ai-lens 0.8.55 → 0.8.59

package/.commithash

@@ -1 +1 @@
-93a1682
+8656b37

package/README.md

@@ -136,7 +136,7 @@ Images are stored in ECR (`267996409571.dkr.ecr.eu-north-1.amazonaws.com/ai-lens
 | `PORT` | `3000` | Server port |
 | `DATABASE_URL` | _(required)_ | PostgreSQL connection string |
 | `POSTGRES_PASSWORD` | `ailens` | PostgreSQL password (docker compose) |
-| `ANALYSIS_INTERVAL` | `3600` | Seconds between analysis runs |
+| `ANALYSIS_INTERVAL` | `60` | Seconds between analysis runs |
 | `AI_LENS_ADMIN_SECRET` | _(none)_ | Admin secret for auth token management |
 | `OPENAI_API_KEY` | _(none)_ | OpenAI API key for FAISS vector search; text search works without it |
 | `TEAMS_CONFIG` | _(none)_ | JSON config for team definitions |

package/cli/init.js

@@ -1,7 +1,7 @@
 import { createInterface } from 'node:readline';
 import { execSync, spawn } from 'node:child_process';
 import { existsSync, copyFileSync, readdirSync } from 'node:fs';
-import { join, resolve, relative, dirname } from 'node:path';
+import { join, resolve, relative } from 'node:path';
 import { homedir } from 'node:os';
 import { request as httpRequest } from 'node:http';
 import { request as httpsRequest } from 'node:https';
@@ -21,6 +21,7 @@ import {
   cleanupLegacyHooks, cleanupOppositeScope, cleanupEmptyMcpJson, addCursorMcp, removeCursorMcp,
   checkHooksDisabled, enableHooks,
 } from './hooks.js';
+import { scanNestedClaudeProjects, summarizeNestedProjects } from './scan.js';
 
 function ask(question) {
   const rl = createInterface({ input: process.stdin, output: process.stdout });
@@ -167,17 +168,17 @@ async function withRetries(fn, { attempts = 5, baseDelayMs = 2000 } = {}) {
   throw lastErr;
 }
 
-function startCodexWatcher(watcherPath) {
-  if (!existsSync(watcherPath)) return false;
-  if (process.env.AI_LENS_TEST_NO_DETACHED_SPAWN === '1') return true;
-  const child = spawn(process.execPath, [watcherPath], {
-    detached: true,
-    stdio: 'ignore',
-    windowsHide: true,
-  });
-  child.on('error', () => {});
-  child.unref();
-  return true;
+function getTrackedRoots(projects, fallbackRoot) {
+  if (!projects || typeof projects !== 'string') return [fallbackRoot];
+  return projects.split(',').map(path => path.trim()).filter(Boolean);
+}
+
+function makeNestedClaudeTool(projectDir, capturePathInHooks) {
+  const tool = getClaudeCodeToolConfig(projectDir, `Claude Code (${projectDir})`);
+  if (capturePathInHooks) {
+    tool.hookDefs = getClaudeCodeHookDefsWithPath(capturePathInHooks);
+  }
+  return tool;
 }
 
 async function deviceCodeAuth(serverUrl) {
@@ -608,7 +609,49 @@ export default async function init() {
     // Filter to tools that need changes
     const pending = analyses.filter(a => a.analysis.status !== 'current');
 
-    if (pending.length === 0) {
+    let nestedScan = [];
+    let nestedPending = [];
+    if (flags.projectHooks) {
+      const trackedRoots = getTrackedRoots(newConfig.projects, resolve(process.cwd()));
+      nestedScan = scanNestedClaudeProjects(trackedRoots);
+
+      if (nestedScan.length > 0) {
+        heading('Nested Claude Code projects');
+        for (const result of nestedScan) {
+          const installNote = result.installTarget ? ` -> install in ${result.installTarget}` : '';
+          info(`  ${result.relativePath}: ${result.status}${installNote}`);
+        }
+        const summary = summarizeNestedProjects(nestedScan);
+        detail(`Found ${summary.total} nested project(s), ${summary.unhooked} need attention.`);
+        blank();
+      }
+
+      const nestedActionable = nestedScan.filter(result => result.installTarget);
+      let shouldInstallNested = auto && nestedActionable.length > 0;
+      if (!auto && nestedActionable.length > 0) {
+        const answer = await ask(`Install hooks in ${nestedActionable.length} nested Claude Code project(s)? [Y/n] `);
+        shouldInstallNested = !answer || ['y', 'yes'].includes(answer.toLowerCase());
+      }
+
+      if (shouldInstallNested) {
+        nestedPending = nestedActionable.map(result => {
+          const capturePathInHooks = flags.useRepoPath
+            ? relative(result.projectDir, resolve(REPO_CAPTURE_PATH)).replace(/\\/g, '/')
+            : null;
+          const tool = makeNestedClaudeTool(result.projectDir, capturePathInHooks);
+          tool.configPath = join(tool.dirPath, result.installTarget);
+          return {
+            tool,
+            analysis: {
+              status: result.status === 'malformed' ? 'malformed' : 'absent',
+              config: result.existingConfig || null,
+            },
+          };
+        });
+      }
+    }
+
+    if (pending.length === 0 && nestedPending.length === 0) {
       saveLensConfig(newConfig);
 
