aicodeman 0.4.7 → 0.5.1

package/dist/web/routes/scheduled-routes.js

@@ -5,16 +5,13 @@
 import { statSync } from 'node:fs';
 import { ApiErrorCode, createErrorResponse } from '../../types.js';
 import { ScheduledRunSchema } from '../schemas.js';
+import { parseBody } from '../route-helpers.js';
 export function registerScheduledRoutes(app, ctx) {
     app.get('/api/scheduled', async () => {
         return Array.from(ctx.scheduledRuns.values());
     });
     app.post('/api/scheduled', async (req) => {
-        const srResult = ScheduledRunSchema.safeParse(req.body);
-        if (!srResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const { prompt, workingDir, durationMinutes } = srResult.data;
+        const { prompt, workingDir, durationMinutes } = parseBody(ScheduledRunSchema, req.body, 'Invalid request body');
         // Validate workingDir exists and is a directory
         if (workingDir) {
             try {

package/dist/web/routes/scheduled-routes.js.map

@@ -1 +1 @@
-{"version":3,"file":"scheduled-routes.js","sourceRoot":"","sources":["../../../src/web/routes/scheduled-routes.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAoB,MAAM,gBAAgB,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,UAAU,uBAAuB,CAAC,GAAoB,EAAE,GAAwC;IACpG,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAyE,EAAE;QAC9G,MAAM,QAAQ,GAAG,kBAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO,mBAAmB,CAAC,YAAY,CAAC,aAAa,EAAE,sBAAsB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC;QAE9D,gDAAgD;QAChD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,OAAO,mBAAmB,CAAC,YAAY,CAAC,aAAa,EAAE,+BAA+B,CAAC,CAAC;gBAC1F,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,mBAAmB,CAAC,YAAY,CAAC,aAAa,EAAE,2BAA2B,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,iBAAiB,CAAC,MAAM,EAAE,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC;QACpG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7C,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEtC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1C,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEtC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"scheduled-routes.js","sourceRoot":"","sources":["../../../src/web/routes/scheduled-routes.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,mBAAmB,EAAoB,MAAM,gBAAgB,CAAC;AACrF,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAGhD,MAAM,UAAU,uBAAuB,CAAC,GAAoB,EAAE,GAAwC;IACpG,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,IAAI,EAAE;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAyE,EAAE;QAC9G,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,SAAS,CAAC,kBAAkB,EAAE,GAAG,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;QAEhH,gDAAgD;QAChD,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;oBACxB,OAAO,mBAAmB,CAAC,YAAY,CAAC,aAAa,EAAE,+BAA+B,CAAC,CAAC;gBAC1F,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,mBAAmB,CAAC,YAAY,CAAC,aAAa,EAAE,2BAA2B,CAAC,CAAC;YACtF,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,iBAAiB,CAAC,MAAM,EAAE,UAAU,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,eAAe,IAAI,EAAE,CAAC,CAAC;QACpG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7C,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEtC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC1C,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAwB,CAAC;QAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEtC,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,mBAAmB,CAAC,YAAY,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAC;QAChF,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/routes/session-routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session-routes.d.ts","sourceRoot":"","sources":["../../../src/web/routes/session-routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAkC1C,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AA8CjG,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,QAAQ,GAC/D,IAAI,CA2+BN"}
+{"version":3,"file":"session-routes.d.ts","sourceRoot":"","sources":["../../../src/web/routes/session-routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AA0C1C,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AA2DjG,wBAAgB,qBAAqB,CACnC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,SAAS,GAAG,QAAQ,GAC/D,IAAI,CA25BN"}

package/dist/web/routes/session-routes.js

@@ -10,7 +10,7 @@ import { ApiErrorCode, createErrorResponse, getErrorMessage, } from '../../types
 import { Session } from '../../session.js';
 import { SseEvent } from '../sse-events.js';
 import { CreateSessionSchema, SessionNameSchema, SessionColorSchema, RunPromptSchema, SessionInputWithLimitSchema, ResizeSchema, AutoClearSchema, AutoCompactSchema, ImageWatcherSchema, FlickerFilterSchema, QuickRunSchema, QuickStartSchema, } from '../schemas.js';
-import { autoConfigureRalph, CASES_DIR, SETTINGS_PATH, validatePathWithinBase } from '../route-helpers.js';
+import { autoConfigureRalph, CASES_DIR, findSessionOrFail, parseBody, persistAndBroadcastSession, SETTINGS_PATH, validatePathWithinBase, } from '../route-helpers.js';
 import { AUTH_COOKIE_NAME } from '../middleware/auth.js';
 import { writeHooksConfig, updateCaseEnvVars } from '../../hooks-config.js';
 import { generateClaudeMd } from '../../templates/claude-md.js';
@@ -46,14 +46,26 @@ function stripInkRedrawBloat(buffer) {
     // If the redraw section is small (<16KB), not worth stripping
     if (redrawPart.length < 16384)
         return buffer;
-    // Keep only the last 4KB of redraw frames — this preserves the final visual state
-    // (spinner position, status bar text, token count, etc.)
