create-walle 0.9.29 → 0.9.31

package/template/claude-task-manager/api-reviews.js

@@ -23,6 +23,56 @@ function isValidProjectPath(p) {
     return true;
   } catch { return false; }
 }
+// Resolve `filePath` within `project` and enforce containment AFTER following
+// symlinks. A lexical `resolved.startsWith(root + sep)` check is not enough: a
+// symlink that lives inside the repo can point at /etc/passwd (or ~/.ssh) and the
+// lexical path still looks in-bounds. realpath canonicalizes the link target, so
+// containment is checked against where the file ACTUALLY is.
+// Returns the safe absolute path to read, or null if it escapes the project.
+// A path that doesn't exist yet (ENOENT) can't be a symlink, so the lexical check
+// already guarantees safety — return it so the caller can produce its own 404.
+// Best-effort fallback when an html path doesn't resolve at the given root — e.g. a path
+// relative to the repo root while the session cwd is a subdir. Searches tracked + untracked
+// .html within the repo and returns the best suffix/basename match (stays inside the root).
+function findHtmlInRepo(root, relPath) {
+  try {
+    const { execFileSync } = require('child_process');
+    const want = String(relPath || '').replace(/^\.?\//, '');
+    const base = path.basename(want);
+    const out = execFileSync('git', ['ls-files', '-z', '--cached', '--others', '--exclude-standard', '*.html', '*.htm'],
+      { cwd: root, encoding: 'utf8', maxBuffer: 8 * 1024 * 1024 }).split('\0').filter(Boolean);
+    let hit = out.find(f => f === want || f.endsWith('/' + want));
+    if (!hit) hit = out.find(f => path.basename(f) === base);
+    return hit ? path.join(root, hit) : null;
+  } catch { return null; }
+}
+
+function htmlNotFoundPage(filePath) {
+  const safe = String(filePath || '').replace(/[&<>"]/g, c => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;' }[c]));
+  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>File not found</title>
+<style>body{font-family:-apple-system,system-ui,sans-serif;background:#1a1b26;color:#c0caf5;display:grid;place-items:center;height:100vh;margin:0}
+.box{text-align:center;max-width:34rem;padding:2rem}h1{font-size:1.1rem;color:#f7768e}code{background:rgba(122,162,247,.12);padding:.15rem .4rem;border-radius:4px;font-size:.85em;word-break:break-all}p{color:#8b94bd;line-height:1.6;font-size:.9rem}</style>
+</head><body><div class="box"><h1>File not found</h1>
+<p><code>${safe}</code> isn't in this checkout. It may live in a different worktree or branch than the one this session is running in.</p></div></body></html>`;
+}
+
+function resolveWithinProject(project, filePath) {
+  if (!project || typeof filePath !== 'string') return null;
+  const root = path.resolve(project);
+  const resolved = path.resolve(root, filePath);
+  if (resolved !== root && !resolved.startsWith(root + path.sep)) return null; // lexical ../ escape
+  let realRoot;
+  try { realRoot = fs.realpathSync(root); }
+  catch { return null; }
+  let realFile;
+  try { realFile = fs.realpathSync(resolved); }
+  catch (e) {
+    if (e && e.code === 'ENOENT') return resolved; // lexically in-bounds, not yet on disk
+    return null;
+  }
+  if (realFile !== realRoot && !realFile.startsWith(realRoot + path.sep)) return null; // symlink escape
+  return realFile;
+}
 function jsonResponse(res, code, data) {
   const body = JSON.stringify(data);
   res.writeHead(code, { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(body) });
@@ -364,9 +414,9 @@ function handleReviewApi(req, res, url) {
     const ext = path.extname(filePath).toLowerCase();
     const imageExts = { '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.svg': 'image/svg+xml', '.webp': 'image/webp', '.ico': 'image/x-icon', '.bmp': 'image/bmp' };
     if (!imageExts[ext]) return jsonResponse(res, 400, { error: 'Only image files are supported' });
-    // Prevent path traversal
-    const resolved = path.resolve(project, filePath);
-    if (!resolved.startsWith(path.resolve(project) + path.sep)) return jsonResponse(res, 403, { error: 'Invalid file path' });
+    // Prevent path traversal (incl. symlinks escaping the project — see resolveWithinProject)
+    const resolved = resolveWithinProject(project, filePath);
+    if (!resolved) return jsonResponse(res, 403, { error: 'Invalid file path' });
     try {
       const data = fs.readFileSync(resolved);
       res.writeHead(200, { 'Content-Type': imageExts[ext], 'Content-Length': data.length, 'Cache-Control': 'no-cache' });
@@ -462,6 +512,105 @@ function handleReviewApi(req, res, url) {
     return jsonResponse(res, 200, { prompt });
   }
 
