[Task] Redesign session timeline scroll ownership to stop recurring jump-to-top regressions

[Astro-Han]

Goal

Session timeline scrolling should have one clear owner and one user-facing rule:

• If the user is following the latest turn and submits a message, the timeline must stay with the latest turn.
• Browser layout resets, markdown height changes, composer dock resize, rendered-window updates, tool output expansion, and internal scroll events must not leave the viewport near the top.
• If the user is deliberately reading older history, the app must preserve that position and avoid pulling them down.

This issue exists because the current fixes have become path-specific. Recent scroll-to-top bugs were fixed through separate guardrails, but a new 2026-05-10 session export still showed a submit-time jump near the top after the timeline first reached bottom.

Scope

In scope:

• Redesign the session timeline scroll ownership model before more tactical patches.
• Define a small state machine for whether the timeline is following latest, reading history, navigating to a message, or recovering from a layout reset.
• Make one session-level controller own the decision to follow bottom, pause following, restore bottom, or preserve reading position.
• Separate deliberate user intent from browser/programmatic layout movement in both code and diagnostics.
• Add diagnostics that explain why following was paused or restored, not only that a jump happened.
• Add deterministic E2E coverage for submit-time top resets, including the case where the reset is currently marked as user_scrolled=true.

Out of scope:

• Redesigning the visual message layout.
• Rewriting the vendored agent runtime under packages/opencode/.
• Broad performance virtualization work already tracked by [Task] Optimize long session timeline rendering to prevent streaming flicker #397, unless a minimal dependency is required to make scroll ownership coherent.
• One-off fixes for a single handler without first documenting the ownership model.

Relevant files or context

Recent related issues:

• [Bug] exit-worktree triggers full session view teardown/rebuild, causing timeline flash, layout shift, and scroll-to-top #432: exit-worktree caused full session view teardown/rebuild and scroll-to-top symptoms.
• [Bug] Session jumps to top after submit enters question dock #467: question dock submit path caused jump-to-top.
• [Bug] Long session jumps near top after sending a message #496: long session jumped near top after sending a message.
• [Task] Optimize long session timeline rendering to prevent streaming flicker #397: long-session rendering optimization companion, focused on performance/flicker rather than ownership.

Recent evidence from a 2026-05-10 session export:

• The route, visible session, and timeline session stayed the same.
• The timeline first reached bottom after submit.
• Less than one second later it jumped near the top and emitted incident.session_scroll_jump_to_top.
• The jump sample had user_scrolled=true, which suggests the submit-time bottom-follow guard can be cancelled by a gesture/user-scroll path even when the visible effect is a layout/browser reset.
• The viewport returned to bottom afterward, so the failure is not data loss or a permanent remount. It is a broken ownership/intent decision during the submit window.

Likely code paths:

• packages/app/src/pages/session/use-session-timeline-interaction.ts
• packages/app/src/pages/session/use-session-scroll-dock.ts
• packages/app/src/pages/session/message-timeline.tsx
• packages/app/src/pages/session/use-session-history-window.ts
• packages/app/src/pages/session/use-session-hash-scroll.ts
• packages/app/src/context/renderer-diagnostics.ts
• packages/ui/src/hooks/create-auto-scroll.tsx
• packages/ui/src/components/scroll-view.tsx
• packages/ui/src/components/message-part.tsx

Verification

Design verification:

• Write a short design document before implementation.
• The design must state the user-facing scroll rules in plain language.
• The design must list the allowed sources that can change follow state and the sources that cannot.
• The design must explain how submit, streaming, composer resize, history reading, hash/message navigation, tool output resize, and browser layout resets interact.

Code verification for the eventual PR:

• Targeted unit tests for the scroll state machine or controller.
• Targeted tests for diagnostics fields that explain why follow state changed.
• E2E repro for submit from bottom followed by a forced top reset.
• E2E repro for submit from bottom followed by a forced top reset that is also marked as a recent scroll gesture.
• E2E check that real user reading history is still respected.
• Manual Electron check of the changed session path before claiming completion.

Execution mode

Human review required before code changes.

[Astro-Han]

Design draft: session timeline scroll ownership

Plain product rule

The main failure we must prevent is not every possible scroll movement. The red line is simpler:

After the user sends a message, PawWork must never throw the conversation back near the top unless the user clearly asked to go there.

A user may still intentionally leave the latest message after sending. If they strongly scroll upward, press a top/navigation key, click an old message, or load older history, the app should respect that. The bug is the system treating a browser/layout reset as user intent and leaving the user near the top of the conversation.

Why the previous fixes did not hold

The current session timeline has no single owner for scroll meaning. Several layers can affect the same visible position:

• createAutoScroll decides whether a container is following bottom or user-scrolled.
• use-session-scroll-dock.ts adds submit-time bottom follow locking and composer height handling.
• message-timeline.tsx marks wheel/touch/pointer gestures and emits scroll samples.
• use-session-history-window.ts decides whether the rendered message window is in bottom, reading, or hash mode.
• use-session-hash-scroll.ts can pause/force scroll for message anchors.
• composer/question/todo/permission docks can change bottom height and trigger resize paths.

That split explains why #432, #467, #496, and the 2026-05-10 export all look like the same user-visible bug but came from different paths. The fixes were useful, but they were local guardrails around a shared ownership problem.

Proposed ownership model

Introduce one session-level controller for the main conversation timeline, tentatively SessionTimelineScrollController.

This controller owns the user-visible timeline position contract for the main session timeline. Other pieces may report events, but they should not independently decide whether the conversation is following latest, reading history, jumping to a message, or recovering from a layout reset.

The controller should track four user-facing modes:

• following_latest: the user is at the newest turn, or just sent a message and should see the newest turn.
• reading_history: the user clearly moved away from latest and wants to keep that reading position.
• targeting_message: the user or URL hash asked for a specific message or anchor.
• recovering_layout: the controller is correcting a browser/layout movement that did not come from user intent.

The controller should also track the last known safe position for each mode:

• latest position for following_latest;
• preserved reading anchor for reading_history;
• target message id/anchor for targeting_message.

Intent versus observation

The core architecture change is to stop guessing user intent from the final scroll position.

Inputs should be split into two groups.

Intent events can change mode:

• user submitted a message;
• user clicked jump to latest;
• user deliberately moved away from latest with a strong upward gesture;
• user used PageUp/Home or another explicit navigation key;
• user clicked or navigated to a specific old message;
• user clicked load earlier.

Observation events cannot by themselves change mode:

• a scroll event fired;
• scrollTop changed;
• markdown content height changed;
• tool output expanded;
• composer/question/todo/permission dock height changed;
• history window rendered more or fewer turns;
• browser scroll anchoring or layout reset moved the viewport.

Observation events may ask the controller to re-check the current position. If the position is illegal for the current mode, the controller restores the last safe position.

Illegal positions

A position can be legal or illegal depending on mode.

Legal examples:

• In following_latest, the viewport is near the newest turn.
• In reading_history, the viewport stays near the user's preserved reading anchor.
• In targeting_message, the target message remains mounted and visible.
• After an explicit load-earlier or Home-style action, being near the top is legal.

Illegal examples:

• Immediately after submit, the viewport is near the top while no explicit top/history intent was recorded.
• The timeline first reaches bottom after submit, then jumps near the top within the submit window and is only marked as user_scrolled=true by a generic scroll sample.
• A dock resize or markdown/tool-output resize moves the viewport far from the current mode's safe position.

