@covibes/zeroshot 5.2.1 → 5.3.0

package/src/isolation-manager.js

@@ -3,18 +3,21 @@
  *
  * Handles:
  * - Container creation with workspace mounts
- * - Credential injection for Claude CLI
+ * - Credential injection for provider CLIs
  * - Command execution inside containers
  * - Container cleanup on stop/kill
  */
 
 const { spawn, execSync } = require('child_process');
 const { Worker } = require('worker_threads');
+const crypto = require('crypto');
 const path = require('path');
 const os = require('os');
 const fs = require('fs');
 const { loadSettings } = require('../lib/settings');
+const { normalizeProviderName } = require('../lib/provider-names');
 const { resolveMounts, resolveEnvs, expandEnvPatterns } = require('../lib/docker-config');
+const { getProvider } = require('./providers');
 
 /**
  * Escape a string for safe use in shell commands
@@ -28,6 +31,19 @@ function escapeShell(str) {
   return `'${str.replace(/'/g, "'\\''")}'`;
 }
 
+function expandHomePath(value) {
+  if (!value) return value;
+  if (value === '~') return os.homedir();
+  return value.replace(/^~(?=\/|$)/, os.homedir());
+}
+
+function pathContains(base, target) {
+  const resolvedBase = path.resolve(base);
+  const resolvedTarget = path.resolve(target);
+  if (resolvedBase === resolvedTarget) return true;
+  return resolvedTarget.startsWith(resolvedBase + path.sep);
+}
+
 const DEFAULT_IMAGE = 'zeroshot-cluster-base';
 
 class IsolationManager {
@@ -68,6 +84,7 @@ class IsolationManager {
    * @param {boolean} [config.reuseExistingWorkspace=false] - If true, reuse existing isolated workspace (for resume)
    * @param {Array<string|object>} [config.mounts] - Override default mounts (preset names or {host, container, readonly})
    * @param {boolean} [config.noMounts=false] - Disable all credential mounts
+   * @param {string} [config.provider] - Provider name for credential warnings
    * @returns {Promise<string>} Container ID
    */
   async createContainer(clusterId, config) {
@@ -117,6 +134,9 @@ class IsolationManager {
 
     // Resolve container home directory EARLY - needed for Claude config mount and hooks
     const settings = loadSettings();
+    const providerName = normalizeProviderName(
+      config.provider || settings.defaultProvider || 'claude'
+    );
     const containerHome = config.containerHome || settings.dockerContainerHome || '/root';
 
     // Create fresh Claude config dir for this cluster (avoids permission issues from host)
@@ -145,6 +165,8 @@ class IsolationManager {
       `${clusterConfigDir}:${containerHome}/.claude`,
     ];
 
+    const mountedHosts = [];
+
     // Add configurable credential mounts
     // Priority: CLI config > env var > settings > defaults
     if (!config.noMounts) {
@@ -168,9 +190,18 @@ class IsolationManager {
 
       // Resolve presets to actual mount specs (containerHome already resolved above)
       const mounts = resolveMounts(mountConfig, { containerHome });
+      const claudeContainerPath = path.posix.join(containerHome, '.claude');
 
       for (const mount of mounts) {
-        const hostPath = mount.host.replace(/^~/, os.homedir());
+        if (mount.container === claudeContainerPath) {
+          console.warn(
+            `[IsolationManager] Skipping mount for ${mount.host} -> ${mount.container} ` +
+              '(Claude config is managed by zeroshot).'
+          );
+          continue;
+        }
+
+        const hostPath = expandHomePath(mount.host);
 
         // Check path exists and is mountable
         try {
@@ -188,12 +219,11 @@ class IsolationManager {
           ? `${hostPath}:${mount.container}:ro`
           : `${hostPath}:${mount.container}`;
         args.push('-v', mountSpec);
+        mountedHosts.push(hostPath);
       }
 
       // Pass env vars based on enabled presets
-      const envSpecs = expandEnvPatterns(
-        resolveEnvs(mountConfig, settings.dockerEnvPassthrough)
-      );
+      const envSpecs = expandEnvPatterns(resolveEnvs(mountConfig, settings.dockerEnvPassthrough));
       for (const spec of envSpecs) {
         if (spec.forced) {
           // Forced value - always pass with specified value
@@ -205,15 +235,30 @@ class IsolationManager {
       }
     }
 
