fix(gateway): clear completed session active runs

[scotthuang]

Summary

What problem does this PR solve?

• Fixes a gateway/session-state race where a completed chat run can still be reported as active after terminal lifecycle delivery.
• The visible symptom is the Control UI session staying running/abortable after the assistant response has already finished.

Why does this matter now?

• Issue fix(ui): webchat run-status-label stuck on "In progress" after model call ends #86939 was closed by fix(ui): ignore stale running session rows #87017, but a later repro showed a different stale state: status: "running" with hasActiveRun: true.
• fix(ui): ignore stale running session rows #87017 fixed the UI predicate for hasActiveRun: false; this PR fixes the gateway source of the stale hasActiveRun: true projection.

What is the intended outcome?

• Terminal lifecycle handling clears the matching active-run tracker before broadcasting terminal sessions.changed, so a follow-up sessions.list cannot revive hasActiveRun: true for a completed run.

What is intentionally out of scope?

• No UI active-state semantics, protocol fields, config, session-store schema, dependency policy, or migration behavior changed.

What does success look like?

• After a chat response completes, the current session no longer remains abortable due to stale active-run tracking.
• Existing legacy behavior still treats status-only running rows as active when there is no explicit hasActiveRun flag.

What should reviewers focus on?

• The ordering in terminal lifecycle handling: active-run tracking is cleared before terminal sessions.changed is broadcast.
• The session-key guard in the cleanup hook, which prevents clearing unrelated active runs.
• Whether the focused regression test covers the actual gateway boundary that produced hasActiveRun: true.

Linked context

Which issue does this close?

Closes #86939

Which issues, PRs, or discussions are related?

Related #87017

Was this requested by a maintainer or owner?

No direct maintainer request for this follow-up PR; it follows up on the user-visible issue and the merged partial fix in #87017.

Prior fix analysis

Related PR #87017 fixed the UI-side stale-row variant where the gateway returned status: "running" with hasActiveRun: false.

• What fix(ui): ignore stale running session rows #87017 changed: isSessionRunActive now treats an explicit boolean hasActiveRun as authoritative when the row is not terminal, so status: "running" + hasActiveRun: false no longer keeps the WebChat UI abortable.
• Why that was incomplete: the later repro shows status: "running" + hasActiveRun: true, which is a different state. With fix(ui): ignore stale running session rows #87017 applied, the UI correctly returns active for that row because an explicit live-run flag means the session is abortable.
• Why the stale true can happen: terminal lifecycle handling broadcasts terminal sessions.changed before the chat send .finally() path clears chatAbortControllers; meanwhile sessions.list computes hasActiveRun directly from chatAbortControllers.
• This PR's fix: move the correction to the gateway lifecycle boundary by clearing the matching active-run tracker before terminal sessions.changed broadcasts.

Real behavior proof (required for external PRs)

• Behavior or issue addressed: completed chat runs no longer leave the current Control UI session marked as running/abortable because terminal lifecycle cleanup clears matching active-run tracking before terminal session-change notifications.
• Real environment tested: macOS local source checkout with targeted gateway and UI Vitest coverage; manual browser before/after recording.
• Exact steps or command run after this patch:

node scripts/run-vitest.mjs src/gateway/server-chat.agent-events.test.ts -- -t "clears tracked active runs|broadcasts terminal session status|aborted chat run markers"
node scripts/run-vitest.mjs ui/src/ui/session-run-state.test.ts ui/src/ui/controllers/sessions.test.ts -- -t "stale running|explicit live-run|revives active state|terminal"
node scripts/run-vitest.mjs src/gateway/server.sessions.list-changed.test.ts -- -t "sessions.list marks rows with tracked active chat runs"
node scripts/run-oxlint.mjs src/gateway/server-chat.ts src/gateway/server-runtime-subscriptions.ts src/gateway/server-chat.agent-events.test.ts
git diff --check
.agents/skills/autoreview/scripts/autoreview --mode local

• Evidence after fix (screenshot, recording, terminal capture, console output, redacted runtime log, linked artifact, or copied live output):

After-fix recording showing Control UI session correctly exits abortable state after chat completion:

2026-05-29.3.51.07.mov

Targeted tests pass, lint passes, diff whitespace check passes, and autoreview reported no accepted/actionable findings.

