aegis-bridge 2.6.0 → 2.6.2

package/dist/logger.js

@@ -0,0 +1,65 @@
+/**
+ * logger.ts - structured logger that also emits sanitized diagnostics events.
+ */
+import { diagnosticsBus, sanitizeDiagnosticsAttributes, } from './diagnostics.js';
+const defaultSink = {
+    info: (record) => console.log(JSON.stringify(record)),
+    warn: (record) => console.warn(JSON.stringify(record)),
+    error: (record) => console.error(JSON.stringify(record)),
+};
+let sink = defaultSink;
+export function setStructuredLogSink(nextSink) {
+    sink = {
+        info: nextSink.info ?? defaultSink.info,
+        warn: nextSink.warn ?? defaultSink.warn,
+        error: nextSink.error ?? defaultSink.error,
+    };
+}
+export class StructuredLogger {
+    bus;
+    constructor(bus = diagnosticsBus) {
+        this.bus = bus;
+    }
+    info(ctx) {
+        this.log('info', ctx);
+    }
+    warn(ctx) {
+        this.log('warn', ctx);
+    }
+    error(ctx) {
+        this.log('error', ctx);
+    }
+    log(level, ctx) {
+        const timestamp = new Date().toISOString();
+        const attributes = sanitizeDiagnosticsAttributes(ctx.attributes);
+        const record = {
+            timestamp,
+            level,
+            component: ctx.component,
+            operation: ctx.operation,
+            sessionId: ctx.sessionId,
+            errorCode: ctx.errorCode,
+            attributes,
+        };
+        if (level === 'error') {
+            sink.error?.(record);
+        }
+        else if (level === 'warn') {
+            sink.warn?.(record);
+        }
+        else {
+            sink.info?.(record);
+        }
+        this.bus.emit({
+            event: `${ctx.component}.${ctx.operation}`,
+            level,
+            component: ctx.component,
+            operation: ctx.operation,
+            sessionId: ctx.sessionId,
+            errorCode: ctx.errorCode,
+            timestamp,
+            attributes,
+        });
+    }
+}
+export const logger = new StructuredLogger();

package/dist/monitor.js

@@ -12,6 +12,8 @@ import { join } from 'node:path';
 import { homedir } from 'node:os';
 import { stopSignalsSchema } from './validation.js';
 import { suppressedCatch } from './suppress.js';
+import { logger } from './logger.js';
+import { maybeInjectFault } from './fault-injection.js';
 /** Issue #89 L4: Debounce interval for status change broadcasts (ms). */
 const STATUS_CHANGE_DEBOUNCE_MS = 500;
 export const DEFAULT_MONITOR_CONFIG = {
@@ -93,7 +95,12 @@ export class SessionMonitor {
                 await this.poll();
             }
             catch (e) {
-                console.error('Monitor poll error:', e);
+                logger.error({
+                    component: 'monitor',
+                    operation: 'poll',
+                    errorCode: 'MONITOR_POLL_ERROR',
+                    attributes: { error: e instanceof Error ? e.message : String(e) },
+                });
             }
             // Issue #169 Phase 3: Adaptive polling — use fast interval if any session
             // hasn't received a hook recently (hooks may have stopped working).
