@synergenius/flow-weaver-pack-weaver 0.9.7 → 0.9.9

package/src/bot/project-model.ts

@@ -0,0 +1,404 @@
+/**
+ * Project Model Store — aggregation layer that pulls from all existing data stores
+ * and computes a unified project model ("the brain").
+ *
+ * Storage: ~/.weaver/projects/{hash8}/model.json (cached with 5-minute TTL)
+ */
+
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import * as crypto from 'node:crypto';
+import type {
+  ProjectModel, WorkflowHealth, FailurePattern, BotProfile,
+  ApprovalDecision, OperationEffectiveness,
+  GenesisCycleRecord,
+} from './types.js';
+import { computeTrustLevel } from './trust-calculator.js';
+
+const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+const BOTS_DIR = path.join(os.homedir(), '.weaver', 'bots');
+
+export class ProjectModelStore {
+  private readonly hash8: string;
+  private readonly modelPath: string;
+
+  constructor(private readonly projectDir: string) {
+    this.hash8 = crypto.createHash('sha256').update(projectDir).digest('hex').slice(0, 8);
+    const modelDir = path.join(os.homedir(), '.weaver', 'projects', this.hash8);
+    fs.mkdirSync(modelDir, { recursive: true });
+    this.modelPath = path.join(modelDir, 'model.json');
+  }
+
+  async getOrBuild(): Promise<ProjectModel> {
+    try {
+      if (fs.existsSync(this.modelPath)) {
+        const raw = fs.readFileSync(this.modelPath, 'utf-8');
+        const cached = JSON.parse(raw) as ProjectModel;
+        if (Date.now() - cached.builtAt < CACHE_TTL_MS) {
+          return cached;
+        }
+      }
+    } catch { /* cache corrupt — rebuild */ }
+
+    return this.build();
+  }
+
+  async build(): Promise<ProjectModel> {
+    // 1. Load stores with dynamic imports (avoid circular deps)
+    let runs: Array<{ workflowFile: string; startedAt: string; finishedAt: string; durationMs: number; success: boolean; outcome: string; summary: string }> = [];
+    try {
+      const { RunStore } = await import('./run-store.js');
+      const allRuns = new RunStore().list({ limit: 10_000 });
+      // Filter to runs within this project directory, excluding node_modules
+      runs = allRuns.filter(r =>
+        r.workflowFile.startsWith(this.projectDir) &&
+        !r.workflowFile.includes('/node_modules/')
+      );
+    } catch { /* unavailable */ }
+
+    let auditEvents: Array<{ type: string; timestamp: string; runId: string; data?: Record<string, unknown> }> = [];
+    try {
+      const { AuditStore } = await import('./audit-store.js');
+      auditEvents = new AuditStore().queryRecent(500);
+    } catch { /* unavailable */ }
+
+    let costRecords: Array<{ runId?: string; model?: string; promptTokens?: number; completionTokens?: number; estimatedCost?: number; cost?: number; timestamp: number }> = [];
+    try {
+      const { CostStore } = await import('./cost-store.js');
+      costRecords = new CostStore().query();
+    } catch { /* unavailable */ }
+
+    let genesisCycles: GenesisCycleRecord[] = [];
+    try {
+      if (fs.existsSync(path.join(this.projectDir, '.genesis'))) {
+        const { GenesisStore } = await import('./genesis-store.js');
+        genesisCycles = new GenesisStore(this.projectDir).loadHistory().cycles;
+      }
+    } catch { /* unavailable */ }
+
+    let conversationCount = 0;
+    try {
+      const { ConversationStore } = await import('./conversation-store.js');
+      conversationCount = new ConversationStore().list().length;
+    } catch { /* unavailable */ }
+
+    // 2. Build sections
+    const workflows = this.buildWorkflowHealth(runs);
+    const overall = workflows.length > 0
+      ? Math.round(workflows.reduce((s, w) => s + w.score * w.totalRuns, 0) / Math.max(1, workflows.reduce((s, w) => s + w.totalRuns, 0)))
+      : 0;
+
+    const bots = this.buildBotProfiles(runs);
+
+    let classifyError: ((msg: string) => { isTransient: boolean; category: string }) | null = null;
+    try {
+      const mod = await import('./error-classifier.js');
+      classifyError = (msg: string) => mod.classifyError(msg);
+    } catch { /* unavailable */ }
+
+    const failurePatterns = this.buildFailurePatterns(auditEvents, classifyError);
+    const userPreferences = this.buildUserPreferences(genesisCycles);
