npm - @ystemsrx/cfshare - Versions diffs - 0.1.5 → 0.1.6 - Mend

@ystemsrx/cfshare 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/src/manager.js CHANGED Viewed

@@ -184,6 +184,18 @@ function ensureString(input) {
     const trimmed = input.trim();
     return trimmed || undefined;
 }
+function asNumber(input) {
+    if (typeof input === "number" && Number.isFinite(input)) {
+        return Math.trunc(input);
+    }
+    if (typeof input === "string" && input.trim()) {
+        const parsed = Number(input);
+        if (Number.isFinite(parsed)) {
+            return Math.trunc(parsed);
+        }
+    }
+    return undefined;
+}
 function buildContentDisposition(params) {
     if (params.mode === "raw") {
         return undefined;
@@ -558,6 +570,7 @@ export class CfshareManager {
     workspaceRoot;
     auditFile;
     sessionsFile;
+    sessionsDir;
     exportsDir;
     initialized = false;
     initializing;
@@ -577,6 +590,7 @@ export class CfshareManager {
         this.workspaceRoot = path.join(this.stateDir, "workspaces");
         this.auditFile = path.join(this.stateDir, "audit.jsonl");
         this.sessionsFile = path.join(this.stateDir, "sessions.json");
+        this.sessionsDir = path.join(this.stateDir, "sessions");
         this.exportsDir = path.join(this.stateDir, "exports");
         this.cloudflaredPathInput = this.pluginConfig.cloudflaredPath ?? "cloudflared";
     }
@@ -593,6 +607,7 @@ export class CfshareManager {
         await mkdirp(this.stateDir);
         await mkdirp(this.workspaceRoot);
         await mkdirp(this.exportsDir);
+        await mkdirp(this.sessionsDir);
         await this.reloadPolicy();
         this.startGuard();
         this.initialized = true;
@@ -622,16 +637,201 @@ export class CfshareManager {
             this.logger.warn(`cfshare: failed to write audit event: ${String(error)}`);
         }
     }
-    async persistSessionsSnapshot() {
-        const records = Array.from(this.sessions.values()).map((session) => ({
+    sessionRecordPath(id) {
+        return path.join(this.sessionsDir, `${encodeURIComponent(id)}.json`);
+    }
+    toPersistedSessionRecord(session) {
+        return {
             id: session.id,
             type: session.type,
             status: session.status,
+            createdAt: session.createdAt,
             expiresAt: session.expiresAt,
+            localUrl: session.localUrl,
+            publicUrl: session.publicUrl,
+            sourcePort: session.sourcePort,
+            originPort: session.originPort,
+            tunnelPort: session.tunnelPort,
             workspaceDir: session.workspaceDir,
             processPid: session.process?.pid,
-        }));
-        await fs.writeFile(this.sessionsFile, JSON.stringify(records, null, 2), "utf8");
+            ownerPid: process.pid,
+            fileMode: session.fileMode,
+            filePresentation: session.filePresentation,
+            maxDownloads: session.maxDownloads,
+            manifest: session.manifest,
+            access: session.access,
+            stats: session.stats,
+            lastError: session.lastError,
+        };
+    }
+    parsePersistedSessionRecord(raw) {
+        if (!raw || typeof raw !== "object") {
+            return undefined;
+        }
+        const row = raw;
+        const id = ensureString(row.id);
+        const type = ensureString(row.type);
+        const status = ensureString(row.status);
+        if (!id || (type !== "port" && type !== "files")) {
+            return undefined;
+        }
+        const normalizedStatus = status === "starting" || status === "running" || status === "stopped" || status === "error" || status === "expired"
+            ? status
+            : "error";
+        const accessRaw = (row.access ?? {});
+        const accessModeRaw = ensureString(accessRaw.mode);
+        const accessMode = accessModeRaw === "token" || accessModeRaw === "basic" || accessModeRaw === "none" ? accessModeRaw : "none";
