aegis-bridge 2.15.3 → 2.15.4

package/dist/cli.js

@@ -12,7 +12,9 @@ import { fileURLToPath } from 'node:url';
 import { parseIntSafe, getErrorMessage } from './validation.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, '../package.json'), 'utf-8'));
+/** Current aegis-bridge version read from package.json at startup. */
 const VERSION = pkg.version;
+/** Check whether a required external dependency can be executed. */
 function checkDependency(name, command) {
     try {
         execSync(`${command} 2>/dev/null`, { stdio: 'ignore' });
@@ -22,6 +24,7 @@ function checkDependency(name, command) {
         return false;
     }
 }
+/** Render the startup banner shown when launching the HTTP server. */
 function printBanner(port) {
     console.log(`
   ┌─────────────────────────────────────────┐
@@ -107,6 +110,7 @@ async function handleCreate(args) {
     console.log(`    Read:     curl ${baseUrl}/v1/sessions/${sessionId}/read`);
     console.log(`    Kill:     curl -X DELETE ${baseUrl}/v1/sessions/${sessionId}`);
 }
+/** Main CLI entry point that dispatches subcommands and bootstraps the server. */
 async function main() {
     const args = process.argv.slice(2);
     // Help

package/dist/hook-settings.d.ts

@@ -13,6 +13,8 @@
  *
  * Issue #169: Phase 2 — Inject CC settings.json with HTTP hooks.
  */
+/** Build a normalized path to .claude/settings.local.json for Unix and Windows workDirs. */
+export declare function buildProjectSettingsPath(workDir: string, platform?: NodeJS.Platform): string;
 /** CC hook events that support `type: "http"`.
  *
  * All CC hook events support HTTP hooks. We register the most useful ones

package/dist/hook-settings.js

@@ -45,6 +45,23 @@ function normalizeHookBaseUrl(baseUrl) {
         return baseUrl.replace('0.0.0.0', '127.0.0.1');
     }
 }
+/** Build a normalized path to .claude/settings.local.json for Unix and Windows workDirs. */
+export function buildProjectSettingsPath(workDir, platform = process.platform) {
+    let normalizedWorkDir = platform === 'win32'
+        ? workDir.replace(/\//g, '\\')
+        : workDir.replace(/\\/g, '/');
+    // On Linux, resolve() prepends CWD to Windows paths like "D:\Users\dev"
+    // because Linux doesn't understand Windows drive letters. Only resolve
+    // paths that are NOT already absolute on the target platform.
+    const isWinAbs = /^[A-Za-z]:\\/.test(normalizedWorkDir);
+    const isUnixAbs = /^\//.test(normalizedWorkDir);
+    const alreadyAbs = (platform === 'win32' && isWinAbs) || isUnixAbs;
+    if (!alreadyAbs)
+        normalizedWorkDir = resolve(normalizedWorkDir);
+    // Normalize separators to match the target platform.
+    const result = join(normalizedWorkDir, '.claude', 'settings.local.json');
+    return platform === 'win32' ? result.replace(/\//g, '\\') : result;
+}
 /**
  * Validate a workDir path for use in hook settings resolution.
  * Defense-in-depth against path traversal: rejects paths containing ".." segments
@@ -145,7 +162,7 @@ export async function writeHookSettingsFile(baseUrl, sessionId, hookSecret, work
     let merged = {};
     const safeWorkDir = workDir ? validateWorkDirPath(workDir) : undefined;
     if (safeWorkDir) {
-        const projectSettingsPath = join(safeWorkDir, '.claude', 'settings.local.json');
+        const projectSettingsPath = buildProjectSettingsPath(safeWorkDir);
         if (existsSync(projectSettingsPath)) {
             try {
                 const raw = await readFile(projectSettingsPath, 'utf-8');
@@ -210,7 +227,7 @@ export async function cleanupStaleSessionHooks(workDir, activeSessionIds) {
     const safeWorkDir = workDir ? validateWorkDirPath(workDir) : undefined;
     if (!safeWorkDir)
         return;
-    const projectSettingsPath = join(safeWorkDir, '.claude', 'settings.local.json');
+    const projectSettingsPath = buildProjectSettingsPath(safeWorkDir);
     if (!existsSync(projectSettingsPath))
         return;
     try {

