rcarmo/piclaw

🐛 Fixes

• Azure OpenAI base URLs are now normalised before use, so deployment endpoints are less likely to fail because one slash, path fragment, or over-helpful configuration field decided to become infrastructure.
• Provider definitions and Azure OpenAI routing now agree on the expected endpoint shape, because “same setting, different interpretation” is not a feature, it is a debugging subscription.
• Azure OpenAI extension documentation was updated around endpoint configuration, making the setup path less dependent on folklore and copy-pasted portal archaeology.

📦 Under the hood

• Added routing coverage for Azure OpenAI URL normalisation, because cloud endpoint handling without tests is just optimism wearing a lanyard.
• Touched the provider definition and Azure integration path only; this is intentionally narrow, which is rare enough to mention in public.

📦 Known issues

• Azure OpenAI still has Azure-shaped configuration complexity; this release normalises URLs, it does not make the portal develop taste.
• Existing bad configuration may still need to be corrected once, but at least the runtime is now less eager to preserve the mistake verbatim.

📦 Upgrade

• Upgrade normally; no database migration is required.
• If Azure OpenAI endpoint setup stops feeling like a compass test in low visibility, that is intentional.

🐛 Fixes

• Model auth documentation and request configuration are aligned with the Earendil `0.80.x` runtime APIs, so provider setup has fewer contradictory breadcrumbs and less “ask the source code, it knows” energy.
• Request configuration paths for side prompts, context pruning, smart compaction, and streamed completions now follow the updated runtime contracts instead of leaning on stale assumptions from the previous API shape.
• E2E setup documentation and model-configuration helpers were updated around the current provider/auth setup, because test environments deserve instructions that are not historical fiction.

📦 Under the hood

• Earendil packages were bumped to `0.80.2`, keeping Piclaw on the current public runtime surface after the `v2.7.0` migration.
• Stale private-import guidance was removed, because telling future maintainers not to use a private path that no longer exists is less documentation and more séance.
• Model-auth and side-prompt runner tests were updated to cover the current auth/request wiring.
• Pack hygiene, import boundaries, and public add-on compatibility were validated against the updated API surface.

📦 Known issues

• Provider auth remains provider auth: the best documentation in the world cannot make OAuth emotionally nourishing.
• Third-party integrations should still retest against the public runtime APIs rather than poking at upstream internals with a stick labelled “compatibility”.

📦 Upgrade

• Upgrade normally; no database migration is required.
• If model auth setup now feels less like decoding a spy dossier in a dark room, that is intentional.

✨ Platform news

• Piclaw now targets the Earendil `0.80.1` runtime APIs, aligning model/session/agent integration with the upstream package boundary rather than spelunking through internals and hoping the cave keeps its shape.
• Public add-on compatibility was validated against the new runtime surface, so the migration is not just “it compiles here”; it also avoids detonating the obvious extension ecosystem on contact.

🐛 Fixes

• Removed obsolete Pi AI deep-import typings and updated import-boundary checks so accidental private API usage has fewer places to hide.
• Azure OpenAI, context mode, context pruning, smart compaction, side prompts, session rotation, agent info, and session management paths now use the migrated runtime contracts.
• Test coverage was refreshed around model/runtime integration, reasoning metadata, context pruning, Azure OpenAI API handling, import-boundary enforcement, and live tool activation.

📦 Under the hood

• Earendil packages were bumped to `0.80.1`, carrying the Models-runtime/API migration through `package.json` and `bun.lock`.
• Agent pool contracts, session manager, session creation, and side-prompt runner code were updated for the new upstream shapes.
• Deterministic audit scripts and skeleton agent guidance were updated to match the new API expectations.
• The old deep-import compatibility file was deleted, because keeping a fossil in the type tree does not make it architecture.

📦 Known issues

• This is a runtime/API migration release; it should be boring at runtime, which is the only acceptable kind of exciting for this layer.
• Third-party extensions that depended on private Earendil internals may need updates; depending on internals remains a hobby best practised with a helmet.

📦 Upgrade

• Upgrade normally; no database migration is required.
• Extension authors should retest against the public runtime APIs and stop borrowing furniture from upstream’s private rooms.

