monomind 1.8.0 → 1.9.0

package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js

@@ -3,8 +3,9 @@
  *
  * Tool definitions for session management with file persistence.
  */
-import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, unlinkSync, statSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync, readdirSync, unlinkSync, statSync } from 'node:fs';
 import { join } from 'node:path';
+import { randomBytes } from 'node:crypto';
 import { getProjectCwd } from './types.js';
 // Storage paths
 const STORAGE_DIR = '.monomind';
@@ -23,10 +24,13 @@ function ensureSessionDir() {
         mkdirSync(dir, { recursive: true });
     }
 }
+const MAX_SESSION_BYTES = 50 * 1024 * 1024;
 function loadSession(sessionId) {
     try {
         const path = getSessionPath(sessionId);
         if (existsSync(path)) {
+            if (statSync(path).size > MAX_SESSION_BYTES)
+                return null;
             const data = readFileSync(path, 'utf-8');
             return JSON.parse(data);
         }
@@ -38,16 +42,37 @@ function loadSession(sessionId) {
 }
 function saveSession(session) {
     ensureSessionDir();
-    writeFileSync(getSessionPath(session.sessionId), JSON.stringify(session, null, 2), 'utf-8');
+    const sessionPath = getSessionPath(session.sessionId);
+    // Unique tmp filename so concurrent session_save calls cannot collide on
+    // the same .tmp path (which would corrupt the rename target).
+    const tmpPath = `${sessionPath}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmpPath, JSON.stringify(session, null, 2), 'utf-8');
+    renameSync(tmpPath, sessionPath);
 }
-function listSessions() {
+function listSessions(limit = 200) {
     ensureSessionDir();
     const dir = getSessionDir();
-    const files = readdirSync(dir).filter(f => f.endsWith('.json'));
+    // Sort by mtime DESC, then bound reads to `limit` files to prevent DoS
+    const files = readdirSync(dir)
+        .filter(f => f.endsWith('.json'))
+        .map(f => {
+        try {
+            const stat = statSync(join(dir, f));
+            return { name: f, mtimeMs: stat.mtimeMs };
+        }
+        catch {
+            return { name: f, mtimeMs: 0 };
+        }
+    })
+        .sort((a, b) => b.mtimeMs - a.mtimeMs)
+        .slice(0, Math.max(1, Math.min(limit, 1000)));
     const sessions = [];
     for (const file of files) {
         try {
-            const data = readFileSync(join(dir, file), 'utf-8');
+            const filePath = join(dir, file.name);
+            if (statSync(filePath).size > MAX_SESSION_BYTES)
+                continue;
+            const data = readFileSync(filePath, 'utf-8');
             sessions.push(JSON.parse(data));
         }
         catch {
@@ -62,7 +87,7 @@ function loadRelatedStores(options) {
     if (options.includeMemory) {
         try {
             const memoryPath = join(getProjectCwd(), STORAGE_DIR, 'memory', 'store.json');
-            if (existsSync(memoryPath)) {
+            if (existsSync(memoryPath) && statSync(memoryPath).size <= MAX_SESSION_BYTES) {
                 data.memory = JSON.parse(readFileSync(memoryPath, 'utf-8'));
             }
         }
@@ -71,7 +96,7 @@ function loadRelatedStores(options) {
     if (options.includeTasks) {
         try {
             const taskPath = join(getProjectCwd(), STORAGE_DIR, 'tasks', 'store.json');
-            if (existsSync(taskPath)) {
+            if (existsSync(taskPath) && statSync(taskPath).size <= MAX_SESSION_BYTES) {
                 data.tasks = JSON.parse(readFileSync(taskPath, 'utf-8'));
             }
         }
@@ -80,7 +105,7 @@ function loadRelatedStores(options) {
     if (options.includeAgents) {
         try {
             const agentPath = join(getProjectCwd(), STORAGE_DIR, 'agents', 'store.json');
-            if (existsSync(agentPath)) {
+            if (existsSync(agentPath) && statSync(agentPath).size <= MAX_SESSION_BYTES) {
                 data.agents = JSON.parse(readFileSync(agentPath, 'utf-8'));
             }
         }
@@ -105,7 +130,7 @@ export const sessionTools = [
             required: ['name'],
         },
         handler: async (input) => {
-            const sessionId = `session-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+            const sessionId = `session-${Date.now()}-${randomBytes(6).toString('hex')}`;
             // Load related data based on options
