claude-remote-cli 3.6.0 → 3.8.0

package/dist/frontend/index.html

@@ -11,7 +11,7 @@
   <meta name="apple-mobile-web-app-capable" content="yes" />
   <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
   <meta name="theme-color" content="#1a1a1a" />
-  <script type="module" crossorigin src="/assets/index-BYXQcBQc.js"></script>
+  <script type="module" crossorigin src="/assets/index-cJ7MQBLi.js"></script>
   <link rel="stylesheet" crossorigin href="/assets/index-CiwYPknn.css">
 </head>
 <body>

package/dist/server/auth.js

@@ -1,14 +1,34 @@
-import bcrypt from 'bcrypt';
 import crypto from 'node:crypto';
-const SALT_ROUNDS = 10;
+import { promisify } from 'node:util';
+const scrypt = promisify(crypto.scrypt);
+const SCRYPT_KEYLEN = 64;
 const MAX_ATTEMPTS = 5;
 const LOCKOUT_DURATION_MS = 15 * 60 * 1000; // 15 minutes
 const attemptMap = new Map();
 export async function hashPin(pin) {
-    return bcrypt.hash(pin, SALT_ROUNDS);
+    const salt = crypto.randomBytes(16).toString('hex');
+    const derived = await scrypt(pin, salt, SCRYPT_KEYLEN);
+    return `scrypt:${salt}:${derived.toString('hex')}`;
 }
 export async function verifyPin(pin, hash) {
-    return bcrypt.compare(pin, hash);
+    if (hash.startsWith('scrypt:')) {
+        const [, salt, storedHashHex] = hash.split(':');
+        if (!salt || !storedHashHex)
+            return false;
+        try {
+            const storedBuf = Buffer.from(storedHashHex, 'hex');
+            if (storedBuf.length !== SCRYPT_KEYLEN)
+                return false;
+            const derived = await scrypt(pin, salt, SCRYPT_KEYLEN);
+            return crypto.timingSafeEqual(storedBuf, derived);
+        }
+        catch {
+            return false;
+        }
+    }
+    // Legacy bcrypt hashes: require PIN reset
+    console.warn('[auth] Legacy bcrypt PIN hash detected. Delete pinHash from config and restart to set a new PIN.');
+    return false;
 }
 export function isRateLimited(ip) {
     const entry = attemptMap.get(ip);

