ai-lens 0.7.3 → 0.7.4

package/.commithash

@@ -1 +1 @@
-75f2d5f
+8b0424f

package/cli/hooks.js

@@ -44,11 +44,11 @@ export function readLensConfig() {
 
 export function saveLensConfig(config) {
   mkdirSync(dirname(CONFIG_PATH), { recursive: true });
-  writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2) + '\n');
+  const tmpPath = CONFIG_PATH + '.tmp.' + process.pid;
+  writeFileSync(tmpPath, JSON.stringify(config, null, 2) + '\n');
+  renameSync(tmpPath, CONFIG_PATH);
 }
 
-const DEFAULT_SERVER_URL = 'http://localhost:3000';
-
 /**
  * Escape a string for safe embedding in a single-quoted shell context.
  * Standard POSIX approach: replace each ' with '\'' (end quote, escaped quote, start quote).
@@ -59,19 +59,8 @@ export function shellEscape(str) {
 }
 
 function captureCommand() {
-  const config = readLensConfig();
-  const envs = [];
-  if (config.serverUrl && config.serverUrl !== DEFAULT_SERVER_URL) {
-    envs.push(`AI_LENS_SERVER_URL=${shellEscape(config.serverUrl)}`);
-  }
-  if (config.projects) {
-    envs.push(`AI_LENS_PROJECTS=${shellEscape(config.projects)}`);
-  }
-  if (config.authToken) {
-    envs.push(`AI_LENS_AUTH_TOKEN=${shellEscape(config.authToken)}`);
-  }
-  const base = `node ${CAPTURE_PATH}`;
-  return envs.length > 0 ? `${envs.join(' ')} ${base}` : base;
+  const escaped = shellEscape(CAPTURE_PATH);
+  return `${shellEscape(process.execPath)} ${escaped} || node ${escaped}`;
 }
 
 // ---------------------------------------------------------------------------
@@ -169,13 +158,10 @@ export const TOOL_CONFIGS = [
 export function isAiLensHook(entry) {
   // Flat format (Cursor): { command: "..." }
   const cmd = entry?.command || '';
-  if (cmd.includes('ai-lens') && cmd.includes('capture.js')) return true;
+  if (cmd.includes(CAPTURE_PATH)) return true;
   // Nested format (Claude Code): { matcher, hooks: [{ command: "..." }] }
   if (Array.isArray(entry?.hooks)) {
-    return entry.hooks.some(h => {
-      const c = h?.command || '';
-      return c.includes('ai-lens') && c.includes('capture.js');
-    });
+    return entry.hooks.some(h => (h?.command || '').includes(CAPTURE_PATH));
   }
   return false;
 }
@@ -345,7 +331,9 @@ export function buildStrippedConfig(tool, existingConfig) {
 
 export function writeHooksConfig(tool, config) {
   mkdirSync(dirname(tool.configPath), { recursive: true });
-  writeFileSync(tool.configPath, JSON.stringify(config, null, 2) + '\n');
+  const tmpPath = tool.configPath + '.tmp.' + process.pid;
+  writeFileSync(tmpPath, JSON.stringify(config, null, 2) + '\n');
+  renameSync(tmpPath, tool.configPath);
 }
 
 // ---------------------------------------------------------------------------

package/cli/init.js

@@ -1,7 +1,7 @@
 import { createInterface } from 'node:readline';
 import { execSync } from 'node:child_process';
-import { existsSync } from 'node:fs';
-import { join } from 'node:path';
+import { existsSync, copyFileSync } from 'node:fs';
+import { join, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import { request as httpRequest } from 'node:http';
 import { request as httpsRequest } from 'node:https';
@@ -229,10 +229,11 @@ async function deviceCodeAuth(serverUrl) {
 
 /**
  * Validate an existing auth token against the server.
- * Returns true if token is valid, false if invalid/revoked/unreachable.
+ * Returns 'valid', 'invalid' (401 — revoked/wrong), or 'unreachable' (network error).
  */
 async function validateExistingToken(serverUrl, token) {
-  if (!token || !token.startsWith('ailens_dev_')) return false;
+  if (!token) return 'invalid';
+  if (!token.startsWith('ailens_dev_')) return 'unknown'; // legacy format — keep it
   try {
     const parsed = new URL(`${serverUrl}/api/auth/verify`);
     const isHttps = parsed.protocol === 'https:';
@@ -253,9 +254,11 @@ async function validateExistingToken(serverUrl, token) {
       req.on('timeout', () => { req.destroy(); reject(new Error('timeout')); });
       req.end();
     });
-    return status === 200;
+    if (status === 200) return 'valid';
+    if (status === 401) return 'invalid';
+    return 'unreachable';
   } catch {
-    return false;
+    return 'unreachable';
   }
 }
 
