deckide 3.5.40 → 3.5.42

package/dist/config.js

@@ -35,6 +35,34 @@ export const MAX_FILE_SIZE = parseIntEnv(process.env.MAX_FILE_SIZE, 10 * 1024 *
 export const TERMINAL_BUFFER_LIMIT = parseIntEnv(process.env.TERMINAL_BUFFER_LIMIT, 500_000);
 export const MAX_REQUEST_BODY_SIZE = parseIntEnv(process.env.MAX_REQUEST_BODY_SIZE, 1024 * 1024); // 1MB default
 export const TRUST_PROXY = process.env.TRUST_PROXY === 'true'; // Only trust proxy headers if explicitly enabled
+// --- Agent browser WebRTC streaming (A1: direct Xvfb capture → ffmpeg → werift) ---
+// Master switch. 'false' (default) keeps the JPEG screencast path and never even
+// imports werift. 'true'/'auto' advertise the WebRTC capability; the client still
+// falls back to JPEG on any failure.
+const webrtcFlag = (process.env.AGENT_BROWSER_WEBRTC || 'false').toLowerCase();
+export const AGENT_BROWSER_WEBRTC = webrtcFlag === 'true' || webrtcFlag === 'auto';
+// Video codec for the encoded stream. Only 'vp8' is wired today; 'vp9'/'h264'
+// are accepted for forward-compat and validated in the relay.
+export const AGENT_BROWSER_WEBRTC_CODEC = (process.env.AGENT_BROWSER_WEBRTC_CODEC || 'vp8').toLowerCase();
+// Target video bitrate passed to the encoder (ffmpeg -b:v syntax, e.g. '3M').
+export const AGENT_BROWSER_WEBRTC_BITRATE = process.env.AGENT_BROWSER_WEBRTC_BITRATE || '3M';
+export const AGENT_BROWSER_WEBRTC_FPS = parseIntEnv(process.env.AGENT_BROWSER_WEBRTC_FPS, 30);
+// Optional explicit X display to capture (e.g. ':99'). When unset the relay
+// discovers it from the running Chrome process environment.
+export const AGENT_BROWSER_DISPLAY = process.env.AGENT_BROWSER_DISPLAY || '';
+// Optional ICE servers as JSON (e.g. '[{"urls":"stun:stun.l.google.com:19302"}]').
+// Empty = host candidates only, which is correct for same-host / LAN.
+export const AGENT_BROWSER_WEBRTC_ICE_SERVERS = process.env.AGENT_BROWSER_WEBRTC_ICE_SERVERS || '';
+// --- Shared-browser maintenance ---
+// CDP port the shared agent browser listens on (must match agent-browser's).
+export const AGENT_BROWSER_CDP_PORT = parseIntEnv(process.env.AGENT_BROWSER_CDP_PORT, 9222);
+// Reap leaked chrome-devtools-mcp server stacks when one agent accumulates too
+// many (the observed leak). On by default; set 'false' to disable.
+export const AGENT_BROWSER_REAP_MCP = (process.env.AGENT_BROWSER_REAP_MCP || 'true').toLowerCase() !== 'false';
+// Max chrome-devtools-mcp stacks a single agent may keep before old extras are reaped.
+export const AGENT_BROWSER_MAX_MCP_PER_AGENT = parseIntEnv(process.env.AGENT_BROWSER_MAX_MCP_PER_AGENT, 3);
+// Extra stacks must be older than this before being reaped (spares restart bursts).
+export const AGENT_BROWSER_MCP_IDLE_MS = parseIntEnv(process.env.AGENT_BROWSER_MCP_IDLE_MS, 600_000);
 // Flat structure: dist/ and web/dist/ are siblings at project root
 export const distDir = path.resolve(__dirname, '..', 'web', 'dist');
 export const hasStatic = fsSync.existsSync(distDir);

package/dist/routes/codeserver.js

@@ -0,0 +1,79 @@
+import { Hono } from 'hono';
+// Hop-by-hop / encoding headers that must not be forwarded verbatim. undici's
+// fetch already decompresses the body, so leaving content-encoding/length on the
+// response would make the browser try to decompress decoded bytes.