package/dist/server/hooks.js

@@ -0,0 +1,196 @@
+import crypto from 'node:crypto';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { Router } from 'express';
+import express from 'express';
+import { stripAnsi, cleanEnv } from './utils.js';
+import { branchToDisplayName } from './git.js';
+import { writeMeta } from './config.js';
+const execFileAsync = promisify(execFile);
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const LOCALHOST_ADDRS = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+const DEFAULT_RENAME_PROMPT = 'Output ONLY a short kebab-case git branch name (no explanation, no backticks, no prefix, just the name) that describes this task:';
+const RENAME_RETRY_DELAY_MS = 5000;
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function setAgentState(session, state, deps) {
+    session.agentState = state;
+    deps.fireStateChange(session.id, state);
+    session._lastHookTime = Date.now();
+}
+function extractToolDetail(_toolName, toolInput) {
+    if (toolInput && typeof toolInput === 'object') {
+        const input = toolInput;
+        if (typeof input.file_path === 'string')
+            return input.file_path;
+        if (typeof input.path === 'string')
+            return input.path;
+        if (typeof input.command === 'string')
+            return input.command.slice(0, 80);
+    }
+    return undefined;
+}
+async function spawnBranchRename(session, promptText, deps) {
+    const cleanedPrompt = stripAnsi(promptText).slice(0, 500);
+    const renamePrompt = session.branchRenamePrompt ?? DEFAULT_RENAME_PROMPT;
+    const fullPrompt = renamePrompt + '\n\n' + cleanedPrompt;
+    const env = cleanEnv();
+    for (let attempt = 0; attempt < 2; attempt++) {
+        // Check session still exists before attempting
+        if (!deps.getSession(session.id))
+            return;
+        if (attempt > 0) {
+            await new Promise((resolve) => setTimeout(resolve, RENAME_RETRY_DELAY_MS));
+            // Re-check after delay
+            if (!deps.getSession(session.id))
+                return;
+        }
+        try {
+            const { stdout } = await execFileAsync('claude', ['-p', '--model', 'haiku', fullPrompt], { cwd: session.cwd, timeout: 30000, env });
+            // Sanitize output
+            let branchName = stdout
+                .replace(/`/g, '')
+                .replace(/[^a-zA-Z0-9-]/g, '-')
+                .replace(/-+/g, '-')
+                .replace(/^-+|-+$/g, '')
+                .toLowerCase()
+                .slice(0, 60);
+            if (!branchName)
+                continue;
+            // Check session still exists before renaming
+            if (!deps.getSession(session.id))
+                return;
+            await execFileAsync('git', ['branch', '-m', branchName], { cwd: session.cwd });
+            session.branchName = branchName;
+            session.displayName = branchToDisplayName(branchName);
+            deps.broadcastEvent('session-renamed', {
+                sessionId: session.id,
+                branchName: session.branchName,
+                displayName: session.displayName,
+            });
+            if (deps.configPath) {
+                writeMeta(deps.configPath, {
+                    worktreePath: session.repoPath,
+                    displayName: session.displayName,
+                    lastActivity: session.lastActivity,
+                    branchName: session.branchName,
+                });
+            }
+            return; // success
+        }
+        catch (err) {
+            if (attempt === 1) {
+                console.error('[hooks] branch rename failed after 2 attempts:', err);
+                session.needsBranchRename = true;
+            }
+        }
+    }
+}
+// ---------------------------------------------------------------------------
+// Factory
+// ---------------------------------------------------------------------------
+export function createHooksRouter(deps) {
+    const router = Router();
+    // Middleware: IP allowlist — only localhost, do NOT trust X-Forwarded-For
+    router.use((req, res, next) => {
+        const remoteAddr = req.socket.remoteAddress;
+        if (!remoteAddr || !LOCALHOST_ADDRS.has(remoteAddr)) {
+            res.status(403).json({ error: 'Forbidden' });
