aegis-bridge 2.6.0 → 2.6.2

package/dist/dashboard/index.html

@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Aegis Dashboard</title>
     <link rel="icon" type="image/svg+xml" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🛡️</text></svg>" />
-    <script type="module" crossorigin src="/dashboard/assets/index-DIyuyrlO.js"></script>
-    <link rel="stylesheet" crossorigin href="/dashboard/assets/index-B7DYf7vF.css">
+    <script type="module" crossorigin src="/dashboard/assets/index-Bfabq3q-.js"></script>
+    <link rel="stylesheet" crossorigin href="/dashboard/assets/index-9Hkkvm_I.css">
   </head>
   <body class="bg-[#0a0a0f] text-gray-200 antialiased">
     <div id="root"></div>

package/dist/diagnostics.d.ts

@@ -0,0 +1,27 @@
+/**
+ * diagnostics.ts - no-PII diagnostics event stream with bounded in-memory buffer.
+ */
+export type DiagnosticsLevel = 'info' | 'warn' | 'error';
+export interface DiagnosticsEvent {
+    event: string;
+    level: DiagnosticsLevel;
+    component: string;
+    operation: string;
+    sessionId?: string;
+    errorCode?: string;
+    timestamp: string;
+    attributes: Record<string, unknown>;
+}
+export declare const DEFAULT_DIAGNOSTICS_BUFFER_SIZE = 100;
+export declare function sanitizeDiagnosticsAttributes(attributes: Record<string, unknown> | undefined): Record<string, unknown>;
+export declare class DiagnosticsBus {
+    private readonly maxEntries;
+    private readonly emitter;
+    private readonly buffer;
+    constructor(maxEntries?: number);
+    emit(event: DiagnosticsEvent): void;
+    subscribe(handler: (event: DiagnosticsEvent) => void): () => void;
+    getRecent(limit?: number): DiagnosticsEvent[];
+    clear(): void;
+}
+export declare const diagnosticsBus: DiagnosticsBus;

package/dist/diagnostics.js

@@ -0,0 +1,95 @@
+/**
+ * diagnostics.ts - no-PII diagnostics event stream with bounded in-memory buffer.
+ */
+import { EventEmitter } from 'node:events';
+export const DEFAULT_DIAGNOSTICS_BUFFER_SIZE = 100;
+const MAX_DIAGNOSTICS_STRING_LENGTH = 200;
+const MAX_SANITIZE_DEPTH = 4;
+const FORBIDDEN_KEY_FRAGMENTS = [
+    'token',
+    'password',
+    'secret',
+    'authorization',
+    'cookie',
+    'auth',
+    'api_key',
+    'apikey',
+    'prompt',
+    'transcript',
+    'payload',
+    'workdir',
+];
+function isForbiddenAttribute(key) {
+    const normalized = key.toLowerCase();
+    return FORBIDDEN_KEY_FRAGMENTS.some(fragment => normalized.includes(fragment));
+}
+function sanitizeValue(value, depth = 0) {
+    if (depth > MAX_SANITIZE_DEPTH)
+        return '[TRUNCATED]';
+    if (typeof value === 'string') {
+        return value.length > MAX_DIAGNOSTICS_STRING_LENGTH
+            ? `${value.slice(0, MAX_DIAGNOSTICS_STRING_LENGTH)}...`
+            : value;
+    }
+    if (value === null || typeof value === 'number' || typeof value === 'boolean') {
+        return value;
+    }
+    if (Array.isArray(value)) {
+        return value.map(item => sanitizeValue(item, depth + 1));
+    }
+    if (typeof value === 'object') {
+        const sanitizedObject = {};
+        for (const [key, nested] of Object.entries(value)) {
+            if (isForbiddenAttribute(key))
+                continue;
+            sanitizedObject[key] = sanitizeValue(nested, depth + 1);
+        }
+        return sanitizedObject;
+    }
+    if (value === undefined)
+        return undefined;
+    return String(value);
+}
+export function sanitizeDiagnosticsAttributes(attributes) {
+    if (!attributes)
+        return {};
+    const sanitized = sanitizeValue(attributes);
+    return (typeof sanitized === 'object' && sanitized !== null && !Array.isArray(sanitized))
+        ? sanitized
+        : {};
+}
+function sanitizeDiagnosticsEvent(event) {
+    return {
+        ...event,
+        attributes: sanitizeDiagnosticsAttributes(event.attributes),
+    };
+}
+export class DiagnosticsBus {
+    maxEntries;
+    emitter = new EventEmitter();
+    buffer = [];
+    constructor(maxEntries = DEFAULT_DIAGNOSTICS_BUFFER_SIZE) {
+        this.maxEntries = maxEntries;
+    }
+    emit(event) {
+        const sanitizedEvent = sanitizeDiagnosticsEvent(event);
+        this.buffer.push(sanitizedEvent);
+        if (this.buffer.length > this.maxEntries) {
+            this.buffer.splice(0, this.buffer.length - this.maxEntries);
+        }
+        this.emitter.emit('event', sanitizedEvent);
+    }
+    subscribe(handler) {
+        this.emitter.on('event', handler);
+        return () => this.emitter.off('event', handler);
+    }
+    getRecent(limit = this.maxEntries) {
+        if (limit <= 0)
+            return [];
+        return this.buffer.slice(-Math.min(limit, this.maxEntries));
+    }
+    clear() {
+        this.buffer.length = 0;
+    }
+}
+export const diagnosticsBus = new DiagnosticsBus();