+    const evolution = this.buildEvolution(genesisCycles);
+    const cost = this.buildCost(costRecords, runs);
+
+    // 3. Assemble partial model, compute trust
+    const partial = {
+      projectDir: this.projectDir,
+      builtAt: Date.now(),
+      health: { overall, workflows },
+      bots,
+      failurePatterns,
+      userPreferences,
+      evolution,
+      cost,
+      _conversationCount: conversationCount,
+    };
+
+    const trust = computeTrustLevel(partial);
+    const model: ProjectModel = {
+      projectDir: partial.projectDir,
+      builtAt: partial.builtAt,
+      health: partial.health,
+      bots: partial.bots,
+      failurePatterns: partial.failurePatterns,
+      userPreferences: partial.userPreferences,
+      evolution: partial.evolution,
+      cost: partial.cost,
+      trust,
+    };
+
+    // 4. Cache
+    try {
+      fs.writeFileSync(this.modelPath, JSON.stringify(model, null, 2), 'utf-8');
+    } catch { /* non-fatal */ }
+
+    return model;
+  }
+
+  invalidate(): void {
+    try {
+      if (fs.existsSync(this.modelPath)) fs.unlinkSync(this.modelPath);
+    } catch { /* non-fatal */ }
+  }
+
+  formatSummary(model: ProjectModel): string {
+    const { health, bots, failurePatterns, cost, trust, evolution } = model;
+    const healthyCount = health.workflows.filter(w => w.trend !== 'degrading').length;
+    const degradingCount = health.workflows.filter(w => w.trend === 'degrading').length;
+    const ejectedCount = bots.filter(b => b.ejected).length;
+    const criticalPatterns = failurePatterns.filter(f => f.occurrences >= 5 && !f.transient).length;
+
+    const phaseNames: Record<number, string> = {
+      1: 'insights + suggestions',
+      2: 'proposals with explanation',
+      3: 'proposals with visual diff',
+      4: 'auto-apply COSMETIC',
+    };
+
+    return [
+      `Health: ${health.overall}/100 (${health.workflows.length} workflows, ${healthyCount} healthy, ${degradingCount} degrading)`,
+      `Bots: ${bots.length} registered (${ejectedCount} ejected)`,
+      `Failures: ${failurePatterns.length} recurring patterns (${criticalPatterns} critical)`,
+      `Cost: $${cost.last7Days.toFixed(2)} last 7 days (${cost.trend})`,
+      `Trust: Phase ${trust.phase} (${phaseNames[trust.phase]})`,
+      `Evolution: ${evolution.totalCycles} cycles (${evolution.totalCycles > 0 ? Math.round(evolution.successRate * 100) : 0}% success)`,
+    ].join('\n');
+  }
+
+  formatSessionGreeting(model: ProjectModel): string {
+    const insightCount = model.failurePatterns.filter(f => f.occurrences >= 3).length
+      + model.health.workflows.filter(w => w.trend === 'degrading').length;
+    return `Health ${model.health.overall}/100 \u00b7 ${model.bots.length} bots \u00b7 ${insightCount} insights \u00b7 $${model.cost.last7Days.toFixed(2)}/7d`;
+  }
+
+  // ---- Private builders ----
+
+  private buildWorkflowHealth(runs: typeof ProjectModelStore.prototype.build extends (...args: any[]) => any ? any : never): WorkflowHealth[] {
+    const byWorkflow = new Map<string, Array<{ startedAt: string; durationMs: number; success: boolean }>>();
+    for (const run of runs) {
+      if (!byWorkflow.has(run.workflowFile)) byWorkflow.set(run.workflowFile, []);
+      byWorkflow.get(run.workflowFile)!.push(run);
+    }
+
+    const now = Date.now();
+    const d7 = now - 7 * 86_400_000;
+    const d14 = now - 14 * 86_400_000;
+    const result: WorkflowHealth[] = [];
+
+    for (const [absFile, wfRuns] of byWorkflow) {
+      // Convert to relative path for display
+      const file = absFile.startsWith(this.projectDir)
+        ? path.relative(this.projectDir, absFile)
+        : absFile;
+
+      const totalRuns = wfRuns.length;
+      const successRate = totalRuns > 0 ? wfRuns.filter(r => r.success).length / totalRuns : 0;
+      const avgDurationMs = totalRuns > 0 ? Math.round(wfRuns.reduce((s, r) => s + (r.durationMs ?? 0), 0) / totalRuns) : 0;
+      const sorted = [...wfRuns].sort((a, b) => b.startedAt.localeCompare(a.startedAt));
+      const lastRun = sorted[0]?.startedAt ?? null;
+
+      const recent = wfRuns.filter(r => new Date(r.startedAt).getTime() >= d7);
