@shawnstack/quickforge 1.3.23 → 1.3.25

package/server/message-converters.mjs

@@ -0,0 +1,79 @@
+/**
+ * LLM message format converters.
+ *
+ * Pure functions that transform AgentMessage[] to LLM-compatible Message[]
+ * and extract text content from messages. No module-level state.
+ */
+
+/**
+ * Strip the `details` property from a message object.
+ * Returns a shallow copy so the original message is not mutated.
+ */
+export function omitDetailsForLlm(message) {
+  if (!message || typeof message !== 'object' || message.details === undefined) return message
+  const copy = { ...message }
+  delete copy.details
+  return copy
+}
+
+/**
+ * Convert AgentMessage[] to LLM-compatible Message[].
+ * Handles "user-with-attachments" → "user" with multi-modal content blocks.
+ * Without this the default pi-agent-core convertToLlm silently drops
+ * user-with-attachments messages, so the LLM never sees attachments.
+ */
+export function serverConvertToLlm(messages) {
+  return messages
+    .filter(m => m.role !== 'artifact')
+    .map(m => {
+      if (m.role === 'user-with-attachments') {
+        const textContent = typeof m.content === 'string'
+          ? [{ type: 'text', text: m.content }]
+          : [...m.content]
+        if (Array.isArray(m.attachments)) {
+          for (const att of m.attachments) {
+            if (att.type === 'image' && att.content) {
+              textContent.push({ type: 'image', data: att.content, mimeType: att.mimeType })
+            } else if (att.type === 'document' && att.extractedText) {
+              textContent.push({ type: 'text', text: `\n\n[Document: ${att.fileName}]\n${att.extractedText}` })
+            }
+          }
+        }
+        return omitDetailsForLlm({ ...m, role: 'user', content: textContent })
+      }
+      if (m.role === 'user' || m.role === 'assistant' || m.role === 'toolResult') return omitDetailsForLlm(m)
+      return null
+    })
+    .filter(Boolean)
+}
+
+/**
+ * Extract plain text content from a message object.
+ * Handles string content and ContentBlock[] arrays.
+ */
+export function messageText(message) {
+  const content = message?.content
+  if (typeof content === 'string') return content
+  if (Array.isArray(content)) {
+    return content
+      .filter((block) => block?.type === 'text')
+      .map((block) => block.text ?? '')
+      .join('\n')
+      .trim()
+  }
+  return ''
+}
+
+/**
+ * Find the last assistant message with non-empty text content.
+ * Returns the text string, or '' if no assistant text is found.
+ */
+export function lastAssistantText(messages) {
+  for (let index = messages.length - 1; index >= 0; index--) {
+    const message = messages[index]
+    if (message?.role !== 'assistant') continue
+    const text = messageText(message)
+    if (text) return text
+  }
+  return ''
+}

package/server/project-config.mjs

@@ -39,7 +39,6 @@ export async function readProjectConfig() {
 }
 
 const TERMINAL_SHELL_PROFILE_CANDIDATES = [
-  { id: 'auto', name: 'Auto', command: 'auto', platforms: ['win32', 'darwin', 'linux', 'freebsd', 'openbsd'] },
   { id: 'cmd', name: 'Command Prompt', command: 'cmd.exe', platforms: ['win32'] },
   { id: 'powershell', name: 'Windows PowerShell', command: 'powershell.exe', platforms: ['win32'] },
   { id: 'pwsh', name: 'PowerShell 7+', command: 'pwsh.exe', platforms: ['win32', 'darwin', 'linux', 'freebsd', 'openbsd'] },
@@ -56,7 +55,7 @@ function isWindows() {
 }
 
 function commandExists(command) {
-  if (!command || command === 'auto') return true
+  if (!command) return true
   if (command.includes('/') || command.includes('\\')) return existsSync(command)
   const probe = isWindows() ? 'where' : 'command'
   const args = isWindows() ? [command] : ['-v', command]
@@ -66,13 +65,11 @@ function commandExists(command) {
 
 function terminalShellProfileCandidatesForPlatform(platform = os.platform()) {
   const profiles = TERMINAL_SHELL_PROFILE_CANDIDATES
-    .filter((profile) => profile.platforms.includes(platform) || profile.id === 'auto')
-    .filter((profile) => profile.id === 'auto' || commandExists(profile.command))
+    .filter((profile) => profile.platforms.includes(platform))
+    .filter((profile) => commandExists(profile.command))
     .map(({ platforms, ...profile }) => ({ ...profile, builtin: true, detected: true }))
 
