main.tsx

// These side-effects must run before all other imports:
// 1. profileCheckpoint marks entry before heavy module evaluation begins
// 2. startMdmRawRead fires MDM subprocesses (plutil/reg query) so they run in
//    parallel with the remaining ~135ms of imports below
// 3. startKeychainPrefetch fires both macOS keychain reads (OAuth + legacy API
//    key) in parallel — isRemoteManagedSettingsEligible() otherwise reads them
//    sequentially via sync spawn inside applySafeConfigEnvironmentVariables()
//    (~65ms on every macOS startup)
import { profileCheckpoint, profileReport } from "./utils/startupProfiler.js";

// eslint-disable-next-line custom-rules/no-top-level-side-effects
profileCheckpoint("main_tsx_entry");

import { startMdmRawRead } from "./utils/settings/mdm/rawRead.js";

// eslint-disable-next-line custom-rules/no-top-level-side-effects
startMdmRawRead();

import {
	ensureKeychainPrefetchCompleted,
	startKeychainPrefetch,
} from "./utils/secureStorage/keychainPrefetch.js";

// eslint-disable-next-line custom-rules/no-top-level-side-effects
startKeychainPrefetch();

import { feature } from "bun:bundle";
import {
  Command as CommanderCommand,
  InvalidArgumentError,
  Option,
} from '@commander-js/extra-typings'
import chalk from 'chalk'
import { readFileSync } from 'fs'
import mapValues from 'lodash-es/mapValues.js'
import pickBy from 'lodash-es/pickBy.js'
import uniqBy from 'lodash-es/uniqBy.js'
import React from 'react'
import { getOauthConfig } from './constants/oauth.js'
import { getRemoteSessionUrl } from './constants/product.js'
import { getSystemContext, getUserContext } from './context.js'
import { init, initializeTelemetryAfterTrust } from './entrypoints/init.js'
import { addToHistory } from './history.js'
import type { Root } from '@anthropic/ink'
import { launchRepl } from './replLauncher.js'
import {
	hasGrowthBookEnvOverride,
	initializeGrowthBook,
	refreshGrowthBookAfterAuthChange,
} from "./services/analytics/growthbook.js";
import { fetchBootstrapData } from "./services/api/bootstrap.js";
import {
	type DownloadResult,
	downloadSessionFiles,
	type FilesApiConfig,
	parseFileSpecs,
} from "./services/api/filesApi.js";
import { prefetchPassesEligibility } from "./services/api/referral.js";
import type {
	McpSdkServerConfig,
	McpServerConfig,
	ScopedMcpServerConfig,
} from "./services/mcp/types.js";
import {
	isPolicyAllowed,
	loadPolicyLimits,
	refreshPolicyLimits,
	waitForPolicyLimitsToLoad,
} from "./services/policyLimits/index.js";
import {
	loadRemoteManagedSettings,
	refreshRemoteManagedSettings,
} from "./services/remoteManagedSettings/index.js";
import type { ToolInputJSONSchema } from "./Tool.js";
import {
	createSyntheticOutputTool,
	isSyntheticOutputToolEnabled,
} from "@claude-code-best/builtin-tools/tools/SyntheticOutputTool/SyntheticOutputTool.js";
import { getTools } from "./tools.js";
import {
	canUserConfigureAdvisor,
	getInitialAdvisorSetting,
	isAdvisorEnabled,
	isValidAdvisorModel,
	modelSupportsAdvisor,
} from "./utils/advisor.js";
import { isAgentSwarmsEnabled } from "./utils/agentSwarmsEnabled.js";
import { count, uniq } from "./utils/array.js";
import { installAsciicastRecorder } from "./utils/asciicast.js";
import {
	getSubscriptionType,
	isClaudeAISubscriber,
	prefetchAwsCredentialsAndBedRockInfoIfSafe,
	prefetchGcpCredentialsIfSafe,
	validateForceLoginOrg,
} from "./utils/auth.js";
import {
	checkHasTrustDialogAccepted,
	getGlobalConfig,
	getRemoteControlAtStartup,
	isAutoUpdaterDisabled,
	saveGlobalConfig,
} from "./utils/config.js";
import { seedEarlyInput, stopCapturingEarlyInput } from "./utils/earlyInput.js";
import { getInitialEffortSetting, parseEffortValue } from "./utils/effort.js";
import {
	getInitialFastModeSetting,
	isFastModeEnabled,
	prefetchFastModeStatus,
	resolveFastModeStatusFromCache,
} from "./utils/fastMode.js";
import { applyConfigEnvironmentVariables } from "./utils/managedEnv.js";
import { createSystemMessage, createUserMessage } from "./utils/messages.js";
import { getPlatform } from "./utils/platform.js";
import { getBaseRenderOptions } from "./utils/renderOptions.js";
import { getSessionIngressAuthToken } from "./utils/sessionIngressAuth.js";
import { settingsChangeDetector } from "./utils/settings/changeDetector.js";
import { skillChangeDetector } from "./utils/skills/skillChangeDetector.js";
import { jsonParse, writeFileSync_DEPRECATED } from "./utils/slowOperations.js";
import { computeInitialTeamContext } from "./utils/swarm/reconnection.js";
import { initializeWarningHandler } from "./utils/warningHandler.js";
import { isWorktreeModeEnabled } from "./utils/worktreeModeEnabled.js";

// Lazy require to avoid circular dependency: teammate.ts -> AppState.tsx -> ... -> main.tsx
/* eslint-disable @typescript-eslint/no-require-imports */
const getTeammateUtils = () =>
	require("./utils/teammate.js") as typeof import("./utils/teammate.js");
const getTeammatePromptAddendum = () =>
	require("./utils/swarm/teammatePromptAddendum.js") as typeof import("./utils/swarm/teammatePromptAddendum.js");
const getTeammateModeSnapshot = () =>
	require("./utils/swarm/backends/teammateModeSnapshot.js") as typeof import("./utils/swarm/backends/teammateModeSnapshot.js");
/* eslint-enable @typescript-eslint/no-require-imports */
// Dead code elimination: conditional import for COORDINATOR_MODE
/* eslint-disable @typescript-eslint/no-require-imports */
const coordinatorModeModule = feature("COORDINATOR_MODE")
	? (require("./coordinator/coordinatorMode.js") as typeof import("./coordinator/coordinatorMode.js"))
	: null;
/* eslint-enable @typescript-eslint/no-require-imports */
// Dead code elimination: conditional import for KAIROS (assistant mode)
/* eslint-disable @typescript-eslint/no-require-imports */
const assistantModule = feature("KAIROS")
	? (require("./assistant/index.js") as typeof import("./assistant/index.js"))
	: null;
const kairosGate = feature("KAIROS")
	? (require("./assistant/gate.js") as typeof import("./assistant/gate.js"))
	: null;

import { relative, resolve } from "path";
import { isAnalyticsDisabled } from "src/services/analytics/config.js";
import { getFeatureValue_CACHED_MAY_BE_STALE } from "src/services/analytics/growthbook.js";
import {
  type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
  logEvent,
} from 'src/services/analytics/index.js'
import { initializeAnalyticsGates } from 'src/services/analytics/sink.js'
import {
	getOriginalCwd,
	setAdditionalDirectoriesForClaudeMd,
	setIsRemoteMode,
	setMainLoopModelOverride,
	setMainThreadAgentType,
	setTeleportedSessionInfo,
} from "./bootstrap/state.js";
import { filterCommandsForRemoteMode, getCommands } from "./commands.js";
import type { StatsStore } from "./context/stats.js";
import {
  launchAssistantInstallWizard,
  launchAssistantSessionChooser,
  launchInvalidSettingsDialog,
  launchResumeChooser,
  launchSnapshotUpdateDialog,
  launchTeleportRepoMismatchDialog,
  launchTeleportResumeWrapper,
} from './dialogLaunchers.js'
import { SHOW_CURSOR } from '@anthropic/ink'
import {
	exitWithError,
	exitWithMessage,
	getRenderContext,
	renderAndRun,
	showSetupScreens,
} from "./interactiveHelpers.js";
import { initBuiltinPlugins } from "./plugins/bundled/index.js";
/* eslint-enable @typescript-eslint/no-require-imports */
import { checkQuotaStatus } from "./services/claudeAiLimits.js";
import {
	getMcpToolsCommandsAndResources,
	prefetchAllMcpResources,
} from "./services/mcp/client.js";
import {
	VALID_INSTALLABLE_SCOPES,
	VALID_UPDATE_SCOPES,
} from "./services/plugins/pluginCliCommands.js";
import { initBundledSkills } from "./skills/bundled/index.js";
import type { AgentColorName } from "@claude-code-best/builtin-tools/tools/AgentTool/agentColorManager.js";
import {
	getActiveAgentsFromList,
	getAgentDefinitionsWithOverrides,
	isBuiltInAgent,
	isCustomAgent,
	parseAgentsFromJson,
} from "@claude-code-best/builtin-tools/tools/AgentTool/loadAgentsDir.js";
import type { LogOption } from "./types/logs.js";
import type { Message as MessageType } from "./types/message.js";
import {
	CLAUDE_IN_CHROME_SKILL_HINT,
	CLAUDE_IN_CHROME_SKILL_HINT_WITH_WEBBROWSER,
} from "./utils/claudeInChrome/prompt.js";
import {
	setupClaudeInChrome,
	shouldAutoEnableClaudeInChrome,
	shouldEnableClaudeInChrome,
} from "./utils/claudeInChrome/setup.js";
import { getContextWindowForModel } from "./utils/context.js";
import { loadConversationForResume } from "./utils/conversationRecovery.js";
import { buildDeepLinkBanner } from "./utils/deepLink/banner.js";
import {
	hasNodeOption,
	isBareMode,
	isEnvTruthy,
	isInProtectedNamespace,
} from "./utils/envUtils.js";
import { refreshExampleCommands } from "./utils/exampleCommands.js";
import type { FpsMetrics } from "./utils/fpsTracker.js";
import { getWorktreePaths } from "./utils/getWorktreePaths.js";
import {
	findGitRoot,
	getBranch,
	getIsGit,
	getWorktreeCount,
} from "./utils/git.js";
import { getGhAuthStatus } from "./utils/github/ghAuthStatus.js";
import { safeParseJSON } from "./utils/json.js";
import { logError } from "./utils/log.js";
import { getModelDeprecationWarning } from "./utils/model/deprecation.js";
import {
	getDefaultMainLoopModel,
	getUserSpecifiedModelSetting,
	normalizeModelStringForAPI,
	parseUserSpecifiedModel,
} from "./utils/model/model.js";
import { ensureModelStringsInitialized } from "./utils/model/modelStrings.js";
import { PERMISSION_MODES } from "./utils/permissions/PermissionMode.js";
import {
	getAutoModeEnabledStateIfCached,
	initializeToolPermissionContext,
	initialPermissionModeFromCLI,
	isDefaultPermissionModeAuto,
	parseToolListFromCLI,
	removeDangerousPermissions,
	stripDangerousPermissionsForAutoMode,
	verifyAutoModeGateAccess,
} from "./utils/permissions/permissionSetup.js";
import { cleanupOrphanedPluginVersionsInBackground } from "./utils/plugins/cacheUtils.js";
import { initializeVersionedPlugins } from "./utils/plugins/installedPluginsManager.js";
import { getManagedPluginNames } from "./utils/plugins/managedPlugins.js";
import { getGlobExclusionsForPluginCache } from "./utils/plugins/orphanedPluginFilter.js";
import { getPluginSeedDirs } from "./utils/plugins/pluginDirectories.js";
import { countFilesRoundedRg } from "./utils/ripgrep.js";
import {
	processSessionStartHooks,
	processSetupHooks,
} from "./utils/sessionStart.js";
import {
	cacheSessionTitle,
	getSessionIdFromLog,
	loadTranscriptFromFile,
	saveAgentSetting,
	saveMode,
	searchSessionsByCustomTitle,
	sessionIdExists,
} from "./utils/sessionStorage.js";
import { ensureMdmSettingsLoaded } from "./utils/settings/mdm/settings.js";
import {
	getInitialSettings,
	getManagedSettingsKeysForLogging,
	getSettingsForSource,
	getSettingsWithErrors,
} from "./utils/settings/settings.js";
import { resetSettingsCache } from "./utils/settings/settingsCache.js";
import type { ValidationError } from "./utils/settings/validation.js";
import {
	DEFAULT_TASKS_MODE_TASK_LIST_ID,
	TASK_STATUSES,
} from "./utils/tasks.js";
import {
	logPluginLoadErrors,
	logPluginsEnabledForSession,
} from "./utils/telemetry/pluginTelemetry.js";
import { logSkillsLoaded } from "./utils/telemetry/skillLoadedEvent.js";
import { generateTempFilePath } from "./utils/tempfile.js";
import { validateUuid } from "./utils/uuid.js";
// Plugin startup checks are now handled non-blockingly in REPL.tsx

import { registerMcpAddCommand } from "src/commands/mcp/addCommand.js";
import { registerMcpXaaIdpCommand } from "src/commands/mcp/xaaIdpCommand.js";
import { logPermissionContextForAnts } from "src/services/internalLogging.js";
import { fetchClaudeAIMcpConfigsIfEligible } from "src/services/mcp/claudeai.js";
import { clearServerCache } from "src/services/mcp/client.js";
import {
	areMcpConfigsAllowedWithEnterpriseMcpConfig,
	dedupClaudeAiMcpServers,
	doesEnterpriseMcpConfigExist,
	filterMcpServersByPolicy,
	getClaudeCodeMcpConfigs,
	getMcpServerSignature,
	parseMcpConfig,
	parseMcpConfigFromFilePath,
} from "src/services/mcp/config.js";
import {
	excludeCommandsByServer,
	excludeResourcesByServer,
} from "src/services/mcp/utils.js";
import { isXaaEnabled } from "src/services/mcp/xaaIdpLogin.js";
import { getRelevantTips } from "src/services/tips/tipRegistry.js";
import { logContextMetrics } from "src/utils/api.js";
import {
	CLAUDE_IN_CHROME_MCP_SERVER_NAME,
	isClaudeInChromeMCPServer,
} from "src/utils/claudeInChrome/common.js";
import { registerCleanup } from "src/utils/cleanupRegistry.js";
import { eagerParseCliFlag } from "src/utils/cliArgs.js";
import { createEmptyAttributionState } from "src/utils/commitAttribution.js";
import {
	countConcurrentSessions,
	registerSession,
	updateSessionName,
} from "src/utils/concurrentSessions.js";
import { getCwd } from "src/utils/cwd.js";
import { logForDebugging, setHasFormattedOutput } from "src/utils/debug.js";
import {
	errorMessage,
	getErrnoCode,
	isENOENT,
	TeleportOperationError,
	toError,
} from "src/utils/errors.js";
import {
	getFsImplementation,
	safeResolvePath,
} from "src/utils/fsOperations.js";
import {
	gracefulShutdown,
	gracefulShutdownSync,
} from "src/utils/gracefulShutdown.js";
import { setAllHookEventsEnabled } from "src/utils/hooks/hookEvents.js";
import { refreshModelCapabilities } from "src/utils/model/modelCapabilities.js";
import { peekForStdinData, writeToStderr } from "src/utils/process.js";
import { setCwd } from "src/utils/Shell.js";
import {
	type ProcessedResume,
	processResumedConversation,
} from "src/utils/sessionRestore.js";
import { parseSettingSourcesFlag } from "src/utils/settings/constants.js";
import { plural } from "src/utils/stringUtils.js";
import {
	type ChannelEntry,
	getInitialMainLoopModel,
	getIsNonInteractiveSession,
	getSdkBetas,
	getSessionId,
	getUserMsgOptIn,
	setAllowedChannels,
	setAllowedSettingSources,
	setChromeFlagOverride,
	setClientType,
	setCwdState,
	setDirectConnectServerUrl,
	setFlagSettingsPath,
	setInitialMainLoopModel,
	setInlinePlugins,
	setIsInteractive,
	setKairosActive,
	setOriginalCwd,
	setQuestionPreviewFormat,
	setSdkBetas,
	setSessionBypassPermissionsMode,
	setSessionPersistenceDisabled,
	setSessionSource,
	setUserMsgOptIn,
	switchSession,
} from "./bootstrap/state.js";

/* eslint-disable @typescript-eslint/no-require-imports */
const autoModeStateModule = feature("TRANSCRIPT_CLASSIFIER")
	? (require("./utils/permissions/autoModeState.js") as typeof import("./utils/permissions/autoModeState.js"))
	: null;

// TeleportRepoMismatchDialog, TeleportResumeWrapper dynamically imported at call sites
import { migrateBypassPermissionsAcceptedToSettings } from "./migrations/migrateBypassPermissionsAcceptedToSettings.js";
import { migrateEnableAllProjectMcpServersToSettings } from "./migrations/migrateEnableAllProjectMcpServersToSettings.js";
import { migrateFennecToOpus } from "./migrations/migrateFennecToOpus.js";
import { migrateLegacyOpusToCurrent } from "./migrations/migrateLegacyOpusToCurrent.js";
import { migrateOpusToOpus1m } from "./migrations/migrateOpusToOpus1m.js";
import { migrateReplBridgeEnabledToRemoteControlAtStartup } from "./migrations/migrateReplBridgeEnabledToRemoteControlAtStartup.js";
import { migrateSonnet1mToSonnet45 } from "./migrations/migrateSonnet1mToSonnet45.js";
import { migrateSonnet45ToSonnet46 } from "./migrations/migrateSonnet45ToSonnet46.js";
import { resetAutoModeOptInForDefaultOffer } from "./migrations/resetAutoModeOptInForDefaultOffer.js";
import { resetProToOpusDefault } from "./migrations/resetProToOpusDefault.js";
import { createRemoteSessionConfig } from "./remote/RemoteSessionManager.js";
/* eslint-enable @typescript-eslint/no-require-imports */
// teleportWithProgress dynamically imported at call site
import {
	createDirectConnectSession,
	DirectConnectError,
} from "./server/createDirectConnectSession.js";
import { initializeLspServerManager } from "./services/lsp/manager.js";
import { shouldEnablePromptSuggestion } from "./services/PromptSuggestion/promptSuggestion.js";
import {
	type AppState,
	getDefaultAppState,
	IDLE_SPECULATION_STATE,
} from "./state/AppStateStore.js";
import { onChangeAppState } from "./state/onChangeAppState.js";
import { createStore } from "./state/store.js";
import { asSessionId } from "./types/ids.js";
import { filterAllowedSdkBetas } from "./utils/betas.js";
import { isInBundledMode, isRunningWithBun } from "./utils/bundledMode.js";
import { logForDiagnosticsNoPII } from "./utils/diagLogs.js";
import {
	filterExistingPaths,
	getKnownPathsForRepo,
} from "./utils/githubRepoPathMapping.js";
import {
	clearPluginCache,
	loadAllPluginsCacheOnly,
} from "./utils/plugins/pluginLoader.js";
import { migrateChangelogFromConfig } from "./utils/releaseNotes.js";
import { SandboxManager } from "./utils/sandbox/sandbox-adapter.js";
import { fetchSession, prepareApiRequest } from "./utils/teleport/api.js";
import {
	checkOutTeleportedSessionBranch,
	processMessagesForTeleportResume,
	teleportToRemoteWithErrorHandling,
	validateGitState,
	validateSessionRepository,
} from "./utils/teleport.js";
import {
  shouldEnableThinkingByDefault,
  type ThinkingConfig,
} from './utils/thinking.js'
import { initUser, resetUserCache } from './utils/user.js'
import {
	getTmuxInstallInstructions,
	isTmuxAvailable,
	parsePRReference,
} from "./utils/worktree.js";

// eslint-disable-next-line custom-rules/no-top-level-side-effects
profileCheckpoint("main_tsx_imports_loaded");

/**
 * Log managed settings keys to Statsig for analytics.
 * This is called after init() completes to ensure settings are loaded
 * and environment variables are applied before model resolution.
 */
function logManagedSettings(): void {
	try {
		const policySettings = getSettingsForSource("policySettings");
		if (policySettings) {
			const allKeys = getManagedSettingsKeysForLogging(policySettings);
			logEvent("tengu_managed_settings_loaded", {
				keyCount: allKeys.length,
				keys: allKeys.join(
					",",
				) as unknown as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			});
		}
	} catch {
		// Silently ignore errors - this is just for analytics
	}
}

// Check if running in debug/inspection mode
function isBeingDebugged() {
	const isBun = isRunningWithBun();

	// Check for inspect flags in process arguments (including all variants)
	const hasInspectArg = process.execArgv.some((arg) => {
		if (isBun) {
			// Note: Bun has an issue with single-file executables where application arguments
			// from process.argv leak into process.execArgv (similar to https://github.com/oven-sh/bun/issues/11673)
			// This breaks use of --debug mode if we omit this branch
			// We're fine to skip that check, because Bun doesn't support Node.js legacy --debug or --debug-brk flags
			return /--inspect(-brk)?/.test(arg);
		} else {
			// In Node.js, check for both --inspect and legacy --debug flags
			return /--inspect(-brk)?|--debug(-brk)?/.test(arg);
		}
	});

	// Check if NODE_OPTIONS contains inspect flags
	const hasInspectEnv =
		process.env.NODE_OPTIONS &&
		/--inspect(-brk)?|--debug(-brk)?/.test(process.env.NODE_OPTIONS);

	// Check if inspector is available and active (indicates debugging)
	try {
		// Dynamic import would be better but is async - use global object instead
		// eslint-disable-next-line @typescript-eslint/no-explicit-any
		const inspector = (global as any).require("inspector");
		const hasInspectorUrl = !!inspector.url();
		return hasInspectorUrl || hasInspectArg || hasInspectEnv;
	} catch {
		// Ignore error and fall back to argument detection
		return hasInspectArg || hasInspectEnv;
	}
}



/**
 * Per-session skill/plugin telemetry. Called from both the interactive path
 * and the headless -p path (before runHeadless) — both go through
 * main.tsx but branch before the interactive startup path, so it needs two
 * call sites here rather than one here + one in QueryEngine.
 */
function logSessionTelemetry(): void {
	const model = parseUserSpecifiedModel(
		getInitialMainLoopModel() ?? getDefaultMainLoopModel(),
	);
	void logSkillsLoaded(
		getCwd(),
		getContextWindowForModel(model, getSdkBetas()),
	);
	void loadAllPluginsCacheOnly()
		.then(({ enabled, errors }) => {
			const managedNames = getManagedPluginNames();
			logPluginsEnabledForSession(
				enabled,
				managedNames,
				getPluginSeedDirs(),
			);
			logPluginLoadErrors(errors, managedNames);
		})
		.catch((err) => logError(err));
}

function getCertEnvVarTelemetry(): Record<string, boolean> {
	const result: Record<string, boolean> = {};
	if (process.env.NODE_EXTRA_CA_CERTS) {
		result.has_node_extra_ca_certs = true;
	}
	if (process.env.CLAUDE_CODE_CLIENT_CERT) {
		result.has_client_cert = true;
	}
	if (hasNodeOption("--use-system-ca")) {
		result.has_use_system_ca = true;
	}
	if (hasNodeOption("--use-openssl-ca")) {
		result.has_use_openssl_ca = true;
	}
	return result;
}

async function logStartupTelemetry(): Promise<void> {
	if (isAnalyticsDisabled()) return;
	const [isGit, worktreeCount, ghAuthStatus] = await Promise.all([
		getIsGit(),
		getWorktreeCount(),
		getGhAuthStatus(),
	]);

	logEvent("tengu_startup_telemetry", {
		is_git: isGit,
		worktree_count: worktreeCount,
		gh_auth_status:
			ghAuthStatus as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
		sandbox_enabled: SandboxManager.isSandboxingEnabled(),
		are_unsandboxed_commands_allowed:
			SandboxManager.areUnsandboxedCommandsAllowed(),
		is_auto_bash_allowed_if_sandbox_enabled:
			SandboxManager.isAutoAllowBashIfSandboxedEnabled(),
		auto_updater_disabled: isAutoUpdaterDisabled(),
		prefers_reduced_motion:
			getInitialSettings().prefersReducedMotion ?? false,
		...getCertEnvVarTelemetry(),
	});
}

// @[MODEL LAUNCH]: Consider any migrations you may need for model strings. See migrateSonnet1mToSonnet45.ts for an example.
// Bump this when adding a new sync migration so existing users re-run the set.
const CURRENT_MIGRATION_VERSION = 11;
function runMigrations(): void {
	if (getGlobalConfig().migrationVersion !== CURRENT_MIGRATION_VERSION) {
		migrateBypassPermissionsAcceptedToSettings();
		migrateEnableAllProjectMcpServersToSettings();
		resetProToOpusDefault();
		migrateSonnet1mToSonnet45();
		migrateLegacyOpusToCurrent();
		migrateSonnet45ToSonnet46();
		migrateOpusToOpus1m();
		migrateReplBridgeEnabledToRemoteControlAtStartup();
		if (feature("TRANSCRIPT_CLASSIFIER")) {
			resetAutoModeOptInForDefaultOffer();
		}
		if (process.env.USER_TYPE === "ant") {
			migrateFennecToOpus();
		}
		saveGlobalConfig((prev) =>
			prev.migrationVersion === CURRENT_MIGRATION_VERSION
				? prev
				: { ...prev, migrationVersion: CURRENT_MIGRATION_VERSION },
		);
	}
	// Async migration - fire and forget since it's non-blocking
	migrateChangelogFromConfig().catch(() => {
		// Silently ignore migration errors - will retry on next startup
	});
}

/**
 * Prefetch system context (including git status) only when it's safe to do so.
 * Git commands can execute arbitrary code via hooks and config (e.g., core.fsmonitor,
 * diff.external), so we must only run them after trust is established or in
 * non-interactive mode where trust is implicit.
 */
function prefetchSystemContextIfSafe(): void {
	const isNonInteractiveSession = getIsNonInteractiveSession();

	// In non-interactive mode (--print), trust dialog is skipped and
	// execution is considered trusted (as documented in help text)
	if (isNonInteractiveSession) {
		logForDiagnosticsNoPII(
			"info",
			"prefetch_system_context_non_interactive",
		);
		void getSystemContext();
		return;
	}

	// In interactive mode, only prefetch if trust has already been established
	const hasTrust = checkHasTrustDialogAccepted();
	if (hasTrust) {
		logForDiagnosticsNoPII("info", "prefetch_system_context_has_trust");
		void getSystemContext();
	} else {
		logForDiagnosticsNoPII(
			"info",
			"prefetch_system_context_skipped_no_trust",
		);
	}
	// Otherwise, don't prefetch - wait for trust to be established first
}

/**
 * Start background prefetches and housekeeping that are NOT needed before first render.
 * These are deferred from setup() to reduce event loop contention and child process
 * spawning during the critical startup path.
 * Call this after the REPL has been rendered.
 */
export function startDeferredPrefetches(): void {
	// This function runs after first render, so it doesn't block the initial paint.
	// However, the spawned processes and async work still contend for CPU and event
	// loop time, which skews startup benchmarks (CPU profiles, time-to-first-render
	// measurements). Skip all of it when we're only measuring startup performance.
	if (
		isEnvTruthy(process.env.CLAUDE_CODE_EXIT_AFTER_FIRST_RENDER) ||
		// --bare: skip ALL prefetches. These are cache-warms for the REPL's
		// first-turn responsiveness (initUser, getUserContext, tips, countFiles,
		// modelCapabilities, change detectors). Scripted -p calls don't have a
		// "user is typing" window to hide this work in — it's pure overhead on
		// the critical path.
		isBareMode()
	) {
		return;
	}

	// Process-spawning prefetches (consumed at first API call, user is still typing)
	void initUser();
	void getUserContext();
	prefetchSystemContextIfSafe();
	void getRelevantTips();
	if (
		isEnvTruthy(process.env.CLAUDE_CODE_USE_BEDROCK) &&
		!isEnvTruthy(process.env.CLAUDE_CODE_SKIP_BEDROCK_AUTH)
	) {
		void prefetchAwsCredentialsAndBedRockInfoIfSafe();
	}
	if (
		isEnvTruthy(process.env.CLAUDE_CODE_USE_VERTEX) &&
		!isEnvTruthy(process.env.CLAUDE_CODE_SKIP_VERTEX_AUTH)
	) {
		void prefetchGcpCredentialsIfSafe();
	}
	void countFilesRoundedRg(getCwd(), AbortSignal.timeout(3000), []);

	// Analytics and feature flag initialization
	void initializeAnalyticsGates();

	void refreshModelCapabilities();

	// File change detectors deferred from init() to unblock first render
	void settingsChangeDetector.initialize();
	if (!isBareMode()) {
		void skillChangeDetector.initialize();
	}

	// Event loop stall detector — logs when the main thread is blocked >500ms
	if (process.env.USER_TYPE === "ant") {
		void import("./utils/eventLoopStallDetector.js").then((m) =>
			m.startEventLoopStallDetector(),
		);
	}
}

function loadSettingsFromFlag(settingsFile: string): void {
	try {
		const trimmedSettings = settingsFile.trim();
		const looksLikeJson =
			trimmedSettings.startsWith("{") && trimmedSettings.endsWith("}");

		let settingsPath: string;

		if (looksLikeJson) {
			// It's a JSON string - validate and create temp file
			const parsedJson = safeParseJSON(trimmedSettings);
			if (!parsedJson) {
				process.stderr.write(
					chalk.red("Error: Invalid JSON provided to --settings\n"),
				);
				process.exit(1);
			}