• Observed result after fix: terminal lifecycle handling clears the matching tracked active run before terminal sessions.changed broadcasts, preventing follow-up sessions.list from reviving hasActiveRun: true for the completed run.
• What was not tested: broad full-suite, package, and cross-OS proof were not run for this narrow gateway-state fix.
• Proof limitations or environment constraints: none; before/after browser recordings attached.
• Before evidence (optional but encouraged):

Before-fix recording showing the stuck abortable state:

2026-05-29.3.45.26.mov

Tests and validation

Which commands did you run?

node scripts/run-vitest.mjs src/gateway/server-chat.agent-events.test.ts -- -t "clears tracked active runs|broadcasts terminal session status|aborted chat run markers"
node scripts/run-vitest.mjs ui/src/ui/session-run-state.test.ts ui/src/ui/controllers/sessions.test.ts -- -t "stale running|explicit live-run|revives active state|terminal"
node scripts/run-vitest.mjs src/gateway/server.sessions.list-changed.test.ts -- -t "sessions.list marks rows with tracked active chat runs"
node scripts/run-oxlint.mjs src/gateway/server-chat.ts src/gateway/server-runtime-subscriptions.ts src/gateway/server-chat.agent-events.test.ts
git diff --check
.agents/skills/autoreview/scripts/autoreview --mode local

What regression coverage was added or updated?

• Added src/gateway/server-chat.agent-events.test.ts coverage asserting terminal lifecycle handling clears tracked active runs before terminal sessions.changed broadcasts.
• Existing UI/session tests were rerun to confirm fix(ui): ignore stale running session rows #87017's active-state semantics still hold.
• Existing sessions.list coverage was rerun to confirm hasActiveRun is still projected from live active-run tracking.

What failed before this fix, if known?

• The gateway could publish terminal session state while chatAbortControllers still contained the completed run, allowing a subsequent sessions.list response to report hasActiveRun: true.

If no test was added, why not?

N/A; this PR adds targeted regression coverage.

Risk checklist

Did user-visible behavior change? (Yes/No)

Yes.

Did config, environment, or migration behavior change? (Yes/No)

No.

Did security, auth, secrets, network, or tool execution behavior change? (Yes/No)

No.

What is the highest-risk area?

• Clearing active-run tracking earlier than the existing chat send .finally() cleanup path.

How is that risk mitigated?

• Cleanup is limited to terminal lifecycle events.
• The cleanup hook checks the matching session key before deleting anything.
• It only attempts the provider run id and client run id for the completed run.
• The existing .finally() cleanup remains idempotent.

Current review state

What is the next action?

• Maintainer review of the gateway lifecycle cleanup ordering; accept or request broader proof.

What is still waiting on author, maintainer, CI, or external proof?

• CI: pending after body update.
• Maintainer: review the gateway lifecycle cleanup ordering and accept or request broader proof.

Which bot or reviewer comments were addressed?

• Local autoreview was run and reported no accepted/actionable findings.
• This PR also addresses the gap left by fix(ui): ignore stale running session rows #87017: fix(ui): ignore stale running session rows #87017 fixed hasActiveRun: false; this follow-up handles stale hasActiveRun: true at the gateway source.

[clawsweeper]

Codex review: needs maintainer review before merge. Reviewed May 28, 2026, 4:45 PM ET / 20:45 UTC.

Summary
The PR adds an in-memory active-run projection flag and lifecycle cleanup hook so completed chat runs stop appearing active in sessions.list while the chat.send retry guard remains alive until normal cleanup.

PR surface: Source +25, Tests +125. Total +150 across 6 files.

