npm - hammoc - Versions diffs - 1.0.4 → 1.1.1 - Mend

hammoc 1.0.4 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/packages/server/dist/handlers/websocket.js CHANGED Viewed

@@ -50,26 +50,12 @@ function triggerDashboardStatusChange(projectSlug) {
 }
 /**
  * Check terminal access for a socket connection.
- * Fail-closed: denies access on any error (e.g., preferences file read failure).
+ * Checks server config (TERMINAL_ENABLED env var) and local IP.
  * Story 17.5: Terminal Security
  */
-async function checkTerminalAccess(socket, lang) {
+function checkTerminalAccess(socket, lang) {
     const t = i18next.getFixedT(lang);
-    try {
-        const terminalEnabled = await preferencesService.getTerminalEnabled();
-        if (!terminalEnabled) {
-            return {
-                allowed: false,
-                error: {
-                    code: TERMINAL_ERRORS.TERMINAL_DISABLED.code,
-                    message: t('ws.error.terminalDisabled'),
-                },
-            };
-        }
-    }
-    catch (err) {
-        // Fail-closed: deny access if preferences read fails
-        log.error('Failed to check terminal enabled state, denying access:', err);
+    if (!preferencesService.getTerminalEnabled()) {
         return {
             allowed: false,
             error: {
@@ -95,6 +81,267 @@ let connectedClients = 0;
 // Primary maps: sessionId → ActiveStream, socketId → sessionId
 const activeStreams = new Map();
 const socketToSession = new Map();
+// Story 24.3: Track which session room each socket joined (for session:leave room management)
+const socketSessionRoom = new Map();
+// Track which project room each socket joined (for leave on session switch)
+const socketProjectRoom = new Map();
+const chainState = new Map();
+// Per-session drain generation counter for race guard
+const chainDrainGeneration = new Map();
+// Sessions that have completed at least one handleChatSend — safe to resume
+const chainResumableSessions = new Set();
+let chainItemCounter = 0;
+const CHAIN_MAX_RETRIES = 3;
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+/** Generate a unique chain item ID */
+function generateChainItemId() {
+    return `chain-${Date.now()}-${++chainItemCounter}`;
+}
+/** Map internal chain item to public PromptChainItem (allow-list of fields) */
+function toPublicChainItem(item) {
+    const pub = { id: item.id, content: item.content, status: item.status, createdAt: item.createdAt };
+    if (item.retryCount !== undefined)
+        pub.retryCount = item.retryCount;
+    return pub;
+}
+/** Broadcast current chain state to all sockets in the session room (strips internal fields) */
+function broadcastChainUpdate(sessionId) {
+    if (!io)
+        return;
+    const internalItems = chainState.get(sessionId) || [];
+    const items = internalItems.map(toPublicChainItem);
+    io.to(`session:${sessionId}`).emit('chain:update', { sessionId, items });
+}
+/** Broadcast chain state including persisted failures from disk */
+function broadcastChainUpdateWithFailures(sessionId) {
+    if (!io)
+        return;
+    withChainFailureLock(sessionId, () => projectService.readChainFailures(sessionId))
+        .then(failures => {
+        // Re-read in-memory state now (may have changed during async disk read)
+        const freshItems = (chainState.get(sessionId) || []).map(toPublicChainItem);
+        io.to(`session:${sessionId}`).emit('chain:update', { sessionId, items: [...freshItems, ...failures] });
+    })
+        .catch((err) => {
+        log.error(`Failed to read chain failures for broadcast (session ${sessionId}):`, err);
+        const freshItems = (chainState.get(sessionId) || []).map(toPublicChainItem);
+        io.to(`session:${sessionId}`).emit('chain:update', { sessionId, items: freshItems });
+    });
+}
+/** Clean up chain state when no active work remains */
+function cleanupChainIfIdle(sessionId) {
+    if (activeStreams.has(sessionId))
+        return;
+    const items = chainState.get(sessionId);
+    // Preserve if pending/sending items remain (drain will handle them)
+    // or failed items remain (disk persistence may have failed — keep in memory until dismissed)
+    if (items && items.some(item => item.status === 'pending' || item.status === 'sending' || item.status === 'failed')) {
+        return;
+    }
+    chainState.delete(sessionId);
+    chainResumableSessions.delete(sessionId);
+    // NOTE: chainDrainGeneration is intentionally NOT deleted here.
+    // Deleting would reset the counter to 0, allowing stale timers from before
+    // cleanup to match a new gen=1 value (ABA problem).
+}
+// Per-session mutex for failure file I/O to prevent read-modify-write races
+const chainFailureLocks = new Map();
+/** Execute a failure file operation under per-session lock */
+function withChainFailureLock(sessionId, fn) {
+    const prev = chainFailureLocks.get(sessionId) || Promise.resolve();
+    const next = prev.then(fn, fn); // run even if previous rejected
+    chainFailureLocks.set(sessionId, next.then(() => { }, () => { }));
+    return next;
+}
+/** Persist a failed chain item to disk so it survives server restarts */
+async function persistChainFailure(sessionId, item) {
+    return withChainFailureLock(sessionId, async () => {
+        const existing = await projectService.readChainFailures(sessionId);
+        existing.push(toPublicChainItem(item));
+        await projectService.writeChainFailures(sessionId, existing);
+    });
+}
+/** Remove a specific failure from disk */
+async function removePersistedFailure(sessionId, itemId) {
+    return withChainFailureLock(sessionId, async () => {
+        const failures = await projectService.readChainFailures(sessionId);
+        if (failures.length === 0)
+            return;
+        const remaining = failures.filter(f => f.id !== itemId);
+        if (remaining.length !== failures.length) {
+            await projectService.writeChainFailures(sessionId, remaining);
+        }
+    });
+}
+/** Clear all persisted failures for a session */
+async function clearPersistedFailures(sessionId) {
+    return withChainFailureLock(sessionId, async () => {
+        await projectService.writeChainFailures(sessionId, []);
+    });
+}
+/** Schedule chain drain after stream completion (1s delay) */
+function scheduleChainDrain(sessionId, lang) {
+    // Increment generation counter to detect stale drains
+    const gen = (chainDrainGeneration.get(sessionId) || 0) + 1;
+    chainDrainGeneration.set(sessionId, gen);
+    log.info(`[CHAIN-DRAIN] scheduleChainDrain called: sessionId=${sessionId}, gen=${gen}, chainItems=${chainState.get(sessionId)?.length ?? 0}, activeStream=${activeStreams.has(sessionId)}`);
+    setTimeout(async () => {
+        // Race guard: if generation changed (manual chat:send started/finished), abort
+        if (chainDrainGeneration.get(sessionId) !== gen) {
+            log.info(`[CHAIN-DRAIN] timer aborted (generation mismatch): sessionId=${sessionId}, expected=${gen}, actual=${chainDrainGeneration.get(sessionId)}`);
+            return;
+        }
+        // Race guard: if another stream is currently active, abort drain
+        if (activeStreams.has(sessionId)) {
+            log.info(`[CHAIN-DRAIN] timer aborted (active stream exists): sessionId=${sessionId}, gen=${gen}`);
+            return;
