mixdog 0.7.5 → 0.7.7

package/src/agent/orchestrator/providers/anthropic-oauth.mjs

@@ -8,6 +8,8 @@
 import { readFileSync, existsSync, statSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
+import { createServer } from 'http';
+import { randomBytes, createHash } from 'crypto';
 import {
     traceBridgeFetch,
     traceBridgeSse,
@@ -208,6 +210,22 @@ const ANTHROPIC_VERSION = '2023-06-01';
 const DEFAULT_CREDENTIALS_PATH = join(homedir(), '.claude', '.credentials.json');
 const CLAUDE_CODE_CLIENT_ID = process.env.ANTHROPIC_OAUTH_CLIENT_ID || '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
 const TOKEN_REFRESH_SKEW_MS = 5 * 60_000;
+const CLAUDE_AI_AUTHORIZE_URL = 'https://claude.com/cai/oauth/authorize';
+const ALL_OAUTH_SCOPES = [
+    'org:create_api_key',
+    'user:profile',
+    'user:inference',
+    'user:sessions:claude_code',
+    'user:mcp_servers',
+    'user:file_upload',
+];
+const OAUTH_LOGIN_SCOPE = ALL_OAUTH_SCOPES.join(' ');
+const OAUTH_CALLBACK_HOST = 'localhost';
+const OAUTH_CALLBACK_PORT = 54545;
+const OAUTH_CALLBACK_PATH = '/callback';
+const OAUTH_REDIRECT_URI = `http://${OAUTH_CALLBACK_HOST}:${OAUTH_CALLBACK_PORT}${OAUTH_CALLBACK_PATH}`;
+const OAUTH_LOGIN_TIMEOUT_MS = 5 * 60_000;
+const OAUTH_TOKEN_TIMEOUT_MS = 30_000;
 
 // Anthropic OAuth contract for first-party Claude Code clients.
 // Opus/Sonnet requests are gated on a specific system-prompt prefix.
@@ -1739,6 +1757,127 @@ export class AnthropicOAuthProvider {
     }
 }
 
