@nathapp/nax 0.42.5 → 0.42.7

package/dist/nax.js

@@ -18963,6 +18963,8 @@ class SpawnAcpSession {
   timeoutSeconds;
   permissionMode;
   env;
+  pidRegistry;
+  activeProc = null;
   constructor(opts) {
     this.agentName = opts.agentName;
     this.sessionName = opts.sessionName;
@@ -18971,6 +18973,7 @@ class SpawnAcpSession {
     this.timeoutSeconds = opts.timeoutSeconds;
     this.permissionMode = opts.permissionMode;
     this.env = opts.env;
+    this.pidRegistry = opts.pidRegistry;
   }
   async prompt(text) {
     const cmd = [
@@ -18997,35 +19000,50 @@ class SpawnAcpSession {
       stderr: "pipe",
       env: this.env
     });
-    proc.stdin.write(text);
-    proc.stdin.end();
-    const exitCode = await proc.exited;
-    const stdout = await new Response(proc.stdout).text();
-    const stderr = await new Response(proc.stderr).text();
-    if (exitCode !== 0) {
-      getSafeLogger()?.warn("acp-adapter", `Session prompt exited with code ${exitCode}`, {
-        stderr: stderr.slice(0, 200)
-      });
-      return {
-        messages: [{ role: "assistant", content: stderr || `Exit code ${exitCode}` }],
-        stopReason: "error"
-      };
-    }
+    this.activeProc = proc;
+    const processPid = proc.pid;
+    await this.pidRegistry?.register(processPid);
     try {
-      const parsed = parseAcpxJsonOutput(stdout);
-      return {
-        messages: [{ role: "assistant", content: parsed.text || "" }],
-        stopReason: "end_turn",
-        cumulative_token_usage: parsed.tokenUsage
-      };
-    } catch (err) {
-      getSafeLogger()?.warn("acp-adapter", "Failed to parse session prompt response", {
-        stderr: stderr.slice(0, 200)
-      });
-      throw err;
+      proc.stdin.write(text);
+      proc.stdin.end();
+      const exitCode = await proc.exited;
+      const stdout = await new Response(proc.stdout).text();
+      const stderr = await new Response(proc.stderr).text();
+      if (exitCode !== 0) {
+        getSafeLogger()?.warn("acp-adapter", `Session prompt exited with code ${exitCode}`, {
+          stderr: stderr.slice(0, 200)
+        });
+        return {
+          messages: [{ role: "assistant", content: stderr || `Exit code ${exitCode}` }],
+          stopReason: "error"
+        };
+      }
+      try {
+        const parsed = parseAcpxJsonOutput(stdout);
+        return {
+          messages: [{ role: "assistant", content: parsed.text || "" }],
+          stopReason: "end_turn",
+          cumulative_token_usage: parsed.tokenUsage
+        };
+      } catch (err) {
+        getSafeLogger()?.warn("acp-adapter", "Failed to parse session prompt response", {
+          stderr: stderr.slice(0, 200)
+        });
+        throw err;
+      }
+    } finally {
+      this.activeProc = null;
+      await this.pidRegistry?.unregister(processPid);
     }
   }
   async close() {
+    if (this.activeProc) {
+      try {
+        this.activeProc.kill(15);
+        getSafeLogger()?.debug("acp-adapter", `Killed active prompt process PID ${this.activeProc.pid}`);
+      } catch {}
+      this.activeProc = null;
+    }
     const cmd = ["acpx", this.agentName, "sessions", "close", this.sessionName];
     getSafeLogger()?.debug("acp-adapter", `Closing session: ${this.sessionName}`);
     const proc = _spawnClientDeps.spawn(cmd, { stdout: "pipe", stderr: "pipe" });
@@ -19039,6 +19057,12 @@ class SpawnAcpSession {
     }
   }
   async cancelActivePrompt() {
+    if (this.activeProc) {
+      try {
+        this.activeProc.kill(15);
+        getSafeLogger()?.debug("acp-adapter", `Killed active prompt process PID ${this.activeProc.pid}`);
+      } catch {}
+    }
     const cmd = ["acpx", this.agentName, "cancel"];
     getSafeLogger()?.debug("acp-adapter", `Cancelling active prompt: ${this.sessionName}`);
     const proc = _spawnClientDeps.spawn(cmd, { stdout: "pipe", stderr: "pipe" });
@@ -19051,8 +19075,10 @@ class SpawnAcpClient {
   model;
   cwd;
   timeoutSeconds;
+  permissionMode;
   env;
-  constructor(cmdStr, cwd, timeoutSeconds) {
+  pidRegistry;
+  constructor(cmdStr, cwd, timeoutSeconds, pidRegistry) {
     const parts = cmdStr.split(/\s+/);
     const modelIdx = parts.indexOf("--model");
     this.model = modelIdx >= 0 && parts[modelIdx + 1] ? parts[modelIdx + 1] : "default";
@@ -19063,7 +19089,9 @@ class SpawnAcpClient {
     this.agentName = lastToken;
     this.cwd = cwd || process.cwd();
     this.timeoutSeconds = timeoutSeconds || 1800;
+    this.permissionMode = "approve-reads";
     this.env = buildAllowedEnv2();
+    this.pidRegistry = pidRegistry;
   }
   async start() {}
   async createSession(opts) {
@@ -19083,7 +19111,8 @@ class SpawnAcpClient {
       model: this.model,
       timeoutSeconds: this.timeoutSeconds,
       permissionMode: opts.permissionMode,
-      env: this.env
+      env: this.env,
+      pidRegistry: this.pidRegistry
     });
   }
   async loadSession(sessionName, agentName) {
@@ -19099,14 +19128,15 @@ class SpawnAcpClient {
       cwd: this.cwd,
       model: this.model,
       timeoutSeconds: this.timeoutSeconds,
-      permissionMode: "approve-all",
-      env: this.env
+      permissionMode: this.permissionMode,
+      env: this.env,
+      pidRegistry: this.pidRegistry
     });
   }
   async close() {}
 }
-function createSpawnAcpClient(cmdStr, cwd, timeoutSeconds) {
-  return new SpawnAcpClient(cmdStr, cwd, timeoutSeconds);
+function createSpawnAcpClient(cmdStr, cwd, timeoutSeconds, pidRegistry) {
+  return new SpawnAcpClient(cmdStr, cwd, timeoutSeconds, pidRegistry);
 }
 var _spawnClientDeps;
 var init_spawn_client = __esm(() => {
@@ -19367,7 +19397,7 @@ class AcpAgentAdapter {
   }
   async _runWithClient(options, startTime) {
     const cmdStr = `acpx --model ${options.modelDef.model} ${this.name}`;
-    const client = _acpAdapterDeps.createClient(cmdStr, options.workdir, options.timeoutSeconds);
+    const client = _acpAdapterDeps.createClient(cmdStr, options.workdir, options.timeoutSeconds, options.pidRegistry);
     await client.start();
     let sessionName = options.acpSessionName;
     if (!sessionName && options.featureName && options.storyId) {
@@ -19539,7 +19569,8 @@ class AcpAgentAdapter {
       maxInteractionTurns: options.maxInteractionTurns,
       featureName: options.featureName,
       storyId: options.storyId,
-      sessionRole: options.sessionRole
+      sessionRole: options.sessionRole,
+      pidRegistry: options.pidRegistry
     });
     if (!result.success) {
       throw new Error(`[acp-adapter] plan() failed: ${result.output}`);
@@ -19609,8 +19640,8 @@ var init_adapter = __esm(() => {
     async sleep(ms) {
       await Bun.sleep(ms);
     },
-    createClient(cmdStr, cwd, timeoutSeconds) {
-      return createSpawnAcpClient(cmdStr, cwd, timeoutSeconds);
+    createClient(cmdStr, cwd, timeoutSeconds, pidRegistry) {
+      return createSpawnAcpClient(cmdStr, cwd, timeoutSeconds, pidRegistry);
     }
   };
 });
@@ -20171,14 +20202,27 @@ var init_chain = __esm(() => {
 });
 