-    const tail = redrawPart.slice(-4096);
-    // Avoid starting mid-escape: find first complete frame boundary
+    // Find the last complete Ink frame by searching for where the VPA row
+    // number drops (cursor jumps back to viewport top for a new render cycle).
+    // Search the last 64KB — a single Ink frame with response content can be
+    // 10-20KB, so 4KB was too small and caused partial frames (blank gap).
+    const searchLen = Math.min(redrawPart.length, 65536);
+    const searchWindow = redrawPart.slice(-searchLen);
     // eslint-disable-next-line no-control-regex
-    const frameStart = tail.search(/\x1b\(B\x1b\[m|\x1b\[\d+d|\x1b\[\d+;\d+H/);
-    const cleanTail = frameStart > 0 ? tail.slice(frameStart) : tail;
-    return contentPart + cleanTail;
+    const vpaRe = /\x1b\[(\d+)d/g;
+    let lastFrameStart = 0;
+    let prevRow = -1;
+    let match;
+    while ((match = vpaRe.exec(searchWindow)) !== null) {
+        const row = parseInt(match[1], 10);
+        // Row number dropped significantly — Ink started a new frame
+        if (prevRow > 0 && row < prevRow - 5) {
+            lastFrameStart = match.index;
+        }
+        prevRow = row;
+    }
+    return contentPart + searchWindow.slice(lastFrameStart);
 }
 export function registerSessionRoutes(app, ctx) {
     // ═══════════════════════════════════════════════════════════════
@@ -82,11 +94,7 @@ export function registerSessionRoutes(app, ctx) {
         if (ctx.sessions.size >= MAX_CONCURRENT_SESSIONS) {
             return createErrorResponse(ApiErrorCode.OPERATION_FAILED, `Maximum concurrent sessions (${MAX_CONCURRENT_SESSIONS}) reached. Delete some sessions first.`);
         }
-        const result = CreateSessionSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, result.error.issues[0]?.message ?? 'Validation failed');
-        }
-        const body = result.data;
+        const body = parseBody(CreateSessionSchema, req.body);
         const workingDir = body.workingDir || process.cwd();
         // Validate workingDir exists and is a directory
         if (body.workingDir) {
@@ -143,42 +151,26 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Rename Session ==========
     app.put('/api/sessions/:id/name', async (req) => {
         const { id } = req.params;
-        const result = SessionNameSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = result.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(SessionNameSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         const name = String(body.name || '').slice(0, MAX_SESSION_NAME_LENGTH);
         session.name = name;
         // Also update the mux session name if applicable
         ctx.mux.updateSessionName(id, session.name);
-        ctx.persistSessionState(session);
-        ctx.broadcast(SseEvent.SessionUpdated, ctx.getSessionStateWithRespawn(session));
+        persistAndBroadcastSession(ctx, session);
         return { success: true, name: session.name };
     });
     // ========== Set Session Color ==========
     app.put('/api/sessions/:id/color', async (req) => {
         const { id } = req.params;
-        const result = SessionColorSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = result.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(SessionColorSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         const validColors = ['default', 'red', 'orange', 'yellow', 'green', 'blue', 'purple', 'pink'];
         if (!validColors.includes(body.color)) {
             return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid color');
         }
         session.setColor(body.color);
-        ctx.persistSessionState(session);
-        ctx.broadcast(SseEvent.SessionUpdated, ctx.getSessionStateWithRespawn(session));
+        persistAndBroadcastSession(ctx, session);
         return { success: true, color: session.color };
     });
     // ========== Delete Session ==========
@@ -207,10 +199,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Get Session Detail ==========
     app.get('/api/sessions/:id', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         // Use light state (no full buffers) — terminal buffer available via /terminal endpoint.
