aegis-bridge 2.12.0 → 2.12.2

package/dist/session.js

@@ -5,7 +5,7 @@
  * Tracks: session ID, window ID, byte offset for JSONL reading, status.
  */
 import { randomBytes } from 'node:crypto';
-import { readFile, writeFile, rename, mkdir, stat } from 'node:fs/promises';
+import { readFile, writeFile, rename, mkdir, stat, readdir } from 'node:fs/promises';
 import { existsSync, unlinkSync, readdirSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { homedir } from 'node:os';
@@ -58,6 +58,8 @@ export class SessionManager {
     stateFile;
     sessionMapFile;
     pollTimers = new Map();
+    /** Next filesystem-scan time (ms epoch) for each discovery poller. */
+    discoveryNextFilesystemScanAt = new Map();
     /** #835: Discovery timeout timers — cleared in cleanupSession to prevent orphan callbacks. */
     discoveryTimeouts = new Map();
     saveQueue = Promise.resolve(); // #218: serialize concurrent saves
@@ -208,7 +210,7 @@ export class SessionManager {
                 console.log(`Reconcile: session ${session.windowName} re-attached: ${oldWindowId} → ${win.windowId}`);
                 // Restart discovery if needed
                 if (!session.claudeSessionId || !session.jsonlPath) {
-                    this.startSessionIdDiscovery(id);
+                    this.startDiscoveryPolling(id, session.workDir);
                 }
                 changed = true;
             }
@@ -216,7 +218,7 @@ export class SessionManager {
                 // Session is alive — restart discovery if needed
                 if (!session.claudeSessionId || !session.jsonlPath) {
                     console.log(`Reconcile: session ${session.windowName} — restarting JSONL discovery`);
-                    this.startSessionIdDiscovery(id);
+                    this.startDiscoveryPolling(id, session.workDir);
                 }
                 else {
                     console.log(`Reconcile: session ${session.windowName} — alive, JSONL ready`);
@@ -254,8 +256,7 @@ export class SessionManager {
             this.state.sessions[id] = session;
             this.invalidateSessionsListCache();
             console.log(`Reconcile: adopted orphaned window ${win.windowName} (${win.windowId}) as ${id.slice(0, 8)}`);
-            this.startSessionIdDiscovery(id);
-            this.startFilesystemDiscovery(id, session.workDir);
+            this.startDiscoveryPolling(id, session.workDir);
             changed = true;
         }
         if (changed) {
@@ -292,8 +293,7 @@ export class SessionManager {
                 console.log(`Reconcile (crash): session ${session.windowName} re-attached: ${oldWindowId} → ${win.windowId}`);
                 // Restart discovery in case the session state is stale
                 if (!session.claudeSessionId || !session.jsonlPath) {
-                    this.startSessionIdDiscovery(id);
-                    this.startFilesystemDiscovery(id, session.workDir);
+                    this.startDiscoveryPolling(id, session.workDir);
                 }
                 recovered++;
                 changed = true;
@@ -585,22 +585,16 @@ export class SessionManager {
                 void this.save().catch(e => console.error(`Session: failed to save PID for ${id}:`, e));
             }
         }).catch(e => console.error(`Session: failed to list pane PID for ${id}:`, e));
-        // Start BOTH discovery methods in parallel:
-        // 1. Hook-based: fast, relies on SessionStart hook writing session_map.json
-        // 2. Filesystem-based: slower, scans for new .jsonl files — works when hooks fail
-        // Issue #16: --bare flag skips hooks entirely
+        // Start coordinated discovery polling:
+        // - Hook/session_map sync: fast path
+        // - Filesystem scan fallback: works when hooks fail or are skipped (Issue #16)
         // Field bug (Zeus 2026-03-22): hooks may not fire even without --bare
-        //
-        // If we already have the claudeSessionId (from --session-id), filesystem discovery
-        // will just find the JSONL path. Hook discovery may still run but won't override.
-        this.startFilesystemDiscovery(id, opts.workDir);
+        this.startDiscoveryPolling(id, opts.workDir);
         // P0 fix: Clean stale entries from session_map.json for BOTH window name AND id.
         // After archiving old .jsonl files, stale session_map entries would point
         // to moved files, causing discovery to pick up ghost session IDs.