       // Clean up legacy hook locations (safe: hooks are already current)
@@ -640,6 +683,9 @@ export default async function init() {
         if (!plan) continue;
         info(`  ${plan.description}`);
       }
+      for (const { tool } of nestedPending) {
+        info(`  Configure ${tool.name} (${tool.configPath.endsWith('settings.local.json') ? 'write local hooks' : 'merge shared hooks'})`);
+      }
       blank();
 
       // Confirm
@@ -655,7 +701,7 @@ export default async function init() {
       heading('Applying changes...');
       const results = [];
 
-      for (const { tool, analysis } of pending) {
+      for (const { tool, analysis } of [...pending, ...nestedPending]) {
         try {
           // Backup malformed shared configs (e.g. ~/.claude/settings.json) before overwriting
           if (analysis.status === 'malformed' && tool.sharedConfig) {
@@ -679,7 +725,7 @@ export default async function init() {
       // Verify hooks were written correctly
       heading('Verifying hooks...');
       let verifyFailed = false;
-      for (const { tool } of pending) {
+      for (const { tool } of [...pending, ...nestedPending]) {
         const recheck = analyzeToolHooks(tool);
         if (recheck.status === 'current') {
           success(`  ${tool.name}: hooks verified`);
@@ -787,18 +833,23 @@ export default async function init() {
   saveLensConfig(newConfig);
 
   if (enableCodex) {
-    // Stop existing watcher so the new one picks up fresh config (projects, etc.)
-    await stopCodexWatcher();
-    const watcherPath = flags.useRepoPath
-      ? join(dirname(REPO_CAPTURE_PATH), 'codex-watcher.js')
-      : join(dirname(CAPTURE_PATH), 'codex-watcher.js');
-    if (startCodexWatcher(watcherPath)) {
-      success('  Codex watcher restarted');
+    if (flags.noHooks) {
+      warn('  Codex tracking enabled, but --no-hooks was used. Automatic watcher start requires existing Claude/Cursor hooks.');
+    } else if (tools.length === 0) {
+      warn('  Codex tracking enabled, but no Claude/Cursor installation was detected. Automatic watcher start is unavailable.');
     } else {
-      warn(`  Codex watcher not started: missing ${watcherPath}`);
+      info('  Codex watcher will be started by Claude/Cursor hooks on SessionStart');
     }
   } else {
     info('  Codex tracking disabled');
+    try {
+      const watcherResult = await stopCodexWatcher();
+      if (watcherResult.stopped) {
+        info(`  Stopped existing Codex watcher process (pid ${watcherResult.pid})`);
+      }
+    } catch (err) {
+      warn(`  Could not stop Codex watcher process: ${err.message}`);
+    }
   }
 
   // Flush any pending events with the new config (e.g. backlog from previous 401/network errors)

