github-router 0.3.74 → 0.3.87

package/README.md

@@ -100,7 +100,7 @@ For codex-side write capability (a `codex-implementer` persona that can mutate f
 
 ### Code search (`mcp__search__code`)
 
-Alongside the peer reviewers, the same MCP surface exposes a `code` tool (under the `search` server — `mcp__search__code`) — fast structured code search over the workspace, ranked by **BM25F** (Robertson, Zaragoza, Taylor 2004) over four code-aware fields: matched line, surrounding context, file path tokens, and a symbol-definition heuristic. On top of that, the top hits get a tree-sitter pass that promotes true identifier-definition sites over incidental string matches; depth is controlled by the optional `structural` argument (`"full"` parses the top 50 hits, `"topN"` parses the top 10 for tighter latency on big repos). A single `notice` field surfaces in the response on the rare occasions an actionable degradation fires — the structural pass overran its 200ms wall-clock budget, or the response hit the 256KB size cap and was truncated; the message text tells the model what to retry. Defaults to a "ranked" mode with shoulder pruning so models get the few right answers, not a flood of substring matches. `literal` and `regex` modes are also available for exact searches; single-identifier queries in `ranked`/`literal` mode auto-expand across camelCase / snake_case / kebab-case skeletons so `getUserName` also matches `get_user_name`.
+Alongside the peer reviewers, the same MCP surface exposes a `code` tool (under the `search` server — `mcp__search__code`) — fast structured code search over the workspace, ranked by **BM25F** (Robertson, Zaragoza, Taylor 2004) over four code-aware fields: matched line, surrounding context, file path tokens, and a symbol-definition heuristic. On top of that, the top hits get a tree-sitter pass that promotes true identifier-definition sites over incidental string matches; depth is controlled by the optional `structural` argument (`"full"` parses the top 50 hits, `"topN"` parses the top 10 for tighter latency on big repos). A single `notice` field surfaces in the response on the rare occasions an actionable degradation fires — the structural pass overran its 200ms wall-clock budget, or the response hit the 256KB size cap and was truncated; the message text tells the model what to retry. Defaults to a semantic mode (`mode: "semantic"`): it ranks by MEANING via ColBERT over a per-workspace index, and transparently falls back to lexical BM25F when that index isn't ready (building / stale / not yet provisioned), labelling the response `source` (`semantic`, `lexical`, or `lexical-fallback`) so a degrade is never silent. The `lexical` mode is the BM25F + tree-sitter path with shoulder pruning (best for exact symbols); `exact` and `regex` force fixed-string / PCRE2 search, and `ast` matches ast-grep structural patterns. Single-identifier queries in the lexical modes auto-expand across camelCase / snake_case / kebab-case skeletons so `getUserName` also matches `get_user_name`. (This one tool absorbs what was previously a separate `semantic_search` tool; ColBERT semantic search is just its default mode.)
 
 `workspace` is any absolute path the proxy process can read — typically the project root or a sub-tree you're working in. The model picks it. There's no allow-set or secret-shape file denylist: the threat model is symmetric since Claude Code already has Read / Bash / Edit tools that reach the same paths, so gating one tool would have been inconsistency rather than defense. Paths in results are returned relative to the workspace, never absolute.
 

package/dist/browser-ext/background.js

@@ -487,12 +487,43 @@ async function extractSnapshotLegacy(tabId, opts) {
       // summary: walk text nodes whose parent is in the viewport; cap
       // at 20 KB. The model sees what a user could read without
       // scrolling. Off-screen content remains reachable via mode:"full".
-      // full: 256 KiB innerText cap (legacy behavior).
+      // full: walk all rendered text nodes; cap at 256 KiB.
       let text = ""
       if (mode === "full") {
+        // Mirror of collectVisibleText(root, cap, "rendered") in
+        // src/browser-ext/visible-text.js — executeScript serializes only
+        // this func and drops its module closure, so it cannot import that
+        // helper; keep the two in sync by hand. We walk text nodes and join
+        // with "\n" instead of using document.body.innerText, which glues
+        // adjacent inline siblings with no separator
+        // (<span>A</span><span>B</span> -> "AB" instead of "A\nB").
         const MAX_FULL = 256 * 1024
-        text = document.body ? document.body.innerText : ""
-        if (text.length > MAX_FULL) text = text.slice(0, MAX_FULL)
+        const parts = []
+        let total = 0
+        const root = document.body || document.documentElement
+        if (root) {
+          const tw = document.createTreeWalker(root, 4) // NodeFilter.SHOW_TEXT === 4
+          let n
+          while ((n = tw.nextNode())) {
+            const parent = n.parentElement
+            if (!parent) continue
+            const ptag = parent.tagName ? parent.tagName.toLowerCase() : ""
+            if (ptag === "script" || ptag === "style" || ptag === "noscript") continue
+            // display:none / detached parents report zero client rects;
+            // off-screen (scrolled-out) parents still report rects, so full
+            // mode keeps them — matching innerText's "rendered text" intent.
+            if (parent.getClientRects().length === 0) continue
+            const t = (n.textContent || "").replace(/\s+/g, " ").trim()
+            if (!t) continue
+            if (total + t.length + 1 > MAX_FULL) {
+              parts.push(t.slice(0, Math.max(0, MAX_FULL - total)))
+              break
+            }
+            parts.push(t)
+            total += t.length + 1
+          }
+        }
+        text = parts.join("\n")
       } else {
         const TEXT_CAP = 20 * 1024
         const parts = []

package/dist/browser-ext/manifest.json

@@ -2,7 +2,7 @@
   "manifest_version": 3,
   "name": "github-router browser bridge",
   "short_name": "gh-router-browser",
-  "version": "0.3.74",
+  "version": "0.3.87",
   "description": "Bridge between Claude (via github-router /mcp) and the browser. Implements tab control, navigation, clicks, form fill, downloads, screenshots, devtools eval. Blocks navigation to chrome://settings.",
   "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJElxuBlonBS3TVW9FJN0mGTtShB3L1hoaYf6k39SOr1ogGYmF90EjRxy1i21k9wQQjPf26bcBu/9X67KrQjQV0uB38CaNukgiSeoLjfptN811u+PJHx6BP+jx3Qa6/3VenNPxHC8WEU0GXql8QSjIHEyCwKb6fMASXOK94JyB5Ywov2x8mt/+9ncqBBBMVzf6r5Sagy4PL1XnryLsuADD/vOEkPet8wXgH/Oj7v5tTsQQZ7U1JT51PoDs2BFnXc5v3TkVgZwd32k3ONh+nkDw1Hof+4zwUGOyJE6eMrlYzRlKM4Qxdf9JpavQvqfieAbTRWcyKeclnHeoIfE7cDBQIDAQAB",
   "background": {

package/dist/browser-ext/snapshot-cdp.js

@@ -18,6 +18,8 @@
 // fails (enterprise DeveloperToolsAvailability=2, DevTools already
 // open on the tab, etc.).
 
+import { buildVisibleTextExpr } from "./visible-text.js"
+
 const ELEMENT_CAP = 500            // total elements across all frames
 const PER_FRAME_CAP = 200          // per-frame element cap
 const TEXT_CAP = 32 * 1024         // viewport-visible text cap
@@ -89,7 +91,7 @@ export async function extractSnapshotCDP(tabId, opts, deps) {
     const elements = []
     const refCounter = { next: 1 }
     const usedRefs = new Set()
-    const diag = { frames: frames.length, axNodes: 0, interesting: 0, resolved: 0, withRef: 0 }
+    const diag = { frames: frames.length, axNodes: 0, interesting: 0, resolved: 0, withRef: 0, textFramesSkipped: 0 }
     for (const frame of frames) {
       if (timedOut) break
       if (elements.length >= ELEMENT_CAP) {
@@ -119,7 +121,7 @@ export async function extractSnapshotCDP(tabId, opts, deps) {
         // attach already succeeded so an enable failure is rare.
       }
     }
-    const text = await extractVisibleText(tabId, sendCommand).catch(() => "")
+    const text = await extractVisibleText(tabId, frames, sendCommand, diag, () => timedOut).catch(() => "")
     const truncatedText = text.length >= TEXT_CAP
     const visualSurfaces = await extractVisualSurfaces(tabId, sendCommand).catch(() => [])
     const out = {
@@ -368,40 +370,71 @@ function attrFromList(attrList, name) {
   return undefined
 }
 