             const data = loadRelatedStores({
                 includeMemory: input.includeMemory,
@@ -136,7 +161,6 @@ export const sessionTools = [
                 name: session.name,
                 savedAt: session.savedAt,
                 stats: session.stats,
-                path: getSessionPath(sessionId),
             };
         },
     },
@@ -176,7 +200,12 @@ export const sessionTools = [
                     const memoryDir = join(getProjectCwd(), STORAGE_DIR, 'memory');
                     if (!existsSync(memoryDir))
                         mkdirSync(memoryDir, { recursive: true });
-                    writeFileSync(join(memoryDir, 'store.json'), JSON.stringify(session.data.memory, null, 2), 'utf-8');
+                    const memoryStorePath = join(memoryDir, 'store.json');
+                    {
+                        const tmp = `${memoryStorePath}.${process.pid}.${Date.now()}.tmp`;
+                        writeFileSync(tmp, JSON.stringify(session.data.memory, null, 2), 'utf-8');
+                        renameSync(tmp, memoryStorePath);
+                    }
                     // Also populate active sql.js SQLite database so memory-tools can find entries
                     try {
                         const { storeEntry } = await import('../memory/memory-initializer.js');
@@ -204,13 +233,23 @@ export const sessionTools = [
                     const taskDir = join(getProjectCwd(), STORAGE_DIR, 'tasks');
                     if (!existsSync(taskDir))
                         mkdirSync(taskDir, { recursive: true });
-                    writeFileSync(join(taskDir, 'store.json'), JSON.stringify(session.data.tasks, null, 2), 'utf-8');
+                    const taskStorePath = join(taskDir, 'store.json');
+                    {
+                        const tmp = `${taskStorePath}.${process.pid}.${Date.now()}.tmp`;
+                        writeFileSync(tmp, JSON.stringify(session.data.tasks, null, 2), 'utf-8');
+                        renameSync(tmp, taskStorePath);
+                    }
                 }
                 if (session.data?.agents) {
                     const agentDir = join(getProjectCwd(), STORAGE_DIR, 'agents');
                     if (!existsSync(agentDir))
                         mkdirSync(agentDir, { recursive: true });
-                    writeFileSync(join(agentDir, 'store.json'), JSON.stringify(session.data.agents, null, 2), 'utf-8');
+                    const agentStorePath = join(agentDir, 'store.json');
+                    {
+                        const tmp = `${agentStorePath}.${process.pid}.${Date.now()}.tmp`;
+                        writeFileSync(tmp, JSON.stringify(session.data.agents, null, 2), 'utf-8');
+                        renameSync(tmp, agentStorePath);
+                    }
                 }
                 return {
                     sessionId: session.sessionId,
@@ -251,8 +290,10 @@ export const sessionTools = [
             else if (sortBy === 'size') {
                 sessions.sort((a, b) => b.stats.totalSize - a.stats.totalSize);
             }
-            // Apply limit
-            const limit = input.limit || 10;
+            // Apply limit — clamp to [1, 200] to prevent negative-slice and OOM
+            const rawLimit = typeof input.limit === 'number' ? input.limit : 10;
+            const limit = Math.max(1, Math.min(rawLimit, 200));
+            const totalCount = sessions.length;
             sessions = sessions.slice(0, limit);
             return {
                 sessions: sessions.map(s => ({
@@ -262,7 +303,7 @@ export const sessionTools = [
                     savedAt: s.savedAt,
                     stats: s.stats,
                 })),
-                total: sessions.length,
+                total: totalCount,
                 limit,
             };
         },
@@ -320,7 +361,6 @@ export const sessionTools = [
                     savedAt: session.savedAt,
                     stats: session.stats,
                     fileSize: stat.size,
-                    path,
                     hasData: {
                         memory: !!session.data?.memory,
                         tasks: !!session.data?.tasks,

package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js

@@ -4,17 +4,10 @@
  * Tool definitions for swarm coordination with file-based state persistence.