+    // Warn when provider credentials are likely missing
+    if (providerName !== 'claude') {
+      const provider = getProvider(providerName);
+      const credentialPaths = provider.getCredentialPaths ? provider.getCredentialPaths() : [];
+      const expandedCreds = credentialPaths.map((cred) => expandHomePath(cred));
+      const hasCredentialMount = mountedHosts.some((hostPath) =>
+        expandedCreds.some(
+          (credPath) => pathContains(hostPath, credPath) || pathContains(credPath, hostPath)
+        )
+      );
+
+      if (!hasCredentialMount && expandedCreds.length > 0) {
+        const exampleHost = credentialPaths[0];
+        const exampleContainer = exampleHost.replace(/^~(?=\/|$)/, containerHome);
+        const mountNote = config.noMounts ? 'Credential mounts are disabled. ' : '';
+        console.warn(
+          `[IsolationManager] ⚠️  ${mountNote}No credential mounts found for ${provider.displayName}. ` +
+            `Add one with --mount ${exampleHost}:${exampleContainer}:ro`
+        );
+      }
+    }
+
     // Finish docker args
-    args.push(
-      '-w',
-      '/workspace',
-      image,
-      'tail',
-      '-f',
-      '/dev/null'
-    );
+    args.push('-w', '/workspace', image, 'tail', '-f', '/dev/null');
 
     return new Promise((resolve, reject) => {
       const proc = spawn('docker', args, { stdio: ['pipe', 'pipe', 'pipe'] });
@@ -240,116 +285,7 @@ class IsolationManager {
           try {
             console.log(`[IsolationManager] Checking for package.json in ${workDir}...`);
             if (fs.existsSync(path.join(workDir, 'package.json'))) {
-              // Check if node_modules already exists in container (pre-baked or previous run)
-              const checkResult = await this.execInContainer(
-                clusterId,
-                ['sh', '-c', 'test -d node_modules && test -f node_modules/.package-lock.json && echo "exists"'],
-                {}
-              );
-
-              if (checkResult.code === 0 && checkResult.stdout.trim() === 'exists') {
-                console.log(`[IsolationManager] ✓ Dependencies already installed (skipping npm install)`);
-              } else {
-                // Check if npm is available in container
-                const npmCheck = await this.execInContainer(clusterId, ['which', 'npm'], {});
-                if (npmCheck.code !== 0) {
-                  console.log(`[IsolationManager] npm not available in container, skipping dependency install`);
-                } else {
-                  // Issue #20: Try to use pre-baked dependencies first
-                  // Check if pre-baked deps exist and can satisfy project requirements
-                  const preBakeCheck = await this.execInContainer(
-                    clusterId,
-                    ['sh', '-c', 'test -d /pre-baked-deps/node_modules && echo "exists"'],
-                    {}
-                  );
-
-                  if (preBakeCheck.code === 0 && preBakeCheck.stdout.trim() === 'exists') {
-                    console.log(`[IsolationManager] Checking if pre-baked deps satisfy requirements...`);
-
-                    // Copy pre-baked deps, then run npm install to add any missing
-                    // This is faster than full npm install: copy is ~2s, npm install adds ~5-10s for missing
-                    const copyResult = await this.execInContainer(
-                      clusterId,
-                      ['sh', '-c', 'cp -rn /pre-baked-deps/node_modules . 2>/dev/null || true'],
-                      {}
-                    );
-
-                    if (copyResult.code === 0) {
-                      console.log(`[IsolationManager] ✓ Copied pre-baked dependencies`);
-
-                      // Run npm install to add any missing deps (much faster with pre-baked base)
-                      const installResult = await this.execInContainer(
-                        clusterId,
-                        ['sh', '-c', 'npm_config_engine_strict=false npm install --no-audit --no-fund --prefer-offline'],
-                        {}
-                      );
-
-                      if (installResult.code === 0) {
-                        console.log(`[IsolationManager] ✓ Dependencies installed (pre-baked + incremental)`);
-                      } else {
-                        // Fallback: full install (pre-baked copy may have caused issues)
-                        console.warn(`[IsolationManager] Incremental install failed, falling back to full install`);
-                        await this.execInContainer(
-                          clusterId,
-                          ['sh', '-c', 'rm -rf node_modules && npm_config_engine_strict=false npm install --no-audit --no-fund'],
-                          {}
-                        );
-                        console.log(`[IsolationManager] ✓ Dependencies installed (full fallback)`);
-                      }
-                    }
-                  } else {
-                    // No pre-baked deps, full npm install with retries
-                    console.log(`[IsolationManager] Installing npm dependencies in container...`);
-
-                    // Retry npm install with exponential backoff (network issues are common)
-                    const maxRetries = 3;
-                    const baseDelay = 2000; // 2 seconds
-                    let installResult = null;
-
-                    for (let attempt = 1; attempt <= maxRetries; attempt++) {
-                      try {
-                        installResult = await this.execInContainer(
-                          clusterId,
-                          ['sh', '-c', 'npm_config_engine_strict=false npm install --no-audit --no-fund'],
-                          {}
-                        );
-
-                        if (installResult.code === 0) {
-                          console.log(`[IsolationManager] ✓ Dependencies installed`);
-                          break; // Success - exit retry loop
-                        }
-
-                        // Failed - retry if not last attempt
-                        // Use stderr if available, otherwise stdout (npm writes some errors to stdout)
-                        const errorOutput = (installResult.stderr || installResult.stdout || '').slice(0, 500);
-                        if (attempt < maxRetries) {
-                          const delay = baseDelay * Math.pow(2, attempt - 1);
-                          console.warn(
-                            `[IsolationManager] ⚠️ npm install failed (attempt ${attempt}/${maxRetries}), retrying in ${delay}ms...`
-                          );
-                          console.warn(`[IsolationManager] Error: ${errorOutput}`);
-                          await new Promise((_resolve) => setTimeout(_resolve, delay));
-                        } else {
-                          console.warn(
-                            `[IsolationManager] ⚠️ npm install failed after ${maxRetries} attempts (non-fatal): ${errorOutput}`
-                          );
-                        }
-                      } catch (execErr) {
-                        if (attempt < maxRetries) {
-                          const delay = baseDelay * Math.pow(2, attempt - 1);
-                          console.warn(
-                            `[IsolationManager] ⚠️ npm install execution error (attempt ${attempt}/${maxRetries}), retrying in ${delay}ms...`
-                          );
-                          console.warn(`[IsolationManager] Error: ${execErr.message}`);
-                          await new Promise((_resolve) => setTimeout(_resolve, delay));
-                        } else {
-                          throw execErr; // Re-throw on last attempt
-                        }
-                      }
-                    }
-                  }
-                }
-              }
+              await this._installDependenciesWithRetry(clusterId);
             }
           } catch (err) {
             console.warn(
@@ -369,6 +305,81 @@ class IsolationManager {
     });
   }
 