Reproducibility: yes. Source inspection shows current main can broadcast terminal session changes while chatAbortControllers still projects hasActiveRun, and the attached before recording shows the visible stuck In progress/Stop state.

Review metrics: 2 noteworthy metrics.

• Active-run projection surface: 1 field added, 2 projection paths changed. The patch changes which in-memory chat runs appear as active without removing the retry/idempotency guard.
• Current head checks: 2 failed check jobs observed with annotations outside touched files. The failures do not look introduced by the gateway diff, but maintainers still need green required checks or explicit acceptance before merge.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🦞 diamond lobster ✨ media proof bonus
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

• none.

Risk before merge

• [P1] The PR intentionally changes gateway session-state timing: terminal lifecycle now hides a run from sessions.list before chat.send finally settles, so maintainers should accept that completed runs are no longer user-abortable during that short retry-guard window.
• [P1] The public head check query still shows failing lint/extension jobs with annotations outside touched gateway files; merge should wait for required checks to go green or for explicit maintainer acceptance of those failures.

Maintainer options:

1. Accept lifecycle-ordering fix after checks (recommended)
   If maintainers agree terminal lifecycle should end user abortability before chat.send final cleanup, land once required checks are green or explicitly accepted.
2. Ask for broader retry-window proof
   Request one focused same-key retry or live gateway/browser proof if maintainers want more confidence around the terminal-to-finally window.
3. Pause for Stop semantics decision
   Pause if Stop must remain available until chat.send finally resolves rather than until terminal lifecycle completion.

Next step before merge

• [P2] Maintainer review should accept or reject the session-state lifecycle timing and required-check state; there is no narrow automated repair indicated from this review.

Security
Cleared: The diff changes in-memory gateway run-state projection and regression tests only; no concrete security or supply-chain regression was found.

Review details

Best possible solution:

Land the gateway-boundary fix after required checks are green or explicitly accepted, keeping the in-memory retry guard while excluding terminal runs from sessions.list active projection.

Do we have a high-confidence way to reproduce the issue?

Yes. Source inspection shows current main can broadcast terminal session changes while chatAbortControllers still projects hasActiveRun, and the attached before recording shows the visible stuck In progress/Stop state.

Is this the best way to solve the issue?

Yes. Fixing the gateway projection boundary is narrower and more maintainable than another UI-only predicate because sessions.list stops reintroducing stale hasActiveRun: true while chat.send idempotency remains protected.

AGENTS.md: found and applied where relevant.

Codex review notes: model gpt-5.5, reasoning high; reviewed against 607e6c206f4f.

Label changes

Label changes:

• add proof: sufficient: Contributor real behavior proof is sufficient. The before/after browser recordings directly show the stuck abortable state before and the completed non-abortable state after; posted proof should continue to redact private details such as IPs, tokens, phone numbers, and non-public endpoints.

Label justifications:

• P2: This is a focused gateway/session-state bug fix with limited blast radius but visible Control UI impact.
• merge-risk: 🚨 session-state: The patch changes when completed chat runs stop projecting as active in gateway session state.
• merge-risk: 🚨 message-delivery: The changed terminal-to-finally window interacts with chat.send retry/idempotency behavior, where a regression could duplicate or mishandle a retried prompt.
• rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🦞 diamond lobster and patch quality is 🐚 platinum hermit.
• status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Sufficient (recording): The before/after browser recordings directly show the stuck abortable state before and the completed non-abortable state after; posted proof should continue to redact private details such as IPs, tokens, phone numbers, and non-public endpoints.
• proof: sufficient: Contributor real behavior proof is sufficient. The before/after browser recordings directly show the stuck abortable state before and the completed non-abortable state after; posted proof should continue to redact private details such as IPs, tokens, phone numbers, and non-public endpoints.
• proof: 🎥 video: Contributor real behavior proof includes video or recording evidence. The before/after browser recordings directly show the stuck abortable state before and the completed non-abortable state after; posted proof should continue to redact private details such as IPs, tokens, phone numbers, and non-public endpoints.

