@bakapiano/ccsm 0.13.0 → 0.14.0

package/lib/cliSessionWatcher.js

@@ -34,6 +34,19 @@ const readline = require('node:readline');
 const POLL_MS = 1_500;
 const WINDOW_MS = 5 * 60_000;
 
+// Module-level set of upstream session UUIDs known to belong to some
+// ccsm session — either persisted on disk (seeded at watcher start via
+// the excludeIds arg), or captured by another in-flight watcher in
+// THIS server's lifetime. Grows monotonically; we never unclaim because
+// the file-level cliSessionId is sticky too.
+//
+// Why module-level rather than per-watcher: when two ccsm sessions
+// spawn back-to-back in the same cwd, the FIRST watcher might capture
+// its UUID AFTER the second watcher started. The second watcher needs
+// to see "this UUID just got claimed" without us threading a notify
+// callback. Sharing the set in module scope is the simplest fix.
+const claimedIds = new Set();
+
 const profiles = {
   claude: {
     dirFor: (cwd) => path.join(os.homedir(), '.claude', 'projects', claudeSlug(cwd)),
@@ -76,12 +89,17 @@ const profiles = {
   },
 };
 
-function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDOW_MS }) {
+function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDOW_MS, excludeIds = [] }) {
   const profile = profiles[cliType];
   if (!profile) return () => {};
   const dir = profile.dirFor(cwd);
   const spawnAt = Date.now();
-  console.log(`[cliSessionWatcher] start ${cliType} dir=${dir} cwd=${cwd}`);
+  // Seed module-level claimedIds with the caller's view of "already
+  // assigned" UUIDs (typically persistedSessions cliSessionIds). The
+  // poll loop reads claimedIds fresh every tick so concurrent watchers
+  // see each other's captures.
+  for (const id of (excludeIds || [])) if (id) claimedIds.add(id);
+  console.log(`[cliSessionWatcher] start ${cliType} dir=${dir} cwd=${cwd}${claimedIds.size ? ` claimed=${claimedIds.size}` : ''}`);
 
   let stopped = false;
   let captured = false;
@@ -104,6 +122,10 @@ function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDO
   const finish = (sessionId) => {
     if (stopped) return;
     captured = true;
+    // Add to module-level claimedIds BEFORE firing onCapture so any
+    // concurrent watcher polling at the same instant won't also grab
+    // this UUID. Sticky for the lifetime of the server.
+    claimedIds.add(sessionId);
     cleanup();
     console.log(`[cliSessionWatcher] captured ${cliType} ${sessionId}`);
     try { onCapture?.(sessionId); } catch (e) { console.error('[cliSessionWatcher] onCapture:', e); }
@@ -128,6 +150,10 @@ function captureSessionId({ cliType, cwd, onCapture, onTimeout, windowMs = WINDO
         if (profile.filePattern && !profile.filePattern.test(base)) continue;
         const id = profile.parseId(base);
         if (!id) continue;
+        // Already-claimed-by-another-ccsm-session UUIDs are never ours.
+        // claimedIds is module-level so concurrent watchers see each
+        // other's captures (not just the snapshot at our spawn time).
+        if (claimedIds.has(id)) { rejected.add(entryPath); continue; }
         let st;
         try { st = await fsp.stat(entryPath); } catch { continue; }
         // Mtime gate is re-evaluated every poll: don't memoise it. If the

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bakapiano/ccsm",
-  "version": "0.13.0",
+  "version": "0.14.0",
   "description": "Claude Code Session Manager — Windows web UI to manage many concurrent claude sessions: live list, snapshot/restore, focus existing window, new session in an isolated workspace with repo clones",
   "license": "MIT",
   "main": "server.js",

package/scripts/install.js

@@ -29,17 +29,34 @@ if (process.platform !== 'win32') {
 // always means a first-time `npx @bakapiano/ccsm` gets the full "click
 // to wake" UX without needing a separate `npm i -g`.
 