package/dist/events.d.ts

@@ -49,6 +49,20 @@ export declare class SessionEventBus {
     emit(sessionId: string, event: SessionSSEEvent): void;
     /** Get events emitted after the given event ID for a session. */
     getEventsSince(sessionId: string, lastEventId: number): SessionSSEEvent[];
+    /**
+     * Cursor-based replay window for session events.
+     *
+     * - `beforeId` is an exclusive upper bound on event ID.
+     * - If omitted, returns the newest `limit` buffered events.
+     * - Returns events in ascending ID order.
+     */
+    getEventsBefore(sessionId: string, beforeId?: number, limit?: number): {
+        events: SessionSSEEvent[];
+        before_id: number | null;
+        has_more: boolean;
+        oldest_id: number | null;
+        newest_id: number | null;
+    };
     /** Emit a status change event. */
     emitStatus(sessionId: string, status: string, detail: string): void;
     /** Emit a message event. */

package/dist/events.js

@@ -6,6 +6,7 @@
  * The monitor pushes events; the SSE route consumes them.
  */
 import { EventEmitter } from 'node:events';
+import { CircularBuffer } from './utils/circular-buffer.js';
 /** Map per-session event types to global event types. */
 function toGlobalEvent(event) {
     const typeMap = {
@@ -52,7 +53,7 @@ export class SessionEventBus {
     /** Per-session ring buffer for event replay. */
     eventBuffers = new Map();
     /** Global ring buffer for event replay across all sessions (Issue #301). */
-    globalEventBuffer = [];
+    globalEventBuffer = new CircularBuffer(SessionEventBus.BUFFER_SIZE);
     /** Get or create the emitter for a session. */
     getEmitter(sessionId) {
         let emitter = this.emitters.get(sessionId);
@@ -89,13 +90,10 @@ export class SessionEventBus {
         // Push to ring buffer
         let buffer = this.eventBuffers.get(sessionId);
         if (!buffer) {
-            buffer = [];
+            buffer = new CircularBuffer(SessionEventBus.BUFFER_SIZE);
             this.eventBuffers.set(sessionId, buffer);
         }
         buffer.push({ id: event.id, event });
-        if (buffer.length > SessionEventBus.BUFFER_SIZE) {
-            buffer.splice(0, buffer.length - SessionEventBus.BUFFER_SIZE);
-        }
         const emitter = this.emitters.get(sessionId);
         if (emitter) {
             const imm = setImmediate(() => {
@@ -109,9 +107,6 @@ export class SessionEventBus {
             const globalEvent = toGlobalEvent(event);
             // Issue #301: push to global ring buffer
             this.globalEventBuffer.push({ id: event.id, event: globalEvent });
-            if (this.globalEventBuffer.length > SessionEventBus.BUFFER_SIZE) {
-                this.globalEventBuffer.splice(0, this.globalEventBuffer.length - SessionEventBus.BUFFER_SIZE);
-            }
             const imm = setImmediate(() => {
                 this.pendingTimers.delete(imm);
                 this.globalEmitter?.emit('event', globalEvent);
@@ -124,7 +119,44 @@ export class SessionEventBus {
         const buffer = this.eventBuffers.get(sessionId);
         if (!buffer)
             return [];
-        return buffer.filter(e => e.id > lastEventId).map(e => e.event);
+        return buffer.toArray().filter(e => e.id > lastEventId).map(e => e.event);
+    }
+    /**
+     * Cursor-based replay window for session events.
+     *
+     * - `beforeId` is an exclusive upper bound on event ID.
+     * - If omitted, returns the newest `limit` buffered events.
+     * - Returns events in ascending ID order.
+     */
+    getEventsBefore(sessionId, beforeId, limit = 50) {
