@algochad/archcoder 2.0.2

package/server/lib/skills-catalog/scan.js

@@ -0,0 +1,221 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import yaml from 'yaml';
+
+import { assertGitAvailable, looksLikeAuthError, runGit } from './git.js';
+import { parseSkillRepoSource } from './source.js';
+
+const SKILL_NAME_PATTERN = /^[a-z0-9][a-z0-9-]*[a-z0-9]$|^[a-z0-9]$/;
+
+function validateSkillName(skillName) {
+  if (typeof skillName !== 'string') return false;
+  if (skillName.length < 1 || skillName.length > 64) return false;
+  return SKILL_NAME_PATTERN.test(skillName);
+}
+
+function parseSkillMd(content) {
+  const text = typeof content === 'string' ? content : '';
+  const match = text.match(/^---\r?\n([\s\S]*?)\r?\n---\r?\n([\s\S]*)$/);
+  if (!match) {
+    return {
+      ok: true,
+      frontmatter: {},
+      warnings: ['Invalid SKILL.md: missing YAML frontmatter delimiter'],
+    };
+  }
+
+  try {
+    const frontmatter = yaml.parse(match[1]) || {};
+    return { ok: true, frontmatter, warnings: [] };
+  } catch {
+    return {
+      ok: true,
+      frontmatter: {},
+      warnings: ['Invalid SKILL.md: failed to parse YAML frontmatter'],
+    };
+  }
+}
+
+async function safeRm(dir) {
+  try {
+    await fs.promises.rm(dir, { recursive: true, force: true });
+  } catch {
+    // ignore
+  }
+}
+
+async function cloneRepo({ cloneUrl, identity, tempDir }) {
+  const preferred = ['clone', '--depth', '1', '--filter=blob:none', '--no-checkout', cloneUrl, tempDir];
+  const fallback = ['clone', '--depth', '1', '--no-checkout', cloneUrl, tempDir];
+
+  const result = await runGit(preferred, { identity, timeoutMs: 60_000 });
+  if (result.ok) return { ok: true };
+
+  const fallbackResult = await runGit(fallback, { identity, timeoutMs: 60_000 });
+  if (fallbackResult.ok) return { ok: true };
+
+  return {
+    ok: false,
+    error: fallbackResult,
+  };
+}
+
+export async function scanSkillsRepository({
+  source,
+  subpath,
+  defaultSubpath,
+  identity,
+} = {}) {
+  const gitCheck = await assertGitAvailable();
+  if (!gitCheck.ok) {
+    return { ok: false, error: gitCheck.error };
+  }
+
+  const parsed = parseSkillRepoSource(source, { subpath });
+  if (!parsed.ok) {
+    return { ok: false, error: parsed.error };
+  }
+
+  const effectiveSubpath = parsed.effectiveSubpath || (typeof defaultSubpath === 'string' && defaultSubpath.trim() ? defaultSubpath.trim() : null);
+  const cloneUrl = identity?.sshKey ? parsed.cloneUrlSsh : parsed.cloneUrlHttps;
+
+  const tempBase = await fs.promises.mkdtemp(path.join(os.tmpdir(), 'archcoder-skills-scan-'));
+
+  try {
+    const cloned = await cloneRepo({ cloneUrl, identity, tempDir: tempBase });
+    if (!cloned.ok) {
+      const msg = `${cloned.error?.stderr || ''}\n${cloned.error?.message || ''}`.trim();
+      if (looksLikeAuthError(msg)) {
+        return { ok: false, error: { kind: 'authRequired', message: 'Authentication required to access this repository', sshOnly: true } };
+      }
+      return { ok: false, error: { kind: 'networkError', message: msg || 'Failed to clone repository' } };
+    }
+
+    const toFsPath = (posixPath) => path.join(tempBase, ...String(posixPath || '').split('/').filter(Boolean));
+
+    const patterns = effectiveSubpath
+      ? [`${effectiveSubpath}/SKILL.md`, `${effectiveSubpath}/**/SKILL.md`]
+      : ['SKILL.md', '**/SKILL.md'];
+
+    let skillMdPaths = null;
+
+    // Fast path: sparse checkout only SKILL.md files, then parse from disk.