Evidence reviewed

PR surface:

Source +25, Tests +125. Total +150 across 6 files.

View PR surface stats

Area	Files	Added	Removed	Net
Source	4	26	1	+25
Tests	2	125	0	+125
Docs	0	0	0	0
Config	0	0	0	0
Generated	0	0	0	0
Other	0	0	0	0
Total	6	151	1	+150

What I checked:

• Root and scoped policy read: Root and gateway-scoped AGENTS.md files were read fully; the review applied the gateway/session-state and whole-surface merge-risk guidance. (AGENTS.md:1, 607e6c206f4f)
• Current-main race source: Current main broadcasts terminal sessions.changed from lifecycle handling before chat.send .finally() removes the active abort-controller entry. (src/gateway/server-chat.ts:464, 607e6c206f4f)
• Current-main active projection: Current main derives active session rows directly from chatAbortControllers, so a completed run can still project hasActiveRun: true during the cleanup window. (src/gateway/server-methods/sessions.ts:696, 607e6c206f4f)
• PR fix shape: The PR adds projectSessionActive, clears that projection for matching terminal runs before broadcasting terminal session changes, and makes sessions.list ignore entries where the flag is false. (src/gateway/server-runtime-subscriptions.ts:45, 8f8dbab281a9)
• Retry/idempotency concern addressed: The follow-up commit changed the first attempt's deletion into a projection-only flag so chatAbortControllers can still guard same-key chat.send retries until normal cleanup. (src/gateway/chat-abort.ts:15, 8f8dbab281a9)
• Regression coverage: The patch adds tests for terminal cleanup ordering, keeping retry guards while hiding terminal projection, and sessions.list ignoring terminal abortable runs kept for retry guards. (src/gateway/server-chat.agent-events.test.ts:1849, 8f8dbab281a9)

Likely related people:

• steipete: Local blame for the current terminal lifecycle and sessions.list projection functions points to Peter Steinberger, and the merged related UI fix was authored/merged under this handle. (role: recent area contributor; confidence: high; commits: 503d8d554270, bb48fcf36a2d, fa52b25f4ed3; files: src/gateway/server-chat.ts, src/gateway/server-methods/sessions.ts, ui/src/ui/session-run-state.ts)
• samzong: Public file history shows recent gateway lifecycle cleanup and deferred lifecycle error work in the same server-chat.ts area. (role: adjacent lifecycle contributor; confidence: medium; commits: bc2d501b1dcb, 9d56f4aa14a8, bb8aa0cfe2b0; files: src/gateway/server-chat.ts, src/gateway/chat-abort.ts)
• BunsDev: Public file history shows recent webchat live transcript run-state and chat timeout fallback work touching nearby active-run/session behavior. (role: adjacent active-run contributor; confidence: medium; commits: 119a01c82998, b4f69286fde8; files: src/gateway/server-chat.ts, src/gateway/server-runtime-subscriptions.ts, src/gateway/chat-abort.ts)

What the crustacean ranks mean

• 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
• 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
• 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
• 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
• 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
• 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
• 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works

• ClawSweeper keeps one durable marker-backed review comment per issue or PR.
• Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
• A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
• PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
• Maintainers can also comment @clawsweeper review to request a fresh review only.
• Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
• Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
• Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

[scotthuang]

@clawsweeper review

I pushed a follow-up commit addressing the retry/idempotency guard concern by keeping the chatAbortControllers entry alive while hiding terminal runs from the sessions-list active projection. Please review the latest head.

[clawsweeper]

🦞🧹
ClawSweeper re-review requested.

I asked ClawSweeper to review this item again.
Action: item re-review queued (workflow sweep.yml, event repository_dispatch).
Result: the existing ClawSweeper review comment will be edited in place when the review finishes.