+  // GET /api/reviews/documents?project=... — list reviewable markdown/text files in a
+  // project (powers the Review Hub "Documents" discovery column). Tracked + untracked-
+  // not-ignored, bounded, sorted most-recently-modified first.
+  if (p === '/api/reviews/documents' && m === 'GET') {
+    const project = url.searchParams.get('project');
+    if (!project) return jsonResponse(res, 400, { error: 'project required' });
+    if (!isValidProjectPath(project)) return jsonResponse(res, 403, { error: 'Invalid project path' });
+    try {
+      const { execFileSync } = require('child_process');
+      const root = path.resolve(project);
+      const globs = ['*.md', '*.markdown', '*.mdown', '*.txt'];
+      // -z → NUL-separated so paths with spaces/specials survive (no core.quotePath issues).
+      const run = (args) => {
+        try {
+          return execFileSync('git', args, { cwd: root, encoding: 'utf8', maxBuffer: 8 * 1024 * 1024 })
+            .split('\0').filter(Boolean);
+        } catch { return []; }
+      };
+      const set = new Set([
+        ...run(['ls-files', '-z', ...globs]),
+        ...run(['ls-files', '-z', '--others', '--exclude-standard', ...globs]),
+      ]);
+      let items = [...set].slice(0, 2000).map(rel => {
+        let mtime = 0;
+        try { mtime = fs.statSync(path.join(root, rel)).mtimeMs; } catch {}
+        return { path: rel, name: path.basename(rel), dir: path.dirname(rel), mtime };
+      });
+      items.sort((a, b) => b.mtime - a.mtime);
+      return jsonResponse(res, 200, { documents: items.slice(0, 300), total: set.size });
+    } catch (e) {
+      return jsonResponse(res, 500, { error: e.message });
+    }
+  }
+
+  // GET /api/reviews/serve-html?project=...&path=... — serve a project .html file so the
+  // file-router can open it in a new browser tab. Path-validated; no traversal outside project.
+  if (p === '/api/reviews/serve-html' && m === 'GET') {
+    const project = url.searchParams.get('project');
+    const filePath = url.searchParams.get('path');
+    if (!project || !filePath) return jsonResponse(res, 400, { error: 'project and path required' });
+    if (!isValidProjectPath(project)) return jsonResponse(res, 403, { error: 'Invalid project path' });
+    const ext = path.extname(filePath).toLowerCase();
+    if (ext !== '.html' && ext !== '.htm') return jsonResponse(res, 400, { error: 'Only .html files are supported' });
+    let resolved = resolveWithinProject(project, filePath);
+    if (!resolved) return jsonResponse(res, 403, { error: 'Invalid file path' });
+    // Fallback: the path may be relative to the repo root while the session cwd is a
+    // subdir/worktree — search the repo for the file before giving up.
+    if (!fs.existsSync(resolved)) {
+      const found = findHtmlInRepo(path.resolve(project), filePath);
+      if (found) resolved = found;
+    }
+    // Sandbox the served file: arbitrary repo HTML rendered on the CTM origin (which holds
+    // the auth cookie). A bare `sandbox` blocks scripting AND assigns an opaque origin, so it
+    // can't run JS, read CTM storage, or make cookie-authed calls — inline CSS/images still render.
+    const htmlHeaders = (len) => ({
+      'Content-Type': 'text/html; charset=utf-8',
+      'Content-Length': len,
+      'Cache-Control': 'no-cache',
+      'X-Content-Type-Options': 'nosniff',
+      'Content-Security-Policy': 'sandbox',
+    });
+    let data;
+    try { data = fs.readFileSync(resolved); }
+    catch {
+      // Friendly in-tab page instead of a scary "unreachable file" / bare text 404.
+      const body = Buffer.from(htmlNotFoundPage(filePath));
+      res.writeHead(404, htmlHeaders(body.length));
+      res.end(body);
+      return true;
+    }
+    res.writeHead(200, htmlHeaders(data.length));
+    res.end(data);
+    return true;
+  }
+
+  // POST /api/reviews/reveal {project, path} — reveal a project file in Finder (macOS
+  // `open -R`). Path-validated; best-effort (the file-router menu's "Reveal" action).
+  if (p === '/api/reviews/reveal' && m === 'POST') {
+    readBody(req).then(body => {
+      const project = String(body.project || '');
+      const filePath = String(body.path || '');
+      if (!project || !filePath) return jsonResponse(res, 400, { error: 'project and path required' });
+      if (!isValidProjectPath(project)) return jsonResponse(res, 403, { error: 'Invalid project path' });
+      const resolved = resolveWithinProject(project, filePath);
+      if (!resolved) return jsonResponse(res, 403, { error: 'Invalid file path' });
+      if (!fs.existsSync(resolved)) return jsonResponse(res, 404, { error: 'File not found' });
+      try {
+        const { execFile } = require('child_process');
+        const cmd = process.platform === 'darwin' ? 'open' : 'xdg-open';
+        const args = process.platform === 'darwin' ? ['-R', resolved] : [path.dirname(resolved)];
+        execFile(cmd, args, () => {});
+        jsonResponse(res, 200, { ok: true });
+      } catch (e) {
+        jsonResponse(res, 500, { error: e.message });
+      }
+    }).catch(e => jsonResponse(res, 400, { error: e.message }));
+    return true;
+  }
+
   return false; // Not handled
 }
 