			// Create a temporary file and write the JSON to it.
			// Use a content-hash-based path instead of random UUID to avoid
			// busting the Anthropic API prompt cache. The settings path ends up
			// in the Bash tool's sandbox denyWithinAllow list, which is part of
			// the tool description sent to the API. A random UUID per subprocess
			// changes the tool description on every query() call, invalidating
			// the cache prefix and causing a 12x input token cost penalty.
			// The content hash ensures identical settings produce the same path
			// across process boundaries (each SDK query() spawns a new process).
			settingsPath = generateTempFilePath("claude-settings", ".json", {
				contentHash: trimmedSettings,
			});
			writeFileSync_DEPRECATED(settingsPath, trimmedSettings, "utf8");
		} else {
			// It's a file path - resolve and validate by attempting to read
			const { resolvedPath: resolvedSettingsPath } = safeResolvePath(
				getFsImplementation(),
				settingsFile,
			);
			try {
				readFileSync(resolvedSettingsPath, "utf8");
			} catch (e) {
				if (isENOENT(e)) {
					process.stderr.write(
						chalk.red(
							`Error: Settings file not found: ${resolvedSettingsPath}\n`,
						),
					);
					process.exit(1);
				}
				throw e;
			}
			settingsPath = resolvedSettingsPath;
		}

		setFlagSettingsPath(settingsPath);
		resetSettingsCache();
	} catch (error) {
		if (error instanceof Error) {
			logError(error);
		}
		process.stderr.write(
			chalk.red(`Error processing settings: ${errorMessage(error)}\n`),
		);
		process.exit(1);
	}
}

function loadSettingSourcesFromFlag(settingSourcesArg: string): void {
	try {
		const sources = parseSettingSourcesFlag(settingSourcesArg);
		setAllowedSettingSources(sources);
		resetSettingsCache();
	} catch (error) {
		if (error instanceof Error) {
			logError(error);
		}
		process.stderr.write(
			chalk.red(
				`Error processing --setting-sources: ${errorMessage(error)}\n`,
			),
		);
		process.exit(1);
	}
}

/**
 * Parse and load settings flags early, before init()
 * This ensures settings are filtered from the start of initialization
 */
function eagerLoadSettings(): void {
	profileCheckpoint("eagerLoadSettings_start");
	// Parse --settings flag early to ensure settings are loaded before init()
	const settingsFile = eagerParseCliFlag("--settings");
	if (settingsFile) {
		loadSettingsFromFlag(settingsFile);
	}

	// Parse --setting-sources flag early to control which sources are loaded
	const settingSourcesArg = eagerParseCliFlag("--setting-sources");
	if (settingSourcesArg !== undefined) {
		loadSettingSourcesFromFlag(settingSourcesArg);
	}
	profileCheckpoint("eagerLoadSettings_end");
}

function initializeEntrypoint(isNonInteractive: boolean): void {
	// Skip if already set (e.g., by SDK or other entrypoints)
	if (process.env.CLAUDE_CODE_ENTRYPOINT) {
		return;
	}

	const cliArgs = process.argv.slice(2);

	// Check for MCP serve command (handle flags before mcp serve, e.g., --debug mcp serve)
	const mcpIndex = cliArgs.indexOf("mcp");
	if (mcpIndex !== -1 && cliArgs[mcpIndex + 1] === "serve") {
		process.env.CLAUDE_CODE_ENTRYPOINT = "mcp";
		return;
	}

	if (isEnvTruthy(process.env.CLAUDE_CODE_ACTION)) {
		process.env.CLAUDE_CODE_ENTRYPOINT = "claude-code-github-action";
		return;
	}

	// Note: 'local-agent' entrypoint is set by the local agent mode launcher
	// via CLAUDE_CODE_ENTRYPOINT env var (handled by early return above)

	// Set based on interactive status
	process.env.CLAUDE_CODE_ENTRYPOINT = isNonInteractive ? "sdk-cli" : "cli";
}

// Set by early argv processing when `claude open <url>` is detected (interactive mode only)
type PendingConnect = {
	url: string | undefined;
	authToken: string | undefined;
	dangerouslySkipPermissions: boolean;
};
const _pendingConnect: PendingConnect | undefined = feature("DIRECT_CONNECT")
	? {
			url: undefined,
			authToken: undefined,
			dangerouslySkipPermissions: false,
		}
	: undefined;

// Set by early argv processing when `claude assistant [sessionId]` is detected
type PendingAssistantChat = { sessionId?: string; discover: boolean };
const _pendingAssistantChat: PendingAssistantChat | undefined = feature(
	"KAIROS",
)
	? { sessionId: undefined, discover: false }
	: undefined;

// `claude ssh <host> [dir]` — parsed from argv early (same pattern as
// DIRECT_CONNECT above) so the main command path can pick it up and hand
// the REPL an SSH-backed session instead of a local one.
type PendingSSH = {
	host: string | undefined;
	cwd: string | undefined;
	permissionMode: string | undefined;
	dangerouslySkipPermissions: boolean;
	/** --local: spawn the child CLI directly, skip ssh/probe/deploy. e2e test mode. */
	local: boolean;
	/** Extra CLI args to forward to the remote CLI on initial spawn (--resume, -c). */
	extraCliArgs: string[];
	remoteBin: string | undefined;
};
const _pendingSSH: PendingSSH | undefined = feature("SSH_REMOTE")
	? {
			host: undefined,
			cwd: undefined,
			permissionMode: undefined,
			dangerouslySkipPermissions: false,
			local: false,
			extraCliArgs: [],
			remoteBin: undefined,
		}
	: undefined;

export async function main() {
	profileCheckpoint("main_function_start");

	// SECURITY: Prevent Windows from executing commands from current directory
	// This must be set before ANY command execution to prevent PATH hijacking attacks
	// See: https://docs.microsoft.com/en-us/windows/win32/api/processenv/nf-processenv-searchpathw
	process.env.NoDefaultCurrentDirectoryInExePath = "1";

	// Initialize warning handler early to catch warnings
	initializeWarningHandler();

	process.on("exit", () => {
		resetCursor();
	});
	process.on("SIGINT", () => {
		// In print mode, print.ts registers its own SIGINT handler that aborts
		// the in-flight query and calls gracefulShutdown; skip here to avoid
		// preempting it with a synchronous process.exit().
		if (process.argv.includes("-p") || process.argv.includes("--print")) {
			return;
		}
		process.exit(0);
	});
	profileCheckpoint("main_warning_handler_initialized");

	// Check for cc:// or cc+unix:// URL in argv — rewrite so the main command
	// handles it, giving the full interactive TUI instead of a stripped-down subcommand.
	// For headless (-p), we rewrite to the internal `open` subcommand.
	if (feature("DIRECT_CONNECT")) {
		const rawCliArgs = process.argv.slice(2);
		const ccIdx = rawCliArgs.findIndex(
			(a) => a.startsWith("cc://") || a.startsWith("cc+unix://"),
		);
		if (ccIdx !== -1 && _pendingConnect) {
			const ccUrl = rawCliArgs[ccIdx]!;
			const { parseConnectUrl } =
				await import("./server/parseConnectUrl.js");
			const parsed = parseConnectUrl(ccUrl);
			_pendingConnect.dangerouslySkipPermissions = rawCliArgs.includes(
				"--dangerously-skip-permissions",
			);

			if (rawCliArgs.includes("-p") || rawCliArgs.includes("--print")) {
				// Headless: rewrite to internal `open` subcommand
				const stripped = rawCliArgs.filter((_, i) => i !== ccIdx);
				const dspIdx = stripped.indexOf(
					"--dangerously-skip-permissions",
				);
				if (dspIdx !== -1) {
					stripped.splice(dspIdx, 1);
				}
				process.argv = [
					process.argv[0]!,
					process.argv[1]!,
					"open",
					ccUrl,
					...stripped,
				];
			} else {
				// Interactive: strip cc:// URL and flags, run main command
				_pendingConnect.url = parsed.serverUrl;
				_pendingConnect.authToken = parsed.authToken;
				const stripped = rawCliArgs.filter((_, i) => i !== ccIdx);
				const dspIdx = stripped.indexOf(
					"--dangerously-skip-permissions",
				);
				if (dspIdx !== -1) {
					stripped.splice(dspIdx, 1);
				}
				process.argv = [
					process.argv[0]!,
					process.argv[1]!,
					...stripped,
				];
			}
		}
	}

	// Handle deep link URIs early — this is invoked by the OS protocol handler
	// and should bail out before full init since it only needs to parse the URI
	// and open a terminal.
	if (feature("LODESTONE")) {
		const handleUriIdx = process.argv.indexOf("--handle-uri");
		if (handleUriIdx !== -1 && process.argv[handleUriIdx + 1]) {
			const { enableConfigs } = await import("./utils/config.js");
			enableConfigs();
			const uri = process.argv[handleUriIdx + 1]!;
			const { handleDeepLinkUri } =
				await import("./utils/deepLink/protocolHandler.js");
			const exitCode = await handleDeepLinkUri(uri);
			process.exit(exitCode);
		}

		// macOS URL handler: when LaunchServices launches our .app bundle, the
		// URL arrives via Apple Event (not argv). LaunchServices overwrites
		// __CFBundleIdentifier to the launching bundle's ID, which is a precise
		// positive signal — cheaper than importing and guessing with heuristics.
		if (
			process.platform === "darwin" &&
			process.env.__CFBundleIdentifier ===
				"com.anthropic.claude-code-url-handler"
		) {
			const { enableConfigs } = await import("./utils/config.js");
			enableConfigs();
			const { handleUrlSchemeLaunch } =
				await import("./utils/deepLink/protocolHandler.js");
			const urlSchemeResult = await handleUrlSchemeLaunch();
			process.exit(urlSchemeResult ?? 1);
		}
	}

	// `claude assistant [sessionId]` — stash and strip so the main
	// command handles it, giving the full interactive TUI. Position-0 only
	// (matching the ssh pattern below) — indexOf would false-positive on
	// `claude -p "explain assistant"`. Root-flag-before-subcommand
	// (e.g. `--debug assistant`) falls through to the stub, which
	// prints usage.
	if (feature("KAIROS") && _pendingAssistantChat) {
		const rawArgs = process.argv.slice(2);
		if (rawArgs[0] === "assistant") {
			const nextArg = rawArgs[1];
			if (nextArg && !nextArg.startsWith("-")) {
				_pendingAssistantChat.sessionId = nextArg;
				rawArgs.splice(0, 2); // drop 'assistant' and sessionId
				process.argv = [process.argv[0]!, process.argv[1]!, ...rawArgs];
			} else if (!nextArg) {
				_pendingAssistantChat.discover = true;
				rawArgs.splice(0, 1); // drop 'assistant'
				process.argv = [process.argv[0]!, process.argv[1]!, ...rawArgs];
			}
			// else: `claude assistant --help` → fall through to stub
		}
	}

	// `claude ssh <host> [dir]` — strip from argv so the main command handler
	// runs (full interactive TUI), stash the host/dir for the REPL branch at
	// ~line 3720 to pick up. Headless (-p) mode not supported in v1: SSH
	// sessions need the local REPL to drive them (interrupt, permissions).
	if (feature("SSH_REMOTE") && _pendingSSH) {
		const rawCliArgs = process.argv.slice(2);
		// SSH-specific flags can appear before the host positional (e.g.
		// `ssh --permission-mode auto host /tmp` — standard POSIX flags-before-
		// positionals). Pull them all out BEFORE checking whether a host was
		// given, so `claude ssh --permission-mode auto host` and `claude ssh host
		// --permission-mode auto` are equivalent. The host check below only needs
		// to guard against `-h`/`--help` (which commander should handle).
		if (rawCliArgs[0] === "ssh") {
			const localIdx = rawCliArgs.indexOf("--local");
			if (localIdx !== -1) {
				_pendingSSH.local = true;
				rawCliArgs.splice(localIdx, 1);
			}
			const dspIdx = rawCliArgs.indexOf("--dangerously-skip-permissions");
			if (dspIdx !== -1) {
				_pendingSSH.dangerouslySkipPermissions = true;
				rawCliArgs.splice(dspIdx, 1);
			}
			const pmIdx = rawCliArgs.indexOf("--permission-mode");
			if (
				pmIdx !== -1 &&
				rawCliArgs[pmIdx + 1] &&
				!rawCliArgs[pmIdx + 1]!.startsWith("-")
			) {
				_pendingSSH.permissionMode = rawCliArgs[pmIdx + 1];
				rawCliArgs.splice(pmIdx, 2);
			}
			const pmEqIdx = rawCliArgs.findIndex((a) =>
				a.startsWith("--permission-mode="),
			);
			if (pmEqIdx !== -1) {
				_pendingSSH.permissionMode = rawCliArgs[pmEqIdx]!.split("=")[1];
				rawCliArgs.splice(pmEqIdx, 1);
			}
			// Forward session-resume + model flags to the remote CLI's initial spawn.
			// --continue/-c and --resume <uuid> operate on the REMOTE session history
			// (which persists under the remote's ~/.claude/projects/<cwd>/).
			// --model controls which model the remote uses.
			const extractFlag = (
				flag: string,
				opts: { hasValue?: boolean; as?: string } = {},
			) => {
				const i = rawCliArgs.indexOf(flag);
				if (i !== -1) {
					_pendingSSH.extraCliArgs.push(opts.as ?? flag);
					const val = rawCliArgs[i + 1];
					if (opts.hasValue && val && !val.startsWith("-")) {
						_pendingSSH.extraCliArgs.push(val);
						rawCliArgs.splice(i, 2);
					} else {
						rawCliArgs.splice(i, 1);
					}
				}
				const eqI = rawCliArgs.findIndex((a) =>
					a.startsWith(`${flag}=`),
				);
				if (eqI !== -1) {
					_pendingSSH.extraCliArgs.push(
						opts.as ?? flag,
						rawCliArgs[eqI]!.slice(flag.length + 1),
					);
					rawCliArgs.splice(eqI, 1);
				}
			};
			const rbIdx = rawCliArgs.indexOf('--remote-bin');
			if (rbIdx !== -1 && rawCliArgs[rbIdx + 1] && !rawCliArgs[rbIdx + 1]!.startsWith('-')) {
				_pendingSSH.remoteBin = rawCliArgs[rbIdx + 1];
				rawCliArgs.splice(rbIdx, 2);
			}
			const rbEqIdx = rawCliArgs.findIndex(a => a.startsWith('--remote-bin='));
			if (rbEqIdx !== -1) {
				_pendingSSH.remoteBin = rawCliArgs[rbEqIdx]!.split('=').slice(1).join('=');
				rawCliArgs.splice(rbEqIdx, 1);
			}

			extractFlag("-c", { as: "--continue" });
			extractFlag("--continue");
			extractFlag("--resume", { hasValue: true });
			extractFlag("--model", { hasValue: true });
		}
		// After pre-extraction, any remaining dash-arg at [1] is either -h/--help
		// (commander handles) or an unknown-to-ssh flag (fall through to commander
		// so it surfaces a proper error). Only a non-dash arg is the host.
		if (
			rawCliArgs[0] === "ssh" &&
			rawCliArgs[1] &&
			!rawCliArgs[1].startsWith("-")
		) {
			_pendingSSH.host = rawCliArgs[1];
			// Optional positional cwd.
			let consumed = 2;
			if (rawCliArgs[2] && !rawCliArgs[2].startsWith("-")) {
				_pendingSSH.cwd = rawCliArgs[2];
				consumed = 3;
			}
			const rest = rawCliArgs.slice(consumed);

			// Headless (-p) mode is not supported with SSH in v1 — reject early
			// so the flag doesn't silently cause local execution.
			if (rest.includes("-p") || rest.includes("--print")) {
				process.stderr.write(
					"Error: headless (-p/--print) mode is not supported with claude ssh\n",
				);
				gracefulShutdownSync(1);
				return;
			}

			// Rewrite argv so the main command sees remaining flags but not `ssh`.
			process.argv = [process.argv[0]!, process.argv[1]!, ...rest];
		}
	}

		// Check for -p/--print and --init-only flags early to set isInteractiveSession before init()
		// This is needed because telemetry initialization calls auth functions that need this flag
		const cliArgs = process.argv.slice(2);
		const hasPrintFlag = cliArgs.includes("-p") || cliArgs.includes("--print");
		const hasInitOnlyFlag = cliArgs.includes("--init-only");
		const hasSdkUrl = cliArgs.some((arg) => arg.startsWith("--sdk-url"));
		const forceInteractive = isEnvTruthy(process.env.CLAUDE_CODE_FORCE_INTERACTIVE);
		const isNonInteractive =
			hasPrintFlag || hasInitOnlyFlag || hasSdkUrl || (!forceInteractive && !process.stdout.isTTY);

	// Stop capturing early input for non-interactive modes
	if (isNonInteractive) {
		stopCapturingEarlyInput();
	}

	// Set simplified tracking fields
	const isInteractive = !isNonInteractive;
	setIsInteractive(isInteractive);

	// Initialize entrypoint based on mode - needs to be set before any event is logged
	initializeEntrypoint(isNonInteractive);

	// Determine client type
	const clientType = (() => {
		if (isEnvTruthy(process.env.GITHUB_ACTIONS)) return "github-action";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "sdk-ts")
			return "sdk-typescript";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "sdk-py")
			return "sdk-python";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "sdk-cli") return "sdk-cli";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "claude-vscode")
			return "claude-vscode";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "local-agent")
			return "local-agent";
		if (process.env.CLAUDE_CODE_ENTRYPOINT === "claude-desktop")
			return "claude-desktop";

		// Check if session-ingress token is provided (indicates remote session)
		const hasSessionIngressToken =
			process.env.CLAUDE_CODE_SESSION_ACCESS_TOKEN ||
			process.env.CLAUDE_CODE_WEBSOCKET_AUTH_FILE_DESCRIPTOR;
		if (
			process.env.CLAUDE_CODE_ENTRYPOINT === "remote" ||
			hasSessionIngressToken
		) {
			return "remote";
		}

		return "cli";
	})();
	setClientType(clientType);

	const previewFormat = process.env.CLAUDE_CODE_QUESTION_PREVIEW_FORMAT;
	if (previewFormat === "markdown" || previewFormat === "html") {
		setQuestionPreviewFormat(previewFormat);
	} else if (
		!clientType.startsWith("sdk-") &&
		// Desktop and CCR pass previewFormat via toolConfig; when the feature is
		// gated off they pass undefined — don't override that with markdown.
		clientType !== "claude-desktop" &&
		clientType !== "local-agent" &&
		clientType !== "remote"
	) {
		setQuestionPreviewFormat("markdown");
	}

	// Tag sessions created via `claude remote-control` so the backend can identify them
	if (process.env.CLAUDE_CODE_ENVIRONMENT_KIND === "bridge") {
		setSessionSource("remote-control");
	}

	profileCheckpoint("main_client_type_determined");

	// Parse and load settings flags early, before init()
	eagerLoadSettings();

	profileCheckpoint("main_before_run");

	await run();
	profileCheckpoint("main_after_run");
}

async function getInputPrompt(
	prompt: string,
	inputFormat: "text" | "stream-json",
): Promise<string | AsyncIterable<string>> {
	if (
		!process.stdin.isTTY &&
		// Input hijacking breaks MCP.
		!process.argv.includes("mcp")
	) {
		if (inputFormat === "stream-json") {
			return process.stdin;
		}
		process.stdin.setEncoding("utf8");
		let data = "";
		const onData = (chunk: string) => {
			data += chunk;
		};
		process.stdin.on("data", onData);
		// If no data arrives in 3s, stop waiting and warn. Stdin is likely an
		// inherited pipe from a parent that isn't writing (subprocess spawned
		// without explicit stdin handling). 3s covers slow producers like curl,
		// jq on large files, python with import overhead. The warning makes
		// silent data loss visible for the rare producer that's slower still.
		const timedOut = await peekForStdinData(process.stdin, 3000);
		process.stdin.off("data", onData);
		if (timedOut) {
			process.stderr.write(
				"Warning: no stdin data received in 3s, proceeding without it. " +
					"If piping from a slow command, redirect stdin explicitly: < /dev/null to skip, or wait longer.\n",
			);
		}
		return [prompt, data].filter(Boolean).join("\n");
	}
	return prompt;
}

async function run(): Promise<CommanderCommand> {
	profileCheckpoint("run_function_start");

	// Create help config that sorts options by long option name.
	// Commander supports compareOptions at runtime but @commander-js/extra-typings
	// doesn't include it in the type definitions, so we use Object.assign to add it.
	function createSortedHelpConfig(): {
		sortSubcommands: true;
		sortOptions: true;
	} {
		const getOptionSortKey = (opt: Option): string =>
			opt.long?.replace(/^--/, "") ?? opt.short?.replace(/^-/, "") ?? "";
		return Object.assign(
			{ sortSubcommands: true, sortOptions: true } as const,
			{
				compareOptions: (a: Option, b: Option) =>
					getOptionSortKey(a).localeCompare(getOptionSortKey(b)),
			},
		);
	}
	const program = new CommanderCommand()
		.configureHelp(createSortedHelpConfig())
		.enablePositionalOptions();
	profileCheckpoint("run_commander_initialized");

	// Use preAction hook to run initialization only when executing a command,
	// not when displaying help. This avoids the need for env variable signaling.
	program.hook("preAction", async (thisCommand) => {
		profileCheckpoint("preAction_start");
		// Await async subprocess loads started at module evaluation (lines 12-20).
		// Nearly free — subprocesses complete during the ~135ms of imports above.
		// Must resolve before init() which triggers the first settings read
		// (applySafeConfigEnvironmentVariables → getSettingsForSource('policySettings')
		// → isRemoteManagedSettingsEligible → sync keychain reads otherwise ~65ms).
		await Promise.all([
			ensureMdmSettingsLoaded(),
			ensureKeychainPrefetchCompleted(),
		]);
		profileCheckpoint("preAction_after_mdm");
		await init();
		profileCheckpoint("preAction_after_init");

		// process.title on Windows sets the console title directly; on POSIX,
		// terminal shell integration may mirror the process name to the tab.
		// After init() so settings.json env can also gate this (gh-4765).
		if (!isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_TERMINAL_TITLE)) {
			process.title = "claude";
		}

		// Attach logging sinks so subcommand handlers can use logEvent/logError.
		// Before PR #11106 logEvent dispatched directly; after, events queue until
		// a sink attaches. setup() attaches sinks for the default command, but
		// subcommands (doctor, mcp, plugin, auth) never call setup() and would
		// silently drop events on process.exit(). Both inits are idempotent.
		const { initSinks } = await import("./utils/sinks.js");
		initSinks();
		profileCheckpoint("preAction_after_sinks");

		// gh-33508: --plugin-dir is a top-level program option. The default
		// action reads it from its own options destructure, but subcommands
		// (plugin list, plugin install, mcp *) have their own actions and
		// never see it. Wire it up here so getInlinePlugins() works everywhere.
		// thisCommand.opts() is typed {} here because this hook is attached
		// before .option('--plugin-dir', ...) in the chain — extra-typings
		// builds the type as options are added. Narrow with a runtime guard;
		// the collect accumulator + [] default guarantee string[] in practice.
		const pluginDir = thisCommand.getOptionValue("pluginDir");
		if (
			Array.isArray(pluginDir) &&
			pluginDir.length > 0 &&
			pluginDir.every((p) => typeof p === "string")
		) {
			setInlinePlugins(pluginDir);
			clearPluginCache("preAction: --plugin-dir inline plugins");
		}

		runMigrations();
		profileCheckpoint("preAction_after_migrations");

		// Load remote managed settings for enterprise customers (non-blocking)
		// Fails open - if fetch fails, continues without remote settings
		// Settings are applied via hot-reload when they arrive
		// Must happen after init() to ensure config reading is allowed
		void loadRemoteManagedSettings();
		void loadPolicyLimits();

		profileCheckpoint("preAction_after_remote_settings");

		// Load settings sync (non-blocking, fail-open)
		// CLI: uploads local settings to remote (CCR download is handled by print.ts)
		if (feature("UPLOAD_USER_SETTINGS")) {
			void import("./services/settingsSync/index.js").then((m) =>
				m.uploadUserSettingsInBackground(),
			);
		}

		profileCheckpoint("preAction_after_settings_sync");
	});

