github-router 0.3.36 → 0.3.38

package/dist/{lifecycle-DxRKANCV.js → lifecycle-CMnTe0W7.js}

@@ -1,4 +1,4 @@
-import "./paths-Cr2gfGiA.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, o as sweepStaleWorktreesAtBoot, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-3OXRVrtQ.js";
+import "./paths-C-GyxwCW.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, o as sweepStaleWorktreesAtBoot, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-Ho67_Rew.js";
 
 export { WorktreeRegistry, getInstanceUuid, recordWorkerRepo, registerExitHandlers, sweepRegistry, sweepStaleWorktreesAtBoot };

package/dist/{lifecycle-3OXRVrtQ.js → lifecycle-Ho67_Rew.js}

@@ -1,4 +1,4 @@
-import { c as writeRuntimeFileSecure, t as PATHS } from "./paths-Cr2gfGiA.js";
+import { c as writeRuntimeFileSecure, t as PATHS } from "./paths-C-GyxwCW.js";
 import { randomBytes, randomUUID } from "node:crypto";
 import fs from "node:fs/promises";
 import path from "node:path";
@@ -110,6 +110,24 @@ function sweepRegistry() {
 	}
 }
 /**
+* Windows ConPTY / node-pty signal behavior:
+*
+* When a ConPTY host (VS Code terminal, Windows Terminal, node-pty) closes
+* the pseudo-console, the ConPTY layer sends CTRL_CLOSE_EVENT to the
+* process group. Node.js translates this into SIGINT (NOT SIGTERM). The
+* process has a ~5-second window before forced termination.
+*
+* Implication: the SIGTERM handler below may NEVER fire in node-pty
+* environments. This is by design — the three-layer cleanup architecture
+* ensures coverage:
+*   1. Per-call cleanup (engine.ts finally block) — happy path
+*   2. SIGINT handler (this file) — ConPTY close, Ctrl+C
+*   3. `exit` handler (this file) — unconditional, fires on any exit
+*   4. Boot-time PID+instance sweep (sweepStaleWorktreesAtBoot) — crash recovery
+*
+* Layers 1+2+3 cover ConPTY; layer 4 covers SIGKILL/OOM/container restart.
+*/
+/**
 * Wire up SIGINT/SIGTERM/exit handlers that walk the registry and
 * remove every entry. Idempotent: subsequent calls swap the registry
 * pointer but do NOT register additional process listeners (otherwise
@@ -289,4 +307,4 @@ async function sweepStaleWorktreesAtBoot() {
 
 //#endregion
 export { sweepRegistry as a, registerExitHandlers as i, getInstanceUuid as n, sweepStaleWorktreesAtBoot as o, recordWorkerRepo as r, WorktreeRegistry as t };
-//# sourceMappingURL=lifecycle-3OXRVrtQ.js.map
+//# sourceMappingURL=lifecycle-Ho67_Rew.js.map

package/dist/lifecycle-Ho67_Rew.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lifecycle-Ho67_Rew.js","names":["_instanceUuid: string | null","_activeRegistry: WorktreeRegistry | null","_exitHandler: (() => void) | null","_sigintHandler: (() => void) | null","_sigtermHandler: (() => void) | null","raw: string","cleaned: Array<LedgerEntry>","_ledgerChain: Promise<void>","ledger: LedgerFile","names: Array<string>"],"sources":["../src/lib/worker-agent/lifecycle.ts"],"sourcesContent":["/**\n * Lifecycle plumbing for worker worktrees: in-memory registry, signal\n * handlers, ledger of repos touched, and the boot-time PID+instance\n * safety net.\n *\n * Plan: see `plans/we-have-added-a-dreamy-tide.md` (\"Worktree mode\" →\n * \"Cleanup paths\"). Three layers cooperate, none of them sufficient\n * alone:\n *\n *   1. Per-call cleanup (`engine.ts` finally block invoking\n *      `WorktreeHandle.remove()`) — covers the happy path.\n *\n *   2. Session-end signal sweep (this file, registered via\n *      `registerExitHandlers`) — covers Ctrl+C, service-manager stop,\n *      and (in `github-router claude` mode) the spawned child's exit.\n *      Synchronous `execFileSync` is intentional: exit handlers can't\n *      reliably await async work.\n *\n *   3. Boot-time PID+instance sweep (`sweepStaleWorktreesAtBoot`) —\n *      covers SIGKILL, OOM, container restart. Walks the ledger of\n *      repos this proxy has touched and removes worktree dirs whose\n *      `<pid>` is dead OR whose `<instance>` UUID doesn't match the\n *      current proxy's UUID.\n *\n * Ledger writes are ATOMIC (temp + rename) per peer review — a\n * concurrent-RMW corruption would silently strand worktrees because\n * the boot sweep can't find their repo roots.\n */\n\nimport { execFileSync } from \"node:child_process\"\nimport { randomBytes, randomUUID } from \"node:crypto\"\nimport fs from \"node:fs/promises\"\nimport path from \"node:path\"\nimport process from \"node:process\"\n\nimport { PATHS, writeRuntimeFileSecure } from \"../paths\"\n\n/**\n * Same regex worktree.ts uses for its per-call age sweep — kept in\n * sync intentionally. `<pid>-<uuid>-<8hex>` strictly.\n */\nconst WORKTREE_DIR_NAME_RE =\n  /^(\\d+)-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})-([0-9a-f]{8})$/\n\n/**\n * Cap on the ledger: how many repos we remember across boots, and how\n * old an entry may be before it's pruned. Both are belt-and-suspenders\n * — the per-call age sweep is the primary guard against accumulation\n * inside any single repo.