@aitne/daemon 0.1.9 → 0.1.10

package/dist/api/env-writer.d.ts

@@ -2,6 +2,7 @@ import type Database from "better-sqlite3";
 import { type AgentConfig } from "../config.js";
 import type { SettingsStore } from "../settings/settings-store.js";
 export declare function ensureEnvFilePermissions(envPath: string): void;
+export declare function serializeForEnv(value: unknown): string;
 export declare function getEnvFilePath(): string;
 export interface ConfigUpdateResult {
     updated: string[];

package/dist/api/env-writer.js

@@ -199,11 +199,18 @@ function expandHomePreservingRelative(p) {
     }
     return p;
 }
-function serializeForEnv(value) {
+export function serializeForEnv(value) {
     if (Array.isArray(value) || (typeof value === "object" && value !== null)) {
+        // JSON.stringify already escapes \r / \n inside strings, so the
+        // serialized form is single-line and safe to write as one env value.
         return JSON.stringify(value);
     }
-    return String(value ?? "");
+    // Strip CR/LF from scalar values before they reach `updateEnvFile`. A raw
+    // newline in a string config value (e.g. a path or display name) would be
+    // written verbatim as `KEY=foo\nBAR=...`, and the injected `BAR=...` line
+    // would be parsed by dotenv as a separate variable on next load — silently
+    // corrupting `.env`. No legitimate bootstrap value contains a newline.
+    return String(value ?? "").replace(/[\r\n]+/g, " ");
 }
 export function getEnvFilePath() {
     return resolve(process.cwd(), ".env");

package/dist/api/routes/agent-schedule.js

@@ -678,7 +678,11 @@ export function registerAgentScheduleRoutes(app, deps) {
             if (isNaN(parsedDate.getTime())) {
                 return respondWithAgentError(c, 400, [composeIssue("agent.invalid_time", { field: "time", received: parsed.data.time })], { legacyFields: { details: "Cannot parse time as a valid date" } });
             }
-            // Reject past times for dm type (consistent with POST /schedule/dm)
+            // Reject past times for dm type (consistent with POST /schedule/dm).
+            // Non-dm rows (wake/check) intentionally allow a past `time` on PATCH so
+            // a schedule can be rescheduled for immediate catch-up execution — see
+            // the "no past-time rejection" test in agent.test.ts. A late DM, by
+            // contrast, is pointless, so only dm rows are rejected here.
             if (row.task_type === "dm" && parsedDate.getTime() < Date.now() - 60_000) {
                 return respondWithAgentError(c, 400, [composeIssue("agent.invalid_time", { field: "time", received: parsed.data.time })], { legacyFields: { details: "Scheduled time is in the past" } });
             }

package/dist/api/routes/apple-calendar.js

@@ -214,7 +214,10 @@ export function createAppleCalendarRoutes(deps) {
         let date = c.req.query("date") ?? localDateStr(new Date());
         if (date === "today")
             date = localDateStr(new Date());
-        const days = Math.min(Number(c.req.query("days") ?? "1"), 90);
+        // Guard non-finite `days` (e.g. `?days=abc` → NaN) so it can't propagate
+        // into `new Date(startMs + NaN).toISOString()` (RangeError → opaque 500).
+        const daysRaw = Number(c.req.query("days") ?? "1");
+        const days = Number.isFinite(daysRaw) ? Math.min(Math.max(daysRaw, 1), 90) : 1;
         const startMs = new Date(`${date}T00:00:00Z`).getTime();
         if (Number.isNaN(startMs)) {
             return respondWithAgentError(c, 400, [composeIssue("apple_calendar.invalid_date", { field: "date", received: date })], {