The 2026-05-10 export falls into this illegal class: same session, reached bottom after submit, then jumped near top less than one second later with user_scrolled=true, then recovered. The design should prevent the visible top jump, not merely recover eventually.

Integration boundary

This should be a focused timeline architecture change, not a full app-wide scroll rewrite.

In scope:

• Replace the main session timeline's direct dependency on createAutoScroll as the final scroll decision-maker.
• Fold the current use-session-scroll-dock.ts bottom follow lock into the new controller.
• Fold the use-session-history-window.ts mode decisions into the new controller, so rendered-window mode and scroll-follow mode are not two separate brains.
• Route use-session-hash-scroll.ts through the controller as explicit message targeting.
• Treat composer/question/todo/permission dock height changes as layout events reported to the controller.
• Extend renderer diagnostics to record controller state transitions and reasons.

Out of scope for this issue:

• Redesigning the message UI.
• App-wide ScrollView replacement.
• Virtualized timeline performance work from [Task] Optimize long session timeline rendering to prevent streaming flicker #397, except for small seams needed so future virtualization can plug into the same controller.
• Rewriting packages/opencode/.

ScrollView should remain mostly mechanical: viewport, thumb, basic keyboard behavior. createAutoScroll can remain for simple nested containers such as turn-level content, but the main session timeline should no longer let it decide user intent.

Expected controller API shape

The exact names can change, but the implementation should make these boundaries visible:

type TimelineIntent =
  | { type: "submit" }
  | { type: "jump_latest" }
  | { type: "leave_latest"; source: "wheel" | "touch" | "keyboard" | "pointer"; strength: "strong" }
  | { type: "target_message"; messageID: string; source: "hash" | "command" | "click" }
  | { type: "load_earlier" }

type TimelineObservation =
  | { type: "scroll"; metrics: ScrollMetrics }
  | { type: "content_resize"; metrics: ScrollMetrics }
  | { type: "dock_resize"; dockHeight: number; metrics: ScrollMetrics }
  | { type: "window_changed"; renderedStart: number; renderedCount: number; metrics: ScrollMetrics }

The controller should expose commands such as:

• attach/detach viewport and content elements;
• dispatch intent;
• report observation;
• compute visible window start/count;
• restore latest, reading anchor, or target anchor when needed;
• emit diagnostics for state transitions and recoveries.

The important part is not the exact API shape. The important part is that intent is explicit and observations do not silently rewrite intent.

Diagnostics

Diagnostics need to explain why a decision was made, not only what the final scroll position was.

Add events or fields that answer:

• current controller mode;
• last intent and source;
• whether the current scroll movement was accepted or rejected;
• whether a recovery happened;
• recovery reason, for example submit_top_reset, dock_resize_preserve_latest, target_message_restore, reading_anchor_preserve;
• whether a scroll sample was near top, near bottom, or near the preserved reading anchor.

This should make the next exported session answerable without guessing whether user_scrolled=true meant a real user action or a browser/layout artifact.

Verification plan

Unit tests:

• controller state transitions for submit, jump latest, strong user leave, target message, load earlier;
• observation-only scroll/top reset cannot move from following_latest to reading_history;
• layout resize preserves the correct safe position for latest, reading history, and target message;
• rendered-window changes preserve the correct anchor;
• diagnostics contain mode and reason.

E2E tests:

• long session at bottom, submit, forced scrollTop=0, stays near latest;
• same case but also mark a recent scroll gesture, still stays near latest unless there was a strong explicit leave intent;
• user sends, then strongly scrolls up, app does not fight the user and does not jump all the way to the top unless that was the explicit target;
• user reading old history receives background/streaming updates, reading position is preserved and jump-to-latest remains available;
• hash/message navigation keeps the target visible and does not get pulled back to latest until the user submits or clicks latest;
• composer/question/todo/permission dock height changes do not create a near-top jump.

Manual verification:

• Run the changed path in Electron with a long session.
• Verify submit, question dock, tool output expansion, stop/cancel, and jump-to-latest in the shipped desktop shell.

Acceptance criteria

This issue is done when the main session timeline has a single scroll owner and the top-jump class is blocked by design:

• There is one controller that owns follow/latest/reading/targeting state.
• Main timeline code does not independently infer user intent from raw scrollTop.
• History window, hash targeting, dock resize, and submit recovery route through the same controller.
• Exported diagnostics show state transition reasons.
• E2E covers the previously missing case: submit-time top reset that is also marked like user scrolling.

[Astro-Han]

Design draft v2 amendments

This comment tightens the blocking boundaries from the first design draft. It should be read as an addendum to the earlier design comment, not as a separate direction.

1. Intent ingress for keyboard and scrollbar navigation

The controller must not infer these actions from the final scrollTop alone.

ScrollView may stay a mostly mechanical viewport component, but when it handles navigation keys or scrollbar thumb dragging for the main session timeline, the main timeline must receive an explicit intent before or during the mechanical scroll.

Intent events that must be routed to the controller:

type TimelineNavigationIntent =
  | { type: "keyboard_scroll"; key: "ArrowUp" | "ArrowDown" | "PageUp" | "PageDown" | "Home" | "End" }
  | { type: "scrollbar_drag_start" }
  | { type: "scrollbar_drag_end" }
  | { type: "wheel_scroll"; direction: "up" | "down"; strength: "weak" | "strong" }
  | { type: "touch_scroll"; direction: "up" | "down"; strength: "weak" | "strong" }

Rules:

• Home, PageUp, strong upward wheel/touch, and scrollbar drag away from latest may leave latest mode.
• End, jump-to-latest click, and submit may enter latest mode.
• Weak wheel/touch near bottom should not leave latest mode.
• A near-top observation without one of these explicit intents remains an illegal layout movement during submit/latest recovery.

Implementation implication:

• ScrollView can still execute scrollBy / scrollTo, but the session timeline wrapper must get the key/thumb intent, not only the later scroll event.
• If ScrollView cannot expose thumb drag intent cleanly, the session timeline should wrap or extend it for this surface rather than falling back to raw scroll inference.

Required tests:

• Observation-only scrollTop=0 after submit restores latest.
• Home / PageUp / scrollbar drag produces an explicit history/navigation intent and is not restored as a layout reset.
• End returns to latest.
• Weak trackpad noise near bottom does not leave latest.

2. Safe position anchor contract

The controller must preserve positions by anchor, not by scrollTop alone.

scrollTop is only a measurement. It is not a stable user position because content height, dock height, rendered window start, markdown expansion, and tool output expansion can all change it.

Safe positions should be represented as structured anchors:

type TimelineSafePosition =
  | {
      kind: "latest"
      messageID?: string
    }
  | {
      kind: "reading"
      anchorMessageID: string
      offsetFromViewportTop: number
      renderedStart: number
      renderedCount: number
    }
  | {
      kind: "target_message"
      messageID: string
      align: "nearest" | "top" | "center"
      offsetFromViewportTop?: number
      loadPolicy: "load_until_visible" | "visible_only"
    }

Anchor sampling rules:

• Before window_changed, backfill, load earlier, content resize, dock resize, or streaming update, sample the current legal anchor.
• For reading mode, choose the first stable visible message near the top of the viewport and store its offset from the viewport top.
• For targeting mode, preserve the target message id and requested alignment.
• For latest mode, preserve the latest message or bottom sentinel.