+// Returns { ccsmCmd, isSandbox } where isSandbox=true means this install
+// went into a non-default prefix (e.g. `npm i -g --prefix=<tmp>` from
+// the in-app upgrade's test mode). For sandboxed installs we DO NOT
+// touch the global launcher.vbs / ccsm:// protocol registration —
+// otherwise we'd repoint them at a directory that gets deleted later.
 function findCcsmCmd() {
-  const prefix = process.env.npm_config_prefix
-    || (() => {
-      try {
-        const r = spawnSync('npm', ['config', 'get', 'prefix'], { encoding: 'utf8', shell: true });
-        return r.stdout?.trim() || null;
-      } catch { return null; }
-    })();
-  if (!prefix) return null;
+  const givenPrefix = process.env.npm_config_prefix || null;
+  let defaultPrefix = null;
+  try {
+    // npm config get prefix when run WITHOUT --prefix returns the
+    // user's default global prefix; with --prefix it echoes the flag.
+    // We want the env-independent default so we can compare. INIT_CWD
+    // and a clean spawn give us the user-default value.
+    const r = spawnSync('npm', ['config', 'get', 'prefix'], {
+      encoding: 'utf8', shell: true,
+      env: { ...process.env, npm_config_prefix: '' },
+    });
+    defaultPrefix = r.stdout?.trim() || null;
+  } catch {}
+  const prefix = givenPrefix || defaultPrefix;
+  if (!prefix) return { ccsmCmd: null, isSandbox: false };
   const candidate = path.join(prefix, 'ccsm.cmd');
-  return fs.existsSync(candidate) ? candidate : null;
+  const isSandbox = !!(givenPrefix && defaultPrefix
+    && path.resolve(givenPrefix).toLowerCase() !== path.resolve(defaultPrefix).toLowerCase());
+  return {
+    ccsmCmd: fs.existsSync(candidate) ? candidate : null,
+    isSandbox,
+  };
 }
 
 // Write a tiny VBScript wrapper that ccsm:// dispatches into. Why VBS:
@@ -91,13 +108,17 @@ function registerProtocol(vbsPath) {
   }
 }
 
-const ccsmCmd = (() => {
-  try { return findCcsmCmd(); } catch { return null; }
+const { ccsmCmd, isSandbox } = (() => {
+  try { return findCcsmCmd(); } catch { return { ccsmCmd: null, isSandbox: false }; }
 })();
 if (!ccsmCmd) {
   warn('could not locate ccsm.cmd · skipping protocol registration');
   process.exit(0);
 }
+if (isSandbox) {
+  log(`sandbox install detected (prefix=${process.env.npm_config_prefix}) · skipping global launcher.vbs + protocol registration + auto-launch`);
+  process.exit(0);
+}
 
 try {
   const vbsPath = writeLauncherVbs(ccsmCmd);