package/dist/hook.d.ts

@@ -15,4 +15,5 @@
  *   }
  * }
  */
-export {};
+/** Build a shell-safe command string that invokes hook.js with an explicit Node executable. */
+export declare function buildHookCommand(scriptPath: string, nodeExecutable?: string, platform?: NodeJS.Platform): string;

package/dist/hook.js

@@ -16,7 +16,7 @@
  * }
  */
 import { readFileSync, writeFileSync, mkdirSync, existsSync, renameSync } from 'node:fs';
-import { join, dirname } from 'node:path';
+import { join, dirname, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import { execFileSync } from 'node:child_process';
 import { fileURLToPath } from 'node:url';
@@ -32,6 +32,17 @@ const MAP_FILE = join(BRIDGE_DIR, 'session_map.json');
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 const TMUX_PANE_RE = /^%\d+$/;
 const DEFAULT_POINTER_TTL_MS = 24 * 60 * 60 * 1000;
+function normalizeCommandPath(pathValue, platform = process.platform) {
+    return platform === 'win32' ? pathValue.replace(/\//g, '\\') : pathValue.replace(/\\/g, '/');
+}
+function quoteCommandPath(pathValue, platform = process.platform) {
+    const normalized = normalizeCommandPath(pathValue, platform);
+    return `"${normalized.replace(/"/g, '\\"')}"`;
+}
+/** Build a shell-safe command string that invokes hook.js with an explicit Node executable. */
+export function buildHookCommand(scriptPath, nodeExecutable = process.execPath, platform = process.platform) {
+    return `${quoteCommandPath(nodeExecutable, platform)} ${quoteCommandPath(scriptPath, platform)}`;
+}
 function getPointerTtlMs() {
     const raw = process.env.AEGIS_CONTINUATION_POINTER_TTL_MS ?? process.env.MANUS_CONTINUATION_POINTER_TTL_MS;
     const parsed = raw ? Number(raw) : NaN;
@@ -176,7 +187,7 @@ function install() {
         }
         settings = parsed.data;
     }
-    const hookCommand = `node ${join(__dirname, 'hook.js')}`;
+    const hookCommand = buildHookCommand(join(__dirname, 'hook.js'));
     const hooks = (settings.hooks || {});
     const sessionStart = (hooks.SessionStart || []);
     // Check if already installed
@@ -204,4 +215,17 @@ function install() {
     writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
     console.log(`Aegis hook installed in ${settingsPath}`);
 }
-main();
+const isDirectExecution = (() => {
+    const argv1 = process.argv[1];
+    if (!argv1)
+        return false;
+    try {
+        return resolve(argv1) === resolve(__filename);
+    }
+    catch {
+        return false;
+    }
+})();
+if (isDirectExecution) {
+    main();
+}

