aegis-bridge 2.12.0 → 2.12.2

package/dist/events.js

@@ -53,8 +53,43 @@ export class SessionEventBus {
     static BUFFER_SIZE = 50;
     /** Per-session ring buffer for event replay. */
     eventBuffers = new Map();
+    /** Last activity time per session buffer for LRU eviction. */
+    sessionBufferLastTouched = new Map();
     /** Global ring buffer for event replay across all sessions (Issue #301). */
     globalEventBuffer = new CircularBuffer(SessionEventBus.BUFFER_SIZE);
+    maxSessionBuffers;
+    constructor(options = {}) {
+        this.maxSessionBuffers = options.maxSessionBuffers ?? 10_000;
+    }
+    touchSessionBuffer(sessionId) {
+        this.sessionBufferLastTouched.set(sessionId, Date.now());
+    }
+    pruneSessionBufferMap(protectedSessionId) {
+        if (this.eventBuffers.size <= this.maxSessionBuffers)
+            return;
+        let oldestSessionId;
+        let oldestTouched = Infinity;
+        for (const [sessionId, touchedAt] of this.sessionBufferLastTouched) {
+            if (sessionId === protectedSessionId)
+                continue;
+            if (!this.eventBuffers.has(sessionId)) {
+                this.sessionBufferLastTouched.delete(sessionId);
+                continue;
+            }
+            const emitter = this.emitters.get(sessionId);
+            if (emitter && emitter.listenerCount('event') > 0) {
+                continue;
+            }
+            if (touchedAt < oldestTouched) {
+                oldestTouched = touchedAt;
+                oldestSessionId = sessionId;
+            }
+        }
+        if (oldestSessionId !== undefined) {
+            this.eventBuffers.delete(oldestSessionId);
+            this.sessionBufferLastTouched.delete(oldestSessionId);
+        }
+    }
     /** Get or create the emitter for a session. */
     getEmitter(sessionId) {
         let emitter = this.emitters.get(sessionId);
@@ -95,6 +130,8 @@ export class SessionEventBus {
             this.eventBuffers.set(sessionId, buffer);
         }
         buffer.push({ id: event.id, event });
+        this.touchSessionBuffer(sessionId);
+        this.pruneSessionBufferMap(sessionId);
         const emitter = this.emitters.get(sessionId);
         if (emitter) {
             const imm = setImmediate(() => {
@@ -120,6 +157,7 @@ export class SessionEventBus {
         const buffer = this.eventBuffers.get(sessionId);
         if (!buffer)
             return [];
+        this.touchSessionBuffer(sessionId);
         return buffer.toArray().filter(e => e.id > lastEventId).map(e => e.event);
     }
     /**
@@ -140,6 +178,7 @@ export class SessionEventBus {
                 newest_id: null,
             };
         }
+        this.touchSessionBuffer(sessionId);
         const entries = buffer.toArray();
         const clampedLimit = Math.min(SessionEventBus.BUFFER_SIZE, Math.max(1, limit));
         const upperExclusive = beforeId !== undefined
@@ -227,6 +266,7 @@ export class SessionEventBus {
                 this.emitters.delete(sessionId);
             }
             this.eventBuffers.delete(sessionId);
+            this.sessionBufferLastTouched.delete(sessionId);
         }, 1000);
         this.pendingTimeouts.add(timeout);
     }
@@ -317,6 +357,7 @@ export class SessionEventBus {
             this.pendingTimeouts.delete(timeout);
         }
         this.eventBuffers.delete(sessionId);
+        this.sessionBufferLastTouched.delete(sessionId);
         const emitter = this.emitters.get(sessionId);
         if (emitter) {
             emitter.removeAllListeners();
@@ -340,6 +381,7 @@ export class SessionEventBus {
         }
         this.emitters.clear();
         this.eventBuffers.clear();
+        this.sessionBufferLastTouched.clear();
         this.globalEventBuffer.clear();
         this.globalEmitter?.removeAllListeners();
         this.globalEmitter = null;

