bloby-bot 0.52.3 → 0.53.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bloby-bot",
-  "version": "0.52.3",
+  "version": "0.53.0",
   "releaseNotes": [
     "1. New Morphy animation system: config-driven sprites loaded from /morphy/*.json",
     "2. Swapped teleporting (splash) and headphones (bubble + chat) to the new format",

package/supervisor/backend.ts

@@ -26,6 +26,16 @@ export function getBackendPort(basePort: number): number {
 }
 
 export function spawnBackend(port: number): ChildProcess {
+  // Self-guard against double-spawn. Several restart paths (file watcher, bot:turn-complete,
+  // scheduler pulse, channel manager) each chain their own stopBackend().then(spawnBackend);
+  // two genuinely-concurrent triggers could otherwise both spawn onto the contended
+  // BACKEND_PORT. The normal restart is unaffected: stopBackend() nulls `child` before its
+  // promise resolves, and the crash auto-restart runs only after exit (exitCode !== null),
+  // so this guard no-ops only when a live backend already exists.
+  if (child && child.exitCode === null) {
+    log.warn('Backend already running — skipping duplicate spawn');
+    return child;
+  }
   const backendPath = path.join(WORKSPACE_DIR, 'backend', 'index.ts');
   lastSpawnTime = Date.now();
   intentionallyStopped = false;

package/supervisor/chat/src/lib/ws-client.ts

@@ -48,7 +48,8 @@ export class WsClient {
     this.ws.onmessage = (e) => {
       // Ignore pong frames
       if (e.data === 'pong') return;
-      const msg = JSON.parse(e.data);
+      let msg: any;
+      try { msg = JSON.parse(e.data as string); } catch { return; }
       const handlers = this.handlers.get(msg.type);
       handlers?.forEach((h) => h(msg.data));
     };

package/supervisor/harnesses/claude.ts

@@ -377,7 +377,7 @@ export async function startConversation(
             }
 
             // Signal turn complete — backend restart + UI update
-            const FILE_TOOLS = ['Write', 'Edit'];
+            const FILE_TOOLS = ['Write', 'Edit', 'MultiEdit', 'NotebookEdit'];
             const usedFileTools = FILE_TOOLS.some((t) => usedTools.has(t));
 
             // Context-size signal for the orchestrator's proactive session recycling.
@@ -699,7 +699,7 @@ export async function startBlobyAgentQuery(
     }
   } finally {
     activeQueries.delete(conversationId);
-    const FILE_TOOLS = ['Write', 'Edit'];
+    const FILE_TOOLS = ['Write', 'Edit', 'MultiEdit', 'NotebookEdit'];
     const usedFileTools = FILE_TOOLS.some((t) => usedTools.has(t));
     onMessage('bot:done', { conversationId, usedFileTools });
   }
@@ -792,7 +792,7 @@ export async function runAgentQuery(req: AgentQueryRequest): Promise<AgentQueryR
       }
     }
 
-    const usedFileTools = ['Write', 'Edit'].some((t) => usedTools.has(t));
+    const usedFileTools = ['Write', 'Edit', 'MultiEdit', 'NotebookEdit'].some((t) => usedTools.has(t));
     log.info(`[claude/agent-api] Done: ${fullText.length} chars, tools=[${Array.from(usedTools).join(',')}], session=${sessionId || 'unknown'}`);
     return { ok: true, response: fullText, sessionId, toolsUsed: Array.from(usedTools), usedFileTools };
   } catch (err: any) {

package/supervisor/harnesses/pi/session.ts

@@ -59,7 +59,7 @@ export interface PiSession {
   getMessages(): PiMessage[];
 }
 
-const FILE_TOOL_NAMES = new Set(['Write', 'Edit', 'write', 'edit']);
+const FILE_TOOL_NAMES = new Set(['Write', 'Edit', 'MultiEdit', 'NotebookEdit', 'write', 'edit', 'multiEdit', 'notebookEdit']);
 const MAX_TOOL_ROUNDS = 25;
 
 export function createPiSession(init: PiSessionInit): PiSession {

package/supervisor/index.ts

@@ -28,6 +28,18 @@ import { execSync, spawn as cpSpawn } from 'child_process';
 import crypto from 'crypto';
 import { ChannelManager } from './channels/manager.js';
 
+// Last-resort process-level safety nets. The supervisor is the SINGLE process that keeps
+// chat alive (G1) and heals the backend (G3); a stray throw inside an emitter callback
+// (a WS frame, an fs.watch event, a read-stream error) or an unhandled rejection must NOT
+// take it down. Log loudly and stay up — never exit here. Per-site guards still handle
+// their own errors; this is defense-in-depth, not a substitute for them.
+process.on('uncaughtException', (err) => {
+  log.error(`[supervisor] uncaughtException (kept alive): ${err instanceof Error ? err.stack || err.message : String(err)}`);
+});
+process.on('unhandledRejection', (reason) => {
+  log.error(`[supervisor] unhandledRejection (kept alive): ${reason instanceof Error ? reason.stack || reason.message : String(reason)}`);
+});
+
 const DIST_BLOBY = path.join(PKG_DIR, 'dist-bloby');
 const SUPERVISOR_PUBLIC = path.join(PKG_DIR, 'supervisor', 'public');
 