-async function extractVisibleText(tabId, sendCommand) {
-  // Single Runtime.evaluate call into the page's main world to grab
-  // viewport-visible text. Same logic as the legacy extractor.
-  const expr = `
-    (function() {
-      const out = [];
-      let total = 0;
-      const CAP = ${TEXT_CAP};
-      const root = document.body || document.documentElement;
-      if (!root) return "";
-      const tw = document.createTreeWalker(root, 4);
-      const vp = { w: window.innerWidth, h: window.innerHeight };
-      function inV(r) { return r.bottom > 0 && r.right > 0 && r.top < vp.h && r.left < vp.w; }
-      let n;
-      while ((n = tw.nextNode())) {
-        const p = n.parentElement;
-        if (!p) continue;
-        const t = p.tagName ? p.tagName.toLowerCase() : "";
-        if (t === "script" || t === "style" || t === "noscript") continue;
-        const r = p.getBoundingClientRect();
-        if (!inV(r)) continue;
-        const s = (n.textContent || "").replace(/\\s+/g, " ").trim();
-        if (!s) continue;
-        if (total + s.length + 1 > CAP) { out.push(s.slice(0, Math.max(0, CAP - total))); break; }
-        out.push(s);
-        total += s.length + 1;
-      }
-      return out.join("\\n");
-    })()
-  `
-  const res = await sendCommand(tabId, "Runtime.evaluate", {
-    expression: expr,
-    returnByValue: true,
-  })
+async function extractVisibleText(tabId, frames, sendCommand, diag, isTimedOut) {
+  // Per-frame visible text. The old implementation ran a single
+  // Runtime.evaluate in the top frame's default context, so text inside
+  // child frames (same-origin app frames, embedded widgets) was invisible
+  // even though the element extractor already pierces frames. We now run the
+  // shared collectVisibleText expression in EACH frame: the top frame in its
+  // default context, child frames in a per-frame isolated world (Runtime
+  // .evaluate has no frameId — Page.createIsolatedWorld({frameId}) is the
+  // CDP-blessed way to get an executionContextId for a specific frame).
+  //
+  // Per-frame failures are non-fatal (cross-process OOPIFs may refuse
+  // createIsolatedWorld; we count them in diag and keep the rest) — mirroring
+  // the element loop's best-effort cross-origin handling. The merged result
+  // is bounded by the same global TEXT_CAP.
+  //
+  // Caveat: a child frame's "viewport" gate is the FRAME's own viewport
+  // (window/getBoundingClientRect are frame-local), not the top-page viewport,
+  // so a frame scrolled out of the top viewport can still contribute text.
+  // Gating on top-viewport visibility needs the owner-iframe rect in top
+  // coordinates (the deferred per-frame bbox transform). Bounded here by
+  // processing the top frame first and the global TEXT_CAP.
+  const parts = []
+  let total = 0
+  for (let i = 0; i < frames.length; i++) {
+    if (total >= TEXT_CAP) break
+    if (typeof isTimedOut === "function" && isTimedOut()) break
+    const frame = frames[i]
+    const isTopFrame = i === 0
+    // Ask each frame only for the budget still remaining so a later frame
+    // can't serialize text we'd immediately discard.
+    const expr = buildVisibleTextExpr("viewport", TEXT_CAP - total)
+    let frameText = ""
+    try {
+      frameText = await evaluateTextInFrame(tabId, frame, isTopFrame, expr, sendCommand)
+    } catch {
+      if (diag) diag.textFramesSkipped = (diag.textFramesSkipped || 0) + 1
+      continue
+    }
+    if (!frameText) continue
+    parts.push(frameText)
+    total += frameText.length + 1
+  }
+  const joined = parts.join("\n")
+  return joined.length > TEXT_CAP ? joined.slice(0, TEXT_CAP) : joined
+}
+
+/**
+ * Run the visible-text expression in one frame. The top frame uses the
+ * attachment's default execution context; a child frame needs an isolated
+ * world minted for its frameId. Returns "" when no context could be obtained
+ * (e.g. a cross-process frame that refuses createIsolatedWorld) — the caller
+ * treats a throw as a skipped frame, but a missing context degrades quietly.
+ */
+async function evaluateTextInFrame(tabId, frame, isTopFrame, expr, sendCommand) {
+  const params = { expression: expr, returnByValue: true }
+  if (!isTopFrame) {
+    const world = await sendCommand(tabId, "Page.createIsolatedWorld", {
+      frameId: frame.frameId,
+      worldName: "gh_router_text",
+    })
+    const contextId = world && world.executionContextId
+    if (!contextId) return ""
+    params.contextId = contextId
+  }
+  const res = await sendCommand(tabId, "Runtime.evaluate", params)
   return res?.result?.value ?? ""
 }
 

package/dist/browser-ext/visible-text.js

@@ -0,0 +1,102 @@
+// visible-text.js — the canonical visible-text walk shared by both snapshot
+// extractors.
+//
+// It runs in TWO execution contexts:
+//   1. Serialized via Function.prototype.toString() into a CDP
+//      `Runtime.evaluate` expression (snapshot-cdp.js, the primary path) and
+//      run PER FRAME, including same-process child frames the old top-frame-
+//      only evaluate missed.
+//   2. Mirrored inline inside the legacy `executeScript({func})` extractor
+//      (background.js). `chrome.scripting.executeScript` serializes ONLY the
+//      given function and drops its module closure, so that copy cannot
+//      `import` this one — it is kept in sync by hand (see the comment there).
+//
+// Why a TreeWalker join instead of `element.innerText`: `innerText` glues
+// adjacent inline siblings with no separator — `<span>Item-757</span>` +
+// `<span>ITM_a209f4</span>` collapses to the unreadable "Item-757ITM_a209f4".
+// Walking text nodes and joining with "\n" keeps distinct fields separable for
+// the model.
+//
+// Authored in plain ES5 (no arrow / spread / optional-chaining / template
+// literals) so its `.toString()` source is self-contained and survives
+// bundling intact for in-page injection — a transpiler helper reference in the
+// emitted source would break the serialized expression. For the same reason
+// the function closes over NOTHING from module scope (constants are inlined):
+// `.toString()` captures only the function body, not module-level bindings.
+
+/**
+ * Collect viewport- or render-visible text from `root`, joining text nodes
+ * with "\n" and capping the result at `cap` UTF-16 code units.
+ *
+ * `mode` selects the per-node visibility gate:
+ *   - "viewport"  : keep nodes whose parent rect intersects the frame's
+ *                   viewport (what a user sees without scrolling). Needs a
+ *                   live `window` + layout.
+ *   - "rendered"  : keep nodes whose parent has >=1 client rect (i.e. not
+ *                   display:none / detached); off-screen content IS kept.
+ *                   Used by the "full" snapshot mode.
+ *   - anything else (e.g. "none"): no visibility gate — keep every non-
+ *                   script/style text node. Used by unit tests so the walk is
+ *                   exercisable without a layout engine.
+ *
+ * Pure and dependency-free. `script` / `style` / `noscript` text is always
+ * dropped. Returns "" for a missing root / document.
+ */
+export function collectVisibleText(root, cap, mode) {
+  if (!root) return ""
+  var doc = root.ownerDocument || (typeof document !== "undefined" ? document : null)
+  if (!doc || typeof doc.createTreeWalker !== "function") return ""
+  var tw = doc.createTreeWalker(root, 4) // NodeFilter.SHOW_TEXT — inlined (see header)
+  var out = []
+  var total = 0
+  var n
+  while ((n = tw.nextNode())) {
+    var p = n.parentElement
+    if (!p) continue
+    var tag = p.tagName ? String(p.tagName).toLowerCase() : ""
+    if (tag === "script" || tag === "style" || tag === "noscript") continue
+    if (mode === "viewport") {
+      var r = p.getBoundingClientRect()
+      if (!(r.bottom > 0 && r.right > 0 && r.top < window.innerHeight && r.left < window.innerWidth)) {
+        continue
+      }
+    } else if (mode === "rendered") {
+      // display:none / detached parents report zero client rects; off-screen
+      // (scrolled-out) parents still report rects, so full mode keeps them.
+      // NB: `visibility:hidden` text IS kept (it retains layout boxes) — this
+      // matches the "viewport" path's getBoundingClientRect behavior; excluding
+      // it would need a per-node getComputedStyle (style-recalc cost) and would
+      // diverge the two extractors.
+      if (p.getClientRects().length === 0) continue
+    }
+    var s = (n.textContent || "").replace(/\s+/g, " ").trim()
+    if (!s) continue
+    if (total + s.length + 1 > cap) {
+      out.push(s.slice(0, Math.max(0, cap - total)))
+      break
+    }
+    out.push(s)
+    total += s.length + 1
+  }
+  return out.join("\n")
+}
+
+/**
+ * Build the in-page `Runtime.evaluate` expression that runs
+ * `collectVisibleText` against the frame's document. Self-contained: the
+ * function source is inlined via `.toString()` so it needs nothing from the
+ * page or this module at eval time. `cap` is coerced to a number and `mode`
+ * is JSON-encoded so the generated source is always a well-formed literal
+ * (callers pass constants today; this keeps it injection-safe regardless).
+ */
+export function buildVisibleTextExpr(mode, cap) {
+  return (
+    "(" +
+    collectVisibleText.toString() +
+    ")(document.body||document.documentElement," +
+    Number(cap) +
+    "," +
+    JSON.stringify(String(mode)) +
+    ")"
+  )
+}

package/dist/{lifecycle-CQlm3YlF.js → lifecycle-C5fB3ODy.js}

@@ -1,4 +1,4 @@
-import "./paths-yJ97KlKp.js";
-import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, o as sweepStaleWorktreesAtBoot, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-CMPthagV.js";
+import "./paths-DWVKYv16.js";
+import { a as sweepRegistry, i as registerExitHandlers, n as getInstanceUuid, o as sweepStaleWorktreesAtBoot, r as recordWorkerRepo, t as WorktreeRegistry } from "./lifecycle-CHjAPu8u.js";
 
 export { WorktreeRegistry, getInstanceUuid, recordWorkerRepo, registerExitHandlers, sweepRegistry, sweepStaleWorktreesAtBoot };

package/dist/{lifecycle-CMPthagV.js → lifecycle-CHjAPu8u.js}

@@ -1,4 +1,4 @@
-import { l as writeRuntimeFileSecure, t as PATHS } from "./paths-yJ97KlKp.js";
+import { l as writeRuntimeFileSecure, t as PATHS } from "./paths-DWVKYv16.js";
 import { randomBytes, randomUUID } from "node:crypto";
 import fs from "node:fs/promises";
 import path from "node:path";
@@ -307,4 +307,4 @@ async function sweepStaleWorktreesAtBoot() {
 