Restore rules:

• latest restores to bottom or latest sentinel.
• reading restores the same anchor message to the same viewport offset when possible.
• target_message keeps the target mounted and visible, loading or expanding the rendered window if needed.
• If the anchor message is not currently mounted but can be loaded or revealed, the controller must expand/load first, then restore.
• If the anchor is impossible to recover, diagnostics must emit the fallback reason instead of silently switching mode.

Required tests:

• Reading history survives window_changed, backfill, load earlier, content resize, dock resize, and streaming update without being pulled to latest or dropped to top.
• Hash/message targeting keeps the target visible across loadMore and rendered-window changes.
• Submit or jump latest is the explicit way out of reading/targeting unless the user performs another explicit navigation intent.

3. Submit precedence and origin mode

Submit is an explicit user intent. Product rule:

When the user submits from the composer, PawWork should show the new/latest turn. After that, the user may deliberately move away, but the system must not interpret a layout reset as that move.

Controller behavior:

type SubmitIntent = {
  type: "submit"
  originMode: "following_latest" | "reading_history" | "targeting_message"
}

Rules:

• Submit enters following_latest by default, regardless of origin mode.
• The controller records submit_origin_mode for diagnostics.
• During the submit protection window, observation-only near-top movement is illegal and should restore latest immediately.
• A strong explicit user navigation after submit can leave latest mode.
• A forced near-top reset that is merely marked like a scroll sample is not enough to leave latest mode.

Required tests:

• Submit from latest stays latest.
• Submit from reading moves to latest.
• Submit from targeting moves to latest.
• Submit followed by forced top reset restores latest.
• Submit followed by explicit strong upward navigation enters reading/history without jumping to the conversation top unless the explicit intent was Home/load-earlier/top navigation.

4. Session owner and cleanup

The controller must be owned by the current session identity and viewport identity.

Rules:

• Every pending timer, requestAnimationFrame, ResizeObserver recovery, queued target seek, and delayed restore is scoped to the current sessionKey and viewport instance.
• Detach, session switch, or owner mismatch cancels pending recovery work.
• No old session controller action may write to a new session viewport.
• Diagnostics must include the owner identity used for the decision.

Required tests:

• Owner mismatch does not restore or mutate scroll state.
• Pending recovery is cancelled on detach.
• Quick session switch after submit does not produce a mixed-owner scroll frame.
• Hash/message seek queued for one session cannot apply to another session.

5. Diagnostics schema

Add a typed controller diagnostic event instead of ad hoc strings.

Suggested event name:

"session.timeline.scroll_controller"

Minimum fields:

type ScrollControllerDiagnostic = {
  mode_before: "following_latest" | "reading_history" | "targeting_message"
  mode_after: "following_latest" | "reading_history" | "targeting_message"
  intent_type?: string
  intent_source?: string
  observation_type?: string
  accepted: boolean
  recovery: boolean
  reason:
    | "submit_follow_latest"
    | "submit_top_reset_recovered"
    | "explicit_leave_latest"
    | "explicit_top_navigation"
    | "jump_latest"
    | "reading_anchor_preserved"
    | "target_message_preserved"
    | "dock_resize_preserve_latest"
    | "dock_resize_preserve_reading"
    | "owner_mismatch_cancelled"
    | "anchor_unrecoverable_fallback"
  anchor_kind?: "latest" | "reading" | "target_message"
  anchor_message_id?: string
  submit_origin_mode?: "following_latest" | "reading_history" | "targeting_message"
  near_top?: boolean
  near_bottom?: boolean
  near_anchor?: boolean
  session_owner: string
  viewport_owner: string
}

Rules:

• Every mode transition emits a diagnostic.
• Every rejected observation emits a diagnostic.
• Every recovery emits a diagnostic.
• The forced submit-top reset path and explicit Home/PageUp path must produce different reasons.

6. Durable modes and recovery

recovering_layout should not be a durable user-facing mode.

Durable modes should be limited to:

• following_latest
• reading_history
• targeting_message

Recovery should be represented as a transient action or transition reason, for example:

type TimelineRecovery = {
  reason: "submit_top_reset" | "dock_resize" | "content_resize" | "window_changed"
  restoreTarget: TimelineSafePosition
}

The controller must finish recovery by returning to one durable mode. It should never remain in a long-lived recovering_layout state.

7. Strong gesture threshold

The design must define strong enough that implementers cannot use different meanings in different handlers.

Minimum requirement:

• Normalize wheel/touch delta to pixels.
• Ignore nested [data-scrollable] regions unless their boundary is reached and the remaining gesture clearly continues into the main timeline.
• Weak upward movement near bottom does not leave latest.
• Strong upward movement means enough user input to move materially away from latest, for example a threshold based on viewport height rather than a single wheel tick.
• The exact pixel threshold can be tuned in implementation, but it must live in one helper and be unit-tested.

8. Dock observation source

Dock resize observations should include source metadata so future exports are explainable.

type DockResizeObservation = {
  type: "dock_resize"
  dockKind: "prompt" | "question" | "todo" | "permission" | "followup" | "revert" | "unknown"
  previousDockHeight: number
  nextDockHeight: number
  metrics: ScrollMetrics
}

This is not a separate behavior rule. It is for diagnostics and targeted regression tests.

Updated acceptance criteria

The issue is ready for implementation only when the design covers these contracts:

• Main timeline intent ingress includes keyboard navigation and scrollbar thumb dragging.
• Safe position is message-anchor based, not scrollTop-only.
• Submit behavior records origin mode and defaults to latest.
• Owner cleanup is part of the controller contract.
• Diagnostics use a typed schema with accepted/rejected/recovery reasons.
• Recovery is transient, not a durable user-facing mode.
• Strong gesture semantics are centralized and tested.
• Dock resize observations include source metadata.

[Astro-Han]

Non-blocking implementation notes after V2 review

The V2 design is sufficient to start implementation. These notes do not change the product rule or block the design; they tighten implementation and verification for the eventual PR.

1. Rejoining latest from manual bottom navigation

Reading/history mode must have an explicit way to rejoin latest without clicking the jump button.

Implementation rule:

• End, jump latest, submit, scrollbar drag ending near the bottom sentinel, and strong downward wheel/touch that reaches bottom should enter following_latest.
• Once the user has manually reached bottom, later streaming/new messages should follow latest again.

Required verification:

• Unit: reading_history -> scrollbar_drag_end near_bottom -> following_latest.
• Unit: reading_history -> strong downward scroll reaches bottom -> following_latest.
• E2E: user reads older history, manually scrolls/drags to bottom, then a new update follows latest.

2. Cached safe anchor for after-layout changes

Some changes are only visible after layout has already changed, especially markdown growth, tool output expansion, and ResizeObserver-driven updates. The controller cannot rely only on sampling immediately before every resize.

Implementation rule:

• After each accepted legal position, the controller should cache the latest legal TimelineSafePosition.
• For content resize, dock resize, streaming update, and window changes, recovery should prefer the cached safe anchor, then reconcile against the current DOM.
• Immediate pre-change sampling is still useful for paths we control, such as backfill/load earlier/window expansion, but it is not the only recovery source.

Required verification:

• Unit: a content resize observed after layout still restores the cached reading anchor.
• E2E: expanding tool output or markdown growth while reading history keeps the same message anchor visible.

