codekin 0.2.1 → 0.3.0

package/server/dist/session-manager.js

@@ -10,22 +10,20 @@
  * on server startup. Active sessions are automatically restarted after a
  * server restart with staggered delays.
  *
- * Auto-approval rules (tools and Bash commands) are stored per-repo (keyed by
- * workingDir) in ~/.codekin/repo-approvals.json, so they persist across
- * sessions sharing the same repo.
+ * Delegates to focused modules:
+ * - ApprovalManager: repo-level auto-approval rules for tools/commands
+ * - SessionNaming: AI-powered session name generation with retry logic
+ * - SessionPersistence: disk I/O for session state
  */
 import { randomUUID } from 'crypto';
-import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'fs';
-import { join } from 'path';
-import { generateText } from 'ai';
-import { createGroq } from '@ai-sdk/groq';
-import { createOpenAI } from '@ai-sdk/openai';
-import { createGoogleGenerativeAI } from '@ai-sdk/google';
-import { createAnthropic } from '@ai-sdk/anthropic';
 import { ClaudeProcess } from './claude-process.js';
 import { SessionArchive } from './session-archive.js';
 import { cleanupWorkspace } from './webhook-workspace.js';
-import { DATA_DIR, PORT } from './config.js';
+import { PORT } from './config.js';
+import { ApprovalManager } from './approval-manager.js';
+import { SessionNaming } from './session-naming.js';
+import { SessionPersistence } from './session-persistence.js';
+import { deriveSessionToken } from './crypto-utils.js';
 /** Max messages retained in a session's output history buffer. */
 const MAX_HISTORY = 2000;
 /** Max auto-restart attempts before requiring manual intervention. */
@@ -51,15 +49,8 @@ const API_RETRY_PATTERNS = [
     /502/,
     /503/,
 ];
-const SESSIONS_FILE = join(DATA_DIR, 'sessions.json');
-const REPO_APPROVALS_FILE = join(DATA_DIR, 'repo-approvals.json');
-const PERSIST_DEBOUNCE_MS = 2000;
 export class SessionManager {
     sessions = new Map();
-    /** Repo-level auto-approval store, keyed by workingDir (repo path). */
-    repoApprovals = new Map();
-    _persistTimer = null;
-    _approvalPersistTimer = null;
     /** SQLite archive for closed sessions. */
     archive;
     /** Exposed so ws-server can pass its port to child Claude processes. */
@@ -70,154 +61,75 @@ export class SessionManager {
     _globalBroadcast = null;
     /** Registered listeners notified when a session's Claude process exits. */
     _exitListeners = [];
+    /** Delegated approval logic. */
+    approvalManager;
+    /** Delegated naming logic. */
+    sessionNaming;
+    /** Delegated persistence logic. */
+    sessionPersistence;
     constructor() {
         this.archive = new SessionArchive();
-        this.restoreFromDisk();
-        this.restoreRepoApprovalsFromDisk();
+        this.approvalManager = new ApprovalManager();
+        this.sessionPersistence = new SessionPersistence(this.sessions);
+        this.sessionNaming = new SessionNaming({
+            getSession: (id) => this.sessions.get(id),
+            hasSession: (id) => this.sessions.has(id),
+            getSetting: (key, fallback) => this.archive.getSetting(key, fallback),
+            rename: (sessionId, newName) => this.rename(sessionId, newName),
+        });
+        this.sessionPersistence.restoreFromDisk();
     }
-    /** Get or create the approval entry for a repo (workingDir). */
-    getRepoApprovalEntry(workingDir) {
-        let entry = this.repoApprovals.get(workingDir);
-        if (!entry) {
-            entry = { tools: new Set(), commands: new Set(), patterns: new Set() };
-            this.repoApprovals.set(workingDir, entry);
-        }
-        return entry;
+    // ---------------------------------------------------------------------------
+    // Approval delegation (preserves public API)
+    // ---------------------------------------------------------------------------
+    /** Check if a tool/command is auto-approved for a repo. */
+    checkAutoApproval(workingDir, toolName, toolInput) {
+        return this.approvalManager.checkAutoApproval(workingDir, toolName, toolInput);
     }
-    /** Add an auto-approval rule for a repo and persist. */
-    addRepoApproval(workingDir, opts) {
-        const entry = this.getRepoApprovalEntry(workingDir);
-        if (opts.tool)
-            entry.tools.add(opts.tool);
-        if (opts.command)
-            entry.commands.add(opts.command);
-        if (opts.pattern)
-            entry.patterns.add(opts.pattern);
-        this.persistRepoApprovalsDebounced();
+    /** Derive a glob pattern from a tool invocation for "Approve Pattern". */
+    derivePattern(toolName, toolInput) {
+        return this.approvalManager.derivePattern(toolName, toolInput);
     }
-    /**
-     * Command prefixes where prefix-based auto-approval is safe.
