ai-or-die 0.1.63 → 0.1.64

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-or-die",
-  "version": "0.1.63",
+  "version": "0.1.64",
   "description": "Universal AI coding terminal — Claude, Copilot, Gemini & more in your browser",
   "main": "src/server.js",
   "bin": {
@@ -13,7 +13,7 @@
     "dev": "node bin/supervisor.js --dev",
     "dev:direct": "node bin/ai-or-die.js --dev",
     "test": "mocha --exit test/*.test.js",
-    "test:integration": "mocha --exit --timeout 20000 test/supervisor-integration.test.js",
+    "test:integration": "mocha --exit --timeout 60000 test/supervisor-integration.test.js test/integration/*.test.js",
     "test:browser": "npx playwright test --config e2e/playwright.config.js",
     "build:bundle": "node scripts/build-sea.js bundle",
     "build:sea": "node scripts/build-sea.js",
@@ -40,6 +40,7 @@
     "commander": "^12.1.0",
     "cors": "^2.8.5",
     "express": "^4.19.2",
+    "fuzzysort": "^3.1.0",
     "open": "^10.1.0",
     "selfsigned": "^2.4.1",
     "sherpa-onnx-node": "^1.12.24",

package/src/base-bridge.js

@@ -247,7 +247,17 @@ class BaseBridge {
         created: new Date(),
         active: true,
         killTimeout: null,
-        writeQueue: Promise.resolve()
+        writeQueue: Promise.resolve(),
+        // PTY listener handles registered against ptyProcess.{onData,onExit,on('error')}.
+        // node-pty's onData/onExit return IDisposable objects with a .dispose()
+        // method; the EventEmitter-style .on('error', fn) path is wrapped in a
+        // synthetic disposable so it can be torn down through the same helper.
+        // Without explicit disposal, the closures keep dataBuffer/outputBatch/
+        // flushTimer alive, pinning the PTY wrapper and its file descriptors
+        // across thousands of session create/delete cycles — root cause of the
+        // weeks-long EMFILE / server-unresponsive symptom on Windows-primary
+        // production deployments.
+        _ptyDisposables: []
       };
 
       this.sessions.set(sessionId, session);
@@ -260,6 +270,10 @@ class BaseBridge {
           console.error(`${this.toolName} session ${sessionId}: no response within ${SPAWN_TIMEOUT_MS}ms, treating as spawn failure`);
           session.active = false;
           this.sessions.delete(sessionId);
+          // Dispose any listener handles we wired up before the timeout fired;
+          // otherwise the PTY object (and its FDs) cannot be GC'd even after
+          // the kill() below succeeds.
+          this._disposePtyDisposables(session, sessionId);
           try { ptyProcess.kill(); } catch (e) { /* ignore */ }
           onError(new Error(`${this.toolName} process did not respond within ${SPAWN_TIMEOUT_MS / 1000} seconds. The command may not be installed or may have hung during startup.`));
         }
@@ -269,7 +283,7 @@ class BaseBridge {
       let outputBatch = '';
       let flushTimer = null;
 
-      ptyProcess.onData((data) => {
+      const onDataDisposable = ptyProcess.onData((data) => {
         if (!receivedLifeSign) {
           receivedLifeSign = true;
           clearTimeout(spawnWatchdog);
@@ -300,8 +314,9 @@ class BaseBridge {
           });
         }
       });
+      this._addPtyDisposable(session, onDataDisposable);
 
-      ptyProcess.onExit((exitCode, signal) => {
+      const onExitDisposable = ptyProcess.onExit((exitCode, signal) => {
         if (!receivedLifeSign) {
           receivedLifeSign = true;
           clearTimeout(spawnWatchdog);
@@ -312,14 +327,19 @@ class BaseBridge {
           clearTimeout(session.killTimeout);
           session.killTimeout = null;
         }
+        // Drain remaining disposables — the PTY is gone, but the wrappers
+        // still hold references to the data-buffer closures. Skip onExit
+        // self-disposal (node-pty already removed it on fire).
+        this._disposePtyDisposables(session, sessionId);
         if (this.sessions.has(sessionId)) {
           session.active = false;
           this.sessions.delete(sessionId);
         }
         onExit(exitCode, signal);
       });
+      this._addPtyDisposable(session, onExitDisposable);
 