package/dist/api/routes/calendar.js

@@ -215,7 +215,12 @@ export function createCalendarRoutes(deps) {
             if (date === "today") {
                 date = localDateStr(new Date());
             }
-            const days = Math.min(Number(c.req.query("days") ?? "1"), 90);
+            // Guard non-finite `days` (e.g. `?days=abc` → NaN) — without it the
+            // NaN propagates into `new Date(startMs + NaN).toISOString()`, which
+            // throws RangeError and surfaces as an opaque 500 instead of a sane
+            // bounded window. Clamp finite values to [1, 90]; fall back to 1.
+            const daysRaw = Number(c.req.query("days") ?? "1");
+            const days = Number.isFinite(daysRaw) ? Math.min(Math.max(daysRaw, 1), 90) : 1;
             // Append Z to ensure UTC parsing regardless of OS timezone
             const startMs = new Date(`${date}T00:00:00Z`).getTime();
             if (Number.isNaN(startMs)) {
@@ -594,7 +599,12 @@ export function createCalendarRoutes(deps) {
             if (date === "today") {
                 date = localDateStr(new Date());
             }
-            const days = Math.min(Number(c.req.query("days") ?? "1"), 90);
+            // Guard non-finite `days` (e.g. `?days=abc` → NaN) — without it the
+            // NaN propagates into `new Date(startMs + NaN).toISOString()`, which
+            // throws RangeError and surfaces as an opaque 500 instead of a sane
+            // bounded window. Clamp finite values to [1, 90]; fall back to 1.
+            const daysRaw = Number(c.req.query("days") ?? "1");
+            const days = Number.isFinite(daysRaw) ? Math.min(Math.max(daysRaw, 1), 90) : 1;
             const startMs = new Date(`${date}T00:00:00Z`).getTime();
             if (Number.isNaN(startMs)) {
                 return respondWithAgentError(c, 400, [

package/dist/api/routes/context/path-resolve.js

@@ -50,8 +50,13 @@ export function normalizeContextPath(userPath) {
     return resolveContextTarget(userPath).base;
 }
 export function isDeniedPath(relativePath) {
+    // path.relative emits OS-native separators (backslash on Windows); the
+    // DENIED_SUBPATH_ROOTS prefixes are forward-slash. Normalize before the
+    // compare so nested `.git\config`, `.obsidian\workspace.json`, etc. are
+    // caught on Windows. POSIX paths contain no backslashes -> no-op there.
+    const normalized = relativePath.replace(/\\/g, "/");
     for (const root of DENIED_SUBPATH_ROOTS) {
-        if (relativePath === root || relativePath.startsWith(`${root}/`)) {
+        if (normalized === root || normalized.startsWith(`${root}/`)) {
             return true;
         }
     }

package/dist/api/routes/context/permissions.js

@@ -34,6 +34,15 @@ export const CONTEXT_WRITE_PERMISSIONS = {
     // the captured history (origin DM, why, linked routine) survives.
     "policies/_index": ["PUT", "PATCH"],
     "policies/management": ["PUT", "PATCH"],
+    // Feedback Learning Loop (FEEDBACK_LEARNING_LOOP_DESIGN.md §4 Phase 2).
+    // Global agent-scope lessons folded nightly by routine.evening_review.
+    // Without this row the consolidation PATCH/PUT 403s — the per-agent
+    // scope already rides the `policies/agents/{slug}/{file}` wildcard, but
+    // the global file matches no rule (no blanket `policies/*`). Like every
+    // other `policies/` write it trips `shouldRefreshPromptContext`, so a
+    // nightly lesson write invalidates the owner-session prompt cache —
+    // desirable (new lessons take effect next turn) and it fires at night.
+    "policies/agent-lessons": ["PUT", "PATCH"],
     "policies/mcp": ["PUT", "PATCH"],
     "policies/redaction": ["PUT", "PATCH"],
     "policies/journal-format": ["PUT", "PATCH"],

package/dist/api/routes/dashboard/config.js

@@ -94,6 +94,16 @@ const PUBLIC_CONFIG_RUNTIME_KEYS = [
     "delegatedProbeIntervalMinutes",
     "autonomousDailyCostCapUsd",
     "autonomousMonthlyCostCapUsd",
+    // Feedback Learning Loop (FEEDBACK_LEARNING_LOOP_DESIGN.md §9 Phase 5) —
+    // surfaced so the Lessons settings page can read + tune the master toggle,
+    // promotion threshold, per-scope byte caps, staleness horizon, and signal
+    // retention via the deferred-save EditableField flow.
+    "feedbackLearningEnabled",
+    "feedbackPromotionThreshold",
+    "feedbackLessonMaxBytesGlobal",
+    "feedbackLessonMaxBytesPerAgent",
+    "feedbackLessonStaleDays",
+    "feedbackSignalRetentionDays",
     "primaryLanguage",
     "vaultMode",
 ];