+        const statsRaw = (row.stats ?? {});
+        return {
+            id,
+            type,
+            status: normalizedStatus,
+            createdAt: ensureString(row.createdAt) || nowIso(),
+            expiresAt: ensureString(row.expiresAt) || nowIso(),
+            localUrl: ensureString(row.localUrl) || "",
+            publicUrl: ensureString(row.publicUrl) || undefined,
+            sourcePort: asNumber(row.sourcePort),
+            originPort: asNumber(row.originPort) ?? 0,
+            tunnelPort: asNumber(row.tunnelPort) ?? 0,
+            workspaceDir: ensureString(row.workspaceDir) || undefined,
+            processPid: asNumber(row.processPid),
+            ownerPid: asNumber(row.ownerPid),
+            fileMode: ensureString(row.fileMode) === "zip" ? "zip" : "normal",
+            filePresentation: normalizeFilePresentation(ensureString(row.filePresentation) || "download"),
+            maxDownloads: asNumber(row.maxDownloads),
+            manifest: Array.isArray(row.manifest) ? row.manifest : undefined,
+            access: {
+                mode: accessMode,
+                protectOrigin: Boolean(accessRaw.protectOrigin),
+                allowlistPaths: normalizeAllowlistPaths(accessRaw.allowlistPaths),
+                token: ensureString(accessRaw.token) || undefined,
+                username: ensureString(accessRaw.username) || undefined,
+                password: ensureString(accessRaw.password) || undefined,
+            },
+            stats: {
+                requests: asNumber(statsRaw.requests) ?? 0,
+                downloads: asNumber(statsRaw.downloads) ?? 0,
+                bytesSent: asNumber(statsRaw.bytesSent) ?? 0,
+                lastAccessAt: ensureString(statsRaw.lastAccessAt) || undefined,
+            },
+            lastError: ensureString(row.lastError) || undefined,
+        };
+    }
+    async readPersistedSessions() {
+        const out = new Map();
+        let sessionsDirMissing = false;
+        const entries = await fs.readdir(this.sessionsDir, { withFileTypes: true }).catch((error) => {
+            if (error?.code === "ENOENT") {
+                sessionsDirMissing = true;
+            }
+            return [];
+        });
+        for (const entry of entries) {
+            if (!entry.isFile() || !entry.name.endsWith(".json")) {
+                continue;
+            }
+            const abs = path.join(this.sessionsDir, entry.name);
+            try {
+                const raw = await fs.readFile(abs, "utf8");
+                const record = this.parsePersistedSessionRecord(JSON.parse(raw));
+                if (record) {
+                    out.set(record.id, record);
+                }
+            }
+            catch {
+                // ignore malformed session files
+            }
+        }
+        if (out.size > 0 || !sessionsDirMissing) {
+            return out;
+        }
+        // Legacy fallback for snapshots generated before per-session persistence.
+        try {
+            const raw = await fs.readFile(this.sessionsFile, "utf8");
+            const rows = JSON.parse(raw);
+            if (!Array.isArray(rows)) {
+                return out;
+            }
+            for (const row of rows) {
+                const record = this.parsePersistedSessionRecord({
+                    ...row,
+                    createdAt: row.createdAt ?? nowIso(),
+                    localUrl: row.localUrl ?? "",
+                    originPort: row.originPort ?? 0,
+                    tunnelPort: row.tunnelPort ?? 0,
+                    access: row.access ??
+                        {
+                            mode: "none",
+                            protectOrigin: false,
+                            allowlistPaths: [],
+                        },
+                    stats: row.stats ??