+    // This avoids one `git show` per skill.
+    const sparseInit = await runGit(['-C', tempBase, 'sparse-checkout', 'init', '--no-cone'], { identity, timeoutMs: 15_000 });
+    if (sparseInit.ok) {
+      const sparseSet = await runGit(['-C', tempBase, 'sparse-checkout', 'set', ...patterns], { identity, timeoutMs: 30_000 });
+      if (sparseSet.ok) {
+        const checkout = await runGit(['-C', tempBase, 'checkout', '--force', 'HEAD'], { identity, timeoutMs: 60_000 });
+        if (checkout.ok) {
+          const lsFiles = await runGit(['-C', tempBase, 'ls-files'], { identity, timeoutMs: 15_000 });
+          if (lsFiles.ok) {
+            skillMdPaths = lsFiles.stdout
+              .split(/\r?\n/)
+              .map((line) => line.trim())
+              .filter(Boolean)
+              .filter((p) => p.endsWith('/SKILL.md') || p === 'SKILL.md');
+          }
+        }
+      }
+    }
+
+    // Fallback: list tree and read SKILL.md blobs via git.
+    if (!Array.isArray(skillMdPaths)) {
+      const listArgs = ['-C', tempBase, 'ls-tree', '-r', '--name-only', 'HEAD'];
+      if (effectiveSubpath) {
+        listArgs.push('--', effectiveSubpath);
+      }
+
+      const listResult = await runGit(listArgs, { identity, timeoutMs: 30_000 });
+      if (!listResult.ok) {
+        // If subpath doesn't exist, treat as empty scan.
+        return {
+          ok: true,
+          normalizedRepo: parsed.normalizedRepo,
+          effectiveSubpath,
+          items: [],
+        };
+      }
+
+      skillMdPaths = listResult.stdout
+        .split(/\r?\n/)
+        .map((line) => line.trim())
+        .filter(Boolean)
+        .filter((p) => p.endsWith('/SKILL.md') || p === 'SKILL.md');
+    }
+
+    // Root-level SKILL.md doesn't map cleanly to OpenCode's "skill name == folder name" convention.
+    const uniqueSkillDirs = Array.from(
+      new Set(
+        skillMdPaths
+          .filter((p) => p !== 'SKILL.md')
+          .map((p) => path.posix.dirname(p))
+      )
+    );
+
+    const items = [];
+    const maxParallel = 10;
+    let idx = 0;
+
+    const worker = async () => {
+      while (idx < uniqueSkillDirs.length) {
+        const skillDir = uniqueSkillDirs[idx++];
+        const skillName = path.posix.basename(skillDir);
+        const skillMdPath = path.posix.join(skillDir, 'SKILL.md');
+
+        const warnings = [];
+        let skillMdContent = '';
+
+        // Prefer filesystem reads when sparse checkout succeeded.