+            return;
+        }
+        next();
+    });
+    // Middleware: parse JSON with generous limit for PostToolUse payloads
+    router.use(express.json({ limit: '5mb' }));
+    // Middleware: token verification
+    router.use((req, res, next) => {
+        const sessionId = req.query.sessionId;
+        const token = req.query.token;
+        if (typeof sessionId !== 'string' || !sessionId) {
+            res.status(400).json({ error: 'Missing sessionId' });
+            return;
+        }
+        if (typeof token !== 'string' || !token) {
+            res.status(400).json({ error: 'Missing token' });
+            return;
+        }
+        const session = deps.getSession(sessionId);
+        if (!session) {
+            res.status(404).json({ error: 'Session not found' });
+            return;
+        }
+        const tokenBuf = Buffer.from(token);
+        const hookTokenBuf = Buffer.from(session.hookToken);
+        if (tokenBuf.length !== hookTokenBuf.length || !crypto.timingSafeEqual(tokenBuf, hookTokenBuf)) {
+            res.status(403).json({ error: 'Invalid token' });
+            return;
+        }
+        req._hookSession = session;
+        next();
+    });
+    // ---------------------------------------------------------------------------
+    // Route handlers
+    // ---------------------------------------------------------------------------
+    // POST /stop → idle
+    router.post('/stop', (req, res) => {
+        const session = req._hookSession;
+        setAgentState(session, 'idle', deps);
+        res.json({ ok: true });
+    });
+    // POST /notification → permission-prompt | waiting-for-input
+    router.post('/notification', (req, res) => {
+        const session = req._hookSession;
+        const type = req.query.type;
+        if (type === 'permission_prompt') {
+            setAgentState(session, 'permission-prompt', deps);
+            session.lastAttentionNotifiedAt = Date.now();
+            deps.notifySessionAttention(session.id, { displayName: session.displayName, type: session.type });
+        }
+        else if (type === 'idle_prompt') {
+            setAgentState(session, 'waiting-for-input', deps);
+            session.lastAttentionNotifiedAt = Date.now();
+            deps.notifySessionAttention(session.id, { displayName: session.displayName, type: session.type });
+        }
+        res.json({ ok: true });
+    });
+    // POST /prompt-submit → processing (+ optional branch rename on first message)
+    router.post('/prompt-submit', (req, res) => {
+        const session = req._hookSession;
+        setAgentState(session, 'processing', deps);
+        if (session.needsBranchRename === true) {
+            session.needsBranchRename = false;
+            const promptText = typeof req.body?.prompt === 'string' ? req.body.prompt : '';
+            spawnBranchRename(session, promptText, deps).catch((err) => {
+                console.error('[hooks] spawnBranchRename error:', err);
+            });
+        }
+        res.json({ ok: true });
+    });
+    // POST /session-end → acknowledge hook (PTY onExit owns actual cleanup and cleanedUp flag)
+    router.post('/session-end', (_req, res) => {
+        // Acknowledge hook — PTY onExit owns actual cleanup and cleanedUp flag
+        res.json({ ok: true });
+    });
+    // POST /tool-use → set currentActivity
+    router.post('/tool-use', (req, res) => {
+        const session = req._hookSession;
+        const body = req.body;
+        const toolName = typeof body?.tool_name === 'string' ? body.tool_name : '';
+        const toolInput = body?.tool_input;
+        const detail = extractToolDetail(toolName, toolInput);
+        session.currentActivity = detail !== undefined ? { tool: toolName, detail } : { tool: toolName };
+        deps.broadcastEvent('session-activity-changed', { sessionId: session.id });
+        res.json({ ok: true });
+    });
+    // POST /tool-result → clear currentActivity
+    router.post('/tool-result', (req, res) => {
+        const session = req._hookSession;
+        session.currentActivity = undefined;
+        deps.broadcastEvent('session-activity-changed', { sessionId: session.id });
+        res.json({ ok: true });
+    });
+    return router;
+}