@@ -227,7 +234,13 @@ export class SessionMonitor {
                     if (!this.stallNotified.has(`${session.id}:stall:permission_timeout`)) {
                         this.stallNotified.add(`${session.id}:stall:permission_timeout`);
                         const minutes = Math.round(permDuration / 60000);
-                        console.warn(`Monitor: auto-rejecting permission for session ${session.windowName} after ${minutes}min`);
+                        logger.warn({
+                            component: 'monitor',
+                            operation: 'permission_timeout_auto_reject',
+                            sessionId: session.id,
+                            errorCode: 'PERMISSION_TIMEOUT',
+                            attributes: { windowName: session.windowName, timeoutMinutes: minutes },
+                        });
                         try {
                             await this.sessions.reject(session.id);
                             const detail = `Permission auto-rejected after ${minutes}min timeout (session ${session.windowName})`;
@@ -235,7 +248,13 @@ export class SessionMonitor {
                             await this.channels.statusChange(this.makePayload('status.permission_timeout', session, detail));
                         }
                         catch (e) {
-                            console.error(`Monitor: auto-reject failed for session ${session.id}: ${e instanceof Error ? e.message : String(e)}`);
+                            logger.error({
+                                component: 'monitor',
+                                operation: 'permission_timeout_auto_reject',
+                                sessionId: session.id,
+                                errorCode: 'AUTO_REJECT_FAILED',
+                                attributes: { error: e instanceof Error ? e.message : String(e) },
+                            });
                         }
                     }
                 }
@@ -334,7 +353,11 @@ export class SessionMonitor {
             const raw = await readFile(signalFile, 'utf-8');
             const parsed = stopSignalsSchema.safeParse(JSON.parse(raw));
             if (!parsed.success) {
-                console.warn('stop_signals.json failed validation in checkStopSignals');
+                logger.warn({
+                    component: 'monitor',
+                    operation: 'check_stop_signals',
+                    errorCode: 'STOP_SIGNALS_INVALID',
+                });
                 return;
             }
             const signals = parsed.data;
@@ -390,7 +413,13 @@ export class SessionMonitor {
             this.rateLimitedSessions.delete(event.sessionId);
             for (const msg of event.messages) {
                 // Forward asynchronously (fire-and-forget) — catch to prevent unhandled rejection (#404)
-                void this.forwardMessage(session, msg).catch(e => console.error(`Monitor: forwardMessage failed for ${session.id}:`, e));
+                void this.forwardMessage(session, msg).catch(e => logger.error({
+                    component: 'monitor',
+                    operation: 'forward_message',
+                    sessionId: session.id,
+                    errorCode: 'FORWARD_MESSAGE_FAILED',
+                    attributes: { error: e instanceof Error ? e.message : String(e) },
+                }));
             }
             // Update last activity
             session.lastActivity = Date.now();
@@ -453,7 +482,13 @@ export class SessionMonitor {
                 if (!this.lastStatus.has(session.id))
                     return;
                 void this.broadcastStatusChange(session, latestStatus, latestPrevStatus, latestResult)
-                    .catch(e => console.error(`Monitor: broadcastStatusChange failed for ${session.id}:`, e));
+                    .catch(e => logger.error({
+                    component: 'monitor',
+                    operation: 'broadcast_status_change',
+                    sessionId: session.id,
+                    errorCode: 'BROADCAST_STATUS_CHANGE_FAILED',
+                    attributes: { error: e instanceof Error ? e.message : String(e) },
+                }));
             }, STATUS_CHANGE_DEBOUNCE_MS));
         }
         this.lastStatus.set(session.id, result.status);
@@ -477,9 +512,11 @@ export class SessionMonitor {
             return;
         // Issue #32: Emit SSE message event (L11: include tool metadata)
         this.eventBus?.emitMessage(session.id, msg.role, msg.text, msg.contentType, msg.toolName || msg.toolUseId ? { tool_name: msg.toolName, tool_id: msg.toolUseId } : undefined);
+        await maybeInjectFault('monitor.forwardMessage.channels.message');
         await this.channels.message(this.makePayload(event, session, msg.text));
     }
     async broadcastStatusChange(session, status, prevStatus, result) {
+        await maybeInjectFault('monitor.broadcastStatusChange.start');
         if (status === 'permission_prompt' || status === 'bash_approval') {
             // Issue #32: Emit SSE approval event
             this.eventBus?.emitApproval(session.id, result.interactiveContent || 'Permission requested');
@@ -488,14 +525,25 @@ export class SessionMonitor {
             // acceptEdits, plan, auto all handle their own permissions).