+                        {
+                            requests: 0,
+                            downloads: 0,
+                            bytesSent: 0,
+                        },
+                });
+                if (record) {
+                    out.set(record.id, record);
+                }
+            }
+        }
+        catch {
+            // ignore missing legacy snapshot
+        }
+        return out;
+    }
+    async writePersistedSessionRecord(record) {
+        const target = this.sessionRecordPath(record.id);
+        const tmp = `${target}.${process.pid}.tmp`;
+        await fs.writeFile(tmp, JSON.stringify(record, null, 2), "utf8");
+        await fs.rename(tmp, target);
+    }
+    async deletePersistedSessionRecord(id) {
+        await fs.rm(this.sessionRecordPath(id), { force: true });
+    }
+    isProcessAlive(pid) {
+        if (!pid || !Number.isInteger(pid) || pid <= 0) {
+            return false;
+        }
+        try {
+            process.kill(pid, 0);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    async persistSessionsSnapshot() {
+        const activeIds = new Set();
+        const records = Array.from(this.sessions.values()).map((session) => {
+            const record = this.toPersistedSessionRecord(session);
+            activeIds.add(record.id);
+            return record;
+        });
+        await Promise.all(records.map((record) => this.writePersistedSessionRecord(record)));
+        const persisted = await this.readPersistedSessions();
+        for (const record of persisted.values()) {
+            if (record.ownerPid !== process.pid || activeIds.has(record.id)) {
+                continue;
+            }
+            await this.deletePersistedSessionRecord(record.id);
+        }
+        const mergedRows = Array.from((await this.readPersistedSessions()).values())
+            .map((record) => ({
+            id: record.id,
+            type: record.type,
+            status: record.status,
+            expiresAt: record.expiresAt,
+            workspaceDir: record.workspaceDir,
+            processPid: record.processPid,
+            ownerPid: record.ownerPid,
+            publicUrl: record.publicUrl,
+            localUrl: record.localUrl,
+        }))
+            .sort((a, b) => a.id.localeCompare(b.id));
+        await fs.writeFile(this.sessionsFile, JSON.stringify(mergedRows, null, 2), "utf8");
     }
     makeAccessState(params) {
         const allowlistPaths = normalizeAllowlistPaths(params.allowlistPaths);
@@ -658,24 +858,26 @@ export class CfshareManager {
             allowlistPaths,
         };
     }
-    makeResponsePublicUrl(session) {
-        const base = session.publicUrl;
+    makeResponsePublicUrlFromValues(base, access) {
         if (!base) {
             return undefined;
         }
-        if (session.access.mode !== "token" || !session.access.token) {
+        if (access.mode !== "token" || !access.token) {
             return base;
         }
         try {
             const out = new URL(base);
-            out.searchParams.set("token", session.access.token);
+            out.searchParams.set("token", access.token);
             return out.toString();
         }
         catch {
             const sep = base.includes("?") ? "&" : "?";
-            return `${base}${sep}token=${encodeURIComponent(session.access.token)}`;
+            return `${base}${sep}token=${encodeURIComponent(access.token)}`;
         }
     }
+    makeResponsePublicUrl(session) {
+        return this.makeResponsePublicUrlFromValues(session.publicUrl, session.access);
+    }
     buildRateLimiter(policy) {
         if (!policy.enabled) {
             return () => true;
@@ -1702,8 +1904,27 @@ export class CfshareManager {
             throw error;
         }
     }
-    exposureList() {
-        return Array.from(this.sessions.values()).map((session) => this.makeExposureRecord(session));
+    async exposureList() {
+        await this.ensureInitialized();
+        const persisted = await this.readPersistedSessions();
+        const out = new Map();
+        for (const session of this.sessions.values()) {
+            out.set(session.id, this.makeExposureRecord(session));
+        }
+        for (const record of persisted.values()) {
+            if (out.has(record.id)) {
+                continue;
+            }
+            out.set(record.id, {
+                id: record.id,
+                type: record.type,
+                status: record.status,
+                public_url: this.makeResponsePublicUrlFromValues(record.publicUrl, record.access),
+                local_url: record.localUrl,
+                expires_at: record.expiresAt,
+            });
+        }
+        return Array.from(out.values()).sort((a, b) => a.id.localeCompare(b.id));
     }
     normalizeRequestedIds(rawIds) {
         const out = [];
@@ -1721,50 +1942,95 @@ export class CfshareManager {
         }
         return out;
     }
-    matchesExposureFilter(session, filter) {
+    matchesExposureFilterByValues(type, status, filter) {
         if (!filter) {
             return true;
         }
-        if (filter.status && session.status !== filter.status) {
+        if (filter.status && status !== filter.status) {
             return false;
