@bakapiano/ccsm 0.12.0 → 0.14.0

package/lib/cliSessionWatcher.js

@@ -34,6 +34,19 @@ const readline = require('node:readline');
 const POLL_MS = 1_500;
 const WINDOW_MS = 5 * 60_000;
 
+// Module-level set of upstream session UUIDs known to belong to some
+// ccsm session — either persisted on disk (seeded at watcher start via
+// the excludeIds arg), or captured by another in-flight watcher in
+// THIS server's lifetime. Grows monotonically; we never unclaim because
+// the file-level cliSessionId is sticky too.
+//
+// Why module-level rather than per-watcher: when two ccsm sessions
+// spawn back-to-back in the same cwd, the FIRST watcher might capture
+// its UUID AFTER the second watcher started. The second watcher needs
+// to see "this UUID just got claimed" without us threading a notify
+// callback. Sharing the set in module scope is the simplest fix.
+const claimedIds = new Set();
+
 const profiles = {
   claude: {
     dirFor: (cwd) => path.join(os.homedir(), '.claude', 'projects', claudeSlug(cwd)),
@@ -76,12 +89,17 @@ const profiles = {
   },
 };
 
-function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDOW_MS }) {
+function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDOW_MS, excludeIds = [] }) {
   const profile = profiles[cliType];
   if (!profile) return () => {};
   const dir = profile.dirFor(cwd);
   const spawnAt = Date.now();
-  console.log(`[cliSessionWatcher] start ${cliType} dir=${dir} cwd=${cwd}`);
+  // Seed module-level claimedIds with the caller's view of "already
+  // assigned" UUIDs (typically persistedSessions cliSessionIds). The
+  // poll loop reads claimedIds fresh every tick so concurrent watchers
+  // see each other's captures.
+  for (const id of (excludeIds || [])) if (id) claimedIds.add(id);
+  console.log(`[cliSessionWatcher] start ${cliType} dir=${dir} cwd=${cwd}${claimedIds.size ? ` claimed=${claimedIds.size}` : ''}`);
 
   let stopped = false;
   let captured = false;
@@ -104,6 +122,10 @@ function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDO
   const finish = (sessionId) => {
     if (stopped) return;
     captured = true;
+    // Add to module-level claimedIds BEFORE firing onCapture so any
+    // concurrent watcher polling at the same instant won't also grab
+    // this UUID. Sticky for the lifetime of the server.
+    claimedIds.add(sessionId);
     cleanup();
     console.log(`[cliSessionWatcher] captured ${cliType} ${sessionId}`);
     try { onCapture?.(sessionId); } catch (e) { console.error('[cliSessionWatcher] onCapture:', e); }
@@ -128,6 +150,10 @@ function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDO
         if (profile.filePattern && !profile.filePattern.test(base)) continue;
         const id = profile.parseId(base);
         if (!id) continue;
+        // Already-claimed-by-another-ccsm-session UUIDs are never ours.
+        // claimedIds is module-level so concurrent watchers see each
+        // other's captures (not just the snapshot at our spawn time).
+        if (claimedIds.has(id)) { rejected.add(entryPath); continue; }
         let st;
         try { st = await fsp.stat(entryPath); } catch { continue; }
         // Mtime gate is re-evaluated every poll: don't memoise it. If the

package/lib/webTerminal.js

@@ -84,6 +84,12 @@ function spawn({ command, args = [], cwd, env, cols = 120, rows = 30, meta = {},
     if (entry.onDataExtra) { try { entry.onDataExtra(data); } catch {} }
   });
   proc.onExit(({ exitCode, signal }) => {
+    // If a respawn replaced us in the pool (same entryId, new entry
+    // object), do not touch persistedSessions or schedule a delete —
+    // those belong to the new entry now. Without this guard, a slow-
+    // dying old PTY would fire markExited on the same sessionId and
+    // clobber the new spawn's markRunning state.
+    if (sessions.get(entryId) !== entry) return;
     entry.exitCode = exitCode;
     entry.exitedAt = Date.now();
     const frame = JSON.stringify({ type: 'exit', code: exitCode, signal });
@@ -91,8 +97,18 @@ function spawn({ command, args = [], cwd, env, cols = 120, rows = 30, meta = {},
       try { ws.send(frame); } catch {}
     }
     if (entry.onExitExtra) { try { entry.onExitExtra({ exitCode, signal }); } catch {} }
-    setTimeout(() => sessions.delete(entryId), 30_000);
+    setTimeout(() => {
+      if (sessions.get(entryId) === entry) sessions.delete(entryId);
+    }, 30_000);
   });
+  // If a previous entry exists under the same id (respawn), kill its
+  // pty so we don't have zombie claude.exe processes hanging on. The
+  // onExit guard above ensures its callback no-ops once we've taken
+  // over the slot.
+  const prev = sessions.get(entryId);
+  if (prev && !prev.exitedAt) {
+    try { prev.pty.kill(); } catch {}
+  }
   sessions.set(entryId, entry);
   return entry;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bakapiano/ccsm",
-  "version": "0.12.0",
+  "version": "0.14.0",
   "description": "Claude Code Session Manager — Windows web UI to manage many concurrent claude sessions: live list, snapshot/restore, focus existing window, new session in an isolated workspace with repo clones",
   "license": "MIT",
   "main": "server.js",