+      const prev = wfRuns.filter(r => { const t = new Date(r.startedAt).getTime(); return t >= d14 && t < d7; });
+      const recentRate = recent.length > 0 ? recent.filter(r => r.success).length / recent.length : successRate;
+      const prevRate = prev.length > 0 ? prev.filter(r => r.success).length / prev.length : successRate;
+      const diff = recentRate - prevRate;
+      const trend: WorkflowHealth['trend'] = diff > 0.05 ? 'improving' : diff < -0.05 ? 'degrading' : 'stable';
+
+      result.push({ file, score: Math.round(successRate * 100), totalRuns, successRate, avgDurationMs, lastRun, trend });
+    }
+
+    return result;
+  }
+
+  private buildBotProfiles(runs: Array<{ workflowFile: string; success: boolean; durationMs: number }>): BotProfile[] {
+    const profiles: BotProfile[] = [];
+    try {
+      if (!fs.existsSync(BOTS_DIR)) return profiles;
+      for (const name of fs.readdirSync(BOTS_DIR)) {
+        const metaPath = path.join(BOTS_DIR, name, 'meta.json');
+        if (!fs.existsSync(metaPath)) continue;
+        try {
+          const meta = JSON.parse(fs.readFileSync(metaPath, 'utf-8'));
+          if (meta.projectDir !== this.projectDir) continue;
+
+          const ejectedPath = path.join(this.projectDir, '.fw', 'bots', name);
+          const ejected = fs.existsSync(ejectedPath);
+
+          // Compute bot task stats from runs associated with this bot
+          const botRuns = runs.filter(r => r.workflowFile.includes(name) || r.workflowFile.includes('weaver-bot'));
+          const totalTasksRun = botRuns.length;
+          const successRate = totalTasksRun > 0 ? botRuns.filter(r => r.success).length / totalTasksRun : 0;
+          const avgTaskDurationMs = totalTasksRun > 0 ? Math.round(botRuns.reduce((s, r) => s + (r.durationMs ?? 0), 0) / totalTasksRun) : 0;
+
+          profiles.push({
+            name: meta.name ?? name,
+            workflowFile: ejected ? path.join(ejectedPath, 'weaver-bot.ts') : 'node_modules/@synergenius/flow-weaver-pack-weaver/src/workflows/weaver-bot.ts',
+            ejected,
+            totalTasksRun,
+            successRate,
+            avgTaskDurationMs,
+            topFailurePatterns: [],
+          });
+        } catch { /* corrupt meta */ }
+      }
+    } catch { /* bots dir read failed */ }
+    return profiles;
+  }
+
+  private buildFailurePatterns(
+    auditEvents: Array<{ type: string; timestamp: string; data?: Record<string, unknown> }>,
+    classifyError: ((msg: string) => { isTransient: boolean; category: string }) | null,
+  ): FailurePattern[] {
+    const errorEvents = auditEvents.filter(e =>
+      e.type.includes('error') || e.type.includes('fail') || e.data?.error !== undefined
+    );
+
+    const groups = new Map<string, { message: string; count: number; lastSeen: string; workflows: Set<string> }>();
+    for (const event of errorEvents) {
+      const rawMsg = String(event.data?.error ?? event.data?.message ?? event.type);
+      const key = rawMsg.slice(0, 50);
+      const existing = groups.get(key);
+      const wf = String(event.data?.workflowFile ?? event.data?.file ?? '');
+      if (existing) {
+        existing.count++;
+        if (event.timestamp > existing.lastSeen) existing.lastSeen = event.timestamp;
+        if (wf) existing.workflows.add(wf);
+      } else {
+        const wfSet = new Set<string>();
+        if (wf) wfSet.add(wf);
+        groups.set(key, { message: rawMsg, count: 1, lastSeen: event.timestamp, workflows: wfSet });
+      }
+    }
+
+    const patterns: FailurePattern[] = [];
+    for (const [, g] of groups) {
+      let transient = false;
+      let category = 'unknown';
+      if (classifyError) {
+        try {
+          const c = classifyError(g.message);
+          transient = c.isTransient;
+          category = c.category;
+        } catch { /* classification failed */ }
+      }
+      patterns.push({
+        pattern: g.message.slice(0, 120),
+        category,
+        occurrences: g.count,
+        lastSeen: g.lastSeen,
+        workflows: [...g.workflows],
+        transient,
+      });
+    }
+
+    return patterns.sort((a, b) => b.occurrences - a.occurrences);
+  }
+
+  private buildUserPreferences(genesisCycles: GenesisCycleRecord[]): ProjectModel['userPreferences'] {