	program
		.name("claude")
		.description(
			`Claude Code - starts an interactive session by default, use -p/--print for non-interactive output`,
		)
		.argument("[prompt]", "Your prompt", String)
		// Subcommands inherit helpOption via commander's copyInheritedSettings —
		// setting it once here covers mcp, plugin, auth, and all other subcommands.
		.helpOption("-h, --help", "Display help for command")
		.option(
			"-d, --debug [filter]",
			'Enable debug mode with optional category filtering (e.g., "api,hooks" or "!1p,!file")',
			(_value: string | true) => {
				// If value is provided, it will be the filter string
				// If not provided but flag is present, value will be true
				// The actual filtering is handled in debug.ts by parsing process.argv
				return true;
			},
		)
		.addOption(
			new Option("--debug-to-stderr", "Enable debug mode (to stderr)")
				.argParser(Boolean)
				.hideHelp(),
		)
		.option(
			"--debug-file <path>",
			"Write debug logs to a specific file path (implicitly enables debug mode)",
			() => true,
		)
		.option(
			"--verbose",
			"Override verbose mode setting from config",
			() => true,
		)
		.option(
			"-p, --print",
			"Print response and exit (useful for pipes). Note: The workspace trust dialog is skipped when Claude is run with the -p mode. Only use this flag in directories you trust.",
			() => true,
		)
		.option(
			"--bare",
			"Minimal mode: skip hooks, LSP, plugin sync, attribution, auto-memory, background prefetches, keychain reads, and CLAUDE.md auto-discovery. Sets CLAUDE_CODE_SIMPLE=1. Anthropic auth is strictly ANTHROPIC_API_KEY or apiKeyHelper via --settings (OAuth and keychain are never read). 3P providers (Bedrock/Vertex/Foundry) use their own credentials. Skills still resolve via /skill-name. Explicitly provide context via: --system-prompt[-file], --append-system-prompt[-file], --add-dir (CLAUDE.md dirs), --mcp-config, --settings, --agents, --plugin-dir.",
			() => true,
		)
		.addOption(
			new Option(
				"--init",
				"Run Setup hooks with init trigger, then continue",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--init-only",
				"Run Setup and SessionStart:startup hooks, then exit",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--maintenance",
				"Run Setup hooks with maintenance trigger, then continue",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--output-format <format>",
				'Output format (only works with --print): "text" (default), "json" (single result), or "stream-json" (realtime streaming)',
			).choices(["text", "json", "stream-json"]),
		)
		.addOption(
			new Option(
				"--json-schema <schema>",
				"JSON Schema for structured output validation. " +
					'Example: {"type":"object","properties":{"name":{"type":"string"}},"required":["name"]}',
			).argParser(String),
		)
		.option(
			"--include-hook-events",
			"Include all hook lifecycle events in the output stream (only works with --output-format=stream-json)",
			() => true,
		)
		.option(
			"--include-partial-messages",
			"Include partial message chunks as they arrive (only works with --print and --output-format=stream-json)",
			() => true,
		)
		.addOption(
			new Option(
				"--input-format <format>",
				'Input format (only works with --print): "text" (default), or "stream-json" (realtime streaming input)',
			).choices(["text", "stream-json"]),
		)
		.option(
			"--mcp-debug",
			"[DEPRECATED. Use --debug instead] Enable MCP debug mode (shows MCP server errors)",
			() => true,
		)
		.option(
			"--dangerously-skip-permissions",
			"Bypass all permission checks. Recommended only for sandboxes with no internet access.",
			() => true,
		)
		.option(
			"--allow-dangerously-skip-permissions",
			"Enable bypassing all permission checks as an option, without it being enabled by default. Recommended only for sandboxes with no internet access.",
			() => true,
		)
		.addOption(
			new Option(
				"--thinking <mode>",
				"Thinking mode: enabled (equivalent to adaptive), disabled",
			)
				.choices(["enabled", "adaptive", "disabled"])
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--max-thinking-tokens <tokens>",
				"[DEPRECATED. Use --thinking instead for newer models] Maximum number of thinking tokens (only works with --print)",
			)
				.argParser(Number)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--max-turns <turns>",
				"Maximum number of agentic turns in non-interactive mode. This will early exit the conversation after the specified number of turns. (only works with --print)",
			)
				.argParser(Number)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--max-budget-usd <amount>",
				"Maximum dollar amount to spend on API calls (only works with --print)",
			).argParser((value) => {
				const amount = Number(value);
				if (isNaN(amount) || amount <= 0) {
					throw new Error(
						"--max-budget-usd must be a positive number greater than 0",
					);
				}
				return amount;
			}),
		)
		.addOption(
			new Option(
				"--task-budget <tokens>",
				"API-side task budget in tokens (output_config.task_budget)",
			)
				.argParser((value) => {
					const tokens = Number(value);
					if (
						isNaN(tokens) ||
						tokens <= 0 ||
						!Number.isInteger(tokens)
					) {
						throw new Error(
							"--task-budget must be a positive integer",
						);
					}
					return tokens;
				})
				.hideHelp(),
		)
		.option(
			"--replay-user-messages",
			"Re-emit user messages from stdin back on stdout for acknowledgment (only works with --input-format=stream-json and --output-format=stream-json)",
			() => true,
		)
		.addOption(
			new Option(
				"--enable-auth-status",
				"Enable auth status messages in SDK mode",
			)
				.default(false)
				.hideHelp(),
		)
		.option(
			"--allowedTools, --allowed-tools <tools...>",
			'Comma or space-separated list of tool names to allow (e.g. "Bash(git:*) Edit")',
		)
		.option(
			"--tools <tools...>",
			'Specify the list of available tools from the built-in set. Use "" to disable all tools, "default" to use all tools, or specify tool names (e.g. "Bash,Edit,Read").',
		)
		.option(
			"--disallowedTools, --disallowed-tools <tools...>",
			'Comma or space-separated list of tool names to deny (e.g. "Bash(git:*) Edit")',
		)
		.option(
			"--mcp-config <configs...>",
			"Load MCP servers from JSON files or strings (space-separated)",
		)
		.addOption(
			new Option(
				"--permission-prompt-tool <tool>",
				"MCP tool to use for permission prompts (only works with --print)",
			)
				.argParser(String)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--system-prompt <prompt>",
				"System prompt to use for the session",
			).argParser(String),
		)
		.addOption(
			new Option(
				"--system-prompt-file <file>",
				"Read system prompt from a file",
			)
				.argParser(String)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--append-system-prompt <prompt>",
				"Append a system prompt to the default system prompt",
			).argParser(String),
		)
		.addOption(
			new Option(
				"--append-system-prompt-file <file>",
				"Read system prompt from a file and append to the default system prompt",
			)
				.argParser(String)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--permission-mode <mode>",
				"Permission mode to use for the session",
			)
				.argParser(String)
				.choices(PERMISSION_MODES),
		)
		.option(
			"-c, --continue",
			"Continue the most recent conversation in the current directory",
			() => true,
		)
		.option(
			"-r, --resume [value]",
			"Resume a conversation by session ID, or open interactive picker with optional search term",
			(value) => value || true,
		)
		.option(
			"--fork-session",
			"When resuming, create a new session ID instead of reusing the original (use with --resume or --continue)",
			() => true,
		)
		.addOption(
			new Option(
				"--prefill <text>",
				"Pre-fill the prompt input with text without submitting it",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--deep-link-origin",
				"Signal that this session was launched from a deep link",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--deep-link-repo <slug>",
				"Repo slug the deep link ?repo= parameter resolved to the current cwd",
			).hideHelp(),
		)
		.addOption(
			new Option(
				"--deep-link-last-fetch <ms>",
				"FETCH_HEAD mtime in epoch ms, precomputed by the deep link trampoline",
			)
				.argParser((v) => {
					const n = Number(v);
					return Number.isFinite(n) ? n : undefined;
				})
				.hideHelp(),
		)
		.option(
			"--from-pr [value]",
			"Resume a session linked to a PR by PR number/URL, or open interactive picker with optional search term",
			(value) => value || true,
		)
		.option(
			"--no-session-persistence",
			"Disable session persistence - sessions will not be saved to disk and cannot be resumed (only works with --print)",
		)
		.addOption(
			new Option(
				"--resume-session-at <message id>",
				"When resuming, only messages up to and including the assistant message with <message.id> (use with --resume in print mode)",
			)
				.argParser(String)
				.hideHelp(),
		)
		.addOption(
			new Option(
				"--rewind-files <user-message-id>",
				"Restore files to state at the specified user message and exit (requires --resume)",
			).hideHelp(),
		)
		// @[MODEL LAUNCH]: Update the example model ID in the --model help text.
		.option(
			"--model <model>",
			`Model for the current session. Provide an alias for the latest model (e.g. 'sonnet' or 'opus') or a model's full name (e.g. 'claude-sonnet-4-6').`,
		)
		.addOption(
			new Option(
				"--effort <level>",
				`Effort level for the current session (low, medium, high, max)`,
			).argParser((rawValue: string) => {
				const value = rawValue.toLowerCase();
				const allowed = ["low", "medium", "high", "max"];
				if (!allowed.includes(value)) {
					throw new InvalidArgumentError(
						`It must be one of: ${allowed.join(", ")}`,
					);
				}
				return value;
			}),
		)
		.option(
			"--agent <agent>",
			`Agent for the current session. Overrides the 'agent' setting.`,
		)
		.option(
			"--betas <betas...>",
			"Beta headers to include in API requests (API key users only)",
		)
		.option(
			"--fallback-model <model>",
			"Enable automatic fallback to specified model when default model is overloaded (only works with --print)",
		)
		.addOption(
			new Option(
				"--workload <tag>",
				"Workload tag for billing-header attribution (cc_workload). Process-scoped; set by SDK daemon callers that spawn subprocesses for cron work. (only works with --print)",
			).hideHelp(),
		)
		.option(
			"--settings <file-or-json>",
			"Path to a settings JSON file or a JSON string to load additional settings from",
		)
		.option(
			"--add-dir <directories...>",
			"Additional directories to allow tool access to",
		)
		.option(
			"--ide",
			"Automatically connect to IDE on startup if exactly one valid IDE is available",
			() => true,
		)
		.option(
			"--strict-mcp-config",
			"Only use MCP servers from --mcp-config, ignoring all other MCP configurations",
			() => true,
		)
		.option(
			"--session-id <uuid>",
			"Use a specific session ID for the conversation (must be a valid UUID)",
		)
		.option(
			"-n, --name <name>",
			"Set a display name for this session (shown in /resume and terminal title)",
		)
		.option(
			"--agents <json>",
			'JSON object defining custom agents (e.g. \'{"reviewer": {"description": "Reviews code", "prompt": "You are a code reviewer"}}\')',
		)
		.option(
			"--setting-sources <sources>",
			"Comma-separated list of setting sources to load (user, project, local).",
		)
		// gh-33508: <paths...> (variadic) consumed everything until the next
		// --flag. `claude --plugin-dir /path mcp add --transport http` swallowed
		// `mcp` and `add` as paths, then choked on --transport as an unknown
		// top-level option. Single-value + collect accumulator means each
		// --plugin-dir takes exactly one arg; repeat the flag for multiple dirs.
		.option(
			"--plugin-dir <path>",
			"Load plugins from a directory for this session only (repeatable: --plugin-dir A --plugin-dir B)",
			(val: string, prev: string[]) => [...prev, val],
			[] as string[],
		)
		.option("--disable-slash-commands", "Disable all skills", () => true)
		.option("--chrome", "Enable Claude in Chrome integration")
		.option("--no-chrome", "Disable Claude in Chrome integration")
		.option(
			"--file <specs...>",
			"File resources to download at startup. Format: file_id:relative_path (e.g., --file file_abc:doc.txt file_def:img.png)",
		)
		.action(async (prompt, options) => {
			profileCheckpoint("action_handler_start");

			// --bare = one-switch minimal mode. Sets SIMPLE so all the existing
			// gates fire (CLAUDE.md, skills, hooks inside executeHooks, agent
			// dir-walk). Must be set before setup() / any of the gated work runs.
			if ((options as { bare?: boolean }).bare) {
				process.env.CLAUDE_CODE_SIMPLE = "1";
			}

			// Ignore "code" as a prompt - treat it the same as no prompt
			if (prompt === "code") {
				logEvent("tengu_code_prompt_ignored", {});
				console.warn(
					chalk.yellow(
						"Tip: You can launch Claude Code with just `claude`",
					),
				);
				prompt = undefined;
			}

			// Log event for any single-word prompt
			if (
				prompt &&
				typeof prompt === "string" &&
				!/\s/.test(prompt) &&
				prompt.length > 0
			) {
				logEvent("tengu_single_word_prompt", { length: prompt.length });
			}

			// Assistant mode: when .claude/settings.json has assistant: true AND
			// the tengu_kairos GrowthBook gate is on, force brief on. Permission
			// mode is left to the user — settings defaultMode or --permission-mode
			// apply as normal. REPL-typed messages already default to 'next'
			// priority (messageQueueManager.enqueue) so they drain mid-turn between
			// tool calls. SendUserMessage (BriefTool) is enabled via the brief env
			// var. SleepTool stays disabled (its isEnabled() gates on proactive).
			// kairosEnabled is computed once here and reused at the
			// getAssistantSystemPromptAddendum() call site further down.
			//
			// Trust gate: .claude/settings.json is attacker-controllable in an
			// untrusted clone. We run ~1000 lines before showSetupScreens() shows
			// the trust dialog, and by then we've already appended
			// .claude/agents/assistant.md to the system prompt. Refuse to activate
			// until the directory has been explicitly trusted.
			let kairosEnabled = false;
			let assistantTeamContext:
				| Awaited<
						ReturnType<
							NonNullable<
								typeof assistantModule
							>["initializeAssistantTeam"]
						>
				  >
				| undefined;
			if (
				feature("KAIROS") &&
				(options as { assistant?: boolean }).assistant &&
				assistantModule
			) {
				// --assistant (Agent SDK daemon mode): force the latch before
				// isAssistantMode() runs below. The daemon has already checked
				// entitlement — don't make the child re-check tengu_kairos.
				assistantModule.markAssistantForced();
			}
			if (
				feature("KAIROS") &&
				assistantModule &&
				(assistantModule.isAssistantForced() ||
					(options as Record<string, unknown>).assistant === true) &&
				// Spawned teammates share the leader's cwd + settings.json, so
				// the flag is true for them too. --agent-id being set
				// means we ARE a spawned teammate (extractTeammateOptions runs
				// ~170 lines later so check the raw commander option) — don't
				// re-init the team or override teammateMode/proactive/brief.
				!(options as { agentId?: unknown }).agentId &&
				kairosGate
			) {
				if (!checkHasTrustDialogAccepted()) {
					console.warn(
						chalk.yellow(
							"Assistant mode disabled: directory is not trusted. Accept the trust dialog and restart.",
						),
					);
				} else {
					// Blocking gate check — returns cached `true` instantly; if disk
					// cache is false/missing, lazily inits GrowthBook and fetches fresh
					// (max ~5s). --assistant skips the gate entirely (daemon is
					// pre-entitled).
					kairosEnabled =
						assistantModule.isAssistantForced() ||
						(await kairosGate.isKairosEnabled());
					if (kairosEnabled) {
						const opts = options as { brief?: boolean };
						opts.brief = true;
						setKairosActive(true);
						// Pre-seed an in-process team so Agent(name: "foo") spawns
						// teammates without TeamCreate. Must run BEFORE setup() captures
						// the teammateMode snapshot (initializeAssistantTeam calls
						// setCliTeammateModeOverride internally).
						assistantTeamContext =
							await assistantModule.initializeAssistantTeam();
					}
				}
			}

			const {
				debug = false,
				debugToStderr = false,
				dangerouslySkipPermissions,
				allowDangerouslySkipPermissions = false,
				tools: baseTools = [],
				allowedTools = [],
				disallowedTools = [],
				mcpConfig = [],
				permissionMode: permissionModeCli,
				addDir = [],
				fallbackModel,
				betas = [],
				ide = false,
				sessionId,
				includeHookEvents,
				includePartialMessages,
			} = options;

			if (options.prefill) {
				seedEarlyInput(options.prefill);
			}

			// Promise for file downloads - started early, awaited before REPL renders
			let fileDownloadPromise: Promise<DownloadResult[]> | undefined;

			const agentsJson = options.agents;
			const agentCli = options.agent;
			if (feature("BG_SESSIONS") && agentCli) {
				process.env.CLAUDE_CODE_AGENT = agentCli;
			}

			// NOTE: LSP manager initialization is intentionally deferred until after
			// the trust dialog is accepted. This prevents plugin LSP servers from
			// executing code in untrusted directories before user consent.

			// Extract these separately so they can be modified if needed
			let outputFormat = options.outputFormat;
			let inputFormat = options.inputFormat;
			let verbose = options.verbose ?? getGlobalConfig().verbose;
			let print = options.print;
			const init = options.init ?? false;
			const initOnly = options.initOnly ?? false;
			const maintenance = options.maintenance ?? false;

			// Extract disable slash commands flag
			const disableSlashCommands = options.disableSlashCommands || false;

			// Extract tasks mode options (ant-only)
			const tasksOption =
				process.env.USER_TYPE === "ant" &&
				(options as { tasks?: boolean | string }).tasks;
			const taskListId = tasksOption
				? typeof tasksOption === "string"
					? tasksOption
					: DEFAULT_TASKS_MODE_TASK_LIST_ID
				: undefined;
			if (process.env.USER_TYPE === "ant" && taskListId) {
				process.env.CLAUDE_CODE_TASK_LIST_ID = taskListId;
			}

			// Extract worktree option
			// worktree can be true (flag without value) or a string (custom name or PR reference)
			const worktreeOption = isWorktreeModeEnabled()
				? (options as { worktree?: boolean | string }).worktree
				: undefined;
			let worktreeName =
				typeof worktreeOption === "string" ? worktreeOption : undefined;
			const worktreeEnabled = worktreeOption !== undefined;

			// Check if worktree name is a PR reference (#N or GitHub PR URL)
			let worktreePRNumber: number | undefined;
			if (worktreeName) {
				const prNum = parsePRReference(worktreeName);
				if (prNum !== null) {
					worktreePRNumber = prNum;
					worktreeName = undefined; // slug will be generated in setup()
				}
			}

			// Extract tmux option (requires --worktree)
			const tmuxEnabled =
				isWorktreeModeEnabled() &&
				(options as { tmux?: boolean }).tmux === true;

			// Validate tmux option
			if (tmuxEnabled) {
				if (!worktreeEnabled) {
					process.stderr.write(
						chalk.red("Error: --tmux requires --worktree\n"),
					);
					process.exit(1);
				}
				if (getPlatform() === "windows") {
					process.stderr.write(
						chalk.red(
							"Error: --tmux is not supported on Windows\n",
						),
					);
					process.exit(1);
				}
				if (!(await isTmuxAvailable())) {
					process.stderr.write(
						chalk.red(
							`Error: tmux is not installed.\n${getTmuxInstallInstructions()}\n`,
						),
					);
					process.exit(1);
				}
			}

			// Extract teammate options (for tmux-spawned agents)
			// Declared outside the if block so it's accessible later for system prompt addendum
			let storedTeammateOpts: TeammateOptions | undefined;
			if (isAgentSwarmsEnabled()) {
				// Extract agent identity options (for tmux-spawned agents)
				// These replace the CLAUDE_CODE_* environment variables
				const teammateOpts = extractTeammateOptions(options);
				storedTeammateOpts = teammateOpts;

				// If any teammate identity option is provided, all three required ones must be present
				const hasAnyTeammateOpt =
					teammateOpts.agentId ||
					teammateOpts.agentName ||
					teammateOpts.teamName;
				const hasAllRequiredTeammateOpts =
					teammateOpts.agentId &&
					teammateOpts.agentName &&
					teammateOpts.teamName;

				if (hasAnyTeammateOpt && !hasAllRequiredTeammateOpts) {
					process.stderr.write(
						chalk.red(
							"Error: --agent-id, --agent-name, and --team-name must all be provided together\n",
						),
					);
					process.exit(1);
				}

				// If teammate identity is provided via CLI, set up dynamicTeamContext
				if (
					teammateOpts.agentId &&
					teammateOpts.agentName &&
					teammateOpts.teamName
				) {
					getTeammateUtils().setDynamicTeamContext?.({
						agentId: teammateOpts.agentId,
						agentName: teammateOpts.agentName,
						teamName: teammateOpts.teamName,
						color: teammateOpts.agentColor,
						planModeRequired:
							teammateOpts.planModeRequired ?? false,
						parentSessionId: teammateOpts.parentSessionId,
					});
				}

				// Set teammate mode CLI override if provided
				// This must be done before setup() captures the snapshot
				if (teammateOpts.teammateMode) {
					getTeammateModeSnapshot().setCliTeammateModeOverride?.(
						teammateOpts.teammateMode,
					);
				}
			}

			// Extract remote sdk options
			const sdkUrl = (options as { sdkUrl?: string }).sdkUrl ?? undefined;

			// Allow env var to enable partial messages (used by sandbox gateway for baku)
			const effectiveIncludePartialMessages =
				includePartialMessages ||
				isEnvTruthy(process.env.CLAUDE_CODE_INCLUDE_PARTIAL_MESSAGES);

			// Enable all hook event types when explicitly requested via SDK option
			// or when running in CLAUDE_CODE_REMOTE mode (CCR needs them).
			// Without this, only SessionStart and Setup events are emitted.
			if (
				includeHookEvents ||
				isEnvTruthy(process.env.CLAUDE_CODE_REMOTE)
			) {
				setAllHookEventsEnabled(true);
			}

			// Auto-set input/output formats, verbose mode, and print mode when SDK URL is provided
			if (sdkUrl) {
				// If SDK URL is provided, automatically use stream-json formats unless explicitly set
				if (!inputFormat) {
					inputFormat = "stream-json";
				}
				if (!outputFormat) {
					outputFormat = "stream-json";
				}
				// Auto-enable verbose mode unless explicitly disabled or already set
				if (options.verbose === undefined) {
					verbose = true;
				}
				// Auto-enable print mode unless explicitly disabled
				if (!options.print) {
					print = true;
				}
			}

			// Extract teleport option
			const teleport =
				(options as { teleport?: string | true }).teleport ?? null;

			// Extract remote option (can be true if no description provided, or a string)
			const remoteOption = (options as { remote?: string | true }).remote;
			const remote = remoteOption === true ? "" : (remoteOption ?? null);

			// Extract --remote-control / --rc flag (enable bridge in interactive session)
			const remoteControlOption =
				(options as { remoteControl?: string | true }).remoteControl ??
				(options as { rc?: string | true }).rc;
			// Actual bridge check is deferred to after showSetupScreens() so that
			// trust is established and GrowthBook has auth headers.
			let remoteControl = false;
			const remoteControlName =
				typeof remoteControlOption === "string" &&
				remoteControlOption.length > 0
					? remoteControlOption
					: undefined;

			// Validate session ID if provided
			if (sessionId) {
				// Check for conflicting flags
				// --session-id can be used with --continue or --resume when --fork-session is also provided
				// (to specify a custom ID for the forked session)
				if (
					(options.continue || options.resume) &&
					!options.forkSession
				) {
					process.stderr.write(
						chalk.red(
							"Error: --session-id can only be used with --continue or --resume if --fork-session is also specified.\n",
						),
					);
					process.exit(1);
				}

				// When --sdk-url is provided (bridge/remote mode), the session ID is a
				// server-assigned tagged ID (e.g. "session_local_01...") rather than a
				// UUID. Skip UUID validation and local existence checks in that case.
				if (!sdkUrl) {
					const validatedSessionId = validateUuid(sessionId);
					if (!validatedSessionId) {
						process.stderr.write(
							chalk.red(
								"Error: Invalid session ID. Must be a valid UUID.\n",
							),
						);
						process.exit(1);
					}

					// Check if session ID already exists
					if (sessionIdExists(validatedSessionId)) {
						process.stderr.write(
							chalk.red(
								`Error: Session ID ${validatedSessionId} is already in use.\n`,
							),
						);
						process.exit(1);
					}
				}
			}

			// Download file resources if specified via --file flag
			const fileSpecs = (options as { file?: string[] }).file;
			if (fileSpecs && fileSpecs.length > 0) {
				// Get session ingress token (provided by EnvManager via CLAUDE_CODE_SESSION_ACCESS_TOKEN)
				const sessionToken = getSessionIngressAuthToken();
				if (!sessionToken) {
					process.stderr.write(
						chalk.red(
							"Error: Session token required for file downloads. CLAUDE_CODE_SESSION_ACCESS_TOKEN must be set.\n",
						),
					);
					process.exit(1);
				}

				// Resolve session ID: prefer remote session ID, fall back to internal session ID
				const fileSessionId =
					process.env.CLAUDE_CODE_REMOTE_SESSION_ID || getSessionId();

				const files = parseFileSpecs(fileSpecs);
				if (files.length > 0) {
					// Use ANTHROPIC_BASE_URL if set (by EnvManager), otherwise use OAuth config
					// This ensures consistency with session ingress API in all environments
					const config: FilesApiConfig = {
						baseUrl:
							process.env.ANTHROPIC_BASE_URL ||
							getOauthConfig().BASE_API_URL,
						oauthToken: sessionToken,
						sessionId: fileSessionId,
					};

					// Start download without blocking startup - await before REPL renders
					fileDownloadPromise = downloadSessionFiles(files, config);
				}
			}

			// Get isNonInteractiveSession from state (was set before init())
			const isNonInteractiveSession = getIsNonInteractiveSession();

			// Validate that fallback model is different from main model
			if (
				fallbackModel &&
				options.model &&
				fallbackModel === options.model
			) {
				process.stderr.write(
					chalk.red(
						"Error: Fallback model cannot be the same as the main model. Please specify a different model for --fallback-model.\n",
					),
				);
				process.exit(1);
			}

			// Handle system prompt options
			let systemPrompt = options.systemPrompt;
			if (options.systemPromptFile) {
				if (options.systemPrompt) {
					process.stderr.write(
						chalk.red(
							"Error: Cannot use both --system-prompt and --system-prompt-file. Please use only one.\n",
						),
					);
					process.exit(1);
				}

				try {
					const filePath = resolve(options.systemPromptFile);
					systemPrompt = readFileSync(filePath, "utf8");
				} catch (error) {
					const code = getErrnoCode(error);
					if (code === "ENOENT") {
						process.stderr.write(
							chalk.red(
								`Error: System prompt file not found: ${resolve(options.systemPromptFile)}\n`,
							),
						);
						process.exit(1);
					}
					process.stderr.write(
						chalk.red(
							`Error reading system prompt file: ${errorMessage(error)}\n`,
						),
					);
					process.exit(1);
				}
			}

			// Handle append system prompt options
			let appendSystemPrompt = options.appendSystemPrompt;
			if (options.appendSystemPromptFile) {
				if (options.appendSystemPrompt) {
					process.stderr.write(
						chalk.red(
							"Error: Cannot use both --append-system-prompt and --append-system-prompt-file. Please use only one.\n",
						),
					);
					process.exit(1);
				}

				try {
					const filePath = resolve(options.appendSystemPromptFile);
					appendSystemPrompt = readFileSync(filePath, "utf8");
				} catch (error) {
					const code = getErrnoCode(error);
					if (code === "ENOENT") {
						process.stderr.write(
							chalk.red(
								`Error: Append system prompt file not found: ${resolve(options.appendSystemPromptFile)}\n`,
							),
						);
						process.exit(1);
					}
					process.stderr.write(
						chalk.red(
							`Error reading append system prompt file: ${errorMessage(error)}\n`,
						),
					);
					process.exit(1);
				}
			}

			// Add teammate-specific system prompt addendum for tmux teammates
			if (
				isAgentSwarmsEnabled() &&
				storedTeammateOpts?.agentId &&
				storedTeammateOpts?.agentName &&
				storedTeammateOpts?.teamName
			) {
				const addendum =
					getTeammatePromptAddendum().TEAMMATE_SYSTEM_PROMPT_ADDENDUM;
				appendSystemPrompt = appendSystemPrompt
					? `${appendSystemPrompt}\n\n${addendum}`
					: addendum;
			}

			const {
				mode: permissionMode,
				notification: permissionModeNotification,
			} = initialPermissionModeFromCLI({
				permissionModeCli,
				dangerouslySkipPermissions,
			});

			// Store session bypass permissions mode for trust dialog check
			setSessionBypassPermissionsMode(
				permissionMode === "bypassPermissions",
			);
			if (feature("TRANSCRIPT_CLASSIFIER")) {
				// autoModeFlagCli is the "did the user intend auto this session" signal.
				// Set when: --enable-auto-mode, --permission-mode auto, resolved mode
				// is auto, OR settings defaultMode is auto but the gate denied it
				// (permissionMode resolved to default with no explicit CLI override).
				// Used by verifyAutoModeGateAccess to decide whether to notify on
				// auto-unavailable, and by tengu_auto_mode_config opt-in carousel.
				if (
					(options as { enableAutoMode?: boolean }).enableAutoMode ||
					permissionModeCli === "auto" ||
					permissionMode === "auto" ||
					(!permissionModeCli && isDefaultPermissionModeAuto())
				) {
					autoModeStateModule?.setAutoModeFlagCli(true);
				}
			}

			// Parse the MCP config files/strings if provided
			let dynamicMcpConfig: Record<string, ScopedMcpServerConfig> = {
				// Built-in MCP servers (default disabled, user enables via /mcp)
				"mcp-chrome": {
					type: "http",
					url: "http://127.0.0.1:12306/mcp",
					scope: "dynamic",
					"headers": {
						"Authorization": "Bearer my-static-token",
					}
				},
			};

			if (mcpConfig && mcpConfig.length > 0) {
				// Process mcpConfig array
				const processedConfigs = mcpConfig
					.map((config) => config.trim())
					.filter((config) => config.length > 0);

				let allConfigs: Record<string, McpServerConfig> = {};
				const allErrors: ValidationError[] = [];

				for (const configItem of processedConfigs) {
					let configs: Record<string, McpServerConfig> | null = null;
					let errors: ValidationError[] = [];

					// First try to parse as JSON string
					const parsedJson = safeParseJSON(configItem);
					if (parsedJson) {
						const result = parseMcpConfig({
							configObject: parsedJson,
							filePath: "command line",
							expandVars: true,
							scope: "dynamic",
						});
						if (result.config) {
							configs = result.config.mcpServers;
						} else {
							errors = result.errors;
						}
					} else {
						// Try as file path
						const configPath = resolve(configItem);
						const result = parseMcpConfigFromFilePath({
							filePath: configPath,
							expandVars: true,
							scope: "dynamic",
						});
						if (result.config) {
							configs = result.config.mcpServers;
						} else {
							errors = result.errors;
						}
					}

					if (errors.length > 0) {
						allErrors.push(...errors);
					} else if (configs) {
						// Merge configs, later ones override earlier ones
						allConfigs = { ...allConfigs, ...configs };
					}
				}

				if (allErrors.length > 0) {
					const formattedErrors = allErrors
						.map(
							(err) =>
								`${err.path ? err.path + ": " : ""}${err.message}`,
						)
						.join("\n");
					logForDebugging(
						`--mcp-config validation failed (${allErrors.length} errors): ${formattedErrors}`,
						{
							level: "error",
						},
					);
					process.stderr.write(
						`Error: Invalid MCP configuration:\n${formattedErrors}\n`,
					);
					process.exit(1);
				}

				if (Object.keys(allConfigs).length > 0) {
					// SDK hosts (Nest/Desktop) own their server naming and may reuse
					// built-in names — skip reserved-name checks for type:'sdk'.
					const nonSdkConfigNames = Object.entries(allConfigs)
						.filter(([, config]) => config.type !== "sdk")
						.map(([name]) => name);

					let reservedNameError: string | null = null;
					if (nonSdkConfigNames.some(isClaudeInChromeMCPServer)) {
						reservedNameError = `Invalid MCP configuration: "${CLAUDE_IN_CHROME_MCP_SERVER_NAME}" is a reserved MCP name.`;
					} else if (feature("CHICAGO_MCP")) {
						const {
							isComputerUseMCPServer,
							COMPUTER_USE_MCP_SERVER_NAME,
						} = await import("src/utils/computerUse/common.js");
						if (nonSdkConfigNames.some(isComputerUseMCPServer)) {
							reservedNameError = `Invalid MCP configuration: "${COMPUTER_USE_MCP_SERVER_NAME}" is a reserved MCP name.`;
						}
					}
					if (reservedNameError) {
						// stderr+exit(1) — a throw here becomes a silent unhandled
						// rejection in stream-json mode (void main() in cli.tsx).
						process.stderr.write(`Error: ${reservedNameError}\n`);
						process.exit(1);
					}

					// Add dynamic scope to all configs. type:'sdk' entries pass through
					// unchanged — they're extracted into sdkMcpConfigs downstream and
					// passed to print.ts. The Python SDK relies on this path (it doesn't
					// send sdkMcpServers in the initialize message). Dropping them here
					// broke Coworker (inc-5122). The policy filter below already exempts
					// type:'sdk', and the entries are inert without an SDK transport on
					// stdin, so there's no bypass risk from letting them through.
					const scopedConfigs = mapValues(allConfigs, (config) => ({
						...config,
						scope: "dynamic" as const,
					}));

					// Enforce managed policy (allowedMcpServers / deniedMcpServers) on
					// --mcp-config servers. Without this, the CLI flag bypasses the
					// enterprise allowlist that user/project/local configs go through in
					// getClaudeCodeMcpConfigs — callers spread dynamicMcpConfig back on
					// top of filtered results. Filter here at the source so all
					// downstream consumers see the policy-filtered set.
					const { allowed, blocked } =
						filterMcpServersByPolicy(scopedConfigs);
					if (blocked.length > 0) {
						process.stderr.write(
							`Warning: MCP ${plural(blocked.length, "server")} blocked by enterprise policy: ${blocked.join(", ")}\n`,
						);
					}
					dynamicMcpConfig = { ...dynamicMcpConfig, ...(allowed as Record<string, ScopedMcpServerConfig>) };
				}
			}