package/public/css/widgets.css

@@ -980,6 +980,38 @@
   gap: 6px;
   margin-top: 4px;
 }
+.entity-test-button { margin-right: auto; }
+
+.entity-test-result {
+  margin-top: 4px;
+  padding: 8px 10px;
+  border-radius: 6px;
+  border: 1px solid var(--border);
+  background: var(--bg);
+  display: flex;
+  flex-direction: column;
+  gap: 6px;
+  font-size: 12.5px;
+}
+.entity-test-result.is-ok    { border-color: rgba(74, 138, 74, 0.4); background: rgba(74, 138, 74, 0.06); }
+.entity-test-result.is-fail  { border-color: rgba(183, 63, 63, 0.4); background: rgba(183, 63, 63, 0.06); }
+.entity-test-summary {
+  font-family: var(--body);
+  font-weight: 500;
+  color: var(--ink);
+}
+.entity-test-result.is-fail .entity-test-summary { color: var(--red); }
+.entity-test-out {
+  margin: 0;
+  font-family: var(--mono);
+  font-size: 11.5px;
+  color: var(--ink-mid);
+  white-space: pre-wrap;
+  word-break: break-word;
+  max-height: 120px;
+  overflow-y: auto;
+}
+.entity-test-out.is-stderr { color: var(--ink-muted); border-top: 1px dashed var(--border); padding-top: 4px; }
 
 .icon-radio {
   display: grid;

package/public/js/api.js

@@ -28,11 +28,11 @@ export async function loadConfig() {
 export async function updateCli(id, patch) {
   const cfg = S.config.value || (await api('GET', '/api/config'));
   const target = (cfg.clis || []).find((c) => c.id === id);
-  // Built-in CLIs lock down identity-defining fields. UI already greys these
-  // out; we belt-and-braces here so a tampered request from elsewhere
-  // can't change them either.
+  // Built-in CLIs lock down structural fields (id + builtin flag) but
+  // allow command edits — users routinely need to point at an absolute
+  // path (e.g. C:\Users\you\.local\bin\claude.exe) or a wrapper script
+  // when the bare name isn't on the spawn-time PATH.
   if (target?.builtin) {
-    delete patch.command;
     delete patch.id;
     delete patch.builtin;
   }
@@ -52,6 +52,14 @@ export async function updateCli(id, patch) {
   return id;
 }
 
+// Probe a (possibly-unsaved) CLI config: spawn its command with
+// `--version`, capture output, see if it looks like the claimed type.
+// `args` is intentionally ignored server-side — runtime flags can
+// disturb a quick probe.
+export async function testCli({ command, shell, type }) {
+  return api('POST', '/api/clis/test', { command, shell, type });
+}
+
 export async function deleteCli(id) {
   const cfg = S.config.value || (await api('GET', '/api/config'));
   const target = (cfg.clis || []).find((c) => c.id === id);

package/public/js/components/EntityFormModal.js

@@ -18,10 +18,13 @@ import { Modal } from './Modal.js';
 export function EntityFormModal({
   title, fields, initial = {}, submitLabel = 'Save',
   readOnlyKeys = [],
-  onSubmit, onClose, danger,
+  onSubmit, onClose, onTest, testLabel = 'Test',
+  danger,
 }) {
   const [draft, setDraft] = useState(() => ({ ...initialFrom(fields), ...initial }));
   const [saving, setSaving] = useState(false);
+  const [testing, setTesting] = useState(false);
+  const [testResult, setTestResult] = useState(null);
 
   const isReadOnly = (key) => readOnlyKeys.includes(key);
 
@@ -36,6 +39,20 @@ export function EntityFormModal({
     finally { setSaving(false); }
   };
 