package/dist/server.js

@@ -49,6 +49,7 @@ import { MemoryBridge } from './memory-bridge.js';
 import { cleanupTerminatedSessionState } from './session-cleanup.js';
 import { normalizeApiErrorPayload } from './api-error-envelope.js';
 import { listenWithRetry, removePidFile, writePidFile } from './startup.js';
+import { isWindowsShutdownMessage, parseShutdownTimeoutMs } from './shutdown-utils.js';
 import { authKeySchema, sendMessageSchema, commandSchema, bashSchema, screenshotSchema, permissionHookSchema, stopHookSchema, batchSessionSchema, pipelineSchema, handshakeRequestSchema, parseIntSafe, isValidUUID, compareSemver, extractCCVersion, MIN_CC_VERSION, permissionProfileSchema, } from './validation.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -1765,56 +1766,67 @@ async function main() {
     // Issue #361: Graceful shutdown handler
     // Issue #415: Reentrance guard at handler level prevents double execution on rapid SIGINT
     let shuttingDown = false;
+    const shutdownTimeoutMs = parseShutdownTimeoutMs(process.env.AEGIS_SHUTDOWN_TIMEOUT_MS);
     async function gracefulShutdown(signal) {
         console.log(`${signal} received, shutting down gracefully...`);
-        // 1. Stop accepting new requests
+        const forceExitTimer = setTimeout(() => {
+            console.error(`Graceful shutdown timed out after ${shutdownTimeoutMs}ms — forcing process exit`);
+            process.exit(1);
+        }, shutdownTimeoutMs);
+        forceExitTimer.unref?.();
         try {
-            await app.close();
-        }
-        catch (e) {
-            console.error('Error closing server:', e);
-        }
-        // 2. Stop background monitors and intervals
-        monitor.stop();
-        swarmMonitor.stop();
-        clearInterval(reaperInterval);
-        clearInterval(zombieReaperInterval);
-        clearInterval(metricsSaveInterval);
-        clearInterval(ipPruneInterval);
-        clearInterval(authFailPruneInterval);
-        clearInterval(authSweepInterval);
-        // Issue #569: Kill all CC sessions and tmux windows before exit
-        try {
-            await killAllSessions(sessions, tmux);
-        }
-        catch (e) {
-            console.error('Error killing sessions:', e);
-        }
-        // 3. Destroy channels (awaits Telegram poll loop)
-        try {
-            await channels.destroy();
-        }
-        catch (e) {
-            console.error('Error destroying channels:', e);
-        }
-        // 4. Save session state
-        try {
-            await sessions.save();
-        }
-        catch (e) {
-            console.error('Error saving sessions:', e);
-        }
-        // 5. Save metrics
-        try {
-            await metrics.save();
+            // 1. Stop accepting new requests
+            try {
+                await app.close();
+            }
+            catch (e) {
+                console.error('Error closing server:', e);
+            }
+            // 2. Stop background monitors and intervals
+            monitor.stop();
+            swarmMonitor.stop();
+            clearInterval(reaperInterval);
+            clearInterval(zombieReaperInterval);
+            clearInterval(metricsSaveInterval);
+            clearInterval(ipPruneInterval);
+            clearInterval(authFailPruneInterval);
+            clearInterval(authSweepInterval);
+            // Issue #569: Kill all CC sessions and tmux windows before exit
+            try {
+                await killAllSessions(sessions, tmux);
+            }
+            catch (e) {
+                console.error('Error killing sessions:', e);
+            }
+            // 3. Destroy channels (awaits Telegram poll loop)
+            try {
+                await channels.destroy();
+            }
+            catch (e) {
+                console.error('Error destroying channels:', e);
+            }
+            // 4. Save session state
+            try {
+                await sessions.save();
+            }
+            catch (e) {
+                console.error('Error saving sessions:', e);
+            }
+            // 5. Save metrics
+            try {
+                await metrics.save();
+            }
+            catch (e) {
+                console.error('Error saving metrics:', e);
+            }
+            // 6. Cleanup PID file
+            removePidFile(pidFilePath);
+            console.log('Graceful shutdown complete');
+            process.exit(0);
         }
-        catch (e) {
-            console.error('Error saving metrics:', e);
+        finally {
+            clearTimeout(forceExitTimer);
         }
-        // 6. Cleanup PID file
-        removePidFile(pidFilePath);
-        console.log('Graceful shutdown complete');
-        process.exit(0);
     }
     process.on('SIGTERM', () => { if (!shuttingDown) {
         shuttingDown = true;
@@ -1824,6 +1836,14 @@ async function main() {
         shuttingDown = true;
         void gracefulShutdown('SIGINT');
     } });
+    if (process.platform === 'win32') {
+        process.on('message', (message) => {
+            if (!shuttingDown && isWindowsShutdownMessage(message)) {
+                shuttingDown = true;
+                void gracefulShutdown('WINMSG');
+            }
+        });
+    }
     process.on('unhandledRejection', (reason) => {
         console.error('unhandledRejection:', reason);
     });