@@ -508,4 +657,5 @@ module.exports = {
   _sanitizeReviewCommentInput: sanitizeReviewCommentInput,
   _sanitizeReviewCommentUpdate: sanitizeReviewCommentUpdate,
   _documentReview: documentReview,
+  _resolveWithinProject: resolveWithinProject,
 };

package/template/claude-task-manager/approval-agent.js

@@ -250,6 +250,24 @@ function getApproveKeystroke(context, options = {}) {
   return context.hasAllowAll ? '2' : '1';
 }
 
+// Fallback tool-name derivation when no tool header is recognized above the
+// prompt: read it from the durable grant option ("Yes, and don't ask again for
+// <X> commands in <dir>" / "Yes, allow reading from <dir>") so an unrecognized
+// tool is still targetable by a heuristic/learned rule instead of collapsing to
+// 'Unknown'. `lines` is the trimmed, non-empty line array; `proceedIdx` the
+// "Do you want to…?" line. Pure.
+function _toolNameFromDurableOption(lines, proceedIdx) {
+  for (let i = proceedIdx + 1; i < Math.min(proceedIdx + 8, lines.length); i++) {
+    const l = String(lines[i] || '');
+    const m = l.match(/don'?t ask again for\s+(.+?)\s+commands?\b/i);
+    if (m && m[1]) return m[1].trim();
+    if (/allow\s+reading\s+from\b/i.test(l)) return 'Read';
+    const a = l.match(/allow\s+all\s+(\w+)\b/i);
+    if (a && a[1]) return a[1].trim();
+  }
+  return '';
+}
+
 function _parseGenericApprovalContext(cleanText, providerId) {
   const lines = String(cleanText || '').split('\n').map(l => l.trim()).filter(Boolean);
   if (!lines.length) return null;
@@ -284,12 +302,16 @@ function _parseGenericApprovalContext(cleanText, providerId) {
   const contextLines = [];
   for (let i = proceedIdx - 1; i >= Math.max(0, proceedIdx - 30); i--) {
     const line = lines[i];
-    if (/^[⏺●]?\s*(Bash command|Bash|Edit|Write|Read|Glob|Grep|Fetch|WebFetch|NotebookEdit|TodoWrite|Agent|MCP)\b/i.test(line)) {
+    if (/^[⏺●]?\s*(Bash command|Bash|Edit|Write|Read|Glob|Grep|Fetch|WebFetch|Web ?Search|NotebookEdit|TodoWrite|Agent|MCP)\b/i.test(line)) {
       toolName = line.trim();
       break;
     }
     contextLines.unshift(line);
   }
+  if (toolName === 'Generic approval') {
+    const durable = _toolNameFromDurableOption(lines, proceedIdx);
+    if (durable) toolName = durable;
+  }
 
   const fullContext = lines.slice(Math.max(0, proceedIdx - 20), Math.min(lines.length, proceedIdx + 12)).join('\n');
   return {
@@ -373,7 +395,7 @@ function parseApprovalContext(cleanText, providerId) {
   for (let i = endIdx - 1; i >= Math.max(0, endIdx - 30); i--) {
     const line = lines[i];
     // Detect tool headers (Claude Code shows "Bash command", "⏺ Bash(...)", "Edit", etc.)
-    if (/^[⏺●]?\s*(Bash command|Bash|Edit|Write|Read|Glob|Grep|Fetch|WebFetch|NotebookEdit|TodoWrite|Agent)\b/.test(line)) {
+    if (/^[⏺●]?\s*(Bash command|Bash|Edit|Write|Read|Glob|Grep|Fetch|WebFetch|Web ?Search|NotebookEdit|TodoWrite|Agent)\b/.test(line)) {
       toolName = line.trim();
       break;
     }
@@ -403,6 +425,10 @@ function parseApprovalContext(cleanText, providerId) {
     if (fileOp) { toolName = fileOp.toolName; fileOpCommand = fileOp.command; }
   }
 