+        const buffer = this.eventBuffers.get(sessionId);
+        if (!buffer) {
+            return {
+                events: [],
+                before_id: null,
+                has_more: false,
+                oldest_id: null,
+                newest_id: null,
+            };
+        }
+        const entries = buffer.toArray();
+        const clampedLimit = Math.min(SessionEventBus.BUFFER_SIZE, Math.max(1, limit));
+        const upperExclusive = beforeId !== undefined
+            ? entries.findIndex(e => e.id >= beforeId)
+            : entries.length;
+        const resolvedUpperExclusive = upperExclusive === -1 ? entries.length : upperExclusive;
+        const lowerInclusive = Math.max(0, resolvedUpperExclusive - clampedLimit);
+        const window = entries.slice(lowerInclusive, resolvedUpperExclusive);
+        const events = window.map(e => e.event);
+        const oldestId = window.length > 0 ? window[0].id : null;
+        const newestId = window.length > 0 ? window[window.length - 1].id : null;
+        return {
+            events,
+            before_id: oldestId,
+            has_more: lowerInclusive > 0,
+            oldest_id: oldestId,
+            newest_id: newestId,
+        };
     }
     /** Emit a status change event. */
     emitStatus(sessionId, status, detail) {
@@ -261,14 +293,11 @@ export class SessionEventBus {
         };
         // Issue #301: buffer global-only events
         this.globalEventBuffer.push({ id, event: globalEvent });
-        if (this.globalEventBuffer.length > SessionEventBus.BUFFER_SIZE) {
-            this.globalEventBuffer.splice(0, this.globalEventBuffer.length - SessionEventBus.BUFFER_SIZE);
-        }
         this.globalEmitter.emit('event', globalEvent);
     }
     /** Get global events emitted after the given event ID (Issue #301). */
     getGlobalEventsSince(lastEventId) {
-        return this.globalEventBuffer.filter(e => e.id > lastEventId);
+        return this.globalEventBuffer.toArray().filter(e => e.id > lastEventId);
     }
     /** #398: Clean up per-session state (call when session is killed). */
     cleanupSession(sessionId) {
@@ -301,7 +330,7 @@ export class SessionEventBus {
         }
         this.emitters.clear();
         this.eventBuffers.clear();
-        this.globalEventBuffer = [];
+        this.globalEventBuffer.clear();
         this.globalEmitter?.removeAllListeners();
         this.globalEmitter = null;
     }

package/dist/fault-injection.d.ts

@@ -0,0 +1,29 @@
+/**
+ * fault-injection.ts — deterministic fault injection harness for integration tests.
+ *
+ * Disabled by default in production. Enable with AEGIS_FAULT_INJECTION=1
+ * or via test helpers.
+ */
+export type FaultMode = 'transient' | 'fatal' | 'delay';
+export interface FaultRule {
+    point: string;
+    mode: FaultMode;
+    every?: number;
+    probability?: number;
+    delayMs?: number;
+    errorMessage?: string;
+}
+export declare class InjectedTransientFaultError extends Error {
+    readonly point: string;
+    constructor(point: string, message?: string);
+}
+export declare class InjectedFatalFaultError extends Error {
+    readonly point: string;
+    constructor(point: string, message?: string);
+}
+export declare function maybeInjectFault(point: string): Promise<void>;
+export declare function resetFaultInjection(): void;
+export declare function clearFaultRules(): void;
+export declare function setFaultInjectionEnabledForTest(enabled: boolean): void;
+export declare function setFaultInjectionSeedForTest(seed: number): void;
+export declare function addFaultRule(rule: FaultRule): void;