✨ Features

• Z.ai quota display support now surfaces quota usage and reset timing, because rate limits are much easier to respect when they are not delivered as surprise masonry.
• Agent events now carry the quota details needed by the web UI, so quota state can travel with the rest of the runtime telemetry rather than lurking in provider-specific folklore.
• The agent runtime now uses Earendil `0.79.10` compaction hooks, keeping context-pressure handling aligned with upstream instead of maintaining a small museum of local assumptions.

🐛 Fixes

• The web compose box no longer echoes the model list back into the prompt, because autocomplete should suggest options, not dump the entire menu into the conversation like an overexcited clipboard.
• Z.ai quota auth fallbacks were filled in, so quota handling is less likely to collapse just because the auth path took the side entrance.
• Compaction trigger context plumbing was tightened across auto-compaction, session rotation, smart compaction, and context-pressure retry paths, because “why did it compact?” should be a diagnostic question, not an archaeological dig.

📦 Under the hood

• Classic web assets were rebuilt for the compose/model-list fix.
• Added compaction-trigger context helpers and tests around auto-compaction control, session rotation, provider usage, OpenAI completions reasoning details, and nested-repo detection.
• Updated agent-control provider definitions and lifecycle coverage around the new provider/runtime behaviour.
• Added SSE agent-event coverage for quota and usage details so the browser receives the same facts the backend thinks it sent.
• Earendil packages were bumped to `0.79.10`, because the upstream train continues to move and standing on the tracks is poor release management.

📦 Known issues

• Quota displays are only as accurate as provider metadata; if the provider lies, the UI will now repeat the lie more neatly.
• Reset countdowns reduce mystery, not impatience.
• Compaction hooks are better aligned with upstream, but context pressure remains context pressure: arithmetic with a user interface.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If Z.ai quota state is finally visible instead of arriving as a slap from the API, that is intentional.

✨ Features

• Agent replies now carry persisted timing metadata and expose it on the message timestamp tooltip, so hovering the timestamp shows when the reply was sent, when the run started, and how long the agent took to produce the terminal reply.
• The same timestamp tooltip now includes per-reply token statistics when the provider supplies usage metadata, including total, input, output, and cache token counts, because guessing whether a reply was expensive is an excellent way to lose an afternoon.

🐛 Fixes

• Relaxed the system meters compact breakpoint from 900px to 600px, because the chart view was being hidden on tablets despite there being perfectly adequate room for it. CSS, naturally, had opinions.

📦 Under the hood

• Added structured `agent_timing` content blocks for finalized terminal agent replies, avoiding a database schema migration while keeping timing and usage data available in timeline payloads.
• Threaded assistant-message usage from `message_end` through `AgentTurnCoordinator`, `runAgentPrompt`, web terminal reply persistence, and timestamp tooltip rendering.
• Added regression coverage for timing formatting, token-stat formatting, turn usage propagation, and the 600px meters compact breakpoint.
• Post timing fixture tests now resolve source paths from the checkout instead of assuming `/workspace/piclaw`, because CI runners cruelly insist on using their own directories.
• Project-trust session fixtures now use an isolated cwd, because upstream session validation quite reasonably dislikes directories that only exist in the test author’s imagination.
• Rebuilt the web bundle so the timestamp tooltip, token stats, and breakpoint changes ship in static assets.

📦 Known issues

• Older messages do not have persisted `agent_timing` blocks, so their timestamp tooltip only shows the sent time.
• Native browser `title` tooltips are still a desktop-first affordance; tablets may need a later tap/long-press timing popover if we want this to be fully touch-native.

📦 Upgrade

• Pull/install as usual. No database migration required.

🐛 Fixes

• Removed the stale Earendil compatibility shim, because keeping dead adapter layers around “just in case” is how codebases develop haunted crawlspaces.
• Scoped model handling now relies on the current upstream types and behaviour instead of propping up yesterday’s API furniture with local cardboard.
• The timeline menu height cap was relaxed so the menu can show more of itself before deciding that scrolling is the only language it knows.

