claude-rpc 0.16.2 → 0.17.0

package/src/notify.js

@@ -6,6 +6,22 @@
 import { spawn } from 'node:child_process';
 import { platform } from 'node:os';
 
+/**
+ * Strip shell/PowerShell metacharacters from a label before it's interpolated
+ * into a notifier command or webhook body. The win32 path below puts text
+ * inside a double-quoted PowerShell string, where `$(...)` and backtick are
+ * evaluated and JSON.stringify escapes neither — so an unsanitized project
+ * name (a directory literally named `x$(calc.exe)`) could execute. Allow only
+ * unicode letters/numbers + space/._- : plenty for a readable label, and it
+ * neutralizes the PowerShell, osascript, and webhook sinks alike. Callers
+ * passing any cwd-derived text MUST run it through this first.
+ * @param {string} s
+ * @returns {string}
+ */
+export function sanitizeLabel(s) {
+  return String(s || '').replace(/[^\p{L}\p{N} ._-]/gu, '');
+}
+
 /**
  * Best-effort native desktop notification (osascript / PowerShell / notify-send).
  * Never throws — a missing notifier binary is swallowed.
@@ -57,6 +73,7 @@ export function postWebhook(url, payload) {
       method: 'POST',
       headers: { 'content-type': 'application/json' },
       body: JSON.stringify(payload),
+      signal: AbortSignal.timeout(4000), // fire-and-forget; don't let a hung webhook leak a socket
     }).catch(() => {});
   } catch {
     /* best-effort */

package/src/paths.js

@@ -1,13 +1,24 @@
 import { homedir, tmpdir } from 'node:os';
 import { join, dirname, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { createRequire } from 'node:module';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 
-// Detect packaged mode. Covers both pkg (process.pkg) and Node SEA (where
-// process.execPath is the renamed exe rather than node/node.exe).
-export const IS_PACKAGED = typeof process.pkg !== 'undefined'
-  || !/[\\/]node(\.exe)?$/i.test(process.execPath || '');
+// Detect packaged mode. Covers both pkg (process.pkg) and Node SEA. We ask
+// node:sea directly (the same guarded require server/assets.js uses) rather
+// than sniffing process.execPath: the old "execPath doesn't end in /node"
+// heuristic wrongly flagged a renamed runtime — Debian's `nodejs`, a `node24`
+// build, any non-canonical binary — as a packaged SEA, which cascaded into a
+// wrong CONFIG_PATH, a dead HOOK_SCRIPT, and IS_NPM_INSTALL flipping false on
+// the primary install path. isSea() is true ONLY inside a real SEA binary.
+function detectSea() {
+  try {
+    const sea = createRequire(import.meta.url)('node:sea');
+    return typeof sea.isSea === 'function' && sea.isSea();
+  } catch { return false; } // node:sea absent (Node < 20.12) → not a SEA
+}
+export const IS_PACKAGED = typeof process.pkg !== 'undefined' || detectSea();
 
 export const ROOT = resolve(__dirname, '..');
 