+        const filePath = toFsPath(skillMdPath);
+        try {
+          skillMdContent = await fs.promises.readFile(filePath, 'utf8');
+        } catch {
+          const showResult = await runGit(['-C', tempBase, 'show', `HEAD:${skillMdPath}`], { identity, timeoutMs: 15_000 });
+          if (!showResult.ok) {
+            warnings.push('Failed to read SKILL.md');
+          } else {
+            skillMdContent = showResult.stdout;
+          }
+        }
+
+        const parsedMd = parseSkillMd(skillMdContent);
+        warnings.push(...(parsedMd.warnings || []));
+
+        const description = typeof parsedMd.frontmatter?.description === 'string' ? parsedMd.frontmatter.description : undefined;
+        const frontmatterName = typeof parsedMd.frontmatter?.name === 'string' ? parsedMd.frontmatter.name : undefined;
+
+        const installable = validateSkillName(skillName);
+        if (!installable) {
+          warnings.push('Skill directory name is not a valid OpenCode skill name');
+        }
+
+        items.push({
+          repoSource: source,
+          repoSubpath: effectiveSubpath || undefined,
+          skillDir,
+          skillName,
+          frontmatterName,
+          description,
+          installable,
+          warnings: warnings.length ? warnings : undefined,
+        });
+      }
+    };
+
+    await Promise.all(Array.from({ length: Math.min(maxParallel, uniqueSkillDirs.length || 1) }, () => worker()));
+
+    // Stable ordering for UX
+    items.sort((a, b) => a.skillName.localeCompare(b.skillName));
+
+    return {
+      ok: true,
+      normalizedRepo: parsed.normalizedRepo,
+      effectiveSubpath,
+      items,
+    };
+  } finally {
+    await safeRm(tempBase);
+  }
+}

package/server/lib/skills-catalog/source.js

@@ -0,0 +1,85 @@
+const GITHUB_HOST = 'github.com';
+
+function normalizeGitHubOwnerRepo(owner, repo) {
+  const normalizedOwner = String(owner || '').trim();
+  const normalizedRepo = String(repo || '').trim().replace(/\.git$/i, '');
+  if (!normalizedOwner || !normalizedRepo) {
+    return null;
+  }
+  return { owner: normalizedOwner, repo: normalizedRepo };
+}
+
+export function parseSkillRepoSource(input, options = {}) {
+  const raw = typeof input === 'string' ? input.trim() : '';
+  if (!raw) {
+    return { ok: false, error: { kind: 'invalidSource', message: 'Repository source is required' } };
+  }
+
+  const explicitSubpath = typeof options.subpath === 'string' && options.subpath.trim() ? options.subpath.trim() : null;
+
+  // SSH URL: git@github.com:owner/repo(.git)
+  const sshMatch = raw.match(/^git@github\.com:([^/\s]+)\/([^\s#]+)$/i);
+  if (sshMatch) {
+    const parsed = normalizeGitHubOwnerRepo(sshMatch[1], sshMatch[2]);
+    if (!parsed) {
+      return { ok: false, error: { kind: 'invalidSource', message: 'Invalid SSH repository URL' } };
+    }
+
+    return {
+      ok: true,
+      host: GITHUB_HOST,
+      owner: parsed.owner,
+      repo: parsed.repo,
+      cloneUrlSsh: `git@github.com:${parsed.owner}/${parsed.repo}.git`,
+      cloneUrlHttps: `https://github.com/${parsed.owner}/${parsed.repo}.git`,
+      // For SSH URLs, subpath is only accepted via options.subpath
+      effectiveSubpath: explicitSubpath,
+      normalizedRepo: `${parsed.owner}/${parsed.repo}`,
+    };
+  }
+
+  // HTTPS URL: https://github.com/owner/repo(.git)
+  const httpsMatch = raw.match(/^https?:\/\/github\.com\/([^/\s]+)\/([^\s#]+)$/i);
+  if (httpsMatch) {
+    const parsed = normalizeGitHubOwnerRepo(httpsMatch[1], httpsMatch[2]);
+    if (!parsed) {
+      return { ok: false, error: { kind: 'invalidSource', message: 'Invalid HTTPS repository URL' } };
+    }
+
+    return {
+      ok: true,
+      host: GITHUB_HOST,
+      owner: parsed.owner,
+      repo: parsed.repo,
+      cloneUrlSsh: `git@github.com:${parsed.owner}/${parsed.repo}.git`,
+      cloneUrlHttps: `https://github.com/${parsed.owner}/${parsed.repo}.git`,
+      effectiveSubpath: explicitSubpath,
+      normalizedRepo: `${parsed.owner}/${parsed.repo}`,
+    };
+  }
+
+  // Shorthand: owner/repo[/subpath...]