\n */\nconst LEDGER_MAX_ENTRIES = 100\nconst LEDGER_MAX_AGE_MS = 30 * 24 * 60 * 60 * 1000\n\nexport interface WorktreeRegistryEntry {\n  repoRoot: string\n  dir: string\n  branch: string\n}\n\n/**\n * Set-like in-memory registry of worktrees this proxy created. Engine\n * passes it to `createWorktree` so per-call cleanup deletes the entry\n * on success; the signal handlers walk what's left at shutdown.\n *\n * Not a bare `Set` because we want to expose only the operations we\n * actually use, and we want a stable testable surface.\n */\nexport class WorktreeRegistry {\n  private readonly entries = new Set<WorktreeRegistryEntry>()\n\n  add(entry: WorktreeRegistryEntry): void {\n    this.entries.add(entry)\n  }\n  delete(entry: WorktreeRegistryEntry): void {\n    this.entries.delete(entry)\n  }\n  has(entry: WorktreeRegistryEntry): boolean {\n    return this.entries.has(entry)\n  }\n  values(): IterableIterator<WorktreeRegistryEntry> {\n    return this.entries.values()\n  }\n  get size(): number {\n    return this.entries.size\n  }\n  clear(): void {\n    this.entries.clear()\n  }\n}\n\n// ---------------------------------------------------------------------\n// Per-launch instance UUID\n// ---------------------------------------------------------------------\n\nlet _instanceUuid: string | null = null\n\n/**\n * Stable UUID4 generated once per proxy process. Used in worktree\n * dir/branch names so the boot sweep can reliably distinguish \"this\n * proxy's still-live worktrees\" from \"stranded dirs from a prior\n * proxy that happens to have a recycled PID\" — Docker PID-1 across\n * container restarts is the classic case (peer-review HIGH finding).\n */\nexport function getInstanceUuid(): string {\n  if (_instanceUuid === null) {\n    _instanceUuid = randomUUID()\n  }\n  return _instanceUuid\n}\n\n/** Test-only: reset the cached UUID. */\nexport function __resetInstanceUuidForTests(): void {\n  _instanceUuid = null\n}\n\n// ---------------------------------------------------------------------\n// Signal handlers + sweepRegistry\n// ---------------------------------------------------------------------\n\nlet _registered = false\nlet _activeRegistry: WorktreeRegistry | null = null\nlet _exitHandler: (() => void) | null = null\nlet _sigintHandler: (() => void) | null = null\nlet _sigtermHandler: (() => void) | null = null\n\n/**\n * Synchronous cleanup of every registry entry. Best-effort:\n * `execFileSync` failures are swallowed (the dir may have been\n * removed already, or git may not be on PATH any more in some\n * environments). After a successful removal we drop the entry from\n * the registry so a second call is a true no-op.\n *\n * Synchronous on purpose — exit handlers can't reliably await async\n * work; the process would die before the promise settled.\n */\nexport function sweepRegistry(): void {\n  if (!_activeRegistry) return\n  // Snapshot the values first so we can mutate the underlying set\n  // during iteration without skipping entries.\n  const snapshot = [..._activeRegistry.values()]\n  for (const entry of snapshot) {\n    try {\n      // `-C entry.repoRoot` is load-bearing: without it git resolves\n      // the worktree path relative to the proxy's cwd (which is the\n      // user's launch dir, typically NOT inside the target repo), and\n      // fails with `fatal: '<path>' is not a working tree`. The E2E\n      // boot-sweep test (worker-agent-boot-sweep.test.ts) is what\n      // caught the missing flag.\n      execFileSync(\n        \"git\",\n        [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", entry.dir],\n        { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n      )\n    } catch {\n      // Already gone, EBUSY, or git not on PATH — best effort.\n    }\n    try {\n      execFileSync(\"git\", [\"-C\", entry.repoRoot, \"branch\", \"-D\", entry.branch], {\n        stdio: \"ignore\",\n        timeout: 5_000,\n        windowsHide: true,\n      })\n    } catch {\n      // Same as above.\n    }\n    _activeRegistry.delete(entry)\n  }\n}\n\n/**\n * Windows ConPTY / node-pty signal behavior:\n *\n * When a ConPTY host (VS Code terminal, Windows Terminal, node-pty) closes\n * the pseudo-console, the ConPTY layer sends CTRL_CLOSE_EVENT to the\n * process group. Node.js translates this into SIGINT (NOT SIGTERM). The\n * process has a ~5-second window before forced termination.\n *\n * Implication: the SIGTERM handler below may NEVER fire in node-pty\n * environments. This is by design — the three-layer cleanup architecture\n * ensures coverage:\n *   1. Per-call cleanup (engine.ts finally block) — happy path\n *   2. SIGINT handler (this file) — ConPTY close, Ctrl+C\n *   3. `exit` handler (this file) — unconditional, fires on any exit\n *   4. Boot-time PID+instance sweep (sweepStaleWorktreesAtBoot) — crash recovery\n *\n * Layers 1+2+3 cover ConPTY; layer 4 covers SIGKILL/OOM/container restart.\n */\n\n/**\n * Wire up SIGINT/SIGTERM/exit handlers that walk the registry and\n * remove every entry. Idempotent: subsequent calls swap the registry\n * pointer but do NOT register additional process listeners (otherwise\n * we'd leak listeners on every `runWorkerAgent`).