ai-agent-session-center 2.3.3 → 2.3.5

package/server/apiRouter.ts

@@ -18,8 +18,8 @@ import { getStats as getHookStats, resetStats as resetHookStats } from './hookSt
 import * as db from './db.js';
 import { getMqStats } from './mqReader.js';
 import { execFile } from 'child_process';
-import { readFileSync, writeFileSync, readdirSync, existsSync, statSync, mkdirSync } from 'fs';
-import { join, dirname, extname, basename } from 'path';
+import { createReadStream, readFileSync, writeFileSync, readdirSync, existsSync, statSync, mkdirSync } from 'fs';
+import { join, dirname, extname, basename, resolve, sep } from 'path';
 import { homedir, userInfo } from 'os';
 import { fileURLToPath } from 'url';
 import { ALL_CLAUDE_HOOK_EVENTS, DENSITY_EVENTS, SESSION_STATUS, WS_TYPES } from './constants.js';
@@ -68,12 +68,12 @@ const terminalCreateSchema = z.object({
   host: noShellMeta(255).optional(),
   port: z.number().int().min(1).max(65535).optional(),
   username: usernameSchema.optional(),
-  password: z.string().optional(),
+  password: z.string().max(256).optional(),
   privateKeyPath: z.string().optional(),
   authMethod: authMethodSchema,
   workingDir: noShellMetaWorkDir.optional(),
   command: noShellMeta(512).optional(),
-  apiKey: z.string().optional(),
+  apiKey: z.string().max(512).optional(),
   tmuxSession: z.string().regex(/^[a-zA-Z0-9_.\-]+$/, 'must be alphanumeric, dash, underscore, or dot').optional(),
   useTmux: z.boolean().optional(),
   sessionTitle: z.string().max(500).optional(),
@@ -242,7 +242,8 @@ router.get('/hooks/status', (_req: Request, res: Response) => {
     res.json({ installed: installedEvents.length > 0, density, events: installedEvents });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `Hook status check failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to check hook status' });
   }
 });
 
@@ -285,11 +286,18 @@ router.post('/hooks/uninstall', (_req: Request, res: Response) => {
 router.post('/sessions/:id/resume', async (req: Request, res: Response) => {
   const sessionId = str(req.params.id);
 
+  // Validate session ID format to prevent command injection (only allow UUID-like chars)
+  if (!/^[a-zA-Z0-9_-]+$/.test(sessionId)) {
+    res.status(400).json({ error: 'Invalid session ID format' });
+    return;
+  }
+
   const session = getSession(sessionId);
   if (!session) { res.status(404).json({ error: 'Session not found' }); return; }
 
-  // Build resume command: try exact session ID first, fall back to --continue
-  const resumeCmd = `claude --resume ${sessionId} || claude --continue`;
+  // Build resume command with single-quoted session ID to prevent shell interpretation
+  const safeId = sessionId.replace(/'/g, "'\\''");
+  const resumeCmd = `claude --resume '${safeId}' || claude --continue`;
 
   const allTerminals = getTerminals();
   const terminalExists = session.lastTerminalId && allTerminals.some(t => t.terminalId === session.lastTerminalId);
@@ -357,7 +365,7 @@ router.post('/sessions/:id/resume', async (req: Request, res: Response) => {
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
     log.error('api', `Resume with new terminal failed: ${msg}`);
-    res.status(500).json({ error: `Failed to create new terminal: ${msg}` });
+    res.status(500).json({ error: 'Failed to create new terminal' });
   }
 });
 
@@ -390,7 +398,7 @@ router.post('/sessions/:id/reconnect-terminal', async (req: Request, res: Respon
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
     log.error('api', `Reconnect terminal failed: ${msg}`);
-    res.status(500).json({ error: `Failed to reconnect terminal: ${msg}` });
+    res.status(500).json({ error: 'Failed to reconnect terminal' });
   }
 });
 
@@ -418,7 +426,8 @@ router.post('/sessions/:id/kill', (req: Request, res: Response) => {
       }, 3000);
     } catch (e: unknown) {
       const msg = e instanceof Error ? e.message : String(e);
-      res.status(500).json({ error: `Failed to kill PID ${pid}: ${msg}` });
+      log.error('api', `Failed to kill PID ${pid}: ${msg}`);
+      res.status(500).json({ error: 'Failed to terminate process' });
       return;
     }
   }
@@ -536,7 +545,7 @@ router.post('/sessions/:id/summarize', async (req: Request, res: Response) => {
     activeSummarizeRequests--;
     const msg = err instanceof Error ? err.message : String(err);
     log.error('api', `Summarize error: ${msg}`);
-    res.status(500).json({ success: false, error: `Summarize failed: ${msg}` });
+    res.status(500).json({ success: false, error: 'Summarize failed' });
   }
 });
 