 // src/utils/path-security.ts
-import { isAbsolute, join as join5, normalize, resolve } from "path";
+import { realpathSync } from "fs";
+import { dirname, isAbsolute, join as join5, normalize, resolve } from "path";
+function safeRealpath(p) {
+  try {
+    return realpathSync(p);
+  } catch {
+    try {
+      const parent = realpathSync(dirname(p));
+      return join5(parent, p.split("/").pop() ?? "");
+    } catch {
+      return p;
+    }
+  }
+}
 function validateModulePath(modulePath, allowedRoots) {
   if (!modulePath) {
     return { valid: false, error: "Module path is empty" };
   }
-  const normalizedRoots = allowedRoots.map((r) => resolve(r));
+  const normalizedRoots = allowedRoots.map((r) => safeRealpath(resolve(r)));
   if (isAbsolute(modulePath)) {
-    const absoluteTarget = normalize(modulePath);
+    const absoluteTarget = safeRealpath(normalize(modulePath));
     const isWithin = normalizedRoots.some((root) => {
       return absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root;
     });
@@ -20187,7 +20231,7 @@ function validateModulePath(modulePath, allowedRoots) {
     }
   } else {
     for (const root of normalizedRoots) {
-      const absoluteTarget = resolve(join5(root, modulePath));
+      const absoluteTarget = safeRealpath(resolve(join5(root, modulePath)));
       if (absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root) {
         return { valid: true, absolutePath: absoluteTarget };
       }
@@ -20467,7 +20511,7 @@ function isPlainObject2(value) {
 }
 