         // Full buffers were 2-3MB and caused slowness when polled frequently (e.g. Ralph wizard).
         return ctx.getSessionStateWithRespawn(session);
@@ -221,10 +210,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Get Session Output ==========
     app.get('/api/sessions/:id/output', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         return {
             success: true,
             data: {
@@ -237,10 +223,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Get Ralph State ==========
     app.get('/api/sessions/:id/ralph-state', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         return {
             success: true,
             data: {
@@ -253,10 +236,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Get Run Summary ==========
     app.get('/api/sessions/:id/run-summary', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         const tracker = ctx.runSummaryTrackers.get(id);
         if (!tracker) {
             // Create a fresh tracker if one doesn't exist (shouldn't happen normally)
@@ -271,10 +251,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Get Active Tools ==========
     app.get('/api/sessions/:id/active-tools', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         return {
             success: true,
             data: {
@@ -288,15 +265,8 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Run Prompt ==========
     app.post('/api/sessions/:id/run', async (req) => {
         const { id } = req.params;
-        const result = RunPromptSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, result.error.issues[0]?.message ?? 'Validation failed');
-        }
-        const { prompt } = result.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const { prompt } = parseBody(RunPromptSchema, req.body);
+        const session = findSessionOrFail(ctx, id);
         if (session.isBusy()) {
             return createErrorResponse(ApiErrorCode.SESSION_BUSY, 'Session is busy');
         }
@@ -310,10 +280,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Start Interactive Mode ==========
     app.post('/api/sessions/:id/interactive', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         if (session.isBusy()) {
             return createErrorResponse(ApiErrorCode.SESSION_BUSY, 'Session is busy');
         }
@@ -346,10 +313,7 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Start Shell Mode ==========
     app.post('/api/sessions/:id/shell', async (req) => {
         const { id } = req.params;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         if (session.isBusy()) {
             return createErrorResponse(ApiErrorCode.SESSION_BUSY, 'Session is busy');
         }
@@ -375,15 +339,8 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Send Input ==========
     app.post('/api/sessions/:id/input', async (req) => {
         const { id } = req.params;
-        const result = SessionInputWithLimitSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, result.error.issues[0]?.message ?? 'Validation failed');
-        }
-        const { input, useMux } = result.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const { input, useMux } = parseBody(SessionInputWithLimitSchema, req.body);
+        const session = findSessionOrFail(ctx, id);
         const inputStr = String(input);
         if (inputStr.length > MAX_INPUT_LENGTH) {
             return createErrorResponse(ApiErrorCode.INVALID_INPUT, `Input exceeds maximum length (${MAX_INPUT_LENGTH} bytes)`);
@@ -413,15 +370,8 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Resize Terminal ==========
     app.post('/api/sessions/:id/resize', async (req) => {
         const { id } = req.params;
-        const result = ResizeSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, result.error.issues[0]?.message ?? 'Validation failed');
-        }
-        const { cols, rows } = result.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const { cols, rows } = parseBody(ResizeSchema, req.body);
+        const session = findSessionOrFail(ctx, id);
         session.resize(cols, rows);
         return { success: true };
     });
@@ -431,10 +381,7 @@ export function registerSessionRoutes(app, ctx) {
     app.get('/api/sessions/:id/terminal', async (req) => {
         const { id } = req.params;
         const query = req.query;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const session = findSessionOrFail(ctx, id);
         const tailBytes = query.tail ? parseInt(query.tail, 10) : 0;
         const fullSize = session.terminalBufferLength;
         let truncated = false;
@@ -485,18 +432,10 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Auto-Clear ==========
     app.post('/api/sessions/:id/auto-clear', async (req) => {
         const { id } = req.params;
-        const acResult = AutoClearSchema.safeParse(req.body);
-        if (!acResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = acResult.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(AutoClearSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         session.setAutoClear(body.enabled, body.threshold);
-        ctx.persistSessionState(session);
-        ctx.broadcast(SseEvent.SessionUpdated, ctx.getSessionStateWithRespawn(session));
+        persistAndBroadcastSession(ctx, session);
         return {