-     * Only commands whose behavior is determined by later arguments (not by target)
-     * should be listed here. Dangerous commands like rm, sudo, curl, etc. require
-     * exact match to prevent escalation (e.g. approving `rm -rf /tmp/x` should NOT
-     * also approve `rm -rf /`).
-     */
-    static SAFE_PREFIX_COMMANDS = new Set([
-        'git add', 'git commit', 'git diff', 'git log', 'git show', 'git stash',
-        'git status', 'git branch', 'git checkout', 'git switch', 'git rebase',
-        'git fetch', 'git pull', 'git merge', 'git tag', 'git rev-parse',
-        'npm run', 'npm test', 'npm install', 'npm ci', 'npm exec',
-        'npx', 'node', 'bun', 'deno',
-        'cargo build', 'cargo test', 'cargo run', 'cargo check', 'cargo clippy',
-        'make', 'cmake',
-        'python', 'python3', 'pip install',
-        'go build', 'go test', 'go run', 'go vet',
-        'tsc', 'eslint', 'prettier',
-        'cat', 'head', 'tail', 'wc', 'sort', 'uniq', 'diff', 'less',
-        'ls', 'pwd', 'echo', 'date', 'which', 'whoami', 'env', 'printenv',
-        'find', 'grep', 'rg', 'ag', 'fd',
-        'mkdir', 'touch',
-    ]);
-    /**
-     * Check if a tool/command is auto-approved for a repo.
-     * For Bash commands, uses prefix matching only for safe commands;
-     * dangerous commands require exact match to prevent escalation.
-     */
-    checkAutoApproval(workingDir, toolName, toolInput) {
-        const approvals = this.getRepoApprovalEntry(workingDir);
-        if (approvals.tools.has(toolName))
-            return true;
-        if (toolName === 'Bash') {
-            const cmd = String(toolInput.command || '').trim();
-            // Exact match always works
-            if (approvals.commands.has(cmd))
-                return true;
-            // Pattern match (e.g. "cat *" matches any cat command)
-            for (const pattern of approvals.patterns) {
-                if (this.matchesPattern(pattern, cmd))
-                    return true;
-            }
-            // Prefix match only for safe commands
-            const cmdPrefix = this.commandPrefix(cmd);
-            if (cmdPrefix && SessionManager.SAFE_PREFIX_COMMANDS.has(cmdPrefix)) {
-                for (const approved of approvals.commands) {
-                    if (this.commandPrefix(approved) === cmdPrefix)
-                        return true;
-                }
-            }
-        }
-        return false;
+    /** Return the auto-approved tools, commands, and patterns for a repo (workingDir). */
+    getApprovals(workingDir) {
+        return this.approvalManager.getApprovals(workingDir);
     }
-    /** Extract the command prefix (first two tokens) for prefix-based matching. */
-    commandPrefix(cmd) {
-        const tokens = cmd.split(/\s+/).filter(Boolean);
-        if (tokens.length === 0)
-            return '';
-        if (tokens.length === 1)
-            return tokens[0];
-        return `${tokens[0]} ${tokens[1]}`;
+    /** Remove an auto-approval rule for a repo (workingDir) and persist to disk. */
+    removeApproval(workingDir, opts, skipPersist = false) {
+        return this.approvalManager.removeApproval(workingDir, opts, skipPersist);
     }
-    /**
-     * Derive a glob pattern from a tool invocation for "Approve Pattern".
-     * Returns a string like "cat *" or "git diff *", or null if no safe pattern applies.
-     * Patterns use the format "<prefix> *" meaning "this prefix followed by anything".
-     */
-    derivePattern(toolName, toolInput) {
-        if (toolName !== 'Bash')
-            return null;
-        const cmd = String(toolInput.command || '').trim();
-        const tokens = cmd.split(/\s+/).filter(Boolean);
-        if (tokens.length === 0)
-            return null;
-        // Check single-token safe commands (cat, grep, ls, etc.)