package/scripts/upgrade-helper.js

@@ -0,0 +1,155 @@
+#!/usr/bin/env node
+'use strict';
+
+// In-app upgrade helper · spawned detached by /api/upgrade.
+//
+// The previous implementation kicked off `npm i -g` directly from the
+// running server. On Windows that fails with EBUSY: npm tries to rename
+// the package directory but the server has files open inside it.
+//
+// This script breaks the cycle:
+//
+//   1. Server validates the upgrade request, spawns this helper detached
+//      with [target, port, pid] argv, sends 200 OK, then gracefulShutdowns.
+//   2. Helper waits for the old port to free up + the old pid to die.
+//   3. Helper runs `npm i -g @bakapiano/ccsm@<target>` synchronously.
+//   4. On success it spawns `ccsm` detached (which spins up the new
+//      backend on the same port) and exits.
+//
+// Logs everything to ~/.ccsm/upgrade.log so a failed upgrade is
+// debuggable without the user needing to re-run the command manually.
+//
+// Argv: node upgrade-helper.js <target> <port> <pid> [installPrefix] [respawn=1|0]
+// - installPrefix: when set, runs `npm i -g --prefix=<this>` so the
+//   global install can be redirected to a sandbox dir for testing
+//   against a live prod install without disturbing it. Respawn then
+//   uses <prefix>/ccsm.cmd (Windows) or <prefix>/bin/ccsm (posix).
+// - respawn: '0' skips the final ccsm respawn (also useful for tests).
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+const net = require('node:net');
+const { spawn, spawnSync } = require('node:child_process');
+
+const target = process.argv[2] || 'latest';
+const oldPort = Number(process.argv[3] || 7777);
+const oldPid = Number(process.argv[4] || 0);
+const installPrefix = process.argv[5] || '';
+const doRespawn = process.argv[6] !== '0';
+
+const HOME = process.env.CCSM_HOME || path.join(os.homedir(), '.ccsm');
+const LOG = path.join(HOME, 'upgrade.log');
+try { fs.mkdirSync(HOME, { recursive: true }); } catch {}
+
+function log(msg) {
+  const line = `[${new Date().toISOString()}] ${msg}\n`;
+  try { fs.appendFileSync(LOG, line); } catch {}
+}
+
+function sleep(ms) { return new Promise((r) => setTimeout(r, ms)); }
+
+// Returns true once nothing answers on host:port within timeoutMs.
+function portFree(port, timeoutMs = 800) {
+  return new Promise((resolve) => {
+    const s = new net.Socket();
+    let settled = false;
+    const finish = (free) => { if (settled) return; settled = true; try { s.destroy(); } catch {} resolve(free); };
+    s.setTimeout(timeoutMs);
+    s.once('connect', () => finish(false));
+    s.once('timeout', () => finish(true));
+    s.once('error', () => finish(true));
+    s.connect(port, '127.0.0.1');
+  });
+}
+
+function pidAlive(pid) {
+  if (!pid) return false;
+  try { process.kill(pid, 0); return true; }
+  catch (e) { return e.code === 'EPERM'; }
+}
+
+(async () => {
+  log(`start · target=${target} oldPort=${oldPort} oldPid=${oldPid}${installPrefix ? ` prefix=${installPrefix}` : ''}${!doRespawn ? ' (no respawn)' : ''}`);
+
+  // Wait up to 30s for the old server to be gone. Both port-free AND
+  // pid-dead so we don't fight npm's rename for a stale file handle.
+  const deadline = Date.now() + 30_000;
+  while (Date.now() < deadline) {
+    const free = await portFree(oldPort);
+    const dead = !pidAlive(oldPid);
+    if (free && dead) break;
+    await sleep(250);
+  }
+  log(`old server gone (or 30s elapsed) · running npm install`);
+
+  // npm.cmd is a batch wrapper on Windows; spawn it via cmd.exe /c so
+  // we don't need shell:true (which would mean argv quoting). target
+  // has already been regex-validated server-side so this is safe.
+  const isWin = process.platform === 'win32';
+  const arg = `@bakapiano/ccsm@${target}`;
+  const npmArgs = ['i', '-g'];
+  if (installPrefix) {
+    try { fs.mkdirSync(installPrefix, { recursive: true }); } catch {}
+    npmArgs.push(`--prefix=${installPrefix}`);
+  }
+  npmArgs.push(arg);
+  let r;
+  if (isWin) {
+    r = spawnSync(process.env.ComSpec || 'cmd.exe',
+      ['/d', '/s', '/c', 'npm', ...npmArgs],
+      { stdio: ['ignore', 'pipe', 'pipe'], windowsHide: true });
+  } else {
+    r = spawnSync('npm', npmArgs,
+      { stdio: ['ignore', 'pipe', 'pipe'] });
+  }
+  const stdout = r.stdout?.toString().trim();
+  const stderr = r.stderr?.toString().trim();
+  log(`npm exit=${r.status}${stdout ? `\nSTDOUT:\n${stdout}` : ''}${stderr ? `\nSTDERR:\n${stderr}` : ''}`);
+  if (r.status !== 0) {
+    log(`upgrade failed · not respawning`);
+    process.exit(1);
+  }
+
+  if (!doRespawn) {
+    log(`respawn skipped (respawn=0)`);
+    return;
+  }
+
+  // Respawn ccsm. With installPrefix the binary lives there; otherwise
+  // it's on PATH from the global npm install. The launcher handles
+  // detect-or-spawn-server and detaches.
+  //
+  // On Windows, CreateProcess refuses to spawn .cmd / .bat directly —
+  // they're cmd.exe scripts, not native exes. Route through cmd.exe /c
+  // so it loads the wrapper.
+  const ccsmCmd = installPrefix
+    ? (isWin ? path.join(installPrefix, 'ccsm.cmd') : path.join(installPrefix, 'bin', 'ccsm'))
+    : (isWin ? 'ccsm.cmd' : 'ccsm');
+  const childEnv = { ...process.env, CCSM_NO_BROWSER: '1' };
+  let exe, exeArgs;
+  if (isWin) {
+    exe = process.env.ComSpec || 'cmd.exe';
+    exeArgs = ['/d', '/s', '/c', ccsmCmd];
+  } else {
+    exe = ccsmCmd;
+    exeArgs = [];
+  }
+  try {
+    const child = spawn(exe, exeArgs, {
+      detached: true,
+      stdio: 'ignore',
+      windowsHide: true,
+      shell: false,
+      env: childEnv,
+    });
+    child.unref();
+    log(`respawned ${ccsmCmd} (via ${path.basename(exe)})`);
+  } catch (e) {
+    log(`respawn failed: ${e.message}`);
+    process.exit(1);
+  }
+})().catch((e) => {
+  log(`fatal: ${e.message}`);
+  process.exit(1);
+});