             const AUTO_APPROVE_MODES = new Set(['bypassPermissions', 'dontAsk', 'acceptEdits', 'plan', 'auto']);
             if (session.permissionMode !== 'default' && AUTO_APPROVE_MODES.has(session.permissionMode)) {
-                console.log(`[AUTO-APPROVED] Session ${session.windowName} (${session.id.slice(0, 8)}): ${result.interactiveContent || 'permission prompt'}`);
+                logger.info({
+                    component: 'monitor',
+                    operation: 'auto_approve_permission',
+                    sessionId: session.id,
+                    attributes: { windowName: session.windowName, mode: session.permissionMode },
+                });
                 try {
                     await this.sessions.approve(session.id);
                     await this.channels.statusChange(this.makePayload('status.permission', session, `[AUTO-APPROVED] ${result.interactiveContent || 'Permission auto-approved'}`));
                 }
                 catch (e) {
                     const errMsg = e instanceof Error ? e.message : String(e);
-                    console.error(`[AUTO-APPROVE FAILED] Session ${session.id}: ${errMsg}`);
+                    logger.error({
+                        component: 'monitor',
+                        operation: 'auto_approve_permission',
+                        sessionId: session.id,
+                        errorCode: 'AUTO_APPROVE_FAILED',
+                        attributes: { error: errMsg },
+                    });
                     await this.channels.statusChange(this.makePayload('status.permission', session, `[AUTO-APPROVE FAILED] ${result.interactiveContent || 'Permission requested'}: ${errMsg}`));
                 }
             }
@@ -544,6 +592,7 @@ export class SessionMonitor {
         for (const session of sessions) {
             if (this.deadNotified.has(session.id))
                 continue;
+            await maybeInjectFault('monitor.checkDeadSessions.isWindowAlive');
             const alive = await this.sessions.isWindowAlive(session.id);
             if (!alive) {
                 this.deadNotified.add(session.id);
@@ -571,19 +620,31 @@ export class SessionMonitor {
         const { healthy } = await this.tmux.isServerHealthy();
         if (!healthy) {
             if (!this.tmuxWasDown) {
-                console.warn('Monitor: tmux server is unreachable — sessions may be orphaned');
+                logger.warn({
+                    component: 'monitor',
+                    operation: 'tmux_health_check',
+                    errorCode: 'TMUX_UNREACHABLE',
+                });
                 this.tmuxWasDown = true;
             }
             return;
         }
         // Tmux is healthy now
         if (this.tmuxWasDown) {
-            console.log('Monitor: tmux server recovered — triggering crash reconciliation');
+            logger.info({
+                component: 'monitor',
+                operation: 'tmux_health_check',
+                errorCode: 'TMUX_RECOVERED',
+            });
             this.tmuxWasDown = false;
             // Trigger crash reconciliation to re-attach or mark orphaned sessions
             const result = await this.sessions.reconcileTmuxCrash();
             if (result.recovered > 0 || result.orphaned > 0) {
-                console.log(`Monitor: crash reconciliation complete — recovered: ${result.recovered}, orphaned: ${result.orphaned}`);
+                logger.info({
+                    component: 'monitor',
+                    operation: 'tmux_crash_reconciliation',
+                    attributes: { recovered: result.recovered, orphaned: result.orphaned },
+                });
                 // Notify channels about recovery
                 for (const session of this.sessions.listSessions()) {
                     await this.channels.statusChange(this.makePayload('status.recovered', session, `tmux server recovered. Session ${session.windowName} re-attached.`));

package/dist/permission-routes.d.ts

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from 'fastify';
+import type { SessionManager } from './session.js';
+import type { MetricsCollector } from './metrics.js';
+type PermissionSessions = Pick<SessionManager, 'approve' | 'reject' | 'getLatencyMetrics'>;
+type PermissionMetrics = Pick<MetricsCollector, 'recordPermissionResponse'>;
+export declare function registerPermissionRoutes(app: FastifyInstance, sessions: PermissionSessions, metrics: PermissionMetrics): void;
+export {};

package/dist/permission-routes.js

@@ -0,0 +1,28 @@
+function createPermissionHandler(action, sessions, metrics) {
+    return async (req, reply) => {
+        try {
+            if (action === 'approve') {
+                await sessions.approve(req.params.id);
+            }
+            else {
+                await sessions.reject(req.params.id);
+            }
+            // Issue #87: Record permission response latency.