+    const approvalHistory: ApprovalDecision[] = [];
+
+    for (const cycle of genesisCycles) {
+      if (cycle.approved === null) continue;
+      approvalHistory.push({
+        timestamp: cycle.timestamp,
+        proposalSummary: cycle.proposal?.summary ?? '',
+        impactLevel: cycle.proposal?.impactLevel ?? 'MINOR',
+        approved: cycle.approved,
+        reason: cycle.rejectionReason,
+      });
+    }
+
+    // Auto-approve: 5+ consecutive approvals for a given impact level
+    const autoApprovePatterns: string[] = [];
+    const neverApprovePatterns: string[] = [];
+    const byImpact = new Map<string, boolean[]>();
+    for (const d of approvalHistory) {
+      if (!byImpact.has(d.impactLevel)) byImpact.set(d.impactLevel, []);
+      byImpact.get(d.impactLevel)!.push(d.approved);
+    }
+    for (const [level, decisions] of byImpact) {
+      let consec = 0;
+      for (let i = decisions.length - 1; i >= 0; i--) {
+        if (decisions[i]) consec++;
+        else break;
+      }
+      if (consec >= 5) autoApprovePatterns.push(level);
+
+      let consecRejects = 0;
+      for (let i = decisions.length - 1; i >= 0; i--) {
+        if (!decisions[i]) consecRejects++;
+        else break;
+      }
+      if (consecRejects >= 3) neverApprovePatterns.push(level);
+    }
+
+    return { approvalHistory, autoApprovePatterns, neverApprovePatterns };
+  }
+
+  private buildEvolution(genesisCycles: GenesisCycleRecord[]): ProjectModel['evolution'] {
+    const totalCycles = genesisCycles.length;
+    const applied = genesisCycles.filter(c => c.outcome === 'applied').length;
+    const successRate = totalCycles > 0 ? applied / totalCycles : 0;
+
+    const byOp = new Map<string, { proposed: number; applied: number; rolledBack: number }>();
+    for (const cycle of genesisCycles) {
+      if (!cycle.proposal) continue;
+      for (const op of cycle.proposal.operations) {
+        if (!byOp.has(op.type)) byOp.set(op.type, { proposed: 0, applied: 0, rolledBack: 0 });
+        const e = byOp.get(op.type)!;
+        e.proposed++;
+        if (cycle.outcome === 'applied') e.applied++;
+        else if (cycle.outcome === 'rolled-back') e.rolledBack++;
+      }
+    }
+
+    const byOperationType: Record<string, OperationEffectiveness> = {};
+    for (const [type, stats] of byOp) {
+      byOperationType[type] = {
+        proposed: stats.proposed,
+        applied: stats.applied,
+        rolledBack: stats.rolledBack,
+        effectiveness: stats.proposed > 0 ? stats.applied / stats.proposed : 0,
+      };
+    }
+
+    return {
+      totalCycles,
+      successRate,
+      byOperationType,
+      recentCycles: genesisCycles.slice(-10),
+    };
+  }
+
+  private buildCost(
+    costRecords: Array<{ estimatedCost?: number; cost?: number; timestamp: number; model?: string }>,
+    runs: Array<{ success: boolean }>,
+  ): ProjectModel['cost'] {
+    const now = Date.now();
+    const d7 = now - 7 * 86_400_000;
+    const d14 = now - 14 * 86_400_000;
+    const d30 = now - 30 * 86_400_000;
+
+    const getCost = (r: { estimatedCost?: number; cost?: number }) => r.estimatedCost ?? r.cost ?? 0;
+    const totalSpent = costRecords.reduce((s, r) => s + getCost(r), 0);
+    const last7Days = costRecords.filter(r => r.timestamp >= d7).reduce((s, r) => s + getCost(r), 0);
+    const prev7Days = costRecords.filter(r => r.timestamp >= d14 && r.timestamp < d7).reduce((s, r) => s + getCost(r), 0);
+    const last30Days = costRecords.filter(r => r.timestamp >= d30).reduce((s, r) => s + getCost(r), 0);
+
+    let trend: ProjectModel['cost']['trend'] = 'stable';
+    if (prev7Days > 0) {
+      const ratio = last7Days / prev7Days;
+      if (ratio > 1.15) trend = 'increasing';
+      else if (ratio < 0.85) trend = 'decreasing';
+    }
+
+    const successfulRuns = runs.filter(r => r.success).length;
+    const costPerSuccessfulRun = successfulRuns > 0 ? totalSpent / successfulRuns : 0;
+
+    // High cost workflows — from cost records grouped by model (simplified)
+    const highCostWorkflows: Array<{ workflow: string; avgCost: number }> = [];
+
+    return { totalSpent, last7Days, last30Days, trend, costPerSuccessfulRun, highCostWorkflows };
+  }
+}