package/dist/api/routes/dashboard/oauth-google.js

@@ -168,8 +168,9 @@ export function registerOauthGoogleRoutes(app, deps) {
         catch {
             return c.json({ error: "googleapis package not installed" }, 500);
         }
-        // Use daemon's own port for the OAuth callback
-        const redirectUri = `http://localhost:${config.apiPort}/api/config/google-auth/callback`;
+        // Use daemon's own port for the OAuth callback.
+        // Use 127.0.0.1, not localhost: daemon binds IPv4 loopback only; on Windows localhost resolves to ::1 first and the callback would ECONNREFUSED. Google special-cases loopback redirects for installed-app clients.
+        const redirectUri = `http://127.0.0.1:${config.apiPort}/api/config/google-auth/callback`;
         const oauth2Client = new google.auth.OAuth2(clientConfig.client_id, clientConfig.client_secret, redirectUri);
         // Request scopes for Calendar + Gmail
         const scopes = [
@@ -255,7 +256,8 @@ export function registerOauthGoogleRoutes(app, deps) {
                 throw new Error("Invalid credentials");
             const mod = await import("googleapis");
             const google = mod.google;
-            const redirectUri = `http://localhost:${config.apiPort}/api/config/google-auth/callback`;
+            // Use 127.0.0.1, not localhost: must byte-match the auth-start redirect_uri (Google re-validates an exact string at getToken); daemon binds IPv4 loopback only, and on Windows localhost resolves to ::1 first.
+            const redirectUri = `http://127.0.0.1:${config.apiPort}/api/config/google-auth/callback`;
             const oauth2Client = new google.auth.OAuth2(clientConfig.client_id, clientConfig.client_secret, redirectUri);
             // Exchange authorization code for tokens
             const { tokens } = await oauth2Client.getToken(code);

package/dist/api/routes/feedback.d.ts

@@ -0,0 +1,3 @@
+import { Hono } from "hono";
+import type { ApiDependencies } from "../server.js";
+export declare function createFeedbackRoutes(deps: ApiDependencies): Hono;