package/dist/server/index.js

@@ -20,25 +20,15 @@ import { listBranches, isBranchStale } from './git.js';
 import * as push from './push.js';
 import { initAnalytics, closeAnalytics, createAnalyticsRouter } from './analytics.js';
 import { createWorkspaceRouter } from './workspaces.js';
+import { createHooksRouter } from './hooks.js';
 import { MOUNTAIN_NAMES } from './types.js';
+import { semverLessThan } from './utils.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 const execFileAsync = promisify(execFile);
-// ── Signal protection ────────────────────────────────────────────────────
-// Ignore SIGPIPE: piped bash commands (e.g. `cmd | grep | tail`) generate
-// SIGPIPE when the reading end of the pipe closes before the writer finishes.
-// node-pty's native module can propagate these to PTY sessions, causing
-// unexpected "session exited" in the browser. Ignoring SIGPIPE at the server
-// level prevents this cascade.
-process.on('SIGPIPE', () => { });
-// Ignore SIGHUP: if the controlling terminal disconnects (e.g. SSH drops),
-// keep the server and all PTY sessions alive.
-process.on('SIGHUP', () => { });
 // When run via CLI bin, config lives in ~/.config/claude-remote-cli/
 // When run directly (development), fall back to local config.json
 const CONFIG_PATH = process.env.CLAUDE_REMOTE_CONFIG || path.join(__dirname, '..', '..', 'config.json');
-// Ensure worktree metadata directory exists alongside config
-ensureMetaDir(CONFIG_PATH);
 const VERSION_CACHE_TTL = 5 * 60 * 1000;
 let versionCache = null;
 function getCurrentVersion() {
@@ -46,16 +36,6 @@ function getCurrentVersion() {
     const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
     return pkg.version;
 }
-function semverLessThan(a, b) {
-    const parse = (v) => v.split('.').map(Number);
-    const [aMaj = 0, aMin = 0, aPat = 0] = parse(a);
-    const [bMaj = 0, bMin = 0, bPat = 0] = parse(b);
-    if (aMaj !== bMaj)
-        return aMaj < bMaj;
-    if (aMin !== bMin)
-        return aMin < bMin;
-    return aPat < bPat;
-}
 async function getLatestVersion() {
     const now = Date.now();
     if (versionCache && now - versionCache.fetchedAt < VERSION_CACHE_TTL) {
@@ -154,6 +134,11 @@ function ensureGitignore(repoPath, entry) {
     }
 }
 async function main() {
+    // Ignore SIGPIPE: node-pty can propagate pipe breaks causing unexpected session exits
+    process.on('SIGPIPE', () => { });
+    // Ignore SIGHUP: keep server alive if controlling terminal disconnects
+    process.on('SIGHUP', () => { });
+    ensureMetaDir(CONFIG_PATH);
     let config;
     try {
         config = loadConfig(CONFIG_PATH);
@@ -241,6 +226,17 @@ async function main() {
     watcher.rebuild(config.workspaces || []);
     const server = http.createServer(app);
     const { broadcastEvent } = setupWebSocket(server, authenticatedTokens, watcher, CONFIG_PATH);
+    // Configure session defaults for hooks injection
+    sessions.configure({ port: config.port, forceOutputParser: config.forceOutputParser ?? false });
+    // Mount hooks router BEFORE auth middleware — hook callbacks come from localhost Claude Code
+    const hooksRouter = createHooksRouter({
+        getSession: sessions.get,
+        broadcastEvent,
+        fireStateChange: sessions.fireStateChange,
+        notifySessionAttention: push.notifySessionAttention,
+        configPath: CONFIG_PATH,
+    });
+    app.use('/hooks', hooksRouter);
     // Mount workspace router
     const workspaceRouter = createWorkspaceRouter({ configPath: CONFIG_PATH });
     app.use('/workspaces', requireAuth, workspaceRouter);
@@ -253,12 +249,16 @@ async function main() {
     }
     // Populate session metadata cache in background (non-blocking)
     populateMetaCache().catch(() => { });
-    // Push notifications on session idle
+    // Push notifications on session idle (skip when hooks already sent attention notification)
     sessions.onIdleChange((sessionId, idle) => {
         if (idle) {
             const session = sessions.get(sessionId);
             if (session && session.type !== 'terminal') {
-                push.notifySessionIdle(sessionId, session);
+                // Dedup: if hooks fired an attention notification within last 10s, skip
+                if (session.hooksActive && session.lastAttentionNotifiedAt && Date.now() - session.lastAttentionNotifiedAt < 10000) {
+                    return;
+                }
+                push.notifySessionAttention(sessionId, session);
             }
         }
     });

