Meridian-cli

Fixed
- `-a ""` is explicit **no agent** via `agent_opt_out` on launch requests: skips `primary.agent`, profile body, native `--agents` payload, and fork/continue agent inheritance. `RuntimeOverrides` keeps normal `None` = unset semantics.

Changed
- Bump `mars-agents` to `0.8.7`.

Fixed
- OpenCode `session log` now reads completed transcripts from `opencode.db` before legacy JSON or spawn-history fallback.
- OpenCode DB compactions now render as segment handoffs, not assistant replies.
- Empty OpenCode DB transcripts now fall back to legacy JSON or spawn history.
- Default OpenCode `session log` output now shows completed `task` tool result previews instead of making finished tasks look unfinished.
- OpenCode child task sessions no longer complete, fail, clear signals for, or supply reports for their parent spawn.
- Launch event scoping now falls back cleanly for duck-typed test connections without weakening Codex/OpenCode primary-scope filtering.

Changed
- Fan-out agent config moves from `[settings.meridian.agent_copy].fanout_agents` to peer table `[settings.meridian.fanout].agents`; docs and repo `mars.toml` updated. Legacy `fanout_agents` is deprecated (migration warning, ignored).
- Bump `mars-agents` to `0.8.5`, which parses `[settings.meridian.fanout]` and dual-lists fan-out agents in the launch inventory.

Added
- `max` reasoning effort level (`low` < `medium` < `high` < `xhigh` < `max`), matching Claude Code effort scale.

Fixed
- `-a ""` (explicit empty agent name) now skips the configured default agent profile instead of falling through to it.
- Claude `xhigh` effort mapping passes through correctly (`"xhigh"` → `"xhigh"`) instead of remapping to `"max"`.

Fixed
- Foreground Codex primary attach no longer kills the app-server when the TUI displaces the observer stream after attach.

Added
- `[env]` config section in `meridian.toml` / `~/.meridian/config.toml`: flat key-value string map for environment variables passed to all spawned harness processes. Matches Claude Code's `settings.json` `"env"` shape.
- `--env KEY=VALUE` repeatable CLI flag on `meridian spawn` for per-spawn environment variable overrides. CLI values override config defaults.
- `config show` displays `env.*` keys; secret-like keys ending in `_TOKEN`, `_KEY`, or `_SECRET` are redacted as `[redacted]`.

Changed
- `MERIDIAN_*` guard in child environment construction is now case-insensitive, preventing Windows env-var case bypass.

Fixed
- `spawn --continue` rejects `--env` as a policy-changing override; the original spawn's CLI env is preserved via `LaunchPolicySnapshot` replay.
- Streaming serve and dry-run paths now pass env through `plan_overrides` (previously skipped).
- Empty string env values are now allowed through `--env` and `[env]` TOML values; non-string TOML env values are rejected with a clear error.