromArgMatches, Parser, Subcommand};
 use std::path::PathBuf;
 
-use crate::setup_cmd;
+use crate::{locale::localize, setup_cmd};
 
 #[derive(Parser)]
 #[command(
@@ -86,6 +86,206 @@ pub(crate) enum DocsAction {
     },
 }
 
+pub(crate) fn command() -> Command {
+    let mut command = <Cli as CommandFactory>::command();
+    localize_command(&mut command);
+    command
+}
+
+pub(crate) fn parse_cli() -> Cli {
+    let matches = command().get_matches();
+    Cli::from_arg_matches(&matches).unwrap_or_else(|err| err.exit())
+}
+
+fn set_about(command: &mut Command, text: &'static str) {
+    *command = command.clone().about(text);
+}
+
+fn set_after_help(command: &mut Command, text: &'static str) {
+    *command = command.clone().after_help(text);
+}
+
+fn localize_command(command: &mut Command) {
+    match command.get_name() {
+        "opensession" => {
+            set_about(
+                command,
+                localize(
+                    "OpenSession CLI - local-first source URI workflows",
+                    "OpenSession CLI - 로컬 우선 Source URI 워크플로",
+                ),
+            );
+            set_after_help(
+                command,
+                localize(
+                    "First-user flow (5 minutes):\n  opensession docs quickstart\n\nCommon next steps:\n  opensession doctor\n  opensession doctor --fix --profile local\n  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl\n  opensession register ./session.hail.jsonl\n  opensession share os://src/local/<sha256> --quick",
+                    "첫 사용자 흐름 (5분):\n  opensession docs quickstart\n\n다음으로 많이 쓰는 명령:\n  opensession doctor\n  opensession doctor --fix --profile local\n  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl\n  opensession register ./session.hail.jsonl\n  opensession share os://src/local/<sha256> --quick",
+                ),
+            );
+        }
+        "register" => {
+            set_about(
+                command,
+                localize(
+                    "Register canonical HAIL JSONL into local object store.",
+                    "canonical HAIL JSONL을 로컬 객체 저장소에 등록합니다.",
+                ),
+            );
+        }
+        "cat" => {
+            set_about(
+                command,
+                localize(
+                    "Print canonical JSONL for a local source URI.",
+                    "로컬 source URI의 canonical JSONL을 출력합니다.",
+                ),
+            );
+        }
+        "inspect" => {
+            set_about(
+                command,
+                localize(
+                    "Inspect summary metadata for source/artifact URIs.",
+                    "source/artifact URI의 summary 메타데이터를 확인합니다.",
+                ),
+            );
+        }
+        "share" => {
+            set_about(
+                command,
+                localize(
+                    "Resolve sharing outputs from a source URI.",
+                    "Source URI에서 공유 출력을 생성합니다.",
+                ),
+            );
+        }
+        "view" => {
+            set_about(
+                command,
+                localize(
+                    "Open a review-centric web view from URI/file/URL/commit targets.",
+                    "URI/파일/URL/커밋 대상을 리뷰 중심 웹 보기로 엽니다.",
+                ),
+            );
+            set_after_help(
+                command,
+                localize(
+                    "Recovery examples:\n  opensession view --no-open\n  opensession view os://src/local/<sha256> --no-open\n  opensession view ./session.hail.jsonl --no-open\n  opensession view HEAD~3..HEAD --no-open",
+                    "복구 예시:\n  opensession view --no-open\n  opensession view os://src/local/<sha256> --no-open\n  opensession view ./session.hail.jsonl --no-open\n  opensession view HEAD~3..HEAD --no-open",
+                ),
+            );
+        }
+        "review" => {
+            set_about(
+                command,
+                localize(
+                    "Review a GitHub PR using local hidden refs and grouped commit sessions.",
+                    "로컬 hidden ref와 grouped commit session을 사용해 GitHub PR을 검토합니다.",
+                ),
+            );
+        }
+        "handoff" => {
+            set_about(
+                command,
+                localize(
+                    "Build and manage immutable handoff artifacts.",
+                    "불변 handoff artifact를 생성하고 관리합니다.",
+                ),
+            );
+        }
+        "parse" => {
+            set_about(
+                command,
+                localize(
+                    "Parse agent-native logs into canonical HAIL JSONL.",
+                    "agent-native 로그를 canonical HAIL JSONL로 변환합니다.",
+                ),
+            );
+            set_after_help(
+                command,
+                localize(
+                    "Recovery examples:\n  opensession parse --profile codex ./raw-session.jsonl --preview\n  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl",
+                    "복구 예시:\n  opensession parse --profile codex ./raw-session.jsonl --preview\n  opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl",
+                ),
+            );
+        }
+        "summary" => {
+            set_about(
+                command,
+                localize(
+                    "Generate/show local semantic summaries.",
+                    "로컬 시맨틱 summary를 생성하거나 표시합니다.",
+                ),
+            );
+        }
+        "config" => {
+            set_about(
+                command,
+                localize(
+                    "Manage explicit repo config (`.opensession/config.toml`).",
+                    "명시적 레포 설정(`.opensession/config.toml`)을 관리합니다.",
+                ),
+            );
+        }
+        "cleanup" => {
+            set_about(
+                command,
+                localize(
+                    "Configure and run hidden-ref cleanup automation.",
+                    "hidden-ref cleanup 자동화를 구성하고 실행합니다.",
+                ),
+            );
+        }
+        "setup" => {
+            set_about(
+                command,
+                localize(
+                    "Install/update OpenSession git hooks and diagnostics.",
+                    "OpenSession git hook과 진단 구성을 설치/업데이트합니다.",
+                ),
+            );
+        }
+        "doctor" => {
+            set_about(
+                command,
+                localize(
+                    "Diagnose and optionally fix local OpenSession setup.",
+                    "로컬 OpenSession 설정을 진단하고 필요하면 수정합니다.",
+                ),
+            );
+        }
+        "docs" => {
+            set_about(
+                command,
+                localize(
+                    "Print shell completions and quickstart guidance.",
+                    "셸 completion과 빠른 시작 안내를 출력합니다.",
+                ),
+            );
+        }
+        "completion" => {
+            set_about(
+                command,
+                localize("Generate shell completions.", "셸 completion을 생성합니다."),
+            );
+        }
+        "quickstart" => {
+            set_about(
+                command,
+                localize(
+                    "Print a 5-minute first-user flow.",
+                    "5분짜리 첫 사용자 흐름을 출력합니다.",
+                ),
+            );
+        }
+        _ => {}
+    }
+
+    for subcommand in command.get_subcommands_mut() {
+        localize_command(subcommand);
+    }
+}
+
 #[cfg(test)]
 mod tests {
     use clap::Parser;
diff --git a/crates/cli/src/docs_cmd.rs b/crates/cli/src/docs_cmd.rs
index 80d86fe5..1c483968 100644
--- a/crates/cli/src/docs_cmd.rs
+++ b/crates/cli/src/docs_cmd.rs
@@ -1,12 +1,11 @@
-use clap::CommandFactory;
 use std::path::Path;
 
-use crate::{cli_args::Cli, setup_cmd};
+use crate::{cli_args::command, locale::localize, setup_cmd};
 
 pub(crate) fn run_docs(action: crate::cli_args::DocsAction) -> anyhow::Result<()> {
     match action {
         crate::cli_args::DocsAction::Completion { shell } => {
-            let mut cmd = <Cli as CommandFactory>::command();
+            let mut cmd = command();
             clap_complete::generate(shell, &mut cmd, "opensession", &mut std::io::stdout());
             Ok(())
         }
@@ -30,9 +29,18 @@ fn print_quickstart(
     out: &Path,
     remote: &str,
 ) {
-    println!("# OpenSession 5-minute first-user flow");
+    println!(
+        "{}",
+        localize(
+            "# OpenSession 5-minute first-user flow",
+            "# OpenSession 5분 첫 사용자 흐름",
+        )
+    );
     println!();
-    println!("# 1) Diagnose and apply setup");
+    println!(
+        "{}",
+        localize("# 1) Diagnose and apply setup", "# 1) 설정을 진단하고 적용")
+    );
     println!("opensession doctor");
     println!(
         "opensession doctor --fix --profile {}",
@@ -42,7 +50,13 @@ fn print_quickstart(
         println!("opensession doctor --fix --profile app --open-target app");
     }
     println!();
-    println!("# 2) Parse raw logs into canonical HAIL JSONL");
+    println!(
+        "{}",
+        localize(
+            "# 2) Parse raw logs into canonical HAIL JSONL",
+            "# 2) raw 로그를 canonical HAIL JSONL로 변환",
+        )
+    );
     println!(
         "opensession parse --profile {} {} --out {}",
         profile,
@@ -50,17 +64,35 @@ fn print_quickstart(
         out.display()
     );
     println!();
-    println!("# 3) Register canonical session locally");
+    println!(
+        "{}",
+        localize(
+            "# 3) Register canonical session locally",
+            "# 3) canonical 세션을 로컬에 등록",
+        )
+    );
     println!("opensession register {}", out.display());
     println!("# -> os://src/local/<sha256>");
     println!();
-    println!("# 4) Share local source URI via quick git flow");
+    println!(
+        "{}",
+        localize(
+            "# 4) Share local source URI via quick git flow",
+            "# 4) quick git 흐름으로 로컬 source URI 공유",
+        )
+    );
     println!(
         "opensession share os://src/local/<sha256> --quick --remote {}",
         remote
     );
     println!();
-    println!("# 5) Optional: convert a remote URI to web URL");
+    println!(
+        "{}",
+        localize(
+            "# 5) Optional: convert a remote URI to web URL",
+            "# 5) 선택: remote URI를 웹 URL로 변환",
+        )
+    );
     println!("opensession config init --base-url https://opensession.io");
     println!("opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web");
 }
diff --git a/crates/cli/src/entrypoint.rs b/crates/cli/src/entrypoint.rs
index 01da61a4..2d1a65c6 100644
--- a/crates/cli/src/entrypoint.rs
+++ b/crates/cli/src/entrypoint.rs
@@ -1,14 +1,13 @@
-use clap::Parser;
-
 use crate::{
     cat_cmd, cleanup_cmd,
-    cli_args::{Cli, Commands},
-    config_cmd, docs_cmd, doctor_cmd, handoff_v1, inspect, parse_cmd, register, review, setup_cmd,
-    share, summary_cmd, view,
+    cli_args::{Commands, parse_cli},
+    config_cmd, docs_cmd, doctor_cmd, handoff_v1, inspect,
+    locale::localize,
+    parse_cmd, register, review, setup_cmd, share, summary_cmd, view,
 };
 
 pub(crate) async fn run_process() {
-    let cli = Cli::parse();
+    let cli = parse_cli();
 
     let result = match cli.command {
         Commands::Register(args) => register::run(args),
@@ -29,9 +28,9 @@ pub(crate) async fn run_process() {
 
     if let Err(error) = result {
         if debug_errors_enabled() {
-            eprintln!("Error: {error:#}");
+            eprintln!("{} {error:#}", localize("Error:", "오류:"));
         } else {
-            eprintln!("Error: {error}");
+            eprintln!("{} {error}", localize("Error:", "오류:"));
         }
         std::process::exit(1);
     }
diff --git a/crates/cli/src/locale.rs b/crates/cli/src/locale.rs
new file mode 100644
index 00000000..66fe0c80
--- /dev/null
+++ b/crates/cli/src/locale.rs
@@ -0,0 +1,40 @@
+pub(crate) fn is_korean() -> bool {
+    ["LC_ALL", "LC_MESSAGES", "LANG"]
+        .into_iter()
+        .filter_map(|key| std::env::var(key).ok())
+        .map(|value| value.trim().to_ascii_lowercase())
+        .any(|value| value == "ko" || value.starts_with("ko_") || value.starts_with("ko-"))
+}
+
+pub(crate) fn localize<'a>(en: &'a str, ko: &'a str) -> &'a str {
+    if is_korean() { ko } else { en }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::is_korean;
+    use std::sync::{Mutex, OnceLock};
+
+    fn env_lock() -> &'static Mutex<()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+    }
+
+    #[test]
+    fn detects_korean_lang_prefixes() {
+        let _guard = env_lock().lock().expect("lock env");
+        let original = std::env::var("LANG").ok();
+        unsafe {
+            std::env::set_var("LANG", "ko_KR.UTF-8");
+        }
+        assert!(is_korean());
+        match original {
+            Some(value) => unsafe {
+                std::env::set_var("LANG", value);
+            },
+            None => unsafe {
+                std::env::remove_var("LANG");
+            },
+        }
+    }
+}
diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
index de9013f1..44ff3023 100644
--- a/crates/cli/src/main.rs
+++ b/crates/cli/src/main.rs
@@ -8,6 +8,7 @@ mod entrypoint;
 mod handoff_v1;
 mod hooks;
 mod inspect;
+mod locale;
 mod open_target;
 mod parse_cmd;
 mod register;
diff --git a/crates/server/src/routes/docs.rs b/crates/server/src/routes/docs.rs
index 89558040..7e4c27ab 100644
--- a/crates/server/src/routes/docs.rs
+++ b/crates/server/src/routes/docs.rs
@@ -1,9 +1,12 @@
 use axum::{
+    extract::Query,
     http::{HeaderMap, StatusCode, header},
     response::{IntoResponse, Response},
 };
+use serde::Deserialize;
 
-const DOCS_MD: &str = include_str!("../../../../docs.md");
+const DOCS_MD_EN: &str = include_str!("../../../../docs.md");
+const DOCS_MD_KO: &str = include_str!("../../../../docs.ko.md");
 
 const LLMS_TXT: &str = "\
 # OpenSession
@@ -35,7 +38,26 @@ Base URL: `/api`
 - CLI: `cargo install opensession`
 ";
 
-pub async fn handle(headers: HeaderMap) -> Response {
+#[derive(Debug, Default, Deserialize)]
+pub struct DocsQuery {
+    lang: Option<String>,
+}
+
+fn is_korean_locale(locale: Option<&str>) -> bool {
+    locale.map(str::trim).is_some_and(|value| {
+        value.eq_ignore_ascii_case("ko") || value.to_ascii_lowercase().starts_with("ko-")
+    })
+}
+
+fn docs_markdown_for_locale(locale: Option<&str>) -> &'static str {
+    if is_korean_locale(locale) {
+        DOCS_MD_KO
+    } else {
+        DOCS_MD_EN
+    }
+}
+
+pub async fn handle(Query(query): Query<DocsQuery>, headers: HeaderMap) -> Response {
     let accept = headers
         .get("accept")
         .and_then(|v| v.to_str().ok())
@@ -48,7 +70,7 @@ pub async fn handle(headers: HeaderMap) -> Response {
                 (header::CONTENT_TYPE, "text/markdown; charset=utf-8"),
                 (header::CACHE_CONTROL, "public, max-age=3600"),
             ],
-            DOCS_MD,
+            docs_markdown_for_locale(query.lang.as_deref()),
         )
             .into_response();
     }
@@ -68,6 +90,23 @@ pub async fn handle(headers: HeaderMap) -> Response {
     }
 }
 
+#[cfg(test)]
+mod tests {
+    use super::docs_markdown_for_locale;
+
+    #[test]
+    fn selects_korean_docs_for_korean_locale() {
+        let selected = docs_markdown_for_locale(Some("ko-KR"));
+        assert!(selected.starts_with("# 문서"));
+    }
+
+    #[test]
+    fn defaults_to_english_docs() {
+        let selected = docs_markdown_for_locale(Some("en-US"));
+        assert!(selected.starts_with("# Documentation"));
+    }
+}
+
 pub async fn llms_txt() -> impl IntoResponse {
     (
         StatusCode::OK,
diff --git a/crates/worker/src/routes/docs.rs b/crates/worker/src/routes/docs.rs
index 02b09efd..f3275dd5 100644
--- a/crates/worker/src/routes/docs.rs
+++ b/crates/worker/src/routes/docs.rs
@@ -1,6 +1,7 @@
 use worker::*;
 
-const DOCS_MD: &str = include_str!("../../../../docs.md");
+const DOCS_MD_EN: &str = include_str!("../../../../docs.md");
+const DOCS_MD_KO: &str = include_str!("../../../../docs.ko.md");
 
 const LLMS_TXT: &str = "\
 # OpenSession
@@ -31,11 +32,15 @@ Base URL: `https://opensession.io/api`
 
 pub async fn handle(req: Request, ctx: RouteContext<()>) -> Result<Response> {
     let accept = req.headers().get("Accept")?.unwrap_or_default();
+    let url = req.url()?;
+    let lang = url
+        .query_pairs()
+        .find_map(|(key, value)| (key == "lang").then(|| value.into_owned()));
     if accept.contains("text/markdown") {
         let headers = Headers::new();
         headers.set("Content-Type", "text/markdown; charset=utf-8")?;
         headers.set("Cache-Control", "public, max-age=3600")?;
-        return Ok(Response::ok(DOCS_MD)?.with_headers(headers));
+        return Ok(Response::ok(docs_markdown_for_locale(lang.as_deref()))?.with_headers(headers));
     }
     // HTML: delegate to ASSETS binding for SPA serving
     let assets: Fetcher = ctx.env.service("ASSETS")?;
@@ -48,3 +53,31 @@ pub async fn llms_txt(_req: Request, _ctx: RouteContext<()>) -> Result<Response>
     headers.set("Cache-Control", "public, max-age=3600")?;
     Ok(Response::ok(LLMS_TXT)?.with_headers(headers))
 }
+
+fn docs_markdown_for_locale(locale: Option<&str>) -> &'static str {
+    if locale
+        .map(str::trim)
+        .is_some_and(|value| value.eq_ignore_ascii_case("ko") || value.to_ascii_lowercase().starts_with("ko-"))
+    {
+        DOCS_MD_KO
+    } else {
+        DOCS_MD_EN
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::docs_markdown_for_locale;
+
+    #[test]
+    fn returns_korean_docs_for_korean_locale() {
+        let selected = docs_markdown_for_locale(Some("ko"));
+        assert!(selected.starts_with("# 문서"));
+    }
+
+    #[test]
+    fn returns_english_docs_for_other_locales() {
+        let selected = docs_markdown_for_locale(Some("en-US"));
+        assert!(selected.starts_with("# Documentation"));
+    }
+}
diff --git a/desktop/README.ko.md b/desktop/README.ko.md
new file mode 100644
index 00000000..fc56496d
--- /dev/null
+++ b/desktop/README.ko.md
@@ -0,0 +1,102 @@
+# OpenSession Desktop (Preview)
+
+[English](README.md)
+
+이 패키지는 `../web`의 기존 Svelte UI를 재사용하는 데스크톱 셸입니다.
+
+## 실행 (dev)
+
+```bash
+cd desktop
+npm install
+npm run dev
+```
+
+`npm run dev`는 Tauri와 웹 UI 개발 서버를 함께 시작합니다. `opensession-server`는 필요하지 않습니다.
+
+데스크톱 명령을 실행하기 전에는 `mise`로 저장소 툴체인을 설치하세요.
+
+```bash
+mise install
+```
+
+## 빌드
+
+```bash
+cd desktop
+npm run build
+```
+
+빌드 흐름:
+
+1. `web` 정적 번들 빌드 (`../web/build`)
+2. Tauri 데스크톱 번들
+
+macOS universal 번들(서명 없는 로컬 검증):
+
+```bash
+npm run tauri:build -- --target universal-apple-darwin --bundles app --no-sign --ci
+```
+
+## 참고
+
+- UI 컴포넌트는 기존 `web` 앱을 통해 `@opensession/ui`에서 재사용합니다.
+- 데스크톱 런타임에서는 세션/권한/인증 조회가 로컬 DB와 git-native 저장소를 사용하는 Tauri 명령으로 처리됩니다.
+- 선택 사항: `OPENSESSION_LOCAL_DB_PATH`로 사용자 지정 sqlite 파일 경로를 지정할 수 있습니다.
+
+## 런타임 설정 (Desktop Local)
+
+Desktop local runtime은 typed summary model 기반 런타임 설정을 제공합니다.
+
+- `summary.provider.id|endpoint|model`
+- `summary.prompt.template`
+- `summary.response.style|shape`
+- `summary.storage.trigger|backend`
+- `summary.source_mode`
+
+Desktop local 정책:
+
+- `auth_enabled=false`이면 account/auth 섹션을 숨깁니다. 기본 데스크톱 로컬 동작입니다.
+- source mode 선택기는 숨겨지며 내부적으로 `session_only`로 고정됩니다.
+- summary storage backend 기본값은 `hidden_ref`입니다.
+- `hidden_ref` 모드에서도 검색/필터 성능을 위해 로컬 SQLite(`local.db`)에 searchable list metadata를 기록합니다.
+- response preview는 결정론적 fixture 렌더링이며 LLM/network dry-run이 아닙니다.
+
+프로바이더별 표시 필드:
+
+- `ollama` (`http`): endpoint + model
+- `codex_exec`, `claude_cli` (`cli`): binary status + model
+- `disabled`: provider detail 필드 숨김
+
+Desktop local 문서:
+
+- `/docs`는 `opensession-server` 없이도 로컬 IPC(`desktop_get_docs_markdown`)로 렌더링할 수 있습니다.
+
+Desktop vector search (선택 기능):
+
+- vector ranking은 세션 전체 문자열이 아니라 event/line chunk 단위입니다.
+- `vector_search` 설정은 typed payload로 저장됩니다.
+- 기본 모델은 로컬 Ollama(`http://127.0.0.1:11434`)의 `bge-m3`입니다.
+- 모델 설치는 Settings의 `desktop_vector_install_model`에서 명시적으로 실행하며 preflight 상태로 진행률을 확인할 수 있습니다.
+- 인덱싱은 `desktop_vector_index_rebuild`로 명시적으로 실행하고 `desktop_vector_index_status`로 상태를 조회합니다.
+- hidden refs는 summary ledger 저장소로 유지되고, vector/list metadata는 질의 성능을 위해 로컬 SQLite(`local.db`)에 유지됩니다.
+
+## 릴리스
+
+- 제품 버전은 workspace `Cargo.toml`에서 `scripts/sync-product-version.mjs`로 desktop 파일에 동기화됩니다.
+- 릴리스 전에 `node scripts/sync-product-version.mjs --check`를 실행하고, 적용이 필요하면 `--write`를 사용하세요.
+- GitHub Actions `Release` 워크플로(수동)는 다음을 실행합니다.
+  1. `release-plz update` + 릴리스 publish
+  2. macOS universal Tauri 번들 빌드 (`.dmg`, `.app.zip`, checksum)
+  3. 태그 `v<workspace-version>`에 아티팩트 업로드
+- universal 정책: 릴리스 빌드는 `universal-apple-darwin`을 사용하고 `lipo -archs` 결과가 `x86_64 arm64`인지 검증합니다.
+- 보안 게이트: 코드 서명 + notarization 검증이 통과한 경우에만 desktop 아티팩트를 업로드합니다.
+  필요한 저장소 시크릿:
+  - `APPLE_CERTIFICATE`
+  - `APPLE_CERTIFICATE_PASSWORD`
+  - `APPLE_SIGNING_IDENTITY`
+  - `APPLE_ID`
+  - `APPLE_PASSWORD`
+  - `APPLE_TEAM_ID`
+- release/CI/local 사전 점검 도우미:
+  - `node scripts/validate/desktop-build-preflight.mjs --mode release --os macos`
diff --git a/desktop/README.md b/desktop/README.md
index c10bbc84..d2be25ab 100644
--- a/desktop/README.md
+++ b/desktop/README.md
@@ -1,5 +1,7 @@
 # OpenSession Desktop (Preview)
 
+[한국어](README.ko.md)
+
 This is a desktop shell that reuses the existing Svelte web UI from `../web`.
 
 ## Run (dev)
diff --git a/desktop/package-lock.json b/desktop/package-lock.json
index b9ca48a1..659e96c3 100644
--- a/desktop/package-lock.json
+++ b/desktop/package-lock.json
@@ -8,13 +8,13 @@
 			"name": "opensession-desktop",
 			"version": "0.2.34",
 			"devDependencies": {
-				"@tauri-apps/cli": "^2.2.7"
+				"@tauri-apps/cli": "^2.10.1"
 			}
 		},
 		"node_modules/@tauri-apps/cli": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli/-/cli-2.10.0.tgz",
-			"integrity": "sha512-ZwT0T+7bw4+DPCSWzmviwq5XbXlM0cNoleDKOYPFYqcZqeKY31KlpoMW/MOON/tOFBPgi31a2v3w9gliqwL2+Q==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli/-/cli-2.10.1.tgz",
+			"integrity": "sha512-jQNGF/5quwORdZSSLtTluyKQ+o6SMa/AUICfhf4egCGFdMHqWssApVgYSbg+jmrZoc8e1DscNvjTnXtlHLS11g==",
 			"dev": true,
 			"license": "Apache-2.0 OR MIT",
 			"bin": {
@@ -28,23 +28,23 @@
 				"url": "https://opencollective.com/tauri"
 			},
 			"optionalDependencies": {
-				"@tauri-apps/cli-darwin-arm64": "2.10.0",
-				"@tauri-apps/cli-darwin-x64": "2.10.0",
-				"@tauri-apps/cli-linux-arm-gnueabihf": "2.10.0",
-				"@tauri-apps/cli-linux-arm64-gnu": "2.10.0",
-				"@tauri-apps/cli-linux-arm64-musl": "2.10.0",
-				"@tauri-apps/cli-linux-riscv64-gnu": "2.10.0",
-				"@tauri-apps/cli-linux-x64-gnu": "2.10.0",
-				"@tauri-apps/cli-linux-x64-musl": "2.10.0",
-				"@tauri-apps/cli-win32-arm64-msvc": "2.10.0",
-				"@tauri-apps/cli-win32-ia32-msvc": "2.10.0",
-				"@tauri-apps/cli-win32-x64-msvc": "2.10.0"
+				"@tauri-apps/cli-darwin-arm64": "2.10.1",
+				"@tauri-apps/cli-darwin-x64": "2.10.1",
+				"@tauri-apps/cli-linux-arm-gnueabihf": "2.10.1",
+				"@tauri-apps/cli-linux-arm64-gnu": "2.10.1",
+				"@tauri-apps/cli-linux-arm64-musl": "2.10.1",
+				"@tauri-apps/cli-linux-riscv64-gnu": "2.10.1",
+				"@tauri-apps/cli-linux-x64-gnu": "2.10.1",
+				"@tauri-apps/cli-linux-x64-musl": "2.10.1",
+				"@tauri-apps/cli-win32-arm64-msvc": "2.10.1",
+				"@tauri-apps/cli-win32-ia32-msvc": "2.10.1",
+				"@tauri-apps/cli-win32-x64-msvc": "2.10.1"
 			}
 		},
 		"node_modules/@tauri-apps/cli-darwin-arm64": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-arm64/-/cli-darwin-arm64-2.10.0.tgz",
-			"integrity": "sha512-avqHD4HRjrMamE/7R/kzJPcAJnZs0IIS+1nkDP5b+TNBn3py7N2aIo9LIpy+VQq0AkN8G5dDpZtOOBkmWt/zjA==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-arm64/-/cli-darwin-arm64-2.10.1.tgz",
+			"integrity": "sha512-Z2OjCXiZ+fbYZy7PmP3WRnOpM9+Fy+oonKDEmUE6MwN4IGaYqgceTjwHucc/kEEYZos5GICve35f7ZiizgqEnQ==",
 			"cpu": [
 				"arm64"
 			],
@@ -59,9 +59,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-darwin-x64": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-x64/-/cli-darwin-x64-2.10.0.tgz",
-			"integrity": "sha512-keDmlvJRStzVFjZTd0xYkBONLtgBC9eMTpmXnBXzsHuawV2q9PvDo2x6D5mhuoMVrJ9QWjgaPKBBCFks4dK71Q==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-darwin-x64/-/cli-darwin-x64-2.10.1.tgz",
+			"integrity": "sha512-V/irQVvjPMGOTQqNj55PnQPVuH4VJP8vZCN7ajnj+ZS8Kom1tEM2hR3qbbIRoS3dBKs5mbG8yg1WC+97dq17Pw==",
 			"cpu": [
 				"x64"
 			],
@@ -76,9 +76,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-arm-gnueabihf": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm-gnueabihf/-/cli-linux-arm-gnueabihf-2.10.0.tgz",
-			"integrity": "sha512-e5u0VfLZsMAC9iHaOEANumgl6lfnJx0Dtjkd8IJpysZ8jp0tJ6wrIkto2OzQgzcYyRCKgX72aKE0PFgZputA8g==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm-gnueabihf/-/cli-linux-arm-gnueabihf-2.10.1.tgz",
+			"integrity": "sha512-Hyzwsb4VnCWKGfTw+wSt15Z2pLw2f0JdFBfq2vHBOBhvg7oi6uhKiF87hmbXOBXUZaGkyRDkCHsdzJcIfoJC2w==",
 			"cpu": [
 				"arm"
 			],
@@ -93,9 +93,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-arm64-gnu": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-2.10.0.tgz",
-			"integrity": "sha512-YrYYk2dfmBs5m+OIMCrb+JH/oo+4FtlpcrTCgiFYc7vcs6m3QDd1TTyWu0u01ewsCtK2kOdluhr/zKku+KP7HA==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-gnu/-/cli-linux-arm64-gnu-2.10.1.tgz",
+			"integrity": "sha512-OyOYs2t5GkBIvyWjA1+h4CZxTcdz1OZPCWAPz5DYEfB0cnWHERTnQ/SLayQzncrT0kwRoSfSz9KxenkyJoTelA==",
 			"cpu": [
 				"arm64"
 			],
@@ -110,9 +110,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-arm64-musl": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.10.0.tgz",
-			"integrity": "sha512-GUoPdVJmrJRIXFfW3Rkt+eGK9ygOdyISACZfC/bCSfOnGt8kNdQIQr5WRH9QUaTVFIwxMlQyV3m+yXYP+xhSVA==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.10.1.tgz",
+			"integrity": "sha512-MIj78PDDGjkg3NqGptDOGgfXks7SYJwhiMh8SBoZS+vfdz7yP5jN18bNaLnDhsVIPARcAhE1TlsZe/8Yxo2zqg==",
 			"cpu": [
 				"arm64"
 			],
@@ -127,9 +127,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-riscv64-gnu": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-riscv64-gnu/-/cli-linux-riscv64-gnu-2.10.0.tgz",
-			"integrity": "sha512-JO7s3TlSxshwsoKNCDkyvsx5gw2QAs/Y2GbR5UE2d5kkU138ATKoPOtxn8G1fFT1aDW4LH0rYAAfBpGkDyJJnw==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-riscv64-gnu/-/cli-linux-riscv64-gnu-2.10.1.tgz",
+			"integrity": "sha512-X0lvOVUg8PCVaoEtEAnpxmnkwlE1gcMDTqfhbefICKDnOTJ5Est3qL0SrWxizDackIOKBcvtpejrSiVpuJI1kw==",
 			"cpu": [
 				"riscv64"
 			],
@@ -144,9 +144,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-x64-gnu": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-gnu/-/cli-linux-x64-gnu-2.10.0.tgz",
-			"integrity": "sha512-Uvh4SUUp4A6DVRSMWjelww0GnZI3PlVy7VS+DRF5napKuIehVjGl9XD0uKoCoxwAQBLctvipyEK+pDXpJeoHng==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-gnu/-/cli-linux-x64-gnu-2.10.1.tgz",
+			"integrity": "sha512-2/12bEzsJS9fAKybxgicCDFxYD1WEI9kO+tlDwX5znWG2GwMBaiWcmhGlZ8fi+DMe9CXlcVarMTYc0L3REIRxw==",
 			"cpu": [
 				"x64"
 			],
@@ -161,9 +161,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-linux-x64-musl": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-musl/-/cli-linux-x64-musl-2.10.0.tgz",
-			"integrity": "sha512-AP0KRK6bJuTpQ8kMNWvhIpKUkQJfcPFeba7QshOQZjJ8wOS6emwTN4K5g/d3AbCMo0RRdnZWwu67MlmtJyxC1Q==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-linux-x64-musl/-/cli-linux-x64-musl-2.10.1.tgz",
+			"integrity": "sha512-Y8J0ZzswPz50UcGOFuXGEMrxbjwKSPgXftx5qnkuMs2rmwQB5ssvLb6tn54wDSYxe7S6vlLob9vt0VKuNOaCIQ==",
 			"cpu": [
 				"x64"
 			],
@@ -178,9 +178,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-win32-arm64-msvc": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-2.10.0.tgz",
-			"integrity": "sha512-97DXVU3dJystrq7W41IX+82JEorLNY+3+ECYxvXWqkq7DBN6FsA08x/EFGE8N/b0LTOui9X2dvpGGoeZKKV08g==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-arm64-msvc/-/cli-win32-arm64-msvc-2.10.1.tgz",
+			"integrity": "sha512-iSt5B86jHYAPJa/IlYw++SXtFPGnWtFJriHn7X0NFBVunF6zu9+/zOn8OgqIWSl8RgzhLGXQEEtGBdR4wzpVgg==",
 			"cpu": [
 				"arm64"
 			],
@@ -195,9 +195,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-win32-ia32-msvc": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-2.10.0.tgz",
-			"integrity": "sha512-EHyQ1iwrWy1CwMalEm9z2a6L5isQ121pe7FcA2xe4VWMJp+GHSDDGvbTv/OPdkt2Lyr7DAZBpZHM6nvlHXEc4A==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-ia32-msvc/-/cli-win32-ia32-msvc-2.10.1.tgz",
+			"integrity": "sha512-gXyxgEzsFegmnWywYU5pEBURkcFN/Oo45EAwvZrHMh+zUSEAvO5E8TXsgPADYm31d1u7OQU3O3HsYfVBf2moHw==",
 			"cpu": [
 				"ia32"
 			],
@@ -212,9 +212,9 @@
 			}
 		},
 		"node_modules/@tauri-apps/cli-win32-x64-msvc": {
-			"version": "2.10.0",
-			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-x64-msvc/-/cli-win32-x64-msvc-2.10.0.tgz",
-			"integrity": "sha512-NTpyQxkpzGmU6ceWBTY2xRIEaS0ZLbVx1HE1zTA3TY/pV3+cPoPPOs+7YScr4IMzXMtOw7tLw5LEXo5oIG3qaQ==",
+			"version": "2.10.1",
+			"resolved": "https://registry.npmjs.org/@tauri-apps/cli-win32-x64-msvc/-/cli-win32-x64-msvc-2.10.1.tgz",
+			"integrity": "sha512-6Cn7YpPFwzChy0ERz6djKEmUehWrYlM+xTaNzGPgZocw3BD7OfwfWHKVWxXzdjEW2KfKkHddfdxK1XXTYqBRLg==",
 			"cpu": [
 				"x64"
 			],
diff --git a/desktop/package.json b/desktop/package.json
index 2d2df4cb..be15852f 100644
--- a/desktop/package.json
+++ b/desktop/package.json
@@ -10,6 +10,6 @@
 		"build": "npm run tauri:build"
 	},
 	"devDependencies": {
-		"@tauri-apps/cli": "^2.2.7"
+		"@tauri-apps/cli": "^2.10.1"
 	}
 }
diff --git a/desktop/src-tauri/src/main.rs b/desktop/src-tauri/src/main.rs
index 261222a7..2b6fd10e 100644
--- a/desktop/src-tauri/src/main.rs
+++ b/desktop/src-tauri/src/main.rs
@@ -4,8 +4,9 @@ mod app;
 
 use app::change_reader::{
     desktop_ask_session_changes, desktop_change_reader_tts, desktop_read_session_changes,
-    require_non_empty_request_field,
 };
+#[cfg(test)]
+use app::change_reader::require_non_empty_request_field;
 use app::handoff::{desktop_build_handoff, desktop_share_session_quick};
 use app::launch_route::desktop_take_launch_route;
 #[cfg(test)]
@@ -50,9 +51,11 @@ use app::{
 };
 use opensession_api::{
     CapabilitiesResponse, DESKTOP_IPC_CONTRACT_VERSION, DesktopApiError,
-    DesktopContractVersionResponse, DesktopSessionListQuery,
+    DesktopContractVersionResponse,
     oauth::{AuthProvidersResponse, OAuthProviderInfo},
 };
+#[cfg(test)]
+use opensession_api::DesktopSessionListQuery;
 use opensession_local_db::LocalDb;
 use opensession_runtime_config::DaemonConfig;
 use serde_json::json;
@@ -199,8 +202,19 @@ fn desktop_get_contract_version() -> DesktopContractVersionResponse {
 }
 
 #[tauri::command]
-fn desktop_get_docs_markdown() -> String {
-    include_str!("../../../docs.md").to_string()
+fn desktop_get_docs_markdown(locale: Option<String>) -> String {
+    desktop_docs_markdown(locale.as_deref()).to_string()
+}
+
+fn desktop_docs_markdown(locale: Option<&str>) -> &'static str {
+    if locale
+        .map(str::trim)
+        .is_some_and(|value| value.eq_ignore_ascii_case("ko") || value.to_ascii_lowercase().starts_with("ko-"))
+    {
+        include_str!("../../../docs.ko.md")
+    } else {
+        include_str!("../../../docs.md")
+    }
 }
 
 fn main() {
diff --git a/desktop/src-tauri/src/main_tests.rs b/desktop/src-tauri/src/main_tests.rs
index 177e3588..32ee7b29 100644
--- a/desktop/src-tauri/src/main_tests.rs
+++ b/desktop/src-tauri/src/main_tests.rs
@@ -228,3 +228,15 @@ fn wait_for_summary_batch_completion(
     }
     final_state
 }
+
+#[test]
+fn desktop_docs_markdown_selects_korean_variant() {
+    let selected = super::desktop_docs_markdown(Some("ko-KR"));
+    assert!(selected.starts_with("# 문서"));
+}
+
+#[test]
+fn desktop_docs_markdown_defaults_to_english_variant() {
+    let selected = super::desktop_docs_markdown(Some("en-US"));
+    assert!(selected.starts_with("# Documentation"));
+}
diff --git a/docs.ko.md b/docs.ko.md
new file mode 100644
index 00000000..c2362fe7
--- /dev/null
+++ b/docs.ko.md
@@ -0,0 +1,390 @@
+# 문서
+
+OpenSession은 AI 세션 트레이스를 등록하고, 공유하고, 검토하는 로컬 우선(local-first) 워크플로입니다.
+공개 계약은 CLI, Web, API가 함께 쓰는 단일 Source URI 모델입니다.
+
+## 문서 맵
+
+- 루트 빠른 참조: `README.md` / `README.ko.md`
+- 이 문서(`docs.ko.md`): 제품 계약과 명령 의미론
+- 개발/CI 정합성 런북: `docs/development-validation-flow.md`
+- 하네스 실패 루프 정책: `docs/harness-auto-improve-loop.md`
+- 파서 소스/재사용 경계: `docs/parser-source-matrix.md`
+
+## 시작하기
+
+핵심 원칙:
+
+- 하나의 개념에는 하나의 이름을 쓴다.
+- 하나의 식별자에는 하나의 URI를 쓴다.
+- 암묵적인 네트워크 변경은 하지 않는다.
+- 기본값을 사용하더라도 출력에 드러나야 한다.
+
+초보자용 3단계 빠른 시작:
+
+```bash
+# 첫 사용자용 명령 흐름 출력
+opensession docs quickstart
+
+# 1) CLI 설치
+cargo install opensession
+
+# 2) 로컬 설정 진단 (flutter doctor 스타일)
+opensession doctor
+
+# 3) 명시적 확인 후 설정 적용
+opensession doctor --fix --profile local
+```
+
+- `doctor --fix`는 훅/shim/fanout 변경을 적용하기 전에 계획을 출력하고 확인을 받습니다.
+- 자동화나 비대화형 셸에서는 명시적 모드와 승인 플래그를 함께 사용하세요:
+  `opensession doctor --fix --yes --profile local --fanout-mode hidden_ref`
+
+빠른 경로:
+
+```bash
+# 1) agent-native 로그를 canonical HAIL JSONL로 변환
+opensession parse --profile codex ./raw-session.jsonl > ./session.hail.jsonl
+
+# 2) canonical 세션을 로컬 object store에 등록
+opensession register ./session.hail.jsonl
+# -> os://src/local/<sha256>
+
+# 3) 로컬 canonical 바이트 다시 읽기
+opensession cat os://src/local/<sha256>
+
+# 4) summary 메타데이터 확인
+opensession inspect os://src/local/<sha256>
+```
+
+설치:
+
+```bash
+cargo install opensession
+```
+
+설치 프로필:
+
+- `local`(기본): backup/summary/handoff 중심 CLI 로컬 우선 경로
+- `app`: 데스크톱 앱 사용자용 프로필 (`opensession doctor --fix --profile app --open-target app`)
+
+자동 수집 참고:
+
+- `opensession`은 parse/register/share/handoff를 담당합니다.
+- 백그라운드 자동 수집은 daemon 프로세스(`opensession-daemon run`)가 실행 중이어야 합니다.
+
+레포 개발 툴체인:
+
+- 로컬 검증 훅은 `mise`를 통해 실행됩니다.
+- `./.githooks/pre-commit`, `./.githooks/pre-push` 전에 레포 루트에서 `mise install`을 실행하세요.
+- 데스크톱 사전 점검 게이트: `node scripts/validate/desktop-build-preflight.mjs --mode local`
+
+로컬 object storage:
+
+- 레포 내부: `.opensession/objects/sha256/ab/cd/<hash>.jsonl`
+- 레포 외부: `~/.local/share/opensession/objects/sha256/ab/cd/<hash>.jsonl`
+
+해시 정책:
+
+- canonical HAIL JSONL 바이트의 SHA-256
+
+## 데스크톱 런타임 Summary 계약 (v3)
+
+데스크톱 IPC/runtime settings는 typed summary 계약을 사용합니다.
+
+- `summary.provider.id|endpoint|model`
+- `summary.prompt.template`
+- `summary.response.style|shape`
+- `summary.storage.trigger|backend`
+- `summary.source_mode`
+- `vector_search.enabled|provider|model|endpoint|granularity|chunk_size_lines|chunk_overlap_lines|top_k_chunks|top_k_sessions`
+
+데스크톱 로컬 제약:
+
+- `auth_enabled=false` 런타임은 의도적으로 account/auth UI를 숨깁니다.
+- 데스크톱 로컬 런타임에서는 `summary.source_mode`가 `session_only`로 고정됩니다.
+- `session_or_git_changes`는 CI/CLI 같은 비-데스크톱 런타임 컨텍스트용입니다.
+- 기본 summary storage backend는 `hidden_ref`입니다.
+- `hidden_ref`를 써도 list/search 메타데이터와 vector index 메타데이터는 로컬 SQLite(`OPENSESSION_LOCAL_DB_PATH` 또는 기본 `~/.local/share/opensession/local.db`)에 인덱싱됩니다.
+- Settings의 runtime response preview는 모델 출력이 아니라 결정론적 로컬 샘플 렌더링입니다.
+
+데스크톱 로컬 확장:
+
+- HTTP docs 라우트가 없어도 `/docs`는 desktop IPC(`desktop_get_docs_markdown`)에서 해석할 수 있습니다.
+- 벡터 검색은 이벤트/라인 청크 인덱싱과 로컬 Ollama 임베딩(기본 `bge-m3`)을 사용합니다.
+- 벡터 검색 활성화는 명시적입니다. 먼저 모델 설치가 끝나야 합니다(`desktop_vector_preflight`, `desktop_vector_install_model`).
+- 인덱싱도 명시적이며 상태를 관찰할 수 있습니다(`desktop_vector_index_rebuild`, `desktop_vector_index_status`).
+
+## Git을 통한 공유
+
+`register`는 로컬 전용입니다. 원격 공유는 `share`로 명시적으로 수행합니다.
+
+```bash
+# 로컬 source -> 원클릭 git share URI 흐름
+opensession share os://src/local/<sha256> --quick
+
+# 선택적 네트워크 변경
+opensession share os://src/local/<sha256> --git --remote origin --push
+```
+
+`share --git` / `share --quick` 규칙:
+
+- `--quick`은 remote를 자동 감지합니다(`origin` 우선, 단일 remote fallback)
+- `--git`은 명시적 `--remote <name|url>`가 필요합니다
+- 기본 ref: `refs/opensession/branches/<branch_b64url>`
+- 기본 path: `sessions/<sha256>.jsonl`
+- `--push`를 생략하면 네트워크 변경 없이 실행 가능한 push 명령만 출력합니다
+- `--quick`은 첫 푸시 때 한 번 확인을 받고, 레포별 동의를 `.git/config`의 `opensession.share.auto-push-consent=true`에 저장합니다
+- 새 write에는 더 이상 레거시 고정 ref `refs/heads/opensession/sessions`를 사용하지 않습니다
+
+설치 후 그대로 쓰는 설정:
+
+```bash
+opensession doctor
+opensession doctor --fix --profile local
+# interactive 셸에서 선택 모드를 명시하고 싶다면
+opensession doctor --fix --profile local --fanout-mode hidden_ref
+# automation/non-interactive
+opensession doctor --fix --yes --profile local --fanout-mode hidden_ref --open-target web
+```
+
+- `doctor` check 모드는 내부 setup check로, `doctor --fix`는 내부 setup apply 흐름으로 연결됩니다.
+- `doctor --fix`는 명시적 승인이 필요합니다. interactive 기본 프롬프트 또는 자동화용 `--yes`를 사용합니다.
+- 현재 레포에 OpenSession 관리 `pre-push` 훅을 설치/업데이트합니다.
+- `~/.local/share/opensession/bin/opensession`에 OpenSession shim을 설치/업데이트합니다.
+- fanout 모드가 아직 설정되지 않은 interactive 셸에서는 첫 적용 시 `hidden_ref` 또는 `git_notes`를 선택하도록 묻고, 결과를 로컬 git config(`opensession.fanout-mode`)에 저장합니다.
+- 비대화형 적용은 레포에 저장된 `opensession.fanout-mode`가 없으면 명시적 `--fanout-mode`가 필요합니다.
+- open target 기본값은 profile을 따릅니다(`local -> web`, `app -> app`).
+- `doctor` 출력에는 `~/.config/opensession/daemon.pid` 기준 daemon 상태가 포함됩니다.
+- daemon 시작: `opensession-daemon run` (소스 체크아웃에서는 `cargo run -p opensession-daemon -- run`)
+- `remote.<name>.push`는 수정하지 않습니다.
+- hook fanout push는 best-effort이며 경고만 출력합니다.
+- fanout helper가 없거나 fanout push가 실패하면 push를 실패시키려면 `OPENSESSION_STRICT=1`을 사용하세요.
+- PR 자동화는 현재 same-repo PR만 지원합니다.
+- merge/branch delete cleanup은 ledger ref를 즉시 제거하고, 실제 object 제거는 remote GC 정책을 따릅니다.
+
+`share --web` 규칙:
+
+```bash
+opensession config init --base-url https://opensession.io
+opensession config show
+opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web
+```
+
+- `share --web`는 명시적 `.opensession/config.toml`이 필요합니다
+- 로컬 URI에 `--web`을 붙이면 후속 조치(`share --git`)와 함께 거부됩니다
+- 사람이 읽는 출력에서는 canonical URL이 첫 줄에 인쇄됩니다
+
+## Cleanup 자동화
+
+OpenSession은 서버 인프라를 바꾸지 않고도 사용자 저장소에서 hidden ref cleanup을 구성할 수 있습니다.
+
+```bash
+# provider-aware cleanup 템플릿/설정 초기화
+opensession cleanup init --provider auto
+
+# 비대화형 설정
+opensession cleanup init --provider auto --yes
+
+# 설정 + janitor dry-run 요약 확인
+opensession cleanup status
+
+# dry-run (기본)
+opensession cleanup run
+
+# 실제 삭제 적용
+opensession cleanup run --apply
+```
+
+기본값:
+
+- hidden ref TTL: 30일
+- artifact branch TTL: 30일
+
+민감한 저장소용:
+
+```bash
+opensession cleanup init --provider auto --hidden-ttl-days 0 --artifact-ttl-days 0 --yes
+```
+
+프로바이더 매트릭스:
+
+- GitHub: `.github/workflows/opensession-cleanup.yml`와 `.github/workflows/opensession-session-review.yml`을 생성합니다. PR 업데이트 시 `opensession/pr-<number>-sessions`를 게시/갱신하고 PR 코멘트를 upsert합니다.
+- GitLab: `.gitlab/opensession-cleanup.yml`와 `.gitlab/opensession-session-review.yml`을 생성합니다. `.gitlab-ci.yml`은 OpenSession 관리 마커 블록이 있을 때만(또는 새 파일일 때만) 갱신합니다. MR 파이프라인은 `opensession/mr-<iid>-sessions`를 게시/갱신하고 MR note를 남깁니다.
+- Generic git: cron/system scheduler 연동용 `.opensession/cleanup/cron.example`를 생성합니다.
+- session-review 코멘트에는 `Reviewer Quick Digest`가 포함되며, Q&A 발췌(`Question | Answer` 행), 수정 파일 요약, 추가/수정 테스트가 함께 표시됩니다.
+
+## 개발 및 검증
+
+정식 검증 흐름(훅, API/worker/web/desktop E2E, CI 정합성, artifact 정책):
+
+- `docs/development-validation-flow.md`
+
+빠른 로컬 게이트 명령:
+
+```bash
+./.githooks/pre-commit
+./.githooks/pre-push
+```
+
+데스크톱 빌드 정책:
+
+- CI에서 Linux 데스크톱 번들 빌드 검증(`desktop-bundle-verify`)을 필수로 수행합니다.
+- macOS 데스크톱 릴리즈 타깃은 `universal-apple-darwin`만 허용합니다.
+- universal 아키텍처는 `lipo -archs`로 검증하며 반드시 `x86_64`와 `arm64`를 모두 포함해야 합니다.
+- 정기/수동 `Desktop Dry Run` 워크플로는 no-sign 데스크톱 번들을 검증하고 diagnostics/metrics artifact를 업로드합니다.
+
+릴리즈 서명 체크리스트(수동 secret 준비):
+
+- `APPLE_CERTIFICATE`
+- `APPLE_CERTIFICATE_PASSWORD`
+- `APPLE_SIGNING_IDENTITY`
+- `APPLE_ID`
+- `APPLE_PASSWORD`
+- `APPLE_TEAM_ID`
+
+## 실패 복구
+
+일반적인 온보딩 흐름이 실패했을 때 아래 명령을 사용하세요.
+
+1. `share --web`에 로컬 URI를 넣은 경우:
+```bash
+opensession share os://src/local/<sha256> --git --remote origin
+opensession share os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...> --web
+```
+2. `share --git`에 `--remote`가 없는 경우:
+```bash
+opensession share os://src/local/<sha256> --quick
+```
+3. `share --git`을 git 저장소 밖에서 실행한 경우:
+```bash
+cd <repo>
+opensession share os://src/local/<sha256> --quick
+```
+4. `share --web`에 config가 없는 경우:
+```bash
+opensession config init --base-url https://opensession.io
+opensession config show
+```
+5. `register`가 non-canonical 입력을 거부한 경우:
+```bash
+opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl
+opensession register ./session.hail.jsonl
+```
+6. `parse`에서 parser/input이 맞지 않는 경우:
+```bash
+opensession parse --help
+opensession parse --profile codex ./raw-session.jsonl --preview
+```
+7. `view` target 해석이 실패한 경우:
+```bash
+opensession view os://src/... --no-open
+opensession view ./session.hail.jsonl --no-open
+opensession view HEAD
+```
+8. `cleanup run` 전에 초기화를 하지 않은 경우:
+```bash
+opensession cleanup init --provider auto
+opensession cleanup run
+```
+
+5분 복구 경로:
+
+```bash
+opensession doctor
+opensession doctor --fix --profile local
+opensession parse --profile codex ./raw-session.jsonl --out ./session.hail.jsonl
+opensession register ./session.hail.jsonl
+opensession share os://src/local/<sha256> --quick
+```
+
+## 타임라인 검토
+
+canonical 웹 라우트:
+
+- `/src/gh/<owner>/<repo>/ref/<ref_enc>/path/<path...>`
+- `/src/gl/<project_b64>/ref/<ref_enc>/path/<path...>`
+- `/src/git/<remote_b64>/ref/<ref_enc>/path/<path...>`
+
+레거시 단축 라우트는 예약되어 있으며 404를 반환합니다.
+
+- `/git`
+- `/gh/*`
+- `/resolve/*`
+
+서버 parse preview 엔드포인트:
+
+- `POST /api/parse/preview`
+
+## Review 뷰
+
+`opensession view`는 리뷰 중심 웹 진입점입니다.
+
+```bash
+# Source URI -> /src/*
+opensession view os://src/gl/<project_b64>/ref/<ref_enc>/path/<path...>
+
+# 로컬 source URI / jsonl 파일 -> /review/local/<id>
+opensession view os://src/local/<sha256>
+opensession view ./session.hail.jsonl
+
+# commit/ref/range -> commit-linked local review bundle
+opensession view HEAD
+opensession view main..feature/my-branch
+```
+
+기본 모드는 web입니다. URL만 출력하려면 `--no-open`을 사용하세요.
+
+로컬 `view` 대상은 등록된 git credential이 필요하지 않습니다.
+로컬 git object / 로컬 source byte를 사용해 local review bundle을 만들기 때문입니다.
+commit-linked local review page는 Q&A 내용 발췌, 수정 파일, 추가/수정 테스트를 포함하는 `Reviewer Quick Digest` 패널을 노출합니다.
+
+## Handoff
+
+handoff artifact는 immutable입니다. `build`는 매번 새 artifact URI를 생성합니다.
+
+```bash
+# immutable artifact 생성
+opensession handoff build --from os://src/local/<sha256> --pin latest
+# -> os://artifact/<sha256>
+
+# payload 표현 읽기
+opensession handoff artifacts get os://artifact/<sha256> --format canonical --encode jsonl
+
+# 결정론적 해시 검증
+opensession handoff artifacts verify os://artifact/<sha256>
+
+# alias 제어
+opensession handoff artifacts pin latest os://artifact/<sha256>
+opensession handoff artifacts unpin latest
+
+# 제거 정책 (unpinned만 허용)
+opensession handoff artifacts rm os://artifact/<sha256>
+```
+
+v1에는 refresh/update 명령이 없습니다. 다시 build하고 pin alias를 옮기면 됩니다.
+
+## 선택적 UI
+
+CLI가 정식 운영 표면입니다.
+Web과 TUI는 같은 URI 계약 위에서 동작하는 선택적 인터페이스입니다.
+
+## 개념
+
+source / artifact 식별자:
+
+- `os://src/local/<sha256>`
+- `os://src/gh/<owner>/<repo>/ref/<ref_enc>/path/<path...>`
+- `os://src/gl/<project_b64>/ref/<ref_enc>/path/<path...>`
+- `os://src/git/<remote_b64>/ref/<ref_enc>/path/<path...>`
+- `os://artifact/<sha256>`
+
+인코딩 규칙:
+
+- `ref_enc`: RFC3986 percent-encoding
+- `project_b64`, `remote_b64`: base64url(no padding)
+
+API 경계:
+
+- `DELETE /api/admin/sessions/{id}`
+- Header: `X-OpenSession-Admin-Key`
diff --git a/packages/ui/package-lock.json b/packages/ui/package-lock.json
index 167b1b53..def31f48 100644
--- a/packages/ui/package-lock.json
+++ b/packages/ui/package-lock.json
@@ -10,13 +10,13 @@
 			"dependencies": {
 				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
-				"isomorphic-dompurify": "^2.28.0",
-				"marked": "^17.0.1"
+				"isomorphic-dompurify": "^3.0.0",
+				"marked": "^17.0.4"
 			},
 			"devDependencies": {
-				"@biomejs/biome": "2.3.15",
+				"@biomejs/biome": "^2.4.6",
 				"jsdom": "^28.1.0",
-				"svelte": "^5.51.5",
+				"svelte": "^5.53.7",
 				"tsx": "^4.20.5",
 				"turndown": "^7.2.0",
 				"typescript": "^5.9.3"
@@ -67,9 +67,9 @@
 			"license": "MIT"
 		},
 		"node_modules/@biomejs/biome": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.3.15.tgz",
-			"integrity": "sha512-u+jlPBAU2B45LDkjjNNYpc1PvqrM/co4loNommS9/sl9oSxsAQKsNZejYuUztvToB5oXi1tN/e62iNd6ESiY3g==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/biome/-/biome-2.4.6.tgz",
+			"integrity": "sha512-QnHe81PMslpy3mnpL8DnO2M4S4ZnYPkjlGCLWBZT/3R9M6b5daArWMMtEfP52/n174RKnwRIf3oT8+wc9ihSfQ==",
 			"dev": true,
 			"license": "MIT OR Apache-2.0",
 			"bin": {
@@ -83,20 +83,20 @@
 				"url": "https://opencollective.com/biome"
 			},
 			"optionalDependencies": {
-				"@biomejs/cli-darwin-arm64": "2.3.15",
-				"@biomejs/cli-darwin-x64": "2.3.15",
-				"@biomejs/cli-linux-arm64": "2.3.15",
-				"@biomejs/cli-linux-arm64-musl": "2.3.15",
-				"@biomejs/cli-linux-x64": "2.3.15",
-				"@biomejs/cli-linux-x64-musl": "2.3.15",
-				"@biomejs/cli-win32-arm64": "2.3.15",
-				"@biomejs/cli-win32-x64": "2.3.15"
+				"@biomejs/cli-darwin-arm64": "2.4.6",
+				"@biomejs/cli-darwin-x64": "2.4.6",
+				"@biomejs/cli-linux-arm64": "2.4.6",
+				"@biomejs/cli-linux-arm64-musl": "2.4.6",
+				"@biomejs/cli-linux-x64": "2.4.6",
+				"@biomejs/cli-linux-x64-musl": "2.4.6",
+				"@biomejs/cli-win32-arm64": "2.4.6",
+				"@biomejs/cli-win32-x64": "2.4.6"
 			}
 		},
 		"node_modules/@biomejs/cli-darwin-arm64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.3.15.tgz",
-			"integrity": "sha512-SDCdrJ4COim1r8SNHg19oqT50JfkI/xGZHSyC6mGzMfKrpNe/217Eq6y98XhNTc0vGWDjznSDNXdUc6Kg24jbw==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-arm64/-/cli-darwin-arm64-2.4.6.tgz",
+			"integrity": "sha512-NW18GSyxr+8sJIqgoGwVp5Zqm4SALH4b4gftIA0n62PTuBs6G2tHlwNAOj0Vq0KKSs7Sf88VjjmHh0O36EnzrQ==",
 			"cpu": [
 				"arm64"
 			],
@@ -111,9 +111,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-darwin-x64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.3.15.tgz",
-			"integrity": "sha512-RkyeSosBtn3C3Un8zQnl9upX0Qbq4E3QmBa0qjpOh1MebRbHhNlRC16jk8HdTe/9ym5zlfnpbb8cKXzW+vlTxw==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-darwin-x64/-/cli-darwin-x64-2.4.6.tgz",
+			"integrity": "sha512-4uiE/9tuI7cnjtY9b07RgS7gGyYOAfIAGeVJWEfeCnAarOAS7qVmuRyX6d7JTKw28/mt+rUzMasYeZ+0R/U1Mw==",
 			"cpu": [
 				"x64"
 			],
@@ -128,9 +128,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-linux-arm64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.3.15.tgz",
-			"integrity": "sha512-FN83KxrdVWANOn5tDmW6UBC0grojchbGmcEz6JkRs2YY6DY63sTZhwkQ56x6YtKhDVV1Unz7FJexy8o7KwuIhg==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64/-/cli-linux-arm64-2.4.6.tgz",
+			"integrity": "sha512-kMLaI7OF5GN1Q8Doymjro1P8rVEoy7BKQALNz6fiR8IC1WKduoNyteBtJlHT7ASIL0Cx2jR6VUOBIbcB1B8pew==",
 			"cpu": [
 				"arm64"
 			],
@@ -145,9 +145,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-linux-arm64-musl": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.3.15.tgz",
-			"integrity": "sha512-SSSIj2yMkFdSkXqASzIBdjySBXOe65RJlhKEDlri7MN19RC4cpez+C0kEwPrhXOTgJbwQR9QH1F4+VnHkC35pg==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-arm64-musl/-/cli-linux-arm64-musl-2.4.6.tgz",
+			"integrity": "sha512-F/JdB7eN22txiTqHM5KhIVt0jVkzZwVYrdTR1O3Y4auBOQcXxHK4dxULf4z43QyZI5tsnQJrRBHZy7wwtL+B3A==",
 			"cpu": [
 				"arm64"
 			],
@@ -162,9 +162,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-linux-x64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.3.15.tgz",
-			"integrity": "sha512-T8n9p8aiIKOrAD7SwC7opiBM1LYGrE5G3OQRXWgbeo/merBk8m+uxJ1nOXMPzfYyFLfPlKF92QS06KN1UW+Zbg==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64/-/cli-linux-x64-2.4.6.tgz",
+			"integrity": "sha512-oHXmUFEoH8Lql1xfc3QkFLiC1hGR7qedv5eKNlC185or+o4/4HiaU7vYODAH3peRCfsuLr1g6v2fK9dFFOYdyw==",
 			"cpu": [
 				"x64"
 			],
@@ -179,9 +179,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-linux-x64-musl": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.3.15.tgz",
-			"integrity": "sha512-dbjPzTh+ijmmNwojFYbQNMFp332019ZDioBYAMMJj5Ux9d8MkM+u+J68SBJGVwVeSHMYj+T9504CoxEzQxrdNw==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-linux-x64-musl/-/cli-linux-x64-musl-2.4.6.tgz",
+			"integrity": "sha512-C9s98IPDu7DYarjlZNuzJKTjVHN03RUnmHV5htvqsx6vEUXCDSJ59DNwjKVD5XYoSS4N+BYhq3RTBAL8X6svEg==",
 			"cpu": [
 				"x64"
 			],
@@ -196,9 +196,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-win32-arm64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.3.15.tgz",
-			"integrity": "sha512-puMuenu/2brQdgqtQ7geNwQlNVxiABKEZJhMRX6AGWcmrMO8EObMXniFQywy2b81qmC+q+SDvlOpspNwz0WiOA==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-win32-arm64/-/cli-win32-arm64-2.4.6.tgz",
+			"integrity": "sha512-xzThn87Pf3YrOGTEODFGONmqXpTwUNxovQb72iaUOdcw8sBSY3+3WD8Hm9IhMYLnPi0n32s3L3NWU6+eSjfqFg==",
 			"cpu": [
 				"arm64"
 			],
@@ -213,9 +213,9 @@
 			}
 		},
 		"node_modules/@biomejs/cli-win32-x64": {
-			"version": "2.3.15",
-			"resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.3.15.tgz",
-			"integrity": "sha512-kDZr/hgg+igo5Emi0LcjlgfkoGZtgIpJKhnvKTRmMBv6FF/3SDyEV4khBwqNebZIyMZTzvpca9sQNSXJ39pI2A==",
+			"version": "2.4.6",
+			"resolved": "https://registry.npmjs.org/@biomejs/cli-win32-x64/-/cli-win32-x64-2.4.6.tgz",
+			"integrity": "sha512-7++XhnsPlr1HDbor5amovPjOH6vsrFOCdp93iKXhFn6bcMUI6soodj3WWKfgEO6JosKU1W5n3uky3WW9RlRjTg==",
 			"cpu": [
 				"x64"
 			],
@@ -936,9 +936,9 @@
 			}
 		},
 		"node_modules/aria-query": {
-			"version": "5.3.2",
-			"resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.2.tgz",
-			"integrity": "sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==",
+			"version": "5.3.1",
+			"resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.1.tgz",
+			"integrity": "sha512-Z/ZeOgVl7bcSYZ/u/rh0fOpvEpq//LZmdbkXyc7syVzjPAhfOa9ebsdTSjEBDU4vs5nC98Kfduj1uFo0qyET3g==",
 			"dev": true,
 			"license": "Apache-2.0",
 			"engines": {
@@ -1046,10 +1046,13 @@
 			"license": "MIT"
 		},
 		"node_modules/dompurify": {
-			"version": "3.3.1",
-			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
-			"integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+			"version": "3.3.2",
+			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
+			"integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
 			"license": "(MPL-2.0 OR Apache-2.0)",
+			"engines": {
+				"node": ">=20"
+			},
 			"optionalDependencies": {
 				"@types/trusted-types": "^2.0.7"
 			}
@@ -1249,16 +1252,16 @@
 			}
 		},
 		"node_modules/isomorphic-dompurify": {
-			"version": "2.36.0",
-			"resolved": "https://registry.npmjs.org/isomorphic-dompurify/-/isomorphic-dompurify-2.36.0.tgz",
-			"integrity": "sha512-E8YkGyPY3a/U5s0WOoc8Ok+3SWL/33yn2IHCoxCFLBUUPVy9WGa++akJZFxQCcJIhI+UvYhbrbnTIFQkHKZbgA==",
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/isomorphic-dompurify/-/isomorphic-dompurify-3.0.0.tgz",
+			"integrity": "sha512-5K+MYP7Nrg74+Bi+QmQGzQ/FgEOyVHWsN8MuJy5wYQxxBRxPnWsD25Tjjt5FWYhan3OQ+vNLubyNJH9dfG03lQ==",
 			"license": "MIT",
 			"dependencies": {
 				"dompurify": "^3.3.1",
 				"jsdom": "^28.0.0"
 			},
 			"engines": {
-				"node": ">=20.19.5"
+				"node": "^20.19.0 || ^22.12.0 || >=24.0.0"
 			}
 		},
 		"node_modules/jsdom": {
@@ -1328,9 +1331,9 @@
 			}
 		},
 		"node_modules/marked": {
-			"version": "17.0.1",
-			"resolved": "https://registry.npmjs.org/marked/-/marked-17.0.1.tgz",
-			"integrity": "sha512-boeBdiS0ghpWcSwoNm/jJBwdpFaMnZWRzjA6SkUMYb40SVaN1x7mmfGKp0jvexGcx+7y2La5zRZsYFZI6Qpypg==",
+			"version": "17.0.4",
+			"resolved": "https://registry.npmjs.org/marked/-/marked-17.0.4.tgz",
+			"integrity": "sha512-NOmVMM+KAokHMvjWmC5N/ZOvgmSWuqJB8FoYI019j4ogb/PeRMKoKIjReZ2w3376kkA8dSJIP8uD993Kxc0iRQ==",
 			"license": "MIT",
 			"bin": {
 				"marked": "bin/marked.js"
@@ -1429,9 +1432,9 @@
 			}
 		},
 		"node_modules/svelte": {
-			"version": "5.51.5",
-			"resolved": "https://registry.npmjs.org/svelte/-/svelte-5.51.5.tgz",
-			"integrity": "sha512-/4tR5cLsWOgH3wnNRXnFoWaJlwPGbJanZPSKSD6nHM2y01dvXeEF4Nx7jevoZ+UpJpkIHh6mY2tqDncuI4GHng==",
+			"version": "5.53.7",
+			"resolved": "https://registry.npmjs.org/svelte/-/svelte-5.53.7.tgz",
+			"integrity": "sha512-uxck1KI7JWtlfP3H6HOWi/94soAl23jsGJkBzN2BAWcQng0+lTrRNhxActFqORgnO9BHVd1hKJhG+ljRuIUWfQ==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -1441,7 +1444,7 @@
 				"@types/estree": "^1.0.5",
 				"@types/trusted-types": "^2.0.7",
 				"acorn": "^8.12.1",
-				"aria-query": "^5.3.1",
+				"aria-query": "5.3.1",
 				"axobject-query": "^4.1.0",
 				"clsx": "^2.1.1",
 				"devalue": "^5.6.3",
diff --git a/packages/ui/package.json b/packages/ui/package.json
index c2dea303..8d33f875 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -31,8 +31,8 @@
 	"dependencies": {
 		"effect": "3.19.19",
 		"highlight.js": "^11.11.1",
-		"isomorphic-dompurify": "^2.28.0",
-		"marked": "^17.0.1"
+		"isomorphic-dompurify": "^3.0.0",
+		"marked": "^17.0.4"
 	},
 	"scripts": {
 		"lint": "biome check src/",
@@ -41,9 +41,9 @@
 		"test": "tsx --test src/*.test.ts src/**/*.test.ts"
 	},
 	"devDependencies": {
-		"@biomejs/biome": "2.3.15",
+		"@biomejs/biome": "^2.4.6",
 		"jsdom": "^28.1.0",
-		"svelte": "^5.51.5",
+		"svelte": "^5.53.7",
 		"tsx": "^4.20.5",
 		"turndown": "^7.2.0",
 		"typescript": "^5.9.3"
diff --git a/packages/ui/src/api-internal/runtime.ts b/packages/ui/src/api-internal/runtime.ts
index 1a1a85bd..57018018 100644
--- a/packages/ui/src/api-internal/runtime.ts
+++ b/packages/ui/src/api-internal/runtime.ts
@@ -34,6 +34,7 @@ export interface RuntimeEnv {
 	getStorageItem: (key: string) => string | null;
 	setStorageItem: (key: string, value: string) => void;
 	removeStorageItem: (key: string) => void;
+	getPreferredLanguages?: () => string[];
 	getDocumentCookie: () => string;
 	getLocation: () => RuntimeLocation;
 	replaceHistoryUrl: (url: string) => void;
@@ -69,6 +70,18 @@ export function createBrowserRuntimeEnv(): RuntimeEnv {
 			if (typeof localStorage === 'undefined') return;
 			localStorage.removeItem(key);
 		},
+		getPreferredLanguages() {
+			if (typeof navigator === 'undefined') return [];
+			if (Array.isArray(navigator.languages) && navigator.languages.length > 0) {
+				return navigator.languages.filter(
+					(value): value is string => typeof value === 'string' && value.trim().length > 0,
+				);
+			}
+			if (typeof navigator.language === 'string' && navigator.language.trim().length > 0) {
+				return [navigator.language];
+			}
+			return [];
+		},
 		getDocumentCookie() {
 			if (typeof document === 'undefined') return '';
 			return document.cookie ?? '';
@@ -218,3 +231,25 @@ export function getOAuthUrl(runtime: RuntimeEnv, provider: string): string {
 	if (isDesktopLocalRuntime(runtime)) return '#';
 	return `${getBaseUrl(runtime)}/api/auth/oauth/${encodeURIComponent(provider)}`;
 }
+
+export function getPreferredLanguages(runtime: RuntimeEnv): string[] {
+	if (typeof runtime.getPreferredLanguages === 'function') {
+		return runtime.getPreferredLanguages();
+	}
+	if (!runtime.hasWindow() || typeof navigator === 'undefined') return [];
+	if (Array.isArray(navigator.languages) && navigator.languages.length > 0) {
+		return navigator.languages.filter(
+			(value): value is string => typeof value === 'string' && value.trim().length > 0,
+		);
+	}
+	if (typeof navigator.language === 'string' && navigator.language.trim().length > 0) {
+		return [navigator.language];
+	}
+	return [];
+}
+
+export function setDocumentLanguage(language: string) {
+	if (typeof document === 'undefined') return;
+	if (!document.documentElement) return;
+	document.documentElement.lang = language;
+}
diff --git a/packages/ui/src/components/AppShell.svelte b/packages/ui/src/components/AppShell.svelte
index 272e53ef..fda609ba 100644
--- a/packages/ui/src/components/AppShell.svelte
+++ b/packages/ui/src/components/AppShell.svelte
@@ -1,6 +1,6 @@
 <script lang="ts">
 import type { Snippet } from 'svelte';
-import { tick } from 'svelte';
+import { onMount, tick } from 'svelte';
 import {
 	authLogout,
 	getApiCapabilities,
@@ -10,6 +10,13 @@ import {
 } from '../api';
 import { createShellModel, createShellModelState } from '../models/app-shell-model';
 import type { UserSettings } from '../types';
+import {
+	appLocale,
+	initializeLocalization,
+	refreshLocaleFromPlatform,
+	translate,
+} from '../i18n';
+import LanguageModePicker from './LanguageModePicker.svelte';
 import ThemeToggle from './ThemeToggle.svelte';
 
 type DesktopWindow = Window & {
@@ -34,6 +41,8 @@ type PaletteCommand = {
 	run: () => void;
 };
 
+const OPENSESSION_GITHUB_URL = 'https://github.com/hwisu/opensession';
+
 const {
 	currentPath,
 	children,
@@ -89,9 +98,9 @@ function shortDate(iso: string | null | undefined): string {
 	return parsed.toLocaleDateString();
 }
 
-function linkedProvidersLabel(currentUser: UserSettings | null): string {
+function linkedProvidersLabel(currentUser: UserSettings | null, emptyLabel: string): string {
 	if (!currentUser || !currentUser.oauth_providers || currentUser.oauth_providers.length === 0) {
-		return 'none';
+		return emptyLabel;
 	}
 	return currentUser.oauth_providers.map((provider) => provider.display_name).join(', ');
 }
@@ -141,10 +150,12 @@ const shellModel = createShellModel(shellState, {
 });
 
 const navLinks = $derived.by(() => {
-	const links: Array<{ href: string; label: string }> = [{ href: '/sessions', label: 'Sessions' }];
-	links.push({ href: '/docs', label: 'Docs' });
+	const links: Array<{ href: string; label: string }> = [
+		{ href: '/sessions', label: translate($appLocale, 'nav.sessions') },
+	];
+	links.push({ href: '/docs', label: translate($appLocale, 'nav.docs') });
 	if (shellState.desktopRuntime || shellState.hasLocalAuth) {
-		links.push({ href: '/settings', label: 'Settings' });
+		links.push({ href: '/settings', label: translate($appLocale, 'nav.settings') });
 	}
 	return links;
 });
@@ -161,21 +172,30 @@ $effect(() => {
 
 const shortcutHints = $derived.by(() => {
 	if (isSessionDetail) {
-		return ['Cmd/Ctrl+K palette', 'j/k scroll', '1-0 filters', '/ search', 'n/p match', 'Esc back'];
+		return [
+			`Cmd/Ctrl+K ${translate($appLocale, 'shortcut.palette')}`,
+			`j/k ${translate($appLocale, 'shortcut.scroll')}`,
+			`1-0 ${translate($appLocale, 'shortcut.filters')}`,
+			`/ ${translate($appLocale, 'shortcut.search')}`,
+			`n/p ${translate($appLocale, 'shortcut.match')}`,
+			`Esc ${translate($appLocale, 'shortcut.back')}`,
+		];
 	}
 	if (isSessionList) {
 		return [
-			'Cmd/Ctrl+K palette',
-			'j/k navigate',
-			'Enter open',
-			'/ search',
-			't tool',
-			'r range',
-			'Shift+R refresh',
-			'g repo',
+			`Cmd/Ctrl+K ${translate($appLocale, 'shortcut.palette')}`,
+			`j/k ${translate($appLocale, 'shortcut.navigate')}`,
+			`Enter ${translate($appLocale, 'shortcut.open')}`,
+			`/ ${translate($appLocale, 'shortcut.search')}`,
+			`t ${translate($appLocale, 'shortcut.tool')}`,
+			`r ${translate($appLocale, 'shortcut.range')}`,
+			`g ${translate($appLocale, 'shortcut.repo')}`,
 		];
 	}
-	return ['Cmd/Ctrl+K palette', 'Esc back'];
+	return [
+		`Cmd/Ctrl+K ${translate($appLocale, 'shortcut.palette')}`,
+		`Esc ${translate($appLocale, 'shortcut.back')}`,
+	];
 });
 
 $effect(() => {
@@ -189,6 +209,10 @@ $effect(() => {
 	shellModel.resetMenusForPath();
 });
 
+onMount(() => {
+	initializeLocalization();
+});
+
 function createPaletteCommand(
 	id: string,
 	label: string,
@@ -207,15 +231,15 @@ const allPaletteCommands = $derived.by(() => {
 	const commands: PaletteCommand[] = [
 		createPaletteCommand(
 			'go-sessions',
-			'Go to Sessions',
-			'Open the main session list',
+			translate($appLocale, 'palette.goSessions.label'),
+			translate($appLocale, 'palette.goSessions.description'),
 			['sessions', 'home', 'list', '/sessions'],
 			() => onNavigate('/sessions'),
 		),
 		createPaletteCommand(
 			'go-docs',
-			'Go to Docs',
-			'Open product and API documentation',
+			translate($appLocale, 'palette.goDocs.label'),
+			translate($appLocale, 'palette.goDocs.description'),
 			['docs', 'documentation', 'guide'],
 			() => onNavigate('/docs'),
 		),
@@ -225,8 +249,8 @@ const allPaletteCommands = $derived.by(() => {
 		commands.push(
 			createPaletteCommand(
 				'go-login',
-				'Go to Login',
-				'Sign in to your account',
+				translate($appLocale, 'palette.goLogin.label'),
+				translate($appLocale, 'palette.goLogin.description'),
 				['login', 'auth', 'signin'],
 				() => onNavigate('/login'),
 			),
@@ -236,8 +260,8 @@ const allPaletteCommands = $derived.by(() => {
 		commands.push(
 			createPaletteCommand(
 				'go-settings',
-				'Go to Settings',
-				'Open personal settings and API key controls',
+				translate($appLocale, 'palette.goSettings.label'),
+				translate($appLocale, 'palette.goSettings.description'),
 				['settings', 'account', 'profile', 'api key'],
 				() => onNavigate('/settings'),
 			),
@@ -248,8 +272,8 @@ const allPaletteCommands = $derived.by(() => {
 		commands.push(
 			createPaletteCommand(
 				'focus-list-search',
-				'Focus session search',
-				'Move cursor to list search input',
+				translate($appLocale, 'palette.focusSessionSearch.label'),
+				translate($appLocale, 'palette.focusSessionSearch.description'),
 				['search', 'find', 'session list'],
 				dispatchFocusSearch,
 			),
@@ -260,8 +284,8 @@ const allPaletteCommands = $derived.by(() => {
 		commands.push(
 			createPaletteCommand(
 				'focus-detail-search',
-				'Focus in-session search',
-				'Move cursor to timeline search input',
+				translate($appLocale, 'palette.focusDetailSearch.label'),
+				translate($appLocale, 'palette.focusDetailSearch.description'),
 				['search', 'find', 'timeline', 'session detail'],
 				dispatchFocusSearch,
 			),
@@ -303,7 +327,7 @@ function isPaletteShortcut(e: KeyboardEvent): boolean {
 }
 
 function isHelpShortcut(e: KeyboardEvent): boolean {
-	return e.key === '?' || (e.key === '/' && e.shiftKey);
+	return !e.metaKey && !e.ctrlKey && !e.altKey && e.key.toLowerCase() === 'h';
 }
 
 function isEditableTarget(target: EventTarget | null): boolean {
@@ -459,9 +483,17 @@ function handleGlobalKey(e: KeyboardEvent) {
 		history.back();
 	}
 }
+
+function handleLanguageChange() {
+	refreshLocaleFromPlatform();
+}
 </script>
 