\n *\n * Signal handlers re-raise the signal after sweeping. Naively running\n * the sweep on SIGINT/SIGTERM and returning would *suppress* the\n * signal: Node defaults to terminating the process on these, but only\n * if no user listener is attached. Once we attach a listener, the\n * default action is cancelled and the process keeps running — which\n * means Ctrl-C would clean worktrees but not actually exit, leaving\n * orphan processes in dev. The `process.kill(pid, sig)` re-raise\n * after removing our own listener restores the default behaviour\n * (the second delivery now hits an empty listener list, so Node\n * terminates with the conventional `128 + signum` exit code).\n */\nexport function registerExitHandlers(registry: WorktreeRegistry): void {\n  _activeRegistry = registry\n  if (_registered) return\n  _registered = true\n  _exitHandler = () => sweepRegistry()\n  _sigintHandler = () => {\n    sweepRegistry()\n    if (_sigintHandler) process.off(\"SIGINT\", _sigintHandler)\n    process.kill(process.pid, \"SIGINT\")\n  }\n  _sigtermHandler = () => {\n    sweepRegistry()\n    if (_sigtermHandler) process.off(\"SIGTERM\", _sigtermHandler)\n    process.kill(process.pid, \"SIGTERM\")\n  }\n  process.on(\"SIGINT\", _sigintHandler)\n  process.on(\"SIGTERM\", _sigtermHandler)\n  // `exit` handlers can only run synchronous code — exactly what\n  // sweepRegistry does. Async work here would never complete.\n  process.on(\"exit\", _exitHandler)\n}\n\n/**\n * Test-only: unregister the handlers and reset module state. Tests\n * that want to verify `registerExitHandlers` semantics must clean up\n * after themselves or future tests in the same process inherit the\n * (now stale) registry pointer.\n */\nexport function __unregisterExitHandlersForTests(): void {\n  if (_sigintHandler) {\n    process.off(\"SIGINT\", _sigintHandler)\n    _sigintHandler = null\n  }\n  if (_sigtermHandler) {\n    process.off(\"SIGTERM\", _sigtermHandler)\n    _sigtermHandler = null\n  }\n  if (_exitHandler) {\n    process.off(\"exit\", _exitHandler)\n    _exitHandler = null\n  }\n  _registered = false\n  _activeRegistry = null\n}\n\n// ---------------------------------------------------------------------\n// Ledger: which repos has this proxy touched?\n// ---------------------------------------------------------------------\n\ninterface LedgerEntry {\n  repoRoot: string\n  lastSeenMs: number\n}\n\ninterface LedgerFile {\n  entries: Array<LedgerEntry>\n}\n\nfunction ledgerPath(): string {\n  return path.join(PATHS.APP_DIR, \"worker-repos.json\")\n}\n\nasync function readLedger(): Promise<LedgerFile> {\n  let raw: string\n  try {\n    raw = await fs.readFile(ledgerPath(), \"utf8\")\n  } catch (err) {\n    if ((err as NodeJS.ErrnoException).code === \"ENOENT\") {\n      return { entries: [] }\n    }\n    return { entries: [] }\n  }\n  try {\n    const parsed = JSON.parse(raw) as Partial<LedgerFile>\n    if (!parsed || !Array.isArray(parsed.entries)) return { entries: [] }\n    const cleaned: Array<LedgerEntry> = []\n    for (const e of parsed.entries) {\n      if (\n        e &&\n        typeof e === \"object\" &&\n        typeof (e as LedgerEntry).repoRoot === \"string\" &&\n        typeof (e as LedgerEntry).lastSeenMs === \"number\"\n      ) {\n        cleaned.push({\n          repoRoot: (e as LedgerEntry).repoRoot,\n          lastSeenMs: (e as LedgerEntry).lastSeenMs,\n        })\n      }\n    }\n    return { entries: cleaned }\n  } catch {\n    // Corrupted JSON — start fresh rather than crashing the proxy.\n    return { entries: [] }\n  }\n}\n\n/**\n * Per-process serializer for ledger writes. Multiple concurrent\n * `recordWorkerRepo` calls (legitimate: several workers may start at\n * once) would otherwise race read-modify-write on the JSON file. Each\n * call chains onto the previous so the on-disk sequence is\n * deterministic from this process's perspective.\n *\n * Cross-process safety is provided by the atomic temp+rename below,\n * which makes the final state of the file always be a well-formed\n * full snapshot from ONE writer — never a partial write or\n * interleaved JSON.\n */\nlet _ledgerChain: Promise<void> = Promise.resolve()\n\n/**\n * Append `repoRoot` to the ledger (or update its `lastSeenMs`).\n * Atomic temp+rename per peer review.\n */\nexport function recordWorkerRepo(repoRoot: string): Promise<void> {\n  const next = _ledgerChain.then(async () => {\n    await fs.mkdir(PATHS.APP_DIR, { recursive: true })\n    const current = await readLedger()\n    // Dedup: drop any existing entry for this root before appending\n    // the fresh one so the array doesn't grow unbounded with repeats.\n    const filtered = current.entries.filter((e) => e.repoRoot !== repoRoot)\n    filtered.push({ repoRoot, lastSeenMs: Date.now() })\n    // Prune by age and cap entry count (newest wins).\n    const now = Date.now()\n    const pruned = filtered\n      .filter((e) => now - e.lastSeenMs < LEDGER_MAX_AGE_MS)\n      .slice(-LEDGER_MAX_ENTRIES)\n    const ledger: LedgerFile = { entries: pruned }\n\n    // Atomic temp+rename. The temp filename is unique per call\n    // (PID + 8 random hex chars) so concurrent processes don't\n    // collide on the temp name; the final `rename` is atomic on\n    // POSIX and on Windows (both with same filesystem).