+        }
+        const items = chainState.get(sessionId);
+        log.info(`[CHAIN-DRAIN] timer fired: sessionId=${sessionId}, gen=${gen}, items=${items?.length ?? 0}, statuses=${JSON.stringify(items?.map(i => ({ id: i.id.slice(0, 8), status: i.status })) ?? [])}`);
+        if (!items || items.length === 0) {
+            cleanupChainIfIdle(sessionId);
+            return;
+        }
+        const nextItem = items.find(item => item.status === 'pending');
+        if (!nextItem) {
+            log.info(`[CHAIN-DRAIN] no pending item found, cleaning up: sessionId=${sessionId}`);
+            cleanupChainIfIdle(sessionId);
+            return;
+        }
+        // Use per-item execution context
+        const { workingDirectory, permissionMode, model } = nextItem;
+        // Mark item as 'sending' and broadcast (must happen before any await to prevent duplicate execution)
+        nextItem.status = 'sending';
+        log.info(`[CHAIN-DRAIN] executing item: sessionId=${sessionId}, itemId=${nextItem.id.slice(0, 8)}, content="${nextItem.content.slice(0, 80)}"`);
+        broadcastChainUpdate(sessionId);
+        const abortController = new AbortController();
+        let stream;
+        try {
+            // Create headless stream inside try — if this throws, sending status is recovered below
+            const headless = createHeadlessStream(sessionId, abortController);
+            stream = headless.stream;
+            log.info(`[CHAIN-DRAIN] headless stream created: sessionId=${sessionId}, socketsInRoom=${stream.sockets.size}`);
+            // Resolve projectSlug async (fire-and-forget) — same pattern as chat:send
+            projectService.findProjectByPath(workingDirectory).then((project) => {
+                if (project && stream.status === 'running' && activeStreams.get(stream.sessionId) === stream) {
+                    sessionProjectMap.set(stream.sessionId, project.projectSlug);
+                    triggerDashboardStatusChange(project.projectSlug);
+                }
+            }).catch((err) => {
+                log.warn(`[CHAIN-DRAIN] failed to resolve projectSlug for dashboard: sessionId=${sessionId}, dir=${workingDirectory}`, err);
+            });
+            emitStreamChange(sessionId, true, sessionProjectMap.get(sessionId) ?? null);
+            const drainSuccess = await handleChatSend(stream, { content: nextItem.content, workingDirectory, sessionId, resume: chainResumableSessions.has(sessionId) || undefined, permissionMode, model }, abortController, lang);
+            if (!drainSuccess)
+                throw new Error('handleChatSend returned false');
+            // Success: mark as 'sent' and remove from chain
+            nextItem.status = 'sent';
+            chainResumableSessions.add(sessionId);
+            log.info(`[CHAIN-DRAIN] item completed successfully: sessionId=${sessionId}, itemId=${nextItem.id.slice(0, 8)}`);
+            const currentItems = chainState.get(sessionId);
+            if (currentItems) {
+                chainState.set(sessionId, currentItems.filter(item => item.id !== nextItem.id));
+            }
+            broadcastChainUpdate(sessionId);
+        }
+        catch (err) {
+            // Check if this was an intentional abort (chain:remove or chain:clear)
+            const isAborted = abortController.signal.aborted;
+            const abortReason = abortController.signal.reason;
+            const isChainCanceled = isAborted && (abortReason === 'chain-item-removed' || abortReason === 'chain-cleared' || abortReason === 'user-abort');
+            if (isChainCanceled) {
+                // User-initiated cancel — remove from chain, no disk record needed.
+                // Mark as 'sent' so the finally safety-net doesn't reset it to 'pending'.
+                nextItem.status = 'sent';
+                const cancelItems = chainState.get(sessionId);
+                if (cancelItems) {
+                    chainState.set(sessionId, cancelItems.filter(item => item.id !== nextItem.id));
+                }
+                log.info(`Chain item ${nextItem.id} canceled (${abortReason}) for session ${sessionId}`);
+            }
+            else {
+                // On error: increment retry count and persist failure if max retries exceeded
+                const retries = (nextItem.retryCount || 0) + 1;
+                nextItem.retryCount = retries;
+                if (retries >= CHAIN_MAX_RETRIES) {
+                    nextItem.status = 'failed';
+                    // Persist to disk, then remove from memory only on success
+                    try {
+                        await persistChainFailure(sessionId, nextItem);
+                        const failItems = chainState.get(sessionId);
+                        if (failItems) {
+                            chainState.set(sessionId, failItems.filter(item => item.id !== nextItem.id));
+                        }
+                    }
+                    catch (persistErr) {
+                        // Disk write failed — keep in memory so it's not lost
+                        log.error(`Failed to persist chain failure for session ${sessionId}:`, persistErr);
+                    }
+                    log.error(`Chain item ${nextItem.id} failed after ${CHAIN_MAX_RETRIES} retries for session ${sessionId}:`, err);
+                }
+                else if (nextItem.status === 'sending') {
+                    nextItem.status = 'pending';
+                }
+                log.error(`Chain drain error for session ${sessionId} (attempt ${retries}):`, err);
+            }
+            // Use disk-aware broadcast since failures may have been persisted above
+            broadcastChainUpdateWithFailures(sessionId);
+        }
+        finally {
+            // Safety net: ensure item is never left stuck in 'sending'
+            if (nextItem.status === 'sending') {
+                log.warn(`[CHAIN-DRAIN] finally: item still in 'sending', resetting to 'pending': sessionId=${sessionId}, itemId=${nextItem.id.slice(0, 8)}`);
+                nextItem.status = 'pending';
+                broadcastChainUpdate(sessionId);
+            }
+            if (stream) {
+                stream.status = 'completed';
+                const isCurrentStream = activeStreams.get(sessionId) === stream;
+                log.info(`[CHAIN-DRAIN] finally: sessionId=${sessionId}, streamCompleted=true, isCurrentStream=${isCurrentStream}`);
+                if (isCurrentStream) {
+                    const remaining = chainState.get(sessionId);
+                    const remainingPending = remaining?.filter(item => item.status === 'pending').length ?? 0;
+                    log.info(`[CHAIN-DRAIN] finally: cleaning up stream, remainingItems=${remaining?.length ?? 0}, remainingPending=${remainingPending}`);
+                    const chainEndSlug = sessionProjectMap.get(sessionId) ?? null;
+                    cleanupStream(sessionId);
+                    emitStreamChange(sessionId, false, chainEndSlug);
+                    // Persist per-session permission mode before cleanup
+                    const chainFinalMode = stream.chatService?.getPermissionMode();
+                    if (chainFinalMode)
+                        await persistSessionPermissionMode(sessionId, chainFinalMode);