+  async _installDependenciesWithRetry(clusterId) {
+    console.log(`[IsolationManager] Installing npm dependencies in container...`);
+
+    const maxRetries = 3;
+    const baseDelay = 2000; // 2 seconds
+    const installCommand = [
+      'sh',
+      '-c',
+      [
+        'if [ -d node_modules ] && [ -f node_modules/.package-lock.json ]; then',
+        'echo "__deps_present__";',
+        'exit 0;',
+        'fi;',
+        'if ! command -v npm >/dev/null 2>&1; then',
+        'echo "__npm_missing__";',
+        'exit 127;',
+        'fi;',
+        'if [ -d /pre-baked-deps/node_modules ]; then',
+        'cp -rn /pre-baked-deps/node_modules . 2>/dev/null || true;',
+        'npm_config_engine_strict=false npm install --no-audit --no-fund --prefer-offline;',
+        'install_code=$?;',
+        'if [ $install_code -ne 0 ]; then',
+        'rm -rf node_modules;',
+        'npm_config_engine_strict=false npm install --no-audit --no-fund;',
+        'fi;',
+        'else',
+        'npm_config_engine_strict=false npm install --no-audit --no-fund;',
+        'fi',
+      ].join(' '),
+    ];
+
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+      try {
+        const installResult = await this.execInContainer(clusterId, installCommand, {});
+        const stdout = installResult.stdout || '';
+
+        if (installResult.code === 0) {
+          if (stdout.includes('__deps_present__')) {
+            console.log(
+              `[IsolationManager] ✓ Dependencies already installed (skipping npm install)`
+            );
+          } else {
+            console.log(`[IsolationManager] ✓ Dependencies installed`);
+          }
+          return;
+        }
+
+        const errorOutput = (installResult.stderr || installResult.stdout || '').slice(0, 500);
+        if (attempt < maxRetries) {
+          const delay = baseDelay * Math.pow(2, attempt - 1);
+          console.warn(
+            `[IsolationManager] ⚠️ npm install failed (attempt ${attempt}/${maxRetries}), retrying in ${delay}ms...`
+          );
+          console.warn(`[IsolationManager] Error: ${errorOutput}`);
+          await new Promise((resolve) => setTimeout(resolve, delay));
+        } else {
+          console.warn(
+            `[IsolationManager] ⚠️ npm install failed after ${maxRetries} attempts (non-fatal): ${errorOutput}`
+          );
+        }
+      } catch (execErr) {
+        if (attempt < maxRetries) {
+          const delay = baseDelay * Math.pow(2, attempt - 1);
+          console.warn(
+            `[IsolationManager] ⚠️ npm install execution error (attempt ${attempt}/${maxRetries}), retrying in ${delay}ms...`
+          );
+          console.warn(`[IsolationManager] Error: ${execErr.message}`);
+          await new Promise((resolve) => setTimeout(resolve, delay));
+        } else {
+          throw execErr;
+        }
+      }
+    }
+  }
+
   /**
    * Execute a command inside the container
    * @param {string} clusterId - Cluster ID
@@ -542,7 +553,9 @@ class IsolationManager {
       const isolatedInfo = this.isolatedDirs.get(clusterId);
 