\n    const tmp = `${ledgerPath()}.tmp.${process.pid}.${randomBytes(4).toString(\n      \"hex\",\n    )}`\n    try {\n      await writeRuntimeFileSecure(tmp, JSON.stringify(ledger, null, 2))\n      await fs.rename(tmp, ledgerPath())\n    } catch (err) {\n      // Clean up the temp file if rename failed midway.\n      await fs.unlink(tmp).catch(() => {})\n      throw err\n    }\n  })\n  // Swallow chain-internal errors so one failed write doesn't poison\n  // the chain for every subsequent caller. Each call still sees its\n  // own rejection (we return `next`, not the catch-handler chain).\n  _ledgerChain = next.catch(() => undefined)\n  return next\n}\n\nfunction isPidAlive(pid: number): boolean {\n  if (!Number.isInteger(pid) || pid <= 0) return false\n  try {\n    process.kill(pid, 0)\n    return true\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code\n    // EPERM = process exists but we can't signal it — still alive\n    // for our purposes (we just need to know whether to clean up).\n    if (code === \"EPERM\") return true\n    return false\n  }\n}\n\n/**\n * Boot-time sweep. For every repo we recorded in the ledger,\n * enumerate `<repoRoot>/.git/worker-worktrees/` (the conventional\n * location — for repos already inside a worktree, the actual\n * `git-common-dir` may differ, in which case we'll miss this batch\n * and the per-call age sweep will catch them within 7 days) and\n * remove dirs that aren't owned by THIS proxy.\n *\n * Ownership rule: dir is \"ours\" iff its embedded PID is alive AND\n * its embedded UUID equals `getInstanceUuid()`. Either condition\n * failing → remove.\n */\nexport async function sweepStaleWorktreesAtBoot(): Promise<void> {\n  const ledger = await readLedger()\n  if (ledger.entries.length === 0) return\n  const currentUuid = getInstanceUuid()\n  for (const entry of ledger.entries) {\n    const parent = path.join(entry.repoRoot, \".git\", \"worker-worktrees\")\n    let names: Array<string>\n    try {\n      names = await fs.readdir(parent)\n    } catch {\n      continue\n    }\n    for (const name of names) {\n      const m = WORKTREE_DIR_NAME_RE.exec(name)\n      if (!m) continue\n      const pid = Number.parseInt(m[1], 10)\n      const uuid = m[2]\n      const isOurs = isPidAlive(pid) && uuid === currentUuid\n      if (isOurs) continue\n\n      const fullDir = path.join(parent, name)\n      const branch = `worker/${pid}-${uuid}-${m[3]}`\n      try {\n        // `-C entry.repoRoot` is load-bearing here too — see the\n        // matching comment in `sweepRegistry`. The boot sweep runs\n        // BEFORE any worker tool has set cwd, so the proxy's cwd is\n        // the user's launch dir, which is almost never inside the\n        // target repo.\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", fullDir],\n          { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"branch\", \"-D\", branch],\n          { stdio: \"ignore\", timeout: 5_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        await fs.rm(fullDir, { recursive: true, force: true })\n      } catch {\n        // ignore — git may have removed it already\n      }\n    }\n  }\n}\n\n/** Test-only: clear the ledger file (does NOT remove on-disk worktrees). */\nexport async function __clearLedgerForTests(): Promise<void> {\n  await fs.unlink(ledgerPath()).catch(() => {})\n}\n\n/** Test-only: read the ledger as a plain array (no side effects). */\nexport async function __readLedgerForTests(): Promise<Array<LedgerEntry>> {\n  return (await readLedger()).entries\n}\n"],"mappings":";;;;;;;;;;;;AAyCA,MAAM,uBACJ;;;;;;;AAQF,MAAM,qBAAqB;AAC3B,MAAM,oBAAoB,MAAU,KAAK,KAAK;;;;;;;;;AAgB9C,IAAa,mBAAb,MAA8B;CAC5B,AAAiB,0BAAU,IAAI,KAA4B;CAE3D,IAAI,OAAoC;AACtC,OAAK,QAAQ,IAAI,MAAM;;CAEzB,OAAO,OAAoC;AACzC,OAAK,QAAQ,OAAO,MAAM;;CAE5B,IAAI,OAAuC;AACzC,SAAO,KAAK,QAAQ,IAAI,MAAM;;CAEhC,SAAkD;AAChD,SAAO,KAAK,QAAQ,QAAQ;;CAE9B,IAAI,OAAe;AACjB,SAAO,KAAK,QAAQ;;CAEtB,QAAc;AACZ,OAAK,QAAQ,OAAO;;;AAQxB,IAAIA,gBAA+B;;;;;;;;AASnC,SAAgB,kBAA0B;AACxC,KAAI,kBAAkB,KACpB,iBAAgB,YAAY;AAE9B,QAAO;;AAYT,IAAI,cAAc;AAClB,IAAIC,kBAA2C;AAC/C,IAAIC,eAAoC;AACxC,IAAIC,iBAAsC;AAC1C,IAAIC,kBAAuC;;;;;;;;;;;AAY3C,SAAgB,gBAAsB;AACpC,KAAI,CAAC,gBAAiB;CAGtB,MAAM,WAAW,CAAC,GAAG,gBAAgB,QAAQ,CAAC;AAC9C,MAAK,MAAM,SAAS,UAAU;AAC5B,MAAI;AAOF,gBACE,OACA;IAAC;IAAM,MAAM;IAAU;IAAY;IAAU;IAAW,MAAM;IAAI,EAClE;IAAE,OAAO;IAAU,SAAS;IAAQ,aAAa;IAAM,CACxD;UACK;AAGR,MAAI;AACF,gBAAa,OAAO;IAAC;IAAM,MAAM;IAAU;IAAU;IAAM,MAAM;IAAO,EAAE;IACxE,OAAO;IACP,SAAS;IACT,aAAa;IACd,CAAC;UACI;AAGR,kBAAgB,OAAO,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCjC,SAAgB,qBAAqB,UAAkC;AACrE,mBAAkB;AAClB,KAAI,YAAa;AACjB,eAAc;AACd,sBAAqB,eAAe;AACpC,wBAAuB;AACrB,iBAAe;AACf,MAAI,eAAgB,SAAQ,IAAI,UAAU,eAAe;AACzD,UAAQ,KAAK,QAAQ,KAAK,SAAS;;AAErC,yBAAwB;AACtB,iBAAe;AACf,MAAI,gBAAiB,SAAQ,IAAI,WAAW,gBAAgB;AAC5D,UAAQ,KAAK,QAAQ,KAAK,UAAU;;AAEtC,SAAQ,GAAG,UAAU,eAAe;AACpC,SAAQ,GAAG,WAAW,gBAAgB;AAGtC,SAAQ,GAAG,QAAQ,aAAa;;AAuClC,SAAS,aAAqB;AAC5B,QAAO,KAAK,KAAK,MAAM,SAAS,oBAAoB;;AAGtD,eAAe,aAAkC;CAC/