         }
-        if (filter.type && session.type !== filter.type) {
+        if (filter.type && type !== filter.type) {
             return false;
         }
         return true;
     }
-    resolveExposureSelection(query) {
+    matchesExposureFilter(session, filter) {
+        return this.matchesExposureFilterByValues(session.type, session.status, filter);
+    }
+    async loadSessionLookupMap() {
+        const out = new Map();
+        for (const session of this.sessions.values()) {
+            out.set(session.id, { live: session });
+        }
+        const persisted = await this.readPersistedSessions();
+        for (const [id, record] of persisted.entries()) {
+            const current = out.get(id);
+            if (current) {
+                current.persisted = record;
+            }
+            else {
+                out.set(id, { persisted: record });
+            }
+        }
+        return out;
+    }
+    resolveExposureSelection(query, lookupMap) {
         const explicitIds = this.normalizeRequestedIds([
             ...(typeof query.id === "string" ? [query.id] : []),
             ...((query.ids ?? []).filter((value) => typeof value === "string")),
         ]);
         const hasAll = explicitIds.includes("all");
-        const allSessions = Array.from(this.sessions.values());
+        const allIds = Array.from(lookupMap.keys());
         if (hasAll) {
-            const selectedIds = allSessions
-                .filter((session) => this.matchesExposureFilter(session, query.filter))
-                .map((session) => session.id);
+            const selectedIds = allIds.filter((id) => {
+                const lookup = lookupMap.get(id);
+                if (!lookup) {
+                    return false;
+                }
+                if (lookup.live) {
+                    return this.matchesExposureFilter(lookup.live, query.filter);
+                }
+                if (lookup.persisted) {
+                    return this.matchesExposureFilterByValues(lookup.persisted.type, lookup.persisted.status, query.filter);
+                }
+                return false;
+            });
             return { selectorUsed: true, selectedIds, missingIds: [] };
         }
         if (explicitIds.length > 0) {
             const selectedIds = [];
             const missingIds = [];
             for (const id of explicitIds) {
-                const session = this.sessions.get(id);
-                if (!session) {
+                const lookup = lookupMap.get(id);
+                if (!lookup) {
                     missingIds.push(id);
                     continue;
                 }
-                if (this.matchesExposureFilter(session, query.filter)) {
+                if (lookup.live && this.matchesExposureFilter(lookup.live, query.filter)) {
+                    selectedIds.push(id);
+                    continue;
+                }
+                if (lookup.persisted &&
+                    this.matchesExposureFilterByValues(lookup.persisted.type, lookup.persisted.status, query.filter)) {
                     selectedIds.push(id);
                 }
             }
             return { selectorUsed: true, selectedIds, missingIds };
         }
         if (query.filter) {
-            const selectedIds = allSessions
-                .filter((session) => this.matchesExposureFilter(session, query.filter))
-                .map((session) => session.id);
+            const selectedIds = allIds.filter((id) => {
+                const lookup = lookupMap.get(id);
+                if (!lookup) {
+                    return false;
+                }
+                if (lookup.live) {
+                    return this.matchesExposureFilter(lookup.live, query.filter);
+                }
+                if (lookup.persisted) {
+                    return this.matchesExposureFilterByValues(lookup.persisted.type, lookup.persisted.status, query.filter);
+                }
+                return false;
+            });
             return { selectorUsed: true, selectedIds, missingIds: [] };
         }
         return { selectorUsed: false, selectedIds: [], missingIds: [] };
@@ -1774,31 +2040,9 @@ export class CfshareManager {
         const originAlive = session.type === "port"
             ? await probeLocalPort(session.sourcePort ?? session.originPort)
             : Boolean(session.originServer?.listening);
-        let publicProbe;
-        if (opts?.probe_public && session.publicUrl) {
-            try {
-                const probeUrl = new URL(session.publicUrl);
-                if (session.access.mode === "token" && session.access.token) {
-                    probeUrl.searchParams.set("token", session.access.token);
-                }
-                const controller = new AbortController();
-                const timer = setTimeout(() => controller.abort(), DEFAULT_PROBE_TIMEOUT_MS);
-                const headers = {};
-                if (session.access.mode === "basic" && session.access.username && session.access.password) {
-                    headers.authorization = `Basic ${Buffer.from(`${session.access.username}:${session.access.password}`).toString("base64")}`;
-                }
-                const response = await fetch(probeUrl.toString(), {