+const STRIP_RESPONSE_HEADERS = ['content-encoding', 'content-length', 'transfer-encoding', 'connection'];
+async function proxy(c, codeServer) {
+    const wsId = c.req.param('wsId');
+    if (!wsId) {
+        return c.json({ error: 'workspace id required' }, 400);
+    }
+    let port;
+    try {
+        port = await codeServer.ensure(wsId);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return c.json({ error: message }, 503);
+    }
+    const url = new URL(c.req.url);
+    const prefix = `/codeserver/${wsId}`;
+    let upstreamPath = url.pathname.slice(prefix.length) || '/';
+    if (!upstreamPath.startsWith('/')) {
+        upstreamPath = `/${upstreamPath}`;
+    }
+    const target = `http://127.0.0.1:${port}${upstreamPath}${url.search}`;
+    const headers = new Headers(c.req.raw.headers);
+    headers.set('host', `127.0.0.1:${port}`);
+    // Ask code-server not to compress; we re-stream the body raw.
+    headers.set('accept-encoding', 'identity');
+    const method = c.req.method;
+    const init = {
+        method,
+        headers,
+        redirect: 'manual',
+    };
+    if (method !== 'GET' && method !== 'HEAD') {
+        init.body = c.req.raw.body;
+        init.duplex = 'half';
+    }
+    let upstream;
+    try {
+        upstream = await fetch(target, init);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        return c.json({ error: `code-server proxy failed: ${message}` }, 502);
+    }
+    const respHeaders = new Headers(upstream.headers);
+    for (const name of STRIP_RESPONSE_HEADERS) {
+        respHeaders.delete(name);
+    }
+    // Let code-server's service worker claim the whole subpath scope.
+    respHeaders.set('service-worker-allowed', `/codeserver/${wsId}/`);
+    return new Response(upstream.body, {
+        status: upstream.status,
+        statusText: upstream.statusText,
+        headers: respHeaders,
+    });
+}
+export function createCodeServerRouter(codeServer) {
+    const router = new Hono();
+    // Capability/status (must be registered before the :wsId catch-all).
+    router.get('/status', async (c) => {
+        const wsId = c.req.query('wsId') || undefined;
+        return c.json(await codeServer.getStatus(wsId));
+    });
+    router.post('/stop', async (c) => {
+        const wsId = c.req.query('wsId');
+        if (wsId) {
+            await codeServer.stop(wsId);
+        }
+        return c.json(await codeServer.getStatus(wsId || undefined));
+    });
+    // Reverse-proxy everything else under /codeserver/:wsId/* to that workspace's
+    // code-server instance (prefix stripped).
+    router.all('/:wsId/*', (c) => proxy(c, codeServer));
+    router.all('/:wsId', (c) => proxy(c, codeServer));
+    return router;
+}

package/dist/routes/files.js

@@ -186,6 +186,78 @@ export function createFileRouter(workspaces) {
             return handleError(c, error);
         }
     });
+    // Move / rename a file or directory within the workspace (Drive UI).
+    router.post('/move', async (c) => {
+        try {
+            const body = await readJson(c);
+            const workspaceId = body?.workspaceId;
+            if (!workspaceId) {
+                throw createHttpError('workspaceId is required', 400);
+            }
+            if (!body?.from || !body?.to) {
+                throw createHttpError('from and to are required', 400);
+            }
+            const workspace = requireWorkspace(workspaces, workspaceId);
+            const fromPath = await resolveSafePath(workspace.path, body.from);
+            const toPath = await resolveSafePath(workspace.path, body.to);
+            // Source must exist (throws ENOENT otherwise).
+            await fs.stat(fromPath);
+            // No-clobber unless the caller explicitly opts in.
+            if (!body.overwrite) {
+                try {
+                    await fs.access(toPath);
+                    throw createHttpError('Destination already exists', 409);
+                }
+                catch (err) {
+                    if (err.code !== 'ENOENT') {
+                        throw err;
+                    }
+                }
+            }
+            await fs.mkdir(path.dirname(toPath), { recursive: true });
+            await fs.rename(fromPath, toPath);
+            return c.json({ from: body.from, to: body.to, moved: true });
+        }
+        catch (error) {
+            return handleError(c, error);
+        }
+    });
+    // Upload one or more files into a workspace directory (multipart form). The
+    // form field `file` may repeat. Filenames are reduced to their basename so an
+    // upload can never escape the target directory.