C,IAAIC;AACJ,KAAI;AACF,QAAM,MAAM,GAAG,SAAS,YAAY,EAAE,OAAO;UACtC,KAAK;AACZ,MAAK,IAA8B,SAAS,SAC1C,QAAO,EAAE,SAAS,EAAE,EAAE;AAExB,SAAO,EAAE,SAAS,EAAE,EAAE;;AAExB,KAAI;EACF,MAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,QAAQ,OAAO,QAAQ,CAAE,QAAO,EAAE,SAAS,EAAE,EAAE;EACrE,MAAMC,UAA8B,EAAE;AACtC,OAAK,MAAM,KAAK,OAAO,QACrB,KACE,KACA,OAAO,MAAM,YACb,OAAQ,EAAkB,aAAa,YACvC,OAAQ,EAAkB,eAAe,SAEzC,SAAQ,KAAK;GACX,UAAW,EAAkB;GAC7B,YAAa,EAAkB;GAChC,CAAC;AAGN,SAAO,EAAE,SAAS,SAAS;SACrB;AAEN,SAAO,EAAE,SAAS,EAAE,EAAE;;;;;;;;;;;;;;;AAgB1B,IAAIC,eAA8B,QAAQ,SAAS;;;;;AAMnD,SAAgB,iBAAiB,UAAiC;CAChE,MAAM,OAAO,aAAa,KAAK,YAAY;AACzC,QAAM,GAAG,MAAM,MAAM,SAAS,EAAE,WAAW,MAAM,CAAC;EAIlD,MAAM,YAHU,MAAM,YAAY,EAGT,QAAQ,QAAQ,MAAM,EAAE,aAAa,SAAS;AACvE,WAAS,KAAK;GAAE;GAAU,YAAY,KAAK,KAAK;GAAE,CAAC;EAEnD,MAAM,MAAM,KAAK,KAAK;EAItB,MAAMC,SAAqB,EAAE,SAHd,SACZ,QAAQ,MAAM,MAAM,EAAE,aAAa,kBAAkB,CACrD,MAAM,CAAC,mBAAmB,EACiB;EAM9C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,QAAQ,IAAI,GAAG,YAAY,EAAE,CAAC,SAC/D,MACD;AACD,MAAI;AACF,SAAM,uBAAuB,KAAK,KAAK,UAAU,QAAQ,MAAM,EAAE,CAAC;AAClE,SAAM,GAAG,OAAO,KAAK,YAAY,CAAC;WAC3B,KAAK;AAEZ,SAAM,GAAG,OAAO,IAAI,CAAC,YAAY,GAAG;AACpC,SAAM;;GAER;AAIF,gBAAe,KAAK,YAAY,OAAU;AAC1C,QAAO;;AAGT,SAAS,WAAW,KAAsB;AACxC,KAAI,CAAC,OAAO,UAAU,IAAI,IAAI,OAAO,EAAG,QAAO;AAC/C,KAAI;AACF,UAAQ,KAAK,KAAK,EAAE;AACpB,SAAO;UACA,KAAK;AAIZ,MAHc,IAA8B,SAG/B,QAAS,QAAO;AAC7B,SAAO;;;;;;;;;;;;;;;AAgBX,eAAsB,4BAA2C;CAC/D,MAAM,SAAS,MAAM,YAAY;AACjC,KAAI,OAAO,QAAQ,WAAW,EAAG;CACjC,MAAM,cAAc,iBAAiB;AACrC,MAAK,MAAM,SAAS,OAAO,SAAS;EAClC,MAAM,SAAS,KAAK,KAAK,MAAM,UAAU,QAAQ,mBAAmB;EACpE,IAAIC;AACJ,MAAI;AACF,WAAQ,MAAM,GAAG,QAAQ,OAAO;UAC1B;AACN;;AAEF,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,IAAI,qBAAqB,KAAK,KAAK;AACzC,OAAI,CAAC,EAAG;GACR,MAAM,MAAM,OAAO,SAAS,EAAE,IAAI,GAAG;GACrC,MAAM,OAAO,EAAE;AAEf,OADe,WAAW,IAAI,IAAI,SAAS,YAC/B;GAEZ,MAAM,UAAU,KAAK,KAAK,QAAQ,KAAK;GACvC,MAAM,SAAS,UAAU,IAAI,GAAG,KAAK,GAAG,EAAE;AAC1C,OAAI;AAMF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAY;KAAU;KAAW;KAAQ,EAChE;KAAE,OAAO;KAAU,SAAS;KAAQ,aAAa;KAAM,CACxD;WACK;AAGR,OAAI;AACF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAU;KAAM;KAAO,EAC9C;KAAE,OAAO;KAAU,SAAS;KAAO,aAAa;KAAM,CACvD;WACK;AAGR,OAAI;AACF,UAAM,GAAG,GAAG,SAAS;KAAE,WAAW;KAAM,OAAO;KAAM,CAAC;WAChD"}

package/dist/main.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { c as writeRuntimeFileSecure, i as removeOwnClaudeConfigMirror, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-Cr2gfGiA.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-3OXRVrtQ.js";
+import { c as writeRuntimeFileSecure, i as removeOwnClaudeConfigMirror, n as ensureClaudeConfigMirror, r as ensurePaths, t as PATHS } from "./paths-C-GyxwCW.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-Ho67_Rew.js";
 import { createRequire } from "node:module";
 import { defineCommand, runMain } from "citty";
 import consola from "consola";
@@ -3055,10 +3055,11 @@ async function bridgeCall(endpoint, tool, args, timeoutMs, signal) {
 		const id = randomUUID();
 		const ws = new WebSocket(`ws://127.0.0.1:${endpoint.port}`, { headers: { authorization: `Bearer ${endpoint.token}` } });
 		let settled = false;
+		let timer = void 0;
 		const finish = (fn) => {
 			if (settled) return;
 			settled = true;
-			clearTimeout(timer);
+			if (timer !== void 0) clearTimeout(timer);
 			if (signal) signal.removeEventListener("abort", onAbort);
 			try {
 				ws.close();
@@ -3073,7 +3074,7 @@ async function bridgeCall(endpoint, tool, args, timeoutMs, signal) {
 			}
 			signal.addEventListener("abort", onAbort, { once: true });
 		}
-		const timer = setTimeout(() => finish(() => reject(/* @__PURE__ */ new Error(`timeout after ${timeoutMs}ms`))), timeoutMs);
+		timer = setTimeout(() => finish(() => reject(/* @__PURE__ */ new Error(`timeout after ${timeoutMs}ms`))), timeoutMs);
 		ws.on("open", () => {
 			if (settled) {
 				try {
@@ -3190,7 +3191,7 @@ function logAudit$1(record) {
 		try {
 			const fs$2 = await import("node:fs/promises");
 			const path$2 = await import("node:path");
-			const { PATHS: PATHS$1 } = await import("./paths-Cf3OVCaJ.js");
+			const { PATHS: PATHS$1 } = await import("./paths-DZwqh1p5.js");
 			const dir = path$2.join(PATHS$1.APP_DIR, "browser-mcp");
 			await fs$2.mkdir(dir, { recursive: true });
 			const line = JSON.stringify({
@@ -5181,6 +5182,117 @@ async function acquireWorkerSlot(signal) {
 	};
 }
 
+//#endregion
+//#region src/lib/diagnose-response.ts
+const PREVIEW_LIMIT = 200;
+async function parseJsonOrDiagnose(response, routePath) {
+	const cloned = response.clone();
+	try {
+		return await response.json();
+	} catch (error) {
+		const contentType = response.headers.get("content-type") ?? "(none)";
+		const bodyText = await cloned.text().catch(() => "(unreadable)");
+		const preview = bodyText.length > PREVIEW_LIMIT ? bodyText.slice(0, PREVIEW_LIMIT) + "...(truncated)" : bodyText;
+		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..${PREVIEW_LIMIT}]=${JSON.stringify(preview)}`);
+		throw error;
+	}
+}
+
+//#endregion
+//#region src/lib/response-cap.ts
+/**
+* Hard byte cap for non-streaming upstream response bodies.