+            const lat = sessions.getLatencyMetrics(req.params.id);
+            if (lat !== null && lat.permission_response_ms !== null) {
+                metrics.recordPermissionResponse(req.params.id, lat.permission_response_ms);
+            }
+            return { ok: true };
+        }
+        catch (e) {
+            return reply.status(404).send({ error: e instanceof Error ? e.message : String(e) });
+        }
+    };
+}
+export function registerPermissionRoutes(app, sessions, metrics) {
+    for (const action of ['approve', 'reject']) {
+        const handler = createPermissionHandler(action, sessions, metrics);
+        app.post(`/v1/sessions/:id/${action}`, handler);
+        app.post(`/sessions/:id/${action}`, handler);
+    }
+}

package/dist/server.js

@@ -31,13 +31,16 @@ import { SSEConnectionLimiter } from './sse-limiter.js';
 import { PipelineManager } from './pipeline.js';
 import { AuthManager } from './auth.js';
 import { MetricsCollector } from './metrics.js';
+import { registerPermissionRoutes } from './permission-routes.js';
 import { registerHookRoutes } from './hooks.js';
 import { registerWsTerminalRoute } from './ws-terminal.js';
 import { SwarmMonitor } from './swarm-monitor.js';
 import { killAllSessions } from './signal-cleanup-helper.js';
 import { execFileSync } from 'node:child_process';
 import { negotiate } from './handshake.js';
-import { authKeySchema, sendMessageSchema, commandSchema, bashSchema, screenshotSchema, permissionHookSchema, stopHookSchema, batchSessionSchema, pipelineSchema, parseIntSafe, isValidUUID, } from './validation.js';
+import { diagnosticsBus } from './diagnostics.js';
+import { setStructuredLogSink } from './logger.js';
+import { authKeySchema, sendMessageSchema, commandSchema, bashSchema, screenshotSchema, permissionHookSchema, stopHookSchema, batchSessionSchema, pipelineSchema, handshakeRequestSchema, parseIntSafe, isValidUUID, compareSemver, extractCCVersion, MIN_CC_VERSION, } from './validation.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 // ── Configuration ────────────────────────────────────────────────────
@@ -92,6 +95,7 @@ async function handleInbound(cmd) {
 // ── HTTP Server ─────────────────────────────────────────────────────
 const app = Fastify({
     bodyLimit: 1048576, // 1MB — Issue #349: explicit body size limit
+    trustProxy: process.env.TRUST_PROXY === 'true', // #633: Only trust X-Forwarded-For when explicitly enabled
     logger: {
         // #230: Redact auth tokens from request logs
         serializers: {
@@ -108,6 +112,11 @@ const app = Fastify({
         },
     },
 });
+setStructuredLogSink({
+    info: (record) => app.log.info(record),
+    warn: (record) => app.log.warn(record),
+    error: (record) => app.log.error(record),
+});
 // #227: Security headers on all API responses (skip SSE)
 app.addHook('onSend', (req, reply, payload, done) => {
     const contentType = reply.getHeader('content-type');
@@ -158,6 +167,31 @@ function checkIpRateLimit(ip, isMaster) {
     const limit = isMaster ? IP_LIMIT_MASTER : IP_LIMIT_NORMAL;
     return activeCount > limit;
 }
+const authFailLimits = new Map();
+const AUTH_FAIL_WINDOW_MS = 60_000;
+const AUTH_FAIL_MAX = 5;
+function checkAuthFailRateLimit(ip) {
+    const now = Date.now();
+    const cutoff = now - AUTH_FAIL_WINDOW_MS;
+    const bucket = authFailLimits.get(ip) || { timestamps: [] };
+    // Prune expired entries
+    bucket.timestamps = bucket.timestamps.filter(t => t >= cutoff);
+    bucket.timestamps.push(now);
+    authFailLimits.set(ip, bucket);
+    return bucket.timestamps.length > AUTH_FAIL_MAX;
+}
+function recordAuthFailure(ip) {
+    checkAuthFailRateLimit(ip);
+}
+/** #632: Prune stale auth-failure buckets. */
+function pruneAuthFailLimits() {
+    const cutoff = Date.now() - AUTH_FAIL_WINDOW_MS;
+    for (const [ip, bucket] of authFailLimits) {
+        bucket.timestamps = bucket.timestamps.filter(t => t >= cutoff);
+        if (bucket.timestamps.length === 0)
+            authFailLimits.delete(ip);
+    }
+}
 /** #357: Prune IPs whose timestamp arrays are entirely outside the rate-limit window. */
 function pruneIpRateLimits() {
     const cutoff = Date.now() - IP_WINDOW_MS;
@@ -188,6 +222,7 @@ function setupAuth(authManager) {
         // Hook routes — exact match: /v1/hooks/{eventName} (alpha only, no path traversal)
         // Issue #394: Require valid X-Session-Id for known sessions instead of blanket bypass.