+  // Still no header → derive a name from the durable grant option so the tool is
+  // targetable instead of 'Unknown' (mirror of the claude-code provider path).
+  if (!toolName) toolName = _toolNameFromDurableOption(lines, proceedIdx);
+
   // Bash approvals render the command followed by one dimmed prose description
   // line; drop it from the command so titles/signatures stay command-shaped
   // (mirror of the claude-code provider parse path).
@@ -1150,8 +1176,14 @@ function reviewWithHeuristics(context) {
   // "mcp__…" / "(mcp)" command text.
   const isMcp = /^(?:plugin:|mcp__|mcp\b)/i.test(tool) || /\(mcp\)/i.test(cmd);
   if (isMcp) {
-    const readOnlyMcp = /\b(navigate(?:_back)?|snapshot|take_screenshot|screenshot|read|list|get|query|search|console_messages|network_requests?|wait_for|hover|tabs|resolve[-_ ]library[-_ ]id|get[-_ ]library[-_ ]docs|browser_snapshot|browser_navigate)\b/i;
-    const mutatingMcp = /\b(click|type|fill|drag|drop|file_upload|upload|run_code|evaluate|press_key|select_option|handle_dialog|write|create|delete|remove|update|send|post|install|deploy|exec)\b/i;
+    // Boundaries are `(?<![a-z0-9]) … (?![a-z0-9])` rather than `\b`: snake_case
+    // tool ids (mcp__server__get_thread) glue the verb to the noun with `_`, which
+    // IS a regex word char, so `\bget\b` never fired and every read-only snake_case
+    // MCP op (Gmail/Calendar/Drive/wall-e) fell through to the medium verifier path.
+    // The class treats `_`, `-`, space, `:`, and start/end as separators while still
+    // rejecting alnum-glued false positives (`get` in "target", `draft` in "drafts").
+    const readOnlyMcp = /(?<![a-z0-9])(navigate(?:_back)?|snapshot|take_screenshot|screenshot|read|list|get|query|search|fetch|download|find|view|suggest|stats|status|brief|ask|console_messages|network_requests?|wait_for|hover|tabs|resolve[-_ ]?library[-_ ]?id|get[-_ ]?library[-_ ]?docs|browser_snapshot|browser_navigate)(?![a-z0-9])/i;
+    const mutatingMcp = /(?<![a-z0-9])(click|type|fill|drag|drop|file_upload|upload|run_code|evaluate|press_key|select_option|handle_dialog|write|create|delete|remove|update|send|post|install|deploy|exec|label|unlabel|respond|copy|move|add|set|insert|draft|authenticate|complete|reconnect|ingest|rebuild|export|remember|put|patch)(?![a-z0-9])/i;
     if (readOnlyMcp.test(tool) && !mutatingMcp.test(tool)) {
       return { decision: 'approve', reasoning: 'Read-only MCP operation (heuristic)', riskLevel: 'low',
         ruleLabel: context.toolName || 'MCP read-only operation',
@@ -1169,7 +1201,7 @@ function reviewWithHeuristics(context) {
   // because Edit/Write diffs may contain code with "drop table" or "rm -rf" as
   // string literals — those are code content, not dangerous operations).
   const lowRisk = [
-    /^(read|glob|grep|webfetch|notebookedit)/, // Read-only tools
+    /^(read|glob|grep|webfetch|web ?search|notebookedit)/, // Read-only tools (incl. Web Search — read-only, no side effects, same tier as WebFetch)
     /^(edit|write)\b/, // Edit/Write to project files — normal dev workflow
   ];
   for (const re of lowRisk) {

package/template/claude-task-manager/db.js

@@ -813,6 +813,10 @@ function runtimeKernelSchemaSql() {
       ON ctm_runtime_events(ctm_session_id, turn_id, created_at_ms, id);
     CREATE INDEX IF NOT EXISTS idx_ctm_runtime_events_type
       ON ctm_runtime_events(event_type, created_at_ms);
+    -- Serves "latest event of a type for a session" (latestContextTruth's per-session token/compact
+    -- lookup) as an O(1) index seek instead of fetching+parsing the oldest 1000 events per poll.
+    CREATE INDEX IF NOT EXISTS idx_ctm_runtime_events_session_type
+      ON ctm_runtime_events(ctm_session_id, event_type, id);
 
     CREATE TABLE IF NOT EXISTS ctm_runtime_turns (
       ctm_session_id TEXT NOT NULL,
@@ -2505,6 +2509,34 @@ function migrateSchemaIfNeeded() {
       // Non-fatal: dropping a dormant cache table; the app runs fine if it lingers.
     }
   }
+  if (getSchemaVersion() < 11) {
+    try {
+      migrateToV11();
+    } catch (e) {
+      console.error('[db] Schema migration to v11 FAILED:', e.message);
+      console.error('[db] Stack:', e.stack);
+      // Non-fatal: the column only enables Claude Desktop → Code fork dedup; absent it,
+      // getForkForDesktopUuid simply returns null and conversion stays available.
+    }
+  }
+}
+
+/**
+ * Schema v11: link a converted Claude Desktop conversation to its resumable Claude Code
+ * fork. A read-only Desktop conversation can be snapshot-and-forked into a real Code session
+ * (see lib/claude-desktop-sessions.js materializeForkTranscript); we record the originating
+ * Desktop uuid on the fork's agent_sessions row so the same conversation is never offered for
+ * conversion twice — the sidebar shows "Resume fork" instead. Idempotent via PRAGMA pre-check.
+ */
+function migrateToV11() {
+  const d = getDb();
+  const cols = d.prepare('PRAGMA table_info(agent_sessions)').all();
+  if (!cols.find((c) => c.name === 'forked_from_desktop_uuid')) {
+    d.prepare("ALTER TABLE agent_sessions ADD COLUMN forked_from_desktop_uuid TEXT DEFAULT ''").run();
+  }
+  d.exec("CREATE INDEX IF NOT EXISTS idx_agent_forked_desktop ON agent_sessions(forked_from_desktop_uuid) WHERE forked_from_desktop_uuid != ''");
+  setSchemaVersion(11);
+  console.log('[db] Schema migrated to v11 (Claude Desktop fork linkage)');
 }
 