-<svelte:window onkeydown={handleGlobalKey} onmousedown={handleWindowPointerDown} />
+<svelte:window
+	onkeydown={handleGlobalKey}
+	onmousedown={handleWindowPointerDown}
+	onlanguagechange={handleLanguageChange}
+/>
 
 <div class="grid h-[100dvh] max-w-[100vw] grid-rows-[auto_1fr_auto] overflow-hidden bg-bg-primary text-text-primary">
 	<nav class="relative z-30 flex min-w-0 flex-wrap items-center justify-between gap-2 border-b border-border bg-bg-secondary px-2 py-2 sm:px-4">
@@ -469,6 +501,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 			<a href="/" class="text-sm font-bold tracking-tight text-text-primary sm:text-base">
 				opensession<span class="text-accent">.io</span>
 			</a>
+			<LanguageModePicker compact />
 			<ThemeToggle />
 		</div>
 		<div class="flex min-w-0 flex-1 items-center justify-end gap-0.5 pb-1 sm:pb-0">
@@ -500,20 +533,35 @@ function handleGlobalKey(e: KeyboardEvent) {
 						{#if shellState.accountMenuOpen}
 							<div
 								role="menu"
-								aria-label="Account menu"
+								aria-label={translate($appLocale, 'account.menu')}
 								data-testid="account-menu"
 								class="absolute right-0 z-40 mt-1 w-[min(18rem,calc(100vw-1rem))] border border-border bg-bg-primary shadow-2xl"
 							>
 							<div class="border-b border-border px-3 py-2">
-								<p class="text-[11px] uppercase tracking-[0.1em] text-text-muted">Account</p>
+								<p class="text-[11px] uppercase tracking-[0.1em] text-text-muted">
+									{translate($appLocale, 'account.title')}
+								</p>
 								<p class="mt-1 text-sm font-medium text-text-primary">{shellState.user?.nickname}</p>
-								<p class="text-xs text-text-secondary">{shellState.user?.email ?? 'email not linked'}</p>
+								<p class="text-xs text-text-secondary">
+									{shellState.user?.email ?? translate($appLocale, 'account.emailMissing')}
+								</p>
 							</div>
 
 							<div class="border-b border-border px-3 py-2 text-xs text-text-secondary">
-								<p>User ID: <span class="text-text-primary">{shellState.user?.user_id}</span></p>
-								<p>Joined: <span class="text-text-primary">{shortDate(shellState.user?.created_at)}</span></p>
-								<p>Providers: <span class="text-text-primary">{linkedProvidersLabel(shellState.user)}</span></p>
+								<p>
+									{translate($appLocale, 'account.userId')}:
+									<span class="text-text-primary">{shellState.user?.user_id}</span>
+								</p>
+								<p>
+									{translate($appLocale, 'account.joined')}:
+									<span class="text-text-primary">{shortDate(shellState.user?.created_at)}</span>
+								</p>
+								<p>
+									{translate($appLocale, 'account.providers')}:
+									<span class="text-text-primary">
+										{linkedProvidersLabel(shellState.user, translate($appLocale, 'common.none'))}
+									</span>
+								</p>
 							</div>
 
 								<div class="border-b border-border px-2 py-1">
@@ -522,21 +570,21 @@ function handleGlobalKey(e: KeyboardEvent) {
 										class="block w-full px-2 py-1 text-left text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary"
 										onclick={() => handleAccountMenuNavigate('/settings')}
 									>
-										Settings
+										{translate($appLocale, 'nav.settings')}
 									</button>
 									<button
 										type="button"
-										class="block w-full px-2 py-1 text-left text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary"
-									onclick={() => handleAccountMenuNavigate('/sessions')}
-								>
-									Session Home
+									class="block w-full px-2 py-1 text-left text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary"
+								onclick={() => handleAccountMenuNavigate('/sessions')}
+							>
+									{translate($appLocale, 'account.sessionHome')}
 								</button>
 								<button
 									type="button"
 									class="block w-full px-2 py-1 text-left text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary"
 									onclick={() => handleAccountMenuNavigate('/docs')}
 								>
-									Docs
+									{translate($appLocale, 'nav.docs')}
 								</button>
 							</div>
 
@@ -547,7 +595,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 									onclick={handleSignOut}
 									class="block w-full px-2 py-1 text-left text-xs text-error transition-colors hover:bg-error/10"
 								>
-									Logout
+									{translate($appLocale, 'account.logout')}
 								</button>
 							</div>
 						</div>
@@ -558,7 +606,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 					href="/login"
 					class="px-1.5 py-1 text-xs text-text-secondary transition-colors hover:bg-bg-hover hover:text-text-primary sm:px-3 sm:text-sm"
 				>
-					Login
+					{translate($appLocale, 'nav.login')}
 				</a>
 			{/if}
 		</div>
@@ -573,7 +621,7 @@ function handleGlobalKey(e: KeyboardEvent) {
 		class="shrink-0 flex items-center gap-2 border-t border-border bg-bg-secondary px-2 py-1 text-[11px] text-text-muted sm:gap-3 sm:px-4 sm:text-xs"
 	>
 		<span class="font-semibold tracking-[0.06em] text-accent/90">
-			Shortcuts
+			{translate($appLocale, 'footer.shortcuts')}
 		</span>
 		<span class="sm:hidden inline-flex items-center gap-1 text-text-secondary">
 			<kbd class="font-mono text-[10px] font-semibold text-accent">
@@ -592,10 +640,23 @@ function handleGlobalKey(e: KeyboardEvent) {
 			</span>
 		{/each}
 		<span class="hidden sm:inline-flex items-center gap-1 text-text-secondary">
-			<kbd class="font-mono text-[10px] font-semibold text-accent">?</kbd>
-			<span>help</span>
+			<kbd class="font-mono text-[10px] font-semibold text-accent">h</kbd>
+			<span>{translate($appLocale, 'footer.help')}</span>
+		</span>
+		<span class="ml-auto inline-flex items-center gap-2 whitespace-nowrap">
+			<a
+				href={OPENSESSION_GITHUB_URL}
+				target="_blank"
+				rel="noreferrer"
+				aria-label={translate($appLocale, 'footer.githubAria')}
+				data-testid="footer-github-link"
+				class="text-text-secondary transition-colors hover:text-text-primary"
+			>
+				{translate($appLocale, 'footer.github')}
+			</a>
+			<span aria-hidden="true" class="text-border">/</span>
+			<span>opensession.io</span>
 		</span>
-		<span class="ml-auto">opensession.io</span>
 	</footer>
 </div>
 
@@ -604,13 +665,13 @@ function handleGlobalKey(e: KeyboardEvent) {
 		<button
 			type="button"
 			class="absolute inset-0 bg-black/60"
-			aria-label="Close command palette"
+			aria-label={translate($appLocale, 'help.commandPaletteClose')}
 			onclick={closePalette}
 		></button>
 		<div
 			role="dialog"
 			aria-modal="true"
-			aria-label="Command Palette"
+			aria-label={translate($appLocale, 'help.commandPalette')}
 			tabindex="-1"
 			data-testid="command-palette"
 			class="relative mx-auto mt-14 w-full max-w-2xl border border-border bg-bg-primary shadow-2xl"
@@ -622,13 +683,15 @@ function handleGlobalKey(e: KeyboardEvent) {
 					onkeydown={handlePaletteInputKeydown}
 					data-testid="command-palette-input"
 					type="text"
-					placeholder="Type a command or page name..."
+					placeholder={translate($appLocale, 'palette.placeholder')}
 					class="w-full border border-border bg-bg-secondary px-2 py-1 text-sm text-text-primary outline-none focus:border-accent"
 				/>
 			</div>
 			<div class="max-h-[24rem] overflow-y-auto">
 				{#if visiblePaletteCommands.length === 0}
-					<p class="px-3 py-3 text-xs text-text-muted">No commands matched your query.</p>
+					<p class="px-3 py-3 text-xs text-text-muted">
+						{translate($appLocale, 'palette.noMatches')}
+					</p>
 				{:else}
 					{#each visiblePaletteCommands as command, idx (command.id)}
 						<button
@@ -648,8 +711,10 @@ function handleGlobalKey(e: KeyboardEvent) {
 				{/if}
 			</div>
 			<div class="flex items-center justify-between border-t border-border px-3 py-1.5 text-[11px] text-text-muted">
-				<span>{visiblePaletteCommands.length} command{visiblePaletteCommands.length === 1 ? '' : 's'}</span>
-				<span>Up/Down navigate · Enter run · Esc close</span>
+				<span>
+					{translate($appLocale, 'palette.commandCount', { count: visiblePaletteCommands.length })}
+				</span>
+				<span>{translate($appLocale, 'palette.footer')}</span>
 			</div>
 		</div>
 	</div>
@@ -660,13 +725,13 @@ function handleGlobalKey(e: KeyboardEvent) {
 		<button
 			type="button"
 			class="absolute inset-0 bg-black/65"
-			aria-label="Close help modal"
+			aria-label={translate($appLocale, 'help.overlayClose')}
 			onclick={closeHelp}
 		></button>
 		<div
 			role="dialog"
 			aria-modal="true"
-			aria-label="Keyboard Help"
+			aria-label={translate($appLocale, 'help.quickHelp')}
 			tabindex="-1"
 			data-testid="keyboard-help-modal"
 			bind:this={helpDialog}
@@ -674,46 +739,56 @@ function handleGlobalKey(e: KeyboardEvent) {
 		>
 			<div class="flex items-center justify-between border-b border-border px-4 py-3">
 				<div>
-					<p class="text-[11px] uppercase tracking-[0.1em] text-text-muted">Quick Help</p>
-					<h2 class="text-sm font-semibold text-text-primary">Session Runtime Guide</h2>
+					<p class="text-[11px] uppercase tracking-[0.1em] text-text-muted">
+						{translate($appLocale, 'help.quickHelp')}
+					</p>
+					<h2 class="text-sm font-semibold text-text-primary">
+						{translate($appLocale, 'help.sessionRuntimeGuide')}
+					</h2>
 				</div>
 				<button
 					type="button"
 					onclick={closeHelp}
 					class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary"
 				>
-					Close
+					{translate($appLocale, 'common.close')}
 				</button>
 			</div>
 			<div class="grid gap-3 p-4 sm:grid-cols-3">
 				<section class="rounded border border-border/70 bg-bg-secondary/60 p-3">
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Runtime Summary</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">
+						{translate($appLocale, 'help.runtimeSummary')}
+					</h3>
 					<ul class="mt-2 space-y-1 text-xs text-text-secondary">
-						<li>Provider: summary model/transport selection</li>
-						<li>Output Shape: layered/file_list/security_first</li>
-						<li>Prompt Reset: restore default template instantly</li>
+						<li>{translate($appLocale, 'help.runtimeProvider')}</li>
+						<li>{translate($appLocale, 'help.runtimeShape')}</li>
+						<li>{translate($appLocale, 'help.runtimePrompt')}</li>
 					</ul>
 				</section>
 				<section class="rounded border border-border/70 bg-bg-secondary/60 p-3">
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Vector</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">
+						{translate($appLocale, 'help.vector')}
+					</h3>
 					<ul class="mt-2 space-y-1 text-xs text-text-secondary">
-						<li>Auto chunking uses session size best-practice profile</li>
-						<li>Manual chunking unlocks chunk size/overlap fields</li>
-						<li>Fix unreachable provider: start `ollama serve`</li>
+						<li>{translate($appLocale, 'help.vectorAutoChunk')}</li>
+						<li>{translate($appLocale, 'help.vectorManual')}</li>
+						<li>{translate($appLocale, 'help.vectorFix')}</li>
 					</ul>
 				</section>
 				<section class="rounded border border-border/70 bg-bg-secondary/60 p-3">
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Change Reader</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">
+						{translate($appLocale, 'help.changeReader')}
+					</h3>
 					<ul class="mt-2 space-y-1 text-xs text-text-secondary">
-						<li>Text mode: read and ask from local context</li>
-						<li>Voice mode: OpenAI TTS playback for narrative/answer</li>
-						<li>Set API key in Runtime Summary {'>'} Change Reader</li>
+						<li>{translate($appLocale, 'help.changeReaderText')}</li>
+						<li>{translate($appLocale, 'help.changeReaderVoice')}</li>
+						<li>{translate($appLocale, 'help.changeReaderApiKey')}</li>
 					</ul>
 				</section>
 			</div>
 			<div class="flex items-center justify-between border-t border-border px-4 py-2 text-[11px] text-text-muted">
-				<span>Shift+/ opens help · Esc closes dialog</span>
-				<span>Tab focus is trapped inside this dialog</span>
+				<span>{translate($appLocale, 'help.footerShortcuts')}</span>
+				<span>{translate($appLocale, 'help.footerFocus')}</span>
 			</div>
 		</div>
 	</div>
diff --git a/packages/ui/src/components/AuthCallbackPage.svelte b/packages/ui/src/components/AuthCallbackPage.svelte
index 6d1dde61..8a0ed921 100644
--- a/packages/ui/src/components/AuthCallbackPage.svelte
+++ b/packages/ui/src/components/AuthCallbackPage.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
 import { handleAuthCallback } from '../api';
+import { appLocale } from '../i18n';
 
 const {
 	onSuccess = () => {},
@@ -10,6 +11,11 @@ const {
 } = $props();
 
 let status = $state<'loading' | 'error'>('loading');
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 
 $effect(() => {
 	handleAuthCallback()
@@ -30,8 +36,10 @@ $effect(() => {
 
 <div class="flex items-center justify-center pt-24">
 	{#if status === 'loading'}
-		<p class="text-xs text-text-muted">Completing sign in...</p>
+		<p class="text-xs text-text-muted">{localize('Completing sign in...', '로그인을 마무리하는 중...')}</p>
 	{:else}
-		<p class="text-xs text-error">Authentication failed. Please try again.</p>
+		<p class="text-xs text-error">
+			{localize('Authentication failed. Please try again.', '인증에 실패했습니다. 다시 시도해 주세요.')}
+		</p>
 	{/if}
 </div>
diff --git a/packages/ui/src/components/CodeBlockView.svelte b/packages/ui/src/components/CodeBlockView.svelte
index 18a5a840..4b2fea33 100644
--- a/packages/ui/src/components/CodeBlockView.svelte
+++ b/packages/ui/src/components/CodeBlockView.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
 import { LONG_CODE_LINE_THRESHOLD } from '../constants';
 import { highlightCode } from '../highlight';
+import { appLocale } from '../i18n';
 import { isLongContent } from '../markdown';
 
 let {
@@ -15,6 +16,8 @@ let {
 	showFull?: boolean;
 } = $props();
 
+const isKorean = $derived($appLocale === 'ko');
+
 function generateLineNumbers(src: string, start: number): string {
 	const count = src.split('\n').length;
 	const numbers: string[] = [];
@@ -43,7 +46,7 @@ const lineCount = $derived(code.split('\n').length);
 			onclick={() => (showFull = !showFull)}
 			class="w-full border-t border-border bg-bg-secondary px-3 py-1.5 text-center text-[10px] font-medium text-accent hover:bg-bg-hover"
 		>
-			{showFull ? 'Collapse' : `Show all (${lineCount} lines)`}
+			{showFull ? (isKorean ? '접기' : 'Collapse') : isKorean ? `전체 보기 (${lineCount}줄)` : `Show all (${lineCount} lines)`}
 		</button>
 	{/if}
 </div>
diff --git a/packages/ui/src/components/DocsPage.svelte b/packages/ui/src/components/DocsPage.svelte
index 705d3720..8015203a 100644
--- a/packages/ui/src/components/DocsPage.svelte
+++ b/packages/ui/src/components/DocsPage.svelte
@@ -1,5 +1,5 @@
 <script lang="ts">
-import { onMount } from 'svelte';
+import { appLocale, translate } from '../i18n';
 import { renderMarkdown } from '../markdown';
 
 const {
@@ -23,12 +23,12 @@ type ParsedDocs = {
 let loading = $state(true);
 let error = $state<string | null>(null);
 let parsed = $state<ParsedDocs>({
-	title: 'Documentation',
+	title: translate($appLocale, 'docs.defaultTitle'),
 	introMarkdown: '',
 	chapters: [],
 });
 
-const FALLBACK_DOCS_MARKDOWN = `# Documentation
+const FALLBACK_DOCS_MARKDOWN_EN = `# Documentation
 
 ## Getting Started
 
@@ -44,6 +44,26 @@ Local docs are available in desktop runtime without a server.
 - Search and filter metadata is still indexed in local SQLite (\`local.db\`) for fast list queries.
 `;
 
+const FALLBACK_DOCS_MARKDOWN_KO = `# 문서
+
+## 시작하기
+
+로컬 문서는 서버 없이도 데스크톱 런타임에서 사용할 수 있습니다.
+
+- \`/sessions\`에서 로컬 세션을 탐색합니다
+- \`/settings\`에서 런타임 summary provider/prompt/response/storage를 설정합니다
+- 세션 상세에서 handoff build를 실행해 다운로드 가능한 handoff artifact를 만듭니다
+
+## 저장소
+
+- \`hidden_ref\`는 summary artifact를 git-native ref에 저장합니다.
+- 빠른 목록 조회를 위해 검색/필터 메타데이터는 로컬 SQLite(\`local.db\`)에 계속 인덱싱됩니다.
+`;
+
+function fallbackDocsMarkdown(locale: 'en' | 'ko'): string {
+	return locale === 'ko' ? FALLBACK_DOCS_MARKDOWN_KO : FALLBACK_DOCS_MARKDOWN_EN;
+}
+
 function isDesktopRuntime(): boolean {
 	if (typeof window === 'undefined') return false;
 	const maybeTauri = window as Window & { __TAURI_INTERNALS__?: unknown };
@@ -51,15 +71,17 @@ function isDesktopRuntime(): boolean {
 	return window.location.protocol === 'tauri:';
 }
 
-async function readDesktopDocsMarkdown(): Promise<string | null> {
+async function readDesktopDocsMarkdown(locale: 'en' | 'ko'): Promise<string | null> {
 	if (!isDesktopRuntime()) return null;
 	const tauri = (
-		window as unknown as { __TAURI__?: { core?: { invoke?: <T>(cmd: string) => Promise<T> } } }
+		window as unknown as {
+			__TAURI__?: { core?: { invoke?: <T>(cmd: string, args?: Record<string, unknown>) => Promise<T> } };
+		}
 	).__TAURI__;
 	const invoke = tauri?.core?.invoke;
 	if (typeof invoke !== 'function') return null;
 	try {
-		const body = await invoke<string>('desktop_get_docs_markdown');
+		const body = await invoke<string>('desktop_get_docs_markdown', { locale });
 		const normalized = body.trim();
 		return normalized.length > 0 ? normalized : null;
 	} catch {
@@ -67,8 +89,8 @@ async function readDesktopDocsMarkdown(): Promise<string | null> {
 	}
 }
 
-async function fetchWebDocsMarkdown(): Promise<string> {
-	const res = await fetch('/docs?format=markdown', {
+async function fetchWebDocsMarkdown(locale: 'en' | 'ko'): Promise<string> {
+	const res = await fetch(`/docs?format=markdown&lang=${locale}`, {
 		cache: 'no-store',
 		headers: {
 			Accept: 'text/markdown',
@@ -93,7 +115,7 @@ function slugify(value: string): string {
 
 function parseDocsMarkdown(markdown: string): ParsedDocs {
 	const lines = markdown.split(/\r?\n/);
-	let title = 'Documentation';
+	let title = translate($appLocale, 'docs.defaultTitle');
 	let startIndex = 0;
 	const titleMatch = lines[0]?.match(/^#\s+(.+?)\s*$/);
 	if (titleMatch) {
@@ -152,16 +174,23 @@ function parseDocsMarkdown(markdown: string): ParsedDocs {
 	};
 }
 
-onMount(() => {
+function localize(en: string, ko: string): string {
+	return $appLocale === 'ko' ? ko : en;
+}
+
+$effect(() => {
+	const locale = $appLocale;
 	let cancelled = false;
+	loading = true;
+	error = null;
 	Promise.resolve()
 		.then(async () => {
-			const desktopBody = await readDesktopDocsMarkdown();
+			const desktopBody = await readDesktopDocsMarkdown(locale);
 			if (desktopBody) return desktopBody;
 			try {
-				return await fetchWebDocsMarkdown();
+				return await fetchWebDocsMarkdown(locale);
 			} catch {
-				return FALLBACK_DOCS_MARKDOWN;
+				return fallbackDocsMarkdown(locale);
 			}
 		})
 		.then((body) => {
@@ -171,7 +200,7 @@ onMount(() => {
 		})
 		.catch((e) => {
 			if (cancelled) return;
-			error = e instanceof Error ? e.message : 'Failed to load docs';
+			error = e instanceof Error ? e.message : translate($appLocale, 'docs.loading');
 			loading = false;
 		});
 
@@ -182,17 +211,19 @@ onMount(() => {
 </script>
 
 <svelte:head>
-	<title>Docs - opensession.io</title>
+	<title>{translate($appLocale, 'docs.title')}</title>
 </svelte:head>
 
 <div class="docs-stage mx-auto max-w-[72rem] space-y-5" data-testid="docs-page">
 	<section class="docs-hero border border-border p-4 sm:p-5">
 		<div class="flex flex-wrap items-end justify-between gap-3">
 			<div class="space-y-1">
-				<p class="docs-kicker text-[11px] uppercase tracking-[0.12em] text-text-muted">Docs</p>
+				<p class="docs-kicker text-[11px] uppercase tracking-[0.12em] text-text-muted">
+					{translate($appLocale, 'docs.kicker')}
+				</p>
 				<h1 class="docs-title text-3xl text-text-primary sm:text-4xl">{parsed.title}</h1>
 				<p class="max-w-2xl text-xs text-text-secondary sm:text-sm">
-					Functional guides for register, share, inspect, and handoff workflows.
+					{translate($appLocale, 'docs.heroCopy')}
 				</p>
 			</div>
 
@@ -202,7 +233,7 @@ onMount(() => {
 					onclick={() => onNavigate('/sessions')}
 					class="docs-nav-btn border border-border px-3 py-1 text-text-secondary transition-colors hover:border-accent hover:text-accent"
 				>
-					Sessions
+					{translate($appLocale, 'docs.sessions')}
 				</button>
 			</div>
 		</div>
@@ -210,13 +241,13 @@ onMount(() => {
 
 	{#if loading}
 		<div class="border border-border bg-bg-secondary px-4 py-6 text-sm text-text-secondary">
-			Loading docs...
+			{translate($appLocale, 'docs.loading')}
 		</div>
 	{:else if error}
 		<div class="border border-error/30 bg-error/10 px-4 py-6 text-sm text-error">{error}</div>
 	{:else if parsed.chapters.length === 0}
 		<div class="border border-warning/30 bg-warning/10 px-4 py-6 text-sm text-warning">
-			No documentation chapters were found.
+			{translate($appLocale, 'docs.notFound')}
 		</div>
 	{:else}
 		<div class="docs-shell grid items-start gap-5 lg:grid-cols-[18.25rem_minmax(0,1fr)]" data-testid="docs-content">
@@ -224,7 +255,7 @@ onMount(() => {
 				data-testid="docs-toc"
 				class="docs-toc hidden h-fit border border-border bg-bg-secondary/65 p-3 lg:block lg:sticky lg:top-5 lg:max-h-[calc(100vh-5rem)] lg:overflow-y-auto"
 			>
-				<p class="docs-toc-title mb-2 text-xs text-text-muted">Contents</p>
+				<p class="docs-toc-title mb-2 text-xs text-text-muted">{localize('Contents', '목차')}</p>
 				<nav class="space-y-1.5">
 					{#each parsed.chapters as chapter, idx}
 						<a
diff --git a/packages/ui/src/components/EventView.svelte b/packages/ui/src/components/EventView.svelte
index 3370ac36..2c3c9467 100644
--- a/packages/ui/src/components/EventView.svelte
+++ b/packages/ui/src/components/EventView.svelte
@@ -12,8 +12,9 @@ import {
 	truncate,
 } from '../event-helpers';
 import { highlightCode } from '../highlight';
+import { appLocale } from '../i18n';
 import { isLongContent, renderMarkdown } from '../markdown';
-import type { Event } from '../types';
+import { formatClockTime, type Event } from '../types';
 import CodeBlockView from './CodeBlockView.svelte';
 import ContentBlockList from './ContentBlockList.svelte';
 import DiffView from './DiffView.svelte';
@@ -39,6 +40,11 @@ const {
 	pairedResult,
 	resultOk = false,
 }: { event: Event; pairedResult?: Event; resultOk?: boolean } = $props();
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 
 // --- Helpers ---
 type RequestUserInputOption = {
@@ -386,14 +392,14 @@ const summaryLabel = $derived.by(() => {
 		}
 		case 'ToolResult': {
 			if (isRequestUserInputTool && requestUserInputResultPayload) {
-				if (requestUserInputResultPayload.answers.length === 0) return 'no answers';
+				if (requestUserInputResultPayload.answers.length === 0) return localize('no answers', '응답 없음');
 				const first = requestUserInputResultPayload.answers[0];
-				const preview = first.answers[0] ?? first.raw ?? '(no answer)';
+				const preview = first.answers[0] ?? first.raw ?? localize('(no answer)', '(응답 없음)');
 				if (requestUserInputResultPayload.answers.length === 1) return `${first.id}: ${preview}`;
 				return `${first.id}: ${preview} +${requestUserInputResultPayload.answers.length - 1}`;
 			}
 			const line = firstMeaningfulEventLine(event);
-			return line ? truncate(line) : 'output';
+			return line ? truncate(line) : localize('output', '출력');
 		}
 		case 'TaskStart':
 			return t.data.title ?? '';
@@ -432,7 +438,11 @@ const metaBadgeText = $derived.by(() => {
 			(n, b) => n + (b.type === 'Text' ? b.text.split('\n').filter(Boolean).length : 0),
 			0,
 		);
-		return count > 0 ? `${count} ${t.type === 'FileSearch' ? 'files' : 'matches'}` : '';
+		return count > 0
+			? isKorean
+				? `${count}개 ${t.type === 'FileSearch' ? '파일' : '일치'}`
+				: `${count} ${t.type === 'FileSearch' ? 'files' : 'matches'}`
+			: '';
 	}
 	return null;
 });
@@ -469,9 +479,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 	<div class="ev-message group my-1 sm:my-4" data-event-type={eventTypeName}>
 		{#if isUser}
 			<div class="flex items-start gap-1.5 sm:gap-3">
-				<span class="tui-badge tui-badge-user mt-0.5 shrink-0">USER</span>
+				<span class="tui-badge tui-badge-user mt-0.5 shrink-0">{localize('USER', '사용자')}</span>
 				{#if event.timestamp}
-					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{new Date(event.timestamp).toLocaleTimeString('en-US', { hour12: false })}</span>
+					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{formatClockTime(event.timestamp)}</span>
 				{/if}
 				<div class="min-w-0 flex-1">
 					<div class="border-l-2 border-l-green-400/30 pl-2 sm:pl-3 text-sm leading-relaxed">
@@ -481,9 +491,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 			</div>
 		{:else if isSystem}
 			<div class="flex items-start gap-1.5 sm:gap-3">
-				<span class="tui-badge tui-badge-system mt-0.5 shrink-0">SYSTEM</span>
+				<span class="tui-badge tui-badge-system mt-0.5 shrink-0">{localize('SYSTEM', '시스템')}</span>
 				{#if event.timestamp}
-					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{new Date(event.timestamp).toLocaleTimeString('en-US', { hour12: false })}</span>
+					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{formatClockTime(event.timestamp)}</span>
 				{/if}
 				<div class="min-w-0 flex-1 text-sm leading-relaxed">
 					<ContentBlockList blocks={event.content.blocks} bind:showFull showJson={true} />
@@ -491,9 +501,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 			</div>
 		{:else}
 			<div class="flex items-start gap-1.5 sm:gap-3">
-				<span class="tui-badge tui-badge-agent mt-0.5 shrink-0">AGENT</span>
+				<span class="tui-badge tui-badge-agent mt-0.5 shrink-0">{localize('AGENT', '에이전트')}</span>
 				{#if event.timestamp}
-					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{new Date(event.timestamp).toLocaleTimeString('en-US', { hour12: false })}</span>
+					<span class="mt-0.5 shrink-0 text-[10px] text-text-muted hidden sm:inline">{formatClockTime(event.timestamp)}</span>
 				{/if}
 				<div class="min-w-0 flex-1 text-sm leading-relaxed">
 					<ContentBlockList blocks={event.content.blocks} bind:showFull showJson={true} />
@@ -510,7 +520,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 			class="group flex w-full items-center gap-1.5 px-2 py-1.5 text-left text-xs transition-colors hover:bg-bg-hover"
 		>
 			<span class="inline-flex text-text-muted transition-transform" class:rotate-90={expanded}>{@html chevronRightIcon}</span>
-			<span class="font-medium text-text-muted group-hover:text-text-secondary">Thinking</span>
+			<span class="font-medium text-text-muted group-hover:text-text-secondary">
+				{localize('Thinking', '사고')}
+			</span>
 			{#if event.duration_ms}
 				<span class="ml-auto shrink-0 font-mono text-[10px] text-text-muted">{event.duration_ms}ms</span>
 			{/if}
@@ -533,7 +545,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 									onclick={() => (showFull = !showFull)}
 									class="mt-1 text-[10px] font-medium text-accent hover:underline"
 								>
-									{showFull ? 'Show less' : 'Show more...'}
+									{showFull ? localize('Show less', '접기') : localize('Show more...', '더 보기...')}
 								</button>
 							{/if}
 						{/if}
@@ -551,7 +563,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 			class="group flex w-full items-center gap-2 border border-accent/30 border-l-4 border-l-accent bg-accent/10 px-3 py-1.5 text-left text-xs transition-colors hover:bg-bg-hover"
 		>
 			<span class="inline-flex text-accent">{@html arrowRightIcon}</span>
-			<span class="flex-1 font-medium text-text-secondary truncate">{subAgentDesc ? truncate(subAgentDesc, CHIP_LABEL_MAX) : 'Sub-agent'}</span>
+			<span class="flex-1 font-medium text-text-secondary truncate">
+				{subAgentDesc ? truncate(subAgentDesc, CHIP_LABEL_MAX) : localize('Sub-agent', '하위 에이전트')}
+			</span>
 			{#if event.duration_ms}
 				<span class="font-mono text-[10px] text-text-muted">{event.duration_ms}ms</span>
 			{/if}
@@ -602,9 +616,9 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 		>
 			{#snippet metaBadge()}
 				{#if isError}
-					<span class="shrink-0 rounded bg-error/20 px-1.5 py-0.5 text-[10px] text-error">error</span>
+					<span class="shrink-0 rounded bg-error/20 px-1.5 py-0.5 text-[10px] text-error">{localize('error', '오류')}</span>
 				{:else if pairedResult && pairedResultIsError}
-					<span class="shrink-0 rounded bg-error/20 px-1.5 py-0.5 text-[10px] text-error">error</span>
+					<span class="shrink-0 rounded bg-error/20 px-1.5 py-0.5 text-[10px] text-error">{localize('error', '오류')}</span>
 				{:else if pairedResult}
 					<span class="shrink-0 font-mono text-[10px] text-success">✓</span>
 				{:else if resultOk}
@@ -624,10 +638,14 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 					<span class="shrink-0 font-mono text-[10px] text-error">↩ {(event.event_type.data as { exit_code?: number }).exit_code}</span>
 				{/if}
 				{#if !metaBadgeText && hasContent && contentLength > 0 && (isShellCommand || eventTypeName === 'WebFetch' || eventTypeName === 'ToolCall' || eventTypeName === 'ToolResult')}
-					<span class="shrink-0 font-mono text-[10px] text-text-muted">{formatContentLength(contentLength)} chars</span>
+					<span class="shrink-0 font-mono text-[10px] text-text-muted">
+						{isKorean ? `${formatContentLength(contentLength)}자` : `${formatContentLength(contentLength)} chars`}
+					</span>
 				{/if}
 				{#if eventTypeName === 'ToolResult' && hasCodeBlock && codeStats}
-					<span class="shrink-0 font-mono text-[10px] text-text-muted">{codeStats.lines} lines</span>
+					<span class="shrink-0 font-mono text-[10px] text-text-muted">
+						{isKorean ? `${codeStats.lines}줄` : `${codeStats.lines} lines`}
+					</span>
 				{/if}
 			{/snippet}
 
@@ -653,7 +671,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 								{/if}
 								{#if question.options.length > 0}
 									<div class="mt-2 text-[10px] font-medium uppercase tracking-wider text-text-muted">
-										Options
+										{localize('Options', '선택지')}
 									</div>
 									<div class="mt-1 space-y-1.5">
 										{#each question.options as option, optionIndex}
@@ -677,7 +695,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 					<div class="space-y-2 p-3">
 						{#if requestUserInputResultPayload.answers.length === 0}
 							<div class="rounded border border-warning/40 bg-warning/10 px-2 py-1.5 text-xs text-warning">
-								No answers found in payload.
+								{localize('No answer was found in the response.', '응답에서 답변을 찾지 못했습니다.')}
 							</div>
 						{:else}
 							{#each requestUserInputResultPayload.answers as answer}
@@ -694,7 +712,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 									{:else if answer.raw}
 										<div class="mt-1.5 whitespace-pre-wrap text-xs text-text-muted">{answer.raw}</div>
 									{:else}
-										<div class="mt-1.5 text-xs text-warning">(no answer)</div>
+										<div class="mt-1.5 text-xs text-warning">{localize('(no answer)', '(응답 없음)')}</div>
 									{/if}
 								</div>
 							{/each}
@@ -728,7 +746,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 										onclick={() => (showFull = !showFull)}
 										class="w-full border-t border-border bg-bg-secondary px-3 py-1.5 text-center text-[10px] font-medium text-accent hover:bg-bg-hover"
 									>
-										{showFull ? 'Collapse' : 'Show more...'}
+										{showFull ? localize('Collapse', '접기') : localize('Show more...', '더 보기...')}
 									</button>
 								{/if}
 							{/if}
@@ -745,12 +763,14 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 				{/if}
 				{#if pairedResult && pairedResult.content.blocks.length > 0}
 					<div class="border-t border-border/50 mt-1">
-						<div class="px-3 py-1 text-[10px] font-medium text-text-muted uppercase tracking-wider bg-bg-secondary/50">Result</div>
+						<div class="px-3 py-1 text-[10px] font-medium text-text-muted uppercase tracking-wider bg-bg-secondary/50">
+							{localize('Result', '결과')}
+						</div>
 						{#if pairedRequestUserInputResultPayload}
 							<div class="space-y-2 p-3">
 								{#if pairedRequestUserInputResultPayload.answers.length === 0}
 									<div class="rounded border border-warning/40 bg-warning/10 px-2 py-1.5 text-xs text-warning">
-										No answers found in payload.
+										{localize('No answer was found in the response.', '응답에서 답변을 찾지 못했습니다.')}
 									</div>
 								{:else}
 									{#each pairedRequestUserInputResultPayload.answers as answer}
@@ -767,7 +787,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 											{:else if answer.raw}
 												<div class="mt-1.5 whitespace-pre-wrap text-xs text-text-muted">{answer.raw}</div>
 											{:else}
-												<div class="mt-1.5 text-xs text-warning">(no answer)</div>
+												<div class="mt-1.5 text-xs text-warning">{localize('(no answer)', '(응답 없음)')}</div>
 											{/if}
 										</div>
 									{/each}
@@ -789,7 +809,7 @@ const fileEditDiff = $derived(eventTypeName === 'FileEdit' ? extractFileEditDiff
 												onclick={() => (showFull = !showFull)}
 												class="w-full border-t border-border bg-bg-secondary px-3 py-1.5 text-center text-[10px] font-medium text-accent hover:bg-bg-hover"
 											>
-												{showFull ? 'Collapse' : 'Show more...'}
+												{showFull ? localize('Collapse', '접기') : localize('Show more...', '더 보기...')}
 											</button>
 										{/if}
 									{/if}
diff --git a/packages/ui/src/components/FieldHelp.svelte b/packages/ui/src/components/FieldHelp.svelte
index a4369792..52d48ac5 100644
--- a/packages/ui/src/components/FieldHelp.svelte
+++ b/packages/ui/src/components/FieldHelp.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
+
 const {
 	label,
 	help,
@@ -26,6 +28,8 @@ function showHelp() {
 function hideHelp() {
 	open = false;
 }
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 {#if inline}
@@ -42,7 +46,7 @@ function hideHelp() {
 				onkeydown={(event) => {
 					if (event.key === 'Escape') hideHelp();
 				}}
-				aria-label={`${label} help`}
+				aria-label={isKorean ? `${label} 도움말` : `${label} help`}
 				aria-expanded={open}
 				aria-describedby={open ? tooltipId() : undefined}
 				data-testid={testId}
@@ -72,7 +76,7 @@ function hideHelp() {
 				onkeydown={(event) => {
 					if (event.key === 'Escape') hideHelp();
 				}}
-				aria-label={`${label} help`}
+				aria-label={isKorean ? `${label} 도움말` : `${label} help`}
 				aria-expanded={open}
 				aria-describedby={open ? tooltipId() : undefined}
 				data-testid={testId}
diff --git a/packages/ui/src/components/FloatingJobStatus.svelte b/packages/ui/src/components/FloatingJobStatus.svelte
index 90503ab7..5ce1bf72 100644
--- a/packages/ui/src/components/FloatingJobStatus.svelte
+++ b/packages/ui/src/components/FloatingJobStatus.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+import { appLocale, translate } from '../i18n';
+
 type FloatingJob = {
 	id: string;
 	label: string;
@@ -21,10 +23,18 @@ const {
 			>
 				<div class="flex items-center gap-2">
 					<span class="h-2 w-2 animate-pulse rounded-full bg-accent"></span>
-					<p class="text-xs font-semibold text-text-primary">{job.label}</p>
+					<p class="text-xs font-semibold text-text-primary">
+						{job.id === 'session-refresh'
+							? translate($appLocale, 'sessionList.refreshJobLabel')
+							: job.label}
+					</p>
 				</div>
 				{#if job.detail}
-					<p class="mt-1 text-[11px] text-text-secondary">{job.detail}</p>
+					<p class="mt-1 text-[11px] text-text-secondary">
+						{job.id === 'session-refresh'
+							? translate($appLocale, 'sessionList.refreshJobDetail')
+							: job.detail}
+					</p>
 				{/if}
 			</div>
 		{/each}
diff --git a/packages/ui/src/components/LandingPage.svelte b/packages/ui/src/components/LandingPage.svelte
index 71b9ee8b..bd5c02ee 100644
--- a/packages/ui/src/components/LandingPage.svelte
+++ b/packages/ui/src/components/LandingPage.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+import { appLocale, translate } from '../i18n';
+
 const {
 	onNavigate = (_path: string) => {},
 }: {
@@ -17,42 +19,51 @@ type GoalCard = {
 	proof: string;
 };
 
-const goalCards: GoalCard[] = [
+const goalCards = $derived.by((): GoalCard[] => [
 	{
 		id: 'data',
-		title: 'Every Session Is Data',
-		summary:
-			'Messages, tool calls, diffs, corrections, and outcomes are stored as structured events.',
-		proof: 'The same records are available in CLI, TUI, and web.',
+		title: translate($appLocale, 'landing.goal.data.title'),
+		summary: translate($appLocale, 'landing.goal.data.summary'),
+		proof: translate($appLocale, 'landing.goal.data.proof'),
 	},
 	{
 		id: 'review',
-		title: 'Review What Actually Happened',
-		summary: 'Use timeline view to check which tools ran, what changed, and where context shifted.',
-		proof: 'Decisions can be verified from events, not memory.',
+		title: translate($appLocale, 'landing.goal.review.title'),
+		summary: translate($appLocale, 'landing.goal.review.summary'),
+		proof: translate($appLocale, 'landing.goal.review.proof'),
 	},
 	{
 		id: 'share',
-		title: 'Git-Native Sharing',
-		summary:
-			'Sessions are versioned, reviewed, and referenced by commit through normal git history.',
-		proof: 'Sharing uses standard refs and regular repository workflows.',
+		title: translate($appLocale, 'landing.goal.share.title'),
+		summary: translate($appLocale, 'landing.goal.share.summary'),
+		proof: translate($appLocale, 'landing.goal.share.proof'),
 	},
 	{
 		id: 'handoff',
-		title: 'Reproducible Handoffs',
-		summary:
-			'Handoffs use the same session records, so the next owner can continue from the same state.',
-		proof: 'No separate handoff summary is required as source of truth.',
+		title: translate($appLocale, 'landing.goal.handoff.title'),
+		summary: translate($appLocale, 'landing.goal.handoff.summary'),
+		proof: translate($appLocale, 'landing.goal.handoff.proof'),
 	},
-];
+]);
 
-const operatingLoop = [
-	{ label: 'Record', detail: 'Capture sessions as structured artifacts, not screenshots.' },
-	{ label: 'Inspect', detail: 'Review timeline evidence to understand behavior and outcomes.' },
-	{ label: 'Share', detail: 'Distribute reproducible artifacts through web and git refs.' },
-	{ label: 'Refine', detail: 'Use findings to improve prompts, tools, and ownership transfer.' },
-];
+const operatingLoop = $derived.by(() => [
+	{
+		label: translate($appLocale, 'landing.loop.record.label'),
+		detail: translate($appLocale, 'landing.loop.record.detail'),
+	},
+	{
+		label: translate($appLocale, 'landing.loop.inspect.label'),
+		detail: translate($appLocale, 'landing.loop.inspect.detail'),
+	},
+	{
+		label: translate($appLocale, 'landing.loop.share.label'),
+		detail: translate($appLocale, 'landing.loop.share.detail'),
+	},
+	{
+		label: translate($appLocale, 'landing.loop.refine.label'),
+		detail: translate($appLocale, 'landing.loop.refine.detail'),
+	},
+]);
 
 let compactDesktopLanding = $state(false);
 
@@ -70,20 +81,21 @@ $effect(() => {
 </script>
 
 <svelte:head>
-	<title>OpenSession - Version Control for AI Work</title>
+	<title>{translate($appLocale, 'landing.title')}</title>
 </svelte:head>
 
 <div class="landing-stage mx-auto w-full max-w-6xl px-3 py-8 sm:px-6 sm:py-10" data-testid="landing-page">
 	<section class="hero-panel p-5 sm:p-6">
 		<div class="grid gap-6 lg:grid-cols-[1.1fr_0.9fr] lg:gap-8">
 			<div class="space-y-4">
-				<p class="stage-kicker text-[11px] uppercase tracking-[0.18em] text-text-muted">version control for ai work</p>
+				<p class="stage-kicker text-[11px] uppercase tracking-[0.18em] text-text-muted">
+					{translate($appLocale, 'landing.kicker')}
+				</p>
 				<h1 class="stage-title text-4xl leading-[0.92] text-text-primary sm:text-5xl lg:text-6xl">
-					Version Control for AI Work.
+					{translate($appLocale, 'landing.heroTitle')}
 				</h1>
 				<p class="max-w-xl text-sm leading-relaxed text-text-secondary sm:text-base" data-testid="landing-hero-copy">
-					AI coding sessions are easy to lose. Context disappears, handoffs degrade, and screenshots replace evidence.
-					OpenSession turns AI sessions into structured, replayable artifacts.
+					{translate($appLocale, 'landing.heroCopy')}
 				</p>
 					<div class="flex flex-wrap gap-2">
 						<button
@@ -91,42 +103,42 @@ $effect(() => {
 							onclick={() => onNavigate('/sessions')}
 							class="stage-cta bg-accent px-4 py-2 text-xs font-semibold text-white transition-colors hover:bg-accent/85"
 						>
-							Open Sessions
+							{translate($appLocale, 'landing.openSessions')}
 						</button>
 						<button
 							type="button"
 							onclick={() => onNavigate('/docs#getting-started')}
 							class="stage-cta bg-warning px-4 py-2 text-xs font-semibold text-text-primary transition-colors hover:bg-warning/85"
 						>
-							Beginner Quick Start
+							{translate($appLocale, 'landing.quickStart')}
 						</button>
 						<button
 							type="button"
 							onclick={() => onNavigate('/docs')}
 							class="stage-cta border border-border px-4 py-2 text-xs font-semibold text-text-secondary transition-colors hover:border-accent hover:text-accent"
 						>
-						Open Docs
+						{translate($appLocale, 'landing.openDocs')}
 					</button>
 				</div>
 			</div>
 
 			<div class="stage-note border border-border bg-bg-primary/65 p-4">
 				<p class="mb-3 text-xs font-semibold uppercase tracking-[0.12em] text-text-muted">
-					What That Means
+					{translate($appLocale, 'landing.whatMeans')}
 				</p>
 				<ul class="space-y-2">
-					<li class="text-sm text-text-secondary">Timeline view instead of screenshot-based review.</li>
-					<li class="text-sm text-text-secondary">Git-based sharing with commit-level references.</li>
-					<li class="text-sm text-text-secondary">Handoffs tied to the same session records.</li>
+					<li class="text-sm text-text-secondary">{translate($appLocale, 'landing.timelineReview')}</li>
+					<li class="text-sm text-text-secondary">{translate($appLocale, 'landing.gitSharing')}</li>
+					<li class="text-sm text-text-secondary">{translate($appLocale, 'landing.handoffs')}</li>
 				</ul>
 				<div class="mt-4 grid gap-2 sm:grid-cols-2">
 					<div class="signal-chip border border-border px-2 py-2 text-[11px] text-text-secondary">
-						<span class="block text-text-muted">Session Model</span>
-						<span class="block text-text-primary">Structured Events</span>
+						<span class="block text-text-muted">{translate($appLocale, 'landing.sessionModel')}</span>
+						<span class="block text-text-primary">{translate($appLocale, 'landing.structuredEvents')}</span>
 					</div>
 					<div class="signal-chip border border-border px-2 py-2 text-[11px] text-text-secondary">
-						<span class="block text-text-muted">Work Loop</span>
-						<span class="block text-text-primary">Record -> Inspect -> Share -> Refine</span>
+						<span class="block text-text-muted">{translate($appLocale, 'landing.workLoop')}</span>
+						<span class="block text-text-primary">{translate($appLocale, 'landing.workLoopValue')}</span>
 					</div>
 				</div>
 			</div>
@@ -135,14 +147,20 @@ $effect(() => {
 
 	{#if !compactDesktopLanding}
 		<section data-contract-section="goal-map" class="mise-panel mt-6 p-4 sm:p-5">
-			<div class="mb-3 text-xs uppercase tracking-[0.12em] text-text-muted">$ goal-map</div>
-			<h2 class="section-title mb-4 text-2xl text-text-primary sm:text-3xl">What This Means</h2>
+			<div class="mb-3 text-xs uppercase tracking-[0.12em] text-text-muted">
+				{translate($appLocale, 'landing.goalMapTag')}
+			</div>
+			<h2 class="section-title mb-4 text-2xl text-text-primary sm:text-3xl">
+				{translate($appLocale, 'landing.goalMapTitle')}
+			</h2>
 			<div class="grid gap-3 md:grid-cols-2">
 				{#each goalCards as card}
 					<article class="mise-card border border-border bg-bg-secondary/70 p-4" data-goal-id={card.id}>
 						<div class="mb-2 flex items-center justify-between">
 							<span class="text-xs text-accent">{card.id}</span>
-							<span class="text-[11px] uppercase text-text-muted">Goal</span>
+							<span class="text-[11px] uppercase text-text-muted">
+								{translate($appLocale, 'landing.goalLabel')}
+							</span>
 						</div>
 						<h3 class="text-base font-semibold text-text-primary">{card.title}</h3>
 						<p class="mt-2 text-xs leading-relaxed text-text-secondary">{card.summary}</p>
@@ -153,12 +171,18 @@ $effect(() => {
 		</section>
 
 		<section data-contract-section="operating-loop" class="mise-panel mt-6 p-4 sm:p-5">
-			<div class="mb-3 text-xs uppercase tracking-[0.12em] text-text-muted">$ operating-loop</div>
-			<h2 class="section-title mb-4 text-2xl text-text-primary sm:text-3xl">Work Loop</h2>
+			<div class="mb-3 text-xs uppercase tracking-[0.12em] text-text-muted">
+				{translate($appLocale, 'landing.operatingLoopTag')}
+			</div>
+			<h2 class="section-title mb-4 text-2xl text-text-primary sm:text-3xl">
+				{translate($appLocale, 'landing.operatingLoopTitle')}
+			</h2>
 			<div class="grid gap-3 md:grid-cols-2 xl:grid-cols-4">
 				{#each operatingLoop as step, idx}
 					<div class="mise-card border border-border bg-bg-secondary/70 p-3" data-flow-step={step.label}>
-						<div class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Step {idx + 1}</div>
+						<div class="text-[11px] uppercase tracking-[0.08em] text-text-muted">
+							{translate($appLocale, 'landing.step', { number: idx + 1 })}
+						</div>
 						<div class="mt-1 text-sm font-semibold text-text-primary">{step.label}</div>
 						<p class="mt-2 text-xs leading-relaxed text-text-secondary">{step.detail}</p>
 					</div>
diff --git a/packages/ui/src/components/LanguageModePicker.svelte b/packages/ui/src/components/LanguageModePicker.svelte
new file mode 100644
index 00000000..95df9f03
--- /dev/null
+++ b/packages/ui/src/components/LanguageModePicker.svelte
@@ -0,0 +1,54 @@
+<script lang="ts">
+import {
+	appLocale,
+	languageMode,
+	setLanguagePreference,
+	translate,
+} from '../i18n';
+
+const {
+	compact = false,
+}: {
+	compact?: boolean;
+} = $props();
+
+const options = [
+	{ value: 'system', labelKey: 'language.mode.system', shortKey: 'language.short.system' },
+	{ value: 'en', labelKey: 'language.mode.en', shortKey: 'language.short.en' },
+	{ value: 'ko', labelKey: 'language.mode.ko', shortKey: 'language.short.ko' },
+] as const;
+</script>
+
+<div class:items-center={compact} class="flex flex-wrap gap-1">
+	{#each options as option}
+		<button
+			type="button"
+			onclick={() => setLanguagePreference(option.value)}
+			class={`rounded border px-2 py-1 text-xs transition-colors ${
+				$languageMode === option.value
+					? 'border-accent bg-accent/10 text-accent'
+					: 'border-border bg-bg-secondary text-text-secondary hover:text-text-primary'
+			}`}
+			aria-label={translate($appLocale, option.labelKey)}
+			title={translate($appLocale, option.labelKey)}
+		>
+			{translate($appLocale, option.shortKey)}
+		</button>
+	{/each}
+</div>
+
+{#if !compact}
+	<p class="mt-2 text-xs text-text-secondary">
+		{translate($appLocale, 'language.help')}
+	</p>
+	<p class="mt-1 text-[11px] text-text-muted">
+		{translate($appLocale, 'language.current', {
+			locale:
+				$languageMode === 'system'
+					? translate($appLocale, 'language.platform')
+					: $languageMode === 'en'
+						? translate($appLocale, 'language.mode.en')
+						: translate($appLocale, 'language.mode.ko'),
+		})}
+	</p>
+{/if}
diff --git a/packages/ui/src/components/LanguageSettingsPanel.svelte b/packages/ui/src/components/LanguageSettingsPanel.svelte
new file mode 100644
index 00000000..52010354
--- /dev/null
+++ b/packages/ui/src/components/LanguageSettingsPanel.svelte
@@ -0,0 +1,16 @@
+<script lang="ts">
+import { appLocale, translate } from '../i18n';
+import LanguageModePicker from './LanguageModePicker.svelte';
+</script>
+
+<section class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl">
+	<h2 class="text-sm font-semibold text-text-primary">
+		{translate($appLocale, 'settings.languageSection')}
+	</h2>
+	<p class="mt-1 text-xs text-text-secondary">
+		{translate($appLocale, 'settings.languageDescription')}
+	</p>
+	<div class="mt-3">
+		<LanguageModePicker />
+	</div>
+</section>
diff --git a/packages/ui/src/components/LoginPage.svelte b/packages/ui/src/components/LoginPage.svelte
index b06ba110..91b56b22 100644
--- a/packages/ui/src/components/LoginPage.svelte
+++ b/packages/ui/src/components/LoginPage.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
 import { ApiError, authLogin, authRegister, getAuthProviders, getOAuthUrl } from '../api';
+import { appLocale, translate } from '../i18n';
 import type { OAuthProviderInfo } from '../types';
 
 const {
@@ -55,14 +56,17 @@ async function handleSubmit() {
 				return;
 			} catch (registerError) {
 				if (registerError instanceof ApiError && registerError.status === 409) {
-					error = 'Invalid email or password';
+					error = translate($appLocale, 'login.invalid');
 				} else {
-					error = registerError instanceof Error ? registerError.message : 'Authentication failed';
+					error =
+						registerError instanceof Error
+							? registerError.message
+							: translate($appLocale, 'login.failed');
 				}
 				return;
 			}
 		}
-		error = e instanceof Error ? e.message : 'Authentication failed';
+		error = e instanceof Error ? e.message : translate($appLocale, 'login.failed');
 	} finally {
 		loading = false;
 	}
@@ -70,41 +74,49 @@ async function handleSubmit() {
 </script>
 
 <svelte:head>
-	<title>Sign In - opensession.io</title>
+	<title>{translate($appLocale, 'login.title')}</title>
 </svelte:head>
 
 <div class="mx-auto w-full max-w-sm px-3 py-10 sm:px-0">
-	<h1 class="mb-6 text-center text-lg font-bold text-text-primary">Sign In</h1>
-	<p class="mb-4 text-center text-xs text-text-muted">New accounts are created automatically on first sign in.</p>
+	<h1 class="mb-6 text-center text-lg font-bold text-text-primary">
+		{translate($appLocale, 'login.heading')}
+	</h1>
+	<p class="mb-4 text-center text-xs text-text-muted">
+		{translate($appLocale, 'login.subheading')}
+	</p>
 
 	{#if emailPasswordEnabled}
 		<form onsubmit={(e) => { e.preventDefault(); handleSubmit(); }} class="space-y-3">
 			<div>
-				<label for="login-email" class="sr-only">Email</label>
+				<label for="login-email" class="sr-only">{translate($appLocale, 'login.email')}</label>
 				<input
 					id="login-email"
 					type="email"
-					placeholder="Email"
+					placeholder={translate($appLocale, 'login.email')}
 					bind:value={email}
 					class="w-full border border-border bg-bg-primary px-3 py-2 text-xs text-text-primary placeholder-text-muted outline-none focus:border-accent"
 				/>
 			</div>
 			<div>
-				<label for="login-password" class="sr-only">Password</label>
+				<label for="login-password" class="sr-only">
+					{translate($appLocale, 'login.password')}
+				</label>
 				<input
 					id="login-password"
 					type="password"
-					placeholder="Password"
+					placeholder={translate($appLocale, 'login.password')}
 					bind:value={password}
 					class="w-full border border-border bg-bg-primary px-3 py-2 text-xs text-text-primary placeholder-text-muted outline-none focus:border-accent"
 				/>
 			</div>
 			<div>
-				<label for="login-nickname" class="sr-only">Nickname (optional)</label>
+				<label for="login-nickname" class="sr-only">
+					{translate($appLocale, 'login.nickname')}
+				</label>
 				<input
 					id="login-nickname"
 					type="text"
-					placeholder="Nickname (optional, first sign in only)"
+					placeholder={translate($appLocale, 'login.nicknamePlaceholder')}
 					bind:value={nickname}
 					class="w-full border border-border bg-bg-primary px-3 py-2 text-xs text-text-primary placeholder-text-muted outline-none focus:border-accent"
 				/>
@@ -119,7 +131,7 @@ async function handleSubmit() {
 				disabled={loading || !email.trim() || !password}
 				class="w-full bg-accent px-3 py-2 text-xs font-medium text-white hover:bg-accent/80 disabled:opacity-50"
 			>
-				{loading ? 'Signing in...' : 'Continue'}
+				{loading ? translate($appLocale, 'login.signingIn') : translate($appLocale, 'login.continue')}
 			</button>
 		</form>
 	{/if}
@@ -127,7 +139,7 @@ async function handleSubmit() {
 	{#if emailPasswordEnabled && oauthProviders.length > 0}
 		<div class="my-4 flex items-center gap-3">
 			<div class="flex-1 border-t border-border"></div>
-			<span class="text-xs text-text-muted">or</span>
+			<span class="text-xs text-text-muted">{translate($appLocale, 'login.or')}</span>
 			<div class="flex-1 border-t border-border"></div>
 		</div>
 	{/if}
@@ -137,13 +149,13 @@ async function handleSubmit() {
 			href={getOAuthUrl(provider.id)}
 			class="mb-2 block w-full border border-border bg-bg-secondary px-3 py-2 text-center text-xs text-text-primary hover:bg-bg-hover"
 		>
-			Continue with {provider.display_name}
+			{translate($appLocale, 'login.continueWith', { provider: provider.display_name })}
 		</a>
 	{/each}
 
 	{#if authUnavailable}
 		<p data-testid="auth-unavailable" class="mb-3 text-xs text-text-muted">
-			Authentication is not available in this deployment.
+			{translate($appLocale, 'login.unavailable')}
 		</p>
 	{/if}
 </div>
diff --git a/packages/ui/src/components/ParseSourceBanner.svelte b/packages/ui/src/components/ParseSourceBanner.svelte
index 82bb481c..81759694 100644
--- a/packages/ui/src/components/ParseSourceBanner.svelte
+++ b/packages/ui/src/components/ParseSourceBanner.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
 import type { ParseSource } from '../types';
 
 const {
@@ -20,16 +21,22 @@ const sourceLabel = $derived.by(() => {
 	}
 	return source.filename;
 });
+
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 </script>
 
 <section class="mb-2 border border-border bg-bg-secondary px-3 py-2 text-xs">
 	<div class="flex flex-wrap items-center gap-2 text-text-secondary">
-		<span class="font-semibold text-text-primary">Source</span>
+		<span class="font-semibold text-text-primary">{localize('Source', '소스')}</span>
 		<span>{source.kind}</span>
 		<span>&middot;</span>
 		<span class="break-all">{sourceLabel}</span>
 		<span>&middot;</span>
-		<span>parser: <span class="text-text-primary">{parserUsed}</span></span>
+		<span>{localize('parser:', '파서:')} <span class="text-text-primary">{parserUsed}</span></span>
 	</div>
 
 	{#if warnings.length > 0}
diff --git a/packages/ui/src/components/ParserSelectPanel.svelte b/packages/ui/src/components/ParserSelectPanel.svelte
index 60825dd7..64a58d41 100644
--- a/packages/ui/src/components/ParserSelectPanel.svelte
+++ b/packages/ui/src/components/ParserSelectPanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
 import type { ParseCandidate } from '../types';
 
 const {
@@ -12,12 +13,23 @@ const {
 	loading?: boolean;
 	onSelect?: (parserId: string) => void;
 } = $props();
+
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 </script>
 
 <section class="border border-border bg-bg-secondary p-3">
-	<h2 class="text-sm font-semibold text-text-primary">Parser selection required</h2>
+	<h2 class="text-sm font-semibold text-text-primary">
+		{localize('Parser selection required', '파서 선택이 필요합니다')}
+	</h2>
 	<p class="mt-1 text-xs text-text-secondary">
-		Auto-detection could not produce a stable parse. Select a parser and retry.
+		{localize(
+			'Auto-detection could not produce a stable parse. Select a parser and retry.',
+			'자동 감지로 안정적인 파싱 결과를 만들지 못했습니다. 파서를 선택한 뒤 다시 시도하세요.',
+		)}
 	</p>
 
 	<div class="mt-3 grid gap-2">
@@ -31,7 +43,7 @@ const {
 					<div class="font-medium text-text-primary">
 						{candidate.id}
 						{#if parserHint === candidate.id}
-							<span class="ml-1 text-accent">(selected)</span>
+							<span class="ml-1 text-accent">{localize('(selected)', '(선택됨)')}</span>
 						{/if}
 					</div>
 					<div class="truncate text-text-muted">{candidate.reason}</div>
diff --git a/packages/ui/src/components/SessionCard.svelte b/packages/ui/src/components/SessionCard.svelte
index a509b6e2..c2b78744 100644
--- a/packages/ui/src/components/SessionCard.svelte
+++ b/packages/ui/src/components/SessionCard.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
 import { truncate } from '../event-helpers';
+import { appLocale, translate } from '../i18n';
 import { getSessionActorLabel, getSessionModelLabel } from '../session-presentation';
 import type { SessionSummary } from '../types';
 import { formatDuration, formatTimestamp, getToolConfig } from '../types';
@@ -69,18 +70,18 @@ const modelLabel = $derived(getSessionModelLabel(session));
 
 	{#if compact}
 		<span class="hidden shrink-0 text-text-muted lg:inline">
-			{session.message_count} msgs
+			{translate($appLocale, 'sessionList.messagesShort', { count: session.message_count })}
 		</span>
 		<span class="hidden shrink-0 text-text-muted xl:inline">
-			{session.event_count} events
+			{translate($appLocale, 'sessionList.events', { count: session.event_count })}
 		</span>
 	{:else}
 		<!-- Stats -->
 		<span class="hidden shrink-0 text-text-muted lg:inline">
-			{session.message_count} messages
+			{translate($appLocale, 'sessionList.messagesLong', { count: session.message_count })}
 		</span>
 		<span class="hidden shrink-0 text-text-muted lg:inline">
-			{session.event_count} events
+			{translate($appLocale, 'sessionList.events', { count: session.event_count })}
 		</span>
 	{/if}
 	<span class="shrink-0 text-text-muted">
diff --git a/packages/ui/src/components/SessionDetailPage.svelte b/packages/ui/src/components/SessionDetailPage.svelte
index f2e60c7e..1917b4f1 100644
--- a/packages/ui/src/components/SessionDetailPage.svelte
+++ b/packages/ui/src/components/SessionDetailPage.svelte
@@ -10,6 +10,7 @@ import {
 	regenerateSessionSemanticSummary,
 } from '../api';
 import { prepareTimelineEvents } from '../event-helpers';
+import { appLocale } from '../i18n';
 import {
 	askSessionChangesSurface,
 	loadSessionDetailState,
@@ -69,6 +70,11 @@ let branchFilters = $state(new Set<string>());
 let nativeFilters = $state(new Set<string>());
 let initializedForSessionId = $state<string | null>(null);
 const ALL_FILTER_KEY = 'all';
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 
 function toggleUnifiedFilter(key: string) {
 	unifiedFilters = toggleAllBackedFilter(unifiedFilters, key, ALL_FILTER_KEY);
@@ -226,7 +232,10 @@ function decodeBase64Audio(base64: string): Uint8Array {
 async function handlePlayChangeReaderVoice() {
 	const source = (changeReaderAnswer ?? changeReaderNarrative ?? '').trim();
 	if (!source) {
-		changeReaderVoiceError = '먼저 Read Changes 또는 Ask를 실행해 주세요.';
+		changeReaderVoiceError = localize(
+			'Run Read summary or Ask first.',
+			'먼저 변경 내용 읽기 또는 질문을 실행하세요.',
+		);
 		return;
 	}
 	changeReaderVoicePending = true;
@@ -247,7 +256,7 @@ async function handlePlayChangeReaderVoice() {
 		};
 		audio.onerror = () => {
 			changeReaderVoicePlaying = false;
-			changeReaderVoiceError = '음성 재생에 실패했습니다.';
+			changeReaderVoiceError = localize('Voice playback failed.', '음성 재생에 실패했습니다.');
 		};
 		changeReaderVoicePlaying = true;
 		await audio.play();
@@ -255,7 +264,7 @@ async function handlePlayChangeReaderVoice() {
 			changeReaderVoiceWarning = payload.warning;
 		}
 	} catch (e) {
-		changeReaderVoiceError = e instanceof Error ? e.message : 'Failed to synthesize voice';
+		changeReaderVoiceError = e instanceof Error ? e.message : localize('Failed to synthesize voice.', '음성 합성에 실패했습니다.');
 		changeReaderVoicePlaying = false;
 	} finally {
 		changeReaderVoicePending = false;
@@ -339,21 +348,35 @@ $effect(() => {
 </script>
 
 {#if loading}
-	<div class="py-16 text-center text-xs text-text-muted">Loading session...</div>
+	<div class="py-16 text-center text-xs text-text-muted">{localize('Loading session...', '세션을 불러오는 중...')}</div>
 {:else if error}
 	<div class="py-16 text-center">
 		{#if errorCode === 'desktop_contract_mismatch'}
-			<p class="text-xs text-error">Desktop runtime and UI bundle contract versions do not match.</p>
-			<p class="mt-1 text-xs text-text-muted">Update desktop app/runtime and reopen this session.</p>
+			<p class="text-xs text-error">
+				{localize(
+					'Desktop runtime and UI bundle contract versions do not match.',
+					'데스크톱 런타임과 UI 번들 계약 버전이 일치하지 않습니다.',
+				)}
+			</p>
+			<p class="mt-1 text-xs text-text-muted">
+				{localize(
+					'Update desktop app/runtime and reopen this session.',
+					'데스크톱 앱/런타임을 업데이트한 뒤 이 세션을 다시 열어 주세요.',
+				)}
+			</p>
 		{:else}
 			<p class="text-xs text-error">{error}</p>
 		{/if}
-		<a href="/sessions" class="mt-2 inline-block text-xs text-accent hover:underline">Back to feed</a>
+		<a href="/sessions" class="mt-2 inline-block text-xs text-accent hover:underline">
+			{localize('Back to sessions', '세션 목록으로 돌아가기')}
+		</a>
 	</div>
 {:else if session}
 	<section class="mb-3 rounded border border-border bg-bg-secondary p-3" data-testid="session-detail-view-switch">
 		<div class="flex flex-wrap items-center gap-2">
-			<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">View</p>
+			<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">
+				{localize('View', '보기')}
+			</p>
 			<div class="inline-flex rounded border border-border bg-bg-primary p-0.5">
 				<button
 					type="button"
@@ -362,7 +385,7 @@ $effect(() => {
 					data-testid="session-detail-view-summary"
 					onclick={() => (detailView = 'summary')}
 				>
-					요약
+					{localize('Summary', '요약')}
 				</button>
 				<button
 					type="button"
@@ -371,7 +394,7 @@ $effect(() => {
 					data-testid="session-detail-view-full"
 					onclick={() => (detailView = 'full')}
 				>
-					전체
+					{localize('Full', '전체')}
 				</button>
 			</div>
 		</div>
@@ -381,9 +404,16 @@ $effect(() => {
 		<section class="mb-3 space-y-3 rounded border border-border bg-bg-secondary p-3" data-testid="semantic-summary-card">
 			<div class="flex flex-wrap items-center justify-between gap-3">
 				<div>
-					<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Semantic Summary</p>
+					<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">
+						{localize('Semantic Summary', '시맨틱 요약')}
+					</p>
 					{#if semanticSummary?.generation_kind === 'heuristic_fallback'}
-						<p class="mt-1 text-xs text-warning">Heuristic fallback · 변경 신호가 제한되어 간략 요약을 표시합니다.</p>
+						<p class="mt-1 text-xs text-warning">
+							{localize(
+								'Heuristic fallback · limited change signals produced a compact summary.',
+								'휴리스틱 대체 · 변경 신호가 제한되어 간략 요약을 표시합니다.',
+							)}
+						</p>
 					{:else if semanticSummary?.source_kind}
 						<p class="mt-1 text-xs text-text-secondary">
 							source={semanticSummary.source_kind}
@@ -399,32 +429,32 @@ $effect(() => {
 					onclick={regenerateSummary}
 					disabled={summaryRegenerating}
 				>
-					{summaryRegenerating ? 'Regenerating…' : 'Regenerate'}
+					{summaryRegenerating ? localize('Regenerating…', '다시 생성하는 중...') : localize('Regenerate', '다시 생성')}
 				</button>
 			</div>
 
 			{#if summaryLoading}
-				<p class="text-xs text-text-muted">Loading semantic summary...</p>
+				<p class="text-xs text-text-muted">{localize('Loading semantic summary...', '시맨틱 요약을 불러오는 중...')}</p>
 			{:else if summaryError}
 				<p class="text-xs text-error">{summaryError}</p>
 			{:else if semanticPayload}
 				<div class="grid gap-3 md:grid-cols-2">
 					<div>
-						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Changes</p>
-						<p class="mt-1 text-xs text-text-primary">{semanticPayload.changes ?? '(none)'}</p>
+						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Changes', '변경 사항')}</p>
+						<p class="mt-1 text-xs text-text-primary">{semanticPayload.changes ?? localize('(none)', '(없음)')}</p>
 					</div>
 					<div>
-						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Auth/Security</p>
-						<p class="mt-1 text-xs text-text-primary">{semanticPayload.auth_security ?? '(none)'}</p>
+						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Auth/Security', '인증/보안')}</p>
+						<p class="mt-1 text-xs text-text-primary">{semanticPayload.auth_security ?? localize('(none)', '(없음)')}</p>
 					</div>
 				</div>
 				<div>
-					<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Layer/File Changes</p>
+					<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Layer/File Changes', '레이어/파일 변경')}</p>
 					{#if semanticPayload.layer_file_changes?.length}
 						<div class="mt-2 space-y-2">
 							{#each semanticPayload.layer_file_changes as item}
 								<div class="rounded border border-border/70 p-2">
-									<div class="text-xs font-medium text-text-primary">{item.layer ?? '(unknown layer)'}</div>
+									<div class="text-xs font-medium text-text-primary">{item.layer ?? localize('(unknown layer)', '(알 수 없는 레이어)')}</div>
 									<div class="mt-1 text-xs text-text-secondary">{item.summary ?? ''}</div>
 									{#if item.files?.length}
 										<div class="mt-1 text-[11px] text-text-muted">{item.files.join(', ')}</div>
@@ -433,37 +463,44 @@ $effect(() => {
 							{/each}
 						</div>
 					{:else}
-						<p class="mt-1 text-xs text-text-muted">변경 신호가 부족해 레이어/파일 요약을 만들지 못했습니다.</p>
+						<p class="mt-1 text-xs text-text-muted">
+							{localize(
+								'Not enough change signals were available to build a layer/file summary.',
+								'변경 신호가 부족해 레이어/파일 요약을 만들지 못했습니다.',
+							)}
+						</p>
 					{/if}
 				</div>
 				{#if semanticDiffTree.length}
 					<div>
-						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Diff Tree</p>
+						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Diff Tree', 'Diff 트리')}</p>
 						<div class="mt-2 space-y-2">
 							{#each semanticDiffTree as layer}
 								<details class="rounded border border-border/70 p-2" open={layer.file_count != null && layer.file_count <= 5}>
 									<summary class="cursor-pointer text-xs text-text-primary">
-										{layer.layer ?? '(layer)'} · files={layer.file_count ?? 0} · +{layer.lines_added ?? 0}/-{layer.lines_removed ?? 0}
+										{layer.layer ?? localize('(layer)', '(레이어)')} · {localize('files', '파일')}={layer.file_count ?? 0} · +{layer.lines_added ?? 0}/-{layer.lines_removed ?? 0}
 									</summary>
 									<div class="mt-2 space-y-2">
 										{#each layer.files ?? [] as file}
 											<details class="rounded border border-border/60 p-2" open={!file.is_large}>
 												<summary class="cursor-pointer text-[11px] text-text-secondary">
-													{file.path ?? '(file)'} [{file.operation ?? 'edit'}] +{file.lines_added ?? 0}/-{file.lines_removed ?? 0}
+													{file.path ?? localize('(file)', '(파일)')} [{file.operation ?? localize('edit', '수정')}] +{file.lines_added ?? 0}/-{file.lines_removed ?? 0}
 													{#if file.is_large}
-														· large
+														· {localize('large', '대형')}
 													{/if}
 												</summary>
 												{#if file.hunks?.length}
 													<div class="mt-2 space-y-1">
 														{#each file.hunks as hunk}
 															<div class="rounded border border-border/50 bg-bg-primary p-2">
-																<div class="text-[11px] font-mono text-text-muted">{hunk.header ?? '(hunk)'}</div>
+																<div class="text-[11px] font-mono text-text-muted">{hunk.header ?? localize('(hunk)', '(청크)')}</div>
 																{#if hunk.lines?.length}
 																	<pre class="mt-1 overflow-x-auto whitespace-pre-wrap text-[11px] text-text-secondary">{hunk.lines.join('\n')}</pre>
 																{/if}
 																{#if (hunk.omitted_lines ?? 0) > 0}
-																	<div class="mt-1 text-[11px] text-text-muted">… {hunk.omitted_lines} lines omitted</div>
+																	<div class="mt-1 text-[11px] text-text-muted">
+																		{isKorean ? `… ${hunk.omitted_lines}줄 생략` : `… ${hunk.omitted_lines} lines omitted`}
+																	</div>
 																{/if}
 															</div>
 														{/each}
@@ -478,10 +515,10 @@ $effect(() => {
 					</div>
 				{/if}
 				{#if semanticSummary?.error && semanticSummary.error !== 'no usable summary signals found'}
-					<p class="text-xs text-warning">generation note: {semanticSummary.error}</p>
+					<p class="text-xs text-warning">{localize('generation note:', '생성 메모:')} {semanticSummary.error}</p>
 				{/if}
 			{:else}
-				<p class="text-xs text-text-muted">No semantic summary generated yet.</p>
+				<p class="text-xs text-text-muted">{localize('No semantic summary generated yet.', '아직 시맨틱 요약이 생성되지 않았습니다.')}</p>
 			{/if}
 		</section>
 
@@ -489,14 +526,19 @@ $effect(() => {
 			<section class="mb-3 space-y-3 rounded border border-border bg-bg-secondary p-3" data-testid="change-reader-card">
 				<div class="flex flex-wrap items-center justify-between gap-2">
 					<div>
-						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Change Reader (Text + Voice)</p>
-						<p class="mt-1 text-xs text-text-secondary">Read session changes, ask questions, and play voice narration from local context.</p>
+						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Change Reader (Text + Voice)', '변경 리더 (텍스트 + 음성)')}</p>
+						<p class="mt-1 text-xs text-text-secondary">
+							{localize(
+								'Read session changes, ask questions, and play voice narration from local context.',
+								'로컬 컨텍스트에서 세션 변경을 읽고, 질문하고, 음성 내레이션을 재생합니다.',
+							)}
+						</p>
 					</div>
 					<label class="text-xs text-text-secondary">
-						<span class="mr-2">Scope</span>
+						<span class="mr-2">{localize('Scope', '범위')}</span>
 						<select bind:value={changeReaderScope} class="border border-border bg-bg-primary px-2 py-1 text-xs text-text-primary">
-							<option value="summary_only">summary_only</option>
-							<option value="full_context">full_context</option>
+							<option value="summary_only">{localize('Summary only', '요약만')}</option>
+							<option value="full_context">{localize('Full context', '전체 컨텍스트')}</option>
 						</select>
 					</label>
 				</div>
@@ -509,7 +551,7 @@ $effect(() => {
 						data-testid="change-reader-read"
 						class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 					>
-						{changeReaderReading ? 'Reading…' : 'Read Changes'}
+						{changeReaderReading ? localize('Reading…', '읽는 중...') : localize('Read summary', '변경 내용 읽기')}
 					</button>
 					{#if changeReaderVoiceEnabled && changeReaderVoiceConfigured}
 						<button
@@ -519,7 +561,11 @@ $effect(() => {
 							data-testid="change-reader-play-voice"
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 						>
-							{changeReaderVoicePending ? 'Synthesizing…' : changeReaderVoicePlaying ? 'Replay Voice' : 'Play Voice'}
+							{changeReaderVoicePending
+								? localize('Synthesizing…', '합성 중...')
+								: changeReaderVoicePlaying
+									? localize('Replay Voice', '음성 다시 재생')
+									: localize('Play Voice', '음성 재생')}
 						</button>
 						<button
 							type="button"
@@ -528,7 +574,7 @@ $effect(() => {
 							data-testid="change-reader-stop-voice"
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 						>
-							Stop Voice
+							{localize('Stop Voice', '음성 중지')}
 						</button>
 					{/if}
 				</div>
@@ -536,9 +582,14 @@ $effect(() => {
 					<p class="text-xs text-error">{changeReaderReadError}</p>
 				{/if}
 				{#if !changeReaderVoiceEnabled}
-					<p class="text-xs text-text-muted">Voice is disabled in runtime settings.</p>
+					<p class="text-xs text-text-muted">{localize('Voice is disabled in runtime settings.', '런타임 설정에서 음성이 비활성화되어 있습니다.')}</p>
 				{:else if !changeReaderVoiceConfigured}
-					<p class="text-xs text-text-muted">Set Change Reader Voice API key in Settings to enable playback.</p>
+					<p class="text-xs text-text-muted">
+						{localize(
+							'Set Change Reader Voice API key in Settings to enable playback.',
+							'설정에서 Change Reader Voice API 키를 입력하면 재생을 사용할 수 있습니다.',
+						)}
+					</p>
 				{/if}
 				{#if changeReaderVoiceError}
 					<p class="text-xs text-error" data-testid="change-reader-voice-error">{changeReaderVoiceError}</p>
@@ -552,12 +603,14 @@ $effect(() => {
 