+    router.post('/upload', async (c) => {
+        try {
+            const form = await c.req.parseBody({ all: true });
+            const workspaceId = typeof form.workspaceId === 'string' ? form.workspaceId : undefined;
+            if (!workspaceId) {
+                throw createHttpError('workspaceId is required', 400);
+            }
+            const dir = typeof form.path === 'string' ? form.path : '';
+            const workspace = requireWorkspace(workspaces, workspaceId);
+            const field = form.file;
+            const files = (Array.isArray(field) ? field : [field]).filter((item) => item instanceof File);
+            if (files.length === 0) {
+                throw createHttpError('no files provided', 400);
+            }
+            const uploaded = [];
+            for (const file of files) {
+                if (file.size > MAX_FILE_SIZE) {
+                    throw createHttpError(`File too large: ${file.name} (${Math.round(file.size / 1024 / 1024)}MB). Maximum is ${Math.round(MAX_FILE_SIZE / 1024 / 1024)}MB.`, 413);
+                }
+                const safeName = path.basename(file.name);
+                const rel = dir ? `${dir}/${safeName}` : safeName;
+                const target = await resolveSafePath(workspace.path, rel);
+                await fs.mkdir(path.dirname(target), { recursive: true });
+                const buffer = Buffer.from(await file.arrayBuffer());
+                await fs.writeFile(target, buffer);
+                uploaded.push(rel);
+            }
+            return c.json({ uploaded });
+        }
+        catch (error) {
+            return handleError(c, error);
+        }
+    });
     // Delete directory
     router.delete('/dir', async (c) => {
         try {

package/dist/server.js

@@ -7,7 +7,7 @@ import { serve } from '@hono/node-server';
 import { serveStatic } from '@hono/node-server/serve-static';
 import { bodyLimit } from 'hono/body-limit';
 import { DatabaseSync } from 'node:sqlite';
-import { PORT, HOST, NODE_ENV, BASIC_AUTH_USER, BASIC_AUTH_PASSWORD, CORS_ORIGIN, MAX_FILE_SIZE, MAX_REQUEST_BODY_SIZE, TRUST_PROXY, hasStatic, distDir, dbPath, } from './config.js';
+import { PORT, HOST, NODE_ENV, BASIC_AUTH_USER, BASIC_AUTH_PASSWORD, CORS_ORIGIN, MAX_FILE_SIZE, MAX_REQUEST_BODY_SIZE, TRUST_PROXY, hasStatic, distDir, dbPath, AGENT_BROWSER_REAP_MCP, AGENT_BROWSER_CDP_PORT, AGENT_BROWSER_MAX_MCP_PER_AGENT, AGENT_BROWSER_MCP_IDLE_MS, } from './config.js';
 import { securityHeaders } from './middleware/security.js';
 import { corsMiddleware } from './middleware/cors.js';
 import { basicAuthMiddleware, generateWsToken, isBasicAuthEnabled } from './middleware/auth.js';
@@ -20,7 +20,10 @@ import { createGitRouter } from './routes/git.js';
 import { createSettingsRouter } from './routes/settings.js';
 import { createMcpRouter } from './routes/mcp.js';
 import { createBrowserRouter } from './routes/browser.js';
+import { createCodeServerRouter } from './routes/codeserver.js';
 import { AgentBrowserService } from './utils/agent-browser.js';
+import { CodeServerService } from './utils/code-server.js';
+import { startMcpReaper } from './utils/browser-maintenance.js';
 import { setupWebSocketServer, getConnectionLimit, setConnectionLimit, getConnectionStats, clearAllConnections, } from './websocket.js';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 // Request ID and logging middleware
@@ -51,6 +54,7 @@ export async function createServer() {
     const decks = new Map();
     const terminals = new Map();
     const browserService = new AgentBrowserService();
+    const codeServerService = new CodeServerService(workspaces);
     // 共有ブラウザを起動時から常駐させ、BrowserPane を開いていなくても
     // Codex/Claude の chrome MCP（--browserUrl 127.0.0.1:9222）が常に使えるようにする。
     // 失敗してもサーバ起動は継続（Chrome 未導入の環境などを考慮）。AGENT_BROWSER_AUTOSTART=false で無効化可。
@@ -59,6 +63,17 @@ export async function createServer() {
             console.error('[browser] 共有ブラウザの自動起動に失敗:', err instanceof Error ? err.message : err);
         });
     }
+    // Periodically reap leaked chrome-devtools-mcp servers (agents spawn one per
+    // session against our CDP port and can leave them disconnected — wedging the
+    // agent's chrome tools and leaking GBs). Safe: only disconnected + idle ones.