-                    method: "HEAD",
-                    signal: controller.signal,
-                    headers,
-                });
-                clearTimeout(timer);
-                publicProbe = { ok: response.ok, status: response.status };
-            }
-            catch (error) {
-                publicProbe = { ok: false, error: String(error) };
-            }
-        }
+        const publicProbe = opts?.probe_public
+            ? await this.probePublicEndpoint(session.publicUrl, session.access)
+            : undefined;
         const fileSharing = session.type === "files"
             ? {
                 mode: session.fileMode ?? "normal",
@@ -1837,6 +2081,78 @@ export class CfshareManager {
         }
         return detail;
     }
+    async probePublicEndpoint(publicUrl, access) {
+        if (!publicUrl) {
+            return undefined;
+        }
+        try {
+            const probeUrl = new URL(publicUrl);
+            if (access.mode === "token" && access.token) {
+                probeUrl.searchParams.set("token", access.token);
+            }
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), DEFAULT_PROBE_TIMEOUT_MS);
+            const headers = {};
+            if (access.mode === "basic" && access.username && access.password) {
+                headers.authorization = `Basic ${Buffer.from(`${access.username}:${access.password}`).toString("base64")}`;
+            }
+            const response = await fetch(probeUrl.toString(), {
+                method: "HEAD",
+                signal: controller.signal,
+                headers,
+            });
+            clearTimeout(timer);
+            return { ok: response.ok, status: response.status };
+        }
+        catch (error) {
+            return { ok: false, error: String(error) };
+        }
+    }
+    async buildPersistedExposureDetail(record, opts) {
+        const tunnelAlive = this.isProcessAlive(record.processPid);
+        const probePort = record.type === "port" ? (record.sourcePort ?? record.originPort) : record.originPort;
+        const originAlive = probePort > 0 ? await probeLocalPort(probePort) : false;
+        const publicProbe = opts?.probe_public
+            ? await this.probePublicEndpoint(record.publicUrl, record.access)
+            : undefined;
+        const fileSharing = record.type === "files"
+            ? {
+                mode: record.fileMode ?? "normal",
+                presentation: record.filePresentation ?? "download",
+            }
+            : undefined;
+        const includeManifest = Boolean(opts?.include_manifest);
+        const manifestBundle = record.type === "files" ? this.makeManifestResponse(record.manifest, opts?.manifest_limit) : undefined;
+        const detail = {
+            id: record.id,
+            type: record.type,
+            created_at: record.createdAt,
+            status: {
+                state: record.status,
+                tunnel_alive: tunnelAlive,
+                origin_alive: originAlive,
+                public_probe: publicProbe,
+            },
+            port: {
+                source_port: record.sourcePort,
+                origin_port: record.originPort,
+                tunnel_port: record.tunnelPort,
+            },
+            public_url: this.makeResponsePublicUrlFromValues(record.publicUrl, record.access),
+            expires_at: record.expiresAt,
+            local_url: record.localUrl,
+            stats: record.stats,
+            file_sharing: fileSharing,
+            last_error: record.lastError,
+        };
+        if (manifestBundle) {
+            detail.manifest_meta = manifestBundle.manifest_meta;
+            if (includeManifest) {
+                detail.manifest = manifestBundle.manifest;
+            }
+        }
+        return detail;
+    }
     projectExposureDetail(detail, fields) {
         if (!fields || fields.length === 0) {
             return detail;
@@ -1864,8 +2180,39 @@ export class CfshareManager {
         }
         return out;
     }
+    async stopPersistedSession(record, opts, cleaned) {
+        const uniquePids = Array.from(new Set([record.ownerPid, record.processPid].filter((pid) => Boolean(pid && pid > 0))));
+        for (const pid of uniquePids) {
+            try {
+                process.kill(pid, 0);
+                process.kill(pid, "SIGTERM");
+            }
+            catch (error) {
+                const errno = error;
+                if (errno?.code !== "ESRCH") {
+                    throw error;
+                }
+            }
+        }
+        if (record.workspaceDir && (await fileExists(record.workspaceDir))) {
+            await fs.rm(record.workspaceDir, { recursive: true, force: true });
+            cleaned.push(record.workspaceDir);
+        }
+        await this.deletePersistedSessionRecord(record.id);
+        await this.writeAudit({
+            ts: nowIso(),
+            event: opts?.expired ? "exposure_expired" : "exposure_stopped",
+            id: record.id,
+            type: record.type,
+            details: {
+                reason: opts?.reason,
+                public_url: record.publicUrl,
+            },
+        });
+    }
     async exposureGet(params) {
         await this.ensureInitialized();