3. Diagnostics reasons are extensible

The typed diagnostics schema in V2 defines the minimum required fields and initial reasons. The implementation should treat reason as an extensible typed set, not a closed list that forces unrelated paths into vague buckets.

Examples worth adding if needed:

• explicit_bottom_navigation
• content_resize_preserve_reading
• content_resize_preserve_latest
• window_changed_preserve_reading
• window_changed_preserve_target
• target_load_exhausted_fallback
• repeated_observation_coalesced

Required verification:

• Diagnostics tests should distinguish forced top reset, explicit Home/PageUp, drag-to-bottom, dock resize, content resize, and target load fallback.

4. Coalesce noisy rejected observations

The controller should not spam diagnostics during continuous resize/scroll noise.

Implementation rule:

• Consecutive rejected observations with the same owner, mode, reason, and frame/window can be coalesced or counted.
• Do not coalesce away the first rejection, the recovery event, or the final mode transition.

Required verification:

• Unit: repeated same-reason rejected observations are coalesced or include a count.
• E2E/export check: forced submit-top reset still leaves a clear decision trail.

[Astro-Han]

Session Timeline Scroll Owner Implementation Plan

For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (- [ ]) syntax for tracking.

Goal: Make the main session timeline have one scroll owner so PawWork never sends the user to the top after submit unless the user clearly asked to navigate there. The same owner must still respect real user reading, hash/message targeting, manual navigation, dock changes, and streaming content growth.

Architecture: Add a SessionTimelineScrollController for the main session timeline. It is the only code path allowed to decide whether the timeline is following latest, reading history, targeting a message, or recovering from a layout change. UI surfaces send explicit intents before they perform mechanical scrolling. Raw scroll metrics, resize events, rendered-window changes, content changes, and dock changes are observations only. The controller stores a message-based safe position and restores from it when layout changes or suspicious top resets appear. Existing helpers can keep mechanical duties, but main timeline ownership moves out of createAutoScroll, use-session-scroll-dock, use-session-history-window, and use-session-hash-scroll.

Tech Stack: SolidJS, TypeScript, Bun unit tests with happydom, Playwright E2E, Electron desktop manual verification.

---

Scope

In scope:

• Main session timeline scroll behavior in packages/app/src/pages/session/.
• ScrollView intent ingress in packages/ui/src/components/scroll-view.tsx.
• Controller diagnostics in renderer diagnostics export.
• Unit tests for controller, anchor recovery, intent ingress, diagnostics.
• E2E coverage for the user paths that previously regressed.
• Manual Electron verification for the desktop shell path.

Out of scope:

• Performance virtualization in issue [Task] Optimize long session timeline rendering to prevent streaming flicker #397.
• App-wide scroll behavior outside the session timeline.
• A visual redesign of the timeline, composer, question dock, todo dock, or history UI.
• Rewriting packages/opencode/.

Current Failure Model

The current code has several places interpreting the same movement:

• packages/ui/src/hooks/create-auto-scroll.tsx turns raw scroll samples into userScrolled.
• packages/app/src/pages/session/use-session-scroll-dock.ts owns bottom-follow lock, composer dock resize, and resume behavior.
• packages/app/src/pages/session/message-timeline.tsx marks wheel, touch, pointer, and scroll gesture samples.
• packages/app/src/pages/session/use-session-history-window.ts owns reading/history window state.
• packages/app/src/pages/session/use-session-hash-scroll.ts owns hash/message target seeking.
• packages/ui/src/components/scroll-view.tsx performs keyboard scrolling internally before the main timeline can classify the key as user intent.

That split lets a layout reset after submit look like a real user scroll. The fix is not another guard around one symptom. The fix is to stop letting raw scroll position decide user intent.

Target File Changes

Create:

• packages/app/src/pages/session/session-timeline-scroll-controller.ts
• packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
• packages/app/src/pages/session/session-timeline-scroll-anchors.ts
• packages/app/src/pages/session/session-timeline-scroll-anchors.test.ts
• packages/app/e2e/session/session-scroll-controller.spec.ts

Modify:

• packages/ui/src/components/scroll-view.tsx
• packages/ui/src/components/scroll-view.test.ts
• packages/app/src/pages/session/message-timeline.tsx
• packages/app/src/pages/session/use-session-timeline-interaction.ts
• packages/app/src/pages/session/use-session-scroll-dock.ts
• packages/app/src/pages/session/use-session-history-window.ts
• packages/app/src/pages/session/use-session-hash-scroll.ts
• packages/app/src/pages/session/session-composer-region.tsx
• packages/app/src/context/renderer-diagnostics.ts
• packages/app/src/context/renderer-diagnostics.test.ts
• Existing session scroll E2E files only where assertions overlap, especially packages/app/e2e/session/session-scroll-position.spec.ts.

Delete only after replacement tests pass and the call sites are gone:

• Main-timeline decision paths in use-session-scroll-dock.ts, use-session-history-window.ts, and use-session-hash-scroll.ts that are replaced by the controller.
• Do not delete create-auto-scroll.tsx; it can remain for simple scroll containers outside the main timeline.

Controller Contract

Use durable modes only:

export type TimelineScrollMode =
  | "following_latest"
  | "reading_history"
  | "targeting_message";

Recovery is a transient action, not a durable mode:

export type TimelineRecovery =
  | { type: "none" }
  | {
      type: "restore_anchor";
      reason: TimelineScrollReason;
      anchor: TimelineSafePosition;
    }
  | {
      type: "restore_latest";
      reason: TimelineScrollReason;
    };

Safe positions are message-based:

export type TimelineSafePosition =
  | { kind: "latest"; messageID?: string }
  | {
      kind: "reading";
      anchorMessageID: string;
      offsetFromViewportTop: number;
      renderedStart: number;
      renderedCount: number;
    }
  | {
      kind: "target_message";
      messageID: string;
      align: "nearest" | "top" | "center";
      offsetFromViewportTop?: number;
      loadPolicy: "load_until_visible" | "visible_only";
    };

The controller receives intent before mechanical scroll:

export type TimelineScrollIntent =
  | {
      type: "keyboard_scroll";
      key: "ArrowUp" | "ArrowDown" | "PageUp" | "PageDown" | "Home" | "End";
      source: "scroll_view";
    }
  | {
      type: "scrollbar_drag_start" | "scrollbar_drag_end";
      source: "scroll_view";
      metrics: TimelineScrollMetrics;
    }
  | {
      type: "wheel_scroll" | "touch_scroll";
      source: "timeline";
      direction: "up" | "down";
      strength: "weak" | "strong";
      nestedScrollable: boolean;
    }
  | {
      type: "jump_latest";
      source: "button" | "keyboard" | "submit";
    }
  | {
      type: "submit";
      originMode: TimelineScrollMode;
    }
  | {
      type: "target_message";
      messageID: string;
      align: "nearest" | "top" | "center";
    };

Observations never create user intent by themselves:

export type TimelineScrollObservation =
  | {
      type: "scroll_sample";
      metrics: TimelineScrollMetrics;
      safePosition?: TimelineSafePosition;
    }
  | {
      type: "window_changed";
      renderedStart: number;
      renderedCount: number;
      metrics: TimelineScrollMetrics;
    }
  | {
      type: "content_resize";
      metrics: TimelineScrollMetrics;
    }
  | {
      type: "dock_resize";
      dockKind: TimelineDockKind;
      previousDockHeight: number;
      nextDockHeight: number;
      metrics: TimelineScrollMetrics;
    }
  | {
      type: "owner_detached";
      sessionOwner: string;
      viewportOwner: string;
    };