         // Also cleans stale windowId entries that could collide after restart.
         await this.cleanSessionMapForWindow(finalName, windowId);
-        // Start watching for the CC session ID via hook
-        this.startSessionIdDiscovery(id);
         return session;
     }
     /** Get a session by ID. */
@@ -762,7 +756,13 @@ export class SessionManager {
             // Issue #390: Fast crash detection via stored CC PID
             if (session.ccPid && !this.tmux.isPidAlive(session.ccPid))
                 return false;
-            if (!(await this.tmux.windowExists(session.windowId)))
+            const windowHealth = await this.tmux.getWindowHealth(session.windowId);
+            if (!windowHealth.windowExists)
+                return false;
+            // Pane exit is a crash signal ONLY if the session was actively working (not idle).
+            // Normal CC exit after prompt → session goes idle first, paneDead is expected.
+            // CC crash mid-processing → session still working, paneDead means crash.
+            if (windowHealth.paneDead && session.status !== 'idle')
                 return false;
             // Verify the process inside the pane is still alive
             const panePid = await this.tmux.listPanePid(session.windowId);
@@ -831,16 +831,22 @@ export class SessionManager {
         let status = 'unknown';
         // Issue #69: Also check if the pane PID is alive (zombie window detection)
         let processAlive = true;
+        const paneExited = !!windowHealth.paneDead;
         if (windowHealth.windowExists) {
-            try {
-                const panePid = await this.tmux.listPanePid(session.windowId);
-                if (panePid !== null) {
-                    processAlive = this.tmux.isPidAlive(panePid);
-                }
-            }
-            catch { /* cannot list pane PID — assume dead */
+            if (paneExited) {
                 processAlive = false;
             }
+            else {
+                try {
+                    const panePid = await this.tmux.listPanePid(session.windowId);
+                    if (panePid !== null) {
+                        processAlive = this.tmux.isPidAlive(panePid);
+                    }
+                }
+                catch { /* cannot list pane PID — assume dead */
+                    processAlive = false;
+                }
+            }
         }
         if (windowHealth.windowExists && processAlive) {
             try {
@@ -864,6 +870,9 @@ export class SessionManager {
         if (!windowHealth.windowExists) {
             details = 'Tmux window does not exist — session is dead';
         }
+        else if (paneExited) {
+            details = 'Tmux pane has exited — session is dead';
+        }
         else if (!processAlive) {
             details = 'Tmux window exists but pane process is dead — session is dead (zombie window)';
         }
@@ -1276,22 +1285,7 @@ export class SessionManager {
     }
     /** #405: Clean up all tracking maps for a session to prevent memory leaks. */
     cleanupSession(id) {
-        // Clear polling timers (both regular and filesystem discovery variants)
-        for (const key of [id, `fs-${id}`]) {
-            const timer = this.pollTimers.get(key);
-            if (timer) {
-                clearInterval(timer);
-                this.pollTimers.delete(key);
-            }
-        }
-        // #835: Clear discovery timeout timers to prevent orphan callbacks
-        for (const key of [id, `fs-${id}`]) {
-            const timeout = this.discoveryTimeouts.get(key);
-            if (timeout) {
-                clearTimeout(timeout);
-                this.discoveryTimeouts.delete(key);
-            }
-        }
+        this.stopDiscoveryPolling(id);
         this.cleanupPendingPermission(id);
         this.cleanupPendingQuestion(id);
         this.parsedEntriesCache.delete(id);
@@ -1389,24 +1383,70 @@ export class SessionManager {
         }
         catch { /* ignore parse/write errors */ }
     }
-    /** Try to discover the CC session ID and JSONL path. */
-    startSessionIdDiscovery(id) {
+    /** Stop and remove the coordinated discovery poller/timer for a session. */
+    stopDiscoveryPolling(id) {
+        const timer = this.pollTimers.get(id);
+        if (timer) {
+            clearInterval(timer);
+            this.pollTimers.delete(id);
+        }
+        const timeout = this.discoveryTimeouts.get(id);
+        if (timeout) {
+            clearTimeout(timeout);
+            this.discoveryTimeouts.delete(id);
+        }
+        this.discoveryNextFilesystemScanAt.delete(id);
+    }
+    /** Attempt filesystem-based discovery for a single session poll tick. */
+    async maybeDiscoverFromFilesystem(session, workDir) {
+        const projectHash = '-' + workDir.replace(/^\//, '').replace(/\//g, '-');
+        const projectDir = join(this.config.claudeProjectsDir, projectHash);
+        if (!existsSync(projectDir))
+            return false;
+        const files = await readdir(projectDir);
+        const jsonlFiles = files.filter(f => f.endsWith('.jsonl') && !f.startsWith('.'));
+        for (const file of jsonlFiles) {
+            const filePath = join(projectDir, file);
+            const fileStat = await stat(filePath);
+            // Only consider files created after the session.