 /**
@@ -3168,6 +3200,7 @@ function createV1Tables() {
       parent_agent_session_id TEXT DEFAULT '',
       agent_nickname TEXT DEFAULT '',
       agent_role TEXT DEFAULT '',
+      forked_from_desktop_uuid TEXT DEFAULT '',
       created_at TEXT DEFAULT (datetime('now')),
       updated_at TEXT DEFAULT (datetime('now')),
       FOREIGN KEY (ctm_session_id) REFERENCES ctm_sessions(id) ON DELETE CASCADE
@@ -3189,6 +3222,7 @@ function createV1Tables() {
   d.exec('CREATE INDEX IF NOT EXISTS idx_agent_slug ON agent_sessions(slug)');
   d.exec('CREATE INDEX IF NOT EXISTS idx_agent_parent_session ON agent_sessions(parent_agent_session_id)');
   d.exec('CREATE INDEX IF NOT EXISTS idx_agent_thread_source ON agent_sessions(thread_source)');
+  d.exec("CREATE INDEX IF NOT EXISTS idx_agent_forked_desktop ON agent_sessions(forked_from_desktop_uuid) WHERE forked_from_desktop_uuid != ''");
 }
 
 // --- Settings CRUD ---
@@ -3596,6 +3630,32 @@ function listRuntimeEvents(ctmSessionId, { sinceId = 0, turnId = '', limit = 100
   return rows.map(_parseRuntimeEvent).filter(Boolean);
 }
 
+// Latest event whose event_type is one of `eventTypes` for a session — the highest id wins.
+// Backs latestContextTruth, which previously fetched + JSON-parsed the oldest 1000 events per
+// session per poll just to find the latest token_usage + latest compact (a 3.98s/4min on-main cost
+// in the live CPU profile, and wrong once a session exceeds 1000 events). One indexed DESC LIMIT 1
+// seek per type (idx_ctm_runtime_events_session_type) → O(1), parses at most one row per type.
+function latestRuntimeEventOfTypes(ctmSessionId, eventTypes, { turnId = '' } = {}) {
+  const cleanSessionId = String(ctmSessionId || '').trim();
+  if (!cleanSessionId || !Array.isArray(eventTypes) || eventTypes.length === 0) return null;
+  const cleanTurnId = String(turnId || '').trim();
+  const d = getDb();
+  let best = null;
+  for (const t of eventTypes) {
+    const et = String(t || '').trim();
+    if (!et) continue;
+    const row = cleanTurnId
+      ? d.prepare(
+          'SELECT * FROM ctm_runtime_events WHERE ctm_session_id = ? AND turn_id = ? AND event_type = ? ORDER BY id DESC LIMIT 1'
+        ).get(cleanSessionId, cleanTurnId, et)
+      : d.prepare(
+          'SELECT * FROM ctm_runtime_events WHERE ctm_session_id = ? AND event_type = ? ORDER BY id DESC LIMIT 1'
+        ).get(cleanSessionId, et);
+    if (row && (!best || Number(row.id) > Number(best.id))) best = row;
+  }
+  return best ? _parseRuntimeEvent(best) : null;
+}
+
 function _parseRuntimeTurn(row) {
   if (!row) return null;
   return {
@@ -4983,6 +5043,10 @@ function importSessionConversation({
   // render shape differs from `messages` (Wall-E persists review-shaped rows, not the raw transcript
   // blob shape). The metadata upsert + blob still happen so the freshness gate + legacy reads work.
   skipMessageRows,
+  // When true, write the real blob even under blob retirement so the session renders from the blob
+  // while content-rows-backfill fills rows across slices (chunked/cold-import route). Over-cap still
+  // wins — a multi-GB stringify is never safe regardless of this flag.
+  forceBlobWrite,
 }) {
   // Attribution: the whole import is one synchronous span — a JSON.stringify of
   // the full message array (multi-MB for 2000+ prompt sessions) + an upsert + a
@@ -5010,7 +5074,10 @@ function importSessionConversation({
   // the default), otherwise nulling the blob would blind every read; and the row
   // write below restores the real blob if it fails, so a session is never empty.
   const _retireBlob = _blobRetirementActive();
-  const _skipBlobWrite = _overParseCap || _retireBlob;
+  // forceBlobWrite (cold/large chunked-import route) writes the real blob even under retirement so
+  // the session renders from blob while content-rows-backfill fills rows across slices. Over-cap
+  // still wins (a multi-GB stringify is never safe).
+  const _skipBlobWrite = _overParseCap || (_retireBlob && !forceBlobWrite);
   if (_overParseCap && !_overCapImportLogged.has(session_id)) {
     _overCapImportLogged.add(session_id);
     console.warn(`[db] session_conversations import over parse cap (file_size=${file_size}) for ${String(session_id || '').slice(0, 8)} — storing empty blob, skipping full stringify/row-rewrite.`);
@@ -5032,7 +5099,8 @@ function importSessionConversation({
   const _prevEst = _importTokenEstimateLen.get(session_id);
   const _modelChanged = !_prevEst || _prevEst.model !== (model_id || '');
   const _grewEnough = !_prevEst || _reestimateDelta === 0 || (_msgLen - _prevEst.len) >= _reestimateDelta;
-  if (!_overParseCap && (_modelChanged || _grewEnough)) {
+  const _chunkedRoute = !!forceBlobWrite && !!skipMessageRows && !_overParseCap;
+  if (!_overParseCap && !_chunkedRoute && (_modelChanged || _grewEnough)) {
     try {
       const summary = require('./lib/session-token-usage').estimateFromMessages(messages || [], model_id || '');
       if (summary && summary.total > 0) {
@@ -5087,6 +5155,14 @@ function importSessionConversation({
       _tokTotal, _tokCtx, _tokWindow, _tokExact, _tokBreakdown
     );
 
