diff --git a/specs/GH537/product.md b/specs/GH537/product.md
new file mode 100644
index 000000000..7f7005c5c
--- /dev/null
+++ b/specs/GH537/product.md
@@ -0,0 +1,383 @@
+# PRODUCT.md — Honor user-defined shell bindkeys in Warp's input editor
+
+Issue: https://github.com/warpdotdev/warp/issues/537
+
+Figma: none provided.
+
+## Summary
+
+Warp's input editor currently ignores user-defined keybindings declared in the
+user's shell — `bindkey` in zsh, `bind` / `~/.inputrc` in bash readline, and
+`bind` in fish. When a user types in a Warp prompt, those customizations have
+no effect, even though the same keys work in any other terminal running the
+same shell. This spec covers honoring those user bindings inside the Warp
+input editor (the prompt where shell commands are typed) for zsh, bash, and
+fish, sourced from the user's actual running shell so that whatever the shell
+reports is what Warp respects.
+
+## Goals / Non-goals
+
+In scope:
+
+- Honoring user-defined keybindings in Warp's shell command input editor for
+  zsh, bash, and fish sessions.
+- Discovery via the user's live shell session (querying the shell for its
+  current binding table), so dynamic and conditionally-declared bindings are
+  picked up — not by parsing rc files.
+- Best-effort coverage of the action set: any shell widget / readline function
+  / fish input function that has a Warp-input equivalent is honored. Widgets
+  with no clean Warp equivalent degrade gracefully (see below) rather than
+  silently stealing the keystroke.
+- Keymap modes: emacs vs vi (insert/command/visual) for the shells that
+  expose them. Mode switches initiated by the user (e.g. `bindkey -v`,
+  `set -o vi`, vi-mode plugins, fish bind modes) take effect without restart.
+- Conflict policy with Warp's own keybindings (see Behavior #14).
+
+Out of scope for this spec:
+
+- Bindings inside surfaces other than the shell command input editor — the
+  AI prompt input, command palette, search, settings — keep their existing
+  Warp keybindings unchanged. (See Open question at #5.)
+- Other shells (PowerShell, nushell, xonsh, csh family). Adding more shells
+  follows the same shape but is not required for this issue to land.
+- A Warp-native keybinding-import config surface where users redeclare their
+  bindings inside Warp settings. The intent of this issue is "the bindings I
+  already have should just work" — not "give me yet another config".
+- Static parsing of `~/.zshrc`, `~/.inputrc`, `~/.config/fish/`, etc. The
+  source of truth is the live shell.
+- Honoring shell-level abbreviations, aliases, completions, syntax
+  highlighting, or autosuggestion plugins. Only key-to-action bindings.
+
+## Behavior
+
+### Discovery and lifecycle
+
+1. When a Warp tab starts a supported shell (zsh, bash, fish), Warp queries
+   that shell for its current keybinding table once the shell is ready to
+   accept commands but before the first user keystroke is processed by the
+   input editor. Until the table arrives, the input editor uses Warp's
+   default keymap; once the table arrives, user bindings take effect on the
+   next keystroke.
+
+2. The query mechanism is shell-native and visible only to Warp internals —
+   the user does not see the query command echoed in their scrollback, in
+   history, or in any block. Equivalents in spirit (not literal):
+   - zsh: `bindkey -L` for each keymap (`main`, `emacs`, `viins`, `vicmd`,
+     `vivis`, `viopp`, `command`, `isearch`, `menuselect`, plus any
+     user-defined keymaps).
+   - bash: `bind -p` for the current keymap and `bind -p -m emacs` /
+     `-m vi-insert` / `-m vi-command` for the others.
+   - fish: `bind` with no args, plus `bind -M insert` / `default` /
+     `visual` / etc.
+
+3. If the shell fails to start, exits before the query completes, or returns
+   an unparseable response, Warp logs a diagnostic and falls back to its
+   default keymap for that tab. The tab remains usable; no user-facing error
+   toast is required.
+
+4. When the user changes their bindings inside an existing session
+   (`bindkey '^X^E' edit-command-line`, `bind '"\C-x\C-e": edit-and-execute-command'`,
+   sourcing a new rc file mid-session, switching emacs/vi mode), Warp picks
+   up the change without requiring a restart of the tab. Discovery is
+   driven shell-side at every `precmd`, so the change is detected when
+   the prompt next redraws. The user-visible invariant: a binding
+   declared at the shell prompt is honored starting with the first
+   keystroke after Warp has parsed the next `ShellBindings` payload
+   from that prompt. Keystrokes pressed during the small async window
+   between the prompt firing and the payload being parsed use the
+   previous keymap (consistent with the non-blocking guarantee in #26);
+   declarations never block typing.
+
+5. Each tab tracks its own bindings independently. Changing bindings in one
+   tab does not affect another tab, even if both run the same shell.
+
+6. Closing and reopening a tab re-queries from scratch. Warp does not cache
+   bindings across tab restarts; the user's current shell state is always
+   the source of truth.
+
+### Honoring bindings in the input editor
+
+7. While the user is typing in the shell command input editor, every key
+   press is resolved against the precedence ladder defined in #14
+   (reserved infrastructure keys → user-customized Warp keybindings →
+   user shell bindings for the active keymap → Warp's default
+   keybindings → default character insertion). Shell bindings are
+   consulted only after the two higher tiers have been checked and have
+   not produced a match. When the matched action is a shell binding and
+   the bound widget has a Warp equivalent, Warp performs that action
+   and consumes the keystroke. When the bound widget is unsupported
+   (#11), the keystroke continues down the ladder to Warp's defaults.
+
+8. Multi-key sequences (`^X^E`, `^[f`, `gg`, fish `\\cx\\ce`) are honored
+   as a single action. Resolution rules:
+
+   - **Mid-sequence buffering.** While Warp has received one or more
+     keys that match a prefix of a longer binding but not yet a complete
+     binding, no action fires and no character is inserted; Warp waits
+     for the next key.
+   - **Ambiguous bindings (prefix is also a complete binding).** When
+     a key sequence matches both a complete binding and a prefix of a
+     longer binding (the canonical example: `^[` is `vi-cmd-mode` *and*
+     a prefix of `^[f`), Warp uses a 500 ms ambiguity timeout. If
+     another key arrives within 500 ms that extends the prefix, the
+     longer match wins. If no key arrives within the timeout, the
+     complete short binding fires.
+   - **Pure-prefix timeout.** When a sequence matches a prefix but no
+     complete binding (e.g. partial `^X` of `^X^E`), pending keys are
+     held without timeout — readline / ZLE both wait indefinitely on
+     pure prefixes. The user pressing any non-extending key abandons
+     the prefix immediately (next rule).
+   - **Abandonment.** When a non-matching key arrives mid-sequence,
+     the prefix is abandoned: Warp replays the buffered keys plus the
+     just-received key through normal handling, in arrival order. Any
+     of those replayed keys may itself trigger a single-key binding;
+     none of them re-enter prefix accumulation until the replay
+     finishes. This matches readline / ZLE behavior.
