aegis-bridge 2.5.2 → 2.5.3

package/dist/channels/manager.d.ts

@@ -6,6 +6,14 @@
  * one broken channel never kills the bridge.
  */
 import type { Channel, SessionEventPayload, InboundHandler } from './types.js';
+/**
+ * Thrown for retriable failures (5xx server errors, network timeouts).
+ * Only these increment the circuit breaker failure count.
+ * 4xx client errors are thrown as plain Error and do NOT trip the breaker.
+ */
+export declare class RetriableError extends Error {
+    constructor(message: string);
+}
 export declare class ChannelManager {
     private channels;
     private inboundHandler;

package/dist/channels/manager.js

@@ -5,6 +5,17 @@
  * to every registered channel, swallowing per-channel errors so
  * one broken channel never kills the bridge.
  */
+/**
+ * Thrown for retriable failures (5xx server errors, network timeouts).
+ * Only these increment the circuit breaker failure count.
+ * 4xx client errors are thrown as plain Error and do NOT trip the breaker.
+ */
+export class RetriableError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'RetriableError';
+    }
+}
 export class ChannelManager {
     channels = [];
     inboundHandler = null;
@@ -86,6 +97,10 @@ export class ChannelManager {
             }
             catch (e) {
                 console.error(`Channel ${ch.name} error on ${payload.event}:`, e);
+                // Only count retriable errors (5xx, network) toward circuit breaker.
+                // 4xx client errors are non-retriable — the server is healthy.
+                if (!(e instanceof RetriableError))
+                    return;
                 const h = this.health.get(ch.name) ?? { failCount: 0, disabledUntil: 0 };
                 h.failCount++;
                 if (h.failCount >= ChannelManager.FAILURE_THRESHOLD) {

package/dist/channels/webhook.js

@@ -7,6 +7,7 @@
 import { webhookEndpointSchema, getErrorMessage } from '../validation.js';
 import { validateWebhookUrl } from '../ssrf.js';
 import { redactSecretsFromText } from '../utils/redact-headers.js';
+import { RetriableError } from './manager.js';
 export class WebhookChannel {
     name = 'webhook';
     endpoints;
@@ -141,8 +142,13 @@ export class WebhookChannel {
                 console.error(`Webhook ${ep.url} failed after ${maxRetries} attempts for ${event}: ${lastError}`);
                 this.addToDeadLetterQueue(ep.url, event, lastError, maxRetries);
             }
-            // Final failure (HTTP or network) — throw so fire() can aggregate
-            throw new Error(lastError);
+            // Final failure — throw so fire() can aggregate.
+            // Use RetriableError for 5xx/network (circuit breaker counts these),
+            // plain Error for 4xx (circuit breaker ignores these).
+            if (lastError.startsWith('HTTP ') && parseInt(lastError.slice(5)) < 500) {
+                throw new Error(lastError);
+            }
+            throw new RetriableError(lastError);
         }
     }
     /** Issue #89 L14: Add a failed delivery to the dead letter queue. */

package/dist/events.d.ts

@@ -76,6 +76,8 @@ export declare class SessionEventBus {
     private globalEmitter;
     /** #689: Pending setImmediate timers for cleanup on destroy. */
     private pendingTimers;
+    /** #834: Pending setTimeout timers for cleanup on destroy/cleanupSession. */
+    private pendingTimeouts;
     /** Subscribe to events from ALL sessions (new and existing). Returns unsubscribe function. */
     subscribeGlobal(handler: (event: GlobalSSEEvent) => void): () => void;
     /** Emit a session created event to global subscribers. */

package/dist/events.js

@@ -178,12 +178,15 @@ export class SessionEventBus {
         // Clean up after a short delay (let clients receive the event)
         // Capture reference — only delete if it's still the same emitter
         // #357: Also delete the per-session event buffer to prevent unbounded map growth
-        setTimeout(() => {
+        // #834: Track the timer so cleanupSession/destroy can cancel it
+        const timeout = setTimeout(() => {
+            this.pendingTimeouts.delete(timeout);
             if (this.emitters.get(sessionId) === emitter) {
                 this.emitters.delete(sessionId);
             }
             this.eventBuffers.delete(sessionId);
         }, 1000);
+        this.pendingTimeouts.add(timeout);
     }
     /** Emit a stall event. */
     emitStall(sessionId, stallType, detail) {
@@ -227,6 +230,8 @@ export class SessionEventBus {
     globalEmitter = null;
     /** #689: Pending setImmediate timers for cleanup on destroy. */
     pendingTimers = new Set();
+    /** #834: Pending setTimeout timers for cleanup on destroy/cleanupSession. */
+    pendingTimeouts = new Set();
     /** Subscribe to events from ALL sessions (new and existing). Returns unsubscribe function. */
     subscribeGlobal(handler) {
         if (!this.globalEmitter) {
@@ -267,6 +272,11 @@ export class SessionEventBus {
     }
     /** #398: Clean up per-session state (call when session is killed). */
     cleanupSession(sessionId) {
+        // #834: Clear pending setTimeout for this session's emitEnded cleanup
+        for (const timeout of this.pendingTimeouts) {
+            clearTimeout(timeout);
+            this.pendingTimeouts.delete(timeout);
+        }
         this.eventBuffers.delete(sessionId);
         const emitter = this.emitters.get(sessionId);
         if (emitter) {
@@ -281,6 +291,11 @@ export class SessionEventBus {
             clearImmediate(imm);
         }
         this.pendingTimers.clear();
+        // #834: Clear pending setTimeout timers
+        for (const timeout of this.pendingTimeouts) {
+            clearTimeout(timeout);
+        }
+        this.pendingTimeouts.clear();
         for (const emitter of this.emitters.values()) {
             emitter.removeAllListeners();
         }