+  const runTest = async () => {
+    if (!onTest) return;
+    setTesting(true);
+    setTestResult(null);
+    try {
+      const r = await onTest(draft);
+      setTestResult(r);
+    } catch (e) {
+      setTestResult({ ok: false, spawnError: String(e?.message || e) });
+    } finally {
+      setTesting(false);
+    }
+  };
+
   return html`
     <${Modal} title=${title} onClose=${onClose} width=${440}>
       <form class="entity-form" onSubmit=${submit}>
@@ -87,7 +104,26 @@ export function EntityFormModal({
             ${f.hint && f.type !== 'checkbox' ? html`
               <span class="entity-field-hint">${f.hint}</span>` : null}
           </label>`)}
+        ${testResult ? html`
+          <div class=${`entity-test-result ${testResult.ok ? 'is-ok' : 'is-fail'}`}>
+            <div class="entity-test-summary">
+              ${testResult.ok ? '✓' : '✗'} ${testResult.ok ? 'works' : 'failed'}
+              ${typeof testResult.exitCode === 'number' ? html` · exit ${testResult.exitCode}` : null}
+              ${typeof testResult.durationMs === 'number' ? html` · ${testResult.durationMs}ms` : null}
+              ${testResult.timedOut ? html` · timed out` : null}
+              ${testResult.matchedType === true ? html` · type matches ${testResult.expectedType}` : null}
+              ${testResult.matchedType === false ? html` · type mismatch (expected ${testResult.expectedType})` : null}
+            </div>
+            ${testResult.spawnError ? html`<pre class="entity-test-out">${testResult.spawnError}</pre>` : null}
+            ${testResult.stdout ? html`<pre class="entity-test-out">${testResult.stdout}</pre>` : null}
+            ${testResult.stderr ? html`<pre class="entity-test-out is-stderr">${testResult.stderr}</pre>` : null}
+          </div>` : null}
         <div class="entity-form-actions">
+          ${onTest ? html`
+            <button type="button" class="action small subtle entity-test-button"
+                    disabled=${testing} onClick=${runTest}>
+              ${testing ? 'Testing…' : testLabel}
+            </button>` : null}
           <button type="button" class="action small subtle" onClick=${onClose}>Cancel</button>
           <button type="submit" class=${`action small ${danger ? 'danger' : 'primary'}`}
                   disabled=${saving}>

package/public/js/components/Sidebar.js

@@ -56,47 +56,6 @@ function SessionRow({ s }) {
     }
   };
 
-  const onContext = async (ev) => {
-    ev.preventDefault();
-    ev.stopPropagation();
-    // Quick menu: Rename / Move / Delete. We use sequential prompts
-    // to avoid building a real context-menu component for now.
-    const action = await ccsmPrompt(
-      `${title} · ${running ? 'running' : 'stopped'}\nType: rename / move / delete / resume / cancel`,
-      'cancel', { title: s.id, okLabel: 'OK' });
-    if (!action) return;
-    const verb = action.trim().toLowerCase();
-    if (verb === 'rename') {
-      const next = await ccsmPrompt('New title', title, { title: 'Rename session', okLabel: 'Save' });
-      if (next === null) return;
-      try { await setSessionTitle(s.id, next.trim()); setToast('renamed'); }
-      catch (e) { setToast(e.message, 'error'); }
-    } else if (verb === 'move') {
-      // Move to a folder by name
-      const folderNames = folders.value.map((f) => f.name).join(', ');
-      const target = await ccsmPrompt(
-        `Move to which folder? (empty = Unsorted)\nExisting: ${folderNames || '(none)'}`,
-        '', { title: 'Move', okLabel: 'Move' });
-      if (target === null) return;
-      const t = target.trim();
-      const folder = t ? folders.value.find((f) => f.name.toLowerCase() === t.toLowerCase()) : null;
-      if (t && !folder) { setToast(`no folder named "${t}"`, 'error'); return; }
-      try { await setSessionFolder(s.id, folder ? folder.id : null); setToast('moved'); }
-      catch (e) { setToast(e.message, 'error'); }
-    } else if (verb === 'delete') {
-      const ok = await ccsmConfirm(`Delete session ${title}? PTY will be killed if alive.`, {
-        title: 'Delete session', okLabel: 'Delete', danger: true });
-      if (!ok) return;
-      try {
-        await deleteSession(s.id);
-        if (activeSessionId.value === s.id) activeSessionId.value = null;
-      } catch (e) { setToast(e.message, 'error'); }
-    } else if (verb === 'resume' && !running) {
-      try { await resumeSession(s.id); selectSession(s.id); }
-      catch (e) { setToast(e.message, 'error'); }
-    }
-  };
-
   const onRenameClick = async (ev) => {
     ev.preventDefault();
     ev.stopPropagation();
@@ -135,7 +94,6 @@ function SessionRow({ s }) {
          onDragStart=${onDragStart}
          onDragEnd=${onDragEnd}
          onClick=${onClick}
-         onContextMenu=${onContext}
          title=${`${title}\n${s.cwd}\n${running ? 'running' : 'stopped'} · ${s.cliId}`}>
       <span class=${`tree-dot ${running ? 'is-running' : 'is-stopped'}`}></span>
       <span class="tree-label">${title}</span>