			// Extract Claude in Chrome option and enforce claude.ai subscriber check (unless user is ant)
			const chromeOpts = options as { chrome?: boolean };
			// Store the explicit CLI flag so teammates can inherit it
			setChromeFlagOverride(chromeOpts.chrome);
			const enableClaudeInChrome =
				shouldEnableClaudeInChrome(chromeOpts.chrome) &&
				(process.env.USER_TYPE === "ant" || isClaudeAISubscriber());
			const autoEnableClaudeInChrome =
				!enableClaudeInChrome && shouldAutoEnableClaudeInChrome();

			if (enableClaudeInChrome) {
				const platform = getPlatform();
				try {
					logEvent("tengu_claude_in_chrome_setup", {
						platform:
							platform as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});

					const {
						mcpConfig: chromeMcpConfig,
						allowedTools: chromeMcpTools,
						systemPrompt: chromeSystemPrompt,
					} = setupClaudeInChrome();
					dynamicMcpConfig = {
						...dynamicMcpConfig,
						...chromeMcpConfig,
					};
					allowedTools.push(...chromeMcpTools);
					if (chromeSystemPrompt) {
						appendSystemPrompt = appendSystemPrompt
							? `${chromeSystemPrompt}\n\n${appendSystemPrompt}`
							: chromeSystemPrompt;
					}
				} catch (error) {
					logEvent("tengu_claude_in_chrome_setup_failed", {
						platform:
							platform as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});
					logForDebugging(`[Claude in Chrome] Error: ${error}`);
					logError(error);
					console.error(
						`Error: Failed to run with Claude in Chrome.`,
					);
					process.exit(1);
				}
			} else if (autoEnableClaudeInChrome) {
				try {
					const { mcpConfig: chromeMcpConfig } =
						setupClaudeInChrome();
					dynamicMcpConfig = {
						...dynamicMcpConfig,
						...chromeMcpConfig,
					};

					const hint =
						feature("WEB_BROWSER_TOOL") &&
						typeof Bun !== "undefined" &&
						"WebView" in Bun
							? CLAUDE_IN_CHROME_SKILL_HINT_WITH_WEBBROWSER
							: CLAUDE_IN_CHROME_SKILL_HINT;
					appendSystemPrompt = appendSystemPrompt
						? `${appendSystemPrompt}\n\n${hint}`
						: hint;
				} catch (error) {
					// Silently skip any errors for the auto-enable
					logForDebugging(
						`[Claude in Chrome] Error (auto-enable): ${error}`,
					);
				}
			}

			// Extract strict MCP config flag
			const strictMcpConfig = options.strictMcpConfig || false;

			// Check if enterprise MCP configuration exists. When it does, only allow dynamic MCP
			// configs that contain special server types (sdk)
			if (doesEnterpriseMcpConfigExist()) {
				if (strictMcpConfig) {
					process.stderr.write(
						chalk.red(
							"You cannot use --strict-mcp-config when an enterprise MCP config is present",
						),
					);
					process.exit(1);
				}

				// For --mcp-config, allow if all servers are internal types (sdk)
				if (
					dynamicMcpConfig &&
					!areMcpConfigsAllowedWithEnterpriseMcpConfig(
						dynamicMcpConfig,
					)
				) {
					process.stderr.write(
						chalk.red(
							"You cannot dynamically configure MCP servers when an enterprise MCP config is present",
						),
					);
					process.exit(1);
				}
			}

			// chicago MCP: guarded Computer Use (app allowlist + frontmost gate +
			// SCContentFilter screenshots). Ant-only, GrowthBook-gated — failures
			// are silent (this is dogfooding). Platform + interactive checks inline
			// so non-macOS / print-mode ants skip the heavy @ant/computer-use-mcp
			// import entirely. gates.js is light (type-only package import).
			//
			// Placed AFTER the enterprise-MCP-config check: that check rejects any
			// dynamicMcpConfig entry with `type !== 'sdk'`, and our config is
			// `type: 'stdio'`. An enterprise-config ant with the GB gate on would
			// otherwise process.exit(1). Chrome has the same latent issue but has
			// shipped without incident; chicago places itself correctly.
			if (
				feature("CHICAGO_MCP") &&
				getPlatform() !== "unknown" &&
				!getIsNonInteractiveSession()
			) {
				try {
					const { getChicagoEnabled } =
						await import("src/utils/computerUse/gates.js");
					if (getChicagoEnabled()) {
						const { setupComputerUseMCP } =
							await import("src/utils/computerUse/setup.js");
						const { mcpConfig, allowedTools: cuTools } =
							setupComputerUseMCP();
						dynamicMcpConfig = {
							...dynamicMcpConfig,
							...mcpConfig,
						};
						allowedTools.push(...cuTools);
					}
				} catch (error) {
					logForDebugging(
						`[Computer Use MCP] Setup failed: ${errorMessage(error)}`,
					);
				}
			}

			// Store additional directories for CLAUDE.md loading (controlled by env var)
			setAdditionalDirectoriesForClaudeMd(addDir);

			// Channel server allowlist from --channels flag — servers whose
			// inbound push notifications should register this session. The option
			// is added inside a feature() block so TS doesn't know about it
			// on the options type — same pattern as --assistant at main.tsx:1824.
			// devChannels is deferred: showSetupScreens shows a confirmation dialog
			// and only appends to allowedChannels on accept.
			let devChannels: ChannelEntry[] | undefined;
			// Parse plugin:name@marketplace / server:Y tags into typed entries.
			// Tag decides trust model downstream: plugin-kind hits marketplace
			// verification + GrowthBook allowlist, server-kind always fails
			// allowlist (schema is plugin-only) unless dev flag is set.
			// Untagged or marketplace-less plugin entries are hard errors —
			// silently not-matching in the gate would look like channels are
			// "on" but nothing ever fires.
			const parseChannelEntries = (
				raw: string[],
				flag: string,
			): ChannelEntry[] => {
				const entries: ChannelEntry[] = [];
				const bad: string[] = [];
				for (const c of raw) {
					if (c.startsWith("plugin:")) {
						const rest = c.slice(7);
						const at = rest.indexOf("@");
						if (at <= 0 || at === rest.length - 1) {
							bad.push(c);
						} else {
							entries.push({
								kind: "plugin",
								name: rest.slice(0, at),
								marketplace: rest.slice(at + 1),
							});
						}
					} else if (c.startsWith("server:") && c.length > 7) {
						entries.push({ kind: "server", name: c.slice(7) });
					} else {
						bad.push(c);
					}
				}
				if (bad.length > 0) {
					process.stderr.write(
						chalk.red(
							`${flag} entries must be tagged: ${bad.join(", ")}\n` +
								`  plugin:<name>@<marketplace>  — plugin-provided channel (allowlist enforced)\n` +
								`  server:<name>                — manually configured MCP server\n`,
						),
					);
					process.exit(1);
				}
				return entries;
			};

			const channelOpts = options as {
				channels?: string[];
				dangerouslyLoadDevelopmentChannels?: string[];
			};
			const rawChannels = channelOpts.channels;
			const rawDev = channelOpts.dangerouslyLoadDevelopmentChannels;
			// Always parse + set. ChannelsNotice reads getAllowedChannels() and
			// renders the appropriate branch (disabled/noAuth/policyBlocked/
			// listening) in the startup screen. gateChannelServer() enforces.
			// --channels works in both interactive and print/SDK modes; dev-channels
			// stays interactive-only (requires a confirmation dialog).
			let channelEntries: ChannelEntry[] = [];
			if (rawChannels && rawChannels.length > 0) {
				channelEntries = parseChannelEntries(
					rawChannels,
					"--channels",
				);
				setAllowedChannels(channelEntries);
			}
			if (!isNonInteractiveSession) {
				if (rawDev && rawDev.length > 0) {
					devChannels = parseChannelEntries(
						rawDev,
						"--dangerously-load-development-channels",
					);
				}
			}
			// Flag-usage telemetry. Plugin identifiers are logged (same tier as
			// tengu_plugin_installed — public-registry-style names); server-kind
			// names are not (MCP-server-name tier, opt-in-only elsewhere).
			// Per-server gate outcomes land in tengu_mcp_channel_gate once
			// servers connect. Dev entries go through a confirmation dialog after
			// this — dev_plugins captures what was typed, not what was accepted.
			if (
				channelEntries.length > 0 ||
				(devChannels?.length ?? 0) > 0
			) {
				const joinPluginIds = (entries: ChannelEntry[]) => {
					const ids = entries.flatMap((e) =>
						e.kind === "plugin"
							? [`${e.name}@${e.marketplace}`]
							: [],
					);
					return ids.length > 0
						? (ids
								.sort()
								.join(
									",",
								) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS)
						: undefined;
				};
				logEvent("tengu_mcp_channel_flags", {
					channels_count: channelEntries.length,
					dev_count: devChannels?.length ?? 0,
					plugins: joinPluginIds(channelEntries),
					dev_plugins: joinPluginIds(devChannels ?? []),
				});
			}

			// SDK opt-in for SendUserMessage via --tools. All sessions require
			// explicit opt-in; listing it in --tools signals intent. Runs BEFORE
			// initializeToolPermissionContext so getToolsForDefaultPreset() sees
			// the tool as enabled when computing the base-tools disallow filter.
			// Conditional require avoids leaking the tool-name string into
			// external builds.
			if (
				(feature("KAIROS") || feature("KAIROS_BRIEF")) &&
				baseTools.length > 0
			) {
				/* eslint-disable @typescript-eslint/no-require-imports */
				const { BRIEF_TOOL_NAME, LEGACY_BRIEF_TOOL_NAME } =
					require("@claude-code-best/builtin-tools/tools/BriefTool/prompt.js") as typeof import("@claude-code-best/builtin-tools/tools/BriefTool/prompt.js");
				const { isBriefEntitled } =
					require("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js") as typeof import("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js");
				/* eslint-enable @typescript-eslint/no-require-imports */
				const parsed = parseToolListFromCLI(baseTools);
				if (
					(parsed.includes(BRIEF_TOOL_NAME) ||
						parsed.includes(LEGACY_BRIEF_TOOL_NAME)) &&
					isBriefEntitled()
				) {
					setUserMsgOptIn(true);
				}
			}

			// This await replaces blocking existsSync/statSync calls that were already in
			// the startup path. Wall-clock time is unchanged; we just yield to the event
			// loop during the fs I/O instead of blocking it. See #19661.
			const initResult = await initializeToolPermissionContext({
				allowedToolsCli: allowedTools,
				disallowedToolsCli: disallowedTools,
				baseToolsCli: baseTools,
				permissionMode,
				allowDangerouslySkipPermissions,
				addDirs: addDir,
			});
			let toolPermissionContext = initResult.toolPermissionContext;
			const {
				warnings,
				dangerousPermissions,
				overlyBroadBashPermissions,
			} = initResult;

			// Handle overly broad shell allow rules for ant users (Bash(*), PowerShell(*))
			if (
				process.env.USER_TYPE === "ant" &&
				overlyBroadBashPermissions.length > 0
			) {
				for (const permission of overlyBroadBashPermissions) {
					logForDebugging(
						`Ignoring overly broad shell permission ${permission.ruleDisplay} from ${permission.sourceDisplay}`,
					);
				}
				toolPermissionContext = removeDangerousPermissions(
					toolPermissionContext,
					overlyBroadBashPermissions,
				);
			}

			if (
				feature("TRANSCRIPT_CLASSIFIER") &&
				dangerousPermissions.length > 0
			) {
				toolPermissionContext = stripDangerousPermissionsForAutoMode(
					toolPermissionContext,
				);
			}

			// Print any warnings from initialization
			warnings.forEach((warning) => {
				console.error(warning);
			});


			// claude.ai config fetch: -p mode only (interactive uses useManageMCPConnections
			// two-phase loading). Kicked off here to overlap with setup(); awaited
			// before runHeadless so single-turn -p sees connectors. Skipped under
			// enterprise/strict MCP to preserve policy boundaries.
			const claudeaiConfigPromise: Promise<
				Record<string, ScopedMcpServerConfig>
			> =
				isNonInteractiveSession &&
				!strictMcpConfig &&
				!doesEnterpriseMcpConfigExist() &&
				// --bare / SIMPLE: skip claude.ai proxy servers (datadog, Gmail,
				// Slack, BigQuery, PubMed — 6-14s each to connect). Scripted calls
				// that need MCP pass --mcp-config explicitly.
				!isBareMode()
					? fetchClaudeAIMcpConfigsIfEligible().then((configs) => {
							const { allowed, blocked } =
								filterMcpServersByPolicy(configs);
							if (blocked.length > 0) {
								process.stderr.write(
									`Warning: claude.ai MCP ${plural(blocked.length, "server")} blocked by enterprise policy: ${blocked.join(", ")}\n`,
								);
							}
							return allowed;
						})
					: Promise.resolve({});

			// Kick off MCP config loading early (safe - just reads files, no execution).
			// Both interactive and -p use getClaudeCodeMcpConfigs (local file reads only).
			// The local promise is awaited later (before prefetchAllMcpResources) to
			// overlap config I/O with setup(), commands loading, and trust dialog.
			logForDebugging("[STARTUP] Loading MCP configs...");
			const mcpConfigStart = Date.now();
			let mcpConfigResolvedMs: number | undefined;
			// --bare skips auto-discovered MCP (.mcp.json, user settings, plugins) —
			// only explicit --mcp-config works. dynamicMcpConfig is spread onto
			// allMcpConfigs downstream so it survives this skip.
			const mcpConfigPromise = (
				strictMcpConfig || isBareMode()
					? Promise.resolve({
							servers: {} as Record<
								string,
								ScopedMcpServerConfig
							>,
						})
					: getClaudeCodeMcpConfigs(dynamicMcpConfig)
			).then((result) => {
				mcpConfigResolvedMs = Date.now() - mcpConfigStart;
				return result;
			});

			// NOTE: We do NOT call prefetchAllMcpResources here - that's deferred until after trust dialog

			if (
				inputFormat &&
				inputFormat !== "text" &&
				inputFormat !== "stream-json"
			) {
				console.error(`Error: Invalid input format "${inputFormat}".`);
				process.exit(1);
			}
			if (
				inputFormat === "stream-json" &&
				outputFormat !== "stream-json"
			) {
				console.error(
					`Error: --input-format=stream-json requires output-format=stream-json.`,
				);
				process.exit(1);
			}

			// Validate sdkUrl is only used with appropriate formats (formats are auto-set above)
			if (sdkUrl) {
				if (
					inputFormat !== "stream-json" ||
					outputFormat !== "stream-json"
				) {
					console.error(
						`Error: --sdk-url requires both --input-format=stream-json and --output-format=stream-json.`,
					);
					process.exit(1);
				}
			}

			// Validate replayUserMessages is only used with stream-json formats
			if (options.replayUserMessages) {
				if (
					inputFormat !== "stream-json" ||
					outputFormat !== "stream-json"
				) {
					console.error(
						`Error: --replay-user-messages requires both --input-format=stream-json and --output-format=stream-json.`,
					);
					process.exit(1);
				}
			}

			// Validate includePartialMessages is only used with print mode and stream-json output
			if (effectiveIncludePartialMessages) {
				if (
					!isNonInteractiveSession ||
					outputFormat !== "stream-json"
				) {
					writeToStderr(
						`Error: --include-partial-messages requires --print and --output-format=stream-json.`,
					);
					process.exit(1);
				}
			}

			// Validate --no-session-persistence is only used with print mode
			if (
				options.sessionPersistence === false &&
				!isNonInteractiveSession
			) {
				writeToStderr(
					`Error: --no-session-persistence can only be used with --print mode.`,
				);
				process.exit(1);
			}

			const effectivePrompt = prompt || "";
			let inputPrompt = await getInputPrompt(
				effectivePrompt,
				(inputFormat ?? "text") as "text" | "stream-json",
			);
			profileCheckpoint("action_after_input_prompt");

			// Activate proactive mode BEFORE getTools() so SleepTool.isEnabled()
			// (which returns isProactiveActive()) passes and Sleep is included.
			// The later REPL-path maybeActivateProactive() calls are idempotent.
			maybeActivateProactive(options);

			let tools = getTools(toolPermissionContext);

			// Apply coordinator mode tool filtering for headless path
			// (mirrors useMergedTools.ts filtering for REPL/interactive path)
			if (
				feature("COORDINATOR_MODE") &&
				isEnvTruthy(process.env.CLAUDE_CODE_COORDINATOR_MODE)
			) {
				const { applyCoordinatorToolFilter } =
					await import("./utils/toolPool.js");
				tools = applyCoordinatorToolFilter(tools);
			}

			profileCheckpoint("action_tools_loaded");

			let jsonSchema: ToolInputJSONSchema | undefined;
			if (
				isSyntheticOutputToolEnabled({ isNonInteractiveSession }) &&
				options.jsonSchema
			) {
				jsonSchema = jsonParse(
					options.jsonSchema,
				) as ToolInputJSONSchema;
			}

			if (jsonSchema) {
				const syntheticOutputResult =
					createSyntheticOutputTool(jsonSchema);
				if ("tool" in syntheticOutputResult) {
					// Add SyntheticOutputTool to the tools array AFTER getTools() filtering.
					// This tool is excluded from normal filtering (see tools.ts) because it's
					// an implementation detail for structured output, not a user-controlled tool.
					tools = [...tools, syntheticOutputResult.tool];

					logEvent("tengu_structured_output_enabled", {
						schema_property_count: Object.keys(
							(jsonSchema.properties as Record<
								string,
								unknown
							>) || {},
						)
							.length as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
						has_required_fields: Boolean(
							jsonSchema.required,
						) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});
				} else {
					logEvent("tengu_structured_output_failure", {
						error: "Invalid JSON schema" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});
				}
			}

			// IMPORTANT: setup() must be called before any other code that depends on the cwd or worktree setup
			profileCheckpoint("action_before_setup");
			logForDebugging("[STARTUP] Running setup()...");
			const setupStart = Date.now();
			const { setup } = await import("./setup.js");
			const messagingSocketPath = feature("UDS_INBOX")
				? (options as { messagingSocketPath?: string })
						.messagingSocketPath
				: undefined;
			// Parallelize setup() with commands+agents loading. setup()'s ~28ms is
			// mostly startUdsMessaging (socket bind, ~20ms) — not disk-bound, so it
			// doesn't contend with getCommands' file reads. Gated on !worktreeEnabled
			// since --worktree makes setup() process.chdir() (setup.ts:203), and
			// commands/agents need the post-chdir cwd.
			const preSetupCwd = getCwd();
			// Register bundled skills/plugins before kicking getCommands() — they're
			// pure in-memory array pushes (<1ms, zero I/O) that getBundledSkills()
			// reads synchronously. Previously ran inside setup() after ~20ms of
			// await points, so the parallel getCommands() memoized an empty list.
			if (process.env.CLAUDE_CODE_ENTRYPOINT !== "local-agent") {
				initBuiltinPlugins();
				initBundledSkills();
			}
			const setupPromise = setup(
				preSetupCwd,
				permissionMode,
				allowDangerouslySkipPermissions,
				worktreeEnabled,
				worktreeName,
				tmuxEnabled,
				sessionId ? validateUuid(sessionId) : undefined,
				worktreePRNumber,
				messagingSocketPath,
			);
			const commandsPromise = worktreeEnabled
				? null
				: getCommands(preSetupCwd);
			const agentDefsPromise = worktreeEnabled
				? null
				: getAgentDefinitionsWithOverrides(preSetupCwd);
			// Suppress transient unhandledRejection if these reject during the
			// ~28ms setupPromise await before Promise.all joins them below.
			commandsPromise?.catch(() => {});
			agentDefsPromise?.catch(() => {});
			await setupPromise;
			logForDebugging(
				`[STARTUP] setup() completed in ${Date.now() - setupStart}ms`,
			);
			profileCheckpoint("action_after_setup");

			// Replay user messages into stream-json only when the socket was
			// explicitly requested. The auto-generated socket is passive — it
			// lets tools inject if they want to, but turning it on by default
			// shouldn't reshape stream-json for SDK consumers who never touch it.
			// Callers who inject and also want those injections visible in the
			// stream pass --messaging-socket-path explicitly (or --replay-user-messages).
			let effectiveReplayUserMessages = !!options.replayUserMessages;
			if (feature("UDS_INBOX")) {
				if (
					!effectiveReplayUserMessages &&
					outputFormat === "stream-json"
				) {
					effectiveReplayUserMessages = !!(
						options as { messagingSocketPath?: string }
					).messagingSocketPath;
				}
			}

			if (getIsNonInteractiveSession()) {
				// Apply full merged settings env now (including project-scoped
				// .claude/settings.json PATH/GIT_DIR/GIT_WORK_TREE) so gitExe() and
				// the git spawn below see it. Trust is implicit in -p mode; the
				// docstring at managedEnv.ts:96-97 says this applies "potentially
				// dangerous environment variables such as LD_PRELOAD, PATH" from all
				// sources. The later call in the isNonInteractiveSession block below
				// is idempotent (Object.assign, configureGlobalAgents ejects prior
				// interceptor) and picks up any plugin-contributed env after plugin
				// init. Project settings are already loaded here:
				// applySafeConfigEnvironmentVariables in init() called
				// getSettings_DEPRECATED at managedEnv.ts:86 which merges all enabled
				// sources including projectSettings/localSettings.
				applyConfigEnvironmentVariables();

				// Spawn git status/log/branch now so the subprocess execution overlaps
				// with the getCommands await below and startDeferredPrefetches. After
				// setup() so cwd is final (setup.ts:254 may process.chdir(worktreePath)
				// for --worktree) and after the applyConfigEnvironmentVariables above
				// so PATH/GIT_DIR/GIT_WORK_TREE from all sources (trusted + project)
				// are applied. getSystemContext is memoized; the
				// prefetchSystemContextIfSafe call in startDeferredPrefetches becomes
				// a cache hit. The microtask from await getIsGit() drains at the
				// getCommands Promise.all await below. Trust is implicit in -p mode
				// (same gate as prefetchSystemContextIfSafe).
				void getSystemContext();
				// Kick getUserContext now too — its first await (fs.readFile in
				// getMemoryFiles) yields naturally, so the CLAUDE.md directory walk
				// runs during the ~280ms overlap window before the context
				// Promise.all join in print.ts. The void getUserContext() in
				// startDeferredPrefetches becomes a memoize cache-hit.
				void getUserContext();
				// Kick ensureModelStringsInitialized now — for Bedrock this triggers
				// a 100-200ms profile fetch that was awaited serially at
				// print.ts:739. updateBedrockModelStrings is sequential()-wrapped so
				// the await joins the in-flight fetch. Non-Bedrock is a sync
				// early-return (zero-cost).
				void ensureModelStringsInitialized();
			}

			// Apply --name: cache-only so no orphan file is created before the
			// session ID is finalized by --continue/--resume. materializeSessionFile
			// persists it on the first user message; REPL's useTerminalTitle reads it
			// via getCurrentSessionTitle.
			const sessionNameArg = options.name?.trim();
			if (sessionNameArg) {
				cacheSessionTitle(sessionNameArg);
			}

			// Ant model aliases (capybara-fast etc.) resolve via the
			// tengu_ant_model_override GrowthBook flag. _CACHED_MAY_BE_STALE reads
			// disk synchronously; disk is populated by a fire-and-forget write. On a
			// cold cache, parseUserSpecifiedModel returns the unresolved alias, the
			// API 404s, and -p exits before the async write lands — crashloop on
			// fresh pods. Awaiting init here populates the in-memory payload map that
			// _CACHED_MAY_BE_STALE now checks first. Gated so the warm path stays
			// non-blocking:
			//  - explicit model via --model or ANTHROPIC_MODEL (both feed alias resolution)
			//  - no env override (which short-circuits _CACHED_MAY_BE_STALE before disk)
			//  - flag absent from disk (== null also catches pre-#22279 poisoned null)
			const explicitModel = options.model || process.env.ANTHROPIC_MODEL;
			if (
				process.env.USER_TYPE === "ant" &&
				explicitModel &&
				explicitModel !== "default" &&
				!hasGrowthBookEnvOverride("tengu_ant_model_override") &&
				getGlobalConfig().cachedGrowthBookFeatures?.[
					"tengu_ant_model_override"
				] == null
			) {
				await initializeGrowthBook();
			}

			// Special case the default model with the null keyword
			// NOTE: Model resolution happens after setup() to ensure trust is established before AWS auth
			const userSpecifiedModel =
				options.model === "default"
					? getDefaultMainLoopModel()
					: options.model;
			const userSpecifiedFallbackModel =
				fallbackModel === "default"
					? getDefaultMainLoopModel()
					: fallbackModel;

			// Reuse preSetupCwd unless setup() chdir'd (worktreeEnabled). Saves a
			// getCwd() syscall in the common path.
			const currentCwd = worktreeEnabled ? getCwd() : preSetupCwd;
			logForDebugging("[STARTUP] Loading commands and agents...");
			const commandsStart = Date.now();
			// Join the promises kicked before setup() (or start fresh if
			// worktreeEnabled gated the early kick). Both memoized by cwd.
			const [commands, agentDefinitionsResult] = await Promise.all([
				commandsPromise ?? getCommands(currentCwd),
				agentDefsPromise ??
					getAgentDefinitionsWithOverrides(currentCwd),
			]);
			logForDebugging(
				`[STARTUP] Commands and agents loaded in ${Date.now() - commandsStart}ms`,
			);
			profileCheckpoint("action_commands_loaded");

			// Parse CLI agents if provided via --agents flag
			let cliAgents: typeof agentDefinitionsResult.activeAgents = [];
			if (agentsJson) {
				try {
					const parsedAgents = safeParseJSON(agentsJson);
					if (parsedAgents) {
						cliAgents = parseAgentsFromJson(
							parsedAgents,
							"flagSettings",
						);
					}
				} catch (error) {
					logError(error);
				}
			}

			// Merge CLI agents with existing ones
			const allAgents = [
				...agentDefinitionsResult.allAgents,
				...cliAgents,
			];
			const agentDefinitions = {
				...agentDefinitionsResult,
				allAgents,
				activeAgents: getActiveAgentsFromList(allAgents),
			};

			// Look up main thread agent from CLI flag or settings
			const agentSetting = agentCli ?? getInitialSettings().agent;
			let mainThreadAgentDefinition:
				| (typeof agentDefinitions.activeAgents)[number]
				| undefined;
			if (agentSetting) {
				mainThreadAgentDefinition = agentDefinitions.activeAgents.find(
					(agent) => agent.agentType === agentSetting,
				);
				if (!mainThreadAgentDefinition) {
					logForDebugging(
						`Warning: agent "${agentSetting}" not found. ` +
							`Available agents: ${agentDefinitions.activeAgents.map((a) => a.agentType).join(", ")}. ` +
							`Using default behavior.`,
					);
				}
			}

			// Store the main thread agent type in bootstrap state so hooks can access it
			setMainThreadAgentType(mainThreadAgentDefinition?.agentType);

			// Log agent flag usage — only log agent name for built-in agents to avoid leaking custom agent names
			if (mainThreadAgentDefinition) {
				logEvent("tengu_agent_flag", {
					agentType: isBuiltInAgent(mainThreadAgentDefinition)
						? (mainThreadAgentDefinition.agentType as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS)
						: ("custom" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS),
					...(agentCli && {
						source: "cli" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					}),
				});
			}

			// Persist agent setting to session transcript for resume view display and restoration
			if (mainThreadAgentDefinition?.agentType) {
				saveAgentSetting(mainThreadAgentDefinition.agentType);
			}

			// Apply the agent's system prompt for non-interactive sessions
			// (interactive mode uses buildEffectiveSystemPrompt instead)
			if (
				isNonInteractiveSession &&
				mainThreadAgentDefinition &&
				!systemPrompt &&
				!isBuiltInAgent(mainThreadAgentDefinition)
			) {
				const agentSystemPrompt =
					mainThreadAgentDefinition.getSystemPrompt();
				if (agentSystemPrompt) {
					systemPrompt = agentSystemPrompt;
				}
			}

			// initialPrompt goes first so its slash command (if any) is processed;
			// user-provided text becomes trailing context.
			// Only concatenate when inputPrompt is a string. When it's an
			// AsyncIterable (SDK stream-json mode), template interpolation would
			// call .toString() producing "[object Object]". The AsyncIterable case
			// is handled in print.ts via structuredIO.prependUserMessage().
			if (mainThreadAgentDefinition?.initialPrompt) {
				if (typeof inputPrompt === "string") {
					inputPrompt = inputPrompt
						? `${mainThreadAgentDefinition.initialPrompt}\n\n${inputPrompt}`
						: mainThreadAgentDefinition.initialPrompt;
				} else if (!inputPrompt) {
					inputPrompt = mainThreadAgentDefinition.initialPrompt;
				}
			}

			// Compute effective model early so hooks can run in parallel with MCP
			// If user didn't specify a model but agent has one, use the agent's model
			let effectiveModel = userSpecifiedModel;
			if (
				!effectiveModel &&
				mainThreadAgentDefinition?.model &&
				mainThreadAgentDefinition.model !== "inherit"
			) {
				effectiveModel = parseUserSpecifiedModel(
					mainThreadAgentDefinition.model,
				);
			}

			setMainLoopModelOverride(effectiveModel);