+            if (fileStat.mtimeMs < session.createdAt)
+                continue;
+            // Extract session ID from filename (filename = sessionId.jsonl).
+            const sessionId = file.replace('.jsonl', '');
+            if (!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(sessionId))
+                continue;
+            session.claudeSessionId = sessionId;
+            session.jsonlPath = filePath;
+            session.byteOffset = 0;
+            console.log(`Discovery (filesystem): session ${session.windowName} mapped to ${sessionId.slice(0, 8)}...`);
+            await this.save();
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Coordinated discovery poller for a session.
+     *
+     * Consolidates hook/session_map sync and filesystem fallback into a single
+     * interval loop per session, reducing duplicate independent pollers.
+     */
+    startDiscoveryPolling(id, workDir) {
+        // If a poller already exists, replace it to ensure only one active poller/session.
+        this.stopDiscoveryPolling(id);
         const interval = setInterval(async () => {
             const session = this.state.sessions[id];
             if (!session) {
-                clearInterval(interval);
-                this.pollTimers.delete(id);
+                this.stopDiscoveryPolling(id);
                 return;
             }
-            // Stop when we have both session ID and JSONL path
+            // Stop when we have both session ID and JSONL path.
             if (session.claudeSessionId && session.jsonlPath) {
-                clearInterval(interval);
-                this.pollTimers.delete(id);
+                this.stopDiscoveryPolling(id);
                 return;
             }
             try {
                 await this.syncSessionMap();
-                // If we have claudeSessionId but no jsonlPath, try finding it (Issue #884: worktree-aware)
+                // If we have claudeSessionId but no jsonlPath, try finding it (Issue #884: worktree-aware).
                 if (session.claudeSessionId && !session.jsonlPath) {
                     const jsonlPath = await this.findSessionFileMaybeWorktree(session.claudeSessionId);
                     if (jsonlPath) {
@@ -1415,84 +1455,34 @@ export class SessionManager {
                         await this.save();
                     }
                 }
+                // Filesystem fallback scan cadence (originally every 3s).
+                const now = Date.now();
+                const nextFsScanAt = this.discoveryNextFilesystemScanAt.get(id) ?? 0;
+                if (now >= nextFsScanAt && (!session.claudeSessionId || !session.jsonlPath)) {
+                    this.discoveryNextFilesystemScanAt.set(id, now + 3_000);
+                    await this.maybeDiscoverFromFilesystem(session, workDir);
+                }
+                if (session.claudeSessionId && session.jsonlPath) {
+                    this.stopDiscoveryPolling(id);
+                }
+            }
+            catch {
+                // best-effort polling; ignore transient errors
             }
-            catch { /* ignore */ }
-        }, 2000);
+        }, 2_000);
         this.pollTimers.set(id, interval);
-        // P3 fix: Stop after 5 minutes if not found, log timeout
-        // #835: Track the timeout so cleanupSession can cancel it
+        this.discoveryNextFilesystemScanAt.set(id, Date.now());
+        // P3 fix: Stop after 5 minutes if not found, log timeout.
+        // #835: Track the timeout so cleanupSession can cancel it.
         const discoveryTimeout = setTimeout(() => {
-            this.discoveryTimeouts.delete(id);
-            const timer = this.pollTimers.get(id);
             const session = this.state.sessions[id];
-            if (timer) {
-                clearInterval(timer);
-                this.pollTimers.delete(id);
-                // P3 fix: Log when discovery times out
-                if (session && !session.claudeSessionId) {
-                    console.log(`Discovery: session ${session.windowName} — timed out after 5min, no session_id found`);
-                }
+            this.stopDiscoveryPolling(id);
+            if (session && !session.claudeSessionId) {
+                console.log(`Discovery: session ${session.windowName} — timed out after 5min, no session_id found`);
             }
         }, 5 * 60 * 1000);
         this.discoveryTimeouts.set(id, discoveryTimeout);
     }
-    /** Issue #16: Filesystem-based discovery for --bare mode (no hooks).