+  const shorthandMatch = raw.match(/^([^/\s]+)\/([^/\s]+)(?:\/(.+))?$/);
+  if (shorthandMatch) {
+    const parsed = normalizeGitHubOwnerRepo(shorthandMatch[1], shorthandMatch[2]);
+    if (!parsed) {
+      return { ok: false, error: { kind: 'invalidSource', message: 'Invalid repository source' } };
+    }
+
+    const shorthandSubpath = typeof shorthandMatch[3] === 'string' && shorthandMatch[3].trim() ? shorthandMatch[3].trim() : null;
+    const effectiveSubpath = explicitSubpath || shorthandSubpath;
+
+    return {
+      ok: true,
+      host: GITHUB_HOST,
+      owner: parsed.owner,
+      repo: parsed.repo,
+      cloneUrlSsh: `git@github.com:${parsed.owner}/${parsed.repo}.git`,
+      cloneUrlHttps: `https://github.com/${parsed.owner}/${parsed.repo}.git`,
+      effectiveSubpath,
+      normalizedRepo: `${parsed.owner}/${parsed.repo}`,
+    };
+  }
+
+  return { ok: false, error: { kind: 'invalidSource', message: 'Unsupported repository source format' } };
+}

package/server/lib/terminal/DOCUMENTATION.md

@@ -0,0 +1,114 @@
+# Terminal Module Documentation
+
+## Purpose
+This module provides WebSocket protocol utilities for terminal input handling in the web server runtime, including message normalization, control frame parsing, rate limiting, and pathname resolution for terminal WebSocket connections.
+
+## Entrypoints and structure
+- `packages/web/server/lib/terminal/`: Terminal module directory.
+  - `index.js`: Stable module entrypoint that re-exports protocol helpers/constants.
+  - `input-ws-protocol.js`: Single-file module containing all terminal input WebSocket protocol utilities.
+- `packages/web/server/lib/terminal/input-ws-protocol.test.js`: Test file for protocol utilities.
+
+Public API entry point: imported by `packages/web/server/index.js` from `./lib/terminal/index.js`.
+
+## Public exports
+
+### Constants
+- `TERMINAL_INPUT_WS_PATH`: WebSocket endpoint path (`/api/terminal/input-ws`).
+- `TERMINAL_INPUT_WS_CONTROL_TAG_JSON`: Control frame tag byte (0x01) indicating JSON payload.
+- `TERMINAL_INPUT_WS_MAX_PAYLOAD_BYTES`: Maximum payload size (64KB).
+
+### Request Parsing
+- `parseRequestPathname(requestUrl)`: Extracts pathname from request URL string. Returns empty string for invalid inputs.
+
+### Message Normalization
+- `normalizeTerminalInputWsMessageToBuffer(rawData)`: Normalizes various data types (Buffer, Uint8Array, ArrayBuffer, string, chunk arrays) to a single Buffer.
+- `normalizeTerminalInputWsMessageToText(rawData)`: Normalizes data to UTF-8 text string. Passes through strings directly, converts binary data to text.
+
+### Control Frame Handling
+- `readTerminalInputWsControlFrame(rawData)`: Parses WebSocket message as control frame. Returns parsed JSON object or null if invalid/malformed. Validates control tag prefix and JSON structure.
+- `createTerminalInputWsControlFrame(payload)`: Creates a control frame with JSON payload. Prepends control tag byte.
+
+### Rate Limiting
+- `pruneRebindTimestamps(timestamps, now, windowMs)`: Filters timestamps to keep only those within the active time window.
+- `isRebindRateLimited(timestamps, maxPerWindow)`: Checks if rebind operations have exceeded rate limit threshold.
+
+## Response contracts
+
+### Control Frame
+Control frames use binary encoding:
+- First byte: `TERMINAL_INPUT_WS_CONTROL_TAG_JSON` (0x01)
+- Remaining bytes: UTF-8 encoded JSON object
+- Parsed result: Object or null on parse failure
+
+### Normalized Buffer
+Input types are normalized to Buffer:
+- `Buffer`: Returned as-is
+- `Uint8Array`/`ArrayBuffer`: Converted to Buffer
+- `String`: Converted to UTF-8 Buffer
+- `Array<Buffer|string|Uint8Array>`: Concatenated to single Buffer
+
+### Rate Limiting
+Rate limiting uses timestamp arrays:
+- `pruneRebindTimestamps`: Returns filtered array of active timestamps
+- `isRebindRateLimited`: Returns boolean indicating if limit is reached
+
+## Usage in web server
+
+The terminal protocol utilities are used by `packages/web/server/index.js` for:
+- WebSocket endpoint path definition (`TERMINAL_INPUT_WS_PATH`)
+- Message normalization for input handling
+- Control frame parsing for session binding
+- Rate limiting for session rebind operations
+- Request pathname parsing for WebSocket routing
+
+The web server uses these utilities in combination with `bun-pty` or `node-pty` for PTY session management.