         // Issue #580: Validate UUID format before getSession lookup.
+        // Issue #629: Validate per-session hook secret to prevent replay with known session ID.
         // CC hooks run from localhost and always include the session ID they were started with.
         const hookMatch = /^\/v1\/hooks\/[A-Za-z]+$/.exec(urlPath);
         if (hookMatch) {
@@ -196,8 +231,16 @@ function setupAuth(authManager) {
             if (hookSessionId && !isValidUUID(hookSessionId)) {
                 return reply.status(400).send({ error: 'Invalid session ID — must be a UUID' });
             }
-            if (hookSessionId && sessions.getSession(hookSessionId)) {
-                return; // valid session — allow
+            if (hookSessionId) {
+                const session = sessions.getSession(hookSessionId);
+                if (session) {
+                    // Issue #629: Validate hook secret from query param
+                    const hookSecret = req.query?.secret;
+                    if (!hookSecret || hookSecret !== session.hookSecret) {
+                        return reply.status(401).send({ error: 'Unauthorized — invalid hook secret' });
+                    }
+                    return; // valid session + secret — allow
+                }
             }
             // No valid session context — reject even when auth is disabled
             return reply.status(401).send({ error: 'Unauthorized — hook endpoint requires valid session ID' });
@@ -224,24 +267,34 @@ function setupAuth(authManager) {
         if (!token) {
             return reply.status(401).send({ error: 'Unauthorized — Bearer token required' });
         }
+        // #633: Only use req.ip — trustProxy controls whether X-Forwarded-For is considered
+        const clientIp = req.ip ?? 'unknown';
+        // #632: Block IPs that exceeded auth failure rate limit (5 attempts/min)
+        if (checkAuthFailRateLimit(clientIp)) {
+            return reply.status(429).send({ error: 'Too many auth failures — try again later' });
+        }
         // #297: Check if this is a short-lived SSE token first
         if (isSSERoute && token.startsWith('sse_')) {
             if (await authManager.validateSSEToken(token)) {
                 return; // authenticated via short-lived SSE token
             }
+            recordAuthFailure(clientIp);
             return reply.status(401).send({ error: 'Unauthorized — SSE token invalid or expired' });
         }
         const result = authManager.validate(token);
         if (!result.valid) {
+            recordAuthFailure(clientIp);
             return reply.status(401).send({ error: 'Unauthorized — invalid API key' });
         }
         if (result.rateLimited) {
             return reply.status(429).send({ error: 'Rate limit exceeded — 100 req/min per key' });
         }
         // #583: Store keyId for batch rate limiting
+        // #634: Store validated keyId for SSE token endpoint to reuse
         requestKeyMap.set(req.id, result.keyId ?? 'anonymous');
+        req.authKeyId = result.keyId;
         // #228: Per-IP rate limiting (applies to all authenticated requests)
-        const clientIp = req.ip ?? req.headers['x-forwarded-for'] ?? 'unknown';
+        // #633: Only use req.ip — trustProxy controls whether X-Forwarded-For is considered
         const isMaster = result.keyId === 'master';
         if (checkIpRateLimit(clientIp, isMaster)) {
             return reply.status(429).send({ error: 'Rate limit exceeded — IP throttled' });
@@ -287,14 +340,11 @@ async function healthHandler() {
 app.get('/v1/health', healthHandler);
 app.get('/health', healthHandler);
 app.post('/v1/handshake', async (req, reply) => {
-    const { protocolVersion, clientCapabilities, clientVersion } = req.body ?? {};
-    if (typeof protocolVersion !== 'string' || !protocolVersion.trim()) {
-        return reply.status(400).send({ error: 'protocolVersion is required' });
-    }
-    if (clientCapabilities !== undefined && !Array.isArray(clientCapabilities)) {
-        return reply.status(400).send({ error: 'clientCapabilities must be an array' });
+    const parsed = handshakeRequestSchema.safeParse(req.body ?? {});
+    if (!parsed.success) {
+        return reply.status(400).send({ error: 'Invalid handshake request', details: parsed.error.issues });
     }
-    const result = negotiate({ protocolVersion, clientCapabilities, clientVersion });
+    const result = negotiate(parsed.data);
     return reply.status(result.compatible ? 200 : 409).send(result);
 });
 // Issue #81: Swarm awareness
@@ -330,18 +380,13 @@ app.delete('/v1/auth/keys/:id', async (req, reply) => {
 });
 // #297: SSE token endpoint — generates short-lived, single-use token
 // to avoid exposing long-lived bearer tokens in SSE URL query params.