-     *  Scans the Claude projects directory for new .jsonl files created after the session.
-     */
-    startFilesystemDiscovery(id, workDir) {
-        const projectHash = '-' + workDir.replace(/^\//, '').replace(/\//g, '-');
-        const projectDir = join(this.config.claudeProjectsDir, projectHash);
-        const interval = setInterval(async () => {
-            const session = this.state.sessions[id];
-            if (!session) {
-                clearInterval(interval);
-                this.pollTimers.delete(`fs-${id}`);
-                return;
-            }
-            if (session.claudeSessionId && session.jsonlPath) {
-                clearInterval(interval);
-                this.pollTimers.delete(`fs-${id}`);
-                return;
-            }
-            try {
-                if (!existsSync(projectDir))
-                    return;
-                const { readdir } = await import('node:fs/promises');
-                const files = await readdir(projectDir);
-                const jsonlFiles = files.filter(f => f.endsWith('.jsonl') && !f.startsWith('.'));
-                for (const file of jsonlFiles) {
-                    const filePath = join(projectDir, file);
-                    const fileStat = await stat(filePath);
-                    // Only consider files created after the session
-                    if (fileStat.mtimeMs < session.createdAt)
-                        continue;
-                    // Extract session ID from filename (filename = sessionId.jsonl)
-                    const sessionId = file.replace('.jsonl', '');
-                    if (!/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(sessionId))
-                        continue;
-                    session.claudeSessionId = sessionId;
-                    session.jsonlPath = filePath;
-                    session.byteOffset = 0;
-                    console.log(`Discovery (filesystem): session ${session.windowName} mapped to ${sessionId.slice(0, 8)}...`);
-                    await this.save();
-                    break;
-                }
-            }
-            catch { /* ignore */ }
-        }, 3000);
-        this.pollTimers.set(`fs-${id}`, interval);
-        // Timeout after 5 minutes
-        // #835: Track the timeout so cleanupSession can cancel it
-        const fsDiscoveryTimeout = setTimeout(() => {
-            this.discoveryTimeouts.delete(`fs-${id}`);
-            const timer = this.pollTimers.get(`fs-${id}`);
-            if (timer) {
-                clearInterval(timer);
-                this.pollTimers.delete(`fs-${id}`);
-            }
-        }, 5 * 60 * 1000);
-        this.discoveryTimeouts.set(`fs-${id}`, fsDiscoveryTimeout);
-    }
     /** Sync CC session IDs from the hook-written session_map.json. */
     async syncSessionMap() {
         if (!existsSync(this.sessionMapFile))

package/dist/tmux.d.ts

@@ -13,6 +13,7 @@ export interface TmuxWindow {
     windowName: string;
     cwd: string;
     paneCommand: string;
+    paneDead?: boolean;
 }
 export declare class TmuxManager {
     private sessionName;
@@ -106,6 +107,7 @@ export declare class TmuxManager {
         windowExists: boolean;
         paneCommand: string | null;
         claudeRunning: boolean;
+        paneDead: boolean;
     }>;
     /** Send text to a window's active pane. */
     sendKeys(windowId: string, text: string, enter?: boolean): Promise<void>;

package/dist/tmux.js

@@ -27,6 +27,17 @@ export class TmuxTimeoutError extends Error {
         this.name = 'TmuxTimeoutError';
     }
 }
+const WINDOW_LIST_FORMAT = '#{window_id}\t#{window_name}\t#{pane_current_path}\t#{pane_current_command}\t#{pane_dead}';
+function parseWindowListLine(line) {
+    const [windowId, windowName, cwd, paneCommand, paneDeadRaw] = line.split('\t');
+    return {
+        windowId,
+        windowName,
+        cwd,
+        paneCommand,
+        paneDead: paneDeadRaw === '1',
+    };
+}
 export class TmuxManager {
     sessionName;
     /** tmux socket name (-L flag). Isolates sessions from other tmux instances. */
@@ -92,11 +103,9 @@ export class TmuxManager {
     }