package/cli/scan.js

@@ -0,0 +1,184 @@
+import { existsSync, readdirSync, readFileSync, lstatSync } from 'node:fs';
+import { join, relative, resolve } from 'node:path';
+
+import { isAiLensHook } from './hooks.js';
+
+const DEFAULT_MAX_DEPTH = 6;
+const SKIP_DIRS = new Set(['.git', '.svn', '.hg', 'node_modules', '.venv', 'dist']);
+
+function readJsonSafe(path) {
+  if (!existsSync(path)) return null;
+  try {
+    return JSON.parse(readFileSync(path, 'utf-8'));
+  } catch {
+    return 'MALFORMED';
+  }
+}
+
+function loadGitignoreRules(dirPath) {
+  const gitignorePath = join(dirPath, '.gitignore');
+  if (!existsSync(gitignorePath)) return [];
+  try {
+    return readFileSync(gitignorePath, 'utf-8')
+      .split(/\r?\n/)
+      .map(line => line.trim())
+      // Note: negation patterns (!pattern) and glob wildcards (*, **, ?) are not supported.
+      // This is a simplified implementation that handles literal directory names and paths.
+      .filter(line => line && !line.startsWith('#') && !line.startsWith('!'))
+      .map(pattern => ({
+        baseDir: dirPath,
+        pattern: pattern.replace(/\\/g, '/').replace(/\/+$/, ''),
+        directoryOnly: pattern.endsWith('/'),
+      }))
+      .filter(rule => rule.pattern);
+  } catch {
+    return [];
+  }
+}
+
+function matchesGitignoreRule(rule, targetPath) {
+  const rel = relative(rule.baseDir, targetPath).replace(/\\/g, '/');
+  if (!rel || rel.startsWith('..')) return false;
+
+  if (!rule.pattern.includes('/')) {
+    const segments = rel.split('/').filter(Boolean);
+    return segments.some(segment => segment === rule.pattern);
+  }
+
+  return rel === rule.pattern || rel.startsWith(rule.pattern + '/');
+}
+
+function isIgnoredByGitignore(rules, targetPath) {
+  return rules.some(rule => matchesGitignoreRule(rule, targetPath));
+}
+
+function countDepth(rootPath, targetPath) {
+  const rel = relative(rootPath, targetPath);
+  if (!rel) return 0;
+  return rel.split(/[\\/]/).filter(Boolean).length;
+}
+
+function collectHookEntries(config) {
+  if (!config || config === 'MALFORMED' || typeof config !== 'object') return [];
+  const hooks = config.hooks;
+  if (!hooks || typeof hooks !== 'object') return [];
+  const entries = [];
+  for (const values of Object.values(hooks)) {
+    if (!Array.isArray(values)) continue;
+    entries.push(...values);
+  }
+  return entries;
+}
+
+function hasAnyAiLensHook(config) {
+  return collectHookEntries(config).some(isAiLensHook);
+}
+
+function hasAnyNonAiLensHooks(config) {
+  return collectHookEntries(config).some(entry => !isAiLensHook(entry));
+}
+
+function classifyProject(projectDir) {
+  const claudeDir = join(projectDir, '.claude');
+  const settingsPath = join(claudeDir, 'settings.json');
+  const settingsLocalPath = join(claudeDir, 'settings.local.json');
+  const settings = readJsonSafe(settingsPath);
+  const settingsLocal = readJsonSafe(settingsLocalPath);
+
+  if (settings === 'MALFORMED' || settingsLocal === 'MALFORMED') {
+    return {
+      status: 'malformed',
+      installTarget: null,
+      existingConfig: null,
+    };
+  }
+
+  if (hasAnyAiLensHook(settings) || hasAnyAiLensHook(settingsLocal)) {
+    return {
+      status: 'installed',
+      installTarget: null,
+      existingConfig: null,
+    };
+  }
+
+  if (hasAnyNonAiLensHooks(settings)) {
+    return {
+      status: 'has non-ai-lens hooks',
+      installTarget: 'settings.json',
+      existingConfig: settings,
+    };
+  }
+
+  return {
+    status: 'missing',
+    installTarget: 'settings.local.json',
+    existingConfig: settingsLocal,
+  };
+}
+
+function scanRoot(rootPath, options, results, seen) {
+  const { maxDepth } = options;
+
+  function visit(currentDir, inheritedRules = []) {
+    const rules = inheritedRules.concat(loadGitignoreRules(currentDir));
+    let children;
+    try {
+      children = readdirSync(currentDir, { withFileTypes: true });
+    } catch {
+      return;
+    }
+
+    for (const child of children) {
+      if (!child.isDirectory()) continue;
+      // Skip symlinks to avoid infinite loops in circular symlink structures
+      if (child.isSymbolicLink()) continue;
+      const childPath = join(currentDir, child.name);
+      if (isIgnoredByGitignore(rules, childPath)) continue;
+
+      if (child.name === '.git' || child.name === '.claude') {
+        const projectDir = resolve(currentDir);
+        if (projectDir !== rootPath) {
+          const depth = countDepth(rootPath, projectDir);
+          if (depth <= maxDepth && !seen.has(projectDir)) {
+            seen.add(projectDir);
+            results.push({
+              projectDir,
+              relativePath: relative(rootPath, projectDir).replace(/\\/g, '/'),
+              marker: child.name,
+              ...classifyProject(projectDir),
+            });
+          }
+        }
+        continue;
+      }
+
+      const depth = countDepth(rootPath, childPath);
+      if (depth > maxDepth) continue;
+      if (SKIP_DIRS.has(child.name)) continue;
+      visit(childPath, rules);
+    }
+  }
+
+  visit(rootPath);
+}
+
+export function scanNestedClaudeProjects(projectRoots, options = {}) {
+  const maxDepth = Number.isInteger(options.maxDepth) ? options.maxDepth : DEFAULT_MAX_DEPTH;
+  const roots = (projectRoots || []).map(path => resolve(path));
+  const results = [];
+  const seen = new Set();
+
+  for (const rootPath of roots) {
+    if (!existsSync(rootPath)) continue;
+    scanRoot(rootPath, { maxDepth }, results, seen);
+  }
+
+  return results.sort((a, b) => a.relativePath.localeCompare(b.relativePath));
+}
+
+export function summarizeNestedProjects(results) {
+  const total = results.length;
+  const actionable = results.filter(result => result.installTarget).length;
+  const unhooked = results.filter(result => result.status !== 'installed').length;
+  return { total, actionable, unhooked };
+}