 				{#if changeReaderQaEnabled}
 					<div class="space-y-2 border-t border-border/60 pt-2">
-						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">Q&A</p>
+						<p class="text-[11px] uppercase tracking-[0.08em] text-text-muted">
+							{localize('Questions', '질문')}
+						</p>
 						<div class="flex flex-wrap items-center gap-2">
 							<input
 								bind:value={changeReaderQuestion}
 								data-testid="change-reader-question-input"
-								placeholder="Ask about this change..."
+								placeholder={localize('Ask about this change...', '이 변경에 대해 질문하세요...')}
 								class="min-w-[220px] flex-1 border border-border bg-bg-primary px-2 py-1 text-xs text-text-primary"
 							/>
 							<button
@@ -567,7 +620,7 @@ $effect(() => {
 								data-testid="change-reader-ask"
 								class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 							>
-								{changeReaderAsking ? 'Asking…' : 'Ask'}
+								{changeReaderAsking ? localize('Asking…', '질문 중...') : localize('Ask', '질문하기')}
 							</button>
 						</div>
 						{#if changeReaderAskError}
@@ -578,12 +631,17 @@ $effect(() => {
 						{/if}
 					</div>
 				{:else}
-					<p class="text-xs text-text-muted">Q&A is disabled in runtime settings.</p>
+					<p class="text-xs text-text-muted">
+						{localize(
+							'Questions are disabled in runtime settings.',
+							'런타임 설정에서 질문 기능이 비활성화되어 있습니다.',
+						)}
+					</p>
 				{/if}
 
 				{#if changeReaderCitations.length}
 					<p class="text-[11px] text-text-muted" data-testid="change-reader-citations">
-						citations: {changeReaderCitations.join(', ')}
+						{localize('citations:', '인용:')} {changeReaderCitations.join(', ')}
 					</p>
 				{/if}
 				{#if changeReaderWarning}
diff --git a/packages/ui/src/components/SessionListPage.svelte b/packages/ui/src/components/SessionListPage.svelte
index da9552b7..3f83416f 100644
--- a/packages/ui/src/components/SessionListPage.svelte
+++ b/packages/ui/src/components/SessionListPage.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
 import { onMount } from 'svelte';
 import { listSessionRepos, listSessions } from '../api';
+import { appLocale, translate } from '../i18n';
 import {
 	createBrowserSessionListCache,
 	createSessionListModel,
@@ -57,28 +58,31 @@ const floatingJobs = $derived.by(() => {
 	return [
 		{
 			id: 'session-refresh',
-			label: 'Refreshing sessions',
-			detail: 'Background reindex is running. You can continue browsing.',
+			label: translate($appLocale, 'sessionList.refreshJobLabel'),
+			detail: translate($appLocale, 'sessionList.refreshJobDetail'),
 		},
 	];
 });
 
 const rangeCycle: readonly TimeRange[] = ['all', '24h', '7d', '30d'];
-const timeRangeTabs: ReadonlyArray<{ value: TimeRange; label: string }> = [
-	{ value: 'all', label: 'All Time' },
-	{ value: '24h', label: '24h' },
-	{ value: '7d', label: '7d' },
-	{ value: '30d', label: '30d' },
-];
+const timeRangeTabs = $derived.by(
+	(): ReadonlyArray<{ value: TimeRange; label: string }> => [
+		{ value: 'all', label: translate($appLocale, 'sessionList.range.all') },
+		{ value: '24h', label: translate($appLocale, 'sessionList.range.24h') },
+		{ value: '7d', label: translate($appLocale, 'sessionList.range.7d') },
+		{ value: '30d', label: translate($appLocale, 'sessionList.range.30d') },
+	],
+);
 
 function sessionIndex(sessionId: string): number {
 	return sessionOrder.get(sessionId) ?? -1;
 }
 
-const tools = [
-	{ value: '', label: 'All Tools' },
+const tools = $derived.by(() => [
+	{ value: '', label: translate($appLocale, 'sessionList.allTools') },
 	...Object.values(TOOL_CONFIGS).map((t) => ({ value: t.name, label: t.label })),
-];
+]);
+const validToolValues = ['', ...Object.values(TOOL_CONFIGS).map((tool) => tool.name)];
 const validTimeRanges = new Set<TimeRange>(['all', '24h', '7d', '30d']);
 const sessionListModel = createSessionListModel(
 	{
@@ -184,7 +188,7 @@ const sessionListModel = createSessionListModel(
 		listSessionRepos,
 		cache: createBrowserSessionListCache(),
 		getLocationSearch: () => (typeof window === 'undefined' ? '' : window.location.search),
-		validToolValues: tools.map((tool) => tool.value),
+		validToolValues,
 		validTimeRanges,
 		perPage,
 	},
@@ -313,14 +317,18 @@ async function handleCopyShortcut(e: KeyboardEvent) {
 	if (!textToCopy) return;
 	e.preventDefault();
 	const copied = await writeClipboardText(textToCopy);
-	setCopyFeedbackMessage(copied ? 'Copied' : 'Copy failed');
+	setCopyFeedbackMessage(
+		copied ? translate($appLocale, 'common.copied') : translate($appLocale, 'common.copyFailed'),
+	);
 }
 
 async function copySelectedSessionTitle() {
 	const text = selectedSessionTitleForCopy();
 	if (!text) return;
 	const copied = await writeClipboardText(text);
-	setCopyFeedbackMessage(copied ? 'Copied' : 'Copy failed');
+	setCopyFeedbackMessage(
+		copied ? translate($appLocale, 'common.copied') : translate($appLocale, 'common.copyFailed'),
+	);
 }
 
 onMount(() => {
@@ -398,7 +406,7 @@ function handleCopyEvent(e: ClipboardEvent) {
 	e.preventDefault();
 	if (e.clipboardData) {
 		e.clipboardData.setData('text/plain', textToCopy);
-		setCopyFeedbackMessage('Copied');
+		setCopyFeedbackMessage(translate($appLocale, 'common.copied'));
 		return;
 	}
 	void copySelectedSessionTitle();
@@ -458,12 +466,16 @@ $effect(() => {
 <svelte:window oncopy={handleCopyEvent} onkeydown={handleKeydown} />
 
 <svelte:head>
-	<title>opensession.io - AI Session Explorer</title>
+	<title>{translate($appLocale, 'sessionList.title')}</title>
 </svelte:head>
 
 <div class="flex h-full flex-col">
 	<div class="flex shrink-0 flex-wrap items-center gap-2 border-b border-border px-2 py-1.5">
-		<div class="flex items-center gap-1" role="tablist" aria-label="Time range">
+		<div
+			class="flex items-center gap-1"
+			role="tablist"
+			aria-label={translate($appLocale, 'sessionList.timeRange')}
+		>
 			{#each timeRangeTabs as tab}
 				<button
 					role="tab"
@@ -484,7 +496,7 @@ $effect(() => {
 			<input
 				id="session-search"
 				type="text"
-				placeholder="search..."
+				placeholder={translate($appLocale, 'sessionList.searchPlaceholder')}
 				bind:this={searchInput}
 				bind:value={searchQuery}
 				onkeydown={handleSearchInputKeydown}
@@ -502,12 +514,14 @@ $effect(() => {
 			{/each}
 		</select>
 		<div class="flex w-full items-center gap-1 sm:w-auto">
-			<label for="session-repo-filter" class="shrink-0 text-xs text-text-muted">repo</label>
+			<label for="session-repo-filter" class="shrink-0 text-xs text-text-muted">
+				{translate($appLocale, 'sessionList.repo')}
+			</label>
 			<input
 				id="session-repo-filter"
 				list="session-repo-options"
 				type="text"
-				placeholder="org/repo"
+				placeholder={translate($appLocale, 'sessionList.repoPlaceholder')}
 				bind:this={repoFilterInputEl}
 				bind:value={repoInput}
 				onkeydown={handleRepoInputKeydown}
@@ -525,7 +539,7 @@ $effect(() => {
 					onclick={clearRepoFilter}
 					class="shrink-0 border border-border bg-bg-secondary px-1.5 py-0.5 text-xs text-text-muted transition-colors hover:text-text-primary"
 				>
-					clear
+					{translate($appLocale, 'common.clear')}
 				</button>
 			{/if}
 		</div>
@@ -535,18 +549,18 @@ $effect(() => {
 		>
 			<span class="inline-flex items-center gap-1 rounded border border-border bg-bg-secondary px-1.5 py-0.5">
 				<kbd class="rounded border border-accent/40 bg-accent/10 px-1 py-[1px] font-mono text-[10px] text-accent">Cmd/Ctrl+C</kbd>
-				<span>copy title</span>
+				<span>{translate($appLocale, 'sessionList.copyTitle')}</span>
 			</span>
 			<span class="inline-flex items-center gap-1 rounded border border-border bg-bg-secondary px-1.5 py-0.5">
 				<kbd class="rounded border border-accent/40 bg-accent/10 px-1 py-[1px] font-mono text-[10px] text-accent">Shift+R</kbd>
-				<span>force refresh</span>
+				<span>{translate($appLocale, 'sessionList.forceRefresh')}</span>
 			</span>
 			{#if copyFeedback}
 				<span
 					data-testid="session-copy-feedback"
 					class="rounded border border-border bg-bg-secondary px-1.5 py-0.5"
-					class:text-success={copyFeedback === 'Copied'}
-					class:text-error={copyFeedback === 'Copy failed'}
+					class:text-success={copyFeedback === translate($appLocale, 'common.copied')}
+					class:text-error={copyFeedback === translate($appLocale, 'common.copyFailed')}
 				>
 					{copyFeedback}
 				</span>
@@ -556,7 +570,7 @@ $effect(() => {
 				onclick={copySelectedSessionTitle}
 				class="rounded border border-border bg-bg-secondary px-1.5 py-0.5 text-[11px] text-text-secondary transition-colors hover:text-text-primary"
 			>
-				Copy selected
+				{translate($appLocale, 'sessionList.copySelected')}
 			</button>
 			<button
 				type="button"
@@ -565,7 +579,9 @@ $effect(() => {
 				disabled={forceRefreshing}
 				class="rounded border border-border bg-bg-secondary px-1.5 py-0.5 text-[11px] text-text-secondary transition-colors hover:text-text-primary disabled:opacity-60"
 			>
-				{forceRefreshing ? 'Refreshing...' : 'Force refresh'}
+				{forceRefreshing
+					? translate($appLocale, 'sessionList.refreshing')
+					: translate($appLocale, 'sessionList.forceRefreshButton')}
 			</button>
 		</div>
 	</div>
@@ -578,14 +594,16 @@ $effect(() => {
 
 	<div class="flex-1 overflow-y-auto">
 		<div data-testid="session-layout-summary" class="border-b border-border px-3 py-1 text-xs text-text-muted">
-			Sessions ({total})
-			<span class="ml-2 text-text-secondary">[single chronological feed]</span>
+			{translate($appLocale, 'sessionList.header', { total })}
+			<span class="ml-2 text-text-secondary">{translate($appLocale, 'sessionList.feedHint')}</span>
 		</div>
 
 			{#if sessions.length === 0 && !loading}
 				<div class="py-16 text-center">
-					<p class="text-sm text-text-muted">No sessions found</p>
-					<p class="mt-1 text-xs text-text-muted">Public feed is currently empty.</p>
+					<p class="text-sm text-text-muted">{translate($appLocale, 'sessionList.noSessions')}</p>
+					<p class="mt-1 text-xs text-text-muted">
+						{translate($appLocale, 'sessionList.noSessionsDetail')}
+					</p>
 				</div>
 			{/if}
 
@@ -599,7 +617,9 @@ $effect(() => {
 
 		{#if loading}
 			<div class="py-4 text-center text-xs text-text-muted">
-				{sessions.length === 0 ? 'Loading...' : 'Updating...'}
+				{sessions.length === 0
+					? translate($appLocale, 'common.loading')
+					: translate($appLocale, 'common.updating')}
 			</div>
 		{/if}
 
@@ -609,7 +629,7 @@ $effect(() => {
 					onclick={renderMore}
 					class="px-4 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary"
 				>
-					Render More
+					{translate($appLocale, 'common.renderMore')}
 				</button>
 			</div>
 		{/if}
@@ -620,7 +640,7 @@ $effect(() => {
 					onclick={loadMore}
 					class="px-4 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary"
 				>
-					Load More
+					{translate($appLocale, 'common.loadMore')}
 				</button>
 			</div>
 		{/if}
diff --git a/packages/ui/src/components/SessionRenderPage.svelte b/packages/ui/src/components/SessionRenderPage.svelte
index f7071a5d..115fff5f 100644
--- a/packages/ui/src/components/SessionRenderPage.svelte
+++ b/packages/ui/src/components/SessionRenderPage.svelte
@@ -2,9 +2,10 @@
 import { ApiError, buildSessionHandoff, quickShareSession } from '../api';
 import { SCROLL_STEP_PX } from '../constants';
 import { prepareTimelineEvents } from '../event-helpers';
+import { appLocale } from '../i18n';
 import { isNativeAdapterSupported, type SessionViewMode } from '../session-filters';
 import type { ContentBlock, Event, Session, SessionDetail } from '../types';
-import { formatDuration, formatTimestamp, getToolConfig } from '../types';
+import { formatClockTime, formatDuration, formatTimestamp, getToolConfig } from '../types';
 import { computeFileStats, getDisplayTitle } from '../utils';
 import SessionSidebar from './SessionSidebar.svelte';
 import TimelineView from './TimelineView.svelte';
@@ -57,10 +58,15 @@ let quickShareRemote = $state('');
 let quickShareUri = $state<string | null>(null);
 let quickShareFeedback = $state<string | null>(null);
 let quickShareFeedbackLevel = $state<'success' | 'error' | null>(null);
+const isKorean = $derived($appLocale === 'ko');
 
 type FlowKind = 'user' | 'agent' | 'tool' | 'system';
 type FlowSegment = { kind: FlowKind; width: number; tooltip: string };
 
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
+
 function eventFlowKind(event: Event): FlowKind {
 	const type = event.event_type.type;
 	if (type === 'UserMessage') return 'user';
@@ -153,17 +159,29 @@ const flowSegments = $derived.by((): FlowSegment[] => {
 		return {
 			kind,
 			width,
-			tooltip: `${index + 1}. ${event.event_type.type}`,
+			tooltip: `${index + 1}. ${
+				isKorean
+					? event.event_type.type
+							.replace('UserMessage', '사용자 메시지')
+							.replace('AgentMessage', '에이전트 메시지')
+							.replace('SystemMessage', '시스템 메시지')
+							.replace('ToolCall', '도구 호출')
+							.replace('ToolResult', '도구 결과')
+							.replace('Thinking', '사고')
+							.replace('TaskStart', '작업 시작')
+							.replace('TaskEnd', '작업 종료')
+					: event.event_type.type
+			}`,
 		};
 	});
 });
 
 const flowLegend = $derived.by(() => {
 	return [
-		{ kind: 'user' as const, label: 'User', count: flowCounts.user },
-		{ kind: 'agent' as const, label: 'Agent', count: flowCounts.agent },
-		{ kind: 'tool' as const, label: 'Tool', count: flowCounts.tool },
-		{ kind: 'system' as const, label: 'System', count: flowCounts.system },
+		{ kind: 'user' as const, label: localize('User', '사용자'), count: flowCounts.user },
+		{ kind: 'agent' as const, label: localize('Agent', '에이전트'), count: flowCounts.agent },
+		{ kind: 'tool' as const, label: localize('Tool', '도구'), count: flowCounts.tool },
+		{ kind: 'system' as const, label: localize('System', '시스템'), count: flowCounts.system },
 	];
 });
 
@@ -355,15 +373,19 @@ async function handleBuildHandoff() {
 		setHandoffFeedback(
 			response.pinned_alias
 				? downloaded
-					? `Handoff artifact built, pinned as ${response.pinned_alias}, and downloaded.`
-					: `Handoff artifact built and pinned as ${response.pinned_alias}.`
+					? isKorean
+						? `핸드오프 아티팩트를 만들고 ${response.pinned_alias}로 고정한 뒤 다운로드했습니다.`
+						: `Handoff artifact built, pinned as ${response.pinned_alias}, and downloaded.`
+					: isKorean
+						? `핸드오프 아티팩트를 만들고 ${response.pinned_alias}로 고정했습니다.`
+						: `Handoff artifact built and pinned as ${response.pinned_alias}.`
 				: downloaded
-					? 'Handoff artifact built and downloaded.'
-					: 'Handoff artifact built.',
+					? localize('Handoff artifact built and downloaded.', '핸드오프 아티팩트를 만들고 다운로드했습니다.')
+					: localize('Handoff artifact built.', '핸드오프 아티팩트를 만들었습니다.'),
 			'success',
 		);
 	} catch (error) {
-		const message = error instanceof ApiError ? error.message : 'Failed to build handoff artifact.';
+		const message = error instanceof ApiError ? error.message : localize('Failed to build handoff artifact.', '핸드오프 아티팩트를 만들지 못했습니다.');
 		setHandoffFeedback(message, 'error');
 	} finally {
 		handoffPending = false;
@@ -374,7 +396,9 @@ async function handleCopyHandoffUri() {
 	if (!handoffArtifactUri) return;
 	const copied = await writeClipboardText(handoffArtifactUri);
 	setHandoffFeedback(
-		copied ? 'Artifact URI copied.' : 'Failed to copy artifact URI.',
+		copied
+			? localize('Copied the artifact link.', '아티팩트 링크를 복사했습니다.')
+			: localize('Failed to copy the artifact link.', '아티팩트 링크를 복사하지 못했습니다.'),
 		copied ? 'success' : 'error',
 	);
 }
@@ -388,12 +412,24 @@ async function handleQuickShare() {
 		quickShareUri = response.shared_uri;
 		setQuickShareFeedback(
 			response.pushed
-				? 'Shared and pushed successfully.'
-				: 'Shared locally. Confirm first push once to enable auto push in quick mode.',
+				? localize(
+						'Created a share link and pushed it successfully.',
+						'공유 링크를 만들고 푸시했습니다.',
+					)
+				: localize(
+						'Created a local share link. Confirm the first push once to enable auto-push in quick mode.',
+						'로컬 공유 링크를 만들었습니다. 빠른 모드에서 자동 푸시를 쓰려면 첫 푸시를 한 번 확인해 주세요.',
+					),
 			'success',
 		);
 	} catch (error) {
-		const message = error instanceof ApiError ? error.message : 'Failed to quick share session.';
+		const message =
+			error instanceof ApiError
+				? error.message
+				: localize(
+						'Failed to create a share link for this session.',
+						'이 세션의 공유 링크를 만들지 못했습니다.',
+					);
 		setQuickShareFeedback(message, 'error');
 	} finally {
 		quickSharePending = false;
@@ -404,7 +440,9 @@ async function handleCopyQuickShareUri() {
 	if (!quickShareUri) return;
 	const copied = await writeClipboardText(quickShareUri);
 	setQuickShareFeedback(
-		copied ? 'Shared URI copied.' : 'Failed to copy shared URI.',
+		copied
+			? localize('Copied the share link.', '공유 링크를 복사했습니다.')
+			: localize('Failed to copy the share link.', '공유 링크를 복사하지 못했습니다.'),
 		copied ? 'success' : 'error',
 	);
 }
@@ -433,8 +471,10 @@ function handleDownloadHandoffFile() {
 	const downloaded = downloadTextFile(handoffDownloadFileName, handoffDownloadContent);
 	setHandoffFeedback(
 		downloaded
-			? `Downloaded ${handoffDownloadFileName}.`
-			: 'Failed to download handoff artifact file.',
+			? isKorean
+				? `${handoffDownloadFileName} 파일을 다운로드했습니다.`
+				: `Downloaded ${handoffDownloadFileName}.`
+			: localize('Failed to download handoff artifact file.', '핸드오프 아티팩트 파일을 다운로드하지 못했습니다.'),
 		downloaded ? 'success' : 'error',
 	);
 }
@@ -571,11 +611,11 @@ $effect(() => {
 					{formatDuration(session.stats.duration_seconds)}
 				</span>
 				<span class="rounded border border-border bg-bg-primary/65 px-2 py-0.5">
-					{session.stats.message_count} msgs
+					{isKorean ? `${session.stats.message_count}개 메시지` : `${session.stats.message_count} msgs`}
 				</span>
 				{#if fileStats.filesChanged > 0}
 					<span class="rounded border border-border bg-bg-primary/65 px-2 py-0.5">
-						{fileStats.filesChanged} files
+						{isKorean ? `${fileStats.filesChanged}개 파일` : `${fileStats.filesChanged} files`}
 						(<span class="text-success">+{fileStats.linesAdded}</span>
 						<span class="text-error">-{fileStats.linesRemoved}</span>)
 					</span>
@@ -587,13 +627,13 @@ $effect(() => {
 
 			<div class="mt-3 rounded border border-border/80 bg-bg-secondary/55 p-2.5" data-testid="session-flow-bar">
 				<div class="flex items-center justify-between text-[11px] text-text-muted">
-					<span class="font-medium text-text-secondary">Session Flow</span>
-					<span>{flowEvents.length} events</span>
+					<span class="font-medium text-text-secondary">{localize('Session Flow', '세션 흐름')}</span>
+					<span>{isKorean ? `${flowEvents.length}개 이벤트` : `${flowEvents.length} events`}</span>
 				</div>
 				{#if flowSegments.length > 0}
 					<button
 						type="button"
-						aria-label="Drag to scrub session timeline"
+						aria-label={localize('Drag to scrub session timeline', '드래그해 세션 타임라인을 훑어보기')}
 						bind:this={flowTrackEl}
 						data-testid="session-flow-track"
 						class="mt-2 flex h-2 overflow-hidden rounded-sm border bg-bg-tertiary/80 select-none touch-none cursor-ew-resize {flowDragging ? 'border-accent/70' : 'border-border/70'}"
@@ -635,7 +675,7 @@ $effect(() => {
 					bind:this={searchInput}
 					bind:value={searchQuery}
 					onkeydown={handleSearchInputKeydown}
-					placeholder="search in this session..."
+					placeholder={localize('search in this session...', '이 세션에서 검색...')}
 					class="min-w-[220px] flex-1 border border-border bg-bg-primary px-2 py-1 text-xs text-text-primary placeholder-text-muted outline-none focus:border-accent"
 				/>
 				{#if normalizedSearchQuery}
@@ -644,7 +684,7 @@ $effect(() => {
 						class:text-warning={searchMatchCount === 0}
 						class:text-text-muted={searchMatchCount > 0}
 					>
-						{searchMatchCount} matches
+						{isKorean ? `${searchMatchCount}개 일치` : `${searchMatchCount} matches`}
 					</span>
 				{/if}
 			</div>
@@ -656,12 +696,15 @@ $effect(() => {
 				>
 					<div class="mb-3 rounded border border-border/60 bg-bg-primary/35 p-2">
 						<div class="flex flex-wrap items-center justify-between gap-2">
-							<div class="text-xs text-text-secondary">Public Share</div>
+							<div class="text-xs text-text-secondary">{localize('Public Link', '공개 링크')}</div>
 							<div class="flex flex-wrap items-center gap-2">
 								<input
 									type="text"
 									bind:value={quickShareRemote}
-									placeholder="remote (optional, auto-detect by default)"
+									placeholder={localize(
+										'Remote name (optional; auto-detected by default)',
+										'원격 저장소 이름(선택, 기본값은 자동 감지)',
+									)}
 									class="w-[260px] border border-border bg-bg-primary px-2 py-1 text-xs text-text-primary"
 								/>
 								<button
@@ -671,7 +714,7 @@ $effect(() => {
 									disabled={quickSharePending}
 									class="rounded border border-border bg-bg-primary px-2 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary disabled:opacity-60"
 								>
-									{quickSharePending ? 'Sharing...' : 'Quick Share'}
+									{quickSharePending ? localize('Creating link...', '링크 생성 중...') : localize('Create link', '링크 만들기')}
 								</button>
 								{#if quickShareUri}
 									<button
@@ -680,7 +723,7 @@ $effect(() => {
 										onclick={handleCopyQuickShareUri}
 										class="rounded border border-border bg-bg-primary px-2 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary"
 									>
-										Copy URI
+										{localize('Copy link', '링크 복사')}
 									</button>
 								{/if}
 							</div>
@@ -707,7 +750,7 @@ $effect(() => {
 					</div>
 
 					<div class="flex flex-wrap items-center justify-between gap-2">
-						<div class="text-xs text-text-secondary">Handoff Artifact</div>
+						<div class="text-xs text-text-secondary">{localize('Handoff Artifact', '핸드오프 아티팩트')}</div>
 						<div class="flex items-center gap-2">
 							<button
 								type="button"
@@ -716,7 +759,7 @@ $effect(() => {
 								disabled={handoffPending}
 								class="rounded border border-border bg-bg-primary px-2 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary disabled:opacity-60"
 							>
-								{handoffPending ? 'Building...' : 'Build (pin latest)'}
+								{handoffPending ? localize('Building...', '생성 중...') : localize('Build (pin latest)', '생성 (latest 고정)')}
 							</button>
 							{#if handoffArtifactUri}
 								<button
@@ -725,7 +768,7 @@ $effect(() => {
 									onclick={handleCopyHandoffUri}
 									class="rounded border border-border bg-bg-primary px-2 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary"
 								>
-									Copy URI
+									{localize('Copy link', '링크 복사')}
 								</button>
 							{/if}
 							{#if handoffDownloadFileName && handoffDownloadContent}
@@ -735,7 +778,7 @@ $effect(() => {
 									onclick={handleDownloadHandoffFile}
 									class="rounded border border-border bg-bg-primary px-2 py-1 text-xs text-text-secondary transition-colors hover:text-text-primary"
 								>
-									Download file
+									{localize('Download file', '파일 다운로드')}
 								</button>
 							{/if}
 						</div>
@@ -766,7 +809,10 @@ $effect(() => {
 
 	{#if viewMode === 'native' && !nativeEnabled}
 		<div class="border-b border-border bg-bg-secondary px-3 py-2 text-xs text-text-muted">
-			Native view is unavailable for this parser. Falling back to unified view.
+			{localize(
+				'Native view is unavailable for this parser. Falling back to unified view.',
+				'이 파서에서는 네이티브 보기를 사용할 수 없습니다. 통합 보기로 전환합니다.',
+			)}
 		</div>
 	{/if}
 
@@ -778,7 +824,7 @@ $effect(() => {
 		>
 			{#if normalizedSearchQuery && searchMatchCount === 0}
 				<div class="mb-2 border border-warning/30 bg-warning/10 px-3 py-2 text-xs text-warning">
-					No matching events for "{searchQuery}".
+					{isKorean ? `"${searchQuery}"와 일치하는 이벤트가 없습니다.` : `No matching events for "${searchQuery}".`}
 				</div>
 			{/if}
 			<TimelineView
diff --git a/packages/ui/src/components/SessionSidebar.svelte b/packages/ui/src/components/SessionSidebar.svelte
index f0ee86fa..af821ff8 100644
--- a/packages/ui/src/components/SessionSidebar.svelte
+++ b/packages/ui/src/components/SessionSidebar.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
 import type { Session, SessionDetail } from '../types';
 import { formatDuration, formatTimestamp, getToolConfig } from '../types';
 import type { FileStats } from '../utils';
@@ -29,6 +30,11 @@ const {
 } = $props();
 
 const tool = $derived(getToolConfig(session.agent.tool));
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 </script>
 
 {#snippet glyph(icon: string)}
@@ -58,7 +64,9 @@ const tool = $derived(getToolConfig(session.agent.tool));
 			</div>
 		{/if}
 
-		<h3 class="text-xs font-semibold uppercase tracking-wider text-text-muted">Session</h3>
+		<h3 class="text-xs font-semibold uppercase tracking-wider text-text-muted">
+			{localize('Session', '세션')}
+		</h3>
 
 		<div class="space-y-2 rounded border border-border/70 bg-bg-primary/55 p-2 text-xs">
 			<!-- Date -->
@@ -73,34 +81,34 @@ const tool = $derived(getToolConfig(session.agent.tool));
 				</div>
 			</div>
 
-			{@render statRow(botIcon, 'Model:', session.agent.model)}
+			{@render statRow(botIcon, localize('Model:', '모델:'), session.agent.model)}
 
 			<!-- Tool (with optional version) -->
 			<div class="flex items-center gap-2">
 				{@render glyph(lightningIcon)}
-				<span class="text-text-muted">Tool:</span>
+				<span class="text-text-muted">{localize('Tool:', '도구:')}</span>
 				<span class="text-text-secondary">{tool.label}</span>
 				{#if session.agent.tool_version}
 					<span class="text-text-muted">v{session.agent.tool_version}</span>
 				{/if}
 			</div>
 
-			{@render statRow(globeIcon, 'Provider:', session.agent.provider)}
+			{@render statRow(globeIcon, localize('Provider:', '제공자:'), session.agent.provider)}
 
 			<hr class="border-border/60" />
 
-			{@render statRow(listIcon, 'Messages:', `${session.stats.message_count}`)}
-			{@render statRow(terminalIcon, 'Tools:', `${session.stats.tool_call_count}`)}
-			{@render statRow(clockIcon, 'Duration:', formatDuration(session.stats.duration_seconds))}
+			{@render statRow(listIcon, localize('Messages:', '메시지:'), `${session.stats.message_count}`)}
+			{@render statRow(terminalIcon, localize('Tool calls:', '도구 호출:'), `${session.stats.tool_call_count}`)}
+			{@render statRow(clockIcon, localize('Duration:', '소요 시간:'), formatDuration(session.stats.duration_seconds))}
 
 			{#if fileStats.filesChanged > 0}
-				{@render statRow(fileIcon, 'Files:', `${fileStats.filesChanged} changed`)}
+				{@render statRow(fileIcon, localize('Files:', '파일:'), isKorean ? `${fileStats.filesChanged}개 변경` : `${fileStats.filesChanged} changed`)}
 			{/if}
 
 			{#if fileStats.linesAdded > 0 || fileStats.linesRemoved > 0}
 				<div class="flex items-center gap-2">
 					{@render glyph(fileEditIcon)}
-					<span class="text-text-muted">Lines:</span>
+					<span class="text-text-muted">{localize('Lines:', '라인:')}</span>
 					<span>
 						<span class="text-success">+{fileStats.linesAdded}</span>
 						<span class="text-error">-{fileStats.linesRemoved}</span>
@@ -109,7 +117,7 @@ const tool = $derived(getToolConfig(session.agent.tool));
 			{/if}
 
 			{#if session.stats.task_count > 0}
-				{@render statRow(taskEndIcon, 'Tasks:', `${session.stats.task_count}`)}
+				{@render statRow(taskEndIcon, localize('Tasks:', '작업:'), `${session.stats.task_count}`)}
 			{/if}
 		</div>
 
diff --git a/packages/ui/src/components/SettingsPage.svelte b/packages/ui/src/components/SettingsPage.svelte
index d0c315a3..c8d0aab7 100644
--- a/packages/ui/src/components/SettingsPage.svelte
+++ b/packages/ui/src/components/SettingsPage.svelte
@@ -54,6 +54,8 @@ import type {
 	RuntimeQuickJumpLink,
 	SettingsSectionNavItem,
 } from './settings-page/models';
+import { appLocale } from '../i18n';
+import LanguageSettingsPanel from './LanguageSettingsPanel.svelte';
 import {
 	copyTextSurface,
 	loadGitCredentialsState,
@@ -70,6 +72,20 @@ const {
 	onNavigate?: (path: string) => void;
 } = $props();
 
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
+
+function boolWord(value: boolean): string {
+	return value ? localize('yes', '예') : localize('no', '아니오');
+}
+
+function toggleWord(value: boolean): string {
+	return value ? localize('On', '켜짐') : localize('Off', '꺼짐');
+}
+
 let settings = $state<UserSettings | null>(null);
 let loading = $state(true);
 let error = $state<string | null>(null);
@@ -228,7 +244,7 @@ function vectorIndexProgressLabel(status: DesktopVectorIndexStatusResponse | nul
 	if (!status || status.total_sessions <= 0) return null;
 	const pct = progressPercent(status.processed_sessions, status.total_sessions);
 	if (pct == null) return null;
-	return `${status.processed_sessions}/${status.total_sessions} sessions (${pct}%)`;
+	return `${status.processed_sessions}/${status.total_sessions} ${localize('sessions', '세션')} (${pct}%)`;
 }
 
 function summaryBatchProgressLabel(
@@ -236,33 +252,52 @@ function summaryBatchProgressLabel(
 ): string | null {
 	if (!status) return null;
 	if (status.total_sessions <= 0) {
-		return status.failed_sessions > 0 ? `failed ${status.failed_sessions}` : 'no queued sessions';
+		return status.failed_sessions > 0
+			? localize(`failed ${status.failed_sessions}`, `${status.failed_sessions}개 실패`)
+			: localize('no queued sessions', '대기 중인 세션이 없습니다');
 	}
-	return `${status.processed_sessions}/${status.total_sessions} sessions · failed ${status.failed_sessions}`;
+	return localize(
+		`${status.processed_sessions}/${status.total_sessions} sessions · failed ${status.failed_sessions}`,
+		`${status.processed_sessions}/${status.total_sessions} 세션 · 실패 ${status.failed_sessions}`,
+	);
 }
 
 function formatIntervalSeconds(seconds: number): string {
-	if (seconds < 60) return `${seconds}s`;
-	if (seconds < 3600) return `${Math.floor(seconds / 60)}m`;
-	if (seconds % 3600 === 0) return `${Math.floor(seconds / 3600)}h`;
-	return `${Math.floor(seconds / 3600)}h ${Math.floor((seconds % 3600) / 60)}m`;
+	if (seconds < 60) return localize(`${seconds}s`, `${seconds}초`);
+	if (seconds < 3600) return localize(`${Math.floor(seconds / 60)}m`, `${Math.floor(seconds / 60)}분`);
+	if (seconds % 3600 === 0) {
+		return localize(`${Math.floor(seconds / 3600)}h`, `${Math.floor(seconds / 3600)}시간`);
+	}
+	return localize(
+		`${Math.floor(seconds / 3600)}h ${Math.floor((seconds % 3600) / 60)}m`,
+		`${Math.floor(seconds / 3600)}시간 ${Math.floor((seconds % 3600) / 60)}분`,
+	);
 }
 
 function lifecycleResultLabel(status: DesktopLifecycleCleanupStatusResponse | null): string {
-	if (!status) return 'No lifecycle cleanup runs recorded yet.';
-	return `${status.deleted_sessions} sessions deleted · ${status.deleted_summaries} summaries removed`;
+	if (!status) return localize('No lifecycle cleanup runs recorded yet.', '아직 수명주기 정리 실행 기록이 없습니다.');
+	return localize(
+		`${status.deleted_sessions} sessions deleted · ${status.deleted_summaries} summaries removed`,
+		`세션 ${status.deleted_sessions}개 삭제 · 요약 ${status.deleted_summaries}개 제거`,
+	);
 }
 
 function lifecycleNextRunLabel(): string {
-	if (!runtimeLifecycleEnabled) return 'paused';
-	if (isLifecycleCleanupRunning(runtimeLifecycleStatus)) return 'running now';
+	if (!runtimeLifecycleEnabled) return localize('paused', '일시중지');
+	if (isLifecycleCleanupRunning(runtimeLifecycleStatus)) return localize('running now', '지금 실행 중');
 	const anchor = runtimeLifecycleStatus?.finished_at ?? runtimeLifecycleStatus?.started_at;
 	if (!anchor) {
-		return `after app start, then every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`;
+		return localize(
+			`after app start, then every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`,
+			`앱 시작 후, 이후 ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}마다`,
+		);
 	}
 	const next = new Date(new Date(anchor).getTime() + runtimeCleanupIntervalSecs * 1000);
 	if (Number.isNaN(next.getTime())) {
-		return `every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`;
+		return localize(
+			`every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`,
+			`${formatIntervalSeconds(runtimeCleanupIntervalSecs)}마다`,
+		);
 	}
 	return formatDate(next.toISOString());
 }
@@ -290,31 +325,37 @@ const runtimeChangeReaderVoiceToggleDisabled = $derived.by(() => {
 
 const runtimeChangeReaderVoiceBlockedReason = $derived.by(() => {
 	if (runtimeChangeReaderVoiceEnabled) return null;
-	if (!runtimeChangeReaderEnabled) return 'Enable Change Reader first.';
-	if (!runtimeChangeReaderVoiceApiKeyReady) return 'Add a Voice API key first.';
+	if (!runtimeChangeReaderEnabled) return localize('Enable Change Reader first.', '먼저 변경 리더를 켜세요.');
+	if (!runtimeChangeReaderVoiceApiKeyReady) return localize('Add a Voice API key first.', '먼저 Voice API 키를 추가하세요.');
 	return null;
 });
 
 const runtimeChangeReaderVoiceKeyStatusLabel = $derived.by(() => {
 	if (runtimeChangeReaderVoiceApiKey.trim().length > 0) {
-		return 'Voice API key: pending save';
+		return localize('Voice API key: pending save', 'Voice API 키: 저장 대기 중');
 	}
 	return runtimeChangeReaderVoiceApiKeyConfigured
-		? 'Voice API key: configured'
-		: 'Voice API key: missing';
+		? localize('Voice API key: configured', 'Voice API 키: 설정됨')
+		: localize('Voice API key: missing', 'Voice API 키: 없음');
 });
 
 const runtimeChangeReaderVoiceHint = $derived.by(() => {
 	if (runtimeChangeReaderVoiceBlockedReason) {
-		return `${runtimeChangeReaderVoiceBlockedReason} Voice playback only reads the change reader output aloud.`;
+		return localize(
+			`${runtimeChangeReaderVoiceBlockedReason} Voice playback only reads the change reader output aloud.`,
+			`${runtimeChangeReaderVoiceBlockedReason} 음성 재생은 변경 리더 출력을 소리 내어 읽기만 합니다.`,
+		);
 	}
-	return 'Voice playback reads the same change reader output aloud. It does not change summaries or follow-up Q&A.';
+	return localize(
+		'Voice playback reads the same change reader output aloud. It does not change summaries or follow-up questions.',
+		'음성 재생은 같은 변경 리더 출력을 소리 내어 읽습니다. 요약이나 후속 질문 내용은 바꾸지 않습니다.',
+	);
 });
 
 const runtimeChangeReaderVoiceSummary = $derived.by(() => {
 	const base = `${runtimeChangeReaderVoiceProvider} · ${runtimeChangeReaderVoiceModel}`;
 	if (!runtimeChangeReaderVoiceApiKeyReady) {
-		return `${base} · API key required`;
+		return localize(`${base} · API key required`, `${base} · API 키 필요`);
 	}
 	return base;
 });
@@ -324,42 +365,56 @@ const floatingJobs = $derived.by(() => {
 	if (runtimeSaving) {
 		jobs.push({
 			id: 'runtime-save',
-			label: 'Saving runtime settings',
-			detail: 'Storage migration and runtime validation can take a while. Continue using the page.',
+			label: localize('Saving runtime settings', '런타임 설정 저장 중'),
+			detail: localize(
+				'Storage migration and runtime validation can take a while. Continue using the page.',
+				'저장소 마이그레이션과 런타임 검증에 시간이 걸릴 수 있습니다. 이 페이지는 계속 사용해도 됩니다.',
+			),
 		});
 	}
 	if (runtimeVectorInstalling) {
 		jobs.push({
 			id: 'vector-install',
-			label: 'Installing vector model',
-			detail: 'Model pull is running in background.',
+			label: localize('Installing vector model', '벡터 모델 설치 중'),
+			detail: localize('Model pull is running in background.', '모델 다운로드가 백그라운드에서 진행 중입니다.'),
 		});
 	}
 	if (runtimeVectorReindexing) {
 		const progress = vectorIndexProgressLabel(runtimeVectorIndex);
 		jobs.push({
 			id: 'vector-reindex',
-			label: 'Rebuilding vector index',
+			label: localize('Rebuilding vector index', '벡터 인덱스 재구성 중'),
 			detail: progress
-				? `Session embeddings are being rebuilt in background. Processed ${progress}.`
-				: 'Session embeddings are being rebuilt in background.',
+				? localize(
+					`Session embeddings are being rebuilt in background. Processed ${progress}.`,
+					`세션 임베딩을 백그라운드에서 다시 만들고 있습니다. 진행 ${progress}.`,
+				)
+				: localize(
+					'Session embeddings are being rebuilt in background.',
+					'세션 임베딩을 백그라운드에서 다시 만들고 있습니다.',
+				),
 		});
 	}
 	if (runtimeSummaryBatchRunning) {
 		const progress = summaryBatchProgressLabel(runtimeSummaryBatchStatus);
 		jobs.push({
 			id: 'summary-batch',
-			label: 'Running summary batch',
+			label: localize('Running summary batch', '요약 배치 실행 중'),
 			detail: progress
-				? `Generating summaries in background. ${progress}.`
-				: 'Generating summaries in background.',
+				? localize(
+					`Generating summaries in background. ${progress}.`,
+					`백그라운드에서 요약을 생성하고 있습니다. ${progress}.`,
+				)
+				: localize('Generating summaries in background.', '백그라운드에서 요약을 생성하고 있습니다.'),
 		});
 	}
 	if (isLifecycleCleanupRunning(runtimeLifecycleStatus)) {
 		jobs.push({
 			id: 'lifecycle-cleanup',
-			label: 'Running lifecycle cleanup',
-			detail: runtimeLifecycleStatus?.message ?? 'Removing expired sessions and summaries.',
+			label: localize('Running lifecycle cleanup', '수명주기 정리 실행 중'),
+			detail:
+				runtimeLifecycleStatus?.message ??
+				localize('Removing expired sessions and summaries.', '만료된 세션과 요약을 제거하고 있습니다.'),
 		});
 	}
 	return jobs;
@@ -377,9 +432,9 @@ function currentRuntimeProviderTransport(): DesktopSummaryProviderTransport {
 }
 
 function storageBackendLabel(backend: DesktopSummaryStorageBackend): string {
-	if (backend === 'hidden_ref') return 'git hidden refs';
-	if (backend === 'local_db') return 'local SQLite';
-	return 'ephemeral only';
+	if (backend === 'hidden_ref') return localize('git hidden refs', 'git 숨김 ref');
+	if (backend === 'local_db') return localize('local SQLite', '로컬 SQLite');
+	return localize('ephemeral only', '임시 전용');
 }
 
 function persistedStorageBackend(): DesktopSummaryStorageBackend | null {
@@ -398,54 +453,84 @@ function hasPendingStorageBackendChange(): boolean {
 
 function storageBackendSummary(backend: DesktopSummaryStorageBackend): string {
 	if (backend === 'hidden_ref') {
-		return 'Read and write persisted summaries from git hidden refs in each session repository.';
+		return localize(
+			'Read and write persisted summaries from git hidden refs in each session repository.',
+			'각 세션 저장소의 git 숨김 ref에서 저장된 요약을 읽고 씁니다.',
+		);
 	}
 	if (backend === 'local_db') {
-		return 'Read and write persisted summaries from the local SQLite table `session_semantic_summaries`.';
+		return localize(
+			'Read and write persisted summaries from the local SQLite table `session_semantic_summaries`.',
+			'로컬 SQLite 테이블 `session_semantic_summaries`에서 저장된 요약을 읽고 씁니다.',
+		);
 	}
-	return 'Do not read or write persisted summaries. Results are generated only for the current request.';
+	return localize(
+		'Do not read or write persisted summaries. Results are generated only for the current request.',
+		'저장된 요약을 읽거나 쓰지 않습니다. 결과는 현재 요청에 대해서만 생성됩니다.',
+	);
 }
 
 function storageBackendDetails(backend: DesktopSummaryStorageBackend): string {
 	if (backend === 'hidden_ref') {
-		return 'Best when the session belongs to a git repository and you want git-backed summary history alongside the repo.';
+		return localize(
+			'Best when the session belongs to a git repository and you want git-backed summary history alongside the repo.',
+			'세션이 git 저장소에 속하고, 저장소와 함께 git 기반 요약 이력을 유지하고 싶을 때 적합합니다.',
+		);
 	}
 	if (backend === 'local_db') {
-		return 'Best when you want machine-local persistence without writing anything into git refs.';
+		return localize(
+			'Best when you want machine-local persistence without writing anything into git refs.',
+			'git ref에는 아무것도 쓰지 않고, 현재 머신에만 저장하고 싶을 때 적합합니다.',
+		);
 	}
-	return 'Use this only when you want no persistence. Existing stored summaries are left where they already are.';
+	return localize(
+		'Use this only when you want no persistence. Existing stored summaries are left where they already are.',
+		'저장을 전혀 원하지 않을 때만 사용하세요. 이미 저장된 요약은 기존 위치에 그대로 남습니다.',
+	);
 }
 
 function storageBackendTransitionDetail(): string {
 	const current = persistedStorageBackend();
 	if (!current) {
-		return 'Load runtime settings to inspect storage migration behavior.';
+		return localize('Load runtime settings to inspect storage migration behavior.', '저장소 마이그레이션 동작을 보려면 런타임 설정을 먼저 불러오세요.');
 	}
 	if (current === runtimeStorageBackend) {
-		return 'No storage backend switch is pending. Click Save Runtime only if you want to persist other runtime edits.';
+		return localize(
+			'No storage backend switch is pending. Click Save Runtime only if you want to persist other runtime edits.',
+			'대기 중인 저장소 백엔드 변경이 없습니다. 다른 런타임 수정 사항을 저장하려는 경우에만 런타임 저장을 누르세요.',
+		);
 	}
 	if (current === 'none') {
-		return `On next save, new summaries will persist to ${storageBackendLabel(runtimeStorageBackend)}. Nothing is copied because the current backend stores no persisted summaries.`;
+		return localize(
+			`On next save, new summaries will persist to ${storageBackendLabel(runtimeStorageBackend)}. Nothing is copied because the current backend stores no persisted summaries.`,
+			`다음 저장부터 새 요약은 ${storageBackendLabel(runtimeStorageBackend)}에 저장됩니다. 현재 백엔드에는 저장된 요약이 없어서 복사되는 항목은 없습니다.`,
+		);
 	}
 	if (runtimeStorageBackend === 'none') {
-		return `On next save, desktop stops reading and writing persisted summaries. Existing summaries stay in ${storageBackendLabel(current)}. Nothing is migrated or deleted automatically.`;
+		return localize(
+			`On next save, desktop stops reading and writing persisted summaries. Existing summaries stay in ${storageBackendLabel(current)}. Nothing is migrated or deleted automatically.`,
+			`다음 저장부터 데스크톱은 저장된 요약을 읽거나 쓰지 않습니다. 기존 요약은 ${storageBackendLabel(current)}에 그대로 남고, 자동 마이그레이션이나 삭제는 일어나지 않습니다.`,
+		);
 	}
-	return `On next save, existing summaries are copied from ${storageBackendLabel(current)} to ${storageBackendLabel(runtimeStorageBackend)}. Existing source copies are kept.`;
+	return localize(
+		`On next save, existing summaries are copied from ${storageBackendLabel(current)} to ${storageBackendLabel(runtimeStorageBackend)}. Existing source copies are kept.`,
+		`다음 저장 시 기존 요약이 ${storageBackendLabel(current)}에서 ${storageBackendLabel(runtimeStorageBackend)}로 복사됩니다. 기존 원본 복사본도 유지됩니다.`,
+	);
 }
 
 function runtimeSaveLabel(): string {
-	if (runtimeSaving) return 'Saving...';
+	if (runtimeSaving) return localize('Saving...', '저장 중...');
 	const current = persistedStorageBackend();
 	if (!current || current === runtimeStorageBackend) {
-		return 'Save Runtime';
+		return localize('Save Runtime', '런타임 저장');
 	}
 	if (
 		(current === 'hidden_ref' && runtimeStorageBackend === 'local_db') ||
 		(current === 'local_db' && runtimeStorageBackend === 'hidden_ref')
 	) {
-		return 'Save Runtime + Migrate';
+		return localize('Save Runtime + Migrate', '런타임 저장 + 마이그레이션');
 	}
-	return 'Save Runtime + Apply Storage';
+	return localize('Save Runtime + Apply Storage', '런타임 저장 + 저장소 적용');
 }
 
 let activeSettingsSectionId = $state('settings-section-overview');
@@ -519,12 +604,12 @@ function toggleRuntimeChangeReaderVoice() {
 }
 
 const runtimeQuickJumpLinks: RuntimeQuickJumpLink[] = [
-	{ id: 'runtime-section-activity', label: 'Activity' },
-	{ id: 'runtime-section-provider', label: 'Provider' },
-	{ id: 'runtime-section-vector', label: 'Vector' },
-	{ id: 'runtime-section-change-reader', label: 'Reader' },
-	{ id: 'runtime-section-storage', label: 'Storage' },
-	{ id: 'runtime-section-summary-batch', label: 'Batch' },
+	{ id: 'runtime-section-activity', label: localize('Activity', '활동') },
+	{ id: 'runtime-section-provider', label: localize('Provider', '프로바이더') },
+	{ id: 'runtime-section-vector', label: localize('Vector', '벡터') },
+	{ id: 'runtime-section-change-reader', label: localize('Reader', '리더') },
+	{ id: 'runtime-section-storage', label: localize('Storage', '저장소') },
+	{ id: 'runtime-section-summary-batch', label: localize('Batch', '배치') },
 	{ id: 'runtime-section-lifecycle', label: 'TTL' },
 ] as const;
 
@@ -532,86 +617,86 @@ const settingsNavItems = $derived.by((): SettingsSectionNavItem[] => {
 	const items = [
 		{
 			id: 'settings-section-overview',
-			label: 'Overview',
-			detail: 'Page summary and account context',
+			label: localize('Overview', '개요'),
+			detail: localize('Page summary and account context', '페이지 요약과 계정 상태'),
 			visible: true,
 		},
 		{
 			id: 'settings-section-profile',
-			label: 'Profile',
-			detail: 'Identity and linked providers',
+			label: localize('Profile', '프로필'),
+			detail: localize('Identity and linked providers', '신원과 연결된 프로바이더'),
 			visible: authApiEnabled && !authRequired,
 		},
 		{
 			id: 'settings-section-api-key',
-			label: 'API Key',
-			detail: 'CLI and automation access',
+			label: localize('API Key', 'API 키'),
+			detail: localize('CLI and automation access', 'CLI 및 자동화 접근'),
 			visible: authApiEnabled && !authRequired,
 		},
 		{
 			id: 'settings-section-git-credentials',
-			label: 'Git Auth',
-			detail: 'Private repository credentials',
+			label: localize('Git Auth', 'Git 인증'),
+			detail: localize('Private repository credentials', '비공개 저장소 자격 증명'),
 			visible: authApiEnabled && !authRequired,
 		},
 		{
 			id: 'settings-section-runtime',
-			label: 'Runtime',
-			detail: 'Desktop summary controls',
+			label: localize('Runtime', '런타임'),
+			detail: localize('Desktop summary controls', '데스크톱 요약 제어'),
 			visible: true,
 		},
 		{
 			id: 'runtime-section-activity',
-			label: 'Activity',
-			detail: 'Live job and cleanup status',
+			label: localize('Activity', '활동'),
+			detail: localize('Live job and cleanup status', '실시간 작업 및 정리 상태'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-provider',
-			label: 'Provider',
-			detail: 'Summary backend and transport',
+			label: localize('Provider', '프로바이더'),
+			detail: localize('Summary backend and transport', '요약 백엔드와 전송 방식'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-prompt',
-			label: 'Prompt',
-			detail: 'Template and reset controls',
+			label: localize('Prompt', '프롬프트'),
+			detail: localize('Template and reset controls', '템플릿과 초기화 제어'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-response',
-			label: 'Response',
-			detail: 'Style, shape, preview',
+			label: localize('Response', '응답'),
+			detail: localize('Style, shape, preview', '스타일, 형태, 미리보기'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-vector',
-			label: 'Vector',
-			detail: 'Embeddings and index jobs',
+			label: localize('Vector', '벡터'),
+			detail: localize('Embeddings and index jobs', '임베딩과 인덱스 작업'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-change-reader',
-			label: 'Reader',
-			detail: 'Text, Q&A, and voice',
+			label: localize('Reader', '리더'),
+			detail: localize('Text, questions, and voice', '텍스트, 질문, 음성'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-storage',
-			label: 'Storage',
-			detail: 'Persistence backend and trigger',
+			label: localize('Storage', '저장소'),
+			detail: localize('Persistence backend and trigger', '영속화 백엔드와 트리거'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-summary-batch',
-			label: 'Batch',
-			detail: 'Background summary generation',
+			label: localize('Batch', '배치'),
+			detail: localize('Background summary generation', '백그라운드 요약 생성'),
 			visible: runtimeSupported,
 		},
 		{
 			id: 'runtime-section-lifecycle',
-			label: 'Lifecycle',
-			detail: 'TTL and cleanup intervals',
+			label: localize('Lifecycle', '수명주기'),
+			detail: localize('TTL and cleanup intervals', 'TTL과 정리 주기'),
 			visible: runtimeSupported,
 		},
 	];
@@ -619,7 +704,9 @@ const settingsNavItems = $derived.by((): SettingsSectionNavItem[] => {
 });
 
 const runtimeQuickBatchScopeLabel = $derived.by(() =>
-	runtimeBatchScope === 'all' ? 'all sessions' : `${runtimeBatchRecentDays} days`,
+	runtimeBatchScope === 'all'
+		? localize('all sessions', '모든 세션')
+		: localize(`${runtimeBatchRecentDays} days`, `${runtimeBatchRecentDays}일`),
 );
 
 const runtimeActivityCards = $derived.by((): RuntimeActivityCard[] => {
@@ -629,155 +716,244 @@ const runtimeActivityCards = $derived.by((): RuntimeActivityCard[] => {
 	return [
 		{
 			testId: 'runtime-activity-vector',
-			title: 'Vector index',
+			title: localize('Vector index', '벡터 인덱스'),
 			subtitle: `${runtimeVectorProvider} · ${runtimeVectorModel}`,
 			badges: [
 				{
-					label: runtimeVectorEnabled ? 'On' : 'Off',
+					label: toggleWord(runtimeVectorEnabled),
 					tone: runtimeVectorEnabled ? 'enabled' : 'disabled',
 				},
 				{
-					label: runtimeVectorIndex?.state ?? 'idle',
+					label: localize(runtimeVectorIndex?.state ?? 'idle', runtimeVectorIndex?.state === 'running' ? '실행 중' : runtimeVectorIndex?.state === 'failed' ? '실패' : runtimeVectorIndex?.state === 'complete' ? '완료' : '유휴'),
 					tone: activityStateTone(runtimeVectorIndex?.state),
 				},
 			],
 			lines: filterLines([
-				`Provider reachable ${runtimeVectorPreflight?.ollama_reachable ? 'yes' : 'no'} · model installed ${runtimeVectorPreflight?.model_installed ? 'yes' : 'no'}`,
-				vectorIndexProgressLabel(runtimeVectorIndex) ?? 'No rebuild progress recorded yet.',
+				localize(
+					`Provider reachable ${boolWord(runtimeVectorPreflight?.ollama_reachable ?? false)} · model installed ${boolWord(runtimeVectorPreflight?.model_installed ?? false)}`,
+					`프로바이더 연결 ${boolWord(runtimeVectorPreflight?.ollama_reachable ?? false)} · 모델 설치 ${boolWord(runtimeVectorPreflight?.model_installed ?? false)}`,
+				),
+				vectorIndexProgressLabel(runtimeVectorIndex) ?? localize('No rebuild progress recorded yet.', '아직 재구성 진행 기록이 없습니다.'),
 				runtimeVectorIndex?.message,
 			]),
-			timestampLine: `started ${formatDate(runtimeVectorIndex?.started_at)} · finished ${formatDate(runtimeVectorIndex?.finished_at)}`,
+			timestampLine: localize(
+				`started ${formatDate(runtimeVectorIndex?.started_at)} · finished ${formatDate(runtimeVectorIndex?.finished_at)}`,
+				`시작 ${formatDate(runtimeVectorIndex?.started_at)} · 종료 ${formatDate(runtimeVectorIndex?.finished_at)}`,
+			),
 		},
 		{
 			testId: 'runtime-activity-summary-batch',
-			title: 'Summary batch',
-			subtitle: runtimeBatchExecutionMode === 'on_app_start' ? 'auto on app start' : 'manual only',
+			title: localize('Summary batch', '요약 배치'),
+			subtitle:
+				runtimeBatchExecutionMode === 'on_app_start'
+					? localize('auto on app start', '앱 시작 시 자동')
+					: localize('manual only', '수동 전용'),
 			badges: [
 				{
-					label: runtimeBatchExecutionMode === 'on_app_start' ? 'Auto' : 'Manual',
+					label: runtimeBatchExecutionMode === 'on_app_start' ? localize('Auto', '자동') : localize('Manual', '수동'),
 					tone: runtimeBatchExecutionMode === 'on_app_start' ? 'enabled' : 'disabled',
 				},
 				{
-					label: runtimeSummaryBatchStatus?.state ?? 'idle',
+					label: localize(runtimeSummaryBatchStatus?.state ?? 'idle', runtimeSummaryBatchStatus?.state === 'running' ? '실행 중' : runtimeSummaryBatchStatus?.state === 'failed' ? '실패' : runtimeSummaryBatchStatus?.state === 'complete' ? '완료' : '유휴'),
 					tone: activityStateTone(runtimeSummaryBatchStatus?.state),
 				},
 			],
 			lines: filterLines([
-				`scope ${runtimeBatchScope === 'all' ? 'all sessions' : `${runtimeBatchRecentDays} days`}`,
-				summaryBatchProgressLabel(runtimeSummaryBatchStatus) ?? 'No batch runs recorded yet.',
+				localize(
+					`scope ${runtimeBatchScope === 'all' ? 'all sessions' : `${runtimeBatchRecentDays} days`}`,
+					`범위 ${runtimeBatchScope === 'all' ? '모든 세션' : `${runtimeBatchRecentDays}일`}`,
+				),
+				summaryBatchProgressLabel(runtimeSummaryBatchStatus) ?? localize('No batch runs recorded yet.', '아직 배치 실행 기록이 없습니다.'),
 				runtimeSummaryBatchStatus?.message,
 			]),
-			timestampLine: `started ${formatDate(runtimeSummaryBatchStatus?.started_at)} · finished ${formatDate(runtimeSummaryBatchStatus?.finished_at)}`,
+			timestampLine: localize(
+				`started ${formatDate(runtimeSummaryBatchStatus?.started_at)} · finished ${formatDate(runtimeSummaryBatchStatus?.finished_at)}`,
+				`시작 ${formatDate(runtimeSummaryBatchStatus?.started_at)} · 종료 ${formatDate(runtimeSummaryBatchStatus?.finished_at)}`,
+			),
 		},
 		{
 			testId: 'runtime-activity-lifecycle',
-			title: 'Lifecycle cleanup',
-			subtitle: `${runtimeSessionTtlDays}d session TTL · ${runtimeSummaryTtlDays}d summary TTL`,
+			title: localize('Lifecycle cleanup', '수명주기 정리'),
+			subtitle: localize(
+				`${runtimeSessionTtlDays}d session TTL · ${runtimeSummaryTtlDays}d summary TTL`,
+				`세션 TTL ${runtimeSessionTtlDays}일 · 요약 TTL ${runtimeSummaryTtlDays}일`,
+			),
 			badges: [
 				{
-					label: runtimeLifecycleEnabled ? 'On' : 'Off',
+					label: toggleWord(runtimeLifecycleEnabled),
 					tone: runtimeLifecycleEnabled ? 'enabled' : 'disabled',
 				},
 				{
-					label: runtimeLifecycleStatus?.state ?? 'idle',
+					label: localize(runtimeLifecycleStatus?.state ?? 'idle', runtimeLifecycleStatus?.state === 'running' ? '실행 중' : runtimeLifecycleStatus?.state === 'failed' ? '실패' : runtimeLifecycleStatus?.state === 'complete' ? '완료' : '유휴'),
 					tone: activityStateTone(runtimeLifecycleStatus?.state),
 				},
 			],
 			lines: filterLines([
-				`interval ${formatIntervalSeconds(runtimeCleanupIntervalSecs)} · next ${lifecycleNextRunLabel()}`,
+				localize(
+					`interval ${formatIntervalSeconds(runtimeCleanupIntervalSecs)} · next ${lifecycleNextRunLabel()}`,
+					`주기 ${formatIntervalSeconds(runtimeCleanupIntervalSecs)} · 다음 ${lifecycleNextRunLabel()}`,
+				),
 				lifecycleResultLabel(runtimeLifecycleStatus),
 				runtimeLifecycleStatus?.message,
 			]),
-			timestampLine: `started ${formatDate(runtimeLifecycleStatus?.started_at)} · finished ${formatDate(runtimeLifecycleStatus?.finished_at)}`,
+			timestampLine: localize(
+				`started ${formatDate(runtimeLifecycleStatus?.started_at)} · finished ${formatDate(runtimeLifecycleStatus?.finished_at)}`,
+				`시작 ${formatDate(runtimeLifecycleStatus?.started_at)} · 종료 ${formatDate(runtimeLifecycleStatus?.finished_at)}`,
+			),
 		},
 	];
 });
 
 const runtimeQuickSummaryTriggerDetail = $derived.by(() =>
-	runtimeTriggerMode === 'on_session_save' ? 'runs automatically on new saves' : 'manual only',
+	runtimeTriggerMode === 'on_session_save'
+		? localize('runs automatically on new saves', '새 저장 시 자동으로 실행')
+		: localize('manual only', '수동 전용'),
 );
 
 const runtimeQuickBatchDetail = $derived.by(
-	() => `scope ${runtimeBatchScope === 'all' ? 'all sessions' : `${runtimeBatchRecentDays} days`}`,
+	() =>
+		localize(
+			`scope ${runtimeBatchScope === 'all' ? 'all sessions' : `${runtimeBatchRecentDays} days`}`,
+			`범위 ${runtimeBatchScope === 'all' ? '모든 세션' : `${runtimeBatchRecentDays}일`}`,
+		),
 );
 
 const runtimeQuickBatchStatusDetail = $derived.by(
-	() => summaryBatchProgressLabel(runtimeSummaryBatchStatus) ?? 'No batch runs yet.',
+	() => summaryBatchProgressLabel(runtimeSummaryBatchStatus) ?? localize('No batch runs yet.', '아직 배치 실행이 없습니다.'),
 );
 
 const runtimeQuickLifecycleDetail = $derived.by(
-	() => `${runtimeSessionTtlDays}d session TTL · every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`,
+	() =>
+		localize(
+			`${runtimeSessionTtlDays}d session TTL · every ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}`,
+			`세션 TTL ${runtimeSessionTtlDays}일 · ${formatIntervalSeconds(runtimeCleanupIntervalSecs)}마다`,
+		),
 );
 
-const runtimeQuickLifecycleNextDetail = $derived.by(() => `next ${lifecycleNextRunLabel()}`);
+const runtimeQuickLifecycleNextDetail = $derived.by(() =>
+	localize(`next ${lifecycleNextRunLabel()}`, `다음 ${lifecycleNextRunLabel()}`),
+);
 
 const runtimeQuickVectorDetail = $derived.by(() => {
 	const base = `${runtimeVectorProvider} · ${runtimeVectorModel}`;
 	if (runtimeVectorPreflight && !runtimeVectorPreflight.model_installed) {
-		return `${base} · model missing`;
+		return localize(`${base} · model missing`, `${base} · 모델 없음`);
 	}
 	return base;
 });
 
 const runtimeQuickVectorStatusDetail = $derived.by(
-	() => vectorIndexProgressLabel(runtimeVectorIndex) ?? `index ${runtimeVectorIndex?.state ?? 'idle'}`,
+	() =>
+		vectorIndexProgressLabel(runtimeVectorIndex) ??
+		localize(`index ${runtimeVectorIndex?.state ?? 'idle'}`, `인덱스 ${runtimeVectorIndex?.state === 'running' ? '실행 중' : runtimeVectorIndex?.state === 'failed' ? '실패' : runtimeVectorIndex?.state === 'complete' ? '완료' : '유휴'}`),
 );
 
 const runtimeQuickChangeReaderDetail = $derived.by(
 	() =>
-		`text reader · ${runtimeChangeReaderScope} · ${runtimeChangeReaderMaxContextChars.toLocaleString()} chars`,
+		localize(
+			`text reader · ${runtimeChangeReaderScope} · ${runtimeChangeReaderMaxContextChars.toLocaleString()} chars`,
+			`텍스트 리더 · ${runtimeChangeReaderScope} · ${runtimeChangeReaderMaxContextChars.toLocaleString()}자`,
+		),
 );
 
 const runtimeHelp = {
 	defaultSessionView:
-		'full shows the complete raw session. compressed prioritizes semantic summary + condensed context.',
+		localize(
+			'full shows the complete raw session. compressed prioritizes semantic summary + condensed context.',
+			'full은 전체 원본 세션을 보여주고, compressed는 시맨틱 요약과 압축된 맥락을 우선합니다.',
+		),
 	summaryProvider:
-		'disabled turns off summary generation. ollama uses local HTTP inference. codex_exec/claude_cli run local CLI providers.',
-	providerEndpoint: 'HTTP base URL for ollama or other local model server.',
-	providerModel: 'Model name used by the selected provider.',
+		localize(
+			'disabled turns off summary generation. ollama uses local HTTP inference. codex_exec/claude_cli run local CLI providers.',
+			'disabled는 요약 생성을 끕니다. ollama는 로컬 HTTP 추론을 사용하고, codex_exec/claude_cli는 로컬 CLI 프로바이더를 실행합니다.',
+		),
+	providerEndpoint: localize('HTTP base URL for ollama or other local model server.', 'ollama 또는 다른 로컬 모델 서버의 HTTP 기본 URL입니다.'),
+	providerModel: localize('Model name used by the selected provider.', '선택한 프로바이더가 사용하는 모델 이름입니다.'),
 	promptTemplate:
-		'Template passed to the summary generator. Keep placeholders used by your runtime prompt contract.',
+		localize(
+			'Template passed to the summary generator. Keep placeholders used by your runtime prompt contract.',
+			'요약 생성기에 전달되는 템플릿입니다. 런타임 프롬프트 계약에서 쓰는 placeholder는 유지하세요.',
+		),
 	responseStyle:
-		'compact = shortest output, standard = balanced, detailed = richer narrative and context.',
+		localize(
+			'compact = shortest output, standard = balanced, detailed = richer narrative and context.',
+			'compact는 가장 짧은 출력, standard는 균형형, detailed는 더 풍부한 서술과 맥락을 제공합니다.',
+		),
 	outputShape:
-		'layered groups by layer, file_list focuses per-file changes, security_first prioritizes auth/security impact.',
-	vectorModel: 'Embedding model name used for vector indexing.',
-	vectorEndpoint: 'Endpoint for local embedding provider (typically Ollama).',
+		localize(
+			'layered groups by layer, file_list focuses per-file changes, security_first prioritizes auth/security impact.',
+			'layered는 레이어별로 묶고, file_list는 파일별 변경에 집중하며, security_first는 인증/보안 영향을 우선합니다.',
+		),
+	vectorModel: localize('Embedding model name used for vector indexing.', '벡터 인덱싱에 쓰는 임베딩 모델 이름입니다.'),
+	vectorEndpoint: localize('Endpoint for local embedding provider (typically Ollama).', '로컬 임베딩 프로바이더용 엔드포인트입니다. 보통 Ollama를 사용합니다.'),
 	vectorChunkingMode:
-		'auto selects chunk size/overlap from session length best-practice rules. manual uses the fixed values below.',
-	vectorChunkSize: 'Number of lines per semantic chunk before embedding.',
-	vectorChunkOverlap: 'Overlapping lines preserved between adjacent chunks.',
-	vectorTopKChunks: 'Maximum chunk candidates retrieved per query.',
-	vectorTopKSessions: 'Maximum sessions surfaced after chunk ranking.',
+		localize(
+			'auto selects chunk size/overlap from session length best-practice rules. manual uses the fixed values below.',
+			'auto는 세션 길이에 따른 권장 규칙으로 chunk 크기와 overlap을 정합니다. manual은 아래 고정값을 사용합니다.',
+		),
+	vectorChunkSize: localize('Number of lines per semantic chunk before embedding.', '임베딩 전 시맨틱 청크당 줄 수입니다.'),
+	vectorChunkOverlap: localize('Overlapping lines preserved between adjacent chunks.', '인접 청크 사이에 유지할 겹치는 줄 수입니다.'),
+	vectorTopKChunks: localize('Maximum chunk candidates retrieved per query.', '쿼리당 가져올 최대 청크 후보 수입니다.'),
+	vectorTopKSessions: localize('Maximum sessions surfaced after chunk ranking.', '청크 랭킹 후 노출할 최대 세션 수입니다.'),
 	vectorEnable:
-		'Turns on semantic retrieval in search and change analysis. Requires model install and index build.',
+		localize(
+			'Turns on semantic retrieval in search and change analysis. Requires model install and index build.',
+			'검색과 변경 분석에서 시맨틱 검색을 켭니다. 모델 설치와 인덱스 구축이 필요합니다.',
+		),
 	changeReaderEnable:
-		'Turns on the text-based change reader so you can inspect what changed and why across a session.',
+		localize(
+			'Turns on the text-based change reader so you can inspect what changed and why across a session.',
+			'텍스트 기반 변경 리더를 켜서 세션 전반에서 무엇이 왜 바뀌었는지 살펴볼 수 있게 합니다.',
+		),
 	changeReaderScope:
-		'summary_only reads compressed context. full_context expands to broader session context when needed.',
-	changeReaderMaxContext: 'Upper bound of context text loaded for change reading.',
+		localize(
+			'summary_only reads compressed context. full_context expands to broader session context when needed.',
+			'summary_only는 압축된 맥락을 읽고, full_context는 필요 시 더 넓은 세션 맥락으로 확장합니다.',
+		),
+	changeReaderMaxContext: localize('Upper bound of context text loaded for change reading.', '변경 읽기에 불러올 컨텍스트 텍스트의 최대 길이입니다.'),
 	changeReaderQa:
-		'Adds follow-up text Q&A on top of the selected change reader context when the reader is enabled.',
+		localize(
+			'Adds follow-up text questions on top of the selected change reader context when the reader is enabled.',
+			'리더가 켜져 있을 때, 선택된 변경 리더 맥락 위에 후속 텍스트 질문을 추가합니다.',
+		),
 	changeReaderVoiceEnable:
-		'Reads the current change reader output aloud with TTS. Requires a Voice API key and does not change summaries or Q&A.',
-	changeReaderVoiceProvider: 'Voice provider for TTS playback.',
-	changeReaderVoiceModel: 'TTS model used when generating speech audio.',
-	changeReaderVoiceName: 'Voice preset name used by the provider.',
+		localize(
+			'Reads the current change reader output aloud with TTS. Requires a Voice API key and does not change summaries or questions.',
+			'TTS로 현재 변경 리더 출력을 소리 내어 읽습니다. Voice API 키가 필요하며, 요약이나 질문 내용을 바꾸지 않습니다.',
+		),
+	changeReaderVoiceProvider: localize('Voice provider for TTS playback.', 'TTS 재생에 사용할 음성 프로바이더입니다.'),
+	changeReaderVoiceModel: localize('TTS model used when generating speech audio.', '음성 오디오 생성에 사용할 TTS 모델입니다.'),
+	changeReaderVoiceName: localize('Voice preset name used by the provider.', '프로바이더가 사용하는 음성 프리셋 이름입니다.'),
 	changeReaderVoiceApiKey:
-		'Write-only API key for voice playback. Required before voice playback can be enabled. Leave empty to keep the current stored key.',
-	storageTrigger: 'manual runs only when explicitly requested. on_session_save runs automatically on new saves.',
+		localize(
+			'Write-only API key for voice playback. Required before voice playback can be enabled. Leave empty to keep the current stored key.',
+			'음성 재생용 쓰기 전용 API 키입니다. 음성 재생을 켜기 전에 필요합니다. 현재 저장된 키를 유지하려면 비워 두세요.',
+		),
+	storageTrigger: localize('manual runs only when explicitly requested. on_session_save runs automatically on new saves.', 'manual은 명시적으로 요청할 때만 실행합니다. on_session_save는 새 저장 시 자동 실행됩니다.'),
 	storageBackend:
-		'Where summaries are read from and written to after you click Save Runtime. Switching between hidden_ref and local_db copies existing summaries into the selected backend on save. Switching to none does not migrate or delete existing stored summaries.',
+		localize(
+			'Where summaries are read from and written to after you click Save Runtime. Switching between hidden_ref and local_db copies existing summaries into the selected backend on save. Switching to none does not migrate or delete existing stored summaries.',
+			'런타임 저장을 눌렀을 때 요약을 읽고 쓰는 위치입니다. hidden_ref와 local_db 사이를 바꾸면 저장 시 기존 요약을 선택한 백엔드로 복사합니다. none으로 바꾸면 기존 저장 요약을 마이그레이션하거나 삭제하지 않습니다.',
+		),
 	batchExecution:
-		'manual means run only when clicking Run now. on_app_start runs once automatically at desktop startup.',
+		localize(
+			'manual means run only when clicking Run now. on_app_start runs once automatically at desktop startup.',
+			'manual은 지금 실행을 눌렀을 때만 동작합니다. on_app_start는 데스크톱 시작 시 한 번 자동 실행됩니다.',
+		),
 	batchScope:
-		'recent_days targets only recent sessions. all targets every known session regardless of recency.',
-	batchRecentDays: 'Applies only when scope is recent_days. Minimum is 1 day.',
+		localize(
+			'recent_days targets only recent sessions. all targets every known session regardless of recency.',
+			'recent_days는 최근 세션만 대상으로 하고, all은 시점과 관계없이 알려진 모든 세션을 대상으로 합니다.',
+		),
+	batchRecentDays: localize('Applies only when scope is recent_days. Minimum is 1 day.', '범위가 recent_days일 때만 적용됩니다. 최소값은 1일입니다.'),
 	lifecycleEnable:
-		'Enables periodic TTL cleanup for session roots and summary artifacts using the rules below.',
-	sessionTtl: 'Sessions older than this threshold become cleanup candidates.',
-	summaryTtl: 'Summary artifacts older than this threshold become cleanup candidates.',
-	cleanupInterval: 'Seconds between periodic lifecycle cleanup runs.',
+		localize(
+			'Enables periodic TTL cleanup for session roots and summary artifacts using the rules below.',
+			'아래 규칙에 따라 세션 루트와 요약 아티팩트에 대한 주기적 TTL 정리를 활성화합니다.',
+		),
+	sessionTtl: localize('Sessions older than this threshold become cleanup candidates.', '이 기준보다 오래된 세션이 정리 후보가 됩니다.'),
+	summaryTtl: localize('Summary artifacts older than this threshold become cleanup candidates.', '이 기준보다 오래된 요약 아티팩트가 정리 후보가 됩니다.'),
+	cleanupInterval: localize('Seconds between periodic lifecycle cleanup runs.', '주기적 수명주기 정리 실행 사이의 초 단위 간격입니다.'),
 };
 
 function responsePreview(
@@ -786,20 +962,29 @@ function responsePreview(
 ): string {
 	const changesPrefix =
 		style === 'compact'
-			? 'Updated session summary pipeline.'
+			? localize('Updated session summary pipeline.', '세션 요약 파이프라인을 업데이트했습니다.')
 			: style === 'detailed'
-				? 'Refactored the desktop summary pipeline, split provider/prompt/response/storage concerns, and updated hidden-ref persistence semantics.'
-				: 'Updated desktop summary pipeline with clearer runtime settings.';
+				? localize(
+					'Refactored the desktop summary pipeline, split provider/prompt/response/storage concerns, and updated hidden-ref persistence semantics.',
+					'데스크톱 요약 파이프라인을 리팩터링하고 프로바이더/프롬프트/응답/저장소 관심사를 분리했으며, hidden_ref 영속화 의미를 업데이트했습니다.',
+				)
+				: localize('Updated desktop summary pipeline with clearer runtime settings.', '더 명확한 런타임 설정으로 데스크톱 요약 파이프라인을 업데이트했습니다.');
 	const security =
 		shape === 'security_first'
-			? 'Credential paths were isolated and storage policy now defaults to hidden_ref.'
-			: 'none detected';
+			? localize(
+				'Credential paths were isolated and storage policy now defaults to hidden_ref.',
+				'자격 증명 경로를 분리했고 저장소 정책 기본값을 hidden_ref로 맞췄습니다.',
+			)
+			: localize('none detected', '탐지되지 않음');
 
 	const files =
 		shape === 'file_list'
 			? ['desktop/src-tauri/src/main.rs', 'packages/ui/src/components/SettingsPage.svelte']
 			: ['desktop/src-tauri/src/main.rs'];
-	const layer = shape === 'file_list' ? 'application' : 'presentation';
+	const layer =
+		shape === 'file_list'
+			? localize('application', '애플리케이션')
+			: localize('presentation', '프레젠테이션');
 
 	return JSON.stringify(
 		{
@@ -810,8 +995,8 @@ function responsePreview(
 					layer,
 					summary:
 						style === 'compact'
-							? 'Settings/runtime summary flow updated.'
-							: 'Runtime settings and summary persistence behavior were updated.',
+							? localize('Settings/runtime summary flow updated.', '설정/런타임 요약 흐름을 업데이트했습니다.')
+							: localize('Runtime settings and summary persistence behavior were updated.', '런타임 설정과 요약 영속화 동작을 업데이트했습니다.'),
 					files,
 				},
 			],
@@ -831,7 +1016,7 @@ function formatDate(value: string | null | undefined): string {
 	if (!value) return '-';
 	const parsed = new Date(value);
 	if (Number.isNaN(parsed.getTime())) return '-';
-	return parsed.toLocaleString();
+	return parsed.toLocaleString(isKorean ? 'ko-KR' : 'en-US');
 }
 
 function normalizeError(err: unknown, fallback: string): string {
@@ -868,14 +1053,14 @@ function normalizeVectorError(err: unknown, fallback: string): string {
 		const batchEndpoint = apiDetailString(err.details, 'batch_endpoint');
 		const batchStatus = apiDetailNumber(err.details, 'batch_status');
 		const lines = [message];
-		if (reason) lines.push(`Reason: ${reason}`);
+		if (reason) lines.push(localize(`Reason: ${reason}`, `원인: ${reason}`));
 		if (status != null) lines.push(`HTTP: ${status}`);
-		if (batchReason) lines.push(`Batch reason: ${batchReason}`);
-		if (batchStatus != null) lines.push(`Batch HTTP: ${batchStatus}`);
-		if (hint) lines.push(`Action: ${hint}`);
-		if (model) lines.push(`Model: ${model}`);
-		if (endpoint) lines.push(`Endpoint: ${endpoint}`);
-		if (batchEndpoint) lines.push(`Batch endpoint: ${batchEndpoint}`);
+		if (batchReason) lines.push(localize(`Batch reason: ${batchReason}`, `배치 원인: ${batchReason}`));
+		if (batchStatus != null) lines.push(localize(`Batch HTTP: ${batchStatus}`, `배치 HTTP: ${batchStatus}`));
+		if (hint) lines.push(localize(`Action: ${hint}`, `조치: ${hint}`));
+		if (model) lines.push(localize(`Model: ${model}`, `모델: ${model}`));
+		if (endpoint) lines.push(localize(`Endpoint: ${endpoint}`, `엔드포인트: ${endpoint}`));
+		if (batchEndpoint) lines.push(localize(`Batch endpoint: ${batchEndpoint}`, `배치 엔드포인트: ${batchEndpoint}`));
 		return lines.join('\n');
 	}
 	return normalizeError(err, fallback);
@@ -883,23 +1068,26 @@ function normalizeVectorError(err: unknown, fallback: string): string {
 
 function vectorStatusGuidance(): string[] {
 	if (!runtimeVectorPreflight) {
-		return ['Run vector preflight to inspect provider and model readiness.'];
+		return [localize('Run vector preflight to inspect provider and model readiness.', '프로바이더와 모델 준비 상태를 보려면 벡터 사전 점검을 실행하세요.')];
 	}
 	const guidance: string[] = [];
 	if (!runtimeVectorPreflight.ollama_reachable) {
-		guidance.push('Install Ollama: https://ollama.com/download');
-		guidance.push('Start provider: run `ollama serve` and retry preflight.');
+		guidance.push(localize('Install Ollama: https://ollama.com/download', 'Ollama 설치: https://ollama.com/download'));
+		guidance.push(localize('Start provider: run `ollama serve` and retry preflight.', '프로바이더 시작: `ollama serve`를 실행한 뒤 사전 점검을 다시 시도하세요.'));
 	}
 	if (!runtimeVectorPreflight.model_installed) {
 		guidance.push(
-			`Install model: run \`ollama pull ${runtimeVectorPreflight.model}\` or click "Install model".`,
+			localize(
+				`Install model: run \`ollama pull ${runtimeVectorPreflight.model}\` or click "Install model".`,
+				`모델 설치: \`ollama pull ${runtimeVectorPreflight.model}\`를 실행하거나 "모델 설치"를 누르세요.`,
+			),
 		);
 	}
 	if (runtimeVectorIndex?.state === 'failed') {
-		guidance.push('Rebuild index: click "Rebuild index" after fixing provider/model issues.');
+		guidance.push(localize('Rebuild index: click "Rebuild index" after fixing provider/model issues.', '인덱스 재구성: 프로바이더/모델 문제를 고친 뒤 "인덱스 재구성"을 누르세요.'));
 	}
 	if (guidance.length === 0) {
-		guidance.push('Vector pipeline is ready.');
+		guidance.push(localize('Vector pipeline is ready.', '벡터 파이프라인이 준비되었습니다.'));
 	}
 	return guidance;
 }
@@ -1011,7 +1199,7 @@ async function refreshLifecycleCleanupStatus(surfaceError: boolean = true): Prom
 	} catch (err) {
 		runtimeLifecycleStatus = null;
 		if (surfaceError) {
-			runtimeError = normalizeError(err, 'Failed to fetch lifecycle cleanup status');
+			runtimeError = normalizeError(err, localize('Failed to fetch lifecycle cleanup status', '수명주기 정리 상태를 가져오지 못했습니다'));
 		}
 		return false;
 	}
@@ -1182,21 +1370,27 @@ const runtimeDraftDirty = $derived.by(() => {
 const runtimePersistStatus = $derived.by(() => {
 	if (runtimeLoading) {
 		return {
-			title: 'Loading runtime config',
-			detail: 'Fetching the current persisted desktop runtime settings.',
+			title: localize('Loading runtime config', '런타임 설정 불러오는 중'),
+			detail: localize('Fetching the current persisted desktop runtime settings.', '현재 저장된 데스크톱 런타임 설정을 가져오고 있습니다.'),
 		};
 	}
 	if (runtimeDraftDirty) {
 		return {
-			title: 'Unsaved runtime changes',
+			title: localize('Unsaved runtime changes', '저장되지 않은 런타임 변경 사항'),
 			detail:
-				'Checkbox, select, and input edits are drafts until you click Save Runtime. Reopening Settings reloads the last persisted values.',
+				localize(
+					'Checkbox, select, and input edits are drafts until you click Save Runtime. Reopening Settings reloads the last persisted values.',
+					'체크박스, 선택, 입력 변경은 런타임 저장을 누르기 전까지 초안입니다. 설정을 다시 열면 마지막으로 저장된 값이 다시 로드됩니다.',
+				),
 		};
 	}
 	return {
-		title: 'Runtime config is persisted',
+		title: localize('Runtime config is persisted', '런타임 설정이 저장된 상태입니다'),
 		detail:
-			'Current values match the saved desktop runtime config. New edits stay local to this page until you save them.',
+			localize(
+				'Current values match the saved desktop runtime config. New edits stay local to this page until you save them.',
+				'현재 값은 저장된 데스크톱 런타임 설정과 일치합니다. 새 수정 사항은 저장하기 전까지 이 페이지에만 반영됩니다.',
+			),
 	};
 });
 