-        const first = tokens[0];
-        if (SessionManager.SAFE_PREFIX_COMMANDS.has(first)) {
-            return `${first} *`;
-        }
-        // Check two-token safe commands (git diff, npm run, etc.)
-        if (tokens.length >= 2) {
-            const twoToken = `${tokens[0]} ${tokens[1]}`;
-            if (SessionManager.SAFE_PREFIX_COMMANDS.has(twoToken)) {
-                return `${twoToken} *`;
-            }
-        }
-        return null;
+    /** Add an auto-approval rule for a repo and persist (used by tests via `as any`). */
+    addRepoApproval(workingDir, opts) {
+        this.approvalManager.addRepoApproval(workingDir, opts);
     }
-    /**
-     * Check if a bash command matches a stored pattern.
-     * Patterns of the form "<prefix> *" match any command starting with <prefix>.
-     */
-    matchesPattern(pattern, cmd) {
-        if (pattern.endsWith(' *')) {
-            const prefix = pattern.slice(0, -2);
-            return cmd === prefix || cmd.startsWith(prefix + ' ');
-        }
-        return cmd === pattern;
+    /** Write repo-level approvals to disk. Exposed for shutdown. */
+    persistRepoApprovals() {
+        this.approvalManager.persistRepoApprovals();
     }
-    /** Save an "Always Allow" approval for a tool/command. */
-    saveAlwaysAllow(workingDir, toolName, toolInput) {
-        if (toolName === 'Bash') {
-            const cmd = String(toolInput.command || '').trim();
-            this.addRepoApproval(workingDir, { command: cmd });
-            console.log(`[auto-approve] saved command for repo ${workingDir}: ${cmd.slice(0, 80)}`);
-        }
-        else {
-            this.addRepoApproval(workingDir, { tool: toolName });
-            console.log(`[auto-approve] saved tool for repo ${workingDir}: ${toolName}`);
-        }
+    // ---------------------------------------------------------------------------
+    // Naming delegation (preserves public API)
+    // ---------------------------------------------------------------------------
+    /** Schedule session naming via AI provider. */
+    scheduleSessionNaming(sessionId) {
+        this.sessionNaming.scheduleSessionNaming(sessionId);
     }
-    /** Save a pattern-based approval (e.g. "cat *") for a tool/command. */
-    savePatternApproval(workingDir, toolName, toolInput) {
-        const pattern = this.derivePattern(toolName, toolInput);
-        if (pattern) {
-            this.addRepoApproval(workingDir, { pattern });
-            console.log(`[auto-approve] saved pattern for repo ${workingDir}: ${pattern}`);
-        }
-        else {
-            // No pattern derivable — skip saving rather than silently escalating to always-allow
-            console.log(`[auto-approve] no pattern derivable for ${toolName}, skipping pattern save`);
-        }
+    /** Re-trigger session naming on user interaction. */
+    retrySessionNamingOnInteraction(sessionId) {
+        this.sessionNaming.retrySessionNamingOnInteraction(sessionId);
     }
+    // ---------------------------------------------------------------------------
+    // Persistence delegation (preserves public API)
+    // ---------------------------------------------------------------------------
+    /** Write all sessions to disk as JSON (atomic rename to prevent corruption). */
+    persistToDisk() {
+        this.sessionPersistence.persistToDisk();
+    }
+    persistToDiskDebounced() {
+        this.sessionPersistence.persistToDiskDebounced();
+    }
+    // ---------------------------------------------------------------------------
+    // Session CRUD
+    // ---------------------------------------------------------------------------
     /** Create a new session and persist to disk. */
     create(name, workingDir, options) {
         const id = options?.id ?? randomUUID();
@@ -282,155 +194,6 @@ export class SessionManager {
         this.broadcast(session, { type: 'session_name_update', sessionId, name: newName });
         return true;
     }
-    /** Max naming retry attempts before giving up. */
-    static MAX_NAMING_ATTEMPTS = 5;
-    /** Back-off delays for naming retries: 20s, 60s, 120s, 240s, 240s */
-    static NAMING_DELAYS = [20_000, 60_000, 120_000, 240_000, 240_000];
-    /** Schedule session naming via the Anthropic API.
-     *  Used as a 20s fallback for long responses — fires immediately via result handler
-     *  for responses that finish sooner.