Use a reason union that is typed but extensible:

export type TimelineScrollReason =
  | "submit_follow_latest"
  | "submit_restore_latest_after_top_reset"
  | "explicit_top_navigation"
  | "explicit_bottom_navigation"
  | "strong_upward_navigation"
  | "strong_downward_navigation"
  | "weak_scroll_observed"
  | "scrollbar_drag_started"
  | "scrollbar_drag_preserve_reading"
  | "reading_anchor_preserved"
  | "content_resize_preserve_reading"
  | "dock_resize_preserve_anchor"
  | "window_changed_preserve_target"
  | "target_message_requested"
  | "target_load_exhausted_fallback"
  | "owner_mismatch_cancelled"
  | "anchor_unrecoverable_fallback"
  | (string & {});

Implementation Tasks

1. Add Controller Unit Tests First

• Create packages/app/src/pages/session/session-timeline-scroll-controller.test.ts.
• Add tests for mode transitions before writing controller implementation.
• Cover submit from following_latest:
  • submit records originMode: "following_latest";
  • near-top scroll_sample without explicit intent is rejected;
  • recovery asks to restore latest.
• Cover explicit top navigation:
  • Home, PageUp, strong upward wheel, and scrollbar drag away from bottom enter reading_history;
  • the same near-top metrics are accepted when preceded by explicit intent.
• Cover explicit bottom rejoin:
  • End, jump latest, submit, scrollbar drag ending near bottom, and strong downward wheel/touch reaching bottom enter following_latest;
  • after rejoin, new streaming content follows latest.
• Cover reading preservation:
  • window_changed, content_resize, and dock_resize restore cached reading anchor;
  • no observation-only event switches reading_history to following_latest.
• Cover target message:
  • target intent enters targeting_message;
  • target remains active across rendered-window changes until visible or load policy is exhausted.
• Cover owner cleanup:
  • owner mismatch cancels pending recovery and emits a diagnostic.

Test examples:

import { describe, expect, it } from "bun:test";
import {
  createSessionTimelineScrollController,
  type TimelineScrollMetrics,
} from "./session-timeline-scroll-controller";

const bottomMetrics: TimelineScrollMetrics = {
  scrollTop: 853,
  scrollHeight: 1674,
  clientHeight: 821,
  distanceFromTop: 853,
  distanceFromBottom: 0,
  nearTop: false,
  nearBottom: true,
};

const topMetrics: TimelineScrollMetrics = {
  scrollTop: 6,
  scrollHeight: 1674,
  clientHeight: 821,
  distanceFromTop: 6,
  distanceFromBottom: 847,
  nearTop: true,
  nearBottom: false,
};

it("restores latest when submit is followed by an observation-only top reset", () => {
  const diagnostics: unknown[] = [];
  const controller = createSessionTimelineScrollController({
    sessionOwner: "ses_1",
    viewportOwner: "viewport_1",
    emitDiagnostic: (event) => diagnostics.push(event),
  });

  controller.observe({
    type: "scroll_sample",
    metrics: bottomMetrics,
    safePosition: { kind: "latest", messageID: "msg_latest" },
  });

  controller.intent({
    type: "submit",
    originMode: "following_latest",
  });

  const result = controller.observe({
    type: "scroll_sample",
    metrics: topMetrics,
  });

  expect(result.accepted).toBe(false);
  expect(result.recovery).toEqual({
    type: "restore_latest",
    reason: "submit_restore_latest_after_top_reset",
  });
  expect(controller.state().mode).toBe("following_latest");
  expect(diagnostics).toContainEqual(
    expect.objectContaining({
      event: "session.timeline.scroll_controller",
      accepted: false,
      reason: "submit_restore_latest_after_top_reset",
      mode_before: "following_latest",
      mode_after: "following_latest",
    }),
  );
});

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts

Expected failing state before implementation: test file compiles once exported types exist, then transition assertions fail until task 2 is complete.

Commit boundary:

git add packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
git commit -m "test: cover session timeline scroll controller"

2. Implement the Pure Controller

• Create packages/app/src/pages/session/session-timeline-scroll-controller.ts.
• Export controller types, createSessionTimelineScrollController, and pure helpers.
• Keep DOM access out of this file.
• Store:
  • current durable mode;
  • last accepted explicit intent;
  • last legal safe position;
  • pending target message;
  • session owner and viewport owner;
  • coalescing state for repeated rejected observations.
• Treat observations as facts about layout, not intent.
• Use the cached safe position when an observation arrives after layout already changed.
• Coalesce repeated rejected diagnostics by same owner, mode, reason, and animation frame key while preserving the first rejection and recovery event.

Controller skeleton:

export function createSessionTimelineScrollController(
  options: SessionTimelineScrollControllerOptions,
): SessionTimelineScrollController {
  const state: SessionTimelineScrollControllerState = {
    mode: "following_latest",
    lastSafePosition: { kind: "latest" },
    lastIntent: undefined,
    pendingRecovery: { type: "none" },
    sessionOwner: options.sessionOwner,
    viewportOwner: options.viewportOwner,
  };

  const emit = (event: TimelineScrollDiagnosticEvent) => {
    options.emitDiagnostic(event);
  };

  return {
    state: () => state,
    intent(intent) {
      return applyIntent(state, intent, emit);
    },
    observe(observation) {
      return applyObservation(state, observation, emit);
    },
    detach(owner) {
      return detachOwner(state, owner, emit);
    },
  };
}

Required transition rules:

• submit always sets the mode to following_latest, records submit_origin_mode, and sets latest as the recovery target.
• Near-top scroll_sample after submit is rejected unless an explicit top-navigation intent occurred after submit.
• Home, PageUp, strong upward wheel/touch, and scrollbar drag away from bottom can enter reading_history.
• End, jump latest, submit, scrollbar drag ending near bottom, and strong downward wheel/touch reaching bottom enter following_latest.
• target_message enters targeting_message and stores a target safe position.
• window_changed, content_resize, and dock_resize restore from lastSafePosition when the current mode is reading_history or targeting_message.
• Owner mismatch cancels pending work and emits owner_mismatch_cancelled.

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts

Expected passing state: all controller tests pass.

Commit boundary:

git add packages/app/src/pages/session/session-timeline-scroll-controller.ts
git commit -m "feat: add session timeline scroll controller"

3. Add Message Anchor Sampling and Restore Helpers

• Create packages/app/src/pages/session/session-timeline-scroll-anchors.test.ts.
• Create packages/app/src/pages/session/session-timeline-scroll-anchors.ts.
• Add tests with a happydom viewport and message nodes.
• Use stable message ids from DOM attributes already present in rendered message rows. If the current markup lacks a stable attribute, add data-message-id in the smallest message row component that has the id.
• Sample the first visible message as the reading anchor.
• Store offsetFromViewportTop as messageTop - viewportTop.
• Restore by finding the message id and setting scrollTop so the same offset returns.
• Restore latest through a bottom sentinel when present; otherwise use scrollHeight - clientHeight.
• Return a typed failure when an anchor is not mounted.