+// --- Login flow (PKCE loopback, export for setup UI / CLI) ---
+
+function _oauthGeneratePKCE() {
+    const verifier = randomBytes(32).toString('base64url');
+    const challenge = createHash('sha256').update(verifier).digest('base64url');
+    return { verifier, challenge };
+}
+
+function _oauthCredentialsWritePath() {
+    for (const p of credentialCandidates()) {
+        if (existsSync(p)) return p;
+    }
+    return DEFAULT_CREDENTIALS_PATH;
+}
+
+function _oauthParseScopeField(scope) {
+    if (Array.isArray(scope)) return scope;
+    return String(scope || '').split(' ').filter(Boolean);
+}
+
+export async function loginOAuth() {
+    const pkce = _oauthGeneratePKCE();
+    const state = randomBytes(32).toString('base64url');
+    const url = new URL(CLAUDE_AI_AUTHORIZE_URL);
+    url.searchParams.set('code', 'true');
+    url.searchParams.set('client_id', CLAUDE_CODE_CLIENT_ID);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('redirect_uri', OAUTH_REDIRECT_URI);
+    url.searchParams.set('scope', OAUTH_LOGIN_SCOPE);
+    url.searchParams.set('code_challenge', pkce.challenge);
+    url.searchParams.set('code_challenge_method', 'S256');
+    url.searchParams.set('state', state);
+    process.stderr.write(`\n[anthropic-oauth] Open this URL to log in with Claude:\n${url.toString()}\n\n`);
+    try {
+        const { exec } = await import('child_process');
+        const opener = process.platform === 'win32' ? 'start' : process.platform === 'darwin' ? 'open' : 'xdg-open';
+        exec(`${opener} "${url.toString()}"`, { windowsHide: true });
+    } catch { /* user opens manually */ }
+
+    return new Promise((resolve) => {
+        const timeout = setTimeout(() => { server.close(); resolve(null); }, OAUTH_LOGIN_TIMEOUT_MS);
+        const server = createServer(async (req, res) => {
+            const u = new URL(req.url || '/', `http://${OAUTH_CALLBACK_HOST}:${OAUTH_CALLBACK_PORT}`);
+            if (u.pathname !== OAUTH_CALLBACK_PATH) {
+                res.writeHead(404);
+                res.end();
+                return;
+            }
+            const code = u.searchParams.get('code');
+            if (!code || u.searchParams.get('state') !== state) {
+                res.writeHead(400);
+                res.end('Invalid');
+                clearTimeout(timeout);
+                server.close();
+                resolve(null);
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end('<html><body><h2>Claude login successful! You can close this tab.</h2></body></html>');
+            clearTimeout(timeout);
+            server.close();
+            try {
+                const tokenRes = await fetch(TOKEN_URL, {
+                    method: 'POST',
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'anthropic-dangerous-direct-browser-access': 'true',
+                        'user-agent': `claude-cli/${resolveCliVersion()} (external, sdk-cli)`,
+                    },
+                    body: JSON.stringify({
+                        grant_type: 'authorization_code',
+                        code,
+                        redirect_uri: OAUTH_REDIRECT_URI,
+                        client_id: CLAUDE_CODE_CLIENT_ID,
+                        code_verifier: pkce.verifier,
+                        state,
+                    }),
+                    redirect: 'error',
+                    signal: AbortSignal.timeout(OAUTH_TOKEN_TIMEOUT_MS),
+                    dispatcher: getLlmDispatcher(),
+                });
+                if (!tokenRes.ok) { resolve(null); return; }
+                const json = await tokenRes.json();
+                const accessToken = json?.access_token || json?.accessToken;
+                const refreshToken = json?.refresh_token || json?.refreshToken;
+                if (!accessToken || !refreshToken) { resolve(null); return; }
+                const expiresAt = _normalizeExpiresAt(json?.expires_at ?? json?.expiresAt)
+                    || (typeof json?.expires_in === 'number' ? Date.now() + json.expires_in * 1000 : 0);
+                const scopes = _oauthParseScopeField(json?.scope);
+                const credPath = _oauthCredentialsWritePath();
+                let raw = {};
+                if (existsSync(credPath)) {
+                    raw = JSON.parse(readFileSync(credPath, 'utf-8'));
+                }
+                const existingOauth = raw.claudeAiOauth || {};
+                raw.claudeAiOauth = {
+                    ...existingOauth,
+                    accessToken,
+                    refreshToken,
+                    expiresAt,
+                    scopes,
+                    subscriptionType: existingOauth.subscriptionType ?? null,
+                };
+                _saveCredentialsFile(credPath, raw);
+                resolve({
+                    path: credPath,
+                    accessToken,
+                    refreshToken,
+                    expiresAt,
+                    scopes,
+                    subscriptionType: raw.claudeAiOauth.subscriptionType,
+                });
+            } catch {
+                resolve(null);
+            }
+        });
+        server.listen(OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_HOST);
+        server.on('error', () => { clearTimeout(timeout); resolve(null); });
+    });
+}
+
 // Additive exports for test harnesses.
 // Lets the SSE parser be exercised in isolation against a synthetic
 // ReadableStream without needing a live OAuth session.