 // src/config/path-security.ts
-import { existsSync as existsSync4, lstatSync, realpathSync } from "fs";
+import { existsSync as existsSync4, lstatSync, realpathSync as realpathSync2 } from "fs";
 import { isAbsolute as isAbsolute2, normalize as normalize2, resolve as resolve3 } from "path";
 function validateDirectory(dirPath, baseDir) {
   const resolved = resolve3(dirPath);
@@ -20476,7 +20520,7 @@ function validateDirectory(dirPath, baseDir) {
   }
   let realPath;
   try {
-    realPath = realpathSync(resolved);
+    realPath = realpathSync2(resolved);
   } catch (error48) {
     throw new Error(`Failed to resolve path: ${dirPath} (${error48.message})`);
   }
@@ -20490,7 +20534,7 @@ function validateDirectory(dirPath, baseDir) {
   }
   if (baseDir) {
     const resolvedBase = resolve3(baseDir);
-    const realBase = existsSync4(resolvedBase) ? realpathSync(resolvedBase) : resolvedBase;
+    const realBase = existsSync4(resolvedBase) ? realpathSync2(resolvedBase) : resolvedBase;
     if (!isWithinDirectory(realPath, realBase)) {
       throw new Error(`Path is outside allowed directory: ${dirPath} (resolved to ${realPath}, base: ${realBase})`);
     }
@@ -20514,19 +20558,19 @@ function validateFilePath(filePath, baseDir) {
     if (!existsSync4(resolved)) {
       const parent = resolve3(resolved, "..");
       if (existsSync4(parent)) {
-        const realParent = realpathSync(parent);
+        const realParent = realpathSync2(parent);
         realPath = resolve3(realParent, filePath.split("/").pop() || "");
       } else {
         realPath = resolved;
       }
     } else {
-      realPath = realpathSync(resolved);
+      realPath = realpathSync2(resolved);
     }
   } catch (error48) {
     throw new Error(`Failed to resolve path: ${filePath} (${error48.message})`);
   }
   const resolvedBase = resolve3(baseDir);
-  const realBase = existsSync4(resolvedBase) ? realpathSync(resolvedBase) : resolvedBase;
+  const realBase = existsSync4(resolvedBase) ? realpathSync2(resolvedBase) : resolvedBase;
   if (!isWithinDirectory(realPath, realBase)) {
     throw new Error(`Path is outside allowed directory: ${filePath} (resolved to ${realPath}, base: ${realBase})`);
   }
@@ -21870,7 +21914,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@nathapp/nax",
-    version: "0.42.5",
+    version: "0.42.7",
     description: "AI Coding Agent Orchestrator \u2014 loops until done",
     type: "module",
     bin: {
@@ -21943,8 +21987,8 @@ var init_version = __esm(() => {
   NAX_VERSION = package_default.version;
   NAX_COMMIT = (() => {
     try {
-      if (/^[0-9a-f]{6,10}$/.test("7b603fa"))
-        return "7b603fa";
+      if (/^[0-9a-f]{6,10}$/.test("e8a2a25"))
+        return "e8a2a25";
     } catch {}
     try {
       const result = Bun.spawnSync(["git", "rev-parse", "--short", "HEAD"], {
@@ -24423,7 +24467,7 @@ var init_constitution = __esm(() => {
 });
 
 // src/pipeline/stages/constitution.ts
-import { dirname } from "path";
+import { dirname as dirname2 } from "path";
 var constitutionStage;
 var init_constitution2 = __esm(() => {
   init_constitution();
@@ -24433,7 +24477,7 @@ var init_constitution2 = __esm(() => {
     enabled: (ctx) => ctx.config.constitution.enabled,
     async execute(ctx) {
       const logger = getLogger();
-      const ngentDir = ctx.featureDir ? dirname(dirname(ctx.featureDir)) : `${ctx.workdir}/nax`;
+      const ngentDir = ctx.featureDir ? dirname2(dirname2(ctx.featureDir)) : `${ctx.workdir}/nax`;
       const result = await loadConstitution(ngentDir, ctx.config.constitution);
       if (result) {
         ctx.constitution = result;
@@ -25230,6 +25274,7 @@ var init_story_context = __esm(() => {
 });
 