@@ -336,6 +339,8 @@ export default async function init() {
     );
     serverUrl = (serverInput || currentServer).replace(/\/+$/, '');
   }
+  if (!/^https?:\/\//i.test(serverUrl)) serverUrl = `http://${serverUrl}`;
+  try { new URL(serverUrl); } catch { error(`Invalid server URL: ${serverUrl}`); process.exit(1); }
   info(`  Server: ${serverUrl}`);
 
   // Project filter
@@ -350,7 +355,24 @@ export default async function init() {
     const projectsInput = await ask(
       `Projects to track (comma-separated, ~ supported, Enter = ${projectsDefault}): `,
     );
-    projects = projectsInput || currentProjects;
+    projects = (projectsInput && projectsInput.trim() && projectsInput.trim().toLowerCase() !== 'all')
+      ? projectsInput
+      : null;
+  }
+  // Guard: non-string (e.g. array from corrupt config) → treat as unset
+  if (projects && typeof projects !== 'string') {
+    projects = null;
+  }
+  // Guard: "all" means monitor everything → null
+  if (typeof projects === 'string' && projects.trim().toLowerCase() === 'all') {
+    projects = null;
+  }
+  // Normalize: resolve relative paths to absolute, expand ~
+  if (projects) {
+    const home = homedir();
+    projects = projects.split(',').map(p => p.trim()).filter(Boolean)
+      .map(p => p.startsWith('~/') ? join(home, p.slice(2)) : resolve(p))
+      .join(',');
   }
   if (projects) {
     info(`  Tracking: ${projects}`);
@@ -358,23 +380,35 @@ export default async function init() {
     info('  Tracking: all projects');
   }
 
-  // Save config if changed
+  // Build new config in memory — saved after "Proceed?" confirmation
   const newConfig = { ...currentConfig, serverUrl, projects };
-  if (serverUrl !== currentConfig.serverUrl || projects !== currentConfig.projects) {
-    saveLensConfig(newConfig);
+  blank();
+
+  // Install client files to ~/.ai-lens/client/
+  heading('Installing client files...');
+  try {
+    installClientFiles();
+    success('  Copied client files to ~/.ai-lens/client/');
+  } catch (err) {
+    error(`  Failed to install client files: ${err.message}`);
+    return;
   }
   blank();
 
   // Authentication
   heading('Authentication');
   if (currentConfig.authToken) {
-    const valid = await validateExistingToken(serverUrl, currentConfig.authToken);
-    if (valid) {
+    const tokenStatus = await validateExistingToken(serverUrl, currentConfig.authToken);
+    if (tokenStatus === 'valid') {
       success('  Already authenticated (token verified)');
-    } else {
+    } else if (tokenStatus === 'unknown') {
+      warn('  Token format not recognized — keeping existing token');
+    } else if (tokenStatus === 'invalid') {
       warn('  Existing token is invalid or revoked — re-authenticating...');
       currentConfig.authToken = null;
       newConfig.authToken = null;
+    } else {
+      warn('  Could not reach server to verify token — keeping existing token');
     }
   }
   if (!currentConfig.authToken) {
@@ -387,11 +421,23 @@ export default async function init() {
       if (err.message.includes('not configured')) {
         warn(`  Auth not configured on server — personal mode (events sent via git identity)`);
       } else {
-        error(`  Authentication failed: ${err.message}`);
-        return;
+        warn(`  Authentication failed: ${err.message}`);
+        warn(`  Run "npx -y ai-lens init" again later to authenticate`);
       }
     }
   }
+
+  // Validate identity: no token + no git email = events will be dropped
+  if (!newConfig.authToken) {
+    const { email } = getGitIdentity();
+    if (!email) {
+      blank();
+      error('  No auth token and no git email configured.');
+      error('  Events will be silently dropped until one is available.');
+      info('  Fix: git config --global user.email "you@example.com"');
+      info('  Or re-run init when Auth0 is configured on the server.');
+    }
+  }
   blank();
 