+                    const endProjectSlug = sessionProjectMap.get(sessionId);
+                    if (endProjectSlug) {
+                        triggerDashboardStatusChange(endProjectSlug);
+                        sessionProjectMap.delete(sessionId);
+                    }
+                    // Continue draining or clean up — browser state is irrelevant
+                    if (remaining && remaining.some(item => item.status === 'pending')) {
+                        log.info(`[CHAIN-DRAIN] finally: scheduling next drain for sessionId=${sessionId}`);
+                        scheduleChainDrain(sessionId, lang);
+                    }
+                    else {
+                        log.info(`[CHAIN-DRAIN] finally: no more pending items, cleaning up chain for sessionId=${sessionId}`);
+                        cleanupChainIfIdle(sessionId);
+                    }
+                }
+                else {
+                    log.warn(`[CHAIN-DRAIN] finally: stream is NOT the current active stream (replaced?): sessionId=${sessionId}`);
+                }
+            }
+            else {
+                // Stream creation failed — schedule retry or cleanup
+                log.warn(`[CHAIN-DRAIN] finally: no stream was created, scheduling retry: sessionId=${sessionId}`);
+                const remaining = chainState.get(sessionId);
+                if (remaining && remaining.some(item => item.status === 'pending')) {
+                    scheduleChainDrain(sessionId, lang);
+                }
+                else {
+                    cleanupChainIfIdle(sessionId);
+                }
+            }
+        }
+    }, 1000);
+}
 let permissionRequestCounter = 0;
 /** Create a buffered emit function that buffers and broadcasts to all connected sockets */
 function createStreamEmit(stream) {
@@ -132,12 +379,109 @@ export function isSessionStreaming(sessionId) {
     const stream = activeStreams.get(sessionId);
     return !!stream && stream.status === 'running';
 }
-/** Clean up a stream from all maps */
-function cleanupStream(streamKey) {
-    activeStreams.delete(streamKey);
-    for (const [sockId, sessId] of socketToSession.entries()) {
-        if (sessId === streamKey)
-            socketToSession.delete(sockId);
+/** Completed stream buffers kept independently of activeStreams.
+ *  When a stream completes, its buffer is saved here for 5 seconds so clients
+ *  joining during the JSONL flush window can still receive the completed turn.
+ *  This is separate from activeStreams so new streams can be created immediately
+ *  without losing the completed buffer. */
+const completedBuffers = new Map();
+/** Timer handles for completedBuffer expiry, keyed by sessionId.
+ *  Tracked so we can cancel the previous timer when a new buffer replaces it,
+ *  allowing the old buffer to be GC'd immediately instead of waiting for expiry. */
+const completedBufferTimers = new Map();
+/** How long to keep completed buffers (ms). Allows JSONL to flush before
+ *  fetchMessages becomes the sole source for this turn's data. */
+const COMPLETED_BUFFER_TTL_MS = 5000;
+/** Get the earliest stream start timestamp (active OR recently completed).
+ *  When both exist (e.g., chain: previous turn completed + new turn running),
+ *  returns the earlier one so fetchMessages excludes ALL stream-period messages.
+ *  Both the completed turn and active turn are provided via buffer replay. */
+export function getStreamStartedAt(sessionId) {
+    const stream = activeStreams.get(sessionId);
+    const runningStart = stream && stream.status === 'running' ? stream.startedAt : null;
+    const completedStart = completedBuffers.get(sessionId)?.startedAt ?? null;
+    if (runningStart && completedStart)
+        return Math.min(runningStart, completedStart);
+    return runningStart ?? completedStart;
+}
+/** Get start timestamp of the currently running stream only (ignores completed buffers). */
+export function getRunningStreamStartedAt(sessionId) {
+    const stream = activeStreams.get(sessionId);
+    return stream && stream.status === 'running' ? stream.startedAt : null;
+}
+/** Get the completed buffer for a session (null if none or expired). */
+export function getCompletedBuffer(sessionId) {
+    const completed = completedBuffers.get(sessionId);
+    return completed ? completed.events : null;
+}
+/** Clean up a stream from activeStreams immediately. Saves the buffer to
+ *  completedBuffers for 5 seconds so it remains available independently
+ *  of any new stream that may be created for the same session. */
+function cleanupStream(streamKey, expectedStream) {
+    const current = activeStreams.get(streamKey);
+    // Identity guard: if caller specifies the expected stream but a replacement has
+    // taken over, don't delete activeStreams (would remove the new stream). However,
+    // still save the completed buffer so clients can replay the finished turn.
+    const replaced = expectedStream && current !== expectedStream;
+    const stream = expectedStream ?? current;
+    // Keep a reference to the completed buffer independently of activeStreams.
+    // No copy needed — the buffer is immutable after completion (createStreamEmit
+    // only pushes to running streams). Only the buffer array is retained; the rest
+    // of the stream object (sockets, chatService, etc.) is released for GC.
+    if (stream && stream.buffer.length > 0) {
+        // Only write if this stream is newer than (or same as) any existing entry.
+        // An older stream's delayed finalizeStream must not overwrite a newer buffer.
+        const existing = completedBuffers.get(streamKey);
+        if (!existing || stream.startedAt >= existing.startedAt) {
+            // Cancel previous expiry timer so the old buffer can be GC'd immediately
+            const prevTimer = completedBufferTimers.get(streamKey);
+            if (prevTimer)
+                clearTimeout(prevTimer);
+            completedBuffers.set(streamKey, {
+                events: stream.buffer,
+                startedAt: stream.startedAt,
+            });
+            const timer = setTimeout(() => {
+                // Guard: only delete if this timer is still the current one for this key.
+                if (completedBufferTimers.get(streamKey) === timer) {
+                    completedBuffers.delete(streamKey);
+                    completedBufferTimers.delete(streamKey);
+                }
+            }, COMPLETED_BUFFER_TTL_MS);
+            completedBufferTimers.set(streamKey, timer);
+        }
+    }
+    // Only delete from activeStreams and clean up socket mappings if the stream
+    // hasn't been replaced. When replaced, the new stream owns those resources.
+    if (!replaced) {
+        activeStreams.delete(streamKey);
+        for (const [sockId, sessId] of socketToSession.entries()) {
+            if (sessId === streamKey)
+                socketToSession.delete(sockId);
+        }
+    }
+}
+/** Normalize legacy 'never' sync policy to 'streaming' */
+function normalizeSyncPolicy(policy) {
+    return policy === 'always' ? 'always' : 'streaming';
+}
+/**
+ * Persist the stream's final permission mode to .hammoc/session-permissions.json.
+ * Returns a promise that resolves when persistence is complete (or fails silently).
+ * Must be called before sessionProjectMap.delete() for the given sessionId.