-// Must be registered BEFORE setupAuth skips auth key routes.
+// Issue #634: Reuse keyId from auth middleware result to avoid double-increment.
+// of rate limit counter.
 app.post('/v1/auth/sse-token', async (req, reply) => {
     // This route goes through the onRequest auth hook, so the caller is
-    // already authenticated. We just need to extract their keyId.
-    const header = req.headers.authorization;
-    let keyId = 'anonymous';
-    if (header?.startsWith('Bearer ')) {
-        const token = header.slice(7);
-        const result = auth.validate(token);
-        if (result.keyId)
-            keyId = result.keyId;
-    }
+    // already authenticated. Reuse stored keyId to avoid calling auth.validate() again.
+    const storedKeyId = req?.authKeyId;
+    const keyId = (typeof storedKeyId === 'string' ? storedKeyId : 'anonymous');
     try {
         const sseToken = await auth.generateSSEToken(keyId);
         return reply.status(201).send(sseToken);
@@ -350,8 +395,24 @@ app.post('/v1/auth/sse-token', async (req, reply) => {
         return reply.status(429).send({ error: e instanceof Error ? e.message : 'SSE token limit reached' });
     }
 });
+const diagnosticsQuerySchema = z.object({
+    limit: z.coerce.number().int().min(1).max(100).optional(),
+});
 // Global metrics (Issue #40)
 app.get('/v1/metrics', async () => metrics.getGlobalMetrics(sessions.listSessions().length));
+// Bounded no-PII diagnostics channel (Issue #881)
+app.get('/v1/diagnostics', async (req, reply) => {
+    const parsed = diagnosticsQuerySchema.safeParse(req.query ?? {});
+    if (!parsed.success) {
+        return reply.status(400).send({
+            error: 'Invalid diagnostics query params',
+            details: parsed.error.issues,
+        });
+    }
+    const limit = parsed.data.limit ?? 50;
+    const events = diagnosticsBus.getRecent(limit);
+    return { count: events.length, events };
+});
 // Per-session metrics (Issue #40)
 app.get('/v1/sessions/:id/metrics', async (req, reply) => {
     const m = metrics.getSessionMetrics(req.params.id);
@@ -492,6 +553,21 @@ async function createSessionHandler(req, reply) {
     const { workDir, name, prompt, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove } = parsed.data;
     if (!workDir)
         return reply.status(400).send({ error: 'workDir is required' });
+    // Issue #564: Validate installed Claude Code version
+    try {
+        const raw = execFileSync('claude', ['--version'], { encoding: 'utf-8', timeout: 5000 });
+        const ccVer = extractCCVersion(raw);
+        if (ccVer !== null && compareSemver(ccVer, MIN_CC_VERSION) < 0) {
+            return reply.status(422).send({
+                error: `Claude Code version ${ccVer} is below minimum supported version ${MIN_CC_VERSION}. Please upgrade.`,
+                code: 'CC_VERSION_TOO_OLD',
+                upgrade: 'Run: claude update  or  npm install -g @anthropic-ai/claude-code@latest',
+            });
+        }
+    }
+    catch {
+        // claude CLI not found or timed out — skip version check (fails open)
+    }
     const safeWorkDir = await validateWorkDirWithConfig(workDir);
     if (typeof safeWorkDir === 'object')
         return reply.status(400).send({ error: safeWorkDir.error, code: safeWorkDir.code });
@@ -515,6 +591,8 @@ async function createSessionHandler(req, reply) {
     const session = await sessions.createSession({ workDir: safeWorkDir, name, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove });
     console.timeEnd("POST_CREATE_SESSION");
     console.time("POST_CHANNEL_CREATED");
+    // Issue #625: Track session in metrics so sessionsCreated counter is accurate
+    metrics.sessionCreated(session.id);
     // Issue #46: Create Telegram topic BEFORE sending prompt.