+
+## Notes for contributors
+
+### Adding New Control Frame Types
+1. Define new control tag constants (e.g., `TERMINAL_INPUT_WS_CONTROL_TAG_CUSTOM = 0x02`)
+2. Update `readTerminalInputWsControlFrame` to handle new tag type
+3. Update `createTerminalInputWsControlFrame` or create new frame creation function
+4. Add corresponding tests in `terminal-input-ws-protocol.test.js`
+
+### Message Normalization
+- Always normalize incoming WebSocket messages before processing
+- Use `normalizeTerminalInputWsMessageToBuffer` for binary data
+- Use `normalizeTerminalInputWsMessageToText` for text data (terminal escape sequences)
+- Normalize chunked messages from WebSocket fragmentation handling
+
+### Rate Limiting
+- Rate limiting is time-window based: tracks timestamps within a rolling window
+- Use `pruneRebindTimestamps` to clean up stale timestamps before rate limit checks
+- Configure `maxPerWindow` based on operational requirements (prevent abuse)
+
+### Error Handling
+- `readTerminalInputWsControlFrame` returns null for invalid/malformed frames
+- `parseRequestPathname` returns empty string for invalid URLs
+- Callers should handle null/empty returns gracefully
+
+### Testing
+- Run `bun run type-check`, `bun run lint`, and `bun run build` before finalizing changes
+- Test edge cases: empty payloads, malformed JSON, chunked messages, rate limit boundaries
+- Verify control frame roundtrip: create → read → validate payload equality
+- Test pathname parsing with relative URLs, absolute URLs, and invalid inputs
+
+## Verification notes
+
+### Manual verification
+1. Start web server and create terminal session via `/api/terminal/create`
+2. Connect to `/api/terminal/input-ws` WebSocket
+3. Send control frames with valid/invalid payloads to verify parsing
+4. Test message normalization with various data types
+5. Verify rate limiting by issuing rapid rebind requests
+
+### Automated verification
+- Run test file: `bun test packages/web/server/lib/terminal/input-ws-protocol.test.js`
+- Protocol tests should pass covering:
+  - WebSocket path constant
+  - Control frame encoding/decoding
+  - Payload validation
+  - Message normalization (all data types)
+  - Pathname parsing
+  - Rate limiting logic

package/server/lib/terminal/index.js

@@ -0,0 +1,12 @@
+export {
+  TERMINAL_INPUT_WS_PATH,
+  TERMINAL_INPUT_WS_CONTROL_TAG_JSON,
+  TERMINAL_INPUT_WS_MAX_PAYLOAD_BYTES,
+  parseRequestPathname,
+  normalizeTerminalInputWsMessageToBuffer,
+  normalizeTerminalInputWsMessageToText,
+  readTerminalInputWsControlFrame,
+  createTerminalInputWsControlFrame,
+  pruneRebindTimestamps,
+  isRebindRateLimited,
+} from './input-ws-protocol.js';

package/server/lib/terminal/input-ws-protocol.js

@@ -0,0 +1,66 @@
+export const TERMINAL_INPUT_WS_PATH = '/api/terminal/input-ws';
+export const TERMINAL_INPUT_WS_CONTROL_TAG_JSON = 0x01;
+export const TERMINAL_INPUT_WS_MAX_PAYLOAD_BYTES = 64 * 1024;
+
+export const parseRequestPathname = (requestUrl) => {
+  if (typeof requestUrl !== 'string' || requestUrl.length === 0) {
+    return '';
+  }
+
+  try {
+    return new URL(requestUrl, 'http://localhost').pathname;
+  } catch {
+    return '';
+  }
+};
+
+export const normalizeTerminalInputWsMessageToBuffer = (rawData) => {