+*
+* Anthropic responses with large tool_use blocks can legitimately reach
+* several MB, but a multi-GB body is either a buggy upstream or a malicious
+* one. Buffering it would OOM the proxy and crash all in-flight requests.
+*
+* Applies to /v1/messages, /v1/chat/completions, and /v1/responses.
+*/
+const MAX_RESPONSE_BODY_BYTES = 10 * 1024 * 1024;
+/**
+* Read a Response body with a hard byte cap, then parse as JSON.
+*
+* Falls back to the fast path (response.json()) when Content-Length is
+* present and within the cap, avoiding the streaming-reader overhead for
+* the vast majority of normal responses.
+*
+* When the cap is hit:
+*   - the reader is cancelled to release the upstream socket
+*   - a structured Anthropic-format error is returned to the caller
+*     (the caller wraps it in c.json(), not throws — the client gets a
+*     clean 413 error, not an unhandled-rejection crash)
+*
+* Returns `{ ok: true, value }` on success or `{ ok: false, errorResponse, status }`
+* on cap exceeded.
+*/
+async function readResponseBodyCapped(response, routePath, capBytes = MAX_RESPONSE_BODY_BYTES) {
+	const contentLengthHeader = response.headers.get("content-length");
+	const contentLength = contentLengthHeader ? parseInt(contentLengthHeader, 10) : NaN;
+	if (!isNaN(contentLength) && contentLength <= capBytes) return {
+		ok: true,
+		value: await parseJsonOrDiagnose(response, routePath)
+	};
+	const reader = response.body?.getReader();
+	if (!reader) return {
+		ok: true,
+		value: await parseJsonOrDiagnose(response, routePath)
+	};
+	const chunks = [];
+	let totalBytes = 0;
+	let capped = false;
+	try {
+		while (true) {
+			const { done, value } = await reader.read();
+			if (done) break;
+			if (!value) continue;
+			totalBytes += value.byteLength;
+			if (totalBytes > capBytes) {
+				capped = true;
+				try {
+					await reader.cancel("size_cap");
+				} catch {}
+				break;
+			}
+			chunks.push(value);
+		}
+	} catch (err) {
+		if (!capped) consola.warn(`readResponseBodyCapped: read error at ${routePath}:`, err);
+	}
+	if (capped) {
+		consola.warn(`Non-streaming upstream response at ${routePath} exceeded ${capBytes} bytes (10 MiB cap); dropping body to prevent OOM. Check upstream health.`);
+		return {
+			ok: false,
+			status: 502,
+			errorResponse: {
+				type: "error",
+				error: {
+					type: "api_error",
+					message: `Upstream response body exceeded the 10 MiB size cap for non-streaming ${routePath}. The upstream may be misbehaving. Try enabling streaming (stream: true) which handles large responses chunk-by-chunk.`
+				}
+			}
+		};
+	}
+	const merged = new Uint8Array(totalBytes);
+	let offset = 0;
+	for (const chunk of chunks) {
+		merged.set(chunk, offset);
+		offset += chunk.byteLength;
+	}
+	const text = new TextDecoder().decode(merged);
+	try {
+		return {
+			ok: true,
+			value: JSON.parse(text)
+		};
+	} catch (err) {
+		const preview = text.slice(0, 200);
+		const contentType = response.headers.get("content-type") ?? "(none)";
+		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..200]=${JSON.stringify(preview)}`);
+		throw err;
+	}
+}
+
 //#endregion
 //#region src/services/copilot/create-chat-completions.ts
 const createChatCompletions = async (payload, modelHeaders, callerSignal) => {
@@ -5222,7 +5334,12 @@ const createChatCompletions = async (payload, modelHeaders, callerSignal) => {
 		}));
 	}
 	if (payload.stream) return events(response);
-	return await response.json();
+	const cappedResult = await readResponseBodyCapped(response, "/v1/chat/completions", MAX_RESPONSE_BODY_BYTES);
+	if (!cappedResult.ok) throw new HTTPError("Upstream /v1/chat/completions response exceeded 10 MiB size cap", new Response(JSON.stringify(cappedResult.errorResponse), {
+		status: cappedResult.status,
+		headers: { "content-type": "application/json" }
+	}));
+	return cappedResult.value;
 };
 
 //#endregion
@@ -5883,7 +6000,12 @@ const createResponses = async (payload, modelHeaders, callerSignal) => {
 		throw new HTTPError("Failed to create responses", response);
 	}
 	if (payload.stream) return events(response);
-	return await response.json();
+	const cappedResult = await readResponseBodyCapped(response, "/v1/responses", MAX_RESPONSE_BODY_BYTES);
+	if (!cappedResult.ok) throw new HTTPError("Upstream /v1/responses response exceeded 10 MiB size cap", new Response(JSON.stringify(cappedResult.errorResponse), {
+		status: cappedResult.status,
+		headers: { "content-type": "application/json" }
+	}));
+	return cappedResult.value;
 };
 function detectVision(input) {
 	if (typeof input === "string") return false;
@@ -6847,6 +6969,34 @@ async function readWithInactivityTimeout(reader, timeoutMs) {
 	}
 }
 /**
+* Race an `AsyncIterableIterator.next()` call against an inactivity timeout.
+*
+* Follows the same pattern as `readWithInactivityTimeout` (including the
+* noop catcher to avoid Node 24 unhandled-rejection crashes) but works
+* with typed iterators that yield parsed objects rather than raw bytes.
+*
+* On timeout, throws an `InactivityTimeout` error (same classification as
+* the byte-reader variant — surfaced to the consumer as `timeout_error` via
+* `buildOpenAIErrorEvent`).
+*
+* @param iterator - An AsyncIterableIterator whose `.next()` we want to race.
+* @param timeoutMs - Milliseconds before the timeout fires.
+*/
+async function readIteratorWithTimeout(iterator, timeoutMs) {
+	let timeoutHandle;
+	const timeoutPromise = new Promise((_, reject) => {
+		timeoutHandle = setTimeout(() => {
+			reject(Object.assign(/* @__PURE__ */ new Error("upstream_inactive"), { name: "InactivityTimeout" }));
+		}, timeoutMs);
+	});
+	timeoutPromise.catch(() => {});
+	try {
+		return await Promise.race([iterator.next(), timeoutPromise]);
+	} finally {
+		if (timeoutHandle !== void 0) clearTimeout(timeoutHandle);
+	}
+}
+/**
 * Build the SSE wire bytes for an Anthropic-format streaming error event.