package/dist/api/routes/feedback.js

@@ -0,0 +1,349 @@
+import { Hono } from "hono";
+import { existsSync, readdirSync, readFileSync, statSync } from "node:fs";
+import { join } from "node:path";
+import { redactSensitiveString } from "@aitne/shared";
+import { readJsonBody } from "../json-body.js";
+import { getAgent } from "../../db/agents-store.js";
+import { consumeFeedbackSignals, countPendingFeedbackSignals, findRecentFeedbackSignal, recordFeedbackSignal, } from "../../db/feedback-signals-store.js";
+import { getContextDir } from "../../config.js";
+import { CONTEXT_RELATIVE_PATHS, agentLessonsPath, } from "../../core/context-paths.js";
+import { GLOBAL_LESSON_ENTRY_CAP, PER_AGENT_LESSON_ENTRY_CAP, } from "../../core/feedback/consolidation-prep.js";
+import { summarizeLessonStore } from "../../core/feedback/lesson-store-overview.js";
+import { isSafeAgentSlug } from "../../core/feedback/scope-parser.js";
+import { createLogger } from "../../logging.js";
+const logger = createLogger("feedback-api");
+const DEDUP_TTL_SECONDS = 10 * 60;
+const MAX_SUMMARY_CHARS = 280;
+const MAX_SCOPE_REF_CHARS = 120;
+const MAX_ACTION_REF_CHARS = 160;
+const MAX_EVIDENCE_STRING_CHARS = 500;
+const ALLOWED_SOURCES = new Set([
+    "explicit",
+    "self_critique",
+]);
+const ALL_SOURCES = new Set([
+    "behavioral",
+    "explicit",
+    "self_critique",
+]);
+const VALENCES = new Set([
+    "positive",
+    "negative",
+    "neutral",
+    "correction",
+]);
+const API_SCOPE_TYPES = new Set([
+    "user",
+    "agent",
+    "agent_slug",
+]);
+const ACTION_KINDS = new Set([
+    "notification",
+    "agent_execution",
+    "vault_write",
+    "dm_reply",
+]);
+const KINDS = new Set([
+    "preference",
+    "correction",
+    "do-more",
+    "do-less",
+    "constraint",
+]);
+function isRecord(value) {
+    return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function truncate(value, maxChars) {
+    return value.length <= maxChars ? value : value.slice(0, maxChars);
+}
+function sanitizeString(value, maxChars = MAX_EVIDENCE_STRING_CHARS) {
+    return redactSensitiveString(truncate(value.replace(/[\u0000-\u001f\u007f]/g, " "), maxChars)).trim();
+}
+function sanitizeEvidence(value, depth = 0) {
+    if (depth > 4)
+        return "[truncated]";
+    if (typeof value === "string")
+        return sanitizeString(value);
+    if (typeof value === "number" || typeof value === "boolean" || value === null)
+        return value;
+    if (Array.isArray(value)) {
+        return value.slice(0, 20).map((entry) => sanitizeEvidence(entry, depth + 1));
+    }
+    if (!isRecord(value))
+        return null;
+    const out = {};
+    for (const [key, entry] of Object.entries(value).slice(0, 50)) {
+        out[sanitizeString(key, 80)] = sanitizeEvidence(entry, depth + 1);
+    }
+    return out;
+}
+function describeType(value) {
+    if (value === undefined)
+        return "missing";
+    if (value === null)
+        return "null";
+    if (Array.isArray(value))
+        return "array";
+    return typeof value;
+}
+function buildLessonStoreEntry(contextDir, scope, relPath, caps) {
+    const full = join(contextDir, relPath);
+    if (!existsSync(full)) {
+        return {
+            scope,
+            path: relPath,
+            exists: false,
+            lastModified: null,
+            bytes: 0,
+            capBytes: caps.capBytes,
+            entries: 0,
+            maxEntries: caps.maxEntries,
+            active: 0,
+            provisional: 0,
+            overCap: false,
+        };
+    }
+    const summary = summarizeLessonStore(readFileSync(full, "utf-8"), caps);
+    return {
+        scope,
+        path: relPath,
+        exists: true,
+        lastModified: statSync(full).mtime.toISOString(),
+        ...summary,
+    };
+}
+export function createFeedbackRoutes(deps) {
+    const app = new Hono();
+    const { db, config } = deps;
+    /**
+     * GET /feedback/lessons — read-only overview of the consolidated lesson
+     * stores for the dashboard "view/edit lessons and tune caps/threshold"
+     * surface (FEEDBACK_LEARNING_LOOP_DESIGN.md §9 Phase 5). Lists the global
+     * `agent` store (always, so its cap shows even before first write) plus every
+     * per-agent `agent:<slug>` store that exists on disk, each with cap-utilisation
+     * metrics. The file bodies are read/edited through the existing
+     * `GET/PUT /api/context/<path>` chokepoint — this endpoint only enumerates +
+     * summarises. `RiskTier.Autonomous` (read-only, no secrets — lesson prose was
+     * redaction-scrubbed at capture).
+     */
+    app.get("/feedback/lessons", (c) => {
+        const contextDir = getContextDir(config, db);
+        const globalCaps = {
+            capBytes: config.feedbackLessonMaxBytesGlobal,
+            maxEntries: GLOBAL_LESSON_ENTRY_CAP,
+        };
+        const perAgentCaps = {
+            capBytes: config.feedbackLessonMaxBytesPerAgent,
+            maxEntries: PER_AGENT_LESSON_ENTRY_CAP,
+        };
+        const stores = [
+            buildLessonStoreEntry(contextDir, "agent", CONTEXT_RELATIVE_PATHS.agentLessons, globalCaps),
+        ];
+        const agentsDir = join(contextDir, "policies", "agents");
+        if (existsSync(agentsDir)) {
+            const slugs = readdirSync(agentsDir, { withFileTypes: true })
+                .filter((entry) => entry.isDirectory() && isSafeAgentSlug(entry.name))
+                .map((entry) => entry.name)
+                .sort();
+            for (const slug of slugs) {
+                const rel = agentLessonsPath(slug);
+                if (!existsSync(join(contextDir, rel)))
+                    continue;
+                stores.push(buildLessonStoreEntry(contextDir, `agent:${slug}`, rel, perAgentCaps));
+            }
+        }
+        return c.json({
+            enabled: config.feedbackLearningEnabled !== false,
+            promotionThreshold: config.feedbackPromotionThreshold,
+            pendingSignals: countPendingFeedbackSignals(db),
+            stores,
+        });
+    });
+    app.post("/feedback", async (c) => {
+        // Master kill-switch (FEEDBACK_LEARNING_LOOP_DESIGN.md §7). When the loop is
+        // disabled the daemon-side behavioral sink already short-circuits
+        // (`SignalDetector`); mirror that here so explicit / self_critique captures
+        // from the always-included DM + review task-flows are dropped too. Otherwise
+        // unconsumed rows would accumulate unbounded — the nightly consolidation that
+        // would consume them is gated off, and the retention sweep only deletes
+        // already-consumed rows. Returns 200 so the calling turn neither errors nor
+        // retries. `config` is optional in some test harnesses → default-on.
+        if (config?.feedbackLearningEnabled === false) {
+            return c.json({ disabled: true });
+        }
