ticket: add e2e and orchestrator scope followups

.yoi/tickets/00001KV10SN02/artifacts/relations.json

@@ -0,0 +1,45 @@
+{
+  "version": 1,
+  "relations": [
+    {
+      "ticket_id": "00001KV10SN02",
+      "kind": "related",
+      "target": "00001KSKBP9YG",
+      "note": "E2E coverage follow-up",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:35:43Z"
+    },
+    {
+      "ticket_id": "00001KV10SN02",
+      "kind": "related",
+      "target": "00001KV04NJ8D",
+      "note": "E2E coverage follow-up",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:35:43Z"
+    },
+    {
+      "ticket_id": "00001KV10SN02",
+      "kind": "related",
+      "target": "00001KV0723PC",
+      "note": "E2E coverage follow-up",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:35:43Z"
+    },
+    {
+      "ticket_id": "00001KV10SN02",
+      "kind": "related",
+      "target": "00001KV072V89",
+      "note": "E2E coverage follow-up",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:35:43Z"
+    },
+    {
+      "ticket_id": "00001KV10SN02",
+      "kind": "related",
+      "target": "00001KV0TJVN5",
+      "note": "E2E coverage follow-up",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:35:43Z"
+    }
+  ]
+}

.yoi/tickets/00001KV10SN02/item.md

@@ -0,0 +1,84 @@
+---
+title: 'E2E: close remaining critical-path gaps after panel harness'
+state: 'ready'
+created_at: '2026-06-13T17:34:41Z'
+updated_at: '2026-06-13T17:39:19Z'
+assignee: null
+readiness: 'implementation_ready'
+risk_flags: ['e2e', 'tui', 'pty', 'quit-latency', 'mouse-input', 'rewind']
+---
+
+## Background
+
+Before starting the `pod::feature` / MCP work, finish a small but useful real-process E2E safety net. This is **not** a request to build a broad E2E matrix. The goal is to cover the product-critical TUI paths and the regressions that recently escaped focused unit/integration tests.
+
+Relevant completed / in-flight history from git log:
+
+- `00001KSKBP9YG` / `96561897` / `10a1c383` / `bdc735b8`: opt-in PTY Panel E2E harness exists under `tests/e2e`.
+- `00001KV0TJVN5` / `13d00530` / `47efeb01` / `7fe463af`: E2E builds the current `yoi` binary by default and isolates tested subprocess env/provider credentials.
+- `00001KV0YK5S0` / `07e754ce` / `20184eeb` / `6aa7c650`: orchestration branch adds fixture-local tmp workspace/data/runtime isolation and cleanup. If not already merged into the implementation base, incorporate or depend on that work rather than reimplementing it.
+- `00001KV0723PC` / `cfe411e5`: late Panel quit latency was fixed; current E2E already has `panel_ctrl_c_exits_promptly_after_background_barrier` and should preserve/strengthen it.
+- `00001KV072V89` / `452c9df1`: Panel mouse click selection was implemented; current E2E already has `panel_mouse_click_selects_row_without_dispatching_action` and should preserve/strengthen it.
+- `00001KV04NJ8D` / `949ceb5a`: rewind live refresh was fixed, but it does not yet have a real-process PTY regression test.
+
+## Requirements
+
+- Keep E2E opt-in.
+  - Tests remain under `tests/e2e` and behind the existing `e2e` feature gate.
+  - `cargo test --workspace` must not run these tests by default.
+- Do not duplicate already-covered Panel cases.
+  - Preserve the existing late-quit-latency E2E.
+  - Preserve the existing mouse click-to-select E2E.
+  - If the tmp runtime isolation branch is not in the implementation base, merge/incorporate it first or make this Ticket depend on it.
+- Add only the missing critical-path coverage needed before larger feature/MCP work.
+  - A minimal Panel critical path must continue to cover startup, fixture row rendering/selection, and normal quit.
+  - Add a minimal single-Pod/TUI critical path only as needed to support rewind coverage; do not add real provider/network calls.
+- Strengthen late quit latency E2E only where useful.
+  - Keep the held-background-task / observable barrier approach.
+  - Assert user quit is observed and process exit remains within the bounded threshold.
+  - Avoid arbitrary sleeps when an observable event/barrier exists.
+- Strengthen mouse E2E for the currently missing behavior.
+  - Keep click-to-select without action dispatch.
+  - Add wheel input coverage for the viewport/row list behavior that was regressed by disabling mouse capture.
+  - Ensure the test/harness can detect reintroducing full drag-motion capture (`?1002h` / `?1003h`) where feasible from PTY output.
+  - Rename harness wording if needed: the current implementation enables normal mouse tracking for wheel/click, not full capture.
+- Add rewind UI E2E.
+  - Drive a real single-Pod TUI or equivalent PTY surface with fixture history/canned state.
+  - `Ctrl+R` opens the rewind picker.
+  - Selecting a rewind target with `Enter` causes the live TUI view/composer/state to update without requiring `Esc`, restart, or restore.
+  - Repeated `Enter` while a rewind is pending does not send multiple destructive rewind requests or produce delayed duplicate success notices.
+- Keep tests deterministic and content-safe.
+  - No real provider credentials.
+  - No network-backed LLM calls.
+  - Use fixtures, canned sessions, test-only provider/runtime controls, or other existing test hooks when needed.
+  - Do not leak host secret-like environment variables into tested processes.
+
+## Acceptance criteria
+
+- The focused E2E command, e.g. `cargo test -p yoi-e2e --features e2e --test panel -- --nocapture` plus any new E2E test target, runs from a clean checkout after building the current `yoi` binary automatically.
+- The current Panel smoke/click/quit tests still pass on the fixture-isolated harness.
+- If fixture runtime isolation is part of this implementation base, after a passing run no test Pod/socket appears in the user's real `~/.yoi` or `/run/user/<uid>/yoi`.
+- Late quit latency remains covered by an E2E that fails if quit waits for held background work past the configured threshold.
+- Mouse E2E fails if click-to-select dispatches an action, if wheel input is ignored, or if full drag-motion mouse capture is reintroduced where the harness can observe it.
+- Rewind UI E2E fails if rewind success only becomes visible after `Esc`, TUI restart, or Pod restore.
+- Failure artifacts include enough PTY output/events/status information to debug timing and UI failures.
+- Existing non-E2E tests remain unaffected by the opt-in E2E feature gate.
+- Validation includes focused E2E commands, affected crate tests/checks, `cargo build -p yoi`, and `nix build .#yoi`.
+
+## Non-goals
+
+- Full provider/API matrix E2E.
+- Real network-backed LLM calls.
+- CI-default enablement of E2E.
+- Exhaustive Ticket orchestration multi-agent workflow E2E.
+- Plugin/MCP E2E coverage.
+- Replacing focused unit/integration tests; this Ticket adds a small real-process safety net.
+
+## Related work
+
+- E2E harness first slice: `00001KSKBP9YG`
+- E2E latest-binary build/env isolation: `00001KV0TJVN5`
+- E2E tmp runtime/data/workspace isolation: `00001KV0YK5S0`
+- Rewind UI regression: `00001KV04NJ8D`
+- Panel quit latency regression: `00001KV0723PC`
+- Workspace panel mouse selection: `00001KV072V89`