+    const stopMcpReaper = AGENT_BROWSER_REAP_MCP
+        ? startMcpReaper({
+            cdpPort: AGENT_BROWSER_CDP_PORT,
+            maxPerAgent: AGENT_BROWSER_MAX_MCP_PER_AGENT,
+            idleMs: AGENT_BROWSER_MCP_IDLE_MS,
+            intervalMs: 120_000,
+        })
+        : null;
     loadPersistedState(db, workspaces, workspacePathIndex, decks);
     // Create Hono app
     const app = new Hono();
@@ -80,6 +95,8 @@ export async function createServer() {
     if (basicAuthMiddleware) {
         app.use('/api/*', basicAuthMiddleware);
         app.use('/oauth/authorize', basicAuthMiddleware);
+        // code-server runs with --auth none; this same-origin proxy is the gate.
+        app.use('/codeserver/*', basicAuthMiddleware);
     }
     app.get('/health', (c) => c.json({ status: 'ok', timestamp: new Date().toISOString(), uptime: process.uptime() }));
     // Mount routers
@@ -90,6 +107,7 @@ export async function createServer() {
     app.route('/api/terminals', terminalRouter);
     app.route('/api/git', createGitRouter(workspaces));
     app.route('/api/browser', createBrowserRouter(browserService));
+    app.route('/codeserver', createCodeServerRouter(codeServerService));
     app.get('/api/config', getConfigHandler());
     app.get('/api/ws-token', (c) => c.json({ token: generateWsToken(), authEnabled: isBasicAuthEnabled() }));
     app.get('/api/ws/stats', (c) => c.json({ limit: getConnectionLimit(), connections: getConnectionStats() }));
@@ -122,7 +140,7 @@ export async function createServer() {
         });
     }
     const server = serve({ fetch: app.fetch, port: PORT, hostname: HOST });
-    setupWebSocketServer(server, terminals, browserService);
+    setupWebSocketServer(server, terminals, browserService, codeServerService);
     server.on('listening', () => {
         const baseUrl = `http://localhost:${PORT}`;
         console.log(`Deck IDE server listening on ${baseUrl}`);
@@ -157,7 +175,9 @@ export async function createServer() {
                 session.kill();
             });
             terminals.clear();
+            stopMcpReaper?.();
             await browserService.stop();
+            await codeServerService.stopAll();
             try {
                 db.close();
             }

package/dist/utils/agent-browser.js

@@ -5,6 +5,7 @@ import os from 'node:os';
 import path from 'node:path';
 import { WebSocket } from 'ws';
 import { BrowserAudioRelay } from './browser-audio.js';
+import { BrowserWebRtcRelay } from './browser-webrtc.js';
 const DEFAULT_PROFILE_DIR = path.join(os.homedir(), '.local', 'share', 'agent-browser', 'profile');
 const DEFAULT_OUTPUT_DIR = path.join(os.homedir(), '.local', 'share', 'agent-browser', 'output');
 const START_TIMEOUT_MS = 30_000;
@@ -320,6 +321,9 @@ export class AgentBrowserService {
     viewport = { ...DEFAULT_VIEWPORT };
     lastError;
     audioRelay = new BrowserAudioRelay();
+    // A1 WebRTC video path (direct Xvfb capture → ffmpeg → werift). Constructed
+    // always, but inert until AGENT_BROWSER_WEBRTC is enabled and a client connects.