   // Analyze each tool
@@ -423,15 +469,17 @@ export default async function init() {
   // Filter to tools that need changes
   const pending = analyses.filter(a => a.analysis.status !== 'current');
 
-  // Clean up legacy hook locations (always, even if current hooks are up-to-date)
-  for (const { tool } of analyses) {
-    for (const lr of cleanupLegacyHooks(tool)) {
-      success(`  ${tool.name}: ${lr.action} legacy hooks in ${lr.path}`);
+  if (pending.length === 0) {
+    saveLensConfig(newConfig);
+
+    // Clean up legacy hook locations (safe: hooks are already current)
+    for (const { tool } of analyses) {
+      for (const lr of cleanupLegacyHooks(tool)) {
+        success(`  ${tool.name}: ${lr.action} legacy hooks in ${lr.path}`);
+      }
     }
-  }
 
-  if (pending.length === 0) {
-    success('Everything is up-to-date. Nothing to do.');
+    success('Hooks are up-to-date.');
   } else {
     // Show plan
     heading('Plan:');
@@ -453,16 +501,15 @@ export default async function init() {
     }
     blank();
 
-    // Install client files to ~/.ai-lens/client/
-    heading('Installing client files...');
-    try {
-      installClientFiles();
-      success('  Copied client files to ~/.ai-lens/client/');
-    } catch (err) {
-      error(`  Failed to install client files: ${err.message}`);
-      return;
+    // Persist config only after confirmation
+    saveLensConfig(newConfig);
+
+    // Clean up legacy hook locations before applying new ones
+    for (const { tool } of analyses) {
+      for (const lr of cleanupLegacyHooks(tool)) {
+        success(`  ${tool.name}: ${lr.action} legacy hooks in ${lr.path}`);
+      }
     }
-    blank();
 
     // Apply
     heading('Applying changes...');
@@ -470,6 +517,10 @@ export default async function init() {
 
     for (const { tool, analysis } of pending) {
       try {
+        // Backup malformed shared configs (e.g. ~/.claude/settings.json) before overwriting
+        if (analysis.status === 'malformed' && tool.sharedConfig) {
+          try { copyFileSync(tool.configPath, tool.configPath + '.bak'); } catch { /* file may be gone */ }
+        }
         const existingConfig = analysis.config || null;
         const merged = buildMergedConfig(tool, existingConfig);
         writeHooksConfig(tool, merged);
@@ -484,12 +535,14 @@ export default async function init() {
 
     // Verify hooks were written correctly
     heading('Verifying hooks...');
+    let verifyFailed = false;
     for (const { tool } of pending) {
       const recheck = analyzeToolHooks(tool);
       if (recheck.status === 'current') {
         success(`  ${tool.name}: hooks verified`);
       } else {
         error(`  ${tool.name}: hooks not current (status: ${recheck.status})`);
+        verifyFailed = true;
       }
     }
     blank();
@@ -503,6 +556,9 @@ export default async function init() {
         error(`  ${r.tool}: failed (${r.error})`);
       }
     }
+    if (results.some(r => !r.ok) || verifyFailed) {
+      process.exitCode = 1;
+    }
     blank();
   }
 

package/client/capture.js

@@ -20,6 +20,7 @@ import {
   CAPTURE_LOG_PATH,
   captureLog,
   getServerUrl,
+  getAuthToken,
   getGitIdentity,
   getGitMetadata,
   getMonitoredProjects,
@@ -40,6 +41,17 @@ function logDrop(reason, meta = {}) {
   } catch { /* best-effort */ }
 }
 
+// =============================================================================
+// Identity Resolution
+// =============================================================================
+
+export function resolveIdentity(gitIdentity, event, hasAuthToken) {
+  const email = gitIdentity.email || event.user_email || null;
+  if (!email && !hasAuthToken) return { proceed: false, email: null, name: null };
+  const name = gitIdentity.name || event.user_name || email || null;
+  return { proceed: true, email, name };
+}
+
 // =============================================================================
 // Truncation (reused from ai-session-lens prompts.js approach)
 // =============================================================================
@@ -161,20 +173,27 @@ function saveLastEvents(cache) {
 }
 