package/dist/hook-settings.d.ts

@@ -23,7 +23,7 @@
  *   - WorktreeCreate, WorktreeRemove (worktree management)
  *   - Elicitation, ElicitationResult (MCP-specific)
  */
-declare const HTTP_HOOK_EVENTS: readonly ["Stop", "StopFailure", "PreToolUse", "PostToolUse", "PostToolUseFailure", "PermissionRequest", "TaskCompleted", "SessionStart", "SessionEnd", "UserPromptSubmit", "SubagentStart", "SubagentStop", "PreCompact", "PostCompact", "FileChanged", "CwdChanged", "Notification", "TeammateIdle", "WorktreeCreate", "WorktreeCreateFailed", "WorktreeRemove", "WorktreeRemoveFailed", "Elicitation", "ElicitationResult"];
+declare const HTTP_HOOK_EVENTS: readonly ["Stop", "StopFailure", "PreToolUse", "PostToolUse", "PostToolUseFailure", "PermissionRequest", "TaskCompleted", "SessionStart", "SessionEnd", "UserPromptSubmit", "SubagentStart", "SubagentStop", "PreCompact", "PostCompact", "FileChanged", "CwdChanged", "Notification", "TeammateIdle", "WorktreeCreate", "WorktreeRemove", "Elicitation", "ElicitationResult"];
 export { HTTP_HOOK_EVENTS };
 export type HttpHookEvent = typeof HTTP_HOOK_EVENTS[number];
 /** Shape of a single HTTP hook entry in CC settings.json. */

package/dist/hook-settings.js

@@ -15,10 +15,10 @@
  */
 import { readFile, writeFile, unlink, mkdir, rmdir } from 'node:fs/promises';
 import { existsSync } from 'node:fs';
-import { join, resolve, normalize } from 'node:path';
+import { join, resolve } from 'node:path';
 import { tmpdir } from 'node:os';
 import { randomBytes } from 'node:crypto';
-import { ccSettingsSchema } from './validation.js';
+import { ccSettingsSchema, containsTraversalSegment } from './validation.js';
 function isRecord(value) {
     return typeof value === 'object' && value !== null && !Array.isArray(value);
 }
@@ -53,15 +53,9 @@ function normalizeHookBaseUrl(baseUrl) {
  * @returns Sanitized absolute path, or undefined if validation fails.
  */
 function validateWorkDirPath(workDir) {
-    const normalized = normalize(workDir);
-    // Reject paths with traversal segments
-    if (normalized.includes('..'))
+    if (containsTraversalSegment(workDir))
         return undefined;
-    // Resolve to absolute and verify it doesn't escape upward
-    const resolved = resolve(normalized);
-    if (resolved.includes('..'))
-        return undefined;
-    return resolved;
+    return resolve(workDir);
 }
 /** CC hook events that support `type: "http"`.
  *
@@ -98,11 +92,9 @@ const HTTP_HOOK_EVENTS = [
     // Notifications
     'Notification',
     'TeammateIdle',
-    // Worktree management
+    // Worktree management (only Create/Remove — *Failed variants don't exist in CC, see #1002)
     'WorktreeCreate',
-    'WorktreeCreateFailed',
     'WorktreeRemove',
-    'WorktreeRemoveFailed',
     // Elicitation
     'Elicitation',
     'ElicitationResult',

package/dist/hooks.js

@@ -44,9 +44,7 @@ const KNOWN_HOOK_EVENTS = new Set([
     'PostCompact',
     'UserPromptSubmit',
     'WorktreeCreate',
-    'WorktreeCreateFailed',
     'WorktreeRemove',
-    'WorktreeRemoveFailed',
     'Elicitation',
     'ElicitationResult',
     'FileChanged',
@@ -74,9 +72,7 @@ function hookToUIState(eventName) {
         case 'Elicitation':
         case 'ElicitationResult':
         case 'WorktreeCreate':
-        case 'WorktreeCreateFailed':
-        case 'WorktreeRemove':
-        case 'WorktreeRemoveFailed': return 'working';
+        case 'WorktreeRemove': return 'working';
         case 'PreCompact': return 'compacting';
         case 'PermissionRequest': return 'permission_prompt';
         case 'TeammateIdle': return 'idle';
@@ -151,8 +147,7 @@ export function registerHookRoutes(app, deps) {
             });
         }
         // Issue #89 L26: WorktreeCreate/Remove hooks — informational tracking only
-        if (eventName === 'WorktreeCreate' || eventName === 'WorktreeCreateFailed' ||
-            eventName === 'WorktreeRemove' || eventName === 'WorktreeRemoveFailed') {
+        if (eventName === 'WorktreeCreate' || eventName === 'WorktreeRemove') {
             console.log(`Hooks: ${eventName} for session ${sessionId}`);
         }
         // Informational events — log and forward to SSE (already forwarded below via emitHook)
@@ -228,15 +223,9 @@ export function registerHookRoutes(app, deps) {
                 case 'WorktreeCreate':
                     deps.eventBus.emitStatus(sessionId, 'working', `Worktree created: ${hookBody.worktree_path || 'unknown'} (hook: WorktreeCreate)`);
                     break;
-                case 'WorktreeCreateFailed':
-                    deps.eventBus.emitStatus(sessionId, 'working', `Worktree creation failed: ${hookBody.error || 'unknown'} (hook: WorktreeCreateFailed)`);
-                    break;
                 case 'WorktreeRemove':
                     deps.eventBus.emitStatus(sessionId, 'idle', `Worktree removed: ${hookBody.worktree_path || 'unknown'} (hook: WorktreeRemove)`);
                     break;
-                case 'WorktreeRemoveFailed':
-                    deps.eventBus.emitStatus(sessionId, 'working', `Worktree removal failed: ${hookBody.error || 'unknown'} (hook: WorktreeRemoveFailed)`);
-                    break;
                 case 'PermissionRequest':
                     deps.eventBus.emitApproval(sessionId, hookBody.permission_prompt || 'Permission requested (hook)');
                     break;