             success: true,
             data: {
@@ -510,18 +449,10 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Auto-Compact ==========
     app.post('/api/sessions/:id/auto-compact', async (req) => {
         const { id } = req.params;
-        const compactResult = AutoCompactSchema.safeParse(req.body);
-        if (!compactResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = compactResult.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(AutoCompactSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         session.setAutoCompact(body.enabled, body.threshold, body.prompt);
-        ctx.persistSessionState(session);
-        ctx.broadcast(SseEvent.SessionUpdated, ctx.getSessionStateWithRespawn(session));
+        persistAndBroadcastSession(ctx, session);
         return {
             success: true,
             data: {
@@ -536,15 +467,8 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Image Watcher ==========
     app.post('/api/sessions/:id/image-watcher', async (req) => {
         const { id } = req.params;
-        const iwResult = ImageWatcherSchema.safeParse(req.body);
-        if (!iwResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = iwResult.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(ImageWatcherSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         if (body.enabled) {
             imageWatcher.watchSession(session.id, session.workingDir);
         }
@@ -564,18 +488,10 @@ export function registerSessionRoutes(app, ctx) {
     // ========== Flicker Filter ==========
     app.post('/api/sessions/:id/flicker-filter', async (req) => {
         const { id } = req.params;
-        const ffResult = FlickerFilterSchema.safeParse(req.body);
-        if (!ffResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const body = ffResult.data;
-        const session = ctx.sessions.get(id);
-        if (!session) {
-            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Session not found');
-        }
+        const body = parseBody(FlickerFilterSchema, req.body, 'Invalid request body');
+        const session = findSessionOrFail(ctx, id);
         session.flickerFilterEnabled = body.enabled;
-        ctx.persistSessionState(session);
-        ctx.broadcast(SseEvent.SessionUpdated, ctx.getSessionStateWithRespawn(session));
+        persistAndBroadcastSession(ctx, session);
         return {
             success: true,
             data: {
@@ -592,11 +508,7 @@ export function registerSessionRoutes(app, ctx) {
         if (ctx.sessions.size >= MAX_CONCURRENT_SESSIONS) {
             return createErrorResponse(ApiErrorCode.SESSION_BUSY, `Maximum concurrent sessions (${MAX_CONCURRENT_SESSIONS}) reached`);
         }
-        const qrResult = QuickRunSchema.safeParse(req.body);
-        if (!qrResult.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
-        }
-        const { prompt, workingDir } = qrResult.data;
+        const { prompt, workingDir } = parseBody(QuickRunSchema, req.body, 'Invalid request body');
         if (!prompt.trim()) {
             return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'prompt is required');
         }
@@ -643,11 +555,7 @@ export function registerSessionRoutes(app, ctx) {
         if (ctx.sessions.size >= MAX_CONCURRENT_SESSIONS) {
             return createErrorResponse(ApiErrorCode.SESSION_BUSY, `Maximum concurrent sessions (${MAX_CONCURRENT_SESSIONS}) reached.`);
         }
-        const result = QuickStartSchema.safeParse(req.body);
-        if (!result.success) {
-            return createErrorResponse(ApiErrorCode.INVALID_INPUT, result.error.issues[0]?.message ?? 'Validation failed');
-        }
-        const { caseName = 'testcase', mode = 'claude', openCodeConfig } = result.data;
+        const { caseName = 'testcase', mode = 'claude', openCodeConfig } = parseBody(QuickStartSchema, req.body);
         // Check OpenCode availability if requested
         if (mode === 'opencode') {
             const { isOpenCodeAvailable } = await import('../../utils/opencode-cli-resolver.js');
@@ -785,7 +693,12 @@ export function registerSessionRoutes(app, ctx) {
     /** Extract the text of the first user message from a JSONL transcript head. */
     function extractFirstUserPrompt(head) {
         const MAX_PROMPT_LEN = 120;
-        for (const line of head.split('\n')) {
+        // Iterate lines without allocating a full split array
+        let start = 0;
+        while (start < head.length) {
+            const end = head.indexOf('\n', start);
+            const line = end === -1 ? head.slice(start) : head.slice(start, end);
+            start = end === -1 ? head.length : end + 1;
             if (!line.includes('"type":"user"'))
                 continue;
             try {
@@ -804,15 +717,23 @@ export function registerSessionRoutes(app, ctx) {
                 }
                 if (!text)
                     continue;
-                // Strip XML-like system/command tags that Claude Code injects into transcripts
+                // Strip XML-like system/command tags and ANSI escapes from transcripts
                 text = text
                     .replace(/<[^>]+>/g, '')
+                    .replace(new RegExp(String.raw `\x1b\[[0-9;]*[a-zA-Z]`, 'g'), '')
                     .trim()