package/public/js/components/TerminalView.js

@@ -86,6 +86,22 @@ export function TerminalView({ terminalId }) {
     } catch (e) {
       console.warn('[ccsm] WebGL addon failed, using DOM renderer:', e);
     }
+    // Ctrl+C with a selection: by default xterm.js sends \x03 AND the
+    // browser's own copy event fires — so the user gets "selection
+    // copied to clipboard" AND the running CLI gets SIGINT. Mirror
+    // VSCode/Windows Terminal behaviour: when there's a selection,
+    // suppress \x03 and let the copy event do its thing. With no
+    // selection, Ctrl+C still sends \x03 normally.
+    term.attachCustomKeyEventHandler((ev) => {
+      if (ev.type === 'keydown'
+          && ev.ctrlKey && !ev.shiftKey && !ev.altKey && !ev.metaKey
+          && ev.key.toLowerCase() === 'c'
+          && term.hasSelection()) {
+        return false;
+      }
+      return true;
+    });
+
     const host = hostRef.current;
     term.open(host);
     // Defer fit one tick so the container has measured layout

package/public/js/pages/ConfigurePage.js

@@ -10,7 +10,7 @@ import {
 } from '../state.js';
 import {
   api, loadConfig, loadWorkspaces, loadFolders,
-  createCli, updateCli, deleteCli, setDefaultCli,
+  createCli, updateCli, deleteCli, setDefaultCli, testCli,
   createRepo, updateRepo, deleteRepo,
   createFolder, renameFolder, deleteFolder, reorderFolders,
   deleteWorkspace,
@@ -252,6 +252,7 @@ export function ConfigurePage() {
     ${edit?.kind === 'cli-new' ? html`
       <${EntityFormModal} title="New CLI" fields=${cliFieldsFor({ creating: true })}
         onClose=${close} submitLabel="Create"
+        onTest=${(v) => testCli({ command: v.command, shell: v.shell, type: v.type })}
         onSubmit=${async (v) => {
           try { await createCli(v); setToast(`created CLI · ${v.name}`); }
           catch (e) { setToast(e.message, 'error'); throw e; }
@@ -259,7 +260,7 @@ export function ConfigurePage() {
 
     ${edit?.kind === 'cli-edit' ? html`
       <${EntityFormModal} title=${`Edit ${edit.payload.name}`} fields=${cliFieldsFor()}
-        readOnlyKeys=${edit.payload.builtin ? ['type', 'command'] : []}
+        readOnlyKeys=${edit.payload.builtin ? ['type'] : []}
         initial=${{
           ...edit.payload,
           args: (edit.payload.args || []).join(' '),
@@ -267,6 +268,7 @@ export function ConfigurePage() {
           resumeIdArgs: (edit.payload.resumeIdArgs || []).join(' '),
         }}
         onClose=${close}
+        onTest=${(v) => testCli({ command: v.command, shell: v.shell, type: v.type })}
         onSubmit=${async (v) => {
           try {
             const patch = {
@@ -275,8 +277,6 @@ export function ConfigurePage() {
               resumeArgs: typeof v.resumeArgs === 'string' ? v.resumeArgs.split(/\s+/).filter(Boolean) : v.resumeArgs,
               resumeIdArgs: typeof v.resumeIdArgs === 'string' ? v.resumeIdArgs.split(/\s+/).filter(Boolean) : v.resumeIdArgs,
             };
-            // command is locked on builtins — drop any tampered value.
-            if (edit.payload.builtin) delete patch.command;
             await updateCli(edit.payload.id, patch);
             setToast('saved');
           } catch (e) { setToast(e.message, 'error'); throw e; }

package/scripts/install.js

@@ -29,17 +29,34 @@ if (process.platform !== 'win32') {
 // always means a first-time `npx @bakapiano/ccsm` gets the full "click
 // to wake" UX without needing a separate `npm i -g`.
 
+// Returns { ccsmCmd, isSandbox } where isSandbox=true means this install
+// went into a non-default prefix (e.g. `npm i -g --prefix=<tmp>` from
+// the in-app upgrade's test mode). For sandboxed installs we DO NOT
+// touch the global launcher.vbs / ccsm:// protocol registration —
+// otherwise we'd repoint them at a directory that gets deleted later.
 function findCcsmCmd() {
-  const prefix = process.env.npm_config_prefix
-    || (() => {
-      try {
-        const r = spawnSync('npm', ['config', 'get', 'prefix'], { encoding: 'utf8', shell: true });
-        return r.stdout?.trim() || null;
-      } catch { return null; }
-    })();
-  if (!prefix) return null;
+  const givenPrefix = process.env.npm_config_prefix || null;
+  let defaultPrefix = null;
+  try {
+    // npm config get prefix when run WITHOUT --prefix returns the
+    // user's default global prefix; with --prefix it echoes the flag.
+    // We want the env-independent default so we can compare. INIT_CWD
+    // and a clean spawn give us the user-default value.
+    const r = spawnSync('npm', ['config', 'get', 'prefix'], {
+      encoding: 'utf8', shell: true,
+      env: { ...process.env, npm_config_prefix: '' },
+    });
+    defaultPrefix = r.stdout?.trim() || null;
+  } catch {}
+  const prefix = givenPrefix || defaultPrefix;
+  if (!prefix) return { ccsmCmd: null, isSandbox: false };
   const candidate = path.join(prefix, 'ccsm.cmd');
-  return fs.existsSync(candidate) ? candidate : null;
+  const isSandbox = !!(givenPrefix && defaultPrefix
+    && path.resolve(givenPrefix).toLowerCase() !== path.resolve(defaultPrefix).toLowerCase());
+  return {
+    ccsmCmd: fs.existsSync(candidate) ? candidate : null,
+    isSandbox,
+  };
 }
 