  * Replaces previous stub implementations with real state tracking.
  */
-import { existsSync, mkdirSync, readFileSync, writeFileSync, appendFileSync } from 'node:fs';
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync, statSync } from 'node:fs';
 import { join } from 'node:path';
+import { randomBytes } from 'node:crypto';
 import { getProjectCwd } from './types.js';
-function logEvent(kind, data) {
-    try {
-        const dir = join(getProjectCwd(), '.monomind', 'swarm');
-        if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
-        const event = { ts: new Date().toISOString(), source: 'mcp', kind, ...data };
-        appendFileSync(join(dir, 'events.jsonl'), JSON.stringify(event) + '\n');
-    } catch { }
-}
 // Swarm state persistence
 const SWARM_DIR = '.monomind/swarm';
 const SWARM_STATE_FILE = 'swarm-state.json';
@@ -30,10 +23,13 @@ function ensureSwarmDir() {
         mkdirSync(dir, { recursive: true, mode: 0o700 });
     }
 }
+const MAX_SWARM_STORE_BYTES = 10 * 1024 * 1024;
 function loadSwarmStore() {
     try {
         const path = getSwarmStatePath();
         if (existsSync(path)) {
+            if (statSync(path).size > MAX_SWARM_STORE_BYTES)
+                return { swarms: {}, version: '3.0.0' };
             return JSON.parse(readFileSync(path, 'utf-8'));
         }
     }
@@ -42,7 +38,10 @@ function loadSwarmStore() {
 }
 function saveSwarmStore(store) {
     ensureSwarmDir();
-    writeFileSync(getSwarmStatePath(), JSON.stringify(store, null, 2), 'utf-8');
+    const dest = getSwarmStatePath();
+    const tmp = `${dest}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmp, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmp, dest);
 }
 // Input validation
 const VALID_TOPOLOGIES = new Set([
@@ -64,7 +63,7 @@ export const swarmTools = [
         },
         handler: async (input) => {
             const topology = input.topology || 'hierarchical-mesh';
-            const maxAgents = Math.min(Math.max(input.maxAgents || 15, 1), 50);
+            const maxAgents = Math.min(Math.max(input.maxAgents || 8, 1), 50);
             const strategy = input.strategy || 'specialized';
             const config = (input.config || {});
             if (!VALID_TOPOLOGIES.has(topology)) {
@@ -73,7 +72,7 @@ export const swarmTools = [
                     error: `Invalid topology: ${topology}. Valid: ${[...VALID_TOPOLOGIES].join(', ')}`,
                 };
             }
-            const swarmId = `swarm-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+            const swarmId = `swarm-${Date.now()}-${randomBytes(6).toString('hex')}`;
             const now = new Date().toISOString();
             const swarmState = {
                 swarmId,
@@ -94,9 +93,17 @@ export const swarmTools = [
                 updatedAt: now,
             };
             const store = loadSwarmStore();
+            const MAX_SWARMS = 500;
+            // Evict terminated swarms first to free space
+            for (const [id, s] of Object.entries(store.swarms)) {
+                if (s.status === 'terminated')
+                    delete store.swarms[id];
+            }
+            if (Object.keys(store.swarms).length >= MAX_SWARMS) {
+                return { success: false, error: 'Swarm limit reached' };
+            }
             store.swarms[swarmId] = swarmState;
             saveSwarmStore(store);
-            logEvent('swarm.init', { swarmId, topology, strategy, maxAgents, config: swarmState.config });
             return {
                 success: true,
                 swarmId,
@@ -122,7 +129,11 @@ export const swarmTools = [
         handler: async (input) => {
             const store = loadSwarmStore();
             const swarmId = input.swarmId;
-            if (swarmId && store.swarms[swarmId]) {
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (swarmId && FORBIDDEN_KEYS.has(swarmId)) {
+                return { status: 'not_found', message: `Swarm ${swarmId} not found` };
+            }
+            if (swarmId && Object.hasOwn(store.swarms, swarmId)) {
                 const swarm = store.swarms[swarmId];
                 return {
                     swarmId: swarm.swarmId,
@@ -176,9 +187,13 @@ export const swarmTools = [
         handler: async (input) => {