package/cli/status.js

@@ -9,6 +9,7 @@ import { DATA_DIR, PENDING_DIR, SENDING_DIR, SESSION_PATHS_DIR, LOG_PATH, CAPTUR
 import { isLockStale } from '../client/sender.js';
 import { readCodexWatcherLock, resolveWatchedCodexDirs } from '../client/codex-watcher.js';
 import { initLogger, info, success, warn, error, heading, blank } from './logger.js';
+import { scanNestedClaudeProjects, summarizeNestedProjects } from './scan.js';
 
 const INIT_LOG_PATH = join(DATA_DIR, 'init.log');
 
@@ -596,35 +597,37 @@ export function checkCodexWatcher({
   const watchedDirs = resolveWatchedCodexDirs(monitoredRoots, userCodexDirs, homeDir);
   const lock = readCodexWatcherLock(join(dataDir, 'codex-watcher.lock'));
   const watchedSummary = pluralize(watchedDirs.length, 'watched dir');
+  const lockActive = lock.state === 'active';
+  const trackingLine = `Tracking active: ${lockActive ? 'yes' : 'no'} (hook-launched watcher)`;
 
-  if (lock.state === 'active') {
+  if (lockActive) {
     return {
       ok: true,
-      summary: `active (pid ${lock.pid}, ${watchedSummary})`,
-      detail: `Lock: ${lock.lockPath}\nPID: ${lock.pid}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
+      summary: `tracking active (pid ${lock.pid}, ${watchedSummary})`,
+      detail: `${trackingLine}\nLock: ${lock.lockPath}\nPID: ${lock.pid}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
     };
   }
 
   if (lock.state === 'stale') {
     return {
       ok: false,
-      summary: `stale lock (pid ${lock.pid}, ${watchedSummary})`,
-      detail: `Lock: ${lock.lockPath}\nStale PID: ${lock.pid}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
+      summary: `tracking inactive (stale lock pid ${lock.pid}, ${watchedSummary})`,
+      detail: `${trackingLine}\nLock: ${lock.lockPath}\nStale PID: ${lock.pid}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
     };
   }
 
   if (lock.state === 'invalid' || lock.state === 'error') {
     return {
       ok: false,
-      summary: `lock ${lock.state} (${watchedSummary})`,
-      detail: `Lock: ${lock.lockPath}\nError: ${lock.error || '(none)'}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
+      summary: `tracking inactive (lock ${lock.state}, ${watchedSummary})`,
+      detail: `${trackingLine}\nLock: ${lock.lockPath}\nError: ${lock.error || '(none)'}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
     };
   }
 
   return {
     ok: watchedDirs.length > 0 ? false : null,
-    summary: `not running (${watchedSummary})`,
-    detail: `Lock: ${lock.lockPath}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
+    summary: `tracking inactive (${watchedSummary})`,
+    detail: `${trackingLine}\nLock: ${lock.lockPath}\nWatched dirs:\n${watchedDirs.map(dir => `- ${dir}`).join('\n') || '(none discovered yet)'}`,
   };
 }
 