 // src/execution/lock.ts
+import { unlink } from "fs/promises";
 import path8 from "path";
 function getSafeLogger3() {
   try {
@@ -25263,7 +25308,7 @@ async function acquireLock(workdir) {
         });
         const fs2 = await import("fs/promises");
         await fs2.unlink(lockPath).catch(() => {});
-        lockData2 = undefined;
+        lockData2 = null;
       }
       if (lockData2) {
         const lockPid = lockData2.pid;
@@ -25301,18 +25346,14 @@ async function acquireLock(workdir) {
 async function releaseLock(workdir) {
   const lockPath = path8.join(workdir, "nax.lock");
   try {
-    const file2 = Bun.file(lockPath);
-    const exists = await file2.exists();
-    if (exists) {
-      const proc = Bun.spawn(["rm", lockPath], { stdout: "pipe" });
-      await proc.exited;
-      await Bun.sleep(10);
-    }
+    await unlink(lockPath);
   } catch (error48) {
-    const logger = getSafeLogger3();
-    logger?.warn("execution", "Failed to release lock", {
-      error: error48.message
-    });
+    if (error48.code !== "ENOENT") {
+      const logger = getSafeLogger3();
+      logger?.warn("execution", "Failed to release lock", {
+        error: error48.message
+      });
+    }
   }
 }
 var init_lock = __esm(() => {
@@ -25655,17 +25696,17 @@ async function autoCommitIfDirty(workdir, stage, role, storyId) {
     });
     const gitRoot = (await new Response(topLevelProc.stdout).text()).trim();
     await topLevelProc.exited;
-    const { realpathSync: realpathSync3 } = await import("fs");
+    const { realpathSync: realpathSync4 } = await import("fs");
     const realWorkdir = (() => {
       try {
-        return realpathSync3(workdir);
+        return realpathSync4(workdir);
       } catch {
         return workdir;
       }
     })();
     const realGitRoot = (() => {
       try {
-        return realpathSync3(gitRoot);
+        return realpathSync4(gitRoot);
       } catch {
         return gitRoot;
       }
@@ -26957,7 +26998,7 @@ var init_session_runner = __esm(() => {
 });
 
 // src/tdd/verdict-reader.ts
-import { unlink } from "fs/promises";
+import { unlink as unlink2 } from "fs/promises";
 import path9 from "path";
 function isValidVerdict(obj) {
   if (!obj || typeof obj !== "object")
@@ -27157,7 +27198,7 @@ async function readVerdict(workdir) {
 async function cleanupVerdict(workdir) {
   const verdictPath = path9.join(workdir, VERDICT_FILE);
   try {
-    await unlink(verdictPath);
+    await unlink2(verdictPath);
   } catch {}
 }
 var VERDICT_FILE = ".nax-verifier-verdict.json";
@@ -30883,14 +30924,15 @@ function installSignalHandlers(ctx) {
   process.on("SIGINT", sigintHandler);
   process.on("SIGHUP", sighupHandler);
   process.on("uncaughtException", uncaughtExceptionHandler);
-  process.on("unhandledRejection", (reason) => unhandledRejectionHandler(reason));
+  const rejectionWrapper = (reason) => unhandledRejectionHandler(reason);
+  process.on("unhandledRejection", rejectionWrapper);
   logger?.debug("crash-recovery", "Signal handlers installed");
   return () => {
     process.removeListener("SIGTERM", sigtermHandler);
     process.removeListener("SIGINT", sigintHandler);
     process.removeListener("SIGHUP", sighupHandler);
     process.removeListener("uncaughtException", uncaughtExceptionHandler);
-    process.removeListener("unhandledRejection", (reason) => unhandledRejectionHandler(reason));
+    process.removeListener("unhandledRejection", rejectionWrapper);
     logger?.debug("crash-recovery", "Signal handlers unregistered");
   };
 }
@@ -33666,7 +33708,7 @@ var init_sequential_executor = __esm(() => {
 });
 
 // src/execution/status-file.ts
-import { rename, unlink as unlink2 } from "fs/promises";
+import { rename, unlink as unlink3 } from "fs/promises";
 import { resolve as resolve8 } from "path";
 function countProgress(prd) {
   const stories = prd.userStories;
@@ -33715,7 +33757,7 @@ async function writeStatusFile(filePath, status) {
   }
   const tmpPath = `${resolvedPath}.tmp`;
   try {
-    await unlink2(tmpPath);
+    await unlink3(tmpPath);
   } catch {}
   await Bun.write(tmpPath, JSON.stringify(status, null, 2));
   await rename(tmpPath, resolvedPath);
@@ -65602,6 +65644,7 @@ init_registry();
 import { existsSync as existsSync9 } from "fs";
 import { join as join10 } from "path";
 import { createInterface } from "readline";
+init_pid_registry();
 init_logger2();
 