Anchor API:

export type TimelineAnchorRestoreResult =
  | { ok: true; restoredTo: TimelineSafePosition }
  | { ok: false; reason: "anchor_not_mounted" | "viewport_missing" | "invalid_anchor" };

export function sampleTimelineSafePosition(args: {
  viewport: HTMLElement;
  mode: TimelineScrollMode;
  renderedStart: number;
  renderedCount: number;
  newestMessageID?: string;
  targetMessageID?: string;
}): TimelineSafePosition;

export function restoreTimelineSafePosition(args: {
  viewport: HTMLElement;
  position: TimelineSafePosition;
  bottomSentinel?: HTMLElement | null;
}): TimelineAnchorRestoreResult;

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-anchors.test.ts

Expected passing state: reading, latest, target, and missing-anchor cases pass.

Commit boundary:

git add packages/app/src/pages/session/session-timeline-scroll-anchors.ts packages/app/src/pages/session/session-timeline-scroll-anchors.test.ts
git commit -m "feat: add timeline scroll anchor helpers"

4. Add Intent Ingress to ScrollView

• Inspect packages/ui/src/components/scroll-view.tsx and its local tests.
• Add exported intent types without changing existing callers.
• Call events.onScrollIntent before ScrollView performs keyboard scrolling for ArrowUp, ArrowDown, PageUp, PageDown, Home, and End.
• Emit scrollbar_drag_start on scrollbar thumb pointer down.
• Emit scrollbar_drag_end on pointer up or cancel with current metrics.
• Keep ScrollView mechanical: it reports intent, then still scrolls unless an existing caller prevented default.
• Do not make ScrollView import the session controller.

Type shape:

export type ScrollViewScrollIntent =
  | {
      type: "keyboard_scroll";
      key: "ArrowUp" | "ArrowDown" | "PageUp" | "PageDown" | "Home" | "End";
    }
  | {
      type: "scrollbar_drag_start" | "scrollbar_drag_end";
      metrics: {
        scrollTop: number;
        scrollHeight: number;
        clientHeight: number;
      };
    };

Call-site sketch:

events.onScrollIntent?.({
  type: "keyboard_scroll",
  key,
});

Verification:

bun --cwd packages/ui test src/components/scroll-view.test.ts

Commit boundary:

git add packages/ui/src/components/scroll-view.tsx packages/ui/src/components/scroll-view.test.ts
git commit -m "feat: expose scroll view navigation intents"

5. Wire Typed Diagnostics

• Add session.timeline.scroll_controller to packages/app/src/context/renderer-diagnostics.ts.
• Define the payload shape in app code with explicit fields:
  • mode_before
  • mode_after
  • intent_type
  • intent_source
  • observation_type
  • accepted
  • recovery
  • reason
  • anchor_kind
  • anchor_message_id
  • submit_origin_mode
  • near_top
  • near_bottom
  • near_anchor
  • session_owner
  • viewport_owner
  • coalesced_count
• Test sanitizer/export behavior in packages/app/src/context/renderer-diagnostics.test.ts.
• Keep existing incident.session_scroll_jump_to_top diagnostics until the new controller E2E proves the top reset is recovered and explained.

Diagnostic example:

{
  event: "session.timeline.scroll_controller",
  mode_before: "following_latest",
  mode_after: "following_latest",
  observation_type: "scroll_sample",
  accepted: false,
  recovery: "restore_latest",
  reason: "submit_restore_latest_after_top_reset",
  anchor_kind: "latest",
  anchor_message_id: "msg_latest",
  submit_origin_mode: "following_latest",
  near_top: true,
  near_bottom: false,
  near_anchor: false,
  session_owner: "ses_1",
  viewport_owner: "viewport_1",
  coalesced_count: 1,
}

Verification:

bun --cwd packages/app test src/context/renderer-diagnostics.test.ts src/pages/session/session-timeline-scroll-controller.test.ts

Expected passing state: diagnostics test accepts the new event and controller tests assert distinct reasons for forced top reset and explicit Home/PageUp navigation.

Commit boundary:

git add packages/app/src/context/renderer-diagnostics.ts packages/app/src/context/renderer-diagnostics.test.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
git commit -m "feat: record timeline scroll controller diagnostics"

6. Integrate Controller at the Main Timeline Boundary

• Modify packages/app/src/pages/session/use-session-timeline-interaction.ts to create one controller per session key and viewport owner.
• Pass intent and observation handlers down to message-timeline.tsx.
• Replace main-timeline decisions from scrollDock.autoScroll.userScrolled with controller state.
• Keep existing public hook shape stable unless a call site becomes simpler by moving a controller method through it.
• Ensure detach cancels controller rAF, timer, ResizeObserver recovery, and queued target seeks for the old owner.
• Preserve active-message behavior and timeline diagnostics while changing scroll ownership.

Hook shape:

const scrollController = createSessionTimelineScrollController({
  sessionOwner: props.sessionID,
  viewportOwner: timelineViewportOwner(),
  emitDiagnostic: rendererDiagnostics.emit,
});

const handleTimelineIntent = (intent: TimelineScrollIntent) => {
  const result = scrollController.intent(intent);
  applyTimelineRecovery(result.recovery);
};

const handleTimelineObservation = (observation: TimelineScrollObservation) => {
  const result = scrollController.observe(observation);
  applyTimelineRecovery(result.recovery);
};

Recovery application belongs near the actual viewport:

function applyTimelineRecovery(recovery: TimelineRecovery) {
  if (recovery.type === "none") return;
  queueMicrotask(() => {
    if (!isCurrentOwner()) return;
    restoreTimelineSafePosition({
      viewport: timelineViewport(),
      position:
        recovery.type === "restore_latest"
          ? { kind: "latest", messageID: newestMessageID() }
          : recovery.anchor,
      bottomSentinel: bottomSentinel(),
    });
  });
}

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts src/pages/session/session-timeline-scroll-anchors.test.ts
bun --cwd packages/app typecheck

Expected passing state: unit tests pass and typecheck succeeds.

Commit boundary:

git add packages/app/src/pages/session/use-session-timeline-interaction.ts packages/app/src/pages/session/message-timeline.tsx
git commit -m "feat: route session timeline scroll through controller"

7. Move History Window Ownership Into the Controller

• Inspect current use-session-history-window.ts mode, backfill, loadMore, and preserve-scroll behavior.
• Keep history window data fetching and rendered range calculation where they are if that keeps the change smaller.
• Move the decision "reading vs bottom vs hash" into controller state.
• Before load earlier/backfill/window changes, sample or reuse cached TimelineSafePosition.
• After the rendered window changes, restore the cached reading anchor.
• Add controller tests for:
  • reading old history while new output streams;
  • load earlier keeps the same anchor visible;
  • backfill does not jump to top or bottom;
  • manual bottom rejoin exits reading mode.

Important rule:

// Data/window code can decide which messages are rendered.
// Only the controller decides whether a rendered-window change should keep reading,
// target a message, or follow latest.

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts src/pages/session/session-timeline-scroll-anchors.test.ts
bun --cwd packages/app test src/pages/session/session-auto-scroll.test.ts

Expected passing state: old auto-scroll tests either still pass or are intentionally updated to the new controller behavior with the same user-visible contract.