-      ptyProcess.on('error', (error) => {
+      const errorHandler = (error) => {
         if (!receivedLifeSign) {
           receivedLifeSign = true;
           clearTimeout(spawnWatchdog);
@@ -334,11 +354,26 @@ class BaseBridge {
           clearTimeout(session.killTimeout);
           session.killTimeout = null;
         }
+        this._disposePtyDisposables(session, sessionId);
         if (this.sessions.has(sessionId)) {
           session.active = false;
           this.sessions.delete(sessionId);
         }
         onError(error);
+      };
+      ptyProcess.on('error', errorHandler);
+      // EventEmitter-style 'error' handler doesn't return IDisposable, so wrap
+      // it in one so the same drain helper covers all three callsites.
+      this._addPtyDisposable(session, {
+        dispose: () => {
+          try {
+            if (typeof ptyProcess.off === 'function') {
+              ptyProcess.off('error', errorHandler);
+            } else if (typeof ptyProcess.removeListener === 'function') {
+              ptyProcess.removeListener('error', errorHandler);
+            }
+          } catch (_) { /* ignore */ }
+        }
       });
 
       console.log(`${this.toolName} session ${sessionId} started successfully`);
@@ -423,6 +458,43 @@ class BaseBridge {
     }
   }
 
+  /**
+   * Push an IDisposable handle onto a session's listener list so stopSession
+   * can drain it. The disposable shape is whatever node-pty's onData/onExit
+   * returns: an object with a .dispose() method. EventEmitter-style 'error'
+   * handlers are wrapped in a synthetic disposable at the registration site.
+   * @private
+   */
+  _addPtyDisposable(session, disposable) {
+    if (!session || !disposable || typeof disposable.dispose !== 'function') return;
+    if (!Array.isArray(session._ptyDisposables)) session._ptyDisposables = [];
+    session._ptyDisposables.push(disposable);
+  }
+
+  /**
+   * Drain a session's PTY listener disposables. Each .dispose() is wrapped
+   * in try/catch so one bad handle can't strand the others; the array is
+   * cleared on the way out so a re-entrant call is a safe no-op. Called from
+   * stopSession (manual teardown), the natural onExit callback (PTY exited
+   * on its own), the 'error' handler (PTY blew up), and the spawn-watchdog
+   * timeout path — every code path that retires a PTY object.
+   * @private
+   */
+  _disposePtyDisposables(session, sessionId) {
+    if (!session || !Array.isArray(session._ptyDisposables)) return;
+    const handles = session._ptyDisposables;
+    session._ptyDisposables = [];
+    for (const h of handles) {
+      try {
+        if (h && typeof h.dispose === 'function') h.dispose();
+      } catch (err) {
+        if (process.env.DEBUG) {
+          console.warn(`${this.toolName} session ${sessionId || '?'}: dispose() threw: ${err && err.message}`);
+        }
+      }
+    }
+  }
+
   async stopSession(sessionId) {
     const session = this.sessions.get(sessionId);
     if (!session) {
@@ -438,21 +510,42 @@ class BaseBridge {
       session.killTimeout = null;
     }
 
+    // Dispose every PTY listener we wired up at startSession time. This is
+    // the load-bearing fix for the EMFILE leak: without it, the onData /
+    // onExit / 'error' closures keep references to dataBuffer + outputBatch
+    // + flushTimer, pinning the underlying ptyProcess (and its FDs) past
+    // session disposal. We dispose BEFORE registering the temporary onExit
+    // waiter below so the temp handle is the only one left when kill()
+    // runs.
+    this._disposePtyDisposables(session, sessionId);
+
     if (!session.process) return;
 
     // Return a promise that resolves when the PTY process actually exits
     // (or after a bounded timeout), so callers can await clean shutdown.
     return new Promise((resolve) => {
+      let settled = false;
+      let waitDisposable = null;
+
       const cleanup = () => {
+        if (settled) return;
+        settled = true;
         if (session.killTimeout) {
           clearTimeout(session.killTimeout);
           session.killTimeout = null;
         }
+        // Tear down the temporary onExit waiter so it doesn't outlive the
+        // promise it backed (same FD-leak class as the main listeners).
+        if (waitDisposable && typeof waitDisposable.dispose === 'function') {
+          try { waitDisposable.dispose(); } catch (_) { /* ignore */ }
+        }
         resolve();
       };
 
       try {
-        session.process.onExit(() => cleanup());
+        const handle = session.process.onExit(() => cleanup());
+        // node-pty returns an IDisposable; older mocks may return undefined.
+        if (handle && typeof handle.dispose === 'function') waitDisposable = handle;
       } catch (_) {
         // onExit may fail if process already exited
       }
@@ -466,7 +559,7 @@ class BaseBridge {
       // Bounded timeout: don't wait forever for ConPTY cleanup
       session.killTimeout = setTimeout(() => {
         session.killTimeout = null;
-        resolve();
+        cleanup();
       }, 3000);
     });
   }