     /** Compute an available window name by suffixing -2, -3, ... when needed. */
     async resolveAvailableWindowName(baseName) {
-        const rawWindows = await this.tmuxInternal('list-windows', '-t', this.sessionName, '-F', '#{window_id}\t#{window_name}\t#{pane_current_path}\t#{pane_current_command}');
-        const existing = (rawWindows ?? '').split('\n').filter(Boolean).map(line => {
-            const [windowId, windowName, cwd, paneCommand] = line.split('\t');
-            return { windowId, windowName, cwd, paneCommand };
-        }).filter((w) => w.windowName !== '_bridge_main');
+        const rawWindows = await this.tmuxInternal('list-windows', '-t', this.sessionName, '-F', WINDOW_LIST_FORMAT);
+        const existing = (rawWindows ?? '').split('\n').filter(Boolean).map(parseWindowListLine)
+            .filter((w) => w.windowName !== '_bridge_main');
         const existingNames = new Set(existing.map(w => w.windowName));
         let name = baseName;
         let counter = 2;
@@ -136,13 +145,11 @@ export class TmuxManager {
     async listWindows() {
         await this.ensureSession();
         try {
-            const raw = await this.tmux('list-windows', '-t', this.sessionName, '-F', '#{window_id}\t#{window_name}\t#{pane_current_path}\t#{pane_current_command}');
+            const raw = await this.tmux('list-windows', '-t', this.sessionName, '-F', WINDOW_LIST_FORMAT);
             if (!raw)
                 return [];
-            return raw.split('\n').filter(Boolean).map(line => {
-                const [windowId, windowName, cwd, paneCommand] = line.split('\t');
-                return { windowId, windowName, cwd, paneCommand };
-            }).filter(w => w.windowName !== '_bridge_main');
+            return raw.split('\n').filter(Boolean).map(parseWindowListLine)
+                .filter(w => w.windowName !== '_bridge_main');
         }
         catch (e) {
             console.warn(`Tmux: listWindows failed: ${e.message}`);
@@ -184,13 +191,15 @@ export class TmuxManager {
                         await this.tmuxInternal('new-window', '-t', this.sessionName, '-n', name, '-c', opts.workDir, '-d');
                         // Prevent CC from renaming the window
                         await this.tmuxInternal('set-window-option', '-t', `${this.sessionName}:${name}`, 'allow-rename', 'off');
+                        // Keep exited panes visible so pane_dead can signal Claude crashes quickly.
+                        await this.tmuxInternal('set-window-option', '-t', `${this.sessionName}:${name}`, 'remain-on-exit', 'on');
                         // Issue #82: Set pane title to session name
                         await this.tmuxInternal('select-pane', '-t', `${this.sessionName}:${name}`, '-T', `aegis:${name}`);
                         // Get the window ID
                         const idRaw = await this.tmuxInternal('display-message', '-t', `${this.sessionName}:${name}`, '-p', '#{window_id}');
                         id = idRaw.trim();
                         // Verify the window actually exists after creation
-                        const verifyRaw = await this.tmuxInternal('list-windows', '-t', this.sessionName, '-F', '#{window_id}\t#{window_name}\t#{pane_current_path}\t#{pane_current_command}');
+                        const verifyRaw = await this.tmuxInternal('list-windows', '-t', this.sessionName, '-F', WINDOW_LIST_FORMAT);
                         const verified = verifyRaw.split('\n').filter(Boolean).some(line => {
                             const [wid] = line.split('\t');
                             return wid === id;
@@ -305,7 +314,7 @@ export class TmuxManager {
         //   - Color capabilities reduced to 256
         //   - Clipboard passthrough via tmux load-buffer instead of OSC 52
         // Prefixing with 'unset' ensures CC gets a clean environment.
-        cmd = `unset TMUX TMUX_PANE && ${cmd}`;
+        cmd = `unset TMUX TMUX_PANE && exec ${cmd}`;
         // Send the command to start Claude
         await this.sendKeys(windowId, cmd, true);
         // Issue #7: Verify Claude process started by checking pane command.