@@ -569,7 +578,8 @@ router.post('/tmux-sessions', async (req: Request, res: Response) => {
     res.json({ sessions });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `Tmux session list failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to list tmux sessions' });
   }
 });
 
@@ -623,7 +633,8 @@ router.post('/terminals', async (req: Request, res: Response) => {
     res.json({ ok: true, terminalId });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ success: false, error: msg });
+    log.error('api', `Terminal creation failed: ${msg}`);
+    res.status(500).json({ success: false, error: 'Failed to create terminal' });
   }
 });
 
@@ -644,6 +655,10 @@ router.post('/terminals/:id/write', (req: Request, res: Response) => {
     res.status(400).json({ error: 'Missing or invalid "data" field' });
     return;
   }
+  if (data.length > 8192) {
+    res.status(400).json({ error: 'Data too large (max 8KB)' });
+    return;
+  }
   const terminals = getTerminals();
   const exists = terminals.some((t) => t.terminalId === terminalId);
   if (!exists) {
@@ -720,7 +735,7 @@ router.post('/teams/:teamId/members/:sessionId/terminal', async (req: Request, r
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
     log.error('api', `Failed to attach to tmux pane ${tmuxPaneId}: ${msg}`);
-    res.status(500).json({ success: false, error: msg });
+    res.status(500).json({ success: false, error: 'Failed to attach to tmux pane' });
   }
 });
 
@@ -738,8 +753,8 @@ router.get('/db/sessions', (req: Request, res: Response) => {
     archived: (archived as string) || undefined,
     sortBy: ((sortBy as string) || 'started_at') as 'started_at' | 'last_activity_at' | 'project_name' | 'status',
     sortDir: ((sortDir as string) || 'desc') as 'asc' | 'desc',
-    page: page ? Number(page) : 1,
-    pageSize: pageSize ? Number(pageSize) : 50,
+    page: Math.max(1, Math.min(1000, page ? parseInt(String(page), 10) || 1 : 1)),
+    pageSize: Math.max(1, Math.min(200, pageSize ? parseInt(String(pageSize), 10) || 50 : 50)),
   });
   res.json(result);
 });
@@ -762,14 +777,19 @@ router.get('/db/projects', (_req: Request, res: Response) => {
   res.json(db.getDistinctProjects());
 });
 
-// Full-text search across prompts and responses
+// Full-text search across prompts and responses (rate-limited: expensive)
 router.get('/db/search', (req: Request, res: Response) => {
+  const ip = req.ip || 'unknown';
+  if (isRateLimited(`db-search:${ip}`, 5)) {
+    res.status(429).json({ error: 'Rate limit exceeded' });
+    return;
+  }
   const { query, type, page, pageSize } = req.query;
   res.json(db.fullTextSearch({
     query: (query as string) || '',
     type: (type as string) || 'all',
-    page: page ? Number(page) : 1,
-    pageSize: pageSize ? Number(pageSize) : 50,
+    page: Math.max(1, Math.min(1000, page ? parseInt(String(page), 10) || 1 : 1)),
+    pageSize: Math.max(1, Math.min(200, pageSize ? parseInt(String(pageSize), 10) || 50 : 50)),
   }));
 });
 
@@ -805,7 +825,12 @@ router.get('/db/analytics/projects', (_req: Request, res: Response) => {
   res.json(db.getActiveProjects());
 });
 
-router.get('/db/analytics/heatmap', (_req: Request, res: Response) => {
+router.get('/db/analytics/heatmap', (req: Request, res: Response) => {
+  const ip = req.ip || 'unknown';
+  if (isRateLimited(`heatmap:${ip}`, 2)) {
+    res.status(429).json({ error: 'Rate limit exceeded' });
+    return;
+  }
   res.json(db.getHeatmap());
 });
 