package/src/presence.js

@@ -0,0 +1,75 @@
+// Pure presence-render helpers extracted from daemon.js so the most
+// regression-prone bits of the Discord payload — frame selection, rotation
+// cursoring, and large-image precedence — are unit-testable. daemon.js can't be
+// imported under test (it connects IPC and writes a PID file at module load),
+// so this is where that logic lives and gets covered.
+
+// A rotation cursor. The daemon owns one instance; selectFrame reads + advances
+// it across ticks. Kept as plain mutable state (not a closure) so it can be
+// constructed fresh in a test.
+export function makeRotationCursor() {
+  return { index: 0, lastAt: 0, status: null };
+}
+
+// Choose the active frame set for a status from the new `presence.byStatus`
+// block when present. A byStatus entry is { details, state, largeImageText,
+// rotation? }: with a rotation the base { details, state } renders first and the
+// rotation array cycles after it; otherwise it's a single fixed frame. Falls
+// back to a legacy top-level p.rotation, then a single { details, state } frame.
+// Returns { frames, largeImageTextTpl }.
+export function pickFrames(p, status) {
+  const sb = p.byStatus?.[status];
+  if (sb) {
+    const base = { details: sb.details, state: sb.state, largeImageText: sb.largeImageText };
+    const frames = Array.isArray(sb.rotation) && sb.rotation.length ? [base, ...sb.rotation] : [base];
+    return { frames, largeImageTextTpl: sb.largeImageText || null };
+  }
+  if (Array.isArray(p.rotation) && p.rotation.length) return { frames: p.rotation, largeImageTextTpl: null };
+  return { frames: [{ details: p.details, state: p.state }], largeImageTextTpl: null };
+}
+
+// Pick the frame to render this tick. Drops frames whose `requires` vars are
+// empty/zero (keeping at least the base frame), resets the cursor on a status
+// change — STARTING on the base frame — and advances at most once per
+// intervalMs. `framePasses` and `now` are injected so this is testable without
+// format.js or a real clock.
+//
+// #5 fix: the prior code reset lastAt to 0 on a status change, so on the very
+// next tick `now - 0 >= intervalMs` was always true and the cursor advanced
+// straight past the base frame — entering idle landed the user mid-rotation on a
+// lifetime-stats frame instead of "Idle in <project>". Seeding lastAt to `now`
+// keeps the first tick on index 0.
+export function selectFrame(rawFrames, vars, status, cursor, intervalMs, framePasses, now) {
+  if (status !== cursor.status) {
+    cursor.index = 0;
+    cursor.lastAt = now;
+    cursor.status = status;
+  }
+  const passing = (rawFrames || []).filter((f) => framePasses(f, vars));
+  const frames = passing.length ? passing : (rawFrames || []).slice(0, 1);
+  if (!frames.length) return {};
+  if (frames.length > 1 && now - cursor.lastAt >= intervalMs) {
+    cursor.index = (cursor.index + 1) % frames.length;
+    cursor.lastAt = now;
+  }
+  return frames[cursor.index % frames.length] || {};
+}
+
+// Large-image key precedence (returns the TEMPLATE string; the caller fills it):
+//   1. statusAssets[status]          per-status art ("working" gif, etc.)
+//   2. modelAssets[fable|opus|sonnet|haiku|default]   per-model art, never stale
+//   3. p.largeImageKey               global fallback
+export function resolveLargeImageKey(config, p, status, model) {
+  if (config.statusAssets && config.statusAssets[status]) return config.statusAssets[status];
+  if (config.modelAssets && model && status !== 'stale') {
+    const m = String(model).toLowerCase();
+    let pick = null;
+    if (m.includes('fable')) pick = config.modelAssets.fable;
+    else if (m.includes('opus')) pick = config.modelAssets.opus;
+    else if (m.includes('sonnet')) pick = config.modelAssets.sonnet;
+    else if (m.includes('haiku')) pick = config.modelAssets.haiku;
+    if (!pick) pick = config.modelAssets.default;
+    if (pick) return pick;
+  }
+  return p.largeImageKey || null;
+}

package/src/scanner.js

@@ -62,7 +62,7 @@ function dayKeyNum(key) {
   return dayNum(y, m - 1, d);
 }
 
-const EDITING_TOOLS = new Set(['Write', 'Edit', 'NotebookEdit']);
+const EDITING_TOOLS = new Set(['Write', 'Edit', 'MultiEdit', 'NotebookEdit']);
 
 // First non-env token of a shell command. `FOO=bar git status` → `git`.
 // Strips `sudo`, `time`, and tee-style decorators that aren't the "real" command.
@@ -316,7 +316,11 @@ function parseChunkInto(text, summary, pstate) {
         const turnCost = costFor({ model: turnModel, usage: u });
         if (turnCost > 0) {
           summary.cost += turnCost;
-          summary.costByModel[mkey] = (summary.costByModel[mkey] || 0) + turnCost;
+          // When the turn has no model id, mkey is null but costFor charged it
+          // at sonnet rates (pricing's default) — bucket it under 'sonnet', not
+          // a literal "null" key that renders as a "null" bar on the dashboard.
+          const ck = mkey || 'sonnet';
+          summary.costByModel[ck] = (summary.costByModel[ck] || 0) + turnCost;
           if (mb) mb.cost += turnCost;
           for (const bucket of allBuckets) bucket.cost += turnCost;
         }
@@ -356,6 +360,20 @@ function parseChunkInto(text, summary, pstate) {
               bucket.linesAdded += adds;
               bucket.linesRemoved += rems;
             }
+          } else if (b.name === 'MultiEdit') {
+            // One MultiEdit carries N independent edits; sum their churn the
+            // same way Edit does. (File-edit count above already credited it
+            // once, the right granularity for hotspots.)
+            for (const e of (Array.isArray(input.edits) ? input.edits : [])) {
+              const adds = countLines(e.new_string);
+              const rems = countLines(e.old_string);
+              summary.linesAdded += adds;
+              summary.linesRemoved += rems;
+              for (const bucket of allBuckets) {
+                bucket.linesAdded += adds;
+                bucket.linesRemoved += rems;
+              }
+            }
           } else if (b.name === 'Write') {
             const adds = countLines(input.content);
             summary.linesAdded += adds;