+  if (Buffer.isBuffer(rawData)) {
+    return rawData;
+  }
+
+  if (Array.isArray(rawData)) {
+    return Buffer.concat(rawData.map((chunk) => (Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk))));
+  }
+
+  return Buffer.from(rawData);
+};
+
+export const normalizeTerminalInputWsMessageToText = (rawData) => {
+  if (typeof rawData === 'string') {
+    return rawData;
+  }
+
+  return normalizeTerminalInputWsMessageToBuffer(rawData).toString('utf8');
+};
+
+export const readTerminalInputWsControlFrame = (rawData) => {
+  if (!rawData) {
+    return null;
+  }
+
+  const buffer = normalizeTerminalInputWsMessageToBuffer(rawData);
+  if (buffer.length < 2 || buffer[0] !== TERMINAL_INPUT_WS_CONTROL_TAG_JSON) {
+    return null;
+  }
+
+  try {
+    const parsed = JSON.parse(buffer.subarray(1).toString('utf8'));
+    if (!parsed || typeof parsed !== 'object') {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+};
+
+export const createTerminalInputWsControlFrame = (payload) => {
+  const jsonBytes = Buffer.from(JSON.stringify(payload), 'utf8');
+  return Buffer.concat([Buffer.from([TERMINAL_INPUT_WS_CONTROL_TAG_JSON]), jsonBytes]);
+};
+
+export const pruneRebindTimestamps = (timestamps, now, windowMs) =>
+  timestamps.filter((timestamp) => now - timestamp < windowMs);
+
+export const isRebindRateLimited = (timestamps, maxPerWindow) => timestamps.length >= maxPerWindow;

package/server/lib/terminal/input-ws-protocol.test.js

@@ -0,0 +1,138 @@
+import { describe, expect, it } from 'bun:test';
+
+import {
+  TERMINAL_INPUT_WS_CONTROL_TAG_JSON,
+  TERMINAL_INPUT_WS_PATH,
+  createTerminalInputWsControlFrame,
+  isRebindRateLimited,
+  normalizeTerminalInputWsMessageToBuffer,
+  normalizeTerminalInputWsMessageToText,
+  parseRequestPathname,
+  pruneRebindTimestamps,
+  readTerminalInputWsControlFrame,
+} from './input-ws-protocol.js';
+
+describe('terminal input websocket protocol', () => {
+  it('uses fixed websocket path', () => {
+    expect(TERMINAL_INPUT_WS_PATH).toBe('/api/terminal/input-ws');
+  });
+
+  it('encodes control frames with control tag prefix', () => {
+    const frame = createTerminalInputWsControlFrame({ t: 'ok', v: 1 });
+    expect(frame[0]).toBe(TERMINAL_INPUT_WS_CONTROL_TAG_JSON);
+  });
+
+  it('roundtrips control frame payload', () => {
+    const payload = { t: 'b', s: 'abc123', v: 1 };
+    const frame = createTerminalInputWsControlFrame(payload);
+    expect(readTerminalInputWsControlFrame(frame)).toEqual(payload);
+  });
+
+  it('rejects control frame without protocol tag', () => {
+    const frame = Buffer.from(JSON.stringify({ t: 'b', s: 'abc123' }), 'utf8');
+    expect(readTerminalInputWsControlFrame(frame)).toBeNull();
+  });
+
+  it('rejects malformed control json', () => {
+    const frame = Buffer.concat([
+      Buffer.from([TERMINAL_INPUT_WS_CONTROL_TAG_JSON]),
+      Buffer.from('{not json', 'utf8'),
+    ]);
+    expect(readTerminalInputWsControlFrame(frame)).toBeNull();
+  });
+
+  it('rejects empty control payloads', () => {
+    expect(readTerminalInputWsControlFrame(null)).toBeNull();
+    expect(readTerminalInputWsControlFrame(undefined)).toBeNull();
+    expect(readTerminalInputWsControlFrame(Buffer.alloc(0))).toBeNull();