 // Write a tiny VBScript wrapper that ccsm:// dispatches into. Why VBS:
@@ -91,13 +108,17 @@ function registerProtocol(vbsPath) {
   }
 }
 
-const ccsmCmd = (() => {
-  try { return findCcsmCmd(); } catch { return null; }
+const { ccsmCmd, isSandbox } = (() => {
+  try { return findCcsmCmd(); } catch { return { ccsmCmd: null, isSandbox: false }; }
 })();
 if (!ccsmCmd) {
   warn('could not locate ccsm.cmd · skipping protocol registration');
   process.exit(0);
 }
+if (isSandbox) {
+  log(`sandbox install detected (prefix=${process.env.npm_config_prefix}) · skipping global launcher.vbs + protocol registration + auto-launch`);
+  process.exit(0);
+}
 
 try {
   const vbsPath = writeLauncherVbs(ccsmCmd);

package/scripts/upgrade-helper.js

@@ -0,0 +1,155 @@
+#!/usr/bin/env node
+'use strict';
+
+// In-app upgrade helper · spawned detached by /api/upgrade.
+//
+// The previous implementation kicked off `npm i -g` directly from the
+// running server. On Windows that fails with EBUSY: npm tries to rename
+// the package directory but the server has files open inside it.
+//
+// This script breaks the cycle:
+//
+//   1. Server validates the upgrade request, spawns this helper detached
+//      with [target, port, pid] argv, sends 200 OK, then gracefulShutdowns.
+//   2. Helper waits for the old port to free up + the old pid to die.
+//   3. Helper runs `npm i -g @bakapiano/ccsm@<target>` synchronously.
+//   4. On success it spawns `ccsm` detached (which spins up the new
+//      backend on the same port) and exits.
+//
+// Logs everything to ~/.ccsm/upgrade.log so a failed upgrade is
+// debuggable without the user needing to re-run the command manually.
+//
+// Argv: node upgrade-helper.js <target> <port> <pid> [installPrefix] [respawn=1|0]
+// - installPrefix: when set, runs `npm i -g --prefix=<this>` so the
+//   global install can be redirected to a sandbox dir for testing
+//   against a live prod install without disturbing it. Respawn then
+//   uses <prefix>/ccsm.cmd (Windows) or <prefix>/bin/ccsm (posix).
+// - respawn: '0' skips the final ccsm respawn (also useful for tests).
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+const net = require('node:net');
+const { spawn, spawnSync } = require('node:child_process');
+
+const target = process.argv[2] || 'latest';
+const oldPort = Number(process.argv[3] || 7777);
+const oldPid = Number(process.argv[4] || 0);
+const installPrefix = process.argv[5] || '';
+const doRespawn = process.argv[6] !== '0';
+
+const HOME = process.env.CCSM_HOME || path.join(os.homedir(), '.ccsm');
+const LOG = path.join(HOME, 'upgrade.log');
+try { fs.mkdirSync(HOME, { recursive: true }); } catch {}
+
+function log(msg) {
+  const line = `[${new Date().toISOString()}] ${msg}\n`;
+  try { fs.appendFileSync(LOG, line); } catch {}
+}
+
+function sleep(ms) { return new Promise((r) => setTimeout(r, ms)); }
+
+// Returns true once nothing answers on host:port within timeoutMs.
+function portFree(port, timeoutMs = 800) {
+  return new Promise((resolve) => {
+    const s = new net.Socket();
+    let settled = false;
+    const finish = (free) => { if (settled) return; settled = true; try { s.destroy(); } catch {} resolve(free); };
+    s.setTimeout(timeoutMs);
+    s.once('connect', () => finish(false));
+    s.once('timeout', () => finish(true));
+    s.once('error', () => finish(true));
+    s.connect(port, '127.0.0.1');
+  });
+}
+
+function pidAlive(pid) {
+  if (!pid) return false;
+  try { process.kill(pid, 0); return true; }
+  catch (e) { return e.code === 'EPERM'; }
+}
+
+(async () => {
+  log(`start · target=${target} oldPort=${oldPort} oldPid=${oldPid}${installPrefix ? ` prefix=${installPrefix}` : ''}${!doRespawn ? ' (no respawn)' : ''}`);
+
+  // Wait up to 30s for the old server to be gone. Both port-free AND
+  // pid-dead so we don't fight npm's rename for a stale file handle.
+  const deadline = Date.now() + 30_000;
+  while (Date.now() < deadline) {
+    const free = await portFree(oldPort);
+    const dead = !pidAlive(oldPid);
+    if (free && dead) break;
+    await sleep(250);
+  }
+  log(`old server gone (or 30s elapsed) · running npm install`);
+
+  // npm.cmd is a batch wrapper on Windows; spawn it via cmd.exe /c so
+  // we don't need shell:true (which would mean argv quoting). target
+  // has already been regex-validated server-side so this is safe.
+  const isWin = process.platform === 'win32';
+  const arg = `@bakapiano/ccsm@${target}`;
+  const npmArgs = ['i', '-g'];
+  if (installPrefix) {
+    try { fs.mkdirSync(installPrefix, { recursive: true }); } catch {}
+    npmArgs.push(`--prefix=${installPrefix}`);
+  }
+  npmArgs.push(arg);
+  let r;
+  if (isWin) {
+    r = spawnSync(process.env.ComSpec || 'cmd.exe',
+      ['/d', '/s', '/c', 'npm', ...npmArgs],
+      { stdio: ['ignore', 'pipe', 'pipe'], windowsHide: true });
+  } else {
+    r = spawnSync('npm', npmArgs,
+      { stdio: ['ignore', 'pipe', 'pipe'] });
+  }
+  const stdout = r.stdout?.toString().trim();
+  const stderr = r.stderr?.toString().trim();
+  log(`npm exit=${r.status}${stdout ? `\nSTDOUT:\n${stdout}` : ''}${stderr ? `\nSTDERR:\n${stderr}` : ''}`);
+  if (r.status !== 0) {
+    log(`upgrade failed · not respawning`);
+    process.exit(1);
+  }
+
+  if (!doRespawn) {
+    log(`respawn skipped (respawn=0)`);
+    return;
+  }
+
+  // Respawn ccsm. With installPrefix the binary lives there; otherwise
+  // it's on PATH from the global npm install. The launcher handles
+  // detect-or-spawn-server and detaches.
+  //
+  // On Windows, CreateProcess refuses to spawn .cmd / .bat directly —
+  // they're cmd.exe scripts, not native exes. Route through cmd.exe /c
+  // so it loads the wrapper.
+  const ccsmCmd = installPrefix
+    ? (isWin ? path.join(installPrefix, 'ccsm.cmd') : path.join(installPrefix, 'bin', 'ccsm'))
+    : (isWin ? 'ccsm.cmd' : 'ccsm');
+  const childEnv = { ...process.env, CCSM_NO_BROWSER: '1' };
+  let exe, exeArgs;
+  if (isWin) {
+    exe = process.env.ComSpec || 'cmd.exe';
+    exeArgs = ['/d', '/s', '/c', ccsmCmd];
+  } else {
+    exe = ccsmCmd;
+    exeArgs = [];
+  }
+  try {
+    const child = spawn(exe, exeArgs, {
+      detached: true,
+      stdio: 'ignore',
+      windowsHide: true,
+      shell: false,
+      env: childEnv,
+    });
+    child.unref();
+    log(`respawned ${ccsmCmd} (via ${path.basename(exe)})`);
+  } catch (e) {
+    log(`respawn failed: ${e.message}`);
+    process.exit(1);
+  }
+})().catch((e) => {
+  log(`fatal: ${e.message}`);
+  process.exit(1);
+});