package/src/agent/orchestrator/providers/openai-oauth.mjs

@@ -1305,3 +1305,99 @@ export class OpenAIOAuthProvider {
         return this.tokens !== null;
     }
 }
+
+const AUTHORIZE_URL = 'https://auth.openai.com/oauth/authorize';
+const CODEX_OAUTH_SCOPE = 'openid profile email offline_access api.connectors.read api.connectors.invoke';
+const CODEX_OAUTH_ORIGINATOR = 'codex_cli_rs';
+const CALLBACK_HOST = '127.0.0.1';
+const CALLBACK_PORT = 1455;
+const CALLBACK_PATH = '/auth/callback';
+const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
+const LOGIN_TIMEOUT_MS = 5 * 60_000;
+const TOKEN_TIMEOUT_MS = 30_000;
+
+function generatePKCE() {
+    const verifier = randomBytes(64).toString('base64url');
+    const challenge = createHash('sha256').update(verifier).digest('base64url');
+    return { verifier, challenge };
+}
+
+export async function loginOAuth() {
+    const pkce = generatePKCE();
+    const state = randomBytes(16).toString('hex');
+    const url = new URL(AUTHORIZE_URL);
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('client_id', CLIENT_ID);
+    url.searchParams.set('redirect_uri', REDIRECT_URI);
+    url.searchParams.set('scope', CODEX_OAUTH_SCOPE);
+    url.searchParams.set('code_challenge', pkce.challenge);
+    url.searchParams.set('code_challenge_method', 'S256');
+    url.searchParams.set('id_token_add_organizations', 'true');
+    url.searchParams.set('codex_cli_simplified_flow', 'true');
+    url.searchParams.set('state', state);
+    url.searchParams.set('originator', CODEX_OAUTH_ORIGINATOR);
+    process.stderr.write(`\n[openai-oauth] Open this URL to log in to ChatGPT (Codex):\n${url.toString()}\n\n`);
+    try {
+        const { exec } = await import('child_process');
+        const opener = process.platform === 'win32' ? 'start' : process.platform === 'darwin' ? 'open' : 'xdg-open';
+        exec(`${opener} "${url.toString()}"`, { windowsHide: true });
+    } catch { /* user opens manually */ }
+
+    return new Promise((resolve) => {
+        const timeout = setTimeout(() => { server.close(); resolve(null); }, LOGIN_TIMEOUT_MS);
+        const server = createServer(async (req, res) => {
+            const u = new URL(req.url || '/', `http://${CALLBACK_HOST}:${CALLBACK_PORT}`);
+            if (u.pathname !== CALLBACK_PATH) {
+                res.writeHead(404);
+                res.end();
+                return;
+            }
+            const code = u.searchParams.get('code');
+            if (!code || u.searchParams.get('state') !== state) {
+                res.writeHead(400);
+                res.end('Invalid');
+                clearTimeout(timeout);
+                server.close();
+                resolve(null);
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end('<html><body><h2>Codex login successful! You can close this tab.</h2></body></html>');
+            clearTimeout(timeout);
+            server.close();
+            try {
+                const tokenRes = await fetch(TOKEN_URL, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                    body: new URLSearchParams({
+                        grant_type: 'authorization_code',
+                        code,
+                        redirect_uri: REDIRECT_URI,
+                        client_id: CLIENT_ID,
+                        code_verifier: pkce.verifier,
+                    }),
+                    redirect: 'error',
+                    signal: AbortSignal.timeout(TOKEN_TIMEOUT_MS),
+                });
+                if (!tokenRes.ok) { resolve(null); return; }
+                const json = await tokenRes.json();
+                if (!json.access_token || !json.refresh_token) { resolve(null); return; }
+                const expiresAt = (typeof json.expires_in === 'number'
+                    ? Date.now() + json.expires_in * 1000
+                    : 0) || _expiryFromAccessToken(json.access_token);
+                const tokens = {
+                    access_token: json.access_token,
+                    refresh_token: json.refresh_token,
+                    expires_at: expiresAt,
+                    account_id: extractAccountId(json.access_token),
+                };
+                saveTokens(tokens);
+                resolve(tokens);
+            } catch {
+                resolve(null);
+            }
+        });
+        server.listen(CALLBACK_PORT, CALLBACK_HOST);
+        server.on('error', () => { clearTimeout(timeout); resolve(null); });
+    });
+}

package/src/agent/orchestrator/session/manager.mjs

@@ -1780,11 +1780,13 @@ export async function resumeSession(sessionId, preset) {
 export function getSession(id) {
     return loadSession(id);
 }
-export function listSessions() {
+export function listSessions(opts = {}) {
+    const includeClosed = opts.includeClosed === true;
     const sessions = listStoredSessions();
     const hiddenIds = new Set([..._runtimeState.entries()].filter(([, e]) => e.listHidden).map(([id]) => id));
-    // Always exclude tombstoned sessions (closed===true) — closeSession plants the tombstone.
-    return sessions.filter(s => s.closed !== true && !hiddenIds.has(s.id));
+    // Tombstoned sessions (closed===true) are excluded unless the caller opts in
+    // (e.g. bridge list includeClosed:true).
+    return sessions.filter(s => !hiddenIds.has(s.id) && (includeClosed || s.closed !== true));
 }
 // --- Clear messages (keep system prompt + provider/model/cwd) ---
 export async function clearSessionMessages(sessionId) {

