npm - aegis-bridge - Versions diffs - 2.2.5 → 2.3.0 - Mend

aegis-bridge 2.2.5 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/auth.d.ts CHANGED Viewed

@@ -53,6 +53,8 @@ export declare class AuthManager {
     };
     /** Hash a key with SHA-256. */
     static hashKey(key: string): string;
+    /** #398: Sweep stale rate limit buckets. Prune entries with expired windows. */
+    sweepStaleRateLimits(): void;
     /** Check if auth is enabled (master token or any keys). */
     get authEnabled(): boolean;
     /**

package/dist/auth.js CHANGED Viewed

@@ -127,6 +127,16 @@ export class AuthManager {
     static hashKey(key) {
         return createHash('sha256').update(key).digest('hex');
     }
+    /** #398: Sweep stale rate limit buckets. Prune entries with expired windows. */
+    sweepStaleRateLimits() {
+        const now = Date.now();
+        const windowMs = 60_000; // 1 minute
+        for (const [keyId, bucket] of this.rateLimits) {
+            if (now - bucket.windowStart > windowMs) {
+                this.rateLimits.delete(keyId);
+            }
+        }
+    }
     /** Check if auth is enabled (master token or any keys). */
     get authEnabled() {
         return !!this.masterToken || this.store.keys.length > 0;

package/dist/events.d.ts CHANGED Viewed

@@ -81,6 +81,8 @@ export declare class SessionEventBus {
         id: number;
         event: GlobalSSEEvent;
     }>;
+    /** #398: Clean up per-session state (call when session is killed). */
+    cleanupSession(sessionId: string): void;
     /** Clean up all emitters. */
     destroy(): void;
 }

package/dist/events.js CHANGED Viewed

@@ -243,6 +243,15 @@ export class SessionEventBus {
     getGlobalEventsSince(lastEventId) {
         return this.globalEventBuffer.filter(e => e.id > lastEventId);
     }
+    /** #398: Clean up per-session state (call when session is killed). */
+    cleanupSession(sessionId) {
+        this.eventBuffers.delete(sessionId);
+        const emitter = this.emitters.get(sessionId);
+        if (emitter) {
+            emitter.removeAllListeners();
+            this.emitters.delete(sessionId);
+        }
+    }
     /** Clean up all emitters. */
     destroy() {
         for (const emitter of this.emitters.values()) {

package/dist/mcp-server.js CHANGED Viewed

@@ -36,8 +36,9 @@ export class AegisClient {
         }
     }
     async request(path, opts) {
+        const hasBody = opts?.body !== undefined;
         const headers = {
-            'Content-Type': 'application/json',
+            ...(hasBody ? { 'Content-Type': 'application/json' } : {}),
             ...(this.authToken ? { Authorization: `Bearer ${this.authToken}` } : {}),
         };
         let res;