package/dist/session.d.ts

@@ -10,6 +10,12 @@ import { type UIState } from './terminal-parser.js';
 import type { Config } from './config.js';
 import { type PermissionPolicy, type PermissionProfile } from './validation.js';
 import { type PermissionDecision } from './permission-request-manager.js';
+/**
+ * Canonical runtime metadata for an Aegis-managed Claude Code session.
+ *
+ * This structure is persisted to disk and reused by the REST API, SSE layer,
+ * monitoring loop, and session recovery logic.
+ */
 export interface SessionInfo {
     id: string;
     windowId: string;
@@ -43,6 +49,7 @@ export interface SessionInfo {
     permissionProfile?: PermissionProfile;
     prd?: string;
 }
+/** Persisted session store keyed by Aegis session ID. */
 export interface SessionState {
     sessions: Record<string, SessionInfo>;
 }
@@ -57,6 +64,10 @@ export interface SessionState {
 export declare function detectApprovalMethod(paneText: string): 'numbered' | 'yes';
 /** Resolves a pending PermissionRequest hook with a decision. */
 export type { PermissionDecision };
+/**
+ * Coordinates session lifecycle, persistence, transcript discovery, and
+ * interactive approval/question flows for all managed Claude Code sessions.
+ */
 export declare class SessionManager {
     private tmux;
     private config;

package/dist/session.js

@@ -52,6 +52,10 @@ export function detectApprovalMethod(paneText) {
     }
     return 'yes';
 }
+/**
+ * Coordinates session lifecycle, persistence, transcript discovery, and
+ * interactive approval/question flows for all managed Claude Code sessions.
+ */
 export class SessionManager {
     tmux;
     config;

package/dist/shutdown-utils.d.ts

@@ -0,0 +1,5 @@
+/**
+ * shutdown-utils.ts — reusable shutdown helpers for server signal handling.
+ */
+export declare function parseShutdownTimeoutMs(rawValue: string | undefined, fallbackMs?: number): number;
+export declare function isWindowsShutdownMessage(message: unknown): boolean;

package/dist/shutdown-utils.js

@@ -0,0 +1,24 @@
+/**
+ * shutdown-utils.ts — reusable shutdown helpers for server signal handling.
+ */
+const DEFAULT_SHUTDOWN_TIMEOUT_MS = 15_000;
+export function parseShutdownTimeoutMs(rawValue, fallbackMs = DEFAULT_SHUTDOWN_TIMEOUT_MS) {
+    const parsed = Number(rawValue);
+    if (!Number.isFinite(parsed) || parsed < 1_000)
+        return fallbackMs;
+    return Math.floor(parsed);
+}
+export function isWindowsShutdownMessage(message) {
+    if (typeof message === 'string') {
+        const normalized = message.trim().toLowerCase();
+        return normalized === 'shutdown' || normalized === 'graceful-shutdown';
+    }
+    if (typeof message === 'object' && message !== null && 'type' in message) {
+        const typeValue = message.type;
+        if (typeof typeValue === 'string') {
+            const normalized = typeValue.trim().toLowerCase();
+            return normalized === 'shutdown' || normalized === 'graceful-shutdown';
+        }
+    }
+    return false;
+}

package/dist/startup.d.ts

@@ -1,5 +1,6 @@
 import Fastify from 'fastify';
 export declare function writePidFile(stateDir: string): string;
 export declare function removePidFile(pidFilePath: string): void;
+/** Read the parent PID for a Linux process from /proc. */
 export declare function readPpid(pid: number): number;
 export declare function listenWithRetry(app: ReturnType<typeof Fastify>, port: number, host: string, stateDir: string, maxRetries?: number): Promise<void>;

package/dist/startup.js

@@ -41,6 +41,7 @@ function pidExists(pid) {
         return false;
     }
 }
+/** Read the parent PID for a Linux process from /proc. */
 export function readPpid(pid) {
     const status = readFileSync(`/proc/${pid}/status`, 'utf-8');
     const match = status.match(/^PPid:\s+(\d+)/m);

