Phase 2: Core Mechanics (Chapters 5-9)

Tasks

CH05: The Agentic Loop

• [x] CH05-CN: 第5章 - Agent 循环引擎 — 已写成；覆盖 query()/queryLoop() 架构分层、10 字段 State 结构逐字段讲解、循环前四重预处理（工具结果截断/snip/microcompact/context collapse/autocompact）、流式 API 调用与 withhold 扣押机制、全部 7 条 continue 路径含触发条件与场景描述（附 Mermaid 控制流图）、handleStopHooks 的 5 类副作用与阻断逻辑、runTools vs StreamingToolExecutor 两条工具执行路径、QueryConfig 快照设计与 QueryDeps 依赖注入模式、tokenBudget 的双阈值决策逻辑（COMPLETION_THRESHOLD 90%/DIMINISHING_THRESHOLD 500）
• [x] CH05-EN: Chapter 05 - The Agentic Loop — Written. Covers query()/queryLoop() architecture, the 10-field State struct, 4 pre-iteration preparation layers (snip/microcompact/contextCollapse/autocompact), API streaming call mechanics with withholding pattern, all 7 continue paths with concrete scenarios and line references, handleStopHooks() 8-step sequence, runTools vs StreamingToolExecutor, QueryConfig/QueryDeps dependency injection design, and the tokenBudget module with COMPLETION_THRESHOLD and DIMINISHING_THRESHOLD logic.
• Acceptance: Reader can trace a complete API call cycle and explain all 7 continue paths

CH06: Tool System Deep Dive

• [x] CH06-CN: 第6章 - 工具系统深度剖析 — 已写成；覆盖工具生命周期五阶段 Mermaid 流程图（注册→选择→权限检查→执行→结果渲染）、Tool<Input,Output> 接口四组方法（核心执行/权限验证/UI 渲染/API 序列化）逐一详解、buildTool() 工厂函数与 DefaultableToolKeys 默认值策略、FileReadTool 全解（lazySchema 延迟初始化、6路判别联合输出 schema、call() 六步执行流程、validateInput+checkPermissions 分工、mapToolResultToToolResultBlockParam 序列化、readFileState+mtime 去重机制）、tools.ts 注册表与 feature-gated 工具分析、toolOrchestration.ts 的 partitionToolCalls 分区逻辑与并发/串行批次设计（含 contextModifier 延迟应用的竞态分析）、StreamingToolExecutor 对比说明、完整 WordCountTool 实现代码骨架（含注册步骤和完工验证清单）
• [x] CH06-EN: Chapter 06 - Tool System Deep Dive — Written. Covers the 5-stage tool lifecycle with Mermaid diagram, full Tool<Input,Output> interface walkthrough (all methods and properties explained), buildTool() factory and 7 defaultable keys (ToolDef vs Tool distinction), FileReadTool dissected across 7 subsections (lazySchema, 6-variant discriminated union output, extension dispatch in call(), validateInput guard clauses, mapToolResultToToolResultBlockParam, readFileState dedup with mtime, CYBER_RISK_MITIGATION_REMINDER), getAllBaseTools() registry design and Statsig sync constraints, toolOrchestration.ts runTools() with partitionToolCalls batching, concurrent vs serial batch execution with contextModifier ordering, StreamingToolExecutor, and a complete WordCountTool implementation with all required methods and registration steps.
• Acceptance: Reader can implement a new custom tool from scratch following the buildTool() pattern