package/dist/server/output-parsers/claude-parser.js

@@ -1,4 +1,4 @@
-// Strip ANSI escape sequences (CSI, OSC, charset, mode sequences)
+// Duplicated from utils.ts to preserve output-parsers/ module boundary
 const ANSI_RE = /\x1b\[[0-9;]*[a-zA-Z]|\x1b\][^\x07]*\x07|\x1b[()][AB012]|\x1b\[\?[0-9;]*[hlm]|\x1b\[[0-9]*[ABCDJKH]/g;
 /**
  * Claude Code output parser.

package/dist/server/output-parsers/codex-parser.js

@@ -9,7 +9,5 @@ export class CodexOutputParser {
     onData(_chunk, _recentScrollback) {
         return null;
     }
-    reset() {
-        // No state to reset
-    }
+    reset() { }
 }

package/dist/server/pty-handler.js

@@ -1,10 +1,11 @@
 import pty from 'node-pty';
+import crypto from 'node:crypto';
 import fs from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import { AGENT_COMMANDS, AGENT_CONTINUE_ARGS } from './types.js';
 import { readMeta, writeMeta } from './config.js';
-import { fireSessionEnd } from './sessions.js';
+import { cleanEnv } from './utils.js';
 import { outputParsers } from './output-parsers/index.js';
 const IDLE_TIMEOUT_MS = 5000;
 const MAX_SCROLLBACK = 256 * 1024; // 256KB max
@@ -23,13 +24,52 @@ export function resolveTmuxSpawn(command, args, tmuxSessionName) {
         ],
     };
 }
-export function createPtySession(params, sessionsMap, idleChangeCallbacks, stateChangeCallbacks = []) {
-    const { id, type, agent = 'claude', repoName, repoPath, cwd, root, worktreeName, branchName, displayName, command, args = [], cols = 80, rows = 24, configPath, useTmux: paramUseTmux, tmuxSessionName: paramTmuxSessionName, initialScrollback, restored: paramRestored, } = params;
+function writeHooksSettingsFile(sessionId, port, token) {
+    const dir = path.join(os.tmpdir(), 'claude-remote-cli', sessionId);
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    const filePath = path.join(dir, 'hooks-settings.json');
+    const base = `http://127.0.0.1:${port}`;
+    const q = `sessionId=${sessionId}&token=${token}`;
+    const settings = {
+        hooks: {
+            Stop: [{ hooks: [{ type: 'http', url: `${base}/hooks/stop?${q}`, timeout: 5 }] }],
+            Notification: [
+                { matcher: 'permission_prompt', hooks: [{ type: 'http', url: `${base}/hooks/notification?${q}&type=permission_prompt`, timeout: 5 }] },
+                { matcher: 'idle_prompt', hooks: [{ type: 'http', url: `${base}/hooks/notification?${q}&type=idle_prompt`, timeout: 5 }] },
+            ],
+            UserPromptSubmit: [{ hooks: [{ type: 'http', url: `${base}/hooks/prompt-submit?${q}`, timeout: 5 }] }],
+            SessionEnd: [{ hooks: [{ type: 'http', url: `${base}/hooks/session-end?${q}`, timeout: 5 }] }],
+            PreToolUse: [{ hooks: [{ type: 'http', url: `${base}/hooks/tool-use?${q}`, timeout: 5 }] }],
+            PostToolUse: [{ hooks: [{ type: 'http', url: `${base}/hooks/tool-result?${q}`, timeout: 5 }] }],
+        },
+    };
+    fs.writeFileSync(filePath, JSON.stringify(settings, null, 2), 'utf-8');
+    fs.chmodSync(filePath, 0o600);
+    return filePath;
+}
+export function createPtySession(params, sessionsMap, idleChangeCallbacks, stateChangeCallbacks = [], sessionEndCallbacks = []) {
+    const { id, type, agent = 'claude', repoName, repoPath, cwd, root, worktreeName, branchName, displayName, command, args: rawArgs = [], cols = 80, rows = 24, configPath, useTmux: paramUseTmux, tmuxSessionName: paramTmuxSessionName, initialScrollback, restored: paramRestored, port, forceOutputParser, } = params;
+    let args = rawArgs;
     const createdAt = new Date().toISOString();
     const resolvedCommand = command || AGENT_COMMANDS[agent];
-    // Strip CLAUDECODE env var to allow spawning claude inside a claude-managed server
-    const env = Object.assign({}, process.env);
-    delete env.CLAUDECODE;
+    const env = cleanEnv();
+    // Inject hooks settings when spawning a real claude agent (not custom command, not forceOutputParser)
+    let hookToken = '';
+    let hooksActive = false;
+    let settingsPath = '';
+    const shouldInjectHooks = agent === 'claude' && !command && !forceOutputParser && port !== undefined;
+    if (shouldInjectHooks) {
+        hookToken = crypto.randomBytes(32).toString('hex');
+        try {
+            settingsPath = writeHooksSettingsFile(id, port, hookToken);
+            args = ['--settings', settingsPath, ...args];
+            hooksActive = true;
+        }
+        catch (err) {
+            console.warn(`[pty-handler] Failed to generate hooks settings for session ${id}:`, err);
+            hooksActive = false;
+        }
+    }