       if (preserveWorkspace) {
-        console.log(`[IsolationManager] Preserving isolated workspace at ${isolatedInfo.path} for resume`);
+        console.log(
+          `[IsolationManager] Preserving isolated workspace at ${isolatedInfo.path} for resume`
+        );
         // Don't delete - but DON'T remove from Map either, resume() needs it
       } else {
         console.log(`[IsolationManager] Cleaning up isolated dir at ${isolatedInfo.path}`);
@@ -896,7 +909,10 @@ class IsolationManager {
         ],
       },
     };
-    fs.writeFileSync(path.join(configDir, 'settings.json'), JSON.stringify(clusterSettings, null, 2));
+    fs.writeFileSync(
+      path.join(configDir, 'settings.json'),
+      JSON.stringify(clusterSettings, null, 2)
+    );
 
     // Track for cleanup
     this.clusterConfigDirs = this.clusterConfigDirs || new Map();
@@ -990,9 +1006,12 @@ class IsolationManager {
    */
   _isContainerRunning(containerId) {
     try {
-      const result = execSync(`docker inspect -f '{{.State.Running}}' ${escapeShell(containerId)} 2>/dev/null`, {
-        encoding: 'utf8',
-      });
+      const result = execSync(
+        `docker inspect -f '{{.State.Running}}' ${escapeShell(containerId)} 2>/dev/null`,
+        {
+          encoding: 'utf8',
+        }
+      );
       return result.trim() === 'true';
     } catch {
       return false;
@@ -1017,7 +1036,8 @@ class IsolationManager {
    */
   static isDockerAvailable() {
     try {
-      execSync('docker --version', { encoding: 'utf8', stdio: 'pipe' });
+      // Require both CLI binary and a reachable daemon.
+      execSync('docker info', { encoding: 'utf8', stdio: 'pipe' });
       return true;
     } catch {
       return false;
@@ -1146,14 +1166,16 @@ class IsolationManager {
 
   /**
    * Create worktree-based isolation for a cluster (lightweight alternative to Docker)
-   * Creates a git worktree at /tmp/zeroshot-worktrees/{clusterId}
+   * Creates a git worktree at {os.tmpdir()}/zeroshot-worktrees/{clusterId}
    * @param {string} clusterId - Cluster ID
    * @param {string} workDir - Original working directory (must be a git repo)
    * @returns {{ path: string, branch: string, repoRoot: string }}
    */
   createWorktreeIsolation(clusterId, workDir) {
     if (!this._isGitRepo(workDir)) {
-      throw new Error(`Worktree isolation requires a git repository. ${workDir} is not a git repo.`);
+      throw new Error(
+        `Worktree isolation requires a git repository. ${workDir} is not a git repo.`
+      );
     }
 
     const worktreeInfo = this.createWorktree(clusterId, workDir);
@@ -1196,7 +1218,8 @@ class IsolationManager {
     }
 
     // Create branch name from cluster ID (e.g., cluster-cosmic-meteor-87 -> zeroshot/cosmic-meteor-87)
-    const branchName = `zeroshot/${clusterId.replace(/^cluster-/, '')}`;
+    const baseBranchName = `zeroshot/${clusterId.replace(/^cluster-/, '')}`;
+    let branchName = baseBranchName;
 
     // Worktree path in tmp
     const worktreePath = path.join(os.tmpdir(), 'zeroshot-worktrees', clusterId);
@@ -1207,34 +1230,73 @@ class IsolationManager {
       fs.mkdirSync(parentDir, { recursive: true });
     }
 