 // src/prd/schema.ts
@@ -65805,6 +65848,7 @@ async function planCommand(workdir, config2, options) {
     if (!adapter)
       throw new Error(`[plan] No agent adapter found for '${agentName}'`);
     const interactionBridge = createCliInteractionBridge();
+    const pidRegistry = new PidRegistry(workdir);
     logger?.info("plan", "Starting interactive planning session...", { agent: agentName });
     try {
       await adapter.plan({
@@ -65817,9 +65861,11 @@ async function planCommand(workdir, config2, options) {
         modelTier: config2?.plan?.model ?? "balanced",
         dangerouslySkipPermissions: config2?.execution?.dangerouslySkipPermissions ?? false,
         maxInteractionTurns: config2?.agent?.maxInteractionTurns,
-        featureName: options.feature
+        featureName: options.feature,
+        pidRegistry
       });
     } finally {
+      await pidRegistry.killAll().catch(() => {});
       logger?.info("plan", "Interactive session ended");
     }
     if (!_deps2.existsSync(outputPath)) {
@@ -66107,7 +66153,7 @@ import { join as join13 } from "path";
 // src/commands/common.ts
 init_path_security2();
 init_errors3();
-import { existsSync as existsSync10, readdirSync as readdirSync2, realpathSync as realpathSync2 } from "fs";
+import { existsSync as existsSync10, readdirSync as readdirSync2, realpathSync as realpathSync3 } from "fs";
 import { join as join11, resolve as resolve6 } from "path";
 function resolveProject(options = {}) {
   const { dir, feature } = options;
@@ -66115,7 +66161,7 @@ function resolveProject(options = {}) {
   let naxDir;
   let configPath;
   if (dir) {
-    projectRoot = realpathSync2(resolve6(dir));
+    projectRoot = realpathSync3(resolve6(dir));
     naxDir = join11(projectRoot, "nax");
     if (!existsSync10(naxDir)) {
       throw new NaxError(`Directory does not contain a nax project: ${projectRoot}
@@ -66174,7 +66220,7 @@ function findProjectRoot(startDir) {
     const naxDir = join11(current, "nax");
     const configPath = join11(naxDir, "config.json");
     if (existsSync10(configPath)) {
-      return realpathSync2(current);
+      return realpathSync3(current);
     }
     const parent = join11(current, "..");
     if (parent === current) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nathapp/nax",
-  "version": "0.42.5",
+  "version": "0.42.7",
   "description": "AI Coding Agent Orchestrator — loops until done",
   "type": "module",
   "bin": {

package/src/agents/acp/adapter.ts

@@ -114,8 +114,13 @@ export const _acpAdapterDeps = {
    * Default: spawn-based client (shells out to acpx CLI).
    * Override in tests via: _acpAdapterDeps.createClient = mock(...)
    */
-  createClient(cmdStr: string, cwd?: string, timeoutSeconds?: number): AcpClient {
-    return createSpawnAcpClient(cmdStr, cwd, timeoutSeconds);
+  createClient(
+    cmdStr: string,
+    cwd?: string,
+    timeoutSeconds?: number,
+    pidRegistry?: import("../../execution/pid-registry").PidRegistry,
+  ): AcpClient {
+    return createSpawnAcpClient(cmdStr, cwd, timeoutSeconds, pidRegistry);
   },
 };
 
@@ -436,7 +441,7 @@ export class AcpAgentAdapter implements AgentAdapter {
 
   private async _runWithClient(options: AgentRunOptions, startTime: number): Promise<AgentResult> {
     const cmdStr = `acpx --model ${options.modelDef.model} ${this.name}`;
-    const client = _acpAdapterDeps.createClient(cmdStr, options.workdir, options.timeoutSeconds);
+    const client = _acpAdapterDeps.createClient(cmdStr, options.workdir, options.timeoutSeconds, options.pidRegistry);
     await client.start();
 
     // 1. Resolve session name: explicit > sidecar > derived
@@ -673,6 +678,7 @@ export class AcpAgentAdapter implements AgentAdapter {
       featureName: options.featureName,
       storyId: options.storyId,
       sessionRole: options.sessionRole,
+      pidRegistry: options.pidRegistry,
     });
 
     if (!result.success) {

package/src/agents/acp/spawn-client.ts

@@ -12,6 +12,7 @@
  *   acpx <agent> cancel                             → session.cancelActivePrompt()
  */
 
+import type { PidRegistry } from "../../execution/pid-registry";
 import { getSafeLogger } from "../../logger";
 import type { AcpClient, AcpSession, AcpSessionResponse } from "./adapter";
 import { parseAcpxJsonOutput } from "./parser";
@@ -96,6 +97,8 @@ class SpawnAcpSession implements AcpSession {
   private readonly timeoutSeconds: number;
   private readonly permissionMode: string;
   private readonly env: Record<string, string | undefined>;
+  private readonly pidRegistry?: PidRegistry;
+  private activeProc: { pid: number; kill(signal?: number): void } | null = null;
 
   constructor(opts: {
     agentName: string;
@@ -105,6 +108,7 @@ class SpawnAcpSession implements AcpSession {
     timeoutSeconds: number;
     permissionMode: string;
     env: Record<string, string | undefined>;
+    pidRegistry?: PidRegistry;
   }) {
     this.agentName = opts.agentName;
     this.sessionName = opts.sessionName;
@@ -113,6 +117,7 @@ class SpawnAcpSession implements AcpSession {
     this.timeoutSeconds = opts.timeoutSeconds;
     this.permissionMode = opts.permissionMode;
     this.env = opts.env;
+    this.pidRegistry = opts.pidRegistry;
   }
 
   async prompt(text: string): Promise<AcpSessionResponse> {
@@ -143,40 +148,60 @@ class SpawnAcpSession implements AcpSession {
       env: this.env,
     });
 