-  return profiles.length > 1
-    ? profiles
-    : [TERMINAL_SHELL_PROFILE_CANDIDATES[0]].map(({ platforms, ...profile }) => ({ ...profile, builtin: true, detected: true }))
+  return profiles
 }
 
 function nameFromTerminalShellCommand(command) {
@@ -232,10 +229,11 @@ export async function setActiveProjectPath(inputPath) {
         name: projectNameFromPath(resolved),
         path: resolved,
         lastOpenedAt: now,
+        sortOrder: config.projects.length,
         skills: [],
         commandDir: '',
       }
-      config.projects.unshift(project)
+      config.projects.push(project)
     } else {
       project.name = projectNameFromPath(resolved)
       project.path = resolved
@@ -243,7 +241,7 @@ export async function setActiveProjectPath(inputPath) {
     }
 
     config.activeProjectId = project.id
-    config.projects = [project, ...config.projects.filter((item) => item.id !== project.id)].slice(0, 20)
+    if (config.projects.length > 20) config.projects = config.projects.slice(-20)
     return config
   })
 

package/server/routes/agent-profiles.mjs

@@ -1,4 +1,4 @@
-import { streamSimple } from '@mariozechner/pi-ai'
+import { streamSimple } from '@earendil-works/pi-ai'
 import { sendJson, readJsonBody, decodeSegment } from '../utils/response.mjs'
 import { readStore } from '../storage.mjs'
 import { logger } from '../utils/logger.mjs'

package/server/routes/agent.mjs

@@ -25,6 +25,7 @@ import {
   abortToolCall,
   replaceSessionMessages,
   rollbackSessionMessages,
+  continueSession,
   agentEvents,
 } from '../agent-manager.mjs'
 
@@ -96,7 +97,13 @@ export async function handleAgentApi(req, res, url) {
 
   // GET /api/agents/:sessionId/state — get session state
   if (req.method === 'GET' && subPath === 'state') {
-    const state = getSessionState(sessionId)
+    let state = getSessionState(sessionId)
+    if (!state) {
+      // Try to restore from persistent storage before giving up.
+      // This recovers sessions that were evicted by idle timeout.
+      await restoreAgent(sessionId)
+      state = getSessionState(sessionId)
+    }
     if (!state) {
       const error = new Error('Session not found')
       error.statusCode = 404
@@ -184,6 +191,13 @@ export async function handleAgentApi(req, res, url) {
     return
   }
 
+  // POST /api/agents/:sessionId/continue — continue generation from last message (retry)
+  if (req.method === 'POST' && subPath === 'continue') {
+    const result = await continueSession(sessionId)
+    sendJson(res, 200, result)
+    return
+  }
+
   // POST /api/agents/:sessionId/steer — queue steering message
   if (req.method === 'POST' && subPath === 'steer') {
     const body = await readJsonBody(req)

package/server/routes/filesystem.mjs

@@ -50,9 +50,21 @@ async function getFilesystemRoots() {
   return roots
 }
 
-async function listFilesystemDirectories(inputPath) {
+async function listFilesystemDirectories(inputPath, allowedRoots) {
   const requestedPath = String(inputPath || os.homedir())
   const resolved = path.resolve(requestedPath)
+
+  // Only allow browsing within or at known filesystem roots
+  const isAllowed = allowedRoots.some((root) => {
+    const rel = path.relative(root, resolved)
+    return rel === '' || (!rel.startsWith('..') && !path.isAbsolute(rel))
+  })
+  if (!isAllowed) {
+    const error = new Error('Access denied: path is outside allowed roots')
+    error.statusCode = 403
+    throw error
+  }
+
   await assertDirectory(resolved)
 
   const entries = await fs.readdir(resolved, { withFileTypes: true }).catch((error) => {
@@ -77,7 +89,11 @@ export async function handleFilesystemApi(req, res, url) {
   }
 
   if (req.method === 'GET' && url.pathname === '/api/filesystem/directories') {
-    sendJson(res, 200, await listFilesystemDirectories(url.searchParams.get('path')))
+    const roots = await getFilesystemRoots()
+    const allowedRootPaths = roots.map((r) => path.resolve(r.path))
+    // Always allow browsing from home directory as a fallback
+    allowedRootPaths.push(os.homedir())
+    sendJson(res, 200, await listFilesystemDirectories(url.searchParams.get('path'), allowedRootPaths))
     return
   }
 

package/server/routes/project.mjs

@@ -10,7 +10,8 @@ export async function handleProjectApi(req, res, url) {
   const config = await readProjectConfig()
 
   if (req.method === 'GET' && url.pathname === '/api/project') {
-    sendJson(res, 200, { project: getActiveProject(config), projects: config.projects, workspaceRoot: getWorkspaceRoot() })
+    const sorted = [...config.projects].sort((a, b) => (a.sortOrder ?? 0) - (b.sortOrder ?? 0))
+    sendJson(res, 200, { project: getActiveProject(config), projects: sorted, workspaceRoot: getWorkspaceRoot() })
     return
   }
 