.yoi/tickets/00001KV10SN02/thread.md

@@ -0,0 +1,19 @@
+<!-- event: create author: "yoi ticket" at: 2026-06-13T17:34:41Z -->
+
+## 作成
+
+LocalTicketBackend によって作成されました。
+
+---
+
+<!-- event: decision author: hare at: 2026-06-13T17:39:19Z -->
+
+## Decision
+
+修正:
+- 初回作成時は git log の確認が不足しており、既存/別 branch の E2E 実装済み範囲を一部重複して書いていた。
+- git log を確認し、既存の Panel E2E harness、latest-binary build、late quit latency E2E、mouse click selection E2E、orchestration branch の tmp runtime/data isolation を前提として反映した。
+- この Ticket は残差に絞る: wheel regression、rewind UI real-process regression、必要最小限の critical path 維持/補強。
+
+
+---

.yoi/tickets/00001KV11DHGZ/artifacts/relations.json

@@ -0,0 +1,13 @@
+{
+  "version": 1,
+  "relations": [
+    {
+      "ticket_id": "00001KV11DHGZ",
+      "kind": "related",
+      "target": "00001KTZY8HK2",
+      "note": "mixed Orchestrator delegation depends on explicit profile scope replacement/override semantics",
+      "author": "yoi ticket",
+      "at": "2026-06-13T17:46:37Z"
+    }
+  ]
+}