 //#endregion
 export { sweepRegistry as a, registerExitHandlers as i, getInstanceUuid as n, sweepStaleWorktreesAtBoot as o, recordWorkerRepo as r, WorktreeRegistry as t };
-//# sourceMappingURL=lifecycle-CMPthagV.js.map
+//# sourceMappingURL=lifecycle-CHjAPu8u.js.map

package/dist/{lifecycle-CMPthagV.js.map → lifecycle-CHjAPu8u.js.map}

@@ -1 +1 @@
-{"version":3,"file":"lifecycle-CMPthagV.js","names":["_instanceUuid: string | null","_activeRegistry: WorktreeRegistry | null","_exitHandler: (() => void) | null","_sigintHandler: (() => void) | null","_sigtermHandler: (() => void) | null","raw: string","cleaned: Array<LedgerEntry>","_ledgerChain: Promise<void>","ledger: LedgerFile","names: Array<string>"],"sources":["../src/lib/worker-agent/lifecycle.ts"],"sourcesContent":["/**\n * Lifecycle plumbing for worker worktrees: in-memory registry, signal\n * handlers, ledger of repos touched, and the boot-time PID+instance\n * safety net.\n *\n * Plan: see `plans/we-have-added-a-dreamy-tide.md` (\"Worktree mode\" →\n * \"Cleanup paths\"). Three layers cooperate, none of them sufficient\n * alone:\n *\n *   1. Per-call cleanup (`engine.ts` finally block invoking\n *      `WorktreeHandle.remove()`) — covers the happy path.\n *\n *   2. Session-end signal sweep (this file, registered via\n *      `registerExitHandlers`) — covers Ctrl+C, service-manager stop,\n *      and (in `github-router claude` mode) the spawned child's exit.\n *      Synchronous `execFileSync` is intentional: exit handlers can't\n *      reliably await async work.\n *\n *   3. Boot-time PID+instance sweep (`sweepStaleWorktreesAtBoot`) —\n *      covers SIGKILL, OOM, container restart. Walks the ledger of\n *      repos this proxy has touched and removes worktree dirs whose\n *      `<pid>` is dead OR whose `<instance>` UUID doesn't match the\n *      current proxy's UUID.\n *\n * Ledger writes are ATOMIC (temp + rename) per peer review — a\n * concurrent-RMW corruption would silently strand worktrees because\n * the boot sweep can't find their repo roots.\n */\n\nimport { execFileSync } from \"node:child_process\"\nimport { randomBytes, randomUUID } from \"node:crypto\"\nimport fs from \"node:fs/promises\"\nimport path from \"node:path\"\nimport process from \"node:process\"\n\nimport { PATHS, writeRuntimeFileSecure } from \"../paths\"\n\n/**\n * Same regex worktree.ts uses for its per-call age sweep — kept in\n * sync intentionally. `<pid>-<uuid>-<8hex>` strictly.\n */\nconst WORKTREE_DIR_NAME_RE =\n  /^(\\d+)-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})-([0-9a-f]{8})$/\n\n/**\n * Cap on the ledger: how many repos we remember across boots, and how\n * old an entry may be before it's pruned. Both are belt-and-suspenders\n * — the per-call age sweep is the primary guard against accumulation\n * inside any single repo.\n */\nconst LEDGER_MAX_ENTRIES = 100\nconst LEDGER_MAX_AGE_MS = 30 * 24 * 60 * 60 * 1000\n\nexport interface WorktreeRegistryEntry {\n  repoRoot: string\n  dir: string\n  branch: string\n}\n\n/**\n * Set-like in-memory registry of worktrees this proxy created. Engine\n * passes it to `createWorktree` so per-call cleanup deletes the entry\n * on success; the signal handlers walk what's left at shutdown.\n *\n * Not a bare `Set` because we want to expose only the operations we\n * actually use, and we want a stable testable surface.\n */\nexport class WorktreeRegistry {\n  private readonly entries = new Set<WorktreeRegistryEntry>()\n\n  add(entry: WorktreeRegistryEntry): void {\n    this.entries.add(entry)\n  }\n  delete(entry: WorktreeRegistryEntry): void {\n    this.entries.delete(entry)\n  }\n  has(entry: WorktreeRegistryEntry): boolean {\n    return this.entries.has(entry)\n  }\n  values(): IterableIterator<WorktreeRegistryEntry> {\n    return this.entries.values()\n  }\n  get size(): number {\n    return this.entries.size\n  }\n  clear(): void {\n    this.entries.clear()\n  }\n}\n\n// ---------------------------------------------------------------------\n// Per-launch instance UUID\n// ---------------------------------------------------------------------\n\nlet _instanceUuid: string | null = null\n\n/**\n * Stable UUID4 generated once per proxy process. Used in worktree\n * dir/branch names so the boot sweep can reliably distinguish \"this\n * proxy's still-live worktrees\" from \"stranded dirs from a prior\n * proxy that happens to have a recycled PID\" — Docker PID-1 across\n * container restarts is the classic case (peer-review HIGH finding).\n */\nexport function getInstanceUuid(): string {\n  if (_instanceUuid === null) {\n    _instanceUuid = randomUUID()\n  }\n  return _instanceUuid\n}\n\n/** Test-only: reset the cached UUID. */\nexport function __resetInstanceUuidForTests(): void {\n  _instanceUuid = null\n}\n\n// ---------------------------------------------------------------------\n// Signal handlers + sweepRegistry\n// ---------------------------------------------------------------------\n\nlet _registered = false\nlet _activeRegistry: WorktreeRegistry | null = null\nlet _exitHandler: (() => void) | null = null\nlet _sigintHandler: (() => void) | null = null\nlet _sigtermHandler: (() => void) | null = null\n\n/**\n * Synchronous cleanup of every registry entry. Best-effort:\n * `execFileSync` failures are swallowed (the dir may have been\n * removed already, or git may not be on PATH any more in some\n * environments). After a successful removal we drop the entry from\n * the registry so a second call is a true no-op.\n *\n * Synchronous on purpose — exit handlers can't reliably await async\n * work; the process would die before the promise settled.\n */\nexport function sweepRegistry(): void {\n  if (!_activeRegistry) return\n  // Snapshot the values first so we can mutate the underlying set\n  // during iteration without skipping entries.\n  const snapshot = [..._activeRegistry.values()]\n  for (const entry of snapshot) {\n    try {\n      // `-C entry.repoRoot` is load-bearing: without it git resolves\n      // the worktree path relative to the proxy's cwd (which is the\n      // user's launch dir, typically NOT inside the target repo), and\n      // fails with `fatal: '<path>' is not a working tree`. The E2E\n      // boot-sweep test (worker-agent-boot-sweep.test.ts) is what\n      // caught the missing flag.\n      execFileSync(\n        \"git\",\n        [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", entry.dir],\n        { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n      )\n    } catch {\n      // Already gone, EBUSY, or git not on PATH — best effort.\n    }\n    try {\n      execFileSync(\"git\", [\"-C\", entry.repoRoot, \"branch\", \"-D\", entry.branch], {\n        stdio: \"ignore\",\n        timeout: 5_000,\n        windowsHide: true,\n      })\n    } catch {\n      // Same as above.\n    }\n    _activeRegistry.delete(entry)\n  }\n}\n\n/**\n * Windows ConPTY / node-pty signal behavior:\n *\n * When a ConPTY host (VS Code terminal, Windows Terminal, node-pty) closes\n * the pseudo-console, the ConPTY layer sends CTRL_CLOSE_EVENT to the\n * process group. Node.js translates this into SIGINT (NOT SIGTERM). The\n * process has a ~5-second window before forced termination.\n *\n * Implication: the SIGTERM handler below may NEVER fire in node-pty\n * environments. This is by design — the three-layer cleanup architecture\n * ensures coverage:\n *   1. Per-call cleanup (engine.ts finally block) — happy path\n *   2. SIGINT handler (this file) — ConPTY close, Ctrl+C\n *   3. `exit` handler (this file) — unconditional, fires on any exit\n *   4. Boot-time PID+instance sweep (sweepStaleWorktreesAtBoot) — crash recovery\n *\n * Layers 1+2+3 cover ConPTY; layer 4 covers SIGKILL/OOM/container restart.\n */\n\n/**\n * Wire up SIGINT/SIGTERM/exit handlers that walk the registry and\n * remove every entry. Idempotent: subsequent calls swap the registry\n * pointer but do NOT register additional process listeners (otherwise\n * we'd leak listeners on every `runWorkerAgent`).