@@ -1215,7 +1409,7 @@ function handleResetRuntimeDraft() {
 	if (!runtimeSettings) return;
 	applyRuntimeSettingsToDraft(runtimeSettings);
 	runtimeError = null;
-	runtimeDetectMessage = 'Discarded unsaved runtime edits.';
+	runtimeDetectMessage = localize('Discarded unsaved runtime edits.', '저장되지 않은 런타임 변경을 버렸습니다.');
 }
 
 async function handleSaveRuntimeSettings() {
@@ -1234,9 +1428,12 @@ async function handleSaveRuntimeSettings() {
 		applyRuntimeSettingsToDraft(updated);
 		await refreshLifecycleCleanupStatus(false);
 		await refreshSummaryBatchStatus();
-		runtimeDetectMessage = 'Runtime settings saved and will persist when you reopen Settings.';
+		runtimeDetectMessage = localize(
+			'Runtime settings saved and will persist when you reopen Settings.',
+			'런타임 설정을 저장했습니다. 설정을 다시 열어도 유지됩니다.',
+		);
 	} catch (err) {
-		runtimeError = normalizeError(err, 'Failed to save runtime settings');
+		runtimeError = normalizeError(err, localize('Failed to save runtime settings', '런타임 설정 저장에 실패했습니다'));
 	} finally {
 		runtimeSaving = false;
 	}
@@ -1249,7 +1446,7 @@ async function handleDetectRuntimeProvider() {
 	try {
 		const detected: DesktopSummaryProviderDetectResponse = await detectSummaryProvider();
 		if (!detected.detected || !detected.provider) {
-			runtimeDetectMessage = 'No local provider detected.';
+			runtimeDetectMessage = localize('No local provider detected.', '로컬 프로바이더를 찾지 못했습니다.');
 			return;
 		}
 		runtimeProvider = detected.provider;
@@ -1262,9 +1459,12 @@ async function handleDetectRuntimeProvider() {
 		});
 		runtimeSettings = updated;
 		applyRuntimeSettingsToDraft(updated);
-		runtimeDetectMessage = `Detected and applied provider: ${detected.provider}`;
+		runtimeDetectMessage = localize(
+			`Detected and applied provider: ${detected.provider}`,
+			`감지 후 적용한 프로바이더: ${detected.provider}`,
+		);
 	} catch (err) {
-		runtimeError = normalizeError(err, 'Failed to detect/apply local provider');
+		runtimeError = normalizeError(err, localize('Failed to detect/apply local provider', '로컬 프로바이더 감지/적용에 실패했습니다'));
 	} finally {
 		runtimeDetecting = false;
 	}
@@ -1277,7 +1477,7 @@ async function refreshSummaryBatchStatus() {
 	} catch (err) {
 		runtimeSummaryBatchStatus = null;
 		runtimeSummaryBatchRunning = false;
-		runtimeError = normalizeError(err, 'Failed to fetch summary batch status');
+		runtimeError = normalizeError(err, localize('Failed to fetch summary batch status', '요약 배치 상태를 가져오지 못했습니다'));
 	}
 }
 
@@ -1289,7 +1489,7 @@ async function handleRunSummaryBatchNow() {
 		runtimeSummaryBatchRunning = isSummaryBatchRunning(runtimeSummaryBatchStatus);
 	} catch (err) {
 		runtimeSummaryBatchRunning = false;
-		runtimeError = normalizeError(err, 'Failed to run summary batch');
+		runtimeError = normalizeError(err, localize('Failed to run summary batch', '요약 배치 실행에 실패했습니다'));
 	}
 }
 
@@ -1299,12 +1499,12 @@ async function refreshVectorPreflight(): Promise<boolean> {
 		runtimeVectorInstalling = isVectorInstallRunning(runtimeVectorPreflight);
 		runtimeVectorError = null;
 		if (runtimeVectorPreflight.model_installed && runtimeVectorEnabled) {
-			runtimeDetectMessage = 'Vector model is ready.';
+			runtimeDetectMessage = localize('Vector model is ready.', '벡터 모델이 준비되었습니다.');
 		}
 		return true;
 	} catch (err) {
 		runtimeVectorPreflight = null;
-		runtimeVectorError = normalizeVectorError(err, 'Failed to fetch vector model status');
+		runtimeVectorError = normalizeVectorError(err, localize('Failed to fetch vector model status', '벡터 모델 상태를 가져오지 못했습니다'));
 		return false;
 	}
 }
@@ -1316,7 +1516,7 @@ async function refreshVectorIndexStatus(): Promise<boolean> {
 		return true;
 	} catch (err) {
 		runtimeVectorIndex = null;
-		runtimeVectorError = normalizeVectorError(err, 'Failed to fetch vector index status');
+		runtimeVectorError = normalizeVectorError(err, localize('Failed to fetch vector index status', '벡터 인덱스 상태를 가져오지 못했습니다'));
 		return false;
 	}
 }
@@ -1327,7 +1527,7 @@ async function handleVectorInstallModel() {
 	try {
 		const status = await vectorInstallModel(runtimeVectorModel);
 		if (status.state === 'failed') {
-			runtimeVectorError = status.message ?? 'Model installation failed.';
+			runtimeVectorError = status.message ?? localize('Model installation failed.', '모델 설치에 실패했습니다.');
 			runtimeVectorInstalling = false;
 			return;
 		}
@@ -1335,7 +1535,7 @@ async function handleVectorInstallModel() {
 		await refreshVectorPreflight();
 	} catch (err) {
 		runtimeVectorInstalling = false;
-		runtimeVectorError = normalizeVectorError(err, 'Failed to install vector model');
+		runtimeVectorError = normalizeVectorError(err, localize('Failed to install vector model', '벡터 모델 설치에 실패했습니다'));
 	}
 }
 
@@ -1345,13 +1545,16 @@ async function handleVectorReindex() {
 	if (!runtimeVectorPreflight.ollama_reachable) {
 		runtimeVectorError =
 			runtimeVectorPreflight.message ??
-			'Ollama is not reachable. Start it with `ollama serve`.';
+			localize('Ollama is not reachable. Start it with `ollama serve`.', 'Ollama에 연결할 수 없습니다. `ollama serve`로 시작하세요.');
 		return;
 	}
 	if (!runtimeVectorPreflight.model_installed) {
 		runtimeVectorError =
 			runtimeVectorPreflight.message ??
-			`Model ${runtimeVectorPreflight.model} is not installed. Install model first.`;
+			localize(
+				`Model ${runtimeVectorPreflight.model} is not installed. Install model first.`,
+				`모델 ${runtimeVectorPreflight.model}이 설치되지 않았습니다. 먼저 모델을 설치하세요.`,
+			);
 		return;
 	}
 
@@ -1361,11 +1564,11 @@ async function handleVectorReindex() {
 		runtimeVectorIndex = await vectorIndexRebuild();
 		runtimeVectorReindexing = isVectorIndexRunning(runtimeVectorIndex);
 		if (runtimeVectorIndex?.state === 'failed') {
-			runtimeVectorError = runtimeVectorIndex.message ?? 'Vector index rebuild failed.';
+			runtimeVectorError = runtimeVectorIndex.message ?? localize('Vector index rebuild failed.', '벡터 인덱스 재구성에 실패했습니다.');
 		}
 	} catch (err) {
 		runtimeVectorReindexing = false;
-		runtimeVectorError = normalizeVectorError(err, 'Failed to start vector index rebuild');
+		runtimeVectorError = normalizeVectorError(err, localize('Failed to start vector index rebuild', '벡터 인덱스 재구성을 시작하지 못했습니다'));
 	}
 }
 
@@ -1377,14 +1580,14 @@ async function handleIssueApiKey() {
 		const response = await issueApiKey();
 		issuedApiKey = response.api_key;
 	} catch (err) {
-		error = normalizeError(err, 'Failed to issue API key');
+		error = normalizeError(err, localize('Failed to issue API key', 'API 키 발급에 실패했습니다'));
 	} finally {
 		issuing = false;
 	}
 }
 
 async function copyApiKey() {
-	copyMessage = await copyTextSurface(
+	const result = await copyTextSurface(
 		{
 			writeText: async (text) => {
 				if (typeof navigator === 'undefined' || !navigator.clipboard?.writeText) {
@@ -1395,6 +1598,10 @@ async function copyApiKey() {
 		},
 		issuedApiKey,
 	);
+	copyMessage =
+		result === 'Copied'
+			? localize('Copied', '복사했습니다')
+			: localize('Copy failed', '복사에 실패했습니다');
 }
 
 function currentBackgroundPollState() {
@@ -1429,7 +1636,7 @@ async function handleCreateCredential() {
 		credentialHeaderValue = '';
 		await loadGitCredentials();
 	} catch (err) {
-		credentialsError = normalizeError(err, 'Failed to save git credential');
+		credentialsError = normalizeError(err, localize('Failed to save git credential', 'Git 자격 증명 저장에 실패했습니다'));
 	} finally {
 		creatingCredential = false;
 	}
@@ -1442,7 +1649,7 @@ async function handleDeleteCredential(id: string) {
 		await deleteGitCredential(id);
 		await loadGitCredentials();
 	} catch (err) {
-		credentialsError = normalizeError(err, 'Failed to delete git credential');
+		credentialsError = normalizeError(err, localize('Failed to delete git credential', 'Git 자격 증명 삭제에 실패했습니다'));
 	} finally {
 		deletingCredentialId = null;
 	}
@@ -1516,7 +1723,7 @@ $effect(() => {
 </script>
 
 <svelte:head>
-	<title>Settings - opensession.io</title>
+	<title>{localize('Settings - opensession.io', '설정 - opensession.io')}</title>
 </svelte:head>
 
 <div data-testid="settings-page" class="mx-auto w-full max-w-7xl pb-10">
@@ -1529,63 +1736,68 @@ $effect(() => {
 
 		<div class="space-y-4">
 	<header id="settings-section-overview" class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-3">
-		<p class="text-[11px] uppercase tracking-[0.12em] text-text-muted">Account</p>
-		<h1 class="mt-1 text-3xl font-semibold tracking-tight text-text-primary">Settings</h1>
-		<p class="mt-1 text-sm text-text-secondary">Personal profile and API access controls.</p>
+		<p class="text-[11px] uppercase tracking-[0.12em] text-text-muted">{localize('Account', '계정')}</p>
+		<h1 class="mt-1 text-3xl font-semibold tracking-tight text-text-primary">{localize('Settings', '설정')}</h1>
+		<p class="mt-1 text-sm text-text-secondary">{localize('Personal profile and API access controls.', '개인 프로필과 API 접근 제어를 관리합니다.')}</p>
 	</header>
 
+	<LanguageSettingsPanel />
+
 		{#if loading}
-			<div class="border border-border bg-bg-secondary px-4 py-8 text-center text-sm text-text-muted">Loading...</div>
+			<div class="border border-border bg-bg-secondary px-4 py-8 text-center text-sm text-text-muted">{localize('Loading...', '불러오는 중...')}</div>
 		{:else if authApiEnabled && authRequired}
 			<section
 				id="settings-section-profile"
 				data-testid="settings-require-auth"
 				class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-6 text-sm text-text-secondary xl:max-w-3xl"
 			>
-			<p class="text-text-primary">Sign in is required to view personal settings.</p>
+			<p class="text-text-primary">{localize('Sign in is required to view personal settings.', '개인 설정을 보려면 로그인해야 합니다.')}</p>
 			<div class="mt-4">
 				<button
 					type="button"
 					onclick={() => onNavigate('/login')}
 					class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85"
 				>
-					Go to login
+					{localize('Go to login', '로그인으로 이동')}
 				</button>
 			</div>
 		</section>
 	{:else if authApiEnabled}
 		<section id="settings-section-profile" class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl">
-			<h2 class="text-sm font-semibold text-text-primary">Profile</h2>
+			<h2 class="text-sm font-semibold text-text-primary">{localize('Profile', '프로필')}</h2>
 			{#if settings}
 				<dl class="mt-3 grid gap-2 text-xs text-text-secondary sm:grid-cols-[10rem_1fr]">
-					<dt>User ID</dt>
+					<dt>{localize('User ID', '사용자 ID')}</dt>
 					<dd class="font-mono text-text-primary">{settings.user_id}</dd>
-					<dt>Nickname</dt>
+					<dt>{localize('Nickname', '닉네임')}</dt>
 					<dd class="text-text-primary">{settings.nickname}</dd>
-					<dt>Email</dt>
-					<dd class="text-text-primary">{settings.email ?? 'not linked'}</dd>
-					<dt>Joined</dt>
+					<dt>{localize('Email', '이메일')}</dt>
+					<dd class="text-text-primary">{settings.email ?? localize('not linked', '연결되지 않음')}</dd>
+					<dt>{localize('Joined', '가입일')}</dt>
 					<dd class="text-text-primary">{formatDate(settings.created_at)}</dd>
-					<dt>Linked OAuth</dt>
+					<dt>{localize('Linked OAuth', '연결된 OAuth')}</dt>
 					<dd class="text-text-primary">
 						{#if settings.oauth_providers.length === 0}
-							none
+							{localize('none', '없음')}
 						{:else}
 							{settings.oauth_providers.map((provider) => provider.display_name).join(', ')}
 						{/if}
 					</dd>
 				</dl>
 			{:else}
-				<p class="mt-2 text-xs text-text-muted">No profile data available.</p>
+				<p class="mt-2 text-xs text-text-muted">{localize('No profile data available.', '프로필 데이터가 없습니다.')}</p>
 			{/if}
 		</section>
 
 		<section id="settings-section-api-key" class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl">
 			<div class="flex flex-wrap items-center justify-between gap-3">
 				<div>
-					<h2 class="text-sm font-semibold text-text-primary">Personal API Key</h2>
+					<h2 class="text-sm font-semibold text-text-primary">{localize('Personal API Key', '개인 API 키')}</h2>
 					<p class="mt-1 text-xs text-text-secondary">
-						Issue a new key for CLI and automation access. Existing active key moves to grace mode.
+						{localize(
+							'Issue a new key for CLI and automation access. Existing active key moves to grace mode.',
+							'CLI와 자동화 접근용 새 키를 발급합니다. 기존 활성 키는 유예 상태로 전환됩니다.',
+						)}
 					</p>
 				</div>
 				<button
@@ -1595,13 +1807,17 @@ $effect(() => {
 					disabled={issuing}
 					class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
 				>
-					{issuing ? 'Issuing...' : issuedApiKey ? 'Regenerate key' : 'Issue key'}
+					{issuing
+						? localize('Issuing...', '발급 중...')
+						: issuedApiKey
+							? localize('Regenerate key', '키 재발급')
+							: localize('Issue key', '키 발급')}
 				</button>
 			</div>
 
 			{#if issuedApiKey}
 				<div class="mt-4 border border-border/80 bg-bg-primary p-3">
-					<p class="mb-2 text-xs text-text-muted">Shown once. Save this key now.</p>
+					<p class="mb-2 text-xs text-text-muted">{localize('Shown once. Save this key now.', '한 번만 표시됩니다. 지금 이 키를 저장하세요.')}</p>
 					<code data-testid="issued-api-key" class="block break-all font-mono text-xs text-text-primary">
 						{issuedApiKey}
 					</code>
@@ -1612,7 +1828,7 @@ $effect(() => {
 							onclick={copyApiKey}
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary"
 						>
-							Copy
+							{localize('Copy', '복사')}
 						</button>
 						{#if copyMessage}
 							<span class="text-xs text-text-muted">{copyMessage}</span>
@@ -1628,15 +1844,18 @@ $effect(() => {
 			data-testid="git-credential-settings"
 		>
 			<div class="space-y-1">
-				<h2 class="text-sm font-semibold text-text-primary">Private Git Credentials</h2>
+				<h2 class="text-sm font-semibold text-text-primary">{localize('Private Git Credentials', '비공개 Git 자격 증명')}</h2>
 				<p class="text-xs text-text-secondary">
-					Preferred: connect GitHub/GitLab OAuth. Manual credentials are used for private self-managed or generic git remotes.
+					{localize(
+						'Preferred: connect GitHub/GitLab OAuth. Manual credentials are used for private self-managed or generic git remotes.',
+						'권장: GitHub/GitLab OAuth를 연결하세요. 수동 자격 증명은 비공개 self-managed 또는 일반 git remote에 사용됩니다.',
+					)}
 				</p>
 			</div>
 
 			{#if !credentialsSupported}
 				<p class="mt-3 text-xs text-text-muted">
-					This deployment does not expose credential management endpoints.
+					{localize('This deployment does not expose credential management endpoints.', '이 배포는 자격 증명 관리 엔드포인트를 제공하지 않습니다.')}
 				</p>
 			{:else}
 				<div class="mt-4 space-y-3">
@@ -1644,35 +1863,35 @@ $effect(() => {
 						<input
 							data-testid="git-credential-label"
 							type="text"
-							placeholder="Label"
+							placeholder={localize('Label', '라벨')}
 							bind:value={credentialLabel}
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 						/>
 						<input
 							data-testid="git-credential-host"
 							type="text"
-							placeholder="Host (e.g. gitlab.internal.example.com)"
+							placeholder={localize('Host (e.g. gitlab.internal.example.com)', '호스트 (예: gitlab.internal.example.com)')}
 							bind:value={credentialHost}
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 						/>
 						<input
 							data-testid="git-credential-path-prefix"
 							type="text"
-							placeholder="Path prefix (optional, e.g. group/subgroup)"
+							placeholder={localize('Path prefix (optional, e.g. group/subgroup)', '경로 접두사 (선택, 예: group/subgroup)')}
 							bind:value={credentialPathPrefix}
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 						/>
 						<input
 							data-testid="git-credential-header-name"
 							type="text"
-							placeholder="Header name"
+							placeholder={localize('Header name', '헤더 이름')}
 							bind:value={credentialHeaderName}
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 						/>
 						<input
 							data-testid="git-credential-header-value"
 							type="password"
-							placeholder="Header value (secret)"
+							placeholder={localize('Header value (secret)', '헤더 값 (비밀값)')}
 							bind:value={credentialHeaderValue}
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary sm:col-span-2"
 						/>
@@ -1685,22 +1904,22 @@ $effect(() => {
 							disabled={creatingCredential}
 							class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
 						>
-							{creatingCredential ? 'Saving...' : 'Save credential'}
+							{creatingCredential ? localize('Saving...', '저장 중...') : localize('Save credential', '자격 증명 저장')}
 						</button>
 					</div>
 				</div>
 
 				<div class="mt-4 border border-border/70">
 					<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] gap-2 border-b border-border bg-bg-primary px-3 py-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">
-						<span>Label</span>
-						<span>Host</span>
-						<span>Path Prefix</span>
-						<span>Action</span>
+						<span>{localize('Label', '라벨')}</span>
+						<span>{localize('Host', '호스트')}</span>
+						<span>{localize('Path Prefix', '경로 접두사')}</span>
+						<span>{localize('Action', '동작')}</span>
 					</div>
 					{#if credentialsLoading}
-						<div class="px-3 py-3 text-xs text-text-muted">Loading credentials...</div>
+						<div class="px-3 py-3 text-xs text-text-muted">{localize('Loading credentials...', '자격 증명을 불러오는 중...')}</div>
 					{:else if credentials.length === 0}
-						<div class="px-3 py-3 text-xs text-text-muted">No manual credentials registered.</div>
+						<div class="px-3 py-3 text-xs text-text-muted">{localize('No manual credentials registered.', '등록된 수동 자격 증명이 없습니다.')}</div>
 					{:else}
 						{#each credentials as credential}
 							<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] items-center gap-2 border-b border-border/60 px-3 py-2 text-xs">
@@ -1714,14 +1933,17 @@ $effect(() => {
 									onclick={() => handleDeleteCredential(credential.id)}
 									class="border border-border px-2 py-1 text-[11px] text-text-secondary hover:text-text-primary disabled:opacity-60"
 								>
-									{deletingCredentialId === credential.id ? 'Deleting...' : 'Delete'}
+									{deletingCredentialId === credential.id ? localize('Deleting...', '삭제 중...') : localize('Delete', '삭제')}
 								</button>
 							</div>
 						{/each}
 					{/if}
 				</div>
 				<p class="mt-2 text-[11px] text-text-muted">
-					Secrets are never shown again after save. Stored values are encrypted at rest.
+					{localize(
+						'Secrets are never shown again after save. Stored values are encrypted at rest.',
+						'비밀값은 저장 후 다시 표시되지 않습니다. 저장된 값은 at-rest 암호화됩니다.',
+					)}
 				</p>
 			{/if}
 		</section>
@@ -1741,9 +1963,12 @@ $effect(() => {
 	>
 		<div class="flex flex-wrap items-center justify-between gap-3">
 			<div>
-				<h2 class="text-sm font-semibold text-text-primary">Runtime Summary (Desktop)</h2>
+				<h2 class="text-sm font-semibold text-text-primary">{localize('Runtime Summary (Desktop)', '런타임 요약 (데스크톱)')}</h2>
 				<p class="mt-1 text-xs text-text-secondary">
-					Provider, prompt, response, and storage settings for desktop local runtime.
+					{localize(
+						'Provider, prompt, response, and storage settings for desktop local runtime.',
+						'데스크톱 로컬 런타임의 프로바이더, 프롬프트, 응답, 저장소 설정입니다.',
+					)}
 				</p>
 			</div>
 			<div class="flex items-center gap-2">
@@ -1754,7 +1979,7 @@ $effect(() => {
 						disabled={!runtimeSupported || runtimeDetecting || runtimeSaving || runtimeLoading}
 						class="inline-flex h-9 items-center border border-border px-3 text-xs font-semibold text-text-secondary hover:text-text-primary disabled:opacity-60"
 					>
-						{runtimeDetecting ? 'Detecting...' : 'Detect Provider'}
+						{runtimeDetecting ? localize('Detecting...', '감지 중...') : localize('Detect Provider', '프로바이더 감지')}
 					</button>
 						<button
 							type="button"
@@ -1769,10 +1994,13 @@ $effect(() => {
 		</div>
 
 		{#if runtimeLoading}
-			<p class="mt-3 text-xs text-text-muted">Loading runtime settings...</p>
+			<p class="mt-3 text-xs text-text-muted">{localize('Loading runtime settings...', '런타임 설정을 불러오는 중...')}</p>
 		{:else if !runtimeSupported}
 			<p class="mt-3 text-xs text-text-muted">
-				Runtime settings are not available in this environment (desktop IPC required).
+				{localize(
+					'Runtime settings are not available in this environment (desktop IPC required).',
+					'이 환경에서는 런타임 설정을 사용할 수 없습니다. (데스크톱 IPC 필요)',
+				)}
 			</p>
 		{:else}
 			<div class="mt-4 grid gap-4 xl:grid-cols-[minmax(0,1fr)_18rem] xl:items-start">
@@ -1793,13 +2021,13 @@ $effect(() => {
 
 				<label class="block text-xs text-text-secondary">
 					<FieldHelp
-						label="Default Session View"
+						label={localize('Default Session View', '기본 세션 보기')}
 						help={runtimeHelp.defaultSessionView}
 						testId="runtime-help-default-session-view"
 					/>
 					<select bind:value={runtimeSessionDefaultView} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-						<option value="full">full</option>
-						<option value="compressed">compressed</option>
+						<option value="full">{localize('full', '전체')}</option>
+						<option value="compressed">{localize('compressed', '압축')}</option>
 					</select>
 				</label>
 
@@ -1808,10 +2036,10 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-provider"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Provider</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Provider', '프로바이더')}</h3>
 					<label class="block text-xs text-text-secondary">
 						<FieldHelp
-							label="Summary Provider"
+								label={localize('Summary Provider', '요약 프로바이더')}
 							help={runtimeHelp.summaryProvider}
 							testId="runtime-help-summary-provider"
 						/>
@@ -1821,19 +2049,19 @@ $effect(() => {
 							data-testid="runtime-provider-select"
 							class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 						>
-							<option value="disabled">disabled</option>
+							<option value="disabled">{localize('disabled', '사용 안 함')}</option>
 							<option value="ollama">ollama</option>
 							<option value="codex_exec">codex_exec</option>
 							<option value="claude_cli">claude_cli</option>
 						</select>
 					</label>
 					<p class="text-[11px] text-text-muted" data-testid="runtime-provider-transport">
-						transport: {currentRuntimeProviderTransport()}
+						{localize('transport', '전송 방식')}: {currentRuntimeProviderTransport()}
 					</p>
 					{#if currentRuntimeProviderTransport() === 'http'}
 						<label class="block text-xs text-text-secondary">
 							<FieldHelp
-								label="Endpoint"
+								label={localize('Endpoint', '엔드포인트')}
 								help={runtimeHelp.providerEndpoint}
 								testId="runtime-help-provider-endpoint"
 							/>
@@ -1845,7 +2073,7 @@ $effect(() => {
 						</label>
 						<label class="block text-xs text-text-secondary">
 							<FieldHelp
-								label="Model"
+								label={localize('Model', '모델')}
 								help={runtimeHelp.providerModel}
 								testId="runtime-help-provider-model"
 							/>
@@ -1858,7 +2086,7 @@ $effect(() => {
 					{:else if currentRuntimeProviderTransport() === 'cli'}
 						<label class="block text-xs text-text-secondary">
 							<FieldHelp
-								label="Model (optional)"
+								label={localize('Model (optional)', '모델 (선택)')}
 								help={runtimeHelp.providerModel}
 								testId="runtime-help-provider-model"
 							/>
@@ -1869,7 +2097,7 @@ $effect(() => {
 							/>
 						</label>
 						<p class="text-[11px] text-text-muted" data-testid="runtime-provider-cli-status">
-							{runtimeDetectMessage ?? 'Run Detect Provider to verify CLI availability.'}
+							{runtimeDetectMessage ?? localize('Run Detect Provider to verify CLI availability.', 'CLI 사용 가능 여부를 확인하려면 프로바이더 감지를 실행하세요.')}
 						</p>
 					{/if}
 				</section>
@@ -1879,10 +2107,10 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-prompt"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Prompt</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Prompt', '프롬프트')}</h3>
 					<label class="block text-xs text-text-secondary">
 						<FieldHelp
-							label="Prompt Template"
+							label={localize('Prompt Template', '프롬프트 템플릿')}
 							help={runtimeHelp.promptTemplate}
 							testId="runtime-help-prompt-template"
 						/>
@@ -1900,11 +2128,11 @@ $effect(() => {
 							data-testid="runtime-prompt-reset-default"
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary"
 						>
-							Reset to default
+							{localize('Reset to default', '기본값으로 재설정')}
 						</button>
 					</div>
 					<label class="block text-xs text-text-secondary">
-						<span class="mb-1 block">Default Template (read-only)</span>
+						<span class="mb-1 block">{localize('Default Template (read-only)', '기본 템플릿 (읽기 전용)')}</span>
 						<textarea
 							readonly
 							value={runtimePromptDefaultTemplate}
@@ -1919,38 +2147,38 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-response"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Response</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Response', '응답')}</h3>
 					<div class="grid gap-2 sm:grid-cols-2">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Response Style"
+								label={localize('Response Style', '응답 스타일')}
 								help={runtimeHelp.responseStyle}
 								testId="runtime-help-response-style"
 							/>
 							<select bind:value={runtimeResponseStyle} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-								<option value="compact">compact</option>
-								<option value="standard">standard</option>
-								<option value="detailed">detailed</option>
+								<option value="compact">{localize('compact', '간결')}</option>
+								<option value="standard">{localize('standard', '표준')}</option>
+								<option value="detailed">{localize('detailed', '상세')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Output Shape"
+								label={localize('Output Shape', '출력 형태')}
 								help={runtimeHelp.outputShape}
 								testId="runtime-help-output-shape"
 							/>
 							<select bind:value={runtimeOutputShape} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-								<option value="layered">layered</option>
-								<option value="file_list">file_list</option>
-								<option value="security_first">security_first</option>
+								<option value="layered">{localize('layered', '레이어별')}</option>
+								<option value="file_list">{localize('file_list', '파일 목록')}</option>
+								<option value="security_first">{localize('security_first', '보안 우선')}</option>
 							</select>
 						</label>
 					</div>
 					<p class="text-[11px] text-text-muted">
-						Desktop source mode is locked to <code>session_only</code> ({runtimeSourceMode}).
+						{localize('Desktop source mode is locked to', '데스크톱 원본 모드는')} <code>session_only</code> ({runtimeSourceMode}){localize('.', '로 고정됩니다.')}
 					</p>
 					<div class="border border-border/70 bg-bg-primary p-2" data-testid="settings-response-preview">
-						<p class="mb-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">Response Preview</p>
+						<p class="mb-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Response Preview', '응답 미리보기')}</p>
 						<pre class="max-w-full whitespace-pre-wrap text-xs text-text-secondary [overflow-wrap:anywhere]">{responsePreview(runtimeResponseStyle, runtimeOutputShape)}</pre>
 					</div>
 				</section>
@@ -1960,11 +2188,11 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-vector"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Vector Search</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Vector Search', '벡터 검색')}</h3>
 					<div class="grid gap-2 sm:grid-cols-2">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Model"
+								label={localize('Model', '모델')}
 								help={runtimeHelp.vectorModel}
 								testId="runtime-help-vector-model"
 							/>
@@ -1976,7 +2204,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Endpoint"
+								label={localize('Endpoint', '엔드포인트')}
 								help={runtimeHelp.vectorEndpoint}
 								testId="runtime-help-vector-endpoint"
 							/>
@@ -1988,7 +2216,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Chunking Mode"
+								label={localize('Chunking Mode', '청킹 모드')}
 								help={runtimeHelp.vectorChunkingMode}
 								testId="runtime-help-vector-chunking-mode"
 							/>
@@ -1997,13 +2225,13 @@ $effect(() => {
 								data-testid="runtime-vector-chunking-mode"
 								class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 							>
-								<option value="auto">auto</option>
-								<option value="manual">manual</option>
+								<option value="auto">{localize('auto', '자동')}</option>
+								<option value="manual">{localize('manual', '수동')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Chunk Size (lines)"
+								label={localize('Chunk Size (lines)', '청크 크기 (줄)')}
 								help={runtimeHelp.vectorChunkSize}
 								testId="runtime-help-vector-chunk-size"
 							/>
@@ -2018,7 +2246,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Chunk Overlap (lines)"
+								label={localize('Chunk Overlap (lines)', '청크 겹침 (줄)')}
 								help={runtimeHelp.vectorChunkOverlap}
 								testId="runtime-help-vector-chunk-overlap"
 							/>
@@ -2033,7 +2261,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Top K Chunks"
+								label={localize('Top K Chunks', '상위 K 청크')}
 								help={runtimeHelp.vectorTopKChunks}
 								testId="runtime-help-vector-top-k-chunks"
 							/>
@@ -2046,7 +2274,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Top K Sessions"
+								label={localize('Top K Sessions', '상위 K 세션')}
 								help={runtimeHelp.vectorTopKSessions}
 								testId="runtime-help-vector-top-k-sessions"
 							/>
@@ -2068,7 +2296,7 @@ $effect(() => {
 						/>
 						<FieldHelp
 							inline
-							label="Enable semantic vector search"
+							label={localize('Enable semantic vector search', '시맨틱 벡터 검색 사용')}
 							help={runtimeHelp.vectorEnable}
 							testId="runtime-help-vector-enable"
 						/>
@@ -2082,7 +2310,7 @@ $effect(() => {
 							disabled={runtimeVectorInstalling || runtimeSaving || runtimeLoading}
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 						>
-							{runtimeVectorInstalling ? 'Installing...' : 'Install model'}
+							{runtimeVectorInstalling ? localize('Installing...', '설치 중...') : localize('Install model', '모델 설치')}
 						</button>
 						<button
 							type="button"
@@ -2091,29 +2319,29 @@ $effect(() => {
 							disabled={runtimeVectorReindexing || runtimeSaving || runtimeLoading || !runtimeVectorPreflight?.ollama_reachable || !runtimeVectorPreflight?.model_installed}
 							class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 						>
-							{runtimeVectorReindexing ? 'Reindexing...' : 'Rebuild index'}
+							{runtimeVectorReindexing ? localize('Reindexing...', '인덱싱 중...') : localize('Rebuild index', '인덱스 재구성')}
 						</button>
 					</div>
 
 					<div class="rounded border border-border/60 bg-bg-primary px-3 py-3 text-sm text-text-muted" data-testid="runtime-vector-status">
 						<p class="font-medium text-text-primary">
-							Provider {runtimeVectorProvider} · granularity {runtimeVectorGranularity} · chunking {runtimeVectorChunkingMode}
+							{localize('Provider', '프로바이더')} {runtimeVectorProvider} · {localize('granularity', '세분화')} {runtimeVectorGranularity} · {localize('chunking', '청킹')} {runtimeVectorChunkingMode}
 						</p>
 						{#if runtimeVectorPreflight}
 							<p class="mt-1">
-								Model {runtimeVectorPreflight.model} · reachable {runtimeVectorPreflight.ollama_reachable ? 'yes' : 'no'} · installed{' '}
-								{runtimeVectorPreflight.model_installed ? 'yes' : 'no'} · install {runtimeVectorPreflight.install_state}
+								{localize('Model', '모델')} {runtimeVectorPreflight.model} · {localize('reachable', '접속 가능')} {boolWord(runtimeVectorPreflight.ollama_reachable)} · {localize('installed', '설치됨')}{' '}
+								{boolWord(runtimeVectorPreflight.model_installed)} · {localize('install', '설치')} {runtimeVectorPreflight.install_state}
 								({runtimeVectorPreflight.progress_pct}%)
 							</p>
 							{#if runtimeVectorPreflight.message}
 								<p class="mt-1">{runtimeVectorPreflight.message}</p>
 							{/if}
 						{:else}
-							<p class="mt-1">Vector model status unavailable.</p>
+							<p class="mt-1">{localize('Vector model status unavailable.', '벡터 모델 상태를 확인할 수 없습니다.')}</p>
 						{/if}
 						{#if runtimeVectorIndex}
 							<p class="mt-1">
-								Index {runtimeVectorIndex.state} · processed {runtimeVectorIndex.processed_sessions}/{runtimeVectorIndex.total_sessions}
+								{localize('Index', '인덱스')} {runtimeVectorIndex.state} · {localize('processed', '처리됨')} {runtimeVectorIndex.processed_sessions}/{runtimeVectorIndex.total_sessions}
 								{#if progressPercent(runtimeVectorIndex.processed_sessions, runtimeVectorIndex.total_sessions) != null}
 									· {progressPercent(runtimeVectorIndex.processed_sessions, runtimeVectorIndex.total_sessions)}%
 								{/if}
@@ -2121,7 +2349,7 @@ $effect(() => {
 							{#if progressPercent(runtimeVectorIndex.processed_sessions, runtimeVectorIndex.total_sessions) != null}
 								<div class="mt-2" data-testid="runtime-vector-progress">
 									<div class="flex items-center justify-between text-[11px] text-text-secondary">
-										<span>Embedding progress</span>
+										<span>{localize('Embedding progress', '임베딩 진행률')}</span>
 										<span>
 											{runtimeVectorIndex.processed_sessions}/{runtimeVectorIndex.total_sessions}
 											({progressPercent(runtimeVectorIndex.processed_sessions, runtimeVectorIndex.total_sessions)}%)
@@ -2138,23 +2366,25 @@ $effect(() => {
 							{#if runtimeVectorIndex.message}
 								<p class="mt-1 whitespace-pre-line">
 									{runtimeVectorIndex.state === 'failed'
-										? `Last rebuild failure:\n${runtimeVectorIndex.message}`
+										? localize(`Last rebuild failure:\n${runtimeVectorIndex.message}`, `마지막 재구성 실패:\n${runtimeVectorIndex.message}`)
 										: runtimeVectorIndex.message}
 								</p>
 								{#if runtimeVectorIndex.state === 'failed' && runtimeVectorPreflight?.ollama_reachable && runtimeVectorPreflight?.model_installed}
 									<p class="mt-1 text-[11px] text-text-secondary">
-										Provider looks reachable now. Click <strong>Rebuild index</strong> to retry with the current endpoint.
+										{localize('Provider looks reachable now. Click', '지금은 프로바이더에 연결할 수 있습니다.')}
+										<strong>{localize('Rebuild index', '인덱스 재구성')}</strong>
+										{localize('to retry with the current endpoint.', '를 눌러 현재 엔드포인트로 다시 시도하세요.')}
 									</p>
 								{/if}
 							{/if}
 							{#if runtimeVectorIndex.started_at || runtimeVectorIndex.finished_at}
 								<p class="mt-1 text-[11px] text-text-secondary">
-									started: {formatDate(runtimeVectorIndex.started_at)} | finished: {formatDate(runtimeVectorIndex.finished_at)}
+									{localize('started', '시작')}: {formatDate(runtimeVectorIndex.started_at)} | {localize('finished', '종료')}: {formatDate(runtimeVectorIndex.finished_at)}
 								</p>
 							{/if}
 						{/if}
 						<div class="mt-2 space-y-1 rounded border border-border/50 bg-bg-secondary/50 px-2 py-2 text-[11px] text-text-secondary">
-							<p class="font-semibold uppercase tracking-[0.08em] text-text-muted">Actions</p>
+							<p class="font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Actions', '조치')}</p>
 							{#each vectorStatusGuidance() as line}
 								<p>{line}</p>
 							{/each}
@@ -2175,14 +2405,14 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-change-reader"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Change Reader</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Change Reader', '변경 리더')}</h3>
 					<div
 						class="space-y-1 rounded border border-border/60 bg-bg-primary px-3 py-2 text-[11px] text-text-secondary"
 						data-testid="runtime-change-reader-mode-guide"
 					>
-						<p><span class="font-semibold text-text-primary">Reader</span>: text view of the selected change context.</p>
-						<p><span class="font-semibold text-text-primary">Follow-up Q&amp;A</span>: ask extra text questions about that same change context.</p>
-						<p><span class="font-semibold text-text-primary">Voice playback</span>: read the change reader output aloud with TTS. Requires a Voice API key.</p>
+						<p><span class="font-semibold text-text-primary">{localize('Reader', '리더')}</span>: {localize('text view of the selected change context.', '선택한 변경 맥락의 텍스트 보기입니다.')}</p>
+						<p><span class="font-semibold text-text-primary">{localize('Follow-up questions', '후속 질문')}</span>: {localize('ask extra text questions about that same change context.', '같은 변경 맥락에 대해 추가 텍스트 질문을 합니다.')}</p>
+						<p><span class="font-semibold text-text-primary">{localize('Voice playback', '음성 재생')}</span>: {localize('read the change reader output aloud with TTS. Requires a Voice API key.', 'TTS로 변경 리더 출력을 소리 내어 읽습니다. Voice API 키가 필요합니다.')}</p>
 					</div>
 					<label class="flex items-center gap-2 text-xs text-text-secondary">
 						<input
@@ -2192,7 +2422,7 @@ $effect(() => {
 						/>
 						<FieldHelp
 							inline
-							label="Enable notebook-style change reading"
+							label={localize('Enable notebook-style change reading', '노트북형 변경 읽기 사용')}
 							help={runtimeHelp.changeReaderEnable}
 							testId="runtime-help-change-reader-enable"
 						/>
@@ -2200,18 +2430,18 @@ $effect(() => {
 					<div class="grid gap-2 sm:grid-cols-2">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Default Scope"
+								label={localize('Default Scope', '기본 범위')}
 								help={runtimeHelp.changeReaderScope}
 								testId="runtime-help-change-reader-scope"
 							/>
 							<select bind:value={runtimeChangeReaderScope} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-								<option value="summary_only">summary_only</option>
-								<option value="full_context">full_context</option>
+								<option value="summary_only">{localize('summary_only', '요약만')}</option>
+								<option value="full_context">{localize('full_context', '전체 컨텍스트')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Max Context Chars"
+								label={localize('Max Context Chars', '최대 컨텍스트 문자 수')}
 								help={runtimeHelp.changeReaderMaxContext}
 								testId="runtime-help-change-reader-max-context"
 							/>
@@ -2233,13 +2463,13 @@ $effect(() => {
 						/>
 						<FieldHelp
 							inline
-							label="Enable Follow-up Q&A"
+							label={localize('Enable follow-up questions', '후속 질문 사용')}
 							help={runtimeHelp.changeReaderQa}
 							testId="runtime-help-change-reader-qa"
 						/>
 					</label>
 					<div class="space-y-2 rounded border border-border/60 bg-bg-primary px-2 py-2">
-						<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">Voice Playback</p>
+						<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Voice Playback', '음성 재생')}</p>
 						<p class="text-[11px] text-text-secondary">{runtimeChangeReaderVoiceHint}</p>
 						<label class="flex items-center gap-2 text-xs text-text-secondary">
 							<input
@@ -2251,7 +2481,7 @@ $effect(() => {
 							/>
 							<FieldHelp
 								inline
-								label="Enable Voice Playback (TTS)"
+							label={localize('Enable Voice Playback (TTS)', '음성 재생 (TTS) 사용')}
 								help={runtimeHelp.changeReaderVoiceEnable}
 								testId="runtime-help-change-reader-voice-enable"
 							/>
@@ -2259,7 +2489,7 @@ $effect(() => {
 						<div class="grid gap-2 sm:grid-cols-3">
 							<label class="text-xs text-text-secondary">
 								<FieldHelp
-									label="Voice Provider"
+									label={localize('Voice Provider', '음성 프로바이더')}
 									help={runtimeHelp.changeReaderVoiceProvider}
 									testId="runtime-help-change-reader-voice-provider"
 								/>
@@ -2273,7 +2503,7 @@ $effect(() => {
 							</label>
 							<label class="text-xs text-text-secondary">
 								<FieldHelp
-									label="Voice Model"
+									label={localize('Voice Model', '음성 모델')}
 									help={runtimeHelp.changeReaderVoiceModel}
 									testId="runtime-help-change-reader-voice-model"
 								/>
@@ -2285,7 +2515,7 @@ $effect(() => {
 							</label>
 							<label class="text-xs text-text-secondary">
 								<FieldHelp
-									label="Voice Name"
+									label={localize('Voice Name', '음성 이름')}
 									help={runtimeHelp.changeReaderVoiceName}
 									testId="runtime-help-change-reader-voice-name"
 								/>
@@ -2298,13 +2528,13 @@ $effect(() => {
 						</div>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Voice API Key (write-only)"
+								label={localize('Voice API Key (write-only)', 'Voice API 키 (쓰기 전용)')}
 								help={runtimeHelp.changeReaderVoiceApiKey}
 								testId="runtime-help-change-reader-voice-api-key"
 							/>
 							<input
 								type="password"
-								placeholder={runtimeChangeReaderVoiceApiKeyConfigured ? 'Configured (enter new key to rotate)' : 'Enter API key'}
+								placeholder={runtimeChangeReaderVoiceApiKeyConfigured ? localize('Configured (enter new key to rotate)', '설정됨 (교체하려면 새 키 입력)') : localize('Enter API key', 'API 키 입력')}
 								bind:value={runtimeChangeReaderVoiceApiKey}
 								data-testid="runtime-change-reader-voice-api-key"
 								class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
@@ -2318,7 +2548,10 @@ $effect(() => {
 						</p>
 					</div>
 					<p class="text-[11px] text-text-muted">
-						Uses the configured summary provider when available, then falls back to local heuristic context extraction.
+						{localize(
+							'Uses the configured summary provider when available, then falls back to local heuristic context extraction.',
+							'설정된 요약 프로바이더를 우선 사용하고, 사용할 수 없으면 로컬 휴리스틱 컨텍스트 추출로 대체합니다.',
+						)}
 					</p>
 				</section>
 
@@ -2327,50 +2560,50 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-storage"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Storage</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Storage', '저장소')}</h3>
 					<div class="grid gap-2 sm:grid-cols-2">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Trigger"
+								label={localize('Trigger', '트리거')}
 								help={runtimeHelp.storageTrigger}
 								testId="runtime-help-storage-trigger"
 							/>
 							<select bind:value={runtimeTriggerMode} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-								<option value="manual">manual</option>
-								<option value="on_session_save">on_session_save</option>
+								<option value="manual">{localize('manual', '수동')}</option>
+								<option value="on_session_save">{localize('on_session_save', '세션 저장 시')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Backend"
+								label={localize('Backend', '백엔드')}
 								help={runtimeHelp.storageBackend}
 								testId="runtime-help-storage-backend"
 							/>
 							<select bind:value={runtimeStorageBackend} class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary">
-								<option value="hidden_ref">hidden_ref (git refs)</option>
-								<option value="local_db">local_db (sqlite)</option>
-								<option value="none">none (no persistence)</option>
+								<option value="hidden_ref">{localize('hidden_ref (git refs)', 'hidden_ref (git ref)')}</option>
+								<option value="local_db">{localize('local_db (sqlite)', 'local_db (sqlite)')}</option>
+								<option value="none">{localize('none (no persistence)', 'none (저장 안 함)')}</option>
 							</select>
 						</label>
 					</div>
 					<div class="space-y-1 rounded border border-border/60 bg-bg-primary px-2 py-2 text-[11px] text-text-muted" data-testid="runtime-storage-backend-notice">
 						<p>
-							Current persisted backend:
+							{localize('Current persisted backend', '현재 저장된 백엔드')}:
 							{#if persistedStorageBackend()}
 								<code>{persistedStorageBackend()}</code> ({persistedStorageBackendLabel()})
 							{:else}
-								unknown
+								{localize('unknown', '알 수 없음')}
 							{/if}
 						</p>
 						<p>
-							Selected backend:
+							{localize('Selected backend', '선택된 백엔드')}:
 							<code>{runtimeStorageBackend}</code> ({storageBackendLabel(runtimeStorageBackend)})
 						</p>
 						<p>{storageBackendSummary(runtimeStorageBackend)}</p>
 						<p>{storageBackendDetails(runtimeStorageBackend)}</p>
 						<p data-testid="runtime-storage-transition-note">{storageBackendTransitionDetail()}</p>
 						{#if hasPendingStorageBackendChange()}
-							<p class="text-text-primary">Apply this change with <strong>{runtimeSaveLabel()}</strong> above.</p>
+							<p class="text-text-primary">{localize('Apply this change with', '이 변경을 적용하려면 위의')} <strong>{runtimeSaveLabel()}</strong>{localize('above.', '를 누르세요.')}</p>
 						{/if}
 					</div>
 				</section>
@@ -2381,7 +2614,7 @@ $effect(() => {
 					data-testid="settings-runtime-summary-batch"
 				>
 					<div class="flex flex-wrap items-center justify-between gap-2">
-						<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Summary Batch</h3>
+						<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Summary Batch', '요약 배치')}</h3>
 						<button
 							type="button"
 							data-testid="runtime-summary-batch-run"
@@ -2389,35 +2622,35 @@ $effect(() => {
 							disabled={runtimeSummaryBatchRunning || runtimeSaving || runtimeLoading}
 							class="inline-flex h-9 items-center border border-border px-3 text-xs text-text-secondary hover:text-text-primary disabled:opacity-60"
 						>
-							{runtimeSummaryBatchRunning ? 'Running...' : 'Run now'}
+							{runtimeSummaryBatchRunning ? localize('Running...', '실행 중...') : localize('Run now', '지금 실행')}
 						</button>
 					</div>
 					<div class="grid gap-2 sm:grid-cols-3">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Execution Mode"
+								label={localize('Execution Mode', '실행 모드')}
 								help={runtimeHelp.batchExecution}
 								testId="runtime-help-batch-execution-mode"
 							/>
 							<select bind:value={runtimeBatchExecutionMode} class="h-9 w-full border border-border bg-bg-primary px-2 text-xs text-text-primary">
-								<option value="manual">manual</option>
-								<option value="on_app_start">on_app_start</option>
+								<option value="manual">{localize('manual', '수동')}</option>
+								<option value="on_app_start">{localize('on_app_start', '앱 시작 시')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Scope"
+								label={localize('Scope', '범위')}
 								help={runtimeHelp.batchScope}
 								testId="runtime-help-batch-scope"
 							/>
 							<select bind:value={runtimeBatchScope} class="h-9 w-full border border-border bg-bg-primary px-2 text-xs text-text-primary">
-								<option value="recent_days">recent_days</option>
-								<option value="all">all</option>
+								<option value="recent_days">{localize('recent_days', '최근 일수')}</option>
+								<option value="all">{localize('all', '전체')}</option>
 							</select>
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Recent Days"
+								label={localize('Recent Days', '최근 일수')}
 								help={runtimeHelp.batchRecentDays}
 								testId="runtime-help-batch-recent-days"
 							/>
@@ -2434,12 +2667,12 @@ $effect(() => {
 					<div class="rounded border border-border/60 bg-bg-primary px-2 py-2 text-[11px] text-text-muted" data-testid="runtime-summary-batch-status">
 						{#if runtimeSummaryBatchStatus}
 							<p>
-								state: {runtimeSummaryBatchStatus.state} | {summaryBatchProgressLabel(runtimeSummaryBatchStatus)}
+								{localize('state', '상태')}: {runtimeSummaryBatchStatus.state} | {summaryBatchProgressLabel(runtimeSummaryBatchStatus)}
 							</p>
 							{#if progressPercent(runtimeSummaryBatchStatus.processed_sessions, runtimeSummaryBatchStatus.total_sessions) != null}
 								<div class="mt-2" data-testid="runtime-summary-batch-progress">
 									<div class="flex items-center justify-between text-[11px] text-text-secondary">
-										<span>Batch progress</span>
+										<span>{localize('Batch progress', '배치 진행률')}</span>
 										<span>
 											{runtimeSummaryBatchStatus.processed_sessions}/{runtimeSummaryBatchStatus.total_sessions}
 											({progressPercent(runtimeSummaryBatchStatus.processed_sessions, runtimeSummaryBatchStatus.total_sessions)}%)
@@ -2457,10 +2690,10 @@ $effect(() => {
 								<p class="mt-1">{runtimeSummaryBatchStatus.message}</p>
 							{/if}
 							<p class="mt-1">
-								started: {formatDate(runtimeSummaryBatchStatus.started_at)} | finished: {formatDate(runtimeSummaryBatchStatus.finished_at)}
+								{localize('started', '시작')}: {formatDate(runtimeSummaryBatchStatus.started_at)} | {localize('finished', '종료')}: {formatDate(runtimeSummaryBatchStatus.finished_at)}
 							</p>
 						{:else}
-							<p>batch status unavailable.</p>
+							<p>{localize('batch status unavailable.', '배치 상태를 확인할 수 없습니다.')}</p>
 						{/if}
 					</div>
 				</section>
@@ -2470,12 +2703,12 @@ $effect(() => {
 					class="scroll-mt-24 space-y-2 border border-border/60 p-3"
 					data-testid="settings-runtime-lifecycle"
 				>
-					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">Data Lifecycle</h3>
+					<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">{localize('Data Lifecycle', '데이터 수명주기')}</h3>
 					<label class="flex items-center gap-2 text-xs text-text-secondary">
 						<input type="checkbox" bind:checked={runtimeLifecycleEnabled} data-testid="runtime-lifecycle-enable" />
 						<FieldHelp
 							inline
-							label="Enable periodic lifecycle cleanup"
+							label={localize('Enable periodic lifecycle cleanup', '주기적 수명주기 정리 사용')}
 							help={runtimeHelp.lifecycleEnable}
 							testId="runtime-help-lifecycle-enable"
 						/>
@@ -2483,7 +2716,7 @@ $effect(() => {
 					<div class="grid gap-2 sm:grid-cols-3">
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Session TTL (days)"
+								label={localize('Session TTL (days)', '세션 TTL (일)')}
 								help={runtimeHelp.sessionTtl}
 								testId="runtime-help-session-ttl"
 							/>
@@ -2497,7 +2730,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Summary TTL (days)"
+								label={localize('Summary TTL (days)', '요약 TTL (일)')}
 								help={runtimeHelp.summaryTtl}
 								testId="runtime-help-summary-ttl"
 							/>
@@ -2511,7 +2744,7 @@ $effect(() => {
 						</label>
 						<label class="text-xs text-text-secondary">
 							<FieldHelp
-								label="Cleanup Interval (sec)"
+								label={localize('Cleanup Interval (sec)', '정리 주기 (초)')}
 								help={runtimeHelp.cleanupInterval}
 								testId="runtime-help-cleanup-interval"
 							/>
@@ -2530,42 +2763,42 @@ $effect(() => {
 					>
 						{#if runtimeLifecycleStatus}
 							<p>
-								state: {runtimeLifecycleStatus.state} | deleted: {runtimeLifecycleStatus.deleted_sessions} sessions /
-								{runtimeLifecycleStatus.deleted_summaries} summaries
+								{localize('state', '상태')}: {runtimeLifecycleStatus.state} | {localize('deleted', '삭제됨')}: {runtimeLifecycleStatus.deleted_sessions} {localize('sessions', '세션')} /
+								{runtimeLifecycleStatus.deleted_summaries} {localize('summaries', '요약')}
 							</p>
 							<p class="mt-1">
-								next run: {lifecycleNextRunLabel()} | interval: {formatIntervalSeconds(runtimeCleanupIntervalSecs)}
+								{localize('next run', '다음 실행')}: {lifecycleNextRunLabel()} | {localize('interval', '주기')}: {formatIntervalSeconds(runtimeCleanupIntervalSecs)}
 							</p>
 							{#if runtimeLifecycleStatus.message}
 								<p class="mt-1">{runtimeLifecycleStatus.message}</p>
 							{/if}
 							<p class="mt-1">
-								started: {formatDate(runtimeLifecycleStatus.started_at)} | finished: {formatDate(runtimeLifecycleStatus.finished_at)}
+								{localize('started', '시작')}: {formatDate(runtimeLifecycleStatus.started_at)} | {localize('finished', '종료')}: {formatDate(runtimeLifecycleStatus.finished_at)}
 							</p>
 						{:else}
-							<p>No lifecycle cleanup runs recorded yet.</p>
+							<p>{localize('No lifecycle cleanup runs recorded yet.', '아직 수명주기 정리 실행 기록이 없습니다.')}</p>
 						{/if}
 					</div>
 					<div class="overflow-x-auto border border-border/70 bg-bg-primary p-2">
-						<p class="mb-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">Root / Dependent Cleanup</p>
+						<p class="mb-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">{localize('Root / Dependent Cleanup', '루트 / 종속 항목 정리')}</p>
 						<table class="w-full text-left text-[11px] text-text-secondary">
 							<thead>
 								<tr class="text-text-muted">
-									<th class="pb-1">Root</th>
-									<th class="pb-1">Dependents</th>
-									<th class="pb-1">Rule</th>
+									<th class="pb-1">{localize('Root', '루트')}</th>
+									<th class="pb-1">{localize('Dependents', '종속 항목')}</th>
+									<th class="pb-1">{localize('Rule', '규칙')}</th>
 								</tr>
 							</thead>
 							<tbody>
 								<tr>
-									<td class="pr-4 align-top">session</td>
-									<td class="pr-4 align-top">summary, vector chunks, vector index, body cache, session links</td>
-									<td class="align-top">delete session => delete all dependents</td>
+									<td class="pr-4 align-top">{localize('session', '세션')}</td>
+									<td class="pr-4 align-top">{localize('summary, vector chunks, vector index, body cache, session links', '요약, 벡터 청크, 벡터 인덱스, 본문 캐시, 세션 링크')}</td>
+									<td class="align-top">{localize('Deleting a session also deletes all dependents', '세션을 삭제하면 모든 종속 항목도 삭제됩니다')}</td>
 								</tr>
 								<tr>
-									<td class="pr-4 align-top">summary</td>
-									<td class="pr-4 align-top">summary metadata (hidden_ref/local row)</td>
-									<td class="align-top">delete summary => keep session</td>
+									<td class="pr-4 align-top">{localize('summary', '요약')}</td>
+									<td class="pr-4 align-top">{localize('summary metadata (hidden_ref/local row)', '요약 메타데이터 (hidden_ref/로컬 행)')}</td>
+									<td class="align-top">{localize('Deleting a summary keeps the session', '요약을 삭제해도 세션은 유지됩니다')}</td>
 								</tr>
 							</tbody>
 						</table>
@@ -2644,7 +2877,7 @@ $effect(() => {
 						disabled={runtimeSaving}
 						class="inline-flex h-9 items-center border border-border px-3 text-xs font-semibold text-text-secondary hover:text-text-primary disabled:opacity-60"
 					>
-						Reset Draft
+						{localize('Reset Draft', '초안 초기화')}
 					</button>
 					<button
 						type="button"
diff --git a/packages/ui/src/components/ThemeToggle.svelte b/packages/ui/src/components/ThemeToggle.svelte
index 1bb0c8eb..d2c352bb 100644
--- a/packages/ui/src/components/ThemeToggle.svelte
+++ b/packages/ui/src/components/ThemeToggle.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
 import { onMount } from 'svelte';
+import { appLocale, translate } from '../i18n';
 import { moonIcon, sunIcon } from './icons';
 
 let isDark = $state(true);
@@ -24,8 +25,8 @@ function toggle() {
 <button
 	onclick={toggle}
 	class="flex items-center justify-center text-sm text-text-secondary transition-colors hover:text-text-primary"
-	title={isDark ? 'Switch to light mode' : 'Switch to dark mode'}
-	aria-label={isDark ? 'Switch to light mode' : 'Switch to dark mode'}
+	title={isDark ? translate($appLocale, 'theme.switchLight') : translate($appLocale, 'theme.switchDark')}
+	aria-label={isDark ? translate($appLocale, 'theme.switchLight') : translate($appLocale, 'theme.switchDark')}
 >
 	{#if isDark}
 		<span>{@html sunIcon}</span>
diff --git a/packages/ui/src/components/ThreadMinimap.svelte b/packages/ui/src/components/ThreadMinimap.svelte
index 3b46533c..53249d3c 100644
--- a/packages/ui/src/components/ThreadMinimap.svelte
+++ b/packages/ui/src/components/ThreadMinimap.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
 import type { Event } from '../types';
 
 const { events }: { events: Event[] } = $props();
@@ -7,6 +8,7 @@ let activeIdx = $state(0);
 let observer: IntersectionObserver | null = null;
 let activeUpdateRaf: number | null = null;
 let queuedActiveIdx: number | null = null;
+const isKorean = $derived($appLocale === 'ko');
 
 const userMessageIndices = $derived.by(() => {
 	const indices: number[] = [];
@@ -33,6 +35,10 @@ function scrollToMessage(msgNum: number) {
 	}
 }
 
+function messageLabel(index: number): string {
+	return isKorean ? `메시지 ${index + 1}` : `Message ${index + 1}`;
+}
+
 function scheduleActiveIndex(nextIdx: number) {
 	queuedActiveIdx = nextIdx;
 	if (activeUpdateRaf !== null) return;
@@ -87,12 +93,16 @@ $effect(() => {
 </script>
 
 {#if userMessageIndices.length > 1}
-	<nav class="fixed left-4 top-1/2 -translate-y-1/2 hidden lg:flex flex-col items-center gap-1" style="z-index: var(--z-minimap)" aria-label="Message navigation">
+	<nav
+		class="fixed left-4 top-1/2 -translate-y-1/2 hidden lg:flex flex-col items-center gap-1"
+		style="z-index: var(--z-minimap)"
+		aria-label={isKorean ? '메시지 탐색' : 'Message navigation'}
+	>
 		{#each userMessageIndices as _, i}
 			<button
 				onclick={() => scrollToMessage(i)}
 				class="group relative flex items-center"
-				title="Message {i + 1}"
+				title={messageLabel(i)}
 			>
 				<!-- Square -->
 				<span
diff --git a/packages/ui/src/components/TimelineView.svelte b/packages/ui/src/components/TimelineView.svelte
index 9db39639..732da322 100644
--- a/packages/ui/src/components/TimelineView.svelte
+++ b/packages/ui/src/components/TimelineView.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../i18n';
 import { isToolError, pairToolCallResults } from '../event-helpers';
 import {
 	buildBranchpointFilterOptions,
@@ -52,6 +53,15 @@ const activeOptions = $derived.by(() => {
 	if (viewMode === 'branch') return branchOptions;
 	return unifiedOptions;
 });
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
+
+function roleLabel(role: 'user' | 'agent'): string {
+	return role === 'user' ? localize('User', '사용자') : localize('Agent', '에이전트');
+}
 
 function isFilterEnabled(optionKey: string): boolean {
 	if (viewMode === 'native') return nativeFilters.has(optionKey);
@@ -159,7 +169,9 @@ const groupedCounts = $derived.by(() => {
 	<div class="my-1 pl-7 sm:my-5">
 		<div class="flex items-center gap-3">
 			<div class="h-px flex-1 bg-border/50"></div>
-			<span class="text-[10px] font-medium uppercase tracking-wider text-text-muted">{currentRole}</span>
+			<span class="text-[10px] font-medium uppercase tracking-wider text-text-muted">
+				{roleLabel(currentRole as 'user' | 'agent')}
+			</span>
 			<div class="h-px flex-1 bg-border/50"></div>
 		</div>
 	</div>
@@ -170,13 +182,17 @@ const groupedCounts = $derived.by(() => {
 <div>
 	<div class="mb-4 rounded border border-border/80 bg-bg-secondary/55 p-2.5">
 		<div class="flex flex-wrap items-center justify-between gap-2">
-			<div class="flex items-center gap-1" role="tablist" aria-label="Session view mode">
+			<div class="flex items-center gap-1" role="tablist" aria-label={localize('Session view mode', '세션 보기 모드')}>
 				{#each [
-					{ mode: 'unified', label: 'Unified', enabled: true },
-					{ mode: 'branch', label: 'Branchpoints', enabled: true },
+					{ mode: 'unified', label: localize('Unified', '통합'), enabled: true },
+					{ mode: 'branch', label: localize('Branchpoints', '분기점'), enabled: true },
 					{
 						mode: 'native',
-						label: nativeAdapter ? `Native (${nativeAdapter})` : 'Native',
+						label: nativeAdapter
+							? isKorean
+								? `네이티브 (${nativeAdapter})`
+								: `Native (${nativeAdapter})`
+							: localize('Native', '네이티브'),
 						enabled: nativeEnabled
 					}
 				] as btn}
@@ -197,7 +213,7 @@ const groupedCounts = $derived.by(() => {
 
 			<div class="flex flex-wrap items-center gap-1 text-[10px] text-text-muted">
 				<span class="rounded border border-border bg-bg-primary px-1.5 py-0.5 text-text-secondary">
-					{timeline.length} items
+					{isKorean ? `${timeline.length}개 항목` : `${timeline.length} items`}
 				</span>
 				<span class="inline-flex items-center gap-1 rounded border border-border bg-bg-primary px-1.5 py-0.5">
 					<span class="h-2 w-2 rounded-full bg-emerald-400"></span>
@@ -220,7 +236,7 @@ const groupedCounts = $derived.by(() => {
 			</div>
 		</div>
 
-		<div class="mt-2 flex flex-wrap items-center gap-1" role="group" aria-label="Event filters">
+		<div class="mt-2 flex flex-wrap items-center gap-1" role="group" aria-label={localize('Event filters', '이벤트 필터')}>
 			{#each activeOptions as option, i}
 				<button
 					data-filter-key={option.key}
@@ -239,7 +255,7 @@ const groupedCounts = $derived.by(() => {
 
 	{#if timeline.length === 0}
 		<div class="border border-border bg-bg-secondary px-3 py-2 text-xs text-text-muted">
-			No events match the selected filters.
+			{localize('No events match the selected filters.', '선택한 필터와 일치하는 이벤트가 없습니다.')}
 		</div>
 	{:else}
 		<div class="overflow-x-auto pb-2">
diff --git a/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
index c9f805c4..71404656 100644
--- a/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
+++ b/packages/ui/src/components/settings-page/GitCredentialEditorPanel.svelte
@@ -1,4 +1,6 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
+
 type Props = {
 	credentialLabel: string;
 	credentialHost: string;
@@ -18,6 +20,8 @@ let {
 	creatingCredential,
 	onSaveCredential,
 }: Props = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <div class="mt-4 space-y-3">
@@ -25,35 +29,35 @@ let {
 		<input
 			data-testid="git-credential-label"
 			type="text"
-			placeholder="Label"
+			placeholder={isKorean ? '라벨' : 'Label'}
 			bind:value={credentialLabel}
 			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 		/>
 		<input
 			data-testid="git-credential-host"
 			type="text"
-			placeholder="Host (e.g. gitlab.internal.example.com)"
+			placeholder={isKorean ? 'Host (예: gitlab.internal.example.com)' : 'Host (e.g. gitlab.internal.example.com)'}
 			bind:value={credentialHost}
 			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 		/>
 		<input
 			data-testid="git-credential-path-prefix"
 			type="text"
-			placeholder="Path prefix (optional, e.g. group/subgroup)"
+			placeholder={isKorean ? 'Path prefix (선택, 예: group/subgroup)' : 'Path prefix (optional, e.g. group/subgroup)'}
 			bind:value={credentialPathPrefix}
 			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 		/>
 		<input
 			data-testid="git-credential-header-name"
 			type="text"
-			placeholder="Header name"
+			placeholder={isKorean ? '헤더 이름' : 'Header name'}
 			bind:value={credentialHeaderName}
 			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary"
 		/>
 		<input
 			data-testid="git-credential-header-value"
 			type="password"
-			placeholder="Header value (secret)"
+			placeholder={isKorean ? '헤더 값 (시크릿)' : 'Header value (secret)'}
 			bind:value={credentialHeaderValue}
 			class="w-full border border-border bg-bg-primary px-2 py-2 text-xs text-text-primary sm:col-span-2"
 		/>
@@ -66,7 +70,7 @@ let {
 			disabled={creatingCredential}
 			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
 		>
-			{creatingCredential ? 'Saving...' : 'Save credential'}
+			{creatingCredential ? (isKorean ? '저장 중...' : 'Saving...') : (isKorean ? '자격 증명 저장' : 'Save credential')}
 		</button>
 	</div>
 </div>
diff --git a/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
index aa6689d0..b81a4a9f 100644
--- a/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
+++ b/packages/ui/src/components/settings-page/GitCredentialListPanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 import type { GitCredentialSummary } from '../../types';
 
 const {
@@ -12,19 +13,23 @@ const {
 	deletingCredentialId: string | null;
 	onDeleteCredential: (id: string) => void;
 } = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <div class="mt-4 border border-border/70">
 	<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] gap-2 border-b border-border bg-bg-primary px-3 py-2 text-[11px] uppercase tracking-[0.08em] text-text-muted">
-		<span>Label</span>
-		<span>Host</span>
-		<span>Path Prefix</span>
-		<span>Action</span>
+		<span>{isKorean ? '라벨' : 'Label'}</span>
+		<span>{isKorean ? '호스트' : 'Host'}</span>
+		<span>{isKorean ? '경로 접두사' : 'Path Prefix'}</span>
+		<span>{isKorean ? '동작' : 'Action'}</span>
 	</div>
 	{#if credentialsLoading}
-		<div class="px-3 py-3 text-xs text-text-muted">Loading credentials...</div>
+		<div class="px-3 py-3 text-xs text-text-muted">{isKorean ? '자격 증명을 불러오는 중...' : 'Loading credentials...'}</div>
 	{:else if credentials.length === 0}
-		<div class="px-3 py-3 text-xs text-text-muted">No manual credentials registered.</div>
+		<div class="px-3 py-3 text-xs text-text-muted">
+			{isKorean ? '등록된 수동 자격 증명이 없습니다.' : 'No manual credentials registered.'}
+		</div>
 	{:else}
 		{#each credentials as credential}
 			<div class="grid grid-cols-[1.1fr_1fr_1fr_auto] items-center gap-2 border-b border-border/60 px-3 py-2 text-xs">
@@ -38,7 +43,7 @@ const {
 					onclick={() => onDeleteCredential(credential.id)}
 					class="border border-border px-2 py-1 text-[11px] text-text-secondary hover:text-text-primary disabled:opacity-60"
 				>
-					{deletingCredentialId === credential.id ? 'Deleting...' : 'Delete'}
+					{deletingCredentialId === credential.id ? (isKorean ? '삭제 중...' : 'Deleting...') : (isKorean ? '삭제' : 'Delete')}
 				</button>
 			</div>
 		{/each}
diff --git a/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte b/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
index ee7f5f9a..50b389ea 100644
--- a/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
+++ b/packages/ui/src/components/settings-page/GitCredentialsPanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 import type { GitCredentialSummary } from '../../types';
 import GitCredentialEditorPanel from './GitCredentialEditorPanel.svelte';
 import GitCredentialListPanel from './GitCredentialListPanel.svelte';
@@ -32,6 +33,8 @@ let {
 	onSaveCredential,
 	onDeleteCredential,
 }: Props = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <section
@@ -40,15 +43,19 @@ let {
 	data-testid="git-credential-settings"
 >
 	<div class="space-y-1">
-		<h2 class="text-sm font-semibold text-text-primary">Private Git Credentials</h2>
+		<h2 class="text-sm font-semibold text-text-primary">{isKorean ? '비공개 Git 자격 증명' : 'Private Git Credentials'}</h2>
 		<p class="text-xs text-text-secondary">
-			Preferred: connect GitHub/GitLab OAuth. Manual credentials are used for private self-managed or generic git remotes.
+			{isKorean
+				? '권장: GitHub/GitLab OAuth를 연결하세요. 수동 자격 증명은 비공개 self-managed 또는 generic git remote에 사용됩니다.'
+				: 'Preferred: connect GitHub/GitLab OAuth. Manual credentials are used for private self-managed or generic git remotes.'}
 		</p>
 	</div>
 