+    // Chunked-import route: rows are written later by content-rows-backfill (in windows). Stamp the
+    // render-gate HWM now so findUnbackfilledSessions (extracted_source_len>0 AND rows<len) adopts
+    // this session; appendSessionMessageRowsChunk re-stamps the same value idempotently on completion.
+    if (_chunkedRoute) {
+      try { _setExtractedSourceLen(getDb(), session_id, _msgLen, _lastMessageAt); }
+      catch (e) { console.error('[db] chunked-import source-len stamp failed:', e.message); }
+    }
+
     // Keep message-level search/review surfaces in lockstep with the durable
     // conversation cache. The older one-shot backfill path intentionally skips
     // sessions that already have rows, which made long-running imported Codex
@@ -7886,6 +7962,9 @@ function replaceSessionMessages(sessionId, messages) {
 // transcript timestamp is available, advance last_message_at without allowing
 // partial rewrites or compacted sources to move activity backward.
 function _setExtractedSourceLen(d, ctmSessionId, sourceLen, lastMessageAt = '') {
+  // Any row write reaches here to advance the watermark — drop the cached rows-available verdict so
+  // sessionContentRowsAvailable re-COUNTs once against the new state (covers same-watermark mutations).
+  _invalidateRowsAvailCache(ctmSessionId);
   try {
     d.prepare('UPDATE session_conversations SET extracted_source_len = ? WHERE ctm_session_id = ?')
       .run(Number(sourceLen) || 0, ctmSessionId);
@@ -8221,8 +8300,10 @@ function appendSessionConversation({
 function getSessionMessagesArray(sessionId, { fallbackToBlob = true } = {}) {
   const d = getDb();
   if (_tableExists('session_message_rows')) {
-    const rows = d.prepare('SELECT role, text, timestamp, meta FROM session_message_rows WHERE ctm_session_id = ? ORDER BY message_index ASC').all(sessionId);
-    if (rows.length) return rows.map(_messageRowToObject);
+    // Delegate the SELECT + row→object map to the shared lib so this row read is byte-identical
+    // to the read-pool worker's off-thread getSessionMessagesArray op (parity by construction).
+    const rows = require('./lib/session-messages-page').getMessagesArray(d, { sessionId });
+    if (rows.length) return rows;
   }
   if (fallbackToBlob) {
     try {
@@ -8236,16 +8317,40 @@ function getSessionMessagesArray(sessionId, { fallbackToBlob = true } = {}) {
 // True only when the faithful rows can serve this session: present AND fully backfilled
 // (row count covers the conversation's extracted length). A half-migrated session returns
 // false → the caller uses the complete blob/JSONL path.
+// Watermark-keyed cache of the "rows fully cover the conversation" verdict. sessionContentRowsAvailable
+// is on MANY hot/periodic main-loop paths — most heavily the per-codex-session snapshot serialize
+// (_serializeSessionSnapshot → _codexRolloutHistoryActive → _codexRowLookupId), plus the
+// apiSessionMessages gate, attach, and exit — and each call ran an O(rows) COUNT(*) that cold-page
+// faults for seconds (the `(unknown)` cpu-low apiSessionMessages/snapshot freeze on the primary).
+// The gate is `cnt >= expected` where expected = extracted_source_len (the import high-water mark).
+// Rows only grow and `expected` advances only as import progresses, so a TRUE verdict stays true
+// while `expected` is unchanged. Cache ONLY true verdicts keyed on `expected`: a key match means
+// cnt was already ≥ this watermark and (rows-only-grow) still is — skip the COUNT(*). A false/
+// half-migrated verdict is NOT cached (it must be re-checked so a just-completed migration is
+// picked up). Row writes invalidate the entry (belt-and-suspenders for a same-watermark row
+// mutation). CTM_ROWS_AVAIL_CACHE=0 disables.
+const _rowsAvailCache = new Map(); // ctm_session_id -> expected (watermark at which it was TRUE)
+function _invalidateRowsAvailCache(sessionId) { _rowsAvailCache.delete(String(sessionId || '')); }
 function sessionContentRowsAvailable(sessionId) {
   try {
     const d = getDb();
     if (!_tableExists('session_message_rows')) return false;
-    const cnt = Number(d.prepare('SELECT COUNT(*) AS n FROM session_message_rows WHERE ctm_session_id = ?').get(sessionId).n);
-    if (cnt === 0) return false;
+    // Cheap watermark read first (single non-blob column); also lets us skip the COUNT entirely for
+    // sessions with no HWM (always false under the old logic too).
     const conv = d.prepare('SELECT extracted_source_len FROM session_conversations WHERE ctm_session_id = ?').get(sessionId);
     const expected = conv ? Number(conv.extracted_source_len) : 0;
-    if (!(expected > 0) || cnt < expected) return false; // unknown HWM or half-migrated → blob path
-    return true;
+    if (!(expected > 0)) { _invalidateRowsAvailCache(sessionId); return false; } // unknown HWM → blob path
+    const cacheOn = process.env.CTM_ROWS_AVAIL_CACHE !== '0';
+    if (cacheOn && _rowsAvailCache.get(sessionId) === expected) return true; // TRUE@expected still holds (rows only grow)
+    const cnt = Number(d.prepare('SELECT COUNT(*) AS n FROM session_message_rows WHERE ctm_session_id = ?').get(sessionId).n);
+    const available = cnt > 0 && cnt >= expected; // unknown HWM or half-migrated → blob path
+    if (available && cacheOn) {
+      _rowsAvailCache.set(sessionId, expected);
+      if (_rowsAvailCache.size > 1024) { const k = _rowsAvailCache.keys().next().value; _rowsAvailCache.delete(k); }
+    } else {
+      _invalidateRowsAvailCache(sessionId);
+    }
+    return available;
   } catch { return false; }
 }
 