             const store = loadSwarmStore();
             const swarmId = input.swarmId;
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (swarmId && FORBIDDEN_KEYS.has(swarmId)) {
+                return { success: false, error: `Swarm ${swarmId} not found` };
+            }
             // Find the swarm
             let target;
-            if (swarmId && store.swarms[swarmId]) {
+            if (swarmId && Object.hasOwn(store.swarms, swarmId)) {
                 target = store.swarms[swarmId];
             }
             else {
@@ -204,7 +219,6 @@ export const swarmTools = [
             target.status = 'terminated';
             target.updatedAt = new Date().toISOString();
             saveSwarmStore(store);
-            logEvent('swarm.shutdown', { swarmId: target.swarmId, topology: target.topology, agentCount: target.agents.length, graceful: input.graceful ?? true });
             return {
                 success: true,
                 swarmId: target.swarmId,
@@ -228,10 +242,14 @@ export const swarmTools = [
         handler: async (input) => {
             const store = loadSwarmStore();
             const swarmId = input.swarmId;
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (swarmId && FORBIDDEN_KEYS.has(swarmId)) {
+                return { status: 'not_found', healthy: false, checks: [{ name: 'swarm_exists', status: 'fail', message: `Swarm ${swarmId} not found` }], checkedAt: new Date().toISOString() };
+            }
             // Find the swarm
             let target;
             if (swarmId) {
-                target = store.swarms[swarmId];
+                target = Object.hasOwn(store.swarms, swarmId) ? store.swarms[swarmId] : undefined;
                 if (!target) {
                     return {
                         status: 'not_found',

package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js

@@ -9,7 +9,7 @@
  * - os module for system information
  */
 import { getProjectCwd } from './types.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import * as os from 'node:os';
@@ -68,7 +68,9 @@ function loadMetrics() {
 function saveMetrics(metrics) {
     ensureSystemDir();
     metrics.lastCheck = new Date().toISOString();
-    writeFileSync(getMetricsPath(), JSON.stringify(metrics, null, 2), 'utf-8');
+    const tmpPath = getMetricsPath() + '.tmp';
+    writeFileSync(tmpPath, JSON.stringify(metrics, null, 2), 'utf-8');
+    renameSync(tmpPath, getMetricsPath());
 }
 export const systemTools = [
     {
@@ -403,7 +405,6 @@ export const systemTools = [
                 platform: process.platform,
                 arch: process.arch,
                 pid: process.pid,
-                cwd: getProjectCwd(),
                 env: process.env.NODE_ENV || 'development',
                 features: {
                     swarm: true,

package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js

@@ -3,8 +3,9 @@
  *
  * Tool definitions for task management with file persistence.
  */
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync, statSync } from 'node:fs';
 import { join } from 'node:path';
+import { randomBytes } from 'node:crypto';
 import { getProjectCwd } from './types.js';
 // Storage paths
 const STORAGE_DIR = '.monomind';
@@ -22,12 +23,18 @@ function ensureTaskDir() {
         mkdirSync(dir, { recursive: true });
     }
 }
+const MAX_TASK_STORE_BYTES = 50 * 1024 * 1024;
 function loadTaskStore() {
     try {
         const path = getTaskPath();
         if (existsSync(path)) {
+            if (statSync(path).size > MAX_TASK_STORE_BYTES)
+                return { tasks: {}, version: '3.0.0' };
             const data = readFileSync(path, 'utf-8');
-            return JSON.parse(data);
+            const parsed = JSON.parse(data);
+            if (parsed && typeof parsed === 'object' && Object.prototype.hasOwnProperty.call(parsed, '__proto__'))
+                return { tasks: {}, version: '3.0.0' };
+            return parsed;
         }
     }
     catch {
@@ -37,8 +44,14 @@ function loadTaskStore() {
 }
 function saveTaskStore(store) {
     ensureTaskDir();
-    writeFileSync(getTaskPath(), JSON.stringify(store, null, 2), 'utf-8');
+    const taskPath = getTaskPath();
+    // Unique tmp filename — concurrent task_assign/complete calls would
+    // otherwise race on the same .tmp file.