package/src/bot/response-formatter.ts

@@ -36,7 +36,6 @@ export function formatResponse(text: string, cwd: string): string {
 
 function supportsHyperlinks(): boolean {
   const term = process.env.TERM_PROGRAM ?? '';
-  // Known terminals that support OSC 8
-  return ['iTerm.app', 'WezTerm', 'vscode', 'Hyper'].includes(term)
-    || !!process.env.TERM_PROGRAM_VERSION; // Most modern terminals
+  // Known terminals that support OSC 8 hyperlinks
+  return ['iTerm.app', 'WezTerm', 'vscode', 'Hyper'].includes(term);
 }

package/src/bot/run-store.ts

@@ -110,9 +110,12 @@ export class RunStore {
             });
             fs.unlinkSync(path.join(this.dir, file));
           }
-        } catch { /* skip corrupt marker */ }
+        } catch (err) {
+          console.warn(`[weaver] checkOrphans: removing corrupt marker file ${file}:`, err);
+          try { fs.unlinkSync(path.join(this.dir, file)); } catch { /* already gone */ }
+        }
       }
-    } catch { /* dir read failed */ }
+    } catch (err) { console.warn(`[weaver] checkOrphans: failed to read directory ${this.dir}:`, err); }
     return orphans;
   }
 

package/src/bot/safe-path.ts

@@ -6,12 +6,13 @@
  * user input, AI output, or external configuration.
  */
 
+import * as fs from 'node:fs';
 import * as path from 'node:path';
 