-    // Remove existing worktree if it exists (cleanup from previous run)
+    // Best-effort cleanup of stale worktree metadata and directory.
+    // IMPORTANT: If a previous run deleted the directory without deregistering the worktree,
+    // git may keep the branch "checked out" and block deletion/reuse.
     try {
-      execSync(`git worktree remove --force "${worktreePath}" 2>/dev/null`, {
+      execSync(`git worktree remove --force ${escapeShell(worktreePath)}`, {
         cwd: repoRoot,
         encoding: 'utf8',
         stdio: 'pipe',
       });
     } catch {
-      // Ignore - worktree doesn't exist
+      // ignore
     }
-
-    // Delete the branch if it exists (from previous run)
     try {
-      execSync(`git branch -D "${branchName}" 2>/dev/null`, {
-        cwd: repoRoot,
-        encoding: 'utf8',
-        stdio: 'pipe',
-      });
+      execSync('git worktree prune', { cwd: repoRoot, encoding: 'utf8', stdio: 'pipe' });
     } catch {
-      // Ignore - branch doesn't exist
+      // ignore
+    }
+    try {
+      fs.rmSync(worktreePath, { recursive: true, force: true });
+    } catch {
+      // ignore
     }
 
-    // Create worktree with new branch based on HEAD
-    execSync(`git worktree add -b "${branchName}" "${worktreePath}" HEAD`, {
-      cwd: repoRoot,
-      encoding: 'utf8',
-      stdio: 'pipe',
-    });
+    // Create worktree with new branch based on HEAD (retry on branch collision/in-use)
+    for (let attempt = 0; attempt < 10; attempt++) {
+      // Best-effort delete if branch exists and is not in use by another worktree.
+      try {
+        execSync(`git branch -D ${escapeShell(branchName)}`, {
+          cwd: repoRoot,
+          encoding: 'utf8',
+          stdio: 'pipe',
+        });
+      } catch {
+        // ignore
+      }
+
+      try {
+        execSync(
+          `git worktree add -b ${escapeShell(branchName)} ${escapeShell(worktreePath)} HEAD`,
+          {
+            cwd: repoRoot,
+            encoding: 'utf8',
+            stdio: 'pipe',
+          }
+        );
+        break;
+      } catch (err) {
+        const stderr = (
+          err && (err.stderr || err.message) ? String(err.stderr || err.message) : ''
+        ).toLowerCase();
+        const isBranchCollision =
+          stderr.includes('already exists') ||
+          stderr.includes('cannot delete branch') ||
+          stderr.includes('checked out');
+
+        if (attempt < 9 && isBranchCollision) {
+          branchName = `${baseBranchName}-${crypto.randomBytes(3).toString('hex')}`;
+          try {
+            execSync('git worktree prune', { cwd: repoRoot, encoding: 'utf8', stdio: 'pipe' });
+          } catch {
+            // ignore
+          }
+          continue;
+        }
+        throw err;
+      }
+    }
 
     return {
       path: worktreePath,
@@ -1250,19 +1312,46 @@ class IsolationManager {
    * @param {boolean} [options.deleteBranch=false] - Also delete the branch
    */
   removeWorktree(worktreeInfo, _options = {}) {
+    // Remove the worktree (prefer git so metadata is cleaned up).
     try {
-      // Remove the worktree
-      execSync(`git worktree remove --force "${worktreeInfo.path}" 2>/dev/null`, {
+      execSync(`git worktree remove --force ${escapeShell(worktreeInfo.path)}`, {
         cwd: worktreeInfo.repoRoot,
         encoding: 'utf8',
         stdio: 'pipe',
       });
     } catch {
-      // Fallback: manually remove directory if worktree command fails
+      // If git worktree metadata is stale, prune and retry once.
       try {
-        fs.rmSync(worktreeInfo.path, { recursive: true, force: true });
+        execSync('git worktree prune', {
+          cwd: worktreeInfo.repoRoot,
+          encoding: 'utf8',
+          stdio: 'pipe',
+        });
+      } catch {
+        // ignore
+      }
+      try {
+        execSync(`git worktree remove --force ${escapeShell(worktreeInfo.path)}`, {
+          cwd: worktreeInfo.repoRoot,
+          encoding: 'utf8',
+          stdio: 'pipe',
+        });
       } catch {
-        // Ignore
+        // Last resort: delete directory, then prune stale worktree entries.
+        try {
+          fs.rmSync(worktreeInfo.path, { recursive: true, force: true });
+        } catch {
+          // ignore
+        }
+        try {
+          execSync('git worktree prune', {
+            cwd: worktreeInfo.repoRoot,
+            encoding: 'utf8',
+            stdio: 'pipe',
+          });
+        } catch {
+          // ignore
+        }
       }
     }
 

package/src/ledger.js

@@ -19,6 +19,7 @@ class Ledger extends EventEmitter {
     this.cache = new Map(); // LRU cache for queries
     this.cacheLimit = 1000;
     this._closed = false; // Track closed state to prevent write-after-close
+    this._lastTimestamp = 0;
     this._initSchema();
   }
 