-    proc.stdin.write(text);
-    proc.stdin.end();
+    this.activeProc = proc;
+    const processPid = proc.pid;
+    await this.pidRegistry?.register(processPid);
 
-    const exitCode = await proc.exited;
-    const stdout = await new Response(proc.stdout).text();
-    const stderr = await new Response(proc.stderr).text();
+    try {
+      proc.stdin.write(text);
+      proc.stdin.end();
 
-    if (exitCode !== 0) {
-      getSafeLogger()?.warn("acp-adapter", `Session prompt exited with code ${exitCode}`, {
-        stderr: stderr.slice(0, 200),
-      });
-      // Return error response so the adapter can handle it
-      return {
-        messages: [{ role: "assistant", content: stderr || `Exit code ${exitCode}` }],
-        stopReason: "error",
-      };
-    }
+      const exitCode = await proc.exited;
+      const stdout = await new Response(proc.stdout).text();
+      const stderr = await new Response(proc.stderr).text();
 
-    try {
-      const parsed = parseAcpxJsonOutput(stdout);
-      return {
-        messages: [{ role: "assistant", content: parsed.text || "" }],
-        stopReason: "end_turn",
-        cumulative_token_usage: parsed.tokenUsage,
-      };
-    } catch (err) {
-      getSafeLogger()?.warn("acp-adapter", "Failed to parse session prompt response", {
-        stderr: stderr.slice(0, 200),
-      });
-      throw err;
+      if (exitCode !== 0) {
+        getSafeLogger()?.warn("acp-adapter", `Session prompt exited with code ${exitCode}`, {
+          stderr: stderr.slice(0, 200),
+        });
+        // Return error response so the adapter can handle it
+        return {
+          messages: [{ role: "assistant", content: stderr || `Exit code ${exitCode}` }],
+          stopReason: "error",
+        };
+      }
+
+      try {
+        const parsed = parseAcpxJsonOutput(stdout);
+        return {
+          messages: [{ role: "assistant", content: parsed.text || "" }],
+          stopReason: "end_turn",
+          cumulative_token_usage: parsed.tokenUsage,
+        };
+      } catch (err) {
+        getSafeLogger()?.warn("acp-adapter", "Failed to parse session prompt response", {
+          stderr: stderr.slice(0, 200),
+        });
+        throw err;
+      }
+    } finally {
+      this.activeProc = null;
+      await this.pidRegistry?.unregister(processPid);
     }
   }
 
   async close(): Promise<void> {
+    // Kill in-flight prompt process first (if any)
+    if (this.activeProc) {
+      try {
+        this.activeProc.kill(15); // SIGTERM
+        getSafeLogger()?.debug("acp-adapter", `Killed active prompt process PID ${this.activeProc.pid}`);
+      } catch {
+        // Process may have already exited
+      }
+      this.activeProc = null;
+    }
+
     const cmd = ["acpx", this.agentName, "sessions", "close", this.sessionName];
     getSafeLogger()?.debug("acp-adapter", `Closing session: ${this.sessionName}`);
 
@@ -193,6 +218,16 @@ class SpawnAcpSession implements AcpSession {
   }
 
   async cancelActivePrompt(): Promise<void> {
+    // Kill in-flight prompt process directly (faster than acpx cancel)
+    if (this.activeProc) {
+      try {
+        this.activeProc.kill(15); // SIGTERM
+        getSafeLogger()?.debug("acp-adapter", `Killed active prompt process PID ${this.activeProc.pid}`);
+      } catch {
+        // Process may have already exited
+      }
+    }
+
     const cmd = ["acpx", this.agentName, "cancel"];
     getSafeLogger()?.debug("acp-adapter", `Cancelling active prompt: ${this.sessionName}`);
 
@@ -219,9 +254,11 @@ export class SpawnAcpClient implements AcpClient {
   private readonly model: string;
   private readonly cwd: string;
   private readonly timeoutSeconds: number;
+  private readonly permissionMode: string;
   private readonly env: Record<string, string | undefined>;
+  private readonly pidRegistry?: PidRegistry;
 