			// Compute resolved model for hooks (use user-specified model at launch)
			setInitialMainLoopModel(getUserSpecifiedModelSetting() || null);
			const initialMainLoopModel = getInitialMainLoopModel();
			const resolvedInitialModel = parseUserSpecifiedModel(
				initialMainLoopModel ?? getDefaultMainLoopModel(),
			);

			let advisorModel: string | undefined;
			if (isAdvisorEnabled()) {
				const advisorOption = canUserConfigureAdvisor()
					? (options as { advisor?: string }).advisor
					: undefined;
				if (advisorOption) {
					logForDebugging(`[AdvisorTool] --advisor ${advisorOption}`);
					if (!modelSupportsAdvisor(resolvedInitialModel)) {
						process.stderr.write(
							chalk.red(
								`Error: The model "${resolvedInitialModel}" does not support the advisor tool.\n`,
							),
						);
						process.exit(1);
					}
					const normalizedAdvisorModel = normalizeModelStringForAPI(
						parseUserSpecifiedModel(advisorOption),
					);
					if (!isValidAdvisorModel(normalizedAdvisorModel)) {
						process.stderr.write(
							chalk.red(
								`Error: The model "${advisorOption}" cannot be used as an advisor.\n`,
							),
						);
						process.exit(1);
					}
				}
				advisorModel = canUserConfigureAdvisor()
					? (advisorOption ?? getInitialAdvisorSetting())
					: advisorOption;
				if (advisorModel) {
					logForDebugging(
						`[AdvisorTool] Advisor model: ${advisorModel}`,
					);
				}
			}

			// For tmux teammates with --agent-type, append the custom agent's prompt
			if (
				isAgentSwarmsEnabled() &&
				storedTeammateOpts?.agentId &&
				storedTeammateOpts?.agentName &&
				storedTeammateOpts?.teamName &&
				storedTeammateOpts?.agentType
			) {
				// Look up the custom agent definition
				const customAgent = agentDefinitions.activeAgents.find(
					(a) => a.agentType === storedTeammateOpts.agentType,
				);
				if (customAgent) {
					// Get the prompt - need to handle both built-in and custom agents
					let customPrompt: string | undefined;
					if (customAgent.source === "built-in") {
						// Built-in agents have getSystemPrompt that takes toolUseContext
						// We can't access full toolUseContext here, so skip for now
						logForDebugging(
							`[teammate] Built-in agent ${storedTeammateOpts.agentType} - skipping custom prompt (not supported)`,
						);
					} else {
						// Custom agents have getSystemPrompt that takes no args
						customPrompt = customAgent.getSystemPrompt();
					}

					// Log agent memory loaded event for tmux teammates
					if (customAgent.memory) {
						logEvent("tengu_agent_memory_loaded", {
							...(process.env.USER_TYPE === "ant" && {
								agent_type:
									customAgent.agentType as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
							}),
							scope: customAgent.memory as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
							source: "teammate" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
						});
					}

					if (customPrompt) {
						const customInstructions = `\n# Custom Agent Instructions\n${customPrompt}`;
						appendSystemPrompt = appendSystemPrompt
							? `${appendSystemPrompt}\n\n${customInstructions}`
							: customInstructions;
					}
				} else {
					logForDebugging(
						`[teammate] Custom agent ${storedTeammateOpts.agentType} not found in available agents`,
					);
				}
			}

			maybeActivateBrief(options);
			// defaultView: 'chat' is a persisted opt-in — check entitlement and set
			// userMsgOptIn so the tool + prompt section activate. Interactive-only:
			// defaultView is a display preference; SDK sessions have no display, and
			// the assistant installer writes defaultView:'chat' to settings.local.json
			// which would otherwise leak into --print sessions in the same directory.
			// Runs right after maybeActivateBrief() so all startup opt-in paths fire
			// BEFORE any isBriefEnabled() read below (proactive prompt's
			// briefVisibility). A persisted 'chat' after a GB kill-switch falls
			// through (entitlement fails).
			if (
				(feature("KAIROS") || feature("KAIROS_BRIEF")) &&
				!getIsNonInteractiveSession() &&
				!getUserMsgOptIn() &&
				getInitialSettings().defaultView === "chat"
			) {
				/* eslint-disable @typescript-eslint/no-require-imports */
				const { isBriefEntitled } =
					require("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js") as typeof import("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js");
				/* eslint-enable @typescript-eslint/no-require-imports */
				if (isBriefEntitled()) {
					setUserMsgOptIn(true);
				}
			}
			// Coordinator mode has its own system prompt and filters out Sleep, so
			// the generic proactive prompt would tell it to call a tool it can't
			// access and conflict with delegation instructions.
			if (
				(feature("PROACTIVE") || feature("KAIROS")) &&
				((options as { proactive?: boolean }).proactive ||
					isEnvTruthy(process.env.CLAUDE_CODE_PROACTIVE)) &&
				!coordinatorModeModule?.isCoordinatorMode()
			) {
				/* eslint-disable @typescript-eslint/no-require-imports */
				const briefVisibility =
					feature("KAIROS") || feature("KAIROS_BRIEF")
						? (
								require("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js") as typeof import("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js")
							).isBriefEnabled()
							? "Call SendUserMessage at checkpoints to mark where things stand."
							: "The user will see any text you output."
						: "The user will see any text you output.";
				/* eslint-enable @typescript-eslint/no-require-imports */
				const proactivePrompt = `\n# Proactive Mode\n\nYou are in proactive mode. Take initiative — explore, act, and make progress without waiting for instructions.\n\nStart by briefly greeting the user.\n\nYou will receive periodic <tick> prompts. These are check-ins. Do whatever seems most useful, or call Sleep if there's nothing to do. ${briefVisibility}`;
				appendSystemPrompt = appendSystemPrompt
					? `${appendSystemPrompt}\n\n${proactivePrompt}`
					: proactivePrompt;
			}

			if (feature("KAIROS") && kairosEnabled && assistantModule) {
				const assistantAddendum =
					assistantModule.getAssistantSystemPromptAddendum();
				appendSystemPrompt = appendSystemPrompt
					? `${appendSystemPrompt}\n\n${assistantAddendum}`
					: assistantAddendum;
			}

			// Ink root is only needed for interactive sessions — patchConsole in the
			// Ink constructor would swallow console output in headless mode.
			let root!: Root;
			let getFpsMetrics!: () => FpsMetrics | undefined;
			let stats!: StatsStore;

			// Show setup screens after commands are loaded
			if (!isNonInteractiveSession) {
				const ctx = getRenderContext(false);
				getFpsMetrics = ctx.getFpsMetrics;
				stats = ctx.stats;
				// Install asciicast recorder before Ink mounts (ant-only, opt-in via CLAUDE_CODE_TERMINAL_RECORDING=1)
				if (process.env.USER_TYPE === "ant") {
					installAsciicastRecorder();
				}

				const { createRoot } = await import('@anthropic/ink')
				root = await createRoot(ctx.renderOptions)

				// Log startup time now, before any blocking dialog renders. Logging
				// from REPL's first render (the old location) included however long
				// the user sat on trust/OAuth/onboarding/resume-picker — p99 was ~70s
				// dominated by dialog-wait time, not code-path startup.
				logEvent("tengu_timer", {
					event: "startup" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					durationMs: Math.round(process.uptime() * 1000),
				});

				logForDebugging("[STARTUP] Running showSetupScreens()...");
				const setupScreensStart = Date.now();
				const onboardingShown = await showSetupScreens(
					root,
					permissionMode,
					allowDangerouslySkipPermissions,
					commands,
					enableClaudeInChrome,
					devChannels,
				);
				logForDebugging(
					`[STARTUP] showSetupScreens() completed in ${Date.now() - setupScreensStart}ms`,
				);

				// Now that trust is established and GrowthBook has auth headers,
				// resolve the --remote-control / --rc entitlement gate.
				if (
					feature("BRIDGE_MODE") &&
					remoteControlOption !== undefined
				) {
					const { getBridgeDisabledReason } =
						await import("./bridge/bridgeEnabled.js");
					const disabledReason = await getBridgeDisabledReason();
					remoteControl = disabledReason === null;
					if (disabledReason) {
						process.stderr.write(
							chalk.yellow(
								`${disabledReason}\n--rc flag ignored.\n`,
							),
						);
					}
				}

				// Check for pending agent memory snapshot updates (only for --agent mode, ant-only)
				if (
					feature("AGENT_MEMORY_SNAPSHOT") &&
					mainThreadAgentDefinition &&
					isCustomAgent(mainThreadAgentDefinition) &&
					mainThreadAgentDefinition.memory &&
					mainThreadAgentDefinition.pendingSnapshotUpdate
				) {
					const agentDef = mainThreadAgentDefinition;
					const choice = await launchSnapshotUpdateDialog(root, {
						agentType: agentDef.agentType,
						scope: agentDef.memory!,
						snapshotTimestamp:
							agentDef.pendingSnapshotUpdate!.snapshotTimestamp,
					});
					if (choice === "merge") {
						const { buildMergePrompt } =
							await import("./components/agents/SnapshotUpdateDialog.js");
						const mergePrompt = buildMergePrompt(
							agentDef.agentType,
							agentDef.memory!,
						);
						inputPrompt = inputPrompt
							? `${mergePrompt}\n\n${inputPrompt}`
							: mergePrompt;
					}
					agentDef.pendingSnapshotUpdate = undefined;
				}

				// Skip executing /login if we just completed onboarding for it
				if (
					onboardingShown &&
					prompt?.trim().toLowerCase() === "/login"
				) {
					prompt = "";
				}

				if (onboardingShown) {
					// Refresh auth-dependent services now that the user has logged in during onboarding.
					// Keep in sync with the post-login logic in src/commands/login.tsx
					void refreshRemoteManagedSettings();
					void refreshPolicyLimits();
					// Clear user data cache BEFORE GrowthBook refresh so it picks up fresh credentials
					resetUserCache();
					// Refresh GrowthBook after login to get updated feature flags (e.g., for claude.ai MCPs)
					refreshGrowthBookAfterAuthChange();
					// Clear any stale trusted device token then enroll for Remote Control.
					// Both self-gate on tengu_sessions_elevated_auth_enforcement internally
					// — enrollTrustedDevice() via checkGate_CACHED_OR_BLOCKING (awaits
					// the GrowthBook reinit above), clearTrustedDeviceToken() via the
					// sync cached check (acceptable since clear is idempotent).
					void import("./bridge/trustedDevice.js").then((m) => {
						m.clearTrustedDeviceToken();
						return m.enrollTrustedDevice();
					});
				}

				// Validate that the active token's org matches forceLoginOrgUUID (if set
				// in managed settings). Runs after onboarding so managed settings and
				// login state are fully loaded.
				const orgValidation = await validateForceLoginOrg();
				if (!orgValidation.valid) {
					await exitWithError(root, (orgValidation as { valid: false; message: string }).message);
				}
			}

			// If gracefulShutdown was initiated (e.g., user rejected trust dialog),
			// process.exitCode will be set. Skip all subsequent operations that could
			// trigger code execution before the process exits (e.g. we don't want apiKeyHelper
			// to run if trust was not established).
			if (process.exitCode !== undefined) {
				logForDebugging(
					"Graceful shutdown initiated, skipping further initialization",
				);
				return;
			}

			// Initialize LSP manager AFTER trust is established (or in non-interactive mode
			// where trust is implicit). This prevents plugin LSP servers from executing
			// code in untrusted directories before user consent.
			// Must be after inline plugins are set (if any) so --plugin-dir LSP servers are included.
			initializeLspServerManager();

			// Show settings validation errors after trust is established
			// MCP config errors don't block settings from loading, so exclude them
			if (!isNonInteractiveSession) {
				const { errors } = getSettingsWithErrors();
				const nonMcpErrors = errors.filter((e) => !e.mcpErrorMetadata);
				if (nonMcpErrors.length > 0) {
					await launchInvalidSettingsDialog(root, {
						settingsErrors: nonMcpErrors,
						onExit: () => gracefulShutdownSync(1),
					});
				}
			}

			// Check quota status, fast mode, passes eligibility, and bootstrap data
			// after trust is established. These make API calls which could trigger
			// apiKeyHelper execution.
			// --bare / SIMPLE: skip — these are cache-warms for the REPL's
			// first-turn responsiveness (quota, passes, fastMode, bootstrap data). Fast
			// mode doesn't apply to the Agent SDK anyway (see getFastModeUnavailableReason).
			const bgRefreshThrottleMs = getFeatureValue_CACHED_MAY_BE_STALE(
				"tengu_cicada_nap_ms",
				0,
			);
			const lastPrefetched = getGlobalConfig().startupPrefetchedAt ?? 0;
			const skipStartupPrefetches =
				isBareMode() ||
				(bgRefreshThrottleMs > 0 &&
					Date.now() - lastPrefetched < bgRefreshThrottleMs);

			if (!skipStartupPrefetches) {
				const lastPrefetchedInfo =
					lastPrefetched > 0
						? ` last ran ${Math.round((Date.now() - lastPrefetched) / 1000)}s ago`
						: "";
				logForDebugging(
					`Starting background startup prefetches${lastPrefetchedInfo}`,
				);

				checkQuotaStatus().catch((error) => logError(error));

				// Fetch bootstrap data from the server and update all cache values.
				void fetchBootstrapData();

				// TODO: Consolidate other prefetches into a single bootstrap request.
				void prefetchPassesEligibility();
				if (
					!getFeatureValue_CACHED_MAY_BE_STALE(
						"tengu_miraculo_the_bard",
						false,
					)
				) {
					void prefetchFastModeStatus();
				} else {
					// Kill switch skips the network call, not org-policy enforcement.
					// Resolve from cache so orgStatus doesn't stay 'pending' (which
					// getFastModeUnavailableReason treats as permissive).
					resolveFastModeStatusFromCache();
				}
				if (bgRefreshThrottleMs > 0) {
					saveGlobalConfig((current) => ({
						...current,
						startupPrefetchedAt: Date.now(),
					}));
				}
			} else {
				logForDebugging(
					`Skipping startup prefetches, last ran ${Math.round((Date.now() - lastPrefetched) / 1000)}s ago`,
				);
				// Resolve fast mode org status from cache (no network)
				resolveFastModeStatusFromCache();
			}

			if (!isNonInteractiveSession) {
				void refreshExampleCommands(); // Pre-fetch example commands (runs git log, no API call)
			}

			// Resolve MCP configs (started early, overlaps with setup/trust dialog work)
			const { servers: existingMcpConfigs } = await mcpConfigPromise;
			logForDebugging(
				`[STARTUP] MCP configs resolved in ${mcpConfigResolvedMs}ms (awaited at +${Date.now() - mcpConfigStart}ms)`,
			);
			// CLI flag (--mcp-config) should override file-based configs, matching settings precedence
			const allMcpConfigs = {
				...existingMcpConfigs,
				...dynamicMcpConfig,
			};

			// Separate SDK configs from regular MCP configs
			const sdkMcpConfigs: Record<string, McpSdkServerConfig> = {};
			const regularMcpConfigs: Record<string, ScopedMcpServerConfig> = {};

			for (const [name, config] of Object.entries(allMcpConfigs)) {
				const typedConfig = config as
					| ScopedMcpServerConfig
					| McpSdkServerConfig;
				if (typedConfig.type === "sdk") {
					sdkMcpConfigs[name] = typedConfig as McpSdkServerConfig;
				} else {
					regularMcpConfigs[name] =
						typedConfig as ScopedMcpServerConfig;
				}
			}

			profileCheckpoint("action_mcp_configs_loaded");

			// Prefetch MCP resources after trust dialog (this is where execution happens).
			// Interactive mode only: print mode defers connects until headlessStore exists
			// and pushes per-server (below), so ToolSearch's pending-client handling works
			// and one slow server doesn't block the batch.
			const localMcpPromise = isNonInteractiveSession
				? Promise.resolve({ clients: [], tools: [], commands: [] })
				: prefetchAllMcpResources(regularMcpConfigs);
			const claudeaiMcpPromise = isNonInteractiveSession
				? Promise.resolve({ clients: [], tools: [], commands: [] })
				: claudeaiConfigPromise.then((configs) =>
						Object.keys(configs).length > 0
							? prefetchAllMcpResources(configs)
							: { clients: [], tools: [], commands: [] },
					);
			// Merge with dedup by name: each prefetchAllMcpResources call independently
			// adds helper tools (ListMcpResourcesTool, ReadMcpResourceTool) via
			// local dedup flags, so merging two calls can yield duplicates. print.ts
			// already uniqBy's the final tool pool, but dedup here keeps appState clean.
			const mcpPromise = Promise.all([
				localMcpPromise,
				claudeaiMcpPromise,
			]).then(([local, claudeai]) => ({
				clients: [...local.clients, ...claudeai.clients],
				tools: uniqBy([...local.tools, ...claudeai.tools], "name"),
				commands: uniqBy(
					[...local.commands, ...claudeai.commands],
					"name",
				),
			}));

			// Start hooks early so they run in parallel with MCP connections.
			// Skip for initOnly/init/maintenance (handled separately), non-interactive
			// (handled via setupTrigger), and resume/continue (conversationRecovery.ts
			// fires 'resume' instead — without this guard, hooks fire TWICE on /resume
			// and the second systemMessage clobbers the first. gh-30825)
			const hooksPromise =
				initOnly ||
				init ||
				maintenance ||
				isNonInteractiveSession ||
				options.continue ||
				options.resume
					? null
					: processSessionStartHooks("startup", {
							agentType: mainThreadAgentDefinition?.agentType,
							model: resolvedInitialModel,
						});

			// MCP never blocks REPL render OR turn 1 TTFT. useManageMCPConnections
			// populates appState.mcp async as servers connect (connectToServer is
			// memoized — the prefetch calls above and the hook converge on the same
			// connections). getToolUseContext reads store.getState() fresh via
			// computeTools(), so turn 1 sees whatever's connected by query time.
			// Slow servers populate for turn 2+. Matches interactive-no-prompt
			// behavior. Print mode: per-server push into headlessStore (below).
			const hookMessages: Awaited<NonNullable<typeof hooksPromise>> = [];
			// Suppress transient unhandledRejection — the prefetch warms the
			// memoized connectToServer cache but nobody awaits it in interactive.
			mcpPromise.catch(() => {});

			const mcpClients: Awaited<typeof mcpPromise>["clients"] = [];
			const mcpTools: Awaited<typeof mcpPromise>["tools"] = [];
			const mcpCommands: Awaited<typeof mcpPromise>["commands"] = [];

			let thinkingEnabled = shouldEnableThinkingByDefault();
			let thinkingConfig: ThinkingConfig =
				thinkingEnabled !== false
					? { type: "adaptive" }
					: { type: "disabled" };

			if (
				options.thinking === "adaptive" ||
				options.thinking === "enabled"
			) {
				thinkingEnabled = true;
				thinkingConfig = { type: "adaptive" };
			} else if (options.thinking === "disabled") {
				thinkingEnabled = false;
				thinkingConfig = { type: "disabled" };
			} else {
				const maxThinkingTokens = process.env.MAX_THINKING_TOKENS
					? parseInt(process.env.MAX_THINKING_TOKENS, 10)
					: options.maxThinkingTokens;
				if (maxThinkingTokens !== undefined) {
					if (maxThinkingTokens > 0) {
						thinkingEnabled = true;
						thinkingConfig = {
							type: "enabled",
							budgetTokens: maxThinkingTokens,
						};
					} else if (maxThinkingTokens === 0) {
						thinkingEnabled = false;
						thinkingConfig = { type: "disabled" };
					}
				}
			}

			logForDiagnosticsNoPII("info", "started", {
				version: MACRO.VERSION,
				is_native_binary: isInBundledMode(),
			});

			registerCleanup(async () => {
				logForDiagnosticsNoPII("info", "exited");
			});

			void logTenguInit({
				hasInitialPrompt: Boolean(prompt),
				hasStdin: Boolean(inputPrompt),
				verbose,
				debug,
				debugToStderr,
				print: print ?? false,
				outputFormat: outputFormat ?? "text",
				inputFormat: inputFormat ?? "text",
				numAllowedTools: allowedTools.length,
				numDisallowedTools: disallowedTools.length,
				mcpClientCount: Object.keys(allMcpConfigs).length,
				worktreeEnabled,
				skipWebFetchPreflight:
					getInitialSettings().skipWebFetchPreflight,
				githubActionInputs: process.env.GITHUB_ACTION_INPUTS,
				dangerouslySkipPermissionsPassed:
					dangerouslySkipPermissions ?? false,
				permissionMode,
				modeIsBypass: permissionMode === "bypassPermissions",
				allowDangerouslySkipPermissionsPassed:
					allowDangerouslySkipPermissions,
				systemPromptFlag: systemPrompt
					? options.systemPromptFile
						? "file"
						: "flag"
					: undefined,
				appendSystemPromptFlag: appendSystemPrompt
					? options.appendSystemPromptFile
						? "file"
						: "flag"
					: undefined,
				thinkingConfig,
				assistantActivationPath:
					feature("KAIROS") && kairosEnabled
						? assistantModule?.getAssistantActivationPath()
						: undefined,
			});

			// Log context metrics once at initialization
			void logContextMetrics(regularMcpConfigs, toolPermissionContext);

			void logPermissionContextForAnts(null, "initialization");

			logManagedSettings();

			// Register PID file for concurrent-session detection (~/.claude/sessions/)
			// and fire multi-clauding telemetry. Lives here (not init.ts) so only the
			// REPL path registers — not subcommands like `claude doctor`. Chained:
			// count must run after register's write completes or it misses our own file.
			void registerSession().then((registered) => {
				if (!registered) return;
				if (sessionNameArg) {
					void updateSessionName(sessionNameArg);
				}
				void countConcurrentSessions().then((count) => {
					if (count >= 2) {
						logEvent("tengu_concurrent_sessions", {
							num_sessions: count,
						});
					}
				});
			});

			// Initialize versioned plugins system (triggers V1→V2 migration if
			// needed). Then run orphan GC, THEN warm the Grep/Glob exclusion cache.
			// Sequencing matters: the warmup scans disk for .orphaned_at markers,
			// so it must see the GC's Pass 1 (remove markers from reinstalled
			// versions) and Pass 2 (stamp unmarked orphans) already applied. The
			// warm also lands before autoupdate (fires on first submit in REPL)
			// can orphan this session's active version underneath us.
			// --bare / SIMPLE: skip plugin version sync + orphan cleanup. These
			// are install/upgrade bookkeeping that scripted calls don't need —
			// the next interactive session will reconcile. The await here was
			// blocking -p on a marketplace round-trip.
			if (isBareMode()) {
				// skip — no-op
			} else if (isNonInteractiveSession) {
				// In headless mode, await to ensure plugin sync completes before CLI exits
				await initializeVersionedPlugins();
				profileCheckpoint("action_after_plugins_init");
				void cleanupOrphanedPluginVersionsInBackground().then(() =>
					getGlobExclusionsForPluginCache(),
				);
			} else {
				// In interactive mode, fire-and-forget — this is purely bookkeeping
				// that doesn't affect runtime behavior of the current session
				void initializeVersionedPlugins().then(async () => {
					profileCheckpoint("action_after_plugins_init");
					await cleanupOrphanedPluginVersionsInBackground();
					void getGlobExclusionsForPluginCache();
				});
			}

			const setupTrigger =
				initOnly || init ? "init" : maintenance ? "maintenance" : null;
			if (initOnly) {
				applyConfigEnvironmentVariables();
				await processSetupHooks("init", { forceSyncExecution: true });
				await processSessionStartHooks("startup", {
					forceSyncExecution: true,
				});
				gracefulShutdownSync(0);
				return;
			}

			// --print mode
			if (isNonInteractiveSession) {
				if (outputFormat === "stream-json" || outputFormat === "json") {
					setHasFormattedOutput(true);
				}

				// Apply full environment variables in print mode since trust dialog is bypassed
				// This includes potentially dangerous environment variables from untrusted sources
				// but print mode is considered trusted (as documented in help text)
				applyConfigEnvironmentVariables();

				// Initialize telemetry after env vars are applied so OTEL endpoint env vars and
				// otelHeadersHelper (which requires trust to execute) are available.
				initializeTelemetryAfterTrust();

				// Kick SessionStart hooks now so the subprocess spawn overlaps with
				// MCP connect + plugin init + print.ts import below. loadInitialMessages
				// joins this at print.ts:4397. Guarded same as loadInitialMessages —
				// continue/resume/teleport paths don't fire startup hooks (or fire them
				// conditionally inside the resume branch, where this promise is
				// undefined and the ?? fallback runs). Also skip when setupTrigger is
				// set — those paths run setup hooks first (print.ts:544), and session
				// start hooks must wait until setup completes.
				const sessionStartHooksPromise =
					options.continue ||
					options.resume ||
					teleport ||
					setupTrigger
						? undefined
						: processSessionStartHooks("startup");
				// Suppress transient unhandledRejection if this rejects before
				// loadInitialMessages awaits it. Downstream await still observes the
				// rejection — this just prevents the spurious global handler fire.
				sessionStartHooksPromise?.catch(() => {});

				profileCheckpoint("before_validateForceLoginOrg");
				// Validate org restriction for non-interactive sessions
				const orgValidation = await validateForceLoginOrg();
				if (!orgValidation.valid) {
					process.stderr.write((orgValidation as { valid: false; message: string }).message + "\n");
					process.exit(1);
				}

				// Headless mode supports all prompt commands and some local commands
				// If disableSlashCommands is true, return empty array
				const commandsHeadless = disableSlashCommands
					? []
					: commands.filter(
							(command) =>
								(command.type === "prompt" &&
									!command.disableNonInteractive) ||
								(command.type === "local" &&
									command.supportsNonInteractive),
						);

				const defaultState = getDefaultAppState();
				const headlessInitialState: AppState = {
					...defaultState,
					mcp: {
						...defaultState.mcp,
						clients: mcpClients,
						commands: mcpCommands,
						tools: mcpTools,
					},
					toolPermissionContext,
					effortValue:
						parseEffortValue(options.effort) ??
						getInitialEffortSetting(),
					...(isFastModeEnabled() && {
						fastMode: getInitialFastModeSetting(
							effectiveModel ?? null,
						),
					}),
					...(isAdvisorEnabled() && advisorModel && { advisorModel }),
					// kairosEnabled gates the async fire-and-forget path in
					// executeForkedSlashCommand (processSlashCommand.tsx:132) and
					// AgentTool's shouldRunAsync. The REPL initialState sets this at
					// ~3459; headless was defaulting to false, so the daemon child's
					// scheduled tasks and Agent-tool calls ran synchronously — N
					// overdue cron tasks on spawn = N serial subagent turns blocking
					// user input. Computed at :1620, well before this branch.
					...(feature("KAIROS") ? { kairosEnabled } : {}),
				};

				// Init app state
				const headlessStore = createStore(
					headlessInitialState,
					onChangeAppState,
				);

				// Async check of auto mode gate — corrects state and disables auto if needed.
				if (feature("TRANSCRIPT_CLASSIFIER")) {
					void verifyAutoModeGateAccess(
						toolPermissionContext,
						headlessStore.getState().fastMode,
					).then(({ updateContext }) => {
						headlessStore.setState((prev) => {
							const nextCtx = updateContext(
								prev.toolPermissionContext,
							);
							if (nextCtx === prev.toolPermissionContext)
								return prev;
							return { ...prev, toolPermissionContext: nextCtx };
						});
					});
				}

				// Set global state for session persistence
				if (options.sessionPersistence === false) {
					setSessionPersistenceDisabled(true);
				}

				// Store SDK betas in global state for context window calculation
				// Only store allowed betas (filters by allowlist and subscriber status)
				setSdkBetas(filterAllowedSdkBetas(betas));