+ */
+async function persistSessionPermissionMode(sessionId, mode, fallbackSlug) {
+    const slug = sessionProjectMap.get(sessionId) || fallbackSlug;
+    if (!slug)
+        return;
+    try {
+        const projectPath = await projectService.resolveProjectPath(slug);
+        if (projectPath) {
+            await projectService.updateSessionPermission(projectPath, sessionId, mode);
+        }
+    }
+    catch (err) {
+        log.error('Failed to persist session permission mode:', err);
     }
 }
 /**
@@ -203,27 +547,52 @@ export function rekeyStream(stream, newSessionId) {
  * Mark a stream as completed and broadcast stream-change.
  * Cleans up from activeStreams map.
  */
-export function finalizeStream(sessionId) {
+export async function finalizeStream(sessionId) {
     const stream = activeStreams.get(sessionId);
     if (stream) {
+        const finalMode = stream.chatService?.getPermissionMode();
+        if (finalMode)
+            await persistSessionPermissionMode(sessionId, finalMode);
         stream.status = 'completed';
-        cleanupStream(sessionId);
+        // Pass stream reference so cleanupStream won't accidentally clean up a
+        // replacement stream that started during the async persistence above.
+        cleanupStream(sessionId, stream);
     }
-    io.emit('session:stream-change', { sessionId, active: false });
-    const slug = sessionProjectMap.get(sessionId);
-    if (slug) {
-        sessionProjectMap.delete(sessionId);
-        triggerDashboardStatusChange(slug);
+    // Only emit inactive status and clear project mapping if a replacement stream
+    // hasn't taken over during the async persistence above. Without this guard,
+    // a new running stream would be falsely reported as inactive.
+    // Re-read slug at use time to avoid ABA race with stale capture.
+    const currentStream = activeStreams.get(sessionId);
+    if (!currentStream || currentStream.status !== 'running') {
+        const freshSlug = sessionProjectMap.get(sessionId);
+        emitStreamChange(sessionId, false, freshSlug ?? null);
+        if (freshSlug) {
+            sessionProjectMap.delete(sessionId);
+            triggerDashboardStatusChange(freshSlug);
+        }
+    }
+}
+/**
+ * Emit session:stream-change scoped to the project room when projectSlug is known,
+ * falling back to global broadcast otherwise.
+ */
+function emitStreamChange(sessionId, active, projectSlug) {
+    const payload = { sessionId, active, projectSlug };
+    if (projectSlug) {
+        io.to(`project:${projectSlug}`).emit('session:stream-change', payload);
+    }
+    else {
+        io.emit('session:stream-change', payload);
     }
 }
 /**
- * Broadcast session:stream-change to all connected clients.
+ * Broadcast session:stream-change to project room (or all clients as fallback).
  * Used by queue service to signal stream start/end.
  * Story 20.1: Also triggers dashboard status change when projectSlug is known.
  */
 export function broadcastStreamChange(sessionId, active) {
-    io.emit('session:stream-change', { sessionId, active });
     const slug = sessionProjectMap.get(sessionId);
+    emitStreamChange(sessionId, active, slug ?? null);
     if (slug) {
         triggerDashboardStatusChange(slug);
         if (!active)
@@ -256,7 +625,7 @@ function matchAcceptLanguage(header) {
  */
 export async function initializeWebSocket(httpServer) {
     io = new SocketIOServer(httpServer, {
-        cors: config.websocket.cors,
+        cors: config.cors,
         maxHttpBufferSize: 100 * 1024 * 1024, // 100MB for base64 image payloads
     });
     // Session middleware for WebSocket (Story 2.5 - Task 4)
@@ -302,7 +671,7 @@ export async function initializeWebSocket(httpServer) {
             try {
                 const clientIP = extractClientIP(socket);
                 const isLocal = isLocalIP(clientIP);
-                const terminalEnabled = await preferencesService.getTerminalEnabled();
+                const terminalEnabled = preferencesService.getTerminalEnabled();
                 socket.emit('terminal:access', {
                     allowed: terminalEnabled && isLocal,
                     enabled: terminalEnabled,
@@ -387,6 +756,8 @@ export async function initializeWebSocket(httpServer) {
                 startedAt: Date.now(),
             };
             activeStreams.set(streamKey, stream);
+            // Bump drain generation so any pending scheduled drain is invalidated
+            chainDrainGeneration.set(streamKey, (chainDrainGeneration.get(streamKey) || 0) + 1);
             for (const sock of initialSockets) {
                 socketToSession.set(sock.id, streamKey);
             }
@@ -400,23 +771,50 @@ export async function initializeWebSocket(httpServer) {
                 }
             }).catch(() => { });
             try {
-                await handleChatSend(stream, data, abortController, lang);
+                const sendSuccess = await handleChatSend(stream, data, abortController, lang);
+                if (sendSuccess)
+                    chainResumableSessions.add(stream.sessionId);
             }
             finally {
                 stream.status = 'completed';
                 const endedSessionId = stream.sessionId;
+                const isCurrentStream = activeStreams.get(endedSessionId) === stream;
+                log.info(`[CHAIN-DRAIN] chat:send finally: endedSessionId=${endedSessionId}, isCurrentStream=${isCurrentStream}, socketsOnStream=${stream.sockets.size}`);
                 // Only cleanup if this stream is still the active one for this session.
                 // A replacement stream (from another chat:send) may have already taken over
                 // the same key — deleting it would be a race condition.
-                if (activeStreams.get(endedSessionId) === stream) {
+                if (isCurrentStream) {
+                    const sendEndSlug = sessionProjectMap.get(endedSessionId) ?? null;
                     cleanupStream(endedSessionId);
-                    io.emit('session:stream-change', { sessionId: endedSessionId, active: false });
+                    emitStreamChange(endedSessionId, false, sendEndSlug);
+                    // Persist per-session permission mode before cleanup
+                    const sendFinalMode = stream.chatService?.getPermissionMode();
+                    if (sendFinalMode)
+                        await persistSessionPermissionMode(endedSessionId, sendFinalMode);
                     // Story 20.1: Trigger dashboard status change on stream end
                     const endProjectSlug = sessionProjectMap.get(endedSessionId);
                     if (endProjectSlug) {
+                        // Update sessions-index.json so future list queries hit cache
+                        new SessionService().updateSessionIndex(endProjectSlug, endedSessionId).catch((err) => {
+                            log.warn(`Failed to update session index: project=${endProjectSlug} session=${endedSessionId}`, err);
+                        });
                         triggerDashboardStatusChange(endProjectSlug);
                         sessionProjectMap.delete(endedSessionId);
                     }
+                    // Story 24.1: Schedule chain drain if pending items exist (browser-independent)
+                    const pendingChain = chainState.get(endedSessionId);
+                    const pendingCount = pendingChain?.filter(item => item.status === 'pending').length ?? 0;
+                    log.info(`[CHAIN-DRAIN] chat:send finally: chainItems=${pendingChain?.length ?? 0}, pendingCount=${pendingCount}, statuses=${JSON.stringify(pendingChain?.map(i => ({ id: i.id.slice(0, 8), status: i.status })) ?? [])}`);
+                    if (pendingChain && pendingChain.some(item => item.status === 'pending')) {
+                        scheduleChainDrain(endedSessionId, lang);
+                    }
+                    else {
+                        log.info(`[CHAIN-DRAIN] chat:send finally: no pending chain items, calling cleanupChainIfIdle for ${endedSessionId}`);
+                        cleanupChainIfIdle(endedSessionId);
+                    }
+                }
+                else {
+                    log.warn(`[CHAIN-DRAIN] chat:send finally: stream is NOT current active stream (replaced?): endedSessionId=${endedSessionId}`);
                 }
             }
         });
@@ -430,17 +828,16 @@ export async function initializeWebSocket(httpServer) {
                 stream.pendingPermissions.get(data.requestId).resolve({ approved: data.approved, response: data.response });
                 stream.pendingPermissions.delete(data.requestId);
                 // Broadcast the actual resolution to all OTHER viewers so their
-                // tool/interactive cards can show the correct approve/deny state
-                for (const sock of stream.sockets) {
-                    if (sock.id !== socket.id) {
-                        sock.emit('permission:resolved', {
-                            requestId: data.requestId,
-                            approved: data.approved,
-                            interactionType: data.interactionType,
-                            response: data.response,
-                        });
-                    }
-                }
+                // tool/interactive cards can show the correct approve/deny state.