@@ -125,6 +126,37 @@ export async function handleProjectApi(req, res, url) {
     return
   }
 
+  if (req.method === 'PUT' && url.pathname === '/api/project/reorder') {
+    const body = await readJsonBody(req)
+    if (!Array.isArray(body?.orderedIds)) {
+      const error = new Error('orderedIds must be an array')
+      error.statusCode = 400
+      throw error
+    }
+    const orderedIds = body.orderedIds
+    const updated = await atomicProjectConfigUpdate((cfg) => {
+      const idToProject = new Map(cfg.projects.map((p) => [p.id, p]))
+      const reordered = []
+      for (const id of orderedIds) {
+        const p = idToProject.get(id)
+        if (p) {
+          p.sortOrder = reordered.length
+          reordered.push(p)
+          idToProject.delete(id)
+        }
+      }
+      // append any remaining projects not in orderedIds (shouldn't happen normally)
+      for (const p of idToProject.values()) {
+        p.sortOrder = reordered.length
+        reordered.push(p)
+      }
+      cfg.projects = reordered
+      return cfg
+    })
+    sendJson(res, 200, { projects: updated.projects, workspaceRoot: getWorkspaceRoot() })
+    return
+  }
+
   const error = new Error('Not found')
   error.statusCode = 404
   throw error

package/server/routes/scheduled-tasks.mjs

@@ -1,4 +1,4 @@
-import { streamSimple } from '@mariozechner/pi-ai'
+import { streamSimple } from '@earendil-works/pi-ai'
 import { readJsonBody, sendJson, decodeSegment } from '../utils/response.mjs'
 import { readStore, atomicUpdate } from '../storage.mjs'
 import { createAgent, getSessionEventBus, agentEvents, persistSessionState } from '../agent-manager.mjs'

package/server/routes/storage.mjs

@@ -1,8 +1,72 @@
 import path from 'node:path'
 import { sendJson, readJsonBody, decodeSegment } from '../utils/response.mjs'
-import { readStore, writeStore, atomicUpdate, getComparable, readSessionStoreScoped, readSessionValue, writeSessionValue, deleteSessionValue, ensureStorage, dataDir, configDir, storageDir, cacheDir, logsDir } from '../storage.mjs'
+import { readStore, writeStore, atomicUpdate, getComparable, getStoreRevision, readSessionStoreScoped, readSessionValue, writeSessionValue, deleteSessionValue, ensureStorage, dataDir, configDir, storageDir, cacheDir, logsDir } from '../storage.mjs'
 import { directorySize } from '../utils/workspace.mjs'
 