@@ -317,10 +329,15 @@ export async function startSupervisor() {
   }
   const chatSubscribers = new Set<ChatSubscriber>();
 
-  /** Call worker API endpoints (in-process via supervisor's own HTTP server) */
-  async function workerApi(apiPath: string, method = 'GET', body?: any) {
+  /** Call worker API endpoints (in-process via supervisor's own HTTP server).
+   *  `timeoutMs` is opt-in: pass it only for calls that must not hang the caller
+   *  (e.g. the bot:response persist that gates the chat reply broadcast). Leave it
+   *  unset for calls whose duration is legitimately long (e.g. Whisper transcription),
+   *  so a generous timeout here never spuriously fails them. */
+  async function workerApi(apiPath: string, method = 'GET', body?: any, timeoutMs?: number) {
     const opts: RequestInit = { method, headers: { 'Content-Type': 'application/json', 'x-internal': internalSecret } };
     if (body) opts.body = JSON.stringify(body);
+    if (timeoutMs) opts.signal = AbortSignal.timeout(timeoutMs);
     const res = await fetch(`http://127.0.0.1:${config.port}${apiPath}`, opts);
     return res.json();
   }
@@ -1455,7 +1472,9 @@ mint();
                   }));
                 }
               }
-            } catch {}
+            } catch (err: any) {
+              log.warn(`[workspace-chat] recent/status fetch failed (seeding without history): ${err?.message || err}`);
+            }
 
             if (!hasConversation(convId)) {
               log.info(`[workspace-chat] Starting new live conversation: ${convId}`);
@@ -1635,7 +1654,11 @@ mint();
           // Hashed assets (.js, .css): immutable caching
           const cacheControl = ext === '.html' ? 'no-cache' : 'public, max-age=31536000, immutable';
           res.writeHead(200, { 'Content-Type': mime, 'Cache-Control': cacheControl });
-          fs.createReadStream(fullPath).pipe(res);
+          // A file removed/replaced mid-stream (common during a workspace rebuild) emits an
+          // async 'error' on the stream — without this listener it crashes the supervisor (G1).
+          const rs = fs.createReadStream(fullPath);
+          rs.on('error', () => { if (!res.headersSent) { res.writeHead(404); res.end('Not found'); } else res.destroy(); });
+          rs.pipe(res);
         } else {
           res.writeHead(404);
           res.end('Not found');
@@ -1658,14 +1681,16 @@ mint();
           const ext = path.extname(assetPath);
           const mime = MIME_TYPES[ext] || 'application/octet-stream';
           res.writeHead(200, { 'Content-Type': mime, 'Cache-Control': 'public, max-age=86400' });
-          fs.createReadStream(assetPath).pipe(res);
+          const rs = fs.createReadStream(assetPath);
+          rs.on('error', () => { if (!res.headersSent) { res.writeHead(404); res.end('Not found'); } else res.destroy(); });
+          rs.pipe(res);
           return;
         }
       } catch { /* fall through to Vite */ }
     }
 
     // Everything else → proxy to dashboard Vite dev server
-    console.log(`[supervisor] → dashboard Vite :${vitePorts.dashboard} | ${req.method} ${req.url}`);
+    console.log(`[supervisor] → dashboard Vite :${vitePorts.dashboard} | ${req.method} ${(req.url || '').split('?')[0]}`);
     const proxy = http.request(
       { host: '127.0.0.1', port: vitePorts.dashboard, path: req.url, method: req.method, headers: req.headers },
       (proxyRes) => {
@@ -1689,6 +1714,9 @@ mint();
 
   appWss.on('connection', (ws) => {
     console.log('[supervisor] App API WS client connected');
+    // An 'error' event with no listener is rethrown by Node as an uncaught exception,
+    // which would crash the whole supervisor. ws still tears down + fires 'close'.
+    ws.on('error', (err: any) => console.warn(`[app-ws] socket error: ${err?.message || err}`));
 