 	{#if !credentialsSupported}
 		<p class="mt-3 text-xs text-text-muted">
-			This deployment does not expose credential management endpoints.
+			{isKorean
+				? '이 배포 환경은 자격 증명 관리 엔드포인트를 노출하지 않습니다.'
+				: 'This deployment does not expose credential management endpoints.'}
 		</p>
 	{:else}
 		<GitCredentialEditorPanel
@@ -69,7 +76,9 @@ let {
 		/>
 
 		<p class="mt-2 text-[11px] text-text-muted">
-			Secrets are never shown again after save. Stored values are encrypted at rest.
+			{isKorean
+				? '시크릿 값은 저장 후 다시 표시되지 않습니다. 저장된 값은 at-rest 암호화됩니다.'
+				: 'Secrets are never shown again after save. Stored values are encrypted at rest.'}
 		</p>
 	{/if}
 </section>
diff --git a/packages/ui/src/components/settings-page/RuntimeActivityPanel.svelte b/packages/ui/src/components/settings-page/RuntimeActivityPanel.svelte
index 45b882a0..c1481747 100644
--- a/packages/ui/src/components/settings-page/RuntimeActivityPanel.svelte
+++ b/packages/ui/src/components/settings-page/RuntimeActivityPanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 import type { RuntimeActivityCard, RuntimeActivityTone } from './models';
 
 const {
@@ -7,6 +8,12 @@ const {
 	cards?: RuntimeActivityCard[];
 } = $props();
 
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
+
 function activityPillClasses(tone: RuntimeActivityTone): string {
 	if (tone === 'running') {
 		return 'border-accent/40 bg-accent/5 text-accent';
@@ -32,14 +39,17 @@ function activityPillClasses(tone: RuntimeActivityTone): string {
 	<div class="flex flex-wrap items-start justify-between gap-2">
 		<div>
 			<h3 class="text-xs font-semibold uppercase tracking-[0.08em] text-text-muted">
-				Background Activity
+				{localize('Background Activity', '백그라운드 활동')}
 			</h3>
 			<p class="mt-1 text-[11px] text-text-secondary">
-				Live view of desktop auto jobs, cleanup loops, and their last recorded work.
+				{localize(
+					'Live view of desktop auto jobs, cleanup loops, and their last recorded work.',
+					'데스크톱 자동 작업, 정리 루프, 마지막 실행 상태를 실시간으로 보여줍니다.',
+				)}
 			</p>
 		</div>
 		<p class="text-[11px] text-text-muted">
-			Updates while this page stays open.
+			{localize('Updates while this page stays open.', '이 페이지를 열어 두는 동안 계속 갱신됩니다.')}
 		</p>
 	</div>
 	<div class="grid gap-3 lg:grid-cols-3">
diff --git a/packages/ui/src/components/settings-page/RuntimeQuickMenu.svelte b/packages/ui/src/components/settings-page/RuntimeQuickMenu.svelte
index b05312f0..4e4846a4 100644
--- a/packages/ui/src/components/settings-page/RuntimeQuickMenu.svelte
+++ b/packages/ui/src/components/settings-page/RuntimeQuickMenu.svelte
@@ -4,6 +4,7 @@ import type {
 	DesktopSummaryProviderTransport,
 	DesktopSummaryStorageBackend,
 } from '../../types';
+import { appLocale } from '../../i18n';
 import type { RuntimeQuickJumpLink } from './models';
 
 const {
@@ -96,8 +97,14 @@ const {
 	onJumpToSection: (sectionId: string) => void;
 } = $props();
 
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
+
 function quickToggleLabel(enabled: boolean): string {
-	return enabled ? 'On' : 'Off';
+	return enabled ? localize('On', '켜짐') : localize('Off', '꺼짐');
 }
 
 function quickToggleClasses(enabled: boolean): string {
@@ -126,9 +133,11 @@ function handleStorageBackendChange(event: Event) {
 			<div class="flex items-start justify-between gap-3">
 				<div>
 					<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-						Quick Runtime Menu
+						{localize('Quick Runtime Menu', '빠른 런타임 메뉴')}
+					</p>
+					<p class="mt-1 text-sm font-semibold text-text-primary">
+						{localize('Live draft overview', '실시간 초안 개요')}
 					</p>
-					<p class="mt-1 text-sm font-semibold text-text-primary">Live draft overview</p>
 				</div>
 				<span
 					class={`inline-flex items-center border px-2 py-1 text-[11px] font-semibold ${
@@ -138,11 +147,14 @@ function handleStorageBackendChange(event: Event) {
 					}`}
 					data-testid="runtime-quick-draft-state"
 				>
-					{draftDirty ? 'Draft' : 'Saved'}
+					{draftDirty ? localize('Draft', '초안') : localize('Saved', '저장됨')}
 				</span>
 			</div>
 			<p class="text-[11px] text-text-secondary">
-				Flip common on/off controls here, then save once.
+				{localize(
+					'Flip common on/off controls here, then save once.',
+					'자주 쓰는 켜기/끄기 설정을 여기서 바꾸고 한 번만 저장하세요.',
+				)}
 			</p>
 			<div class="grid grid-cols-2 gap-2">
 				<button
@@ -152,7 +164,7 @@ function handleStorageBackendChange(event: Event) {
 					disabled={runtimeSaving || !draftDirty}
 					class="inline-flex h-9 items-center justify-center border border-border px-2 text-[11px] font-semibold text-text-secondary hover:text-text-primary disabled:opacity-60"
 				>
-					Reset
+					{localize('Reset', '초기화')}
 				</button>
 				<button
 					type="button"
@@ -161,31 +173,31 @@ function handleStorageBackendChange(event: Event) {
 					disabled={runtimeSaving || runtimeLoading}
 					class="inline-flex h-9 items-center justify-center border border-transparent bg-accent px-2 text-[11px] font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
 				>
-					{runtimeSaving ? 'Saving...' : saveLabel}
+					{runtimeSaving ? localize('Saving...', '저장 중...') : saveLabel}
 				</button>
 			</div>
 		</div>
 
 		<div class="space-y-2">
 			<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-				Current Modes
+				{localize('Current Modes', '현재 모드')}
 			</p>
 			<label class="block text-[11px] text-text-secondary">
-				<span class="mb-1 block text-text-muted">Provider</span>
+				<span class="mb-1 block text-text-muted">{localize('Provider', '프로바이더')}</span>
 				<select
 					value={provider}
 					onchange={handleProviderChange}
 					data-testid="runtime-quick-provider"
 					class="h-9 w-full border border-border bg-bg-primary px-2 text-xs text-text-primary"
 				>
-					<option value="disabled">disabled</option>
+					<option value="disabled">{localize('disabled', '사용 안 함')}</option>
 					<option value="ollama">ollama</option>
 					<option value="codex_exec">codex_exec</option>
 					<option value="claude_cli">claude_cli</option>
 				</select>
 			</label>
 			<label class="block text-[11px] text-text-secondary">
-				<span class="mb-1 block text-text-muted">Storage backend</span>
+				<span class="mb-1 block text-text-muted">{localize('Storage backend', '저장소 백엔드')}</span>
 				<select
 					value={storageBackend}
 					onchange={handleStorageBackendChange}
@@ -194,25 +206,25 @@ function handleStorageBackendChange(event: Event) {
 				>
 					<option value="hidden_ref">hidden_ref</option>
 					<option value="local_db">local_db</option>
-					<option value="none">none</option>
+					<option value="none">{localize('none', '없음')}</option>
 				</select>
 			</label>
 			<div class="rounded border border-border/60 bg-bg-primary px-2 py-2 text-[11px] text-text-secondary">
-				<p>View {sessionDefaultView}</p>
-				<p class="mt-1">Transport {providerTransport}</p>
-				<p class="mt-1">Batch scope {batchScopeLabel}</p>
+				<p>{localize('View', '보기')} {sessionDefaultView}</p>
+				<p class="mt-1">{localize('Transport', '전달 방식')} {providerTransport}</p>
+				<p class="mt-1">{localize('Batch scope', '배치 범위')} {batchScopeLabel}</p>
 			</div>
 		</div>
 
 		<div class="space-y-2">
 			<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-				Background / Auto
+				{localize('Background / Auto', '백그라운드 / 자동')}
 			</p>
 			<div class="space-y-2">
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="flex items-start justify-between gap-3">
 						<div class="min-w-0">
-							<p class="text-xs font-semibold text-text-primary">Summary on save</p>
+							<p class="text-xs font-semibold text-text-primary">{localize('Summary on save', '저장 시 요약')}</p>
 							<p class="mt-1 text-[11px] text-text-secondary">{summaryTriggerDetail}</p>
 						</div>
 						<button
@@ -230,7 +242,7 @@ function handleStorageBackendChange(event: Event) {
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="flex items-start justify-between gap-3">
 						<div class="min-w-0">
-							<p class="text-xs font-semibold text-text-primary">Batch on app start</p>
+							<p class="text-xs font-semibold text-text-primary">{localize('Batch on app start', '앱 시작 시 배치 실행')}</p>
 							<p class="mt-1 text-[11px] text-text-secondary">{batchDetail}</p>
 							<p class="mt-1 text-[11px] text-text-muted">{batchStatusDetail}</p>
 						</div>
@@ -249,7 +261,7 @@ function handleStorageBackendChange(event: Event) {
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="flex items-start justify-between gap-3">
 						<div class="min-w-0">
-							<p class="text-xs font-semibold text-text-primary">Lifecycle cleanup</p>
+							<p class="text-xs font-semibold text-text-primary">{localize('Lifecycle cleanup', '수명주기 정리')}</p>
 							<p class="mt-1 text-[11px] text-text-secondary">{lifecycleDetail}</p>
 							<p class="mt-1 text-[11px] text-text-muted">{lifecycleResultDetail}</p>
 							<p class="mt-1 text-[11px] text-text-muted">{lifecycleNextDetail}</p>
@@ -270,13 +282,13 @@ function handleStorageBackendChange(event: Event) {
 
 		<div class="space-y-2">
 			<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-				Features
+				{localize('Features', '기능')}
 			</p>
 			<div class="space-y-2">
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="flex items-start justify-between gap-3">
 						<div class="min-w-0">
-							<p class="text-xs font-semibold text-text-primary">Vector search</p>
+							<p class="text-xs font-semibold text-text-primary">{localize('Vector search', '벡터 검색')}</p>
 							<p class="mt-1 text-[11px] text-text-secondary">{vectorDetail}</p>
 							<p class="mt-1 text-[11px] text-text-muted">{vectorStatusDetail}</p>
 						</div>
@@ -296,7 +308,7 @@ function handleStorageBackendChange(event: Event) {
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="flex items-start justify-between gap-3">
 						<div class="min-w-0">
-							<p class="text-xs font-semibold text-text-primary">Change reader</p>
+							<p class="text-xs font-semibold text-text-primary">{localize('Change reader', '변경 리더')}</p>
 							<p class="mt-1 text-[11px] text-text-secondary">{changeReaderDetail}</p>
 						</div>
 						<button
@@ -313,17 +325,20 @@ function handleStorageBackendChange(event: Event) {
 
 				<div class="rounded border border-border/60 bg-bg-primary px-3 py-2">
 					<div class="min-w-0">
-						<p class="text-xs font-semibold text-text-primary">Change reader modes</p>
+						<p class="text-xs font-semibold text-text-primary">{localize('Change reader modes', '변경 리더 모드')}</p>
 						<p class="mt-1 text-[11px] text-text-secondary">
-							Optional subfeatures on top of the text reader.
+							{localize(
+								'Optional subfeatures on top of the text reader.',
+								'텍스트 리더 위에 추가로 켤 수 있는 부가 기능입니다.',
+							)}
 						</p>
 					</div>
 					<div class="mt-2 space-y-2">
 						<div class="flex items-start justify-between gap-3 rounded border border-border/60 px-2 py-2">
 							<div class="min-w-0">
-								<p class="text-xs font-semibold text-text-primary">Follow-up Q&amp;A</p>
+								<p class="text-xs font-semibold text-text-primary">{localize('Follow-up questions', '후속 질문')}</p>
 								<p class="mt-1 text-[11px] text-text-secondary">
-									text questions about the current change context
+									{localize('text questions about the current change context', '현재 변경 맥락에 대해 텍스트로 추가 질문')}
 								</p>
 							</div>
 							<button
@@ -340,7 +355,7 @@ function handleStorageBackendChange(event: Event) {
 
 						<div class="flex items-start justify-between gap-3 rounded border border-border/60 px-2 py-2">
 							<div class="min-w-0">
-								<p class="text-xs font-semibold text-text-primary">Voice playback</p>
+								<p class="text-xs font-semibold text-text-primary">{localize('Voice playback', '음성 재생')}</p>
 								<p class="mt-1 text-[11px] text-text-secondary">{changeReaderVoiceSummary}</p>
 							</div>
 							<button
@@ -362,7 +377,7 @@ function handleStorageBackendChange(event: Event) {
 
 		<div class="space-y-2">
 			<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-				Jump To Section
+				{localize('Jump To Section', '섹션 바로가기')}
 			</p>
 			<div class="flex flex-wrap gap-2">
 				{#each jumpLinks as item}
diff --git a/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte b/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
index 92d93611..5c3a8791 100644
--- a/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
+++ b/packages/ui/src/components/settings-page/SettingsApiKeyPanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 const {
 	issuing,
 	issuedApiKey,
@@ -12,6 +13,8 @@ const {
 	onIssueApiKey: () => void;
 	onCopyApiKey: () => void;
 } = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <section
@@ -20,9 +23,11 @@ const {
 >
 	<div class="flex flex-wrap items-center justify-between gap-3">
 		<div>
-			<h2 class="text-sm font-semibold text-text-primary">Personal API Key</h2>
+			<h2 class="text-sm font-semibold text-text-primary">{isKorean ? '개인 API 키' : 'Personal API Key'}</h2>
 			<p class="mt-1 text-xs text-text-secondary">
-				Issue a new key for CLI and automation access. Existing active key moves to grace mode.
+				{isKorean
+					? 'CLI와 자동화 접근용 새 키를 발급합니다. 기존 활성 키는 유예 모드로 전환됩니다.'
+					: 'Issue a new key for CLI and automation access. Existing active key moves to grace mode.'}
 			</p>
 		</div>
 		<button
@@ -32,13 +37,15 @@ const {
 			disabled={issuing}
 			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85 disabled:opacity-60"
 		>
-			{issuing ? 'Issuing...' : issuedApiKey ? 'Regenerate key' : 'Issue key'}
+			{issuing ? (isKorean ? '발급 중...' : 'Issuing...') : issuedApiKey ? (isKorean ? '키 다시 발급' : 'Regenerate key') : (isKorean ? '키 발급' : 'Issue key')}
 		</button>
 	</div>
 
 	{#if issuedApiKey}
 		<div class="mt-4 border border-border/80 bg-bg-primary p-3">
-			<p class="mb-2 text-xs text-text-muted">Shown once. Save this key now.</p>
+			<p class="mb-2 text-xs text-text-muted">
+				{isKorean ? '한 번만 표시됩니다. 지금 이 키를 저장하세요.' : 'Shown once. Save this key now.'}
+			</p>
 			<code data-testid="issued-api-key" class="block break-all font-mono text-xs text-text-primary">
 				{issuedApiKey}
 			</code>
@@ -49,7 +56,7 @@ const {
 					onclick={onCopyApiKey}
 					class="border border-border px-2 py-1 text-xs text-text-secondary hover:text-text-primary"
 				>
-					Copy
+					{isKorean ? '복사' : 'Copy'}
 				</button>
 				{#if copyMessage}
 					<span class="text-xs text-text-muted">{copyMessage}</span>
diff --git a/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte b/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
index b0bddbd9..7609617b 100644
--- a/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
+++ b/packages/ui/src/components/settings-page/SettingsAuthGatePanel.svelte
@@ -1,9 +1,12 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 const {
 	onNavigateToLogin,
 }: {
 	onNavigateToLogin: () => void;
 } = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <section
@@ -11,14 +14,16 @@ const {
 	data-testid="settings-require-auth"
 	class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-6 text-sm text-text-secondary xl:max-w-3xl"
 >
-	<p class="text-text-primary">Sign in is required to view personal settings.</p>
+	<p class="text-text-primary">
+		{isKorean ? '개인 설정을 보려면 로그인이 필요합니다.' : 'Sign in is required to view personal settings.'}
+	</p>
 	<div class="mt-4">
 		<button
 			type="button"
 			onclick={onNavigateToLogin}
 			class="bg-accent px-3 py-2 text-xs font-semibold text-white hover:bg-accent/85"
 		>
-			Go to login
+			{isKorean ? '로그인으로 이동' : 'Go to login'}
 		</button>
 	</div>
 </section>
diff --git a/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte b/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
index e0834655..753b6653 100644
--- a/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
+++ b/packages/ui/src/components/settings-page/SettingsOverviewHeaderPanel.svelte
@@ -1,8 +1,16 @@
+<script lang="ts">
+	import { appLocale } from '../../i18n';
+
+	const isKorean = $derived($appLocale === 'ko');
+</script>
+
 <header
 	id="settings-section-overview"
 	class="scroll-mt-24 border border-border bg-bg-secondary px-4 py-3"
 >
-	<p class="text-[11px] uppercase tracking-[0.12em] text-text-muted">Account</p>
-	<h1 class="mt-1 text-3xl font-semibold tracking-tight text-text-primary">Settings</h1>
-	<p class="mt-1 text-sm text-text-secondary">Personal profile and API access controls.</p>
+	<p class="text-[11px] uppercase tracking-[0.12em] text-text-muted">{isKorean ? '계정' : 'Account'}</p>
+	<h1 class="mt-1 text-3xl font-semibold tracking-tight text-text-primary">{isKorean ? '설정' : 'Settings'}</h1>
+	<p class="mt-1 text-sm text-text-secondary">
+		{isKorean ? '개인 프로필과 API 접근 제어입니다.' : 'Personal profile and API access controls.'}
+	</p>
 </header>
diff --git a/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte b/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte
index 4fabf471..212bbcf8 100644
--- a/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte
+++ b/packages/ui/src/components/settings-page/SettingsProfilePanel.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 import type { UserSettings } from '../../types';
 
 const {
@@ -8,33 +9,37 @@ const {
 	settings: UserSettings | null;
 	formatDate: (value: string | null | undefined) => string;
 } = $props();
+
+const isKorean = $derived($appLocale === 'ko');
 </script>
 
 <section
 	id="settings-section-profile"
 	class="scroll-mt-24 border border-border bg-bg-secondary p-4 xl:max-w-3xl"
 >
-	<h2 class="text-sm font-semibold text-text-primary">Profile</h2>
+	<h2 class="text-sm font-semibold text-text-primary">{isKorean ? '프로필' : 'Profile'}</h2>
 	{#if settings}
 		<dl class="mt-3 grid gap-2 text-xs text-text-secondary sm:grid-cols-[10rem_1fr]">
-			<dt>User ID</dt>
+			<dt>{isKorean ? '사용자 ID' : 'User ID'}</dt>
 			<dd class="font-mono text-text-primary">{settings.user_id}</dd>
-			<dt>Nickname</dt>
+			<dt>{isKorean ? '닉네임' : 'Nickname'}</dt>
 			<dd class="text-text-primary">{settings.nickname}</dd>
-			<dt>Email</dt>
-			<dd class="text-text-primary">{settings.email ?? 'not linked'}</dd>
-			<dt>Joined</dt>
+			<dt>{isKorean ? '이메일' : 'Email'}</dt>
+			<dd class="text-text-primary">{settings.email ?? (isKorean ? '연결되지 않음' : 'not linked')}</dd>
+			<dt>{isKorean ? '가입일' : 'Joined'}</dt>
 			<dd class="text-text-primary">{formatDate(settings.created_at)}</dd>
-			<dt>Linked OAuth</dt>
+			<dt>{isKorean ? '연결된 OAuth' : 'Linked OAuth'}</dt>
 			<dd class="text-text-primary">
 				{#if settings.oauth_providers.length === 0}
-					none
+					{isKorean ? '없음' : 'none'}
 				{:else}
 					{settings.oauth_providers.map((provider) => provider.display_name).join(', ')}
 				{/if}
 			</dd>
 		</dl>
 	{:else}
-		<p class="mt-2 text-xs text-text-muted">No profile data available.</p>
+		<p class="mt-2 text-xs text-text-muted">
+			{isKorean ? '표시할 프로필 데이터가 없습니다.' : 'No profile data available.'}
+		</p>
 	{/if}
 </section>
diff --git a/packages/ui/src/components/settings-page/SettingsSectionNav.svelte b/packages/ui/src/components/settings-page/SettingsSectionNav.svelte
index 7940a2df..44ed81c5 100644
--- a/packages/ui/src/components/settings-page/SettingsSectionNav.svelte
+++ b/packages/ui/src/components/settings-page/SettingsSectionNav.svelte
@@ -1,4 +1,5 @@
 <script lang="ts">
+import { appLocale } from '../../i18n';
 import type { SettingsSectionNavItem } from './models';
 
 const {
@@ -11,6 +12,8 @@ const {
 	onSelect: (sectionId: string) => void;
 } = $props();
 
+const isKorean = $derived($appLocale === 'ko');
+
 function settingsNavButtonClasses(active: boolean): string {
 	return active
 		? 'border-accent/40 bg-accent/5 text-text-primary shadow-[0_8px_20px_rgba(15,23,42,0.08)]'
@@ -24,7 +27,7 @@ function settingsNavButtonClasses(active: boolean): string {
 >
 	<div class="overflow-x-auto border border-border bg-bg-secondary p-3 shadow-[0_14px_40px_rgba(15,23,42,0.08)]">
 		<p class="text-[11px] font-semibold uppercase tracking-[0.08em] text-text-muted">
-			Settings Tabs
+			{isKorean ? '설정 탭' : 'Settings Tabs'}
 		</p>
 		<div class="mt-3 flex gap-2 xl:flex-col">
 			{#each items as item}
diff --git a/packages/ui/src/i18n.test.ts b/packages/ui/src/i18n.test.ts
new file mode 100644
index 00000000..1b608839
--- /dev/null
+++ b/packages/ui/src/i18n.test.ts
@@ -0,0 +1,130 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+import {
+	cycleLanguageMode,
+	initializeLocalization,
+	languageMode,
+	listTranslationKeys,
+	parseLanguageMode,
+	refreshLocaleFromPlatform,
+	resolveLocale,
+	setLanguagePreference,
+	translate,
+	type RuntimeEnv,
+} from './i18n';
+import { get } from 'svelte/store';
+
+function withPlatformLanguages<T>(preferred: string[], run: () => T): T {
+	const navigatorDescriptor = Object.getOwnPropertyDescriptor(globalThis, 'navigator');
+	const documentDescriptor = Object.getOwnPropertyDescriptor(globalThis, 'document');
+	Object.defineProperty(globalThis, 'navigator', {
+		configurable: true,
+		value: {
+			languages: preferred,
+			language: preferred[0] ?? 'en-US',
+		},
+	});
+	Object.defineProperty(globalThis, 'document', {
+		configurable: true,
+		value: {
+			documentElement: {
+				lang: 'en',
+			},
+		},
+	});
+	try {
+		return run();
+	} finally {
+		if (navigatorDescriptor) Object.defineProperty(globalThis, 'navigator', navigatorDescriptor);
+		else Reflect.deleteProperty(globalThis, 'navigator');
+		if (documentDescriptor) Object.defineProperty(globalThis, 'document', documentDescriptor);
+		else Reflect.deleteProperty(globalThis, 'document');
+	}
+}
+
+function createRuntimeEnv(overrides?: Partial<RuntimeEnv>): RuntimeEnv {
+	const storage = new Map<string, string>();
+	return {
+		fetchImpl: fetch,
+		now: () => Date.now(),
+		getStorageItem: (key) => storage.get(key) ?? null,
+		setStorageItem: (key, value) => {
+			storage.set(key, value);
+		},
+		removeStorageItem: (key) => {
+			storage.delete(key);
+		},
+		getDocumentCookie: () => '',
+		getLocation: () => ({
+			origin: 'http://localhost:4173',
+			protocol: 'http:',
+			pathname: '/',
+			hash: '',
+			search: '',
+		}),
+		replaceHistoryUrl: () => {},
+		getApiUrlOverride: () => null,
+		getDesktopInvoke: () => null,
+		isTauriRuntime: () => false,
+		hasWindow: () => true,
+		...overrides,
+	};
+}
+
+test('parseLanguageMode defaults to system', () => {
+	assert.equal(parseLanguageMode('system'), 'system');
+	assert.equal(parseLanguageMode('en'), 'en');
+	assert.equal(parseLanguageMode('ko'), 'ko');
+	assert.equal(parseLanguageMode('fr'), 'system');
+	assert.equal(parseLanguageMode(null), 'system');
+});
+
+test('resolveLocale follows supported platform languages', () => {
+	assert.equal(resolveLocale('system', ['ko-KR', 'en-US']), 'ko');
+	assert.equal(resolveLocale('system', ['en-GB']), 'en');
+	assert.equal(resolveLocale('ko', ['en-US']), 'ko');
+});
+
+test('setLanguagePreference persists and resolves immediately', () => {
+	withPlatformLanguages(['ko-KR'], () => {
+		const runtime = createRuntimeEnv();
+		const resolved = setLanguagePreference('en', runtime);
+		assert.equal(resolved, 'en');
+		assert.equal(runtime.getStorageItem('opensession_language_mode'), 'en');
+		assert.equal(get(languageMode), 'en');
+	});
+});
+
+test('initializeLocalization reads stored preference and falls back to system locale', () => {
+	withPlatformLanguages(['ko-KR'], () => {
+		const runtime = createRuntimeEnv();
+		runtime.setStorageItem('opensession_language_mode', 'system');
+		assert.equal(initializeLocalization(runtime), 'ko');
+		assert.equal(get(languageMode), 'system');
+	});
+});
+
+test('refreshLocaleFromPlatform respects system mode only', () => {
+	withPlatformLanguages(['ko-KR'], () => {
+		const runtime = createRuntimeEnv();
+		initializeLocalization(runtime);
+		assert.equal(refreshLocaleFromPlatform(runtime), 'ko');
+		setLanguagePreference('en', runtime);
+		assert.equal(refreshLocaleFromPlatform(runtime), 'en');
+	});
+});
+
+test('translate interpolates params and falls back to english keys', () => {
+	assert.equal(translate('ko', 'sessionList.header', { total: 3 }), '세션 (3)');
+	assert.equal(translate('en', 'language.mode.system'), 'Follow platform');
+});
+
+test('translation catalogs stay in sync across locales', () => {
+	assert.deepEqual([...listTranslationKeys('en')].sort(), [...listTranslationKeys('ko')].sort());
+});
+
+test('cycleLanguageMode rotates through system, en, ko', () => {
+	assert.equal(cycleLanguageMode('system'), 'en');
+	assert.equal(cycleLanguageMode('en'), 'ko');
+	assert.equal(cycleLanguageMode('ko'), 'system');
+});
diff --git a/packages/ui/src/i18n.ts b/packages/ui/src/i18n.ts
new file mode 100644
index 00000000..7bcd6614
--- /dev/null
+++ b/packages/ui/src/i18n.ts
@@ -0,0 +1,769 @@
+import { get } from 'svelte/store';
+import { writable } from 'svelte/store';
+import {
+	getPreferredLanguages,
+	readBrowserRuntime,
+	setDocumentLanguage,
+	type RuntimeEnv,
+} from './api-internal/runtime';
+
+export type AppLocale = 'en' | 'ko';
+export type LanguageMode = 'system' | AppLocale;
+
+const LANGUAGE_MODE_STORAGE_KEY = 'opensession_language_mode';
+
+const messages = {
+	en: {
+		'language.label': 'Language',
+		'language.mode.system': 'Follow platform',
+		'language.mode.en': 'English',
+		'language.mode.ko': 'Korean',
+		'language.short.system': 'SYS',
+		'language.short.en': 'EN',
+		'language.short.ko': 'KO',
+		'language.help':
+			'Choose whether the app follows your platform language or uses a fixed language.',
+		'language.current': 'Current: {locale}',
+		'language.toggle': 'Switch app language',
+		'language.platform': 'Platform language',
+		'common.loading': 'Loading...',
+		'common.updating': 'Updating...',
+		'common.clear': 'Clear',
+		'common.copy': 'Copy',
+		'common.copied': 'Copied',
+		'common.copyFailed': 'Copy failed',
+		'common.close': 'Close',
+		'common.none': 'none',
+		'common.notLinked': 'not linked',
+		'common.renderMore': 'Render More',
+		'common.loadMore': 'Load More',
+		'theme.switchLight': 'Switch to light mode',
+		'theme.switchDark': 'Switch to dark mode',
+		'nav.sessions': 'Sessions',
+		'nav.docs': 'Docs',
+		'nav.settings': 'Settings',
+		'nav.login': 'Login',
+		'palette.goSessions.label': 'Go to Sessions',
+		'palette.goSessions.description': 'Open the main session list',
+		'palette.goDocs.label': 'Go to Docs',
+		'palette.goDocs.description': 'Open product and API documentation',
+		'palette.goLogin.label': 'Go to Login',
+		'palette.goLogin.description': 'Sign in to your account',
+		'palette.goSettings.label': 'Go to Settings',
+		'palette.goSettings.description': 'Open personal settings and API key controls',
+		'palette.focusSessionSearch.label': 'Focus session search',
+		'palette.focusSessionSearch.description': 'Move cursor to list search input',
+		'palette.focusDetailSearch.label': 'Focus in-session search',
+		'palette.focusDetailSearch.description': 'Move cursor to timeline search input',
+		'palette.placeholder': 'Type a command or page name...',
+		'palette.noMatches': 'No commands matched your query.',
+		'palette.commandCount': '{count} command(s)',
+		'palette.footer': 'Up/Down navigate · Enter run · Esc close',
+		'account.menu': 'Account menu',
+		'account.title': 'Account',
+		'account.emailMissing': 'email not linked',
+		'account.userId': 'User ID',
+		'account.joined': 'Joined',
+		'account.providers': 'Providers',
+		'account.sessionHome': 'Session Home',
+		'account.logout': 'Logout',
+		'footer.shortcuts': 'Shortcuts',
+		'footer.github': 'GitHub',
+		'footer.githubAria': 'Open GitHub repository',
+		'footer.help': 'help',
+		'shortcut.palette': 'palette',
+		'shortcut.scroll': 'scroll',
+		'shortcut.filters': 'filters',
+		'shortcut.search': 'search',
+		'shortcut.match': 'match',
+		'shortcut.back': 'back',
+		'shortcut.navigate': 'navigate',
+		'shortcut.open': 'open',
+		'shortcut.tool': 'tool',
+		'shortcut.range': 'range',
+		'shortcut.refresh': 'refresh',
+		'shortcut.repo': 'repo',
+		'help.overlayClose': 'Close help modal',
+		'help.commandPaletteClose': 'Close command palette',
+		'help.commandPalette': 'Command Palette',
+		'help.quickHelp': 'Quick Help',
+		'help.sessionRuntimeGuide': 'Session Runtime Guide',
+		'help.runtimeSummary': 'Runtime Summary',
+		'help.runtimeProvider': 'Summary model and transport',
+		'help.runtimeShape': 'Response shape: layered, file list, or security-first',
+		'help.runtimePrompt': 'Reset the prompt to the default template',
+		'help.vector': 'Vector',
+		'help.vectorAutoChunk': 'Recommended auto chunking for session size',
+		'help.vectorManual': 'Manual chunking exposes chunk size and overlap',
+		'help.vectorFix': 'If the provider is unavailable, start `ollama serve`',
+		'help.changeReader': 'Change Reader',
+		'help.changeReaderText': 'Read local change context and ask follow-up questions',
+		'help.changeReaderVoice': 'Play the same summary as OpenAI TTS narration',
+		'help.changeReaderApiKey': 'Set the voice API key in Runtime Summary > Change Reader',
+		'help.footerShortcuts': 'H opens help · Esc closes dialog',
+		'help.footerFocus': 'Tab focus is trapped inside this dialog',
+		'landing.title': 'OpenSession - Version Control for AI Work',
+		'landing.kicker': 'version control for ai work',
+		'landing.heroTitle': 'Version Control for AI Work.',
+		'landing.heroCopy':
+			'AI coding sessions disappear easily. Context slips, handoffs lose fidelity, and screenshots become the only evidence. OpenSession turns each session into a structured, replayable record.',
+		'landing.openSessions': 'Open Sessions',
+		'landing.quickStart': 'Beginner Quick Start',
+		'landing.openDocs': 'Open Docs',
+		'landing.whatMeans': 'What That Means',
+		'landing.timelineReview': 'Review on a timeline instead of from screenshots.',
+		'landing.gitSharing': 'Git-based sharing with commit-level references.',
+		'landing.handoffs': 'Handoffs built on the same session record.',
+		'landing.sessionModel': 'Session Model',
+		'landing.structuredEvents': 'Structured Events',
+		'landing.workLoop': 'Work Loop',
+		'landing.workLoopValue': 'Record -> Inspect -> Share -> Refine',
+		'landing.goalMapTag': '$ goal-map',
+		'landing.goalMapTitle': 'What This Means',
+		'landing.goalLabel': 'Goal',
+		'landing.operatingLoopTag': '$ operating-loop',
+		'landing.operatingLoopTitle': 'Work Loop',
+		'landing.step': 'Step {number}',
+		'landing.goal.data.title': 'Every Session Is Data',
+		'landing.goal.data.summary':
+			'Messages, tool calls, diffs, corrections, and outcomes are stored as structured events.',
+		'landing.goal.data.proof': 'The same records are available in CLI, TUI, and web.',
+		'landing.goal.review.title': 'Review What Actually Happened',
+		'landing.goal.review.summary':
+			'Review timeline evidence to see which tools ran, what changed, and where context shifted.',
+		'landing.goal.review.proof': 'Decisions can be verified from events, not memory.',
+		'landing.goal.share.title': 'Git-Based Sharing',
+		'landing.goal.share.summary':
+			'Sessions are versioned, reviewed, and referenced by commit through normal git history.',
+		'landing.goal.share.proof': 'Sharing uses standard refs and normal repository workflows.',
+		'landing.goal.handoff.title': 'Reproducible Handoffs',
+		'landing.goal.handoff.summary':
+			'Handoffs use the same session records, so the next owner can continue from the same state.',
+		'landing.goal.handoff.proof':
+			'No separate handoff summary is required as source of truth.',
+		'landing.loop.record.label': 'Record',
+		'landing.loop.record.detail': 'Capture sessions as structured artifacts, not screenshots.',
+		'landing.loop.inspect.label': 'Inspect',
+		'landing.loop.inspect.detail':
+			'Review timeline evidence to understand behavior and outcomes.',
+		'landing.loop.share.label': 'Share',
+		'landing.loop.share.detail': 'Distribute reproducible artifacts through web and git refs.',
+		'landing.loop.refine.label': 'Refine',
+		'landing.loop.refine.detail':
+			'Use findings to improve prompts, tools, and ownership transfer.',
+		'login.title': 'Sign In - opensession.io',
+		'login.heading': 'Sign In',
+		'login.subheading': 'New accounts are created automatically on first sign in.',
+		'login.email': 'Email',
+		'login.password': 'Password',
+		'login.nickname': 'Nickname (optional)',
+		'login.nicknamePlaceholder': 'Nickname (optional, first sign in only)',
+		'login.invalid': 'Invalid email or password',
+		'login.failed': 'Authentication failed',
+		'login.continue': 'Continue',
+		'login.signingIn': 'Signing in...',
+		'login.or': 'or',
+		'login.continueWith': 'Continue with {provider}',
+		'login.unavailable': 'Authentication is not available in this deployment.',
+		'docs.title': 'Docs - opensession.io',
+		'docs.defaultTitle': 'Documentation',
+		'docs.kicker': 'Docs',
+		'docs.heroCopy': 'Practical guides for registering, sharing, reviewing, and handing off sessions.',
+		'docs.sessions': 'Sessions',
+		'docs.loading': 'Loading docs...',
+		'docs.notFound': 'No documentation chapters were found.',
+		'docs.contents': 'Contents',
+		'sessionList.title': 'opensession.io - AI Session Explorer',
+		'sessionList.timeRange': 'Time range',
+		'sessionList.range.all': 'All Time',
+		'sessionList.range.24h': '24h',
+		'sessionList.range.7d': '7d',
+		'sessionList.range.30d': '30d',
+		'sessionList.searchPlaceholder': 'Search sessions...',
+		'sessionList.allTools': 'All tools',
+		'sessionList.repo': 'Repository',
+		'sessionList.repoPlaceholder': 'org/repo',
+		'sessionList.copyTitle': 'copy selected session title',
+		'sessionList.forceRefresh': 'Refresh from source',
+		'sessionList.copySelected': 'Copy selected session title',
+		'sessionList.forceRefreshButton': 'Refresh from source',
+		'sessionList.refreshing': 'Refreshing...',
+		'sessionList.header': 'Sessions ({total})',
+		'sessionList.feedHint': '[single session feed]',
+		'sessionList.noSessions': 'No sessions found',
+		'sessionList.noSessionsDetail': 'The public session feed is empty right now.',
+		'sessionList.refreshJobLabel': 'Refreshing sessions',
+		'sessionList.refreshJobDetail':
+			'Reindexing is running in the background. You can keep browsing.',
+		'sessionList.messagesShort': '{count} messages',
+		'sessionList.messagesLong': '{count} messages',
+		'sessionList.events': '{count} events',
+		'settings.languageSection': 'Language',
+		'settings.languageDescription':
+			'This preference applies immediately and defaults to following your platform language.',
+		'register.redirecting': 'Redirecting to login...',
+		'sourcePreview.loading': 'Loading source preview...',
+		'sourcePreview.unsupported': 'This deployment does not support source parse preview.',
+		'sourcePreview.failed': 'Failed to load source.',
+		'sourcePreview.empty': 'No preview data.',
+		'parseSource.source': 'Source',
+		'parseSource.parser': 'parser',
+		'parserSelect.title': 'Parser selection required',
+		'parserSelect.description':
+			'Auto-detection could not produce a stable parse. Select a parser and retry.',
+		'parserSelect.selected': '(selected)',
+		'authCallback.loading': 'Completing sign in...',
+		'authCallback.error': 'Authentication failed. Please try again.',
+		'fieldHelp.aria': '{label} help',
+		'sessionSidebar.session': 'Session',
+		'sessionSidebar.model': 'Model:',
+		'sessionSidebar.tool': 'Tool:',
+		'sessionSidebar.provider': 'Provider:',
+		'sessionSidebar.messages': 'Messages:',
+		'sessionSidebar.tools': 'Tool calls:',
+		'sessionSidebar.duration': 'Duration:',
+		'sessionSidebar.files': 'Files:',
+		'sessionSidebar.filesChanged': '{count} changed',
+		'sessionSidebar.lines': 'Lines:',
+		'sessionSidebar.tasks': 'Tasks:',
+		'eventGroup.user': 'User',
+		'eventGroup.agent': 'Agent',
+		'eventGroup.tool': 'Tool',
+		'eventGroup.system': 'System',
+		'timeline.viewMode': 'Session view mode',
+		'timeline.mode.unified': 'Unified',
+		'timeline.mode.branch': 'Branchpoints',
+		'timeline.mode.native': 'Native',
+		'timeline.mode.nativeWithAdapter': 'Native ({adapter})',
+		'timeline.items': '{count} items',
+		'timeline.eventFilters': 'Event filters',
+		'timeline.noMatches': 'No events match the selected filters.',
+		'threadMinimap.navigation': 'Message navigation',
+		'threadMinimap.message': 'Message {number}',
+		'eventView.user': 'USER',
+		'eventView.system': 'SYSTEM',
+		'eventView.agent': 'AGENT',
+		'eventView.thinking': 'Thinking',
+		'eventView.showLess': 'Show less',
+		'eventView.showMore': 'Show more...',
+		'eventView.subAgent': 'Subagent',
+		'eventView.error': 'error',
+		'eventView.options': 'Options',
+		'eventView.noAnswersFound': 'No answer was found in the response.',
+		'eventView.noAnswer': '(no answer)',
+		'eventView.collapse': 'Collapse',
+		'eventView.result': 'Result',
+		'eventView.files': '{count} files',
+		'eventView.matches': '{count} matches',
+		'eventView.chars': '{count} chars',
+		'eventView.lines': '{count} lines',
+		'sessionRender.messages': '{count} msgs',
+		'sessionRender.files': '{count} files',
+		'sessionRender.flow': 'Session Flow',
+		'sessionRender.flowDrag': 'Drag to scrub session timeline',
+		'sessionRender.searchPlaceholder': 'search in this session...',
+		'sessionRender.matches': '{count} matches',
+		'sessionRender.publicShare': 'Public Link',
+		'sessionRender.quickShareRemotePlaceholder':
+			'Remote name (optional; auto-detected by default)',
+		'sessionRender.quickShare': 'Create link',
+		'sessionRender.sharing': 'Sharing...',
+		'sessionRender.copyUri': 'Copy link',
+		'sessionRender.handoffArtifact': 'Handoff Artifact',
+		'sessionRender.buildPinLatest': 'Build (pin latest)',
+		'sessionRender.building': 'Building...',
+		'sessionRender.downloadFile': 'Download file',
+		'sessionRender.nativeFallback':
+			'Native view is unavailable for this parser. Falling back to unified view.',
+		'sessionRender.noMatchingEvents': 'No matching events for "{query}".',
+		'sessionRender.quickSharePushed': 'Created a share link and pushed it successfully.',
+		'sessionRender.quickShareLocal':
+			'Created a local share link. Confirm the first push once to enable auto-push in quick mode.',
+		'sessionRender.quickShareFailed': 'Failed to create a share link for this session.',
+		'sessionRender.quickShareCopied': 'Copied the share link.',
+		'sessionRender.quickShareCopyFailed': 'Failed to copy the share link.',
+		'sessionRender.handoffBuiltPinnedDownloaded':
+			'Handoff artifact built, pinned as {alias}, and downloaded.',
+		'sessionRender.handoffBuiltPinned': 'Handoff artifact built and pinned as {alias}.',
+		'sessionRender.handoffBuiltDownloaded': 'Handoff artifact built and downloaded.',
+		'sessionRender.handoffBuilt': 'Handoff artifact built.',
+		'sessionRender.handoffBuildFailed': 'Failed to build handoff artifact.',
+		'sessionRender.handoffCopied': 'Copied the artifact link.',
+		'sessionRender.handoffCopyFailed': 'Failed to copy the artifact link.',
+		'sessionRender.handoffDownloaded': 'Downloaded {fileName}.',
+		'sessionRender.handoffDownloadFailed': 'Failed to download handoff artifact file.',
+		'sessionDetail.loading': 'Loading session...',
+		'sessionDetail.contractMismatch':
+			'Desktop runtime and UI bundle contract versions do not match.',
+		'sessionDetail.contractMismatchDetail':
+			'Update desktop app/runtime and reopen this session.',
+		'sessionDetail.backToFeed': 'Back to sessions',
+		'sessionDetail.view': 'View',
+		'sessionDetail.view.summary': 'Summary',
+		'sessionDetail.view.full': 'Full',
+		'sessionDetail.semanticSummary': 'Semantic Summary',
+		'sessionDetail.heuristicFallback':
+			'Showing a compact summary because there is not enough change data.',
+		'sessionDetail.regenerating': 'Regenerating...',
+		'sessionDetail.regenerate': 'Regenerate',
+		'sessionDetail.loadingSummary': 'Loading semantic summary...',
+		'sessionDetail.changes': 'Changes',
+		'sessionDetail.authSecurity': 'Auth/Security',
+		'sessionDetail.layerFileChanges': 'Layer/File Changes',
+		'sessionDetail.unknownLayer': '(unknown layer)',
+		'sessionDetail.layerFileUnavailable':
+			'There is not enough change data to build a layer or file summary.',
+		'sessionDetail.diffTree': 'Diff Tree',
+		'sessionDetail.layer': '(layer)',
+		'sessionDetail.file': '(file)',
+		'sessionDetail.edit': 'edit',
+		'sessionDetail.large': 'large',
+		'sessionDetail.hunk': '(hunk)',
+		'sessionDetail.linesOmitted': '... {count} lines omitted',
+		'sessionDetail.generationNote': 'generation note: {note}',
+		'sessionDetail.noSummary': 'No semantic summary generated yet.',
+		'sessionDetail.changeReader': 'Change Reader (Text + Voice)',
+		'sessionDetail.changeReaderDescription':
+			'Read session changes, ask questions, and play voice narration from local context.',
+		'sessionDetail.scope': 'Scope',
+		'sessionDetail.scope.summaryOnly': 'Summary only',
+		'sessionDetail.scope.fullContext': 'Full context',
+		'sessionDetail.readChanges': 'Read summary',
+		'sessionDetail.reading': 'Reading...',
+		'sessionDetail.voicePromptMissing': 'Run Read summary or Ask first.',
+		'sessionDetail.voicePlaybackFailed': 'Voice playback failed.',
+		'sessionDetail.voiceSynthesisFailed': 'Failed to synthesize voice',
+		'sessionDetail.playVoice': 'Play Voice',
+		'sessionDetail.replayVoice': 'Replay Voice',
+		'sessionDetail.synthesizing': 'Synthesizing...',
+		'sessionDetail.stopVoice': 'Stop Voice',
+		'sessionDetail.voiceDisabled': 'Voice is disabled in runtime settings.',
+		'sessionDetail.voiceConfigure':
+			'Set Change Reader Voice API key in Settings to enable playback.',
+		'sessionDetail.qa': 'Questions',
+		'sessionDetail.questionPlaceholder': 'Ask about this change...',
+		'sessionDetail.ask': 'Ask',
+		'sessionDetail.asking': 'Asking...',
+		'sessionDetail.qaDisabled': 'Questions are disabled in runtime settings.',
+		'sessionDetail.citations': 'citations: {items}',
+	} as const,
+	ko: {
+		'language.label': '언어',
+		'language.mode.system': '플랫폼 언어 따르기',
+		'language.mode.en': '영어',
+		'language.mode.ko': '한국어',
+		'language.short.system': 'SYS',
+		'language.short.en': 'EN',
+		'language.short.ko': 'KO',
+		'language.help': '앱이 플랫폼 언어를 따를지, 고정 언어를 사용할지 선택합니다.',
+		'language.current': '현재: {locale}',
+		'language.toggle': '앱 언어 전환',
+		'language.platform': '플랫폼 언어',
+		'common.loading': '불러오는 중...',
+		'common.updating': '업데이트 중...',
+		'common.clear': '지우기',
+		'common.copy': '복사',
+		'common.copied': '복사됨',
+		'common.copyFailed': '복사 실패',
+		'common.close': '닫기',
+		'common.none': '없음',
+		'common.notLinked': '연결되지 않음',
+		'common.renderMore': '더 렌더링',
+		'common.loadMore': '더 불러오기',
+		'theme.switchLight': '라이트 모드로 전환',
+		'theme.switchDark': '다크 모드로 전환',
+		'nav.sessions': '세션',
+		'nav.docs': '문서',
+		'nav.settings': '설정',
+		'nav.login': '로그인',
+		'palette.goSessions.label': '세션으로 이동',
+		'palette.goSessions.description': '메인 세션 목록 열기',
+		'palette.goDocs.label': '문서로 이동',
+		'palette.goDocs.description': '제품 및 API 문서 열기',
+		'palette.goLogin.label': '로그인으로 이동',
+		'palette.goLogin.description': '계정에 로그인',
+		'palette.goSettings.label': '설정으로 이동',
+		'palette.goSettings.description': '개인 설정과 API 키 제어 열기',
+		'palette.focusSessionSearch.label': '세션 검색으로 이동',
+		'palette.focusSessionSearch.description': '목록 검색 입력으로 커서 이동',
+		'palette.focusDetailSearch.label': '세션 내 검색으로 이동',
+		'palette.focusDetailSearch.description': '타임라인 검색 입력으로 커서 이동',
+		'palette.placeholder': '명령어나 페이지 이름을 입력하세요...',
+		'palette.noMatches': '일치하는 명령이 없습니다.',
+		'palette.commandCount': '{count}개 명령',
+		'palette.footer': '위/아래 이동 · Enter 실행 · Esc 닫기',
+		'account.menu': '계정 메뉴',
+		'account.title': '계정',
+		'account.emailMissing': '이메일 연결 안 됨',
+		'account.userId': '사용자 ID',
+		'account.joined': '가입일',
+		'account.providers': '연결된 공급자',
+		'account.sessionHome': '세션 홈',
+		'account.logout': '로그아웃',
+		'footer.shortcuts': '단축키',
+		'footer.github': 'GitHub',
+		'footer.githubAria': 'GitHub 저장소 열기',
+		'footer.help': '도움말',
+		'shortcut.palette': '팔레트',
+		'shortcut.scroll': '스크롤',
+		'shortcut.filters': '필터',
+		'shortcut.search': '검색',
+		'shortcut.match': '일치 항목',
+		'shortcut.back': '뒤로',
+		'shortcut.navigate': '이동',
+		'shortcut.open': '열기',
+		'shortcut.tool': '도구',
+		'shortcut.range': '기간',
+		'shortcut.refresh': '새로고침',
+		'shortcut.repo': '저장소',
+		'help.overlayClose': '도움말 모달 닫기',
+		'help.commandPaletteClose': '명령 팔레트 닫기',
+		'help.commandPalette': '명령 팔레트',
+		'help.quickHelp': '빠른 도움말',
+		'help.sessionRuntimeGuide': '세션 런타임 가이드',
+		'help.runtimeSummary': '런타임 요약',
+		'help.runtimeProvider': '요약 모델과 전송 방식',
+		'help.runtimeShape': '응답 형식: 레이어별, 파일 목록, 보안 우선',
+		'help.runtimePrompt': '프롬프트를 기본 템플릿으로 되돌리기',
+		'help.vector': '벡터',
+		'help.vectorAutoChunk': '세션 크기에 맞춘 자동 청킹 권장값',
+		'help.vectorManual': '수동 청킹에서 청크 크기와 겹침 값을 조정',
+		'help.vectorFix': '공급자에 연결되지 않으면 `ollama serve` 실행',
+		'help.changeReader': '변경 리더',
+		'help.changeReaderText': '로컬 변경 컨텍스트를 읽고 이어서 질문하기',
+		'help.changeReaderVoice': '같은 요약을 OpenAI TTS 내레이션으로 재생',
+		'help.changeReaderApiKey': 'Runtime Summary > Change Reader에서 음성 API 키 설정',
+		'help.footerShortcuts': 'H 는 도움말 열기 · Esc 는 대화상자 닫기',
+		'help.footerFocus': 'Tab 포커스는 이 대화상자 안에 고정됩니다',
+		'landing.title': 'OpenSession - AI 작업을 위한 버전 관리',
+		'landing.kicker': 'ai 작업을 위한 버전 관리',
+		'landing.heroTitle': 'AI 작업을 위한 버전 관리.',
+		'landing.heroCopy':
+			'AI 코딩 세션은 쉽게 사라집니다. 컨텍스트는 흐려지고, 핸드오프의 정확도는 떨어지며, 스크린샷만 증거처럼 남습니다. OpenSession은 각 세션을 구조화되고 다시 볼 수 있는 기록으로 바꿉니다.',
+		'landing.openSessions': '세션 열기',
+		'landing.quickStart': '빠른 시작',
+		'landing.openDocs': '문서 열기',
+		'landing.whatMeans': '무엇이 달라지나',
+		'landing.timelineReview': '스크린샷이 아니라 타임라인으로 검토.',
+		'landing.gitSharing': '커밋 단위로 참조되는 Git 기반 공유.',
+		'landing.handoffs': '같은 세션 기록을 바탕으로 이어지는 핸드오프.',
+		'landing.sessionModel': '세션 모델',
+		'landing.structuredEvents': '구조화된 이벤트',
+		'landing.workLoop': '작업 루프',
+		'landing.workLoopValue': '기록 -> 검토 -> 공유 -> 개선',
+		'landing.goalMapTag': '$ 목표 맵',
+		'landing.goalMapTitle': '이 기능의 의미',
+		'landing.goalLabel': '목표',
+		'landing.operatingLoopTag': '$ 운영 루프',
+		'landing.operatingLoopTitle': '작업 루프',
+		'landing.step': '{number}단계',
+		'landing.goal.data.title': '모든 세션은 데이터입니다',
+		'landing.goal.data.summary':
+			'메시지, 도구 호출, diff, 수정, 결과를 구조화된 이벤트로 저장합니다.',
+		'landing.goal.data.proof': '같은 기록을 CLI, TUI, 웹에서 동일하게 볼 수 있습니다.',
+		'landing.goal.review.title': '실제로 일어난 일을 검토합니다',
+		'landing.goal.review.summary':
+			'타임라인으로 어떤 도구가 실행됐고 무엇이 바뀌었는지, 컨텍스트가 어디서 달라졌는지 확인합니다.',
+		'landing.goal.review.proof': '기억이 아니라 이벤트를 근거로 판단할 수 있습니다.',
+		'landing.goal.share.title': 'Git 기반 공유',
+		'landing.goal.share.summary':
+			'세션은 일반 Git 이력 안에서 버전 관리되고 검토되며 커밋으로 참조됩니다.',
+		'landing.goal.share.proof': '공유는 표준 ref와 일반 저장소 워크플로를 사용합니다.',
+		'landing.goal.handoff.title': '재현 가능한 핸드오프',
+		'landing.goal.handoff.summary':
+			'핸드오프도 같은 세션 기록을 사용하므로 다음 담당자가 같은 상태에서 이어받을 수 있습니다.',
+		'landing.goal.handoff.proof': '별도의 핸드오프 요약을 진실의 원천으로 둘 필요가 없습니다.',
+		'landing.loop.record.label': '기록',
+		'landing.loop.record.detail': '스크린샷이 아니라 구조화된 아티팩트로 세션을 남깁니다.',
+		'landing.loop.inspect.label': '검토',
+		'landing.loop.inspect.detail': '행동과 결과를 타임라인 근거로 이해합니다.',
+		'landing.loop.share.label': '공유',
+		'landing.loop.share.detail': '웹과 Git ref를 통해 재현 가능한 아티팩트를 배포합니다.',
+		'landing.loop.refine.label': '개선',
+		'landing.loop.refine.detail': '발견한 내용을 바탕으로 프롬프트, 도구, 인수인계를 개선합니다.',
+		'login.title': '로그인 - opensession.io',
+		'login.heading': '로그인',
+		'login.subheading': '첫 로그인 시 새 계정이 자동으로 생성됩니다.',
+		'login.email': '이메일',
+		'login.password': '비밀번호',
+		'login.nickname': '닉네임(선택)',
+		'login.nicknamePlaceholder': '닉네임(선택, 첫 로그인에만 사용)',
+		'login.invalid': '이메일 또는 비밀번호가 올바르지 않습니다',
+		'login.failed': '인증에 실패했습니다',
+		'login.continue': '계속',
+		'login.signingIn': '로그인 중...',
+		'login.or': '또는',
+		'login.continueWith': '{provider}로 계속',
+		'login.unavailable': '이 배포 환경에서는 인증을 사용할 수 없습니다.',
+		'docs.title': '문서 - opensession.io',
+		'docs.defaultTitle': '문서',
+		'docs.kicker': '문서',
+		'docs.heroCopy': '세션 등록, 공유, 검토, 핸드오프를 위한 실전 가이드입니다.',
+		'docs.sessions': '세션',
+		'docs.loading': '문서를 불러오는 중...',
+		'docs.notFound': '문서 챕터를 찾지 못했습니다.',
+		'docs.contents': '목차',
+		'sessionList.title': 'opensession.io - AI 세션 탐색기',
+		'sessionList.timeRange': '기간',
+		'sessionList.range.all': '전체 기간',
+		'sessionList.range.24h': '24시간',
+		'sessionList.range.7d': '7일',
+		'sessionList.range.30d': '30일',
+		'sessionList.searchPlaceholder': '세션 검색...',
+		'sessionList.allTools': '모든 도구',
+		'sessionList.repo': '저장소',
+		'sessionList.repoPlaceholder': 'org/repo',
+		'sessionList.copyTitle': '선택 세션 제목 복사',
+		'sessionList.forceRefresh': '원본에서 새로고침',
+		'sessionList.copySelected': '선택 세션 제목 복사',
+		'sessionList.forceRefreshButton': '원본에서 새로고침',
+		'sessionList.refreshing': '새로고침 중...',
+		'sessionList.header': '세션 ({total})',
+		'sessionList.feedHint': '[단일 세션 피드]',
+		'sessionList.noSessions': '세션이 없습니다',
+		'sessionList.noSessionsDetail': '현재 공개 세션 피드가 비어 있습니다.',
+		'sessionList.refreshJobLabel': '세션 새로고침 중',
+		'sessionList.refreshJobDetail':
+			'백그라운드에서 재색인이 진행 중입니다. 계속 둘러볼 수 있습니다.',
+		'sessionList.messagesShort': '{count}개 메시지',
+		'sessionList.messagesLong': '{count}개 메시지',
+		'sessionList.events': '{count}개 이벤트',
+		'settings.languageSection': '언어',
+		'settings.languageDescription':
+			'이 설정은 즉시 적용되며, 기본값은 플랫폼 언어를 따르는 것입니다.',
+		'register.redirecting': '로그인 페이지로 이동하는 중...',
+		'sourcePreview.loading': '소스 미리보기를 불러오는 중...',
+		'sourcePreview.unsupported': '이 배포 환경에서는 소스 파싱 미리보기를 지원하지 않습니다.',
+		'sourcePreview.failed': '소스를 불러오지 못했습니다.',
+		'sourcePreview.empty': '미리보기 데이터가 없습니다.',
+		'parseSource.source': '소스',
+		'parseSource.parser': '파서',
+		'parserSelect.title': '파서 선택이 필요합니다',
+		'parserSelect.description':
+			'자동 감지로 안정적인 파싱을 결정하지 못했습니다. 파서를 선택한 뒤 다시 시도하세요.',
+		'parserSelect.selected': '(선택됨)',
+		'authCallback.loading': '로그인을 완료하는 중...',
+		'authCallback.error': '인증에 실패했습니다. 다시 시도해 주세요.',
+		'fieldHelp.aria': '{label} 도움말',
+		'sessionSidebar.session': '세션',
+		'sessionSidebar.model': '모델:',
+		'sessionSidebar.tool': '도구:',
+		'sessionSidebar.provider': '공급자:',
+		'sessionSidebar.messages': '메시지:',
+		'sessionSidebar.tools': '도구 호출:',
+		'sessionSidebar.duration': '지속 시간:',
+		'sessionSidebar.files': '파일:',
+		'sessionSidebar.filesChanged': '{count}개 변경',
+		'sessionSidebar.lines': '라인:',
+		'sessionSidebar.tasks': '작업:',
+		'eventGroup.user': '사용자',
+		'eventGroup.agent': '에이전트',
+		'eventGroup.tool': '도구',
+		'eventGroup.system': '시스템',
+		'timeline.viewMode': '세션 보기 모드',
+		'timeline.mode.unified': '통합',
+		'timeline.mode.branch': '브랜치포인트',
+		'timeline.mode.native': '네이티브',
+		'timeline.mode.nativeWithAdapter': '네이티브 ({adapter})',
+		'timeline.items': '{count}개 항목',
+		'timeline.eventFilters': '이벤트 필터',
+		'timeline.noMatches': '선택한 필터와 일치하는 이벤트가 없습니다.',
+		'threadMinimap.navigation': '메시지 탐색',
+		'threadMinimap.message': '메시지 {number}',
+		'eventView.user': '사용자',
+		'eventView.system': '시스템',
+		'eventView.agent': '에이전트',
+		'eventView.thinking': '생각 중',
+		'eventView.showLess': '접기',
+		'eventView.showMore': '더 보기...',
+		'eventView.subAgent': '하위 에이전트',
+		'eventView.error': '오류',
+		'eventView.options': '선택지',
+		'eventView.noAnswersFound': '응답에서 답변을 찾지 못했습니다.',
+		'eventView.noAnswer': '(답변 없음)',
+		'eventView.collapse': '접기',
+		'eventView.result': '결과',
+		'eventView.files': '{count}개 파일',
+		'eventView.matches': '{count}개 일치',
+		'eventView.chars': '{count}자',
+		'eventView.lines': '{count}줄',
+		'sessionRender.messages': '{count}개 메시지',
+		'sessionRender.files': '{count}개 파일',
+		'sessionRender.flow': '세션 흐름',
+		'sessionRender.flowDrag': '드래그해서 세션 타임라인 이동',
+		'sessionRender.searchPlaceholder': '이 세션에서 검색...',
+		'sessionRender.matches': '{count}개 일치',
+		'sessionRender.publicShare': '공개 링크',
+		'sessionRender.quickShareRemotePlaceholder':
+			'원격 저장소 이름(선택, 기본값은 자동 감지)',
+		'sessionRender.quickShare': '링크 만들기',
+		'sessionRender.sharing': '공유 중...',
+		'sessionRender.copyUri': '링크 복사',
+		'sessionRender.handoffArtifact': '핸드오프 아티팩트',
+		'sessionRender.buildPinLatest': '빌드 (latest 고정)',
+		'sessionRender.building': '빌드 중...',
+		'sessionRender.downloadFile': '파일 다운로드',
+		'sessionRender.nativeFallback':
+			'이 파서에서는 네이티브 보기를 사용할 수 없습니다. 통합 보기로 전환합니다.',
+		'sessionRender.noMatchingEvents': '"{query}"와 일치하는 이벤트가 없습니다.',
+		'sessionRender.quickSharePushed': '공유 링크를 만들고 푸시했습니다.',
+		'sessionRender.quickShareLocal':
+			'로컬 공유 링크를 만들었습니다. 빠른 모드에서 자동 푸시를 쓰려면 첫 푸시를 한 번 확인해 주세요.',
+		'sessionRender.quickShareFailed': '이 세션의 공유 링크를 만들지 못했습니다.',
+		'sessionRender.quickShareCopied': '공유 링크를 복사했습니다.',
+		'sessionRender.quickShareCopyFailed': '공유 링크를 복사하지 못했습니다.',
+		'sessionRender.handoffBuiltPinnedDownloaded':
+			'핸드오프 아티팩트를 빌드하고 {alias}로 고정한 뒤 다운로드했습니다.',
+		'sessionRender.handoffBuiltPinned':
+			'핸드오프 아티팩트를 빌드하고 {alias}로 고정했습니다.',
+		'sessionRender.handoffBuiltDownloaded': '핸드오프 아티팩트를 빌드하고 다운로드했습니다.',
+		'sessionRender.handoffBuilt': '핸드오프 아티팩트를 빌드했습니다.',
+		'sessionRender.handoffBuildFailed': '핸드오프 아티팩트 빌드에 실패했습니다.',
+		'sessionRender.handoffCopied': '아티팩트 링크를 복사했습니다.',
+		'sessionRender.handoffCopyFailed': '아티팩트 링크를 복사하지 못했습니다.',
+		'sessionRender.handoffDownloaded': '{fileName} 파일을 다운로드했습니다.',
+		'sessionRender.handoffDownloadFailed': '핸드오프 아티팩트 파일 다운로드에 실패했습니다.',
+		'sessionDetail.loading': '세션을 불러오는 중...',
+		'sessionDetail.contractMismatch':
+			'데스크톱 런타임과 UI 번들 계약 버전이 일치하지 않습니다.',
+		'sessionDetail.contractMismatchDetail':
+			'데스크톱 앱/런타임을 업데이트한 뒤 이 세션을 다시 열어 주세요.',
+		'sessionDetail.backToFeed': '세션 목록으로 돌아가기',
+		'sessionDetail.view': '보기',
+		'sessionDetail.view.summary': '요약',
+		'sessionDetail.view.full': '전체',
+		'sessionDetail.semanticSummary': '시맨틱 요약',
+		'sessionDetail.heuristicFallback':
+			'변경 데이터가 충분하지 않아 축약 요약을 표시합니다.',
+		'sessionDetail.regenerating': '다시 생성 중...',
+		'sessionDetail.regenerate': '다시 생성',
+		'sessionDetail.loadingSummary': '시맨틱 요약을 불러오는 중...',
+		'sessionDetail.changes': '변경점',
+		'sessionDetail.authSecurity': '인증/보안',
+		'sessionDetail.layerFileChanges': '레이어/파일 변경',
+		'sessionDetail.unknownLayer': '(알 수 없는 레이어)',
+		'sessionDetail.layerFileUnavailable':
+			'레이어별/파일별 요약을 만들 만큼 변경 데이터가 충분하지 않습니다.',
+		'sessionDetail.diffTree': 'Diff 트리',
+		'sessionDetail.layer': '(레이어)',
+		'sessionDetail.file': '(파일)',
+		'sessionDetail.edit': '편집',
+		'sessionDetail.large': '대용량',
+		'sessionDetail.hunk': '(hunk)',
+		'sessionDetail.linesOmitted': '... {count}줄 생략',
+		'sessionDetail.generationNote': '생성 메모: {note}',
+		'sessionDetail.noSummary': '아직 생성된 시맨틱 요약이 없습니다.',
+		'sessionDetail.changeReader': '변경 리더 (텍스트 + 음성)',
+		'sessionDetail.changeReaderDescription':
+			'로컬 컨텍스트를 바탕으로 세션 변경을 읽고, 질문하고, 음성 내레이션을 재생합니다.',
+		'sessionDetail.scope': '범위',
+		'sessionDetail.scope.summaryOnly': '요약만',
+		'sessionDetail.scope.fullContext': '전체 컨텍스트',
+		'sessionDetail.readChanges': '변경 내용 읽기',
+		'sessionDetail.reading': '읽는 중...',
+		'sessionDetail.voicePromptMissing': '먼저 변경 내용 읽기 또는 질문을 실행하세요.',
+		'sessionDetail.voicePlaybackFailed': '음성 재생에 실패했습니다.',
+		'sessionDetail.voiceSynthesisFailed': '음성 합성에 실패했습니다.',
+		'sessionDetail.playVoice': '음성 재생',
+		'sessionDetail.replayVoice': '음성 다시 재생',
+		'sessionDetail.synthesizing': '합성 중...',
+		'sessionDetail.stopVoice': '음성 중지',
+		'sessionDetail.voiceDisabled': '런타임 설정에서 음성 기능이 비활성화되어 있습니다.',
+		'sessionDetail.voiceConfigure':
+			'재생을 사용하려면 Settings에서 Change Reader Voice API 키를 설정하세요.',
+		'sessionDetail.qa': '질문',
+		'sessionDetail.questionPlaceholder': '이 변경에 관해 질문해 보세요...',
+		'sessionDetail.ask': '질문',
+		'sessionDetail.asking': '질문 중...',
+		'sessionDetail.qaDisabled': '런타임 설정에서 질문 기능이 비활성화되어 있습니다.',
+		'sessionDetail.citations': '인용: {items}',
+	} as const,
+};
+
+export type TranslationKey = keyof typeof messages.en;
+
+export const appLocale = writable<AppLocale>('en');
+export const languageMode = writable<LanguageMode>('system');
+
+function formatMessage(
+	template: string,
+	params?: Record<string, string | number>,
+): string {
+	if (!params) return template;
+	return template.replace(/\{(\w+)\}/g, (_match, key: string) => {
+		const value = params[key];
+		return value == null ? '' : String(value);
+	});
+}
+
+export function parseLanguageMode(value: string | null | undefined): LanguageMode {
+	if (value === 'en' || value === 'ko') return value;
+	return 'system';
+}
+
+export function normalizeLocale(value: string | null | undefined): AppLocale {
+	const normalized = value?.trim().toLowerCase() ?? '';
+	if (normalized.startsWith('ko')) return 'ko';
+	return 'en';
+}
+
+export function resolveLocale(
+	mode: LanguageMode,
+	preferredLanguages: readonly string[],
+): AppLocale {
+	if (mode !== 'system') return mode;
+	for (const candidate of preferredLanguages) {
+		if (candidate?.trim()) return normalizeLocale(candidate);
+	}
+	return 'en';
+}
+
+export function translate(
+	locale: AppLocale,
+	key: TranslationKey,
+	params?: Record<string, string | number>,
+): string {
+	const table = messages[locale] ?? messages.en;
+	return formatMessage(table[key] ?? messages.en[key], params);
+}
+
+export function listTranslationKeys(locale: AppLocale): readonly TranslationKey[] {
+	return Object.keys(messages[locale]) as TranslationKey[];
+}
+
+function applyLocale(resolvedLocale: AppLocale) {
+	appLocale.set(resolvedLocale);
+	setDocumentLanguage(resolvedLocale);
+}
+
+export function initializeLocalization(runtime: RuntimeEnv = readBrowserRuntime()): AppLocale {
+	const nextMode = parseLanguageMode(runtime.getStorageItem(LANGUAGE_MODE_STORAGE_KEY));
+	languageMode.set(nextMode);
+	const resolvedLocale = resolveLocale(nextMode, getPreferredLanguages(runtime));
+	applyLocale(resolvedLocale);
+	return resolvedLocale;
+}
+
+export function refreshLocaleFromPlatform(runtime: RuntimeEnv = readBrowserRuntime()): AppLocale {
+	const currentMode = get(languageMode);
+	const resolvedLocale = resolveLocale(currentMode, getPreferredLanguages(runtime));
+	applyLocale(resolvedLocale);
+	return resolvedLocale;
+}
+
+export function setLanguagePreference(
+	mode: LanguageMode,
+	runtime: RuntimeEnv = readBrowserRuntime(),
+): AppLocale {
+	runtime.setStorageItem(LANGUAGE_MODE_STORAGE_KEY, mode);
+	languageMode.set(mode);
+	const resolvedLocale = resolveLocale(mode, getPreferredLanguages(runtime));
+	applyLocale(resolvedLocale);
+	return resolvedLocale;
+}
+
+export function cycleLanguageMode(mode: LanguageMode): LanguageMode {
+	if (mode === 'system') return 'en';
+	if (mode === 'en') return 'ko';
+	return 'system';
+}
diff --git a/packages/ui/src/index.ts b/packages/ui/src/index.ts
index 8bfba10e..f34dbb7d 100644
--- a/packages/ui/src/index.ts
+++ b/packages/ui/src/index.ts
@@ -104,9 +104,22 @@ export type {
 	ToolConfig,
 } from './types';
 export { formatDuration, formatTimestamp, getToolConfig, TOOL_CONFIGS } from './types';
+export { formatClockTime } from './types';
 // Shared utilities
 export type { FileStats } from './utils';
 export { computeFileStats, formatFullDate, getDisplayTitle, stripTags } from './utils';
+export {
+	appLocale,
+	cycleLanguageMode,
+	initializeLocalization,
+	languageMode,
+	refreshLocaleFromPlatform,
+	resolveLocale,
+	setLanguagePreference,
+	translate,
+	type AppLocale,
+	type LanguageMode,
+} from './i18n';
 export {
 	createShellModel,
 	createShellModelState,
diff --git a/packages/ui/src/types.ts b/packages/ui/src/types.ts
index 777021f4..7b0d49a2 100644
--- a/packages/ui/src/types.ts
+++ b/packages/ui/src/types.ts
@@ -1,3 +1,6 @@
+import { get } from 'svelte/store';
+import { appLocale } from './i18n';
+
 // ─── HAIL core types (mirrors crates/core/src/trace.rs) ──────────────────────
 // These represent the full session trace format used by /api/sessions/:id/raw
 
@@ -250,23 +253,38 @@ export function getToolConfig(tool: string): ToolConfig {
 }
 
 export function formatDuration(seconds: number): string {
-	if (seconds < 60) return `${seconds}s`;
-	if (seconds < 3600) return `${Math.floor(seconds / 60)}m ${seconds % 60}s`;
+	const locale = get(appLocale);
+	if (seconds < 60) return locale === 'ko' ? `${seconds}초` : `${seconds}s`;
+	if (seconds < 3600) {
+		const minutes = Math.floor(seconds / 60);
+		const remainder = seconds % 60;
+		return locale === 'ko' ? `${minutes}분 ${remainder}초` : `${minutes}m ${remainder}s`;
+	}
 	const h = Math.floor(seconds / 3600);
 	const m = Math.floor((seconds % 3600) / 60);
-	return `${h}h ${m}m`;
+	return locale === 'ko' ? `${h}시간 ${m}분` : `${h}h ${m}m`;
 }
 
 export function formatTimestamp(ts: string): string {
 	const date = new Date(ts);
 	const now = new Date();
+	const locale = get(appLocale);
 	const diff = now.getTime() - date.getTime();
 	const minutes = Math.floor(diff / 60000);
-	if (minutes < 1) return 'just now';
-	if (minutes < 60) return `${minutes}m ago`;
+	if (minutes < 1) return locale === 'ko' ? '방금 전' : 'just now';
+	if (minutes < 60) return locale === 'ko' ? `${minutes}분 전` : `${minutes}m ago`;
 	const hours = Math.floor(minutes / 60);
-	if (hours < 24) return `${hours}h ago`;
+	if (hours < 24) return locale === 'ko' ? `${hours}시간 전` : `${hours}h ago`;
 	const days = Math.floor(hours / 24);
-	if (days < 30) return `${days}d ago`;
-	return date.toLocaleDateString();
+	if (days < 30) return locale === 'ko' ? `${days}일 전` : `${days}d ago`;
+	return date.toLocaleDateString(locale === 'ko' ? 'ko-KR' : undefined);
+}
+
+export function formatClockTime(ts: string): string {
+	const locale = get(appLocale);
+	return new Date(ts).toLocaleTimeString(locale === 'ko' ? 'ko-KR' : 'en-US', {
+		hour: '2-digit',
+		minute: '2-digit',
+		hour12: false,
+	});
 }
diff --git a/packages/ui/src/utils.ts b/packages/ui/src/utils.ts
index 263ee311..29a9cca1 100644
--- a/packages/ui/src/utils.ts
+++ b/packages/ui/src/utils.ts
@@ -66,7 +66,12 @@ export function computeFileStats(events: Event[]): FileStats {
 /** Format timestamp as a full localized date string */
 export function formatFullDate(ts: string): string {
 	const date = new Date(ts);
-	return date.toLocaleDateString(undefined, {
+	const locale =
+		typeof document !== 'undefined' &&
+		document.documentElement?.lang?.trim().toLowerCase().startsWith('ko')
+			? 'ko-KR'
+			: 'en-US';
+	return date.toLocaleDateString(locale, {
 		year: 'numeric',
 		month: 'short',
 		day: 'numeric',
diff --git a/scripts/check-rust-artifact-guardrails.mjs b/scripts/check-rust-artifact-guardrails.mjs
new file mode 100644
index 00000000..e543ff13
--- /dev/null
+++ b/scripts/check-rust-artifact-guardrails.mjs
@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+const repoRoot = process.cwd();
+
+function readRequiredFile(relativePath) {
+	const filePath = path.join(repoRoot, relativePath);
+	if (!fs.existsSync(filePath)) {
+		console.error(`[rust-artifact-guardrails] Missing file: ${relativePath}`);
+		process.exit(1);
+	}
+
+	return fs.readFileSync(filePath, 'utf8');
+}
+
+function requireRegex(content, regex, description) {
+	if (!regex.test(content)) {
+		console.error(`[rust-artifact-guardrails] Missing ${description}`);
+		process.exit(1);
+	}
+}
+
+const cargoToml = readRequiredFile('Cargo.toml');
+requireRegex(
+	cargoToml,
+	/\[profile\.dev\][\s\S]*?incremental\s*=\s*false/,
+	'`[profile.dev] incremental = false` in Cargo.toml',
+);
+requireRegex(
+	cargoToml,
+	/\[profile\.test\][\s\S]*?incremental\s*=\s*false/,
+	'`[profile.test] incremental = false` in Cargo.toml',
+);
+
+const buildSh = readRequiredFile('build.sh');
+for (const snippet of [
+	'prune_rust_build_artifacts()',
+	'rm -rf target/debug/incremental',
+	'target-rustup-*/debug/incremental',
+	'target-rustup-*',
+]) {
+	if (!buildSh.includes(snippet)) {
+		console.error(
+			`[rust-artifact-guardrails] Missing required build.sh snippet: ${snippet}`,
+		);
+		process.exit(1);
+	}
+}
+
+console.log('[rust-artifact-guardrails] OK');
diff --git a/scripts/check-validation-hooks.mjs b/scripts/check-validation-hooks.mjs
index 49aae6df..82643799 100644
--- a/scripts/check-validation-hooks.mjs
+++ b/scripts/check-validation-hooks.mjs
@@ -12,6 +12,7 @@ const checks = [
 			'ERROR: mise is required for pre-commit validation.',
 			'scripts/validate/desktop-build-preflight.mjs --mode local',
 			'run_node_check()',
+			'scripts/check-rust-artifact-guardrails.mjs',
 			'scripts/check-validation-hooks.mjs',
 			'scripts/check-doc-portability.mjs',
 			'scripts/verify-content-contract.mjs',
diff --git a/web/README.ko.md b/web/README.ko.md
new file mode 100644
index 00000000..7edec692
--- /dev/null
+++ b/web/README.ko.md
@@ -0,0 +1,38 @@
+# OpenSession Web
+
+[English](README.md)
+
+이 패키지는 OpenSession용 Svelte 웹 앱을 포함합니다.
+
+## 실행
+
+```bash
+npm ci
+npm run dev
+```
+
+## 검증
+
+```bash
+npm run check
+```
+
+## Live E2E
+
+로컬 worker(`wrangler dev`)와 서버(`opensession-server`)가 이미 실행 중이어야 합니다.
+
+```bash
+OPENSESSION_E2E_WORKER_BASE_URL=http://127.0.0.1:8788 \
+OPENSESSION_E2E_SERVER_BASE_URL=http://127.0.0.1:3000 \
+OPENSESSION_E2E_ALLOW_REMOTE=0 \
+CI=1 \
+npm run test:e2e:live -- --reporter=list
+```
+
+제품 수준 사용법과 install-and-forget 흐름은 루트 문서를 참고하세요.
+
+- `../README.md`
+- `../README.ko.md`
+- `../docs.md`
+- `../docs.ko.md`
+- `../docs/development-validation-flow.md`
diff --git a/web/README.md b/web/README.md
index a979c517..158578c5 100644
--- a/web/README.md
+++ b/web/README.md
@@ -1,5 +1,7 @@
 # OpenSession Web
 
+[한국어](README.ko.md)
+
 This package contains the Svelte web app for OpenSession.
 