@@ -8403,9 +8508,28 @@ function _messageFreshnessStatsForId(id, { userOnly = false } = {}) {
   const d = getDb();
   const bindId = String(id);
   const whereRole = userOnly ? " AND role = 'user'" : '';
-  const readStats = (table) => d.prepare(
+  // The all-message session_message_rows store is DENSE — every message is a row at its array index
+  // (replaceSessionMessageRows / appendSessionMessageRowsChunk write message_index = i contiguously
+  // from 0, an invariant the row write paths already rely on), so COUNT(*) === MAX(message_index)+1.
+  // The per-poll COUNT(*) over a giant (14k-19k-row) session was a 5.25s/4min on-main cost in the
+  // live CPU profile; the query already computes MAX (an O(1) index seek), so deriving rows from it
+  // drops the only O(rows) term with NO schema or write-path change — strictly better than a
+  // maintained counter (no cross-thread drift). Equivalent as a change-detector: maxIndex moves on
+  // every append, and the store is append-only / full-replace (no mid-array deletes), so maxIndex+1
+  // changes exactly when the message set does. User-only rows are SPARSE (no density) and the legacy
+  // session_messages store isn't guaranteed dense, so both keep the exact COUNT(*).
+  const countStats = (table) => d.prepare(
     `SELECT COALESCE(MAX(message_index), -1) AS maxIndex, COUNT(*) AS rows FROM ${table} WHERE ctm_session_id = ?${whereRole}`
   ).get(bindId);
+  const denseStats = (table) => {
+    const r = d.prepare(
+      `SELECT COALESCE(MAX(message_index), -1) AS maxIndex FROM ${table} WHERE ctm_session_id = ?`
+    ).get(bindId);
+    const maxIndex = Number(r && r.maxIndex != null ? r.maxIndex : -1);
+    return { maxIndex, rows: maxIndex + 1 };
+  };
+  const readStats = (table) =>
+    (!userOnly && table === 'session_message_rows') ? denseStats(table) : countStats(table);
 
