The Ctrl+D diff drawer in `coder exp agents` only rendered PR-backed
diffs returned by `/api/experimental/chats/{id}/diff`. Local working
tree changes in a chat's workspace produced an empty response, which
showed "No diff contents" in the drawer and no file summary.

Centralise diff loading behind a single `fetchChatDiffContents` helper
that first hits `/diff`, then falls back to the chat git watcher
WebSocket (`/stream/git`) when the remote diff is empty. Aggregate the
agent's `WorkspaceAgentRepoChanges` into a `ChatDiffContents` value so
the drawer can derive the file summary and styled body from the local
unified diff. Treat missing workspaces, missing agents, and watcher
timeouts as graceful fallbacks that render the empty-diff placeholder
instead of a hard error.

…-quotes

The previous parser split the unquoted header with strings.Fields, so any
path containing spaces (e.g., 'a/foo bar.txt b/foo bar.txt') was treated
as four separate tokens and marked as a rename with truncated filenames.
For binary or mode-only diffs that lack '--- '/'+++ ' lines, those wrong
paths then leaked into the diff drawer summary.

The new parser recognizes both header forms:
  - Quoted form ('diff --git "a/<old>" "b/<new>"') via strconv.Unquote,
    which handles C-escaped paths (e.g., octal byte escapes).
  - Unquoted form by searching for a ' b/' split point where the two
    halves are equal after stripping a/ and b/ (the non-rename case),
    falling back to the single-space split for simple renames.

When the header is ambiguous (rename with spaces in the path), the parser
now returns ok=false. The caller still creates a placeholder entry so the
follow-up 'rename from'/'rename to'/'--- '/'+++ ' lines can fill in the
correct paths; flush() already drops entries with an empty FilePath.

shouldIgnoreLocalDiffFallbackError only recognized two of the 400
responses watchChatGit can return. When the chat pointed at a deleted
workspace the server returned 'Chat workspace not found.' and the
diff drawer regressed from showing 'No diff to display.' to a hard
error.

Treat all of the watchChatGit 400 variants (no workspace bound,
workspace deleted, no agents, agent not connected) as ignorable and
fall back to the empty remote diff, matching the pre-fallback behavior
of the drawer. Add subtests covering each message.

Git emits C-quoted paths on 'rename from'/'rename to' lines whenever
the name contains non-ASCII bytes or control characters (with the
default core.quotepath setting). The parser was storing the raw
token, so a quoted rename like

    rename from "b\\303\\244r old.txt"
    rename to "b\\303\\244r new.txt"

overwrote the already-decoded header paths and the diff summary
showed the octal-escaped form. Route these lines through
trimUnifiedDiffPath just like '--- '/'+++ ' so the paths decode to
'bär old.txt' and 'bär new.txt'.

Two follow-ups from the Codex review of the earlier rename-path fix:

1. Added or removed lines inside a hunk can legitimately start with
   '+++ ' or '--- ' (the content happens to begin with '++ ' or '-- '),
   so treating every such line as a file header would overwrite
   FilePath and OldPath and miscount additions/deletions. Track an
   inHunk flag that flips on the first '@@' marker after each
   'diff --git' header and gate the header-only cases (new/deleted
   file mode, rename from/rename to, ---, +++) on !inHunk. Inside the
   hunk we instead credit lines starting with '+' or '-' to the
   addition/deletion counters.

2. 'rename from'/'rename to' paths are repository-relative and never
   carry the a/ or b/ prefix, so trimUnifiedDiffPath (which strips
   a/ and b/) would truncate real directories. Introduce a
   decodeQuotedDiffLinePath helper that only handles C-quote decoding
   and TrimSpace, and route the rename-line parsing through it.

Added tests covering a rename that really lives under a literal
'a/' directory and a hunk body that contains '--- '/'+++ ' content
lines.

shouldIgnoreLocalDiffFallbackError matched the server-side 400 messages
from watchChatGit as lowercased substrings, so a server-side reword
would silently stop the fallback and surface the raw error in the TUI
diff drawer. It also only handled 404 and the 400 variants, so a 403
from authorizeChatWorkspaceExec when the chat owner's workspace
permissions were revoked still bubbled up as a hard error for a
scenario the remote diff endpoint handles gracefully.