package/src/agent/orchestrator/session/store.mjs

@@ -498,6 +498,11 @@ export function deleteSession(id) {
     return removed;
 }
 const DEFAULT_SESSION_TTL_MS = 5 * 60 * 1000; // 5 minutes idle — aligned with Anthropic 5m messages tier and OpenAI in-memory cache window
+// Completed bridge workers (idle/done/error) live until terminal reap — must
+// match TERMINAL_REAP_MS / _scheduleBridgeReap (3_600_000) in index.mjs and
+// bridge-stall-watchdog.mjs so the store sweep is the durable 1h reaper.
+const BRIDGE_TERMINAL_TTL_MS = 60 * 60 * 1000;
+const BRIDGE_TERMINAL_STATUSES = new Set(['idle', 'done', 'error']);
 // Hard wall-clock ceiling for sessions stuck in status='running'. The
 // stream-watchdog should abort stalled streams within ~120s, but if it misses
 // one (process crash, watchdog not started, provider never returned), this
@@ -586,7 +591,10 @@ export function sweepStaleSessions(ttlMs) {
                 remaining++;
                 continue;
             }
-            if (now - lastActive > maxAge) {
+            const isCompletedBridge = session.owner === 'bridge'
+                && BRIDGE_TERMINAL_STATUSES.has(session.status);
+            const sessionMaxAge = isCompletedBridge ? BRIDGE_TERMINAL_TTL_MS : maxAge;
+            if (now - lastActive > sessionMaxAge) {
                 try { markSessionClosed(session.id, 'idle-sweep'); }
                 catch (err) {
                     process.stderr.write(`[session-store] idle-sweep close failed for ${session.id}: ${err?.message}\n`);