Re-review progress:

• State: Complete
• Detail: The targeted re-review finished, the durable review comment was updated, and the synced verdict was routed.
• Run: https://github.com/openclaw/clawsweeper/actions/runs/26600379115
• Updated: 2026-05-28T20:37:28.249Z

[Takhoffman]

@clawsweeper ask explain this risk a bit more please: The PR intentionally changes gateway session-state timing: terminal lifecycle now hides a run from sessions.list before chat.send finally settles, so maintainers should accept that completed runs are no longer user-abortable during that short retry-guard window.

is it mitigable?

[clawsweeper]

🦞👀
ClawSweeper assist is taking a look at your question.

I queued a lightweight read-only assist pass. It will post a separate answer comment and will not edit the durable ClawSweeper review comment or trigger close, merge, repair, label, or branch changes.

Request: explain this risk a bit more please: The PR intentionally changes gateway session-state timing: terminal lifecycle now hides a run from sessions.list before chat.send finally settles, so maintainers should accept that completed runs are no longer user-abortable during that short retry-guard window. is it mitigable?

[clawsweeper]

ClawSweeper assist: The risk is that sessions.list becomes a UI projection, not a literal “there is still an abort controller entry” view. After terminal lifecycle, the run is hidden as active/abortable even though the chatAbortControllers entry may remain briefly as a chat.send retry/idempotency guard. So a user should not be offered Stop/Abort for a run the gateway already considers terminal.

It looks partly mitigated already: the follow-up commit preserves the controller entry and only sets projectSessionActive = false, so retry/idempotency behavior remains while session active-state stops advertising the completed run as abortable. Further mitigation would be a correctness review of whether any real abort path still needs that short terminal-afterglow to appear abortable.

Evidence:

• PR head 8f8dbab281a9e802cccaf847f30e018439569519 added projectSessionActive?: boolean to src/gateway/chat-abort.ts.
• src/gateway/server-methods/sessions.ts now excludes entries with projectSessionActive === false from active session projection.
• src/gateway/server-runtime-subscriptions.ts keeps the map entry but sets entry.projectSessionActive = false only when the stored sessionKey matches.
• Added test: sessions.list ignores terminal abortable runs kept for retry guards.
• Author comment says the follow-up keeps chatAbortControllers alive while hiding terminal runs from sessions.list.

Suggested next action: Ask @clawsweeper review if you want a full correctness pass on whether any abort/retry/reconnect path depends on terminal runs remaining visible as active.

---

Source: #87767 (comment)
Assist model: gpt-5.5, reasoning low.

[Takhoffman]

@clawsweeper visualize

[clawsweeper]

🦞👀
ClawSweeper visual brief is being prepared.

I queued a read-only visual pass. It will create or update one marker-backed visual brief comment and will not trigger close, merge, repair, label, or branch changes.

Lens: auto

[clawsweeper]

Source: #87767 (comment)
Visual model: gpt-5.5, reasoning low.

Visual brief

Lens: state

Advisory only. Maintainers remain the final judges.

Problem path before this PR

chat run completes
      |
      v
terminal lifecycle delivered
      |
      v
sessions.changed broadcast
      |
      v
sessions.list sees chatAbortControllers entry still present
      |
      v
hasActiveRun: true
      |
      v
🐛 Control UI keeps session abortable/running after response finished

Proposed path in this PR

chat run completes
      |
      v
terminal lifecycle delivered
      |
      v
mark matching run as not projected active
      |
      +------------------------------+
      |                              |
      v                              v
sessions.changed broadcast       chatAbortControllers entry remains
      |                          as retry/idempotency guard
      v                              |
sessions.list excludes it            v
      |                          normal cleanup later
      v
✅ hasActiveRun: false
      |
      v
✅ Control UI exits abortable/running state

State split introduced by the follow-up commit

+------------------------------+------------------------------+
| User/session projection      | Internal retry guard         |
+------------------------------+------------------------------+
| ✅ projectSessionActive=false | ✅ map entry remains present |
| ✅ not shown as abortable     | ✅ retry/idempotency retained|
| ✅ sessions.list reports idle | ✅ finally cleanup unchanged |
+------------------------------+------------------------------+