+const metadataIndexCache = new Map()
+const MAX_METADATA_INDEX_CACHE_ENTRIES = 50
+
+function metadataIndexCacheKey({ scope, projectId, indexName, direction }) {
+  return JSON.stringify({ scope: scope || '', projectId: projectId || '', indexName, direction })
+}
+
+function sortIndexedValues(values, store, indexName, direction) {
+  values.sort((a, b) => {
+    if (store === 'sessions-metadata' && indexName === 'lastModified') {
+      const leftPinned = getComparable(a, 'pinnedAt')
+      const rightPinned = getComparable(b, 'pinnedAt')
+      if (leftPinned !== rightPinned) {
+        if (leftPinned === undefined || leftPinned === null) return 1
+        if (rightPinned === undefined || rightPinned === null) return -1
+        return -String(leftPinned).localeCompare(String(rightPinned))
+      }
+    }
+
+    const left = getComparable(a, indexName)
+    const right = getComparable(b, indexName)
+    if (left === right) return 0
+    if (left === undefined || left === null) return direction === 'desc' ? 1 : -1
+    if (right === undefined || right === null) return direction === 'desc' ? -1 : 1
+    const result = String(left).localeCompare(String(right))
+    return direction === 'desc' ? -result : result
+  })
+  return values
+}
+
+async function readIndexedValues(store, indexName, direction, scope, projectId) {
+  if (store !== 'sessions-metadata') {
+    let data
+    if (scope && store === 'sessions') {
+      data = await readSessionStoreScoped(store, scope, scope === 'project' ? projectId : undefined)
+    } else {
+      data = await readStore(store)
+    }
+    return sortIndexedValues(Object.values(data), store, indexName, direction)
+  }
+
+  const revision = getStoreRevision(store)
+  const key = metadataIndexCacheKey({ scope, projectId, indexName, direction })
+  const cached = metadataIndexCache.get(key)
+  if (cached && cached.revision === revision) return cached.values
+
+  const data = scope
+    ? await readSessionStoreScoped(store, scope, scope === 'project' ? projectId : undefined)
+    : await readStore(store)
+  const values = sortIndexedValues(
+    Object.values(data).filter((value) => value?.messageCount !== 0),
+    store,
+    indexName,
+    direction,
+  )
+
+  metadataIndexCache.set(key, { revision, values })
+  if (metadataIndexCache.size > MAX_METADATA_INDEX_CACHE_ENTRIES) {
+    const firstKey = metadataIndexCache.keys().next().value
+    if (firstKey) metadataIndexCache.delete(firstKey)
+  }
+  return values
+}
+
 export async function handleStorageApi(req, res, url) {
   const parts = url.pathname.split('/').filter(Boolean)
 
@@ -44,36 +108,7 @@ export async function handleStorageApi(req, res, url) {
 
     await ensureStorage()
 
-    let data
-    if (scope && (store === 'sessions' || store === 'sessions-metadata')) {
-      data = await readSessionStoreScoped(store, scope, scope === 'project' ? projectId : undefined)
-    } else {
-      data = await readStore(store)
-    }
-
-    let values = Object.values(data)
-    if (store === 'sessions-metadata') {
-      values = values.filter((value) => value?.messageCount !== 0)
-    }
-    values.sort((a, b) => {
-      if (store === 'sessions-metadata' && indexName === 'lastModified') {
-        const leftPinned = getComparable(a, 'pinnedAt')
-        const rightPinned = getComparable(b, 'pinnedAt')
-        if (leftPinned !== rightPinned) {
-          if (leftPinned === undefined || leftPinned === null) return 1
-          if (rightPinned === undefined || rightPinned === null) return -1
-          return -String(leftPinned).localeCompare(String(rightPinned))
-        }
-      }
-
-      const left = getComparable(a, indexName)
-      const right = getComparable(b, indexName)
-      if (left === right) return 0
-      if (left === undefined || left === null) return direction === 'desc' ? 1 : -1
-      if (right === undefined || right === null) return direction === 'desc' ? -1 : 1
-      const result = String(left).localeCompare(String(right))
-      return direction === 'desc' ? -result : result
-    })
+    const values = await readIndexedValues(store, indexName, direction, scope, projectId)
 
     const total = values.length
     const limit = limitParam ? parseInt(limitParam, 10) : undefined

package/server/routes/terminal.mjs

@@ -10,6 +10,7 @@ import {
   listTerminalSessions,
   platformInfo,
   terminalCapabilities,
+  writeTerminalInput,
 } from '../terminal/terminal-manager.mjs'
 
 const wsServer = new WebSocketServer({ noServer: true })
@@ -49,6 +50,11 @@ function sessionIdFromPath(pathname) {
   return match ? decodeSegment(match[1]) : null
 }
 
+function inputSessionIdFromPath(pathname) {
+  const match = pathname.match(/^\/api\/terminal\/sessions\/([^/]+)\/input$/)
+  return match ? decodeSegment(match[1]) : null
+}
+
 export async function handleTerminalApi(req, res, url, options = {}) {
   await assertLocalTerminalRequest(req, options.isLocalRequest)
 
@@ -82,13 +88,32 @@ export async function handleTerminalApi(req, res, url, options = {}) {
     return
   }
 
-  const sessionId = sessionIdFromPath(url.pathname)
-  if (req.method === 'DELETE' && sessionId) {
-    destroyTerminalSession(sessionId)
+  const inputSessionId = inputSessionIdFromPath(url.pathname)
+  if ((req.method === 'POST' || req.method === 'PUT') && inputSessionId) {
+    const body = await readJsonBody(req, 256 * 1024) || {}
+    if (typeof body.data !== 'string') throw error('Terminal input data is required', 400)
+    writeTerminalInput(inputSessionId, body.data)
     sendJson(res, 200, { ok: true })
     return
   }
 