.yoi/tickets/00001KV11DHGZ/item.md

@@ -0,0 +1,78 @@
+---
+title: 'Orchestrator delegation scope を root read + worktree write に狭める'
+state: 'planning'
+created_at: '2026-06-13T17:45:32Z'
+updated_at: '2026-06-13T17:46:37Z'
+assignee: null
+readiness: 'requirements_sync_needed'
+risk_flags: ['scope', 'delegation-scope', 'orchestrator', 'profile-merge', 'spawnpod']
+---
+
+## Background
+
+Orchestrator の direct scope は root workspace read-only であるべきだが、child Coder/Reviewer には implementation worktree への write と original workspace への read を委譲できる必要がある。
+
+現在の暫定 Orchestrator profile は `resources/profiles/orchestrator.lua` で以下になっている。
+
+```lua
+scope = "workspace_read"
+delegation_scope = "workspace_write"
+```
+
+これは fresh launch の delegation 不足を避けるが、delegation が広すぎる。概念的には child に original workspace root への write まで委譲可能になっている。
+
+手動 restore 復旧時に delegation を `.worktree` write のみに狭めたところ、Reviewer 起動で root workspace read を再委譲できず失敗した。正しい effective shape は以下。
+
+```text
+direct scope:
+  read  <original workspace root>
+
+delegation_scope:
+  read  <original workspace root>
+  write <original workspace root>/.worktree
+```
+
+現状の scalar profile intent では、この mixed delegation scope を簡潔に表現できない。object/table form は `profile.extend()` の deep merge と scope merge semantics により inherited value の置換が難しいため、既存 Ticket `00001KTZY8HK2` の profile replace/clear semantics と関連する。
+
+## Requirements
+
+- Orchestrator fresh launch の effective scope を以下にする。
+  - direct `scope`: original workspace root recursive read
+  - `delegation_scope`: original workspace root recursive read + original workspace `.worktree` recursive write
+- Reviewer/Coder child launch が必要とする root read と implementation worktree write を Orchestrator が再委譲できること。
+- Orchestrator が child に original workspace root write を委譲できないこと。
+- Profile 継承は維持する。
+  - `builtin:orchestrator` は `builtin:default` から reusable defaults を継承してよい。
+  - inherited authority-bearing scope fields を意図せず加算しないこと。
+- 実装方法は `00001KTZY8HK2` の profile replacement/clear semantics と整合させる。
+  - この Ticket で replacement API まで実装するか、Orchestrator launch context 側で role-specific delegation scope を構築するかは設計で決める。
+  - いずれの場合も scalar string workaround への依存を増やさない。
+- Restore path と fresh launch path の effective scope が意図せず乖離しないようにする。
+  - metadata snapshot は restore 時に尊重する。
+  - 新規生成される Orchestrator metadata snapshot には narrowed delegation scope が保存される。
+
+## Acceptance criteria
+
+- Fresh Orchestrator launch の resolved/effective manifest が以下を満たす test がある。
+  - direct scope allows read on original workspace root
+  - direct scope does not allow write on original workspace root
+  - delegation scope allows read on original workspace root
+  - delegation scope allows write under original workspace `.worktree`
+  - delegation scope does not allow write on original workspace root outside `.worktree`
+- Reviewer/Coder launch validation can be satisfied by the narrowed Orchestrator delegation scope.
+- Scope allocator does not conflict with the Companion/top-level `yoi` Pod's workspace write allocation.
+- `resources/profiles/orchestrator.lua` no longer needs to express delegation as broad `"workspace_write"` unless a separate explicit override intentionally narrows it later in launch resolution.
+- Tests cover both profile resolution / launch context and child delegation validation where practical.
+- Validation: focused scope/profile/client tests, `cargo build -p yoi`, and `nix build .#yoi`.
+
+## Out of scope
+
+- General Plugin/MCP permission design.
+- Full replacement of profile scope semantics beyond what is needed here, unless this Ticket is intentionally merged with `00001KTZY8HK2`.
+- OS-level sandboxing of child processes.
+
+## Related work
+
+- Profile replacement/clear semantics: `00001KTZY8HK2`
+- Restore should preserve metadata manifest snapshot: current local fix in `crates/pod/src/pod.rs`
+- Orchestrator role profile: `resources/profiles/orchestrator.lua`

.yoi/tickets/00001KV11DHGZ/thread.md

@@ -0,0 +1,7 @@
+<!-- event: create author: "yoi ticket" at: 2026-06-13T17:45:32Z -->
+
+## 作成
+
+LocalTicketBackend によって作成されました。
+
+---