 /**
- * Returns true if this event is a duplicate that should be dropped.
- * Updates the cache with the current event type.
+ * Pure check — returns true if this event is a duplicate that should be dropped.
+ * Does NOT update the cache. Call commitDedup() after successful queue write.
  */
-export function isDuplicateEvent(sessionId, type) {
+export function checkDuplicate(sessionId, source, type) {
   const cache = loadLastEvents();
-  const prev = cache[sessionId];
-  const dominated = DEDUP_TYPES.has(type) && prev === type;
-  if (prev !== type) {
-    cache[sessionId] = type;
-    try {
-      saveLastEvents(cache);
-    } catch { /* dedup cache write failed — proceed with stale state */ }
+  const key = `${source}:${sessionId}`;
+  const prev = cache[key];
+  return DEDUP_TYPES.has(type) && prev === type;
+}
+
+/**
+ * Commit the event type to the dedup cache.
+ * Call only after successful queue write to avoid cache poisoning.
+ */
+export function commitDedup(sessionId, source, type) {
+  const cache = loadLastEvents();
+  const key = `${source}:${sessionId}`;
+  if (cache[key] !== type) {
+    cache[key] = type;
+    try { saveLastEvents(cache); } catch { /* best effort */ }
   }
-  return dominated;
 }
 
 // =============================================================================
@@ -330,12 +349,27 @@ const CURSOR_TYPE_MAP = {
   sessionEnd: 'SessionEnd',
 };
 
+function pickWorkspaceRoot(roots) {
+  if (!Array.isArray(roots) || roots.length === 0) return null;
+  const valid = roots.filter(r => typeof r === 'string' && r.length > 0);
+  if (valid.length === 0) return null;
+  if (valid.length === 1) return valid[0];
+  const monitored = getMonitoredProjects();
+  if (monitored) {
+    const match = valid.find(root =>
+      monitored.some(p => root === p || root.startsWith(p + '/'))
+    );
+    if (match) return match;
+  }
+  return valid[0];
+}
+
 function normalizeCursor(event) {
   const sessionId = event.conversation_id || null;
   const hookName = event.hook_event_name;
   const type = CURSOR_TYPE_MAP[hookName] || hookName;
   const timestamp = new Date().toISOString();
-  let projectPath = Array.isArray(event.workspace_roots) ? event.workspace_roots[0] : null;
+  let projectPath = pickWorkspaceRoot(event.workspace_roots);
   if (projectPath) {
     cacheSessionPath(sessionId, projectPath);
   } else {
@@ -357,10 +391,12 @@ function normalizeCursor(event) {
         input: truncateToolInput(event.tool_input, toolName),
         result: truncateToolResult(event.tool_result, toolName),
       };
+      const mcpServer = event.mcp_server || (toolName.startsWith('mcp__') ? toolName.split('__')[1] : null);
+      if (mcpServer) data.mcp_server = mcpServer;
       break;
     }
     case 'afterFileEdit':
-      data = { file_path: event.file_path, edits: event.edits };
+      data = { file_path: event.file_path, edits: truncateToolResult(event.edits, 'default') };
       break;
     case 'afterShellExecution':
       data = {
@@ -371,16 +407,18 @@ function normalizeCursor(event) {
     case 'postToolUseFailure': {
       const failToolName = event.tool_name || 'unknown';
       data = {
-        tool_name: failToolName,
-        tool_input: truncateToolInput(event.tool_input, failToolName),
-        error_message: truncate(event.error_message || '', 300),
-        failure_type: event.failure_type || null,
+        tool: failToolName,
+        input: truncateToolInput(event.tool_input, failToolName),
+        error: truncate(event.error_message || '', 300),
+        failure_type: event.failure_type ?? null,
         duration: event.duration ?? null,
       };
+      const failMcp = event.mcp_server || (failToolName.startsWith('mcp__') ? failToolName.split('__')[1] : null);
+      if (failMcp) data.mcp_server = failMcp;
       break;
     }
     case 'afterMCPExecution':
-      data = { mcp_server: event.mcp_server, result: event.result };
+      data = { mcp_server: event.mcp_server, result: truncateToolResult(event.result, 'default') };
       break;
     case 'subagentStart':
       data = {
@@ -486,7 +524,7 @@ async function main() {
   // Check server is configured
   const serverUrl = getServerUrl();
   if (!serverUrl) {
-    // No server configured — silently exit
+    logDrop('no_server_url');
     process.exit(0);
   }
 
@@ -499,6 +537,7 @@ async function main() {
   }
 
   if (!input.trim()) {
+    logDrop('empty_stdin');
     process.exit(0);
   }
 
@@ -506,7 +545,7 @@ async function main() {
   try {
     event = JSON.parse(input);
   } catch {
-    // Malformed stdin — exit gracefully
+    logDrop('malformed_json', { input_length: input.length, first_chars: input.slice(0, 100) });
     process.exit(0);
   }
 