package/src/channels/lib/runtime-paths.mjs

@@ -1,8 +1,9 @@
 import { readFileSync, readdirSync, statSync, writeFileSync } from "fs";
 import { execFileSync } from "child_process";
 import { tmpdir } from "os";
-import { join, resolve } from "path";
+import { basename, join, resolve } from "path";
 import { ensureDir, readJsonFile, removeFileIfExists, writeJsonFile } from "./state-file.mjs";
+import { updateJsonAtomicSync, withFileLockSync } from "../../shared/atomic-file.mjs";
 const RUNTIME_ROOT = process.env.MIXDOG_RUNTIME_ROOT
   ? resolve(process.env.MIXDOG_RUNTIME_ROOT)
   : join(tmpdir(), "mixdog");
@@ -152,7 +153,36 @@ function readActiveInstance() {
       && _staleSup === undefined;
     if (!ownerFieldsAlreadyEmpty) {
       process.stderr.write(`mixdog: stale active-instance.json (${staleReason}), clearing owner fields\n`);
-      try { writeActiveInstance({ ...stableRest, updatedAt: Date.now() }); } catch {}
+      try {
+        updateJsonAtomicSync(ACTIVE_INSTANCE_FILE, (curRaw) => {
+          if (!curRaw) return undefined;
+          const liveReason = activeInstanceStaleReason(curRaw);
+          if (!liveReason) return undefined;
+          const {
+            pinned: _stalePinned2,
+            instanceId: _staleId2,
+            ownerLeadPid: _staleOwner2,
+            terminalLeadPid: _staleTerm2,
+            supervisor_pid: _staleSup2,
+            server_pid: _staleServer2,
+            worker_pid: _staleWorker2,
+            channels_pid: _staleChannels2,
+            supervisor_started_at: _staleStart2,
+            server_started_at: _staleServerStart2,
+            httpPort: _staleHttpPort2,
+            backendReady: _staleBackendReady2,
+            turnEndFile: _staleTurnEnd2,
+            statusFile: _staleStatus2,
+            ...stableRestLocked
+          } = curRaw ?? {};
+          const ownerEmpty = _staleId2 === undefined
+            && _staleOwner2 === undefined
+            && _staleTerm2 === undefined
+            && _staleSup2 === undefined;
+          if (ownerEmpty) return undefined;
+          return { ...stableRestLocked, updatedAt: Date.now() };
+        }, { compact: true, fsyncDir: true });
+      } catch {}
     }
     return null;
   }
@@ -179,77 +209,82 @@ function buildActiveInstanceState(instanceId, meta) {
   };
 }
 function refreshActiveInstance(instanceId, meta) {
-  const prev = readActiveInstance();
-  // readActiveInstance returns null when the recorded owner PID is dead,
-  // even after the dead-owner fix preserves stable fields on disk. For
-  // the preservedExtra spread below we still need those fields, so read
-  // the raw file directly as a fallback when prev is null.
-  const prevForPreserve = prev ?? readJsonFile(ACTIVE_INSTANCE_FILE, null);
-  // Drop stale fields (pid/startedAt) written by older server versions.
-  const { pid: _legacyPid, startedAt: _legacyStartedAt, ...prevRest } = prev ?? {};
-  const identity = buildRuntimeIdentity();
-  // server_started_at tracks the CURRENT server_pid's start time so the
-  // dev-sync barrier can verify the CHILD's freshness (the supervisor's
-  // supervisor_started_at is stable across child respawns and cannot).
-  // Preserve across refreshes when server_pid is unchanged; stamp fresh
-  // when server_pid is new/changed or there is no prev advert.
-  const prevServerPid = parsePositivePid(prevForPreserve?.server_pid);
-  const prevServerStartedAt = Number(prevForPreserve?.server_started_at);
-  const serverStartedAt = (
-    prevServerPid !== null
-    && identity.server_pid !== null
-    && prevServerPid === identity.server_pid
-    && Number.isFinite(prevServerStartedAt)
-  ) ? prevServerStartedAt : Date.now();
-  const next = {
-    ...(prev?.instanceId === instanceId ? prevRest : buildActiveInstanceState(instanceId)),
-    ...identity,
-    server_started_at: serverStartedAt,
-    updatedAt: Date.now(),
-    ...meta?.channelId ? { channelId: meta.channelId } : {},
-    ...meta?.transcriptPath ? { transcriptPath: meta.transcriptPath } : {},
-    ...meta?.httpPort ? { httpPort: meta.httpPort } : {},
-    ...meta?.memory_port ? { memory_port: meta.memory_port } : {},
-    ...typeof meta?.backendReady === "boolean" ? { backendReady: meta.backendReady } : {},
-  };
-  // Pinned ownership (default ON): each refresh reasserts the pinned flag
-  // from the current process's env. Other processes refreshing carry their
-  // own env, so the flag never outlives the pinned process. Set
-  // MIXDOG_PIN_OWNER=0 to opt out and revert to stale-window takeover.
-  if (isOwnerPinEnabled()) next.pinned = true;
-  else delete next.pinned;
-  // I1: pg_* spreads FIRST so newFields above win on conflict.
-  // prev.pg_port='A', meta.httpPort-adjacent pg_port='B' → result.pg_port='B'.
-  // memory_port: preserve when the advertising memory worker is still alive
-  // (sync process.kill(pid,0); ESRCH=dead). Same server_pid restart still
-  // preserves; a live owner from another session must not be dropped on handoff.
-  const preservedExtra = Object.fromEntries(
-    Object.entries(prevForPreserve ?? {}).filter(([k]) => k.startsWith('pg_'))
-  );
-  const prevMemoryServerPid = parsePositivePid(prevForPreserve?.memory_server_pid);
-  const prevMemoryOwnerAlive = (() => {
-    if (prevMemoryServerPid === null) return false;
-    try {