package/dist/fault-injection.js

@@ -0,0 +1,115 @@
+/**
+ * fault-injection.ts — deterministic fault injection harness for integration tests.
+ *
+ * Disabled by default in production. Enable with AEGIS_FAULT_INJECTION=1
+ * or via test helpers.
+ */
+export class InjectedTransientFaultError extends Error {
+    point;
+    constructor(point, message) {
+        super(message ?? `Injected transient fault at ${point}`);
+        this.name = 'InjectedTransientFaultError';
+        this.point = point;
+    }
+}
+export class InjectedFatalFaultError extends Error {
+    point;
+    constructor(point, message) {
+        super(message ?? `Injected fatal fault at ${point}`);
+        this.name = 'InjectedFatalFaultError';
+        this.point = point;
+    }
+}
+class FaultInjector {
+    rules = [];
+    hitCounts = new Map();
+    enabledOverride = null;
+    seed = 1;
+    rngState = 1;
+    constructor() {
+        this.reset();
+    }
+    readSeedFromEnv() {
+        const parsed = Number.parseInt(process.env.AEGIS_FAULT_SEED ?? '1', 10);
+        return Number.isFinite(parsed) && parsed > 0 ? parsed : 1;
+    }
+    nextRandom() {
+        // LCG constants from Numerical Recipes, deterministic and fast.
+        this.rngState = (1664525 * this.rngState + 1013904223) >>> 0;
+        return this.rngState / 0x100000000;
+    }
+    isEnabled() {
+        if (this.enabledOverride !== null) {
+            return this.enabledOverride;
+        }
+        return process.env.AEGIS_FAULT_INJECTION === '1';
+    }
+    reset() {
+        this.seed = this.readSeedFromEnv();
+        this.rngState = this.seed;
+        this.hitCounts.clear();
+    }
+    clearRules() {
+        this.rules.length = 0;
+        this.hitCounts.clear();
+    }
+    setEnabledForTest(enabled) {
+        this.enabledOverride = enabled;
+    }
+    setSeedForTest(seed) {
+        this.seed = seed > 0 ? Math.floor(seed) : 1;
+        this.rngState = this.seed;
+    }
+    addRule(rule) {
+        this.rules.push(rule);
+    }
+    async inject(point) {
+        if (!this.isEnabled())
+            return;
+        for (const rule of this.rules) {
+            if (rule.point !== point)
+                continue;
+            const count = (this.hitCounts.get(point) ?? 0) + 1;
+            this.hitCounts.set(point, count);
+            let shouldTrigger = true;
+            if (rule.every && rule.every > 0) {
+                shouldTrigger = count % rule.every === 0;
+            }
+            else if (typeof rule.probability === 'number') {
+                shouldTrigger = this.nextRandom() < Math.max(0, Math.min(1, rule.probability));
+            }
+            if (!shouldTrigger)
+                continue;
+            if (rule.mode === 'delay') {
+                const ms = Math.max(0, rule.delayMs ?? 0);
+                if (ms > 0) {
+                    await new Promise(resolve => setTimeout(resolve, ms));
+                }
+                return;
+            }
+            if (rule.mode === 'transient') {
+                throw new InjectedTransientFaultError(point, rule.errorMessage);
+            }
+            throw new InjectedFatalFaultError(point, rule.errorMessage);
+        }
+    }
+}
+const injector = new FaultInjector();
+export function maybeInjectFault(point) {
+    return injector.inject(point);
+}
+export function resetFaultInjection() {
+    injector.reset();
+}
+export function clearFaultRules() {
+    injector.clearRules();
+}
+export function setFaultInjectionEnabledForTest(enabled) {
+    injector.setEnabledForTest(enabled);
+}
+export function setFaultInjectionSeedForTest(seed) {
+    injector.setSeedForTest(seed);
+}
+export function addFaultRule(rule) {
+    injector.addRule(rule);
+}