-     *  Automatically retries on failure with increasing delays. */
-    scheduleSessionNaming(sessionId) {
-        const session = this.sessions.get(sessionId);
-        if (!session)
-            return;
-        if (!session.name.startsWith('hub:'))
-            return;
-        // Don't schedule if a naming timer is already pending
-        if (session._namingTimer)
-            return;
-        // Give up after max attempts
-        if (session._namingAttempts >= SessionManager.MAX_NAMING_ATTEMPTS)
-            return;
-        const delay = SessionManager.NAMING_DELAYS[Math.min(session._namingAttempts, SessionManager.NAMING_DELAYS.length - 1)];
-        session._namingTimer = setTimeout(() => {
-            delete session._namingTimer;
-            this.executeSessionNaming(sessionId);
-        }, delay);
-    }
-    /** Resolve the AI model to use for session naming based on available API keys.
-     *  Respects the user's preferred support provider setting.
-     *  Fallback priority: Groq (free/fast) → OpenAI → Gemini → Anthropic. */
-    getNamingModel() {
-        const preferred = this.archive.getSetting('support_provider', 'auto');
-        const providers = {
-            groq: () => process.env.GROQ_API_KEY
-                ? createGroq({ apiKey: process.env.GROQ_API_KEY })('meta-llama/llama-4-scout-17b-16e-instruct')
-                : null,
-            openai: () => process.env.OPENAI_API_KEY
-                ? createOpenAI({ apiKey: process.env.OPENAI_API_KEY })('gpt-4o-mini')
-                : null,
-            gemini: () => process.env.GEMINI_API_KEY
-                ? createGoogleGenerativeAI({ apiKey: process.env.GEMINI_API_KEY })('gemini-2.5-flash')
-                : null,
-            anthropic: () => process.env.ANTHROPIC_API_KEY
-                ? createAnthropic({ apiKey: process.env.ANTHROPIC_API_KEY })('claude-haiku-4-5-20251001')
-                : null,
-        };
-        // If a specific provider is preferred and available, use it
-        if (preferred !== 'auto' && providers[preferred]) {
-            const model = providers[preferred]();
-            if (model)
-                return model;
-        }
-        // Auto: try in priority order
-        for (const key of ['groq', 'openai', 'gemini', 'anthropic']) {
-            const model = providers[key]();
-            if (model)
-                return model;
-        }
-        return null;
-    }
-    /** Execute the actual naming call. Called by the timer set in scheduleSessionNaming.
-     *  Uses the first available API provider for minimal cost and latency. */
-    async executeSessionNaming(sessionId) {
-        const session = this.sessions.get(sessionId);
-        if (!session)
-            return;
-        if (!session.name.startsWith('hub:'))
-            return;
-        session._namingAttempts++;
-        // Gather context from conversation history
-        const latestContext = session.outputHistory
-            .filter(m => m.type === 'output')
-            .map(m => m.data || '')
-            .join('')
-            .slice(0, 2000);
-        const userMsg = session._lastUserInput || '';
-        if (!userMsg && !latestContext) {
-            // No context yet — schedule a retry
-            this.scheduleSessionNaming(sessionId);
-            return;
-        }
-        const model = this.getNamingModel();
-        if (!model) {
-            console.warn('[session-name] No API key set for naming (GROQ_API_KEY, OPENAI_API_KEY, GEMINI_API_KEY, or ANTHROPIC_API_KEY), skipping');
-            return;
-        }
-        try {
-            const { text } = await generateText({
-                model,
-                maxOutputTokens: 60,
-                prompt: [
-                    'Generate a descriptive name (3-6 words, max 60 characters) for this coding session.',
-                    'The name MUST be at least 3 words that clearly summarize what the user is working on.',
-                    'Reply with ONLY the session name. No quotes, no punctuation, no explanation.',
-                    'Example names: "Fix Login Page Styling", "Add User Auth Flow", "Refactor Database Query Performance"',
-                    '',
-                    `User message: ${userMsg.slice(0, 500)}`,
-                    '',
-                    `Assistant response (truncated): ${latestContext.slice(0, 1500)}`,
-                ].join('\n'),
-            });
-            if (!this.sessions.has(sessionId))
-                return;
-            if (!session.name.startsWith('hub:'))
-                return;
-            const rawName = text
-                .trim()