+   - **No keystroke is ever silently dropped.** Either a binding fires,
+     or the buffered keys are replayed.
+   - **Focus loss / window blur** mid-sequence abandons the prefix
+     (replay path); on refocus, accumulation starts fresh.
+
+   The 500 ms ambiguity timeout is the standard readline default; it
+   may be made configurable in a follow-up but is fixed for v1.
+
+9. "Insert literal string" bindings (e.g. zsh `bindkey -s '^X' 'echo hi\n'`,
+   readline `"\C-x": "echo hi\n"`) inject the bound text into the input
+   stream as if the user had typed each character — matching shell
+   input-queue semantics, not literal text insertion. A newline in the
+   bound string therefore submits the line (it triggers `accept-line`),
+   `^A` moves the cursor to the start, and so on. The injected
+   characters are processed through the same key-resolution chain as
+   real keystrokes, including any other bindings they happen to trigger.
+   Plain `self-insert` (no string macro) inserts the literal key
+   character at the cursor as expected.
+
+10. The full set of widgets / functions whose semantics Warp must honor when
+    bound includes, at minimum:
+    - Cursor motion: `forward-char`, `backward-char`, `forward-word`,
+      `backward-word`, `beginning-of-line`, `end-of-line`,
+      `beginning-of-buffer-or-history`, `end-of-buffer-or-history`.
+    - Deletion: `backward-delete-char`, `delete-char`, `backward-kill-word`,
+      `kill-word`, `kill-line`, `backward-kill-line`, `kill-whole-line`,
+      `unix-word-rubout`, `unix-line-discard`.
+    - Yank / kill ring: `yank`, `yank-pop`, `kill-region`, `copy-region-as-kill`.
+    - History: `up-line-or-history`, `down-line-or-history`, `up-history`,
+      `down-history`, `history-incremental-search-backward`,
+      `history-incremental-search-forward`,
+      `history-search-backward` / `-forward`, fish's history-pager bindings.
+    - Editing: `transpose-chars`, `transpose-words`, `upcase-word`,
+      `downcase-word`, `capitalize-word`, `quoted-insert`, `tab-insert`,
+      `overwrite-mode`, `undo`, `redo` (where supported).
+    - Submission and abort: `accept-line`, `accept-and-hold`,
+      `accept-and-infer-next-history`, `accept-search`, `send-break`
+      (`^C`), `eof` / `delete-char-or-list` (`^D` on empty line).
+    - Vi mode: `vi-cmd-mode`, `vi-insert`, `vi-replace`, `vi-add-next`,
+      `vi-add-eol`, `vi-change`, `vi-delete`, `vi-yank`, `vi-put-after`,
+      `vi-put-before`, `vi-find-next-char` / `-prev-char`, `vi-repeat-find`,
+      `vi-up-line-or-history`, `vi-down-line-or-history`, `vi-goto-mark`,
+      `vi-set-mark`, `vi-replace-chars`, `vi-substitute`,
+      `vi-change-whole-line`, plus fish-mode equivalents.
+    - Completion: `complete-word`, `expand-or-complete`,
+      `expand-or-complete-prefix`, `menu-complete`, `reverse-menu-complete`.
+      These trigger Warp's existing completion UI (not the shell's), but
+      from whichever key the user has bound them to. Behavior of the
+      completion UI itself is unchanged by this spec.
+
+11. Widgets that have no Warp equivalent (examples: `quoted-insert` in some
+    edge cases, `redisplay`, `clear-screen` if Warp already binds it
+    differently, user-defined named widgets / functions whose body is shell
+    code) are handled as follows:
+    - If the widget has a documented behavior Warp can replicate cheaply,
+      Warp replicates it.
+    - Otherwise the keystroke falls through to Warp's default handling for
+      that key, and Warp emits a one-time-per-session diagnostic noting
+      the unsupported widget. The diagnostic uses the same redaction
+      policy as telemetry: the widget name is included verbatim only if
+      it is in the documented shell-vocabulary allowlist (the well-known
+      ZLE/readline/fish input function names enumerated in #10);
+      user-defined or otherwise unknown names are written as
+      `user-defined`. The bound key sequence is not included in the
+      diagnostic. Telemetry records unsupported-widget hits under the
+      same rule; user-defined or otherwise unknown widget names are reported as
+      the bucket `user-defined` with no further identifying information,
+      since user-defined widget names can be arbitrary or private. Key
+      contents, key sequences, and binding bodies are never recorded.
+    - **Open question:** for user-defined shell-function widgets (e.g. zsh
+      `zle -N my-widget; bindkey '^X' my-widget`), v1 treats these as
+      unsupported. A future iteration could forward the keystroke to the
+      shell to let it execute the widget. Confirm v1 = unsupported is
+      acceptable.
+
+12. `clear-screen` (typically `^L`) clears Warp's block list to the current
+    prompt, matching the user's expectation from a real terminal — even if
+    Warp's default `^L` already does this, the binding must continue to
+    work when remapped to another key.
+
+### Modes
+
+13. When the shell is in vi mode, the active keymap follows the shell's
+    current mode (insert / command / visual / replace). Warp learns about
+    mode transitions through the same mechanism it uses for binding
+    discovery (see #4) — when the shell signals a mode change (by repaint,
+    OSC, prompt update, or whichever signal the implementation lands on),
+    Warp's input editor switches keymaps so the next keystroke is matched
+    against the new map. Visible mode indicators (cursor shape, vim-mode
+    plugin status text in the prompt) remain whatever the shell already
+    drew; Warp does not add its own.
+    - **Open question:** what's the canonical signal for mode change across
+      the three shells? Tech spec must answer this concretely. If no
+      reliable signal exists for one shell, document the fallback (poll on
+      every prompt redraw, etc.).
+
+### Precedence and conflicts
+
+14. Resolution order for a single keystroke in the shell command input
+    editor, highest priority first:
+    1. Reserved infrastructure keys (see below).
+    2. User-customized Warp keybindings (anything the user has explicitly
+       set in Warp settings).
+    3. User shell bindkeys for the active keymap.
+    4. Warp's default keybindings.
+    5. Default character insertion.
+
+    Rationale: a key the user has explicitly bound in Warp settings is the
+    strongest signal of intent. Below that, the user's shell bindings
+    override Warp's defaults — that is the entire point of this issue. Warp
+    defaults are the floor.
+
+    **Reserved infrastructure keys.** A small set of keys is structurally
+    needed for Warp ↔ shell communication (input reporting, prompt-mode
+    switching, kill-buffer signaling) and cannot be honored as
+    user-controlled in v1. User bindings on these keys are imported into
+    Warp's debug view tagged `reserved-by-warp` and do not fire;
+    bindings on every other key follow the regular precedence above.
+    The reserved set per shell:
+
+    - **zsh:** `^P` (Warp uses for `kill-buffer`), `\ei` (input reporting).
+    - **bash:** `\C-p` (`kill-whole-line` for clear-buffer), `\ei`
+      (input reporting), `\ep` (switch to PS1 prompt), `\ew` (switch to
+      Warp prompt).