 * Per Anthropic streaming spec, errors are sent as:
 *   event: error
@@ -7162,7 +7312,7 @@ function sseEvent(type, data) {
 function buildAdvisorStream(opts) {
 	const advisorModel = opts.advisorModel ?? ADVISOR_DEFAULT_MODEL;
 	const advisorEffort = opts.advisorEffort ?? ADVISOR_DEFAULT_EFFORT;
-	const aborter = new AbortController();
+	const aborter = opts.externalAborter ?? new AbortController();
 	let conversation = [...opts.initialConversation];
 	return new ReadableStream({
 		async start(controller) {
@@ -8086,6 +8236,33 @@ function resolvePathOrThrow(rawPath, workspace, opts = {}) {
 *   with the truncated text + a flag. The caller appends the
 *   truncation marker to the formatted output.
 */
+/**
+* Platform-aware kill for child processes. On Windows `child.kill()`
+* does NOT reliably terminate descendant processes — we use
+* `taskkill /T /F /PID` instead (same pattern as `bash.ts:killProcessTree`
+* and `code-search.ts:killChild`). EBUSY is swallowed because taskkill
+* occasionally races with the child's own teardown.
+*/
+function killChildTree(child) {
+	if (!child.pid || child.killed) return;
+	if (process$1.platform === "win32") {
+		try {
+			spawnSync("taskkill", [
+				"/T",
+				"/F",
+				"/PID",
+				String(child.pid)
+			], {
+				stdio: "ignore",
+				windowsHide: true
+			});
+		} catch {}
+		return;
+	}
+	try {
+		child.kill("SIGTERM");
+	} catch {}
+}
 async function runRipgrep(args, cwd, signal) {
 	const RG_STDOUT_CAP = 10 * 1024 * 1024;
 	const { rgPath } = resolveRipgrep();
@@ -8112,9 +8289,7 @@ async function runRipgrep(args, cwd, signal) {
 		let truncated = false;
 		let settled = false;
 		const onAbort = () => {
-			if (child.pid && !child.killed) try {
-				child.kill("SIGTERM");
-			} catch {}
+			if (child.pid && !child.killed) killChildTree(child);
 		};
 		if (signal.aborted) onAbort();
 		else signal.addEventListener("abort", onAbort, { once: true });
@@ -8127,9 +8302,7 @@ async function runRipgrep(args, cwd, signal) {
 			stdoutBytes += slice.length;
 			if (chunk.length > room) {
 				truncated = true;
-				if (child.pid && !child.killed) try {
-					child.kill("SIGTERM");
-				} catch {}
+				if (child.pid && !child.killed) killChildTree(child);
 			}
 		});
 		child.stderr?.setEncoding("utf8");
@@ -8984,7 +9157,7 @@ async function createWorktree(workspaceAbs, opts) {
 				"HEAD"
 			])).stdout;
 		} catch {}
-		const lineCount = stat$1.split("\n").filter((l) => l.length > 0).length;
+		const lineCount = stat$1.split(/\r?\n/).filter((l) => l.length > 0).length;
 		return `[diff truncated at 256KB; ${Math.max(0, lineCount - 1)} files changed]\n${stat$1}`;
 	};
 	return {
@@ -10948,7 +11121,7 @@ function initProxyFromEnv() {
 //#endregion
 //#region package.json
 var name = "github-router";
-var version = "0.3.36";
+var version = "0.3.38";
 
 //#endregion
 //#region src/lib/approval.ts
@@ -11365,7 +11538,7 @@ async function handleCompletion$1(c) {
 		return c.json(response);
 	}
 	const iterator = response[Symbol.asyncIterator]();
-	const firstResult = await iterator.next();
+	const firstResult = await readIteratorWithTimeout(iterator, UPSTREAM_INACTIVITY_TIMEOUT_MS);
 	if (firstResult.done) consola.warn(`Upstream /chat/completions returned an empty stream at ${c.req.path}`);
 	let pendingFirstChunk = firstResult.done ? void 0 : firstResult.value;
 	let upstreamFinished = firstResult.done;
@@ -11405,7 +11578,7 @@ async function handleCompletion$1(c) {
 				return;
 			}
 			try {
-				const result = await iterator.next();
+				const result = await readIteratorWithTimeout(iterator, UPSTREAM_INACTIVITY_TIMEOUT_MS);
 				if (consumerCancelled) {
 					safeClose(controller);
 					return;
@@ -11726,22 +11899,6 @@ function sanitizeAnthropicBody(rawBody) {
 	return JSON.stringify(parsed);
 }
 
-//#endregion
-//#region src/lib/diagnose-response.ts
-const PREVIEW_LIMIT = 200;
-async function parseJsonOrDiagnose(response, routePath) {
-	const cloned = response.clone();
-	try {
-		return await response.json();
-	} catch (error) {
-		const contentType = response.headers.get("content-type") ?? "(none)";
-		const bodyText = await cloned.text().catch(() => "(unreadable)");
-		const preview = bodyText.length > PREVIEW_LIMIT ? bodyText.slice(0, PREVIEW_LIMIT) + "...(truncated)" : bodyText;
-		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..${PREVIEW_LIMIT}]=${JSON.stringify(preview)}`);
-		throw error;
-	}
-}
-
 //#endregion
 //#region src/routes/messages/count-tokens-handler.ts
 const isWebSearchTool$1 = (tool) => typeof tool.type === "string" && tool.type.startsWith("web_search") || tool.name === "web_search";
@@ -11912,89 +12069,6 @@ function stripAnthropicOnlyFields$1(body) {
 
 //#endregion
 //#region src/routes/messages/handler.ts
-const NON_STREAMING_BODY_CAP_BYTES = 10 * 1024 * 1024;
-/**
-* Read a Response body with a hard byte cap, then parse as JSON.
-*
-* Falls back to the fast path (response.json()) when Content-Length is
-* present and within the cap, avoiding the streaming-reader overhead for
-* the vast majority of normal responses.