package/src/osc7-parser.js

@@ -0,0 +1,213 @@
+// src/osc7-parser.js — In-band CWD signal extractor for OSC 7 sequences.
+//
+// OSC 7 (Operating System Command, payload 7) is the de-facto cross-vendor
+// protocol shells use to broadcast their current working directory: the byte
+// sequence `ESC ] 7 ; file://<host><path> BEL` (or with `ESC \` as the
+// String Terminator instead of BEL). Every modern terminal emulator parses
+// it — VTE/GNOME Terminal, iTerm2, WezTerm, Konsole, Tilix — and that's
+// what we leverage here. See ADR-0019 for the full rationale (vs PID
+// polling / static-only) and the cross-platform path-handling story.
+//
+// Responsibilities:
+//
+//   1. Maintain a small per-instance pending buffer (cap 4 KB) so OSC 7
+//      sequences split across PTY chunks resolve correctly.
+//   2. Match `\x1b]7;file://...` framing with either BEL (`\x07`) or ST
+//      (`\x1b\\`) terminator.
+//   3. Decode the matched URI via Node's built-in `url.fileURLToPath()`.
+//      This handles POSIX (`file:///Users/foo`), Windows drive
+//      (`file:///C:/Users/foo` → `C:\Users\foo`), and Windows UNC
+//      (`file://server/share/foo` → `\\server\share\foo`) uniformly.
+//   4. Tolerate junk: malformed URIs, non-`file://` schemes, missing
+//      terminators, and overflow are all silent skips. Never throws on
+//      input — production runs inside the PTY data hot path.
+//
+// Non-responsibilities:
+//
+//   - Sandbox enforcement (caller's `validatePath()`).
+//   - WebSocket emit (caller decides on change).
+//   - Stripping the OSC 7 bytes from the output stream (we deliberately
+//      DO NOT strip — xterm.js silently ignores unknown OSC sequences and
+//      preserving the bytes keeps parity with native terminals).
+
+'use strict';
+
+const url = require('url');
+
+const PREFIX = '\x1b]7;';
+const PREFIX_LEN = PREFIX.length; // 4 bytes
+const BEL = '\x07';
+const ST = '\x1b\\';
+const MAX_PENDING = 4096;
+
+class Osc7Parser {
+  constructor() {
+    /**
+     * Pending byte buffer between feeds. Holds whatever could not yet be
+     * resolved to a complete OSC 7 sequence — typically a partial sequence
+     * straddling a PTY chunk boundary. Capped at MAX_PENDING; on overflow
+     * the buffer is dropped and we resync at the next OSC 7 prefix.
+     */
+    this._buf = '';
+  }
+
+  /**
+   * Feed one PTY data chunk (or any string) into the parser. Returns an
+   * array of zero or more decoded absolute paths (in whatever form
+   * `url.fileURLToPath()` produces on the host platform).
+   *
+   * Safe to call with empty / null / undefined input — returns [].
+   *
+   * @param {string} chunk - Raw PTY bytes as a string. Multi-byte UTF-8 is
+   *   passed through unchanged; the OSC 7 framing bytes (ESC, BEL, ;,
+   *   file://) are all single-byte ASCII so per-character indexing is safe.
+   * @returns {string[]} Decoded paths, in feed order. Empty array if no
+   *   complete sequence resolved this call.
+   */
+  feed(chunk) {
+    if (!chunk) return [];
+    if (typeof chunk !== 'string') chunk = String(chunk);
+    this._buf += chunk;
+
+    const results = [];
+
+    // Loop: each iteration either consumes one complete OSC 7 sequence,
+    // drops leading non-OSC bytes, or breaks out (no more starts found,
+    // or pending an unfinished sequence).
+    while (true) {
+      const start = this._buf.indexOf(PREFIX);
+      if (start < 0) {
+        // No OSC 7 prefix anywhere in the pending buffer. Drop everything
+        // — the bytes are plain output, retaining them serves no purpose
+        // and would let plain output drive the buffer to MAX_PENDING.
+        // Keep only the trailing 3 bytes in case a prefix straddles
+        // chunks (`\x1b]7` + `;file://...` arriving in two feeds).
+        this._buf = this._buf.length > PREFIX_LEN - 1
+          ? this._buf.slice(-(PREFIX_LEN - 1))
+          : this._buf;
+        // If even the truncated tail doesn't start with `\x1b`, drop it too.
+        if (this._buf.indexOf('\x1b') < 0) this._buf = '';
+        break;
+      }
+
+      // Drop bytes before the prefix — they're plain output, not part of
+      // any OSC 7 sequence we care about.
+      if (start > 0) this._buf = this._buf.slice(start);
+
+      // Search for the terminator AFTER the prefix bytes. Either BEL or
+      // ST may close the sequence; take whichever appears first.