-                .replace(/^["'`*_]+|["'`*_]+$/g, '')
-                .replace(/^(session\s*name\s*[:：]\s*)/i, '')
-                .trim();
-            const wordCount = rawName.split(/\s+/).filter(w => w.length > 0).length;
-            if (rawName.length >= 2 && rawName.length <= 80 && wordCount >= 3) {
-                const finalName = rawName.length <= 60
-                    ? rawName
-                    : (rawName.slice(0, 60).replace(/\s+\S*$/, '') || rawName.slice(0, 60));
-                this.rename(sessionId, finalName);
-            }
-            else {
-                console.warn(`[session-name] invalid name (${rawName.length} chars, ${wordCount} words): "${rawName.slice(0, 80)}"`);
-                this.scheduleSessionNaming(sessionId);
-            }
-        }
-        catch (err) {
-            if (!this.sessions.has(sessionId))
-                return;
-            const msg = err instanceof Error ? err.message : String(err);
-            console.warn(`[session-name] attempt ${session._namingAttempts} failed: ${msg}`);
-            this.scheduleSessionNaming(sessionId);
-        }
-    }
-    /** Re-trigger session naming when user interacts, if the session is still unnamed
-     *  and no naming timer is already pending. Uses a short delay (5s) since we already
-     *  have conversation context at this point. */
-    retrySessionNamingOnInteraction(sessionId) {
-        const session = this.sessions.get(sessionId);
-        if (!session)
-            return;
-        if (!session.name.startsWith('hub:'))
-            return;
-        // Already have a timer pending or exhausted retries
-        if (session._namingTimer)
-            return;
-        if (session._namingAttempts >= SessionManager.MAX_NAMING_ATTEMPTS)
-            return;
-        // Short delay — context already available from prior turns
-        session._namingTimer = setTimeout(() => {
-            delete session._namingTimer;
-            this.executeSessionNaming(sessionId);
-        }, 5_000);
-    }
     /** Add a WebSocket client to a session. Returns the session or undefined if not found.
      *  Re-broadcasts any pending approval/control prompts so the joining client sees them. */
     join(sessionId, ws) {
@@ -542,6 +305,9 @@ export class SessionManager {
             console.error('[session-manager] Failed to archive session:', err);
         }
     }
+    // ---------------------------------------------------------------------------
+    // Claude process lifecycle
+    // ---------------------------------------------------------------------------
     /**
      * Spawn (or re-spawn) a Claude CLI process for a session.
      * Wires up all event handlers for streaming text, tools, prompts, and auto-restart.
@@ -556,11 +322,16 @@ export class SessionManager {
         if (session.claudeProcess) {
             session.claudeProcess.stop();
         }
+        // Derive a session-scoped token instead of forwarding the master auth token.
+        // This limits child process privileges to approve/deny for their own session only.
+        const sessionToken = this._authToken
+            ? deriveSessionToken(this._authToken, sessionId)
+            : '';
         const extraEnv = {
             CODEKIN_SESSION_ID: sessionId,
             CODEKIN_PORT: String(this._serverPort || PORT),
-            CODEKIN_TOKEN: this._authToken || '',
-            CODEKIN_AUTH_TOKEN: this._authToken || '',
+            CODEKIN_TOKEN: sessionToken,
+            CODEKIN_AUTH_TOKEN: sessionToken,
             CODEKIN_SESSION_TYPE: session.source || 'manual',
         };
         // Pass CLAUDE_PROJECT_DIR so hooks resolve correctly even when the session's
@@ -770,7 +541,7 @@ export class SessionManager {
                 clearTimeout(session._namingTimer);
                 delete session._namingTimer;
             }
-            void this.executeSessionNaming(sessionId);
+            void this.sessionNaming.executeSessionNaming(sessionId);
         }
     }
     /**
@@ -955,10 +726,10 @@ export class SessionManager {
     resolveToolApproval(session, approval, value) {
         const { isDeny, isAlwaysAllow, isApprovePattern } = this.decodeApprovalValue(value);
         if (isAlwaysAllow && !isDeny) {
-            this.saveAlwaysAllow(session.workingDir, approval.toolName, approval.toolInput);
+            this.approvalManager.saveAlwaysAllow(session.workingDir, approval.toolName, approval.toolInput);
         }
         if (isApprovePattern && !isDeny) {
-            this.savePatternApproval(session.workingDir, approval.toolName, approval.toolInput);