+  const sessionId = sessionIdFromPath(url.pathname)
+  if (sessionId) {
+    if (req.method === 'POST' || req.method === 'PUT') {
+      const body = await readJsonBody(req, 256 * 1024) || {}
+      if (typeof body.data !== 'string') throw error('Terminal input data is required', 400)
+      writeTerminalInput(sessionId, body.data)
+      sendJson(res, 200, { ok: true })
+      return
+    }
+
+    if (req.method === 'DELETE') {
+      destroyTerminalSession(sessionId)
+      sendJson(res, 200, { ok: true })
+      return
+    }
+  }
+
   throw error('Not found', 404)
 }
 

package/server/routes/workspace.mjs

@@ -1,7 +1,7 @@
 import { promises as fs } from 'node:fs'
 import path from 'node:path'
 import { spawn } from 'node:child_process'
-import { sendJson } from '../utils/response.mjs'
+import { sendJson, readJsonBody } from '../utils/response.mjs'
 import { projectContextFromId } from '../project-config.mjs'
 import {
   assertSafeWorkspacePath,
@@ -246,6 +246,44 @@ async function handleWorkspaceFile(req, res, url) {
   })
 }
 
+async function handleWorkspaceResolvePath(req, res) {
+  const body = await readJsonBody(req, 16 * 1024)
+  const projectId = typeof body?.projectId === 'string' ? body.projectId : ''
+  const inputPath = typeof body?.path === 'string' ? body.path.trim() : ''
+
+  if (!projectId) {
+    const error = new Error('projectId is required')
+    error.statusCode = 400
+    throw error
+  }
+  if (!inputPath) {
+    const error = new Error('path is required')
+    error.statusCode = 400
+    throw error
+  }
+  if (!path.isAbsolute(inputPath)) {
+    const error = new Error('Only absolute paths are supported')
+    error.statusCode = 400
+    throw error
+  }
+
+  const context = await projectContextFromId(projectId)
+  const file = resolveWorkspacePath(inputPath, context)
+  await assertSafeWorkspacePath(file, context)
+  const stat = await fs.stat(file)
+  if (!stat.isFile()) {
+    const error = new Error('Path is not a file')
+    error.statusCode = 400
+    throw error
+  }
+
+  sendJson(res, 200, {
+    relativePath: toWorkspaceRelative(file, context),
+    exists: true,
+    isDirectory: false,
+  })
+}
+
 async function handleGitStatus(req, res, url) {
   const context = await projectContextFromUrl(url)
   sendJson(res, 200, await listGitStatus(context))
@@ -306,6 +344,10 @@ export async function handleWorkspaceApi(req, res, url) {
     await handleWorkspaceFile(req, res, url)
     return
   }
+  if (req.method === 'POST' && url.pathname === '/api/workspace/resolve-path') {
+    await handleWorkspaceResolvePath(req, res)
+    return
+  }
 
   const error = new Error('Not found')
   error.statusCode = 404

package/server/session-utils.mjs

@@ -1,4 +1,4 @@
-import { streamSimple } from '@mariozechner/pi-ai'
+import { streamSimple } from '@earendil-works/pi-ai'
 import { buildInstructionsPayload } from './project-config.mjs'
 import { composeSystemPrompt } from './system-prompt.mjs'
 import { listSubagentProfiles } from './agent-profiles.mjs'

package/server/storage.mjs

@@ -62,6 +62,17 @@ export const stores = new Set([
 const sessionBucketIndex = new Map()
 let bucketIndexBuilt = false
 
+// Monotonic in-process revisions for cache invalidation in route-level indexes.
+const storeRevisions = new Map()
+
+function bumpStoreRevision(storeName) {
+  storeRevisions.set(storeName, (storeRevisions.get(storeName) || 0) + 1)
+}
+
+export function getStoreRevision(storeName) {
+  return storeRevisions.get(storeName) || 0
+}
+
 const configStores = new Set(['settings', 'provider-keys', 'custom-providers'])
 const sessionStores = new Set(['sessions', 'sessions-metadata'])
 