-  constructor(cmdStr: string, cwd?: string, timeoutSeconds?: number) {
+  constructor(cmdStr: string, cwd?: string, timeoutSeconds?: number, pidRegistry?: PidRegistry) {
     // Parse: "acpx --model <model> <agentName>"
     const parts = cmdStr.split(/\s+/);
     const modelIdx = parts.indexOf("--model");
@@ -234,7 +271,9 @@ export class SpawnAcpClient implements AcpClient {
     this.agentName = lastToken;
     this.cwd = cwd || process.cwd();
     this.timeoutSeconds = timeoutSeconds || 1800;
+    this.permissionMode = "approve-reads";
     this.env = buildAllowedEnv();
+    this.pidRegistry = pidRegistry;
   }
 
   async start(): Promise<void> {
@@ -268,6 +307,7 @@ export class SpawnAcpClient implements AcpClient {
       timeoutSeconds: this.timeoutSeconds,
       permissionMode: opts.permissionMode,
       env: this.env,
+      pidRegistry: this.pidRegistry,
     });
   }
 
@@ -288,8 +328,9 @@ export class SpawnAcpClient implements AcpClient {
       cwd: this.cwd,
       model: this.model,
       timeoutSeconds: this.timeoutSeconds,
-      permissionMode: "approve-all", // Default for resumed sessions
+      permissionMode: this.permissionMode,
       env: this.env,
+      pidRegistry: this.pidRegistry,
     });
   }
 
@@ -306,6 +347,11 @@ export class SpawnAcpClient implements AcpClient {
  * Create a spawn-based ACP client. This is the default production factory.
  * The cmdStr format is: "acpx --model <model> <agentName>"
  */
-export function createSpawnAcpClient(cmdStr: string, cwd?: string, timeoutSeconds?: number): AcpClient {
-  return new SpawnAcpClient(cmdStr, cwd, timeoutSeconds);
+export function createSpawnAcpClient(
+  cmdStr: string,
+  cwd?: string,
+  timeoutSeconds?: number,
+  pidRegistry?: PidRegistry,
+): AcpClient {
+  return new SpawnAcpClient(cmdStr, cwd, timeoutSeconds, pidRegistry);
 }

package/src/agents/types-extended.ts

@@ -55,6 +55,8 @@ export interface PlanOptions {
    * Used to persist the name to status.json for plan→run session continuity.
    */
   onAcpSessionCreated?: (sessionName: string) => Promise<void> | void;
+  /** PID registry for tracking spawned agent processes — cleanup on crash/SIGTERM */
+  pidRegistry?: import("../execution/pid-registry").PidRegistry;
 }
 
 /**

package/src/cli/plan.ts

@@ -15,6 +15,7 @@ import type { AgentAdapter } from "../agents/types";
 import { scanCodebase } from "../analyze/scanner";
 import type { CodebaseScan } from "../analyze/types";
 import type { NaxConfig } from "../config";
+import { PidRegistry } from "../execution/pid-registry";
 import { getLogger } from "../logger";
 import { validatePlanOutput } from "../prd/schema";
 
@@ -123,6 +124,7 @@ export async function planCommand(workdir: string, config: NaxConfig, options: P
     const adapter = _deps.getAgent(agentName, config);
     if (!adapter) throw new Error(`[plan] No agent adapter found for '${agentName}'`);
     const interactionBridge = createCliInteractionBridge();
+    const pidRegistry = new PidRegistry(workdir);
     logger?.info("plan", "Starting interactive planning session...", { agent: agentName });
     try {
       await adapter.plan({
@@ -136,8 +138,10 @@ export async function planCommand(workdir: string, config: NaxConfig, options: P
         dangerouslySkipPermissions: config?.execution?.dangerouslySkipPermissions ?? false,
         maxInteractionTurns: config?.agent?.maxInteractionTurns,
         featureName: options.feature,
+        pidRegistry,
       });
     } finally {
+      await pidRegistry.killAll().catch(() => {});
       logger?.info("plan", "Interactive session ended");
     }
     // Read back from file written by agent

package/src/execution/crash-signals.ts

@@ -134,7 +134,8 @@ export function installSignalHandlers(ctx: SignalHandlerContext): () => void {
   process.on("SIGINT", sigintHandler);
   process.on("SIGHUP", sighupHandler);
   process.on("uncaughtException", uncaughtExceptionHandler);
-  process.on("unhandledRejection", (reason) => unhandledRejectionHandler(reason));
+  const rejectionWrapper = (reason: unknown) => unhandledRejectionHandler(reason);
+  process.on("unhandledRejection", rejectionWrapper);
 
   logger?.debug("crash-recovery", "Signal handlers installed");
 
@@ -143,7 +144,7 @@ export function installSignalHandlers(ctx: SignalHandlerContext): () => void {
     process.removeListener("SIGINT", sigintHandler);
     process.removeListener("SIGHUP", sighupHandler);
     process.removeListener("uncaughtException", uncaughtExceptionHandler);
-    process.removeListener("unhandledRejection", (reason) => unhandledRejectionHandler(reason));
+    process.removeListener("unhandledRejection", rejectionWrapper);
     logger?.debug("crash-recovery", "Signal handlers unregistered");
   };
 }

package/src/execution/lock.ts

@@ -5,6 +5,7 @@
  * Prevents concurrent runs in the same directory.
  */
 
+import { unlink } from "node:fs/promises";
 import path from "node:path";
 import { getLogger } from "../logger";
 