				// Print-mode MCP: per-server incremental push into headlessStore.
				// Mirrors useManageMCPConnections — push pending first (so ToolSearch's
				// pending-check at ToolSearchTool.ts:334 sees them), then replace with
				// connected/failed as each server settles.
				const connectMcpBatch = (
					configs: Record<string, ScopedMcpServerConfig>,
					label: string,
				): Promise<void> => {
					if (Object.keys(configs).length === 0)
						return Promise.resolve();
					headlessStore.setState((prev) => ({
						...prev,
						mcp: {
							...prev.mcp,
							clients: [
								...prev.mcp.clients,
								...Object.entries(configs).map(
									([name, config]) => ({
										name,
										type: "pending" as const,
										config,
									}),
								),
							],
						},
					}));
					return getMcpToolsCommandsAndResources(
						({ client, tools, commands }) => {
							headlessStore.setState((prev) => ({
								...prev,
								mcp: {
									...prev.mcp,
									clients: prev.mcp.clients.some(
										(c) => c.name === client.name,
									)
										? prev.mcp.clients.map((c) =>
												c.name === client.name
													? client
													: c,
											)
										: [...prev.mcp.clients, client],
									tools: uniqBy(
										[...prev.mcp.tools, ...tools],
										"name",
									),
									commands: uniqBy(
										[...prev.mcp.commands, ...commands],
										"name",
									),
								},
							}));
						},
						configs,
					).catch((err) =>
						logForDebugging(`[MCP] ${label} connect error: ${err}`),
					);
				};
				// Await all MCP configs — print mode is often single-turn, so
				// "late-connecting servers visible next turn" doesn't help. SDK init
				// message and turn-1 tool list both need configured MCP tools present.
				// Zero-server case is free via the early return in connectMcpBatch.
				// Connectors parallelize inside getMcpToolsCommandsAndResources
				// (processBatched with Promise.all). claude.ai is awaited too — its
				// fetch was kicked off early (line ~2558) so only residual time blocks
				// here. --bare skips claude.ai entirely for perf-sensitive scripts.
				profileCheckpoint("before_connectMcp");
				await connectMcpBatch(regularMcpConfigs, "regular");
				profileCheckpoint("after_connectMcp");
				// Dedup: suppress plugin MCP servers that duplicate a claude.ai
				// connector (connector wins), then connect claude.ai servers.
				// Bounded wait — #23725 made this blocking so single-turn -p sees
				// connectors, but with 40+ slow connectors tengu_startup_perf p99
				// climbed to 76s. If fetch+connect doesn't finish in time, proceed;
				// the promise keeps running and updates headlessStore in the
				// background so turn 2+ still sees connectors.
				const CLAUDE_AI_MCP_TIMEOUT_MS = 5_000;
				const claudeaiConnect = claudeaiConfigPromise.then(
					(claudeaiConfigs) => {
						if (Object.keys(claudeaiConfigs).length > 0) {
							const claudeaiSigs = new Set<string>();
							for (const config of Object.values(
								claudeaiConfigs,
							)) {
								const sig = getMcpServerSignature(config);
								if (sig) claudeaiSigs.add(sig);
							}
							const suppressed = new Set<string>();
							for (const [name, config] of Object.entries(
								regularMcpConfigs,
							)) {
								if (!name.startsWith("plugin:")) continue;
								const sig = getMcpServerSignature(config);
								if (sig && claudeaiSigs.has(sig))
									suppressed.add(name);
							}
							if (suppressed.size > 0) {
								logForDebugging(
									`[MCP] Lazy dedup: suppressing ${suppressed.size} plugin server(s) that duplicate claude.ai connectors: ${[...suppressed].join(", ")}`,
								);
								// Disconnect before filtering from state. Only connected
								// servers need cleanup — clearServerCache on a never-connected
								// server triggers a real connect just to kill it (memoize
								// cache-miss path, see useManageMCPConnections.ts:870).
								for (const c of headlessStore.getState().mcp
									.clients) {
									if (
										!suppressed.has(c.name) ||
										c.type !== "connected"
									)
										continue;
									c.client.onclose = undefined;
									void clearServerCache(
										c.name,
										c.config,
									).catch(() => {});
								}
								headlessStore.setState((prev) => {
									let {
										clients,
										tools,
										commands,
										resources,
									} = prev.mcp;
									clients = clients.filter(
										(c) => !suppressed.has(c.name),
									);
									tools = tools.filter(
										(t) =>
											!t.mcpInfo ||
											!suppressed.has(
												t.mcpInfo.serverName,
											),
									);
									for (const name of suppressed) {
										commands = excludeCommandsByServer(
											commands,
											name,
										);
										resources = excludeResourcesByServer(
											resources,
											name,
										);
									}
									return {
										...prev,
										mcp: {
											...prev.mcp,
											clients,
											tools,
											commands,
											resources,
										},
									};
								});
							}
						}
						// Suppress claude.ai connectors that duplicate an enabled
						// manual server (URL-signature match). Plugin dedup above only
						// handles `plugin:*` keys; this catches manual `.mcp.json` entries.
						// plugin:* must be excluded here — step 1 already suppressed
						// those (claude.ai wins); leaving them in suppresses the
						// connector too, and neither survives (gh-39974).
						const nonPluginConfigs = pickBy(
							regularMcpConfigs,
							(_, n) => !n.startsWith("plugin:"),
						);
						const { servers: dedupedClaudeAi } =
							dedupClaudeAiMcpServers(
								claudeaiConfigs,
								nonPluginConfigs,
							);
						return connectMcpBatch(dedupedClaudeAi, "claudeai");
					},
				);
				let claudeaiTimer: ReturnType<typeof setTimeout> | undefined;
				const claudeaiTimedOut = await Promise.race([
					claudeaiConnect.then(() => false),
					new Promise<boolean>((resolve) => {
						claudeaiTimer = setTimeout(
							(r) => r(true),
							CLAUDE_AI_MCP_TIMEOUT_MS,
							resolve,
						);
					}),
				]);
				if (claudeaiTimer) clearTimeout(claudeaiTimer);
				if (claudeaiTimedOut) {
					logForDebugging(
						`[MCP] claude.ai connectors not ready after ${CLAUDE_AI_MCP_TIMEOUT_MS}ms — proceeding; background connection continues`,
					);
				}
				profileCheckpoint("after_connectMcp_claudeai");

				// In headless mode, start deferred prefetches immediately (no user typing delay)
				// --bare / SIMPLE: startDeferredPrefetches early-returns internally.
				// backgroundHousekeeping (initExtractMemories, pruneShellSnapshots,
				// cleanupOldMessageFiles) and sdkHeapDumpMonitor are all bookkeeping
				// that scripted calls don't need — the next interactive session reconciles.
				if (!isBareMode()) {
					startDeferredPrefetches();
					void import("./utils/backgroundHousekeeping.js").then((m) =>
						m.startBackgroundHousekeeping(),
					);
					if (process.env.USER_TYPE === "ant") {
						void import("./utils/sdkHeapDumpMonitor.js").then((m) =>
							m.startSdkMemoryMonitor(),
						);
					}
				}

				logSessionTelemetry();
				profileCheckpoint("before_print_import");
				const { runHeadless } = await import("src/cli/print.js");
				profileCheckpoint("after_print_import");
				void runHeadless(
					inputPrompt,
					() => headlessStore.getState(),
					headlessStore.setState,
					commandsHeadless,
					tools,
					sdkMcpConfigs,
					agentDefinitions.activeAgents,
					{
						continue: options.continue,
						resume: options.resume,
						verbose: verbose,
						outputFormat: outputFormat,
						jsonSchema,
						permissionPromptToolName: options.permissionPromptTool,
						allowedTools,
						thinkingConfig,
						maxTurns: options.maxTurns,
						maxBudgetUsd: options.maxBudgetUsd,
						taskBudget: options.taskBudget
							? { total: options.taskBudget }
							: undefined,
						systemPrompt,
						appendSystemPrompt,
						userSpecifiedModel: effectiveModel,
						fallbackModel: userSpecifiedFallbackModel,
						teleport,
						sdkUrl,
						replayUserMessages: effectiveReplayUserMessages,
						includePartialMessages: effectiveIncludePartialMessages,
						forkSession: options.forkSession || false,
						resumeSessionAt: options.resumeSessionAt || undefined,
						rewindFiles: options.rewindFiles,
						enableAuthStatus: options.enableAuthStatus,
						agent: agentCli,
						workload: options.workload,
						setupTrigger: setupTrigger ?? undefined,
						sessionStartHooksPromise,
					},
				);
				return;
			}

			// Log model config at startup
			logEvent("tengu_startup_manual_model_config", {
				cli_flag:
					options.model as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
				env_var: process.env
					.ANTHROPIC_MODEL as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
				settings_file: (getInitialSettings() || {})
					.model as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
				subscriptionType:
					getSubscriptionType() as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
				agent: agentSetting as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			});

			// Get deprecation warning for the initial model (resolvedInitialModel computed earlier for hooks parallelization)
			const deprecationWarning =
				getModelDeprecationWarning(resolvedInitialModel);

			// Build initial notification queue
			const initialNotifications: Array<{
				key: string;
				text: string;
				color?: "warning";
				priority: "high";
			}> = [];
			if (permissionModeNotification) {
				initialNotifications.push({
					key: "permission-mode-notification",
					text: permissionModeNotification,
					priority: "high",
				});
			}
			if (deprecationWarning) {
				initialNotifications.push({
					key: "model-deprecation-warning",
					text: deprecationWarning,
					color: "warning",
					priority: "high",
				});
			}
			if (overlyBroadBashPermissions.length > 0) {
				const displayList = uniq(
					overlyBroadBashPermissions.map((p) => p.ruleDisplay),
				);
				const displays = displayList.join(", ");
				const sources = uniq(
					overlyBroadBashPermissions.map((p) => p.sourceDisplay),
				).join(", ");
				const n = displayList.length;
				initialNotifications.push({
					key: "overly-broad-bash-notification",
					text: `${displays} allow ${plural(n, "rule")} from ${sources} ${plural(n, "was", "were")} ignored \u2014 not available for Ants, please use auto-mode instead`,
					color: "warning",
					priority: "high",
				});
			}

			const teammateUtils = getTeammateUtils();
			const effectiveToolPermissionContext = {
				...toolPermissionContext,
				mode:
					isAgentSwarmsEnabled() &&
					teammateUtils?.isPlanModeRequired?.()
						? ("plan" as const)
						: toolPermissionContext.mode,
			};
			// All startup opt-in paths (--tools, --brief, defaultView) have fired
			// above; initialIsBriefOnly just reads the resulting state.
			const initialIsBriefOnly =
				feature("KAIROS") || feature("KAIROS_BRIEF")
					? getUserMsgOptIn()
					: false;
			const fullRemoteControl =
				remoteControl || getRemoteControlAtStartup() || kairosEnabled;
			let ccrMirrorEnabled = false;
			if (feature("CCR_MIRROR") && !fullRemoteControl) {
				/* eslint-disable @typescript-eslint/no-require-imports */
				const { isCcrMirrorEnabled } =
					require("./bridge/bridgeEnabled.js") as typeof import("./bridge/bridgeEnabled.js");
				/* eslint-enable @typescript-eslint/no-require-imports */
				ccrMirrorEnabled = isCcrMirrorEnabled();
			}

			const initialState: AppState = {
				settings: getInitialSettings(),
				tasks: {},
				agentNameRegistry: new Map(),
				verbose: verbose ?? getGlobalConfig().verbose ?? false,
				mainLoopModel: initialMainLoopModel,
				mainLoopModelForSession: null,
				isBriefOnly: initialIsBriefOnly,
				expandedView: getGlobalConfig().showSpinnerTree
					? "teammates"
					: getGlobalConfig().showExpandedTodos
						? "tasks"
						: "none",
				showTeammateMessagePreview: isAgentSwarmsEnabled()
					? false
					: undefined,
				selectedIPAgentIndex: -1,
				coordinatorTaskIndex: -1,
				viewSelectionMode: "none",
				footerSelection: null,
				toolPermissionContext: effectiveToolPermissionContext,
				agent: mainThreadAgentDefinition?.agentType,
				agentDefinitions,
				mcp: {
					clients: [],
					tools: [],
					commands: [],
					resources: {},
					pluginReconnectKey: 0,
				},
				plugins: {
					enabled: [],
					disabled: [],
					commands: [],
					errors: [],
					installationStatus: {
						marketplaces: [],
						plugins: [],
					},
					needsRefresh: false,
				},
				statusLineText: undefined,
				kairosEnabled,
				remoteSessionUrl: undefined,
				remoteConnectionStatus: "connecting",
				remoteBackgroundTaskCount: 0,
				replBridgeEnabled: fullRemoteControl || ccrMirrorEnabled,
				replBridgeExplicit: remoteControl,
				replBridgeOutboundOnly: ccrMirrorEnabled,
				replBridgeConnected: false,
				replBridgeSessionActive: false,
				replBridgeReconnecting: false,
				replBridgeConnectUrl: undefined,
				replBridgeSessionUrl: undefined,
				replBridgeEnvironmentId: undefined,
				replBridgeSessionId: undefined,
				replBridgeError: undefined,
				replBridgeInitialName: remoteControlName,
				showRemoteCallout: false,
				notifications: {
					current: null,
					queue: initialNotifications,
				},
				elicitation: {
					queue: [],
				},
				todos: {},
				remoteAgentTaskSuggestions: [],
				fileHistory: {
					snapshots: [],
					trackedFiles: new Set(),
					snapshotSequence: 0,
				},
				attribution: createEmptyAttributionState(),
				thinkingEnabled,
				promptSuggestionEnabled: shouldEnablePromptSuggestion(),
				sessionHooks: new Map(),
				inbox: {
					messages: [],
				},
				promptSuggestion: {
					text: null,
					promptId: null,
					shownAt: 0,
					acceptedAt: 0,
					generationRequestId: null,
				},
				speculation: IDLE_SPECULATION_STATE,
				speculationSessionTimeSavedMs: 0,
				skillImprovement: {
					suggestion: null,
				},
				workerSandboxPermissions: {
					queue: [],
					selectedIndex: 0,
				},
				pendingWorkerRequest: null,
				pendingSandboxRequest: null,
				authVersion: 0,
				initialMessage: inputPrompt
					? {
							message: createUserMessage({
								content: String(inputPrompt),
							}),
						}
					: null,
				effortValue:
					parseEffortValue(options.effort) ??
					getInitialEffortSetting(),
				activeOverlays: new Set<string>(),
				fastMode: getInitialFastModeSetting(resolvedInitialModel),
				...(isAdvisorEnabled() && advisorModel && { advisorModel }),
				// Compute teamContext synchronously to avoid useEffect setState during render.
				// KAIROS: assistantTeamContext takes precedence — set earlier in the
				// KAIROS block so Agent(name: "foo") can spawn in-process teammates
				// without TeamCreate. computeInitialTeamContext() is for tmux-spawned
				// teammates reading their own identity, not the assistant-mode leader.
				teamContext: (feature("KAIROS")
					? (assistantTeamContext ?? computeInitialTeamContext())
					: computeInitialTeamContext()) as AppState["teamContext"],
			};

			// Add CLI initial prompt to history
			if (inputPrompt) {
				addToHistory(String(inputPrompt));
			}

			const initialTools = mcpTools;

			// Increment numStartups synchronously — first-render readers like
			// shouldShowEffortCallout (via useState initializer) need the updated
			// value before setImmediate fires. Defer only telemetry.
			saveGlobalConfig((current) => ({
				...current,
				numStartups: (current.numStartups ?? 0) + 1,
			}));
			setImmediate(() => {
				void logStartupTelemetry();
				logSessionTelemetry();
			});

			// Set up per-turn session environment data uploader (ant-only build).
			// Default-enabled for all ant users when working in an Anthropic-owned
			// repo. Captures git/filesystem state (NOT transcripts) at each turn so
			// environments can be recreated at any user message index. Gating:
			//   - Build-time: this import is stubbed in external builds.
			//   - Runtime: uploader checks github.com/anthropics/* remote + gcloud auth.
			//   - Safety: CLAUDE_CODE_DISABLE_SESSION_DATA_UPLOAD=1 bypasses (tests set this).
			// Import is dynamic + async to avoid adding startup latency.
			const sessionUploaderPromise =
				process.env.USER_TYPE === "ant"
					? import("./utils/sessionDataUploader.js")
					: null;

			// Defer session uploader resolution to the onTurnComplete callback to avoid
			// adding a new top-level await in main.tsx (performance-critical path).
			// The per-turn auth logic in sessionDataUploader.ts handles unauthenticated
			// state gracefully (re-checks each turn, so auth recovery mid-session works).
			const uploaderReady = sessionUploaderPromise
				? sessionUploaderPromise
						.then((mod) => mod.createSessionTurnUploader())
						.catch(() => null)
				: null;

			const sessionConfig = {
				debug: debug || debugToStderr,
				commands: [...commands, ...mcpCommands],
				initialTools,
				mcpClients,
				autoConnectIdeFlag: ide,
				mainThreadAgentDefinition,
				disableSlashCommands,
				dynamicMcpConfig,
				strictMcpConfig,
				systemPrompt,
				appendSystemPrompt,
				taskListId,
				thinkingConfig,
				...(uploaderReady && {
					onTurnComplete: (messages: MessageType[]) => {
						void uploaderReady.then((uploader) =>
							(uploader as ((msgs: MessageType[]) => void) | null)?.(messages),
						);
					},
				}),
			};

			// Shared context for processResumedConversation calls
			const resumeContext = {
				modeApi: coordinatorModeModule,
				mainThreadAgentDefinition,
				agentDefinitions,
				currentCwd,
				cliAgents,
				initialState,
			};

			if (options.continue) {
				// Continue the most recent conversation directly
				let resumeSucceeded = false;
				try {
					const resumeStart = performance.now();

					// Clear stale caches before resuming to ensure fresh file/skill discovery
					const { clearSessionCaches } =
						await import("./commands/clear/caches.js");
					clearSessionCaches();

					const result = await loadConversationForResume(
						undefined /* sessionId */,
						undefined /* sourceFile */,
					);
					if (!result) {
						logEvent("tengu_continue", {
							success: false,
						});
						return await exitWithError(
							root,
							"No conversation found to continue",
						);
					}

					const loaded = await processResumedConversation(
						result,
						{
							forkSession: !!options.forkSession,
							includeAttribution: true,
							transcriptPath: result.fullPath,
						},
						resumeContext,
					);

					if (loaded.restoredAgentDef) {
						mainThreadAgentDefinition = loaded.restoredAgentDef;
					}

					maybeActivateProactive(options);
					maybeActivateBrief(options);

					logEvent("tengu_continue", {
						success: true,
						resume_duration_ms: Math.round(
							performance.now() - resumeStart,
						),
					});
					resumeSucceeded = true;

					await launchRepl(
						root,
						{
							getFpsMetrics,
							stats,
							initialState: loaded.initialState,
						},
						{
							...sessionConfig,
							mainThreadAgentDefinition:
								loaded.restoredAgentDef ??
								mainThreadAgentDefinition,
							initialMessages: loaded.messages,
							initialFileHistorySnapshots:
								loaded.fileHistorySnapshots,
							initialContentReplacements:
								loaded.contentReplacements,
							initialAgentName: loaded.agentName,
							initialAgentColor: loaded.agentColor,
						},
						renderAndRun,
					);
				} catch (error) {
					if (!resumeSucceeded) {
						logEvent("tengu_continue", {
							success: false,
						});
					}
					logError(error);
					process.exit(1);
				}
			} else if (feature("DIRECT_CONNECT") && _pendingConnect?.url) {
				// `claude connect <url>` — full interactive TUI connected to a remote server
				let directConnectConfig;
				try {
					const session = await createDirectConnectSession({
						serverUrl: _pendingConnect.url,
						authToken: _pendingConnect.authToken,
						cwd: getOriginalCwd(),
						dangerouslySkipPermissions:
							_pendingConnect.dangerouslySkipPermissions,
					});
					if (session.workDir) {
						setOriginalCwd(session.workDir);
						setCwdState(session.workDir);
					}
					setDirectConnectServerUrl(_pendingConnect.url);
					directConnectConfig = session.config;
				} catch (err) {
					return await exitWithError(
						root,
						err instanceof DirectConnectError
							? err.message
							: String(err),
						() => gracefulShutdown(1),
					);
				}

				const connectInfoMessage = createSystemMessage(
					`Connected to server at ${_pendingConnect.url}\nSession: ${directConnectConfig.sessionId}`,
					"info",
				);

				await launchRepl(
					root,
					{ getFpsMetrics, stats, initialState },
					{
						debug: debug || debugToStderr,
						commands,
						initialTools: [],
						initialMessages: [connectInfoMessage],
						mcpClients: [],
						autoConnectIdeFlag: ide,
						mainThreadAgentDefinition,
						disableSlashCommands,
						directConnectConfig,
						thinkingConfig,
					},
					renderAndRun,
				);
				return;
			} else if (feature("SSH_REMOTE") && _pendingSSH?.host) {
				// `claude ssh <host> [dir]` — probe remote, deploy binary if needed,
				// spawn ssh with unix-socket -R forward to a local auth proxy, hand
				// the REPL an SSHSession. Tools run remotely, UI renders locally.
				// `--local` skips probe/deploy/ssh and spawns the current binary
				// directly with the same env — e2e test of the proxy/auth plumbing.
				const {
					createSSHSession,
					createLocalSSHSession,
					SSHSessionError,
				} = await import("./ssh/createSSHSession.js");
				let sshSession: import('./ssh/createSSHSession.js').SSHSession | undefined;
				try {
					if (_pendingSSH.local) {
						process.stderr.write(
							"Starting local ssh-proxy test session...\n",
						);
						sshSession = await createLocalSSHSession({
							cwd: _pendingSSH.cwd,
							permissionMode: _pendingSSH.permissionMode,
							dangerouslySkipPermissions:
								_pendingSSH.dangerouslySkipPermissions,
						});
					} else {
						process.stderr.write(
							`Connecting to ${_pendingSSH.host}…\n`,
						);
						// In-place progress: \r + EL0 (erase to end of line). Final \n on
						// success so the next message lands on a fresh line. No-op when
						// stderr isn't a TTY (piped/redirected) — \r would just emit noise.
						const isTTY = process.stderr.isTTY;
						let hadProgress = false;
						sshSession = await createSSHSession(
							{
								host: _pendingSSH.host,
								cwd: _pendingSSH.cwd,
								localVersion: MACRO.VERSION,
								permissionMode: _pendingSSH.permissionMode,
								dangerouslySkipPermissions:
									_pendingSSH.dangerouslySkipPermissions,
								extraCliArgs: _pendingSSH.extraCliArgs,
								remoteBin: _pendingSSH.remoteBin,
							},
							isTTY
								? {
										onProgress: (msg: string) => {
											hadProgress = true;
											process.stderr.write(
												`\r  ${msg}\x1b[K`,
											);
										},
									}
								: {},
						);
						if (hadProgress) process.stderr.write("\n");
					}
					setOriginalCwd(sshSession.remoteCwd);
					setCwdState(sshSession.remoteCwd);
					setDirectConnectServerUrl(
						_pendingSSH.local ? "local" : _pendingSSH.host,
					);
				} catch (err) {
					return await exitWithError(
						root,
						err instanceof SSHSessionError
							? err.message
							: String(err),
						() => gracefulShutdown(1),
					);
				}

				const sshInfoMessage = createSystemMessage(
					_pendingSSH.local
						? `Local ssh-proxy test session\ncwd: ${sshSession.remoteCwd}\nAuth: unix socket → local proxy`
						: `SSH session to ${_pendingSSH.host}\nRemote cwd: ${sshSession.remoteCwd}\nAuth: unix socket -R → local proxy`,
					"info",
				);

				await launchRepl(
					root,
					{ getFpsMetrics, stats, initialState },
					{
						debug: debug || debugToStderr,
						commands,
						initialTools: [],
						initialMessages: [sshInfoMessage],
						mcpClients: [],
						autoConnectIdeFlag: ide,
						mainThreadAgentDefinition,
						disableSlashCommands,
						sshSession,
						thinkingConfig,
					},
					renderAndRun,
				);
				return;
			} else if (
				feature("KAIROS") &&
				_pendingAssistantChat &&
				(_pendingAssistantChat.sessionId ||
					_pendingAssistantChat.discover)
			) {
				// `claude assistant [sessionId]` — REPL as a pure viewer client
				// of a remote assistant session. The agentic loop runs remotely; this
				// process streams live events and POSTs messages. History is lazy-
				// loaded by useAssistantHistory on scroll-up (no blocking fetch here).
				const { discoverAssistantSessions } =
					await import("./assistant/sessionDiscovery.js");

				let targetSessionId = _pendingAssistantChat.sessionId;

				// Discovery flow — list bridge environments, filter sessions
				if (!targetSessionId) {
					let sessions;
					try {
						sessions = await discoverAssistantSessions();
					} catch (e) {
						return await exitWithError(
							root,
							`Failed to discover sessions: ${e instanceof Error ? e.message : e}`,
							() => gracefulShutdown(1),
						);
					}
					if (sessions.length === 0) {
						let installedDir: string | null;
						try {
							installedDir =
								await launchAssistantInstallWizard(root);
						} catch (e) {
							return await exitWithError(
								root,
								`Assistant installation failed: ${e instanceof Error ? e.message : e}`,
								() => gracefulShutdown(1),
							);
						}
						if (installedDir === null) {
							await gracefulShutdown(0);
							process.exit(0);
						}
						// The daemon needs a few seconds to spin up its worker and
						// establish a bridge session before discovery will find it.
						return await exitWithMessage(
							root,
							`Assistant installed in ${installedDir}. The daemon is starting up — run \`claude assistant\` again in a few seconds to connect.`,
							{
								exitCode: 0,
								beforeExit: () => gracefulShutdown(0),
							},
						);
					}
					if (sessions.length === 1) {
						targetSessionId = sessions[0]!.id;
					} else {
						const picked = await launchAssistantSessionChooser(
							root,
							{
								sessions,
							},
						);
						if (!picked) {
							await gracefulShutdown(0);
							process.exit(0);
						}
						targetSessionId = picked;
					}
				}

				// Auth — call prepareApiRequest() once for orgUUID, but use a
				// getAccessToken closure for the token so reconnects get fresh tokens.
				const {
					checkAndRefreshOAuthTokenIfNeeded,
					getClaudeAIOAuthTokens,
				} = await import("./utils/auth.js");
				await checkAndRefreshOAuthTokenIfNeeded();
				let apiCreds;
				try {
					apiCreds = await prepareApiRequest();
				} catch (e) {
					return await exitWithError(
						root,
						`Error: ${e instanceof Error ? e.message : "Failed to authenticate"}`,
						() => gracefulShutdown(1),
					);
				}
				const getAccessToken = (): string =>
					getClaudeAIOAuthTokens()?.accessToken ??
					apiCreds.accessToken;

				// Brief mode activation: setKairosActive(true) satisfies BOTH opt-in
				// and entitlement for isBriefEnabled() (BriefTool.ts:124-132).
				setKairosActive(true);
				setUserMsgOptIn(true);
				setIsRemoteMode(true);

				const remoteSessionConfig = createRemoteSessionConfig(
					targetSessionId,
					getAccessToken,
					apiCreds.orgUUID,
					/* hasInitialPrompt */ false,
					/* viewerOnly */ true,
				);

				const infoMessage = createSystemMessage(
					`Attached to assistant session ${targetSessionId.slice(0, 8)}…`,
					"info",
				);

				const assistantInitialState: AppState = {
					...initialState,
					isBriefOnly: true,
					kairosEnabled: false,
					replBridgeEnabled: false,
				};

				const remoteCommands = filterCommandsForRemoteMode(commands);
				await launchRepl(
					root,
					{
						getFpsMetrics,
						stats,
						initialState: assistantInitialState,
					},
					{
						debug: debug || debugToStderr,
						commands: remoteCommands,
						initialTools: [],
						initialMessages: [infoMessage],
						mcpClients: [],
						autoConnectIdeFlag: ide,
						mainThreadAgentDefinition,
						disableSlashCommands,
						remoteSessionConfig,
						thinkingConfig,
					},
					renderAndRun,
				);
				return;
			} else if (
				options.resume ||
				options.fromPr ||
				teleport ||
				remote !== null
			) {
				// Handle resume flow - from file (ant-only), session ID, or interactive selector

				// Clear stale caches before resuming to ensure fresh file/skill discovery
				const { clearSessionCaches } =
					await import("./commands/clear/caches.js");
				clearSessionCaches();

				let messages: MessageType[] | null = null;
				let processedResume: ProcessedResume | undefined;

				let maybeSessionId = validateUuid(options.resume);
				let searchTerm: string | undefined;
				// Store full LogOption when found by custom title (for cross-worktree resume)
				let matchedLog: LogOption | null = null;
				// PR filter for --from-pr flag
				let filterByPr: boolean | number | string | undefined;

				// Handle --from-pr flag
				if (options.fromPr) {
					if (options.fromPr === true) {
						// Show all sessions with linked PRs
						filterByPr = true;
					} else if (typeof options.fromPr === "string") {
						// Could be a PR number or URL
						filterByPr = options.fromPr;
					}
				}

				// If resume value is not a UUID, try exact match by custom title first
				if (
					options.resume &&
					typeof options.resume === "string" &&
					!maybeSessionId
				) {
					const trimmedValue = options.resume.trim();
					if (trimmedValue) {
						const matches = await searchSessionsByCustomTitle(
							trimmedValue,
							{
								exact: true,
							},
						);

						if (matches.length === 1) {
							// Exact match found - store full LogOption for cross-worktree resume
							matchedLog = matches[0]!;
							maybeSessionId =
								getSessionIdFromLog(matchedLog) ?? null;
						} else {
							// No match or multiple matches - use as search term for picker
							searchTerm = trimmedValue;
						}
					}
				}

				// --remote and --teleport both create/resume Claude Code Web (CCR) sessions.
				// Remote Control (--rc) is a separate feature gated in initReplBridge.ts.
				if (remote !== null || teleport) {
					await waitForPolicyLimitsToLoad();
					if (!isPolicyAllowed("allow_remote_sessions")) {
						return await exitWithError(
							root,
							"Error: Remote sessions are disabled by your organization's policy.",
							() => gracefulShutdown(1),
						);
					}
				}

				if (remote !== null) {
					// Create remote session (optionally with initial prompt)
					const hasInitialPrompt = remote.length > 0;

					// Check if TUI mode is enabled - description is only optional in TUI mode
					const isRemoteTuiEnabled =
						getFeatureValue_CACHED_MAY_BE_STALE(
							"tengu_remote_backend",
							false,
						);
					if (!isRemoteTuiEnabled && !hasInitialPrompt) {
						return await exitWithError(
							root,
							'Error: --remote requires a description.\nUsage: claude --remote "your task description"',
							() => gracefulShutdown(1),
						);
					}

					logEvent("tengu_remote_create_session", {
						has_initial_prompt: String(
							hasInitialPrompt,
						) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});