@@ -902,6 +927,10 @@ const TEXT_NAMES = new Set([
 ]);
 
 const MAX_FILE_SIZE = 2 * 1024 * 1024; // 2 MB
+const MAX_STREAMABLE_SIZE = 100 * 1024 * 1024; // 100 MB (for PDF/image streaming)
+
+/** Extensions that can be streamed directly to the browser (not read into JSON). */
+const STREAMABLE_EXTENSIONS = new Set(['.pdf']);
 
 /** Directories to skip when listing. */
 const HIDDEN_DIRS = new Set([
@@ -915,13 +944,30 @@ function isTextFile(name: string): boolean {
   return ext === '' || TEXT_EXTENSIONS.has(ext);
 }
 
+/** Validate that root is a known/safe project path — blocks dangerous roots like /. */
+function isAllowedProjectRoot(root: string): boolean {
+  if (!root) return false;
+  // Must be an absolute path
+  if (!root.startsWith('/') && !/^[A-Z]:\\/.test(root)) return false;
+  // Block shallow roots: /, /etc, /home, /Users, etc.
+  const segments = root.split('/').filter(Boolean);
+  if (segments.length < 2) return false;
+  // Block specific dangerous roots
+  const blocked = ['/', '/etc', '/root', '/tmp', '/var', '/bin', '/sbin', '/usr', '/dev', '/proc', '/sys'];
+  if (blocked.includes(root)) return false;
+  return true;
+}
+
 /** Resolve and validate a requested path is within the project root. */
 function resolveProjectPath(projectRoot: string, relPath: string): string | null {
-  // Prevent traversal: normalise, then ensure it's within root
-  const resolved = join(projectRoot, relPath);
-  const normalised = join(resolved); // removes .., . etc
-  if (!normalised.startsWith(projectRoot)) return null;
-  return normalised;
+  // Prevent traversal: resolve to absolute, then ensure it's within root
+  // Strip leading '/' so path.resolve treats it as relative to projectRoot
+  const cleaned = relPath.replace(/^\/+/, '');
+  const rootWithSep = projectRoot.endsWith(sep) ? projectRoot : projectRoot + sep;
+  const resolved = resolve(projectRoot, cleaned);
+  // Must either equal the root exactly or be underneath it (with separator check)
+  if (resolved !== projectRoot && !resolved.startsWith(rootWithSep)) return null;
+  return resolved;
 }
 
 const filePathSchema = z.object({
@@ -932,6 +978,7 @@ const filePathSchema = z.object({
 router.get('/files/list', (req: Request, res: Response) => {
   const root = str(req.query.root);
   if (!root) { res.status(400).json({ error: 'root query param required' }); return; }
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
 
   const body = filePathSchema.safeParse({ path: str(req.query.path) || '/' });
   if (!body.success) { res.status(400).json({ error: 'Invalid path' }); return; }
@@ -976,7 +1023,8 @@ router.get('/files/list', (req: Request, res: Response) => {
     res.json({ path: relPath, items });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `File list failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to list directory' });
   }
 });
 
@@ -984,6 +1032,7 @@ router.get('/files/list', (req: Request, res: Response) => {
 router.get('/files/read', (req: Request, res: Response) => {
   const root = str(req.query.root);
   if (!root) { res.status(400).json({ error: 'root query param required' }); return; }
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
 
   const body = filePathSchema.safeParse({ path: str(req.query.path) });
   if (!body.success) { res.status(400).json({ error: 'Invalid path' }); return; }
@@ -997,9 +1046,21 @@ router.get('/files/read', (req: Request, res: Response) => {
 
     const stat = statSync(fullPath);
     if (stat.isDirectory()) { res.status(400).json({ error: 'Path is a directory, not a file' }); return; }
+    const name = basename(fullPath);
+    const fileExt = extname(name).toLowerCase();
+
+    // PDFs and other streamable files: return metadata with streamable flag (no size limit)
+    if (STREAMABLE_EXTENSIONS.has(fileExt)) {
+      if (stat.size > MAX_STREAMABLE_SIZE) {
+        res.status(413).json({ error: `File too large (${(stat.size / 1024 / 1024).toFixed(1)} MB, max 100 MB)` });
+        return;
+      }
+      res.json({ path: relPath, streamable: true, ext: fileExt.replace('.', ''), size: stat.size, name });
+      return;
+    }
+
     if (stat.size > MAX_FILE_SIZE) { res.status(413).json({ error: `File too large (${(stat.size / 1024 / 1024).toFixed(1)} MB, max 2 MB)` }); return; }
 