@@ -52,6 +53,7 @@ class Ledger extends EventEmitter {
     `);
 
     this._prepareStatements();
+    this._loadLastTimestamp();
   }
 
   _prepareStatements() {
@@ -69,6 +71,13 @@ class Ledger extends EventEmitter {
     };
   }
 
+  _loadLastTimestamp() {
+    const row = this.db.prepare('SELECT MAX(timestamp) AS max_timestamp FROM messages').get();
+    if (row && Number.isFinite(row.max_timestamp)) {
+      this._lastTimestamp = row.max_timestamp;
+    }
+  }
+
   /**
    * Append a message to the ledger
    * @param {Object} message - Message object
@@ -83,7 +92,10 @@ class Ledger extends EventEmitter {
     }
 
     const id = message.id || `msg_${crypto.randomBytes(16).toString('hex')}`;
-    const timestamp = message.timestamp || Date.now();
+    const baseTimestamp = Math.max(Date.now(), this._lastTimestamp + 1);
+    const requestedTimestamp = typeof message.timestamp === 'number' ? message.timestamp : null;
+    const timestamp =
+      requestedTimestamp !== null ? Math.max(requestedTimestamp, baseTimestamp) : baseTimestamp;
 
     const record = {
       id,
@@ -113,6 +125,8 @@ class Ledger extends EventEmitter {
       // Invalidate cache
       this.cache.clear();
 
+      this._lastTimestamp = Math.max(this._lastTimestamp, timestamp);
+
       // Emit event for subscriptions
       const fullMessage = this._deserializeMessage(record);
       this.emit('message', fullMessage);
@@ -149,13 +163,13 @@ class Ledger extends EventEmitter {
     // Create transaction function - all inserts happen atomically
     const insertMany = this.db.transaction((msgs) => {
       const results = [];
-      const baseTimestamp = Date.now();
+      const baseTimestamp = Math.max(Date.now(), this._lastTimestamp + 1);
 
       for (let i = 0; i < msgs.length; i++) {
         const message = msgs[i];
         const id = message.id || `msg_${crypto.randomBytes(16).toString('hex')}`;
         // Use incrementing timestamps to preserve order within batch
-        const timestamp = message.timestamp || (baseTimestamp + i);
+        const timestamp = baseTimestamp + i;
 
         const record = {
           id,
@@ -184,16 +198,18 @@ class Ledger extends EventEmitter {
         results.push(this._deserializeMessage(record));
       }
 
-      return results;
+      return { results, baseTimestamp };
     });
 
     try {
       // Execute transaction (atomic - all or nothing)
-      const appendedMessages = insertMany(messages);
+      const { results: appendedMessages, baseTimestamp } = insertMany(messages);
 
       // Invalidate cache
       this.cache.clear();
 
+      this._lastTimestamp = Math.max(this._lastTimestamp, baseTimestamp + messages.length - 1);
+
       // Emit events for subscriptions AFTER transaction commits
       // This ensures listeners see consistent state
       for (const fullMessage of appendedMessages) {
@@ -248,7 +264,13 @@ class Ledger extends EventEmitter {
       params.push(typeof until === 'number' ? until : new Date(until).getTime());
     }
 
-    let sql = `SELECT * FROM messages WHERE ${conditions.join(' AND ')} ORDER BY timestamp ASC`;
+    // Defend against prototype pollution affecting default query ordering.
+    // Only treat `criteria.order` as set if it's an own property.
+    const orderValue = Object.prototype.hasOwnProperty.call(criteria, 'order')
+      ? criteria.order
+      : undefined;
+    const direction = String(orderValue ?? 'asc').toLowerCase() === 'desc' ? 'DESC' : 'ASC';
+    let sql = `SELECT * FROM messages WHERE ${conditions.join(' AND ')} ORDER BY timestamp ${direction}`;
 
     if (limit) {
       sql += ` LIMIT ?`;