WillTaylor22 · WillTaylor22 · May 26, 2026 · May 26, 2026
diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md
@@ -7,11 +7,12 @@ Keep this file under 200 lines — anything longer is content bloat, not memory.
 - [learnings/sentry-mcp-no-comment-tool](learnings/2026-05-26-sentry-mcp-no-comment-tool.md) — Sentry MCP can't comment on issues; back-link from Linear only
 - [learnings/vercel-blocks-unknown-author-email](learnings/2026-05-26-vercel-blocks-unknown-author-email.md) — Vercel preview deploys block when commit author email has no GitHub account; use the noreply alias
 - [learnings/sandbox-cant-clone-private-repo](learnings/2026-05-26-sandbox-cant-clone-private-repo.md) — Don't `git clone` from sandbox bash; the `github_repository` resource is auth'd, raw `git clone` is not
+- [learnings/github-mcp-strips-html-comments](learnings/2026-05-26-github-mcp-strips-html-comments.md) — `update_pull_request` silently strips `<!-- ... -->` from PR bodies; session-id marker can't be set by agent (ENG-25)
 
 ## Decisions
 - [decisions/mcp-for-small-writes-checkout-for-big](decisions/2026-05-26-mcp-for-small-writes-checkout-for-big.md) — Single-file writes go through GitHub MCP; multi-file or test-needing changes use the mounted checkout + `git push`
 - [decisions/two-agent-builder-reviewer](decisions/2026-05-25-two-agent-builder-reviewer.md) — Separate agents for build vs. review so the reviewer reads diffs cold
 
 ## Conventions
-- [conventions/pr-session-id-marker](conventions/pr-session-id-marker.md) — PR body MUST end with `<!-- session-id: sthr_... -->` so webhooks can resume
+- [conventions/pr-session-id-marker](conventions/pr-session-id-marker.md) — PR body MUST end with `<!-- session-id: sesn_... -->` (or legacy `sthr_...`) so webhooks can resume
 - [conventions/agent-review-marker](conventions/agent-review-marker.md) — Reviewer's verdict goes on the first line as `AGENT_REVIEW: APPROVED|REQUEST_CHANGES|ESCALATE — <rationale>`
diff --git a/.claude/memory/conventions/pr-session-id-marker.md b/.claude/memory/conventions/pr-session-id-marker.md
@@ -4,7 +4,7 @@ Every PR opened by the manager MUST end with this HTML comment as the
 **last line** of the PR body:
 
 ```
-<!-- session-id: sthr_xxxxxxxxxxxxxxxx -->
+<!-- session-id: sesn_xxxxxxxxxxxxxxxx -->
 ```
 
 The `/api/github-webhook` route extracts this marker when a webhook
@@ -18,3 +18,7 @@ Functional but wasteful.
 
 The kickoff `user.message` includes the actual session id. Substitute
 it verbatim; don't paraphrase or omit.
+
+The regex in `app/api/github-webhook/route.ts` accepts either
+`sesn_` (current SDK prefix) or `sthr_` (legacy) — both are valid.
+Use whatever the kickoff hands you.
diff --git a/app/api/github-webhook/route.ts b/app/api/github-webhook/route.ts
@@ -17,7 +17,7 @@ function verifySignature(rawBody: string, sigHeader: string | null, secret: stri
 
 function extractSessionId(text: string | undefined | null): string | null {
   if (!text) return null;
-  const m = text.match(/<!--\s*session-id:\s*(sthr_[A-Za-z0-9]+)\s*-->/);
+  const m = text.match(/<!--\s*session-id:\s*((?:sthr_|sesn_)[A-Za-z0-9]+)\s*-->/);
   return m?.[1] ?? null;
 }