+    - **fish:** `\cP` (clear input buffer), `\ep` (switch to PS1
+      prompt), `\ew` (switch to Warp prompt), `\ei` (input reporting).
+
+    These match the keys Warp's existing bootstrap already installs in
+    each shell. Lifting the exception (re-implementing each integration
+    point without bind-level interception) is a tracked follow-up; the
+    integrations exist today and replacing them is out of scope here.
+
+15. When a user shell binding shadows a Warp default, no warning, banner, or
+    toast appears. The user already declared this binding in their shell
+    config; the override is the desired behavior. Diagnostics for shadowed
+    Warp defaults may be available through verbose logging but are not
+    user-facing.
+
+16. When a user shell binding cannot be honored because the bound widget is
+    unsupported (#11), the keystroke falls through to Warp's default — it
+    does not steal the keystroke and produce nothing. The user sees the
+    Warp default fire on that key, which may differ from what their shell
+    would have done. The diagnostic from #11 is the user's signal that
+    something they configured isn't supported yet.
+
+### Multi-tab and multi-shell scenarios
+
+17. A window with multiple tabs running different shells (one zsh, one
+    bash, one fish) honors each tab's bindings independently. Switching
+    focus between tabs changes the active binding table to that tab's.
+
+18. SSH sessions: when the user SSHes from a Warp tab to a remote host and
+    a shell starts on the remote, Warp does not query the remote shell for
+    bindings in v1. The local Warp input editor continues to use the
+    bindings of the local shell that started the tab, or Warp defaults if
+    the local shell wasn't a supported one. Honoring remote bindings
+    requires the remote-side Warp agent and is out of scope here.
+
+19. Subshells started inside a session (`bash` typed at a zsh prompt,
+    `tmux`, etc.) keep the parent tab's binding table. The user does not
+    see a re-query, and bindings the subshell may have configured do not
+    take effect in the Warp input editor. Re-querying on every subshell
+    transition is feasible but a follow-up.
+
+### Surface boundaries
+
+20. Bindings only apply while the user's input focus is in the shell
+    command input editor of a tab whose shell is one of zsh / bash / fish.
+    They do not affect:
+    - Warp command palette, settings, search, AI prompt input,
+      block-level chrome (the keystrokes there continue to use Warp's own
+      keymap).
+    - Tabs whose shell is not a supported shell — those tabs use Warp
+      defaults.
+    - Any modal overlay rendered above the input editor (file palette,
+      command palette, suggestions popover focus, etc.).
+
+21. Switching focus from the input editor to another surface and back does
+    not require re-querying. The binding table from the most recent query
+    remains valid for the duration of the tab unless invalidated by #4.
+
+### AI / agent prompt input
+
+22. The AI prompt input editor does not honor shell bindkeys by default —
+    it is not a shell, and shell vi/emacs muscle memory there would
+    conflict with the AI input's own conventions.
+    - **Open question:** add an opt-in setting "Use my shell bindings in AI
+      prompts too"? Default off either way. Resolve before implementation.
+
+### Settings, opt-out, and discoverability
+
+23. The feature is on by default for supported shells once it ships.
+    - **Open question:** ship behind a feature flag for staged rollout
+      (default off → dogfood → preview → stable), or default on from
+      release? Tech spec / release plan to decide.
+
+24. A single setting "Honor shell keybindings in input editor" lives under
+    the Keybindings section of settings. Toggling it off immediately
+    restores Warp's default keymap for all tabs (no restart). Toggling
+    it back on resumes matching against each tab's most recently
+    received binding table; any drift since the toggle was off is
+    picked up on the tab's next `precmd` payload, since re-queries are
+    shell-driven (see TECH.md §1). Users who want a fresh re-import
+    without waiting for the next prompt can press Enter on an empty
+    line, which fires `precmd` immediately.
+
+25. The Keybindings settings page surfaces, somewhere reachable, a
+    read-only view of the bindings Warp has imported for the active tab —
+    enough that a user debugging "why didn't my binding work" can see what
+    Warp received from the shell and which entries Warp marked unsupported.
+    Format: a list of `key → action (status)` rows where status is one of
+    `honored`, `shadowed-by-warp-user`, `unsupported`. The exact UI is left
+    to the tech spec; the behavioral requirement is that the information is
+    discoverable without enabling debug logging.
+
+### Performance and correctness invariants
+
+26. The initial binding query must not block the user's first keystroke
+    perceptibly. If the query has not completed by the time the user types,
+    the keystroke is handled with Warp defaults; it is not buffered or
+    delayed. Late-arriving bindings apply to subsequent keystrokes.
+
+27. The query must not appear in the user's shell history, in scrollback,
+    in the block list, or as visible output. Side effects on the shell's
+    own state (kill ring, last-status `$?`, etc.) must be avoided or
+    cleaned up.
+
+28. Receiving a malformed or partial response from the shell never causes
+    a crash, hang, or stuck input editor. The fallback is always: drop the
+    bad data, log a diagnostic, keep using whatever binding table was
+    valid before.
+
+29. Existing Warp keybindings that the user has not customized continue to
+    work unchanged on tabs running unsupported shells, on tabs where the
+    feature is disabled, and on tabs where the query has not yet completed
+    or failed.
+
+## Open questions
+
+Collected from inline references above plus a few cross-cutting ones the
+tech spec must resolve:
+
+- v1 handling of user-defined named widgets whose body is shell code (#11).
+- Canonical signal for vi-mode transitions across zsh, bash, and fish (#13).
+- AI prompt input opt-in for shell bindings (#22).
+- Default-on vs feature-flagged staged rollout (#23).
+- (Resolved) Telemetry redaction policy for widget names — see #11; the
+  rule is allowlist-or-bucket, never raw user-defined names.
diff --git a/specs/GH537/tech.md b/specs/GH537/tech.md
new file mode 100644
index 000000000..ce3e9db6d
--- /dev/null
+++ b/specs/GH537/tech.md
@@ -0,0 +1,666 @@
+# TECH.md — Honor user-defined shell bindkeys in Warp's input editor
+
+Issue: https://github.com/warpdotdev/warp/issues/537
+Product spec: [`product.md`](./product.md)
+
+## Context
+
+Warp's input editor receives raw keystrokes, matches them against the
+`Keymap` table, and dispatches `InputAction` variants. Today that table
+knows nothing about the user's shell bindings, so user customizations
+(`bindkey '^X^E' edit-command-line`, readline `bind`, fish `bind`) are
+ignored. See `product.md` for the user-visible behavior we want.
+
+Relevant code, with line ranges:
+
+- **Input editor and actions** — `app/src/terminal/input.rs (1072-1149)`.