     const useTmux = !command && !!paramUseTmux;
     let spawnCommand = resolvedCommand;
     let spawnArgs = args;
@@ -78,6 +118,10 @@ export function createPtySession(params, sessionsMap, idleChangeCallbacks, state
         needsBranchRename: false,
         agentState: 'initializing',
         outputParser: parser,
+        hookToken,
+        hooksActive,
+        cleanedUp: false,
+        _lastHookTime: undefined,
     };
     sessionsMap.set(id, session);
     // Load existing metadata to preserve a previously-set displayName
@@ -129,14 +173,39 @@ export function createPtySession(params, sessionsMap, idleChangeCallbacks, state
             // Vendor-specific output parsing for semantic state detection
             const parseResult = session.outputParser.onData(data, scrollback.slice(-20));
             if (parseResult && parseResult.state !== session.agentState) {
-                session.agentState = parseResult.state;
-                for (const cb of stateChangeCallbacks)
-                    cb(session.id, parseResult.state);
+                if (session.hooksActive) {
+                    // Hooks are authoritative — check 30s reconciliation timeout
+                    const lastHook = session._lastHookTime;
+                    const sessionAge = Date.now() - new Date(session.createdAt).getTime();
+                    if (lastHook && Date.now() - lastHook > 30000) {
+                        // No hook for 30s and parser disagrees — parser overrides
+                        session.agentState = parseResult.state;
+                        for (const cb of stateChangeCallbacks)
+                            cb(session.id, parseResult.state);
+                    }
+                    else if (!lastHook && sessionAge > 30000) {
+                        // Hooks active but never fired in 30s — allow parser to override to prevent permanent suppression
+                        session.agentState = parseResult.state;
+                        for (const cb of stateChangeCallbacks)
+                            cb(session.id, parseResult.state);
+                    }
+                    // else: suppress parser — hooks are still fresh
+                }
+                else {
+                    // No hooks — parser is primary (current behavior)
+                    session.agentState = parseResult.state;
+                    for (const cb of stateChangeCallbacks)
+                        cb(session.id, parseResult.state);
+                }
             }
         });
         proc.onExit(() => {
             if (canRetry && (Date.now() - spawnTime) < 3000) {
-                const retryArgs = args.filter(a => !continueArgs.includes(a));
+                let retryArgs = rawArgs.filter(a => !continueArgs.includes(a));
+                // Re-inject hooks settings if active (settingsPath captured from outer scope)
+                if (session.hooksActive && settingsPath) {
+                    retryArgs = ['--settings', settingsPath, ...retryArgs];
+                }
                 const retryNotice = '\r\n[claude-remote-cli] --continue not available; starting new session...\r\n';
                 scrollback.length = 0;
                 scrollbackBytes = 0;
@@ -178,6 +247,9 @@ export function createPtySession(params, sessionsMap, idleChangeCallbacks, state
                 attachHandlers(retryPty, false);
                 return;
             }
+            if (session.cleanedUp)
+                return; // Dedup: SessionEnd hook already cleaned up
+            session.cleanedUp = true;
             if (restoredClearTimer)
                 clearTimeout(restoredClearTimer);
             // If PTY exited and this is a restored session, mark disconnected rather than delete
@@ -197,7 +269,14 @@ export function createPtySession(params, sessionsMap, idleChangeCallbacks, state
             if (configPath && worktreeName) {
                 writeMeta(configPath, { worktreePath: repoPath, displayName: session.displayName, lastActivity: session.lastActivity });
             }
-            fireSessionEnd(id, repoPath, session.branchName);
+            for (const cb of sessionEndCallbacks) {
+                try {
+                    cb(id, repoPath, session.branchName);
+                }
+                catch (err) {
+                    console.error('[pty-handler] sessionEnd callback error:', err);
+                }
+            }
             sessionsMap.delete(id);
             const tmpDir = path.join(os.tmpdir(), 'claude-remote-cli', id);
             fs.rm(tmpDir, { recursive: true, force: true }, () => { });