-    const name = basename(fullPath);
     if (!isTextFile(name)) {
       res.json({ path: relPath, binary: true, size: stat.size, name });
       return;
@@ -1010,7 +1071,51 @@ router.get('/files/read', (req: Request, res: Response) => {
     res.json({ path: relPath, content, ext, size: stat.size, name });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `File read failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to read file' });
+  }
+});
+
+/** GET /api/files/stream?root=<projectPath>&path=<relative> — stream a file (PDF, images) */
+router.get('/files/stream', (req: Request, res: Response) => {
+  const root = str(req.query.root);
+  if (!root) { res.status(400).json({ error: 'root query param required' }); return; }
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
+
+  const body = filePathSchema.safeParse({ path: str(req.query.path) });
+  if (!body.success) { res.status(400).json({ error: 'Invalid path' }); return; }
+
+  const relPath = body.data.path;
+  const fullPath = resolveProjectPath(root, relPath);
+  if (!fullPath) { res.status(400).json({ error: 'Path outside project root' }); return; }
+
+  try {
+    if (!existsSync(fullPath)) { res.status(404).json({ error: 'File not found' }); return; }
+
+    const stat = statSync(fullPath);
+    if (stat.isDirectory()) { res.status(400).json({ error: 'Path is a directory' }); return; }
+    if (stat.size > MAX_STREAMABLE_SIZE) { res.status(413).json({ error: 'File too large' }); return; }
+
+    const fileExt = extname(fullPath).toLowerCase();
+    if (!STREAMABLE_EXTENSIONS.has(fileExt)) { res.status(400).json({ error: 'File type not streamable' }); return; }
+
+    const mimeMap: Record<string, string> = { '.pdf': 'application/pdf' };
+    const contentType = mimeMap[fileExt] || 'application/octet-stream';
+
+    res.setHeader('Content-Type', contentType);
+    res.setHeader('Content-Length', stat.size);
+    const safeName = basename(fullPath).replace(/[^a-zA-Z0-9._-]/g, '_');
+    res.setHeader('Content-Disposition', `inline; filename="${safeName}"`);
+
+    const stream = createReadStream(fullPath);
+    stream.pipe(res);
+    stream.on('error', () => {
+      if (!res.headersSent) res.status(500).json({ error: 'Stream error' });
+    });
+  } catch (err: unknown) {
+    const msg = err instanceof Error ? err.message : String(err);
+    log.error('api', `File stream failed: ${msg}`);
+    if (!res.headersSent) res.status(500).json({ error: 'Failed to stream file' });
   }
 });
 
@@ -1026,6 +1131,7 @@ router.post('/files/write', (req: Request, res: Response) => {
   if (!parsed.success) { res.status(400).json({ error: 'Invalid request body' }); return; }
 
   const { root, path: relPath, content } = parsed.data;
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
   const fullPath = resolveProjectPath(root, relPath);
   if (!fullPath) { res.status(400).json({ error: 'Path outside project root' }); return; }
 
@@ -1040,7 +1146,8 @@ router.post('/files/write', (req: Request, res: Response) => {
     res.json({ ok: true, path: relPath, size: stat.size });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `File write failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to write file' });
   }
 });
 
@@ -1055,6 +1162,7 @@ router.post('/files/mkdir', (req: Request, res: Response) => {
   if (!parsed.success) { res.status(400).json({ error: 'Invalid request body' }); return; }
 
   const { root, path: relPath } = parsed.data;
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
   const fullPath = resolveProjectPath(root, relPath);
   if (!fullPath) { res.status(400).json({ error: 'Path outside project root' }); return; }
 
@@ -1064,15 +1172,22 @@ router.post('/files/mkdir', (req: Request, res: Response) => {
     res.json({ ok: true, path: relPath });
   } catch (err: unknown) {
     const msg = err instanceof Error ? err.message : String(err);
-    res.status(500).json({ error: msg });
+    log.error('api', `Mkdir failed: ${msg}`);
+    res.status(500).json({ error: 'Failed to create directory' });
   }
 });
 