+  `InputAction` is the dispatched action type. Today it covers
+  Warp-flavored actions (`FocusInputBox`, `CtrlR`, `CtrlD`,
+  `MaybeOpenCompletionSuggestions`, etc.) but does **not** have the
+  fine-grained editor verbs ZLE / readline expose
+  (`backward-kill-word`, `transpose-chars`, `kill-line`, `yank-pop`,
+  `up-history`, `vi-cmd-mode`, …). The buffer model lives in
+  `InputBufferModel` in the same file. `crates/editor/src/editor.rs
+  (18-55)` exposes the underlying `EditorView` trait.
+- **Keymap** — `crates/warpui_core/src/keymap.rs (25-38, 44-49, 72-150)`.
+  `Keymap { fixed_bindings, editable_bindings }` indexed by name, with
+  `Trigger::{Keystrokes(Vec<Keystroke>), Standard(StandardAction),
+  Custom(CustomTag)}` and `ContextPredicate` for context-scoped layering.
+  Resolution: `editable_bindings` (user-overridden) wins over
+  `fixed_bindings` (Warp defaults). Matching lives in
+  `crates/warpui_core/src/keymap/matcher.rs`.
+- **Shell type and session** — `crates/warp_terminal/src/shell/mod.rs
+  (58-96, 250-255)`. `ShellType { Zsh, Bash, Fish, PowerShell }`,
+  `Shell { type, version, options, plugins, shell_path }`,
+  `ShellStarter::init()` at line 79. `app/src/terminal/local_tty/shell.rs
+  (1-200)` for spawn details.
+- **Bootstrap and DCS hooks** — `app/src/terminal/bootstrap.rs (1-150)`
+  injects a per-shell init script from `bundled/bootstrap/{zsh,bash,fish,
+  pwsh}.sh`. Script-to-app communication uses
+  `app/src/terminal/model/ansi/dcs_hooks.rs (1-150)`: `DProtoHook`
+  variants (`Bootstrapped`, `Precmd`, `Preexec`, `InputBuffer`,
+  `InitShell`, …) carry hex-encoded JSON payloads
+  (`HEX_ENCODED_JSON_MARKER = 'd'`). DCS dispatch arrives as
+  `ModelEvent::PluggableNotification` in
+  `app/src/terminal/model_events.rs (468-472)`. **There is no live
+  "invisible command exec" primitive today**; bootstrap-emitted DCS
+  payloads are the right plumbing to extend.
+- **Settings** — `app/src/terminal/keys_settings.rs (15-71, 26-34)`.
+  `define_settings_group!` macro is the pattern for new boolean toggles
+  (see `quake_mode_enabled`). Feature flags live in
+  `crates/warp_features/src/lib.rs (9+)`.
+- **Telemetry** — `app/src/server/telemetry/events.rs (1237+, 2920)`.
+  `TelemetryEvent` enum + `send_telemetry_from_ctx!` macro.
+- **Vi-mode tracking** — none today. The `vim` crate is Warp's own
+  in-editor vi emulation, not shell awareness.
+
+## Proposed changes
+
+The implementation has five logical pieces. Each maps cleanly to one
+subsystem above.
+
+### 1. Bootstrap-side binding query
+
+Extend the bootstrap scripts to dump the user's binding table to Warp
+via a new DCS hook variant. Doing the query in bootstrap (rather than
+adding a runtime invisible-exec primitive) avoids polluting history,
+scrollback, and last-status; it also runs before the first prompt so
+bindings are available when the user starts typing.
+
+- `bundled/bootstrap/zsh.sh`: discover keymaps dynamically with
+  `bindkey -l` (this enumerates the standard set — `main`, `emacs`,
+  `viins`, `vicmd`, `vivis`, `viopp`, `command`, `isearch`,
+  `menuselect` — and any user-defined keymaps created via
+  `bindkey -N <name>`), then run `bindkey -L -M $keymap` per keymap and
+  emit a JSON object `{ keymap_name: [ { keys, widget }, … ] }`. Also
+  emit `KEYMAP` so the active keymap is known. User-defined keymaps
+  pass through with their declared name; the matcher honors them when
+  they are referenced as the active keymap (resolves PRODUCT #2's
+  reference to "user-defined keymaps").
+- `bundled/bootstrap/bash.sh`: `bind -p` for the current keymap and
+  `bind -p -m emacs / vi-insert / vi-command` for the others. Detect vi
+  vs emacs via `set -o | grep -E '^(vi|emacs)'`.
+- `bundled/bootstrap/fish.sh`: this requires reworking the existing
+  bootstrap, which currently sets
+  `fish_key_bindings = fish_default_key_bindings` (line 306) and then
+  installs four Warp-required binds (`\cP`, `\ep`, `\ew`, `\ei`) on
+  top — clobbering any user `fish_vi_key_bindings` setting and any
+  user-installed binds. To honor user fish bindings without losing
+  Warp's required reporting binds, we change the bootstrap to:
+
+  1. Capture the user's `fish_key_bindings` value at the very top of
+     the bootstrap, and stop the unconditional reset at line 306. The
+     user's chosen scheme runs as configured.
+  2. After the user's scheme runs, install Warp's four reserved binds
+     (`\cP`, `\ep`, `\ew`, `\ei`) explicitly in every bind mode the
+     user uses (default, insert, visual for vi mode; default for
+     emacs; plus any custom modes discovered via `bind -L`). Those
+     four keys are reserved for Warp and intentionally shadow user
+     bindings on them — the explicit precedence boundary from
+     PRODUCT #14.
+  3. Snapshot the resulting `bind` output per mode and emit it as the
+     `ShellBindings` payload. The vi-mode-vs-input-reporting conflict
+     that originally motivated the reset is resolved here because the
+     reporting bind is reinstalled in whichever mode is active, instead
+     of the scheme being reset wholesale.
+
+  Mode tracking uses `$fish_bind_mode` for the initial snapshot and
+  the in-app vi state machine described in the open-questions section
+  for transitions.
+
+The payload is emitted as a new `DProtoHook::ShellBindings` variant in
+`dcs_hooks.rs` carrying `{ shell, keymaps: Vec<KeymapTable>,
+active_keymap, schema_version, nonce }`. Reuse `HEX_ENCODED_JSON_MARKER`.
+
+The `ShellBindings` payload is a privileged terminal-control message
+(it can rewrite local key handling) and is only accepted from the
+bootstrap context:
+
+- Each Warp-spawned shell receives a per-session, per-tab nonce in its
+  initial environment (`WARP_BOOTSTRAP_NONCE`). The very first action in
+  the bootstrap script is to copy this value into a non-exported,
+  shell-local variable (`typeset -g` in zsh, plain assignment in bash
+  with `export -n`, `set -l` plus careful scoping in fish), then
+  `unset WARP_BOOTSTRAP_NONCE` and remove it from the inherited
+  environment so it is not visible to any descendant process. Every
+  `ShellBindings` and `Precmd` payload the bootstrap emits embeds this
+  value. The app rejects any payload whose nonce does not match the
+  expected value for that tab.
+
+  **Threat model** (documented explicitly so the limits are not
+  oversold). The nonce defends against:
+  - Innocent process output that happens to contain a DCS sequence
+    (`cat`'d binary file, curl response, log dump, terminal-art).