@@ -516,28 +555,35 @@ async function main() {
     process.exit(0);
   }
 
-  // Deduplicate consecutive identical event types (e.g. repeated Stop from idle sessions)
-  if (isDuplicateEvent(unified.session_id, unified.type)) {
-    logDrop('duplicate', { type: unified.type, session_id: unified.session_id });
-    process.exit(0);
-  }
-
   // Filter by monitored projects (if configured)
   const monitored = getMonitoredProjects();
-  if (monitored && !monitored.some(p => unified.project_path === p || unified.project_path?.startsWith(p + '/'))) {
-    logDrop('project_filter', { type: unified.type, source: unified.source, session_id: unified.session_id, project_path: unified.project_path, monitored });
-    process.exit(0);
+  if (monitored && unified.project_path && !monitored.some(p => unified.project_path === p || unified.project_path.startsWith(p + '/'))) {
+    // Fallback: for Cursor multi-root workspaces, check if any raw workspace_roots entry matches
+    const roots = Array.isArray(event.workspace_roots) ? event.workspace_roots : [];
+    if (!roots.some(root => monitored.some(p => root === p || root.startsWith(p + '/')))) {
+      logDrop('project_filter', { type: unified.type, source: unified.source, session_id: unified.session_id, project_path: unified.project_path, monitored });
+      process.exit(0);
+    }
   }
 
   // Resolve identity: git first, then fall back to event payload (e.g. Cursor's user_email)
+  // When auth token is present, server resolves developer from token — email is optional
   const identity = getGitIdentity();
-  const email = identity.email || event.user_email || null;
-  if (!email) {
+  const hasAuthToken = !!getAuthToken();
+  const resolved = resolveIdentity(identity, event, hasAuthToken);
+  if (!resolved.proceed) {
     logDrop('no_email', { type: unified.type, session_id: unified.session_id });
     process.exit(0);
   }
-  unified.developer_email = email;
-  unified.developer_name = identity.name || event.user_name || email;
+
+  // Deduplicate consecutive identical event types (e.g. repeated Stop from idle sessions)
+  // Placed after project_filter and no_email checks so dropped events don't poison the cache
+  if (checkDuplicate(unified.session_id, unified.source, unified.type)) {
+    logDrop('duplicate', { type: unified.type, session_id: unified.session_id });
+    process.exit(0);
+  }
+  unified.developer_email = resolved.email;
+  unified.developer_name = resolved.name;
 
   // Attach git metadata (remote, branch, commit)
   const gitMeta = getGitMetadata(unified.project_path);
@@ -553,6 +599,9 @@ async function main() {
     process.exit(1);
   }
 
+  // Commit dedup cache only after successful queue write (avoids cache poisoning on write failure)
+  commitDedup(unified.session_id, unified.source, unified.type);
+
   // Always try to spawn sender — atomic rename in sender handles dedup
   try {
     trySpawnSender();

package/client/config.js

@@ -1,5 +1,5 @@
 import { mkdirSync, appendFileSync, readFileSync, writeFileSync, existsSync, renameSync } from 'node:fs';
-import { join } from 'node:path';
+import { join, resolve } from 'node:path';
 import { homedir } from 'node:os';
 import { execSync } from 'node:child_process';
 
@@ -30,7 +30,11 @@ function loadConfig() {
   if (_configCache !== undefined) return _configCache;
   try {
     _configCache = JSON.parse(readFileSync(CONFIG_PATH, 'utf-8'));
-  } catch {
+  } catch (err) {
+    if (err.code !== 'ENOENT') {
+      captureLog({ msg: 'config-parse-error', path: CONFIG_PATH, error: err.message });
+      console.error(`[ai-lens] config.json corrupt, falling back to defaults: ${err.message}`);
+    }
     _configCache = {};
   }
   return _configCache;
@@ -54,9 +58,14 @@ export function getServerUrl() {
 export function getMonitoredProjects() {
   const val = process.env.AI_LENS_PROJECTS || loadConfig().projects;
   if (!val) return null; // null = monitor everything
+  if (typeof val !== 'string') return null; // non-string (e.g. array) = treat as unset
+  if (val.trim().toLowerCase() === 'all') return null;
+  const paths = val.split(',').map(p => p.trim()).filter(Boolean);
+  if (paths.length === 0) return null;
   const home = homedir();
-  return val.split(',').map(p => p.trim()).filter(Boolean)
+  return paths
     .map(p => p.startsWith('~/') ? join(home, p.slice(2)) : p)
+    .map(p => resolve(p))
     .map(p => p.endsWith('/') ? p.slice(0, -1) : p);
 }
 