package/dist/handshake.d.ts

@@ -13,8 +13,22 @@ export declare const AEGIS_MIN_PROTOCOL_VERSION = "1";
  * All capabilities Aegis supports in this build.
  * Capabilities are additive; absence means the feature is unavailable/disabled.
  */
-export declare const AEGIS_CAPABILITIES: readonly ["session.create", "session.resume", "session.approve", "session.transcript", "session.transcript.cursor", "session.events.sse", "session.screenshot", "hooks.pre_tool_use", "hooks.post_tool_use", "hooks.notification", "hooks.stop", "swarm", "metrics"];
+export declare const AEGIS_CAPABILITIES: readonly ["session.create", "session.resume", "session.approve", "session.transcript", "session.transcript.cursor", "session.events.sse", "session.events.cursor", "session.screenshot", "hooks.pre_tool_use", "hooks.post_tool_use", "hooks.notification", "hooks.stop", "swarm", "metrics"];
 export type AegisCapability = (typeof AEGIS_CAPABILITIES)[number];
+/**
+ * Feature gates that client integrations should check before enabling
+ * behavior that depends on newer protocol/capability support.
+ */
+export declare const HANDSHAKE_FEATURE_REQUIREMENTS: {
+    readonly cursorReplay: readonly ["session.transcript.cursor"];
+    readonly transcriptRead: readonly ["session.transcript"];
+    readonly sseEvents: readonly ["session.events.sse"];
+    readonly permissionControl: readonly ["session.approve"];
+    readonly screenshots: readonly ["session.screenshot"];
+    readonly hookLifecycle: readonly ["hooks.pre_tool_use", "hooks.post_tool_use"];
+};
+export type HandshakeFeature = keyof typeof HANDSHAKE_FEATURE_REQUIREMENTS;
+export type HandshakeFallbackMode = 'none' | 'legacy-defaults' | 'incompatible-protocol' | 'invalid-protocol';
 /** Request body for POST /v1/handshake */
 export interface HandshakeRequest {
     protocolVersion: string;
@@ -26,9 +40,15 @@ export interface HandshakeResponse {
     protocolVersion: string;
     serverCapabilities: AegisCapability[];
     negotiatedCapabilities: AegisCapability[];
+    featureGates: Record<HandshakeFeature, boolean>;
+    fallbackMode: HandshakeFallbackMode;
     warnings: string[];
     compatible: boolean;
 }
+/** Compute boolean feature gates from a negotiated capability set. */
+export declare function computeFeatureGates(capabilities: readonly AegisCapability[]): Record<HandshakeFeature, boolean>;
+/** Helper for checking one feature gate directly from a handshake response. */
+export declare function isFeatureEnabled(response: HandshakeResponse, feature: HandshakeFeature): boolean;
 /**
  * Negotiate capabilities between a client request and this Aegis build.
  *

