refactor: box Image variant and erase ToolExecutor generic from Agent

CHANGELOG.md

@@ -13,6 +13,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
 - Path separator rejection in MCP command validation to prevent symlink-based bypasses
 
 ### Changed
+- `MessagePart::Image` variant now holds `Box<ImageData>` instead of inline fields, improving semantic grouping of image data
+- `Agent<C, T>` simplified to `Agent<C>` — ToolExecutor generic replaced with `Box<dyn ErasedToolExecutor>`, reducing monomorphization
 - Shell command detection rewritten from substring matching to tokenizer-based pipeline with escape normalization, eliminating bypass vectors via backslash insertion, hex/octal escapes, quote splitting, and pipe chains
 - Shell sandbox path validation now uses `std::path::absolute()` as fallback when `canonicalize()` fails on non-existent paths
 - Blocked command matching extracts basename from absolute paths (`/usr/bin/sudo` now correctly blocked)

crates/zeph-core/src/agent/builder.rs

@@ -5,6 +5,7 @@ use tokio::sync::{Notify, mpsc, watch};
 use zeph_llm::any::AnyProvider;
 use zeph_llm::provider::LlmProvider;
 
+use super::Agent;
 use crate::channel::Channel;
 use crate::config::{LearningConfig, SecurityConfig, TimeoutConfig};
 use crate::config_watcher::ConfigEvent;
@@ -13,11 +14,8 @@ use crate::cost::CostTracker;
 use crate::metrics::MetricsSnapshot;
 use zeph_memory::semantic::SemanticMemory;
 use zeph_skills::watcher::SkillEvent;
-use zeph_tools::executor::ToolExecutor;
-
-use super::Agent;
 
-impl<C: Channel, T: ToolExecutor> Agent<C, T> {
+impl<C: Channel> Agent<C> {
     #[must_use]
     pub fn with_stt(mut self, stt: Box<dyn zeph_llm::stt::SpeechToText>) -> Self {
         self.stt = Some(stt);

crates/zeph-core/src/agent/context.rs

@@ -8,11 +8,11 @@ use zeph_skills::prompt::format_skills_catalog;
 
 use super::{
     Agent, CODE_CONTEXT_PREFIX, CROSS_SESSION_PREFIX, Channel, ContextBudget, EnvironmentContext,
-    LlmProvider, Message, RECALL_PREFIX, Role, SUMMARY_PREFIX, Skill, ToolExecutor,
-    build_system_prompt, format_skills_prompt,
+    LlmProvider, Message, RECALL_PREFIX, Role, SUMMARY_PREFIX, Skill, build_system_prompt,
+    format_skills_prompt,
 };
 
-impl<C: Channel, T: ToolExecutor> Agent<C, T> {
+impl<C: Channel> Agent<C> {
     #[allow(
         clippy::cast_precision_loss,
         clippy::cast_possible_truncation,
@@ -776,7 +776,7 @@ impl<C: Channel, T: ToolExecutor> Agent<C, T> {
             // Native tool_use: tools are passed via API, skip prompt-based instructions
             None
         } else {
-            let defs = self.tool_executor.tool_definitions();
+            let defs = self.tool_executor.tool_definitions_erased();
             if defs.is_empty() {
                 None
             } else {

crates/zeph-core/src/agent/index.rs

@@ -1,6 +1,6 @@
-use super::{Agent, Channel, ToolExecutor};
+use super::{Agent, Channel};
 
-impl<C: Channel, T: ToolExecutor> Agent<C, T> {
+impl<C: Channel> Agent<C> {
     pub(super) async fn fetch_code_rag(
         index: &super::IndexState,
         query: &str,

crates/zeph-core/src/agent/learning.rs

@@ -1,10 +1,10 @@
-use super::{Agent, Channel, LlmProvider, ToolExecutor};
+use super::{Agent, Channel, LlmProvider};
 
 use super::{LearningConfig, Message, Role, SemanticMemory};
 
 use std::path::PathBuf;
 
-impl<C: Channel, T: ToolExecutor> Agent<C, T> {
+impl<C: Channel> Agent<C> {
     pub(super) fn is_learning_enabled(&self) -> bool {
         self.learning_config.as_ref().is_some_and(|c| c.enabled)
     }

crates/zeph-core/src/agent/mcp.rs

@@ -1,6 +1,6 @@
-use super::{Agent, Channel, LlmProvider, ToolExecutor};
+use super::{Agent, Channel, LlmProvider};
 
-impl<C: Channel, T: ToolExecutor> Agent<C, T> {
+impl<C: Channel> Agent<C> {
     pub(super) async fn handle_mcp_command(
         &mut self,
         args: &str,