                     .replace(/\s+/g, ' ');
                 if (!text)
                     continue;
-                // Skip system-injected messages and slash command artifacts (not real user prompts)
-                if (/^(Caveat:|init\b|clear\b|\/\w+ \w+$|You are a )/i.test(text))
+                // Skip system-injected messages, slash command artifacts, and expanded skill prompts
+                if (/^(Caveat:|init\b|clear\b|resume\b|\/[a-z][\w-]*\b|You are a |\[Request |Set model to )/i.test(text) ||
+                    /^(Please )?(analyze|review) this codebase/i.test(text) ||
+                    /^(Read|Implement the following) .+, then (search|list|check) /i.test(text) ||
+                    /^\d+ vulnerabilit/i.test(text) ||
+                    /\btoolu_/.test(text) ||
+                    /^[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]+/.test(text) ||
+                    /\b(sk-ant-|ANTHROPIC_API_KEY|API_KEY=|SECRET|TOKEN=)/i.test(text) ||
+                    text.length < 8)
                     continue;
                 return text.length > MAX_PROMPT_LEN ? text.slice(0, MAX_PROMPT_LEN) + '…' : text;
             }
@@ -822,9 +743,41 @@ export function registerSessionRoutes(app, ctx) {
         }
         return undefined;
     }
+    /** Read the first 16KB of a file for content sniffing. */
+    async function readFileHead(path, buf) {
+        try {
+            const fd = await fs.open(path, 'r');
+            const { bytesRead } = await fd.read(buf, 0, buf.length, 0);
+            await fd.close();
+            return buf.toString('utf8', 0, bytesRead);
+        }
+        catch {
+            return null;
+        }
+    }
+    /** Read the last `buf.length` bytes of a file (for tail-scanning user prompts). */
+    async function readFileTail(path, buf, fileSize) {
+        try {
+            const fd = await fs.open(path, 'r');
+            const offset = Math.max(0, fileSize - buf.length);
+            const { bytesRead } = await fd.read(buf, 0, buf.length, offset);
+            await fd.close();
+            const text = buf.toString('utf8', 0, bytesRead);
+            // Skip first partial line when we didn't read from the start
+            if (offset > 0) {
+                const nl = text.indexOf('\n');
+                return nl >= 0 ? text.slice(nl + 1) : null;
+            }
+            return text;
+        }
+        catch {
+            return null;
+        }
+    }
     app.get('/api/history/sessions', async () => {
         const projectsDir = join(process.env.HOME || '/tmp', '.claude', 'projects');
         const results = [];
+        const headBuf = Buffer.alloc(16384);
         try {
             const projectDirs = await fs.readdir(projectsDir);
             for (const projDir of projectDirs) {
@@ -862,33 +815,24 @@ export function registerSessionRoutes(app, ctx) {
                     // no "user"/"assistant" messages and will fail claude --resume.
                     // Read first 16KB to check content and extract first user prompt.
                     let firstPrompt;
-                    const readHead = async () => {
-                        try {
-                            const fd = await fs.open(filePath, 'r');
-                            const buf = Buffer.alloc(16384);
-                            const { bytesRead } = await fd.read(buf, 0, 16384, 0);
-                            await fd.close();
-                            return buf.toString('utf8', 0, bytesRead);
-                        }
-                        catch {
-                            return null;
-                        }
-                    };
+                    const head = await readFileHead(filePath, headBuf);
                     if (fileStat.size < 50000) {
-                        const head = await readHead();
                         if (!head ||
                             (!head.includes('"type":"user"') &&
                                 !head.includes('"type":"assistant"') &&
                                 !head.includes('"type":"summary"'))) {
                             continue; // No conversation content — skip
                         }
-                        firstPrompt = extractFirstUserPrompt(head);
                     }
-                    else {
-                        // Large files are almost certainly real conversations; still read head for prompt
-                        const head = await readHead();
-                        if (head)
-                            firstPrompt = extractFirstUserPrompt(head);
+                    if (head)
+                        firstPrompt = extractFirstUserPrompt(head);
+                    // If head scan found no usable prompt (e.g. session started with /init),
+                    // try reading the tail for a recent user message.
+                    if (!firstPrompt && fileStat.size > 65536) {
+                        const tailBuf = Buffer.alloc(32768);
+                        const tail = await readFileTail(filePath, tailBuf, fileStat.size);
+                        if (tail)
+                            firstPrompt = extractFirstUserPrompt(tail);
                     }
                     results.push({
                         sessionId,