+            this.approvalManager.savePatternApproval(session.workingDir, approval.toolName, approval.toolInput);
         }
         console.log(`[tool-approval] resolving: allow=${!isDeny} always=${isAlwaysAllow} pattern=${isApprovePattern} tool=${approval.toolName}`);
         approval.resolve({ allow: !isDeny, always: isAlwaysAllow || isApprovePattern });
@@ -1002,10 +773,10 @@ export class SessionManager {
     sendControlResponseForRequest(session, pending, value) {
         const { isDeny, isAlwaysAllow, isApprovePattern } = this.decodeApprovalValue(value);
         if (isAlwaysAllow) {
-            this.saveAlwaysAllow(session.workingDir, pending.toolName, pending.toolInput);
+            this.approvalManager.saveAlwaysAllow(session.workingDir, pending.toolName, pending.toolInput);
         }
         if (isApprovePattern) {
-            this.savePatternApproval(session.workingDir, pending.toolName, pending.toolInput);
+            this.approvalManager.savePatternApproval(session.workingDir, pending.toolName, pending.toolInput);
         }
         const behavior = isDeny ? 'deny' : 'allow';
         session.claudeProcess.sendControlResponse(pending.requestId, behavior);
@@ -1132,16 +903,19 @@ export class SessionManager {
             this.broadcast(session, { type: 'claude_stopped' });
         }
     }
+    // ---------------------------------------------------------------------------
+    // Helpers
+    // ---------------------------------------------------------------------------
+    /** Check if an error result text matches a transient API error worth retrying. */
+    isRetryableApiError(text) {
+        return API_RETRY_PATTERNS.some((pattern) => pattern.test(text));
+    }
     /**
      * Build a condensed text summary of a session's conversation history.
      * Used as context when auto-starting Claude for sessions without a saved
      * Claude session ID (so the CLI can't resume from its own storage).
      * Caps output at ~4000 chars, keeping the most recent exchanges.
      */
-    /** Check if an error result text matches a transient API error worth retrying. */
-    isRetryableApiError(text) {
-        return API_RETRY_PATTERNS.some((pattern) => pattern.test(text));
-    }
     buildSessionContext(session) {
         const history = session.outputHistory;
         if (history.length === 0)
@@ -1310,163 +1084,6 @@ export class SessionManager {
             }
         }
     }
-    /** Return the auto-approved tools, commands, and patterns for a repo (workingDir). */
-    getApprovals(workingDir) {
-        const entry = this.repoApprovals.get(workingDir);
-        if (!entry)
-            return { tools: [], commands: [], patterns: [] };
-        return {
-            tools: Array.from(entry.tools).sort(),
-            commands: Array.from(entry.commands).sort(),
-            patterns: Array.from(entry.patterns).sort(),
-        };
-    }
-    /** Remove an auto-approval rule for a repo (workingDir) and persist to disk.
-     *  Returns 'invalid' if no tool/command provided, or boolean indicating if something was deleted.
-     *  Pass skipPersist=true for bulk operations (caller must call persistRepoApprovals after). */
-    removeApproval(workingDir, opts, skipPersist = false) {
-        const tool = typeof opts.tool === 'string' ? opts.tool.trim() : '';
-        const command = typeof opts.command === 'string' ? opts.command.trim() : '';
-        const pattern = typeof opts.pattern === 'string' ? opts.pattern.trim() : '';
-        if (!tool && !command && !pattern)
-            return 'invalid';
-        const entry = this.repoApprovals.get(workingDir);
-        if (!entry)
-            return false;
-        let removed = false;
-        if (tool)
-            removed = entry.tools.delete(tool) || removed;
-        if (command)
-            removed = entry.commands.delete(command) || removed;
-        if (pattern)
-            removed = entry.patterns.delete(pattern) || removed;
-        if (removed && !skipPersist)
-            this.persistRepoApprovals();
-        return removed;
-    }
-    /** Write all sessions to disk as JSON (atomic rename to prevent corruption). */
-    persistToDisk() {
-        const data = Array.from(this.sessions.values()).map((s) => ({
-            id: s.id,
-            name: s.name,
-            workingDir: s.workingDir,
-            groupDir: s.groupDir,
-            created: s.created,
-            source: s.source,
-            model: s.model,
-            claudeSessionId: s.claudeSessionId,
-            wasActive: s.claudeProcess?.isAlive() ?? false,
-            outputHistory: s.outputHistory,