package/dist/metrics.d.ts

@@ -4,6 +4,7 @@
  * Issue #40: Global and per-session metrics for monitoring.
  * Counters are in-memory, persisted to disk on shutdown, loaded on startup.
  */
+import type { GlobalMetrics as GlobalMetricsResponse } from './api-contracts.js';
 export interface GlobalMetrics {
     sessionsCreated: number;
     sessionsCompleted: number;
@@ -100,7 +101,7 @@ export declare class MetricsCollector {
     clearSessionLatency(sessionId: string): void;
     /** #357: Clean up all per-session data (call on session destroy). */
     cleanupSession(sessionId: string): void;
-    getGlobalMetrics(activeSessionCount: number): Record<string, unknown>;
+    getGlobalMetrics(activeSessionCount: number): GlobalMetricsResponse;
     getSessionMetrics(sessionId: string): SessionMetrics | null;
     getTotalSessionsCreated(): number;
 }

package/dist/monitor.js

@@ -155,6 +155,13 @@ export class SessionMonitor {
     }
     async poll() {
         const now = Date.now();
+        // Issue #397: Run tmux health checks before dead-session reaping.
+        // This prevents false "status.dead" events when tmux is temporarily
+        // unreachable and windows still exist once the server recovers.
+        if (now - this.lastTmuxHealthCheck >= SessionMonitor.TMUX_HEALTH_CHECK_INTERVAL_MS) {
+            this.lastTmuxHealthCheck = now;
+            await this.checkTmuxHealth();
+        }
         for (const session of this.sessions.listSessions()) {
             try {
                 // Issue #84: Start watching when jsonlPath is discovered
@@ -178,11 +185,6 @@ export class SessionMonitor {
             this.lastDeadCheck = now;
             await this.checkDeadSessions();
         }
-        // Issue #397: Tmux server health check (every 10s)
-        if (now - this.lastTmuxHealthCheck >= SessionMonitor.TMUX_HEALTH_CHECK_INTERVAL_MS) {
-            this.lastTmuxHealthCheck = now;
-            await this.checkTmuxHealth();
-        }
     }
     /** Smart stall detection: multiple stall types with graduated thresholds.
      *
@@ -614,6 +616,10 @@ export class SessionMonitor {
     }
     /** Check for dead tmux windows and notify via channels. */
     async checkDeadSessions() {
+        // Issue #397: While tmux server is down, defer dead-session cleanup.
+        // tmux commands can fail transiently and make healthy sessions look dead.
+        if (this.tmuxWasDown)
+            return;
         const sessions = this.sessions.listSessions();
         for (const session of sessions) {
             if (this.deadNotified.has(session.id))
@@ -643,13 +649,34 @@ export class SessionMonitor {
     async checkTmuxHealth() {
         if (!this.tmux)
             return;
-        const { healthy } = await this.tmux.isServerHealthy();
+        let healthy = true;
+        let error = null;
+        try {
+            ({ healthy, error } = await this.tmux.isServerHealthy());
+        }
+        catch (e) {
+            healthy = false;
+            error = e instanceof Error ? e.message : String(e);
+        }
         if (!healthy) {
+            // Only treat known server/socket failures as "tmux down".
+            // Other tmux errors can be transient command failures.
+            const serverDown = this.tmux.isTmuxServerError(new Error(error ?? 'tmux unavailable'));
+            if (!serverDown) {
+                logger.warn({
+                    component: 'monitor',
+                    operation: 'tmux_health_check',
+                    errorCode: 'TMUX_HEALTH_CHECK_ERROR',
+                    attributes: { error: error ?? 'unknown tmux health error' },
+                });
+                return;
+            }
             if (!this.tmuxWasDown) {
                 logger.warn({
                     component: 'monitor',
                     operation: 'tmux_health_check',
                     errorCode: 'TMUX_UNREACHABLE',
+                    attributes: { error: error ?? 'tmux server unavailable' },
                 });
                 this.tmuxWasDown = true;
             }