+    const tmpPath = `${taskPath}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmpPath, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmpPath, taskPath);
 }
+const FORBIDDEN_TASK_IDS = new Set(['__proto__', 'constructor', 'prototype']);
 export const taskTools = [
     {
         name: 'task_create',
@@ -57,7 +70,7 @@ export const taskTools = [
         },
         handler: async (input) => {
             const store = loadTaskStore();
-            const taskId = `task-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+            const taskId = `task-${Date.now()}-${randomBytes(4).toString('hex')}`;
             const task = {
                 taskId,
                 type: input.type,
@@ -99,6 +112,8 @@ export const taskTools = [
         handler: async (input) => {
             const store = loadTaskStore();
             const taskId = input.taskId;
+            if (FORBIDDEN_TASK_IDS.has(taskId))
+                return { taskId, status: 'not_found', error: 'Task not found' };
             const task = store.tasks[taskId];
             if (task) {
                 return {
@@ -196,6 +211,8 @@ export const taskTools = [
         handler: async (input) => {
             const store = loadTaskStore();
             const taskId = input.taskId;
+            if (FORBIDDEN_TASK_IDS.has(taskId))
+                return { taskId, status: 'not_found', error: 'Task not found' };
             const task = store.tasks[taskId];
             if (task) {
                 task.status = 'completed';
@@ -209,17 +226,27 @@ export const taskTools = [
                     try {
                         let agentStore = { agents: {} };
                         if (existsSync(agentStorePath)) {
-                            agentStore = JSON.parse(readFileSync(agentStorePath, 'utf-8'));
+                            const agentRaw = JSON.parse(readFileSync(agentStorePath, 'utf-8'));
+                            if (agentRaw && typeof agentRaw === 'object' && !Object.prototype.hasOwnProperty.call(agentRaw, '__proto__')) {
+                                agentStore = agentRaw;
+                            }
                         }
                         for (const agentId of task.assignedTo) {
-                            if (agentStore.agents[agentId]) {
+                            const FORBIDDEN_AGENT_IDS_TC = new Set(['__proto__', 'constructor', 'prototype']);
+                            if (typeof agentId === 'string' && agentId.length > 0 && agentId.length <= 128 &&
+                                !FORBIDDEN_AGENT_IDS_TC.has(agentId) && Object.hasOwn(agentStore.agents, agentId)) {
                                 agentStore.agents[agentId].status = 'idle';
                                 agentStore.agents[agentId].currentTask = null;
                                 agentStore.agents[agentId].taskCount =
                                     (agentStore.agents[agentId].taskCount || 0) + 1;
                             }
                         }
-                        writeFileSync(agentStorePath, JSON.stringify(agentStore, null, 2), 'utf-8');
+                        const agentDir = join(getProjectCwd(), STORAGE_DIR, 'agents');
+                        if (!existsSync(agentDir))
+                            mkdirSync(agentDir, { recursive: true });
+                        const tmpAgent1 = `${agentStorePath}.${process.pid}.${Date.now()}.tmp`;
+                        writeFileSync(tmpAgent1, JSON.stringify(agentStore, null, 2), 'utf-8');
+                        renameSync(tmpAgent1, agentStorePath);
                     }
                     catch {
                         // Best-effort agent sync
@@ -256,6 +283,8 @@ export const taskTools = [
         handler: async (input) => {
             const store = loadTaskStore();
             const taskId = input.taskId;
+            if (FORBIDDEN_TASK_IDS.has(taskId))
+                return { success: false, taskId, error: 'Task not found' };
             const task = store.tasks[taskId];
             if (task) {
                 if (input.status) {
@@ -303,6 +332,8 @@ export const taskTools = [
         handler: async (input) => {
             const store = loadTaskStore();
             const taskId = input.taskId;
+            if (FORBIDDEN_TASK_IDS.has(taskId))
+                return { taskId, error: 'Task not found' };
             const task = store.tasks[taskId];
             if (!task) {
                 return { taskId, error: 'Task not found' };
@@ -317,10 +348,14 @@ export const taskTools = [
                 }
             }
             catch { /* ignore */ }
+            // Reject IDs that would mutate Object.prototype when used as a key in
+            // the JSON-loaded plain object `agentStore.agents`.