@@ -502,16 +511,16 @@ export class TmuxManager {
             const windows = await this.listWindows();
             const win = windows.find(w => w.windowId === windowId);
             if (!win) {
-                return { windowExists: false, paneCommand: null, claudeRunning: false };
+                return { windowExists: false, paneCommand: null, claudeRunning: false, paneDead: false };
             }
             const paneCmd = win.paneCommand.toLowerCase();
             // Claude runs as 'claude' or 'node' process
             const claudeRunning = paneCmd === 'claude' || paneCmd === 'node';
-            return { windowExists: true, paneCommand: win.paneCommand, claudeRunning };
+            return { windowExists: true, paneCommand: win.paneCommand, claudeRunning, paneDead: win.paneDead ?? false };
         }
         catch (e) {
             console.warn(`Tmux: getWindowHealth failed for ${windowId}: ${e.message}`);
-            return { windowExists: false, paneCommand: null, claudeRunning: false };
+            return { windowExists: false, paneCommand: null, claudeRunning: false, paneDead: false };
         }
     }
     /** Send text to a window's active pane. */

package/dist/validation.d.ts

@@ -80,8 +80,8 @@ export declare const batchSessionSchema: z.ZodObject<{
         workDir: z.ZodString;
         prompt: z.ZodOptional<z.ZodString>;
         permissionMode: z.ZodOptional<z.ZodEnum<{
-            default: "default";
             bypassPermissions: "bypassPermissions";
+            default: "default";
             plan: "plan";
             acceptEdits: "acceptEdits";
             dontAsk: "dontAsk";
@@ -101,8 +101,8 @@ export declare const pipelineSchema: z.ZodObject<{
         prompt: z.ZodString;
         dependsOn: z.ZodOptional<z.ZodArray<z.ZodString>>;
         permissionMode: z.ZodOptional<z.ZodEnum<{
-            default: "default";
             bypassPermissions: "bypassPermissions";
+            default: "default";
             plan: "plan";
             acceptEdits: "acceptEdits";
             dontAsk: "dontAsk";
@@ -152,26 +152,26 @@ export declare const persistedStateSchema: z.ZodRecord<z.ZodString, z.ZodObject<
     byteOffset: z.ZodNumber;
     monitorOffset: z.ZodNumber;
     status: z.ZodEnum<{
-        error: "error";
-        unknown: "unknown";
-        permission_prompt: "permission_prompt";
         idle: "idle";
         working: "working";
         compacting: "compacting";
         context_warning: "context_warning";
         waiting_for_input: "waiting_for_input";
-        bash_approval: "bash_approval";
+        permission_prompt: "permission_prompt";
         plan_mode: "plan_mode";
         ask_question: "ask_question";
+        bash_approval: "bash_approval";
         settings: "settings";
+        error: "error";
+        unknown: "unknown";
     }>;
     createdAt: z.ZodNumber;
     lastActivity: z.ZodNumber;
     stallThresholdMs: z.ZodNumber;
     permissionStallMs: z.ZodDefault<z.ZodNumber>;
     permissionMode: z.ZodEnum<{
-        default: "default";
         bypassPermissions: "bypassPermissions";
+        default: "default";
         plan: "plan";
         acceptEdits: "acceptEdits";
         dontAsk: "dontAsk";
@@ -317,6 +317,10 @@ export declare function parseSemver(v: string): [number, number, number] | null;
 export declare function compareSemver(a: string, b: string): number;
 /** Extract version number from `claude --version` output. */
 export declare function extractCCVersion(output: string): string | null;
+/** Returns true when any path segment resolves to "..".
+ *  Checks raw, separator-normalized, and percent-decoded forms to catch
+ *  encoded traversal like %2e%2e and mixed slash/backslash payloads. */
+export declare function containsTraversalSegment(inputPath: string): boolean;
 /** Validate workDir to prevent path traversal attacks (Issue #435).
  *  1. Reject raw strings containing ".." before any normalization.
  *  2. Resolve to absolute path and resolve symlinks via fs.realpath().

package/dist/validation.js

@@ -302,11 +302,49 @@ function getDefaultSafeDirs() {
         process.cwd(),
     ];
 }
+/** Returns true when any path segment resolves to "..".