-      process.kill(prevMemoryServerPid, 0);
-      return true;
-    } catch (e) {
-      if (e && e.code === "ESRCH") return false;
-      return true;
+  ensureRuntimeDirs();
+  return updateJsonAtomicSync(ACTIVE_INSTANCE_FILE, (curRaw) => {
+    const prevForPreserve = curRaw;
+    const prev = activeInstanceStaleReason(curRaw) ? null : curRaw;
+    // Drop stale fields (pid/startedAt) written by older server versions.
+    const { pid: _legacyPid, startedAt: _legacyStartedAt, ...prevRest } = prev ?? {};
+    const identity = buildRuntimeIdentity();
+    // server_started_at tracks the CURRENT server_pid's start time so the
+    // dev-sync barrier can verify the CHILD's freshness (the supervisor's
+    // supervisor_started_at is stable across child respawns and cannot).
+    // Preserve across refreshes when server_pid is unchanged; stamp fresh
+    // when server_pid is new/changed or there is no prev advert.
+    const prevServerPid = parsePositivePid(prevForPreserve?.server_pid);
+    const prevServerStartedAt = Number(prevForPreserve?.server_started_at);
+    const serverStartedAt = (
+      prevServerPid !== null
+      && identity.server_pid !== null
+      && prevServerPid === identity.server_pid
+      && Number.isFinite(prevServerStartedAt)
+    ) ? prevServerStartedAt : Date.now();
+    const next = {
+      ...(prev?.instanceId === instanceId ? prevRest : buildActiveInstanceState(instanceId)),
+      ...identity,
+      server_started_at: serverStartedAt,
+      updatedAt: Date.now(),
+      ...meta?.channelId ? { channelId: meta.channelId } : {},
+      ...meta?.transcriptPath ? { transcriptPath: meta.transcriptPath } : {},
+      ...meta?.httpPort ? { httpPort: meta.httpPort } : {},
+      ...meta?.memory_port ? { memory_port: meta.memory_port } : {},
+      ...typeof meta?.backendReady === "boolean" ? { backendReady: meta.backendReady } : {},
+    };
+    if (typeof meta?.transcriptPath === "string" && meta.transcriptPath) {
+      const outgoing = prevForPreserve?.transcriptPath;
+      if (typeof outgoing === "string" && outgoing) {
+        const outBase = basename(outgoing, ".jsonl");
+        const newBase = basename(meta.transcriptPath, ".jsonl");
+        if (outBase !== newBase) next.priorTranscriptPath = outgoing;
+      }
     }
-  })();
-  const sameMemoryAdvertiser =
-    prevMemoryServerPid !== null &&
-    identity.server_pid !== null &&
-    prevMemoryServerPid === identity.server_pid;
-  if (sameMemoryAdvertiser || prevMemoryOwnerAlive) {
-    if (prevForPreserve && Object.prototype.hasOwnProperty.call(prevForPreserve, 'memory_port')) {
-      preservedExtra.memory_port = prevForPreserve.memory_port;
-      preservedExtra.memory_server_pid = prevMemoryServerPid;
+    // Pinned ownership (default ON): each refresh reasserts the pinned flag
+    // from the current process's env. Other processes refreshing carry their
+    // own env, so the flag never outlives the pinned process. Set
+    // MIXDOG_PIN_OWNER=0 to opt out and revert to stale-window takeover.
+    if (isOwnerPinEnabled()) next.pinned = true;
+    else delete next.pinned;
+    // I1: pg_* spreads FIRST so newFields above win on conflict.
+    // prev.pg_port='A', meta.httpPort-adjacent pg_port='B' → result.pg_port='B'.
+    // memory_port: preserve when the advertising memory worker is still alive
+    // (sync process.kill(pid,0); ESRCH=dead). Same server_pid restart still
+    // preserves; a live owner from another session must not be dropped on handoff.
+    const preservedExtra = Object.fromEntries(
+      Object.entries(prevForPreserve ?? {}).filter(([k]) => k.startsWith('pg_'))
+    );
+    const prevMemoryServerPid = parsePositivePid(prevForPreserve?.memory_server_pid);
+    const prevMemoryOwnerAlive = (() => {
+      if (prevMemoryServerPid === null) return false;
+      try {
+        process.kill(prevMemoryServerPid, 0);
+        return true;
+      } catch (e) {
+        if (e && e.code === "ESRCH") return false;
+        return true;
+      }
+    })();
+    const sameMemoryAdvertiser =
+      prevMemoryServerPid !== null &&
+      identity.server_pid !== null &&
+      prevMemoryServerPid === identity.server_pid;
+    if (sameMemoryAdvertiser || prevMemoryOwnerAlive) {
+      if (prevForPreserve && Object.prototype.hasOwnProperty.call(prevForPreserve, 'memory_port')) {
+        preservedExtra.memory_port = prevForPreserve.memory_port;
+        preservedExtra.memory_server_pid = prevMemoryServerPid;
+      }
     }
-  }
-  const nextWithExtra = { ...preservedExtra, ...next };
-  writeActiveInstance(nextWithExtra);
-  return nextWithExtra;
+    return { ...preservedExtra, ...next };
+  }, { compact: true, fsyncDir: true });
 }
 const SERVER_PID_FILE = join(
   RUNTIME_ROOT,
@@ -445,9 +480,12 @@ function releaseOwnedChannelLocks(instanceId) {
   });
 }
 function clearActiveInstance(instanceId) {
-  const active = readActiveInstance();
-  if (active?.instanceId !== instanceId) return;
-  removeFileIfExists(ACTIVE_INSTANCE_FILE);
+  withFileLockSync(`${ACTIVE_INSTANCE_FILE}.lock`, () => {
+    const curRaw = readJsonFile(ACTIVE_INSTANCE_FILE, null);
+    const prev = curRaw && !activeInstanceStaleReason(curRaw) ? curRaw : null;
+    if (prev?.instanceId !== instanceId) return;
+    removeFileIfExists(ACTIVE_INSTANCE_FILE);
+  });
 }
 export {
   ACTIVE_INSTANCE_FILE,