package/src/server/api.js

@@ -20,7 +20,10 @@ export function rangeToDays(range) {
   if (range === 'all') return Infinity;
   if (range === '1y') return 365;
   const n = parseInt(range, 10);
-  return Number.isFinite(n) && n > 0 ? n : 90;
+  // Clamp to a year-and-change. windowedAggregate loops once per day, so an
+  // unclamped `?range=99999999` would spin ~100M iterations and wedge the
+  // single-threaded serve process — reachable from any localhost page.
+  return Number.isFinite(n) && n > 0 ? Math.min(n, 366) : 90;
 }
 
 // Filter byDay to a windowed slice; also recompute roll-ups (top files etc.)
@@ -56,10 +59,21 @@ export function windowedAggregate(agg, range) {
     cacheWriteTokens += day.cacheWriteTokens || 0;
   }
 
+  // Prior identical window (the `days` days immediately before this one) so the
+  // range card can show a "vs prior" delta like the today card does. Finite
+  // windows only — the 'all' branch returned early above. Bounded (days<=366).
+  let priorActiveMs = 0;
+  for (let i = days; i < days * 2; i++) {
+    const d = new Date(today); d.setDate(d.getDate() - i);
+    const day = (agg.byDay || {})[dayKey(d.getTime())];
+    if (day) priorActiveMs += day.activeMs || 0;
+  }
+
   return {
     range,
     byDay,
     activeMs,
+    priorActiveMs,
     userMessages: prompts,
     toolCalls,
     linesAdded: lines,

package/src/server/assets/dashboard.client.js

@@ -466,9 +466,14 @@
     $('range-unit').textContent = ru === 'h' ? 'hrs' : ru;
     $('range-sub').textContent = fmtN(aggData.userMessages || 0) + ' prompts · ' + fmtN(aggData.grandTokens || 0) + ' tok';
 
-    // Range delta vs prior identical window
-    // (approximation: today's value minus same-day-of-week last range)
-    setDelta($('range-delta'), 0, 'range');
+    // Range delta vs the prior identical window (server-computed priorActiveMs).
+    // Neutral when there's no prior data (fresh install / the 'all' range), so
+    // we don't show a misleading full-height arrow against an empty baseline.
+    if (aggData.priorActiveMs > 0) {
+      setDelta($('range-delta'), (aggData.activeMs || 0) - aggData.priorActiveMs, 'vs prior');
+    } else {
+      setDelta($('range-delta'), 0, '');
+    }
 
     // Cost card
     $('cost-num').textContent = fmtCost(aggData.estimatedCost || 0);

package/src/server/index.js

@@ -43,7 +43,7 @@ function isLocalHost(host) {
   return h === 'localhost' || h === '127.0.0.1' || h === '::1';
 }
 
-const server = createServer((req, res) => {
+function dispatch(req, res) {
   if (!isLocalHost(req.headers.host)) {
     res.writeHead(403, JSON_HEADERS).end(JSON.stringify({ error: 'forbidden' }));
     return;
@@ -105,6 +105,18 @@ const server = createServer((req, res) => {
   }
 
   res.writeHead(404).end('not found');
+}
+
+const server = createServer((req, res) => {
+  try {
+    dispatch(req, res);
+  } catch {
+    // A malformed aggregate or any thrown handler must not take down the whole
+    // in-process dashboard (it runs inside `claude-rpc serve`). Respond 500 if
+    // the socket is still writable, else just close it.
+    if (!res.headersSent) res.writeHead(500, JSON_HEADERS).end(JSON.stringify({ error: 'internal error' }));
+    else try { res.end(); } catch { /* socket already torn down */ }
+  }
 });
 