 /**
  * Validate that a relative path does not escape the base directory.
  * Returns the resolved absolute path if safe, or null if the path
- * attempts traversal.
+ * attempts traversal. Also resolves symlinks to prevent bypass attacks.
  */
 export function safePath(baseDir: string, relativePath: string): string | null {
   const normalized = path.normalize(relativePath);
@@ -28,6 +29,24 @@ export function safePath(baseDir: string, relativePath: string): string | null {
     return null;
   }
 
+  // Symlink protection: walk up to find deepest existing segment and
+  // verify its real path stays within the base directory.
+  let checkPath = resolved;
+  while (!fs.existsSync(checkPath) && checkPath !== resolvedBase) {
+    checkPath = path.dirname(checkPath);
+  }
+  if (fs.existsSync(checkPath)) {
+    try {
+      const realPath = fs.realpathSync(checkPath);
+      const realBase = fs.realpathSync(resolvedBase);
+      if (!realPath.startsWith(realBase + path.sep) && realPath !== realBase) {
+        return null;
+      }
+    } catch {
+      return null; // Can't verify safety, reject
+    }
+  }
+
   return resolved;
 }
 

package/src/bot/safety.ts

@@ -1,14 +1,68 @@
 /**
  * Shared safety constants and checks — single source of truth.
+ *
+ * Both step-executor.ts and assistant-tools.ts MUST use these patterns.
+ * Do not duplicate blocklists elsewhere.
  */
 
-export const BLOCKED_COMMANDS = ['rm -rf', 'git push', 'npm publish', 'sudo', 'curl|sh', 'wget|sh'];
+/** Shell commands that are NEVER allowed (destructive or evasive operations). */
+export const BLOCKED_SHELL_PATTERNS: RegExp[] = [
+  // Destructive file operations
+  /\brm\s+(-[a-z]*r|-[a-z]*f)[a-z]*\s/i,  // rm with -r or -f flags
+
+  // Git remote/destructive operations
+  /\bgit\s+push\b/i,              // git push (no remote ops)
+  /\bgit\s+reset\s+--hard\b/i,    // git reset --hard
+
+  // Package publishing
+  /\bnpm\s+publish\b/i,           // npm publish
+
+  // Remote code execution via download
+  /\bcurl\b.*\|\s*(sh|bash)\b/i,  // curl | sh/bash
+  /\bwget\b.*\|\s*(sh|bash)\b/i,  // wget | sh/bash
+
+  // Privilege escalation
+  /\bsudo\b/i,                    // sudo
+
+  // Dangerous permissions
+  /\bchmod\s+777\b/i,             // chmod 777
+
+  // Process killing
+  /\bkill\s+-9\b/i,               // kill -9
+
+  // Disk destruction
+  /\bmkfs\b/i,                    // format disk
+  /\bdd\s+if=/i,                  // dd (disk destroyer)
+  />\s*\/dev\/sd/i,               // write to raw disk
+
+  // Pipe-to-interpreter: encoded payload execution
+  /\bbase64\b.*\|\s*(sh|bash|zsh)\b/i,  // base64 | bash
+
+  // Inline code execution via interpreters
+  /\bnode\s+(-e|--eval)\b/i,           // node -e / node --eval
+  /\bpython[23]?\s+-c\b/i,             // python -c / python3 -c
+  /\bperl\s+-e\b/i,                    // perl -e
+  /\bruby\s+-e\b/i,                    // ruby -e
+
+  // Shell eval (arbitrary code execution)
+  /\beval\s+/i,                         // eval ...
+];
+
 export const BLOCKED_URL_PATTERN = /localhost|127\.0\.0\.1|0\.0\.0\.0|10\.\d|172\.(1[6-9]|2\d|3[01])\.|192\.168\./i;
 export const MAX_READ_SIZE = 1_048_576;
 export const CHARS_PER_TOKEN = 4;
 