+  - Descendants of the user's shell that did not exist at bootstrap
+    time and never had the chance to read the nonce.
+
+  It does **not** defend against:
+  - A process spawned during the window between the shell starting
+    and the bootstrap unsetting the variable. For zsh and bash this
+    window is closed by making the unset the first non-trivial line
+    of the bootstrap, before any user rc file is sourced.
+
+    **Fish-specific caveat.** Warp launches fish as
+    `fish -f no-mark-prompt --login --init-command '<bootstrap>'`
+    (`app/src/terminal/local_tty/shell.rs:632`). Fish runs `config.fish`
+    and any user functions *before* `--init-command`, so the env-var
+    nonce is readable to user code that runs at config time. To close
+    this gap the fish path passes the nonce out-of-band: Warp writes
+    the nonce to a tempfile under the user's runtime dir with mode
+    `0600`, passes the path as the first argument of `--init-command`,
+    and the bootstrap reads it then `rm`s the file before any further
+    work. The `WARP_BOOTSTRAP_NONCE` env var is not used for fish at
+    all. This brings fish to parity with zsh/bash on later-spawned
+    descendants but does not protect against an adversarial
+    `config.fish` written before Warp launched, which is consistent
+    with the same-uid threat model below.
+  - A same-user process that already has read access to the parent
+    shell's environment (`/proc/<pid>/environ` on Linux,
+    `procfs`/`ps eww` on macOS — both gated by same-uid). Such a
+    process can already inject keystrokes through `TIOCSTI` (where
+    enabled), modify rc files, or attach via debugger; defending the
+    DCS channel against this attacker offers no marginal security.
+  - A privileged adversary; out of scope for any user-mode mitigation.
+
+  This trust boundary is the same one Warp's existing shell-integration
+  hooks already implicitly rely on. The nonce makes that boundary
+  explicit and raises the bar above pure-output spoofing.
+- **Validation order, single rule.** Validation runs in three
+  strictly ordered phases on the receive side, each of which rejects
+  the entire payload on failure:
+  1. **Pre-decode byte cap.** The DCS frame's hex-decoded byte length
+     is checked against the 256 KiB total cap *before* JSON
+     deserialization runs. Frames exceeding the cap are dropped at
+     the framing layer and logged; no allocation for parsed structures
+     happens. This bounds memory and CPU before untrusted data
+     reaches `serde_json`.
+  2. **Schema decode.** JSON is decoded into the `ShellBindings`
+     struct. Any field type mismatch, unknown `schema_version`, or
+     malformed `Keystroke` string discards the entire payload — no
+     partial application. There is no per-entry "drop one and keep
+     the rest" branch.
+  3. **Post-decode bounds.** After successful decode, the parsed
+     structure is checked against the per-entry caps (max 4 KiB
+     per binding entry, max 16 keymaps, max 8192 bindings total).
+     Any violation discards the entire payload.
+
+  The previous draft's "drop oversized entries before parsing"
+  language is retired; the rule is uniform — every validation
+  failure is whole-payload rejection so the app never applies a
+  partial table.
+- The same nonce check applies to the binding-hash field on the
+  existing `Precmd` hook; an unsigned or mismatched hash leaves the
+  previous binding table in place.
+
+### Re-query mechanism
+
+Re-queries are driven entirely shell-side; the app never has to mutate
+shell state to trigger a re-emit (which the running shell can't observe
+anyway — flipping an env var from outside has no effect on the live
+session). The bootstrap script keeps a shell-scoped variable
+`__warp_bindings_hash` initialized at startup to the hash emitted
+alongside the first `ShellBindings` payload. On every `precmd` the
+script:
+
+1. Recomputes the 64-bit hash of the current binding table.
+2. Emits the hash in the `Precmd` DCS payload (informational; the app
+   uses it for telemetry and to detect mid-session resyncs).
+3. If the new hash differs from `__warp_bindings_hash`, emits a fresh
+   `ShellBindings` payload with the full table and updates
+   `__warp_bindings_hash` to the new value.
+
+The app-side handler simply consumes whatever arrives. Steady state is
+one hash computation per prompt; the full payload is re-emitted only on
+real changes (new `bindkey`, mode switch via `bindkey -v`, sourcing a
+new rc file, plugin rebind). PRODUCT #26 holds because the work runs
+inside `warp_precmd` after the user's command output, asynchronously to
+keystrokes.
+
+**Preserving shell state during the hash step (PRODUCT #27).** The
+hash function runs as the very first action of `warp_precmd` and must
+leave shell-observable state untouched. The discipline:
+
+- **Last-status (`$?` / `$status`).** Save before any other
+  expression: zsh `local __warp_status=$?`, bash
+  `local __warp_status=$?`, fish `set -l __warp_status $status`. Any
+  value the user reads from `$?` later in their own `precmd` chain
+  sees the saved value, restored via `return $__warp_status` at the
+  end of the function (or `set -e status $__warp_status` in fish).
+- **Shell options.** No `set -o`, `setopt`, `shopt`, or
+  `set -gx fish_<option>` calls inside the hash path. The hash reads
+  bindings via `bindkey -L` / `bind -p` / `bind`, which are pure
+  reads.
+- **Keymap state.** No `bindkey -v` / `bindkey -e` / `set -o vi` /
+  `set fish_key_bindings ...` calls; the hash only reads. Specifically
+  for zsh, do not `bindkey -A` between maps, and do not change
+  `KEYMAP` (it is read as a value but never assigned).
+- **Variables.** All temporaries are `local`/`typeset -g
+  __warp_<name>` (zsh, bash) or `set -l __warp_<name>` (fish), with a
+  `__warp_` prefix to avoid collisions with user variables. The
+  shell-scoped `__warp_bindings_hash` tracker is the single
+  long-lived variable; it is created with `typeset -g`/`set -g`
+  exactly once on bootstrap entry.
+- **Pipelines.** The hash computation avoids subshells where
+  possible (subshells in zsh/bash inherit `$?` clobbering rules).
+  Where a subshell is unavoidable, `$?` is captured before the
+  subshell and restored after.
+- **Aliases.** All command invocations inside `warp_precmd` use
+  `\bindkey` / `command bind` / `builtin bind` form so user-defined
+  aliases or function shadowing of `bindkey` / `bind` cannot
+  interfere with the read or with state.
+- **Traps and DEBUG hooks.** zsh's `TRAPDEBUG` and bash's `trap …
+  DEBUG` are not modified. The hash function does not add or remove
+  any trap.
+
+A unit test under `crates/integration` runs each shell with a
+synthetic precmd chain that asserts every one of these invariants
+(`$?` round-trips an arbitrary value, every `set -o` flag is
+unchanged, `KEYMAP` is unchanged, no new shell variables outside the
+`__warp_` prefix exist after `warp_precmd` returns).