-        }));
-        try {
-            mkdirSync(DATA_DIR, { recursive: true });
-            const tmp = SESSIONS_FILE + '.tmp';
-            writeFileSync(tmp, JSON.stringify(data, null, 2));
-            renameSync(tmp, SESSIONS_FILE);
-        }
-        catch (err) {
-            console.error('Failed to persist sessions:', err);
-        }
-    }
-    persistToDiskDebounced() {
-        if (this._persistTimer)
-            return;
-        this._persistTimer = setTimeout(() => {
-            this._persistTimer = null;
-            this.persistToDisk();
-        }, PERSIST_DEBOUNCE_MS);
-    }
-    /** Write repo-level approvals to disk (atomic rename). */
-    persistRepoApprovals() {
-        const data = {};
-        for (const [dir, entry] of this.repoApprovals) {
-            // Only persist non-empty entries
-            if (entry.tools.size > 0 || entry.commands.size > 0 || entry.patterns.size > 0) {
-                data[dir] = {
-                    tools: Array.from(entry.tools).sort(),
-                    commands: Array.from(entry.commands).sort(),
-                    patterns: Array.from(entry.patterns).sort(),
-                };
-            }
-        }
-        try {
-            mkdirSync(DATA_DIR, { recursive: true });
-            const tmp = REPO_APPROVALS_FILE + '.tmp';
-            writeFileSync(tmp, JSON.stringify(data, null, 2));
-            renameSync(tmp, REPO_APPROVALS_FILE);
-        }
-        catch (err) {
-            console.error('Failed to persist repo approvals:', err);
-        }
-    }
-    persistRepoApprovalsDebounced() {
-        if (this._approvalPersistTimer)
-            return;
-        this._approvalPersistTimer = setTimeout(() => {
-            this._approvalPersistTimer = null;
-            this.persistRepoApprovals();
-        }, PERSIST_DEBOUNCE_MS);
-    }
-    restoreFromDisk() {
-        if (!existsSync(SESSIONS_FILE))
-            return;
-        try {
-            const raw = readFileSync(SESSIONS_FILE, 'utf-8');
-            const data = JSON.parse(raw);
-            for (const s of data) {
-                const session = {
-                    id: s.id,
-                    name: s.name,
-                    workingDir: s.workingDir,
-                    groupDir: s.groupDir,
-                    created: s.created,
-                    source: s.source ?? 'manual',
-                    model: s.model,
-                    claudeProcess: null,
-                    clients: new Set(),
-                    outputHistory: s.outputHistory || [],
-                    // Restore claudeSessionId so Claude CLI resumes with full conversation
-                    // history from its own session storage (not just our 4000-char summary).
-                    claudeSessionId: s.claudeSessionId ?? null,
-                    restartCount: 0,
-                    lastRestartAt: null,
-                    _stoppedByUser: false,
-                    _stallTimer: null,
-                    _wasActiveBeforeRestart: s.wasActive ?? false,
-                    _apiRetryCount: 0,
-                    _turnCount: 99, // restored sessions already have a name
-                    _namingAttempts: 0,
-                    isProcessing: false,
-                    pendingControlRequests: new Map(),
-                    pendingToolApprovals: new Map(),
-                };
-                this.sessions.set(session.id, session);
-            }
-            console.log(`Restored ${data.length} session(s) from disk`);
-        }
-        catch (err) {
-            console.error('Failed to restore sessions from disk:', err);
-        }
-    }
-    restoreRepoApprovalsFromDisk() {
-        if (!existsSync(REPO_APPROVALS_FILE))
-            return;
-        try {
-            const raw = readFileSync(REPO_APPROVALS_FILE, 'utf-8');
-            const data = JSON.parse(raw);
-            for (const [dir, entry] of Object.entries(data)) {
-                this.repoApprovals.set(dir, {
-                    tools: new Set(entry.tools || []),
-                    commands: new Set(entry.commands || []),
-                    patterns: new Set(entry.patterns || []),
-                });
-            }
-            console.log(`Restored repo approvals for ${Object.keys(data).length} repo(s) from disk`);
-        }
-        catch (err) {
-            console.error('Failed to restore repo approvals from disk:', err);
-        }
-    }
     /**
      * Auto-restart Claude processes for sessions that were active before a server
      * restart. Each session is started with a staggered delay to avoid flooding.