+    webrtcRelay = new BrowserWebRtcRelay(this);
     profileDir = process.env.AGENT_BROWSER_PROFILE_DIR || DEFAULT_PROFILE_DIR;
     outputDir = process.env.AGENT_BROWSER_OUTPUT_DIR || DEFAULT_OUTPUT_DIR;
     async getStatus() {
@@ -336,6 +340,7 @@ export class AgentBrowserService {
             tabs: [...this.tabs.values()].map((tab) => ({ ...tab })),
             activeTabId: this.activeTargetId,
             audio: await this.audioRelay.getStatus(),
+            webrtc: await this.webrtcRelay.getStatus(),
             error: this.lastError,
         };
     }
@@ -421,6 +426,7 @@ export class AgentBrowserService {
         }
         this.closeLogStream();
         await this.audioRelay.stop();
+        await this.webrtcRelay.stop();
         await this.broadcastStatus();
     }
     attachWebSocket(socket) {
@@ -442,6 +448,38 @@ export class AgentBrowserService {
     attachAudioWebSocket(socket) {
         this.audioRelay.attachWebSocket(socket);
     }
+    attachWebRtcWebSocket(socket) {
+        this.webrtcRelay.attachWebSocket(socket);
+    }
+    // --- WebRtcHost: capabilities the WebRTC relay needs from the browser ---
+    isBrowserRunning() {
+        return this.isRunning();
+    }
+    // Position+size the active tab's OS window on the X display. No window manager
+    // runs under Xvfb, so 'maximized'/'fullscreen' window states are unreliable —
+    // explicit normal bounds are not.
+    async setActiveWindowBounds(left, top, width, height) {
+        if (!this.activeTargetId) {
+            return;
+        }
+        await this.connectBrowserCdp();
+        const cdp = this.browserCdp;
+        if (!cdp) {
+            return;
+        }
+        const win = await cdp
+            .send('Browser.getWindowForTarget', { targetId: this.activeTargetId })
+            .catch(() => null);
+        if (!win || typeof win.windowId !== 'number') {
+            return;
+        }
+        await cdp
+            .send('Browser.setWindowBounds', {
+            windowId: win.windowId,
+            bounds: { left, top, width, height, windowState: 'normal' },
+        })
+            .catch(() => undefined);
+    }
     async navigate(input) {
         const url = normalizeBrowserUrl(input);
         await this.start();
@@ -554,6 +592,13 @@ export class AgentBrowserService {
             // GPU を browser プロセス内で動かし、GPU サンドボックスを外して回避する。
             '--in-process-gpu',
             '--disable-gpu-sandbox',
+            // GPU レスのサーバでも WebGL を「本物のソフトウェアレンダラ(SwiftShader/ANGLE)」として
+            // 実際に動かす。Chrome >=130 は自動 SwiftShader フォールバックを廃止したため
+            // --enable-unsafe-swiftshader が必須。WebGL が全く無いと実Chromeとして不自然で
+            // ボット判定（Cloudflare Turnstile 等）の信号になる。実機検証で WebGL 復活＋無クラッシュを確認済み。
+            '--use-gl=angle',
+            '--use-angle=swiftshader',
+            '--enable-unsafe-swiftshader',
             // ボット判定（Cloudflare の Managed Challenge 等）で誤検知されにくくする。
             // navigator.webdriver を立てる自動化フラグを無効化する。残りの偽装は CDP 側。
             '--disable-blink-features=AutomationControlled',
@@ -846,9 +891,13 @@ export class AgentBrowserService {
             }
             const major = (userAgent.match(/Chrome\/(\d+)/) || [])[1] || '120';
             if (userAgent) {
+                // acceptLanguage は q 値を付けない素のカンマ区切りにする。q 値を含めると
+                // Chrome がさらに q を付与して "ja;q=0.9;q=0.9" のような実ブラウザが出さない
+                // 不正なヘッダになり、それ自体がボット信号になる。
+                const fullVersion = (userAgent.match(/Chrome\/([\d.]+)/) || [])[1] || `${major}.0.0.0`;
                 await cdp.send('Emulation.setUserAgentOverride', {
                     userAgent,
-                    acceptLanguage: 'ja-JP,ja;q=0.9,en-US;q=0.8,en;q=0.7',
+                    acceptLanguage: 'ja-JP,ja,en-US,en',
                     platform: 'Linux x86_64',
                     userAgentMetadata: {
                         brands: [
@@ -856,20 +905,31 @@ export class AgentBrowserService {
                             { brand: 'Chromium', version: major },
                             { brand: 'Google Chrome', version: major },
                         ],
-                        fullVersion: (userAgent.match(/Chrome\/([\d.]+)/) || [])[1] || `${major}.0.0.0`,
+                        fullVersionList: [
+                            { brand: 'Not_A Brand', version: '24.0.0.0' },