package/dist/handshake.js

@@ -20,6 +20,7 @@ export const AEGIS_CAPABILITIES = [
     'session.transcript',
     'session.transcript.cursor', // Issue #883: cursor-based replay
     'session.events.sse',
+    'session.events.cursor',
     'session.screenshot',
     'hooks.pre_tool_use',
     'hooks.post_tool_use',
@@ -28,6 +29,30 @@ export const AEGIS_CAPABILITIES = [
     'swarm',
     'metrics',
 ];
+/**
+ * Feature gates that client integrations should check before enabling
+ * behavior that depends on newer protocol/capability support.
+ */
+export const HANDSHAKE_FEATURE_REQUIREMENTS = {
+    cursorReplay: ['session.transcript.cursor'],
+    transcriptRead: ['session.transcript'],
+    sseEvents: ['session.events.sse'],
+    permissionControl: ['session.approve'],
+    screenshots: ['session.screenshot'],
+    hookLifecycle: ['hooks.pre_tool_use', 'hooks.post_tool_use'],
+};
+/** Compute boolean feature gates from a negotiated capability set. */
+export function computeFeatureGates(capabilities) {
+    const enabled = new Set(capabilities);
+    return Object.fromEntries(Object.entries(HANDSHAKE_FEATURE_REQUIREMENTS).map(([feature, required]) => [
+        feature,
+        required.every(capability => enabled.has(capability)),
+    ]));
+}
+/** Helper for checking one feature gate directly from a handshake response. */
+export function isFeatureEnabled(response, feature) {
+    return response.featureGates[feature] === true;
+}
 /**
  * Negotiate capabilities between a client request and this Aegis build.
  *
@@ -44,19 +69,25 @@ export function negotiate(req) {
     const serverMajor = parseInt(AEGIS_PROTOCOL_VERSION, 10);
     const minMajor = parseInt(AEGIS_MIN_PROTOCOL_VERSION, 10);
     if (isNaN(clientMajor)) {
+        const negotiatedCapabilities = [];
         return {
             protocolVersion: AEGIS_PROTOCOL_VERSION,
             serverCapabilities,
-            negotiatedCapabilities: [],
+            negotiatedCapabilities,
+            featureGates: computeFeatureGates(negotiatedCapabilities),
+            fallbackMode: 'invalid-protocol',
             warnings: [`Unrecognized protocolVersion format: "${req.protocolVersion}". Expected integer string.`],
             compatible: false,
         };
     }
     if (clientMajor < minMajor) {
+        const negotiatedCapabilities = [];
         return {
             protocolVersion: AEGIS_PROTOCOL_VERSION,
             serverCapabilities,
-            negotiatedCapabilities: [],
+            negotiatedCapabilities,
+            featureGates: computeFeatureGates(negotiatedCapabilities),
+            fallbackMode: 'incompatible-protocol',
             warnings: [
                 `Client protocolVersion ${req.protocolVersion} is below minimum supported version ${AEGIS_MIN_PROTOCOL_VERSION}. Upgrade required.`,
             ],
@@ -69,8 +100,9 @@ export function negotiate(req) {
     // Intersect: client declares what it supports; server only enables what it also supports
     let negotiatedCapabilities;
     if (!req.clientCapabilities || req.clientCapabilities.length === 0) {
-        // Client omitted capabilities → assume full server capability set
+        // Client omitted capabilities → default to full set for backward compatibility.
         negotiatedCapabilities = serverCapabilities;
+        warnings.push('Client did not provide clientCapabilities; using legacy-default capability negotiation.');
     }
     else {
         const serverSet = new Set(serverCapabilities);
@@ -84,6 +116,8 @@ export function negotiate(req) {
         protocolVersion: AEGIS_PROTOCOL_VERSION,
         serverCapabilities,
         negotiatedCapabilities,
+        featureGates: computeFeatureGates(negotiatedCapabilities),
+        fallbackMode: req.clientCapabilities && req.clientCapabilities.length > 0 ? 'none' : 'legacy-defaults',
         warnings,
         compatible: true,
     };

package/dist/hook-settings.d.ts

@@ -44,8 +44,9 @@ export interface HookSettings {
  *
  * @param baseUrl - Aegis base URL (e.g. "http://localhost:9100")
  * @param sessionId - Aegis session ID (used as query param for routing)
+ * @param hookSecret - Per-session secret for hook URL authentication (Issue #629)
  */
-export declare function generateHookSettings(baseUrl: string, sessionId: string): HookSettings;
+export declare function generateHookSettings(baseUrl: string, sessionId: string, hookSecret?: string): HookSettings;
 /**
  * Write hook settings to a temporary file and return its path.
  *
@@ -58,7 +59,7 @@ export declare function generateHookSettings(baseUrl: string, sessionId: string)
  * @param workDir - Project working directory (to read settings.local.json from)
  * @returns Path to the temporary settings file
  */
-export declare function writeHookSettingsFile(baseUrl: string, sessionId: string, workDir?: string): Promise<string>;
+export declare function writeHookSettingsFile(baseUrl: string, sessionId: string, hookSecret: string, workDir?: string): Promise<string>;
 /**
  * Clean up a hook settings temp file.
  *

package/dist/hook-settings.js

@@ -74,16 +74,18 @@ export { HTTP_HOOK_EVENTS };
  *
  * @param baseUrl - Aegis base URL (e.g. "http://localhost:9100")
  * @param sessionId - Aegis session ID (used as query param for routing)
+ * @param hookSecret - Per-session secret for hook URL authentication (Issue #629)
  */
-export function generateHookSettings(baseUrl, sessionId) {
+export function generateHookSettings(baseUrl, sessionId, hookSecret) {
     const hooks = {};
     for (const event of HTTP_HOOK_EVENTS) {
+        const secretParam = hookSecret ? `&secret=${hookSecret}` : '';
         hooks[event] = [
             {
                 hooks: [
                     {
                         type: 'http',
-                        url: `${baseUrl}/v1/hooks/${event}?sessionId=${sessionId}`,
+                        url: `${baseUrl}/v1/hooks/${event}?sessionId=${sessionId}${secretParam}`,
                     },
                 ],
             },
@@ -103,8 +105,8 @@ export function generateHookSettings(baseUrl, sessionId) {
  * @param workDir - Project working directory (to read settings.local.json from)
  * @returns Path to the temporary settings file
  */
-export async function writeHookSettingsFile(baseUrl, sessionId, workDir) {
-    const hookSettings = generateHookSettings(baseUrl, sessionId);
+export async function writeHookSettingsFile(baseUrl, sessionId, hookSecret, workDir) {
+    const hookSettings = generateHookSettings(baseUrl, sessionId, hookSecret);
     // Issue #339: Read project's settings.local.json and merge hooks into it.
     // This ensures CC gets env vars, permissions, and bypassPermissions alongside hooks.
     // Issue #847: Validate workDir path to prevent traversal attacks.