+      const bel = this._buf.indexOf(BEL, PREFIX_LEN);
+      const st = this._buf.indexOf(ST, PREFIX_LEN);
+
+      let term = -1;
+      let termLen = 0;
+      if (bel >= 0 && (st < 0 || bel < st)) {
+        term = bel;
+        termLen = 1;
+      } else if (st >= 0) {
+        term = st;
+        termLen = 2;
+      }
+
+      if (term < 0) {
+        // Unterminated sequence — keep pending and wait for more bytes.
+        // Overflow guard: if the in-flight sequence exceeds the cap, drop
+        // and resync. A 4 KB OSC 7 path is pathological anyway (POSIX
+        // PATH_MAX is 4096, Windows MAX_PATH is 260) — anything larger is
+        // either a buggy emitter or an attacker probing the parser.
+        if (this._buf.length > MAX_PENDING) this._buf = '';
+        break;
+      }
+
+      // Extract the body between prefix and terminator, advance past the
+      // terminator, and try to decode.
+      const body = this._buf.slice(PREFIX_LEN, term);
+      this._buf = this._buf.slice(term + termLen);
+
+      // OSC 7 only meaningfully carries `file://` URIs. Other OSC 7
+      // payloads (some shells emit non-CWD info on the same channel) are
+      // silently ignored — same posture xterm.js takes.
+      if (!body.startsWith('file://')) continue;
+
+      try {
+        const p = decodeOsc7File(body);
+        results.push(p);
+      } catch (_) {
+        // Malformed URI (invalid host segment, bad percent encoding, etc.).
+        // Silent drop — there's no recovery path inside a PTY data stream.
+        // Optional debug:
+        if (process.env.DEBUG) {
+          // eslint-disable-next-line no-console
+          console.warn('osc7-parser: skipped malformed body:', JSON.stringify(body));
+        }
+      }
+    }
+
+    return results;
+  }
+
+  /**
+   * Reset the pending buffer. Called when a session is destroyed so the
+   * parser doesn't leak unfinished bytes across session lifetimes.
+   */
+  reset() {
+    this._buf = '';
+  }
+
+  /**
+   * Inspection helper for tests — returns the current pending buffer
+   * length without exposing the contents.
+   */
+  _bufLength() {
+    return this._buf.length;
+  }
+}
+
+/**
+ * Decode an OSC 7 file:// URI into a local path. Tolerant wrapper around
+ * Node's url.fileURLToPath() that handles the real-world case where shell
+ * prompt hooks emit `file://$HOSTNAME/...` (with the local machine's
+ * hostname, not `localhost`).
+ *
+ * Background: the documented bash hook in docs/specs/file-browser.md and
+ * the zsh / pwsh hooks all emit `file://$HOSTNAME$PWD` / `file://$HOST$PWD`
+ * / `file://$env:COMPUTERNAME/$p` respectively. On POSIX (Linux + macOS),
+ * Node's url.fileURLToPath() throws ERR_INVALID_FILE_URL_HOST for any
+ * host segment that isn't exactly `localhost` or empty — so the spec
+ * hooks never produced a usable path until this fallback was added.
+ *
+ * Behaviour:
+ *   - Try fileURLToPath(body) first. If it succeeds (host is empty,
+ *     "localhost", or — on Windows — a UNC server name), return the
+ *     decoded path unchanged.
+ *   - On POSIX, when fileURLToPath throws ERR_INVALID_FILE_URL_HOST,
+ *     re-parse with the host segment stripped: `file://hostname/path`
+ *     → `file:///path`. This mirrors what every consumer terminal
+ *     (iTerm2, GNOME Terminal, WezTerm, etc.) does — they trust the
+ *     path locally because the OSC 7 came from a shell on the same
+ *     machine as the terminal emulator.
+ *   - On Windows, the host segment is meaningful (UNC paths). Don't
+ *     strip it — propagate the throw so the parser silently skips.
+ *   - All other errors propagate so the caller can decide (the parser
+ *     wraps in try/catch and silently skips).
+ */
+function decodeOsc7File(body) {
+  try {
+    return url.fileURLToPath(body);
+  } catch (err) {
+    if (err && err.code === 'ERR_INVALID_FILE_URL_HOST' && process.platform !== 'win32') {
+      // POSIX: a non-localhost hostname in OSC 7 is the rule, not the
+      // exception (every shell hook emits $HOSTNAME / $HOST). Strip it
+      // and re-parse the path component as a local POSIX path.
+      const m = body.match(/^file:\/\/[^/]*(\/.*)$/);
+      if (m) {
+        return url.fileURLToPath('file://' + m[1]);
+      }
+    }
+    throw err;
+  }
+}
+
+module.exports = Osc7Parser;
+module.exports.MAX_PENDING = MAX_PENDING;
+module.exports._decodeOsc7File = decodeOsc7File;