@@ -49,7 +50,7 @@ export async function acquireLock(workdir: string): Promise<boolean> {
     if (exists) {
       // Read lock data
       const lockContent = await lockFile.text();
-      let lockData: { pid: number };
+      let lockData: { pid: number } | null;
       try {
         lockData = JSON.parse(lockContent);
       } catch {
@@ -61,7 +62,7 @@ export async function acquireLock(workdir: string): Promise<boolean> {
         const fs = await import("node:fs/promises");
         await fs.unlink(lockPath).catch(() => {});
         // Fall through to create a new lock
-        lockData = undefined as unknown as { pid: number };
+        lockData = null;
       }
 
       if (lockData) {
@@ -88,6 +89,7 @@ export async function acquireLock(workdir: string): Promise<boolean> {
       pid: process.pid,
       timestamp: Date.now(),
     };
+    // NOTE: Node.js fs used intentionally — Bun.file()/Bun.write() lacks O_CREAT|O_EXCL atomic exclusive create
     const fs = await import("node:fs");
     const fd = fs.openSync(lockPath, fs.constants.O_CREAT | fs.constants.O_EXCL | fs.constants.O_WRONLY, 0o644);
     fs.writeSync(fd, JSON.stringify(lockData));
@@ -114,18 +116,14 @@ export async function acquireLock(workdir: string): Promise<boolean> {
 export async function releaseLock(workdir: string): Promise<void> {
   const lockPath = path.join(workdir, "nax.lock");
   try {
-    const file = Bun.file(lockPath);
-    const exists = await file.exists();
-    if (exists) {
-      const proc = Bun.spawn(["rm", lockPath], { stdout: "pipe" });
-      await proc.exited;
-      // Wait a bit for filesystem to sync (prevents race in tests)
-      await Bun.sleep(10);
-    }
+    await unlink(lockPath);
   } catch (error) {
-    const logger = getSafeLogger();
-    logger?.warn("execution", "Failed to release lock", {
-      error: (error as Error).message,
-    });
+    // Ignore ENOENT (already gone), log others
+    if ((error as NodeJS.ErrnoException).code !== "ENOENT") {
+      const logger = getSafeLogger();
+      logger?.warn("execution", "Failed to release lock", {
+        error: (error as Error).message,
+      });
+    }
   }
 }

package/src/utils/path-security.ts

@@ -2,7 +2,8 @@
  * Path security utilities for nax (SEC-1, SEC-2).
  */
 
-import { isAbsolute, join, normalize, resolve } from "node:path";
+import { realpathSync } from "node:fs";
+import { dirname, isAbsolute, join, normalize, resolve } from "node:path";
 
 /**
  * Result of a path validation.
@@ -23,16 +24,32 @@ export interface PathValidationResult {
  * @param allowedRoots - Array of absolute paths that are allowed as roots
  * @returns Validation result
  */
+/** Resolve symlinks for a path that may not exist yet (fall back to parent dir). */
+function safeRealpath(p: string): string {
+  try {
+    return realpathSync(p);
+  } catch {
+    // Path doesn't exist — resolve the parent directory instead
+    try {
+      const parent = realpathSync(dirname(p));
+      return join(parent, p.split("/").pop() ?? "");
+    } catch {
+      return p;
+    }
+  }
+}
+
 export function validateModulePath(modulePath: string, allowedRoots: string[]): PathValidationResult {
   if (!modulePath) {
     return { valid: false, error: "Module path is empty" };
   }
 
-  const normalizedRoots = allowedRoots.map((r) => resolve(r));
+  // Resolve symlinks in each root
+  const normalizedRoots = allowedRoots.map((r) => safeRealpath(resolve(r)));
 
   // If absolute, just check against roots
   if (isAbsolute(modulePath)) {
-    const absoluteTarget = normalize(modulePath);
+    const absoluteTarget = safeRealpath(normalize(modulePath));
     const isWithin = normalizedRoots.some((root) => {
       return absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root;
     });
@@ -42,7 +59,7 @@ export function validateModulePath(modulePath: string, allowedRoots: string[]):
   } else {
     // If relative, check if it's within any root when resolved relative to that root
     for (const root of normalizedRoots) {
-      const absoluteTarget = resolve(join(root, modulePath));
+      const absoluteTarget = safeRealpath(resolve(join(root, modulePath)));
       if (absoluteTarget.startsWith(`${root}/`) || absoluteTarget === root) {
         return { valid: true, absolutePath: absoluteTarget };
       }