@@ -70,14 +79,14 @@ export function getGitIdentity() {
 
   try {
     email = execSync('git config user.email', { encoding: 'utf-8', timeout: 3000 }).trim();
-  } catch {
-    // git not configured
+  } catch (err) {
+    captureLog({ msg: 'git-email-failed', error: err.message?.split('\n')[0] });
   }
 
   try {
     name = execSync('git config user.name', { encoding: 'utf-8', timeout: 3000 }).trim();
   } catch {
-    // git not configured
+    // git name missing is non-critical — email or token is sufficient
   }
 
   return { email, name };
@@ -112,7 +121,9 @@ function cacheRemote(projectPath, remote) {
   const remotes = loadGitRemotes();
   if (remotes[projectPath] !== remote) {
     remotes[projectPath] = remote;
-    saveGitRemotes(remotes);
+    try {
+      saveGitRemotes(remotes);
+    } catch { /* cache write failed — event proceeds without cached remote */ }
   }
 }
 

package/client/redact.js

@@ -34,11 +34,20 @@ const PATTERNS = [
   { type: 'JWT', re: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_\-.+/=]{10,}/g },
 
   // PEM private keys — full block or truncated (just the header + base64 content)
-  { type: 'PRIVATE_KEY', re: /-----BEGIN[A-Z ]*PRIVATE KEY-----[\s\S]*?(?:-----END[A-Z ]*PRIVATE KEY-----|$)/g },
+  { type: 'PRIVATE_KEY', re: /-----BEGIN[A-Z ]*PRIVATE KEY-----[A-Za-z0-9+/=\s\\.]*(?:-----END[A-Z ]*PRIVATE KEY-----)?/g },
 
   // Connection string password (://user:password@host) — redacts password only
   { type: 'CONNECTION_STRING', re: /:\/\/([^:@\s]+):([^@\s]{3,})@/g, replacer: (m, user, _pw) => `://${user}:[REDACTED:CONNECTION_STRING]@` },
 
+  // Environment variables: UPPER_CASE_VAR with secret keyword = value
+  // Catches AI_LENS_AUTH_TOKEN=..., PGPASSWORD=..., AWS_SECRET_ACCESS_KEY=..., etc.
+  // Skips template refs like ${VAR} since value excludes { } chars.
+  {
+    type: 'ENV_VAR',
+    re: /([A-Z_]*(?:SECRET|TOKEN|PASSWORD|PASSWD|API_KEY|APIKEY)[A-Z_]*\s*=\s*["']?)([^\s"';\\\`|>{}\[\]]{8,})/g,
+    replacer: (m, prefix, _val) => `${prefix}[REDACTED:ENV_VAR]`,
+  },
+
   // Key-value pairs: password=..., token: ..., etc.
   {
     type: 'KEY_VALUE',

package/client/sender.js

@@ -10,7 +10,7 @@
  * - Rollback on failure: unsent events prepended back to queue.jsonl
  */
 
-import { readFileSync, writeFileSync, unlinkSync, renameSync } from 'node:fs';
+import { readFileSync, writeFileSync, appendFileSync, unlinkSync, renameSync } from 'node:fs';
 import { request as httpsRequest } from 'node:https';
 import { request as httpRequest } from 'node:http';
 import { fileURLToPath } from 'node:url';
@@ -56,19 +56,32 @@ export function parseQueueContent(content) {
 