Expose the ignorable messages as shared codersdk constants, add
ChatGitWatchAgentStateMessage for the formatted agent-state case, and
IsChatGitWatchFallbackMessage that both the server and client now
reference. shouldIgnoreLocalDiffFallbackError calls the predicate and
also treats 403 as ignorable to match the remote diff endpoint's
graceful behavior.

Addresses mafredri Round 2 DEREM-5, DEREM-6.

> Mux is running the Codex review loop on behalf of Mike.

…ackfill

Addresses two findings from the Codex + mafredri review on 6aa1579:

- [Codex P2] Metadata backfill was gated on `localDiff.Branch != nil || localDiff.RemoteOrigin != nil`, but that is an unreliable proxy for "single contributing repository". A repo in detached HEAD with no origin remote legitimately leaves both fields nil even though exactly one repository produced the diff. Codex correctly pointed out that this case silently dropped remote Provider/PullRequestURL from the drawer.

  Replace the proxy with an explicit `singleRepo` flag returned from buildLocalChatDiffContents so the backfill invariant ("single contributing repo is safe to backfill, multi-repo is not") is expressed in the type. Propagate the flag through fetchLocalChatDiffContents and gate the merge block on it. Update the block comment so it documents the invariant rather than the old proxy.

- [DEREM-21 P3, mafredri] shouldIgnoreLocalDiffFallbackError's 404 branch had no test even though every other ignorable-error branch (context.DeadlineExceeded, 403, and each 400 fallback message) now has a dedicated subtest. Add IgnoresNotFoundWatcherFallbackErrors mirroring the 403 coverage added for DEREM-16 so the branch is mechanically covered and a future regression cannot silently remove it.

Also add BackfillsRemoteMetadataWhenSingleRepoHasBlankBranchAndOrigin to cover the singleRepo edge case end-to-end: single contributing repo with empty Branch/RemoteOrigin strings plus non-empty remote metadata asserts that every remote field is backfilled.

> Mux is Mike's coding agent. This commit was made on Mike's behalf.

Addresses Codex P2 on head 0d3f417: the local chat git watcher set a
4 MiB websocket read limit but agentgit caps each repository's
UnifiedDiff at 3 MiB (maxTotalDiffSize), so a Changes message
aggregating two or more maxed-out repos legitimately exceeds 4 MiB and
triggers a coder/websocket close with StatusMessageTooBig. Because
wsjson.Decoder swallowed the read error (log at Debug, close the
channel), fetchLocalChatDiffContents surfaced a generic
"git watch connection closed" error and the diff drawer crashed with
a hard error in exactly the large-multi-repo case the local fallback
was meant to improve: a regression from the pre-fallback behavior.

Fix it with a narrowly scoped, two-layered degrade path:

1. Bump the client-side read limit from 4 MiB to 32 MiB
   (localChatDiffReadLimit), which covers ~10 maxed-out repos and makes
   realistic multi-repo worktrees just work without any fallback.

2. For pathological payloads beyond 32 MiB, treat the specific
   StatusMessageTooBig close as ignorable. fetchLocalChatDiffContents
   now reads from the websocket directly (bypassing wsjson.NewStream)
   so it can inspect websocket.CloseStatus(err), returning the narrow
   errLocalDiffMessageTooLarge sentinel on read-limit violations.
   shouldIgnoreLocalDiffFallbackError maps that sentinel onto the
   same remote-empty-diff fallback we already use for 404/403/400.
   Generic websocket close / decode / protocol errors continue to
   surface as hard errors so real regressions do not silently
   disappear behind the fallback.

Tests:

- IgnoresWatcherMessageTooBigCloses accepts the websocket, reads the
  refresh, then closes with StatusMessageTooBig. The client must
  degrade to the empty remote diff without error.
- SurfacesUnexpectedWatcherCloseErrors closes with StatusInternalError
  instead and pins that the fallback is scoped to MessageTooBig only,
  so a future attempt to blanket-ignore every close reason immediately
  breaks the test.