📦 Under the hood

• Earendil packages were bumped to `0.79.9`, keeping the shared runtime stack current and making the compatibility shim removal official rather than aspirational.
• Scoped-model regression tests were added around the updated Earendil integration, because deleting compatibility code without tests is just tidying with a blindfold.
• Timeline menu dropdown coverage was added for the relaxed height behaviour, ensuring the menu does not quietly return to its previous shoebox lifestyle.
• Classic and visual web CSS/bundles were rebuilt for the layout update.

📦 Known issues

• Menus can now breathe a little more, but they are still menus, not architectural atria.
• Removing stale compatibility code is healthy; it may still make anyone who remembers why it existed twitch slightly.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If the timeline menu feels less vertically claustrophobic and nothing complains about the missing shim, that is the entire point.

🐛 Fixes

• Interrupted auto-compactions now back off, so recovery does not keep poking the same bruised context window and acting surprised when it winces.
• Auto compaction now stays on the smart-compaction path, preserving the newer guardrails instead of silently wandering into the older machinery like a tourist following bad signage.

📦 Under the hood

• Web recovery and smart-compaction tests were expanded around interrupted compaction, retry/backoff, and smart-path routing.
• The recovery path now distinguishes “try again later” from “try again immediately and make it everyone’s problem”, which is a valuable distinction in both software and plumbing.

📦 Known issues

• Context compaction is still a pressure valve, not magic; this patch makes it less overeager, not omniscient.
• Interrupted work can still be interrupted; the improvement is that the system now takes the hint before launching another interpretive retry.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If auto-compaction seems calmer after interruptions, that is intentional and arguably overdue.

✨ Features

• Image annotation gestures in the web UI are smoother and less likely to feel like negotiating with a tiny hostile map of your own screenshot.
• Tool-call cap usage is now reported, because hitting a limit silently is not “minimal UI”, it is just a progress bar wearing camouflage.
• Compaction context usage is surfaced more clearly, so operators can see why context got squeezed instead of assuming the model developed a sudden interest in interpretive pruning.

🐛 Fixes

• Aborted turn failures are surfaced more explicitly, because a failed turn should not vanish into the logs like it joined witness protection.
• Malformed LLM context inputs now have fuzz coverage, which is the polite engineering phrase for “we threw weird shapes at it until it stopped flinching”.
• Pre-prompt compaction resume tests now capture and run the queued resume task directly, making the test deterministic instead of asking the scheduler, the queue, and the moon phase to agree within half a second.

📦 Under the hood

• Earendil packages were bumped to `0.79.8`, keeping the shared runtime stack current and ensuring any upstream surprises at least arrive with fresh stationery.
• Context pressure, compaction usage, tool-cap reporting, aborted-turn failure paths, malformed-context fuzzing, and image annotation tests were expanded around the new behaviours.
• Image annotator fixture tests now resolve paths from the checkout instead of assuming `/workspace/piclaw`, because CI runners also enjoy not being gaslit by absolute paths.
• Classic web bundles were rebuilt for the patch, because apparently every UI change must leave behind a sedimentary layer of JavaScript.

📦 Known issues

• Context pressure remains arithmetic with consequences; this release makes more of it visible, it does not repeal token limits.
• Fuzzing malformed context inputs proves we handled the weird things we tried, not that the universe has run out of weird things.
• Image annotation gestures are better, but humans can still draw arrows with the emotional precision of a raccoon holding a stylus.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If pressure, caps, and aborted turns are easier to diagnose, that is intentional; if they are still annoying, that is distributed systems keeping its brand consistent.

✨ Features

• The chat relay is now active by default, so cross-session messages do not require every operator to remember which invisible switch was responsible for letting one branch talk to another.
• Cross-session session control is now available through tools, giving operators a proper way to inspect and steer sessions across branches instead of relying on ritual, luck, and remembering which tab was shouting.
• Session-control, status, activation, capability, and chat-tool runtime coverage were expanded around the new tool paths, because distributed agent control without tests is just improv theatre with permissions.

🐛 Fixes

• Chat relay identity resolution is hardened so target sessions and agent names resolve more predictably, with fewer opportunities for the wrong branch to receive a surprise memo.
• Peer-message rendering was tightened around cross-session relay behaviour, because once messages can cross rooms, the UI should not look like it discovered that fact from a rumour.