package/dist/server/push.js

@@ -58,7 +58,7 @@ function truncatePayload(payload) {
     }
     return payload.slice(0, MAX_PAYLOAD_SIZE);
 }
-export function notifySessionIdle(sessionId, session) {
+export function notifySessionAttention(sessionId, session) {
     if (!vapidPublicKey)
         return;
     const payloadObj = {

package/dist/server/sessions.js

@@ -13,6 +13,13 @@ const STALE_THRESHOLD_MS = 5 * 60 * 1000; // 5 minutes
 const sessions = new Map();
 // Session metadata cache: session ID or worktree path -> SessionMeta
 const metaCache = new Map();
+// Module-level defaults for hooks injection (set via configure())
+let defaultPort;
+let defaultForceOutputParser;
+function configure(opts) {
+    defaultPort = opts.port;
+    defaultForceOutputParser = opts.forceOutputParser;
+}
 let terminalCounter = 0;
 const idleChangeCallbacks = [];
 function onIdleChange(cb) {
@@ -27,51 +34,49 @@ function onSessionEnd(cb) {
     sessionEndCallbacks.push(cb);
 }
 function fireSessionEnd(sessionId, repoPath, branchName) {
-    for (const cb of sessionEndCallbacks)
-        cb(sessionId, repoPath, branchName);
+    for (const cb of sessionEndCallbacks) {
+        try {
+            cb(sessionId, repoPath, branchName);
+        }
+        catch (err) {
+            console.error('[sessions] sessionEnd callback error:', err);
+        }
+    }
+}
+export function fireStateChange(sessionId, state) {
+    for (const cb of stateChangeCallbacks)
+        cb(sessionId, state);
 }
-function create({ id: providedId, type, agent = 'claude', repoName, repoPath, cwd, root, worktreeName, branchName, displayName, command, args = [], cols = 80, rows = 24, configPath, useTmux: paramUseTmux, tmuxSessionName: paramTmuxSessionName, initialScrollback, restored: paramRestored, needsBranchRename: paramNeedsBranchRename, branchRenamePrompt: paramBranchRenamePrompt }) {
+function create({ id: providedId, needsBranchRename, branchRenamePrompt, agent = 'claude', cols = 80, rows = 24, args = [], port, forceOutputParser, ...rest }) {
     const id = providedId || crypto.randomBytes(8).toString('hex');
-    // PTY path
     const ptyParams = {
+        ...rest,
         id,
-        type,
         agent,
-        repoName,
-        repoPath,
-        cwd,
-        root,
-        worktreeName,
-        branchName,
-        displayName,
-        command,
-        args,
         cols,
         rows,
-        configPath,
-        useTmux: paramUseTmux,
-        tmuxSessionName: paramTmuxSessionName,
-        initialScrollback,
-        restored: paramRestored,
+        args,
+        port: port ?? defaultPort,
+        forceOutputParser: forceOutputParser ?? defaultForceOutputParser,
     };
-    const { session: ptySession, result } = createPtySession(ptyParams, sessions, idleChangeCallbacks, stateChangeCallbacks);
+    const { session: ptySession, result } = createPtySession(ptyParams, sessions, idleChangeCallbacks, stateChangeCallbacks, sessionEndCallbacks);
     trackEvent({
         category: 'session',
         action: 'created',
         target: id,
         properties: {
             agent,
-            type: type ?? 'worktree',
-            workspace: root ?? repoPath,
-            mode: command ? 'terminal' : 'agent',
+            type: rest.type ?? 'worktree',
+            workspace: rest.root ?? rest.repoPath,
+            mode: rest.command ? 'terminal' : 'agent',
         },
         session_id: id,
     });
-    if (paramNeedsBranchRename) {
+    if (needsBranchRename) {
         ptySession.needsBranchRename = true;
     }
-    if (paramBranchRenamePrompt) {
-        ptySession.branchRenamePrompt = paramBranchRenamePrompt;
+    if (branchRenamePrompt) {
+        ptySession.branchRenamePrompt = branchRenamePrompt;
     }
     return { ...result, needsBranchRename: !!ptySession.needsBranchRename };
 }
@@ -101,6 +106,7 @@ function list() {
         status: s.status,
         needsBranchRename: !!s.needsBranchRename,
         agentState: s.agentState,
+        currentActivity: s.currentActivity,
     }))
         .sort((a, b) => b.lastActivity.localeCompare(a.lastActivity));
 }
@@ -372,6 +378,4 @@ async function populateMetaCache() {
         }
     }));
 }
-// Re-export pty-handler utilities for backward compatibility
-export { generateTmuxSessionName, resolveTmuxSpawn } from './pty-handler.js';
-export { create, get, list, kill, killAllTmuxSessions, resize, updateDisplayName, write, onIdleChange, onStateChange, onSessionEnd, fireSessionEnd, findRepoSession, nextTerminalName, serializeAll, restoreFromDisk, activeTmuxSessionNames, getSessionMeta, getAllSessionMeta, populateMetaCache, AGENT_COMMANDS, AGENT_CONTINUE_ARGS, AGENT_YOLO_ARGS };
+export { configure, create, get, list, kill, killAllTmuxSessions, resize, updateDisplayName, write, onIdleChange, onStateChange, onSessionEnd, findRepoSession, nextTerminalName, serializeAll, restoreFromDisk, activeTmuxSessionNames, getSessionMeta, getAllSessionMeta, populateMetaCache, AGENT_COMMANDS, AGENT_CONTINUE_ARGS, AGENT_YOLO_ARGS };

package/dist/server/utils.js

@@ -0,0 +1,22 @@
+// Strip ANSI escape sequences (CSI, OSC, charset, mode sequences)
+export const ANSI_RE = /\x1b\[[0-9;]*[a-zA-Z]|\x1b\][^\x07]*\x07|\x1b[()][AB012]|\x1b\[\?[0-9;]*[hlm]|\x1b\[[0-9]*[ABCDJKH]/g;
+export function stripAnsi(text) {
+    return text.replace(ANSI_RE, '');
+}
+export function semverLessThan(a, b) {
+    const parse = (v) => (v.split('-').at(0) ?? v).split('.').map(Number);
+    const pa = parse(a);
+    const pb = parse(b);
+    const aMaj = pa[0] ?? 0, aMin = pa[1] ?? 0, aPat = pa[2] ?? 0;
+    const bMaj = pb[0] ?? 0, bMin = pb[1] ?? 0, bPat = pb[2] ?? 0;
+    if (aMaj !== bMaj)
+        return aMaj < bMaj;
+    if (aMin !== bMin)
+        return aMin < bMin;
+    return aPat < bPat;
+}
+export function cleanEnv() {
+    const env = Object.assign({}, process.env);
+    delete env.CLAUDECODE;
+    return env;
+}