 /**
  * Group events by developer_email.
- * Events without developer_email are skipped.
- * Returns Map<email, { identity: { email, name }, events: [] }>
+ * Events without developer_email are skipped unless hasAuthToken is true,
+ * in which case they are grouped under a special '__token_auth__' key
+ * (server resolves identity from the token).
+ * Returns Map<email|'__token_auth__', { identity: { email, name }, events: [] }>
  */
-export function groupByDeveloper(events) {
+export function groupByDeveloper(events, hasAuthToken = false) {
+  const TOKEN_KEY = '__token_auth__';
   const byDeveloper = new Map();
+  let skippedNoEmail = 0;
   for (const evt of events) {
     const email = evt.developer_email;
-    if (!email) continue;
+    if (!email) {
+      if (!hasAuthToken) { skippedNoEmail++; continue; }
+      if (!byDeveloper.has(TOKEN_KEY))
+        byDeveloper.set(TOKEN_KEY, { identity: { email: null, name: null }, events: [] });
+      byDeveloper.get(TOKEN_KEY).events.push(evt);
+      continue;
+    }
     if (!byDeveloper.has(email)) {
       byDeveloper.set(email, { identity: { email, name: evt.developer_name || email }, events: [] });
     }
     byDeveloper.get(email).events.push(evt);
   }
+  if (skippedNoEmail > 0) {
+    log({ msg: 'skip-no-email', skipped: skippedNoEmail, total: events.length });
+  }
   return byDeveloper;
 }
 
@@ -79,6 +92,41 @@ export function buildRollbackContent(unsentContent, existingContent) {
   return unsentContent + existingContent;
 }
 
+/**
+ * Check if a sender lock file is stale (owner process no longer running).
+ * Returns true if lock is missing or process is dead.
+ */
+export function isLockStale(lockPath) {
+  try {
+    const pid = parseInt(readFileSync(lockPath, 'utf-8').trim(), 10);
+    process.kill(pid, 0); // throws if process doesn't exist
+    return false; // process alive — lock is active
+  } catch (err) {
+    if (err.code === 'ESRCH') return true; // process dead — stale
+    if (err.code === 'ENOENT') return true; // no lock file
+    return false; // permission error etc — assume active
+  }
+}
+
+/**
+ * Merge unsent content back into the queue without losing concurrent appends.
+ * Uses atomic rename to drain current queue before merging.
+ */
+export function mergeToQueue(unsentContent, queuePath) {
+  const tmpPath = queuePath + '.rollback.' + process.pid;
+  writeFileSync(tmpPath, unsentContent);
+  const drainPath = queuePath + '.drain.' + process.pid;
+  try {
+    renameSync(queuePath, drainPath);
+    appendFileSync(tmpPath, readFileSync(drainPath, 'utf-8'));
+    unlinkSync(drainPath);
+  } catch (err) {
+    if (err.code !== 'ENOENT') throw err;
+    // No queue existed — nothing to drain
+  }
+  renameSync(tmpPath, queuePath);
+}
+
 /**
  * Atomically acquire the queue for sending.
  * renameSync is atomic on POSIX — acts as a mutex.
@@ -89,16 +137,22 @@ export function buildRollbackContent(unsentContent, existingContent) {
  * @param {string} [sendingPath] - Override sending path (for testing); defaults to SENDING_PATH
  */
 export function acquireQueue(queuePath = QUEUE_PATH, sendingPath = SENDING_PATH) {
-  // Recover orphaned sending file from a previously crashed sender
+  const lockPath = sendingPath + '.lock';
+
+  // Recover orphaned sending file from a previously crashed sender.
+  // Only recover if the lock is stale (owner process is dead).
   try {
     const orphaned = readFileSync(sendingPath, 'utf-8');
+    if (!isLockStale(lockPath)) {
+      // Another sender is actively working — exit without touching its file
+      return null;
+    }
     if (orphaned.trim()) {
-      let existing = '';
-      try { existing = readFileSync(queuePath, 'utf-8'); } catch { /* no queue yet */ }
-      writeFileSync(queuePath, orphaned + existing);
+      mergeToQueue(orphaned, queuePath);
       log({ msg: 'orphan-recovered', bytes: Buffer.byteLength(orphaned) });
     }
     unlinkSync(sendingPath);
+    try { unlinkSync(lockPath); } catch { /* stale lock already gone */ }
   } catch (err) {
     if (err.code !== 'ENOENT') throw err;
     // No orphan — normal path
@@ -111,12 +165,16 @@ export function acquireQueue(queuePath = QUEUE_PATH, sendingPath = SENDING_PATH)
     throw err;
   }
 
+  // Write PID lock so other senders know we're active
+  writeFileSync(lockPath, String(process.pid));
+
   const content = readFileSync(sendingPath, 'utf-8');
   const { events, dropped, overflow } = parseQueueContent(content);
   if (dropped > 0) log({ msg: 'queue-corruption', dropped });
   if (overflow > 0) log({ msg: 'queue-overflow', dropped: overflow, kept: MAX_QUEUE_SIZE });
   if (events.length === 0) {
     unlinkSync(sendingPath);
+    try { unlinkSync(lockPath); } catch {}
     return null;
   }
 