-*
-* When the cap is hit:
-*   - the reader is cancelled to release the upstream socket
-*   - a structured Anthropic-format error is returned to the caller
-*     (the caller wraps it in c.json(), not throws — the client gets a
-*     clean 413 error, not an unhandled-rejection crash)
-*
-* Returns `{ ok: true, value }` on success or `{ ok: false, errorResponse }`
-* on cap exceeded.
-*/
-async function readResponseBodyCapped(response, routePath, capBytes) {
-	const contentLengthHeader = response.headers.get("content-length");
-	const contentLength = contentLengthHeader ? parseInt(contentLengthHeader, 10) : NaN;
-	if (!isNaN(contentLength) && contentLength <= capBytes) return {
-		ok: true,
-		value: await parseJsonOrDiagnose(response, routePath)
-	};
-	const reader = response.body?.getReader();
-	if (!reader) return {
-		ok: true,
-		value: await parseJsonOrDiagnose(response, routePath)
-	};
-	const chunks = [];
-	let totalBytes = 0;
-	let capped = false;
-	try {
-		while (true) {
-			const { done, value } = await reader.read();
-			if (done) break;
-			if (!value) continue;
-			totalBytes += value.byteLength;
-			if (totalBytes > capBytes) {
-				capped = true;
-				try {
-					await reader.cancel("size_cap");
-				} catch {}
-				break;
-			}
-			chunks.push(value);
-		}
-	} catch (err) {
-		if (!capped) consola.warn(`readResponseBodyCapped: read error at ${routePath}:`, err);
-	}
-	if (capped) {
-		consola.warn(`Non-streaming upstream response at ${routePath} exceeded ${capBytes} bytes (10 MiB cap); dropping body to prevent OOM. Check upstream health.`);
-		return {
-			ok: false,
-			status: 502,
-			errorResponse: {
-				type: "error",
-				error: {
-					type: "api_error",
-					message: "Upstream response body exceeded the 10 MiB size cap for non-streaming /v1/messages. The upstream may be misbehaving. Try enabling streaming (stream: true) which handles large responses chunk-by-chunk."
-				}
-			}
-		};
-	}
-	const merged = new Uint8Array(totalBytes);
-	let offset = 0;
-	for (const chunk of chunks) {
-		merged.set(chunk, offset);
-		offset += chunk.byteLength;
-	}
-	const text = new TextDecoder().decode(merged);
-	try {
-		return {
-			ok: true,
-			value: JSON.parse(text)
-		};
-	} catch (err) {
-		const preview = text.slice(0, 200);
-		const contentType = response.headers.get("content-type") ?? "(none)";
-		consola.error(`Upstream JSON parse failed at ${routePath}: status=${response.status} content-type="${contentType}" body[0..200]=${JSON.stringify(preview)}`);
-		throw err;
-	}
-}
 const isWebSearchTool = (tool) => typeof tool.type === "string" && tool.type.startsWith("web_search") || tool.name === "web_search";
 /**
 * Extract whitelisted beta headers from the incoming request to forward
@@ -12134,12 +12208,13 @@ async function handleCompletion(c) {
 	const modelId = resolvedModel ?? originalModel;
 	if (modelId) logEndpointMismatch(modelId, "/v1/messages");
 	const effectiveBetas = applyDefaultBetas(betaHeaders, resolvedModel ?? originalModel);
+	const advisorAborter = advisorEnabled ? new AbortController() : void 0;
 	let response;
 	try {
 		response = await createMessages(resolvedBody, {
 			...selectedModel?.requestHeaders,
 			...effectiveBetas
-		});
+		}, advisorAborter?.signal);
 	} catch (error) {
 		if (error instanceof HTTPError) {
 			const errorBody = await error.response.clone().text().catch(() => "");
@@ -12197,7 +12272,8 @@ async function handleCompletion(c) {
 				requestHeaders: {
 					...selectedModel?.requestHeaders,
 					...effectiveBetas
-				}
+				},
+				externalAborter: advisorAborter
 			}), {
 				status: response.status,
 				headers: streamHeaders
@@ -12208,7 +12284,7 @@ async function handleCompletion(c) {
 			headers: streamHeaders
 		});
 	}
-	const cappedResult = await readResponseBodyCapped(response, c.req.path, NON_STREAMING_BODY_CAP_BYTES);
+	const cappedResult = await readResponseBodyCapped(response, c.req.path, MAX_RESPONSE_BODY_BYTES);
 	if (!cappedResult.ok) return c.json(cappedResult.errorResponse, cappedResult.status);
 	const responseBody = cappedResult.value;
 	logRequest({
@@ -12561,7 +12637,7 @@ async function handleResponses(c) {
 	let firstChunk;
 	let upstreamFinished = false;
 	while (true) {
-		const r = await iterator.next();
+		const r = await readIteratorWithTimeout(iterator, UPSTREAM_INACTIVITY_TIMEOUT_MS);
 		if (r.done) {
 			upstreamFinished = true;
 			break;
@@ -12613,7 +12689,7 @@ async function handleResponses(c) {
 				return;
 			}
 			try {
-				const result = await iterator.next();
+				const result = await readIteratorWithTimeout(iterator, UPSTREAM_INACTIVITY_TIMEOUT_MS);
 				if (consumerCancelled) {
 					safeClose(controller);
 					return;
@@ -12722,11 +12798,14 @@ async function handleResponsesCompact(c) {
 	if (!state.copilotToken) throw new Error("Copilot token not found");
 	if (state.manualApprove) await awaitApproval();
 	const body = await c.req.json();
-	const response = await fetch(`${copilotBaseUrl(state)}/responses/compact`, {
+	const compactUrl = `${copilotBaseUrl(state)}/responses/compact`;
+	const doFetch = () => fetch(compactUrl, {
 		method: "POST",
 		headers: copilotHeaders(state),
-		body: JSON.stringify(body)
+		body: JSON.stringify(body),
+		signal: AbortSignal.timeout(UPSTREAM_FETCH_TIMEOUT_MS || 3e5)
 	});
+	const response = await tryRefreshAndRetry(doFetch, "/responses/compact");
 	if (response.ok) {
 		logRequest({
 			method: "POST",
@@ -12737,6 +12816,7 @@ async function handleResponsesCompact(c) {
 	}
 	if (response.status === 404) {
 		consola.debug("Copilot API does not support /responses/compact, using synthetic compaction");
+		await response.body?.cancel().catch(() => {});
 		return await syntheticCompact(c, body, startTime);
 	}
 	logRequest({