package/dist/server.js

@@ -179,6 +179,7 @@ function checkIpRateLimit(ip, isMaster) {
 const authFailLimits = new Map();
 const AUTH_FAIL_WINDOW_MS = 60_000;
 const AUTH_FAIL_MAX = 5;
+const MAX_AUTH_FAIL_IP_ENTRIES = 10_000;
 function checkAuthFailRateLimit(ip) {
     const now = Date.now();
     const cutoff = now - AUTH_FAIL_WINDOW_MS;
@@ -187,6 +188,19 @@ function checkAuthFailRateLimit(ip) {
     bucket.timestamps = bucket.timestamps.filter(t => t >= cutoff);
     bucket.timestamps.push(now);
     authFailLimits.set(ip, bucket);
+    if (authFailLimits.size > MAX_AUTH_FAIL_IP_ENTRIES) {
+        let oldestIp = '';
+        let oldestTime = Infinity;
+        for (const [trackedIp, trackedBucket] of authFailLimits) {
+            const lastTs = trackedBucket.timestamps[trackedBucket.timestamps.length - 1];
+            if (lastTs !== undefined && lastTs < oldestTime) {
+                oldestTime = lastTs;
+                oldestIp = trackedIp;
+            }
+        }
+        if (oldestIp)
+            authFailLimits.delete(oldestIp);
+    }
     return bucket.timestamps.length > AUTH_FAIL_MAX;
 }
 function recordAuthFailure(ip) {
@@ -771,9 +785,13 @@ async function spawnChildHandler(req, reply) {
         return reply.status(404).send({ error: 'Parent session not found' });
     const { name, prompt, workDir, permissionMode } = req.body ?? {};
     const childName = name ?? `${parent.windowName ?? 'session'}-child`;
-    const childWorkDir = workDir ?? parent.workDir;
+    const requestedWorkDir = workDir ?? parent.workDir;
+    const safeChildWorkDir = await validateWorkDirWithConfig(requestedWorkDir);
+    if (typeof safeChildWorkDir === 'object') {
+        return reply.status(400).send({ error: `Invalid workDir: ${safeChildWorkDir.error}`, code: safeChildWorkDir.code });
+    }
     const childPermMode = permissionMode ?? parent.permissionMode ?? 'bypassPermissions';
-    const childSession = await sessions.createSession({ workDir: childWorkDir, name: childName, parentId, permissionMode: childPermMode });
+    const childSession = await sessions.createSession({ workDir: safeChildWorkDir, name: childName, parentId, permissionMode: childPermMode });
     let promptDelivery;
     if (prompt) {
         promptDelivery = await sessions.sendInitialPrompt(childSession.id, prompt);
@@ -1504,6 +1522,7 @@ function registerChannels(cfg) {
             botToken: cfg.tgBotToken,
             groupChatId: cfg.tgGroupId,
             allowedUserIds: cfg.tgAllowedUsers,
+            topicTtlMs: cfg.tgTopicTtlMs,
         }));
     }
     // Webhooks (optional)

package/dist/session.d.ts

@@ -62,6 +62,8 @@ export declare class SessionManager {
     private stateFile;
     private sessionMapFile;
     private pollTimers;
+    /** Next filesystem-scan time (ms epoch) for each discovery poller. */
+    private discoveryNextFilesystemScanAt;
     /** #835: Discovery timeout timers — cleared in cleanupSession to prevent orphan callbacks. */
     private discoveryTimeouts;
     private saveQueue;
@@ -346,12 +348,17 @@ export declare class SessionManager {
      *  and cause new sessions to inherit context from old sessions.
      */
     private purgeStaleSessionMapEntries;
-    /** Try to discover the CC session ID and JSONL path. */
-    private startSessionIdDiscovery;
-    /** Issue #16: Filesystem-based discovery for --bare mode (no hooks).
-     *  Scans the Claude projects directory for new .jsonl files created after the session.
+    /** Stop and remove the coordinated discovery poller/timer for a session. */
+    private stopDiscoveryPolling;
+    /** Attempt filesystem-based discovery for a single session poll tick. */
+    private maybeDiscoverFromFilesystem;
+    /**
+     * Coordinated discovery poller for a session.
+     *
+     * Consolidates hook/session_map sync and filesystem fallback into a single
+     * interval loop per session, reducing duplicate independent pollers.
      */
-    private startFilesystemDiscovery;
+    private startDiscoveryPolling;
     /** Sync CC session IDs from the hook-written session_map.json. */
     private syncSessionMap;
 }