+                // Also buffer via createStreamEmit so reconnecting clients see the
+                // resolved state instead of a stale 'waiting' permission card.
+                const emit = createStreamEmit(stream);
+                emit('permission:resolved', {
+                    requestId: data.requestId,
+                    approved: data.approved,
+                    interactionType: data.interactionType,
+                    response: data.response,
+                });
             }
             else {
                 // Permission already resolved by another viewer — notify sender
@@ -462,13 +859,35 @@ export async function initializeWebSocket(httpServer) {
                 }
                 stream.abortController.abort('user-abort');
             }
+            // Also clear any pending prompt chain — user expects everything to stop.
+            // Always bump generation to invalidate any in-flight drain timers,
+            // even if chainState is already empty (stale timer edge case).
+            const gen = (chainDrainGeneration.get(sessionId) || 0) + 1;
+            chainDrainGeneration.set(sessionId, gen);
+            const chainItems = chainState.get(sessionId);
+            if (chainItems && chainItems.length > 0) {
+                chainState.set(sessionId, []);
+                broadcastChainUpdate(sessionId);
+                // Do NOT call cleanupChainIfIdle here — the active stream still exists
+                // and scheduleChainDrain's finally block will handle cleanup after it completes.
+                clearPersistedFailures(sessionId)
+                    .then(() => {
+                    // Guard: only broadcast if no new chain was started since this abort
+                    if (chainDrainGeneration.get(sessionId) === gen) {
+                        broadcastChainUpdate(sessionId);
+                    }
+                })
+                    .catch((err) => {
+                    log.error(`Failed to clear persisted failures for session ${sessionId}:`, err);
+                });
+            }
         });
         // Handle permission:mode-change — update SDK permission mode and broadcast to viewers
         socket.on('permission:mode-change', async (data) => {
-            const sessionId = socketToSession.get(socket.id);
+            const sessionId = socketToSession.get(socket.id) || socketSessionRoom.get(socket.id);
             if (!sessionId)
                 return;
-            const { mode, syncPolicy = 'streaming' } = data;
+            const { mode, projectSlug } = data;
             const stream = activeStreams.get(sessionId);
             // 1) Update SDK permission mode — only when stream is actively running
             if (stream?.chatService && stream.status === 'running') {
@@ -478,11 +897,32 @@ export async function initializeWebSocket(httpServer) {
                 }
                 catch (err) {
                     log.error('Failed to change permission mode:', err);
+                    return; // Don't persist or broadcast a mode that failed to apply
                 }
             }
-            // 2) Broadcast to other viewers based on sync policy
-            if (syncPolicy === 'never')
-                return;
+            // Update pending chain items so the next drain uses the new mode.
+            // Outside the running-stream block because mode can change between turns
+            // (e.g., during the 1s chain drain delay when no stream is active).
+            const chainItems = chainState.get(sessionId);
+            if (chainItems) {
+                for (const item of chainItems) {
+                    if (item.status === 'pending' || item.status === 'sending') {
+                        item.permissionMode = mode;
+                    }
+                }
+            }
+            // 2) Always persist per-session permission mode (read only when policy is 'always')
+            // Use projectSlug from client as fallback when sessionProjectMap entry is gone (stream ended)
+            await persistSessionPermissionMode(sessionId, mode, projectSlug);
+            // 3) Broadcast to other viewers based on sync policy
+            let syncPolicy = 'streaming';
+            try {
+                const prefs = await preferencesService.readPreferences();
+                syncPolicy = normalizeSyncPolicy(prefs.permissionSyncPolicy);
+            }
+            catch (err) {
+                log.error('Failed to read preferences for sync policy:', err);
+            }
             if (syncPolicy === 'streaming' && stream?.status !== 'running')
                 return;
             // 'always' or ('streaming' + running) → broadcast via Socket.io room
@@ -490,7 +930,7 @@ export async function initializeWebSocket(httpServer) {
         });
         // Handle session:join event — attach socket to active running stream (broadcast)
         // Also joins a persistent Socket.io room so future streams auto-include this socket.