+  });
+
+  it('rejects control json that is not object', () => {
+    const frame = Buffer.concat([
+      Buffer.from([TERMINAL_INPUT_WS_CONTROL_TAG_JSON]),
+      Buffer.from('"str"', 'utf8'),
+    ]);
+    expect(readTerminalInputWsControlFrame(frame)).toBeNull();
+  });
+
+  it('parses control frame from chunk arrays', () => {
+    const frame = createTerminalInputWsControlFrame({ t: 'bok', v: 1 });
+    const chunks = [frame.subarray(0, 2), frame.subarray(2)];
+    expect(readTerminalInputWsControlFrame(chunks)).toEqual({ t: 'bok', v: 1 });
+  });
+
+  it('normalizes buffer passthrough', () => {
+    const raw = Buffer.from('abc', 'utf8');
+    const normalized = normalizeTerminalInputWsMessageToBuffer(raw);
+    expect(normalized).toBe(raw);
+    expect(normalized.toString('utf8')).toBe('abc');
+  });
+
+  it('normalizes uint8 arrays', () => {
+    const normalized = normalizeTerminalInputWsMessageToBuffer(new Uint8Array([97, 98, 99]));
+    expect(normalized.toString('utf8')).toBe('abc');
+  });
+
+  it('normalizes array buffer payloads', () => {
+    const source = new Uint8Array([97, 98, 99]).buffer;
+    const normalized = normalizeTerminalInputWsMessageToBuffer(source);
+    expect(normalized.toString('utf8')).toBe('abc');
+  });
+
+  it('normalizes chunk array payloads', () => {
+    const normalized = normalizeTerminalInputWsMessageToBuffer([
+      Buffer.from('ab', 'utf8'),
+      Buffer.from('c', 'utf8'),
+    ]);
+    expect(normalized.toString('utf8')).toBe('abc');
+  });
+
+  it('normalizes text payload from string', () => {
+    expect(normalizeTerminalInputWsMessageToText('\u001b[A')).toBe('\u001b[A');
+  });
+
+  it('normalizes text payload from binary data', () => {
+    expect(normalizeTerminalInputWsMessageToText(Buffer.from('\r', 'utf8'))).toBe('\r');
+  });
+
+  it('parses relative request pathname', () => {
+    expect(parseRequestPathname('/api/terminal/input-ws?x=1')).toBe('/api/terminal/input-ws');
+  });
+
+  it('parses absolute request pathname', () => {
+    expect(parseRequestPathname('http://localhost:3000/api/terminal/input-ws')).toBe('/api/terminal/input-ws');
+  });
+
+  it('returns empty pathname for non-string request url', () => {
+    expect(parseRequestPathname(null)).toBe('');
+  });
+
+  it('returns empty pathname for invalid request url', () => {
+    expect(parseRequestPathname('http://')).toBe('');
+    expect(parseRequestPathname('')).toBe('');
+  });
+
+  it('prunes stale rebind timestamps', () => {
+    const now = 1_000;
+    const pruned = pruneRebindTimestamps([100, 200, 950, 999], now, 100);
+    expect(pruned).toEqual([950, 999]);
+  });
+
+  it('keeps rebind timestamps within active window', () => {
+    const now = 1_000;
+    const pruned = pruneRebindTimestamps([920, 950, 999], now, 100);
+    expect(pruned).toEqual([920, 950, 999]);
+  });
+
+  it('does not rate limit below threshold', () => {
+    expect(isRebindRateLimited([1, 2, 3], 4)).toBe(false);
+  });
+
+  it('does not rate limit empty window', () => {
+    expect(isRebindRateLimited([], 1)).toBe(false);
+  });
+
+  it('rate limits at threshold', () => {
+    expect(isRebindRateLimited([1, 2, 3, 4], 4)).toBe(true);
+  });
+});