feat(session): trace lifecycle close provenance

[Astro-Han]

Summary

Adds lifecycle close provenance to run observability diagnostics. Instance reload/dispose paths now create bounded lifecycle action IDs, propagate them through run-state interrupts, and classify known local lifecycle closes separately from unknown scope closes.

Why

PR #788 added the run-level diagnostic spine for #783, but local scope-close failures still stopped at unknown_scope_close when the parent instance lifecycle action was missing. This PR makes exports answer whether an in-flight run was interrupted by InstanceStore.reload, dispose, disposeDirectory, or disposeAll without changing retry behavior or user-facing copy.

Related Issue

Part of #783. This does not close #783's related follow-up space, and it does not close #721 or #755.

Human Review Status

Pending

Review Focus

• Whether lifecycle action IDs stay bounded and do not leak paths, prompts, or tool inputs.
• Whether disposeAll fan-out correctly shares one parent action across affected in-flight runs.
• Whether the run-state fallback keeps the true propagation point while adding lifecycle provenance.
• Whether the review follow-up stack handling correctly preserves overlapping lifecycle actions.
• Whether the processor context capture avoids static instance-directory reads in multi-instance paths.

Risk Notes

• Diagnostic-only change: no automatic retry, UI copy, provider credentials, or runtime replacement.
• Visible UI/copy check skipped: no visible UI or copy changed.
• Platform/packaging check considered: this touches instance/session lifecycle only, with no macOS/Windows packaging, updater, signing, shell, permission, or installer surface.
• [Bug] First-turn tool execution aborted without recorded source — model stops, user must resend #721 and [Bug] 30s LLM connect timeout aborts OpenAI reasoning streams (post-#729 residual) #755 behavior fixes remain separate; this PR only improves causal exports.

How To Verify

Run observability + run-state + export tests: bun test test/session/run-observability.test.ts test/session/run-state.test.ts test/session/export.test.ts --timeout 30000 — 54 pass, 0 fail
Typecheck: bun run typecheck from packages/opencode — passed
Whitespace check: git diff --check HEAD~2..HEAD — passed

Screenshots or Recordings

Not applicable — no visible UI changes.

Checklist

How to use this checklist:

• Tick a box by replacing [ ] with [x]. Do not edit, add, or remove items.
• The bot-applied label items can only be honestly ticked AFTER the PR is opened and the labeler / priority-triage bots have run — return to the PR description and tick them then.
• Most items are required. The few that are conditional are explicitly marked (conditional); for those, leave unticked if they truly do not apply and explain why in Risk Notes. All other items must be ticked before requesting human review.

• Type label — this PR carries exactly one of bug, enhancement, task, documentation. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this.
• Routing labels — this PR carries at least one of app, ui, platform, harness, ci. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this.
• Priority label — this PR carries exactly one of P0, P1, P2, P3. The priority-triage bot suggests one on PR open. Confirm or override, then tick this.
• Human Review Status above is set to Pending, Approved by @<reviewer>, or Not required: <reason> (default is Pending; "not required" is restricted to bot-authored low-risk PRs).
• I linked the related issue, or stated in Summary why there is no issue.
• I described the review focus and any meaningful risks.
• I replaced the example block in How To Verify with the real verification steps and the key result for each.
• I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope.
• (conditional) I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed.
• (conditional) I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched.
• (conditional) I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched.
• I reviewed the final diff for unrelated changes and suspicious dependency changes.
• I am targeting dev, and my PR title and commit messages use Conventional Commits in English.

[coderabbitai]

Warning

Rate limit exceeded

@Astro-Han has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 32 minutes and 17 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c6ef3e8c-e41f-4087-a105-485ece19fa26

📥 Commits

Reviewing files that changed from the base of the PR and between 120fea0 and acb7330.

📒 Files selected for processing (9)

• packages/opencode/src/effect/runner.ts
• packages/opencode/src/project/instance-store.ts
• packages/opencode/src/session/lifecycle-provenance.ts
• packages/opencode/src/session/processor.ts
• packages/opencode/src/session/run-observability/recorder.ts
• packages/opencode/src/session/run-observability/types.ts
• packages/opencode/src/session/run-state.ts
• packages/opencode/test/session/run-observability.test.ts
• packages/opencode/test/session/run-state.test.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/i783-lifecycle-provenance

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Suggested priority: P2 (includes non-doc, non-test paths outside the low-risk bucket).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.

[gemini-code-assist]

Code Review

This pull request introduces a lifecycle provenance tracking system to categorize session interruptions, such as instance reloads or disposals. It adds a new lifecycle-provenance utility, updates the Runner and SessionRunState to propagate lifecycle metadata, and enhances the observability recorder to include these details in session summaries. Feedback identifies a potential race condition in the withLifecycleCloseAction utility due to the use of a global map with asynchronous operations, suggesting FiberRef as a safer alternative. Additionally, there is a concern regarding the use of a static Instance.directory reference in the session processor, which may not behave correctly in multi-instance environments.

[Astro-Han]

Back-reference from #808.

This merged lifecycle close provenance PR is a foundation for the Run Incident Framework. #808 keeps #794 as the provenance base and scopes the next work into lifecycle causality (#802), transport interruption classification (#803), and safe recovery UX (#804).