+
+### 2. Shell-bindings storage on `Shell`
+
+Add `bindings: Option<ShellBindings>` and `active_keymap: KeymapMode` to
+the `Shell` struct in `crates/warp_terminal/src/shell/mod.rs`. New
+types:
+
+```rust
+pub struct ShellBindings {
+    pub schema_version: u32,
+    pub keymaps: HashMap<KeymapMode, Vec<ShellBinding>>,
+    pub table_hash: u64,
+}
+
+pub struct ShellBinding {
+    pub keys: Vec<Keystroke>,           // parsed from "^X^E", "\C-x\C-e", "\\cx\\ce"
+    pub widget: ShellWidget,            // see #3
+    pub raw_widget_name: String,        // for telemetry/debug UI
+}
+
+pub enum KeymapMode {
+    Emacs,
+    ViInsert,
+    ViCommand,
+    ViVisual,
+    ViReplace,           // overwrite mode (zsh `vi-replace`,
+                         // bash `vi-replace-mode`, fish `replace_one`/
+                         // `replace`).
+    ViOperatorPending,   // post-operator state for vi (`d`, `c`, `y`,
+                         // etc., awaiting motion) — zsh `viopp`,
+                         // and the equivalent transient state in
+                         // bash/fish. Required for the dispatch
+                         // transitions in the open-questions
+                         // vi-mode section below.
+    Other(String),       // user-defined zsh keymaps from `bindkey -N`,
+                         // surfaced verbatim. The matcher consults
+                         // these only when the active keymap reported
+                         // by the shell matches the same name.
+}
+```
+
+Mutation flows through a new `ModelEvent::ShellBindingsUpdated { tab_id,
+bindings }` raised when a `ShellBindings` DCS hook arrives.
+`active_keymap` is updated from the `Precmd` payload.
+
+### 3. Widget mapping
+
+`ShellWidget` is an enum covering the widgets enumerated in PRODUCT.md
+#10 — e.g. `BackwardKillWord`, `KillLine`, `AcceptLine`, `Yank`,
+`HistorySearchBackward`, `ViCmdMode`, `CompleteWord`,
+`SelfInsert(String)`, `Unsupported(String)`. Parsing
+`bindkey -L` / `bind -p` / fish `bind` happens in a new
+`crates/warp_terminal/src/shell/bindings.rs` with three small parsers
+(one per shell) feeding a common normalizer.
+
+This forces a real expansion of `InputAction` in
+`app/src/terminal/input.rs`. Today's coarse actions are not granular
+enough; we add fine-grained verbs that match ZLE/readline semantics
+(`BackwardKillWord`, `KillLine`, `TransposeChars`, `UpHistory`,
+`HistorySearchBackward`, `Yank`, `YankPop`, `ViChange`, …) and route
+them through `InputBufferModel`. Many of these are small additions
+because the buffer already supports the underlying mutations
+(word-aware cursor motion, kill-ring) — they just lack public action
+entry points.
+
+A widget→`InputAction` map (`shell/widget_dispatch.rs`) is the bridge.
+Honored widgets dispatch the matching `InputAction`. The widget enum
+distinguishes:
+
+- `SelfInsert` (no payload) — the dispatched key character is inserted
+  literally at the cursor. This is the trivial `bindkey -e` /
+  `bind self-insert` case, plus any binding that evaluates to a single
+  printable keystroke.
+- `Macro(String)` — the bound text is fed back through the input
+  pipeline one keystroke at a time, exactly as if the user had typed
+  each character. The injected stream goes through the same
+  key-resolution chain as real input (PRODUCT #9): a newline therefore
+  triggers `accept-line` and submits the command, `^A` triggers
+  `beginning-of-line`, and so on. This is the path for zsh
+  `bindkey -s '^X' 'echo hi\n'`, readline `"\C-x": "echo hi\n"`, and
+  fish string-bind macros. Macro re-injection is bounded (a small
+  per-macro-character limit prevents bind-cycle infinite loops; the
+  input pipeline rejects further macro expansion once the limit is
+  reached and emits a diagnostic).
+- `Action(InputAction)` — every other widget. The dispatcher fires the
+  mapped `InputAction` directly.
+- `Unsupported(name)` — returns a sentinel that tells the matcher to
+  fall through (PRODUCT #11, #16).
+
+### 4. Keymap matcher integration
+
+`warpui_core` is a UI-layer crate and must not learn about shells,
+tabs, or PTYs. Shell bindings are therefore normalized into ordinary
+`Binding` instances at the terminal layer before they are handed to
+the matcher; the matcher itself stays unchanged at the type level.
+
+The current `ContextPredicate` only takes `&'static str`
+identifiers/values (`crates/warpui_core/src/keymap/context.rs:10-17`),
+so a `TabIs(tab_id: u64)` predicate cannot be expressed without
+extending it — and we don't want to. Instead, tab scoping happens at
+the storage tier, not inside the predicate. The new API is:
+
+```rust
+// crates/warpui_core/src/keymap.rs
+pub struct ScopeKey { pub category: &'static str, pub id: u64 }
+
+impl Keymap {
+    pub fn set_contextual(&mut self, scope: ScopeKey, bindings: Vec<Binding>);
+    pub fn clear_contextual(&mut self, scope: ScopeKey);
+    pub fn set_active_scopes(&mut self, scopes: SmallVec<[ScopeKey; 4]>);
+}
+```
+
+Internally `Keymap` stores `contextual: HashMap<ScopeKey, Vec<Binding>>`
+plus `active_scopes: SmallVec<[ScopeKey; 4]>`. The matcher iterates
+only over bindings in `active_scopes`, in priority order, alongside
+the existing fixed/editable tiers. `Binding`s themselves keep using
+the existing `ContextPredicate` for any further conditional matching
+within a scope (e.g. "only when the input editor is focused"); they
+don't need to know about tabs.
+
+The terminal layer (`app/src/terminal/keymap_bridge.rs`, new) owns
+shell-binding state per tab and writes through this API:
+
+1. On `ShellBindingsUpdated(tab_id, bindings)`, translates each
+   `ShellBinding`'s widget into an `InputAction` (or `Macro` injection
+   / `Unsupported` sentinel) via `shell/widget_dispatch.rs`, then
+   builds `Vec<Binding>` with `BindingOrigin::Contextual` tags and a
+   regular `ContextPredicate` matching "input editor focused".
+2. Calls `keymap.set_contextual(ScopeKey { category: "shell", id:
+   tab_id }, bindings)`.
+3. On tab focus change, calls `keymap.set_active_scopes(...)` with
+   the focused tab's shell scope (plus any other always-active
+   scopes).
+4. On tab close, calls `keymap.clear_contextual(...)`.
+
+`BindingOrigin` is a generic, shell-free enum that lives in
+`warpui_core` alongside the existing `Binding` struct, because the
+matcher needs to know about it to enforce precedence:
+
+```rust
+// crates/warpui_core/src/keymap.rs
+pub enum BindingOrigin {
+    Fixed,        // built-in defaults
+    Editable,     // user customizations from settings
+    Contextual,   // installed via set_contextual; tier slotted
+                  // between Editable and Fixed in the matcher
+}
+
+pub struct Binding {
+    // existing fields …
+    pub origin: BindingOrigin,
+}
+```
+
+`Contextual` is the generic name for the tier — `warpui_core` does not
+know what populates it (shells, plugins, anything that wants
+short-lived scope-keyed bindings). The terminal/app layer is the only
+caller that uses it for shell bindings today; future callers
+(e.g. plugin-provided bindings) reuse the same tier without any
+further `warpui_core` changes.