					// Pass current branch so CCR clones the repo at the right revision
					const currentBranch = await getBranch();
					const createdSession =
						await teleportToRemoteWithErrorHandling(
							root,
							hasInitialPrompt ? remote : null,
							new AbortController().signal,
							currentBranch || undefined,
						);
					if (!createdSession) {
						logEvent("tengu_remote_create_session_error", {
							error: "unable_to_create_session" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
						});
						return await exitWithError(
							root,
							"Error: Unable to create remote session",
							() => gracefulShutdown(1),
						);
					}
					logEvent("tengu_remote_create_session_success", {
						session_id:
							createdSession.id as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
					});

					// Check if new remote TUI mode is enabled via feature gate
					if (!isRemoteTuiEnabled) {
						// Original behavior: print session info and exit
						process.stdout.write(
							`Created remote session: ${createdSession.title}\n`,
						);
						process.stdout.write(
							`View: ${getRemoteSessionUrl(createdSession.id)}?m=0\n`,
						);
						process.stdout.write(
							`Resume with: claude --teleport ${createdSession.id}\n`,
						);
						await gracefulShutdown(0);
						process.exit(0);
					}

					// New behavior: start local TUI with CCR engine
					// Mark that we're in remote mode for command visibility
					setIsRemoteMode(true);
					switchSession(asSessionId(createdSession.id));

					// Get OAuth credentials for remote session
					let apiCreds: { accessToken: string; orgUUID: string };
					try {
						apiCreds = await prepareApiRequest();
					} catch (error) {
						logError(toError(error));
						return await exitWithError(
							root,
							`Error: ${errorMessage(error) || "Failed to authenticate"}`,
							() => gracefulShutdown(1),
						);
					}

					// Create remote session config for the REPL
					const { getClaudeAIOAuthTokens: getTokensForRemote } =
						await import("./utils/auth.js");
					const getAccessTokenForRemote = (): string =>
						getTokensForRemote()?.accessToken ??
						apiCreds.accessToken;
					const remoteSessionConfig = createRemoteSessionConfig(
						createdSession.id,
						getAccessTokenForRemote,
						apiCreds.orgUUID,
						hasInitialPrompt,
					);

					// Add remote session info as initial system message
					const remoteSessionUrl = `${getRemoteSessionUrl(createdSession.id)}?m=0`;
					const remoteInfoMessage = createSystemMessage(
						`/remote-control is active. Code in CLI or at ${remoteSessionUrl}`,
						"info",
					);

					// Create initial user message from the prompt if provided (CCR echoes it back but we ignore that)
					const initialUserMessage = hasInitialPrompt
						? createUserMessage({ content: remote })
						: null;

					// Set remote session URL in app state for footer indicator
					const remoteInitialState = {
						...initialState,
						remoteSessionUrl,
					};

					// Pre-filter commands to only include remote-safe ones.
					// CCR's init response may further refine the list (via handleRemoteInit in REPL).
					const remoteCommands =
						filterCommandsForRemoteMode(commands);
					await launchRepl(
						root,
						{
							getFpsMetrics,
							stats,
							initialState: remoteInitialState,
						},
						{
							debug: debug || debugToStderr,
							commands: remoteCommands,
							initialTools: [],
							initialMessages: initialUserMessage
								? [remoteInfoMessage, initialUserMessage]
								: [remoteInfoMessage],
							mcpClients: [],
							autoConnectIdeFlag: ide,
							mainThreadAgentDefinition,
							disableSlashCommands,
							remoteSessionConfig,
							thinkingConfig,
						},
						renderAndRun,
					);
					return;
				} else if (teleport) {
					if (teleport === true || teleport === "") {
						// Interactive mode: show task selector and handle resume
						logEvent("tengu_teleport_interactive_mode", {});
						logForDebugging(
							"selectAndResumeTeleportTask: Starting teleport flow...",
						);
						const teleportResult =
							await launchTeleportResumeWrapper(root);
						if (!teleportResult) {
							// User cancelled or error occurred
							await gracefulShutdown(0);
							process.exit(0);
						}
						const { branchError } =
							await checkOutTeleportedSessionBranch(
								teleportResult.branch,
							);
						messages = processMessagesForTeleportResume(
							teleportResult.log,
							branchError,
						);
					} else if (typeof teleport === "string") {
						logEvent("tengu_teleport_resume_session", {
							mode: "direct" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
						});
						try {
							// First, fetch session and validate repository before checking git state
							const sessionData = await fetchSession(teleport);
							const repoValidation =
								await validateSessionRepository(sessionData);

							// Handle repo mismatch or not in repo cases
							if (
								repoValidation.status === "mismatch" ||
								repoValidation.status === "not_in_repo"
							) {
								const sessionRepo = repoValidation.sessionRepo;
								if (sessionRepo) {
									// Check for known paths
									const knownPaths =
										getKnownPathsForRepo(sessionRepo);
									const existingPaths =
										await filterExistingPaths(knownPaths);

									if (existingPaths.length > 0) {
										// Show directory switch dialog
										const selectedPath =
											await launchTeleportRepoMismatchDialog(
												root,
												{
													targetRepo: sessionRepo,
													initialPaths: existingPaths,
												},
											);

										if (selectedPath) {
											// Change to the selected directory
											process.chdir(selectedPath);
											setCwd(selectedPath);
											setOriginalCwd(selectedPath);
										} else {
											// User cancelled
											await gracefulShutdown(0);
										}
									} else {
										// No known paths - show original error
										throw new TeleportOperationError(
											`You must run claude --teleport ${teleport} from a checkout of ${sessionRepo}.`,
											chalk.red(
												`You must run claude --teleport ${teleport} from a checkout of ${chalk.bold(sessionRepo)}.\n`,
											),
										);
									}
								}
							} else if (repoValidation.status === "error") {
								throw new TeleportOperationError(
									repoValidation.errorMessage ||
										"Failed to validate session",
									chalk.red(
										`Error: ${repoValidation.errorMessage || "Failed to validate session"}\n`,
									),
								);
							}

							await validateGitState();

							// Use progress UI for teleport
							const { teleportWithProgress } =
								await import("./components/TeleportProgress.js");
							const result = await teleportWithProgress(
								root,
								teleport,
							);
							// Track teleported session for reliability logging
							setTeleportedSessionInfo({ sessionId: teleport });
							messages = result.messages;
						} catch (error) {
							if (error instanceof TeleportOperationError) {
								process.stderr.write(
									error.formattedMessage + "\n",
								);
							} else {
								logError(error);
								process.stderr.write(
									chalk.red(
										`Error: ${errorMessage(error)}\n`,
									),
								);
							}
							await gracefulShutdown(1);
						}
					}
				}
				if (process.env.USER_TYPE === "ant") {
					if (
						options.resume &&
						typeof options.resume === "string" &&
						!maybeSessionId
					) {
						// Check for ccshare URL (e.g. https://go/ccshare/boris-20260311-211036)
						const { parseCcshareId, loadCcshare } =
							await import("./utils/ccshareResume.js");
						const ccshareId = parseCcshareId(options.resume);
						if (ccshareId) {
							try {
								const resumeStart = performance.now();
								const logOption = await loadCcshare(ccshareId);
								const result = await loadConversationForResume(
									logOption,
									undefined,
								);
								if (result) {
									processedResume =
										await processResumedConversation(
											result,
											{
												forkSession: true,
												transcriptPath: result.fullPath,
											},
											resumeContext,
										);
									if (processedResume.restoredAgentDef) {
										mainThreadAgentDefinition =
											processedResume.restoredAgentDef;
									}
									logEvent("tengu_session_resumed", {
										entrypoint:
											"ccshare" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
										success: true,
										resume_duration_ms: Math.round(
											performance.now() - resumeStart,
										),
									});
								} else {
									logEvent("tengu_session_resumed", {
										entrypoint:
											"ccshare" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
										success: false,
									});
								}
							} catch (error) {
								logEvent("tengu_session_resumed", {
									entrypoint:
										"ccshare" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
									success: false,
								});
								logError(error);
								await exitWithError(
									root,
									`Unable to resume from ccshare: ${errorMessage(error)}`,
									() => gracefulShutdown(1),
								);
							}
						} else {
							const resolvedPath = resolve(options.resume);
							try {
								const resumeStart = performance.now();
								let logOption;
								try {
									// Attempt to load as a transcript file; ENOENT falls through to session-ID handling
									logOption =
										await loadTranscriptFromFile(
											resolvedPath,
										);
								} catch (error) {
									if (!isENOENT(error)) throw error;
									// ENOENT: not a file path — fall through to session-ID handling
								}
								if (logOption) {
									const result =
										await loadConversationForResume(
											logOption,
											undefined /* sourceFile */,
										);
									if (result) {
										processedResume =
											await processResumedConversation(
												result,
												{
													forkSession:
														!!options.forkSession,
													transcriptPath:
														result.fullPath,
												},
												resumeContext,
											);
										if (processedResume.restoredAgentDef) {
											mainThreadAgentDefinition =
												processedResume.restoredAgentDef;
										}
										logEvent("tengu_session_resumed", {
											entrypoint:
												"file" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
											success: true,
											resume_duration_ms: Math.round(
												performance.now() - resumeStart,
											),
										});
									} else {
										logEvent("tengu_session_resumed", {
											entrypoint:
												"file" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
											success: false,
										});
									}
								}
							} catch (error) {
								logEvent("tengu_session_resumed", {
									entrypoint:
										"file" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
									success: false,
								});
								logError(error);
								await exitWithError(
									root,
									`Unable to load transcript from file: ${options.resume}`,
									() => gracefulShutdown(1),
								);
							}
						}
					}
				}

				// If not loaded as a file, try as session ID
				if (maybeSessionId) {
					// Resume specific session by ID
					const sessionId = maybeSessionId;
					try {
						const resumeStart = performance.now();
						// Use matchedLog if available (for cross-worktree resume by custom title)
						// Otherwise fall back to sessionId string (for direct UUID resume)
						const result = await loadConversationForResume(
							matchedLog ?? sessionId,
							undefined,
						);

						if (!result) {
							logEvent("tengu_session_resumed", {
								entrypoint:
									"cli_flag" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
								success: false,
							});
							return await exitWithError(
								root,
								`No conversation found with session ID: ${sessionId}`,
							);
						}

						const fullPath =
							matchedLog?.fullPath ?? result.fullPath;
						processedResume = await processResumedConversation(
							result,
							{
								forkSession: !!options.forkSession,
								sessionIdOverride: sessionId,
								transcriptPath: fullPath,
							},
							resumeContext,
						);

						if (processedResume.restoredAgentDef) {
							mainThreadAgentDefinition =
								processedResume.restoredAgentDef;
						}
						logEvent("tengu_session_resumed", {
							entrypoint:
								"cli_flag" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
							success: true,
							resume_duration_ms: Math.round(
								performance.now() - resumeStart,
							),
						});
					} catch (error) {
						logEvent("tengu_session_resumed", {
							entrypoint:
								"cli_flag" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
							success: false,
						});
						logError(error);
						await exitWithError(
							root,
							`Failed to resume session ${sessionId}`,
						);
					}
				}

				// Await file downloads before rendering REPL (files must be available)
				if (fileDownloadPromise) {
					try {
						const results = await fileDownloadPromise;
						const failedCount = count(results, (r) => !r.success);
						if (failedCount > 0) {
							process.stderr.write(
								chalk.yellow(
									`Warning: ${failedCount}/${results.length} file(s) failed to download.\n`,
								),
							);
						}
					} catch (error) {
						return await exitWithError(
							root,
							`Error downloading files: ${errorMessage(error)}`,
						);
					}
				}

				// If we have a processed resume or teleport messages, render the REPL
				const resumeData =
					processedResume ??
					(Array.isArray(messages)
						? {
								messages,
								fileHistorySnapshots: undefined,
								agentName: undefined,
								agentColor: undefined as
									| AgentColorName
									| undefined,
								restoredAgentDef: mainThreadAgentDefinition,
								initialState,
								contentReplacements: undefined,
							}
						: undefined);
				if (resumeData) {
					maybeActivateProactive(options);
					maybeActivateBrief(options);

					await launchRepl(
						root,
						{
							getFpsMetrics,
							stats,
							initialState: resumeData.initialState,
						},
						{
							...sessionConfig,
							mainThreadAgentDefinition:
								resumeData.restoredAgentDef ??
								mainThreadAgentDefinition,
							initialMessages: resumeData.messages,
							initialFileHistorySnapshots:
								resumeData.fileHistorySnapshots,
							initialContentReplacements:
								resumeData.contentReplacements,
							initialAgentName: resumeData.agentName,
							initialAgentColor: resumeData.agentColor,
						},
						renderAndRun,
					);
				} else {
					// Show interactive selector (includes same-repo worktrees)
					// Note: ResumeConversation loads logs internally to ensure proper GC after selection
					await launchResumeChooser(
						root,
						{ getFpsMetrics, stats, initialState },
						getWorktreePaths(getOriginalCwd()),
						{
							...sessionConfig,
							initialSearchQuery: searchTerm,
							forkSession: options.forkSession,
							filterByPr,
						},
					);
				}
			} else {
				// Pass unresolved hooks promise to REPL so it can render immediately
				// instead of blocking ~500ms waiting for SessionStart hooks to finish.
				// REPL will inject hook messages when they resolve and await them before
				// the first API call so the model always sees hook context.
				const pendingHookMessages =
					hooksPromise && hookMessages.length === 0
						? hooksPromise
						: undefined;

				profileCheckpoint("action_after_hooks");
				maybeActivateProactive(options);
				maybeActivateBrief(options);
				// Persist the current mode for fresh sessions so future resumes know what mode was used
				if (feature("COORDINATOR_MODE")) {
					saveMode(
						coordinatorModeModule?.isCoordinatorMode()
							? "coordinator"
							: "normal",
					);
				}

				// If launched via a deep link, show a provenance banner so the user
				// knows the session originated externally. Linux xdg-open and
				// browsers with "always allow" set dispatch the link with no OS-level
				// confirmation, so this is the only signal the user gets that the
				// prompt — and the working directory / CLAUDE.md it implies — came
				// from an external source rather than something they typed.
				let deepLinkBanner: ReturnType<
					typeof createSystemMessage
				> | null = null;
				if (feature("LODESTONE")) {
					if (options.deepLinkOrigin) {
						logEvent("tengu_deep_link_opened", {
							has_prefill: Boolean(options.prefill),
							has_repo: Boolean(options.deepLinkRepo),
						});
						deepLinkBanner = createSystemMessage(
							buildDeepLinkBanner({
								cwd: getCwd(),
								prefillLength: options.prefill?.length,
								repo: options.deepLinkRepo,
								lastFetch:
									options.deepLinkLastFetch !== undefined
										? new Date(options.deepLinkLastFetch)
										: undefined,
							}),
							"warning",
						);
					} else if (options.prefill) {
						deepLinkBanner = createSystemMessage(
							"Launched with a pre-filled prompt — review it before pressing Enter.",
							"warning",
						);
					}
				}
				const initialMessages = deepLinkBanner
					? [deepLinkBanner, ...hookMessages]
					: hookMessages.length > 0
						? hookMessages
						: undefined;

				await launchRepl(
					root,
					{ getFpsMetrics, stats, initialState },
					{
						...sessionConfig,
						initialMessages,
						pendingHookMessages,
					},
					renderAndRun,
				);
			}
		})
		.version(
			`${MACRO.VERSION} (Claude Code)`,
			"-v, --version",
			"Output the version number",
		);

	// Worktree flags
	program.option(
		"-w, --worktree [name]",
		"Create a new git worktree for this session (optionally specify a name)",
	);
	program.option(
		"--tmux",
		"Create a tmux session for the worktree (requires --worktree). Uses iTerm2 native panes when available; use --tmux=classic for traditional tmux.",
	);

	if (canUserConfigureAdvisor()) {
		program.addOption(
			new Option(
				"--advisor <model>",
				"Enable the server-side advisor tool with the specified model (alias or full ID).",
			).hideHelp(),
		);
	}

	if (process.env.USER_TYPE === "ant") {
		program.addOption(
			new Option(
				"--delegate-permissions",
				"[ANT-ONLY] Alias for --permission-mode auto.",
			).implies({
				permissionMode: "auto",
			}),
		);
		program.addOption(
			new Option(
				"--dangerously-skip-permissions-with-classifiers",
				"[ANT-ONLY] Deprecated alias for --permission-mode auto.",
			)
				.hideHelp()
				.implies({ permissionMode: "auto" }),
		);
		program.addOption(
			new Option(
				"--afk",
				"[ANT-ONLY] Deprecated alias for --permission-mode auto.",
			)
				.hideHelp()
				.implies({ permissionMode: "auto" }),
		);
		program.addOption(
			new Option(
				"--tasks [id]",
				'[ANT-ONLY] Tasks mode: watch for tasks and auto-process them. Optional id is used as both the task list ID and agent ID (defaults to "tasklist").',
			)
				.argParser(String)
				.hideHelp(),
		);
		program.option(
			"--agent-teams",
			"[ANT-ONLY] Force Claude to use multi-agent mode for solving problems",
			() => true,
		);
	}

	if (feature("TRANSCRIPT_CLASSIFIER")) {
		program.addOption(
			new Option("--enable-auto-mode", "Opt in to auto mode").hideHelp(),
		);
	}

	if (feature("PROACTIVE") || feature("KAIROS")) {
		program.addOption(
			new Option("--proactive", "Start in proactive autonomous mode"),
		);
	}

	if (feature("UDS_INBOX")) {
		program.addOption(
			new Option(
				"--messaging-socket-path <path>",
				"Unix domain socket path for the UDS messaging server (defaults to a tmp path)",
			),
		);
	}

	if (feature("KAIROS") || feature("KAIROS_BRIEF")) {
		program.addOption(
			new Option(
				"--brief",
				"Enable SendUserMessage tool for agent-to-user communication",
			),
		);
	}
	if (feature("KAIROS")) {
		program.addOption(
			new Option(
				"--assistant",
				"Force assistant mode (Agent SDK daemon use)",
			).hideHelp(),
		);
	}
	program.addOption(
		new Option(
			"--channels <servers...>",
			"MCP servers whose channel notifications (inbound push) should register this session. Space-separated server names.",
		).hideHelp(),
	);
	program.addOption(
		new Option(
			"--dangerously-load-development-channels <servers...>",
			"Load channel servers not on the approved allowlist. For local channel development only. Shows a confirmation dialog at startup.",
		).hideHelp(),
	);

	// Teammate identity options (set by leader when spawning tmux teammates)
	// These replace the CLAUDE_CODE_* environment variables
	program.addOption(
		new Option("--agent-id <id>", "Teammate agent ID").hideHelp(),
	);
	program.addOption(
		new Option("--agent-name <name>", "Teammate display name").hideHelp(),
	);
	program.addOption(
		new Option(
			"--team-name <name>",
			"Team name for swarm coordination",
		).hideHelp(),
	);
	program.addOption(
		new Option("--agent-color <color>", "Teammate UI color").hideHelp(),
	);
	program.addOption(
		new Option(
			"--plan-mode-required",
			"Require plan mode before implementation",
		).hideHelp(),
	);
	program.addOption(
		new Option(
			"--parent-session-id <id>",
			"Parent session ID for analytics correlation",
		).hideHelp(),
	);
	program.addOption(
		new Option(
			"--teammate-mode <mode>",
			'How to spawn teammates: "tmux", "in-process", or "auto"',
		)
			.choices(["auto", "tmux", "in-process"])
			.hideHelp(),
	);
	program.addOption(
		new Option(
			"--agent-type <type>",
			"Custom agent type for this teammate",
		).hideHelp(),
	);

	// Enable SDK URL for all builds but hide from help
	program.addOption(
		new Option(
			"--sdk-url <url>",
			"Use remote WebSocket endpoint for SDK I/O streaming (only with -p and stream-json format)",
		).hideHelp(),
	);

	// Enable teleport/remote flags for all builds but keep them undocumented until GA
	program.addOption(
		new Option(
			"--teleport [session]",
			"Resume a teleport session, optionally specify session ID",
		).hideHelp(),
	);
	program.addOption(
		new Option(
			"--remote [description]",
			"Create a remote session with the given description",
		).hideHelp(),
	);
	if (feature("BRIDGE_MODE")) {
		program.addOption(
			new Option(
				"--remote-control [name]",
				"Start an interactive session with Remote Control enabled (optionally named)",
			)
				.argParser((value) => value || true)
				.hideHelp(),
		);
		program.addOption(
			new Option("--rc [name]", "Alias for --remote-control")
				.argParser((value) => value || true)
				.hideHelp(),
		);
	}

	if (feature("HARD_FAIL")) {
		program.addOption(
			new Option(
				"--hard-fail",
				"Crash on logError calls instead of silently logging",
			).hideHelp(),
		);
	}

	profileCheckpoint("run_main_options_built");

	// -p/--print mode: skip subcommand registration. The 52 subcommands
	// (mcp, auth, plugin, skill, task, config, doctor, update, etc.) are
	// never dispatched in print mode — commander routes the prompt to the
	// default action. The subcommand registration path was measured at ~65ms
	// on baseline — mostly the isBridgeEnabled() call (25ms settings Zod parse
	// + 40ms sync keychain subprocess), both hidden by the try/catch that
	// always returns false before enableConfigs(). cc:// URLs are rewritten to
	// `open` at main() line ~851 BEFORE this runs, so argv check is safe here.
	const isPrintMode =
		process.argv.includes("-p") || process.argv.includes("--print");
	const isCcUrl = process.argv.some(
		(a) => a.startsWith("cc://") || a.startsWith("cc+unix://"),
	);
	if (isPrintMode && !isCcUrl) {
		profileCheckpoint("run_before_parse");
		await program.parseAsync(process.argv);
		profileCheckpoint("run_after_parse");
		return program;
	}

	// claude mcp

	const mcp = program
		.command("mcp")
		.description("Configure and manage MCP servers")
		.configureHelp(createSortedHelpConfig())
		.enablePositionalOptions();

	mcp.command("serve")
		.description(`Start the Claude Code MCP server`)
		.option("-d, --debug", "Enable debug mode", () => true)
		.option(
			"--verbose",
			"Override verbose mode setting from config",
			() => true,
		)
		.action(
			async ({
				debug,
				verbose,
			}: {
				debug?: boolean;
				verbose?: boolean;
			}) => {
				const { mcpServeHandler } =
					await import("./cli/handlers/mcp.js");
				await mcpServeHandler({ debug, verbose });
			},
		);

	// Register the mcp add subcommand (extracted for testability)
	registerMcpAddCommand(mcp);

	if (isXaaEnabled()) {
		registerMcpXaaIdpCommand(mcp);
	}

	mcp.command("remove <name>")
		.description("Remove an MCP server")
		.option(
			"-s, --scope <scope>",
			"Configuration scope (local, user, or project) - if not specified, removes from whichever scope it exists in",
		)
		.action(async (name: string, options: { scope?: string }) => {
			const { mcpRemoveHandler } = await import("./cli/handlers/mcp.js");
			await mcpRemoveHandler(name, options);
		});

	mcp.command("list")
		.description(
			"List configured MCP servers. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.",
		)
		.action(async () => {
			const { mcpListHandler } = await import("./cli/handlers/mcp.js");
			await mcpListHandler();
		});

	mcp.command("get <name>")
		.description(
			"Get details about an MCP server. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.",
		)
		.action(async (name: string) => {
			const { mcpGetHandler } = await import("./cli/handlers/mcp.js");
			await mcpGetHandler(name);
		});

	mcp.command("add-json <name> <json>")
		.description("Add an MCP server (stdio or SSE) with a JSON string")
		.option(
			"-s, --scope <scope>",
			"Configuration scope (local, user, or project)",
			"local",
		)
		.option(
			"--client-secret",
			"Prompt for OAuth client secret (or set MCP_CLIENT_SECRET env var)",
		)
		.action(
			async (
				name: string,
				json: string,
				options: { scope?: string; clientSecret?: true },
			) => {
				const { mcpAddJsonHandler } =
					await import("./cli/handlers/mcp.js");
				await mcpAddJsonHandler(name, json, options);
			},
		);

	mcp.command("add-from-claude-desktop")
		.description(
			"Import MCP servers from Claude Desktop (Mac and WSL only)",
		)
		.option(
			"-s, --scope <scope>",
			"Configuration scope (local, user, or project)",
			"local",
		)
		.action(async (options: { scope?: string }) => {
			const { mcpAddFromDesktopHandler } =
				await import("./cli/handlers/mcp.js");
			await mcpAddFromDesktopHandler(options);
		});

	mcp.command("reset-project-choices")
		.description(
			"Reset all approved and rejected project-scoped (.mcp.json) servers within this project",
		)
		.action(async () => {
			const { mcpResetChoicesHandler } =
				await import("./cli/handlers/mcp.js");
			await mcpResetChoicesHandler();
		});

	// claude server
	if (feature("DIRECT_CONNECT")) {
		program
			.command("server")
			.description("Start a Claude Code session server")
			.option("--port <number>", "HTTP port", "0")
			.option("--host <string>", "Bind address", "0.0.0.0")
			.option("--auth-token <token>", "Bearer token for auth")
			.option("--unix <path>", "Listen on a unix domain socket")
			.option(
				"--workspace <dir>",
				"Default working directory for sessions that do not specify cwd",
			)
			.option(
				"--idle-timeout <ms>",
				"Idle timeout for detached sessions in ms (0 = never expire)",
				"600000",
			)
			.option(
				"--max-sessions <n>",
				"Maximum concurrent sessions (0 = unlimited)",
				"32",
			)
			.action(
				async (opts: {
					port: string;
					host: string;
					authToken?: string;
					unix?: string;
					workspace?: string;
					idleTimeout: string;
					maxSessions: string;
				}) => {
					const { randomBytes } = await import("crypto");
					const { startServer } = await import("./server/server.js");
					const { SessionManager } =
						await import("./server/sessionManager.js");
					const { DangerousBackend } =
						await import("./server/backends/dangerousBackend.js");
					const { printBanner } =
						await import("./server/serverBanner.js");
					const { createServerLogger } =
						await import("./server/serverLog.js");
					const {
						writeServerLock,
						removeServerLock,
						probeRunningServer,
					} = await import("./server/lockfile.js");

					const existing = await probeRunningServer();
					if (existing) {
						process.stderr.write(
							`A claude server is already running (pid ${existing.pid}) at ${existing.httpUrl}\n`,
						);
						process.exit(1);
					}

					const authToken =
						opts.authToken ??
						`sk-ant-cc-${randomBytes(16).toString("base64url")}`;

					const config = {
						port: parseInt(opts.port, 10),
						host: opts.host,
						authToken,
						unix: opts.unix,
						workspace: opts.workspace,
						idleTimeoutMs: parseInt(opts.idleTimeout, 10),
						maxSessions: parseInt(opts.maxSessions, 10),
					};

					const backend = new DangerousBackend();
					const sessionManager = new SessionManager(backend, {
						idleTimeoutMs: config.idleTimeoutMs,
						maxSessions: config.maxSessions,
					});
					const logger = createServerLogger();

					const server = startServer(config, sessionManager, logger);
					const actualPort = server.port ?? config.port;
					printBanner(config, authToken, actualPort);

					await writeServerLock({
						pid: process.pid,
						port: actualPort,
						host: config.host,
						httpUrl: config.unix
							? `unix:${config.unix}`
							: `http://${config.host}:${actualPort}`,
						startedAt: Date.now(),
					});

					let shuttingDown = false;
					const shutdown = async () => {
						if (shuttingDown) return;
						shuttingDown = true;
						// Stop accepting new connections before tearing down sessions.
						server.stop(true);
						await sessionManager.destroyAll();
						await removeServerLock();
						process.exit(0);
					};
					process.once("SIGINT", () => void shutdown());
					process.once("SIGTERM", () => void shutdown());
				},
			);
	}

	// `claude ssh <host> [dir]` — registered here only so --help shows it.
	// The actual interactive flow is handled by early argv rewriting in main()
	// (parallels the DIRECT_CONNECT/cc:// pattern above). If commander reaches
	// this action it means the argv rewrite didn't fire (e.g. user ran
	// `claude ssh` with no host) — just print usage.
	if (feature("SSH_REMOTE")) {
		program
			.command("ssh <host> [dir]")
			.description(
				"Run Claude Code on a remote host over SSH. Deploys the binary and " +
					"tunnels API auth back through your local machine — no remote setup needed.",
			)
			.option(
				"--permission-mode <mode>",
				"Permission mode for the remote session",
			)
			.option(
				"--dangerously-skip-permissions",
				"Skip all permission prompts on the remote (dangerous)",
			)
			.option(
				"--remote-bin <command>",
				"Custom remote binary command (skips probe/deploy). " +
					"Example: --remote-bin 'bun /path/to/project/dist/cli.js'",
			)
			.option(
				"--local",
				"e2e test mode — spawn the child CLI locally (skip ssh/deploy). " +
					"Exercises the auth proxy and unix-socket plumbing without a remote host.",
			)
			.action(async () => {
				// Argv rewriting in main() should have consumed `ssh <host>` before
				// commander runs. Reaching here means host was missing or the
				// rewrite predicate didn't match.
				process.stderr.write(
					"Usage: claude ssh <user@host | ssh-config-alias> [dir]\n\n" +
						"Runs Claude Code on a remote Linux host. You don't need to install\n" +
						"anything on the remote or run `claude auth login` there — the binary is\n" +
						"deployed over SSH and API auth tunnels back through your local machine.\n",
				);
				process.exit(1);
			});
	}