📦 Under the hood

• Earendil packages were bumped to `0.79.7`, keeping the shared runtime stack current and ensuring the plumbing gets its own tiny paperwork parade.
• A dedicated chat-tool runtime layer was added to keep relay behaviour deterministic and easier to test.
• Session-control tooling now plugs into startup and extension registration alongside session-status, tool-activation, and capability surfaces.
• Hook determinism and feature-regression coverage were updated so the built-in tool catalogue remains boring in the best possible sense.
• Classic web bundles were rebuilt for the relay/session-control changes.

📦 Known issues

• Cross-session control is still power tooling; it can reduce tab-hopping, but it cannot make distributed work emotionally tidy.
• Naming sessions clearly remains advisable, because no amount of relay hardening can redeem a fleet of tabs all called “default”.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If cross-session messaging feels less like passing notes through a ventilation duct, that is intentional.

✨ Features

• The web terminal now translates Kitty terminal graphics, so image output has a fighting chance of appearing where humans can see it instead of being treated as decorative escape-code confetti.
• `imgcat` now supports protocol selection, because one image-printing command was not enough; naturally we needed a tiny diplomatic corps for terminal graphics protocols.

📦 Under the hood

• Terminal session, terminal pane, and core terminal vendor coverage were expanded around Kitty graphics handling and image-output behaviour.
• `imgcat` now has dedicated tests, which is sensible given that “just print the image in the terminal” has somehow become an interoperability seminar.
• Earendil packages were bumped to `0.79.6`, keeping the shared runtime current and ensuring any upstream surprises arrive wearing a newer hat.
• Classic web bundles were rebuilt for the terminal graphics patch.

📦 Known issues

• Terminal image protocols remain terminal image protocols, which is to say half specification, half folklore, and half “works on my terminal”; yes, that is three halves.
• This improves Kitty graphics handling in the web terminal; it does not make every terminal application’s image output aesthetically defensible.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If terminal image output now behaves less like occult punctuation, that is intentional.

📦 Under the hood

• Earendil packages were bumped to `0.79.5`, keeping the shared Pi/PiClaw runtime stack current and reducing the odds that tomorrow’s bug report starts with “works upstream”.
• Bundled session fixtures now provide an explicit cwd for the stricter upstream session runtime, because tests also deserve somewhere to stand while they complain.
• `package.json` and `bun.lock` were updated together, because dependency management without a lockfile is just astrology with semver.

📦 Known issues

• This is deliberately not a feature release; if you expected fireworks from two dependency files, please consult a less honest changelog.
• Dependency bumps can still carry behavioural changes from upstream, because software supply chains remain a trust exercise with prettier YAML.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If nothing visibly changes, that is both expected and, frankly, the best possible outcome for this sort of release.

✨ Features

• Session activity status pills now surface active state in the web UI, because guessing whether a session is merely quiet or actively chewing through work is a game for casino floors, not operator consoles.

🐛 Fixes

• Direct prompts now recover context-pressure handling correctly, so large prompts are less likely to discover the model’s context window by sprinting directly into the glass.
• Context-prune summaries now stay non-steering, because summarising what happened and grabbing the wheel are different jobs, despite what every overenthusiastic assistant subsystem keeps trying to prove.
• Attachment reference image previews are preserved in web posts, so images stop vanishing from the UI like they witnessed something in the database.
• Post highlight and attachment coverage was tightened, because if a UI can display a thing in three different ways, it will eventually forget one and call that a feature.

📦 Under the hood

• Context-pressure retry handling was split into a focused runtime helper, which is a polite way of saying the old path had enough conditional furniture to qualify as a furnished rental.
• Agent control, queue handling, runtime facade, slash command, context-prune, tracked-bash, post-rendering, and session activity tests were expanded around the pressure/prune/attachment/status fixes.
• Message deletion and queue-reconnect E2E checks now wait for the thing they actually created instead of consulting a stopwatch and a prayer candle.
• Earendil packages were bumped to `0.79.4`, keeping the shared runtime stack current and ensuring tomorrow’s surprises at least arrive in newer packaging.
• Classic web bundles were rebuilt for the patch, because the frontend continues to believe every release deserves a fresh archaeological layer.