+
+The matcher walks candidates in
+Editable → Contextual → Fixed order within each active scope's set,
+which is the exact PRODUCT #14 ordering (reserved infrastructure keys
+sit above all of these and are handled at the terminal layer before
+the matcher sees the keystroke at all). The terminal layer's
+shell-specific types (`ShellBinding`, `ShellWidget`, the
+shell-vocabulary widget allowlist, the `keymap_bridge`) stay confined
+to the terminal/app crate; they are translated into core
+`Binding { origin: Contextual, … }` instances before being handed to
+`Keymap::set_contextual`.
+
+Effective resolution order for a keystroke in the active tab
+(PRODUCT #14, enforced by origin-tag ordering within
+`active_scopes`):
+
+1. Reserved infrastructure keys for the tab's shell.
+2. Bindings tagged `BindingOrigin::Editable` (user Warp overrides)
+   whose context predicate matches.
+3. Bindings tagged `BindingOrigin::Contextual` from the active tab's
+   contextual scope.
+4. Bindings tagged `BindingOrigin::Fixed` (Warp defaults).
+
+Multi-tab independence (PRODUCT #5, #17) falls out of scope-keyed
+storage. The terminal layer maintains active-scope membership in
+sync with focus.
+
+**Multi-key prefix handling (PRODUCT #8) requires a matcher API
+change.** The current `Matcher::match_keystrokes` returns `None` and
+clears its pending state on a mismatch
+(`crates/warpui_core/src/keymap/matcher.rs:258`+); buffered prefix
+keys are dropped silently. PRODUCT #8 demands the readline / ZLE
+behavior of replaying buffered keys when a multi-key sequence is
+abandoned by a non-matching keystroke. Concrete change:
+
+- The matcher's per-call return type becomes:
+
+  ```rust
+  pub enum MatchOutcome<'a> {
+      Match(&'a Binding),
+      Pending,                       // prefix matched, awaiting more
+      AbandonedPrefix(SmallVec<[Keystroke; 4]>, Keystroke),
+                                     // prefix did not extend; replay
+                                     // these keys then handle the
+                                     // current key normally
+  }
+  ```
+- The dispatcher handles `AbandonedPrefix` by feeding each replayed
+  keystroke through the matcher with pending state cleared, then
+  feeding the current keystroke last. Any of those replayed keys may
+  themselves trigger a (single-key) binding; the new prefix
+  accumulator is empty until something matches a multi-key prefix
+  again.
+- The change is internal to `warpui_core`. Callers that don't care
+  about the new variant (every existing keymap) use a thin helper
+  `match_or_replay()` that flattens `AbandonedPrefix` back into the
+  old "single key, no match, drop pending" semantics — preserving
+  current behavior for surfaces that don't want replay.
+
+**Ambiguity timeout (PRODUCT #8).** When the accumulated keys both
+match a complete binding *and* prefix a longer one, the matcher
+returns `Pending` and the dispatcher arms a 500 ms timer. If the
+timer fires before another key arrives, the dispatcher tells the
+matcher to commit the shorter binding (`Matcher::commit_pending()`,
+new) and dispatches that action. If a key arrives first that
+extends the prefix, the timer is canceled and matching continues. If
+a key arrives that does *not* extend the prefix, the matcher returns
+`AbandonedPrefix` and the dispatcher follows the replay path (above).
+The timer lives on the dispatcher side so the matcher itself stays
+synchronous; this also keeps the timeout out of the matcher's pure
+match logic. Pure-prefix accumulation (no complete-binding ambiguity)
+arms no timer — Warp waits indefinitely for the next key, matching
+readline / ZLE.
+
+**Focus-loss abandonment (PRODUCT #8).** Window blur, modal-overlay
+open, and tab switch each call `Matcher::abandon_pending()`, which
+returns the buffered keys for the dispatcher to drop on the floor
+(no replay, since the input editor no longer has focus to receive
+them).
+
+### 5. Settings, feature flag, debug surface
+
+- New boolean setting in `app/src/terminal/keys_settings.rs` via
+  `define_settings_group!`: `honor_shell_bindkeys` (default `true`)
+  with `toml_path: "terminal.input.honor_shell_bindkeys"`. The matcher
+  short-circuits the `BindingOrigin::Contextual` tier when this is off (PRODUCT
+  #24). Because re-queries are shell-side (bootstrap + `precmd`
+  driven), turning the toggle back on does not actively re-query — it
+  resumes matching against the most recent table the bootstrap emitted,
+  and any change since then will arrive on the next `precmd`. PRODUCT
+  #24 is updated to reflect this (toggling off restores defaults
+  immediately; toggling on resumes from the cached table and picks up
+  changes on the next prompt).
+- New `FeatureFlag::HonorShellBindkeys` in
+  `crates/warp_features/src/lib.rs` so we can stage rollout
+  (default off → dogfood → preview → stable). Resolves PRODUCT
+  open-question #23.
+- Read-only debug view (PRODUCT #25): a small panel under the
+  Keybindings settings section that lists the active tab's
+  `ShellBindings` as `key → widget (status)` rows. Status is derived
+  by walking the matcher precedence chain. No new persistence.
+- Telemetry events in
+  `app/src/server/telemetry/events.rs`:
+  - `HonorShellBindkeysToggled { enabled: bool }`
+  - `ShellBindkeysQueryFailed { shell_type, reason }`
+  - `UnsupportedShellBindkeyWidget { shell_type, widget_name }` — the
+    `widget_name` field is sent verbatim only when it appears in the
+    shell-vocabulary allowlist (the well-known ZLE/readline/fish
+    widget names enumerated in PRODUCT #10). Names outside the
+    allowlist (user-defined functions, plugin-private widgets) are
+    redacted to the literal string `user-defined`. Key contents and
+    binding bodies are never sent. The allowlist lives in
+    `crates/warp_terminal/src/shell/bindings.rs` so it is the same
+    source of truth used by the parser.
+  - `ShellBindkeysApplied { shell_type, honored_count,
+    unsupported_count }` once per tab on first apply.
+
+### Open questions carried from PRODUCT.md
+
+- **#11 (user-defined named widgets)** — v1 marks them `Unsupported` and
+  falls through. Forwarding the keystroke to the shell so it can run
+  the widget is feasible (write the key on the PTY) but introduces
+  ordering hazards with Warp's input editor; deferred.
+- **#13 (vi-mode signal)** — vi mode is tracked by an in-app state
+  machine, not by polling the shell. Reading the shell's mode only at
+  `precmd` would miss every transition that fires inside the input
+  editor (Esc → command, `i` → insert, `v` → visual, etc.) because no
+  prompt hook runs between those keystrokes. Concretely:
+
+  - `active_keymap: KeymapMode` lives on each tab's `Shell` struct
+    (see Proposed Changes #2).