\n *\n * Signal handlers re-raise the signal after sweeping. Naively running\n * the sweep on SIGINT/SIGTERM and returning would *suppress* the\n * signal: Node defaults to terminating the process on these, but only\n * if no user listener is attached. Once we attach a listener, the\n * default action is cancelled and the process keeps running — which\n * means Ctrl-C would clean worktrees but not actually exit, leaving\n * orphan processes in dev. The `process.kill(pid, sig)` re-raise\n * after removing our own listener restores the default behaviour\n * (the second delivery now hits an empty listener list, so Node\n * terminates with the conventional `128 + signum` exit code).\n */\nexport function registerExitHandlers(registry: WorktreeRegistry): void {\n  _activeRegistry = registry\n  if (_registered) return\n  _registered = true\n  _exitHandler = () => sweepRegistry()\n  _sigintHandler = () => {\n    sweepRegistry()\n    if (_sigintHandler) process.off(\"SIGINT\", _sigintHandler)\n    process.kill(process.pid, \"SIGINT\")\n  }\n  _sigtermHandler = () => {\n    sweepRegistry()\n    if (_sigtermHandler) process.off(\"SIGTERM\", _sigtermHandler)\n    process.kill(process.pid, \"SIGTERM\")\n  }\n  process.on(\"SIGINT\", _sigintHandler)\n  process.on(\"SIGTERM\", _sigtermHandler)\n  // `exit` handlers can only run synchronous code — exactly what\n  // sweepRegistry does. Async work here would never complete.\n  process.on(\"exit\", _exitHandler)\n}\n\n/**\n * Test-only: unregister the handlers and reset module state. Tests\n * that want to verify `registerExitHandlers` semantics must clean up\n * after themselves or future tests in the same process inherit the\n * (now stale) registry pointer.\n */\nexport function __unregisterExitHandlersForTests(): void {\n  if (_sigintHandler) {\n    process.off(\"SIGINT\", _sigintHandler)\n    _sigintHandler = null\n  }\n  if (_sigtermHandler) {\n    process.off(\"SIGTERM\", _sigtermHandler)\n    _sigtermHandler = null\n  }\n  if (_exitHandler) {\n    process.off(\"exit\", _exitHandler)\n    _exitHandler = null\n  }\n  _registered = false\n  _activeRegistry = null\n}\n\n// ---------------------------------------------------------------------\n// Ledger: which repos has this proxy touched?\n// ---------------------------------------------------------------------\n\ninterface LedgerEntry {\n  repoRoot: string\n  lastSeenMs: number\n}\n\ninterface LedgerFile {\n  entries: Array<LedgerEntry>\n}\n\nfunction ledgerPath(): string {\n  return path.join(PATHS.APP_DIR, \"worker-repos.json\")\n}\n\nasync function readLedger(): Promise<LedgerFile> {\n  let raw: string\n  try {\n    raw = await fs.readFile(ledgerPath(), \"utf8\")\n  } catch (err) {\n    if ((err as NodeJS.ErrnoException).code === \"ENOENT\") {\n      return { entries: [] }\n    }\n    return { entries: [] }\n  }\n  try {\n    const parsed = JSON.parse(raw) as Partial<LedgerFile>\n    if (!parsed || !Array.isArray(parsed.entries)) return { entries: [] }\n    const cleaned: Array<LedgerEntry> = []\n    for (const e of parsed.entries) {\n      if (\n        e &&\n        typeof e === \"object\" &&\n        typeof (e as LedgerEntry).repoRoot === \"string\" &&\n        typeof (e as LedgerEntry).lastSeenMs === \"number\"\n      ) {\n        cleaned.push({\n          repoRoot: (e as LedgerEntry).repoRoot,\n          lastSeenMs: (e as LedgerEntry).lastSeenMs,\n        })\n      }\n    }\n    return { entries: cleaned }\n  } catch {\n    // Corrupted JSON — start fresh rather than crashing the proxy.\n    return { entries: [] }\n  }\n}\n\n/**\n * Per-process serializer for ledger writes. Multiple concurrent\n * `recordWorkerRepo` calls (legitimate: several workers may start at\n * once) would otherwise race read-modify-write on the JSON file. Each\n * call chains onto the previous so the on-disk sequence is\n * deterministic from this process's perspective.\n *\n * Cross-process safety is provided by the atomic temp+rename below,\n * which makes the final state of the file always be a well-formed\n * full snapshot from ONE writer — never a partial write or\n * interleaved JSON.\n */\nlet _ledgerChain: Promise<void> = Promise.resolve()\n\n/**\n * Append `repoRoot` to the ledger (or update its `lastSeenMs`).\n * Atomic temp+rename per peer review.\n */\nexport function recordWorkerRepo(repoRoot: string): Promise<void> {\n  const next = _ledgerChain.then(async () => {\n    await fs.mkdir(PATHS.APP_DIR, { recursive: true })\n    const current = await readLedger()\n    // Dedup: drop any existing entry for this root before appending\n    // the fresh one so the array doesn't grow unbounded with repeats.\n    const filtered = current.entries.filter((e) => e.repoRoot !== repoRoot)\n    filtered.push({ repoRoot, lastSeenMs: Date.now() })\n    // Prune by age and cap entry count (newest wins).\n    const now = Date.now()\n    const pruned = filtered\n      .filter((e) => now - e.lastSeenMs < LEDGER_MAX_AGE_MS)\n      .slice(-LEDGER_MAX_ENTRIES)\n    const ledger: LedgerFile = { entries: pruned }\n\n    // Atomic temp+rename. The temp filename is unique per call\n    // (PID + 8 random hex chars) so concurrent processes don't\n    // collide on the temp name; the final `rename` is atomic on\n    // POSIX and on Windows (both with same filesystem).\n    const tmp = `${ledgerPath()}.tmp.${process.pid}.${randomBytes(4).toString(\n      \"hex\",\n    )}`\n    try {\n      await writeRuntimeFileSecure(tmp, JSON.stringify(ledger, null, 2))\n      await fs.rename(tmp, ledgerPath())\n    } catch (err) {\n      // Clean up the temp file if rename failed midway.\n      await fs.unlink(tmp).catch(() => {})\n      throw err\n    }\n  })\n  // Swallow chain-internal errors so one failed write doesn't poison\n  // the chain for every subsequent caller. Each call still sees its\n  // own rejection (we return `next`, not the catch-handler chain).\n  _ledgerChain = next.catch(() => undefined)\n  return next\n}\n\nfunction isPidAlive(pid: number): boolean {\n  if (!Number.isInteger(pid) || pid <= 0) return false\n  try {\n    process.kill(pid, 0)\n    return true\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code\n    // EPERM = process exists but we can't signal it — still alive\n    // for our purposes (we just need to know whether to clean up).\n    if (code === \"EPERM\") return true\n    return false\n  }\n}\n\n/**\n * Boot-time sweep. For every repo we recorded in the ledger,\n * enumerate `<repoRoot>/.git/worker-worktrees/` (the conventional\n * location — for repos already inside a worktree, the actual\n * `git-common-dir` may differ, in which case we'll miss this batch\n * and the per-call age sweep will catch them within 7 days) and\n * remove dirs that aren't owned by THIS proxy.\n *\n * Ownership rule: dir is \"ours\" iff its embedded PID is alive AND\n * its embedded UUID equals `getInstanceUuid()`. Either condition\n * failing → remove.\n */\nexport async function sweepStaleWorktreesAtBoot(): Promise<void> {\n  const ledger = await readLedger()\n  if (ledger.entries.length === 0) return\n  const currentUuid = getInstanceUuid()\n  for (const entry of ledger.entries) {\n    const parent = path.join(entry.repoRoot, \".git\", \"worker-worktrees\")\n    let names: Array<string>\n    try {\n      names = await fs.readdir(parent)\n    } catch {\n      continue\n    }\n    for (const name of names) {\n      const m = WORKTREE_DIR_NAME_RE.exec(name)\n      if (!m) continue\n      const pid = Number.parseInt(m[1], 10)\n      const uuid = m[2]\n      const isOurs = isPidAlive(pid) && uuid === currentUuid\n      if (isOurs) continue\n\n      const fullDir = path.join(parent, name)\n      const branch = `worker/${pid}-${uuid}-${m[3]}`\n      try {\n        // `-C entry.repoRoot` is load-bearing here too — see the\n        // matching comment in `sweepRegistry`. The boot sweep runs\n        // BEFORE any worker tool has set cwd, so the proxy's cwd is\n        // the user's launch dir, which is almost never inside the\n        // target repo.