package/dist/tmux.d.ts

@@ -4,6 +4,8 @@
  * Wraps tmux CLI commands to manage windows inside a named session.
  * Port of CCBot's tmux_manager.py to TypeScript.
  */
+/** Build the platform-specific launch wrapper that clears inherited tmux vars. */
+export declare function buildClaudeLaunchCommand(baseCommand: string, platform?: NodeJS.Platform): string;
 /** Thrown when a tmux command exceeds its timeout. */
 export declare class TmuxTimeoutError extends Error {
     constructor(args: string[], timeoutMs: number);
@@ -89,10 +91,14 @@ export declare class TmuxManager {
      *  Values never appear in terminal scrollback or capture-pane output.
      */
     private setEnvSecure;
+    /** #909: Windows variant — set tmux env and dot-source a temp .ps1 in the active pane. */
+    private setEnvSecureWin32;
     /** #837: Direct variant of setEnvSecure that uses sendKeysDirectInternal instead of
      *  sendKeys, safe to call from inside a serialize() callback without deadlocking.
      *  Identical logic otherwise. */
     private setEnvSecureDirect;
+    /** #909: Direct Windows variant that avoids serialize() re-entry. */
+    private setEnvSecureDirectWin32;
     /** P1 fix: Check if a window exists. Returns true if window is in the session.
      *  #357: Uses a short-lived cache to avoid repeated tmux CLI calls. */
     windowExists(windowId: string): Promise<boolean>;