	// claude connect — subcommand only handles -p (headless) mode.
	// Interactive mode (without -p) is handled by early argv rewriting in main()
	// which redirects to the main command with full TUI support.
	if (feature("DIRECT_CONNECT")) {
		program
			.command("open <cc-url>")
			.description(
				"Connect to a Claude Code server (internal — use cc:// URLs)",
			)
			.option("-p, --print [prompt]", "Print mode (headless)")
			.option(
				"--output-format <format>",
				"Output format: text, json, stream-json",
				"text",
			)
			.action(
				async (
					ccUrl: string,
					opts: {
						print?: string | true;
						outputFormat?: string;
					},
				) => {
					const { parseConnectUrl } =
						await import("./server/parseConnectUrl.js");
					const { serverUrl, authToken } = parseConnectUrl(ccUrl);

					let connectConfig;
					try {
						const session = await createDirectConnectSession({
							serverUrl,
							authToken,
							cwd: getOriginalCwd(),
							dangerouslySkipPermissions:
								_pendingConnect?.dangerouslySkipPermissions,
						});
						if (session.workDir) {
							setOriginalCwd(session.workDir);
							setCwdState(session.workDir);
						}
						setDirectConnectServerUrl(serverUrl);
						connectConfig = session.config;
					} catch (err) {
						console.error(
							err instanceof DirectConnectError
								? err.message
								: String(err),
						);
						process.exit(1);
					}

					const { runConnectHeadless } =
						await import("./server/connectHeadless.js");

					const prompt =
						typeof opts.print === "string" ? opts.print : "";
					const interactive = opts.print === true;
					await runConnectHeadless(
						connectConfig,
						prompt,
						opts.outputFormat,
						interactive,
					);
				},
			);
	}

	// claude auth

	const auth = program
		.command("auth")
		.description("Manage authentication")
		.configureHelp(createSortedHelpConfig());

	auth.command("login")
		.description("Sign in to your Anthropic account")
		.option(
			"--email <email>",
			"Pre-populate email address on the login page",
		)
		.option("--sso", "Force SSO login flow")
		.option(
			"--console",
			"Use Anthropic Console (API usage billing) instead of Claude subscription",
		)
		.option("--claudeai", "Use Claude subscription (default)")
		.action(
			async ({
				email,
				sso,
				console: useConsole,
				claudeai,
			}: {
				email?: string;
				sso?: boolean;
				console?: boolean;
				claudeai?: boolean;
			}) => {
				const { authLogin } = await import("./cli/handlers/auth.js");
				await authLogin({ email, sso, console: useConsole, claudeai });
			},
		);

	auth.command("status")
		.description("Show authentication status")
		.option("--json", "Output as JSON (default)")
		.option("--text", "Output as human-readable text")
		.action(async (opts: { json?: boolean; text?: boolean }) => {
			const { authStatus } = await import("./cli/handlers/auth.js");
			await authStatus(opts);
		});

	auth.command("logout")
		.description("Log out from your Anthropic account")
		.action(async () => {
			const { authLogout } = await import("./cli/handlers/auth.js");
			await authLogout();
		});

	/**
	 * Helper function to handle marketplace command errors consistently.
	 * Logs the error and exits the process with status 1.
	 * @param error The error that occurred
	 * @param action Description of the action that failed
	 */
	// Hidden flag on all plugin/marketplace subcommands to target cowork_plugins.
	const coworkOption = () =>
		new Option("--cowork", "Use cowork_plugins directory").hideHelp();

	// Plugin validate command
	const pluginCmd = program
		.command("plugin")
		.alias("plugins")
		.description("Manage Claude Code plugins")
		.configureHelp(createSortedHelpConfig());

	pluginCmd
		.command("validate <path>")
		.description("Validate a plugin or marketplace manifest")
		.addOption(coworkOption())
		.action(async (manifestPath: string, options: { cowork?: boolean }) => {
			const { pluginValidateHandler } =
				await import("./cli/handlers/plugins.js");
			await pluginValidateHandler(manifestPath, options);
		});

	// Plugin list command
	pluginCmd
		.command("list")
		.description("List installed plugins")
		.option("--json", "Output as JSON")
		.option(
			"--available",
			"Include available plugins from marketplaces (requires --json)",
		)
		.addOption(coworkOption())
		.action(
			async (options: {
				json?: boolean;
				available?: boolean;
				cowork?: boolean;
			}) => {
				const { pluginListHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginListHandler(options);
			},
		);

	// Marketplace subcommands
	const marketplaceCmd = pluginCmd
		.command("marketplace")
		.description("Manage Claude Code marketplaces")
		.configureHelp(createSortedHelpConfig());

	marketplaceCmd
		.command("add <source>")
		.description("Add a marketplace from a URL, path, or GitHub repo")
		.addOption(coworkOption())
		.option(
			"--sparse <paths...>",
			"Limit checkout to specific directories via git sparse-checkout (for monorepos). Example: --sparse .claude-plugin plugins",
		)
		.option(
			"--scope <scope>",
			"Where to declare the marketplace: user (default), project, or local",
		)
		.action(
			async (
				source: string,
				options: {
					cowork?: boolean;
					sparse?: string[];
					scope?: string;
				},
			) => {
				const { marketplaceAddHandler } =
					await import("./cli/handlers/plugins.js");
				await marketplaceAddHandler(source, options);
			},
		);

	marketplaceCmd
		.command("list")
		.description("List all configured marketplaces")
		.option("--json", "Output as JSON")
		.addOption(coworkOption())
		.action(async (options: { json?: boolean; cowork?: boolean }) => {
			const { marketplaceListHandler } =
				await import("./cli/handlers/plugins.js");
			await marketplaceListHandler(options);
		});

	marketplaceCmd
		.command("remove <name>")
		.alias("rm")
		.description("Remove a configured marketplace")
		.addOption(coworkOption())
		.action(async (name: string, options: { cowork?: boolean }) => {
			const { marketplaceRemoveHandler } =
				await import("./cli/handlers/plugins.js");
			await marketplaceRemoveHandler(name, options);
		});

	marketplaceCmd
		.command("update [name]")
		.description(
			"Update marketplace(s) from their source - updates all if no name specified",
		)
		.addOption(coworkOption())
		.action(
			async (name: string | undefined, options: { cowork?: boolean }) => {
				const { marketplaceUpdateHandler } =
					await import("./cli/handlers/plugins.js");
				await marketplaceUpdateHandler(name, options);
			},
		);

	// Plugin install command
	pluginCmd
		.command("install <plugin>")
		.alias("i")
		.description(
			"Install a plugin from available marketplaces (use plugin@marketplace for specific marketplace)",
		)
		.option(
			"-s, --scope <scope>",
			"Installation scope: user, project, or local",
			"user",
		)
		.addOption(coworkOption())
		.action(
			async (
				plugin: string,
				options: { scope?: string; cowork?: boolean },
			) => {
				const { pluginInstallHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginInstallHandler(plugin, options);
			},
		);

	// Plugin uninstall command
	pluginCmd
		.command("uninstall <plugin>")
		.alias("remove")
		.alias("rm")
		.description("Uninstall an installed plugin")
		.option(
			"-s, --scope <scope>",
			"Uninstall from scope: user, project, or local",
			"user",
		)
		.option(
			"--keep-data",
			"Preserve the plugin's persistent data directory (~/.claude/plugins/data/{id}/)",
		)
		.addOption(coworkOption())
		.action(
			async (
				plugin: string,
				options: {
					scope?: string;
					cowork?: boolean;
					keepData?: boolean;
				},
			) => {
				const { pluginUninstallHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginUninstallHandler(plugin, options);
			},
		);

	// Plugin enable command
	pluginCmd
		.command("enable <plugin>")
		.description("Enable a disabled plugin")
		.option(
			"-s, --scope <scope>",
			`Installation scope: ${VALID_INSTALLABLE_SCOPES.join(", ")} (default: auto-detect)`,
		)
		.addOption(coworkOption())
		.action(
			async (
				plugin: string,
				options: { scope?: string; cowork?: boolean },
			) => {
				const { pluginEnableHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginEnableHandler(plugin, options);
			},
		);

	// Plugin disable command
	pluginCmd
		.command("disable [plugin]")
		.description("Disable an enabled plugin")
		.option("-a, --all", "Disable all enabled plugins")
		.option(
			"-s, --scope <scope>",
			`Installation scope: ${VALID_INSTALLABLE_SCOPES.join(", ")} (default: auto-detect)`,
		)
		.addOption(coworkOption())
		.action(
			async (
				plugin: string | undefined,
				options: { scope?: string; cowork?: boolean; all?: boolean },
			) => {
				const { pluginDisableHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginDisableHandler(plugin, options);
			},
		);

	// Plugin update command
	pluginCmd
		.command("update <plugin>")
		.description(
			"Update a plugin to the latest version (restart required to apply)",
		)
		.option(
			"-s, --scope <scope>",
			`Installation scope: ${VALID_UPDATE_SCOPES.join(", ")} (default: user)`,
		)
		.addOption(coworkOption())
		.action(
			async (
				plugin: string,
				options: { scope?: string; cowork?: boolean },
			) => {
				const { pluginUpdateHandler } =
					await import("./cli/handlers/plugins.js");
				await pluginUpdateHandler(plugin, options);
			},
		);
	// END ANT-ONLY

  // Setup token command
  program
    .command('setup-token')
    .description(
      'Set up a long-lived authentication token (requires Claude subscription)',
    )
    .action(async () => {
      const [{ setupTokenHandler }, { createRoot }] = await Promise.all([
        import('./cli/handlers/util.js'),
        import('@anthropic/ink'),
      ])
      const root = await createRoot(getBaseRenderOptions(false))
      await setupTokenHandler(root)
    })

	// Agents command - list configured agents
	program
		.command("agents")
		.description("List configured agents")
		.option(
			"--setting-sources <sources>",
			"Comma-separated list of setting sources to load (user, project, local).",
		)
		.action(async () => {
			const { agentsHandler } = await import("./cli/handlers/agents.js");
			await agentsHandler();
			process.exit(0);
		});

	if (feature("TRANSCRIPT_CLASSIFIER")) {
		// Skip when tengu_auto_mode_config.enabled === 'disabled' (circuit breaker).
		// Reads from disk cache — GrowthBook isn't initialized at registration time.
		if (getAutoModeEnabledStateIfCached() !== "disabled") {
			const autoModeCmd = program
				.command("auto-mode")
				.description("Inspect auto mode classifier configuration");

			autoModeCmd
				.command("defaults")
				.description(
					"Print the default auto mode environment, allow, and deny rules as JSON",
				)
				.action(async () => {
					const { autoModeDefaultsHandler } =
						await import("./cli/handlers/autoMode.js");
					autoModeDefaultsHandler();
					process.exit(0);
				});

			autoModeCmd
				.command("config")
				.description(
					"Print the effective auto mode config as JSON: your settings where set, defaults otherwise",
				)
				.action(async () => {
					const { autoModeConfigHandler } =
						await import("./cli/handlers/autoMode.js");
					autoModeConfigHandler();
					process.exit(0);
				});

			autoModeCmd
				.command("critique")
				.description("Get AI feedback on your custom auto mode rules")
				.option("--model <model>", "Override which model is used")
				.action(async (options) => {
					const { autoModeCritiqueHandler } =
						await import("./cli/handlers/autoMode.js");
					await autoModeCritiqueHandler(options);
					process.exit();
				});
		}
	}

	// claude autonomy — CLI subcommands mirroring /autonomy slash command
	{
		const autonomyCmd = program
			.command("autonomy")
			.description("Inspect and manage automatic autonomy runs and flows");

		autonomyCmd
			.command("status")
			.description("Print autonomy run, flow, team, pipe, and remote-control status")
			.option("--deep", "Include teams, pipes, daemon, and remote-control sections")
			.action(async (options: { deep?: boolean }) => {
				const { autonomyStatusHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyStatusHandler(options);
				process.exit(0);
			});

		autonomyCmd
			.command("runs [limit]")
			.description("List recent autonomy runs")
			.action(async (limit?: string) => {
				const { autonomyRunsHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyRunsHandler(limit);
				process.exit(0);
			});

		autonomyCmd
			.command("flows [limit]")
			.description("List recent autonomy flows")
			.action(async (limit?: string) => {
				const { autonomyFlowsHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyFlowsHandler(limit);
				process.exit(0);
			});

		const flowCmd = autonomyCmd
			.command("flow <flowId>")
			.description("Inspect a single autonomy flow")
			.action(async (flowId: string) => {
				const { autonomyFlowHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyFlowHandler(flowId);
				process.exit(0);
			});

		flowCmd
			.command("cancel <flowId>")
			.description("Cancel a queued, waiting, or running autonomy flow")
			.action(async (flowId: string) => {
				const { autonomyFlowCancelHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyFlowCancelHandler(flowId);
				process.exit(0);
			});

		flowCmd
			.command("resume <flowId>")
			.description("Resume a waiting autonomy flow")
			.action(async (flowId: string) => {
				const { autonomyFlowResumeHandler } = await import("./cli/handlers/autonomy.js");
				await autonomyFlowResumeHandler(flowId);
				process.exit(0);
			});
	}

	// Remote Control command — connect local environment to claude.ai/code.
	// The actual command is intercepted by the fast-path in cli.tsx before
	// Commander.js runs, so this registration exists only for help output.
	// Always hidden: isBridgeEnabled() at this point (before enableConfigs)
	// would throw inside isClaudeAISubscriber → getGlobalConfig and return
	// false via the try/catch — but not before paying ~65ms of side effects
	// (25ms settings Zod parse + 40ms sync `security` keychain subprocess).
	// The dynamic visibility never worked; the command was always hidden.
	if (feature("BRIDGE_MODE")) {
		program
			.command("remote-control", { hidden: true })
			.alias("rc")
			.description(
				"Connect your local environment for remote-control sessions via claude.ai/code",
			)
			.action(async () => {
				// Unreachable — cli.tsx fast-path handles this command before main.tsx loads.
				// If somehow reached, delegate to bridgeMain.
				const { bridgeMain } = await import("./bridge/bridgeMain.js");
				await bridgeMain(process.argv.slice(3));
			});
	}

	if (feature("KAIROS")) {
		program
			.command("assistant [sessionId]")
			.description(
				"Attach the REPL as a client to a running bridge session. Discovers sessions via API if no sessionId given.",
			)
			.action(() => {
				// Argv rewriting above should have consumed `assistant [id]`
				// before commander runs. Reaching here means a root flag came first
				// (e.g. `--debug assistant`) and the position-0 predicate
				// didn't match. Print usage like the ssh stub does.
				process.stderr.write(
					"Usage: claude assistant [sessionId]\n\n" +
						"Attach the REPL as a viewer client to a running bridge session.\n" +
						"Omit sessionId to discover and pick from available sessions.\n",
				);
				process.exit(1);
			});
	}

  // Doctor command - check installation health
  program
    .command('doctor')
    .description(
      'Check the health of your Claude Code auto-updater. Note: The workspace trust dialog is skipped and stdio servers from .mcp.json are spawned for health checks. Only use this command in directories you trust.',
    )
    .action(async () => {
      const [{ doctorHandler }, { createRoot }] = await Promise.all([
        import('./cli/handlers/util.js'),
        import('@anthropic/ink'),
      ])
      const root = await createRoot(getBaseRenderOptions(false))
      await doctorHandler(root)
    })


	// claude up — run the project's CLAUDE.md "# claude up" setup instructions.
	if (process.env.USER_TYPE === "ant") {
		program
			.command("up")
			.description(
				'[ANT-ONLY] Initialize or upgrade the local dev environment using the "# claude up" section of the nearest CLAUDE.md',
			)
			.action(async () => {
				const { up } = await import("src/cli/up.js");
				await up();
			});
	}

	// claude rollback (ant-only)
	// Rolls back to previous releases
	if (process.env.USER_TYPE === "ant") {
		program
			.command("rollback [target]")
			.description(
				"[ANT-ONLY] Roll back to a previous release\n\nExamples:\n  claude rollback                                    Go 1 version back from current\n  claude rollback 3                                  Go 3 versions back from current\n  claude rollback 2.0.73-dev.20251217.t190658        Roll back to a specific version",
			)
			.option("-l, --list", "List recent published versions with ages")
			.option(
				"--dry-run",
				"Show what would be installed without installing",
			)
			.option(
				"--safe",
				"Roll back to the server-pinned safe version (set by oncall during incidents)",
			)
			.action(
				async (
					target?: string,
					options?: {
						list?: boolean;
						dryRun?: boolean;
						safe?: boolean;
					},
				) => {
					const { rollback } = await import("src/cli/rollback.js");
					await rollback(target, options);
				},
			);
	}

	// claude install
	program
		.command("install [target]")
		.description(
			"Install Claude Code native build. Use [target] to specify version (stable, latest, or specific version)",
		)
		.option("--force", "Force installation even if already installed")
		.action(
			async (
				target: string | undefined,
				options: { force?: boolean },
			) => {
				const { installHandler } =
					await import("./cli/handlers/util.js");
				await installHandler(target, options);
			},
		);

	// claude update — update ccb to the latest version via npm or bun
	program
		.command("update")
		.description("Update claude-code-best (ccb) to the latest version")
		.action(async () => {
			const { updateCCB } = await import("./cli/updateCCB.js");
			await updateCCB();
		});

	// ant-only commands
	if (process.env.USER_TYPE === "ant") {
		const validateLogId = (value: string) => {
			const maybeSessionId = validateUuid(value);
			if (maybeSessionId) return maybeSessionId;
			return Number(value);
		};
		// claude log
		program
			.command("log")
			.description("[ANT-ONLY] Manage conversation logs.")
			.argument(
				"[number|sessionId]",
				"A number (0, 1, 2, etc.) to display a specific log, or the sesssion ID (uuid) of a log",
				validateLogId,
			)
			.action(async (logId: string | number | undefined) => {
				const { logHandler } = await import("./cli/handlers/ant.js");
				await logHandler(logId);
			});

		// claude error
		program
			.command("error")
			.description(
				"[ANT-ONLY] View error logs. Optionally provide a number (0, -1, -2, etc.) to display a specific log.",
			)
			.argument(
				"[number]",
				"A number (0, 1, 2, etc.) to display a specific log",
				parseInt,
			)
			.action(async (number: number | undefined) => {
				const { errorHandler } = await import("./cli/handlers/ant.js");
				await errorHandler(number);
			});

		// claude export
		program
			.command("export")
			.description("[ANT-ONLY] Export a conversation to a text file.")
			.usage("<source> <outputFile>")
			.argument(
				"<source>",
				"Session ID, log index (0, 1, 2...), or path to a .json/.jsonl log file",
			)
			.argument("<outputFile>", "Output file path for the exported text")
			.addHelpText(
				"after",
				`
Examples:
  $ claude export 0 conversation.txt                Export conversation at log index 0
  $ claude export <uuid> conversation.txt           Export conversation by session ID
  $ claude export input.json output.txt             Render JSON log file to text
  $ claude export <uuid>.jsonl output.txt           Render JSONL session file to text`,
			)
			.action(async (source: string, outputFile: string) => {
				const { exportHandler } = await import("./cli/handlers/ant.js");
				await exportHandler(source, outputFile);
			});

		if (process.env.USER_TYPE === "ant") {
			const taskCmd = program
				.command("task")
				.description("[ANT-ONLY] Manage task list tasks");

			taskCmd
				.command("create <subject>")
				.description("Create a new task")
				.option("-d, --description <text>", "Task description")
				.option(
					"-l, --list <id>",
					'Task list ID (defaults to "tasklist")',
				)
				.action(
					async (
						subject: string,
						opts: { description?: string; list?: string },
					) => {
						const { taskCreateHandler } =
							await import("./cli/handlers/ant.js");
						await taskCreateHandler(subject, opts);
					},
				);

			taskCmd
				.command("list")
				.description("List all tasks")
				.option(
					"-l, --list <id>",
					'Task list ID (defaults to "tasklist")',
				)
				.option("--pending", "Show only pending tasks")
				.option("--json", "Output as JSON")
				.action(
					async (opts: {
						list?: string;
						pending?: boolean;
						json?: boolean;
					}) => {
						const { taskListHandler } =
							await import("./cli/handlers/ant.js");
						await taskListHandler(opts);
					},
				);

			taskCmd
				.command("get <id>")
				.description("Get details of a task")
				.option(
					"-l, --list <id>",
					'Task list ID (defaults to "tasklist")',
				)
				.action(async (id: string, opts: { list?: string }) => {
					const { taskGetHandler } =
						await import("./cli/handlers/ant.js");
					await taskGetHandler(id, opts);
				});

			taskCmd
				.command("update <id>")
				.description("Update a task")
				.option(
					"-l, --list <id>",
					'Task list ID (defaults to "tasklist")',
				)
				.option(
					"-s, --status <status>",
					`Set status (${TASK_STATUSES.join(", ")})`,
				)
				.option("--subject <text>", "Update subject")
				.option("-d, --description <text>", "Update description")
				.option("--owner <agentId>", "Set owner")
				.option("--clear-owner", "Clear owner")
				.action(
					async (
						id: string,
						opts: {
							list?: string;
							status?: string;
							subject?: string;
							description?: string;
							owner?: string;
							clearOwner?: boolean;
						},
					) => {
						const { taskUpdateHandler } =
							await import("./cli/handlers/ant.js");
						await taskUpdateHandler(id, opts);
					},
				);

			taskCmd
				.command("dir")
				.description("Show the tasks directory path")
				.option(
					"-l, --list <id>",
					'Task list ID (defaults to "tasklist")',
				)
				.action(async (opts: { list?: string }) => {
					const { taskDirHandler } =
						await import("./cli/handlers/ant.js");
					await taskDirHandler(opts);
				});
		}

		// claude completion <shell>
		program
			.command("completion <shell>", { hidden: true })
			.description(
				"Generate shell completion script (bash, zsh, or fish)",
			)
			.option(
				"--output <file>",
				"Write completion script directly to a file instead of stdout",
			)
			.action(async (shell: string, opts: { output?: string }) => {
				const { completionHandler } =
					await import("./cli/handlers/ant.js");
				await completionHandler(shell, opts, program);
			});
	}

	profileCheckpoint("run_before_parse");
	await program.parseAsync(process.argv);
	profileCheckpoint("run_after_parse");

	// Record final checkpoint for total_time calculation
	profileCheckpoint("main_after_run");

	// Log startup perf to Statsig (sampled) and output detailed report if enabled
	profileReport();

	return program;
}

async function logTenguInit({
	hasInitialPrompt,
	hasStdin,
	verbose,
	debug,
	debugToStderr,
	print,
	outputFormat,
	inputFormat,
	numAllowedTools,
	numDisallowedTools,
	mcpClientCount,
	worktreeEnabled,
	skipWebFetchPreflight,
	githubActionInputs,
	dangerouslySkipPermissionsPassed,
	permissionMode,
	modeIsBypass,
	allowDangerouslySkipPermissionsPassed,
	systemPromptFlag,
	appendSystemPromptFlag,
	thinkingConfig,
	assistantActivationPath,
}: {
	hasInitialPrompt: boolean;
	hasStdin: boolean;
	verbose: boolean;
	debug: boolean;
	debugToStderr: boolean;
	print: boolean;
	outputFormat: string;
	inputFormat: string;
	numAllowedTools: number;
	numDisallowedTools: number;
	mcpClientCount: number;
	worktreeEnabled: boolean;
	skipWebFetchPreflight: boolean | undefined;
	githubActionInputs: string | undefined;
	dangerouslySkipPermissionsPassed: boolean;
	permissionMode: string;
	modeIsBypass: boolean;
	allowDangerouslySkipPermissionsPassed: boolean;
	systemPromptFlag: "file" | "flag" | undefined;
	appendSystemPromptFlag: "file" | "flag" | undefined;
	thinkingConfig: ThinkingConfig;
	assistantActivationPath: string | undefined;
}): Promise<void> {
	try {
		logEvent("tengu_init", {
			entrypoint:
				"claude" as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			hasInitialPrompt,
			hasStdin,
			verbose,
			debug,
			debugToStderr,
			print,
			outputFormat:
				outputFormat as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			inputFormat:
				inputFormat as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			numAllowedTools,
			numDisallowedTools,
			mcpClientCount,
			worktree: worktreeEnabled,
			skipWebFetchPreflight,
			...(githubActionInputs && {
				githubActionInputs:
					githubActionInputs as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			}),
			dangerouslySkipPermissionsPassed,
			permissionMode:
				permissionMode as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			modeIsBypass,
			inProtectedNamespace: isInProtectedNamespace(),
			allowDangerouslySkipPermissionsPassed,
			thinkingType:
				thinkingConfig.type as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			...(thinkingConfig.type === "enabled" && {
				thinkingBudgetTokens: thinkingConfig.budgetTokens,
			}),
			...(systemPromptFlag && {
				systemPromptFlag:
					systemPromptFlag as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			}),
			...(appendSystemPromptFlag && {
				appendSystemPromptFlag:
					appendSystemPromptFlag as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			}),
			is_simple: isBareMode() || undefined,
			is_coordinator:
				feature("COORDINATOR_MODE") &&
				coordinatorModeModule?.isCoordinatorMode()
					? true
					: undefined,
			...(assistantActivationPath && {
				assistantActivationPath:
					assistantActivationPath as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			}),
			autoUpdatesChannel: (getInitialSettings().autoUpdatesChannel ??
				"latest") as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
			...(process.env.USER_TYPE === "ant"
				? (() => {
						const cwd = getCwd();
						const gitRoot = findGitRoot(cwd);
						const rp = gitRoot
							? relative(gitRoot, cwd) || "."
							: undefined;
						return rp
							? {
									relativeProjectPath:
										rp as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
								}
							: {};
					})()
				: {}),
		});
	} catch (error) {
		logError(error);
	}
}

function maybeActivateProactive(options: unknown): void {
	if (
		(feature("PROACTIVE") || feature("KAIROS")) &&
		((options as { proactive?: boolean }).proactive ||
			isEnvTruthy(process.env.CLAUDE_CODE_PROACTIVE))
	) {
		// eslint-disable-next-line @typescript-eslint/no-require-imports
		const proactiveModule = require("./proactive/index.js");
		if (!proactiveModule.isProactiveActive()) {
			proactiveModule.activateProactive("command");
		}
	}
}

function maybeActivateBrief(options: unknown): void {
	if (!(feature("KAIROS") || feature("KAIROS_BRIEF"))) return;
	const briefFlag = (options as { brief?: boolean }).brief;
	const briefEnv = isEnvTruthy(process.env.CLAUDE_CODE_BRIEF);
	if (!briefFlag && !briefEnv) return;
	// --brief / CLAUDE_CODE_BRIEF are explicit opt-ins: check entitlement,
	// then set userMsgOptIn to activate the tool + prompt section. The env
	// var also grants entitlement (isBriefEntitled() reads it), so setting
	// CLAUDE_CODE_BRIEF=1 alone force-enables for dev/testing — no GB gate
	// needed. initialIsBriefOnly reads getUserMsgOptIn() directly.
	// Conditional require: static import would leak the tool name string
	// into external builds via BriefTool.ts → prompt.ts.
	/* eslint-disable @typescript-eslint/no-require-imports */
	const { isBriefEntitled } =
		require("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js") as typeof import("@claude-code-best/builtin-tools/tools/BriefTool/BriefTool.js");
	/* eslint-enable @typescript-eslint/no-require-imports */
	const entitled = isBriefEntitled();
	if (entitled) {
		setUserMsgOptIn(true);
	}
	// Fire unconditionally once intent is seen: enabled=false captures the
	// "user tried but was gated" failure mode in Datadog.
	logEvent("tengu_brief_mode_enabled", {
		enabled: entitled,
		gated: !entitled,
		source: (briefEnv
			? "env"
			: "flag") as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
	});
}

function resetCursor() {
	const terminal = process.stderr.isTTY
		? process.stderr
		: process.stdout.isTTY
			? process.stdout
			: undefined;
	terminal?.write(SHOW_CURSOR);
}

type TeammateOptions = {
	agentId?: string;
	agentName?: string;
	teamName?: string;
	agentColor?: string;
	planModeRequired?: boolean;
	parentSessionId?: string;
	teammateMode?: "auto" | "tmux" | "in-process";
	agentType?: string;
};

function extractTeammateOptions(options: unknown): TeammateOptions {
	if (typeof options !== "object" || options === null) {
		return {};
	}
	const opts = options as Record<string, unknown>;
	const teammateMode = opts.teammateMode;
	return {
		agentId: typeof opts.agentId === "string" ? opts.agentId : undefined,
		agentName:
			typeof opts.agentName === "string" ? opts.agentName : undefined,
		teamName: typeof opts.teamName === "string" ? opts.teamName : undefined,
		agentColor:
			typeof opts.agentColor === "string" ? opts.agentColor : undefined,
		planModeRequired:
			typeof opts.planModeRequired === "boolean"
				? opts.planModeRequired
				: undefined,
		parentSessionId:
			typeof opts.parentSessionId === "string"
				? opts.parentSessionId
				: undefined,
		teammateMode:
			teammateMode === "auto" ||
			teammateMode === "tmux" ||
			teammateMode === "in-process"
				? teammateMode
				: undefined,
		agentType:
			typeof opts.agentType === "string" ? opts.agentType : undefined,
	};
}