\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", fullDir],\n          { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"branch\", \"-D\", branch],\n          { stdio: \"ignore\", timeout: 5_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        await fs.rm(fullDir, { recursive: true, force: true })\n      } catch {\n        // ignore — git may have removed it already\n      }\n    }\n  }\n}\n\n/** Test-only: clear the ledger file (does NOT remove on-disk worktrees). */\nexport async function __clearLedgerForTests(): Promise<void> {\n  await fs.unlink(ledgerPath()).catch(() => {})\n}\n\n/** Test-only: read the ledger as a plain array (no side effects). */\nexport async function __readLedgerForTests(): Promise<Array<LedgerEntry>> {\n  return (await readLedger()).entries\n}\n"],"mappings":";;;;;;;;;;;;AAyCA,MAAM,uBACJ;;;;;;;AAQF,MAAM,qBAAqB;AAC3B,MAAM,oBAAoB,MAAU,KAAK,KAAK;;;;;;;;;AAgB9C,IAAa,mBAAb,MAA8B;CAC5B,AAAiB,0BAAU,IAAI,KAA4B;CAE3D,IAAI,OAAoC;AACtC,OAAK,QAAQ,IAAI,MAAM;;CAEzB,OAAO,OAAoC;AACzC,OAAK,QAAQ,OAAO,MAAM;;CAE5B,IAAI,OAAuC;AACzC,SAAO,KAAK,QAAQ,IAAI,MAAM;;CAEhC,SAAkD;AAChD,SAAO,KAAK,QAAQ,QAAQ;;CAE9B,IAAI,OAAe;AACjB,SAAO,KAAK,QAAQ;;CAEtB,QAAc;AACZ,OAAK,QAAQ,OAAO;;;AAQxB,IAAIA,gBAA+B;;;;;;;;AASnC,SAAgB,kBAA0B;AACxC,KAAI,kBAAkB,KACpB,iBAAgB,YAAY;AAE9B,QAAO;;AAYT,IAAI,cAAc;AAClB,IAAIC,kBAA2C;AAC/C,IAAIC,eAAoC;AACxC,IAAIC,iBAAsC;AAC1C,IAAIC,kBAAuC;;;;;;;;;;;AAY3C,SAAgB,gBAAsB;AACpC,KAAI,CAAC,gBAAiB;CAGtB,MAAM,WAAW,CAAC,GAAG,gBAAgB,QAAQ,CAAC;AAC9C,MAAK,MAAM,SAAS,UAAU;AAC5B,MAAI;AAOF,gBACE,OACA;IAAC;IAAM,MAAM;IAAU;IAAY;IAAU;IAAW,MAAM;IAAI,EAClE;IAAE,OAAO;IAAU,SAAS;IAAQ,aAAa;IAAM,CACxD;UACK;AAGR,MAAI;AACF,gBAAa,OAAO;IAAC;IAAM,MAAM;IAAU;IAAU;IAAM,MAAM;IAAO,EAAE;IACxE,OAAO;IACP,SAAS;IACT,aAAa;IACd,CAAC;UACI;AAGR,kBAAgB,OAAO,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCjC,SAAgB,qBAAqB,UAAkC;AACrE,mBAAkB;AAClB,KAAI,YAAa;AACjB,eAAc;AACd,sBAAqB,eAAe;AACpC,wBAAuB;AACrB,iBAAe;AACf,MAAI,eAAgB,SAAQ,IAAI,UAAU,eAAe;AACzD,UAAQ,KAAK,QAAQ,KAAK,SAAS;;AAErC,yBAAwB;AACtB,iBAAe;AACf,MAAI,gBAAiB,SAAQ,IAAI,WAAW,gBAAgB;AAC5D,UAAQ,KAAK,QAAQ,KAAK,UAAU;;AAEtC,SAAQ,GAAG,UAAU,eAAe;AACpC,SAAQ,GAAG,WAAW,gBAAgB;AAGtC,SAAQ,GAAG,QAAQ,aAAa;;AAuClC,SAAS,aAAqB;AAC5B,QAAO,KAAK,KAAK,MAAM,SAAS,oBAAoB;;AAGtD,eAAe,aAAkC;CAC/C,IAAIC;AACJ,KAAI;AACF,QAAM,MAAM,GAAG,SAAS,YAAY,EAAE,OAAO;UACtC,KAAK;AACZ,MAAK,IAA8B,SAAS,SAC1C,QAAO,EAAE,SAAS,EAAE,EAAE;AAExB,SAAO,EAAE,SAAS,EAAE,EAAE;;AAExB,KAAI;EACF,MAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,QAAQ,OAAO,QAAQ,CAAE,QAAO,EAAE,SAAS,EAAE,EAAE;EACrE,MAAMC,UAA8B,EAAE;AACtC,OAAK,MAAM,KAAK,OAAO,QACrB,KACE,KACA,OAAO,MAAM,YACb,OAAQ,EAAkB,aAAa,YACvC,OAAQ,EAAkB,eAAe,SAEzC,SAAQ,KAAK;GACX,UAAW,EAAkB;GAC7B,YAAa,EAAkB;GAChC,CAAC;AAGN,SAAO,EAAE,SAAS,SAAS;SACrB;AAEN,SAAO,EAAE,SAAS,EAAE,EAAE;;;;;;;;;;;;;;;AAgB1B,IAAIC,eAA8B,QAAQ,SAAS;;;;;AAMnD,SAAgB,iBAAiB,UAAiC;CAChE,MAAM,OAAO,aAAa,KAAK,YAAY;AACzC,QAAM,GAAG,MAAM,MAAM,SAAS,EAAE,WAAW,MAAM,CAAC;EAIlD,MAAM,YAHU,MAAM,YAAY,EAGT,QAAQ,QAAQ,MAAM,EAAE,aAAa,SAAS;AACvE,WAAS,KAAK;GAAE;GAAU,YAAY,KAAK,KAAK;GAAE,CAAC;EAEnD,MAAM,MAAM,KAAK,KAAK;EAItB,MAAMC,SAAqB,EAAE,SAHd,SACZ,QAAQ,MAAM,MAAM,EAAE,aAAa,kBAAkB,CACrD,MAAM,CAAC,mBAAmB,EACiB;EAM9C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,QAAQ,IAAI,GAAG,YAAY,EAAE,CAAC,SAC/D,MACD;AACD,MAAI;AACF,SAAM,uBAAuB,KAAK,KAAK,UAAU,QAAQ,MAAM,EAAE,CAAC;AAClE,SAAM,GAAG,OAAO,KAAK,YAAY,CAAC;WAC3B,KAAK;AAEZ,SAAM,GAAG,OAAO,IAAI,CAAC,YAAY,GAAG;AACpC,SAAM;;GAER;AAIF,gBAAe,KAAK,YAAY,OAAU;AAC1C,QAAO;;AAGT,SAAS,WAAW,KAAsB;AACxC,KAAI,CAAC,OAAO,UAAU,IAAI,IAAI,OAAO,EAAG,QAAO;AAC/C,KAAI;AACF,UAAQ,KAAK,KAAK,EAAE;AACpB,SAAO;UACA,KAAK;AAIZ,MAHc,IAA8B,SAG/B,QAAS,QAAO;AAC7B,SAAO;;;;;;;;;;;;;;;AAgBX,eAAsB,4BAA2C;CAC/D,MAAM,SAAS,MAAM,YAAY;AACjC,KAAI,OAAO,QAAQ,WAAW,EAAG;CACjC,MAAM,cAAc,iBAAiB;AACrC,MAAK,MAAM,SAAS,OAAO,SAAS;EAClC,MAAM,SAAS,KAAK,KAAK,MAAM,UAAU,QAAQ,mBAAmB;EACpE,IAAIC;AACJ,MAAI;AACF,WAAQ,MAAM,GAAG,QAAQ,OAAO;UAC1B;AACN;;AAEF,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,IAAI,qBAAqB,KAAK,KAAK;AACzC,OAAI,CAAC,EAAG;GACR,MAAM,MAAM,OAAO,SAAS,EAAE,IAAI,GAAG;GACrC,MAAM,OAAO,EAAE;AAEf,OADe,WAAW,IAAI,IAAI,SAAS,YAC/B;GAEZ,MAAM,UAAU,KAAK,KAAK,QAAQ,KAAK;GACvC,MAAM,SAAS,UAAU,IAAI,GAAG,KAAK,GAAG,EAAE;AAC1C,OAAI;AAMF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAY;KAAU;KAAW;KAAQ,EAChE;KAAE,OAAO;KAAU,SAAS;KAAQ,aAAa;KAAM,CACxD;WACK;AAGR,OAAI;AACF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAU;KAAM;KAAO,EAC9C;KAAE,OAAO;KAAU,SAAS;KAAO,aAAa;KAAM,CACvD;WACK;AAGR,OAAI;AACF,UAAM,GAAG,GAAG,SAAS;KAAE,WAAW;KAAM,OAAO;KAAM,CAAC;WAChD"}
+{"version":3,"file":"lifecycle-CHjAPu8u.js","names":["_instanceUuid: string | null","_activeRegistry: WorktreeRegistry | null","_exitHandler: (() => void) | null","_sigintHandler: (() => void) | null","_sigtermHandler: (() => void) | null","raw: string","cleaned: Array<LedgerEntry>","_ledgerChain: Promise<void>","ledger: LedgerFile","names: Array<string>"],"sources":["../src/lib/worker-agent/lifecycle.ts"],"sourcesContent":["/**\n * Lifecycle plumbing for worker worktrees: in-memory registry, signal\n * handlers, ledger of repos touched, and the boot-time PID+instance\n * safety net.\n *\n * Plan: see `plans/we-have-added-a-dreamy-tide.md` (\"Worktree mode\" →\n * \"Cleanup paths\"). Three layers cooperate, none of them sufficient\n * alone:\n *\n *   1. Per-call cleanup (`engine.ts` finally block invoking\n *      `WorktreeHandle.remove()`) — covers the happy path.\n *\n *   2. Session-end signal sweep (this file, registered via\n *      `registerExitHandlers`) — covers Ctrl+C, service-manager stop,\n *      and (in `github-router claude` mode) the spawned child's exit.\n *      Synchronous `execFileSync` is intentional: exit handlers can't\n *      reliably await async work.\n *\n *   3. Boot-time PID+instance sweep (`sweepStaleWorktreesAtBoot`) —\n *      covers SIGKILL, OOM, container restart. Walks the ledger of\n *      repos this proxy has touched and removes worktree dirs whose\n *      `<pid>` is dead OR whose `<instance>` UUID doesn't match the\n *      current proxy's UUID.\n *\n * Ledger writes are ATOMIC (temp + rename) per peer review — a\n * concurrent-RMW corruption would silently strand worktrees because\n * the boot sweep can't find their repo roots.\n */\n\nimport { execFileSync } from \"node:child_process\"\nimport { randomBytes, randomUUID } from \"node:crypto\"\nimport fs from \"node:fs/promises\"\nimport path from \"node:path\"\nimport process from \"node:process\"\n\nimport { PATHS, writeRuntimeFileSecure } from \"../paths\"\n\n/**\n * Same regex worktree.ts uses for its per-call age sweep — kept in\n * sync intentionally. `<pid>-<uuid>-<8hex>` strictly.\n */\nconst WORKTREE_DIR_NAME_RE =\n  /^(\\d+)-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})-([0-9a-f]{8})$/\n\n/**\n * Cap on the ledger: how many repos we remember across boots, and how\n * old an entry may be before it's pruned. Both are belt-and-suspenders\n * — the per-call age sweep is the primary guard against accumulation\n * inside any single repo.\n */\nconst LEDGER_MAX_ENTRIES = 100\nconst LEDGER_MAX_AGE_MS = 30 * 24 * 60 * 60 * 1000\n\nexport interface WorktreeRegistryEntry {\n  repoRoot: string\n  dir: string\n  branch: string\n}\n\n/**\n * Set-like in-memory registry of worktrees this proxy created. Engine\n * passes it to `createWorktree` so per-call cleanup deletes the entry\n * on success; the signal handlers walk what's left at shutdown.\n *\n * Not a bare `Set` because we want to expose only the operations we\n * actually use, and we want a stable testable surface.\n */\nexport class WorktreeRegistry {\n  private readonly entries = new Set<WorktreeRegistryEntry>()\n\n  add(entry: WorktreeRegistryEntry): void {\n    this.entries.add(entry)\n  }\n  delete(entry: WorktreeRegistryEntry): void {\n    this.entries.delete(entry)\n  }\n  has(entry: WorktreeRegistryEntry): boolean {\n    return this.entries.has(entry)\n  }\n  values(): IterableIterator<WorktreeRegistryEntry> {\n    return this.entries.values()\n  }\n  get size(): number {\n    return this.entries.size\n  }\n  clear(): void {\n    this.entries.clear()\n  }\n}\n\n// ---------------------------------------------------------------------\n// Per-launch instance UUID\n// ---------------------------------------------------------------------\n\nlet _instanceUuid: string | null = null\n\n/**\n * Stable UUID4 generated once per proxy process. Used in worktree\n * dir/branch names so the boot sweep can reliably distinguish \"this\n * proxy's still-live worktrees\" from \"stranded dirs from a prior\n * proxy that happens to have a recycled PID\" — Docker PID-1 across\n * container restarts is the classic case (peer-review HIGH finding).