package/dist/monitor.js CHANGED Viewed

@@ -256,6 +256,23 @@ export class SessionMonitor {
                     }
                 }
             }
+            // --- Type 5: Extended working stall (working too long regardless of byte changes, ---
+            // Catches CC stuck in "Misting" state where internal loop detection
+            if (currentStatus === 'working') {
+                const entry = this.stateSince.get(session.id);
+                if (entry && entry.state === 'working') {
+                    const workingDuration = now - entry.since;
+                    const maxWorkingMs = this.config.stallThresholdMs * 3; // 15 min default
+                    if (workingDuration >= maxWorkingMs && !this.stallNotified.has(`${session.id}:stall:extended_working`)) {
+                        this.stallNotified.add(`${session.id}:stall:extended_working`);
+                        const minutes = Math.round(workingDuration / 60000);
+                        const detail = `Session stalled: in "working" state for ${minutes}min. ` +
+                            `CC may be stuck in an internal loop (e.g., Misting). Consider: POST /v1/sessions/${session.id}/interrupt or /kill`;
+                        this.eventBus?.emitStall(session.id, 'extended_working', detail);
+                        await this.channels.statusChange(this.makePayload('status.stall', session, detail));
+                    }
+                }
+            }
             // Clean up stall notifications on state transitions (using prevStallStatus)
             if (prevStallStatus && prevStallStatus !== currentStatus) {
                 const exitedPermission = prevStallStatus === 'permission_prompt' || prevStallStatus === 'bash_approval';
@@ -361,12 +378,20 @@ export class SessionMonitor {
             // Update last activity
             session.lastActivity = Date.now();
         }
-        // Update JSONL stall tracking — always initialize on watcher events
+        // Update JSONL stall tracking — only reset stall timer when real messages arrive
+        // When no messages, only update bytes tracking (keep timestamp)
         const now = Date.now();
         const prev = this.lastBytesSeen.get(event.sessionId);
         if (event.newOffset > (prev?.bytes ?? -1)) {
-            this.lastBytesSeen.set(event.sessionId, { bytes: event.newOffset, at: now });
-            this.stallNotified.delete(`${event.sessionId}:stall:jsonl`);
+            if (event.messages.length > 0) {
+                // Real output — reset stall timer
+                this.lastBytesSeen.set(event.sessionId, { bytes: event.newOffset, at: now });
+                this.stallNotified.delete(`${event.sessionId}:stall:jsonl`);
+            }
+            else {
+                // File grew but no messages — only update bytes, keep timestamp
+                this.lastBytesSeen.set(event.sessionId, { bytes: event.newOffset, at: prev?.at ?? now });
+            }
         }
     }
     async checkSession(session) {
@@ -407,6 +432,9 @@ export class SessionMonitor {
             const latestResult = { statusText: result.statusText, interactiveContent: result.interactiveContent };
             this.statusChangeDebounce.set(session.id, setTimeout(() => {
                 this.statusChangeDebounce.delete(session.id);
+                // #511: Skip broadcast if session was killed while debounce was pending
+                if (!this.lastStatus.has(session.id))
+                    return;
                 void this.broadcastStatusChange(session, latestStatus, latestPrevStatus, latestResult)
                     .catch(e => console.error(`Monitor: broadcastStatusChange failed for ${session.id}:`, e));
             }, STATUS_CHANGE_DEBOUNCE_MS));

package/dist/server.js CHANGED Viewed

@@ -517,13 +517,13 @@ app.get('/v1/sessions/:id', async (req, reply) => {
     const session = sessions.getSession(req.params.id);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
-    return addActionHints(session);
+    return addActionHints(session, sessions);
 });
 app.get('/sessions/:id', async (req, reply) => {
     const session = sessions.getSession(req.params.id);
     if (!session)
         return reply.status(404).send({ error: 'Session not found' });
-    return addActionHints(session);
+    return addActionHints(session, sessions);
 });
 // #128: Bulk health check — returns health for all sessions in one request
 app.get('/v1/sessions/health', async () => {
@@ -1110,6 +1110,7 @@ async function reapStaleSessions(maxAgeMs) {
                     session: { id: session.id, name: session.windowName, workDir: session.workDir },
                     detail: `Auto-killed: exceeded ${maxAgeMs / 3600000}h time limit`,
                 });
+                eventBus.cleanupSession(session.id);
                 await sessions.killSession(session.id);
                 monitor.removeSession(session.id);
                 metrics.cleanupSession(session.id);
@@ -1139,6 +1140,7 @@ async function reapZombieSessions() {
         console.log(`Reaper: removing zombie session ${session.windowName} (${session.id.slice(0, 8)})`);
         try {
             monitor.removeSession(session.id);
+            eventBus.cleanupSession(session.id);
             await sessions.killSession(session.id);
             metrics.cleanupSession(session.id);
             await channels.sessionEnded({
@@ -1155,7 +1157,7 @@ async function reapZombieSessions() {
 }
 // ── Helpers ──────────────────────────────────────────────────────────
 /** Issue #20: Add actionHints to session response for interactive states. */
-function addActionHints(session) {
+function addActionHints(session, sessions) {
     // #357: Convert Set to array for JSON serialization
     const result = {
         ...session,
@@ -1167,8 +1169,33 @@ function addActionHints(session) {
             reject: { method: 'POST', url: `/v1/sessions/${session.id}/reject`, description: 'Reject the pending permission' },
         };
     }
+    // #599: Expose pending question data for MCP/REST callers
+    if (session.status === 'ask_question' && sessions) {
+        const info = sessions.getPendingQuestionInfo(session.id);
+        if (info) {
+            result.pendingQuestion = {
+                toolUseId: info.toolUseId,
+                content: info.question,
+                options: extractQuestionOptions(info.question),
+                since: info.timestamp,
+            };
+        }
+    }
     return result;
 }
+/** #599: Extract selectable options from AskUserQuestion text. */
+function extractQuestionOptions(text) {
+    // Numbered options: "1. Foo\n2. Bar"
+    const numberedRegex = /^\s*(\d+)\.\s+(.+)$/gm;
+    const options = [];
+    let m;
+    while ((m = numberedRegex.exec(text)) !== null) {
+        options.push(m[2].trim());
+    }
+    if (options.length >= 2)
+        return options.slice(0, 4);
+    return null;
+}
 function makePayload(event, sessionId, detail, meta) {
     const session = sessions.getSession(sessionId);
     return {
@@ -1422,6 +1449,8 @@ async function main() {
     const metricsSaveInterval = setInterval(() => { void metrics.save(); }, 5 * 60 * 1000);
     // #357: Prune stale IP rate-limit entries every minute
     const ipPruneInterval = setInterval(pruneIpRateLimits, 60_000);
+    // #398: Sweep stale API key rate limit buckets every 5 minutes
+    const authSweepInterval = setInterval(() => auth.sweepStaleRateLimits(), 5 * 60_000);
     // Issue #361: Graceful shutdown handler
     // Issue #415: Reentrance guard at handler level prevents double execution on rapid SIGINT
     let shuttingDown = false;
@@ -1441,6 +1470,7 @@ async function main() {
         clearInterval(zombieReaperInterval);
         clearInterval(metricsSaveInterval);
         clearInterval(ipPruneInterval);
+        clearInterval(authSweepInterval);
         // 3. Destroy channels (awaits Telegram poll loop)
         try {
             await channels.destroy();

