feat: remove EffortMax, add OptionSessionName and OptionRemoteControl

[dmora]

Summary

• Removed EffortMax globally — no longer supported in Claude CLI. Updated CLI/ACP engines to reject it, removed mappings from Claude/Codex/OpenCode backends, updated Effort.Valid().
• Added root OptionSessionName — cross-cutting session naming mapped to --name (Claude) and --title (OpenCode, with precedence over opencode.OptionTitle). Added to MCP security allowlist.
• Added claude.OptionRemoteControl — maps to --remote-control flag, with ParseBoolOption validation on resume. Claude-specific per shared-vocabulary rule.
• Kept rate_limit_event unparsed — accessible via msg.Raw, adhering to the design rule that backend-specific event types don't get root vocabulary entries until 2+ backends need them.
• Updated docs — CLAUDE.md, README.md, backend doc.go files reflect all changes.

Fixes dmora/dors-orchestrator#46

Test plan

• TestStart_EffortMaxRejected (CLI engine) — verifies EffortMax is rejected at Start()
• TestEngine_Start_EffortMaxRejected (ACP engine) — same validation for ACP path
• TestSpawnArgs_SessionName / TestResumeArgs_SessionName (Claude) — --name flag emitted
• TestSpawnArgs_RemoteControl / TestResumeArgs_RemoteControl_Rejected (Claude) — --remote-control flag and resume validation
• TestSpawnArgs_SessionName_* (OpenCode) — precedence over OptionTitle, fallback, null-byte rejection
• Codex EffortMax mapping removed, existing effort tests still pass
• MCP allowlist updated and tested (session_name key accepted)
• make qa passes

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request refines the agent session configuration by deprecating an unsupported effort level and introducing new options for session management. It streamlines the Effort handling across different backends and enhances session control with a standardized naming option and a Claude-specific remote control feature, ensuring consistency and improved functionality.

Highlights

• Removed EffortMax: The EffortMax option has been globally removed as it is no longer supported in Claude CLI. CLI/ACP engines now reject it, mappings from Claude/Codex/OpenCode backends have been removed, and Effort.Valid() has been updated accordingly.
• Added OptionSessionName: A new root OptionSessionName has been introduced for cross-cutting session naming. It maps to --name in Claude and --title in OpenCode (with precedence over opencode.OptionTitle). This option has also been added to the MCP security allowlist.
• Added claude.OptionRemoteControl: A Claude-specific OptionRemoteControl has been added, mapping to the --remote-control flag. It includes ParseBoolOption validation on resume, adhering to shared-vocabulary rules.
• Documentation Updated: Documentation files including CLAUDE.md, README.md, and backend doc.go files have been updated to reflect all these changes.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request removes the EffortMax option, which is no longer supported, and introduces two new options: OptionSessionName for cross-backend session naming and claude.OptionRemoteControl for Claude-specific remote control. The changes are well-implemented across the codebase, including updates to backends, tests, and documentation. My review found one potential security issue in the opencode backend where session titles starting with a dash are not validated, which could lead to command-line argument injection. A suggestion to fix this has been provided.

[dmora]

Thanks @gemini-code-assist! You're right — the Claude backend already guards --name with !strings.HasPrefix(name, "-"), and resolveTitle() was missing the same check for both OptionSessionName and OptionTitle.

Fixed in 46f2a38: added !strings.HasPrefix(v, "-") to both conditions in resolveTitle(), plus two new tests (TestSpawnArgs_SessionName_LeadingDash and TestSpawnArgs_Title_LeadingDash).

[gemini-code-assist]

Thanks for the update, @dmora! I've reviewed the changes in 46f2a38 and can confirm that adding the !strings.HasPrefix(v, "-") check to resolveTitle() for both OptionSessionName and OptionTitle, along with the new tests (TestSpawnArgs_SessionName_LeadingDash and TestSpawnArgs_Title_LeadingDash), effectively addresses the potential issue with leading dashes. Great work on the comprehensive fix and test coverage!