+                            { brand: 'Chromium', version: fullVersion },
+                            { brand: 'Google Chrome', version: fullVersion },
+                        ],
                         platform: 'Linux',
                         platformVersion: '',
                         architecture: 'x86',
+                        bitness: '64',
+                        wow64: false,
                         model: '',
                         mobile: false,
                     },
                 });
             }
+            // 反検知は「正直で整合の取れた実Chrome」に寄せるのが正攻法。
+            // navigator.languages を Accept-Language と一致させる程度に留め、
+            // plugins や WebGL ベンダの「偽装」はしない（偽装は逆に不整合の検知信号になる）。
+            // navigator.webdriver は起動フラグ --disable-blink-features=AutomationControlled で
+            // 既に false 化されているが、保険として undefined を維持する。WebGL は実フラグ
+            // (--use-angle=swiftshader 等) で実際に動作するので、レンダラは正直に SwiftShader を返す。
             const stealthSource = `
         Object.defineProperty(navigator, 'webdriver', { get: () => undefined });
         if (!window.chrome) { window.chrome = { runtime: {} }; }
         Object.defineProperty(navigator, 'languages', { get: () => ['ja-JP', 'ja', 'en-US', 'en'] });
-        Object.defineProperty(navigator, 'plugins', { get: () => [1, 2, 3, 4, 5] });
         try {
           const _q = window.navigator.permissions && window.navigator.permissions.query;
           if (_q) {
@@ -879,14 +939,6 @@ export class AgentBrowserService {
                 : _q(p);
           }
         } catch (e) { /* ignore */ }
-        try {
-          const getParam = WebGLRenderingContext.prototype.getParameter;
-          WebGLRenderingContext.prototype.getParameter = function (p) {
-            if (p === 37445) return 'Intel Inc.';
-            if (p === 37446) return 'Intel Iris OpenGL Engine';
-            return getParam.call(this, p);
-          };
-        } catch (e) { /* ignore */ }
       `;
             await cdp.send('Page.addScriptToEvaluateOnNewDocument', { source: stealthSource });
         }

package/dist/utils/browser-maintenance.js

@@ -0,0 +1,145 @@
+import fs from 'node:fs/promises';
+// Linux clock ticks per second. Effectively always 100 on Linux; used only to
+// estimate process age, where small drift is harmless.
+const CLOCK_HZ = 100;
+/**
+ * Pure selection: given the set of chrome-devtools-mcp processes (node servers +
+ * their npm/sh launcher wrappers), return the pids to kill. Exported for testing.
+ *
+ * A "stack top" is a proc whose parent is not itself in the set (its parent is
+ * the agent). Stacks are grouped by agent; for any agent owning more than
+ * `maxPerAgent` stacks, the oldest extras beyond the cap — and only those older
+ * than `idleMs` — are selected along with their whole subtree. Healthy agents
+ * (≤ maxPerAgent stacks) are never touched.
+ */
+export function planReap(procs, maxPerAgent, idleMs) {
+    const stacksByAgent = new Map();
+    for (const [pid, info] of procs) {
+        if (!procs.has(info.ppid)) {
+            const list = stacksByAgent.get(info.ppid) ?? [];
+            list.push(pid);
+            stacksByAgent.set(info.ppid, list);
+        }
+    }
+    const children = new Map();
+    for (const [pid, info] of procs) {
+        const list = children.get(info.ppid) ?? [];
+        list.push(pid);
+        children.set(info.ppid, list);
+    }
+    const kill = [];
+    for (const tops of stacksByAgent.values()) {
+        if (tops.length <= maxPerAgent) {
+            continue;
+        }
+        tops.sort((a, b) => procs.get(b).ageSec - procs.get(a).ageSec); // oldest first
+        for (const top of tops.slice(0, tops.length - maxPerAgent)) {
+            if (procs.get(top).ageSec * 1000 < idleMs) {
+                continue; // spare recent stacks (e.g. mid-restart)
+            }
+            const queue = [top];
+            while (queue.length) {
+                const pid = queue.shift();
+                kill.push(pid);
+                for (const child of children.get(pid) ?? []) {
+                    if (procs.has(child))
+                        queue.push(child);
+                }
+            }
+        }
+    }
+    return kill;
+}
+/**
+ * Reaps leaked `chrome-devtools-mcp` server stacks.