package/src/memory/index.mjs

@@ -94,7 +94,7 @@ import { runFullBackfill } from './lib/memory-ops-policy.mjs'
 import { listCore, addCore, editCore, deleteCore, compactCoreIds, CORE_SUMMARY_MAX } from './lib/core-memory-store.mjs'
 import { resolveProjectId, resolveProjectScope } from './lib/project-id-resolver.mjs'
 import { openTraceDatabase, insertTraceEvents, enqueueTraceEvents, insertBridgeCalls, registerTraceExitDrain } from './lib/trace-store.mjs'
-import { withFileLockSync, writeJsonAtomicSync } from '../shared/atomic-file.mjs'
+import { updateJsonAtomicSync, writeJsonAtomicSync } from '../shared/atomic-file.mjs'
 const DATA_DIR = process.env.CLAUDE_PLUGIN_DATA || process.argv[2] || null
 if (!DATA_DIR) {
   process.stderr.write('[memory-service] CLAUDE_PLUGIN_DATA not set and no explicit data dir provided\n')
@@ -129,9 +129,8 @@ function advertiseMemoryPort(boundPort, attempt = 0) {
   const file = path.join(dir, 'active-instance.json')
   try {
     fs.mkdirSync(dir, { recursive: true })
-    withFileLockSync(`${file}.lock`, () => {
-      let cur = {}
-      try { cur = JSON.parse(fs.readFileSync(file, 'utf8')) } catch {}
+    updateJsonAtomicSync(file, (curRaw) => {
+      const cur = curRaw ?? {}
       const curMemPort = Number(cur?.memory_port)
       const curMemPid = parsePositivePid(cur?.memory_server_pid)
       const portConflict = Number.isFinite(curMemPort) && curMemPort > 0 && curMemPort !== boundPort
@@ -141,7 +140,7 @@ function advertiseMemoryPort(boundPort, attempt = 0) {
         _isPidAliveLocal(curMemPid)
       if (portConflict && otherOwnerAlive) {
         process.stderr.write(`[memory-service] skip memory_port advertise port=${boundPort} curMemPort=${curMemPort} curMemPid=${curMemPid} memoryServerPid=${MEMORY_SERVER_PID}\n`)
-        return
+        return undefined
       }
       const next = {
         ...cur,
@@ -149,8 +148,8 @@ function advertiseMemoryPort(boundPort, attempt = 0) {
         ...(MEMORY_SERVER_PID ? { memory_server_pid: MEMORY_SERVER_PID } : {}),
         updatedAt: Date.now(),
       }
-      writeJsonAtomicSync(file, next, { compact: true, fsyncDir: true })
-    })
+      return next
+    }, { compact: true, fsyncDir: true })
     if (!_periodicAdvertiseInstalled) {
       _periodicAdvertiseInstalled = true
       setInterval(() => {
@@ -3103,6 +3102,30 @@ const httpServer = http.createServer(async (req, res) => {
       return
     }
 