 /** GET /api/files/search?root=<projectPath>&q=<query> — fuzzy search file names */
 router.get('/files/search', (req: Request, res: Response) => {
+  const ip = req.ip || 'unknown';
+  if (isRateLimited(`file-search:${ip}`, 5)) {
+    res.status(429).json({ error: 'Rate limit exceeded' });
+    return;
+  }
   const root = str(req.query.root);
   const query = str(req.query.q).toLowerCase();
   if (!root) { res.status(400).json({ error: 'root query param required' }); return; }
+  if (!isAllowedProjectRoot(root)) { res.status(400).json({ error: 'Invalid project root' }); return; }
   if (!query) { res.json({ results: [] }); return; }
 
   const results: Array<{ path: string; name: string; type: 'dir' | 'file' }> = [];

package/server/approvalDetector.ts

@@ -4,7 +4,7 @@
  * If PostToolUse does not arrive within the timeout, the session transitions to approval/input status.
  * PermissionRequest events provide a direct signal that bypasses the timeout heuristic.
  */
-import { execSync } from 'child_process';
+import { execFileSync } from 'child_process';
 import { getToolTimeout, getToolCategory, getWaitingStatus, getWaitingLabel } from './config.js';
 import { SESSION_STATUS, ANIMATION_STATE } from './constants.js';
 import log from './logger.js';
@@ -28,7 +28,7 @@ export function hasChildProcesses(pid: number): boolean {
   const validPid = validatePid(pid);
   if (!validPid) return false;
   try {
-    const out = execSync(`pgrep -P ${validPid} 2>/dev/null`, { encoding: 'utf-8', timeout: 2000 });
+    const out = execFileSync('pgrep', ['-P', String(validPid)], { encoding: 'utf-8', timeout: 2000 });
     return out.trim().length > 0;
   } catch (e: unknown) {
     // #37: Return true on error as safer default — assume command is still running

package/server/index.ts

@@ -5,7 +5,7 @@ import { createServer } from 'http';
 import { WebSocketServer } from 'ws';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
-import { execSync } from 'child_process';
+import { execFile } from 'child_process';
 import hookRouter from './hookRouter.js';
 import { handleConnection, stopHeartbeat } from './wsManager.js';
 import { getAllSessions, loadSnapshot, saveSnapshot, startPeriodicSave, stopPeriodicSave } from './sessionStore.js';
@@ -31,21 +31,25 @@ const noOpen = args.includes('--no-open');
 
 const app = express();
 const server = createServer(app);
-const wss = new WebSocketServer({ server });
+const wss = new WebSocketServer({ server, maxPayload: 64 * 1024 }); // 64KB max WS message
 
-app.use(express.json({ limit: '10mb' }));
+app.use(express.json({ limit: '2mb' }));
 
 // -- Security headers --
-app.use((_req, res, next) => {
+app.use((req, res, next) => {
   res.setHeader('X-Content-Type-Options', 'nosniff');
   res.setHeader('X-Frame-Options', 'DENY');
   res.setHeader('X-XSS-Protection', '1; mode=block');
   res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
   res.setHeader('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
-  // CSP: allow self + inline styles (needed for xterm/three.js) + WebSocket
+  // HSTS when behind TLS terminating proxy
+  if (req.secure || req.headers['x-forwarded-proto'] === 'https') {
+    res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+  }
+  // CSP: restrict connect-src to self (covers ws:/wss: same-origin)
   res.setHeader(
     'Content-Security-Policy',
-    "default-src 'self'; script-src 'self' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: https://cdn.jsdelivr.net; img-src 'self' data: blob:; font-src 'self' data: https://cdn.jsdelivr.net; worker-src 'self' blob:",
+    "default-src 'self'; script-src 'self' blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.jsdelivr.net; img-src 'self' data: blob:; font-src 'self' data: https://cdn.jsdelivr.net; worker-src 'self' blob:; frame-src 'self' blob:",
   );
   next();
 });
@@ -82,14 +86,18 @@ app.post('/api/auth/login', (req, res) => {
   }
   if (!verifyPassword(password, config.passwordHash ?? '')) {
     recordLoginAttempt(ip);
+    log.warn('auth', `Failed login attempt from IP ${ip}`);
     res.status(401).json({ error: 'Wrong password' });
     return;
   }
 
   clearLoginAttempts(ip);
+  log.warn('auth', `Successful login from IP ${ip}`);
   const token = createToken();
-  res.setHeader('Set-Cookie', `auth_token=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${TOKEN_TTL_SECONDS}`);
-  res.json({ success: true, token, expiresIn: TOKEN_TTL_SECONDS });
+  const isSecure = req.secure || req.headers['x-forwarded-proto'] === 'https';
+  const secureSuffix = isSecure ? '; Secure' : '';
+  res.setHeader('Set-Cookie', `auth_token=${token}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${TOKEN_TTL_SECONDS}${secureSuffix}`);
+  res.json({ success: true, expiresIn: TOKEN_TTL_SECONDS });
 });
 