 ## Run
@@ -30,5 +32,7 @@ npm run test:e2e:live -- --reporter=list
 For product-level usage and install-and-forget flow, see the root docs:
 
 - `../README.md`
+- `../README.ko.md`
 - `../docs.md`
+- `../docs.ko.md`
 - `../docs/development-validation-flow.md`
diff --git a/web/e2e/navigation.spec.ts b/web/e2e/navigation.spec.ts
index 7bd38402..18989ee6 100644
--- a/web/e2e/navigation.spec.ts
+++ b/web/e2e/navigation.spec.ts
@@ -23,7 +23,7 @@ test.describe('Navigation', () => {
 		await expect(page.getByRole('tab', { name: 'List' })).toHaveCount(0);
 		await expect(page.getByRole('tab', { name: 'Agents' })).toHaveCount(0);
 		await expect(page.locator('[data-testid="session-layout-summary"]')).toContainText(
-			'single chronological feed',
+			'single session feed',
 		);
 		await expect(page.locator('[data-testid="session-layout-summary"]')).not.toContainText('grouped by max active agents');
 		await expect(page.locator('[data-testid="list-shortcut-legend"]')).not.toContainText('layout');
@@ -56,7 +56,9 @@ test.describe('Navigation', () => {
 		await expect(footer.getByText('t tool')).toBeVisible();
 		await expect(footer.getByText('r range')).toBeVisible();
 		await expect(footer.getByText('g repo')).toBeVisible();
-		await expect(footer.getByText('? help')).toBeVisible();
+		await expect(footer.getByText('h help')).toBeVisible();
+		await expect(footer.getByText('Shift+R refresh')).toHaveCount(0);
+		await expect(page.locator('[data-testid="list-shortcut-legend"]').getByText('Shift+R')).toBeVisible();
 		await expect(footer.getByText('opensession.io')).toBeVisible();
 	});
 
@@ -95,6 +97,15 @@ test.describe('Navigation', () => {
 		await expect(footer.getByText('n/p match')).toBeVisible();
 	});
 
+	test('h opens keyboard help without shifted punctuation', async ({ page }) => {
+		await page.goto('/sessions');
+		await page.locator('body').click();
+		await page.keyboard.press('h');
+		await expect(page.locator('[data-testid="keyboard-help-modal"]')).toBeVisible();
+		await page.keyboard.press('Escape');
+		await expect(page.locator('[data-testid="keyboard-help-modal"]')).toHaveCount(0);
+	});
+
 	test('authenticated nav shows account dropdown actions', async ({ page }) => {
 		const secure = BASE_URL.startsWith('https://');
 		const domain = new URL(BASE_URL).hostname;
diff --git a/web/e2e/settings.spec.ts b/web/e2e/settings.spec.ts
index 2134164c..e2cc4ccd 100644
--- a/web/e2e/settings.spec.ts
+++ b/web/e2e/settings.spec.ts
@@ -609,8 +609,7 @@ test.describe('Settings', () => {
 			active?.blur?.();
 			(document.body ?? window).dispatchEvent(
 				new KeyboardEvent('keydown', {
-					key: '?',
-					shiftKey: true,
+					key: 'h',
 					bubbles: true,
 				}),
 			);
diff --git a/web/package-lock.json b/web/package-lock.json
index 51fb95ce..ba7a2e2b 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -10,17 +10,17 @@
 			"dependencies": {
 				"@opensession/ui": "file:../packages/ui",
 				"highlight.js": "^11.11.1",
-				"marked": "^17.0.1"
+				"marked": "^17.0.4"
 			},
 			"devDependencies": {
 				"@playwright/test": "^1.58.2",
 				"@sveltejs/adapter-static": "^3.0.0",
-				"@sveltejs/kit": "^2.52.2",
+				"@sveltejs/kit": "^2.53.4",
 				"@sveltejs/vite-plugin-svelte": "^6.2.4",
-				"@tailwindcss/vite": "^4.0.0",
-				"svelte": "^5.48.2",
-				"svelte-check": "^4.3.5",
-				"tailwindcss": "^4.0.0",
+				"@tailwindcss/vite": "^4.2.1",
+				"svelte": "^5.53.7",
+				"svelte-check": "^4.4.5",
+				"tailwindcss": "^4.2.1",
 				"typescript": "^5.9.3",
 				"vite": "^7.3.1"
 			}
@@ -31,13 +31,13 @@
 			"dependencies": {
 				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
-				"isomorphic-dompurify": "^2.28.0",
-				"marked": "^17.0.1"
+				"isomorphic-dompurify": "^3.0.0",
+				"marked": "^17.0.4"
 			},
 			"devDependencies": {
-				"@biomejs/biome": "2.3.15",
+				"@biomejs/biome": "^2.4.6",
 				"jsdom": "^28.1.0",
-				"svelte": "^5.51.5",
+				"svelte": "^5.53.7",
 				"tsx": "^4.20.5",
 				"turndown": "^7.2.0",
 				"typescript": "^5.9.3"
@@ -566,9 +566,9 @@
 			"license": "MIT"
 		},
 		"node_modules/@rollup/rollup-android-arm-eabi": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.57.1.tgz",
-			"integrity": "sha512-A6ehUVSiSaaliTxai040ZpZ2zTevHYbvu/lDoeAteHI8QnaosIzm4qwtezfRg1jOYaUmnzLX1AOD6Z+UJjtifg==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.59.0.tgz",
+			"integrity": "sha512-upnNBkA6ZH2VKGcBj9Fyl9IGNPULcjXRlg0LLeaioQWueH30p6IXtJEbKAgvyv+mJaMxSm1l6xwDXYjpEMiLMg==",
 			"cpu": [
 				"arm"
 			],
@@ -580,9 +580,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-android-arm64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.57.1.tgz",
-			"integrity": "sha512-dQaAddCY9YgkFHZcFNS/606Exo8vcLHwArFZ7vxXq4rigo2bb494/xKMMwRRQW6ug7Js6yXmBZhSBRuBvCCQ3w==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.59.0.tgz",
+			"integrity": "sha512-hZ+Zxj3SySm4A/DylsDKZAeVg0mvi++0PYVceVyX7hemkw7OreKdCvW2oQ3T1FMZvCaQXqOTHb8qmBShoqk69Q==",
 			"cpu": [
 				"arm64"
 			],
@@ -594,9 +594,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-darwin-arm64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.57.1.tgz",
-			"integrity": "sha512-crNPrwJOrRxagUYeMn/DZwqN88SDmwaJ8Cvi/TN1HnWBU7GwknckyosC2gd0IqYRsHDEnXf328o9/HC6OkPgOg==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.59.0.tgz",
+			"integrity": "sha512-W2Psnbh1J8ZJw0xKAd8zdNgF9HRLkdWwwdWqubSVk0pUuQkoHnv7rx4GiF9rT4t5DIZGAsConRE3AxCdJ4m8rg==",
 			"cpu": [
 				"arm64"
 			],
@@ -608,9 +608,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-darwin-x64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.57.1.tgz",
-			"integrity": "sha512-Ji8g8ChVbKrhFtig5QBV7iMaJrGtpHelkB3lsaKzadFBe58gmjfGXAOfI5FV0lYMH8wiqsxKQ1C9B0YTRXVy4w==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.59.0.tgz",
+			"integrity": "sha512-ZW2KkwlS4lwTv7ZVsYDiARfFCnSGhzYPdiOU4IM2fDbL+QGlyAbjgSFuqNRbSthybLbIJ915UtZBtmuLrQAT/w==",
 			"cpu": [
 				"x64"
 			],
@@ -622,9 +622,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-freebsd-arm64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.57.1.tgz",
-			"integrity": "sha512-R+/WwhsjmwodAcz65guCGFRkMb4gKWTcIeLy60JJQbXrJ97BOXHxnkPFrP+YwFlaS0m+uWJTstrUA9o+UchFug==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.59.0.tgz",
+			"integrity": "sha512-EsKaJ5ytAu9jI3lonzn3BgG8iRBjV4LxZexygcQbpiU0wU0ATxhNVEpXKfUa0pS05gTcSDMKpn3Sx+QB9RlTTA==",
 			"cpu": [
 				"arm64"
 			],
@@ -636,9 +636,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-freebsd-x64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.57.1.tgz",
-			"integrity": "sha512-IEQTCHeiTOnAUC3IDQdzRAGj3jOAYNr9kBguI7MQAAZK3caezRrg0GxAb6Hchg4lxdZEI5Oq3iov/w/hnFWY9Q==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.59.0.tgz",
+			"integrity": "sha512-d3DuZi2KzTMjImrxoHIAODUZYoUUMsuUiY4SRRcJy6NJoZ6iIqWnJu9IScV9jXysyGMVuW+KNzZvBLOcpdl3Vg==",
 			"cpu": [
 				"x64"
 			],
@@ -650,9 +650,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.57.1.tgz",
-			"integrity": "sha512-F8sWbhZ7tyuEfsmOxwc2giKDQzN3+kuBLPwwZGyVkLlKGdV1nvnNwYD0fKQ8+XS6hp9nY7B+ZeK01EBUE7aHaw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.59.0.tgz",
+			"integrity": "sha512-t4ONHboXi/3E0rT6OZl1pKbl2Vgxf9vJfWgmUoCEVQVxhW6Cw/c8I6hbbu7DAvgp82RKiH7TpLwxnJeKv2pbsw==",
 			"cpu": [
 				"arm"
 			],
@@ -664,9 +664,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-arm-musleabihf": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.57.1.tgz",
-			"integrity": "sha512-rGfNUfn0GIeXtBP1wL5MnzSj98+PZe/AXaGBCRmT0ts80lU5CATYGxXukeTX39XBKsxzFpEeK+Mrp9faXOlmrw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.59.0.tgz",
+			"integrity": "sha512-CikFT7aYPA2ufMD086cVORBYGHffBo4K8MQ4uPS/ZnY54GKj36i196u8U+aDVT2LX4eSMbyHtyOh7D7Zvk2VvA==",
 			"cpu": [
 				"arm"
 			],
@@ -678,9 +678,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-arm64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.57.1.tgz",
-			"integrity": "sha512-MMtej3YHWeg/0klK2Qodf3yrNzz6CGjo2UntLvk2RSPlhzgLvYEB3frRvbEF2wRKh1Z2fDIg9KRPe1fawv7C+g==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.59.0.tgz",
+			"integrity": "sha512-jYgUGk5aLd1nUb1CtQ8E+t5JhLc9x5WdBKew9ZgAXg7DBk0ZHErLHdXM24rfX+bKrFe+Xp5YuJo54I5HFjGDAA==",
 			"cpu": [
 				"arm64"
 			],
@@ -692,9 +692,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-arm64-musl": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.57.1.tgz",
-			"integrity": "sha512-1a/qhaaOXhqXGpMFMET9VqwZakkljWHLmZOX48R0I/YLbhdxr1m4gtG1Hq7++VhVUmf+L3sTAf9op4JlhQ5u1Q==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.59.0.tgz",
+			"integrity": "sha512-peZRVEdnFWZ5Bh2KeumKG9ty7aCXzzEsHShOZEFiCQlDEepP1dpUl/SrUNXNg13UmZl+gzVDPsiCwnV1uI0RUA==",
 			"cpu": [
 				"arm64"
 			],
@@ -706,9 +706,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-loong64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.57.1.tgz",
-			"integrity": "sha512-QWO6RQTZ/cqYtJMtxhkRkidoNGXc7ERPbZN7dVW5SdURuLeVU7lwKMpo18XdcmpWYd0qsP1bwKPf7DNSUinhvA==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.59.0.tgz",
+			"integrity": "sha512-gbUSW/97f7+r4gHy3Jlup8zDG190AuodsWnNiXErp9mT90iCy9NKKU0Xwx5k8VlRAIV2uU9CsMnEFg/xXaOfXg==",
 			"cpu": [
 				"loong64"
 			],
@@ -720,9 +720,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-loong64-musl": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.57.1.tgz",
-			"integrity": "sha512-xpObYIf+8gprgWaPP32xiN5RVTi/s5FCR+XMXSKmhfoJjrpRAjCuuqQXyxUa/eJTdAE6eJ+KDKaoEqjZQxh3Gw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.59.0.tgz",
+			"integrity": "sha512-yTRONe79E+o0FWFijasoTjtzG9EBedFXJMl888NBEDCDV9I2wGbFFfJQQe63OijbFCUZqxpHz1GzpbtSFikJ4Q==",
 			"cpu": [
 				"loong64"
 			],
@@ -734,9 +734,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-ppc64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.57.1.tgz",
-			"integrity": "sha512-4BrCgrpZo4hvzMDKRqEaW1zeecScDCR+2nZ86ATLhAoJ5FQ+lbHVD3ttKe74/c7tNT9c6F2viwB3ufwp01Oh2w==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.59.0.tgz",
+			"integrity": "sha512-sw1o3tfyk12k3OEpRddF68a1unZ5VCN7zoTNtSn2KndUE+ea3m3ROOKRCZxEpmT9nsGnogpFP9x6mnLTCaoLkA==",
 			"cpu": [
 				"ppc64"
 			],
@@ -748,9 +748,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-ppc64-musl": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.57.1.tgz",
-			"integrity": "sha512-NOlUuzesGauESAyEYFSe3QTUguL+lvrN1HtwEEsU2rOwdUDeTMJdO5dUYl/2hKf9jWydJrO9OL/XSSf65R5+Xw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.59.0.tgz",
+			"integrity": "sha512-+2kLtQ4xT3AiIxkzFVFXfsmlZiG5FXYW7ZyIIvGA7Bdeuh9Z0aN4hVyXS/G1E9bTP/vqszNIN/pUKCk/BTHsKA==",
 			"cpu": [
 				"ppc64"
 			],
@@ -762,9 +762,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-riscv64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.57.1.tgz",
-			"integrity": "sha512-ptA88htVp0AwUUqhVghwDIKlvJMD/fmL/wrQj99PRHFRAG6Z5nbWoWG4o81Nt9FT+IuqUQi+L31ZKAFeJ5Is+A==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.59.0.tgz",
+			"integrity": "sha512-NDYMpsXYJJaj+I7UdwIuHHNxXZ/b/N2hR15NyH3m2qAtb/hHPA4g4SuuvrdxetTdndfj9b1WOmy73kcPRoERUg==",
 			"cpu": [
 				"riscv64"
 			],
@@ -776,9 +776,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-riscv64-musl": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.57.1.tgz",
-			"integrity": "sha512-S51t7aMMTNdmAMPpBg7OOsTdn4tySRQvklmL3RpDRyknk87+Sp3xaumlatU+ppQ+5raY7sSTcC2beGgvhENfuw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.59.0.tgz",
+			"integrity": "sha512-nLckB8WOqHIf1bhymk+oHxvM9D3tyPndZH8i8+35p/1YiVoVswPid2yLzgX7ZJP0KQvnkhM4H6QZ5m0LzbyIAg==",
 			"cpu": [
 				"riscv64"
 			],
@@ -790,9 +790,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-s390x-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.57.1.tgz",
-			"integrity": "sha512-Bl00OFnVFkL82FHbEqy3k5CUCKH6OEJL54KCyx2oqsmZnFTR8IoNqBF+mjQVcRCT5sB6yOvK8A37LNm/kPJiZg==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.59.0.tgz",
+			"integrity": "sha512-oF87Ie3uAIvORFBpwnCvUzdeYUqi2wY6jRFWJAy1qus/udHFYIkplYRW+wo+GRUP4sKzYdmE1Y3+rY5Gc4ZO+w==",
 			"cpu": [
 				"s390x"
 			],
@@ -804,9 +804,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-x64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.57.1.tgz",
-			"integrity": "sha512-ABca4ceT4N+Tv/GtotnWAeXZUZuM/9AQyCyKYyKnpk4yoA7QIAuBt6Hkgpw8kActYlew2mvckXkvx0FfoInnLg==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.59.0.tgz",
+			"integrity": "sha512-3AHmtQq/ppNuUspKAlvA8HtLybkDflkMuLK4DPo77DfthRb71V84/c4MlWJXixZz4uruIH4uaa07IqoAkG64fg==",
 			"cpu": [
 				"x64"
 			],
@@ -818,9 +818,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-linux-x64-musl": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.57.1.tgz",
-			"integrity": "sha512-HFps0JeGtuOR2convgRRkHCekD7j+gdAuXM+/i6kGzQtFhlCtQkpwtNzkNj6QhCDp7DRJ7+qC/1Vg2jt5iSOFw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.59.0.tgz",
+			"integrity": "sha512-2UdiwS/9cTAx7qIUZB/fWtToJwvt0Vbo0zmnYt7ED35KPg13Q0ym1g442THLC7VyI6JfYTP4PiSOWyoMdV2/xg==",
 			"cpu": [
 				"x64"
 			],
@@ -832,9 +832,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-openbsd-x64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.57.1.tgz",
-			"integrity": "sha512-H+hXEv9gdVQuDTgnqD+SQffoWoc0Of59AStSzTEj/feWTBAnSfSD3+Dql1ZruJQxmykT/JVY0dE8Ka7z0DH1hw==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.59.0.tgz",
+			"integrity": "sha512-M3bLRAVk6GOwFlPTIxVBSYKUaqfLrn8l0psKinkCFxl4lQvOSz8ZrKDz2gxcBwHFpci0B6rttydI4IpS4IS/jQ==",
 			"cpu": [
 				"x64"
 			],
@@ -846,9 +846,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-openharmony-arm64": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.57.1.tgz",
-			"integrity": "sha512-4wYoDpNg6o/oPximyc/NG+mYUejZrCU2q+2w6YZqrAs2UcNUChIZXjtafAiiZSUc7On8v5NyNj34Kzj/Ltk6dQ==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.59.0.tgz",
+			"integrity": "sha512-tt9KBJqaqp5i5HUZzoafHZX8b5Q2Fe7UjYERADll83O4fGqJ49O1FsL6LpdzVFQcpwvnyd0i+K/VSwu/o/nWlA==",
 			"cpu": [
 				"arm64"
 			],
@@ -860,9 +860,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-win32-arm64-msvc": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.57.1.tgz",
-			"integrity": "sha512-O54mtsV/6LW3P8qdTcamQmuC990HDfR71lo44oZMZlXU4tzLrbvTii87Ni9opq60ds0YzuAlEr/GNwuNluZyMQ==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.59.0.tgz",
+			"integrity": "sha512-V5B6mG7OrGTwnxaNUzZTDTjDS7F75PO1ae6MJYdiMu60sq0CqN5CVeVsbhPxalupvTX8gXVSU9gq+Rx1/hvu6A==",
 			"cpu": [
 				"arm64"
 			],
@@ -874,9 +874,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-win32-ia32-msvc": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.57.1.tgz",
-			"integrity": "sha512-P3dLS+IerxCT/7D2q2FYcRdWRl22dNbrbBEtxdWhXrfIMPP9lQhb5h4Du04mdl5Woq05jVCDPCMF7Ub0NAjIew==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.59.0.tgz",
+			"integrity": "sha512-UKFMHPuM9R0iBegwzKF4y0C4J9u8C6MEJgFuXTBerMk7EJ92GFVFYBfOZaSGLu6COf7FxpQNqhNS4c4icUPqxA==",
 			"cpu": [
 				"ia32"
 			],
@@ -888,9 +888,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-win32-x64-gnu": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.57.1.tgz",
-			"integrity": "sha512-VMBH2eOOaKGtIJYleXsi2B8CPVADrh+TyNxJ4mWPnKfLB/DBUmzW+5m1xUrcwWoMfSLagIRpjUFeW5CO5hyciQ==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.59.0.tgz",
+			"integrity": "sha512-laBkYlSS1n2L8fSo1thDNGrCTQMmxjYY5G0WFWjFFYZkKPjsMBsgJfGf4TLxXrF6RyhI60L8TMOjBMvXiTcxeA==",
 			"cpu": [
 				"x64"
 			],
@@ -902,9 +902,9 @@
 			]
 		},
 		"node_modules/@rollup/rollup-win32-x64-msvc": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.57.1.tgz",
-			"integrity": "sha512-mxRFDdHIWRxg3UfIIAwCm6NzvxG0jDX/wBN6KsQFTvKFqqg9vTrWUE68qEjHt19A5wwx5X5aUi2zuZT7YR0jrA==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.59.0.tgz",
+			"integrity": "sha512-2HRCml6OztYXyJXAvdDXPKcawukWY2GpR5/nxKp4iBgiO3wcoEGkAaqctIbZcNB6KlUQBIqt8VYkNSj2397EfA==",
 			"cpu": [
 				"x64"
 			],
@@ -943,9 +943,9 @@
 			}
 		},
 		"node_modules/@sveltejs/kit": {
-			"version": "2.52.2",
-			"resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.52.2.tgz",
-			"integrity": "sha512-1in76dftrofUt138rVLvYuwiQLkg9K3cG8agXEE6ksf7gCGs8oIr3+pFrVtbRmY9JvW+psW5fvLM/IwVybOLBA==",
+			"version": "2.53.4",
+			"resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.53.4.tgz",
+			"integrity": "sha512-iAIPEahFgDJJyvz8g0jP08KvqnM6JvdW8YfsygZ+pMeMvyM2zssWMltcsotETvjSZ82G3VlitgDtBIvpQSZrTA==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -970,10 +970,10 @@
 			},
 			"peerDependencies": {
 				"@opentelemetry/api": "^1.0.0",
-				"@sveltejs/vite-plugin-svelte": "^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0",
+				"@sveltejs/vite-plugin-svelte": "^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0 || ^7.0.0",
 				"svelte": "^4.0.0 || ^5.0.0-next.0",
 				"typescript": "^5.3.3",
-				"vite": "^5.0.3 || ^6.0.0 || ^7.0.0-beta.0"
+				"vite": "^5.0.3 || ^6.0.0 || ^7.0.0-beta.0 || ^8.0.0"
 			},
 			"peerDependenciesMeta": {
 				"@opentelemetry/api": {
@@ -1024,49 +1024,49 @@
 			}
 		},
 		"node_modules/@tailwindcss/node": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.1.18.tgz",
-			"integrity": "sha512-DoR7U1P7iYhw16qJ49fgXUlry1t4CpXeErJHnQ44JgTSKMaZUdf17cfn5mHchfJ4KRBZRFA/Coo+MUF5+gOaCQ==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.2.1.tgz",
+			"integrity": "sha512-jlx6sLk4EOwO6hHe1oCGm1Q4AN/s0rSrTTPBGPM0/RQ6Uylwq17FuU8IeJJKEjtc6K6O07zsvP+gDO6MMWo7pg==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
-				"@jridgewell/remapping": "^2.3.4",
-				"enhanced-resolve": "^5.18.3",
+				"@jridgewell/remapping": "^2.3.5",
+				"enhanced-resolve": "^5.19.0",
 				"jiti": "^2.6.1",
-				"lightningcss": "1.30.2",
+				"lightningcss": "1.31.1",
 				"magic-string": "^0.30.21",
 				"source-map-js": "^1.2.1",
-				"tailwindcss": "4.1.18"
+				"tailwindcss": "4.2.1"
 			}
 		},
 		"node_modules/@tailwindcss/oxide": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.18.tgz",
-			"integrity": "sha512-EgCR5tTS5bUSKQgzeMClT6iCY3ToqE1y+ZB0AKldj809QXk1Y+3jB0upOYZrn9aGIzPtUsP7sX4QQ4XtjBB95A==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.2.1.tgz",
+			"integrity": "sha512-yv9jeEFWnjKCI6/T3Oq50yQEOqmpmpfzG1hcZsAOaXFQPfzWprWrlHSdGPEF3WQTi8zu8ohC9Mh9J470nT5pUw==",
 			"dev": true,
 			"license": "MIT",
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			},
 			"optionalDependencies": {
-				"@tailwindcss/oxide-android-arm64": "4.1.18",
-				"@tailwindcss/oxide-darwin-arm64": "4.1.18",
-				"@tailwindcss/oxide-darwin-x64": "4.1.18",
-				"@tailwindcss/oxide-freebsd-x64": "4.1.18",
-				"@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.18",
-				"@tailwindcss/oxide-linux-arm64-gnu": "4.1.18",
-				"@tailwindcss/oxide-linux-arm64-musl": "4.1.18",
-				"@tailwindcss/oxide-linux-x64-gnu": "4.1.18",
-				"@tailwindcss/oxide-linux-x64-musl": "4.1.18",
-				"@tailwindcss/oxide-wasm32-wasi": "4.1.18",
-				"@tailwindcss/oxide-win32-arm64-msvc": "4.1.18",
-				"@tailwindcss/oxide-win32-x64-msvc": "4.1.18"
+				"@tailwindcss/oxide-android-arm64": "4.2.1",
+				"@tailwindcss/oxide-darwin-arm64": "4.2.1",
+				"@tailwindcss/oxide-darwin-x64": "4.2.1",
+				"@tailwindcss/oxide-freebsd-x64": "4.2.1",
+				"@tailwindcss/oxide-linux-arm-gnueabihf": "4.2.1",
+				"@tailwindcss/oxide-linux-arm64-gnu": "4.2.1",
+				"@tailwindcss/oxide-linux-arm64-musl": "4.2.1",
+				"@tailwindcss/oxide-linux-x64-gnu": "4.2.1",
+				"@tailwindcss/oxide-linux-x64-musl": "4.2.1",
+				"@tailwindcss/oxide-wasm32-wasi": "4.2.1",
+				"@tailwindcss/oxide-win32-arm64-msvc": "4.2.1",
+				"@tailwindcss/oxide-win32-x64-msvc": "4.2.1"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-android-arm64": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.1.18.tgz",
-			"integrity": "sha512-dJHz7+Ugr9U/diKJA0W6N/6/cjI+ZTAoxPf9Iz9BFRF2GzEX8IvXxFIi/dZBloVJX/MZGvRuFA9rqwdiIEZQ0Q==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.2.1.tgz",
+			"integrity": "sha512-eZ7G1Zm5EC8OOKaesIKuw77jw++QJ2lL9N+dDpdQiAB/c/B2wDh0QPFHbkBVrXnwNugvrbJFk1gK2SsVjwWReg==",
 			"cpu": [
 				"arm64"
 			],
@@ -1077,13 +1077,13 @@
 				"android"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-darwin-arm64": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.1.18.tgz",
-			"integrity": "sha512-Gc2q4Qhs660bhjyBSKgq6BYvwDz4G+BuyJ5H1xfhmDR3D8HnHCmT/BSkvSL0vQLy/nkMLY20PQ2OoYMO15Jd0A==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.2.1.tgz",
+			"integrity": "sha512-q/LHkOstoJ7pI1J0q6djesLzRvQSIfEto148ppAd+BVQK0JYjQIFSK3JgYZJa+Yzi0DDa52ZsQx2rqytBnf8Hw==",
 			"cpu": [
 				"arm64"
 			],
@@ -1094,13 +1094,13 @@
 				"darwin"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-darwin-x64": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.1.18.tgz",
-			"integrity": "sha512-FL5oxr2xQsFrc3X9o1fjHKBYBMD1QZNyc1Xzw/h5Qu4XnEBi3dZn96HcHm41c/euGV+GRiXFfh2hUCyKi/e+yw==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.2.1.tgz",
+			"integrity": "sha512-/f/ozlaXGY6QLbpvd/kFTro2l18f7dHKpB+ieXz+Cijl4Mt9AI2rTrpq7V+t04nK+j9XBQHnSMdeQRhbGyt6fw==",
 			"cpu": [
 				"x64"
 			],
@@ -1111,13 +1111,13 @@
 				"darwin"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-freebsd-x64": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.1.18.tgz",
-			"integrity": "sha512-Fj+RHgu5bDodmV1dM9yAxlfJwkkWvLiRjbhuO2LEtwtlYlBgiAT4x/j5wQr1tC3SANAgD+0YcmWVrj8R9trVMA==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.2.1.tgz",
+			"integrity": "sha512-5e/AkgYJT/cpbkys/OU2Ei2jdETCLlifwm7ogMC7/hksI2fC3iiq6OcXwjibcIjPung0kRtR3TxEITkqgn0TcA==",
 			"cpu": [
 				"x64"
 			],
@@ -1128,13 +1128,13 @@
 				"freebsd"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-linux-arm-gnueabihf": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.1.18.tgz",
-			"integrity": "sha512-Fp+Wzk/Ws4dZn+LV2Nqx3IilnhH51YZoRaYHQsVq3RQvEl+71VGKFpkfHrLM/Li+kt5c0DJe/bHXK1eHgDmdiA==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.2.1.tgz",
+			"integrity": "sha512-Uny1EcVTTmerCKt/1ZuKTkb0x8ZaiuYucg2/kImO5A5Y/kBz41/+j0gxUZl+hTF3xkWpDmHX+TaWhOtba2Fyuw==",
 			"cpu": [
 				"arm"
 			],
@@ -1145,13 +1145,13 @@
 				"linux"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-linux-arm64-gnu": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.1.18.tgz",
-			"integrity": "sha512-S0n3jboLysNbh55Vrt7pk9wgpyTTPD0fdQeh7wQfMqLPM/Hrxi+dVsLsPrycQjGKEQk85Kgbx+6+QnYNiHalnw==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.2.1.tgz",
+			"integrity": "sha512-CTrwomI+c7n6aSSQlsPL0roRiNMDQ/YzMD9EjcR+H4f0I1SQ8QqIuPnsVp7QgMkC1Qi8rtkekLkOFjo7OlEFRQ==",
 			"cpu": [
 				"arm64"
 			],
@@ -1162,13 +1162,13 @@
 				"linux"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-linux-arm64-musl": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.1.18.tgz",
-			"integrity": "sha512-1px92582HkPQlaaCkdRcio71p8bc8i/ap5807tPRDK/uw953cauQBT8c5tVGkOwrHMfc2Yh6UuxaH4vtTjGvHg==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.2.1.tgz",
+			"integrity": "sha512-WZA0CHRL/SP1TRbA5mp9htsppSEkWuQ4KsSUumYQnyl8ZdT39ntwqmz4IUHGN6p4XdSlYfJwM4rRzZLShHsGAQ==",
 			"cpu": [
 				"arm64"
 			],
@@ -1179,13 +1179,13 @@
 				"linux"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-linux-x64-gnu": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.1.18.tgz",
-			"integrity": "sha512-v3gyT0ivkfBLoZGF9LyHmts0Isc8jHZyVcbzio6Wpzifg/+5ZJpDiRiUhDLkcr7f/r38SWNe7ucxmGW3j3Kb/g==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.2.1.tgz",
+			"integrity": "sha512-qMFzxI2YlBOLW5PhblzuSWlWfwLHaneBE0xHzLrBgNtqN6mWfs+qYbhryGSXQjFYB1Dzf5w+LN5qbUTPhW7Y5g==",
 			"cpu": [
 				"x64"
 			],
@@ -1196,13 +1196,13 @@
 				"linux"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-linux-x64-musl": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.1.18.tgz",
-			"integrity": "sha512-bhJ2y2OQNlcRwwgOAGMY0xTFStt4/wyU6pvI6LSuZpRgKQwxTec0/3Scu91O8ir7qCR3AuepQKLU/kX99FouqQ==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.2.1.tgz",
+			"integrity": "sha512-5r1X2FKnCMUPlXTWRYpHdPYUY6a1Ar/t7P24OuiEdEOmms5lyqjDRvVY1yy9Rmioh+AunQ0rWiOTPE8F9A3v5g==",
 			"cpu": [
 				"x64"
 			],
@@ -1213,13 +1213,13 @@
 				"linux"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-wasm32-wasi": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.1.18.tgz",
-			"integrity": "sha512-LffYTvPjODiP6PT16oNeUQJzNVyJl1cjIebq/rWWBF+3eDst5JGEFSc5cWxyRCJ0Mxl+KyIkqRxk1XPEs9x8TA==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.2.1.tgz",
+			"integrity": "sha512-MGFB5cVPvshR85MTJkEvqDUnuNoysrsRxd6vnk1Lf2tbiqNlXpHYZqkqOQalydienEWOHHFyyuTSYRsLfxFJ2Q==",
 			"bundleDependencies": [
 				"@napi-rs/wasm-runtime",
 				"@emnapi/core",
@@ -1235,81 +1235,21 @@
 			"license": "MIT",
 			"optional": true,
 			"dependencies": {
-				"@emnapi/core": "^1.7.1",
-				"@emnapi/runtime": "^1.7.1",
+				"@emnapi/core": "^1.8.1",
+				"@emnapi/runtime": "^1.8.1",
 				"@emnapi/wasi-threads": "^1.1.0",
-				"@napi-rs/wasm-runtime": "^1.1.0",
+				"@napi-rs/wasm-runtime": "^1.1.1",
 				"@tybys/wasm-util": "^0.10.1",
-				"tslib": "^2.4.0"
+				"tslib": "^2.8.1"
 			},
 			"engines": {
 				"node": ">=14.0.0"
 			}
 		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
-			"version": "1.7.1",
-			"dev": true,
-			"inBundle": true,
-			"license": "MIT",
-			"optional": true,
-			"dependencies": {
-				"@emnapi/wasi-threads": "1.1.0",
-				"tslib": "^2.4.0"
-			}
-		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
-			"version": "1.7.1",
-			"dev": true,
-			"inBundle": true,
-			"license": "MIT",
-			"optional": true,
-			"dependencies": {
-				"tslib": "^2.4.0"
-			}
-		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
-			"version": "1.1.0",
-			"dev": true,
-			"inBundle": true,
-			"license": "MIT",
-			"optional": true,
-			"dependencies": {
-				"tslib": "^2.4.0"
-			}
-		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
-			"version": "1.1.0",
-			"dev": true,
-			"inBundle": true,
-			"license": "MIT",
-			"optional": true,
-			"dependencies": {
-				"@emnapi/core": "^1.7.1",
-				"@emnapi/runtime": "^1.7.1",
-				"@tybys/wasm-util": "^0.10.1"
-			}
-		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
-			"version": "0.10.1",
-			"dev": true,
-			"inBundle": true,
-			"license": "MIT",
-			"optional": true,
-			"dependencies": {
-				"tslib": "^2.4.0"
-			}
-		},
-		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
-			"version": "2.8.1",
-			"dev": true,
-			"inBundle": true,
-			"license": "0BSD",
-			"optional": true
-		},
 		"node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.18.tgz",
-			"integrity": "sha512-HjSA7mr9HmC8fu6bdsZvZ+dhjyGCLdotjVOgLA2vEqxEBZaQo9YTX4kwgEvPCpRh8o4uWc4J/wEoFzhEmjvPbA==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.2.1.tgz",
+			"integrity": "sha512-YlUEHRHBGnCMh4Nj4GnqQyBtsshUPdiNroZj8VPkvTZSoHsilRCwXcVKnG9kyi0ZFAS/3u+qKHBdDc81SADTRA==",
 			"cpu": [
 				"arm64"
 			],
@@ -1320,13 +1260,13 @@
 				"win32"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/oxide-win32-x64-msvc": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.1.18.tgz",
-			"integrity": "sha512-bJWbyYpUlqamC8dpR7pfjA0I7vdF6t5VpUGMWRkXVE3AXgIZjYUYAK7II1GNaxR8J1SSrSrppRar8G++JekE3Q==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.2.1.tgz",
+			"integrity": "sha512-rbO34G5sMWWyrN/idLeVxAZgAKWrn5LiR3/I90Q9MkA67s6T1oB0xtTe+0heoBvHSpbU9Mk7i6uwJnpo4u21XQ==",
 			"cpu": [
 				"x64"
 			],
@@ -1337,19 +1277,19 @@
 				"win32"
 			],
 			"engines": {
-				"node": ">= 10"
+				"node": ">= 20"
 			}
 		},
 		"node_modules/@tailwindcss/vite": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/@tailwindcss/vite/-/vite-4.1.18.tgz",
-			"integrity": "sha512-jVA+/UpKL1vRLg6Hkao5jldawNmRo7mQYrZtNHMIVpLfLhDml5nMRUo/8MwoX2vNXvnaXNNMedrMfMugAVX1nA==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/@tailwindcss/vite/-/vite-4.2.1.tgz",
+			"integrity": "sha512-TBf2sJjYeb28jD2U/OhwdW0bbOsxkWPwQ7SrqGf9sVcoYwZj7rkXljroBO9wKBut9XnmQLXanuDUeqQK0lGg/w==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
-				"@tailwindcss/node": "4.1.18",
-				"@tailwindcss/oxide": "4.1.18",
-				"tailwindcss": "4.1.18"
+				"@tailwindcss/node": "4.2.1",
+				"@tailwindcss/oxide": "4.2.1",
+				"tailwindcss": "4.2.1"
 			},
 			"peerDependencies": {
 				"vite": "^5.2.0 || ^6 || ^7"
@@ -1369,6 +1309,13 @@
 			"dev": true,
 			"license": "MIT"
 		},
+		"node_modules/@types/trusted-types": {
+			"version": "2.0.7",
+			"resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+			"integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+			"dev": true,
+			"license": "MIT"
+		},
 		"node_modules/acorn": {
 			"version": "8.15.0",
 			"resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
@@ -1383,9 +1330,9 @@
 			}
 		},
 		"node_modules/aria-query": {
-			"version": "5.3.2",
-			"resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.2.tgz",
-			"integrity": "sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==",
+			"version": "5.3.1",
+			"resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.1.tgz",
+			"integrity": "sha512-Z/ZeOgVl7bcSYZ/u/rh0fOpvEpq//LZmdbkXyc7syVzjPAhfOa9ebsdTSjEBDU4vs5nC98Kfduj1uFo0qyET3g==",
 			"dev": true,
 			"license": "Apache-2.0",
 			"engines": {
@@ -1466,9 +1413,9 @@
 			"license": "MIT"
 		},
 		"node_modules/enhanced-resolve": {
-			"version": "5.19.0",
-			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz",
-			"integrity": "sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg==",
+			"version": "5.20.0",
+			"resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz",
+			"integrity": "sha512-/ce7+jQ1PQ6rVXwe+jKEg5hW5ciicHwIQUagZkp6IufBoY3YDgdTTY1azVs0qoRgVmvsNB+rbjLJxDAeHHtwsQ==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -1618,9 +1565,9 @@
 			}
 		},
 		"node_modules/lightningcss": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.30.2.tgz",
-			"integrity": "sha512-utfs7Pr5uJyyvDETitgsaqSyjCb2qNRAtuqUeWIAKztsOYdcACf2KtARYXg2pSvhkt+9NfoaNY7fxjl6nuMjIQ==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.31.1.tgz",
+			"integrity": "sha512-l51N2r93WmGUye3WuFoN5k10zyvrVs0qfKBhyC5ogUQ6Ew6JUSswh78mbSO+IU3nTWsyOArqPCcShdQSadghBQ==",
 			"dev": true,
 			"license": "MPL-2.0",
 			"dependencies": {
@@ -1634,23 +1581,23 @@
 				"url": "https://opencollective.com/parcel"
 			},
 			"optionalDependencies": {
-				"lightningcss-android-arm64": "1.30.2",
-				"lightningcss-darwin-arm64": "1.30.2",
-				"lightningcss-darwin-x64": "1.30.2",
-				"lightningcss-freebsd-x64": "1.30.2",
-				"lightningcss-linux-arm-gnueabihf": "1.30.2",
-				"lightningcss-linux-arm64-gnu": "1.30.2",
-				"lightningcss-linux-arm64-musl": "1.30.2",
-				"lightningcss-linux-x64-gnu": "1.30.2",
-				"lightningcss-linux-x64-musl": "1.30.2",
-				"lightningcss-win32-arm64-msvc": "1.30.2",
-				"lightningcss-win32-x64-msvc": "1.30.2"
+				"lightningcss-android-arm64": "1.31.1",
+				"lightningcss-darwin-arm64": "1.31.1",
+				"lightningcss-darwin-x64": "1.31.1",
+				"lightningcss-freebsd-x64": "1.31.1",
+				"lightningcss-linux-arm-gnueabihf": "1.31.1",
+				"lightningcss-linux-arm64-gnu": "1.31.1",
+				"lightningcss-linux-arm64-musl": "1.31.1",
+				"lightningcss-linux-x64-gnu": "1.31.1",
+				"lightningcss-linux-x64-musl": "1.31.1",
+				"lightningcss-win32-arm64-msvc": "1.31.1",
+				"lightningcss-win32-x64-msvc": "1.31.1"
 			}
 		},
 		"node_modules/lightningcss-android-arm64": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.30.2.tgz",
-			"integrity": "sha512-BH9sEdOCahSgmkVhBLeU7Hc9DWeZ1Eb6wNS6Da8igvUwAe0sqROHddIlvU06q3WyXVEOYDZ6ykBZQnjTbmo4+A==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.31.1.tgz",
+			"integrity": "sha512-HXJF3x8w9nQ4jbXRiNppBCqeZPIAfUo8zE/kOEGbW5NZvGc/K7nMxbhIr+YlFlHW5mpbg/YFPdbnCh1wAXCKFg==",
 			"cpu": [
 				"arm64"
 			],
@@ -1669,9 +1616,9 @@
 			}
 		},
 		"node_modules/lightningcss-darwin-arm64": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.30.2.tgz",
-			"integrity": "sha512-ylTcDJBN3Hp21TdhRT5zBOIi73P6/W0qwvlFEk22fkdXchtNTOU4Qc37SkzV+EKYxLouZ6M4LG9NfZ1qkhhBWA==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.31.1.tgz",
+			"integrity": "sha512-02uTEqf3vIfNMq3h/z2cJfcOXnQ0GRwQrkmPafhueLb2h7mqEidiCzkE4gBMEH65abHRiQvhdcQ+aP0D0g67sg==",
 			"cpu": [
 				"arm64"
 			],
@@ -1690,9 +1637,9 @@
 			}
 		},
 		"node_modules/lightningcss-darwin-x64": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.30.2.tgz",
-			"integrity": "sha512-oBZgKchomuDYxr7ilwLcyms6BCyLn0z8J0+ZZmfpjwg9fRVZIR5/GMXd7r9RH94iDhld3UmSjBM6nXWM2TfZTQ==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.31.1.tgz",
+			"integrity": "sha512-1ObhyoCY+tGxtsz1lSx5NXCj3nirk0Y0kB/g8B8DT+sSx4G9djitg9ejFnjb3gJNWo7qXH4DIy2SUHvpoFwfTA==",
 			"cpu": [
 				"x64"
 			],
@@ -1711,9 +1658,9 @@
 			}
 		},
 		"node_modules/lightningcss-freebsd-x64": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.30.2.tgz",
-			"integrity": "sha512-c2bH6xTrf4BDpK8MoGG4Bd6zAMZDAXS569UxCAGcA7IKbHNMlhGQ89eRmvpIUGfKWNVdbhSbkQaWhEoMGmGslA==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.31.1.tgz",
+			"integrity": "sha512-1RINmQKAItO6ISxYgPwszQE1BrsVU5aB45ho6O42mu96UiZBxEXsuQ7cJW4zs4CEodPUioj/QrXW1r9pLUM74A==",
 			"cpu": [
 				"x64"
 			],
@@ -1732,9 +1679,9 @@
 			}
 		},
 		"node_modules/lightningcss-linux-arm-gnueabihf": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.30.2.tgz",
-			"integrity": "sha512-eVdpxh4wYcm0PofJIZVuYuLiqBIakQ9uFZmipf6LF/HRj5Bgm0eb3qL/mr1smyXIS1twwOxNWndd8z0E374hiA==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.31.1.tgz",
+			"integrity": "sha512-OOCm2//MZJ87CdDK62rZIu+aw9gBv4azMJuA8/KB74wmfS3lnC4yoPHm0uXZ/dvNNHmnZnB8XLAZzObeG0nS1g==",
 			"cpu": [
 				"arm"
 			],
@@ -1753,9 +1700,9 @@
 			}
 		},
 		"node_modules/lightningcss-linux-arm64-gnu": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.30.2.tgz",
-			"integrity": "sha512-UK65WJAbwIJbiBFXpxrbTNArtfuznvxAJw4Q2ZGlU8kPeDIWEX1dg3rn2veBVUylA2Ezg89ktszWbaQnxD/e3A==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.31.1.tgz",
+			"integrity": "sha512-WKyLWztD71rTnou4xAD5kQT+982wvca7E6QoLpoawZ1gP9JM0GJj4Tp5jMUh9B3AitHbRZ2/H3W5xQmdEOUlLg==",
 			"cpu": [
 				"arm64"
 			],
@@ -1774,9 +1721,9 @@
 			}
 		},
 		"node_modules/lightningcss-linux-arm64-musl": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.30.2.tgz",
-			"integrity": "sha512-5Vh9dGeblpTxWHpOx8iauV02popZDsCYMPIgiuw97OJ5uaDsL86cnqSFs5LZkG3ghHoX5isLgWzMs+eD1YzrnA==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.31.1.tgz",
+			"integrity": "sha512-mVZ7Pg2zIbe3XlNbZJdjs86YViQFoJSpc41CbVmKBPiGmC4YrfeOyz65ms2qpAobVd7WQsbW4PdsSJEMymyIMg==",
 			"cpu": [
 				"arm64"
 			],
@@ -1795,9 +1742,9 @@
 			}
 		},
 		"node_modules/lightningcss-linux-x64-gnu": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.30.2.tgz",
-			"integrity": "sha512-Cfd46gdmj1vQ+lR6VRTTadNHu6ALuw2pKR9lYq4FnhvgBc4zWY1EtZcAc6EffShbb1MFrIPfLDXD6Xprbnni4w==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.31.1.tgz",
+			"integrity": "sha512-xGlFWRMl+0KvUhgySdIaReQdB4FNudfUTARn7q0hh/V67PVGCs3ADFjw+6++kG1RNd0zdGRlEKa+T13/tQjPMA==",
 			"cpu": [
 				"x64"
 			],
@@ -1816,9 +1763,9 @@
 			}
 		},
 		"node_modules/lightningcss-linux-x64-musl": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.30.2.tgz",
-			"integrity": "sha512-XJaLUUFXb6/QG2lGIW6aIk6jKdtjtcffUT0NKvIqhSBY3hh9Ch+1LCeH80dR9q9LBjG3ewbDjnumefsLsP6aiA==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.31.1.tgz",
+			"integrity": "sha512-eowF8PrKHw9LpoZii5tdZwnBcYDxRw2rRCyvAXLi34iyeYfqCQNA9rmUM0ce62NlPhCvof1+9ivRaTY6pSKDaA==",
 			"cpu": [
 				"x64"
 			],
@@ -1837,9 +1784,9 @@
 			}
 		},
 		"node_modules/lightningcss-win32-arm64-msvc": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.30.2.tgz",
-			"integrity": "sha512-FZn+vaj7zLv//D/192WFFVA0RgHawIcHqLX9xuWiQt7P0PtdFEVaxgF9rjM/IRYHQXNnk61/H/gb2Ei+kUQ4xQ==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.31.1.tgz",
+			"integrity": "sha512-aJReEbSEQzx1uBlQizAOBSjcmr9dCdL3XuC/6HLXAxmtErsj2ICo5yYggg1qOODQMtnjNQv2UHb9NpOuFtYe4w==",
 			"cpu": [
 				"arm64"
 			],
@@ -1858,9 +1805,9 @@
 			}
 		},
 		"node_modules/lightningcss-win32-x64-msvc": {
-			"version": "1.30.2",
-			"resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.30.2.tgz",
-			"integrity": "sha512-5g1yc73p+iAkid5phb4oVFMB45417DkRevRbt/El/gKXJk4jid+vPFF/AXbxn05Aky8PapwzZrdJShv5C0avjw==",
+			"version": "1.31.1",
+			"resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.31.1.tgz",
+			"integrity": "sha512-I9aiFrbd7oYHwlnQDqr1Roz+fTz61oDDJX7n9tYF9FJymH1cIN1DtKw3iYt6b8WZgEjoNwVSncwF4wx/ZedMhw==",
 			"cpu": [
 				"x64"
 			],
@@ -1896,9 +1843,9 @@
 			}
 		},
 		"node_modules/marked": {
-			"version": "17.0.1",
-			"resolved": "https://registry.npmjs.org/marked/-/marked-17.0.1.tgz",
-			"integrity": "sha512-boeBdiS0ghpWcSwoNm/jJBwdpFaMnZWRzjA6SkUMYb40SVaN1x7mmfGKp0jvexGcx+7y2La5zRZsYFZI6Qpypg==",
+			"version": "17.0.4",
+			"resolved": "https://registry.npmjs.org/marked/-/marked-17.0.4.tgz",
+			"integrity": "sha512-NOmVMM+KAokHMvjWmC5N/ZOvgmSWuqJB8FoYI019j4ogb/PeRMKoKIjReZ2w3376kkA8dSJIP8uD993Kxc0iRQ==",
 			"license": "MIT",
 			"bin": {
 				"marked": "bin/marked.js"
@@ -2068,9 +2015,9 @@
 			}
 		},
 		"node_modules/rollup": {
-			"version": "4.57.1",
-			"resolved": "https://registry.npmjs.org/rollup/-/rollup-4.57.1.tgz",
-			"integrity": "sha512-oQL6lgK3e2QZeQ7gcgIkS2YZPg5slw37hYufJ3edKlfQSGGm8ICoxswK15ntSzF/a8+h7ekRy7k7oWc3BQ7y8A==",
+			"version": "4.59.0",
+			"resolved": "https://registry.npmjs.org/rollup/-/rollup-4.59.0.tgz",
+			"integrity": "sha512-2oMpl67a3zCH9H79LeMcbDhXW/UmWG/y2zuqnF2jQq5uq9TbM9TVyXvA4+t+ne2IIkBdrLpAaRQAvo7YI/Yyeg==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -2084,31 +2031,31 @@
 				"npm": ">=8.0.0"
 			},
 			"optionalDependencies": {
-				"@rollup/rollup-android-arm-eabi": "4.57.1",
-				"@rollup/rollup-android-arm64": "4.57.1",
-				"@rollup/rollup-darwin-arm64": "4.57.1",
-				"@rollup/rollup-darwin-x64": "4.57.1",
-				"@rollup/rollup-freebsd-arm64": "4.57.1",
-				"@rollup/rollup-freebsd-x64": "4.57.1",
-				"@rollup/rollup-linux-arm-gnueabihf": "4.57.1",
-				"@rollup/rollup-linux-arm-musleabihf": "4.57.1",
-				"@rollup/rollup-linux-arm64-gnu": "4.57.1",
-				"@rollup/rollup-linux-arm64-musl": "4.57.1",
-				"@rollup/rollup-linux-loong64-gnu": "4.57.1",
-				"@rollup/rollup-linux-loong64-musl": "4.57.1",
-				"@rollup/rollup-linux-ppc64-gnu": "4.57.1",
-				"@rollup/rollup-linux-ppc64-musl": "4.57.1",
-				"@rollup/rollup-linux-riscv64-gnu": "4.57.1",
-				"@rollup/rollup-linux-riscv64-musl": "4.57.1",
-				"@rollup/rollup-linux-s390x-gnu": "4.57.1",
-				"@rollup/rollup-linux-x64-gnu": "4.57.1",
-				"@rollup/rollup-linux-x64-musl": "4.57.1",
-				"@rollup/rollup-openbsd-x64": "4.57.1",
-				"@rollup/rollup-openharmony-arm64": "4.57.1",
-				"@rollup/rollup-win32-arm64-msvc": "4.57.1",
-				"@rollup/rollup-win32-ia32-msvc": "4.57.1",
-				"@rollup/rollup-win32-x64-gnu": "4.57.1",
-				"@rollup/rollup-win32-x64-msvc": "4.57.1",
+				"@rollup/rollup-android-arm-eabi": "4.59.0",
+				"@rollup/rollup-android-arm64": "4.59.0",
+				"@rollup/rollup-darwin-arm64": "4.59.0",
+				"@rollup/rollup-darwin-x64": "4.59.0",
+				"@rollup/rollup-freebsd-arm64": "4.59.0",
+				"@rollup/rollup-freebsd-x64": "4.59.0",
+				"@rollup/rollup-linux-arm-gnueabihf": "4.59.0",
+				"@rollup/rollup-linux-arm-musleabihf": "4.59.0",
+				"@rollup/rollup-linux-arm64-gnu": "4.59.0",
+				"@rollup/rollup-linux-arm64-musl": "4.59.0",
+				"@rollup/rollup-linux-loong64-gnu": "4.59.0",
+				"@rollup/rollup-linux-loong64-musl": "4.59.0",
+				"@rollup/rollup-linux-ppc64-gnu": "4.59.0",
+				"@rollup/rollup-linux-ppc64-musl": "4.59.0",
+				"@rollup/rollup-linux-riscv64-gnu": "4.59.0",
+				"@rollup/rollup-linux-riscv64-musl": "4.59.0",
+				"@rollup/rollup-linux-s390x-gnu": "4.59.0",
+				"@rollup/rollup-linux-x64-gnu": "4.59.0",
+				"@rollup/rollup-linux-x64-musl": "4.59.0",
+				"@rollup/rollup-openbsd-x64": "4.59.0",
+				"@rollup/rollup-openharmony-arm64": "4.59.0",
+				"@rollup/rollup-win32-arm64-msvc": "4.59.0",
+				"@rollup/rollup-win32-ia32-msvc": "4.59.0",
+				"@rollup/rollup-win32-x64-gnu": "4.59.0",
+				"@rollup/rollup-win32-x64-msvc": "4.59.0",
 				"fsevents": "~2.3.2"
 			}
 		},
@@ -2158,9 +2105,9 @@
 			}
 		},
 		"node_modules/svelte": {
-			"version": "5.49.2",
-			"resolved": "https://registry.npmjs.org/svelte/-/svelte-5.49.2.tgz",
-			"integrity": "sha512-PYLwnngYzyhKzqDlGVlCH4z+NVI8mC0/bTv15vw25CcdOhxENsOHIbQ36oj5DIf3oBazM+STbCAvaskpxtBmWA==",
+			"version": "5.53.7",
+			"resolved": "https://registry.npmjs.org/svelte/-/svelte-5.53.7.tgz",
+			"integrity": "sha512-uxck1KI7JWtlfP3H6HOWi/94soAl23jsGJkBzN2BAWcQng0+lTrRNhxActFqORgnO9BHVd1hKJhG+ljRuIUWfQ==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -2168,11 +2115,12 @@
 				"@jridgewell/sourcemap-codec": "^1.5.0",
 				"@sveltejs/acorn-typescript": "^1.0.5",
 				"@types/estree": "^1.0.5",
+				"@types/trusted-types": "^2.0.7",
 				"acorn": "^8.12.1",
-				"aria-query": "^5.3.1",
+				"aria-query": "5.3.1",
 				"axobject-query": "^4.1.0",
 				"clsx": "^2.1.1",
-				"devalue": "^5.6.2",
+				"devalue": "^5.6.3",
 				"esm-env": "^1.2.1",
 				"esrap": "^2.2.2",
 				"is-reference": "^3.0.3",
@@ -2185,9 +2133,9 @@
 			}
 		},
 		"node_modules/svelte-check": {
-			"version": "4.3.6",
-			"resolved": "https://registry.npmjs.org/svelte-check/-/svelte-check-4.3.6.tgz",
-			"integrity": "sha512-uBkz96ElE3G4pt9E1Tw0xvBfIUQkeH794kDQZdAUk795UVMr+NJZpuFSS62vcmO/DuSalK83LyOwhgWq8YGU1Q==",
+			"version": "4.4.5",
+			"resolved": "https://registry.npmjs.org/svelte-check/-/svelte-check-4.4.5.tgz",
+			"integrity": "sha512-1bSwIRCvvmSHrlK52fOlZmVtUZgil43jNL/2H18pRpa+eQjzGt6e3zayxhp1S7GajPFKNM/2PMCG+DZFHlG9fw==",
 			"dev": true,
 			"license": "MIT",
 			"dependencies": {
@@ -2209,9 +2157,9 @@
 			}
 		},
 		"node_modules/tailwindcss": {
-			"version": "4.1.18",
-			"resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.18.tgz",
-			"integrity": "sha512-4+Z+0yiYyEtUVCScyfHCxOYP06L5Ne+JiHhY2IjR2KWMIWhJOYZKLSGZaP5HkZ8+bY0cxfzwDE5uOmzFXyIwxw==",
+			"version": "4.2.1",
+			"resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.2.1.tgz",
+			"integrity": "sha512-/tBrSQ36vCleJkAOsy9kbNTgaxvGbyOamC30PRePTQe/o1MFwEKHQk4Cn7BNGaPtjp+PuUrByJehM1hgxfq4sw==",
 			"dev": true,
 			"license": "MIT"
 		},
diff --git a/web/package.json b/web/package.json
index f5662ae2..1076cf77 100644
--- a/web/package.json
+++ b/web/package.json
@@ -17,19 +17,19 @@
 	"devDependencies": {
 		"@playwright/test": "^1.58.2",
 		"@sveltejs/adapter-static": "^3.0.0",
-		"@sveltejs/kit": "^2.52.2",
+		"@sveltejs/kit": "^2.53.4",
 		"@sveltejs/vite-plugin-svelte": "^6.2.4",
-		"@tailwindcss/vite": "^4.0.0",
-		"svelte": "^5.48.2",
-		"svelte-check": "^4.3.5",
-		"tailwindcss": "^4.0.0",
+		"@tailwindcss/vite": "^4.2.1",
+		"svelte": "^5.53.7",
+		"svelte-check": "^4.4.5",
+		"tailwindcss": "^4.2.1",
 		"typescript": "^5.9.3",
 		"vite": "^7.3.1"
 	},
 	"dependencies": {
 		"@opensession/ui": "file:../packages/ui",
 		"highlight.js": "^11.11.1",
-		"marked": "^17.0.1"
+		"marked": "^17.0.4"
 	},
 	"overrides": {
 		"cookie": "^0.7.0"
diff --git a/web/src/routes/register/+page.svelte b/web/src/routes/register/+page.svelte
index d6f82a19..9fb448e2 100644
--- a/web/src/routes/register/+page.svelte
+++ b/web/src/routes/register/+page.svelte
@@ -1,10 +1,13 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
 	import { onMount } from 'svelte';
+	import { appLocale } from '@opensession/ui';
 
 	onMount(() => {
 		void goto('/login', { replaceState: true });
 	});
 </script>
 
-<div class="py-16 text-center text-xs text-text-muted">Redirecting to login...</div>
+<div class="py-16 text-center text-xs text-text-muted">
+	{$appLocale === 'ko' ? '로그인으로 이동하는 중...' : 'Redirecting to login...'}
+</div>
diff --git a/web/src/routes/src/[provider]/[...segments]/+page.svelte b/web/src/routes/src/[provider]/[...segments]/+page.svelte
index 001054a8..603751ba 100644
--- a/web/src/routes/src/[provider]/[...segments]/+page.svelte
+++ b/web/src/routes/src/[provider]/[...segments]/+page.svelte
@@ -3,6 +3,7 @@ import { goto } from '$app/navigation';
 import { page } from '$app/stores';
 import { untrack } from 'svelte';
 import {
+	appLocale,
 	buildNativeFilterOptions,
 	buildUnifiedFilterOptions,
 	createSourcePreviewModel,
@@ -58,13 +59,19 @@ $effect(() => {
 		});
 	});
 });
+
+const isKorean = $derived($appLocale === 'ko');
+
+function localize(en: string, ko: string): string {
+	return isKorean ? ko : en;
+}
 </script>
 
 {#if state.pageState === 'loading' || state.pageState === 'idle'}
-	<div class="py-16 text-center text-xs text-text-muted">Loading source preview...</div>
+	<div class="py-16 text-center text-xs text-text-muted">{localize('Loading source preview...', '소스 미리보기를 불러오는 중...')}</div>
 {:else if state.pageState === 'unsupported'}
 	<div class="mx-auto max-w-3xl border border-border bg-bg-secondary p-6 text-sm text-text-secondary">
-		This deployment does not support source parse preview.
+		{localize('This deployment does not support source parse preview.', '이 배포 환경에서는 소스 파싱 미리보기를 지원하지 않습니다.')}
 	</div>
 {:else if state.pageState === 'select_parser'}
 	<div class="mx-auto max-w-3xl space-y-3">
@@ -82,7 +89,7 @@ $effect(() => {
 	</div>
 {:else if state.pageState === 'error'}
 	<div class="mx-auto max-w-3xl border border-error/30 bg-error/10 px-4 py-3 text-sm text-error">
-		{state.errorMessage ?? 'Failed to load source.'}
+		{state.errorMessage ?? localize('Failed to load source.', '소스를 불러오지 못했습니다.')}
 	</div>
 {:else if state.preview && state.currentRoute}
 	<div class="space-y-3">
@@ -102,5 +109,5 @@ $effect(() => {
 		/>
 	</div>
 {:else}
-	<div class="py-16 text-center text-xs text-text-muted">No preview data.</div>
+	<div class="py-16 text-center text-xs text-text-muted">{localize('No preview data.', '미리보기 데이터가 없습니다.')}</div>
 {/if}

From 5297b09fbf250feb50bce4986f4e2148e41eb347 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 16:39:14 +0900
Subject: [PATCH 23/30] Disable daemon doctests

---
 crates/daemon/Cargo.toml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/crates/daemon/Cargo.toml b/crates/daemon/Cargo.toml
index 1ebcdba7..0327275a 100644
--- a/crates/daemon/Cargo.toml
+++ b/crates/daemon/Cargo.toml
@@ -12,6 +12,9 @@ keywords = ["ai", "session", "daemon", "opensession"]
 categories = ["command-line-utilities", "development-tools"]
 include = ["src/**/*.rs", "Cargo.toml", "LICENSE", "README.md"]
 
+[lib]
+doctest = false
+
 [lints]
 workspace = true
 

From 85f5674d6c4b64645f49abf9eb0983a747422811 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 19:07:09 +0900
Subject: [PATCH 24/30] Fix review session filtering and shift CI local

---
 .githooks/pre-commit                          |   2 +
 .github/workflows/ci.yml                      |  12 +-
 crates/cli/src/review.rs                      |   4 +
 crates/cli/src/setup_cmd/branch_sync.rs       |   7 +-
 crates/cli/src/share.rs                       |  10 +-
 .../cleanup/github-session-review.yml.tmpl    |  17 +-
 .../cleanup/gitlab-session-review.yml.tmpl    |  16 +-
 crates/cli/src/url_opener.rs                  |  10 +-
 crates/cli/tests/handoff_cli.rs               |  77 ++++-
 crates/cli/tests/handoff_cli/review_cli.rs    |  31 ++
 crates/cli/tests/handoff_cli/setup_cli.rs     |  53 +++
 scripts/check-session-review-workflow.mjs     |  36 +-
 scripts/pr_session_report.mjs                 | 312 +++++++++++++-----
 scripts/tests/pr-session-report.test.mjs      |  70 ++++
 14 files changed, 537 insertions(+), 120 deletions(-)
 create mode 100644 scripts/tests/pr-session-report.test.mjs

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index b19f7f36..50b7ee9b 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -67,6 +67,8 @@ fi
 run_node_check "desktop build preflight" scripts/validate/desktop-build-preflight.mjs --mode local
 run_node_check "content contract check" scripts/verify-content-contract.mjs --check
 run_node_check "session-review workflow check" scripts/check-session-review-workflow.mjs
+echo "Running session-review report unit tests..."
+run_mise node --test scripts/tests/pr-session-report.test.mjs
 run_node_check "publishable dependency check" scripts/check-publishable-deps.mjs
 run_node_check "rust artifact guardrail check" scripts/check-rust-artifact-guardrails.mjs
 run_node_check "validation hook guardrail check" scripts/check-validation-hooks.mjs
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e36f0950..15b0a2f9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -70,7 +70,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -88,7 +88,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -114,7 +114,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -133,7 +133,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -156,6 +156,7 @@ jobs:
 
   api-e2e-server:
     name: API E2E Server (${{ matrix.os }})
+    if: github.event_name != 'pull_request'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30
     strategy:
@@ -211,6 +212,7 @@ jobs:
 
   worker-web-live-e2e:
     name: Worker + Web Live E2E (${{ matrix.os }})
+    if: github.event_name != 'pull_request'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 45
     strategy:
@@ -334,6 +336,7 @@ jobs:
 
   desktop-e2e:
     name: Desktop E2E (${{ matrix.os }})
+    if: github.event_name != 'pull_request'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 30
     strategy:
@@ -366,6 +369,7 @@ jobs:
 
   desktop-bundle-verify:
     name: Desktop Bundle Verify (${{ matrix.os }})
+    if: github.event_name != 'pull_request'
     runs-on: ${{ matrix.os }}
     timeout-minutes: 45
     strategy:
diff --git a/crates/cli/src/review.rs b/crates/cli/src/review.rs
index 9dac8e08..071c4ea9 100644
--- a/crates/cli/src/review.rs
+++ b/crates/cli/src/review.rs
@@ -6,6 +6,7 @@ use opensession_api::{
     LocalReviewReviewerDigest, LocalReviewReviewerQa, LocalReviewSemanticSummary,
     LocalReviewSession,
 };
+use opensession_core::session::is_auxiliary_session;
 use opensession_core::{ContentBlock, EventType, Session};
 use opensession_runtime_config::SummarySettings;
 use opensession_summary::SemanticSummaryArtifact;
@@ -772,6 +773,9 @@ async fn build_review_bundle(input: BuildReviewBundleInput<'_>) -> Result<LocalR
                             index_entry.hail_path
                         )
                     })?;
+                    if is_auxiliary_session(&session) {
+                        continue;
+                    }
                     session_rows.push(LocalReviewSession {
                         session_id: index_entry.session_id.clone(),
                         ledger_ref: ledger_ref.clone(),
diff --git a/crates/cli/src/setup_cmd/branch_sync.rs b/crates/cli/src/setup_cmd/branch_sync.rs
index 0aceffa2..dbef16fd 100644
--- a/crates/cli/src/setup_cmd/branch_sync.rs
+++ b/crates/cli/src/setup_cmd/branch_sync.rs
@@ -2,7 +2,9 @@ use super::{COMMIT_HINT_GRACE_SECONDS, SYNC_BRANCH_COMMITS_MAX, SYNC_MAX_CANDIDA
 use anyhow::{Context, Result};
 use opensession_core::Session;
 use opensession_core::sanitize::{SanitizeConfig, sanitize_session};
-use opensession_core::session::{GitMeta, build_git_storage_meta_json_with_git, working_directory};
+use opensession_core::session::{
+    GitMeta, build_git_storage_meta_json_with_git, is_auxiliary_session, working_directory,
+};
 use opensession_git_native::{NativeGitStorage, extract_git_context};
 use opensession_parser_discovery::discover_sessions;
 use opensession_parsers::ParserRegistry;
@@ -252,6 +254,9 @@ pub(super) fn sync_branch_session_to_hidden_ledger(
         if !same_repo_root(repo_root, &session_repo) {
             continue;
         }
+        if is_auxiliary_session(&session) {
+            continue;
+        }
 
         if config
             .privacy
diff --git a/crates/cli/src/share.rs b/crates/cli/src/share.rs
index e123c4fb..88fef8ea 100644
--- a/crates/cli/src/share.rs
+++ b/crates/cli/src/share.rs
@@ -675,7 +675,15 @@ fn try_copy_to_clipboard(value: &str) -> Result<()> {
         }
     }
 
-    bail!("clipboard copy is unavailable on this platform")
+    #[cfg(any(target_os = "macos", target_os = "windows"))]
+    {
+        bail!("clipboard copy is unavailable on this platform");
+    }
+
+    #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "windows")))]
+    {
+        bail!("clipboard copy is unavailable on this platform");
+    }
 }
 
 fn try_clipboard_command(program: &str, args: &[&str], value: &str) -> Result<bool> {
diff --git a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
index f5b2a8b5..5f0ad43e 100644
--- a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
+++ b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
@@ -70,17 +70,22 @@ PY
             const lines = [
               marker,
               '### OpenSession Session Artifact',
-              `- Ledger ref: \`${ledgerRef}\``,
-              `- Artifact branch: \`${artifactBranch}\``,
-              `- Artifact branch link: [open](${branchUrl})`,
+              '',
+              '| Metric | Value |',
+              '| --- | --- |',
+              `| Ledger ref | \`${ledgerRef}\` |`,
+              `| Artifact branch | [\`${artifactBranch}\`](${branchUrl}) |`,
             ];
 
             if (!hasLedger) {
-              lines.push('- Status: hidden ledger ref not found yet (no tracked sessions pushed).');
+              lines.push('| Status | waiting for first tracked session push |');
+              lines.push('| Next action | Push at least one tracked session, then rerun the session-review workflow. |');
             } else if (!pushOk) {
-              lines.push('- Status: ledger found, but failed to push artifact branch (check workflow write permissions).');
+              lines.push('| Status | ledger found, but artifact publish failed |');
+              lines.push('| Next action | Check workflow write permissions for `contents: write`. |');
             } else {
-              lines.push('- Status: artifact branch updated.');
+              lines.push('| Status | artifact branch updated |');
+              lines.push('| Next action | Open the artifact branch or run the full session-review workflow for digest output. |');
             }
 
             const body = `${lines.join('\n')}\n`;
diff --git a/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl b/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
index 4f4b69e6..7a191900 100644
--- a/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
+++ b/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
@@ -35,20 +35,24 @@ PY
 
       body="<!-- opensession-auto-session-review -->
 ### OpenSession Session Artifact
-- Ledger ref: \\`${ledger_ref}\\`
-- Artifact branch: \\`${artifact_branch}\\`
-- Artifact branch link: ${CI_PROJECT_URL}/-/tree/${artifact_branch}
+| Metric | Value |
+| --- | --- |
+| Ledger ref | \\`${ledger_ref}\\` |
+| Artifact branch | ${CI_PROJECT_URL}/-/tree/${artifact_branch} |
 "
 
       if [ "$has_ledger" -ne 1 ]; then
         body="${body}
-- Status: hidden ledger ref not found yet (no tracked sessions pushed)."
+| Status | waiting for first tracked session push |
+| Next action | Push at least one tracked session, then rerun the session-review pipeline. |"
       elif [ "$push_ok" -ne 1 ]; then
         body="${body}
-- Status: ledger found, but failed to push artifact branch (check runner push permissions)."
+| Status | ledger found, but artifact publish failed |
+| Next action | Check runner push permissions for artifact branch updates. |"
       else
         body="${body}
-- Status: artifact branch updated."
+| Status | artifact branch updated |
+| Next action | Open the artifact branch or run the full session-review pipeline for digest output. |"
       fi
 
       notes_api="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}/notes"
diff --git a/crates/cli/src/url_opener.rs b/crates/cli/src/url_opener.rs
index 4ea10cd7..8122145c 100644
--- a/crates/cli/src/url_opener.rs
+++ b/crates/cli/src/url_opener.rs
@@ -133,7 +133,15 @@ impl UrlAdapter for SystemBrowserAdapter {
             }
         }
 
-        bail!("failed to open browser automatically")
+        #[cfg(any(target_os = "macos", target_os = "windows"))]
+        {
+            bail!("failed to open browser automatically");
+        }
+
+        #[cfg(not(any(target_os = "linux", target_os = "macos", target_os = "windows")))]
+        {
+            bail!("failed to open browser automatically");
+        }
     }
 }
 
diff --git a/crates/cli/tests/handoff_cli.rs b/crates/cli/tests/handoff_cli.rs
index a210d9c1..45832ae9 100644
--- a/crates/cli/tests/handoff_cli.rs
+++ b/crates/cli/tests/handoff_cli.rs
@@ -103,6 +103,42 @@ fn make_hail_jsonl_with_cwd(session_id: &str, cwd: &Path) -> String {
     session.to_jsonl().expect("to jsonl")
 }
 
+fn make_auxiliary_hail_jsonl_with_cwd(session_id: &str, cwd: &Path, parent_id: &str) -> String {
+    let mut session = Session::new(
+        session_id.to_string(),
+        Agent {
+            provider: "openai".to_string(),
+            model: "gpt-5".to_string(),
+            tool: "codex".to_string(),
+            tool_version: None,
+        },
+    );
+    session.context.title = Some("auxiliary helper".to_string());
+    session
+        .context
+        .related_session_ids
+        .push(parent_id.to_string());
+    session
+        .context
+        .attributes
+        .insert("cwd".to_string(), Value::String(cwd.display().to_string()));
+    session.context.attributes.insert(
+        "session_role".to_string(),
+        Value::String("auxiliary".to_string()),
+    );
+    session.events.push(Event {
+        event_id: "e1".to_string(),
+        timestamp: chrono::Utc::now(),
+        event_type: EventType::AgentMessage,
+        task_id: None,
+        content: Content::text("helper output"),
+        duration_ms: None,
+        attributes: Default::default(),
+    });
+    session.recompute_stats();
+    session.to_jsonl().expect("to jsonl")
+}
+
 fn make_hail_jsonl_with_cwd_and_window(
     session_id: &str,
     cwd: &Path,
@@ -145,9 +181,10 @@ fn first_non_empty_line(output: &[u8]) -> String {
         .to_string()
 }
 
-fn setup_review_fixture(
+fn setup_review_fixture_with_options(
     tmp: &tempfile::TempDir,
     fetch_hidden_refs: bool,
+    include_auxiliary: bool,
 ) -> (std::path::PathBuf, String) {
     let author = tmp.path().join("author");
     let reviewer = tmp.path().join("reviewer");
@@ -194,6 +231,30 @@ fn setup_review_fixture(
             std::slice::from_ref(&feature_sha),
         )
         .expect("store session in hidden ledger");
+    if include_auxiliary {
+        let auxiliary_body =
+            make_auxiliary_hail_jsonl_with_cwd("s-review-aux", &author, "s-review");
+        let auxiliary_meta = serde_json::json!({
+            "schema_version": 2,
+            "session_id": "s-review-aux",
+            "session_role": "auxiliary",
+            "title": "auxiliary helper",
+            "tool": "codex",
+            "stats": { "files_changed": 0 },
+            "git": { "commits": [feature_sha.clone()] }
+        })
+        .to_string();
+        storage
+            .store_session_at_ref(
+                &author,
+                &ledger_ref,
+                "s-review-aux",
+                auxiliary_body.as_bytes(),
+                auxiliary_meta.as_bytes(),
+                std::slice::from_ref(&feature_sha),
+            )
+            .expect("store auxiliary session in hidden ledger");
+    }
 
     run_git(
         &author,
@@ -247,6 +308,20 @@ fn setup_review_fixture(
     )
 }
 