@@ -128,6 +186,7 @@ export function acquireQueue(queuePath = QUEUE_PATH, sendingPath = SENDING_PATH)
  */
 function commitQueue(sendingPath) {
   try { unlinkSync(sendingPath); } catch { /* already gone */ }
+  try { unlinkSync(sendingPath + '.lock'); } catch { /* already gone */ }
 }
 
 /**
@@ -137,10 +196,9 @@ function commitQueue(sendingPath) {
 function rollbackQueue(sendingPath, eventCount) {
   try {
     const unsent = readFileSync(sendingPath, 'utf-8');
-    let existing = '';
-    try { existing = readFileSync(QUEUE_PATH, 'utf-8'); } catch { /* no new events */ }
-    writeFileSync(QUEUE_PATH, buildRollbackContent(unsent, existing));
+    mergeToQueue(unsent, QUEUE_PATH);
     unlinkSync(sendingPath);
+    try { unlinkSync(sendingPath + '.lock'); } catch {}
     log({ msg: 'rollback', events: eventCount });
   } catch { /* best effort */ }
 }
@@ -155,13 +213,12 @@ function rollbackQueue(sendingPath, eventCount) {
  */
 export function partialRollback(sendingPath, unsentEvents, totalCount, queuePath = QUEUE_PATH) {
   try {
-    let existing = '';
-    try { existing = readFileSync(queuePath, 'utf-8'); } catch { /* no new events */ }
     if (unsentEvents.length > 0) {
       const unsentContent = unsentEvents.map(e => JSON.stringify(e)).join('\n') + '\n';
-      writeFileSync(queuePath, unsentContent + existing);
+      mergeToQueue(unsentContent, queuePath);
     }
     try { unlinkSync(sendingPath); } catch { /* already gone */ }
+    try { unlinkSync(sendingPath + '.lock'); } catch { /* already gone */ }
     log({ msg: 'partial-rollback', sent: totalCount - unsentEvents.length, unsent: unsentEvents.length });
   } catch (rollbackErr) {
     log({ msg: 'rollback-failed', error: rollbackErr.message });
@@ -207,16 +264,16 @@ export function chunkEvents(events, maxBytes = MAX_CHUNK_BYTES) {
 function postEvents(serverUrl, events, identity) {
   return new Promise((resolve, reject) => {
     const body = JSON.stringify(events);
-    const url = new URL('/api/events', serverUrl);
+    const url = new URL(`${serverUrl}/api/events`);
     const isHttps = url.protocol === 'https:';
     const requestFn = isHttps ? httpsRequest : httpRequest;
 
     const headers = {
       'Content-Type': 'application/json',
       'Content-Length': Buffer.byteLength(body),
-      'X-Developer-Git-Email': identity.email,
-      'X-Developer-Name': encodeURIComponent(identity.name),
     };
+    if (identity.email) headers['X-Developer-Git-Email'] = identity.email;
+    if (identity.name) headers['X-Developer-Name'] = encodeURIComponent(identity.name);
 
     const authToken = getAuthToken();
     if (authToken) {
@@ -269,9 +326,12 @@ async function main() {
   const { events, sendingPath } = acquired;
 
   // Group events by developer_email (baked in at capture time)
-  const byDeveloper = groupByDeveloper(events);
+  // When auth token is present, null-email events are grouped for token-based identity
+  const hasAuthToken = !!getAuthToken();
+  const byDeveloper = groupByDeveloper(events, hasAuthToken);
 
   if (byDeveloper.size === 0) {
+    log({ msg: 'queue-empty-after-grouping', total_events: events.length, has_auth_token: hasAuthToken });
     commitQueue(sendingPath);
     process.exit(0);
   }
@@ -296,6 +356,9 @@ async function main() {
       for (const chunk of chunks) {
         const result = await postEvents(serverUrl, chunk, identity);
         totalReceived += result.received;
+        if (result.skipped > 0) {
+          log({ msg: 'server-skipped', skipped: result.skipped, chunk_size: chunk.length, developer: identity.email });
+        }
         for (const evt of chunk) {
           if (evt.event_id) sentEventIds.add(evt.event_id);
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-lens",
-  "version": "0.7.3",
+  "version": "0.7.4",
   "type": "module",
   "description": "Centralized session analytics for AI coding tools",
   "bin": {