package/server.js

@@ -2,6 +2,7 @@
 'use strict';
 
 const path = require('node:path');
+const os = require('node:os');
 const express = require('express');
 
 const { loadConfig, saveConfig, DATA_DIR } = require('./lib/config');
@@ -267,16 +268,24 @@ async function maybeWatchCliSessionId({ cli, cwd, ccsmSessionId }) {
   // If a previous watcher was still alive on this id (e.g. fast restart),
   // tear it down first.
   stopWatcher(ccsmSessionId);
+  let excludeIds = [];
   try {
-    const existing = await persistedSessions.get(ccsmSessionId);
+    const all = await persistedSessions.loadAll();
+    const existing = all.find((s) => s.id === ccsmSessionId);
     if (existing?.cliSessionId) {
       console.log(`[cliSessionId] skip watcher · ${cli.type} session already known (${existing.cliSessionId})`);
       return;
     }
+    // Other ccsm sessions' upstream UUIDs — exclude so the watcher
+    // doesn't misclaim a sibling's actively-touched transcript.
+    excludeIds = all
+      .filter((s) => s.id !== ccsmSessionId && s.cliSessionId)
+      .map((s) => s.cliSessionId);
   } catch {}
   const cleanup = cliSessionWatcher.captureSessionId({
     cliType: cli.type,
     cwd,
+    excludeIds,
     onCapture: (cliSessionId) => {
       activeWatchers.delete(ccsmSessionId);
       persistedSessions.update(ccsmSessionId, { cliSessionId }).catch((e) => {
@@ -393,7 +402,92 @@ app.put('/api/config', asyncH(async (req, res) => {
   res.json(decorateConfigWithProbes(cfg));
 }));
 