@@ -1235,6 +1238,24 @@ export default async function status({ report = false } = {}) {
   const installMode = detectInstallMode(toolsWithProject);
   printLine('Install mode', installMode);
 
+  if (hasProjectHooks) {
+    const nestedRoots = getMonitoredProjects() || [process.cwd()];
+    const nestedProjects = scanNestedClaudeProjects(nestedRoots);
+    const nestedSummary = summarizeNestedProjects(nestedProjects);
+    const nestedUnhooked = nestedProjects.filter(result => result.status !== 'installed');
+    printLine('Nested projects', {
+      ok: nestedSummary.unhooked === 0,
+      summary: nestedSummary.total === 0
+        ? 'none found'
+        : nestedSummary.unhooked === 0
+          ? `${nestedSummary.total} nested project(s), all hooked`
+          : `${nestedSummary.unhooked} unhooked / ${nestedSummary.total} nested project(s)`,
+      detail: nestedUnhooked.length > 0
+        ? `nested_unhooked_projects:\n${nestedUnhooked.map(result => `- ${result.projectDir} (${result.status})`).join('\n')}`
+        : 'nested_unhooked_projects: none',
+    });
+  }
+
   // 7. Queue (before capture test so test event doesn't show as pending)
   const queueResult = checkQueue();
   printLine('Queue', queueResult);

package/client/capture.js

@@ -1028,15 +1028,25 @@ export function shouldSpawnCodexWatcher(lockPath = join(DATA_DIR, 'codex-watcher
   return !hasLivePidLock(lockPath);
 }
 
-function trySpawnCodexWatcher() {
+export function shouldReplayCodexHistory(unified) {
+  if (!unified) return false;
+  if (unified.type !== 'SessionStart') return false;
+  return unified.source === 'claude_code' || unified.source === 'cursor';
+}
+
+function trySpawnCodexWatcher({ replayExisting = false } = {}) {
   if (!isCodexEnabled()) return;
   if (!shouldSpawnCodexWatcher()) return;
   const watcherPath = join(__dirname, 'codex-watcher.js');
   if (!existsSync(watcherPath)) return;
+  const env = replayExisting
+    ? { ...process.env, AI_LENS_CODEX_REPLAY_EXISTING: '1' }
+    : process.env;
   const child = spawn(process.execPath, [watcherPath], {
     detached: true,
     stdio: 'ignore',
     windowsHide: true,
+    env,
   });
   child.on('error', () => {});
   child.unref();
@@ -1224,7 +1234,7 @@ async function main() {
   }
 
   try {
-    trySpawnCodexWatcher();
+    trySpawnCodexWatcher({ replayExisting: shouldReplayCodexHistory(unified) });
   } catch (err) {
     captureLog({ msg: 'codex-watcher-spawn-failed', error: err.message });
   }

package/client/codex-watcher.js

@@ -33,6 +33,8 @@ const POLL_MS = 2000;
 const DISCOVERY_MS = 30_000;
 const STOP_IDLE_TIMEOUT_MS = 15_000;
 const EOF_IDLE_TIMEOUT_MS = 300_000;
+const REPLAY_DAYS = Math.max(1, Number.parseInt(process.env.AI_LENS_CODEX_REPLAY_DAYS || '30', 10) || 30);
+const REPLAY_WINDOW_MS = REPLAY_DAYS * 24 * 60 * 60 * 1000;
 const MAX_SCAN_DEPTH = 8;
 const IGNORED_DIR_NAMES = new Set([
   '.git',
@@ -368,18 +370,28 @@ export function buildSyntheticSubagentStop(fileState, sessionEndEvent) {
 }
 
 function createRuntimeState() {
+  const nowMs = Date.now();
   return {
     tracker: createCodexTrackerState(),
     codexDirs: [],
     lastDiscoveryAt: 0,
     firstScanCompleted: false,
     replayExisting: process.env.AI_LENS_CODEX_REPLAY_EXISTING === '1',
+    replayCutoffMs: nowMs - REPLAY_WINDOW_MS,
     historyFiles: new Map(),
     sessionFiles: new Map(),
     pendingHistory: new Map(),
   };
 }
 