+            const FORBIDDEN_AGENT_IDS = new Set(['__proto__', 'constructor', 'prototype']);
+            const isValidAgentId = (id) => typeof id === 'string' && id.length > 0 && id.length <= 128 && !FORBIDDEN_AGENT_IDS.has(id);
             if (input.unassign) {
                 // Revert previously assigned agents to idle
                 for (const agentId of previouslyAssigned) {
-                    if (agentStore.agents[agentId]) {
+                    if (isValidAgentId(agentId) && Object.hasOwn(agentStore.agents, agentId)) {
                         agentStore.agents[agentId].status = 'idle';
                         agentStore.agents[agentId].currentTask = null;
                     }
@@ -328,18 +363,19 @@ export const taskTools = [
                 task.assignedTo = [];
             }
             else {
-                const agentIds = input.agentIds || [];
+                const rawIds = input.agentIds || [];
+                const agentIds = rawIds.filter(isValidAgentId);
                 // Revert old agents to idle
                 for (const agentId of previouslyAssigned) {
-                    if (!agentIds.includes(agentId) && agentStore.agents[agentId]) {
+                    if (isValidAgentId(agentId) && !agentIds.includes(agentId) && Object.hasOwn(agentStore.agents, agentId)) {
                         agentStore.agents[agentId].status = 'idle';
                         agentStore.agents[agentId].currentTask = null;
                     }
                 }
                 // Set new agents to active
                 for (const agentId of agentIds) {
-                    if (agentStore.agents[agentId]) {
-                        agentStore.agents[agentId].status = 'active';
+                    if (Object.hasOwn(agentStore.agents, agentId)) {
+                        agentStore.agents[agentId].status = 'busy';
                         agentStore.agents[agentId].currentTask = taskId;
                     }
                 }
@@ -358,7 +394,9 @@ export const taskTools = [
             if (!existsSync(agentDir)) {
                 mkdirSync(agentDir, { recursive: true });
             }
-            writeFileSync(agentStorePath, JSON.stringify(agentStore, null, 2), 'utf-8');
+            const tmpAgent2 = `${agentStorePath}.${process.pid}.${Date.now()}.tmp`;
+            writeFileSync(tmpAgent2, JSON.stringify(agentStore, null, 2), 'utf-8');
+            renameSync(tmpAgent2, agentStorePath);
             return {
                 taskId: task.taskId,
                 assignedTo: task.assignedTo,
@@ -382,6 +420,8 @@ export const taskTools = [
         handler: async (input) => {
             const store = loadTaskStore();
             const taskId = input.taskId;
+            if (FORBIDDEN_TASK_IDS.has(taskId))
+                return { success: false, taskId, error: 'Task not found' };
             const task = store.tasks[taskId];
             if (task) {
                 task.status = 'cancelled';

package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js

@@ -4,9 +4,10 @@
  * Terminal session management with real command execution.
  */
 import { getProjectCwd } from './types.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
 import { join } from 'node:path';
 import { execSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
 // Storage paths
 const STORAGE_DIR = '.monomind';
 const TERMINAL_DIR = 'terminals';
@@ -37,7 +38,11 @@ function loadTerminalStore() {
 }
 function saveTerminalStore(store) {
     ensureTerminalDir();
-    writeFileSync(getTerminalPath(), JSON.stringify(store, null, 2), 'utf-8');
+    // Unique tmp filename so concurrent handler invocations cannot clobber each
+    // other's .tmp mid-write (which would produce a partial JSON on rename).