-export function isBlockedCommand(cmd: string): boolean {
-  return BLOCKED_COMMANDS.some(b => cmd.includes(b));
+/**
+ * Check if a shell command matches any blocked pattern.
+ * Returns the matching pattern source string, or false if safe.
+ */
+export function isBlockedCommand(cmd: string): string | false {
+  for (const pattern of BLOCKED_SHELL_PATTERNS) {
+    if (pattern.test(cmd)) {
+      return pattern.source;
+    }
+  }
+  return false;
 }
 
 export function isBlockedUrl(url: string): boolean {

package/src/bot/session-state.ts

@@ -42,16 +42,30 @@ export class SessionStore {
       return JSON.parse(fs.readFileSync(this.filePath, 'utf-8')) as SessionState;
     } catch (err) {
       if (process.env.WEAVER_VERBOSE) process.stderr.write(`[weaver] session state load failed: ${err}\n`);
+      // Try backup recovery
+      return this.loadBackup();
+    }
+  }
+
+  /** Recover session from backup file when primary is corrupt. */
+  private loadBackup(): SessionState | null {
+    const backupPath = this.filePath + '.bak';
+    if (!fs.existsSync(backupPath)) return null;
+    try {
+      const data = JSON.parse(fs.readFileSync(backupPath, 'utf-8')) as SessionState;
+      // Restore backup to primary
+      try { this.writeAtomic(data); } catch { /* best effort */ }
+      return data;
+    } catch (err) {
+      if (process.env.WEAVER_VERBOSE) process.stderr.write(`[weaver] session backup load failed: ${err}\n`);
       return null;
     }
   }
 
   async save(state: SessionState): Promise<void> {
     return withFileLock(this.filePath, () => {
-      const dir = path.dirname(this.filePath);
-      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
       state.lastActivity = Date.now();
-      fs.writeFileSync(this.filePath, JSON.stringify(state, null, 2), 'utf-8');
+      this.writeAtomic(state);
     });
   }
 
@@ -60,15 +74,41 @@ export class SessionStore {
       const state = this.load();
       if (!state) return null;
       Object.assign(state, patch);
-      const dir = path.dirname(this.filePath);
-      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
       state.lastActivity = Date.now();
-      fs.writeFileSync(this.filePath, JSON.stringify(state, null, 2), 'utf-8');
+      this.writeAtomic(state);
       return state;
     });
   }
 
   clear(): void {
-    try { fs.unlinkSync(this.filePath); } catch { /* ignore */ }
+    try {
+      fs.unlinkSync(this.filePath);
+    } catch (err) {
+      if ((err as NodeJS.ErrnoException).code !== 'ENOENT') throw err;
+    }
+  }
+
+  /** Atomic write: write to temp file, backup existing, rename into place. */
+  private writeAtomic(state: SessionState): void {
+    const dir = path.dirname(this.filePath);
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+    const tmpPath = this.filePath + `.tmp.${process.pid}`;
+    const backupPath = this.filePath + '.bak';
+    const content = JSON.stringify(state, null, 2);
+
+    // Write to temp file first
+    fs.writeFileSync(tmpPath, content, 'utf-8');
+
+    // Backup current file if it exists
+    if (fs.existsSync(this.filePath)) {
+      try { fs.copyFileSync(this.filePath, backupPath); } catch { /* best effort */ }
+    }
+
+    // Atomic rename
+    fs.renameSync(tmpPath, this.filePath);
+
+    // Update backup after successful write
+    try { fs.copyFileSync(this.filePath, backupPath); } catch { /* best effort */ }
   }
 }