package/dist/hook.js

@@ -30,6 +30,12 @@ const BRIDGE_DIR = existsSync(AEGIS_DIR) ? AEGIS_DIR : MANUS_DIR;
 const MAP_FILE = join(BRIDGE_DIR, 'session_map.json');
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 const TMUX_PANE_RE = /^%\d+$/;
+const DEFAULT_POINTER_TTL_MS = 24 * 60 * 60 * 1000;
+function getPointerTtlMs() {
+    const raw = process.env.AEGIS_CONTINUATION_POINTER_TTL_MS ?? process.env.MANUS_CONTINUATION_POINTER_TTL_MS;
+    const parsed = raw ? Number(raw) : NaN;
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : DEFAULT_POINTER_TTL_MS;
+}
 /** Handle Stop/StopFailure events.
  *  Writes a signal file that the Aegis monitor can detect.
  *  Issue #15: StopFailure fires on API errors (rate limit, auth failure).
@@ -137,6 +143,7 @@ function main() {
         }
         catch { /* fresh map */ }
     }
+    const writtenAt = Date.now();
     sessionMap[key] = {
         session_id: sessionId,
         cwd,
@@ -147,7 +154,9 @@ function main() {
         source: payload.source || null,
         agent_type: payload.agent_type || null,
         model: payload.model || null,
-        written_at: Date.now(),
+        written_at: writtenAt,
+        schema_version: 1,
+        expires_at: writtenAt + getPointerTtlMs(),
     };
     // Atomic write: write to temp file then rename (prevents race-condition data loss)
     const tmpMapFile = MAP_FILE + '.tmp';

package/dist/hooks.js

@@ -114,6 +114,11 @@ export function registerHookRoutes(app, deps) {
         if (!session) {
             return reply.status(404).send({ error: `Session ${sessionId} not found` });
         }
+        // Issue #629: Validate per-session hook secret (defense in depth — also checked in auth middleware)
+        const hookSecret = req.query?.secret;
+        if (session.hookSecret && hookSecret !== session.hookSecret) {
+            return reply.status(401).send({ error: 'Unauthorized — invalid hook secret' });
+        }
         // Issue #665: Validate hook body with Zod instead of unsafe casts
         const parseResult = hookBodySchema.safeParse(req.body);
         if (!parseResult.success) {

package/dist/logger.d.ts

@@ -0,0 +1,35 @@
+/**
+ * logger.ts - structured logger that also emits sanitized diagnostics events.
+ */
+import { type DiagnosticsBus, type DiagnosticsLevel } from './diagnostics.js';
+export interface LogContext {
+    component: string;
+    operation: string;
+    sessionId?: string;
+    errorCode?: string;
+    attributes?: Record<string, unknown>;
+}
+export interface StructuredLogRecord {
+    timestamp: string;
+    level: DiagnosticsLevel;
+    component: string;
+    operation: string;
+    sessionId?: string;
+    errorCode?: string;
+    attributes: Record<string, unknown>;
+}
+export interface StructuredLogSink {
+    info?: (record: StructuredLogRecord) => void;
+    warn?: (record: StructuredLogRecord) => void;
+    error?: (record: StructuredLogRecord) => void;
+}
+export declare function setStructuredLogSink(nextSink: StructuredLogSink): void;
+export declare class StructuredLogger {
+    private readonly bus;
+    constructor(bus?: DiagnosticsBus);
+    info(ctx: LogContext): void;
+    warn(ctx: LogContext): void;
+    error(ctx: LogContext): void;
+    private log;
+}
+export declare const logger: StructuredLogger;