+  - **Initial state and resync** come from the shell. The bootstrap
+    payload includes the current mode (zsh `$KEYMAP`, bash
+    `bind -v | grep editing-mode`, fish `$fish_bind_mode`); each
+    `Precmd` payload also includes the mode and is treated as
+    authoritative — if it disagrees with the in-app state, the
+    in-app state is corrected to the shell's value, since the shell
+    just observed whichever sequence of widgets actually executed.
+  - **Transitions between prompts** are driven by the dispatched
+    widget. The widget dispatcher maintains a small transition table:
+    `vi-cmd-mode` / Esc → `ViCommand`, `vi-insert` /
+    `vi-add-next` / `vi-add-eol` / `vi-substitute` /
+    `vi-change-whole-line` → `ViInsert`, `vi-replace` → `ViReplace`,
+    `vi-visual` → `ViVisual`, `accept-line` → reset to shell-reported
+    mode at next prompt. The dispatcher updates `active_keymap`
+    synchronously *before* the next keystroke is matched, so the
+    next keystroke resolves against the new keymap.
+  - This is the only feasible model: any per-keystroke shell roundtrip
+    would require an invisible-exec primitive (we don't have one) or
+    block on the PTY (violates PRODUCT #26).
+- **#22 (AI prompt input)** — v1: not honored. The matcher's tab-scoped
+  `BindingOrigin::Contextual` tier only activates on tabs whose focus is the shell
+  command input editor, not on the AI prompt input.
+- **#23 (rollout)** — gated by `FeatureFlag::HonorShellBindkeys` (above).
+
+## Risks and mitigations
+
+- **Bootstrap script size and shell start latency.** The query adds a
+  burst of work at shell start. Mitigation: dump in a single
+  invocation per keymap, drop output through DCS without invoking
+  external binaries, and benchmark on the slowest of our supported
+  shells. Budget: < 30 ms added to shell start; if a real shell blows
+  this we move that keymap behind on-demand fetch.
+- **Plugin / framework interactions** (oh-my-zsh, prezto, fzf widgets,
+  zsh-vi-mode). These rebind heavily and often dynamically. The hash
+  re-query in `Precmd` (#1) catches any rebind that's settled before
+  a prompt redraws. Vi-mode plugins that swap keymaps reactively are
+  tracked through the `KEYMAP` payload field.
+- **Widget coverage gaps.** Many widgets have no Warp equivalent
+  initially. The `Unsupported(name)` fallthrough plus telemetry on
+  hit count tells us which to prioritize.
+- **Privacy.** Telemetry never includes key contents or widget bodies.
+  Widget names are sent verbatim only when in the shell-vocabulary
+  allowlist; user-defined or otherwise unknown names are redacted to
+  the bucket `user-defined` (see Proposed changes #5).
+- **DCS spoofing.** Arbitrary process output containing a DCS sequence
+  could otherwise rewrite local key handling. Mitigated by the per-tab
+  nonce gate, size cap, and strict schema validation described in
+  Proposed changes #1.
+- **Bootstrap parsing fragility.** `bindkey -L`, `bind -p`, and fish
+  `bind` outputs are stable but quoting differs. Each parser has a
+  property-test fixture set covering edge cases (escapes, multi-byte,
+  bound to nothing, named widgets).
+
+## Testing and validation
+
+Tests are organized to map to numbered PRODUCT invariants. Use
+`rust-unit-tests` for new crate-level coverage and
+`warp-integration-test` for end-to-end flows.
+
+- **Bootstrap parsers** — unit tests in
+  `crates/warp_terminal/src/shell/bindings.rs` per shell, covering
+  fixtures generated from real `bindkey -L` / `bind -p` / `bind`
+  output. Asserts widget normalization. Covers PRODUCT #2, #9, #10,
+  multi-key sequences for #8.
+- **Matcher precedence** — unit tests in
+  `crates/warpui_core/src/keymap/matcher.rs` that assert resolution
+  order across fixed / editable / shell tiers. Covers PRODUCT #14, #15.
+- **Tab independence** — unit test that two `Shell` instances carry
+  independent `bindings`; matching one tab's keystroke does not
+  consult another tab's shell bindings. Covers PRODUCT #5, #17.
+- **Lifecycle** — integration test (`crates/integration`) that boots a
+  zsh shell with a known rc file declaring `bindkey '^X^E' kill-line`,
+  starts a Warp tab, types `^X^E`, asserts the buffer was killed.
+  Repeat for bash and fish with shell-appropriate equivalents. Covers
+  PRODUCT #1, #2, #7.
+- **Dynamic rebind** — integration test that types
+  `bindkey '^X^E' beginning-of-line` at the prompt, presses Enter,
+  then `^X^E` on the next prompt and asserts the new behavior. Covers
+  PRODUCT #4.
+- **Vi mode** — integration test that runs `bindkey -v`, switches to
+  command mode, presses `gg`, asserts cursor at buffer start. Covers
+  PRODUCT #13.
+- **Unsupported widget fallthrough** — integration test binding a key
+  to a user-defined named widget; assert Warp default fires on that
+  key and a telemetry event is recorded. Covers PRODUCT #11, #16.
+- **Conflict precedence with user Warp keybinding** — set a Warp
+  keybinding for `^A`, also have shell `bindkey '^A' kill-whole-line`,
+  assert Warp keybinding wins. Covers PRODUCT #14 #1.
+- **Shell start failure** — integration test where the bootstrap
+  errors mid-script: bindings are absent, default keymap applies, no
+  crash. Covers PRODUCT #3, #28.
+- **Pre-bootstrap keystroke** — type before the `Bootstrapped` payload
+  arrives; assert the keystroke is handled with Warp defaults and not
+  buffered. Covers PRODUCT #26.
+- **Setting toggle** — flip `honor_shell_bindkeys` off mid-session;
+  assert shell bindings stop applying without restart and Warp's
+  default keymap takes over. Flip on; assert (a) the most recently
+  cached binding table from each tab resumes immediately (no fresh
+  query is issued from the toggle), and (b) the next `precmd` payload
+  on each tab refreshes that table if anything changed. Covers PRODUCT
+  #24.
+- **Manual** — run Warp against a developer's real zsh+oh-my-zsh
+  config, a real bash with a populated `~/.inputrc`, and a real fish
+  with `bind` declarations in `~/.config/fish/`. Capture a short loom
+  walkthrough showing each shell's bindings honored.
+
+## Follow-ups
+
+- Forward unsupported user-defined widgets back to the shell (PRODUCT
+  #11 follow-up).
+- Honor remote-shell bindings over SSH (PRODUCT #18).
+- Re-query on subshell transitions (PRODUCT #19).
+- Optional opt-in: honor shell bindings in the AI prompt input
+  (PRODUCT #22).
+- Extend to PowerShell, nushell, xonsh once the core lands.