package/dist/tmux.js

@@ -16,6 +16,16 @@ import { computeProjectHash } from './path-utils.js';
 function shellEscape(s) {
     return `'${s.replace(/'/g, "'\\''")}'`;
 }
+function powerShellSingleQuote(value) {
+    return `'${value.replace(/'/g, "''")}'`;
+}
+/** Build the platform-specific launch wrapper that clears inherited tmux vars. */
+export function buildClaudeLaunchCommand(baseCommand, platform = process.platform) {
+    if (platform === 'win32') {
+        return `Remove-Item Env:TMUX -ErrorAction SilentlyContinue; Remove-Item Env:TMUX_PANE -ErrorAction SilentlyContinue; ${baseCommand}`;
+    }
+    return `unset TMUX TMUX_PANE && exec ${baseCommand}`;
+}
 /** Validate that an env var key contains only safe characters (Issue #630: uppercase only, aligned with session.ts). */
 const ENV_KEY_RE = /^[A-Z_][A-Z0-9_]*$/;
 const execFileAsync = promisify(execFile);
@@ -309,13 +319,9 @@ export class TmuxManager {
         if (existsSync(settingsPath)) {
             cmd += ` --settings ${shellEscape(settingsPath)}`;
         }
-        // Issue #68: Unset $TMUX and $TMUX_PANE before launching Claude Code.
-        // If Aegis itself runs inside tmux, CC inherits these vars and:
-        //   - Teammate spawns attempt split-pane in Aegis session (not isolated)
-        //   - Color capabilities reduced to 256
-        //   - Clipboard passthrough via tmux load-buffer instead of OSC 52
-        // Prefixing with 'unset' ensures CC gets a clean environment.
-        cmd = `unset TMUX TMUX_PANE && exec ${cmd}`;
+        // Issue #68 / #909: Clear inherited tmux vars before launching CC.
+        // Linux/macOS uses `unset`; Windows uses PowerShell env removal.
+        cmd = buildClaudeLaunchCommand(cmd);
         // Send the command to start Claude
         await this.sendKeys(windowId, cmd, true);
         // Issue #7: Verify Claude process started by checking pane command.
@@ -393,6 +399,10 @@ export class TmuxManager {
      *  Values never appear in terminal scrollback or capture-pane output.
      */
     async setEnvSecure(windowId, env) {
+        if (process.platform === 'win32') {
+            await this.setEnvSecureWin32(windowId, env);
+            return;
+        }
         const fs = await import('node:fs/promises');
         const path = await import('node:path');
         // Validate env var keys before interpolation
@@ -428,10 +438,44 @@ export class TmuxManager {
         }
         catch { /* already deleted by shell */ }
     }
+    /** #909: Windows variant — set tmux env and dot-source a temp .ps1 in the active pane. */
+    async setEnvSecureWin32(windowId, env) {
+        const fs = await import('node:fs/promises');
+        const path = await import('node:path');
+        for (const key of Object.keys(env)) {
+            if (!ENV_KEY_RE.test(key)) {
+                throw new Error(`Invalid env var key: '${key}' — must match ${ENV_KEY_RE.source}`);
+            }
+        }
+        const tmpFile = path.join(tmpdir(), `.aegis-env-${randomBytes(16).toString('hex')}.ps1`);
+        const lines = Object.entries(env).map(([key, val]) => `$env:${key} = ${powerShellSingleQuote(val)}`);
+        await fs.writeFile(tmpFile, lines.join('\n') + '\n', { mode: 0o600 });
+        for (const [key, val] of Object.entries(env)) {
+            await this.tmux('set-environment', '-t', this.sessionName, key, val);
+        }
+        const psPath = powerShellSingleQuote(tmpFile);
+        const cmd = `. ${psPath}; Remove-Item -LiteralPath ${psPath} -Force -ErrorAction SilentlyContinue`;
+        await this.sendKeys(windowId, cmd, true);
+        await this.pollUntil(async () => { try {
+            await stat(tmpFile);
+            return false;
+        }
+        catch {
+            return true;
+        } }, 50, 750);
+        try {
+            await fs.unlink(tmpFile);
+        }
+        catch { /* already deleted by shell */ }
+    }
     /** #837: Direct variant of setEnvSecure that uses sendKeysDirectInternal instead of
      *  sendKeys, safe to call from inside a serialize() callback without deadlocking.
      *  Identical logic otherwise. */
     async setEnvSecureDirect(windowId, env) {
+        if (process.platform === 'win32') {
+            await this.setEnvSecureDirectWin32(windowId, env);
+            return;
+        }
         const fs = await import('node:fs/promises');
         const path = await import('node:path');
         for (const key of Object.keys(env)) {
@@ -460,6 +504,36 @@ export class TmuxManager {
         }
         catch { /* already deleted by shell */ }
     }
+    /** #909: Direct Windows variant that avoids serialize() re-entry. */
+    async setEnvSecureDirectWin32(windowId, env) {
+        const fs = await import('node:fs/promises');
+        const path = await import('node:path');
+        for (const key of Object.keys(env)) {
+            if (!ENV_KEY_RE.test(key)) {
+                throw new Error(`Invalid env var key: '${key}' — must match ${ENV_KEY_RE.source}`);
+            }
+        }
+        const tmpFile = path.join(tmpdir(), `.aegis-env-${randomBytes(16).toString('hex')}.ps1`);
+        const lines = Object.entries(env).map(([key, val]) => `$env:${key} = ${powerShellSingleQuote(val)}`);
+        await fs.writeFile(tmpFile, lines.join('\n') + '\n', { mode: 0o600 });
+        for (const [key, val] of Object.entries(env)) {
+            await this.tmuxInternal('set-environment', '-t', this.sessionName, key, val);
+        }
+        const psPath = powerShellSingleQuote(tmpFile);
+        const cmd = `. ${psPath}; Remove-Item -LiteralPath ${psPath} -Force -ErrorAction SilentlyContinue`;
+        await this.sendKeysDirectInternal(windowId, cmd, true);
+        await this.pollUntil(async () => { try {
+            await stat(tmpFile);
+            return false;
+        }
+        catch {
+            return true;
+        } }, 50, 750);
+        try {
+            await fs.unlink(tmpFile);
+        }
+        catch { /* already deleted by shell */ }
+    }
     /** P1 fix: Check if a window exists. Returns true if window is in the session.
      *  #357: Uses a short-lived cache to avoid repeated tmux CLI calls. */
     async windowExists(windowId) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.15.3",
+  "version": "2.15.4",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",
@@ -27,6 +27,7 @@
     "build": "tsc && npm run build:copy-dashboard",
     "build:copy-dashboard": "node scripts/copy-dashboard.mjs",
     "build:dashboard": "cd dashboard && npm ci && npm run build",
+    "docs": "typedoc",
     "start": "node dist/cli.js",
     "dev": "tsc && node dist/cli.js",
     "prepublishOnly": "npm run build:dashboard && npm run build",
@@ -72,6 +73,7 @@
     "@types/ws": "^8.18.1",
     "lockfile-lint": "5.0.0",
     "ts-morph": "^27.0.2",
+    "typedoc": "^0.28.18",
     "typescript": "^6.0.2",
     "vitest": "^4.1.2"
   }