CH07: Permission & Security Model

• [x] CH07-CN: 第7章 - 权限与安全模型 — 已写成；覆盖 7 种 PermissionMode 对比表（含 auto/bubble 内部模式）、权限三态 allow/deny/ask 语义及 passthrough 转换规则、PermissionDecisionReason 11 个变体完整对比表（含 classifierApprovable 字段解析）、hasPermissionsToUseToolInner() 11 步决策流程（含 Mermaid 流程图、bypass 免疫三道防线详解）、hasPermissionsToUseTool() 外层包装的 dontAsk 转换和 auto 模式 YoloClassifier 四种结果、useCanUseTool() React Hook 四条 ask 路径（Coordinator Worker/Swarm Worker/Speculative 2s 竞赛/交互弹窗，含 Mermaid 流程图）、ShellPermissionRule 三种匹配格式（精确/前缀/通配符）与 8 种规则来源优先级、Hook 权限三种事件类型及串行/并行调用差异、完整 settings.json 配置示例及设计思路说明
• [x] CH07-EN: Chapter 07 - Permission & Security Model — Written. Covers all 7 PermissionMode values (5 external + 2 internal), the three-state PermissionBehavior model, the 11-variant PermissionDecisionReason audit trail with full table, the 11-step hasPermissionsToUseToolInner() decision engine with Mermaid flowchart and step-by-step walkthrough, the outer hasPermissionsToUseTool() wrapper covering dontAsk conversion and auto-mode YoloClassifier pipeline (iron_gate, acceptEdits fast path, denial tracking, 5 classifier outcomes), the 4-path useCanUseTool() React hook with Mermaid diagram (coordinator/swarm/speculative 2-second race/interactive), all three Bash rule syntaxes (exact/prefix/wildcard), the 8 PermissionRuleSource values with precedence rules, PermissionRequest hooks with JSON protocol, and a complete annotated settings.json configuration guide.
• Acceptance: Reader can trace a permission decision through all 9 possible reasons

CH08: Command System

• [x] CH08-CN: 第8章 - 命令系统 — 完成。覆盖三种命令类型、CommandBase 字段详解、commands.ts memoize 设计、loadAllCommands 三路并行聚合、meetsAvailabilityRequirement 过滤、findCommand 查找逻辑、processUserInput 7步路由（含 Mermaid 流程图）、完整 /wordcount 新增实操指南。
• [x] CH08-EN: Chapter 08 - Command System — Written; covers all 3 command types (PromptCommand/LocalCommand/LocalJSXCommand), CommandBase field-by-field walkthrough, memoized COMMANDS() registry, layered discovery pipeline (loadAllCommands + getCommands + meetsAvailabilityRequirement + isCommandEnabled), findCommand() 3-condition lookup, skills/plugins priority merge, processUserInput() routing with Mermaid flowchart, and a complete 6-step practical guide for adding a new slash command
• Acceptance: Reader understands all 3 command types and can add a new slash command

CH09: QueryEngine & SDK Interface

• [x] CH09-CN: 第9章 - QueryEngine 与 SDK 接口 — 完成。覆盖 QueryEngine 作为 headless 会话管理层的定位、QueryEngineConfig 全部参数按职责分组详解、类的私有状态字段逐一说明（mutableMessages/permissionDenials/totalUsage）、submitMessage() 完整十步执行流程（含 Mermaid 序列图）、canUseTool 包装机制与权限拒绝追踪、三层系统提示组装逻辑、slash command 短路路径、query() 循环与 SDKMessage 映射、SDKMessage 八种变体完整对比表、完整程序化使用示例（含多轮对话和 AbortController 取消）、agentSdkTypes.ts 四个子模块结构（coreTypes/runtimeTypes/settingsTypes/toolTypes）、HOOK_EVENTS 与 EXIT_REASONS 常量设计、headless 与 interactive 模式在五个维度上的关键差异。
• [x] CH09-EN: Chapter 09 - QueryEngine & SDK Interface — Written. Covers QueryEngine's role as a session manager for headless mode, all QueryEngineConfig fields including the three budget controls (maxTurns/maxBudgetUsd/taskBudget) and jsonSchema structured output, class private state design, the complete 10-stage submitMessage() flow with Mermaid sequence diagram, slash-command short-circuit path, query() loop to SDKMessage mapping, the final SDKResultMessage with permission_denials audit trail, all SDKMessage variants in a reference table, a complete programmatic usage example including multi-turn and structured output patterns, the three-submodule split of agentSdkTypes.ts (coreTypes/runtimeTypes/toolTypes), and headless vs interactive mode differences across rendering, permissions, elicitation, tool availability, and slash commands.
• Acceptance: Reader can use QueryEngine programmatically and understands the SDK type surface

Notes

• CH05 depends on CH03 + CH04
• CH08 can start parallel with CH05 (only needs CH03)
• CH06 depends on CH05 completion
• CH07 depends on CH06
• CH09 depends on CH05