package/dist/hook-settings.js

@@ -105,14 +105,14 @@ export async function writeHookSettingsFile(baseUrl, sessionId, workDir) {
             }
         }
     }
-    // Deep-merge: project settings as base, hook settings override
-    const combined = {
-        ...merged,
-        hooks: {
-            ...(merged.hooks ?? {}),
-            ...hookSettings.hooks,
-        },
-    };
+    // Deep-merge: project settings as base, hooks merged by event key so both
+    // project-level and Aegis hooks coexist (Issue #635).
+    const existingHooks = merged.hooks ?? {};
+    const mergedHooks = { ...existingHooks };
+    for (const [event, entries] of Object.entries(hookSettings.hooks)) {
+        mergedHooks[event] = [...(existingHooks[event] ?? []), ...entries];
+    }
+    const combined = { ...merged, hooks: mergedHooks };
     // Issue #648: Use unpredictable directory name and restrictive permissions
     // to prevent symlink attacks and information disclosure in /tmp.
     const suffix = randomBytes(4).toString('hex');

package/dist/hooks.js

@@ -14,7 +14,7 @@
  * Issue #169: Phase 1 — HTTP hooks infrastructure.
  * Issue #169: Phase 3 — Hook-driven status detection.
  */
-import { isValidUUID, hookBodySchema } from './validation.js';
+import { isValidUUID, hookBodySchema, parseIntSafe } from './validation.js';
 /** CC hook events that require a decision response. */
 const DECISION_EVENTS = new Set(['PreToolUse', 'PermissionRequest']);
 /** Permission modes that should be auto-approved via hook response. */
@@ -22,7 +22,7 @@ const AUTO_APPROVE_MODES = new Set(['bypassPermissions', 'dontAsk', 'acceptEdits
 /** Default timeout for waiting on client permission decision (ms). */
 const PERMISSION_TIMEOUT_MS = 10_000;
 /** Default timeout for waiting on external answer to AskUserQuestion (ms). */
-const ANSWER_TIMEOUT_MS = parseInt(process.env.ANSWER_TIMEOUT_MS || '30000', 10);
+const ANSWER_TIMEOUT_MS = parseIntSafe(process.env.ANSWER_TIMEOUT_MS, 30_000);
 /** Valid permission_mode values accepted by Claude Code. */
 const VALID_PERMISSION_MODES = new Set(['default', 'plan', 'bypassPermissions']);
 /** Valid CC hook event names (allow any for extensibility, but these are known). */

package/dist/session.d.ts

@@ -56,6 +56,8 @@ export declare class SessionManager {
     private stateFile;
     private sessionMapFile;
     private pollTimers;
+    /** #835: Discovery timeout timers — cleared in cleanupSession to prevent orphan callbacks. */
+    private discoveryTimeouts;
     private saveQueue;
     private saveDebounceTimer;
     private static readonly SAVE_DEBOUNCE_MS;

package/dist/session.js

@@ -50,6 +50,8 @@ export class SessionManager {
     stateFile;
     sessionMapFile;
     pollTimers = new Map();
+    /** #835: Discovery timeout timers — cleared in cleanupSession to prevent orphan callbacks. */
+    discoveryTimeouts = new Map();
     saveQueue = Promise.resolve(); // #218: serialize concurrent saves
     saveDebounceTimer = null;
     static SAVE_DEBOUNCE_MS = 5_000; // #357: debounce offset-only saves
@@ -1150,6 +1152,14 @@ export class SessionManager {
                 this.pollTimers.delete(key);
             }
         }
+        // #835: Clear discovery timeout timers to prevent orphan callbacks
+        for (const key of [id, `fs-${id}`]) {
+            const timeout = this.discoveryTimeouts.get(key);
+            if (timeout) {
+                clearTimeout(timeout);
+                this.discoveryTimeouts.delete(key);
+            }
+        }
         this.cleanupPendingPermission(id);
         this.cleanupPendingQuestion(id);
         this.parsedEntriesCache.delete(id);
@@ -1289,7 +1299,9 @@ export class SessionManager {
         }, 2000);
         this.pollTimers.set(id, interval);
         // P3 fix: Stop after 5 minutes if not found, log timeout
-        setTimeout(() => {
+        // #835: Track the timeout so cleanupSession can cancel it
+        const discoveryTimeout = setTimeout(() => {
+            this.discoveryTimeouts.delete(id);
             const timer = this.pollTimers.get(id);
             const session = this.state.sessions[id];
             if (timer) {
@@ -1301,6 +1313,7 @@ export class SessionManager {
                 }
             }
         }, 5 * 60 * 1000);
+        this.discoveryTimeouts.set(id, discoveryTimeout);
     }
     /** Issue #16: Filesystem-based discovery for --bare mode (no hooks).
      *  Scans the Claude projects directory for new .jsonl files created after the session.
@@ -1348,13 +1361,16 @@ export class SessionManager {
         }, 3000);
         this.pollTimers.set(`fs-${id}`, interval);
         // Timeout after 5 minutes
-        setTimeout(() => {
+        // #835: Track the timeout so cleanupSession can cancel it
+        const fsDiscoveryTimeout = setTimeout(() => {
+            this.discoveryTimeouts.delete(`fs-${id}`);
             const timer = this.pollTimers.get(`fs-${id}`);
             if (timer) {
                 clearInterval(timer);
                 this.pollTimers.delete(`fs-${id}`);
             }
         }, 5 * 60 * 1000);
+        this.discoveryTimeouts.set(`fs-${id}`, fsDiscoveryTimeout);
     }
     /** Sync CC session IDs from the hook-written session_map.json. */
     async syncSessionMap() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.5.2",
+  "version": "2.5.3",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",