+fn setup_review_fixture(
+    tmp: &tempfile::TempDir,
+    fetch_hidden_refs: bool,
+) -> (std::path::PathBuf, String) {
+    setup_review_fixture_with_options(tmp, fetch_hidden_refs, false)
+}
+
+fn setup_review_fixture_with_auxiliary(
+    tmp: &tempfile::TempDir,
+    fetch_hidden_refs: bool,
+) -> (std::path::PathBuf, String) {
+    setup_review_fixture_with_options(tmp, fetch_hidden_refs, true)
+}
+
 #[path = "handoff_cli/cleanup_cli.rs"]
 mod cleanup_cli;
 #[path = "handoff_cli/handoff_cases.rs"]
diff --git a/crates/cli/tests/handoff_cli/review_cli.rs b/crates/cli/tests/handoff_cli/review_cli.rs
index a9c8e4c1..7a152fc3 100644
--- a/crates/cli/tests/handoff_cli/review_cli.rs
+++ b/crates/cli/tests/handoff_cli/review_cli.rs
@@ -97,3 +97,34 @@ fn review_no_fetch_succeeds_with_empty_session_groups_when_hidden_refs_missing()
         "expected semantic summary even when mapped sessions are absent"
     );
 }
+
+#[test]
+fn review_json_ignores_auxiliary_hidden_ref_sessions() {
+    let tmp = make_home();
+    let (reviewer_repo, pr_link) = setup_review_fixture_with_auxiliary(&tmp, true);
+
+    let out = run(
+        tmp.path(),
+        &reviewer_repo,
+        &["review", &pr_link, "--json", "--no-fetch"],
+    );
+    assert!(
+        out.status.success(),
+        "review failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("review json payload");
+    assert_eq!(payload["session_count"].as_u64().unwrap_or(0), 1);
+
+    let bundle_path = payload["bundle_path"]
+        .as_str()
+        .expect("bundle path in payload");
+    let bundle_raw = fs::read(bundle_path).expect("read review bundle");
+    let bundle_json: Value = serde_json::from_slice(&bundle_raw).expect("bundle json");
+    let session_ids = bundle_json["commits"][0]["session_ids"]
+        .as_array()
+        .expect("session ids");
+    assert_eq!(session_ids.len(), 1);
+    assert_eq!(session_ids[0].as_str().unwrap_or_default(), "s-review");
+}
diff --git a/crates/cli/tests/handoff_cli/setup_cli.rs b/crates/cli/tests/handoff_cli/setup_cli.rs
index d326252d..a7cb2476 100644
--- a/crates/cli/tests/handoff_cli/setup_cli.rs
+++ b/crates/cli/tests/handoff_cli/setup_cli.rs
@@ -329,3 +329,56 @@ fn setup_sync_branch_session_maps_single_session_to_multiple_commits() {
         ],
     );
 }
+
+#[test]
+fn setup_sync_branch_session_skips_auxiliary_sessions() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    init_git_repo(&repo);
+
+    let head_sha = first_non_empty_line(&run_git(&repo, &["rev-parse", "HEAD"]).stdout);
+    let session_path = tmp
+        .path()
+        .join(".codex")
+        .join("sessions")
+        .join("2026")
+        .join("02")
+        .join("26")
+        .join("rollout-2026-02-26T00-00-00-sync-session-aux.jsonl");
+    write_file(
+        &session_path,
+        &make_auxiliary_hail_jsonl_with_cwd("sync-session-aux", &repo, "parent-session"),
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "setup",
+            "--sync-branch-session",
+            "main",
+            "--sync-branch-commit",
+            &head_sha,
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "sync branch session failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let ledger_ref = opensession_git_native::branch_ledger_ref("main");
+    let verify = Command::new("git")
+        .arg("-C")
+        .arg(&repo)
+        .arg("show-ref")
+        .arg("--verify")
+        .arg("--quiet")
+        .arg(&ledger_ref)
+        .output()
+        .expect("verify ledger ref absence");
+    assert!(
+        !verify.status.success(),
+        "auxiliary sessions should not create a hidden ledger ref"
+    );
+}
diff --git a/scripts/check-session-review-workflow.mjs b/scripts/check-session-review-workflow.mjs
index 9847367f..c2580234 100644
--- a/scripts/check-session-review-workflow.mjs
+++ b/scripts/check-session-review-workflow.mjs
@@ -43,17 +43,20 @@ function main() {
   if (!reportScript.includes("'<!-- opensession-session-review-final -->'")) {
     fail('Final marker is missing in scripts/pr_session_report.mjs.');
   }
-  if (!reportScript.includes('Quick links: [Files changed]')) {
+  if (!reportScript.includes('| Metric | Value |')) {
+    fail('Report must include an overview metric table.');
+  }
+  if (!reportScript.includes('Files changed](') || !reportScript.includes('Commits](')) {
     fail('Report must include PR quick links to files/commits.');
   }
-  if (!reportScript.includes('Local review: [Open in UI]')) {
+  if (!reportScript.includes('Open in UI') || !reportScript.includes('ops review')) {
     fail('Report must include local review deep-link.');
   }
-  if (!reportScript.includes('Artifact branch:')) {
+  if (!reportScript.includes('Artifact branch |')) {
     fail('Report must include artifact branch summary link.');
   }
-  if (!reportScript.includes('| Session ID | Commits | Open | OpenSession | JSONL | Meta |')) {
-    fail('Report must include Open/OpenSession/JSONL/Meta columns for per-session navigation.');
+  if (!reportScript.includes('| Session ID | Tool | Files | Commits | Open | OpenSession | JSONL | Meta | Title |')) {
+    fail('Report must include session metadata columns for per-session navigation.');
   }
   if (!reportScript.includes('opensessionSourceLink(')) {
     fail('Report must build opensession.io source links for web review.');
@@ -76,24 +79,33 @@ function main() {
   if (!reportScript.includes('tryRunRaw(`git show ${ledgerRef}:${session.hail_path}`)')) {
     fail('Report script must read hail artifact payload via raw git show path.');
   }
-  if (!reportScript.includes('#### Commit trail')) {
+  if (!reportScript.includes('Commit trail (')) {
     fail('Report must include commit trail for direct change navigation.');
   }
   if (!reportScript.includes('#### Reviewer Quick Digest')) {
     fail('Report must include Reviewer Quick Digest block for high-signal review context.');
   }
-  if (!reportScript.includes('Q&A excerpts:')) {
-    fail('Report must summarize interactive Q&A excerpts.');
+  if (!reportScript.includes('| Q&A | Areas | Files | Tests | Sessions / Commit |')) {
+    fail('Report must summarize review KPIs in a digest table.');
+  }
+  if (!reportScript.includes('#### Area Summary')) {
+    fail('Report must summarize changed areas.');
   }
-  if (!reportScript.includes('Added/updated test files:')) {
-    fail('Report must summarize added/updated test file coverage.');
+  if (!reportScript.includes('| Session | Commit | Question | Answer |')) {
+    fail('Report must render Q&A digest with session and commit context.');
   }
-  if (!reportScript.includes('| Question | Answer |')) {
-    fail('Report must render Q&A digest as a question/answer table.');
+  if (!reportScript.includes('primary only (auxiliary filtered)')) {
+    fail('Report must describe primary-session filtering.');
+  }
+  if (!reportScript.includes('<details>')) {
+    fail('Report must use collapsible detail sections for long lists.');
   }
   if (!reportScript.includes('collectQaDigestFromSessions')) {
     fail('Report script must derive Q&A digest rows from session payloads.');
   }
+  if (!reportScript.includes('collectAreaSummary')) {
+    fail('Report script must derive area summary rows from changed files.');
+  }
   if (!reportScript.includes('Updated at (UTC)')) {
     fail('Report must include update timestamp for per-run freshness.');
   }
diff --git a/scripts/pr_session_report.mjs b/scripts/pr_session_report.mjs
index bf211230..3751215b 100644
--- a/scripts/pr_session_report.mjs
+++ b/scripts/pr_session_report.mjs
@@ -4,6 +4,7 @@ import { execFileSync, execSync } from 'node:child_process';
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
+import { pathToFileURL } from 'node:url';
 
 const DEFAULT_MAX_BUFFER = 128 * 1024 * 1024;
 
@@ -36,6 +37,15 @@ function tryRunRaw(cmd, options = {}) {
   }
 }
 
+function gitCommandSucceeds(cmd, options = {}) {
+  try {
+    runRaw(cmd, options);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 function parseArgs(argv) {
   const args = {};
   for (let i = 2; i < argv.length; i += 1) {
@@ -163,6 +173,25 @@ function collectCommitRange(base, head) {
   return out.split('\n').map((line) => line.trim()).filter(Boolean);
 }
 
+function parseJson(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function readJsonAtRef(ledgerRef, relPath) {
+  if (!ledgerRef || !relPath) return null;
+  const raw = tryRunRaw(`git show ${ledgerRef}:${relPath}`);
+  if (!raw) return null;
+  return parseJson(raw);
+}
+
+function normalizeSessionTitle(value, maxLen = 96) {
+  return normalizeDigestText(value, maxLen);
+}
+
 function collectIndexedSessions(ledgerRef, commits) {
   const bySession = new Map();
   for (const sha of commits) {
@@ -173,25 +202,38 @@ function collectIndexedSessions(ledgerRef, commits) {
     for (const relPath of listing.split('\n').map((line) => line.trim()).filter(Boolean)) {
       const raw = tryRun(`git show ${ledgerRef}:${relPath}`);
       if (!raw) continue;
-      let payload = null;
-      try {
-        payload = JSON.parse(raw);
-      } catch {
-        continue;
-      }
+      const payload = parseJson(raw);
+      if (!payload) continue;
       const sessionId = payload.session_id;
       if (!sessionId) continue;
+      const meta = readJsonAtRef(ledgerRef, payload.meta_path);
+      const sessionRole = String(meta?.session_role ?? '').trim().toLowerCase();
+      if (sessionRole === 'auxiliary') continue;
       const existing = bySession.get(sessionId) ?? {
         session_id: sessionId,
         commits: [],
         hail_path: payload.hail_path,
         meta_path: payload.meta_path,
+        tool: String(meta?.tool ?? '').trim(),
+        session_role: sessionRole || 'primary',
+        title: normalizeSessionTitle(meta?.title),
+        files_changed: Number.isFinite(meta?.stats?.files_changed) ? meta.stats.files_changed : 0,
       };
       existing.commits = unique([...existing.commits, sha]);
+      if (!existing.tool && meta?.tool) existing.tool = String(meta.tool).trim();
+      if ((!existing.title || existing.title === '-') && meta?.title) {
+        existing.title = normalizeSessionTitle(meta.title);
+      }
+      if (!existing.files_changed && Number.isFinite(meta?.stats?.files_changed)) {
+        existing.files_changed = meta.stats.files_changed;
+      }
       bySession.set(sessionId, existing);
     }
   }
-  return Array.from(bySession.values()).sort((a, b) => a.session_id.localeCompare(b.session_id));
+  return Array.from(bySession.values()).sort((a, b) =>
+    (b.files_changed - a.files_changed)
+      || (b.commits.length - a.commits.length)
+      || a.session_id.localeCompare(b.session_id));
 }
 
 function isTestFilePath(filePath) {
@@ -288,8 +330,10 @@ function collectEventsFromSessionRaw(raw) {
 function collectQaDigestFromSessions(ledgerRef, sessions) {
   const pairs = [];
   const pendingQuestions = [];
+  const seenPairs = new Set();
 
   for (const session of sessions) {
+    if (pairs.length >= 6) break;
     if (!session.hail_path) continue;
     const raw = tryRunRaw(`git show ${ledgerRef}:${session.hail_path}`);
     if (!raw) continue;
@@ -298,20 +342,52 @@ function collectQaDigestFromSessions(ledgerRef, sessions) {
       const source = String(event?.attributes?.source ?? '').trim().toLowerCase();
       if (source === 'interactive_question') {
         const question = extractTextFromEventContent(event.content);
-        if (question) pendingQuestions.push(question);
+        if (question) {
+          pendingQuestions.push({
+            question,
+            session_id: session.session_id,
+            commit: session.commits[0] ?? '',
+          });
+        }
         continue;
       }
       if (source === 'interactive') {
         const answer = extractTextFromEventContent(event.content);
         if (!answer) continue;
-        const question = pendingQuestions.shift() ?? '(interactive question missing)';
-        pairs.push({ question, answer });
+        const queued = pendingQuestions.shift() ?? {
+          question: '(interactive question missing)',
+          session_id: session.session_id,
+          commit: session.commits[0] ?? '',
+        };
+        const pair = {
+          question: queued.question,
+          answer,
+          session_id: session.session_id,
+          commit: queued.commit || session.commits[0] || '',
+        };
+        const pairKey = `${pair.question}\n${pair.answer}`;
+        if (!seenPairs.has(pairKey)) {
+          seenPairs.add(pairKey);
+          pairs.push(pair);
+        }
+        if (pairs.length >= 6) break;
       }
     }
   }
 
-  for (const question of pendingQuestions) {
-    pairs.push({ question, answer: null });
+  for (const pending of pendingQuestions) {
+    if (pairs.length >= 6) break;
+    const pair = {
+      question: pending.question,
+      answer: null,
+      session_id: pending.session_id,
+      commit: pending.commit,
+    };
+    const pairKey = `${pair.question}\n`;
+    if (!seenPairs.has(pairKey)) {
+      seenPairs.add(pairKey);
+      pairs.push(pair);
+    }
   }
 
   return {
@@ -319,6 +395,41 @@ function collectQaDigestFromSessions(ledgerRef, sessions) {
   };
 }
 
+function collectAreaSummary(changedFiles) {
+  const counts = new Map();
+  for (const rawPath of changedFiles) {
+    const normalized = String(rawPath ?? '').trim().replace(/\\/g, '/');
+    if (!normalized) continue;
+    const [head] = normalized.split('/');
+    const area = normalized.includes('/') ? head : '(root)';
+    counts.set(area, (counts.get(area) ?? 0) + 1);
+  }
+  return Array.from(counts.entries())
+    .map(([area, count]) => ({ area, count }))
+    .sort((a, b) => (b.count - a.count) || a.area.localeCompare(b.area));
+}
+
+function escapeTableCell(value) {
+  return String(value ?? '-')
+    .replace(/\|/g, '\\|')
+    .replace(/\r?\n/g, '<br>');
+}
+
+function pushDetailsList(lines, summary, items, formatter, limit = 12) {
+  if (!items.length) return;
+  lines.push('<details>');
+  lines.push(`<summary>${summary}</summary>`);
+  lines.push('');
+  for (const item of items.slice(0, limit)) {
+    lines.push(`- ${formatter(item)}`);
+  }
+  if (items.length > limit) {
+    lines.push(`- ...and ${items.length - limit} more`);
+  }
+  lines.push('</details>');
+  lines.push('');
+}
+
 function writeFileAt(worktreeDir, relPath, body) {
   const normalized = relPath.replace(/\\/g, '/').replace(/^\/+/, '');
   if (!normalized) return;
@@ -495,89 +606,61 @@ function renderReport({
     ? 'OpenSession Review (final snapshot)'
     : 'OpenSession Review';
   const lines = [];
+  const areaSummary = collectAreaSummary(changedFiles);
+  const qas = qaDigest?.pairs ?? [];
+  const reviewId = buildReviewId(repoFullName, prNumber, head);
+  const prLinks = pullRequestLinks(repoFullName, prNumber, base, head);
+  const sessionsPerCommit = commits.length > 0
+    ? (sessions.length / commits.length).toFixed(1)
+    : '0.0';
+
   lines.push(marker);
   lines.push(`### ${title}`);
   lines.push('');
-  lines.push(`- Ledger ref: \`${ledgerRef}\``);
-  if (base) lines.push(`- Base: \`${base}\``);
-  if (head) lines.push(`- Head: \`${head}\``);
-  lines.push(`- Updated at (UTC): ${generatedAt}`);
-  lines.push(`- Commit range size: ${commits.length}`);
-  lines.push(`- Linked sessions: ${sessions.length}`);
-  const prLinks = pullRequestLinks(repoFullName, prNumber, base, head);
-  const reviewId = buildReviewId(repoFullName, prNumber, head);
+  lines.push('| Metric | Value |');
+  lines.push('| --- | --- |');
+  lines.push(`| Ledger ref | \`${ledgerRef}\` |`);
+  if (base && head) {
+    lines.push(`| Base -> Head | \`${base}\` -> \`${head}\` |`);
+  } else if (head) {
+    lines.push(`| Head | \`${head}\` |`);
+  }
+  lines.push(`| Updated at (UTC) | ${generatedAt} |`);
+  lines.push(`| Commit range size | ${commits.length} |`);
+  lines.push(`| Primary linked sessions | ${sessions.length} |`);
+  lines.push(`| Modified files | ${changedFiles.length} |`);
+  lines.push(`| Added/updated test files | ${testFiles.length} |`);
+  lines.push(`| Session scope | primary only (auxiliary filtered) |`);
   if (prLinks) {
-    lines.push(
-      `- Quick links: [Files changed](${prLinks.files}) · [Commits](${prLinks.commits})${prLinks.compare ? ` · [Compare](${prLinks.compare})` : ''}`,
-    );
+    lines.push(`| Quick links | [Files changed](${prLinks.files}) · [Commits](${prLinks.commits})${prLinks.compare ? ` · [Compare](${prLinks.compare})` : ''} |`);
   }
   if (reviewId && prLinks) {
-    lines.push(`- Local review: [Open in UI](${localReviewLink(reviewId)})`);
-    lines.push(`- CLI: \`ops review ${prLinks.files.replace('/files', '')}\``);
+    lines.push(`| Local review | [Open in UI](${localReviewLink(reviewId)}) · \`ops review ${prLinks.files.replace('/files', '')}\` |`);
   }
   if (artifact?.enabled && artifact?.branchName && artifact?.treeLink) {
-    lines.push(`- Artifact branch: [\`${artifact.branchName}\`](${artifact.treeLink})`);
-  }
-  if (artifact?.enabled && artifact?.manifestPath && artifact?.branchName) {
-    const manifestLink = githubBlobLink(
-      repoFullName,
-      artifact.branchName,
-      artifact.manifestPath,
-    );
-    if (manifestLink) {
-      lines.push(`- Artifact manifest: [manifest.json](${manifestLink})`);
-    }
+    const manifestLink = artifact?.manifestPath && artifact?.branchName
+      ? githubBlobLink(repoFullName, artifact.branchName, artifact.manifestPath)
+      : null;
+    lines.push(`| Artifact branch | [\`${artifact.branchName}\`](${artifact.treeLink})${manifestLink ? ` · [manifest.json](${manifestLink})` : ''} |`);
   }
   if (artifact?.enabled && artifact?.error) {
-    lines.push(`- Artifact publish: failed (\`${artifact.error}\`)`);
-  }
-  if (missingLedgerRef) {
-    lines.push(`- Ledger status: missing (\`${ledgerRef}\`)`);
+    lines.push(`| Artifact publish | failed (\`${artifact.error}\`) |`);
   }
+  lines.push(`| Ledger status | ${missingLedgerRef ? `missing (\`${ledgerRef}\`)` : 'available'} |`);
   lines.push('');
 
   lines.push('#### Reviewer Quick Digest');
-  if ((qaDigest?.pairs?.length ?? 0) > 0) {
-    lines.push(`- Q&A excerpts: ${qaDigest.pairs.length}`);
-    lines.push('| Question | Answer |');
-    lines.push('| --- | --- |');
-    for (const pair of qaDigest.pairs) {
-      const question = String(pair.question ?? '').replace(/\|/g, '\\|');
-      const answer = String(pair.answer ?? '-').replace(/\|/g, '\\|');
-      lines.push(`| ${question} | ${answer} |`);
-    }
-  } else {
-    lines.push('- Q&A excerpts: none captured');
-  }
-  lines.push(`- Modified files: ${changedFiles.length}`);
-  lines.push(`- Added/updated test files: ${testFiles.length}`);
-  if (changedFiles.length > 0) {
-    lines.push('- Key modified files:');
-    for (const filePath of changedFiles.slice(0, 12)) {
-      lines.push(`  - \`${filePath}\``);
-    }
-    if (changedFiles.length > 12) {
-      lines.push(`  - ...and ${changedFiles.length - 12} more`);
-    }
-  }
-  if (testFiles.length > 0) {
-    lines.push('- Added/updated tests:');
-    for (const filePath of testFiles.slice(0, 12)) {
-      lines.push(`  - \`${filePath}\``);
-    }
-    if (testFiles.length > 12) {
-      lines.push(`  - ...and ${testFiles.length - 12} more`);
-    }
-  }
+  lines.push('| Q&A | Areas | Files | Tests | Sessions / Commit |');
+  lines.push('| ---: | ---: | ---: | ---: | ---: |');
+  lines.push(`| ${qas.length} | ${areaSummary.length} | ${changedFiles.length} | ${testFiles.length} | ${sessionsPerCommit} |`);
   lines.push('');
 
-  if (commits.length > 0) {
-    lines.push('#### Commit trail');
-    for (const sha of commits.slice(0, 20)) {
-      lines.push(`- ${commitLink(repoFullName, sha)}`);
-    }
-    if (commits.length > 20) {
-      lines.push(`- ...and ${commits.length - 20} more`);
+  if (areaSummary.length > 0) {
+    lines.push('#### Area Summary');
+    lines.push('| Area | Files changed |');
+    lines.push('| --- | ---: |');
+    for (const item of areaSummary.slice(0, 8)) {
+      lines.push(`| ${escapeTableCell(item.area)} | ${item.count} |`);
     }
     lines.push('');
   }
@@ -587,21 +670,53 @@ function renderReport({
     return lines.join('\n');
   }
 
+  if (qas.length > 0) {
+    lines.push('#### Interactive Q&A');
+    lines.push('| Session | Commit | Question | Answer |');
+    lines.push('| --- | --- | --- | --- |');
+    for (const pair of qas) {
+      lines.push(
+        `| \`${escapeTableCell(pair.session_id ?? '-')}\` | ${pair.commit ? commitLink(repoFullName, pair.commit) : '-'} | ${escapeTableCell(pair.question)} | ${escapeTableCell(pair.answer ?? '-')} |`,
+      );
+    }
+    lines.push('');
+  } else {
+    lines.push('#### Interactive Q&A');
+    lines.push('No interactive Q&A excerpts were captured from primary sessions.');
+    lines.push('');
+  }
+
+  pushDetailsList(lines, `Changed paths (${changedFiles.length})`, changedFiles, (filePath) => `\`${filePath}\``);
+  pushDetailsList(lines, `Added/updated tests (${testFiles.length})`, testFiles, (filePath) => `\`${filePath}\``);
+
+  if (commits.length > 0) {
+    pushDetailsList(
+      lines,
+      `Commit trail (${commits.length})`,
+      commits,
+      (sha) => commitLink(repoFullName, sha),
+      20,
+    );
+  }
+
   if (sessions.length === 0) {
     lines.push('No indexed sessions matched this commit range.');
     return lines.join('\n');
   }
 
-  lines.push('| Session ID | Commits | Open | OpenSession | JSONL | Meta |');
-  lines.push('| --- | ---: | --- | --- | --- | --- |');
+  lines.push('<details>');
+  lines.push(`<summary>Linked sessions (${sessions.length})</summary>`);
+  lines.push('');
+  lines.push('| Session ID | Tool | Files | Commits | Open | OpenSession | JSONL | Meta | Title |');
+  lines.push('| --- | --- | ---: | --- | --- | --- | --- | --- | --- |');
   for (const session of sessions.slice(0, 50)) {
     const commitCell = session.commits.length > 0
       ? session.commits
-          .slice(0, 4)
+          .slice(0, 3)
           .map((sha) => commitLink(repoFullName, sha))
           .join(', ')
       : String(session.commits.length);
-    const suffix = session.commits.length > 4 ? ` +${session.commits.length - 4}` : '';
+    const suffix = session.commits.length > 3 ? ` +${session.commits.length - 3}` : '';
     const primaryCommit = session.commits[0] ?? '';
     const openLink = localReviewLink(reviewId, session.session_id, primaryCommit);
     const webLink =
@@ -629,13 +744,13 @@ function renderReport({
           )
         : null;
     lines.push(
-      `| \`${session.session_id}\` | ${commitCell}${suffix} | ${openLink ? `[open](${openLink})` : '-'} | ${webLink ? `[web](${webLink})` : '-'} | ${hailLink ? `[jsonl](${hailLink})` : '-'} | ${metaLink ? `[meta](${metaLink})` : `\`${session.meta_path ?? ''}\``} |`,
+      `| \`${session.session_id}\` | ${escapeTableCell(session.tool || '-')} | ${session.files_changed ?? 0} | ${commitCell}${suffix} | ${openLink ? `[open](${openLink})` : '-'} | ${webLink ? `[web](${webLink})` : '-'} | ${hailLink ? `[jsonl](${hailLink})` : '-'} | ${metaLink ? `[meta](${metaLink})` : `\`${session.meta_path ?? ''}\``} | ${escapeTableCell(session.title || '-')} |`,
     );
   }
   if (sessions.length > 50) {
-    lines.push('');
-    lines.push(`...and ${sessions.length - 50} more sessions.`);
+    lines.push(`| ... | ... | ... | ... | ... | ... | ... | ... | ...and ${sessions.length - 50} more sessions. |`);
   }
+  lines.push('</details>');
   return lines.join('\n');
 }
 
@@ -659,7 +774,7 @@ function main() {
     return;
   }
 
-  const refExists = tryRun(`git show-ref ${ledgerRef}`);
+  const refExists = gitCommandSucceeds(`git show-ref --verify --quiet ${ledgerRef}`);
   const commits = collectCommitRange(base, head);
   const sessions = refExists ? collectIndexedSessions(ledgerRef, commits) : [];
   const changedFiles = collectChangedFiles(base, head);
@@ -700,4 +815,25 @@ function main() {
   console.log(report);
 }
 
-main();
+const isMainModule = process.argv[1]
+  ? import.meta.url === pathToFileURL(process.argv[1]).href
+  : false;
+
+if (isMainModule) {
+  main();
+}
+
+export {
+  buildArtifactBranchName,
+  buildArtifactRoot,
+  buildReviewId,
+  collectAreaSummary,
+  collectChangedFiles,
+  collectCommitRange,
+  collectIndexedSessions,
+  collectQaDigestFromSessions,
+  isTestFilePath,
+  localReviewLink,
+  normalizeDigestText,
+  renderReport,
+};
diff --git a/scripts/tests/pr-session-report.test.mjs b/scripts/tests/pr-session-report.test.mjs
new file mode 100644
index 00000000..da3142e2
--- /dev/null
+++ b/scripts/tests/pr-session-report.test.mjs
@@ -0,0 +1,70 @@
+import assert from 'node:assert/strict';
+import test from 'node:test';
+
+import { renderReport } from '../pr_session_report.mjs';
+
+test('renderReport emphasizes metrics, areas, and linked session metadata', () => {
+  const report = renderReport({
+    marker: '<!-- opensession-session-review -->',
+    mode: 'update',
+    ledgerRef: 'refs/opensession/branches/example',
+    repoFullName: 'acme/opensession',
+    prNumber: 18,
+    generatedAt: '2026-03-09T09:44:22.436Z',
+    base: 'bf7d505805dd45cc54dd2e064757fbab2dec2bd2',
+    head: '5297b09fbf250feb50bce4986f4e2148e41eb347',
+    commits: [
+      '5297b09fbf250feb50bce4986f4e2148e41eb347',
+      '688f6192f0f250feb50bce4986f4e2148e41eb34',
+    ],
+    sessions: [
+      {
+        session_id: 's-primary-1',
+        tool: 'codex',
+        title: 'Refactor review pipeline',
+        files_changed: 7,
+        commits: ['5297b09fbf250feb50bce4986f4e2148e41eb347'],
+        hail_path: 'v1/aa/s-primary-1.hail.jsonl',
+        meta_path: 'v1/aa/s-primary-1.meta.json',
+      },
+    ],
+    changedFiles: [
+      'crates/cli/src/review.rs',
+      'scripts/pr_session_report.mjs',
+      '.github/workflows/session-review.yml',
+      'README.md',
+    ],
+    testFiles: ['crates/cli/tests/handoff_cli/review_cli.rs'],
+    qaDigest: {
+      pairs: [
+        {
+          session_id: 's-primary-1',
+          commit: '5297b09fbf250feb50bce4986f4e2148e41eb347',
+          question: 'scope?',
+          answer: 'filter auxiliary sessions',
+        },
+      ],
+    },
+    missingLedgerRef: false,
+    artifact: {
+      enabled: true,
+      branchName: 'opensession/pr-18-sessions',
+      artifactRoot: 'reviews/gh-acme-opensession-pr18-5297b09',
+      manifestPath: 'reviews/gh-acme-opensession-pr18-5297b09/manifest.json',
+      treeLink: 'https://github.com/acme/opensession/tree/opensession/pr-18-sessions',
+      error: null,
+    },
+  });
+
+  assert.match(report, /\| Metric \| Value \|/);
+  assert.match(report, /\| Q&A \| Areas \| Files \| Tests \| Sessions \/ Commit \|/);
+  assert.match(report, /#### Area Summary/);
+  assert.match(report, /\| Session \| Commit \| Question \| Answer \|/);
+  assert.match(report, /<details>\n<summary>Changed paths \(4\)<\/summary>/);
+  assert.match(report, /<details>\n<summary>Linked sessions \(1\)<\/summary>/);
+  assert.match(
+    report,
+    /\| Session ID \| Tool \| Files \| Commits \| Open \| OpenSession \| JSONL \| Meta \| Title \|/,
+  );
+  assert.match(report, /primary only \(auxiliary filtered\)/);
+});

From 901a74b0dd83779c34f6d9f99f792d1cd77786ca Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 19:25:01 +0900
Subject: [PATCH 25/30] Fix handoff test unix permissions import

---
 crates/cli/tests/handoff_cli.rs          | 2 --
 crates/cli/tests/handoff_cli/view_cli.rs | 2 ++
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crates/cli/tests/handoff_cli.rs b/crates/cli/tests/handoff_cli.rs
index 45832ae9..47da4eb5 100644
--- a/crates/cli/tests/handoff_cli.rs
+++ b/crates/cli/tests/handoff_cli.rs
@@ -2,8 +2,6 @@ use opensession_core::testing;
 use opensession_core::{Agent, Content, Event, EventType, Session};
 use serde_json::Value;
 use std::fs;
-#[cfg(unix)]
-use std::os::unix::fs::PermissionsExt;
 use std::path::Path;
 use std::process::{Command, Output};
 
diff --git a/crates/cli/tests/handoff_cli/view_cli.rs b/crates/cli/tests/handoff_cli/view_cli.rs
index 8fff98d4..52126b30 100644
--- a/crates/cli/tests/handoff_cli/view_cli.rs
+++ b/crates/cli/tests/handoff_cli/view_cli.rs
@@ -1,4 +1,6 @@
 use super::*;
+#[cfg(unix)]
+use std::os::unix::fs::PermissionsExt;
 
 #[test]
 fn view_web_maps_remote_source_uri_to_src_route() {

From 3477e10f73d22d6e25b14f3000cb262d897e6d4c Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 19:31:06 +0900
Subject: [PATCH 26/30] Fix macOS-only test permissions import

---
 crates/cli/tests/handoff_cli/view_cli.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crates/cli/tests/handoff_cli/view_cli.rs b/crates/cli/tests/handoff_cli/view_cli.rs
index 52126b30..46f4a277 100644
--- a/crates/cli/tests/handoff_cli/view_cli.rs
+++ b/crates/cli/tests/handoff_cli/view_cli.rs
@@ -1,5 +1,5 @@
 use super::*;
-#[cfg(unix)]
+#[cfg(target_os = "macos")]
 use std::os::unix::fs::PermissionsExt;
 
 #[test]

From 33296b87878d83cb593457b10307339f12cd5f97 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 19:47:04 +0900
Subject: [PATCH 27/30] Make PR session artifacts opt-in persistent

---
 .github/workflows/session-review.yml          | 146 +++++++++---------
 README.ko.md                                  |   6 +-
 README.md                                     |   6 +-
 crates/cli/src/cleanup_cmd.rs                 |  52 +++++++
 .../cleanup/github-session-review.yml.tmpl    | 104 +++++++++++--
 .../cleanup/gitlab-session-review.yml.tmpl    |  17 +-
 crates/cli/tests/handoff_cli/cleanup_cli.rs   |  88 +++++++++++
 docs.ko.md                                    |   8 +-
 docs.md                                       |   7 +-
 scripts/check-session-review-workflow.mjs     |  23 ++-
 scripts/pr_session_report.mjs                 |  35 ++++-
 scripts/tests/pr-session-report.test.mjs      |   7 +-
 12 files changed, 392 insertions(+), 107 deletions(-)

diff --git a/.github/workflows/session-review.yml b/.github/workflows/session-review.yml
index d061ac63..a675cd31 100644
--- a/.github/workflows/session-review.yml
+++ b/.github/workflows/session-review.yml
@@ -43,6 +43,29 @@ jobs:
           set -euo pipefail
           git fetch --no-tags --depth=1 origin "+${LEDGER_REF}:${LEDGER_REF}" || true
 
+      - name: Resolve artifact storage
+        id: storage
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          python3 - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import pathlib
+          import tomllib
+
+          archive_branch = ""
+          config_path = pathlib.Path(".opensession/cleanup/config.toml")
+          if config_path.exists():
+              data = tomllib.loads(config_path.read_text(encoding="utf-8"))
+              archive_branch = str(data.get("session_archive_branch") or "").strip()
+
+          pr_number = os.environ["PR_NUMBER"]
+          artifact_branch = archive_branch or f"opensession/pr-{pr_number}-sessions"
+          print(f"artifact_branch={artifact_branch}")
+          print(f"persistent={'true' if archive_branch else 'false'}")
+          PY
+
       - name: Configure git author for artifact branch
         run: |
           set -euo pipefail
@@ -56,6 +79,8 @@ jobs:
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           REPO_FULL_NAME: ${{ github.repository }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
+          ARTIFACT_BRANCH: ${{ steps.storage.outputs.artifact_branch }}
+          PERSIST_ARTIFACTS: ${{ steps.storage.outputs.persistent }}
         run: |
           set -euo pipefail
           node scripts/pr_session_report.mjs \
@@ -65,6 +90,8 @@ jobs:
             --head "$HEAD_SHA" \
             --repo "$REPO_FULL_NAME" \
             --pr-number "$PR_NUMBER" \
+            --artifact-branch "$ARTIFACT_BRANCH" \
+            --preserve-existing-artifacts "$PERSIST_ARTIFACTS" \
             --publish-artifacts true \
             > /tmp/opensession-pr-report.md
 
@@ -117,8 +144,6 @@ jobs:
   cleanup:
     name: PR Session Cleanup
     runs-on: ubuntu-latest
-    env:
-      OPENSESSION_ARTIFACT_RETENTION: ${{ vars.OPENSESSION_ARTIFACT_RETENTION || 'next_commit' }}
     permissions:
       contents: write
       pull-requests: write
@@ -126,7 +151,6 @@ jobs:
     if: >
       (github.event_name == 'pull_request' &&
        github.event.action == 'closed' &&
-       github.event.pull_request.merged == true &&
        github.event.pull_request.head.repo.full_name == github.repository) ||
       (github.event_name == 'delete' && github.event.ref_type == 'branch')
     steps:
@@ -159,24 +183,46 @@ jobs:
           set -euo pipefail
           git fetch --no-tags --depth=1 origin "+${LEDGER_REF}:${LEDGER_REF}" || true
 
-      - name: Build final report (merged PR only)
+      - name: Resolve artifact storage
         if: github.event_name == 'pull_request'
+        id: storage
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          python3 - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import pathlib
+          import tomllib
+
+          archive_branch = ""
+          config_path = pathlib.Path(".opensession/cleanup/config.toml")
+          if config_path.exists():
+              data = tomllib.loads(config_path.read_text(encoding="utf-8"))
+              archive_branch = str(data.get("session_archive_branch") or "").strip()
+
+          pr_number = os.environ["PR_NUMBER"]
+          artifact_branch = archive_branch or f"opensession/pr-{pr_number}-sessions"
+          print(f"artifact_branch={artifact_branch}")
+          print(f"persistent={'true' if archive_branch else 'false'}")
+          PY
+
+      - name: Build final report (merged PR only)
+        if: github.event_name == 'pull_request' && github.event.pull_request.merged == true
         env:
           LEDGER_REF: ${{ steps.ledger.outputs.ref }}
           BASE_SHA: ${{ github.event.pull_request.base.sha }}
           HEAD_SHA: ${{ github.event.pull_request.head.sha }}
           REPO_FULL_NAME: ${{ github.repository }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
-          RETENTION_MODE: ${{ env.OPENSESSION_ARTIFACT_RETENTION }}
+          ARTIFACT_BRANCH: ${{ steps.storage.outputs.artifact_branch }}
+          PERSIST_ARTIFACTS: ${{ steps.storage.outputs.persistent }}
         run: |
           set -euo pipefail
-          retention="$(printf '%s' "$RETENTION_MODE" | tr '[:upper:]' '[:lower:]')"
-          publish_artifacts=true
-          case "$retention" in
-            immediate|delete)
-              publish_artifacts=false
-              ;;
-          esac
+          publish_artifacts=false
+          if [ "$PERSIST_ARTIFACTS" = "true" ]; then
+            publish_artifacts=true
+          fi
           node scripts/pr_session_report.mjs \
             --mode final \
             --ledger-ref "$LEDGER_REF" \
@@ -184,11 +230,13 @@ jobs:
             --head "$HEAD_SHA" \
             --repo "$REPO_FULL_NAME" \
             --pr-number "$PR_NUMBER" \
+            --artifact-branch "$ARTIFACT_BRANCH" \
+            --preserve-existing-artifacts "$PERSIST_ARTIFACTS" \
             --publish-artifacts "$publish_artifacts" \
             > /tmp/opensession-pr-final.md
 
       - name: Post final snapshot comment (merged PR only)
-        if: github.event_name == 'pull_request'
+        if: github.event_name == 'pull_request' && github.event.pull_request.merged == true
         uses: actions/github-script@v7
         env:
           REPORT_PATH: /tmp/opensession-pr-final.md
@@ -201,6 +249,7 @@ jobs:
             await github.rest.issues.createComment({ owner, repo, issue_number, body });
 
       - name: Delete ledger ref with retry
+        if: github.event_name == 'delete' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true)
         env:
           LEDGER_REF: ${{ steps.ledger.outputs.ref }}
         run: |
@@ -217,69 +266,20 @@ jobs:
             echo "::warning::Failed to delete ledger ref $LEDGER_REF after retry"
           fi
 
-      - name: Apply artifact retention policy (merged PR only)
-        if: github.event_name == 'pull_request'
+      - name: Delete ephemeral artifact branch on PR close
+        if: github.event_name == 'pull_request' && steps.storage.outputs.persistent != 'true'
         env:
-          CURRENT_ARTIFACT_BRANCH: opensession/pr-${{ github.event.pull_request.number }}-sessions
-          RETENTION_MODE: ${{ env.OPENSESSION_ARTIFACT_RETENTION }}
+          ARTIFACT_BRANCH: ${{ steps.storage.outputs.artifact_branch }}
         run: |
           set -euo pipefail
-          retention="$(printf '%s' "$RETENTION_MODE" | tr '[:upper:]' '[:lower:]')"
-          case "$retention" in
-            next_commit|next|immediate|delete|keep|forever)
-              ;;
-            *)
-              echo "::warning::Unknown OPENSESSION_ARTIFACT_RETENTION='$RETENTION_MODE'; using next_commit"
-              retention="next_commit"
-              ;;
-          esac
-
-          branches="$(git ls-remote --heads origin 'opensession/pr-*-sessions' | awk '{print $2}' | sed 's#refs/heads/##')"
-          if [ -z "$branches" ]; then
-            echo "No artifact branches found."
-            exit 0
-          fi
-
-          deleted=0
-          kept=0
-          failed=0
-          for branch in $branches; do
-            delete_branch=0
-            case "$retention" in
-              keep|forever)
-                delete_branch=0
-                ;;
-              immediate|delete)
-                delete_branch=1
-                ;;
-              next_commit|next)
-                if [ "$branch" != "$CURRENT_ARTIFACT_BRANCH" ]; then
-                  delete_branch=1
-                fi
-                ;;
-            esac
-
-            if [ "$delete_branch" -ne 1 ]; then
-              kept=$((kept + 1))
-              continue
-            fi
-
-            ok=0
-            for attempt in 1 2; do
-              if git push origin ":refs/heads/$branch"; then
-                ok=1
-                break
-              fi
-              sleep 2
-            done
-            if [ "$ok" -ne 1 ]; then
-              failed=1
-              echo "::warning::Failed to delete artifact branch $branch after retry"
-            else
-              deleted=$((deleted + 1))
+          ok=0
+          for attempt in 1 2; do
+            if git push origin ":refs/heads/$ARTIFACT_BRANCH"; then
+              ok=1
+              break
             fi
+            sleep 2
           done
-          echo "Artifact retention mode: $retention (deleted=$deleted kept=$kept current=$CURRENT_ARTIFACT_BRANCH)"
-          if [ "$failed" -ne 0 ]; then
-            echo "::warning::Artifact retention policy completed with branch deletion failures."
+          if [ "$ok" -ne 1 ]; then
+            echo "::warning::Failed to delete artifact branch $ARTIFACT_BRANCH after retry"
           fi
diff --git a/README.ko.md b/README.ko.md
index 5f74be07..7e5cb718 100644
--- a/README.ko.md
+++ b/README.ko.md
@@ -240,13 +240,17 @@ opensession cleanup run --apply
 
 - hidden ref TTL: 30일
 - artifact branch TTL: 30일
-- GitHub/GitLab 설정 시 PR/MR 갱신마다 artifact branch를 갱신하고 리뷰 코멘트를 남기는 session-review 자동화 템플릿도 함께 생성됩니다.
+- GitHub/GitLab 설정 시 PR/MR 갱신마다 session artifact branch를 갱신하고 리뷰 코멘트를 남기는 session-review 자동화 템플릿도 함께 생성됩니다.
+- 기본값은 ephemeral PR/MR artifact branch이며 리뷰가 닫히면 삭제됩니다. `--session-archive-branch <branch>`를 설정하면 `pr/sessions` 같은 전용 archive branch에 immutable snapshot을 계속 보관합니다.
 - session-review 코멘트에는 `Reviewer Quick Digest` 블록이 포함되며, Q&A 발췌(질문/응답), 수정 파일, 추가/수정 테스트가 함께 표시됩니다.
 
 민감한 저장소는 즉시 정리 모드를 권장합니다.
 
 ```bash
 opensession cleanup init --provider auto --hidden-ttl-days 0 --artifact-ttl-days 0 --yes
+
+# 전용 브랜치에 리뷰 스냅샷 영구 보관
+opensession cleanup init --provider auto --session-archive-branch pr/sessions --yes
 ```
 
 ## handoff
diff --git a/README.md b/README.md
index da58b4d0..bf630a91 100644
--- a/README.md
+++ b/README.md
@@ -232,13 +232,17 @@ opensession cleanup run
 
 # apply cleanup deletions
 opensession cleanup run --apply
+
+# keep review snapshots permanently on a dedicated branch
+opensession cleanup init --provider auto --session-archive-branch pr/sessions --yes
 ```
 
 Defaults:
 
 - hidden ref TTL: 30 days
 - artifact branch TTL: 30 days
-- GitHub/GitLab setup also writes PR/MR session-review automation that updates an artifact branch and posts a review comment on PR/MR updates.
+- GitHub/GitLab setup also writes PR/MR session-review automation that updates a session artifact branch and posts a review comment on PR/MR updates.
+- By default PR/MR artifact branches are ephemeral and are deleted when the review closes; set `--session-archive-branch <branch>` to keep immutable review snapshots on a dedicated archive branch such as `pr/sessions`.
 - Session review comments now include a `Reviewer Quick Digest` block with Q&A excerpts (question/answer rows), modified files, and added/updated tests.
 
 Sensitive repositories can force immediate cleanup:
diff --git a/crates/cli/src/cleanup_cmd.rs b/crates/cli/src/cleanup_cmd.rs
index 20d8513c..2145bf70 100644
--- a/crates/cli/src/cleanup_cmd.rs
+++ b/crates/cli/src/cleanup_cmd.rs
@@ -57,6 +57,9 @@ struct CleanupInitArgs {
     /// Artifact branch TTL in days.
     #[arg(long, default_value_t = DEFAULT_TTL_DAYS)]
     artifact_ttl_days: u16,
+    /// Persist PR/MR session snapshots on this dedicated branch instead of ephemeral per-PR branches.
+    #[arg(long)]
+    session_archive_branch: Option<String>,
     /// Skip confirmation prompt.
     #[arg(long)]
     yes: bool,
@@ -107,6 +110,8 @@ struct CleanupConfig {
     remote: String,
     hidden_ttl_days: u16,
     artifact_ttl_days: u16,
+    #[serde(default)]
+    session_archive_branch: Option<String>,
     managed_at: String,
     managed_by: String,
 }
@@ -129,6 +134,7 @@ struct CleanupPaths {
 struct InitExecutionReport {
     provider: CleanupProvider,
     resolved_remote: String,
+    session_archive_branch: Option<String>,
     applied_paths: Vec<String>,
     manual_steps: Vec<String>,
     warnings: Vec<String>,
@@ -152,6 +158,7 @@ struct JanitorSummary {
 struct CleanupStatusJson {
     configured: bool,
     provider: Option<String>,
+    session_archive_branch: Option<String>,
     janitor_present: bool,
     provider_template_ready: bool,
     next_action: Option<String>,
@@ -273,6 +280,7 @@ pub fn maybe_prompt_cleanup_init_after_push(repo_root: &Path, remote: &str) -> R
             remote: remote.to_string(),
             hidden_ttl_days: DEFAULT_TTL_DAYS,
             artifact_ttl_days: DEFAULT_TTL_DAYS,
+            session_archive_branch: None,
             yes: true,
             json: false,
             silent: true,
@@ -292,6 +300,7 @@ fn run_init(args: CleanupInitArgs) -> Result<()> {
             remote: args.remote,
             hidden_ttl_days: args.hidden_ttl_days,
             artifact_ttl_days: args.artifact_ttl_days,
+            session_archive_branch: args.session_archive_branch,
             yes: args.yes,
             json: args.json,
             silent: false,
@@ -303,6 +312,7 @@ fn run_init(args: CleanupInitArgs) -> Result<()> {
             "configured": true,
             "provider": report.provider.as_str(),
             "resolved_remote": report.resolved_remote,
+            "session_archive_branch": report.session_archive_branch,
             "applied_paths": report.applied_paths,
             "manual_steps": report.manual_steps,
             "warnings": report.warnings,
@@ -313,6 +323,9 @@ fn run_init(args: CleanupInitArgs) -> Result<()> {
 
     println!("cleanup configured: provider={}", report.provider.as_str());
     println!("remote: {}", report.resolved_remote);
+    if let Some(branch) = &report.session_archive_branch {
+        println!("session archive branch: {branch}");
+    }
     if !report.applied_paths.is_empty() {
         println!("applied:");
         for path in &report.applied_paths {
@@ -343,6 +356,7 @@ fn run_status(args: CleanupStatusArgs) -> Result<()> {
         let payload = CleanupStatusJson {
             configured: false,
             provider: None,
+            session_archive_branch: None,
             janitor_present: paths.janitor.exists(),
             provider_template_ready: false,
             next_action: Some("opensession cleanup init --provider auto".to_string()),
@@ -388,6 +402,7 @@ fn run_status(args: CleanupStatusArgs) -> Result<()> {
     let payload = CleanupStatusJson {
         configured: true,
         provider: Some(config.provider.as_str().to_string()),
+        session_archive_branch: config.session_archive_branch.clone(),
         janitor_present,
         provider_template_ready: provider_ready,
         next_action,
@@ -404,6 +419,9 @@ fn run_status(args: CleanupStatusArgs) -> Result<()> {
         "cleanup: configured (provider={})",
         config.provider.as_str()
     );
+    if let Some(branch) = &config.session_archive_branch {
+        println!("session archive branch: {branch}");
+    }
     println!(
         "janitor: {}",
         if payload.janitor_present {
@@ -474,6 +492,7 @@ struct InitRequest {
     remote: String,
     hidden_ttl_days: u16,
     artifact_ttl_days: u16,
+    session_archive_branch: Option<String>,
     yes: bool,
     json: bool,
     silent: bool,
@@ -484,6 +503,7 @@ fn init_cleanup(repo_root: &Path, req: InitRequest) -> Result<InitExecutionRepor
     let remote = resolve_remote(&req.remote, repo_root)?;
 
     let mut warnings = Vec::new();
+    let session_archive_branch = normalize_optional_branch(req.session_archive_branch);
     let provider = match req.provider {
         CleanupInitProvider::Auto => {
             let detected = detect_provider_for_remote(&remote.url);
@@ -508,6 +528,12 @@ fn init_cleanup(repo_root: &Path, req: InitRequest) -> Result<InitExecutionRepor
         format!("remote: {}", remote.push_target),
         format!("hidden_ttl_days: {}", req.hidden_ttl_days),
         format!("artifact_ttl_days: {}", req.artifact_ttl_days),
+        format!(
+            "session_archive_branch: {}",
+            session_archive_branch
+                .as_deref()
+                .unwrap_or("(ephemeral per-pr branches)")
+        ),
         format!("write: {}", paths.config.display()),
         format!("write: {}", paths.janitor.display()),
         format!("write: {}", paths.cron_example.display()),
@@ -553,6 +579,7 @@ fn init_cleanup(repo_root: &Path, req: InitRequest) -> Result<InitExecutionRepor
         remote: remote.push_target.clone(),
         hidden_ttl_days: req.hidden_ttl_days,
         artifact_ttl_days: req.artifact_ttl_days,
+        session_archive_branch: session_archive_branch.clone(),
         managed_at: chrono::Utc::now().to_rfc3339(),
         managed_by: MANAGED_MARKER.to_string(),
     };
@@ -626,6 +653,7 @@ fn init_cleanup(repo_root: &Path, req: InitRequest) -> Result<InitExecutionRepor
     Ok(InitExecutionReport {
         provider,
         resolved_remote: remote.push_target,
+        session_archive_branch,
         applied_paths,
         manual_steps,
         warnings,
@@ -938,9 +966,28 @@ fn validate_config(config: &CleanupConfig) -> Result<()> {
     if config.remote.trim().is_empty() {
         bail!("cleanup config remote is empty");
     }
+    if config
+        .session_archive_branch
+        .as_deref()
+        .map(str::trim)
+        .is_some_and(str::is_empty)
+    {
+        bail!("cleanup config session_archive_branch is empty");
+    }
     Ok(())
 }
 
+fn normalize_optional_branch(value: Option<String>) -> Option<String> {
+    value.and_then(|raw| {
+        let trimmed = raw.trim();
+        if trimmed.is_empty() {
+            None
+        } else {
+            Some(trimmed.to_string())
+        }
+    })
+}
+
 fn provider_template_ready(paths: &CleanupPaths, provider: CleanupProvider) -> bool {
     match provider {
         CleanupProvider::Github => {
@@ -1084,6 +1131,7 @@ mod tests {
             remote: "origin".to_string(),
             hidden_ttl_days: 30,
             artifact_ttl_days: 30,
+            session_archive_branch: Some("pr/sessions".to_string()),
             managed_at: "2026-02-27T00:00:00Z".to_string(),
             managed_by: MANAGED_MARKER.to_string(),
         };
@@ -1094,6 +1142,10 @@ mod tests {
         assert_eq!(parsed.provider, CleanupProvider::Generic);
         assert_eq!(parsed.hidden_ttl_days, 30);
         assert_eq!(parsed.artifact_ttl_days, 30);
+        assert_eq!(
+            parsed.session_archive_branch.as_deref(),
+            Some("pr/sessions")
+        );
     }
 
     #[test]
diff --git a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
index 5f0ad43e..e4852efa 100644
--- a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
+++ b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
@@ -3,7 +3,7 @@ name: OpenSession Session Review
 
 on:
   pull_request:
-    types: [opened, reopened, synchronize]
+    types: [opened, reopened, synchronize, closed]
 
 permissions:
   contents: write
@@ -13,27 +13,53 @@ permissions:
 jobs:
   session_review:
     runs-on: ubuntu-latest
-    if: github.event.pull_request.head.repo.full_name == github.repository
+    if: >
+      github.event.action != 'closed' &&
+      github.event.pull_request.head.repo.full_name == github.repository
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Resolve artifact storage
+        id: storage
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          python3 - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import pathlib
+          import tomllib
+
+          archive_branch = ""
+          config_path = pathlib.Path(".opensession/cleanup/config.toml")
+          if config_path.exists():
+              data = tomllib.loads(config_path.read_text(encoding="utf-8"))
+              archive_branch = str(data.get("session_archive_branch") or "").strip()
+
+          pr_number = os.environ["PR_NUMBER"]
+          artifact_branch = archive_branch or f"opensession/pr-{pr_number}-sessions"
+          print(f"artifact_branch={artifact_branch}")
+          print(f"persistent={'1' if archive_branch else '0'}")
+          PY
+
       - name: Compute ledger ref and publish artifact branch
         id: artifact
         env:
           BRANCH: ${{ github.head_ref }}
-          PR_NUMBER: ${{ github.event.pull_request.number }}
+          ARTIFACT_BRANCH: ${{ steps.storage.outputs.artifact_branch }}
+          PERSISTENT_STORAGE: ${{ steps.storage.outputs.persistent }}
         run: |
           set -euo pipefail
 
-          encoded="$(python - <<'PY'
-import base64, os
-print(base64.urlsafe_b64encode(os.environ['BRANCH'].encode()).decode().rstrip('='))
-PY
-)"
+          encoded="$(python3 - <<'PY'
+          import base64, os
+          print(base64.urlsafe_b64encode(os.environ['BRANCH'].encode()).decode().rstrip('='))
+          PY
+          )"
           ledger_ref="refs/opensession/branches/${encoded}"
-          artifact_branch="opensession/pr-${PR_NUMBER}-sessions"
+          artifact_branch="$ARTIFACT_BRANCH"
           has_ledger=0
           push_ok=0
 
@@ -48,6 +74,7 @@ PY
           echo "artifact_branch=${artifact_branch}" >> "$GITHUB_OUTPUT"
           echo "has_ledger=${has_ledger}" >> "$GITHUB_OUTPUT"
           echo "push_ok=${push_ok}" >> "$GITHUB_OUTPUT"
+          echo "persistent_storage=${PERSISTENT_STORAGE}" >> "$GITHUB_OUTPUT"
 
       - name: Upsert session review comment
         uses: actions/github-script@v7
@@ -56,6 +83,7 @@ PY
           ARTIFACT_BRANCH: ${{ steps.artifact.outputs.artifact_branch }}
           HAS_LEDGER: ${{ steps.artifact.outputs.has_ledger }}
           PUSH_OK: ${{ steps.artifact.outputs.push_ok }}
+          PERSISTENT_STORAGE: ${{ steps.artifact.outputs.persistent_storage }}
         with:
           script: |
             const marker = '<!-- opensession-auto-session-review -->';
@@ -65,6 +93,7 @@ PY
             const pushOk = process.env.PUSH_OK === '1';
             const ledgerRef = process.env.LEDGER_REF;
             const artifactBranch = process.env.ARTIFACT_BRANCH;
+            const persistentStorage = process.env.PERSISTENT_STORAGE === '1';
             const branchUrl = `https://github.com/${owner}/${repo}/tree/${artifactBranch}`;
 
             const lines = [
@@ -75,6 +104,7 @@ PY
               '| --- | --- |',
               `| Ledger ref | \`${ledgerRef}\` |`,
               `| Artifact branch | [\`${artifactBranch}\`](${branchUrl}) |`,
+              `| Retention | ${persistentStorage ? 'persistent archive branch' : 'ephemeral branch (deleted on PR close)'} |`,
             ];
 
             if (!hasLedger) {
@@ -83,9 +113,12 @@ PY
             } else if (!pushOk) {
               lines.push('| Status | ledger found, but artifact publish failed |');
               lines.push('| Next action | Check workflow write permissions for `contents: write`. |');
+            } else if (persistentStorage) {
+              lines.push('| Status | persistent archive branch updated |');
+              lines.push('| Next action | Open the archive branch to inspect stored review snapshots. |');
             } else {
-              lines.push('| Status | artifact branch updated |');
-              lines.push('| Next action | Open the artifact branch or run the full session-review workflow for digest output. |');
+              lines.push('| Status | ephemeral artifact branch updated |');
+              lines.push('| Next action | Open the artifact branch while the PR is active; it will be deleted on PR close. |');
             }
 
             const body = `${lines.join('\n')}\n`;
@@ -113,3 +146,52 @@ PY
             } else {
               await github.rest.issues.createComment({ owner, repo, issue_number, body });
             }
+
+  cleanup:
+    runs-on: ubuntu-latest
+    if: github.event.action == 'closed' && github.event.pull_request.head.repo.full_name == github.repository
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Resolve artifact storage
+        id: storage
+        env:
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          set -euo pipefail
+          python3 - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import pathlib
+          import tomllib
+
+          archive_branch = ""
+          config_path = pathlib.Path(".opensession/cleanup/config.toml")
+          if config_path.exists():
+              data = tomllib.loads(config_path.read_text(encoding="utf-8"))
+              archive_branch = str(data.get("session_archive_branch") or "").strip()
+
+          pr_number = os.environ["PR_NUMBER"]
+          artifact_branch = archive_branch or f"opensession/pr-{pr_number}-sessions"
+          print(f"artifact_branch={artifact_branch}")
+          print(f"persistent={'1' if archive_branch else '0'}")
+          PY
+
+      - name: Delete ephemeral artifact branch
+        if: steps.storage.outputs.persistent != '1'
+        env:
+          ARTIFACT_BRANCH: ${{ steps.storage.outputs.artifact_branch }}
+        run: |
+          set -euo pipefail
+          ok=0
+          for attempt in 1 2; do
+            if git push origin ":refs/heads/$ARTIFACT_BRANCH" >/dev/null 2>&1; then
+              ok=1
+              break
+            fi
+            sleep 2
+          done
+          if [ "$ok" -ne 1 ]; then
+            echo "::warning::Failed to delete artifact branch $ARTIFACT_BRANCH after retry"
+          fi
diff --git a/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl b/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
index 7a191900..c7d50024 100644
--- a/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
+++ b/crates/cli/src/templates/cleanup/gitlab-session-review.yml.tmpl
@@ -7,13 +7,25 @@ opensession_session_review:
   script:
     - set -eu
     - |
+      archive_branch="$(python3 - <<'PY'
+      import pathlib
+      import tomllib
+
+      config_path = pathlib.Path(".opensession/cleanup/config.toml")
+      if config_path.exists():
+          data = tomllib.loads(config_path.read_text(encoding="utf-8"))
+          print(str(data.get("session_archive_branch") or "").strip())
+      else:
+          print("")
+      PY
+      )"
       encoded="$(python3 - <<'PY'
 import base64, os
 print(base64.urlsafe_b64encode(os.environ['CI_COMMIT_REF_NAME'].encode()).decode().rstrip('='))
 PY
 )"
       ledger_ref="refs/opensession/branches/${encoded}"
-      artifact_branch="opensession/mr-${CI_MERGE_REQUEST_IID}-sessions"
+      artifact_branch="${archive_branch:-opensession/mr-${CI_MERGE_REQUEST_IID}-sessions}"
       has_ledger=0
       push_ok=0
 
@@ -39,6 +51,7 @@ PY
 | --- | --- |
 | Ledger ref | \\`${ledger_ref}\\` |
 | Artifact branch | ${CI_PROJECT_URL}/-/tree/${artifact_branch} |
+| Retention | $( [ -n "$archive_branch" ] && printf 'persistent archive branch' || printf 'ephemeral branch' ) |
 "
 
       if [ "$has_ledger" -ne 1 ]; then
@@ -52,7 +65,7 @@ PY
       else
         body="${body}
 | Status | artifact branch updated |
-| Next action | Open the artifact branch or run the full session-review pipeline for digest output. |"
+| Next action | $( [ -n "$archive_branch" ] && printf 'Open the archive branch to inspect stored review snapshots.' || printf 'Open the artifact branch while the MR is active.' ) |"
       fi
 
       notes_api="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests/${CI_MERGE_REQUEST_IID}/notes"
diff --git a/crates/cli/tests/handoff_cli/cleanup_cli.rs b/crates/cli/tests/handoff_cli/cleanup_cli.rs
index 3af53475..abb94de0 100644
--- a/crates/cli/tests/handoff_cli/cleanup_cli.rs
+++ b/crates/cli/tests/handoff_cli/cleanup_cli.rs
@@ -66,6 +66,67 @@ fn cleanup_init_github_writes_expected_files() {
     );
 }
 
+#[test]
+fn cleanup_init_persists_session_archive_branch_setting() {
+    let tmp = make_home();
+    let repo = tmp.path().join("repo");
+    let remote = tmp.path().join("cleanup-archive-remote.git");
+    init_git_repo(&repo);
+    run_git(
+        tmp.path(),
+        &["init", "--bare", remote.to_str().expect("remote")],
+    );
+    run_git(
+        &repo,
+        &["remote", "add", "origin", remote.to_str().expect("remote")],
+    );
+
+    let out = run(
+        tmp.path(),
+        &repo,
+        &[
+            "cleanup",
+            "init",
+            "--provider",
+            "github",
+            "--session-archive-branch",
+            "pr/sessions",
+            "--yes",
+            "--json",
+        ],
+    );
+    assert!(
+        out.status.success(),
+        "cleanup init failed: {}",
+        String::from_utf8_lossy(&out.stderr)
+    );
+
+    let payload: Value = serde_json::from_slice(&out.stdout).expect("cleanup init json");
+    assert_eq!(
+        payload
+            .get("session_archive_branch")
+            .and_then(Value::as_str),
+        Some("pr/sessions")
+    );
+
+    let config_body = fs::read_to_string(
+        repo.join(".opensession")
+            .join("cleanup")
+            .join("config.toml"),
+    )
+    .expect("read cleanup config");
+    assert!(config_body.contains("session_archive_branch = \"pr/sessions\""));
+
+    let workflow_body = fs::read_to_string(
+        repo.join(".github")
+            .join("workflows")
+            .join("opensession-session-review.yml"),
+    )
+    .expect("read review workflow");
+    assert!(workflow_body.contains("session_archive_branch"));
+    assert!(workflow_body.contains("Delete ephemeral artifact branch"));
+}
+
 #[test]
 fn cleanup_init_gitlab_without_marker_reports_manual_steps() {
     let tmp = make_home();
@@ -249,6 +310,13 @@ fn cleanup_run_dry_and_apply_handles_hidden_and_artifact_refs() {
     );
     run_git(&repo, &["checkout", "main"]);
 
+    run_git(&repo, &["checkout", "-b", "pr/sessions"]);
+    write_file(&repo.join("archive.txt"), "persistent archive branch\n");
+    run_git(&repo, &["add", "."]);
+    run_git(&repo, &["commit", "-m", "archive branch"]);
+    run_git(&repo, &["push", "origin", "pr/sessions:pr/sessions"]);
+    run_git(&repo, &["checkout", "main"]);
+
     let init_out = run(
         tmp.path(),
         &repo,
@@ -295,6 +363,18 @@ fn cleanup_run_dry_and_apply_handles_hidden_and_artifact_refs() {
             .unwrap_or(false),
         "expected artifact branch candidate in dry-run"
     );
+    assert!(
+        !dry_payload
+            .get("artifact_candidates")
+            .and_then(Value::as_array)
+            .into_iter()
+            .flatten()
+            .any(|item| item
+                .as_str()
+                .unwrap_or_default()
+                .contains("refs/heads/pr/sessions")),
+        "persistent archive branch should not be targeted by janitor"
+    );
 
     let apply_out = run(tmp.path(), &repo, &["cleanup", "run", "--apply", "--json"]);
     assert!(
@@ -324,4 +404,12 @@ fn cleanup_run_dry_and_apply_handles_hidden_and_artifact_refs() {
         }),
         "expected artifact branch deletion"
     );
+    assert!(
+        !deleted.iter().any(|item| {
+            item.as_str()
+                .unwrap_or_default()
+                .contains("refs/heads/pr/sessions")
+        }),
+        "persistent archive branch should not be deleted"
+    );
 }
diff --git a/docs.ko.md b/docs.ko.md
index c2362fe7..80af8661 100644
--- a/docs.ko.md
+++ b/docs.ko.md
@@ -200,17 +200,21 @@ opensession cleanup run --apply
 
 - hidden ref TTL: 30일
 - artifact branch TTL: 30일
+- 기본값은 ephemeral PR/MR artifact branch이며 리뷰가 닫히면 삭제됩니다. `--session-archive-branch <branch>`를 설정하면 `pr/sessions` 같은 전용 archive branch에 immutable snapshot을 계속 보관합니다.
 
 민감한 저장소용:
 
 ```bash
 opensession cleanup init --provider auto --hidden-ttl-days 0 --artifact-ttl-days 0 --yes
+
+# 전용 브랜치에 리뷰 스냅샷 영구 보관
+opensession cleanup init --provider auto --session-archive-branch pr/sessions --yes
 ```
 
 프로바이더 매트릭스:
 
-- GitHub: `.github/workflows/opensession-cleanup.yml`와 `.github/workflows/opensession-session-review.yml`을 생성합니다. PR 업데이트 시 `opensession/pr-<number>-sessions`를 게시/갱신하고 PR 코멘트를 upsert합니다.
-- GitLab: `.gitlab/opensession-cleanup.yml`와 `.gitlab/opensession-session-review.yml`을 생성합니다. `.gitlab-ci.yml`은 OpenSession 관리 마커 블록이 있을 때만(또는 새 파일일 때만) 갱신합니다. MR 파이프라인은 `opensession/mr-<iid>-sessions`를 게시/갱신하고 MR note를 남깁니다.
+- GitHub: `.github/workflows/opensession-cleanup.yml`와 `.github/workflows/opensession-session-review.yml`을 생성합니다. 기본값은 ephemeral `opensession/pr-<number>-sessions` 브랜치를 PR 동안만 유지하고 PR close 시 삭제합니다. `--session-archive-branch <branch>`를 설정하면 `pr/sessions` 같은 전용 archive branch에 immutable snapshot을 저장합니다.
+- GitLab: `.gitlab/opensession-cleanup.yml`와 `.gitlab/opensession-session-review.yml`을 생성합니다. `.gitlab-ci.yml`은 OpenSession 관리 마커 블록이 있을 때만(또는 새 파일일 때만) 갱신합니다. MR 파이프라인은 `opensession/mr-<iid>-sessions`를 게시/갱신하거나, `--session-archive-branch`가 설정된 경우 해당 archive branch를 사용합니다.
 - Generic git: cron/system scheduler 연동용 `.opensession/cleanup/cron.example`를 생성합니다.
 - session-review 코멘트에는 `Reviewer Quick Digest`가 포함되며, Q&A 발췌(`Question | Answer` 행), 수정 파일 요약, 추가/수정 테스트가 함께 표시됩니다.
 
diff --git a/docs.md b/docs.md
index 30890ed5..334c144d 100644
--- a/docs.md
+++ b/docs.md
@@ -194,6 +194,9 @@ opensession cleanup run
 
 # Apply deletions
 opensession cleanup run --apply
+
+# Keep review snapshots permanently on a dedicated branch
+opensession cleanup init --provider auto --session-archive-branch pr/sessions --yes
 ```
 
 Defaults:
@@ -209,8 +212,8 @@ opensession cleanup init --provider auto --hidden-ttl-days 0 --artifact-ttl-days
 
 Provider matrix:
 
-- GitHub: `.github/workflows/opensession-cleanup.yml` plus `.github/workflows/opensession-session-review.yml` are generated. PR updates publish/refresh `opensession/pr-<number>-sessions` and upsert a PR comment.
-- GitLab: `.gitlab/opensession-cleanup.yml` plus `.gitlab/opensession-session-review.yml` are generated; `.gitlab-ci.yml` is updated only when an OpenSession managed marker block exists (or file is newly created). MR pipelines publish/refresh `opensession/mr-<iid>-sessions` and post an MR note.
+- GitHub: `.github/workflows/opensession-cleanup.yml` plus `.github/workflows/opensession-session-review.yml` are generated. By default PR updates publish ephemeral `opensession/pr-<number>-sessions` branches and delete them when the PR closes; set `--session-archive-branch <branch>` to keep immutable review snapshots on a dedicated archive branch such as `pr/sessions`.
+- GitLab: `.gitlab/opensession-cleanup.yml` plus `.gitlab/opensession-session-review.yml` are generated; `.gitlab-ci.yml` is updated only when an OpenSession managed marker block exists (or file is newly created). MR pipelines publish/refresh `opensession/mr-<iid>-sessions` and post an MR note, or use the configured archive branch when `--session-archive-branch` is set.
 - Generic git: `.opensession/cleanup/cron.example` is generated for cron/system scheduler wiring.
 - Session-review comments include `Reviewer Quick Digest` with Q&A excerpts (`Question | Answer` rows), modified file summary, and added/updated tests.
 
diff --git a/scripts/check-session-review-workflow.mjs b/scripts/check-session-review-workflow.mjs
index c2580234..ea522f80 100644
--- a/scripts/check-session-review-workflow.mjs
+++ b/scripts/check-session-review-workflow.mjs
@@ -137,20 +137,29 @@ function main() {
   if (!workflow.includes('--publish-artifacts true')) {
     fail('workflow must request artifact publication for review reports.');
   }
+  if (!workflow.includes('--artifact-branch "$ARTIFACT_BRANCH"')) {
+    fail('workflow must pass resolved artifact branch context to report builder.');
+  }
+  if (!workflow.includes('--preserve-existing-artifacts "$PERSIST_ARTIFACTS"')) {
+    fail('workflow must preserve existing archive branch contents when persistent storage is enabled.');
+  }
   if (!workflow.includes('Configure git author for artifact branch')) {
     fail('workflow must configure git author before publishing artifact branch.');
   }
-  if (!workflow.includes('Apply artifact retention policy (merged PR only)')) {
-    fail('cleanup must apply artifact retention policy for merged PRs.');
+  if (!workflow.includes('Resolve artifact storage')) {
+    fail('workflow must resolve artifact storage from cleanup config.');
+  }
+  if (!workflow.includes('session_archive_branch')) {
+    fail('workflow must support repo-local session_archive_branch setting.');
   }
-  if (!workflow.includes('OPENSESSION_ARTIFACT_RETENTION')) {
-    fail('cleanup must support repository-level OPENSESSION_ARTIFACT_RETENTION variable.');
+  if (!workflow.includes("steps.storage.outputs.persistent != 'true'")) {
+    fail('cleanup must delete ephemeral artifact branches only when no archive branch is configured.');
   }
-  if (!workflow.includes("vars.OPENSESSION_ARTIFACT_RETENTION || 'next_commit'")) {
-    fail('artifact retention must default to next_commit when repo variable is unset.');
+  if (!workflow.includes('Delete ephemeral artifact branch on PR close')) {
+    fail('cleanup must delete ephemeral artifact branches on PR close.');
   }
   if (!workflow.includes('--publish-artifacts "$publish_artifacts"')) {
-    fail('final report builder must toggle artifact publishing based on retention mode.');
+    fail('final report builder must toggle artifact publishing based on archive policy.');
   }
   if (!workflow.includes('github.rest.issues.deleteComment')) {
     fail('sticky comment upsert must dedupe stale marker comments.');
diff --git a/scripts/pr_session_report.mjs b/scripts/pr_session_report.mjs
index 3751215b..bc73f3d6 100644
--- a/scripts/pr_session_report.mjs
+++ b/scripts/pr_session_report.mjs
@@ -96,7 +96,9 @@ function buildReviewId(repoFullName, prNumber, head) {
   return `gh-${owner}-${repo}-pr${prNumber}-${shortSha(head)}`;
 }
 
-function buildArtifactBranchName(prNumber) {
+function buildArtifactBranchName(prNumber, explicitBranch = '') {
+  const normalizedBranch = String(explicitBranch ?? '').trim();
+  if (normalizedBranch) return normalizedBranch;
   if (!prNumber) return null;
   return `opensession/pr-${prNumber}-sessions`;
 }
@@ -445,6 +447,8 @@ function ensureTrailingNewline(value) {
 
 function publishArtifactsBranch({
   enabled,
+  artifactBranch,
+  preserveExisting,
   repoFullName,
   prNumber,
   head,
@@ -455,7 +459,7 @@ function publishArtifactsBranch({
   commits,
   sessions,
 }) {
-  const branchName = buildArtifactBranchName(prNumber);
+  const branchName = buildArtifactBranchName(prNumber, artifactBranch);
   const artifactRoot = buildArtifactRoot(reviewId);
   if (!branchName || !artifactRoot) {
     return {
@@ -487,12 +491,25 @@ function publishArtifactsBranch({
   let publishError = null;
   try {
     runGit(['worktree', 'add', '--detach', worktreeDir]);
-    runGit(['checkout', '--orphan', branchName], { cwd: worktreeDir });
-    runGit(['rm', '-rf', '.'], { cwd: worktreeDir, allowFail: true });
+    const branchExists =
+      runGit(['ls-remote', '--exit-code', '--heads', 'origin', `refs/heads/${branchName}`], {
+        cwd: worktreeDir,
+        allowFail: true,
+      }).length > 0;
+    if (preserveExisting && branchExists) {
+      runGit(['fetch', '--no-tags', '--depth=1', 'origin', `${branchName}:${branchName}`], {
+        cwd: worktreeDir,
+      });
+      runGit(['checkout', branchName], { cwd: worktreeDir });
+      fs.rmSync(path.join(worktreeDir, artifactRoot), { recursive: true, force: true });
+    } else {
+      runGit(['checkout', '--orphan', branchName], { cwd: worktreeDir });
+      runGit(['rm', '-rf', '.'], { cwd: worktreeDir, allowFail: true });
 
-    for (const entry of fs.readdirSync(worktreeDir)) {
-      if (entry === '.git') continue;
-      fs.rmSync(path.join(worktreeDir, entry), { recursive: true, force: true });
+      for (const entry of fs.readdirSync(worktreeDir)) {
+        if (entry === '.git') continue;
+        fs.rmSync(path.join(worktreeDir, entry), { recursive: true, force: true });
+      }
     }
 
     for (const session of sessions) {
@@ -762,6 +779,8 @@ function main() {
   const prNumberRaw = args['pr-number'] ?? '';
   const prNumber = /^\d+$/.test(prNumberRaw) ? Number(prNumberRaw) : null;
   const publishArtifacts = (args['publish-artifacts'] ?? 'false') === 'true';
+  const preserveExistingArtifacts = (args['preserve-existing-artifacts'] ?? 'false') === 'true';
+  const artifactBranch = args['artifact-branch'] ?? '';
   const base = args.base ?? '';
   const head = args.head ?? '';
   const generatedAt = new Date().toISOString();
@@ -785,6 +804,8 @@ function main() {
   const reviewId = buildReviewId(repoFullName, prNumber, head);
   const artifact = publishArtifactsBranch({
     enabled: publishArtifacts,
+    artifactBranch,
+    preserveExisting: preserveExistingArtifacts,
     repoFullName,
     prNumber,
     head,
diff --git a/scripts/tests/pr-session-report.test.mjs b/scripts/tests/pr-session-report.test.mjs
index da3142e2..5c195cca 100644
--- a/scripts/tests/pr-session-report.test.mjs
+++ b/scripts/tests/pr-session-report.test.mjs
@@ -1,7 +1,12 @@
 import assert from 'node:assert/strict';
 import test from 'node:test';
 
-import { renderReport } from '../pr_session_report.mjs';
+import { buildArtifactBranchName, renderReport } from '../pr_session_report.mjs';
+
+test('buildArtifactBranchName accepts persistent branch override', () => {
+  assert.equal(buildArtifactBranchName(18), 'opensession/pr-18-sessions');
+  assert.equal(buildArtifactBranchName(18, 'pr/sessions'), 'pr/sessions');
+});
 
 test('renderReport emphasizes metrics, areas, and linked session metadata', () => {
   const report = renderReport({

From 49ceb944410077662cc9f9d9cbf12b5838e28dfc Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 20:01:47 +0900
Subject: [PATCH 28/30] Split deep CI away from PR workflow