-        socket.on('session:join', (sessionId) => {
+        socket.on('session:join', (sessionId, projectSlug) => {
             // Detach this socket from any previously-attached stream to prevent
             // events from the old stream leaking to a different session's listeners
             const prevSessionId = socketToSession.get(socket.id);
@@ -502,22 +942,124 @@ export async function initializeWebSocket(httpServer) {
                 socketToSession.delete(socket.id);
                 socket.leave(`session:${prevSessionId}`);
             }
+            // Also leave previous session room even when no active stream existed
+            // (socketToSession is only set when a stream is running)
+            const prevRoomSessionId = socketSessionRoom.get(socket.id);
+            if (prevRoomSessionId && prevRoomSessionId !== sessionId && prevRoomSessionId !== prevSessionId) {
+                socket.leave(`session:${prevRoomSessionId}`);
+            }
             // Join persistent session room (survives beyond ActiveStream lifecycle)
             socket.join(`session:${sessionId}`);
+            // Leave previous project room if switching projects (or if new join has no projectSlug)
+            const prevProjectRoom = socketProjectRoom.get(socket.id);
+            if (prevProjectRoom && prevProjectRoom !== projectSlug) {
+                socket.leave(`project:${prevProjectRoom}`);
+                socketProjectRoom.delete(socket.id);
+            }
+            // Join project room so scoped events (e.g., session:stream-change) are received
+            if (projectSlug) {
+                socket.join(`project:${projectSlug}`);
+                socketProjectRoom.set(socket.id, projectSlug);
+            }
+            // Story 24.3: Track session room membership for session:leave room management
+            socketSessionRoom.set(socket.id, sessionId);
             const stream = activeStreams.get(sessionId);
+            // Story 24.1: Send current chain state on join (in-memory + persisted failures)
+            // Only attempt disk read for valid UUID sessionIds to avoid unbounded lock map growth
+            if (UUID_RE.test(sessionId)) {
+                withChainFailureLock(sessionId, async () => {
+                    return projectService.readChainFailures(sessionId);
+                }).then(failures => {
+                    // Re-read in-memory state now (may have changed during async disk read)
+                    const freshItems = (chainState.get(sessionId) || []).map(toPublicChainItem);
+                    const allItems = [...freshItems, ...failures];
+                    socket.emit('chain:update', { sessionId, items: allItems });
+                }).catch((err) => {
+                    log.error(`Failed to read chain failures on join (session ${sessionId}):`, err);
+                    const freshItems = (chainState.get(sessionId) || []).map(toPublicChainItem);
+                    socket.emit('chain:update', { sessionId, items: freshItems });
+                });
+            }
+            else {
+                // Non-UUID session: only send in-memory chain state (no disk persistence)
+                const freshItems = (chainState.get(sessionId) || []).map(toPublicChainItem);
+                socket.emit('chain:update', { sessionId, items: freshItems });
+            }
             if (!stream || stream.status !== 'running') {
-                socket.emit('stream:status', { active: false, sessionId });
+                // Emit inactive status + completed buffer replay.
+                // Wrapped in a helper that re-checks activeStreams because the async
+                // preference-read path can yield, and a new stream may start in between.
+                const emitInactiveWithReplay = (permissionMode) => {
+                    // Stale callback guard: if the socket has left this session (moved to
+                    // another session or disconnected), don't emit anything for the old session.
+                    if (socketSessionRoom.get(socket.id) !== sessionId || !socket.connected) {
+                        return;
+                    }
+                    // Re-check: if a running stream appeared during async wait, emit active
+                    // state instead of stale inactive. Without this, the client would miss
+                    // the initial stream:status/buffer-replay for the new stream.
+                    const freshStream = activeStreams.get(sessionId);
+                    if (freshStream && freshStream.status === 'running') {
+                        socketToSession.set(socket.id, sessionId);
+                        const bufSnapshot = [...freshStream.buffer];
+                        const freshMode = freshStream.chatService?.getPermissionMode();
+                        socket.emit('stream:status', { active: true, sessionId, permissionMode: freshMode });
+                        const completedBuf = getCompletedBuffer(sessionId);
+                        if (completedBuf) {
+                            socket.emit('stream:buffer-replay', { sessionId, events: completedBuf });
+                        }
+                        socket.emit('stream:buffer-replay', { sessionId, events: bufSnapshot });
+                        freshStream.sockets.add(socket);
+                        return;
+                    }
+                    socket.emit('stream:status', { active: false, sessionId, permissionMode });
+                    // Replay recently completed stream buffer so the client has the finished turn
+                    const completed = getCompletedBuffer(sessionId);
+                    if (completed) {
+                        socket.emit('stream:buffer-replay', { sessionId, events: completed });
+                    }
+                };
+                // For 'always' sync policy, restore per-session permission mode from disk
+                const resolvedSlug = projectSlug || sessionProjectMap.get(sessionId);
+                if (resolvedSlug && UUID_RE.test(sessionId)) {
+                    preferencesService.readPreferences().then(async (prefs) => {
+                        if (normalizeSyncPolicy(prefs.permissionSyncPolicy) === 'always') {
+                            const projectPath = await projectService.resolveProjectPath(resolvedSlug);
+                            if (projectPath) {
+                                const perms = await projectService.readSessionPermissions(projectPath);
+                                const savedMode = perms[sessionId];
+                                emitInactiveWithReplay(savedMode);
+                                return;
+                            }
+                        }
+                        emitInactiveWithReplay();
+                    }).catch(() => {
+                        emitInactiveWithReplay();
+                    });
+                }
+                else {
+                    emitInactiveWithReplay();
+                }
                 return;
             }
-            // Add socket to broadcast set (multiple browsers can watch simultaneously)
-            stream.sockets.add(socket);
             socketToSession.set(socket.id, sessionId);
-            // Notify this client that stream is active, then replay entire buffer
-            socket.emit('stream:status', { active: true, sessionId });
-            for (const entry of stream.buffer) {
-                // eslint-disable-next-line @typescript-eslint/no-explicit-any
-                socket.emit(entry.event, entry.data);
+            // Snapshot BEFORE adding socket to broadcast set to prevent race.
+            const bufferSnapshot = [...stream.buffer];
+            const permissionMode = stream.chatService?.getPermissionMode();
+            // Emit order matters for the client:
+            // 1. stream:status { active: true } → client calls restoreStreaming + trimMessagesAfterLastUser
+            // 2. completed buffer replay → client calls addMessages (trim already ran, won't remove these)
+            // 3. active buffer replay → client sets streaming segments for the current turn
+            socket.emit('stream:status', { active: true, sessionId, permissionMode });
+            // Replay recently completed stream buffer (e.g., previous chain turn) AFTER
+            // stream:status so the client has already trimmed stale messages.
+            const completedBuf = getCompletedBuffer(sessionId);
+            if (completedBuf) {
+                socket.emit('stream:buffer-replay', { sessionId, events: completedBuf });
             }
+            socket.emit('stream:buffer-replay', { sessionId, events: bufferSnapshot });
+            // NOW add to broadcast set — live events flow from here
+            stream.sockets.add(socket);
         });
         // Handle session:leave event — detach socket from current stream and session room
         // (client navigating away from a session while streaming continues in background)
@@ -530,12 +1072,133 @@ export async function initializeWebSocket(httpServer) {
                 }
                 socketToSession.delete(socket.id);
             }
-            // Use prevSessionId as fallback — client may send empty string when
-            // the sessionId is not available at unmount time (e.g., ChatPage cleanup)
-            const roomSessionId = sessionId || prevSessionId;
+            // Use prevSessionId / socketSessionRoom as fallback — client may send empty
+            // string when the sessionId is not available at unmount time (e.g., ChatPage cleanup)
+            const roomSessionId = sessionId || prevSessionId || socketSessionRoom.get(socket.id);
             if (roomSessionId) {
                 socket.leave(`session:${roomSessionId}`);
             }
+            // Story 24.3: Clean up session room tracking on leave
+            // Only clear project room if the leaving session matches current tracking.
+            // Prevents race where a new session:join overwrites tracking before old leave arrives.