📦 Known issues

• Context pressure is still context pressure; this release improves recovery, it does not repeal arithmetic.
• Pruned summaries are now less steering-shaped, but any summary can still be bad if the source material was a bonfire with timestamps.
• Provider context-window semantics remain provider semantics, which is to say a glossy brochure wrapped around a footgun.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If direct large prompts recover more gracefully, image previews stop doing their little escape act, and session state is less of a séance, that is intentional.

✨ Features

• VNC clipboard sending now has bounded controls, because remote clipboard plumbing should not become an unmetered paste cannon just because someone found the button.
• Womprat viewer safety fixes were ported into the VNC path, tightening remote display handling around the sort of edge cases protocols develop after years of being “simple”.

🐛 Fixes

• Linux `.run` bundles now launch the bundled Pi CLI with Bun, fixing portable installs that failed when the target host lacked a system `node` binary. Portable means portable, apparently; bold concept.
• Dream reseeding now handles stale daily notes more reliably, improves cue coverage across session trees, applies model overrides to manual runs, and uses the runtime timezone for day boundaries instead of assuming time is a flat circle with UTC stickers on it.
• Provider disconnect errors in the web UI are sanitised before display, because authentication and provider internals do not need to do interpretive dance in front of users.
• Archived-session pruning from the session popup now waits for confirmed prune handling before the UI dismisses itself, because disappearing the dialog before the operation finishes is not “responsive”, it is just evasive.
• Archived session delete controls stay visible where they are actually needed, and the picker refreshes after deletion so removed sessions stop haunting the list like bureaucratic ghosts.
• Archived sessions can now be purged directly from the picker, tightening the cleanup path and reducing the number of tiny rituals required to remove old branches.
• The short-lived archived-session download path was removed from the picker flow, because turning every cleanup menu into a Swiss Army knife is how UI becomes cutlery with a login screen.
• GitHub Copilot Opus compaction no longer gets reasoning enabled by accident, and compaction reasoning is now gated on explicit thinking levels rather than vibes, weather, or whichever provider setting happened to wander past.
• + 1 more

📦 Under the hood

• Earendil packages were bumped to `0.79.3`, carrying the inherited Codex/GPT-5 context-window metadata safety fix so model limits are less likely to be discovered by impact testing.
• The portable Linux run-bundle launcher now executes `pi` through the bundled Bun runtime, matching the bundled `piclaw` launcher path instead of assuming `/usr/bin/env node` exists on the target host.
• Dream tests and optional scheduler fixtures were aligned with partial notes and the new stale-note handling.
• The message-deletion E2E shard now targets the exact message it creates, so old timeline leftovers stop masquerading as a product regression.
• Session picker, compose-box, branch lifecycle, archived-branch database, and branch-control tests were updated around the prune/delete flow.
• Smart-compaction safety tests now cover explicit reasoning-level gating so compaction does not quietly become a premium-token bonfire.
• VNC pane, input, and remote-display regression coverage were expanded around the viewer safety and clipboard changes.
• Classic and visual web assets were rebuilt for the session cleanup, VNC, Dream, provider, installer, and editor preview changes.

📦 Known issues

• Archived-session cleanup is still necessarily destructive; the UI now waits and refreshes more honestly, but it cannot make deleting history philosophically cheerful.
• Provider reasoning semantics remain provider semantics, which is to say a contract written on fog but now at least checked before use.
• VNC remains VNC: a protocol apparently designed to remind everyone that rectangles and clipboards can both be threat models.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If you downloaded a previous v2.6.6 Linux `.run` installer, discard it and download the regenerated artifact from this release.
• If archived sessions now leave the picker when deleted instead of lingering like a bad decision with a timestamp, that is intentional.

✨ Features

• Remote display decoding is now stricter around VNC encodings, with WASM-side preflight checks for RRE, CoRRE, Hextile, and ZRLE payloads so malformed rectangles do not partially mutate the framebuffer before anyone notices the monster has already entered the room.
• Archived session cleanup now has a more direct confirmation flow from the session popup, so removing old archived branches requires fewer UI gymnastics and less faith in hidden branch bookkeeping.