Commit boundary:

git add packages/app/src/pages/session/use-session-history-window.ts packages/app/src/pages/session/use-session-timeline-interaction.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
git commit -m "refactor: fold history scroll ownership into controller"

8. Move Hash and Message Targeting Into the Controller

• Inspect packages/app/src/pages/session/use-session-hash-scroll.ts.
• Keep hash parsing and pending message lookup if they are already clean.
• Replace direct hash seek decisions with target_message controller intent.
• Use TimelineSafePosition with kind: "target_message" for pending target restore.
• Preserve current load_until_visible behavior for hash/message targets.
• Cancel pending target rAF on owner mismatch or detach.
• Emit distinct diagnostics for target visible, target still loading, and target exhausted.

Targeting flow:

controller.intent({
  type: "target_message",
  messageID,
  align: "nearest",
});

controller.observe({
  type: "window_changed",
  renderedStart,
  renderedCount,
  metrics: collectTimelineScrollMetrics(viewport),
});

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts src/pages/session/session-timeline-scroll-anchors.test.ts
bun --cwd packages/app typecheck

Expected passing state: target message tests pass and typecheck succeeds.

Commit boundary:

git add packages/app/src/pages/session/use-session-hash-scroll.ts packages/app/src/pages/session/use-session-timeline-interaction.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
git commit -m "refactor: fold message targeting into scroll controller"

9. Route Dock Resize Through the Controller

• Modify packages/app/src/pages/session/session-composer-region.tsx or the existing dock measurement source to report dock source metadata.
• Feed dock observations into the controller with:
  • dockKind;
  • previous height;
  • next height;
  • current metrics;
  • cached safe position.
• Preserve question, permission, todo, follow-up, revert, and prompt input dock behavior.
• Add tests that separate question dock, permission dock, todo dock, and prompt-height changes in diagnostics.
• Do not let dock resize alone change reading_history to following_latest.

Dock kind:

export type TimelineDockKind =
  | "composer"
  | "question"
  | "permission"
  | "todo"
  | "followup"
  | "revert"
  | "prompt";

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts src/context/renderer-diagnostics.test.ts
bun --cwd packages/app test src/pages/session/session-auto-scroll.test.ts

Expected passing state: dock resize diagnostics include source metadata and reading anchors are preserved.

Commit boundary:

git add packages/app/src/pages/session/session-composer-region.tsx packages/app/src/pages/session/use-session-scroll-dock.ts packages/app/src/pages/session/use-session-timeline-interaction.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts
git commit -m "refactor: route timeline dock resize through controller"

10. Centralize Wheel and Touch Gesture Strength

• Move strength calculation into one helper in session-timeline-scroll-controller.ts or a small adjacent helper if the file becomes too large.
• Use existing wheel normalization from message-gesture.ts where it already handles delta direction and nested scroll boundaries.
• Define strong gesture without viewport-width font or layout heuristics:
  • strong upward: accumulated upward main-timeline delta crosses a fixed pixel threshold or a fraction of viewport height within a short window;
  • strong downward: accumulated downward main-timeline delta reaches the same threshold;
  • nested scrollable child at its own scroll boundary does not count as main timeline intent;
  • text selection pointer movement does not count as scrollbar drag.
• Add tests for weak trackpad movement, strong upward leave, strong downward bottom rejoin, and nested scrollable content.

Helper shape:

export function classifyTimelineScrollGesture(input: {
  deltaY: number;
  viewportHeight: number;
  nestedScrollable: boolean;
  atNestedBoundary: boolean;
}): {
  direction: "up" | "down";
  strength: "weak" | "strong";
  nestedScrollable: boolean;
};

Verification:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts

Expected passing state: weak gestures never leave latest; strong gestures do; nested scrollable gestures do not pollute main timeline mode.

Commit boundary:

git add packages/app/src/pages/session/session-timeline-scroll-controller.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts packages/app/src/pages/session/message-timeline.tsx
git commit -m "feat: centralize timeline scroll gesture intent"

11. Add Deterministic E2E Coverage

• Create packages/app/e2e/session/session-scroll-controller.spec.ts.
• Use visible user paths first, then targeted DOM injection only for the impossible browser-layout-reset simulation.
• Cover forced submit-time top reset:
  • open a long session;
  • ensure viewport is at bottom;
  • submit;
  • force scrollTop = 0 during the submit protection window;
  • assert the viewport returns near latest and diagnostics show submit_restore_latest_after_top_reset.
• Cover explicit top navigation:
  • press Home or PageUp;
  • assert the controller accepts reading mode;
  • assert it does not force latest immediately.
• Cover manual bottom rejoin:
  • enter reading history;
  • drag or scroll down to bottom;
  • assert mode becomes following_latest;
  • append or stream new content;
  • assert the viewport follows latest.
• Cover reading anchor preservation:
  • scroll to an older visible message;
  • expand tool output or cause markdown/content resize;
  • assert the same message remains visible at the same approximate viewport offset.
• Cover hash/message target:
  • navigate to a message id not initially rendered;
  • assert target loads and remains visible;
  • assert diagnostics distinguish target loading from target visible.
• Cover session switch cleanup:
  • start a target or recovery;
  • switch session immediately;
  • assert no old owner restore runs on the new session.

E2E diagnostic assertion sketch:

await expect.poll(async () => {
  return await page.evaluate(() =>
    window.__pawworkRendererDiagnostics?.events?.some(
      (event) =>
        event.event === "session.timeline.scroll_controller" &&
        event.reason === "submit_restore_latest_after_top_reset" &&
        event.accepted === false,
    ),
  );
}).toBe(true);

Verification:

bun --cwd packages/app test:e2e -- e2e/session/session-scroll-controller.spec.ts

Expected passing state: the new E2E spec passes in isolation.

Commit boundary:

git add packages/app/e2e/session/session-scroll-controller.spec.ts packages/app/e2e/session/session-scroll-position.spec.ts
git commit -m "test: cover session timeline scroll ownership"

12. Remove Superseded Main-Timeline Scroll Decisions

• Search for remaining main-timeline callers that treat raw scroll samples as user intent.
• Keep createAutoScroll for non-main-timeline callers.
• Remove or narrow old bottom-follow lock paths that can cancel latest recovery based only on raw scroll.
• Remove duplicated history/hash scroll state once controller owns those decisions.
• Keep compatibility exports only if another real caller needs them.
• Update old tests to assert the same user-visible behavior through the controller.

Search commands:

rg "createAutoScroll|userScrolled|bottomFollowLock|markScrollGesture|preserveScroll|hashScroll" packages/app/src/pages/session packages/ui/src
rg "session.timeline.scroll_controller|incident.session_scroll_jump_to_top" packages/app/src packages/app/e2e

Verification:

bun --cwd packages/app test src/pages/session/session-auto-scroll.test.ts src/pages/session/session-timeline-scroll-controller.test.ts src/pages/session/session-timeline-scroll-anchors.test.ts src/context/renderer-diagnostics.test.ts
bun --cwd packages/app typecheck

Expected passing state: no main-timeline raw-scroll owner remains outside the controller, and all targeted tests pass.