Guardrails shown in supplied diff

✅ only terminal lifecycle path calls clearTrackedActiveRun
✅ cleanup checks matching sessionKey before changing entry
✅ tries both provider run id and client run id
✅ sessions.list only filters entries with projectSessionActive === false
⚠️ UI projection no longer means "abort controller entry exists"

Maintainer judgment point

Before:
  active controller entry == user-visible abortable session

After:
  active controller entry may briefly exist for retry/idempotency
  while user-visible session is no longer abortable

🧑‍⚖️ Decide whether that short terminal-afterglow should be hidden from users.

Proof snapshot:

✅ before/after browser recordings supplied
✅ targeted gateway regression test added
✅ sessions.list projection test added
✅ targeted UI/session tests rerun
✅ lint, diff check, local autoreview reported passing
⚠️ broad full-suite, package, and cross-OS proof not supplied
⚠️ prior review noted required checks were still unstable/pending in available context

Maintainer ruling

Benefit: Completed chat runs should stop leaving the Control UI stuck in a running/abortable state.

Risk: Gateway session projection now intentionally diverges from raw in-memory abort-controller presence during a short retry/idempotency guard window.

Proof needed: Maintainer confidence that no real abort, retry, reconnect, or message-delivery path depends on terminal runs remaining user-visible as abortable during that window; confirm current required checks.

Recommended next action: Review the gateway lifecycle ordering and the projectSessionActive projection split, then decide whether the supplied targeted proof is enough or broader CI/cross-path proof is needed.

Question presented: Is it acceptable for terminal runs to remain internally guarded while no longer being advertised through sessions.list as active/abortable?

[Takhoffman]

@clawsweeper automerge

[clawsweeper]

🦞🔧
ClawSweeper automerge is enabled.

• Head: 8f8dbab281a9
• Label: clawsweeper:automerge
• Action: repair worker queued. Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977
• Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

• 2026-05-28 22:36:53 UTC review queued 8f8dbab281a9 (queued)

• 2026-05-28 22:37:39 UTC repair queued 8f8dbab281a9 (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977

• 2026-05-28 22:40:15 UTC repair started (running) in 0s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 automerge-openclaw-openclaw-87767

• 2026-05-28 22:40:31 UTC validation plan (passed) in 17s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 pnpm check:changed; pnpm lint; pnpm check:test-types

• 2026-05-28 22:40:42 UTC Codex write preflight (passed) in 28s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 danger-full-access

• 2026-05-28 22:55:24 UTC Codex edit 1 5efc9c2fb0f9 (complete) in 15m 10s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 exit 0

• 2026-05-28 23:12:38 UTC validation and review 1 e4d4995cf885 (base moved) in 32m 24s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 rebased

• 2026-05-28 23:13:25 UTC repair finished e4d4995cf885 (opened) in 33m 11s Run: https://github.com/openclaw/clawsweeper/actions/runs/26606382977 open_fix_pr

[clawsweeper]

ClawSweeper 🐠 reef update

Thanks for the work here. GitHub would not let ClawSweeper push to this branch with the available credentials, so the fix moved to a narrow replacement PR. nothing personal, just permission currents.

Why replacement: ClawSweeper could not update the source PR branch directly; GitHub did not grant sufficient push rights to the bot for that branch.
Replacement PR: #87810
Why close: this run explicitly closes the superseded source PR after the credited replacement PR is open, so review continues in one place.
This closeout is intentional for this run: the replacement PR is now the active review lane.
The replacement PR keeps the contributor trail visible for review and release notes.
Co-author credit kept:

• @scotthuang: Co-authored-by: scotthuang 1670837+scotthuang@users.noreply.github.com

fish notes: model gpt-5.5, reasoning high; reviewed against e4d4995.