🐛 Fixes

• Continuous ZRLE semantics are preserved while malformed compressed rectangles are consumed and skipped instead of being buffered forever like a small denial-of-service souvenir.
• ZRLE subencoding `129`, plain/palette RLE overflows, and trailing inflated ZRLE bytes are rejected rather than politely escorted into undefined behaviour.
• Direct WASM encoded APIs now require exact payload consumption, because “mostly decoded” is not a confidence interval anyone wants near a framebuffer.
• JS fallback handling for malformed RRE, CoRRE, and Hextile subrectangles now consumes/skips bad payloads without emitting RGBA, which is the UI equivalent of not serving soup from a cracked can.
• Archived-session purge now fires and awaits the purge path before dismissing the popup, removes purged sessions from local lists, and copes with archived root sessions more reliably.
• Earendil `0.79.1` and `pi-mcp-adapter` `2.9.0` regressions are covered with stricter MCP timeout parsing, form/bootstrap guardrails, Azure OpenAI shutdown cleanup, Copilot dynamic model template coverage, and session project-trust context tests.

📦 Under the hood

• The remote display decoder WASM was rebuilt; the current `remote-display-decoder.wasm` SHA-256 is `4f96821ac70ff10409aab7be93021788ef1bd1924db61b0f9530b895a723b752`.
• VNC regression coverage was expanded around malformed ZRLE, RRE, CoRRE, Hextile, exact-payload consumption, overflow rejection, and framebuffer mutation safety.
• MCP timeout handling now rejects nonsense more deliberately and avoids dangling abort-cleanup rejection paths, because background cleanup should not be a confetti cannon for unhandled promises.
• Web bundles and VNC pane assets were rebuilt for the decoder, session cleanup, and runtime upgrade changes.

📦 Known issues

• Add-on browser E2E remains environment-blocked when `PICLAW_INTERNAL_SECRET` is unavailable.
• VNC remains VNC: a protocol apparently designed to remind everyone that rectangles can be a threat model.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If you use remote display/VNC, this patch is worth taking before discovering how creative broken encoders can be.

✨ Features

• The editor footer can now reference the currently open file, so the UI has a clearer answer to “what am I actually looking at?” without requiring detective work, séance equipment, or reading the DOM.
• GitHub Copilot dynamic models are now registered at boot, which means the model catalog should wake up closer to reality instead of waiting for someone to poke it with a stick.
• Copilot boot-time model registration now receives the real upstream GitHub Copilot OAuth provider, because dynamic model discovery with a fake half-provider is less “dynamic” and more “throwing `provider.getApiKey is not a function` into the furniture.”

🐛 Fixes

• GitHub Copilot dynamic model registration now uses `getOAuthProvider("github-copilot")` instead of an incomplete compatibility-shaped object, fixing the broken packaged `.run` artifacts from the first v2.6.4 publication.
• Cache-hit context telemetry is preserved correctly in the web UI, so useful provider/cache state no longer evaporates just when it might have explained what happened.
• Archived sessions can now be purged even when they are not present in the local branch list, because archived things should not gain immortality through administrative bookkeeping.
• Smart compaction now avoids redundant count reporting, because progress indicators should count progress rather than practicing numerology.
• The release keeps the prompt/cache telemetry work from `v2.6.3` pointed at actual user-visible context rather than letting it become another decorative dashboard number.

📦 Under the hood

• Model registration, web status payload handling, and editor footer plumbing were tightened around the new boot/catalog/context flows.
• Session cleanup logic was hardened for archived branches that exist in persisted state but no longer appear in the current local branch list.
• The broad Copilot OAuth compatibility shim was removed in favour of registering the real upstream OAuth provider, which is less exciting but substantially more compatible with reality.
• Web bundles were rebuilt as part of the release because frontend assets, like bureaucracy, insist on stamping every form twice.

📦 Known issues

• Dynamic model catalogs still depend on provider-side truthfulness, which remains an optimistic architectural assumption in the same way “the meeting will be short” is an optimistic calendar assumption.
• Cache telemetry explains what happened; it does not make provider accounting less arcane, merely better lit.

📦 Upgrade

• Upgrade normally; no migration step is required.
• If you downloaded v2.6.4 before this re-release, discard those `.run` files and download the new assets from this release.
• If the editor footer, model picker, cache telemetry, and archived-session cleanup feel less vague, that is intentional.