+export function isWithinReplayWindow(runtimeState, unified) {
+  if (!runtimeState.replayExisting || runtimeState.firstScanCompleted) return true;
+  if (!unified?.timestamp) return false;
+  const ts = Date.parse(unified.timestamp);
+  if (!Number.isFinite(ts)) return false;
+  return ts >= runtimeState.replayCutoffMs;
+}
+
 function refreshCodexDirs(runtimeState) {
   const now = Date.now();
   if (runtimeState.codexDirs.length > 0 && now - runtimeState.lastDiscoveryAt < DISCOVERY_MS) {
@@ -403,7 +415,9 @@ function flushPendingHistory(runtimeState) {
     if (!projectPath) continue;
     for (const { entry, rawLine } of items) {
       const unified = normalizeCodexHistoryEntry(entry, runtimeState.tracker);
-      ingestUnifiedEvent(unified, rawLine);
+      if (isWithinReplayWindow(runtimeState, unified)) {
+        ingestUnifiedEvent(unified, rawLine);
+      }
     }
     runtimeState.pendingHistory.delete(sessionId);
   }
@@ -421,7 +435,9 @@ function processHistory(runtimeState) {
         const entry = JSON.parse(line);
         const unified = normalizeCodexHistoryEntry(entry, runtimeState.tracker);
         if (unified) {
-          ingestUnifiedEvent(unified, line);
+          if (isWithinReplayWindow(runtimeState, unified)) {
+            ingestUnifiedEvent(unified, line);
+          }
         } else if (entry?.session_id) {
           queuePendingHistory(runtimeState, entry.session_id, entry, line);
         }
@@ -446,7 +462,9 @@ function processSessionFiles(runtimeState) {
           const events = normalizeCodexSessionEntries(entry, runtimeState.tracker, filePath);
           events.forEach((unified, index) => {
             trackSessionFileEvent(current, unified, Date.now());
-            ingestUnifiedEvent(unified, line, `${index}:${unified.type}`);
+            if (isWithinReplayWindow(runtimeState, unified)) {
+              ingestUnifiedEvent(unified, line, `${index}:${unified.type}`);
+            }
           });
         } catch (err) {
           captureLog({ msg: 'codex-session-parse-failed', filePath, error: err.message });
@@ -461,6 +479,7 @@ function processSyntheticSessionEnds(runtimeState, nowMs = Date.now()) {
   for (const [filePath, fileState] of runtimeState.sessionFiles.entries()) {
     const sessionEnd = buildSyntheticSessionEnd(fileState, nowMs);
     if (!sessionEnd) continue;
+    if (!isWithinReplayWindow(runtimeState, sessionEnd)) continue;
     ingestUnifiedEvent(
       sessionEnd,
       JSON.stringify({ filePath, session_id: sessionEnd.session_id, type: sessionEnd.type, timestamp: sessionEnd.timestamp, reason: sessionEnd.data.reason }),

package/client/sender.js

@@ -61,10 +61,15 @@ export function rotateLog(logPath = LOG_PATH, maxAgeDays = LOG_MAX_AGE_DAYS) {
 }
 
 export const MAX_QUEUE_SIZE  = 10_000;
-export const MAX_CHUNK_BYTES = 50 * 1024; // 50 KB per POST — small chunks avoid ECONNRESET on corporate proxies/TLS inspection
+export const MAX_CHUNK_BYTES = 10 * 1024; // 10 KB per POST — small enough to retry cheaply on flaky networks
 export const LOCK_MAX_AGE_MS = 5 * 60 * 1000;   // 5 minutes
 export const SENDER_BACKOFF_MS = 30_000;
 
+// Retry budget for postEvents() on transient transport errors.
+// Invariant: POST_RETRY_BACKOFF_MS.length === POST_MAX_ATTEMPTS - 1
+export const POST_MAX_ATTEMPTS     = 4;                  // 1 initial + 3 retries
+export const POST_RETRY_BACKOFF_MS = [500, 1500, 3500];  // sleeps BEFORE attempts 2, 3, 4
+
 // =============================================================================
 // Lock helpers (unchanged from v0)
 // =============================================================================
@@ -607,13 +612,45 @@ export function filterOversized(batch, maxBytes = MAX_CHUNK_BYTES) {
 // HTTP
 // =============================================================================
 