     // The monitor starts polling immediately after createSession().
     // If we wait for sendInitialPrompt (up to 15s), the monitor may find
@@ -615,29 +693,13 @@ async function readMessagesHandler(req, reply) {
 }
 app.get('/v1/sessions/:id/read', readMessagesHandler);
 app.get('/sessions/:id/read', readMessagesHandler);
-function makePermissionHandler(action) {
-    return async (req, reply) => {
-        try {
-            const op = action === 'approve' ? sessions.approve.bind(sessions) : sessions.reject.bind(sessions);
-            await op(req.params.id);
-            // Issue #87: Record permission response latency
-            const lat = sessions.getLatencyMetrics(req.params.id);
-            if (lat !== null && lat.permission_response_ms !== null) {
-                metrics.recordPermissionResponse(req.params.id, lat.permission_response_ms);
-            }
-            return { ok: true };
-        }
-        catch (e) {
-            return reply.status(404).send({ error: e instanceof Error ? e.message : String(e) });
-        }
-    };
-}
-const approveHandler = makePermissionHandler('approve');
-const rejectHandler = makePermissionHandler('reject');
-app.post('/v1/sessions/:id/reject', rejectHandler);
-app.post('/sessions/:id/reject', rejectHandler);
-app.post('/v1/sessions/:id/approve', approveHandler);
-app.post('/sessions/:id/approve', approveHandler);
+registerPermissionRoutes(app, {
+    approve: async (id) => sessions.approve(id),
+    reject: async (id) => sessions.reject(id),
+    getLatencyMetrics: (id) => sessions.getLatencyMetrics(id),
+}, {
+    recordPermissionResponse: (id, latencyMs) => metrics.recordPermissionResponse(id, latencyMs),
+});
 // Issue #336: Answer pending AskUserQuestion
 app.post('/v1/sessions/:id/answer', async (req, reply) => {
     const { questionId, answer } = req.body || {};
@@ -994,6 +1056,16 @@ app.post('/v1/pipelines', async (req, reply) => {
         return reply.status(400).send({ error: `Invalid workDir: ${safeWorkDir.error}`, code: safeWorkDir.code });
     }
     pipeConfig.workDir = safeWorkDir;
+    // Validate per-stage workDir overrides for path traversal (#631)
+    for (const stage of pipeConfig.stages) {
+        if (stage.workDir) {
+            const safeStageWorkDir = await validateWorkDirWithConfig(stage.workDir);
+            if (typeof safeStageWorkDir === 'object') {
+                return reply.status(400).send({ error: `Invalid workDir for stage "${stage.name}": ${safeStageWorkDir.error}`, code: safeStageWorkDir.code });
+            }
+            stage.workDir = safeStageWorkDir;
+        }
+    }
     try {
         const pipeline = await pipelines.createPipeline(pipeConfig);
         return reply.status(201).send(pipeline);
@@ -1387,6 +1459,8 @@ async function main() {
     const metricsSaveInterval = setInterval(() => { void metrics.save(); }, 5 * 60 * 1000);
     // #357: Prune stale IP rate-limit entries every minute
     const ipPruneInterval = setInterval(pruneIpRateLimits, 60_000);
+    // #632: Prune stale auth failure rate-limit buckets every minute
+    const authFailPruneInterval = setInterval(pruneAuthFailLimits, 60_000);
     // #398: Sweep stale API key rate limit buckets every 5 minutes
     const authSweepInterval = setInterval(() => auth.sweepStaleRateLimits(), 5 * 60_000);
     // Issue #361: Graceful shutdown handler
@@ -1408,6 +1482,7 @@ async function main() {
         clearInterval(zombieReaperInterval);
         clearInterval(metricsSaveInterval);
         clearInterval(ipPruneInterval);
+        clearInterval(authFailPruneInterval);
         clearInterval(authSweepInterval);
         // Issue #569: Kill all CC sessions and tmux windows before exit
         try {

package/dist/session.d.ts

@@ -25,6 +25,7 @@ export interface SessionInfo {
     permissionMode: string;
     settingsPatched?: boolean;
     hookSettingsFile?: string;
+    hookSecret?: string;
     lastHookAt?: number;
     activeSubagents?: Set<string>;
     permissionPromptAt?: number;