+        const parsedBody = await readJsonBody(c);
+        if (!parsedBody.ok)
+            return parsedBody.response;
+        const body = parsedBody.body;
+        if (!isRecord(body)) {
+            return c.json({
+                error: "validation_error",
+                message: "Body must be a JSON object",
+            }, 400);
+        }
+        const issues = [];
+        const rawSource = body.source;
+        const source = typeof rawSource === "string" ? rawSource : "";
+        if (!ALL_SOURCES.has(source)) {
+            issues.push({
+                field: "source",
+                expected: "'explicit' | 'self_critique'",
+                got: describeType(rawSource),
+            });
+        }
+        else if (!ALLOWED_SOURCES.has(source)) {
+            issues.push({
+                field: "source",
+                expected: "'explicit' | 'self_critique'",
+                got: "'behavioral'",
+                hint: "Behavioral feedback is daemon-only and is written by SignalDetector.",
+            });
+        }
+        const summary = typeof body.summary === "string"
+            ? sanitizeString(body.summary, MAX_SUMMARY_CHARS)
+            : "";
+        if (summary.length === 0) {
+            issues.push({
+                field: "summary",
+                expected: "non-empty string",
+                got: describeType(body.summary),
+            });
+        }
+        const rawValence = body.valence;
+        const valence = typeof rawValence === "string" ? rawValence : null;
+        if (valence === null || !VALENCES.has(valence)) {
+            issues.push({
+                field: "valence",
+                expected: "'positive' | 'negative' | 'neutral' | 'correction'",
+                got: describeType(rawValence),
+            });
+        }
+        const rawKind = body.kind;
+        const kind = typeof rawKind === "string" ? rawKind : null;
+        if (kind !== null && !KINDS.has(kind)) {
+            issues.push({
+                field: "kind",
+                expected: "'preference' | 'correction' | 'do-more' | 'do-less' | 'constraint' (optional)",
+                got: kind,
+            });
+        }
+        const rawScopeType = body.scope_type;
+        const scopeType = typeof rawScopeType === "string" ? rawScopeType : "";
+        if (!API_SCOPE_TYPES.has(scopeType)) {
+            issues.push({
+                field: "scope_type",
+                expected: "'user' | 'agent' | 'agent_slug'",
+                got: describeType(rawScopeType),
+            });
+        }
+        const scopeRef = typeof body.scope_ref === "string"
+            ? sanitizeString(body.scope_ref, MAX_SCOPE_REF_CHARS)
+            : null;
+        let agentId = null;
+        if (scopeType === "agent_slug") {
+            if (!scopeRef) {
+                issues.push({
+                    field: "scope_ref",
+                    expected: "existing agent slug when scope_type='agent_slug'",
+                    got: describeType(body.scope_ref),
+                });
+            }
+            else if (!getAgent(db, scopeRef)) {
+                issues.push({
+                    field: "scope_ref",
+                    expected: "existing agent slug",
+                    got: scopeRef,
+                });
+            }
+            else {
+                agentId = scopeRef;
+            }
+        }
+        const rawActionKind = body.action_kind;
+        const actionKind = typeof rawActionKind === "string" ? rawActionKind : null;
+        if (actionKind !== null
+            && !ACTION_KINDS.has(actionKind)) {
+            issues.push({
+                field: "action_kind",
+                expected: "'notification' | 'agent_execution' | 'vault_write' | 'dm_reply' (optional)",
+                got: actionKind,
+            });
+        }
+        const actionRef = typeof body.action_ref === "string"
+            ? sanitizeString(body.action_ref, MAX_ACTION_REF_CHARS)
+            : null;
+        if (issues.length > 0) {
+            return c.json({
+                error: "validation_error",
+                message: "Request body failed schema validation",
+                issues,
+            }, 400);
+        }
+        const normalizedScopeRef = scopeType === "agent_slug" ? scopeRef : null;
+        const deduped = findRecentFeedbackSignal(db, {
+            scopeType: scopeType,
+            scopeRef: normalizedScopeRef,
+            summary,
+            withinSeconds: DEDUP_TTL_SECONDS,
+        });
+        if (deduped) {
+            return c.json({ id: deduped.id, deduped: true });
+        }
+        const evidence = sanitizeEvidence(body.evidence);
+        const id = recordFeedbackSignal(db, {
+            source: source,
+            valence: valence,
+            scopeType: scopeType,
+            scopeRef: normalizedScopeRef,
+            actionKind: actionKind,
+            actionRef,
+            agentId,
+            summary,
+            evidence: {
+                ...(isRecord(evidence)
+                    ? evidence
+                    : evidence === null
+                        ? {}
+                        : { value: evidence }),
+                ...(kind ? { kind } : {}),
+            },
+        });
+        logger.info({ id, source, scopeType, scopeRef: normalizedScopeRef }, "Feedback signal recorded");
+        return c.json({ id });
+    });
+    app.post("/feedback/consume", async (c) => {
+        const parsedBody = await readJsonBody(c);
+        if (!parsedBody.ok)
+            return parsedBody.response;
+        const body = parsedBody.body;
+        if (!isRecord(body)) {
+            return c.json({
+                error: "validation_error",
+                message: "Body must be a JSON object",
+                expectedShape: '{"ids": number[], "lessonRef"?: string}',
+            }, 400);
+        }
+        if (!Array.isArray(body.ids)) {
+            return c.json({
+                error: "validation_error",
+                message: "'ids' must be an array of integer feedback signal ids",
+                expectedShape: '{"ids": number[], "lessonRef"?: string}',
+            }, 400);
+        }
+        const nonInt = body.ids.find((id) => typeof id !== "number" || !Number.isInteger(id));
+        if (nonInt !== undefined) {
+            return c.json({
+                error: "validation_error",
+                message: "'ids' must contain only integers",
+                got: JSON.stringify(nonInt),
+            }, 400);
+        }
+        const lessonRef = typeof body.lessonRef === "string"
+            ? sanitizeString(body.lessonRef, 240)
+            : null;
+        const result = consumeFeedbackSignals(db, body.ids, lessonRef);
+        logger.info({ consumed: result.consumed }, "Feedback signals consumed");
+        return c.json(result);
+    });
+    return app;
+}