@@ -370,6 +381,34 @@ async function readAllSessionValues() {
   return result
 }
 
+function sessionMetadataQueueName(bucket) {
+  return bucket.scope === 'project' ? `sessions-metadata:${bucket.projectId}` : 'sessions-metadata:global'
+}
+
+function sameSessionBucket(left, right) {
+  if (!left || !right) return false
+  return left.scope === right.scope && (left.projectId || undefined) === (right.projectId || undefined)
+}
+
+function updateSessionMetadataBucketIndex(bucket, previousData, nextData) {
+  const ids = new Set([
+    ...Object.keys(previousData || {}),
+    ...Object.keys(nextData || {}),
+  ])
+
+  for (const sessionId of ids) {
+    const meta = nextData?.[sessionId]
+    if (meta && typeof meta === 'object') {
+      sessionBucketIndex.set(sessionId, sessionBucket(meta))
+      continue
+    }
+
+    if (sameSessionBucket(sessionBucketIndex.get(sessionId), bucket)) {
+      sessionBucketIndex.delete(sessionId)
+    }
+  }
+}
+
 async function writeSessionValueFile(sessionId, value) {
   await writeJsonAtomic(sessionDataFile(sessionId, sessionBucket(value)), value)
   // Keep in-memory index current
@@ -497,6 +536,15 @@ async function writeSessionStore(storeName, data) {
     filesToWrite.add(sessionStoreFile(storeName, bucket))
   }
 
+  const previousByFile = new Map()
+  if (storeName === 'sessions-metadata') {
+    await Promise.all(
+      [...filesToWrite].map(async (file) => {
+        previousByFile.set(file, await readJsonFile(file, {}))
+      }),
+    )
+  }
+
   await Promise.all(
     [...filesToWrite].map(async (file) => {
       const bucketEntry = [...buckets.values()].find((entry) => sessionStoreFile(storeName, entry.bucket) === file)
@@ -506,9 +554,14 @@ async function writeSessionStore(storeName, data) {
 
   // Keep in-memory bucket index current for metadata writes
   if (storeName === 'sessions-metadata') {
-    for (const [sessionId, meta] of Object.entries(data || {})) {
-      if (meta && typeof meta === 'object') sessionBucketIndex.set(sessionId, sessionBucket(meta))
+    for (const file of filesToWrite) {
+      const bucketEntry = [...buckets.values()].find((entry) => sessionStoreFile(storeName, entry.bucket) === file)
+      const bucket = bucketEntry?.bucket ?? (file === sessionStoreFile(storeName, { scope: 'global' })
+        ? { scope: 'global' }
+        : { scope: 'project', projectId: path.basename(path.dirname(file)) })
+      updateSessionMetadataBucketIndex(bucket, previousByFile.get(file) ?? {}, bucketEntry?.data ?? {})
     }
+    bumpStoreRevision(storeName)
   }
 }
 
@@ -607,6 +660,29 @@ export async function atomicUpdate(storeName, updateFn) {
   })
 }
 
+/**
+ * Atomically read-modify-write the scoped sessions metadata file within its serialized write queue.
+ *
+ * @param {string} scope
+ * @param {string|null|undefined} projectId
+ * @param {(data: object) => object} updateFn — receives current scoped metadata, returns updated metadata
+ * @returns {Promise<object>} the updated scoped metadata
+ */
+export async function atomicSessionMetadataUpdate(scope, projectId, updateFn) {
+  const bucket = scope === 'project' ? { scope: 'project', projectId } : { scope: 'global' }
+  const file = sessionStoreFile('sessions-metadata', bucket)
+  return enqueueWrite(sessionMetadataQueueName(bucket), async () => {
+    await ensureStorage()
+    const data = await readJsonFile(file, {})
+    const previousData = { ...data }
+    const updated = updateFn(data)
+    await writeJsonAtomic(file, updated)
+    updateSessionMetadataBucketIndex(bucket, previousData, updated)
+    bumpStoreRevision('sessions-metadata')
+    return updated
+  })
+}
+
 /**
  * Atomically read-modify-write the project config within the config queue.
  */

package/server/terminal/terminal-manager.mjs

@@ -242,6 +242,18 @@ export function attachTerminalClient(sessionId, client) {
   }
 }
 
+export function writeTerminalInput(sessionId, data) {
+  const session = sessions.get(sessionId)
+  if (!session) throw createError('Terminal session not found', 404)
+  if (session.exited) throw createError('Terminal session has exited', 410)
+  if (typeof data !== 'string') throw createError('Terminal input must be a string', 400)
+
+  session.touchedAt = Date.now()
+  session.updatedAt = new Date().toISOString()
+  session.pty.write(data)
+  return serializeSession(session)
+}
+
 export function destroyTerminalSession(sessionId) {
   const session = sessions.get(sessionId)
   if (!session) return false