     // Per-WS chat subscription: when the client opts in, this WS joins chatSubscribers
     // and receives every bot:* / chat:* event the dashboard widget does. SSE through the
@@ -1939,9 +1967,13 @@ mint();
       if (type === 'bot:response') {
         currentStreamBuffer = '';
         try {
+          // 15s timeout: if this in-process write ever hangs (vs. rejects), the reply
+          // broadcast below would never fire and the user's answer would silently vanish.
+          // The timeout converts a hang into the already-handled catch → chat:persist-error,
+          // and the reply still broadcasts. A message INSERT is sub-ms, so 15s is generous.
           await workerApi(`/api/conversations/${convId}/messages`, 'POST', {
             role: 'assistant', content: eventData.content, meta: { model },
-          });
+          }, 15000);
         } catch (err: any) {
           log.warn(`[bloby] DB persist bot response error: ${err.message}`);
           broadcastBloby('chat:persist-error', { conversationId: convId, role: 'assistant', error: err.message });
@@ -1959,6 +1991,9 @@ mint();
 
   blobyWss.on('connection', (ws) => {
     log.info('Bloby chat connected');
+    // See appWss above: a listener-less 'error' event would crash the supervisor and kill
+    // chat for everyone (G1). ws still fires 'close' afterward, so map cleanup still runs.
+    ws.on('error', (err: any) => log.warn(`[bloby-ws] socket error: ${err?.message || err}`));
     let convId = Math.random().toString(36).slice(2) + Date.now().toString(36);
     conversations.set(ws, []);
 
@@ -1983,7 +2018,11 @@ mint();
         return;
       }
 
-      const msg = JSON.parse(rawStr);
+      // Guarded parse — a single malformed (non-'ping') text frame must never throw out
+      // of this handler and crash the supervisor (G1). Mirrors the appWss handler above.
+      let msg: any;
+      try { msg = JSON.parse(rawStr); } catch { return; }
+      if (!msg || typeof msg !== 'object') return;
 
       // Whisper transcription via WebSocket (bypasses relay POST issues)
       if (msg.type === 'whisper:transcribe') {
@@ -2273,7 +2312,9 @@ mint();
                   }));
                 }
               }
-            } catch {}
+            } catch (err: any) {
+              log.warn(`[bloby] recent/status fetch failed (seeding without history): ${err?.message || err}`);
+            }
 
             log.info(`[orchestrator] ──── USER MESSAGE ────`);
             log.info(`[orchestrator] Content: "${content.slice(0, 100)}..."`);
@@ -2394,7 +2435,8 @@ mint();
 
   // Bloby chat WebSocket — Vite HMR is handled automatically (hmr.server = this server)
   server.on('upgrade', async (req, socket: net.Socket, head) => {
-    console.log(`[supervisor] WebSocket upgrade: ${req.url} | protocol=${req.headers['sec-websocket-protocol'] || 'none'}`);
+    // Strip the query string: /bloby/ws?token=<7-day session token> must not be logged.
+    console.log(`[supervisor] WebSocket upgrade: ${(req.url || '').split('?')[0]} | protocol=${req.headers['sec-websocket-protocol'] || 'none'}`);
 
     // App API WebSocket — no auth (backend handles its own auth)
     if (req.url?.startsWith('/app/ws')) {
@@ -2738,7 +2780,15 @@ mint();
   }
 
   // Shutdown
+  let shuttingDown = false;
   const shutdown = async () => {
+    if (shuttingDown) return; // both SIGINT and SIGTERM (or a repeat) call this
+    shuttingDown = true;
+    // Hard-exit deadline: never let a hung teardown step (e.g. the relay `disconnect`
+    // fetch on a dead network during sleep/wake) block process exit. Without this the
+    // daemon manager SIGKILLs us, orphaning the backend child + cloudflared. .unref() so
+    // the timer itself can never keep the loop alive past a clean, fast shutdown.
+    setTimeout(() => process.exit(0), 5000).unref();
     log.info('Shutting down...');
     await channelManager.disconnectAll();
     stopScheduler();

package/worker/index.ts

@@ -149,7 +149,24 @@ app.get('/api/conversations/:id/messages', (req, res) => {
   }
 });
 app.delete('/api/conversations/:id', (req, res) => { deleteConversation(req.params.id); res.json({ ok: true }); });
-app.get('/api/settings', (_, res) => res.json(getAllSettings()));
+app.get('/api/settings', (_, res) => {
+  // SECURITY: GET /api/settings is reachable UNAUTHENTICATED — the supervisor auth gate
+  // skips GET/HEAD, and the public relay handle (bloby.bot/<handle>) proxies straight
+  // through to here. So this response must never carry credentials/secrets. Strip them.
+  // The known consumers (widget.js, bloby-main, workspace App.tsx) read only non-secret
+  // keys (onboard flags, user_name, agent_name, whisper_enabled); "is a password set" is
+  // exposed separately as portalConfigured on /api/onboard/status.
+  const SECRET_KEYS = new Set([
+    'portal_pass', 'totp_secret', 'totp_pending_secret', 'totp_recovery_codes',
+    'whisper_key', 'vapid_private_key',
+  ]);
+  const safe: Record<string, string> = {};
+  for (const [k, v] of Object.entries(getAllSettings())) {
+    if (SECRET_KEYS.has(k) || k.startsWith('totp_pending_login')) continue;
+    safe[k] = v as string;
+  }
+  res.json(safe);
+});
 app.put('/api/settings/:key', (req, res) => {
   setSetting(req.params.key, req.body.value);
   res.json({ ok: true });