+            const trackedSession = socketSessionRoom.get(socket.id);
+            if (!trackedSession || trackedSession === roomSessionId) {
+                socketSessionRoom.delete(socket.id);
+                const prevProjectSlug = socketProjectRoom.get(socket.id);
+                if (prevProjectSlug) {
+                    socket.leave(`project:${prevProjectSlug}`);
+                }
+                socketProjectRoom.delete(socket.id);
+            }
+        });
+        // Story 24.1: Prompt chain event handlers
+        socket.on('chain:add', (data) => {
+            if (!data || typeof data !== 'object')
+                return;
+            const { sessionId, content, workingDirectory, permissionMode, model } = data;
+            const lang = socket.data.language || 'en';
+            const t = i18next.getFixedT(lang);
+            // Input validation (UUID required for disk persistence compatibility)
+            if (!sessionId || typeof sessionId !== 'string' || !UUID_RE.test(sessionId))
+                return;
+            if (!content || typeof content !== 'string' || !content.trim())
+                return;
+            if (!workingDirectory || typeof workingDirectory !== 'string')
+                return;
+            if (content.length > 100_000) {
+                socket.emit('error', { code: ERROR_CODES.CHAT_ERROR, message: t('ws.error.chainContentTooLong') });
+                return;
+            }
+            // Validate socket is a member of the session room
+            if (!socket.rooms.has(`session:${sessionId}`))
+                return;
+            const items = chainState.get(sessionId) || [];
+            if (items.length >= 10) {
+                socket.emit('error', {
+                    code: ERROR_CODES.CHAIN_MAX_EXCEEDED,
+                    message: t('ws.error.chainMaxExceeded'),
+                });
+                return;
+            }
+            const item = {
+                id: generateChainItemId(),
+                content,
+                status: 'pending',
+                createdAt: Date.now(),
+                workingDirectory,
+                permissionMode,
+                model,
+            };
+            items.push(item);
+            chainState.set(sessionId, items);
+            broadcastChainUpdate(sessionId);
+            // If no active stream, trigger drain so items don't stay pending indefinitely
+            if (!activeStreams.has(sessionId)) {
+                scheduleChainDrain(sessionId, lang);
+            }
+        });
+        socket.on('chain:remove', (data) => {
+            if (!data || typeof data !== 'object')
+                return;
+            const { sessionId, id } = data;
+            if (!sessionId || typeof sessionId !== 'string' || !UUID_RE.test(sessionId))
+                return;
+            if (!id || typeof id !== 'string')
+                return;
+            if (!socket.rooms.has(`session:${sessionId}`))
+                return;
+            const items = chainState.get(sessionId);
+            if (items) {
+                // If the removed item is currently sending, abort its active stream
+                const removedItem = items.find(item => item.id === id);
+                if (removedItem?.status === 'sending') {
+                    const stream = activeStreams.get(sessionId);
+                    if (stream && stream.status === 'running') {
+                        stream.abortController.abort('chain-item-removed');
+                    }
+                }
+                const filtered = items.filter(item => item.id !== id);
+                chainState.set(sessionId, filtered);
+                broadcastChainUpdate(sessionId);
+                if (filtered.length === 0) {
+                    cleanupChainIfIdle(sessionId);
+                }
+            }
+            // Also remove from persisted failures (dismiss)
+            removePersistedFailure(sessionId, id).catch((err) => {
+                log.error(`Failed to remove persisted failure ${id} for session ${sessionId}:`, err);
+            });
+        });
+        socket.on('chain:clear', (data) => {
+            if (!data || typeof data !== 'object')
+                return;
+            const { sessionId } = data;
+            if (!sessionId || typeof sessionId !== 'string' || !UUID_RE.test(sessionId))
+                return;
+            // Validate socket is a member of the session room
+            if (!socket.rooms.has(`session:${sessionId}`))
+                return;
+            // If any item is currently sending, abort its active stream
+            const items = chainState.get(sessionId);
+            if (items?.some(item => item.status === 'sending')) {
+                const stream = activeStreams.get(sessionId);
+                if (stream && stream.status === 'running') {
+                    stream.abortController.abort('chain-cleared');
+                }
+            }
+            chainState.set(sessionId, []);
+            // Bump generation instead of deleting — prevents stale timers from matching
+            // a reset counter value after clear + re-add sequence
+            chainDrainGeneration.set(sessionId, (chainDrainGeneration.get(sessionId) || 0) + 1);
+            broadcastChainUpdate(sessionId);
+            cleanupChainIfIdle(sessionId);
+            // Clear persisted failures from disk, then broadcast final consistent state
+            // (prevents stale failures from reappearing via concurrent broadcastChainUpdateWithFailures)
+            clearPersistedFailures(sessionId)
+                .then(() => broadcastChainUpdate(sessionId))
+                .catch((err) => {
+                log.error(`Failed to clear persisted failures for session ${sessionId}:`, err);
+            });
         });
         // Story 20.1: Dashboard subscribe/unsubscribe
         socket.on('dashboard:subscribe', () => {
@@ -610,7 +1273,7 @@ export async function initializeWebSocket(httpServer) {
             const lang = socket.data.language || 'en';
             const t = i18next.getFixedT(lang);
             // Story 17.5: Security guard
-            const access = await checkTerminalAccess(socket, lang);
+            const access = checkTerminalAccess(socket, lang);
             if (!access.allowed) {
                 log.warn(`Terminal access denied for ${extractClientIP(socket)} on terminal:create`);
                 socket.emit('terminal:error', access.error);
@@ -673,7 +1336,7 @@ export async function initializeWebSocket(httpServer) {
         });
         socket.on('terminal:input', async (data) => {
             // Story 17.5: Security guard
-            const inputAccess = await checkTerminalAccess(socket, socket.data.language || 'en');
+            const inputAccess = checkTerminalAccess(socket, socket.data.language || 'en');
             if (!inputAccess.allowed) {
                 log.warn(`Terminal access denied for ${extractClientIP(socket)} on terminal:input`);
                 socket.emit('terminal:error', { ...inputAccess.error, terminalId: data.terminalId });
@@ -689,7 +1352,7 @@ export async function initializeWebSocket(httpServer) {
         });
         socket.on('terminal:resize', async (data) => {
             // Story 17.5: Security guard
-            const resizeAccess = await checkTerminalAccess(socket, socket.data.language || 'en');
+            const resizeAccess = checkTerminalAccess(socket, socket.data.language || 'en');
             if (!resizeAccess.allowed) {
                 log.warn(`Terminal access denied for ${extractClientIP(socket)} on terminal:resize`);
                 socket.emit('terminal:error', { ...resizeAccess.error, terminalId: data.terminalId });
@@ -705,7 +1368,7 @@ export async function initializeWebSocket(httpServer) {
         });
         socket.on('terminal:list', async (data) => {
             const lang = socket.data.language || 'en';
-            const access = await checkTerminalAccess(socket, lang);
+            const access = checkTerminalAccess(socket, lang);
             if (!access.allowed) {
                 socket.emit('terminal:list', { projectSlug: data.projectSlug, terminals: [] });
                 return;
@@ -738,7 +1401,7 @@ export async function initializeWebSocket(httpServer) {
         });
         socket.on('terminal:close', async (data) => {
             // Story 17.5: Security guard
-            const closeAccess = await checkTerminalAccess(socket, socket.data.language || 'en');
+            const closeAccess = checkTerminalAccess(socket, socket.data.language || 'en');
             if (!closeAccess.allowed) {
                 log.warn(`Terminal access denied for ${extractClientIP(socket)} on terminal:close`);
                 socket.emit('terminal:error', { ...closeAccess.error, terminalId: data.terminalId });
@@ -768,6 +1431,8 @@ export async function initializeWebSocket(httpServer) {
                 }
                 socketToSession.delete(socket.id);
             }
+            socketSessionRoom.delete(socket.id);
+            socketProjectRoom.delete(socket.id);
             // PTY sessions are NOT cleaned up on socket disconnect.