-async function postEvents(serverUrl, events, identity, authToken) {
+// Codes that indicate a transient transport failure worth retrying.
+// Covers Node's classic socket errors and undici-specific error codes.
+const TRANSIENT_ERROR_CODES = new Set([
+  'ECONNRESET',
+  'ECONNREFUSED',
+  'ETIMEDOUT',
+  'EPIPE',
+  'ENOTFOUND',
+  'EAI_AGAIN',
+  'UND_ERR_CONNECT_TIMEOUT',
+  'UND_ERR_SOCKET',
+  'UND_ERR_HEADERS_TIMEOUT',
+  'UND_ERR_BODY_TIMEOUT',
+]);
+
+/**
+ * Classify a fetch() error as transient (retry-worthy) vs permanent.
+ * Transient: socket/DNS hiccups, AbortSignal.timeout aborts, bare `fetch failed`.
+ * Permanent: HTTP 4xx/5xx (our own `Server responded` throw), invalid JSON body
+ * from a successful HTTP response, and anything we don't recognise.
+ */
+export function isTransientFetchError(err) {
+  if (!err) return false;
+  const cause = err.cause;
+  if (cause && TRANSIENT_ERROR_CODES.has(cause.code)) return true;
+  if (err.name === 'TimeoutError') return true;
+  if (typeof err.message === 'string' && err.message.includes('aborted due to timeout')) return true;
+  if (err.message === 'fetch failed' && !cause) return true; // generic undici without details — be conservative
+  return false;
+}
+
+async function postEventsOnce(serverUrl, events, identity, authToken) {
   const body = JSON.stringify(events);
   const url  = `${serverUrl}/api/events`;
 
   const { version: clientVersion, commit: clientCommit } = getClientVersion();
   const headers = {
     'Content-Type':     'application/json',
+    'Connection':       'close',
     'X-Client-Version': `${clientVersion}+${clientCommit}`,
   };
   if (identity.email) headers['X-Developer-Git-Email'] = identity.email;
@@ -635,6 +672,43 @@ async function postEvents(serverUrl, events, identity, authToken) {
   throw new Error(`Server responded ${res.status}: ${data}`);
 }
 
+/**
+ * POST events to the server with retries on transient transport errors.
+ * Retries up to POST_MAX_ATTEMPTS - 1 times with POST_RETRY_BACKOFF_MS delays.
+ * HTTP errors (4xx/5xx) and JSON-parse errors are NOT retried.
+ *
+ * @param {object} opts
+ * @param {string} [opts.lockPath] — if provided, refreshLock() is called between
+ *   retry attempts so the sender lock doesn't go stale during long retry chains.
+ */
+export async function postEvents(serverUrl, events, identity, authToken, opts = {}) {
+  const { lockPath } = opts;
+  let lastErr;
+  for (let attempt = 0; attempt < POST_MAX_ATTEMPTS; attempt++) {
+    if (attempt > 0) {
+      await new Promise(r => setTimeout(r, POST_RETRY_BACKOFF_MS[attempt - 1]));
+      if (lockPath) refreshLock(lockPath);
+    }
+    try {
+      return await postEventsOnce(serverUrl, events, identity, authToken);
+    } catch (err) {
+      lastErr = err;
+      if (!isTransientFetchError(err)) throw err;
+      const isLastAttempt = attempt === POST_MAX_ATTEMPTS - 1;
+      if (isLastAttempt) break; // don't log a retry that will never happen
+      log({
+        msg: 'post-retry',
+        attempt: attempt + 1,
+        of: POST_MAX_ATTEMPTS,
+        error: err.message,
+        code: err.cause?.code,
+        events: events.length,
+      });
+    }
+  }
+  throw lastErr;
+}
+
 // =============================================================================
 // Status report (once per 24h)
 // =============================================================================
@@ -728,7 +802,7 @@ async function main() {
       const chunks = chunkEvents(sendable);
       let totalReceived = 0;
       for (const chunk of chunks) {
-        const result = await postEvents(serverUrl, chunk, identity, hasAuthToken ? authToken : null);
+        const result = await postEvents(serverUrl, chunk, identity, hasAuthToken ? authToken : null, { lockPath });
         refreshLock(lockPath);
         totalReceived += (result?.received ?? 0);
         if ((result?.skipped ?? 0) > 0) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-lens",
-  "version": "0.8.55",
+  "version": "0.8.59",
   "type": "module",
   "description": "Centralized session analytics for AI coding tools",
   "bin": {