+        const lookupMap = await this.loadSessionLookupMap();
         const fields = Array.isArray(params.fields) ? this.normalizeRequestedIds(params.fields) : undefined;
         const typedFields = fields;
         const legacySingle = Boolean(params.id) && params.id !== "all" && !params.ids && !params.filter && !params.fields;
@@ -1873,17 +2220,24 @@ export class CfshareManager {
             id: params.id,
             ids: params.ids,
             filter: params.filter,
-        });
+        }, lookupMap);
         if (!selection.selectorUsed) {
             throw new Error("id, ids, or filter is required");
         }
         if (legacySingle) {
             const legacyId = params.id;
-            const session = this.sessions.get(legacyId);
-            if (!session) {
+            const lookup = lookupMap.get(legacyId);
+            if (!lookup) {
                 return { id: legacyId, status: "not_found" };
             }
-            return await this.buildExposureDetail(session, {
+            if (lookup.live) {
+                return await this.buildExposureDetail(lookup.live, {
+                    probe_public: params.opts?.probe_public,
+                    include_manifest: true,
+                    manifest_limit: MAX_RESPONSE_MANIFEST_ITEMS,
+                });
+            }
+            return await this.buildPersistedExposureDetail(lookup.persisted, {
                 probe_public: params.opts?.probe_public,
                 include_manifest: true,
                 manifest_limit: MAX_RESPONSE_MANIFEST_ITEMS,
@@ -1897,16 +2251,22 @@ export class CfshareManager {
         const selectedIdsTruncated = selection.selectedIds.length > responseSelectedIds.length;
         const items = [];
         for (const id of responseSelectedIds) {
-            const session = this.sessions.get(id);
-            if (!session) {
+            const lookup = lookupMap.get(id);
+            if (!lookup) {
                 items.push(this.makeExposureGetNotFound(id, typedFields));
                 continue;
             }
-            const detail = await this.buildExposureDetail(session, {
-                probe_public: params.opts?.probe_public,
-                include_manifest: manifestRequested,
-                manifest_limit: manifestLimit,
-            });
+            const detail = lookup.live
+                ? await this.buildExposureDetail(lookup.live, {
+                    probe_public: params.opts?.probe_public,
+                    include_manifest: manifestRequested,
+                    manifest_limit: manifestLimit,
+                })
+                : await this.buildPersistedExposureDetail(lookup.persisted, {
+                    probe_public: params.opts?.probe_public,
+                    include_manifest: manifestRequested,
+                    manifest_limit: manifestLimit,
+                });
             items.push(this.projectExposureDetail(detail, typedFields));
         }
         for (const missingId of selection.missingIds) {
@@ -1925,6 +2285,7 @@ export class CfshareManager {
     }
     async stopExposure(idOrIds, opts) {
         await this.ensureInitialized();
+        const lookupMap = await this.loadSessionLookupMap();
         const requested = this.normalizeRequestedIds(Array.isArray(idOrIds) ? idOrIds : [idOrIds]);
         if (requested.length === 0) {
             return { stopped: [], failed: [{ id: "unknown", error: "id or ids is required" }], cleaned: [] };
@@ -1933,14 +2294,14 @@ export class CfshareManager {
         const ids = [];
         const failed = [];
         if (includeAll) {
-            ids.push(...Array.from(this.sessions.keys()));
+            ids.push(...Array.from(lookupMap.keys()));
             if (ids.length === 0) {
                 return { stopped: [], failed: [{ id: "all", error: "not_found" }], cleaned: [] };
             }
         }
         else {
             for (const id of requested) {
-                if (this.sessions.has(id)) {
+                if (lookupMap.has(id)) {
                     ids.push(id);
                 }
                 else {
@@ -1955,43 +2316,53 @@ export class CfshareManager {
         const stopped = [];
         const cleaned = [];
         for (const id of stopIds) {
-            const session = this.sessions.get(id);
-            if (!session) {
+            const lookup = lookupMap.get(id);
+            if (!lookup) {
                 failed.push({ id, error: "not_found" });
                 continue;
             }
+            const session = lookup.live;
             try {
-                if (session.timeoutHandle) {
-                    clearTimeout(session.timeoutHandle);
-                    session.timeoutHandle = undefined;
-                }
-                await this.terminateProcess(session.process);
-                if (session.proxyServer?.listening) {
-                    await new Promise((resolve) => session.proxyServer?.close(() => resolve()));
-                }
-                if (session.originServer?.listening) {
-                    await new Promise((resolve) => session.originServer?.close(() => resolve()));
+                if (session) {
+                    if (session.timeoutHandle) {