+ *  Checks raw, separator-normalized, and percent-decoded forms to catch
+ *  encoded traversal like %2e%2e and mixed slash/backslash payloads. */
+export function containsTraversalSegment(inputPath) {
+    const hasTraversalInSegments = (candidate) => {
+        const normalizedSeparators = candidate.replace(/[\\/]+/g, '/');
+        const segments = normalizedSeparators.split('/');
+        return segments.some((segment) => segment === '..');
+    };
+    let candidate = inputPath;
+    for (let i = 0; i < 4; i++) {
+        if (hasTraversalInSegments(candidate))
+            return true;
+        let decoded;
+        try {
+            decoded = decodeURIComponent(candidate);
+        }
+        catch {
+            decoded = candidate;
+        }
+        if (decoded === candidate)
+            break;
+        candidate = decoded;
+    }
+    return false;
+}
+/** Normalize path for consistent boundary comparisons. */
+function normalizeForBoundaryCheck(inputPath) {
+    const resolved = path.normalize(path.resolve(inputPath));
+    const root = path.parse(resolved).root;
+    const trimmed = resolved.length > root.length
+        ? resolved.replace(/[\\/]+$/g, '')
+        : resolved;
+    return process.platform === 'win32' ? trimmed.toLowerCase() : trimmed;
+}
 /** Check whether `childPath` is equal to or under `parentPath`. */
 function isUnderOrEqual(childPath, parentPath) {
-    if (childPath === parentPath)
+    const normalizedChild = normalizeForBoundaryCheck(childPath);
+    const normalizedParent = normalizeForBoundaryCheck(parentPath);
+    if (normalizedChild === normalizedParent)
         return true;
-    return childPath.startsWith(parentPath + path.sep);
+    const relative = path.relative(normalizedParent, normalizedChild);
+    return relative !== '' && !relative.startsWith('..') && !path.isAbsolute(relative);
 }
 /** Validate workDir to prevent path traversal attacks (Issue #435).
  *  1. Reject raw strings containing ".." before any normalization.
@@ -318,9 +356,8 @@ function isUnderOrEqual(childPath, parentPath) {
 export async function validateWorkDir(workDir, allowedWorkDirs = []) {
     if (typeof workDir !== 'string')
         return { error: 'workDir must be a string', code: 'INVALID_WORKDIR' };
-    // Step 1: Reject path traversal in the raw string BEFORE any normalization.
-    // path.normalize() would resolve ".." components, making the check useless.
-    if (workDir.includes('..')) {
+    // Step 1: Reject path traversal in raw/mixed/decoded forms before resolution.
+    if (containsTraversalSegment(workDir)) {
         return { error: 'workDir must not contain path traversal components (..)', code: 'INVALID_WORKDIR' };
     }
     // Step 2: Resolve to absolute path and follow symlinks.
@@ -333,9 +370,17 @@ export async function validateWorkDir(workDir, allowedWorkDirs = []) {
         return { error: `workDir does not exist: ${resolved}`, code: 'INVALID_WORKDIR' };
     }
     // Step 3: Directory allowlist check.
-    const safeDirs = allowedWorkDirs.length > 0
-        ? allowedWorkDirs.map((d) => path.resolve(d))
-        : getDefaultSafeDirs();
+    const safeDirCandidates = allowedWorkDirs.length > 0
+        ? allowedWorkDirs.map((dir) => path.resolve(dir))
+        : getDefaultSafeDirs().map((dir) => path.resolve(dir));
+    const safeDirs = await Promise.all(safeDirCandidates.map(async (dir) => {
+        try {
+            return await fs.realpath(dir);
+        }
+        catch {
+            return dir;
+        }
+    }));
     const allowed = safeDirs.some((dir) => isUnderOrEqual(realPath, dir));
     if (!allowed) {
         return { error: 'workDir is not in the allowed directories list', code: 'INVALID_WORKDIR' };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.12.0",
+  "version": "2.12.2",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",
@@ -53,6 +53,9 @@
     "fastify": "^5.8.2",
     "zod": "^4.3.6"
   },
+  "overrides": {
+    "zod": "^4.3.6"
+  },
   "repository": {
     "type": "git",
     "url": "https://github.com/OneStepAt4time/aegis.git"