 app.post('/api/auth/refresh', (req, res) => {
@@ -103,8 +111,10 @@ app.post('/api/auth/refresh', (req, res) => {
     res.status(401).json({ error: 'Token expired or invalid — please login again' });
     return;
   }
-  res.setHeader('Set-Cookie', `auth_token=${newToken}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${TOKEN_TTL_SECONDS}`);
-  res.json({ success: true, token: newToken, expiresIn: TOKEN_TTL_SECONDS });
+  const isSecure = req.secure || req.headers['x-forwarded-proto'] === 'https';
+  const secureSuffix = isSecure ? '; Secure' : '';
+  res.setHeader('Set-Cookie', `auth_token=${newToken}; HttpOnly; SameSite=Strict; Path=/; Max-Age=${TOKEN_TTL_SECONDS}${secureSuffix}`);
+  res.json({ success: true, expiresIn: TOKEN_TTL_SECONDS });
 });
 
 app.post('/api/auth/logout', (req, res) => {
@@ -128,12 +138,13 @@ app.get('/api/sessions', authMiddleware, (_req, res) => {
   res.json(getAllSessions());
 });
 
-// Request logging middleware (debug mode only)
+// Request logging middleware (debug mode only) — strip tokens from logged URLs
 if (log.isDebug) {
   app.use((req, res, next) => {
     const start = Date.now();
     res.on('finish', () => {
-      log.debug('http', `${req.method} ${req.originalUrl} ${res.statusCode} ${Date.now() - start}ms`);
+      const sanitizedUrl = req.originalUrl.replace(/token=[^&]+/, 'token=***');
+      log.debug('http', `${req.method} ${sanitizedUrl} ${res.statusCode} ${Date.now() - start}ms`);
     });
     next();
   });
@@ -144,10 +155,29 @@ app.get('/{*splat}', (_req, res) => {
   res.sendFile(join(clientDir, 'index.html'));
 });
 
-// -- WebSocket with auth validation --
+// -- WebSocket with origin validation + auth --
 wss.on('connection', (ws, req) => {
+  // Origin validation: only allow same-host connections to prevent CSWSH
+  const origin = req.headers.origin;
+  const host = req.headers.host;
+  if (origin && host) {
+    try {
+      const originHost = new URL(origin).host;
+      if (originHost !== host) {
+        log.warn('ws', `Rejected WebSocket from foreign origin: ${origin} (expected host: ${host})`);
+        ws.close(4003, 'Forbidden: origin mismatch');
+        return;
+      }
+    } catch {
+      log.warn('ws', `Rejected WebSocket with invalid origin: ${origin}`);
+      ws.close(4003, 'Forbidden: invalid origin');
+      return;
+    }
+  }
+
   if (isPasswordEnabled()) {
-    const token = extractToken(req);
+    // Prefer cookie-based auth (avoids token in URL query string)
+    const token = parseCookieToken(req.headers.cookie) ?? extractToken(req);
     if (!validateToken(token)) {
       log.debug('auth', 'Rejected unauthorized WebSocket connection');
       ws.close(4001, 'Unauthorized');
@@ -170,7 +200,7 @@ function openBrowser(url: string): void {
     const cmd = process.platform === 'darwin' ? 'open'
       : process.platform === 'win32' ? 'start'
       : 'xdg-open';
-    execSync(`${cmd} "${url}"`, { stdio: 'ignore', timeout: 5000 });
+    execFile(cmd, [url], { timeout: 5000 }, () => { /* ignore errors */ });
   } catch {
     // Browser open failed -- not critical
   }
@@ -207,11 +237,14 @@ function onReady(): void {
   if (isPasswordEnabled()) {
     log.info('server', 'Password protection ENABLED -- login required (1h token TTL)');
   } else {
-    // Warn if binding to all interfaces without password
+    // Warn/block if binding to all interfaces without password
     const bindAddr = (server.address() as { address?: string } | null)?.address;
     if (bindAddr === '0.0.0.0' || bindAddr === '::') {
-      log.warn('server', '⚠ WARNING: Server is publicly accessible WITHOUT a password!');
-      log.warn('server', '  Run `npm run setup` to set a password before exposing to the internet.');
+      log.error('server', '------------------------------------------------------------');
+      log.error('server', 'SECURITY: Server is publicly accessible WITHOUT a password!');
+      log.error('server', 'This is DANGEROUS. Anyone on the network has full access.');
+      log.error('server', 'Run `npm run setup` to set a password.');
+      log.error('server', '------------------------------------------------------------');
     }
   }
   if (log.isDebug) {

package/server/mqReader.ts

@@ -60,12 +60,12 @@ export function startMqReader(options?: MqReaderOptions): void {
   running = true;
   mqStats.startedAt = Date.now();
 