\n */\nexport function getInstanceUuid(): string {\n  if (_instanceUuid === null) {\n    _instanceUuid = randomUUID()\n  }\n  return _instanceUuid\n}\n\n/** Test-only: reset the cached UUID. */\nexport function __resetInstanceUuidForTests(): void {\n  _instanceUuid = null\n}\n\n// ---------------------------------------------------------------------\n// Signal handlers + sweepRegistry\n// ---------------------------------------------------------------------\n\nlet _registered = false\nlet _activeRegistry: WorktreeRegistry | null = null\nlet _exitHandler: (() => void) | null = null\nlet _sigintHandler: (() => void) | null = null\nlet _sigtermHandler: (() => void) | null = null\n\n/**\n * Synchronous cleanup of every registry entry. Best-effort:\n * `execFileSync` failures are swallowed (the dir may have been\n * removed already, or git may not be on PATH any more in some\n * environments). After a successful removal we drop the entry from\n * the registry so a second call is a true no-op.\n *\n * Synchronous on purpose — exit handlers can't reliably await async\n * work; the process would die before the promise settled.\n */\nexport function sweepRegistry(): void {\n  if (!_activeRegistry) return\n  // Snapshot the values first so we can mutate the underlying set\n  // during iteration without skipping entries.\n  const snapshot = [..._activeRegistry.values()]\n  for (const entry of snapshot) {\n    try {\n      // `-C entry.repoRoot` is load-bearing: without it git resolves\n      // the worktree path relative to the proxy's cwd (which is the\n      // user's launch dir, typically NOT inside the target repo), and\n      // fails with `fatal: '<path>' is not a working tree`. The E2E\n      // boot-sweep test (worker-agent-boot-sweep.test.ts) is what\n      // caught the missing flag.\n      execFileSync(\n        \"git\",\n        [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", entry.dir],\n        { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n      )\n    } catch {\n      // Already gone, EBUSY, or git not on PATH — best effort.\n    }\n    try {\n      execFileSync(\"git\", [\"-C\", entry.repoRoot, \"branch\", \"-D\", entry.branch], {\n        stdio: \"ignore\",\n        timeout: 5_000,\n        windowsHide: true,\n      })\n    } catch {\n      // Same as above.\n    }\n    _activeRegistry.delete(entry)\n  }\n}\n\n/**\n * Windows ConPTY / node-pty signal behavior:\n *\n * When a ConPTY host (VS Code terminal, Windows Terminal, node-pty) closes\n * the pseudo-console, the ConPTY layer sends CTRL_CLOSE_EVENT to the\n * process group. Node.js translates this into SIGINT (NOT SIGTERM). The\n * process has a ~5-second window before forced termination.\n *\n * Implication: the SIGTERM handler below may NEVER fire in node-pty\n * environments. This is by design — the three-layer cleanup architecture\n * ensures coverage:\n *   1. Per-call cleanup (engine.ts finally block) — happy path\n *   2. SIGINT handler (this file) — ConPTY close, Ctrl+C\n *   3. `exit` handler (this file) — unconditional, fires on any exit\n *   4. Boot-time PID+instance sweep (sweepStaleWorktreesAtBoot) — crash recovery\n *\n * Layers 1+2+3 cover ConPTY; layer 4 covers SIGKILL/OOM/container restart.\n */\n\n/**\n * Wire up SIGINT/SIGTERM/exit handlers that walk the registry and\n * remove every entry. Idempotent: subsequent calls swap the registry\n * pointer but do NOT register additional process listeners (otherwise\n * we'd leak listeners on every `runWorkerAgent`).\n *\n * Signal handlers re-raise the signal after sweeping. Naively running\n * the sweep on SIGINT/SIGTERM and returning would *suppress* the\n * signal: Node defaults to terminating the process on these, but only\n * if no user listener is attached. Once we attach a listener, the\n * default action is cancelled and the process keeps running — which\n * means Ctrl-C would clean worktrees but not actually exit, leaving\n * orphan processes in dev. The `process.kill(pid, sig)` re-raise\n * after removing our own listener restores the default behaviour\n * (the second delivery now hits an empty listener list, so Node\n * terminates with the conventional `128 + signum` exit code).\n */\nexport function registerExitHandlers(registry: WorktreeRegistry): void {\n  _activeRegistry = registry\n  if (_registered) return\n  _registered = true\n  _exitHandler = () => sweepRegistry()\n  _sigintHandler = () => {\n    sweepRegistry()\n    if (_sigintHandler) process.off(\"SIGINT\", _sigintHandler)\n    process.kill(process.pid, \"SIGINT\")\n  }\n  _sigtermHandler = () => {\n    sweepRegistry()\n    if (_sigtermHandler) process.off(\"SIGTERM\", _sigtermHandler)\n    process.kill(process.pid, \"SIGTERM\")\n  }\n  process.on(\"SIGINT\", _sigintHandler)\n  process.on(\"SIGTERM\", _sigtermHandler)\n  // `exit` handlers can only run synchronous code — exactly what\n  // sweepRegistry does. Async work here would never complete.\n  process.on(\"exit\", _exitHandler)\n}\n\n/**\n * Test-only: unregister the handlers and reset module state. Tests\n * that want to verify `registerExitHandlers` semantics must clean up\n * after themselves or future tests in the same process inherit the\n * (now stale) registry pointer.\n */\nexport function __unregisterExitHandlersForTests(): void {\n  if (_sigintHandler) {\n    process.off(\"SIGINT\", _sigintHandler)\n    _sigintHandler = null\n  }\n  if (_sigtermHandler) {\n    process.off(\"SIGTERM\", _sigtermHandler)\n    _sigtermHandler = null\n  }\n  if (_exitHandler) {\n    process.off(\"exit\", _exitHandler)\n    _exitHandler = null\n  }\n  _registered = false\n  _activeRegistry = null\n}\n\n// ---------------------------------------------------------------------\n// Ledger: which repos has this proxy touched?\n// ---------------------------------------------------------------------\n\ninterface LedgerEntry {\n  repoRoot: string\n  lastSeenMs: number\n}\n\ninterface LedgerFile {\n  entries: Array<LedgerEntry>\n}\n\nfunction ledgerPath(): string {\n  return path.join(PATHS.APP_DIR, \"worker-repos.json\")\n}\n\nasync function readLedger(): Promise<LedgerFile> {\n  let raw: string\n  try {\n    raw = await fs.readFile(ledgerPath(), \"utf8\")\n  } catch (err) {\n    if ((err as NodeJS.ErrnoException).code === \"ENOENT\") {\n      return { entries: [] }\n    }\n    return { entries: [] }\n  }\n  try {\n    const parsed = JSON.parse(raw) as Partial<LedgerFile>\n    if (!parsed || !Array.isArray(parsed.entries)) return { entries: [] }\n    const cleaned: Array<LedgerEntry> = []\n    for (const e of parsed.entries) {\n      if (\n        e &&\n        typeof e === \"object\" &&\n        typeof (e as LedgerEntry).repoRoot === \"string\" &&\n        typeof (e as LedgerEntry).lastSeenMs === \"number\"\n      ) {\n        cleaned.push({\n          repoRoot: (e as LedgerEntry).repoRoot,\n          lastSeenMs: (e as LedgerEntry).lastSeenMs,\n        })\n      }\n    }\n    return { entries: cleaned }\n  } catch {\n    // Corrupted JSON — start fresh rather than crashing the proxy.\n    return { entries: [] }\n  }\n}\n\n/**\n * Per-process serializer for ledger writes. Multiple concurrent\n * `recordWorkerRepo` calls (legitimate: several workers may start at\n * once) would otherwise race read-modify-write on the JSON file. Each\n * call chains onto the previous so the on-disk sequence is\n * deterministic from this process's perspective.\n *\n * Cross-process safety is provided by the atomic temp+rename below,\n * which makes the final state of the file always be a well-formed\n * full snapshot from ONE writer — never a partial write or\n * interleaved JSON.\n */\nlet _ledgerChain: Promise<void> = Promise.resolve()\n\n/**\n * Append `repoRoot` to the ledger (or update its `lastSeenMs`).\n * Atomic temp+rename per peer review.\n */\nexport function recordWorkerRepo(repoRoot: string): Promise<void> {\n  const next = _ledgerChain.then(async () => {\n    await fs.mkdir(PATHS.APP_DIR, { recursive: true })\n    const current = await readLedger()\n    // Dedup: drop any existing entry for this root before appending\n    // the fresh one so the array doesn't grow unbounded with repeats.