---
 .githooks/pre-commit                        |   5 +-
 .github/workflows/ci-deep.yml               | 426 ++++++++++++++++++++
 .github/workflows/ci.yml                    | 412 +------------------
 .github/workflows/desktop-dryrun.yml        |   8 +
 CONTRIBUTING.md                             |   2 +
 README.ko.md                                |   2 +
 README.md                                   |   2 +
 docs.ko.md                                  |   7 +-
 docs.md                                     |   7 +-
 docs/development-validation-flow.md         |  13 +-
 scripts/check-ci-workflow.mjs               | 137 +++++++
 scripts/check-validation-hooks.mjs          |   2 +
 scripts/tests/ci-workflow-contract.test.mjs |  40 ++
 13 files changed, 657 insertions(+), 406 deletions(-)
 create mode 100644 .github/workflows/ci-deep.yml
 create mode 100644 scripts/check-ci-workflow.mjs
 create mode 100644 scripts/tests/ci-workflow-contract.test.mjs

diff --git a/.githooks/pre-commit b/.githooks/pre-commit
index 50b7ee9b..1d9ef63f 100755
--- a/.githooks/pre-commit
+++ b/.githooks/pre-commit
@@ -66,9 +66,10 @@ fi
 
 run_node_check "desktop build preflight" scripts/validate/desktop-build-preflight.mjs --mode local
 run_node_check "content contract check" scripts/verify-content-contract.mjs --check
+run_node_check "CI workflow check" scripts/check-ci-workflow.mjs
 run_node_check "session-review workflow check" scripts/check-session-review-workflow.mjs
-echo "Running session-review report unit tests..."
-run_mise node --test scripts/tests/pr-session-report.test.mjs
+echo "Running workflow/report unit tests..."
+run_mise node --test scripts/tests/*.test.mjs
 run_node_check "publishable dependency check" scripts/check-publishable-deps.mjs
 run_node_check "rust artifact guardrail check" scripts/check-rust-artifact-guardrails.mjs
 run_node_check "validation hook guardrail check" scripts/check-validation-hooks.mjs
diff --git a/.github/workflows/ci-deep.yml b/.github/workflows/ci-deep.yml
new file mode 100644
index 00000000..a4844d1f
--- /dev/null
+++ b/.github/workflows/ci-deep.yml
@@ -0,0 +1,426 @@
+name: CI Deep
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 3 * * *"
+
+concurrency:
+  group: ci-deep-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  checks: write
+
+env:
+  CARGO_TERM_COLOR: always
+  RUSTFLAGS: -Dwarnings
+  CARGO_INCREMENTAL: "0"
+  CARGO_PROFILE_DEV_DEBUG: "0"
+
+jobs:
+  audit:
+    name: Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+  api-e2e-server:
+    name: API E2E Server (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.93.0
+      - uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: api-e2e-server-${{ matrix.os }}
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - name: Start opensession-server
+        run: |
+          mkdir -p .ci-logs .ci-data/server
+          PORT=3000 \
+          BASE_URL=http://127.0.0.1:3000 \
+          JWT_SECRET=ci-jwt-secret \
+          OPENSESSION_ADMIN_KEY=ci-admin-key \
+          OPENSESSION_DATA_DIR="$PWD/.ci-data/server" \
+          cargo run -p opensession-server > .ci-logs/server.log 2>&1 &
+          echo $! > .ci-logs/server.pid
+      - name: Wait for server health endpoint
+        run: |
+          for i in $(seq 1 120); do
+            if curl -fsS http://127.0.0.1:3000/api/health >/dev/null; then
+              exit 0
+            fi
+            sleep 1
+          done
+          echo "server did not start in time"
+          cat .ci-logs/server.log || true
+          exit 1
+      - name: Run server API E2E suite
+        env:
+          OPENSESSION_E2E_SERVER_BASE_URL: http://127.0.0.1:3000
+          OPENSESSION_E2E_ALLOW_REMOTE: "0"
+        run: cargo test -p opensession-e2e --test server -- --nocapture
+      - name: Stop opensession-server
+        if: always()
+        run: |
+          if [ -f .ci-logs/server.pid ]; then
+            kill "$(cat .ci-logs/server.pid)" || true
+          fi
+      - name: Upload server E2E logs
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: api-e2e-server-logs-${{ matrix.os }}
+          path: .ci-logs/server.log
+          if-no-files-found: ignore
+
+  worker-web-live-e2e:
+    name: Worker + Web Live E2E (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 45
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.93.0
+      - uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: worker-web-live-e2e-${{ matrix.os }}
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: |
+            web/package-lock.json
+            packages/ui/package-lock.json
+      - name: Cache Playwright browser
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/ms-playwright
+          key: ${{ runner.os }}-playwright-${{ hashFiles('web/package-lock.json') }}
+      - name: Install UI deps
+        run: npm ci --prefer-offline --no-audit --no-fund --silent
+        working-directory: packages/ui
+      - name: Install web deps
+        run: npm ci --prefer-offline --no-audit --no-fund --silent
+        working-directory: web
+      - name: Install Playwright browser (Ubuntu)
+        if: matrix.os == 'ubuntu-latest'
+        run: npx playwright install --with-deps chromium
+        working-directory: web
+      - name: Install Playwright browser (macOS)
+        if: matrix.os == 'macos-latest'
+        run: npx playwright install chromium
+        working-directory: web
+      - name: Start wrangler dev (local)
+        run: |
+          mkdir -p .ci-logs
+          npx --yes wrangler@4 dev \
+            --ip 127.0.0.1 \
+            --port 8788 \
+            --persist-to .wrangler/state \
+            --show-interactive-dev-session=false \
+            --log-level=warn \
+            --var BASE_URL:http://127.0.0.1:8788 \
+            --var OPENSESSION_BASE_URL:http://127.0.0.1:8788 \
+            --var JWT_SECRET:ci-jwt-secret \
+            --var OPENSESSION_ADMIN_KEY:ci-admin-key \
+            --var GITHUB_CLIENT_ID:ci-github-client \
+            --var GITHUB_CLIENT_SECRET:ci-github-secret \
+            > .ci-logs/wrangler.log 2>&1 &
+          echo $! > .ci-logs/wrangler.pid
+      - name: Wait for worker health endpoint
+        run: |
+          for i in $(seq 1 360); do
+            api_code="$(curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8788/api/health || true)"
+            root_code="$(curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8788/ || true)"
+            if [ "$api_code" = "200" ] && [ "$root_code" = "200" ]; then
+              exit 0
+            fi
+            sleep 1
+          done
+          echo "wrangler dev did not start in time (api=$api_code root=$root_code)"
+          cat .ci-logs/wrangler.log || true
+          exit 1
+      - name: Start opensession-server for web live API
+        run: |
+          mkdir -p .ci-logs .ci-data/server
+          PORT=3000 \
+          BASE_URL=http://127.0.0.1:3000 \
+          JWT_SECRET=ci-jwt-secret \
+          OPENSESSION_ADMIN_KEY=ci-admin-key \
+          OPENSESSION_DATA_DIR="$PWD/.ci-data/server" \
+          OPENSESSION_LOCAL_REVIEW_ROOT="$PWD/web/e2e-live/fixtures/local-review" \
+          OPENSESSION_ALLOWED_ORIGINS=http://127.0.0.1:8788 \
+          cargo run -p opensession-server > .ci-logs/server.log 2>&1 &
+          echo $! > .ci-logs/server.pid
+      - name: Wait for server health endpoint
+        run: |
+          for i in $(seq 1 120); do
+            if curl -fsS http://127.0.0.1:3000/api/health >/dev/null; then
+              exit 0
+            fi
+            sleep 1
+          done
+          echo "opensession-server did not start in time"
+          cat .ci-logs/server.log || true
+          exit 1
+      - name: Run worker API E2E suite
+        env:
+          OPENSESSION_E2E_WORKER_BASE_URL: http://127.0.0.1:8788
+          OPENSESSION_E2E_ALLOW_REMOTE: "0"
+        run: cargo test -p opensession-e2e --test worker -- --nocapture
+      - name: Run web live Playwright suite
+        env:
+          OPENSESSION_E2E_WORKER_BASE_URL: http://127.0.0.1:8788
+          OPENSESSION_E2E_SERVER_BASE_URL: http://127.0.0.1:3000
+          OPENSESSION_E2E_ALLOW_REMOTE: "0"
+          CI: "1"
+        run: npm run test:e2e:live -- --reporter=list,junit --output=e2e-live-results
+        working-directory: web
+      - name: Stop opensession-server
+        if: always()
+        run: |
+          if [ -f .ci-logs/server.pid ]; then
+            kill "$(cat .ci-logs/server.pid)" || true
+          fi
+      - name: Stop wrangler dev
+        if: always()
+        run: |
+          if [ -f .ci-logs/wrangler.pid ]; then
+            kill "$(cat .ci-logs/wrangler.pid)" || true
+          fi
+      - name: Upload worker/web live E2E artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: worker-web-live-e2e-${{ matrix.os }}
+          path: |
+            .ci-logs/wrangler.log
+            .ci-logs/server.log
+            web/e2e-live-results
+            web/test-results
+            web/playwright-report
+          if-no-files-found: ignore
+
+  desktop-e2e:
+    name: Desktop E2E (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 30
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.93.0
+      - uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: desktop-e2e-${{ matrix.os }}
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - name: Install Linux desktop test dependencies
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            xvfb \
+            libgtk-3-dev \
+            libayatana-appindicator3-dev \
+            librsvg2-dev \
+            libwebkit2gtk-4.1-dev
+      - name: Run desktop test suite (Linux)
+        if: matrix.os == 'ubuntu-latest'
+        env:
+          OPENSESSION_E2E_DESKTOP: "1"
+        run: xvfb-run -a cargo test --manifest-path desktop/src-tauri/Cargo.toml --quiet
+      - name: Run desktop test suite (macOS)
+        if: matrix.os == 'macos-latest'
+        env:
+          OPENSESSION_E2E_DESKTOP: "1"
+        run: cargo test --manifest-path desktop/src-tauri/Cargo.toml --quiet
+
+  desktop-bundle-verify:
+    name: Desktop Bundle Verify (${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 45
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.93.0
+      - uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: desktop-bundle-verify-${{ matrix.os }}
+          save-if: ${{ github.ref == 'refs/heads/main' }}
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+          cache-dependency-path: |
+            desktop/package-lock.json
+            web/package-lock.json
+            packages/ui/package-lock.json
+      - name: Install universal Rust targets (macOS)
+        if: matrix.os == 'macos-latest'
+        run: rustup target add aarch64-apple-darwin x86_64-apple-darwin
+      - name: Install Linux desktop build dependencies
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            pkg-config \
+            xvfb \
+            patchelf \
+            libgtk-3-dev \
+            libayatana-appindicator3-dev \
+            librsvg2-dev \
+            libwebkit2gtk-4.1-dev
+      - name: Run desktop build preflight (Linux)
+        if: matrix.os == 'ubuntu-latest'
+        run: node scripts/validate/desktop-build-preflight.mjs --mode ci --os linux
+      - name: Run desktop build preflight (macOS)
+        if: matrix.os == 'macos-latest'
+        run: node scripts/validate/desktop-build-preflight.mjs --mode ci --os macos
+      - name: Install UI deps
+        run: npm ci --prefer-offline --no-audit --no-fund --silent
+        working-directory: packages/ui
+      - name: Install web deps
+        run: npm ci --prefer-offline --no-audit --no-fund --silent
+        working-directory: web
+      - name: Install desktop deps
+        run: npm ci --prefer-offline --no-audit --no-fund --silent
+        working-directory: desktop
+      - name: Link @opensession/ui
+        run: |
+          mkdir -p node_modules/@opensession
+          rm -f node_modules/@opensession/ui
+          ln -sf "${{ github.workspace }}/packages/ui" node_modules/@opensession/ui
+        working-directory: web
+      - name: Build desktop bundle (Linux)
+        if: matrix.os == 'ubuntu-latest'
+        id: build_linux
+        run: |
+          set -euo pipefail
+          mkdir -p .ci-logs
+          start="$(date +%s)"
+          npm --prefix desktop run tauri:build -- --no-sign --ci 2>&1 | tee .ci-logs/desktop-build.log
+          end="$(date +%s)"
+          echo "build_seconds=$((end - start))" >> "$GITHUB_OUTPUT"
+      - name: Build desktop bundle (macOS universal)
+        if: matrix.os == 'macos-latest'
+        id: build_macos
+        run: |
+          set -euo pipefail
+          mkdir -p .ci-logs
+          start="$(date +%s)"
+          npm --prefix desktop run tauri:build -- --target universal-apple-darwin --bundles app --no-sign --ci 2>&1 | tee .ci-logs/desktop-build.log
+          end="$(date +%s)"
+          echo "build_seconds=$((end - start))" >> "$GITHUB_OUTPUT"
+      - name: Verify desktop bundle (Linux)
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          set -euo pipefail
+          mkdir -p .ci-logs
+          BUNDLE_DIR="desktop/src-tauri/target/release/bundle"
+          APP_BIN="desktop/src-tauri/target/release/opensession-desktop"
+          if [ ! -d "$BUNDLE_DIR" ]; then
+            echo "missing bundle dir: $BUNDLE_DIR"
+            exit 1
+          fi
+          if ! find "$BUNDLE_DIR" -type f | grep -q .; then
+            echo "bundle dir has no files: $BUNDLE_DIR"
+            exit 1
+          fi
+          if [ ! -f "$APP_BIN" ]; then
+            echo "missing desktop binary: $APP_BIN"
+            exit 1
+          fi
+          xvfb-run -a sh -c '
+            "$1" > "$2" 2>&1 &
+            pid=$!
+            sleep 5
+            if ! kill -0 "$pid" 2>/dev/null; then
+              echo "desktop process exited before smoke timeout"
+              cat "$2" || true
+              exit 1
+            fi
+            kill "$pid" 2>/dev/null || true
+            wait "$pid" 2>/dev/null || true
+          ' sh "$APP_BIN" ".ci-logs/desktop-smoke.log"
+      - name: Verify desktop bundle (macOS universal)
+        if: matrix.os == 'macos-latest'
+        run: |
+          set -euo pipefail
+          mkdir -p .ci-logs
+          BUNDLE_DIR="desktop/src-tauri/target/universal-apple-darwin/release/bundle"
+          APP_PATH="$(find "${BUNDLE_DIR}/macos" -maxdepth 1 -type d -name '*.app' | head -n 1 || true)"
+          if [ -z "$APP_PATH" ]; then
+            echo "missing .app bundle in ${BUNDLE_DIR}/macos"
+            exit 1
+          fi
+          APP_BIN="${APP_PATH}/Contents/MacOS/opensession-desktop"
+          if [ ! -f "$APP_BIN" ]; then
+            echo "missing app executable: $APP_BIN"
+            exit 1
+          fi
+          archs="$(lipo -archs "$APP_BIN" | xargs)"
+          if [ "$archs" != "x86_64 arm64" ] && [ "$archs" != "arm64 x86_64" ]; then
+            echo "unexpected universal archs: $archs"
+            exit 1
+          fi
+          "$APP_BIN" > .ci-logs/desktop-smoke.log 2>&1 &
+          app_pid=$!
+          sleep 5
+          if ! kill -0 "$app_pid" 2>/dev/null; then
+            echo "desktop process exited before smoke timeout"
+            cat .ci-logs/desktop-smoke.log || true
+            exit 1
+          fi
+          kill "$app_pid" 2>/dev/null || true
+          wait "$app_pid" 2>/dev/null || true
+      - name: Collect desktop diagnostics
+        if: always()
+        env:
+          BUILD_SECONDS: ${{ steps.build_linux.outputs.build_seconds || steps.build_macos.outputs.build_seconds || '0' }}
+        run: |
+          set -euo pipefail
+          if [ "${{ matrix.os }}" = "macos-latest" ]; then
+            BUNDLE_DIR="desktop/src-tauri/target/universal-apple-darwin/release/bundle"
+            APP_BIN="desktop/src-tauri/target/universal-apple-darwin/release/bundle/macos/OpenSession Desktop.app/Contents/MacOS/opensession-desktop"
+            OS_LABEL="macos"
+          else
+            BUNDLE_DIR="desktop/src-tauri/target/release/bundle"
+            APP_BIN="desktop/src-tauri/target/release/opensession-desktop"
+            OS_LABEL="linux"
+          fi
+          scripts/ci/collect-desktop-diagnostics.sh \
+            --out-dir ".ci-diagnostics/desktop-bundle-${{ matrix.os }}" \
+            --os "$OS_LABEL" \
+            --bundle-dir "$BUNDLE_DIR" \
+            --app-bin "$APP_BIN" \
+            --build-seconds "${BUILD_SECONDS}" \
+            --smoke-log ".ci-logs/desktop-smoke.log"
+      - name: Upload desktop bundle diagnostics
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: desktop-bundle-verify-${{ matrix.os }}
+          path: |
+            .ci-logs
+            .ci-diagnostics/desktop-bundle-${{ matrix.os }}
+          if-no-files-found: ignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 15b0a2f9..095d7731 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,10 +3,13 @@ name: CI
 on:
   pull_request:
     branches: [main]
+  push:
+    branches: [main]
   workflow_dispatch:
-  schedule:
-    - cron: "0 3 * * *"
-  workflow_call:
+
+concurrency:
+  group: ci-${{ github.event.pull_request.number || github.ref || github.run_id }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
@@ -50,9 +53,11 @@ jobs:
         with:
           node-version: 22
       - run: node scripts/verify-content-contract.mjs --check
+      - run: node scripts/check-ci-workflow.mjs
       - run: node scripts/check-session-review-workflow.mjs
       - run: node scripts/check-validation-hooks.mjs
       - run: node scripts/check-doc-portability.mjs
+      - run: node --test scripts/tests/*.test.mjs
 
   fmt:
     name: Format
@@ -70,7 +75,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
+        os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -88,7 +93,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
+        os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -98,23 +103,13 @@ jobs:
           save-if: ${{ github.ref == 'refs/heads/main' }}
       - run: cargo test --workspace --exclude opensession-e2e --quiet
 
-  audit:
-    name: Audit
-    runs-on: ubuntu-latest
-    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
-    steps:
-      - uses: actions/checkout@v4
-      - uses: rustsec/audit-check@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-
   wasm-check:
     name: Worker (wasm) (${{ matrix.os }})
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
+        os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
@@ -133,7 +128,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: ${{ fromJson(github.event_name == 'pull_request' && '["ubuntu-latest"]' || '["ubuntu-latest","macos-latest"]') }}
+        os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -153,386 +148,3 @@ jobs:
         working-directory: web
       - run: npm run check
         working-directory: web
-
-  api-e2e-server:
-    name: API E2E Server (${{ matrix.os }})
-    if: github.event_name != 'pull_request'
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 30
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.93.0
-      - uses: Swatinem/rust-cache@v2
-        with:
-          shared-key: api-e2e-server-${{ matrix.os }}
-          save-if: ${{ github.ref == 'refs/heads/main' }}
-      - name: Start opensession-server
-        run: |
-          mkdir -p .ci-logs .ci-data/server
-          PORT=3000 \
-          BASE_URL=http://127.0.0.1:3000 \
-          JWT_SECRET=ci-jwt-secret \
-          OPENSESSION_ADMIN_KEY=ci-admin-key \
-          OPENSESSION_DATA_DIR="$PWD/.ci-data/server" \
-          cargo run -p opensession-server > .ci-logs/server.log 2>&1 &
-          echo $! > .ci-logs/server.pid
-      - name: Wait for server health endpoint
-        run: |
-          for i in $(seq 1 120); do
-            if curl -fsS http://127.0.0.1:3000/api/health >/dev/null; then
-              exit 0
-            fi
-            sleep 1
-          done
-          echo "server did not start in time"
-          cat .ci-logs/server.log || true
-          exit 1
-      - name: Run server API E2E suite
-        env:
-          OPENSESSION_E2E_SERVER_BASE_URL: http://127.0.0.1:3000
-          OPENSESSION_E2E_ALLOW_REMOTE: "0"
-        run: cargo test -p opensession-e2e --test server -- --nocapture
-      - name: Stop opensession-server
-        if: always()
-        run: |
-          if [ -f .ci-logs/server.pid ]; then
-            kill "$(cat .ci-logs/server.pid)" || true
-          fi
-      - name: Upload server E2E logs
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: api-e2e-server-logs-${{ matrix.os }}
-          path: .ci-logs/server.log
-          if-no-files-found: ignore
-
-  worker-web-live-e2e:
-    name: Worker + Web Live E2E (${{ matrix.os }})
-    if: github.event_name != 'pull_request'
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 45
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.93.0
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: npm
-          cache-dependency-path: |
-            web/package-lock.json
-            packages/ui/package-lock.json
-      - name: Install UI deps
-        run: npm ci --prefer-offline --no-audit --no-fund --silent
-        working-directory: packages/ui
-      - name: Install web deps
-        run: npm ci --prefer-offline --no-audit --no-fund --silent
-        working-directory: web
-      - name: Install Playwright browser (Ubuntu)
-        if: matrix.os == 'ubuntu-latest'
-        run: npx playwright install --with-deps chromium
-        working-directory: web
-      - name: Install Playwright browser (macOS)
-        if: matrix.os == 'macos-latest'
-        run: npx playwright install chromium
-        working-directory: web
-      - name: Start wrangler dev (local)
-        run: |
-          mkdir -p .ci-logs
-          npx --yes wrangler@4 dev \
-            --ip 127.0.0.1 \
-            --port 8788 \
-            --persist-to .wrangler/state \
-            --show-interactive-dev-session=false \
-            --log-level=warn \
-            --var BASE_URL:http://127.0.0.1:8788 \
-            --var OPENSESSION_BASE_URL:http://127.0.0.1:8788 \
-            --var JWT_SECRET:ci-jwt-secret \
-            --var OPENSESSION_ADMIN_KEY:ci-admin-key \
-            --var GITHUB_CLIENT_ID:ci-github-client \
-            --var GITHUB_CLIENT_SECRET:ci-github-secret \
-            > .ci-logs/wrangler.log 2>&1 &
-          echo $! > .ci-logs/wrangler.pid
-      - name: Wait for worker health endpoint
-        run: |
-          for i in $(seq 1 360); do
-            api_code="$(curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8788/api/health || true)"
-            root_code="$(curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8788/ || true)"
-            if [ "$api_code" = "200" ] && [ "$root_code" = "200" ]; then
-              exit 0
-            fi
-            sleep 1
-          done
-          echo "wrangler dev did not start in time (api=$api_code root=$root_code)"
-          cat .ci-logs/wrangler.log || true
-          exit 1
-      - name: Start opensession-server for web live API
-        run: |
-          mkdir -p .ci-logs .ci-data/server
-          PORT=3000 \
-          BASE_URL=http://127.0.0.1:3000 \
-          JWT_SECRET=ci-jwt-secret \
-          OPENSESSION_ADMIN_KEY=ci-admin-key \
-          OPENSESSION_DATA_DIR="$PWD/.ci-data/server" \
-          OPENSESSION_LOCAL_REVIEW_ROOT="$PWD/web/e2e-live/fixtures/local-review" \
-          OPENSESSION_ALLOWED_ORIGINS=http://127.0.0.1:8788 \
-          cargo run -p opensession-server > .ci-logs/server.log 2>&1 &
-          echo $! > .ci-logs/server.pid
-      - name: Wait for server health endpoint
-        run: |
-          for i in $(seq 1 120); do
-            if curl -fsS http://127.0.0.1:3000/api/health >/dev/null; then
-              exit 0
-            fi
-            sleep 1
-          done
-          echo "opensession-server did not start in time"
-          cat .ci-logs/server.log || true
-          exit 1
-      - name: Run worker API E2E suite
-        env:
-          OPENSESSION_E2E_WORKER_BASE_URL: http://127.0.0.1:8788
-          OPENSESSION_E2E_ALLOW_REMOTE: "0"
-        run: cargo test -p opensession-e2e --test worker -- --nocapture
-      - name: Run web live Playwright suite
-        env:
-          OPENSESSION_E2E_WORKER_BASE_URL: http://127.0.0.1:8788
-          OPENSESSION_E2E_SERVER_BASE_URL: http://127.0.0.1:3000
-          OPENSESSION_E2E_ALLOW_REMOTE: "0"
-          CI: "1"
-        run: npm run test:e2e:live -- --reporter=list,junit --output=e2e-live-results
-        working-directory: web
-      - name: Stop opensession-server
-        if: always()
-        run: |
-          if [ -f .ci-logs/server.pid ]; then
-            kill "$(cat .ci-logs/server.pid)" || true
-          fi
-      - name: Stop wrangler dev
-        if: always()
-        run: |
-          if [ -f .ci-logs/wrangler.pid ]; then
-            kill "$(cat .ci-logs/wrangler.pid)" || true
-          fi
-      - name: Upload worker/web live E2E artifacts
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: worker-web-live-e2e-${{ matrix.os }}
-          path: |
-            .ci-logs/wrangler.log
-            .ci-logs/server.log
-            web/e2e-live-results
-            web/test-results
-            web/playwright-report
-          if-no-files-found: ignore
-
-  desktop-e2e:
-    name: Desktop E2E (${{ matrix.os }})
-    if: github.event_name != 'pull_request'
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 30
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.93.0
-      - name: Install Linux desktop test dependencies
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-            xvfb \
-            libgtk-3-dev \
-            libayatana-appindicator3-dev \
-            librsvg2-dev \
-            libwebkit2gtk-4.1-dev
-      - name: Run desktop test suite (Linux)
-        if: matrix.os == 'ubuntu-latest'
-        env:
-          OPENSESSION_E2E_DESKTOP: "1"
-        run: xvfb-run -a cargo test --manifest-path desktop/src-tauri/Cargo.toml --quiet
-      - name: Run desktop test suite (macOS)
-        if: matrix.os == 'macos-latest'
-        env:
-          OPENSESSION_E2E_DESKTOP: "1"
-        run: cargo test --manifest-path desktop/src-tauri/Cargo.toml --quiet
-
-  desktop-bundle-verify:
-    name: Desktop Bundle Verify (${{ matrix.os }})
-    if: github.event_name != 'pull_request'
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 45
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.93.0
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 22
-          cache: npm
-          cache-dependency-path: |
-            desktop/package-lock.json
-            web/package-lock.json
-            packages/ui/package-lock.json
-      - name: Install universal Rust targets (macOS)
-        if: matrix.os == 'macos-latest'
-        run: rustup target add aarch64-apple-darwin x86_64-apple-darwin
-      - name: Install Linux desktop build dependencies
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y \
-            pkg-config \
-            xvfb \
-            patchelf \
-            libgtk-3-dev \
-            libayatana-appindicator3-dev \
-            librsvg2-dev \
-            libwebkit2gtk-4.1-dev
-      - name: Run desktop build preflight (Linux)
-        if: matrix.os == 'ubuntu-latest'
-        run: node scripts/validate/desktop-build-preflight.mjs --mode ci --os linux
-      - name: Run desktop build preflight (macOS)
-        if: matrix.os == 'macos-latest'
-        run: node scripts/validate/desktop-build-preflight.mjs --mode ci --os macos
-      - name: Install UI deps
-        run: npm ci --prefer-offline --no-audit --no-fund --silent
-        working-directory: packages/ui
-      - name: Install web deps
-        run: npm ci --prefer-offline --no-audit --no-fund --silent
-        working-directory: web
-      - name: Install desktop deps
-        run: npm ci --prefer-offline --no-audit --no-fund --silent
-        working-directory: desktop
-      - name: Link @opensession/ui
-        run: |
-          mkdir -p node_modules/@opensession
-          rm -f node_modules/@opensession/ui
-          ln -sf "${{ github.workspace }}/packages/ui" node_modules/@opensession/ui
-        working-directory: web
-      - name: Build desktop bundle (Linux)
-        if: matrix.os == 'ubuntu-latest'
-        id: build_linux
-        run: |
-          set -euo pipefail
-          mkdir -p .ci-logs
-          start="$(date +%s)"
-          npm --prefix desktop run tauri:build -- --no-sign --ci 2>&1 | tee .ci-logs/desktop-build.log
-          end="$(date +%s)"
-          echo "build_seconds=$((end - start))" >> "$GITHUB_OUTPUT"
-      - name: Build desktop bundle (macOS universal)
-        if: matrix.os == 'macos-latest'
-        id: build_macos
-        run: |
-          set -euo pipefail
-          mkdir -p .ci-logs
-          start="$(date +%s)"
-          npm --prefix desktop run tauri:build -- --target universal-apple-darwin --bundles app --no-sign --ci 2>&1 | tee .ci-logs/desktop-build.log
-          end="$(date +%s)"
-          echo "build_seconds=$((end - start))" >> "$GITHUB_OUTPUT"
-      - name: Verify desktop bundle (Linux)
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          set -euo pipefail
-          mkdir -p .ci-logs
-          BUNDLE_DIR="desktop/src-tauri/target/release/bundle"
-          APP_BIN="desktop/src-tauri/target/release/opensession-desktop"
-          if [ ! -d "$BUNDLE_DIR" ]; then
-            echo "missing bundle dir: $BUNDLE_DIR"
-            exit 1
-          fi
-          if ! find "$BUNDLE_DIR" -type f | grep -q .; then
-            echo "bundle dir has no files: $BUNDLE_DIR"
-            exit 1
-          fi
-          if [ ! -f "$APP_BIN" ]; then
-            echo "missing desktop binary: $APP_BIN"
-            exit 1
-          fi
-          xvfb-run -a sh -c '
-            "$1" > "$2" 2>&1 &
-            pid=$!
-            sleep 5
-            if ! kill -0 "$pid" 2>/dev/null; then
-              echo "desktop process exited before smoke timeout"
-              cat "$2" || true
-              exit 1
-            fi
-            kill "$pid" 2>/dev/null || true
-            wait "$pid" 2>/dev/null || true
-          ' sh "$APP_BIN" ".ci-logs/desktop-smoke.log"
-      - name: Verify desktop bundle (macOS universal)
-        if: matrix.os == 'macos-latest'
-        run: |
-          set -euo pipefail
-          mkdir -p .ci-logs
-          BUNDLE_DIR="desktop/src-tauri/target/universal-apple-darwin/release/bundle"
-          APP_PATH="$(find "${BUNDLE_DIR}/macos" -maxdepth 1 -type d -name '*.app' | head -n 1 || true)"
-          if [ -z "$APP_PATH" ]; then
-            echo "missing .app bundle in ${BUNDLE_DIR}/macos"
-            exit 1
-          fi
-          APP_BIN="${APP_PATH}/Contents/MacOS/opensession-desktop"
-          if [ ! -f "$APP_BIN" ]; then
-            echo "missing app executable: $APP_BIN"
-            exit 1
-          fi
-          archs="$(lipo -archs "$APP_BIN" | xargs)"
-          if [ "$archs" != "x86_64 arm64" ] && [ "$archs" != "arm64 x86_64" ]; then
-            echo "unexpected universal archs: $archs"
-            exit 1
-          fi
-          "$APP_BIN" > .ci-logs/desktop-smoke.log 2>&1 &
-          app_pid=$!
-          sleep 5
-          if ! kill -0 "$app_pid" 2>/dev/null; then
-            echo "desktop process exited before smoke timeout"
-            cat .ci-logs/desktop-smoke.log || true
-            exit 1
-          fi
-          kill "$app_pid" 2>/dev/null || true
-          wait "$app_pid" 2>/dev/null || true
-      - name: Collect desktop diagnostics
-        if: always()
-        env:
-          BUILD_SECONDS: ${{ steps.build_linux.outputs.build_seconds || steps.build_macos.outputs.build_seconds || '0' }}
-        run: |
-          set -euo pipefail
-          if [ "${{ matrix.os }}" = "macos-latest" ]; then
-            BUNDLE_DIR="desktop/src-tauri/target/universal-apple-darwin/release/bundle"
-            APP_BIN="desktop/src-tauri/target/universal-apple-darwin/release/bundle/macos/OpenSession Desktop.app/Contents/MacOS/opensession-desktop"
-            OS_LABEL="macos"
-          else
-            BUNDLE_DIR="desktop/src-tauri/target/release/bundle"
-            APP_BIN="desktop/src-tauri/target/release/opensession-desktop"
-            OS_LABEL="linux"
-          fi
-          scripts/ci/collect-desktop-diagnostics.sh \
-            --out-dir ".ci-diagnostics/desktop-bundle-${{ matrix.os }}" \
-            --os "$OS_LABEL" \
-            --bundle-dir "$BUNDLE_DIR" \
-            --app-bin "$APP_BIN" \
-            --build-seconds "${BUILD_SECONDS}" \
-            --smoke-log ".ci-logs/desktop-smoke.log"
-      - name: Upload desktop bundle diagnostics
-        if: failure()
-        uses: actions/upload-artifact@v4
-        with:
-          name: desktop-bundle-verify-${{ matrix.os }}
-          path: |
-            .ci-logs
-            .ci-diagnostics/desktop-bundle-${{ matrix.os }}
-          if-no-files-found: ignore
diff --git a/.github/workflows/desktop-dryrun.yml b/.github/workflows/desktop-dryrun.yml
index e39ddce9..f2f59c4d 100644
--- a/.github/workflows/desktop-dryrun.yml
+++ b/.github/workflows/desktop-dryrun.yml
@@ -5,6 +5,10 @@ on:
   schedule:
     - cron: "30 2 * * *"
 
+concurrency:
+  group: desktop-dryrun-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
 permissions:
   contents: read
 
@@ -20,6 +24,10 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@1.93.0
+      - uses: Swatinem/rust-cache@v2
+        with:
+          shared-key: desktop-dryrun-${{ matrix.os }}
+          save-if: ${{ github.ref == 'refs/heads/main' }}
       - uses: actions/setup-node@v4
         with:
           node-version: 22
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f43bd02d..f73007a1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -18,6 +18,8 @@
 4. For web/runtime-web changes, validate at least one real user path with `wrangler dev` + Playwright live suite.
 5. API route changes: update the endpoint table in README.
 
+PR CI is intentionally lean; heavy E2E/desktop jobs are reserved for local validation first and the scheduled/manual `.github/workflows/ci-deep.yml` workflow.
+
 Validation details (local + CI parity) live in `docs/development-validation-flow.md`.
 
 ## Project Structure
diff --git a/README.ko.md b/README.ko.md
index 7e5cb718..1f76f884 100644
--- a/README.ko.md
+++ b/README.ko.md
@@ -352,6 +352,8 @@ opensession share os://src/local/<sha256> --quick
 ./.githooks/pre-push
 ```
 
+PR CI는 의도적으로 가볍게 유지합니다. `.github/workflows/ci.yml`에는 빠른 기본 게이트만 남기고, 무거운 GitHub-hosted E2E/desktop 검증은 `.github/workflows/ci-deep.yml`로 분리해 로컬에서 먼저 검증하는 흐름을 기준으로 둡니다.
+
 ```bash
 # 웹 런타임 검증 (wrangler + opensession-server 기동 이후)
 cd web
diff --git a/README.md b/README.md
index bf630a91..f4098a34 100644
--- a/README.md
+++ b/README.md
@@ -350,6 +350,8 @@ opensession share os://src/local/<sha256> --quick
 ./.githooks/pre-push
 ```
 
+PR CI is intentionally lean: `.github/workflows/ci.yml` keeps only fast baseline gates, while heavy GitHub-hosted E2E/desktop validation lives in `.github/workflows/ci-deep.yml` and should be exercised locally first.
+
 ```bash
 # Runtime web validation (after starting wrangler + opensession-server)
 cd web
diff --git a/docs.ko.md b/docs.ko.md
index 80af8661..77545cec 100644
--- a/docs.ko.md
+++ b/docs.ko.md
@@ -231,9 +231,14 @@ opensession cleanup init --provider auto --session-archive-branch pr/sessions --
 ./.githooks/pre-push
 ```
 
+GitHub CI 분리 정책:
+
+- `.github/workflows/ci.yml`은 빠른 PR/main 게이트만 유지합니다.
+- `.github/workflows/ci-deep.yml`이 장시간 audit/E2E/desktop 검증을 정기/수동 트리거로 담당합니다.
+
 데스크톱 빌드 정책:
 
-- CI에서 Linux 데스크톱 번들 빌드 검증(`desktop-bundle-verify`)을 필수로 수행합니다.
+- deep CI에서 Linux 데스크톱 번들 빌드 검증(`desktop-bundle-verify`)을 필수로 수행합니다.
 - macOS 데스크톱 릴리즈 타깃은 `universal-apple-darwin`만 허용합니다.
 - universal 아키텍처는 `lipo -archs`로 검증하며 반드시 `x86_64`와 `arm64`를 모두 포함해야 합니다.
 - 정기/수동 `Desktop Dry Run` 워크플로는 no-sign 데스크톱 번들을 검증하고 diagnostics/metrics artifact를 업로드합니다.
diff --git a/docs.md b/docs.md
index 334c144d..d1b228cf 100644
--- a/docs.md
+++ b/docs.md
@@ -230,9 +230,14 @@ Quick local gate commands:
 ./.githooks/pre-push
 ```
 
+GitHub CI split:
+
+- `.github/workflows/ci.yml` keeps fast PR/main gates only.
+- `.github/workflows/ci-deep.yml` owns long-running audit/E2E/desktop validation on schedule or manual trigger.
+
 Desktop build policy:
 
-- Linux desktop bundle build verification is required in CI (`desktop-bundle-verify`).
+- Linux desktop bundle build verification is required in deep CI (`desktop-bundle-verify`).
 - macOS desktop release target is `universal-apple-darwin` only.
 - Universal architecture is validated by `lipo -archs` and must include both `x86_64` and `arm64`.
 - A scheduled/manual `Desktop Dry Run` workflow validates no-sign desktop bundling and uploads diagnostics/metrics artifacts.
diff --git a/docs/development-validation-flow.md b/docs/development-validation-flow.md
index c243c6ec..8187fc5e 100644
--- a/docs/development-validation-flow.md
+++ b/docs/development-validation-flow.md
@@ -115,23 +115,32 @@ Desktop E2E:
 
 ## CI Required Gates
 
-`.github/workflows/ci.yml` runs required jobs on both `ubuntu-latest` and `macos-latest`:
+Lean PR/main CI lives in `.github/workflows/ci.yml`:
 
+- release surface + version sync contract
+- content/workflow/doc guardrails
+- `cargo fmt --all -- --check`
 - workspace `clippy`
 - workspace tests (`opensession-e2e` excluded in unit/integration stage)
 - worker wasm clippy
 - frontend checks
+
+Deep GitHub-hosted validation lives in `.github/workflows/ci-deep.yml` and runs on schedule/manual trigger:
+
+- dependency audit
 - API E2E server suite
 - worker API + web live Playwright E2E
 - desktop E2E
 - desktop bundle verify (Linux + macOS universal build + smoke + diagnostics)
 
-Failure artifacts (Playwright report/trace and runtime logs) are uploaded on failing E2E jobs.
+Failure artifacts (Playwright report/trace and runtime logs) are uploaded on failing deep E2E jobs.
+This split keeps PR checks small and pushes long-running validation toward local hooks/runtime runs first, with GitHub deep runs used for scheduled or explicit verification.
 
 Desktop dry-run reliability workflow:
 
 - `.github/workflows/desktop-dryrun.yml` runs on schedule/manual trigger.
 - Performs Linux/macOS no-sign bundle builds and smoke checks.
+- Uses rust-cache to avoid rebuilding the desktop workspace from scratch on every run.
 - Uploads diagnostics (`.ci-logs`, `.ci-diagnostics`) and metrics summary artifacts.
 
 ## Session Review Automation Output
diff --git a/scripts/check-ci-workflow.mjs b/scripts/check-ci-workflow.mjs
new file mode 100644
index 00000000..027ec3f5
--- /dev/null
+++ b/scripts/check-ci-workflow.mjs
@@ -0,0 +1,137 @@
+#!/usr/bin/env node
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+const repoRoot = process.cwd();
+const leanWorkflowPath = path.join(repoRoot, '.github/workflows/ci.yml');
+const deepWorkflowPath = path.join(repoRoot, '.github/workflows/ci-deep.yml');
+
+function fail(message) {
+	console.error(`[ci-workflow-check] ${message}`);
+	process.exitCode = 1;
+}
+
+function readFileSafe(absPath) {
+	try {
+		return fs.readFileSync(absPath, 'utf8');
+	} catch (err) {
+		fail(`Cannot read ${path.relative(repoRoot, absPath)}: ${err.message}`);
+		return '';
+	}
+}
+
+function requireIncludes(content, snippet, message) {
+	if (!content.includes(snippet)) {
+		fail(message);
+	}
+}
+
+function requireExcludes(content, snippet, message) {
+	if (content.includes(snippet)) {
+		fail(message);
+	}
+}
+
+function main() {
+	const leanWorkflow = readFileSafe(leanWorkflowPath);
+	const deepWorkflow = readFileSafe(deepWorkflowPath);
+	if (!leanWorkflow || !deepWorkflow) {
+		process.exit(process.exitCode ?? 1);
+	}
+
+	requireIncludes(leanWorkflow, 'name: CI', 'Lean workflow must keep the CI badge target.');
+	requireIncludes(
+		leanWorkflow,
+		'pull_request:\n    branches: [main]',
+		'Lean workflow must run on pull requests targeting main.',
+	);
+	requireIncludes(
+		leanWorkflow,
+		'push:\n    branches: [main]',
+		'Lean workflow must run on pushes to main for post-merge confirmation.',
+	);
+	requireIncludes(leanWorkflow, 'concurrency:', 'Lean workflow must cancel superseded runs.');
+	requireIncludes(
+		leanWorkflow,
+		'node scripts/check-ci-workflow.mjs',
+		'Lean workflow must self-validate CI split contract.',
+	);
+	requireIncludes(
+		leanWorkflow,
+		'node --test scripts/tests/*.test.mjs',
+		'Lean workflow must run workflow/report script tests.',
+	);
+	for (const requiredJob of [
+		'name: Release Surface',
+		'name: Content Contract',
+		'name: Format',
+		'name: Clippy (${{ matrix.os }})',
+		'name: Test (${{ matrix.os }})',
+		'name: Worker (wasm) (${{ matrix.os }})',
+		'name: Frontend (${{ matrix.os }})',
+	]) {
+		requireIncludes(leanWorkflow, requiredJob, `Lean workflow missing expected job: ${requiredJob}`);
+	}
+	for (const forbiddenJob of [
+		'name: Audit',
+		'name: API E2E Server (${{ matrix.os }})',
+		'name: Worker + Web Live E2E (${{ matrix.os }})',
+		'name: Desktop E2E (${{ matrix.os }})',
+		'name: Desktop Bundle Verify (${{ matrix.os }})',
+	]) {
+		requireExcludes(
+			leanWorkflow,
+			forbiddenJob,
+			`Lean workflow must not include deep validation job: ${forbiddenJob}`,
+		);
+	}
+	requireExcludes(
+		leanWorkflow,
+		'github.event_name != \'pull_request\'',
+		'Lean workflow must not rely on skipped non-PR jobs.',
+	);
+	requireExcludes(leanWorkflow, 'schedule:', 'Lean workflow must not schedule deep validation.');
+
+	requireIncludes(deepWorkflow, 'name: CI Deep', 'Deep workflow must be defined in a separate file.');
+	requireIncludes(deepWorkflow, 'workflow_dispatch:', 'Deep workflow must support manual runs.');
+	requireIncludes(deepWorkflow, 'schedule:', 'Deep workflow must support scheduled runs.');
+	requireExcludes(
+		deepWorkflow,
+		'pull_request:',
+		'Deep workflow must stay off pull_request to keep PR checks lean.',
+	);
+	requireIncludes(deepWorkflow, 'concurrency:', 'Deep workflow must cancel superseded runs.');
+	for (const requiredJob of [
+		'name: Audit',
+		'name: API E2E Server (${{ matrix.os }})',
+		'name: Worker + Web Live E2E (${{ matrix.os }})',
+		'name: Desktop E2E (${{ matrix.os }})',
+		'name: Desktop Bundle Verify (${{ matrix.os }})',
+	]) {
+		requireIncludes(deepWorkflow, requiredJob, `Deep workflow missing expected job: ${requiredJob}`);
+	}
+	requireIncludes(
+		deepWorkflow,
+		'~/.cache/ms-playwright',
+		'Deep workflow must cache Playwright browsers for live web validation.',
+	);
+	for (const rustCacheKey of [
+		'worker-web-live-e2e-${{ matrix.os }}',
+		'desktop-e2e-${{ matrix.os }}',
+		'desktop-bundle-verify-${{ matrix.os }}',
+	]) {
+		requireIncludes(
+			deepWorkflow,
+			rustCacheKey,
+			`Deep workflow must use rust-cache for ${rustCacheKey}.`,
+		);
+	}
+
+	if (process.exitCode && process.exitCode !== 0) {
+		process.exit(process.exitCode);
+	}
+	console.log('[ci-workflow-check] OK');
+}
+
+main();
diff --git a/scripts/check-validation-hooks.mjs b/scripts/check-validation-hooks.mjs
index 82643799..82af2a4f 100644
--- a/scripts/check-validation-hooks.mjs
+++ b/scripts/check-validation-hooks.mjs
@@ -12,10 +12,12 @@ const checks = [
 			'ERROR: mise is required for pre-commit validation.',
 			'scripts/validate/desktop-build-preflight.mjs --mode local',
 			'run_node_check()',
+			'scripts/check-ci-workflow.mjs',
 			'scripts/check-rust-artifact-guardrails.mjs',
 			'scripts/check-validation-hooks.mjs',
 			'scripts/check-doc-portability.mjs',
 			'scripts/verify-content-contract.mjs',
+			'scripts/tests/*.test.mjs',
 		],
 	},
 	{
diff --git a/scripts/tests/ci-workflow-contract.test.mjs b/scripts/tests/ci-workflow-contract.test.mjs
new file mode 100644
index 00000000..624dc51d
--- /dev/null
+++ b/scripts/tests/ci-workflow-contract.test.mjs
@@ -0,0 +1,40 @@
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import path from 'node:path';
+import test from 'node:test';
+
+const repoRoot = process.cwd();
+
+test('lean CI keeps PR checks small and defers heavy validation', () => {
+	const leanWorkflow = fs.readFileSync(path.join(repoRoot, '.github/workflows/ci.yml'), 'utf8');
+
+	assert.match(leanWorkflow, /pull_request:\n\s+branches: \[main\]/);
+	assert.match(leanWorkflow, /push:\n\s+branches: \[main\]/);
+	assert.match(leanWorkflow, /node scripts\/check-ci-workflow\.mjs/);
+	assert.match(leanWorkflow, /node --test scripts\/tests\/\*\.test\.mjs/);
+	assert.doesNotMatch(leanWorkflow, /name: Audit/);
+	assert.doesNotMatch(leanWorkflow, /name: API E2E Server \(\$\{\{ matrix\.os \}\}\)/);
+	assert.doesNotMatch(leanWorkflow, /name: Worker \+ Web Live E2E \(\$\{\{ matrix\.os \}\}\)/);
+	assert.doesNotMatch(leanWorkflow, /name: Desktop E2E \(\$\{\{ matrix\.os \}\}\)/);
+	assert.doesNotMatch(leanWorkflow, /name: Desktop Bundle Verify \(\$\{\{ matrix\.os \}\}\)/);
+});
+
+test('deep CI owns scheduled heavy validation and caches expensive dependencies', () => {
+	const deepWorkflow = fs.readFileSync(
+		path.join(repoRoot, '.github/workflows/ci-deep.yml'),
+		'utf8',
+	);
+
+	assert.match(deepWorkflow, /workflow_dispatch:/);
+	assert.match(deepWorkflow, /schedule:/);
+	assert.doesNotMatch(deepWorkflow, /pull_request:/);
+	assert.match(deepWorkflow, /name: Audit/);
+	assert.match(deepWorkflow, /name: API E2E Server \(\$\{\{ matrix\.os \}\}\)/);
+	assert.match(deepWorkflow, /name: Worker \+ Web Live E2E \(\$\{\{ matrix\.os \}\}\)/);
+	assert.match(deepWorkflow, /name: Desktop E2E \(\$\{\{ matrix\.os \}\}\)/);
+	assert.match(deepWorkflow, /name: Desktop Bundle Verify \(\$\{\{ matrix\.os \}\}\)/);
+	assert.match(deepWorkflow, /~\/\.cache\/ms-playwright/);
+	assert.match(deepWorkflow, /worker-web-live-e2e-\$\{\{ matrix\.os \}\}/);
+	assert.match(deepWorkflow, /desktop-e2e-\$\{\{ matrix\.os \}\}/);
+	assert.match(deepWorkflow, /desktop-bundle-verify-\$\{\{ matrix\.os \}\}/);
+});

From db033dd40c6fbb5bc89ef25d8999ed27344b4b09 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 20:10:19 +0900
Subject: [PATCH 29/30] Skip session review automation on bot PRs

---
 .github/workflows/session-review.yml                      | 6 ++++--
 .../src/templates/cleanup/github-session-review.yml.tmpl  | 8 ++++++--
 crates/cli/tests/handoff_cli/cleanup_cli.rs               | 1 +
 docs.ko.md                                                | 2 +-
 docs.md                                                   | 2 +-
 scripts/check-session-review-workflow.mjs                 | 3 +++
 6 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/session-review.yml b/.github/workflows/session-review.yml
index a675cd31..a9decefb 100644
--- a/.github/workflows/session-review.yml
+++ b/.github/workflows/session-review.yml
@@ -21,7 +21,8 @@ jobs:
     if: >
       github.event_name == 'pull_request' &&
       (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize') &&
-      github.event.pull_request.head.repo.full_name == github.repository
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.event.pull_request.user.type != 'Bot'
     steps:
       - uses: actions/checkout@v4
         with:
@@ -151,7 +152,8 @@ jobs:
     if: >
       (github.event_name == 'pull_request' &&
        github.event.action == 'closed' &&
-       github.event.pull_request.head.repo.full_name == github.repository) ||
+       github.event.pull_request.head.repo.full_name == github.repository &&
+       github.event.pull_request.user.type != 'Bot') ||
       (github.event_name == 'delete' && github.event.ref_type == 'branch')
     steps:
       - uses: actions/checkout@v4
diff --git a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
index e4852efa..21bd2488 100644
--- a/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
+++ b/crates/cli/src/templates/cleanup/github-session-review.yml.tmpl
@@ -15,7 +15,8 @@ jobs:
     runs-on: ubuntu-latest
     if: >
       github.event.action != 'closed' &&
-      github.event.pull_request.head.repo.full_name == github.repository
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.event.pull_request.user.type != 'Bot'
     steps:
       - uses: actions/checkout@v4
         with:
@@ -149,7 +150,10 @@ jobs:
 
   cleanup:
     runs-on: ubuntu-latest
-    if: github.event.action == 'closed' && github.event.pull_request.head.repo.full_name == github.repository
+    if: >
+      github.event.action == 'closed' &&
+      github.event.pull_request.head.repo.full_name == github.repository &&
+      github.event.pull_request.user.type != 'Bot'
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/crates/cli/tests/handoff_cli/cleanup_cli.rs b/crates/cli/tests/handoff_cli/cleanup_cli.rs
index abb94de0..dcf47d46 100644
--- a/crates/cli/tests/handoff_cli/cleanup_cli.rs
+++ b/crates/cli/tests/handoff_cli/cleanup_cli.rs
@@ -125,6 +125,7 @@ fn cleanup_init_persists_session_archive_branch_setting() {
     .expect("read review workflow");
     assert!(workflow_body.contains("session_archive_branch"));
     assert!(workflow_body.contains("Delete ephemeral artifact branch"));
+    assert!(workflow_body.contains("github.event.pull_request.user.type != 'Bot'"));
 }
 
 #[test]
diff --git a/docs.ko.md b/docs.ko.md
index 77545cec..1ee1780d 100644
--- a/docs.ko.md
+++ b/docs.ko.md
@@ -160,7 +160,7 @@ opensession doctor --fix --yes --profile local --fanout-mode hidden_ref --open-t
 - `remote.<name>.push`는 수정하지 않습니다.
 - hook fanout push는 best-effort이며 경고만 출력합니다.
 - fanout helper가 없거나 fanout push가 실패하면 push를 실패시키려면 `OPENSESSION_STRICT=1`을 사용하세요.
-- PR 자동화는 현재 same-repo PR만 지원합니다.
+- PR 자동화는 현재 same-repo 비봇 PR만 지원합니다.
 - merge/branch delete cleanup은 ledger ref를 즉시 제거하고, 실제 object 제거는 remote GC 정책을 따릅니다.
 
 `share --web` 규칙:
diff --git a/docs.md b/docs.md
index d1b228cf..9abe05cb 100644
--- a/docs.md
+++ b/docs.md
@@ -160,7 +160,7 @@ opensession doctor --fix --yes --profile local --fanout-mode hidden_ref --open-t
 - Does **not** modify `remote.<name>.push`.
 - Hook fanout push is best-effort and warning-only.
 - Set `OPENSESSION_STRICT=1` to fail push when fanout helper is unavailable or fanout push fails.
-- PR automation currently targets same-repo PRs only.
+- PR automation currently targets same-repo non-bot PRs only.
 - Merge/branch-delete cleanup removes ledger refs immediately; physical object removal follows remote GC policy.
 
 `share --web` rules:
diff --git a/scripts/check-session-review-workflow.mjs b/scripts/check-session-review-workflow.mjs
index ea522f80..79630fa5 100644
--- a/scripts/check-session-review-workflow.mjs
+++ b/scripts/check-session-review-workflow.mjs
@@ -149,6 +149,9 @@ function main() {
   if (!workflow.includes('Resolve artifact storage')) {
     fail('workflow must resolve artifact storage from cleanup config.');
   }
+  if (!workflow.includes("github.event.pull_request.user.type != 'Bot'")) {
+    fail('workflow must skip session review automation for bot-authored PRs.');
+  }
   if (!workflow.includes('session_archive_branch')) {
     fail('workflow must support repo-local session_archive_branch setting.');
   }

From 081e7be88778397672ce68447ae846c936239439 Mon Sep 17 00:00:00 2001
From: hwisu <hwitticus@gmail.com>
Date: Mon, 9 Mar 2026 20:26:02 +0900
Subject: [PATCH 30/30] Trim markdown bundle footprint

---
 packages/ui/package-lock.json                 | 73 +++++++++------
 packages/ui/package.json                      |  1 -
 packages/ui/src/markdown.test.ts              |  7 ++
 packages/ui/src/markdown.ts                   | 59 ++++--------
 .../tests/package-footprint-contract.test.mjs | 26 ++++++
 web/package-lock.json                         | 90 +++++++++++++------
 web/package.json                              |  4 +-
 7 files changed, 160 insertions(+), 100 deletions(-)
 create mode 100644 scripts/tests/package-footprint-contract.test.mjs

diff --git a/packages/ui/package-lock.json b/packages/ui/package-lock.json
index def31f48..09b5d1c7 100644
--- a/packages/ui/package-lock.json
+++ b/packages/ui/package-lock.json
@@ -10,7 +10,6 @@
 			"dependencies": {
 				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
-				"isomorphic-dompurify": "^3.0.0",
 				"marked": "^17.0.4"
 			},
 			"devDependencies": {
@@ -29,12 +28,14 @@
 			"version": "0.9.31",
 			"resolved": "https://registry.npmjs.org/@acemir/cssom/-/cssom-0.9.31.tgz",
 			"integrity": "sha512-ZnR3GSaH+/vJ0YlHau21FjfLYjMpYVIzTD8M8vIEQvIGxeOXyXdzCI140rrCY862p/C/BbzWsjc1dgnM9mkoTA==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/@asamuzakjp/css-color": {
 			"version": "5.0.1",
 			"resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-5.0.1.tgz",
 			"integrity": "sha512-2SZFvqMyvboVV1d15lMf7XiI3m7SDqXUuKaTymJYLN6dSGadqp+fVojqJlVoMlbZnlTmu3S0TLwLTJpvBMO1Aw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@csstools/css-calc": "^3.1.1",
@@ -51,6 +52,7 @@
 			"version": "6.8.1",
 			"resolved": "https://registry.npmjs.org/@asamuzakjp/dom-selector/-/dom-selector-6.8.1.tgz",
 			"integrity": "sha512-MvRz1nCqW0fsy8Qz4dnLIvhOlMzqDVBabZx6lH+YywFDdjXhMY37SmpV1XFX3JzG5GWHn63j6HX6QPr3lZXHvQ==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@asamuzakjp/nwsapi": "^2.3.9",
@@ -64,6 +66,7 @@
 			"version": "2.3.9",
 			"resolved": "https://registry.npmjs.org/@asamuzakjp/nwsapi/-/nwsapi-2.3.9.tgz",
 			"integrity": "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/@biomejs/biome": {
@@ -233,6 +236,7 @@
 			"version": "2.4.2",
 			"resolved": "https://registry.npmjs.org/@bramus/specificity/-/specificity-2.4.2.tgz",
 			"integrity": "sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"css-tree": "^3.0.0"
@@ -245,6 +249,7 @@
 			"version": "6.0.2",
 			"resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
 			"integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -264,6 +269,7 @@
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-3.1.1.tgz",
 			"integrity": "sha512-HJ26Z/vmsZQqs/o3a6bgKslXGFAungXGbinULZO3eMsOyNJHeBBZfup5FiZInOghgoM4Hwnmw+OgbJCNg1wwUQ==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -287,6 +293,7 @@
 			"version": "4.0.2",
 			"resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-4.0.2.tgz",
 			"integrity": "sha512-0GEfbBLmTFf0dJlpsNU7zwxRIH0/BGEMuXLTCvFYxuL1tNhqzTbtnFICyJLTNK4a+RechKP75e7w42ClXSnJQw==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -314,6 +321,7 @@
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz",
 			"integrity": "sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -336,6 +344,7 @@
 			"version": "1.0.28",
 			"resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.28.tgz",
 			"integrity": "sha512-1NRf1CUBjnr3K7hu8BLxjQrKCxEe8FP/xmPTenAxCRZWVLbmGotkFvG9mfNpjA6k7Bw1bw4BilZq9cu19RA5pg==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -352,6 +361,7 @@
 			"version": "4.0.0",
 			"resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz",
 			"integrity": "sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==",
+			"dev": true,
 			"funding": [
 				{
 					"type": "github",
@@ -813,6 +823,7 @@
 			"version": "1.14.1",
 			"resolved": "https://registry.npmjs.org/@exodus/bytes/-/bytes-1.14.1.tgz",
 			"integrity": "sha512-OhkBFWI6GcRMUroChZiopRiSp2iAMvEBK47NhJooDqz1RERO4QuZIZnjP63TXX8GAiLABkYmX+fuQsdJ1dd2QQ==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": "^20.19.0 || ^22.12.0 || >=24.0.0"
@@ -910,7 +921,7 @@
 			"version": "2.0.7",
 			"resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
 			"integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
-			"devOptional": true,
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/acorn": {
@@ -930,6 +941,7 @@
 			"version": "7.1.4",
 			"resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
 			"integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">= 14"
@@ -959,6 +971,7 @@
 			"version": "1.0.3",
 			"resolved": "https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz",
 			"integrity": "sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"require-from-string": "^2.0.2"
@@ -978,6 +991,7 @@
 			"version": "3.1.0",
 			"resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.1.0.tgz",
 			"integrity": "sha512-0eW44TGN5SQXU1mWSkKwFstI/22X2bG1nYzZTYMAWjylYURhse752YgbE4Cx46AC+bAvI+/dYTPRk1LqSUnu6w==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"mdn-data": "2.12.2",
@@ -991,6 +1005,7 @@
 			"version": "6.1.0",
 			"resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-6.1.0.tgz",
 			"integrity": "sha512-Ml4fP2UT2K3CUBQnVlbdV/8aFDdlY69E+YnwJM+3VUWl08S3J8c8aRuJqCkD9Py8DHZ7zNNvsfKl8psocHZEFg==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@asamuzakjp/css-color": "^5.0.0",
@@ -1006,6 +1021,7 @@
 			"version": "7.0.0",
 			"resolved": "https://registry.npmjs.org/data-urls/-/data-urls-7.0.0.tgz",
 			"integrity": "sha512-23XHcCF+coGYevirZceTVD7NdJOqVn+49IHyxgszm+JIiHLoB2TkmPtsYkNWT1pvRSGkc35L6NHs0yHkN2SumA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"whatwg-mimetype": "^5.0.0",
@@ -1019,6 +1035,7 @@
 			"version": "4.4.3",
 			"resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz",
 			"integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"ms": "^2.1.3"
@@ -1036,6 +1053,7 @@
 			"version": "10.6.0",
 			"resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz",
 			"integrity": "sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/devalue": {
@@ -1045,18 +1063,6 @@
 			"dev": true,
 			"license": "MIT"
 		},
-		"node_modules/dompurify": {
-			"version": "3.3.2",
-			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
-			"integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
-			"license": "(MPL-2.0 OR Apache-2.0)",
-			"engines": {
-				"node": ">=20"
-			},
-			"optionalDependencies": {
-				"@types/trusted-types": "^2.0.7"
-			}
-		},
 		"node_modules/effect": {
 			"version": "3.19.19",
 			"resolved": "https://registry.npmjs.org/effect/-/effect-3.19.19.tgz",
@@ -1071,6 +1077,7 @@
 			"version": "6.0.1",
 			"resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
 			"integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
+			"dev": true,
 			"license": "BSD-2-Clause",
 			"engines": {
 				"node": ">=0.12"
@@ -1201,6 +1208,7 @@
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz",
 			"integrity": "sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@exodus/bytes": "^1.6.0"
@@ -1213,6 +1221,7 @@
 			"version": "7.0.2",
 			"resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
 			"integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"agent-base": "^7.1.0",
@@ -1226,6 +1235,7 @@
 			"version": "7.0.6",
 			"resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
 			"integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"agent-base": "^7.1.2",
@@ -1239,6 +1249,7 @@
 			"version": "1.0.1",
 			"resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
 			"integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/is-reference": {
@@ -1251,23 +1262,11 @@
 				"@types/estree": "^1.0.6"
 			}
 		},
-		"node_modules/isomorphic-dompurify": {
-			"version": "3.0.0",
-			"resolved": "https://registry.npmjs.org/isomorphic-dompurify/-/isomorphic-dompurify-3.0.0.tgz",
-			"integrity": "sha512-5K+MYP7Nrg74+Bi+QmQGzQ/FgEOyVHWsN8MuJy5wYQxxBRxPnWsD25Tjjt5FWYhan3OQ+vNLubyNJH9dfG03lQ==",
-			"license": "MIT",
-			"dependencies": {
-				"dompurify": "^3.3.1",
-				"jsdom": "^28.0.0"
-			},
-			"engines": {
-				"node": "^20.19.0 || ^22.12.0 || >=24.0.0"
-			}
-		},
 		"node_modules/jsdom": {
 			"version": "28.1.0",
 			"resolved": "https://registry.npmjs.org/jsdom/-/jsdom-28.1.0.tgz",
 			"integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@acemir/cssom": "^0.9.31",
@@ -1315,6 +1314,7 @@
 			"version": "11.2.6",
 			"resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.6.tgz",
 			"integrity": "sha512-ESL2CrkS/2wTPfuend7Zhkzo2u0daGJ/A2VucJOgQ/C48S/zB8MMeMHSGKYpXhIjbPxfuezITkaBH1wqv00DDQ==",
+			"dev": true,
 			"license": "BlueOak-1.0.0",
 			"engines": {
 				"node": "20 || >=22"
@@ -1346,18 +1346,21 @@
 			"version": "2.12.2",
 			"resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.12.2.tgz",
 			"integrity": "sha512-IEn+pegP1aManZuckezWCO+XZQDplx1366JoVhTpMpBB1sPey/SbveZQUosKiKiGYjg1wH4pMlNgXbCiYgihQA==",
+			"dev": true,
 			"license": "CC0-1.0"
 		},
 		"node_modules/ms": {
 			"version": "2.1.3",
 			"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
 			"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/parse5": {
 			"version": "8.0.0",
 			"resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.0.tgz",
 			"integrity": "sha512-9m4m5GSgXjL4AjumKzq1Fgfp3Z8rsvjRNbnkVwfu2ImRqE5D0LnY2QfDen18FSY9C573YU5XxSapdHZTZ2WolA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"entities": "^6.0.0"
@@ -1370,6 +1373,7 @@
 			"version": "2.3.1",
 			"resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
 			"integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">=6"
@@ -1395,6 +1399,7 @@
 			"version": "2.0.2",
 			"resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz",
 			"integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">=0.10.0"
@@ -1414,6 +1419,7 @@
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz",
 			"integrity": "sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==",
+			"dev": true,
 			"license": "ISC",
 			"dependencies": {
 				"xmlchars": "^2.2.0"
@@ -1426,6 +1432,7 @@
 			"version": "1.2.1",
 			"resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
 			"integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+			"dev": true,
 			"license": "BSD-3-Clause",
 			"engines": {
 				"node": ">=0.10.0"
@@ -1463,12 +1470,14 @@
 			"version": "3.2.4",
 			"resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
 			"integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/tldts": {
 			"version": "7.0.23",
 			"resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.23.tgz",
 			"integrity": "sha512-ASdhgQIBSay0R/eXggAkQ53G4nTJqTXqC2kbaBbdDwM7SkjyZyO0OaaN1/FH7U/yCeqOHDwFO5j8+Os/IS1dXw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"tldts-core": "^7.0.23"
@@ -1481,12 +1490,14 @@
 			"version": "7.0.23",
 			"resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.23.tgz",
 			"integrity": "sha512-0g9vrtDQLrNIiCj22HSe9d4mLVG3g5ph5DZ8zCKBr4OtrspmNB6ss7hVyzArAeE88ceZocIEGkyW1Ime7fxPtQ==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/tough-cookie": {
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.0.tgz",
 			"integrity": "sha512-kXuRi1mtaKMrsLUxz3sQYvVl37B0Ns6MzfrtV5DvJceE9bPyspOqk9xxv7XbZWcfLWbFmm997vl83qUWVJA64w==",
+			"dev": true,
 			"license": "BSD-3-Clause",
 			"dependencies": {
 				"tldts": "^7.0.5"
@@ -1499,6 +1510,7 @@
 			"version": "6.0.0",
 			"resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
 			"integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"punycode": "^2.3.1"
@@ -1555,6 +1567,7 @@
 			"version": "7.22.0",
 			"resolved": "https://registry.npmjs.org/undici/-/undici-7.22.0.tgz",
 			"integrity": "sha512-RqslV2Us5BrllB+JeiZnK4peryVTndy9Dnqq62S3yYRRTj0tFQCwEniUy2167skdGOy3vqRzEvl1Dm4sV2ReDg==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">=20.18.1"
@@ -1564,6 +1577,7 @@
 			"version": "5.0.0",
 			"resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz",
 			"integrity": "sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"xml-name-validator": "^5.0.0"
@@ -1576,6 +1590,7 @@
 			"version": "8.0.1",
 			"resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
 			"integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
+			"dev": true,
 			"license": "BSD-2-Clause",
 			"engines": {
 				"node": ">=20"
@@ -1585,6 +1600,7 @@
 			"version": "5.0.0",
 			"resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
 			"integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
+			"dev": true,
 			"license": "MIT",
 			"engines": {
 				"node": ">=20"
@@ -1594,6 +1610,7 @@
 			"version": "16.0.1",
 			"resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-16.0.1.tgz",
 			"integrity": "sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==",
+			"dev": true,
 			"license": "MIT",
 			"dependencies": {
 				"@exodus/bytes": "^1.11.0",
@@ -1608,6 +1625,7 @@
 			"version": "5.0.0",
 			"resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-5.0.0.tgz",
 			"integrity": "sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==",
+			"dev": true,
 			"license": "Apache-2.0",
 			"engines": {
 				"node": ">=18"
@@ -1617,6 +1635,7 @@
 			"version": "2.2.0",
 			"resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
 			"integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
+			"dev": true,
 			"license": "MIT"
 		},
 		"node_modules/zimmerframe": {
diff --git a/packages/ui/package.json b/packages/ui/package.json
index 8d33f875..461e951f 100644
--- a/packages/ui/package.json
+++ b/packages/ui/package.json
@@ -31,7 +31,6 @@
 	"dependencies": {
 		"effect": "3.19.19",
 		"highlight.js": "^11.11.1",
-		"isomorphic-dompurify": "^3.0.0",
 		"marked": "^17.0.4"
 	},
 	"scripts": {
diff --git a/packages/ui/src/markdown.test.ts b/packages/ui/src/markdown.test.ts
index fc70bc50..30c439b9 100644
--- a/packages/ui/src/markdown.test.ts
+++ b/packages/ui/src/markdown.test.ts
@@ -31,3 +31,10 @@ test('renderMarkdown removes inline event handler attributes', () => {
 	assert.equal(html.includes('<img'), false);
 	assert.equal(html.includes('&lt;img'), true);
 });
+
+test('renderMarkdown escapes attribute values emitted by markdown renderer', () => {
+	const html = renderMarkdown('![x" onerror="alert(1)](https://example.com/a.png)');
+	assert.equal(html.includes('" onerror='), false);
+	assert.equal(html.includes('&quot; onerror=&quot;alert(1)'), true);
+	assert.equal(html.includes('alt="x&quot; onerror=&quot;alert(1)"'), true);
+});
diff --git a/packages/ui/src/markdown.ts b/packages/ui/src/markdown.ts
index a82e0bec..2fa2e77c 100644
--- a/packages/ui/src/markdown.ts
+++ b/packages/ui/src/markdown.ts
@@ -1,4 +1,3 @@
-import DOMPurify from 'isomorphic-dompurify';
 import { Marked, type RendererThis, type Token, type Tokens } from 'marked';
 import { LONG_CONTENT_CHAR_THRESHOLD, LONG_TEXT_LINE_THRESHOLD } from './constants';
 import { highlightCode } from './highlight';
@@ -8,42 +7,6 @@ const MARKDOWN_CACHE_MAX_CHARS = 150_000;
 const markdownCache = new Map<string, string>();
 const ALLOWED_SCHEMES = new Set(['http:', 'https:', 'mailto:']);
 
-const MARKDOWN_SANITIZE_CONFIG = {
-	ALLOWED_TAGS: [
-		'a',
-		'b',
-		'blockquote',
-		'br',
-		'code',
-		'div',
-		'em',
-		'h1',
-		'h2',
-		'h3',
-		'h4',
-		'h5',
-		'h6',
-		'hr',
-		'i',
-		'img',
-		'li',
-		'ol',
-		'p',
-		'pre',
-		'span',
-		'strong',
-		'table',
-		'tbody',
-		'td',
-		'th',
-		'thead',
-		'tr',
-		'ul',
-	],
-	ALLOWED_ATTR: ['class', 'href', 'src', 'alt', 'target', 'rel'],
-	ALLOW_DATA_ATTR: false,
-};
-
 function parseInlineText(ctx: RendererThis, token: { text: string; tokens?: Token[] }): string {
 	if (token.tokens && ctx.parser?.parseInline) {
 		return ctx.parser.parseInline(token.tokens);
@@ -87,10 +50,9 @@ function sanitizeUrl(raw: string | null | undefined): string | null {
 	}
 }
 
-function sanitizeRenderedHtml(rendered: string): string {
-	const clean = DOMPurify.sanitize(rendered, MARKDOWN_SANITIZE_CONFIG) as string;
+function finalizeRenderedHtml(rendered: string): string {
 	// Preserve opener isolation for all explicit new-tab links.
-	return clean.replace(
+	return rendered.replace(
 		/<a([^>]*?)target="_blank"([^>]*?)rel="([^"]*)"([^>]*)>/gi,
 		(_, before: string, mid: string, relValue: string, after: string) => {
 			const relTokens = new Set(
@@ -151,7 +113,7 @@ const marked = new Marked({
 			if (!safeHref) {
 				return `<span class="md-link">${label}</span>`;
 			}
-			return `<a href="${escapeHtml(safeHref)}" class="md-link" target="_blank" rel="noopener noreferrer">${label}</a>`;
+			return `<a href="${escapeHtmlAttr(safeHref)}" class="md-link" target="_blank" rel="noopener noreferrer">${label}</a>`;
 		},
 		table(this: RendererThis, token: Tokens.Table) {
 			const headerCells = token.header
@@ -173,7 +135,7 @@ const marked = new Marked({
 			if (!safeSrc || safeSrc.startsWith('mailto:')) {
 				return '';
 			}
-			return `<img src="${escapeHtml(safeSrc)}" alt="${escapeHtml(text ?? '')}" class="md-img" />`;
+			return `<img src="${escapeHtmlAttr(safeSrc)}" alt="${escapeHtmlAttr(text ?? '')}" class="md-img" />`;
 		},
 		html({ text }: Tokens.HTML | Tokens.Tag) {
 			return escapeHtml(text);
@@ -204,7 +166,7 @@ export function renderMarkdown(text: string): string {
 	} catch {
 		rendered = escapeHtml(text);
 	}
-	const sanitized = sanitizeRenderedHtml(rendered);
+	const sanitized = finalizeRenderedHtml(rendered);
 
 	if (cacheable) {
 		if (markdownCache.size >= MARKDOWN_CACHE_MAX_ENTRIES) {
@@ -242,7 +204,16 @@ export function extractStandaloneFencedCode(
 }
 
 function escapeHtml(text: string): string {
-	return text.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+	return text
+		.replace(/&/g, '&amp;')
+		.replace(/</g, '&lt;')
+		.replace(/>/g, '&gt;')
+		.replace(/"/g, '&quot;')
+		.replace(/'/g, '&#39;');
+}
+
+function escapeHtmlAttr(text: string): string {
+	return escapeHtml(text);
 }
 
 /** Count approximate lines in text */
diff --git a/scripts/tests/package-footprint-contract.test.mjs b/scripts/tests/package-footprint-contract.test.mjs
new file mode 100644
index 00000000..f7543be5
--- /dev/null
+++ b/scripts/tests/package-footprint-contract.test.mjs
@@ -0,0 +1,26 @@
+import assert from 'node:assert/strict';
+import fs from 'node:fs';
+import path from 'node:path';
+import test from 'node:test';
+
+const repoRoot = process.cwd();
+
+function readJson(relativePath) {
+	return JSON.parse(fs.readFileSync(path.join(repoRoot, relativePath), 'utf8'));
+}
+
+test('web avoids direct markdown/highlight dependencies already owned by @opensession/ui', () => {
+	const webPackage = readJson('web/package.json');
+	const dependencies = webPackage.dependencies ?? {};
+
+	assert.equal(typeof dependencies['@opensession/ui'], 'string');
+	assert.equal('highlight.js' in dependencies, false);
+	assert.equal('marked' in dependencies, false);
+});
+
+test('ui markdown renderer does not depend on server-side dom shims', () => {
+	const uiPackage = readJson('packages/ui/package.json');
+	const dependencies = uiPackage.dependencies ?? {};
+
+	assert.equal('isomorphic-dompurify' in dependencies, false);
+});
diff --git a/web/package-lock.json b/web/package-lock.json
index ba7a2e2b..46272c50 100644
--- a/web/package-lock.json
+++ b/web/package-lock.json
@@ -8,9 +8,7 @@
 			"name": "opensession-web",
 			"version": "0.1.0",
 			"dependencies": {
-				"@opensession/ui": "file:../packages/ui",
-				"highlight.js": "^11.11.1",
-				"marked": "^17.0.4"
+				"@opensession/ui": "file:../packages/ui"
 			},
 			"devDependencies": {
 				"@playwright/test": "^1.58.2",
@@ -31,7 +29,6 @@
 			"dependencies": {
 				"effect": "3.19.19",
 				"highlight.js": "^11.11.1",
-				"isomorphic-dompurify": "^3.0.0",
 				"marked": "^17.0.4"
 			},
 			"devDependencies": {
@@ -1246,6 +1243,70 @@
 				"node": ">=14.0.0"
 			}
 		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
+			"version": "1.8.1",
+			"dev": true,
+			"inBundle": true,
+			"license": "MIT",
+			"optional": true,
+			"dependencies": {
+				"@emnapi/wasi-threads": "1.1.0",
+				"tslib": "^2.4.0"
+			}
+		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
+			"version": "1.8.1",
+			"dev": true,
+			"inBundle": true,
+			"license": "MIT",
+			"optional": true,
+			"dependencies": {
+				"tslib": "^2.4.0"
+			}
+		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
+			"version": "1.1.0",
+			"dev": true,
+			"inBundle": true,
+			"license": "MIT",
+			"optional": true,
+			"dependencies": {
+				"tslib": "^2.4.0"
+			}
+		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
+			"version": "1.1.1",
+			"dev": true,
+			"inBundle": true,
+			"license": "MIT",
+			"optional": true,
+			"dependencies": {
+				"@emnapi/core": "^1.7.1",
+				"@emnapi/runtime": "^1.7.1",
+				"@tybys/wasm-util": "^0.10.1"
+			},
+			"funding": {
+				"type": "github",
+				"url": "https://github.com/sponsors/Brooooooklyn"
+			}
+		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
+			"version": "0.10.1",
+			"dev": true,
+			"inBundle": true,
+			"license": "MIT",
+			"optional": true,
+			"dependencies": {
+				"tslib": "^2.4.0"
+			}
+		},
+		"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
+			"version": "2.8.1",
+			"dev": true,
+			"inBundle": true,
+			"license": "0BSD",
+			"optional": true
+		},
 		"node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
 			"version": "4.2.1",
 			"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.2.1.tgz",
@@ -1525,15 +1586,6 @@
 			"dev": true,
 			"license": "ISC"
 		},
-		"node_modules/highlight.js": {
-			"version": "11.11.1",
-			"resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-11.11.1.tgz",
-			"integrity": "sha512-Xwwo44whKBVCYoliBQwaPvtd/2tYFkRQtXDWj1nackaV2JPXx3L0+Jvd8/qCJ2p+ML0/XVkJ2q+Mr+UVdpJK5w==",
-			"license": "BSD-3-Clause",
-			"engines": {
-				"node": ">=12.0.0"
-			}
-		},
 		"node_modules/is-reference": {
 			"version": "3.0.3",
 			"resolved": "https://registry.npmjs.org/is-reference/-/is-reference-3.0.3.tgz",
@@ -1842,18 +1894,6 @@
 				"@jridgewell/sourcemap-codec": "^1.5.5"
 			}
 		},
-		"node_modules/marked": {
-			"version": "17.0.4",
-			"resolved": "https://registry.npmjs.org/marked/-/marked-17.0.4.tgz",
-			"integrity": "sha512-NOmVMM+KAokHMvjWmC5N/ZOvgmSWuqJB8FoYI019j4ogb/PeRMKoKIjReZ2w3376kkA8dSJIP8uD993Kxc0iRQ==",
-			"license": "MIT",
-			"bin": {
-				"marked": "bin/marked.js"
-			},
-			"engines": {
-				"node": ">= 20"
-			}
-		},
 		"node_modules/mri": {
 			"version": "1.2.0",
 			"resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz",
diff --git a/web/package.json b/web/package.json
index 1076cf77..66440ae7 100644
--- a/web/package.json
+++ b/web/package.json
@@ -27,9 +27,7 @@
 		"vite": "^7.3.1"
 	},
 	"dependencies": {
-		"@opensession/ui": "file:../packages/ui",
-		"highlight.js": "^11.11.1",
-		"marked": "^17.0.4"
+		"@opensession/ui": "file:../packages/ui"
 	},
 	"overrides": {
 		"cookie": "^0.7.0"