             // They persist until explicitly closed by the user, the PTY process exits,
             // or the server shuts down. This prevents losing long-running terminal
@@ -833,7 +1498,8 @@ function isSessionNotFoundError(error) {
     return (message.includes('session not found') ||
         message.includes('session does not exist') ||
         message.includes('invalid session') ||
-        message.includes('no such session'));
+        message.includes('no such session') ||
+        message.includes('no conversation found'));
 }
 /**
  * Handle chat:send event from client
@@ -852,7 +1518,7 @@ async function handleChatSend(stream, data, abortController, lang) {
                 code: ERROR_CODES.VALIDATION_ERROR,
                 message: validation.error,
             });
-            return;
+            return false;
         }
     }
     // Validate workingDirectory exists
@@ -861,11 +1527,18 @@ async function handleChatSend(stream, data, abortController, lang) {
             code: ERROR_CODES.INVALID_WORKING_DIR,
             message: t('ws.error.projectPathNotFound'),
         });
-        return;
+        return false;
     }
     // Buffer the user's message so reconnecting clients can display it
-    // (SDK may not have written the JSONL file yet at reconnect time)
-    emit('user:message', { content, sessionId: sessionId || '' });
+    // (SDK may not have written the JSONL file yet at reconnect time).
+    // Include timestamp for correct ordering. For images, only send count
+    // (not full base64 data) to avoid bloating the buffer.
+    emit('user:message', {
+        content,
+        sessionId: sessionId || '',
+        timestamp: new Date().toISOString(),
+        ...(images && images.length > 0 ? { imageCount: images.length } : {}),
+    });
     const isResuming = resume && sessionId;
     const sessionService = new SessionService();
     let timeoutId = null;
@@ -888,11 +1561,11 @@ async function handleChatSend(stream, data, abortController, lang) {
         // Create canUseTool callback for permission & AskUserQuestion handling
         // Promise stays pending if socket disconnected — SDK naturally waits
         const canUseTool = async (toolName, input, options) => {
-            // Auto-approve ExitPlanMode when the user originally chose Bypass mode.
-            // The SDK internally switches to 'plan' after EnterPlanMode, which causes
-            // ExitPlanMode to request approval even though the user intended full bypass.
-            if (toolName === 'ExitPlanMode' && permissionMode === 'bypassPermissions') {
-                log.debug('Auto-approving ExitPlanMode: original permissionMode is bypassPermissions');
+            // Auto-approve ExitPlanMode when the current permission mode is Bypass.
+            // Use chatService.getPermissionMode() instead of the closure-captured variable
+            // so that mid-stream permission mode changes (e.g. Plan → Bypass) are reflected.
+            if (toolName === 'ExitPlanMode' && chatService.getPermissionMode() === 'bypassPermissions') {
+                log.debug('Auto-approving ExitPlanMode: current permissionMode is bypassPermissions');
                 return { behavior: 'allow', updatedInput: input };
             }
             const isAskUserQuestion = toolName === 'AskUserQuestion';
@@ -991,13 +1664,6 @@ async function handleChatSend(stream, data, abortController, lang) {
                 }
             }
             const sdkError = parseSDKError(error, lang);
-            if (isResuming && isSessionNotFoundError(error)) {
-                emit('error', {
-                    code: ERROR_CODES.SESSION_NOT_FOUND,
-                    message: t('ws.error.sessionNotFound'),
-                });
-                return;
-            }
             emit('error', {
                 code: ERROR_CODES.CHAT_ERROR,
                 message: sdkError.message,
@@ -1007,33 +1673,48 @@ async function handleChatSend(stream, data, abortController, lang) {
                 notificationService.notifyError(stream.sessionId, sdkError.message);
             }
         };
-        await chatService.sendMessageWithCallbacks(content, callbacks, chatOptions, canUseTool, (messageType) => {
-            resetTimeout(`raw:${messageType}`);
-        });
+        // Attempt to send — if resume fails with session-not-found, retry without resume
+        try {
+            await chatService.sendMessageWithCallbacks(content, callbacks, chatOptions, canUseTool, (messageType) => {
+                resetTimeout(`raw:${messageType}`);
+            });
+        }
+        catch (sendError) {
+            // Resume failed because session doesn't exist (e.g., first send was aborted before SDK created it).
+            // Retry once without resume so SDK creates a fresh session.
+            if (isResuming && sendError instanceof Error && isSessionNotFoundError(sendError)) {
+                log.info(`[CHAIN-DRAIN] resume failed (session not found), retrying without resume: sessionId=${sessionId}`);
+                const retryOptions = { ...chatOptions, resume: undefined, sessionId };
+                delete retryOptions.resume;
+                resetTimeout('resume-retry');
+                await chatService.sendMessageWithCallbacks(content, callbacks, retryOptions, canUseTool, (messageType) => {
+                    resetTimeout(`raw:${messageType}`);
+                });
+            }
+            else {
+                throw sendError;
+            }
+        }
+        return true;
     }
     catch (error) {
         const sdkError = parseSDKError(error, lang);
+        log.info(`[CHAIN-DRAIN] handleChatSend catch: sessionId=${stream.sessionId}, aborted=${abortController.signal.aborted}, reason=${abortController.signal.reason}, error=${sdkError.message.slice(0, 120)}`);
         if (sdkError instanceof AbortedError || abortController.signal.aborted) {
             if (abortController.signal.reason === 'user-abort' || abortController.signal.reason === 'another-client') {
-                return;
+                return false;
             }
             emit('error', {
                 code: ERROR_CODES.TIMEOUT_ERROR,
                 message: t('ws.error.timeout'),
             });
-            return;
-        }
-        if (isResuming && error instanceof Error && isSessionNotFoundError(error)) {
-            emit('error', {
-                code: ERROR_CODES.SESSION_NOT_FOUND,
-                message: t('ws.error.sessionNotFound'),
-            });
-            return;
+            return false;
         }
         emit('error', {
             code: ERROR_CODES.CHAT_ERROR,
             message: sdkError.message,
         });
+        return false;
     }
     finally {
         if (timeoutId) {