\n    const filtered = current.entries.filter((e) => e.repoRoot !== repoRoot)\n    filtered.push({ repoRoot, lastSeenMs: Date.now() })\n    // Prune by age and cap entry count (newest wins).\n    const now = Date.now()\n    const pruned = filtered\n      .filter((e) => now - e.lastSeenMs < LEDGER_MAX_AGE_MS)\n      .slice(-LEDGER_MAX_ENTRIES)\n    const ledger: LedgerFile = { entries: pruned }\n\n    // Atomic temp+rename. The temp filename is unique per call\n    // (PID + 8 random hex chars) so concurrent processes don't\n    // collide on the temp name; the final `rename` is atomic on\n    // POSIX and on Windows (both with same filesystem).\n    const tmp = `${ledgerPath()}.tmp.${process.pid}.${randomBytes(4).toString(\n      \"hex\",\n    )}`\n    try {\n      await writeRuntimeFileSecure(tmp, JSON.stringify(ledger, null, 2))\n      await fs.rename(tmp, ledgerPath())\n    } catch (err) {\n      // Clean up the temp file if rename failed midway.\n      await fs.unlink(tmp).catch(() => {})\n      throw err\n    }\n  })\n  // Swallow chain-internal errors so one failed write doesn't poison\n  // the chain for every subsequent caller. Each call still sees its\n  // own rejection (we return `next`, not the catch-handler chain).\n  _ledgerChain = next.catch(() => undefined)\n  return next\n}\n\nfunction isPidAlive(pid: number): boolean {\n  if (!Number.isInteger(pid) || pid <= 0) return false\n  try {\n    process.kill(pid, 0)\n    return true\n  } catch (err) {\n    const code = (err as NodeJS.ErrnoException).code\n    // EPERM = process exists but we can't signal it — still alive\n    // for our purposes (we just need to know whether to clean up).\n    if (code === \"EPERM\") return true\n    return false\n  }\n}\n\n/**\n * Boot-time sweep. For every repo we recorded in the ledger,\n * enumerate `<repoRoot>/.git/worker-worktrees/` (the conventional\n * location — for repos already inside a worktree, the actual\n * `git-common-dir` may differ, in which case we'll miss this batch\n * and the per-call age sweep will catch them within 7 days) and\n * remove dirs that aren't owned by THIS proxy.\n *\n * Ownership rule: dir is \"ours\" iff its embedded PID is alive AND\n * its embedded UUID equals `getInstanceUuid()`. Either condition\n * failing → remove.\n */\nexport async function sweepStaleWorktreesAtBoot(): Promise<void> {\n  const ledger = await readLedger()\n  if (ledger.entries.length === 0) return\n  const currentUuid = getInstanceUuid()\n  for (const entry of ledger.entries) {\n    const parent = path.join(entry.repoRoot, \".git\", \"worker-worktrees\")\n    let names: Array<string>\n    try {\n      names = await fs.readdir(parent)\n    } catch {\n      continue\n    }\n    for (const name of names) {\n      const m = WORKTREE_DIR_NAME_RE.exec(name)\n      if (!m) continue\n      const pid = Number.parseInt(m[1], 10)\n      const uuid = m[2]\n      const isOurs = isPidAlive(pid) && uuid === currentUuid\n      if (isOurs) continue\n\n      const fullDir = path.join(parent, name)\n      const branch = `worker/${pid}-${uuid}-${m[3]}`\n      try {\n        // `-C entry.repoRoot` is load-bearing here too — see the\n        // matching comment in `sweepRegistry`. The boot sweep runs\n        // BEFORE any worker tool has set cwd, so the proxy's cwd is\n        // the user's launch dir, which is almost never inside the\n        // target repo.\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"worktree\", \"remove\", \"--force\", fullDir],\n          { stdio: \"ignore\", timeout: 10_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        execFileSync(\n          \"git\",\n          [\"-C\", entry.repoRoot, \"branch\", \"-D\", branch],\n          { stdio: \"ignore\", timeout: 5_000, windowsHide: true },\n        )\n      } catch {\n        // ignore\n      }\n      try {\n        await fs.rm(fullDir, { recursive: true, force: true })\n      } catch {\n        // ignore — git may have removed it already\n      }\n    }\n  }\n}\n\n/** Test-only: clear the ledger file (does NOT remove on-disk worktrees). */\nexport async function __clearLedgerForTests(): Promise<void> {\n  await fs.unlink(ledgerPath()).catch(() => {})\n}\n\n/** Test-only: read the ledger as a plain array (no side effects). */\nexport async function __readLedgerForTests(): Promise<Array<LedgerEntry>> {\n  return (await readLedger()).entries\n}\n"],"mappings":";;;;;;;;;;;;AAyCA,MAAM,uBACJ;;;;;;;AAQF,MAAM,qBAAqB;AAC3B,MAAM,oBAAoB,MAAU,KAAK,KAAK;;;;;;;;;AAgB9C,IAAa,mBAAb,MAA8B;CAC5B,AAAiB,0BAAU,IAAI,KAA4B;CAE3D,IAAI,OAAoC;AACtC,OAAK,QAAQ,IAAI,MAAM;;CAEzB,OAAO,OAAoC;AACzC,OAAK,QAAQ,OAAO,MAAM;;CAE5B,IAAI,OAAuC;AACzC,SAAO,KAAK,QAAQ,IAAI,MAAM;;CAEhC,SAAkD;AAChD,SAAO,KAAK,QAAQ,QAAQ;;CAE9B,IAAI,OAAe;AACjB,SAAO,KAAK,QAAQ;;CAEtB,QAAc;AACZ,OAAK,QAAQ,OAAO;;;AAQxB,IAAIA,gBAA+B;;;;;;;;AASnC,SAAgB,kBAA0B;AACxC,KAAI,kBAAkB,KACpB,iBAAgB,YAAY;AAE9B,QAAO;;AAYT,IAAI,cAAc;AAClB,IAAIC,kBAA2C;AAC/C,IAAIC,eAAoC;AACxC,IAAIC,iBAAsC;AAC1C,IAAIC,kBAAuC;;;;;;;;;;;AAY3C,SAAgB,gBAAsB;AACpC,KAAI,CAAC,gBAAiB;CAGtB,MAAM,WAAW,CAAC,GAAG,gBAAgB,QAAQ,CAAC;AAC9C,MAAK,MAAM,SAAS,UAAU;AAC5B,MAAI;AAOF,gBACE,OACA;IAAC;IAAM,MAAM;IAAU;IAAY;IAAU;IAAW,MAAM;IAAI,EAClE;IAAE,OAAO;IAAU,SAAS;IAAQ,aAAa;IAAM,CACxD;UACK;AAGR,MAAI;AACF,gBAAa,OAAO;IAAC;IAAM,MAAM;IAAU;IAAU;IAAM,MAAM;IAAO,EAAE;IACxE,OAAO;IACP,SAAS;IACT,aAAa;IACd,CAAC;UACI;AAGR,kBAAgB,OAAO,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAwCjC,SAAgB,qBAAqB,UAAkC;AACrE,mBAAkB;AAClB,KAAI,YAAa;AACjB,eAAc;AACd,sBAAqB,eAAe;AACpC,wBAAuB;AACrB,iBAAe;AACf,MAAI,eAAgB,SAAQ,IAAI,UAAU,eAAe;AACzD,UAAQ,KAAK,QAAQ,KAAK,SAAS;;AAErC,yBAAwB;AACtB,iBAAe;AACf,MAAI,gBAAiB,SAAQ,IAAI,WAAW,gBAAgB;AAC5D,UAAQ,KAAK,QAAQ,KAAK,UAAU;;AAEtC,SAAQ,GAAG,UAAU,eAAe;AACpC,SAAQ,GAAG,WAAW,gBAAgB;AAGtC,SAAQ,GAAG,QAAQ,aAAa;;AAuClC,SAAS,aAAqB;AAC5B,QAAO,KAAK,KAAK,MAAM,SAAS,oBAAoB;;AAGtD,eAAe,aAAkC;CAC/C,IAAIC;AACJ,KAAI;AACF,QAAM,MAAM,GAAG,SAAS,YAAY,EAAE,OAAO;UACtC,KAAK;AACZ,MAAK,IAA8B,SAAS,SAC1C,QAAO,EAAE,SAAS,EAAE,EAAE;AAExB,SAAO,EAAE,SAAS,EAAE,EAAE;;AAExB,KAAI;EACF,MAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,MAAI,CAAC,UAAU,CAAC,MAAM,QAAQ,OAAO,QAAQ,CAAE,QAAO,EAAE,SAAS,EAAE,EAAE;EACrE,MAAMC,UAA8B,EAAE;AACtC,OAAK,MAAM,KAAK,OAAO,QACrB,KACE,KACA,OAAO,MAAM,YACb,OAAQ,EAAkB,aAAa,YACvC,OAAQ,EAAkB,eAAe,SAEzC,SAAQ,KAAK;GACX,UAAW,EAAkB;GAC7B,YAAa,EAAkB;GAChC,CAAC;AAGN,SAAO,EAAE,SAAS,SAAS;SACrB;AAEN,SAAO,EAAE,SAAS,EAAE,EAAE;;;;;;;;;;;;;;;AAgB1B,IAAIC,eAA8B,QAAQ,SAAS;;;;;AAMnD,SAAgB,iBAAiB,UAAiC;CAChE,MAAM,OAAO,aAAa,KAAK,YAAY;AACzC,QAAM,GAAG,MAAM,MAAM,SAAS,EAAE,WAAW,MAAM,CAAC;EAIlD,MAAM,YAHU,MAAM,YAAY,EAGT,QAAQ,QAAQ,MAAM,EAAE,aAAa,SAAS;AACvE,WAAS,KAAK;GAAE;GAAU,YAAY,KAAK,KAAK;GAAE,CAAC;EAEnD,MAAM,MAAM,KAAK,KAAK;EAItB,MAAMC,SAAqB,EAAE,SAHd,SACZ,QAAQ,MAAM,MAAM,EAAE,aAAa,kBAAkB,CACrD,MAAM,CAAC,mBAAmB,EACiB;EAM9C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,QAAQ,IAAI,GAAG,YAAY,EAAE,CAAC,SAC/D,MACD;AACD,MAAI;AACF,SAAM,uBAAuB,KAAK,KAAK,UAAU,QAAQ,MAAM,EAAE,CAAC;AAClE,SAAM,GAAG,OAAO,KAAK,YAAY,CAAC;WAC3B,KAAK;AAEZ,SAAM,GAAG,OAAO,IAAI,CAAC,YAAY,GAAG;AACpC,SAAM;;GAER;AAIF,gBAAe,KAAK,YAAY,OAAU;AAC1C,QAAO;;AAGT,SAAS,WAAW,KAAsB;AACxC,KAAI,CAAC,OAAO,UAAU,IAAI,IAAI,OAAO,EAAG,QAAO;AAC/C,KAAI;AACF,UAAQ,KAAK,KAAK,EAAE;AACpB,SAAO;UACA,KAAK;AAIZ,MAHc,IAA8B,SAG/B,QAAS,QAAO;AAC7B,SAAO;;;;;;;;;;;;;;;AAgBX,eAAsB,4BAA2C;CAC/D,MAAM,SAAS,MAAM,YAAY;AACjC,KAAI,OAAO,QAAQ,WAAW,EAAG;CACjC,MAAM,cAAc,iBAAiB;AACrC,MAAK,MAAM,SAAS,OAAO,SAAS;EAClC,MAAM,SAAS,KAAK,KAAK,MAAM,UAAU,QAAQ,mBAAmB;EACpE,IAAIC;AACJ,MAAI;AACF,WAAQ,MAAM,GAAG,QAAQ,OAAO;UAC1B;AACN;;AAEF,OAAK,MAAM,QAAQ,OAAO;GACxB,MAAM,IAAI,qBAAqB,KAAK,KAAK;AACzC,OAAI,CAAC,EAAG;GACR,MAAM,MAAM,OAAO,SAAS,EAAE,IAAI,GAAG;GACrC,MAAM,OAAO,EAAE;AAEf,OADe,WAAW,IAAI,IAAI,SAAS,YAC/B;GAEZ,MAAM,UAAU,KAAK,KAAK,QAAQ,KAAK;GACvC,MAAM,SAAS,UAAU,IAAI,GAAG,KAAK,GAAG,EAAE;AAC1C,OAAI;AAMF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAY;KAAU;KAAW;KAAQ,EAChE;KAAE,OAAO;KAAU,SAAS;KAAQ,aAAa;KAAM,CACxD;WACK;AAGR,OAAI;AACF,iBACE,OACA;KAAC;KAAM,MAAM;KAAU;KAAU;KAAM;KAAO,EAC9C;KAAE,OAAO;KAAU,SAAS;KAAO,aAAa;KAAM,CACvD;WACK;AAGR,OAAI;AACF,UAAM,GAAG,GAAG,SAAS;KAAE,WAAW;KAAM,OAAO;KAAM,CAAC;WAChD"}