-  // Ensure queue directory exists
-  mkdirSync(QUEUE_DIR, { recursive: true });
+  // Ensure queue directory exists with restrictive permissions (user-only)
+  mkdirSync(QUEUE_DIR, { recursive: true, mode: 0o700 });
 
-  // Create queue file if it doesn't exist (but don't truncate existing)
+  // Create queue file if it doesn't exist with restrictive permissions
   if (!existsSync(QUEUE_FILE)) {
-    writeFileSync(QUEUE_FILE, '');
+    writeFileSync(QUEUE_FILE, '', { mode: 0o600 });
   }
 
   // Resume from snapshot offset or start from current EOF

package/server/processMonitor.ts

@@ -4,7 +4,7 @@
  * Auto-ends sessions whose processes have died (e.g., terminal closed abruptly).
  * Also provides findClaudeProcess() with cached PID, pgrep, and lsof fallbacks.
  */
-import { execSync } from 'child_process';
+import { execSync, execFileSync } from 'child_process';
 import { getTerminalForSession } from './sshManager.js';
 import { SESSION_STATUS, ANIMATION_STATE, WS_TYPES } from './constants.js';
 import { PROCESS_CHECK_INTERVAL } from './config.js';
@@ -167,7 +167,12 @@ export function findClaudeProcess(
       if (pid) cachePid(pid, sessionId, session, pidToSession);
       return pid || null;
     } else {
-      const pidsOut = execSync(`pgrep -f claude 2>/dev/null || true`, { encoding: 'utf-8', timeout: 5000 });
+      let pidsOut: string;
+      try {
+        pidsOut = execFileSync('pgrep', ['-f', 'claude'], { encoding: 'utf-8', timeout: 5000 });
+      } catch {
+        pidsOut = ''; // pgrep exits non-zero when no matches
+      }
       const pids = pidsOut.trim().split('\n')
         .map(p => validatePid(p.trim()))
         .filter((p): p is number => p !== null && p !== myPid);
@@ -185,10 +190,11 @@ export function findClaudeProcess(
           try {
             let cwd: string;
             if (process.platform === 'darwin') {
-              const out = execSync(`lsof -a -d cwd -Fn -p ${pid} 2>/dev/null | grep '^n'`, { encoding: 'utf-8', timeout: 3000 });
-              cwd = out.trim().replace(/^n/, '');
+              const out = execFileSync('lsof', ['-a', '-d', 'cwd', '-Fn', '-p', String(pid)], { encoding: 'utf-8', timeout: 3000 });
+              const nLine = out.split('\n').find(l => l.startsWith('n'));
+              cwd = nLine ? nLine.slice(1).trim() : '';
             } else {
-              cwd = execSync(`readlink /proc/${pid}/cwd 2>/dev/null`, { encoding: 'utf-8', timeout: 3000 }).trim();
+              cwd = execFileSync('readlink', [`/proc/${pid}/cwd`], { encoding: 'utf-8', timeout: 3000 }).trim();
             }
             const match = cwd === projectPath;
             log.debug('findProcess', `pid=${pid} cwd="${cwd}" ${match ? 'MATCH' : 'no match'}`);
@@ -207,7 +213,7 @@ export function findClaudeProcess(
       for (const pid of pids) {
         if (claimedPids.has(pid)) continue;
         try {
-          const tty = execSync(`ps -o tty= -p ${pid}`, { encoding: 'utf-8', timeout: 3000 }).trim();
+          const tty = execFileSync('ps', ['-o', 'tty=', '-p', String(pid)], { encoding: 'utf-8', timeout: 3000 }).trim();
           log.debug('findProcess', `fallback pid=${pid} tty=${tty || 'NONE'}`);
           if (tty && tty !== '??' && tty !== '?') {
             log.debug('findProcess', `FALLBACK returning pid=${pid} (first unclaimed with tty)`);