-// ---- CLIs ----
+// ---- CLI probe / test ----
+//
+// Run the user's configured command with `--version` and report back
+// stdout/stderr + whether the output looks like the claimed CLI type.
+// Used by the Configure page "Test" button so the user can verify the
+// command resolves + actually launches the right tool BEFORE saving.
+// Body: { command, args?, shell?, type? }. args is ignored for the
+// version probe — we always append `--version` directly so the user's
+// runtime args (e.g. --dangerously-skip-permissions) don't perturb the
+// quick probe.
+app.post('/api/clis/test', asyncH(async (req, res) => {
+  const { spawn } = require('node:child_process');
+  const body = req.body || {};
+  const command = String(body.command || '').trim();
+  const shell = ['direct', 'pwsh', 'cmd'].includes(body.shell) ? body.shell : 'direct';
+  const type = ['claude', 'codex', 'copilot', 'other'].includes(body.type) ? body.type : 'other';
+  if (!command) return res.status(400).json({ error: 'command required' });
+
+  // Build the test exec. Same shell-wrapping rules as resolveCommand,
+  // but we force `--version` as the only arg and we DROP `-NoExit`
+  // from the pwsh wrapper so pwsh terminates after printing.
+  let exe, args;
+  const cmd = command.replace(/^\.[\\\/]/, '');
+  const versionArg = '--version';
+  if (shell === 'pwsh') {
+    const joined = `& ${/[\s'"\`$]/.test(cmd) ? `'${cmd.replace(/'/g, "''")}'` : cmd} ${versionArg}`;
+    exe = 'pwsh.exe';
+    args = ['-NoLogo', '-Command', joined];
+  } else if (shell === 'cmd') {
+    exe = process.env.ComSpec || 'cmd.exe';
+    args = ['/d', '/s', '/c', `${cmd} ${versionArg}`];
+  } else if (path.isAbsolute(cmd)) {
+    const ext = path.extname(cmd).toLowerCase();
+    if (ext === '.cmd' || ext === '.bat') {
+      exe = process.env.ComSpec || 'cmd.exe';
+      args = ['/d', '/s', '/c', cmd, versionArg];
+    } else if (ext === '.ps1') {
+      exe = 'powershell.exe';
+      args = ['-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', cmd, versionArg];
+    } else {
+      exe = cmd;
+      args = [versionArg];
+    }
+  } else {
+    exe = process.env.ComSpec || 'cmd.exe';
+    args = ['/d', '/s', '/c', cmd, versionArg];
+  }
+
+  const t0 = Date.now();
+  let stdout = '';
+  let stderr = '';
+  let exitCode = null;
+  let timedOut = false;
+  let spawnError = null;
+  try {
+    const child = spawn(exe, args, { env: spawnEnv(), windowsHide: true });
+    const killer = setTimeout(() => { timedOut = true; try { child.kill(); } catch {} }, 5000);
+    child.stdout.on('data', (d) => { stdout += d.toString(); if (stdout.length > 8192) stdout = stdout.slice(0, 8192); });
+    child.stderr.on('data', (d) => { stderr += d.toString(); if (stderr.length > 8192) stderr = stderr.slice(0, 8192); });
+    exitCode = await new Promise((resolve, reject) => {
+      child.on('exit', (code) => { clearTimeout(killer); resolve(code); });
+      child.on('error', (err) => { clearTimeout(killer); reject(err); });
+    });
+  } catch (e) {
+    spawnError = String(e && e.message || e);
+  }
+  const durationMs = Date.now() - t0;
+
+  const out = (stdout + '\n' + stderr).toLowerCase();
+  const PATTERNS = {
+    claude:  /claude/,
+    codex:   /codex|openai/,
+    copilot: /copilot/,
+  };
+  const matchedType = type === 'other' ? null : (PATTERNS[type] ? PATTERNS[type].test(out) : null);
+  const ok = !spawnError && !timedOut && exitCode === 0;
+  res.json({
+    ok, exitCode, durationMs, timedOut, spawnError,
+    stdout: stdout.trim(),
+    stderr: stderr.trim(),
+    matchedType,
+    expectedType: type,
+    spawned: { exe, args },
+  });
+}));
+
 // ---- folders ----
 