package/dist/{lifecycle-yaqqtsV1.js → lifecycle-CTLlFU45.js}

@@ -1,4 +1,4 @@
-import { t as PATHS } from "./paths-yJ97KlKp.js";
+import { t as PATHS } from "./paths-DWVKYv16.js";
 import { randomUUID } from "node:crypto";
 import fs from "node:fs/promises";
 import path from "node:path";
@@ -251,24 +251,58 @@ function runManagedExeCapture(command, args, opts = {}) {
 		const STDERR_CAP = 64 * 1024;
 		let timedOut = false;
 		let stdoutTruncated = false;
+		let stalled = false;
 		let settled = false;
-		const killNow = () => killManagedTree(child, isWin);
-		const timer = opts.timeoutMs ? setTimeout(() => {
-			timedOut = true;
-			killNow();
-		}, opts.timeoutMs) : void 0;
+		let terminated = false;
+		const terminate = (reason) => {
+			if (terminated) return;
+			terminated = true;
+			if (reason === "timeout") timedOut = true;
+			else if (reason === "stall") stalled = true;
+			else stdoutTruncated = true;
+			if (timer) clearTimeout(timer);
+			if (inactivityTimer) clearTimeout(inactivityTimer);
+			killManagedTree(child, isWin);
+		};
+		const timer = opts.timeoutMs ? setTimeout(() => terminate("timeout"), opts.timeoutMs) : void 0;
 		timer?.unref?.();
+		let inactivityTimer;
+		const armInactivity = () => {
+			if (opts.inactivityTimeoutMs === void 0 || settled || terminated) return;
+			inactivityTimer = setTimeout(() => {
+				if (settled) return;
+				let progressing = false;
+				if (opts.onInactivityCheck) try {
+					progressing = opts.onInactivityCheck() === true;
+				} catch {
+					progressing = true;
+				}
+				if (progressing) {
+					armInactivity();
+					return;
+				}
+				terminate("stall");
+			}, opts.inactivityTimeoutMs);
+			inactivityTimer?.unref?.();
+		};
+		const resetInactivity = () => {
+			if (inactivityTimer) clearTimeout(inactivityTimer);
+			armInactivity();
+		};
+		armInactivity();
 		child.stdout?.on("data", (c) => {
+			resetInactivity();
 			if (stdoutTruncated) return;
 			stdoutBytes += c.length;
 			if (opts.maxStdoutBytes !== void 0 && stdoutBytes > opts.maxStdoutBytes) {
 				stdoutTruncated = true;
-				killNow();
+				if (!opts.truncateInsteadOfKill) terminate("truncate");
 				return;
 			}
 			chunks.push(c);
 		});
 		child.stderr?.on("data", (c) => {
+			resetInactivity();
 			if (stderrBytes >= STDERR_CAP) return;
 			const remaining = STDERR_CAP - stderrBytes;
 			const slice = c.length > remaining ? c.subarray(0, remaining) : c;
@@ -281,18 +315,21 @@ function runManagedExeCapture(command, args, opts = {}) {
 			if (settled) return;
 			settled = true;
 			if (timer) clearTimeout(timer);
+			if (inactivityTimer) clearTimeout(inactivityTimer);
 			resolve({
 				stdout: Buffer.concat(chunks).toString("utf8"),
 				stderr: Buffer.concat(stderrChunks).toString("utf8"),
 				code,
 				timedOut,
-				stdoutTruncated
+				stdoutTruncated,
+				stalled
 			});
 		};
 		child.on("error", (err) => {
 			if (settled) return;
 			settled = true;
 			if (timer) clearTimeout(timer);
+			if (inactivityTimer) clearTimeout(inactivityTimer);
 			reject(err);
 		});
 		child.on("close", (code) => finish(code));
@@ -393,6 +430,12 @@ function registerColbertExitHandlers() {
 	process.on("SIGTERM", _sigtermHandler);
 	process.on("exit", _exitHandler);
 }
+/**
+* True iff `pid` names a live process. `process.kill(pid, 0)` probes
+* existence without signalling; `EPERM` means the process exists but is
+* owned by another user (still alive). Exported so the per-query freshness
+* verdict can mirror the boot sweep's liveness check.
+*/
 function isPidAlive(pid) {
 	if (!Number.isInteger(pid) || pid <= 0) return false;
 	try {
@@ -437,6 +480,7 @@ async function sweepStaleColbertMetaAtBoot() {
 		const buildPid = typeof meta.buildPid === "number" ? meta.buildPid : 0;
 		if (buildPid > 0 && isPidAlive(buildPid)) continue;
 		meta.status = "failed";
+		meta.failureClass = "crashed";
 		const tmp = `${file}.${process.pid}.tmp`;
 		try {
 			await fs.writeFile(tmp, JSON.stringify(meta, null, 2));
@@ -448,5 +492,5 @@ async function sweepStaleColbertMetaAtBoot() {
 }
 
 //#endregion
-export { trackChild as a, runCommandCapture as c, sweepStaleColbertMetaAtBoot as i, runCommandVoid as l, registerColbertExitHandlers as n, parseBoolEnv as o, sweepLiveChildren as r, resolveExecutable as s, getColbertInstanceUuid as t, runManagedExeCapture as u };
-//# sourceMappingURL=lifecycle-yaqqtsV1.js.map
+export { sweepStaleColbertMetaAtBoot as a, resolveExecutable as c, runManagedExeCapture as d, sweepLiveChildren as i, runCommandCapture as l, isPidAlive as n, trackChild as o, registerColbertExitHandlers as r, parseBoolEnv as s, getColbertInstanceUuid as t, runCommandVoid as u };
+//# sourceMappingURL=lifecycle-CTLlFU45.js.map