package/dist/api/routes/git.js

@@ -113,8 +113,12 @@ export function createGitRoutes(deps) {
         }
         // Use || (not ??) so explicit ?ref= (empty string) falls back to default
         const ref = c.req.query("ref") || "HEAD~1..HEAD";
-        // Sanitize ref — reject shell metacharacters and flag-like arguments
-        if (/[;&|`$]/.test(ref) || ref.startsWith("-")) {
+        // Sanitize ref — reject shell metacharacters and flag-like arguments.
+        // Also reject `:` — `git diff <rev>:<path>` is blob/tree syntax that reads
+        // arbitrary committed file content, beyond this endpoint's commit-diff
+        // purpose. No legitimate commit/range ref (`HEAD~1..HEAD`, `origin/main`)
+        // contains a colon. (execFile already prevents shell injection.)
+        if (/[;&|`$]/.test(ref) || ref.startsWith("-") || ref.includes(":")) {
             return respondWithAgentError(c, 400, [
                 composeIssue("git.invalid_ref", {
                     field: "ref",
@@ -149,7 +153,10 @@ export function createGitRoutes(deps) {
             ], { legacyErrorCode: "invalid or missing repo" });
         }
         const hash = c.req.query("hash") || "HEAD";
-        if (/[;&|`$]/.test(hash) || hash.startsWith("-")) {
+        // Reject `:` for the same reason as /git/diff — `git show <rev>:<path>`
+        // prints arbitrary committed file content, beyond this endpoint's
+        // commit-show purpose. A commit hash / ref never contains a colon.
+        if (/[;&|`$]/.test(hash) || hash.startsWith("-") || hash.includes(":")) {
             return respondWithAgentError(c, 400, [
                 composeIssue("git.invalid_hash", {
                     field: "hash",

package/dist/api/routes/github.js

@@ -224,7 +224,11 @@ export function createGitHubRoutes(deps) {
         }
         const event = parseGitHubEvent(eventType, payload, resolved.repositoryId);
         if (event) {
-            eventBus.put(event);
+            // `EventBus.put` is async; awaiting it (like the repositories routes do)
+            // ensures the event is enqueued before the webhook returns `accepted`
+            // and surfaces any enqueue rejection instead of dropping it as an
+            // unhandled promise rejection.
+            await eventBus.put(event);
             logger.info({ eventType, action: payload.action, repositoryId: resolved.repositoryId }, "GitHub webhook event received");
         }
         // Notify GitWatcher that webhook is alive (adjusts polling frequency)