Commit boundary:

git add packages/app/src/pages/session/use-session-scroll-dock.ts packages/app/src/pages/session/use-session-history-window.ts packages/app/src/pages/session/use-session-hash-scroll.ts packages/app/src/pages/session/use-session-timeline-interaction.ts packages/app/src/pages/session/message-timeline.tsx
git commit -m "refactor: remove duplicated timeline scroll owners"

13. Full Verification and Manual Desktop Check

• Run targeted unit tests:

bun --cwd packages/app test src/pages/session/session-timeline-scroll-controller.test.ts src/pages/session/session-timeline-scroll-anchors.test.ts src/context/renderer-diagnostics.test.ts src/pages/session/session-auto-scroll.test.ts

• Run UI component tests for ScrollView:

bun --cwd packages/ui test src/components/scroll-view.test.ts

• Run typecheck:

bun --cwd packages/app typecheck

• Run targeted E2E:

bun --cwd packages/app test:e2e -- e2e/session/session-scroll-controller.spec.ts

• Run the existing scroll-position E2E:

bun --cwd packages/app test:e2e -- e2e/session/session-scroll-position.spec.ts

• Start Electron:

bun run dev:desktop

• In Electron, manually verify:
  • long session submit from bottom does not jump to top;
  • question dock submit does not jump to top;
  • permission dock height change preserves the current reading position;
  • todo dock change preserves the current reading position;
  • tool output expansion while reading history keeps the same message visible;
  • hash/message navigation keeps the target visible;
  • user pressing Home/PageUp can intentionally go to older content;
  • user scrolling or dragging back to bottom rejoins latest;
  • stop/cancel during output does not run an old owner recovery;
  • quick session switch does not apply old session scroll recovery to the new session.

Expected passing state: all targeted checks pass. If Electron manual verification is blocked, document the exact blocker in the PR body and do not describe the desktop path as verified.

Commit boundary:

git status --short
git log --oneline --decorate -n 8

If the final cleanup changes only test names, imports, or obsolete helper exports:

git add packages/app/src/pages/session/session-timeline-scroll-controller.ts packages/app/src/pages/session/session-timeline-scroll-controller.test.ts packages/app/src/pages/session/session-timeline-scroll-anchors.ts packages/app/src/pages/session/session-timeline-scroll-anchors.test.ts packages/app/src/pages/session/message-timeline.tsx packages/app/src/pages/session/use-session-timeline-interaction.ts
git commit -m "chore: clean up session scroll controller integration"

PR Body Checklist

Include:

• Root cause: main session timeline had multiple scroll owners, so raw layout movement could masquerade as user scroll intent.
• Fix: one controller owns mode, intent, observations, anchors, recovery, owner cleanup, and diagnostics.
• User-visible behavior:
  • submit from bottom stays near latest;
  • real Home/PageUp/drag-up navigation is respected;
  • reading history is preserved through streaming and resize;
  • dragging or scrolling back to bottom rejoins latest;
  • hash/message targeting remains visible.
• Diagnostics:
  • new session.timeline.scroll_controller event;
  • distinct reasons for forced top reset and explicit navigation.
• Verification commands with pass/fail output.
• Electron manual verification result.
• Follow-up: issue [Task] Optimize long session timeline rendering to prevent streaming flicker #397 remains the virtualization/performance follow-up and is not fixed by this PR.

Review Notes for Implementers

• Do not let the controller infer user intent from scrollTop alone.
• Do not let ScrollView decide session timeline mode.
• Do not let createAutoScroll own main timeline userScrolled semantics after integration.
• Do not preserve reading by raw scrollTop when a message anchor is available.
• Do not broaden this into timeline virtualization.
• Do not leave recovery rAF/timers alive after owner detach.
• Do not collapse all diagnostics into one generic reason; the export must explain why the controller accepted or rejected a movement.

Self-Review Checklist

• Every code-writing task has a concrete file path.
• Every behavior change has a test before or in the same task.
• Every task has a verification command.
• Main timeline has one mode owner at the end.
• Keyboard and scrollbar intent enter before mechanical scroll.
• Safe position uses message id plus viewport offset for reading.
• Submit-time near-top observation without explicit intent is illegal and recoverable.
• Explicit user top navigation is legal.
• Explicit user bottom navigation rejoins latest.
• Cached safe anchor handles after-layout resize and streaming changes.
• Diagnostics reasons are typed, specific, and extensible.
• Session owner cleanup is tested.
• Electron manual verification is recorded before opening the implementation PR.

[Astro-Han]

Plan execution fixes after subagent review

This supersedes the execution details in the previous implementation plan while keeping the accepted V2 product/design direction. The issue is not the architecture direction; the plan needed sharper execution boundaries so the implementation does not get stuck in a half-old, half-new scroll owner state.

Must-fix plan corrections

1. Use real focused test commands. In packages/app, bun --cwd packages/app test <file> expands through the package script and runs ./src. Focused unit commands must be direct Bun invocations from the package directory, for example:

(cd packages/app && bun test --preload ./happydom.ts ./src/context/renderer-diagnostics.test.ts ./src/pages/session/session-timeline-scroll-controller.test.ts)

E2E should use the existing package entry style:

bun run --cwd packages/app test:e2e -- session/session-scroll-controller.spec.ts

2. Diagnostics must match the existing renderer API. The new event is name: "session.timeline.scroll_controller"; controller-specific fields go under data. E2E must use the existing renderer diagnostics capture helpers and assert event.name plus event.data.reason, not a new event field or a new window.__pawworkRendererDiagnostics global.

3. Avoid a mid-PR double-owner state. The first integration step is passive only: create the controller, feed intents/observations, and emit diagnostics while old behavior still owns scrolling. The ownership switch happens later in one coherent step that connects submit/latest recovery, history/hash anchors, dock observations, and cleanup runtime.

4. Move gesture classification earlier. Home, PageUp, End, scrollbar drag, wheel, and touch must be classified before controller integration. The controller must not use generic hasScrollGesture() as proof that a layout reset was user intent.

5. Split pure controller from DOM runtime. The pure controller returns recovery commands. The runtime near use-session-timeline-interaction.ts owns rAF/timers/ResizeObserver/target seek queues and cancels them with an owner token/generation on detach or session switch.

6. Anchor helper tests must stub geometry. happydom will not provide real layout. Tests must explicitly stub clientHeight, scrollHeight, scrollTop, and getBoundingClientRect. Main timeline message rows already have data-message-id; do not add another attribute unless the current markup changes.

7. Dock source metadata must be derived in the composer layer. setPromptDockRef observes an aggregate root, so diagnostics need an explicit dockKind or dockKinds value from composer state instead of guessing from ResizeObserver alone.

8. Keep E2E focused. New E2E should lock the highest-risk paths: submit forced top reset with recent gesture, explicit Home/PageUp being respected, and owner/session-switch cleanup. Reading/hash/dock coverage should be mostly controller/anchor unit tests plus small extensions to existing specs.

Revised local commit split

1. Controller contract, typed diagnostic builder, and pure controller tests.
2. Anchor helper plus geometry-stub fixture tests.
3. ScrollView intent ingress and centralized gesture classifier.
4. Passive controller integration: feed intent/observation and diagnostics, old behavior still owns scrolling.
5. Switch submit/latest recovery to controller and add forced top reset E2E.
6. Connect reading/hash anchors through the controller and keep existing scroll-position coverage green.
7. Connect dock metadata and owner cleanup runtime, then remove superseded main-timeline raw-scroll ownership.
8. Final targeted E2E, typecheck, Electron manual verification, PR template.

This keeps one final PR, but each local commit remains review-sized and reversible.