   // The row store is the default read source, but migration and tests can leave
   // some sessions present only in the legacy filtered index. Pick per session
@@ -9383,14 +9507,15 @@ function upsertAgentSessionIdentity(agentSessionId, data = {}) {
     parent_agent_session_id: lineage.parent_agent_session_id,
     agent_nickname: lineage.agent_nickname,
     agent_role: lineage.agent_role,
+    forked_from_desktop_uuid: data.forkedFromDesktopUuid || data.forked_from_desktop_uuid || '',
   };
   d.prepare(`
     INSERT INTO agent_sessions (agent_session_id, ctm_session_id, provider, provider_resume_id, project_path, jsonl_path,
       first_message, file_size, modified_at, hostname, model, git_branch, user_msg_count, slug,
-      thread_source, parent_agent_session_id, agent_nickname, agent_role)
+      thread_source, parent_agent_session_id, agent_nickname, agent_role, forked_from_desktop_uuid)
     VALUES (@agent_session_id, @ctm_session_id, @provider, @provider_resume_id, @project_path, @jsonl_path,
       @first_message, @file_size, @modified_at, @hostname, @model, @git_branch, @user_msg_count, @slug,
-      @thread_source, @parent_agent_session_id, @agent_nickname, @agent_role)
+      @thread_source, @parent_agent_session_id, @agent_nickname, @agent_role, @forked_from_desktop_uuid)
     ON CONFLICT(agent_session_id) DO UPDATE SET
       ctm_session_id = COALESCE(agent_sessions.ctm_session_id, excluded.ctm_session_id),
       provider = COALESCE(NULLIF(excluded.provider, ''), agent_sessions.provider),
@@ -9409,10 +9534,40 @@ function upsertAgentSessionIdentity(agentSessionId, data = {}) {
       parent_agent_session_id = COALESCE(NULLIF(excluded.parent_agent_session_id, ''), agent_sessions.parent_agent_session_id),
       agent_nickname = COALESCE(NULLIF(excluded.agent_nickname, ''), agent_sessions.agent_nickname),
       agent_role = COALESCE(NULLIF(excluded.agent_role, ''), agent_sessions.agent_role),
+      forked_from_desktop_uuid = COALESCE(NULLIF(excluded.forked_from_desktop_uuid, ''), agent_sessions.forked_from_desktop_uuid),
       updated_at = datetime('now')
   `).run(params);
 }
 
+/**
+ * Look up the Claude Code fork that was created from a given Claude Desktop conversation.
+ * Returns the fork's agent_sessions row ({ agent_session_id, jsonl_path, ctm_session_id })
+ * or null when the conversation has never been converted. Callers verify the fork still
+ * exists (row + jsonl file) before treating the conversation as already-converted; a deleted
+ * fork should re-offer conversion. Anchored on the stable Desktop uuid so a re-scan of the
+ * Desktop cache never mints a duplicate fork.
+ */
+function getForkForDesktopUuid(desktopUuid) {
+  const id = String(desktopUuid || '').trim();
+  if (!id) return null;
+  return getDb().prepare(
+    'SELECT agent_session_id, jsonl_path, ctm_session_id FROM agent_sessions WHERE forked_from_desktop_uuid = ? LIMIT 1'
+  ).get(id) || null;
+}
+
+/**
+ * List every Claude Code fork created from a Claude Desktop conversation, keyed by the
+ * originating Desktop uuid. The client fetches this to decide, per Desktop conversation,
+ * whether to offer "Convert" or "Resume fork". Callers verify the transcript still exists
+ * before trusting the link (a deleted fork should re-offer conversion).
+ */
+function listDesktopForks() {
+  return getDb().prepare(
+    "SELECT forked_from_desktop_uuid AS desktopUuid, agent_session_id AS forkSessionId, jsonl_path AS jsonlPath, project_path AS projectPath " +
+    "FROM agent_sessions WHERE forked_from_desktop_uuid != ''"
+  ).all();
+}
+
 function setSessionStar(id, starred) {
   // Try ctm_sessions first
   const result = getDb().prepare("UPDATE ctm_sessions SET starred = ?, updated_at = datetime('now') WHERE id = ?")
@@ -10249,7 +10404,7 @@ module.exports = {
   getStorageRisk,
   getSqliteDriverStatus,
   ensureRuntimeKernelTables,
-  appendRuntimeEvent, listRuntimeEvents,
+  appendRuntimeEvent, listRuntimeEvents, latestRuntimeEventOfTypes,
   upsertRuntimeTurn, getRuntimeTurn, listRuntimeTurns,
   upsertRuntimeInputEnvelope, updateRuntimeInputEnvelope, getRuntimeInputEnvelope, listRuntimeInputEnvelopes,
   upsertRuntimeRouteSnapshot, getLatestRuntimeRouteSnapshot,
@@ -10318,7 +10473,7 @@ module.exports = {
   setSessionTitleNew, setSessionTitleStatusNew, getSessionTitleNew, getSessionTitlesByIds, getSessionDisplayTitleInfo, isUserSessionTitleCandidate, promoteStartupTaskTitleIfUserNamed, repairSessionTitlesFromStartupTasks, getAllSessionsData,
   repairCodexSessionMetadataFromConversations, repairCodexRolloutAgentIdentities, detachPromotedProviderChildSessions,
   listProviderChildAgentOwnerMappings,
-  getAgentSessions, getAgentSession, deleteCtmSession,
+  getAgentSessions, getAgentSession, getForkForDesktopUuid, listDesktopForks, deleteCtmSession,
   // Schema version
   getSchemaVersion,
 };