+                        clearTimeout(session.timeoutHandle);
+                        session.timeoutHandle = undefined;
+                    }
+                    await this.terminateProcess(session.process);
+                    if (session.proxyServer?.listening) {
+                        await new Promise((resolve) => session.proxyServer?.close(() => resolve()));
+                    }
+                    if (session.originServer?.listening) {
+                        await new Promise((resolve) => session.originServer?.close(() => resolve()));
+                    }
+                    if (session.workspaceDir && (await fileExists(session.workspaceDir))) {
+                        await fs.rm(session.workspaceDir, { recursive: true, force: true });
+                        cleaned.push(session.workspaceDir);
+                    }
+                    session.status = opts?.expired ? "expired" : "stopped";
+                    if (opts?.reason) {
+                        session.lastError = opts.reason;
+                        this.appendLog(session, "manager", `stop reason: ${opts.reason}`);
+                    }
+                    stopped.push(id);
+                    await this.writeAudit({
+                        ts: nowIso(),
+                        event: opts?.expired ? "exposure_expired" : "exposure_stopped",
+                        id: session.id,
+                        type: session.type,
+                        details: {
+                            reason: opts?.reason,
+                            public_url: session.publicUrl,
+                        },
+                    });
                 }
-                if (session.workspaceDir && (await fileExists(session.workspaceDir))) {
-                    await fs.rm(session.workspaceDir, { recursive: true, force: true });
-                    cleaned.push(session.workspaceDir);
+                else if (lookup.persisted) {
+                    await this.stopPersistedSession(lookup.persisted, opts, cleaned);
+                    stopped.push(id);
                 }
-                session.status = opts?.expired ? "expired" : "stopped";
-                if (opts?.reason) {
-                    session.lastError = opts.reason;
-                    this.appendLog(session, "manager", `stop reason: ${opts.reason}`);
+                else {
+                    failed.push({ id, error: "not_found" });
                 }
-                stopped.push(id);
-                await this.writeAudit({
-                    ts: nowIso(),
-                    event: opts?.expired ? "exposure_expired" : "exposure_stopped",
-                    id: session.id,
-                    type: session.type,
-                    details: {
-                        reason: opts?.reason,
-                        public_url: session.publicUrl,
-                    },
-                });
             }
             catch (error) {
                 failed.push({ id, error: String(error) });
@@ -2143,9 +2514,11 @@ export class CfshareManager {
     async runGc() {
         const removedWorkspaces = [];
         const killedPids = [];
-        const activeWorkspaces = new Set(Array.from(this.sessions.values())
-            .map((session) => session.workspaceDir)
-            .filter((entry) => Boolean(entry)));
+        const persisted = await this.readPersistedSessions();
+        const activeWorkspaces = new Set([
+            ...Array.from(this.sessions.values()).map((session) => session.workspaceDir),
+            ...Array.from(persisted.values()).map((session) => session.workspaceDir),
+        ].filter((entry) => Boolean(entry)));
         const workspaces = await fs.readdir(this.workspaceRoot, { withFileTypes: true }).catch(() => []);
         for (const entry of workspaces) {
             if (!entry.isDirectory()) {
@@ -2158,26 +2531,22 @@ export class CfshareManager {
             await fs.rm(abs, { recursive: true, force: true });
             removedWorkspaces.push(abs);
         }
-        try {
-            const raw = await fs.readFile(this.sessionsFile, "utf8");
-            const rows = JSON.parse(raw);
-            for (const row of rows ?? []) {
-                if (!row.processPid || this.sessions.has(String(row.id ?? ""))) {
-                    continue;
-                }
+        for (const record of persisted.values()) {
+            if (this.sessions.has(record.id)) {
+                continue;
+            }
+            const pids = Array.from(new Set([record.ownerPid, record.processPid].filter((pid) => Boolean(pid && pid > 0))));
+            for (const pid of pids) {
                 try {
-                    process.kill(row.processPid, 0);
-                    process.kill(row.processPid, "SIGTERM");
-                    killedPids.push(row.processPid);
+                    process.kill(pid, 0);
+                    process.kill(pid, "SIGTERM");
+                    killedPids.push(pid);
                 }
                 catch {
-                    // ignore
+                    // ignore dead pid
                 }
             }
         }
-        catch {
-            // ignore missing snapshot
-        }
         await this.persistSessionsSnapshot();
         await this.writeAudit({
             ts: nowIso(),