package/server.js

@@ -2,6 +2,7 @@
 'use strict';
 
 const path = require('node:path');
+const os = require('node:os');
 const express = require('express');
 
 const { loadConfig, saveConfig, DATA_DIR } = require('./lib/config');
@@ -267,16 +268,24 @@ async function maybeWatchCliSessionId({ cli, cwd, ccsmSessionId }) {
   // If a previous watcher was still alive on this id (e.g. fast restart),
   // tear it down first.
   stopWatcher(ccsmSessionId);
+  let excludeIds = [];
   try {
-    const existing = await persistedSessions.get(ccsmSessionId);
+    const all = await persistedSessions.loadAll();
+    const existing = all.find((s) => s.id === ccsmSessionId);
     if (existing?.cliSessionId) {
       console.log(`[cliSessionId] skip watcher · ${cli.type} session already known (${existing.cliSessionId})`);
       return;
     }
+    // Other ccsm sessions' upstream UUIDs — exclude so the watcher
+    // doesn't misclaim a sibling's actively-touched transcript.
+    excludeIds = all
+      .filter((s) => s.id !== ccsmSessionId && s.cliSessionId)
+      .map((s) => s.cliSessionId);
   } catch {}
   const cleanup = cliSessionWatcher.captureSessionId({
     cliType: cli.type,
     cwd,
+    excludeIds,
     onCapture: (cliSessionId) => {
       activeWatchers.delete(ccsmSessionId);
       persistedSessions.update(ccsmSessionId, { cliSessionId }).catch((e) => {
@@ -852,6 +861,14 @@ app.post('/api/sessions/:id/resume', asyncH(async (req, res) => {
   // Already running and attached → no-op, just return its id.
   const live = webTerminal.get(record.id);
   if (live && !live.exitedAt) {
+    // Pool says we're alive but the record may be stale (e.g. a prior
+    // markRunning got clobbered by an OLD entry's onExit before the
+    // respawn-guard landed, or boot mark-exited ran after a pool entry
+    // was already wired). Reconcile the file to match the pool so the
+    // frontend doesn't get stuck on "Resuming session…" forever.
+    if (record.status !== 'running' || record.pid !== live.meta.pid) {
+      try { await persistedSessions.markRunning(record.id, live.meta.pid); } catch {}
+    }
     return res.json({ launched: { id: record.id, pid: live.meta.pid, cliId: record.cliId } });
   }
   const cfg = await loadConfig();
@@ -1007,55 +1024,60 @@ app.post('/api/upgrade', asyncH(async (req, res) => {
   if (upgradeInFlight) {
     return res.status(409).json({ error: 'upgrade already in progress' });
   }
-  upgradeInFlight = true;
-  const target = String((req.body && req.body.target) || 'latest');
+  const body = req.body || {};
+  const target = String(body.target || 'latest');
   // Refuse anything that doesn't look like a semver dist-tag or version
   // — defends against `;` etc. winding up in the spawn argv even though
   // we don't shell out.
   if (!/^[a-z0-9.+\-^~]+$/i.test(target)) {
-    upgradeInFlight = false;
     return res.status(400).json({ error: `invalid target: ${target}` });
   }
-  console.log(`[upgrade] starting npm i -g @bakapiano/ccsm@${target}`);
-  res.json({ ok: true, started: true, target });
+  // Optional sandbox install prefix (for testing without disturbing the
+  // user's real global ccsm). Validated as a plain absolute path so it
+  // can't be a flag injection.
+  const installPrefix = body.installPrefix ? String(body.installPrefix) : '';
+  if (installPrefix && (installPrefix.startsWith('-') || !path.isAbsolute(installPrefix))) {
+    return res.status(400).json({ error: 'installPrefix must be an absolute path' });
+  }
+  const respawn = body.respawn === false ? '0' : '1';
+  upgradeInFlight = true;
+  console.log(`[upgrade] target=${target}${installPrefix ? ` prefix=${installPrefix}` : ''}${respawn === '0' ? ' (no respawn)' : ''}`);
+
+  // The helper runs OUTSIDE the package dir so npm can rename it
+  // without fighting open file handles. Copy the script to os.tmpdir()
+  // and spawn from there.
+  const fsp = require('node:fs/promises');
+  const helperSrc = path.join(__dirname, 'scripts', 'upgrade-helper.js');
+  const helperTmp = path.join(os.tmpdir(), `ccsm-upgrade-${process.pid}-${Date.now()}.js`);
+  try {
+    await fsp.copyFile(helperSrc, helperTmp);
+  } catch (e) {
+    upgradeInFlight = false;
+    return res.status(500).json({ error: `helper copy failed: ${e.message}` });
+  }
+  const args = [helperTmp, target, String(currentPort), String(process.pid), installPrefix, respawn];
 
