Add configurable Paseo Agent provider

[boudra]

Linked issue

N/A

Type of change

• Bug fix
• New feature (with prior issue + design alignment)
• Refactor / code improvement
• Docs

What does this PR do

Adds Paseo Agent as a first-class provider that runs through Paseo-owned daemon config instead of another tool's global state.

The PR wires the provider into the daemon, app provider settings, CLI login/provider commands, protocol messages, config persistence, prompt-profile loading, MCP tool bridging, OAuth credential storage, docs, and focused unit/E2E coverage.

How did you verify it

• npm install
• npm run build:client
• npm run typecheck
• npm run format
• npm run lint

Extra review/smoke needed: this touches Expo UI for the Paseo Agent settings sheet, but I did not capture screenshots or video in this pass. Please smoke the settings sheet on the affected app surfaces before merge.

Risk surface: provider execution, credential storage, and config persistence all meet at the daemon boundary. The protocol uses a feature gate for the new config RPCs, so old hosts should continue to reject the new UI/CLI path cleanly instead of attempting a degraded fallback.

Checklist

• One focused change. Unrelated cleanups split out.
• npm run typecheck passes
• npm run lint passes
• npm run format ran (Biome)
• UI changes include screenshots or video for every affected platform
• Tests added or updated where it made sense

[greptile-apps]

Greptile Summary

This PR introduces Paseo Agent as a first-class provider wired end-to-end through the daemon: a new packages/server/src/server/agent/providers/paseo-agent/ module owns the Pi-seam integration, credential storage, prompt-profile loading, and MCP tool bridging. Four new session-level RPC messages handle provider CRUD and ChatGPT OAuth credential storage, with a paseoAgentConfig feature gate guarding old hosts.

• Core feature module lives in one directory with layered path confinement for agent definitions, an injectable Pi-session seam, and a Paseo-owned OAuth store distinct from all other tool auth files.
• Protocol layer adds four request/response schemas under config.paseo_agent.*, gated so old hosts reject the new RPCs cleanly.
• RedactedPaseoAgentProviderConfigSchema inlines the provider-type enum instead of referencing PaseoAgentProviderTypeSchema defined above it in the same file; the paseoAgentConfig COMPAT comment records version v0.1.85, which is older than the existing worktreeRestore gate at v0.1.97.

Confidence Score: 5/5

Safe to merge; the feature module is well-isolated and the protocol gate ensures old hosts reject the new RPCs cleanly.

The feature module is well-isolated, path confinement is layered correctly, and the protocol gate ensures old hosts reject the new RPCs without degraded fallback. The only new findings are a cosmetic intra-file enum duplication in messages.ts and a COMPAT version number that is lower than an existing gate — neither affects runtime correctness.

packages/protocol/src/messages.ts — provider-type enum duplication and COMPAT version; packages/server/src/server/websocket-server.ts — matching COMPAT version number.

Important Files Changed

Filename	Overview
packages/server/src/server/agent/providers/paseo-agent/agent.ts	New PaseoAgentClient and PaseoAgentSession classes; clean Pi-seam integration with proper session lifecycle, MCP bridging, and event mapping.
packages/protocol/src/messages.ts	Adds four Paseo Agent config RPC schemas; RedactedPaseoAgentProviderConfigSchema inlines the provider-type enum instead of reusing PaseoAgentProviderTypeSchema; COMPAT version v0.1.85 is lower than the existing worktreeRestore gate at v0.1.97.
packages/server/src/server/websocket-server.ts	Adds paseoAgentConfig feature gate and redactPaseoAgentConfigSecrets helper; COMPAT version v0.1.85 is lower than the existing worktreeRestore gate at v0.1.97.
packages/server/src/server/session.ts	Wires four Paseo Agent config RPC handlers; uses ??= for singleton config service per session.
packages/cli/src/commands/login/index.ts	New paseo login chatgpt command; browser-first flow sends credential to daemon; device-code is local-only with explicit mutual-exclusion check against --host.
packages/app/e2e/paseo-agent-provider-config.spec.ts	Clean E2E spec with intent-level helpers; uses daemon API for state seeding; cleanup runs afterEach with proper set tracking.

_{Reviews (7): Last reviewed commit: "Open Paseo Agent E2E provider settings" | Re-trigger Greptile}

[boudra]

Review follow-up:

• Addressed the per-request config service concern: Session now reuses one PaseoAgentConfigService instance.
• Replaced the JSDOM/mocked settings-sheet component test with direct tests for extracted sheet model helpers; the user flow remains covered by the app E2E spec.
• Removed the duplicate provider-default table from config-service.ts; it now delegates to the defaults in config.ts.
• Extracted shared env reference helpers for config, config-service, and OAuth credential resolution.
• Precompiled Paseo Agent permission matchers when the policy is created.

Leaving the broader config-store and websocket-redaction architecture notes as-is in this PR: the config store strips the secret-bearing agents subtree before it enters the mutable daemon-config accumulator, and websocket redaction stays at the raw inbound payload logging boundary. A registry would be worth adding once there is a second sensitive message family.