Pre-commit (gen/fmt/lint/build) passed. Full cli/ tests pass in 60.9s.

> Mux is Mike's coding agent. This commit was made on Mike's behalf.

Mirrors Round 7 DEREM-15 on the frontend side. site/src/api/api.ts
defined ExperimentalApiMethods.getChatGitChanges (plus the internal
ChatGitChangeResponse interface backing it) that targeted
GET /api/experimental/chats/{id}/git-changes, but:

- No call site exists anywhere under site/src/. The method was a pure
  orphan, exactly like codersdk.ExperimentalClient.GetChatGitChanges
  was on the Go side before Round 7 removed it.
- The HTTP route is not registered in coderd's chat router. The
  frontend's live diff panels rely on GET /diff (RemoteDiffPanel via
  chatDiffContents query) and the /stream/git websocket (useGitWatcher
  + GitPanel + LocalDiffPanel). /git-changes was never part of that
  wiring.

Drop the method and the ChatGitChangeResponse interface. The
TypesGen.ChatGitChange generated type stays because the Go codersdk
type is still referenced by parseChatGitChangesFromUnifiedDiff in cli.

No behavior change.

…-repo diff

Round 10 addresses both Codex findings on head 03d5021.

[Codex P1] Fallback on upstream oversize close statuses.
fetchLocalChatDiffContents previously degraded only on
StatusMessageTooBig, but the coderd watchChatGit proxy
(coderd/exp_chats.go) always closes the client stream with
StatusGoingAway regardless of why the upstream agent->coderd hop
failed. In particular, when that hop's 4 MiB read limit
(workspacesdk/agentconn.go SetReadLimit) is exceeded, the agent
closes its end with StatusMessageTooBig but the proxy does not
propagate that status. So for diffs between the 4 MiB upstream
limit and our 32 MiB client read limit the client only ever sees
StatusGoingAway and Round 9's narrow match fails to degrade,
returning a hard error in exactly the multi-repo worktree case
that local fallback was meant to improve.

Broaden the close-status match to cover both StatusMessageTooBig
and StatusGoingAway while keeping every other close status
(StatusInternalError, StatusProtocolError, ...) and every
non-close read error propagating so real protocol regressions
still reach the user. Rename the narrow errLocalDiffMessageTooLarge
sentinel to errLocalDiffWatchClosed to reflect the broader
semantic. Pin the new behavior with
TestFetchChatDiffContents/IgnoresWatcherGoingAwayCloses alongside
the existing MessageTooBig test; the SurfacesUnexpectedWatcherCloseErrors
test (which uses StatusInternalError) continues to enforce that
unrelated close reasons still surface.

[Codex P2] Flag partially unparsable diffs in summary.
renderChatDiffSummary only fell back to 'Changes present but
could not be summarized.' when parseChatGitChangesFromUnifiedDiff
returned zero entries, but a multi-repo aggregate assembled by
buildLocalChatDiffContents can legitimately mix real 'diff --git'
chunks from small repos with agent/agentgit's 'Total diff too
large to show...' placeholder for repos that exceed
maxTotalDiffSize (3 MiB). In that case the function counted the
real chunks, returned a normal 'N files changed' summary, and
silently dropped the oversized repo. The drawer then
underreported the changeset in exactly the multi-repo case this
feature is meant to improve.

Detect the placeholder prefix separately via
hasOversizedRepoPlaceholder and append
'(some repositories omitted: diff too large to summarize)' to the
summary whenever one is present. Scoped to lines that start with
the placeholder prefix so a legitimate '+' added line that happens
to contain the phrase cannot trigger a false positive. Covered by
TestExpAgentsRender/RenderDiffDrawer/FlagsPartiallyUnparsableMultiRepoDiff
alongside the existing ShowsFallbackForUnparsableNonEmptyDiff case
(placeholder-only input still goes through the zero-changes branch).