-  // Defer the actual spawn so the HTTP response flushes first.
+  res.json({ ok: true, started: true, target, helper: helperTmp });
+
+  // Flush response, then spawn helper detached and gracefulShutdown so
+  // the helper's npm install isn't fighting our open file handles.
   setImmediate(() => {
     const { spawn } = require('node:child_process');
-    const npmExe = process.platform === 'win32' ? 'npm.cmd' : 'npm';
-    const args = ['i', '-g', `@bakapiano/ccsm@${target}`];
-    const child = spawn(npmExe, args, {
-      detached: true,
-      stdio: 'ignore',
-      windowsHide: true,
-      shell: false,
-    });
-    child.on('error', (e) => {
-      console.error('[upgrade] npm spawn failed:', e.message);
-      upgradeInFlight = false;
-    });
-    child.on('exit', (code) => {
-      console.log(`[upgrade] npm exit ${code}`);
+    try {
+      const child = spawn(process.execPath, args, {
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+        shell: false,
+      });
+      child.unref();
+      console.log(`[upgrade] helper pid=${child.pid}, shutting down`);
+    } catch (e) {
+      console.error('[upgrade] helper spawn failed:', e.message);
       upgradeInFlight = false;
-      if (code !== 0) return;
-      // Install succeeded → spawn a fresh ccsm and shut down. The
-      // launcher already detaches on its own.
-      try {
-        const ccsmCmd = process.platform === 'win32' ? 'ccsm.cmd' : 'ccsm';
-        const respawn = spawn(ccsmCmd, [], {
-          detached: true,
-          stdio: 'ignore',
-          windowsHide: true,
-          shell: false,
-          env: { ...process.env, CCSM_NO_BROWSER: '1' },
-        });
-        respawn.unref();
-      } catch (e) {
-        console.error('[upgrade] respawn failed:', e.message);
-      }
-      setTimeout(() => gracefulShutdown('upgrade'), 1500);
-    });
-    child.unref();
+      return;
+    }
+    setTimeout(() => gracefulShutdown('upgrade'), 500);
   });
 }));