[codex] Harden Claude tmux audit follow-up

[bbingz]

Summary

• Keep Claude ask / review on detached tmux TUI while making the behavior explicit in runtime metadata, docs, and release notes.
• Harden follow-up findings from the multi-model audits: atomic temp cleanup, no-diff review cleanup, unsafe pid guards, Claude logged-out health coverage, fixture freshness parity, timing schema validation, and stream/args edge cases.
• Add docs/audit/third-party-review-followup-2026-06-15.md as the source-backed checklist for the Qwen batch and refresh README/provider docs across English, zh-CN, and ja.

Why

The third-party review batches mixed true issues with product-semantics conflicts. The branch preserves the user-required Claude tmux TUI default to avoid the claude -p path, then fixes the confirmed reliability, cleanup, security, and documentation drift without introducing a provider base framework.

Impact

• Claude tmux TUI calls now advertise detached/startup-only semantics more honestly.
• Cleanup paths are safer for atomic writes, no-change reviews, and session-end process termination.
• Release and docs surfaces stay aligned with the 11-provider runtime.
• Companion bundles are regenerated from source for all host packages.

Checks

• npm run build:plugins
• node --test packages/polycli-utils/test/atomic-save.test.js packages/polycli-utils/test/process.test.js
• node --test plugins/polycli/scripts/tests/hooks.test.mjs
• node --test --test-name-pattern "claude auth status logout|gemini no-changes review cleans up isolated cwd" plugins/polycli/scripts/tests/integration.test.mjs
• npm test (508/508)
• npm run release:check
• node --test scripts/tests/open-source-hygiene.test.mjs
• git diff --check