 watchSources();
@@ -127,3 +139,9 @@ server.listen(PORT, '127.0.0.1', () => {
 
 process.on('SIGINT', () => process.exit(0));
 process.on('SIGTERM', () => process.exit(0));
+
+// Last-resort floor for the async edges the per-request try/catch can't reach
+// (SSE writes, timer callbacks). Keeping the localhost dashboard alive beats
+// crashing it; the per-request guard above handles the common sync case.
+process.on('uncaughtException', (e) => { try { console.error('dashboard error:', e?.message || e); } catch { /* ignore */ } });
+process.on('unhandledRejection', (e) => { try { console.error('dashboard rejection:', e?.message || e); } catch { /* ignore */ } });

package/src/state.js

@@ -9,8 +9,9 @@ import {
   unlinkSync,
   statSync,
   fstatSync,
+  readdirSync,
 } from 'node:fs';
-import { basename } from 'node:path';
+import { basename, join } from 'node:path';
 import { STATE_PATH, STATE_DIR } from './paths.js';
 
 const DEFAULT_STATE = {
@@ -21,9 +22,10 @@ const DEFAULT_STATE = {
   status: 'idle',
   currentTool: null,
   currentFile: null,
-  // Set by PreCompact, cleared by PostCompact. While non-null the daemon
-  // renders the `compacting` frame so the card never reads "thinking"
-  // during a context squeeze (which is mechanically distinct from reasoning).
+  // Set by PreCompact, cleared by the next SessionStart (post-compaction
+  // arrives as SessionStart with source:'compact', whose reset clears it).
+  // While non-null the daemon renders the `compacting` frame so the card never
+  // reads "thinking" during a context squeeze (distinct from reasoning).
   compactStartedAt: null,
   compactTrigger: null,
   // Set by PreToolUse, cleared by PostToolUse. format.js derives {toolElapsed}
@@ -166,6 +168,22 @@ export function writeState(next) {
   renameSync(tmp, STATE_PATH);
 }
 
+// Best-effort sweep of orphaned per-pid tmp files (`state.json.<pid>.tmp`) left
+// behind when a writer was SIGKILLed between writeFileSync and renameSync —
+// they never self-clean otherwise. Call once on daemon startup, NOT in
+// ensureDir (the hot write path). 60s grace so we never race a live writer.
+export function sweepStaleStateTmp(now = Date.now()) {
+  try {
+    const re = new RegExp(`^${basename(STATE_PATH).replace(/\./g, '\\.')}\\.\\d+\\.tmp$`);
+    for (const name of readdirSync(STATE_DIR)) {
+      if (!re.test(name)) continue;
+      const full = join(STATE_DIR, name);
+      try { if (now - statSync(full).mtimeMs > 60_000) unlinkSync(full); }
+      catch { /* vanished or locked — best-effort */ }
+    }
+  } catch { /* STATE_DIR missing / unreadable — nothing to sweep */ }
+}
+
 export function updateState(mutator) {
   return withLock(() => {
     const current = readState();

package/src/tui.js

@@ -12,7 +12,6 @@ import { buildVars, applyIdle, humanProject } from './format.js';
 import { loadConfig } from './config.js';
 import { PID_PATH } from './paths.js';
 import { fmtCost } from './pricing.js';
-import { generateInsights } from './insights.js';
 import { heat } from './ui.js';
 
 // ── ANSI ────────────────────────────────────────────────────────────────────
@@ -79,13 +78,9 @@ function rule(w) { return C.gray + '─'.repeat(w - 4) + C.reset; }
 function bar(value, max, w = 16) {
   if (!max || max <= 0) return ''.padEnd(w);
   const filled = Math.max(0, Math.min(w, Math.round((value / max) * w)));
-  return `${heat(value / max) || C.magenta}${'█'.repeat(filled)}${C.reset}` + ' '.repeat(w - filled);
-}
-
-// Pad a (possibly ANSI-colored) line with spaces so its VISIBLE width hits n.
-function padR(s, n) {
-  const len = visLen(s);
-  return len >= n ? s : s + ' '.repeat(n - len);
+  // heat() is NO_COLOR-aware (returns '' when color is off); the old
+  // `|| C.magenta` fallback wasn't, so it injected a raw escape under NO_COLOR.
+  return `${heat(value / max)}${'█'.repeat(filled)}${C.reset}` + ' '.repeat(w - filled);
 }
 
 // Wrap each content line with a 2-space left margin.

package/src/version.js

@@ -11,7 +11,7 @@ import { readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { ROOT } from './paths.js';
 
-const BAKED = '0.16.2';
+const BAKED = '0.17.0';
 
 function readPkgVersion() {
   try {