 app.get('/api/folders', asyncH(async (_req, res) => {
@@ -767,6 +861,14 @@ app.post('/api/sessions/:id/resume', asyncH(async (req, res) => {
   // Already running and attached → no-op, just return its id.
   const live = webTerminal.get(record.id);
   if (live && !live.exitedAt) {
+    // Pool says we're alive but the record may be stale (e.g. a prior
+    // markRunning got clobbered by an OLD entry's onExit before the
+    // respawn-guard landed, or boot mark-exited ran after a pool entry
+    // was already wired). Reconcile the file to match the pool so the
+    // frontend doesn't get stuck on "Resuming session…" forever.
+    if (record.status !== 'running' || record.pid !== live.meta.pid) {
+      try { await persistedSessions.markRunning(record.id, live.meta.pid); } catch {}
+    }
     return res.json({ launched: { id: record.id, pid: live.meta.pid, cliId: record.cliId } });
   }
   const cfg = await loadConfig();
@@ -922,55 +1024,60 @@ app.post('/api/upgrade', asyncH(async (req, res) => {
   if (upgradeInFlight) {
     return res.status(409).json({ error: 'upgrade already in progress' });
   }
-  upgradeInFlight = true;
-  const target = String((req.body && req.body.target) || 'latest');
+  const body = req.body || {};
+  const target = String(body.target || 'latest');
   // Refuse anything that doesn't look like a semver dist-tag or version
   // — defends against `;` etc. winding up in the spawn argv even though
   // we don't shell out.
   if (!/^[a-z0-9.+\-^~]+$/i.test(target)) {
-    upgradeInFlight = false;
     return res.status(400).json({ error: `invalid target: ${target}` });
   }
-  console.log(`[upgrade] starting npm i -g @bakapiano/ccsm@${target}`);
-  res.json({ ok: true, started: true, target });
+  // Optional sandbox install prefix (for testing without disturbing the
+  // user's real global ccsm). Validated as a plain absolute path so it
+  // can't be a flag injection.
+  const installPrefix = body.installPrefix ? String(body.installPrefix) : '';
+  if (installPrefix && (installPrefix.startsWith('-') || !path.isAbsolute(installPrefix))) {
+    return res.status(400).json({ error: 'installPrefix must be an absolute path' });
+  }
+  const respawn = body.respawn === false ? '0' : '1';
+  upgradeInFlight = true;
+  console.log(`[upgrade] target=${target}${installPrefix ? ` prefix=${installPrefix}` : ''}${respawn === '0' ? ' (no respawn)' : ''}`);
 
-  // Defer the actual spawn so the HTTP response flushes first.
+  // The helper runs OUTSIDE the package dir so npm can rename it
+  // without fighting open file handles. Copy the script to os.tmpdir()
+  // and spawn from there.
+  const fsp = require('node:fs/promises');
+  const helperSrc = path.join(__dirname, 'scripts', 'upgrade-helper.js');
+  const helperTmp = path.join(os.tmpdir(), `ccsm-upgrade-${process.pid}-${Date.now()}.js`);
+  try {
+    await fsp.copyFile(helperSrc, helperTmp);
+  } catch (e) {
+    upgradeInFlight = false;
+    return res.status(500).json({ error: `helper copy failed: ${e.message}` });
+  }
+  const args = [helperTmp, target, String(currentPort), String(process.pid), installPrefix, respawn];
+
+  res.json({ ok: true, started: true, target, helper: helperTmp });
+
+  // Flush response, then spawn helper detached and gracefulShutdown so
+  // the helper's npm install isn't fighting our open file handles.
   setImmediate(() => {
     const { spawn } = require('node:child_process');
-    const npmExe = process.platform === 'win32' ? 'npm.cmd' : 'npm';
-    const args = ['i', '-g', `@bakapiano/ccsm@${target}`];
-    const child = spawn(npmExe, args, {
-      detached: true,
-      stdio: 'ignore',
-      windowsHide: true,
-      shell: false,
-    });
-    child.on('error', (e) => {
-      console.error('[upgrade] npm spawn failed:', e.message);
-      upgradeInFlight = false;
-    });
-    child.on('exit', (code) => {
-      console.log(`[upgrade] npm exit ${code}`);
+    try {
+      const child = spawn(process.execPath, args, {
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+        shell: false,
+      });
+      child.unref();
+      console.log(`[upgrade] helper pid=${child.pid}, shutting down`);
+    } catch (e) {
+      console.error('[upgrade] helper spawn failed:', e.message);
       upgradeInFlight = false;
-      if (code !== 0) return;
-      // Install succeeded → spawn a fresh ccsm and shut down. The
-      // launcher already detaches on its own.
-      try {
-        const ccsmCmd = process.platform === 'win32' ? 'ccsm.cmd' : 'ccsm';
-        const respawn = spawn(ccsmCmd, [], {
-          detached: true,
-          stdio: 'ignore',
-          windowsHide: true,
-          shell: false,
-          env: { ...process.env, CCSM_NO_BROWSER: '1' },
-        });
-        respawn.unref();
-      } catch (e) {
-        console.error('[upgrade] respawn failed:', e.message);
-      }
-      setTimeout(() => gracefulShutdown('upgrade'), 1500);
-    });
-    child.unref();
+      return;
+    }
+    setTimeout(() => gracefulShutdown('upgrade'), 500);
   });
 }));