+    if (req.url === '/transcript/ingest-sync') {
+      const filePath = body.path
+      if (!filePath || typeof filePath !== 'string') {
+        sendJson(res, { error: 'path required' }, 400)
+        return
+      }
+      try {
+        let stat
+        try { stat = await fs.promises.stat(filePath) } catch {
+          sendJson(res, { ok: true, complete: true, fileSize: 0, offsetBytes: 0 })
+          return
+        }
+        const fileSize = stat.size
+        await ingestTranscriptFile(filePath, { cwd: body.cwd })
+        const off = _transcriptOffsets.get(filePath)
+        const offsetBytes = off && Number.isFinite(off.bytes) ? off.bytes : 0
+        const complete = offsetBytes >= fileSize
+        sendJson(res, { ok: true, offsetBytes, fileSize, complete })
+      } catch (e) {
+        sendJson(res, { error: e.message }, 500)
+      }
+      return
+    }
+
     sendJson(res, { error: 'Not found' }, 404)
   } catch (e) {
     process.stderr.write(`[memory-service] ${req.url} error: ${e.stack || e.message}\n`)

package/src/memory/lib/pg/supervisor.mjs

@@ -22,7 +22,7 @@ import {
 }                                             from 'node:fs';
 import { join, resolve }                      from 'node:path';
 import { tmpdir }                             from 'node:os';
-import { writeJsonAtomicSync }                from '../../../shared/atomic-file.mjs';
+import { updateJsonAtomicSync }               from '../../../shared/atomic-file.mjs';
 
 // ── pg-process interface (Track A) ───────────────────────────────────────────
 // Dynamic import so this module loads even before Track A's file exists.
@@ -150,17 +150,17 @@ const _ACTIVE_FILE = join(_RUNTIME_ROOT, 'active-instance.json');
 
 function patchActiveInstance(fields) {
   try {
-    let curRaw = {};
-    try { curRaw = JSON.parse(readFileSync(_ACTIVE_FILE, 'utf8')); } catch {}
-    // Drop stale fields (pid/startedAt) written by older server versions.
-    const { pid: _legacyPid, startedAt: _legacyStartedAt, ...cur } = curRaw ?? {};
-    // Omit null-valued fields (clean removal when pg is stopped).
-    const merged = { ...cur, updatedAt: Date.now() };
-    for (const [k, v] of Object.entries(fields)) {
-      if (v == null) delete merged[k];
-      else merged[k] = v;
-    }
-    writeJsonAtomicSync(_ACTIVE_FILE, merged, { compact: true, lock: true, fsyncDir: true });
+    updateJsonAtomicSync(_ACTIVE_FILE, (curRaw) => {
+      // Drop stale fields (pid/startedAt) written by older server versions.
+      const { pid: _legacyPid, startedAt: _legacyStartedAt, ...cur } = curRaw ?? {};
+      // Omit null-valued fields (clean removal when pg is stopped).
+      const merged = { ...cur, updatedAt: Date.now() };
+      for (const [k, v] of Object.entries(fields)) {
+        if (v == null) delete merged[k];
+        else merged[k] = v;
+      }
+      return merged;
+    }, { compact: true, fsyncDir: true });
   } catch (e) {
     process.stderr.write(`[supervisor-pg] patchActiveInstance failed: ${e?.message}\n`);
   }

package/src/shared/atomic-file.mjs

@@ -418,3 +418,19 @@ export function writeFileAtomicSync(filePath, data, opts = {}) {
 export function writeJsonAtomicSync(filePath, value, opts = {}) {
   return writeFileAtomicSync(filePath, JSON.stringify(value, null, opts.compact ? 0 : 2) + '\n', opts);
 }
+
+export function updateJsonAtomicSync(filePath, mutator, opts = {}) {
+  const { lock: _lock, ...writeOpts } = opts;
+  return withFileLockSync(`${filePath}.lock`, () => {
+    let cur = null;
+    try {
+      cur = JSON.parse(readFileSync(filePath, 'utf8'));
+    } catch {
+      cur = null;
+    }
+    const next = mutator(cur);
+    if (next === undefined) return cur;
+    writeJsonAtomicSync(filePath, next, { ...writeOpts, lock: false });
+    return next;
+  }, opts);
+}