package/dist/session.d.ts CHANGED Viewed

@@ -61,6 +61,7 @@ export declare class SessionManager {
     private static readonly SAVE_DEBOUNCE_MS;
     private pendingPermissions;
     private pendingQuestions;
+    private static readonly MAX_CACHE_ENTRIES_PER_SESSION;
     private parsedEntriesCache;
     constructor(tmux: TmuxManager, config: Config);
     /** Validate that parsed data looks like a valid SessionState. */
@@ -227,6 +228,7 @@ export declare class SessionManager {
     getPendingQuestionInfo(sessionId: string): {
         toolUseId: string;
         question: string;
+        timestamp: number;
     } | null;
     /** Issue #336: Clean up any pending question for a session. */
     cleanupPendingQuestion(sessionId: string): void;

package/dist/session.js CHANGED Viewed

@@ -43,6 +43,8 @@ export class SessionManager {
     pendingPermissions = new Map();
     pendingQuestions = new Map();
     // #357: Cache of all parsed JSONL entries per session to avoid re-reading from offset 0
+    // #424: Evict oldest entries when cache exceeds max to prevent unbounded growth
+    static MAX_CACHE_ENTRIES_PER_SESSION = 10_000;
     parsedEntriesCache = new Map();
     constructor(tmux, config) {
         this.tmux = tmux;
@@ -808,7 +810,7 @@ export class SessionManager {
                 console.log(`Hooks: AskUserQuestion timeout for session ${sessionId} — allowing without answer`);
                 resolve(null);
             }, timeoutMs);
-            this.pendingQuestions.set(sessionId, { resolve, timer, toolUseId, question });
+            this.pendingQuestions.set(sessionId, { resolve, timer, toolUseId, question, timestamp: Date.now() });
         });
     }
     /** Issue #336: Submit an answer to a pending question. Returns true if resolved. */
@@ -830,7 +832,7 @@ export class SessionManager {
     /** Issue #336: Get info about a pending question. */
     getPendingQuestionInfo(sessionId) {
         const pending = this.pendingQuestions.get(sessionId);
-        return pending ? { toolUseId: pending.toolUseId, question: pending.question } : null;
+        return pending ? { toolUseId: pending.toolUseId, question: pending.question, timestamp: pending.timestamp } : null;
     }
     /** Issue #336: Clean up any pending question for a session. */
     cleanupPendingQuestion(sessionId) {
@@ -946,6 +948,10 @@ export class SessionManager {
             if (cached) {
                 cached.entries.push(...result.entries);
                 cached.offset = result.newOffset;
+                // #424: Evict oldest entries when cache exceeds per-session cap
+                if (cached.entries.length > SessionManager.MAX_CACHE_ENTRIES_PER_SESSION) {
+                    cached.entries.splice(0, cached.entries.length - SessionManager.MAX_CACHE_ENTRIES_PER_SESSION);
+                }
                 return cached.entries;
             }
             // First read — cache it

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.2.5",
+  "version": "2.3.0",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",