+ *
+ * Agents (Claude/Codex) spawn one chrome-devtools-mcp server per session pointed
+ * at our shared browser's CDP port. A buggy agent can respawn it on every failure
+ * without reaping the old one — we observed a single Codex process holding 66
+ * servers (~24 GB) with the agent's active one wedged ("can't use chrome").
+ *
+ * NOTE: chrome-devtools-mcp connects to the browser lazily (only during a tool
+ * call), so "not connected to 9222" does NOT mean "dead" — an idle-but-live
+ * session would look disconnected. We therefore key off the actual leak
+ * signature instead: when ONE agent process owns more than `maxPerAgent`
+ * chrome-devtools-mcp stacks (aimed at our port), the oldest extras beyond the
+ * cap that are also older than `idleMs` are killed, keeping the newest (active)
+ * ones. A healthy agent with a single MCP is never touched. Linux-only.
+ */
+export function startMcpReaper(opts) {
+    const timer = setInterval(() => {
+        void reapOnce(opts).catch(() => undefined);
+    }, opts.intervalMs);
+    timer.unref?.();
+    return () => clearInterval(timer);
+}
+// All chrome-devtools-mcp processes (node servers + npm/sh launcher wrappers)
+// whose cmdline targets our CDP port. Keyed by pid.
+async function readMcpProcs(cdpPort) {
+    const procs = new Map();
+    let uptime;
+    try {
+        uptime = parseFloat((await fs.readFile('/proc/uptime', 'utf8')).split(' ')[0]);
+    }
+    catch {
+        return procs; // not Linux / no procfs
+    }
+    let pids;
+    try {
+        pids = (await fs.readdir('/proc')).filter((n) => /^\d+$/.test(n));
+    }
+    catch {
+        return procs;
+    }
+    const portToken = `127.0.0.1:${cdpPort}`;
+    for (const pid of pids) {
+        let cmdline;
+        try {
+            cmdline = (await fs.readFile(`/proc/${pid}/cmdline`, 'utf8')).replace(/\0/g, ' ').trim();
+        }
+        catch {
+            continue;
+        }
+        // Target only chrome-devtools-mcp aimed at OUR shared browser.
+        if (!cmdline.includes('chrome-devtools-mcp') || !cmdline.includes(portToken)) {
+            continue;
+        }
+        let stat;
+        try {
+            stat = await fs.readFile(`/proc/${pid}/stat`, 'utf8');
+        }
+        catch {
+            continue;
+        }
+        // comm (field 2) is parenthesised and may contain spaces/parens — parse after
+        // the final ')'. Then index 1 = ppid (field 4), index 19 = starttime (field 22).
+        const after = stat.slice(stat.lastIndexOf(')') + 2).split(' ');
+        const ppid = Number.parseInt(after[1], 10);
+        const starttime = Number.parseInt(after[19], 10);
+        if (!Number.isFinite(ppid) || !Number.isFinite(starttime)) {
+            continue;
+        }
+        procs.set(Number.parseInt(pid, 10), { ppid, cmdline, ageSec: uptime - starttime / CLOCK_HZ });
+    }
+    return procs;
+}
+async function reapOnce(opts) {
+    const procs = await readMcpProcs(opts.cdpPort);
+    if (procs.size === 0) {
+        return;
+    }
+    const kill = planReap(procs, opts.maxPerAgent, opts.idleMs);
+    let reaped = 0;
+    for (const pid of kill) {
+        try {
+            process.kill(pid, 'SIGTERM');
+            reaped++;
+        }
+        catch {
+            // already gone
+        }
+    }
+    if (reaped > 0) {
+        console.log(`[browser-maintenance] reaped ${reaped} process(es) from leaked chrome-devtools-mcp stacks`);
+    }
+}