+    const tmpPath = `${getTerminalPath()}.${process.pid}.${Date.now()}.tmp`;
+    writeFileSync(tmpPath, JSON.stringify(store, null, 2), 'utf-8');
+    renameSync(tmpPath, getTerminalPath());
 }
 export const terminalTools = [
     {
@@ -54,7 +59,19 @@ export const terminalTools = [
         },
         handler: async (input) => {
             const store = loadTerminalStore();
-            const id = `term-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+            const MAX_SESSIONS = 1000;
+            if (Object.keys(store.sessions).length >= MAX_SESSIONS) {
+                return { success: false, error: 'Session limit reached' };
+            }
+            const FORBIDDEN_ENV_KEYS = new Set(['PATH', 'LD_PRELOAD', 'LD_LIBRARY_PATH', 'NODE_OPTIONS', 'NODE_PATH', 'DYLD_INSERT_LIBRARIES', 'DYLD_LIBRARY_PATH']);
+            const rawEnv = input.env || {};
+            const safeEnv = {};
+            for (const [k, v] of Object.entries(rawEnv)) {
+                if (!FORBIDDEN_ENV_KEYS.has(k) && /^[A-Z_][A-Z0-9_]*$/i.test(k)) {
+                    safeEnv[k] = String(v);
+                }
+            }
+            const id = `term-${Date.now()}-${randomBytes(4).toString('hex')}`;
             const session = {
                 id,
                 name: input.name || `Terminal ${Object.keys(store.sessions).length + 1}`,
@@ -63,7 +80,7 @@ export const terminalTools = [
                 lastActivity: new Date().toISOString(),
                 workingDir: input.workingDir || getProjectCwd(),
                 history: [],
-                env: input.env || {},
+                env: safeEnv,
             };
             store.sessions[id] = session;
             saveTerminalStore(store);
@@ -95,11 +112,17 @@ export const terminalTools = [
             const store = loadTerminalStore();
             const sessionId = input.sessionId;
             const command = input.command;
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            // Reject inherited keys (incl. toString/hasOwnProperty/etc.) so a tampered
+            // store.json can't redirect bracket access into Object.prototype.
+            if (sessionId && (typeof sessionId !== 'string' || FORBIDDEN_KEYS.has(sessionId) || !Object.hasOwn(store.sessions, sessionId))) {
+                return { success: false, error: 'Invalid sessionId' };
+            }
             // Find or create default session
             let session = sessionId ? store.sessions[sessionId] : Object.values(store.sessions).find(s => s.status === 'active');
             if (!session) {
                 // Create default session
-                const id = `term-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+                const id = `term-${Date.now()}-${randomBytes(4).toString('hex')}`;
                 session = {
                     id,
                     name: 'Default Terminal',
@@ -112,7 +135,22 @@ export const terminalTools = [
                 };
                 store.sessions[id] = session;
             }
-            const timeout = input.timeout || 30_000;
+            // Reject shell metacharacters AND env-prefix syntax. The previous regex
+            // allowed `=`, which `/bin/sh` interprets as a per-command env override
+            // (`PATH=/tmp/evil ls`, `LD_PRELOAD=/tmp/x.so cmd`) — turning the
+            // metacharacter denylist into RCE. Also reject leading-dash so the
+            // first arg can't be misinterpreted by the spawned binary as a flag,
+            // and reject glob/expansion characters that may evaluate paths.
+            if (/[|;&`$\n\r<>=*?~(){}[\]#!\\"']/.test(command)) {
+                return { error: 'Command contains disallowed shell metacharacters', allowed: false };
+            }
+            if (/^\s*-/.test(command)) {
+                return { error: 'Command must not start with "-"', allowed: false };
+            }
+            const rawTimeout = Number(input.timeout);
+            const timeout = Number.isFinite(rawTimeout) && rawTimeout > 0
+                ? Math.min(rawTimeout, 5 * 60_000)
+                : 30_000;
             const cwd = session.workingDir || getProjectCwd();
             const startTime = Date.now();
             let output;
@@ -134,13 +172,16 @@ export const terminalTools = [
             }
             const duration = Date.now() - startTime;
             const timestamp = new Date().toISOString();
-            // Record in history
-            session.history.push({
-                command,
-                output,
-                timestamp,
-                exitCode,
-            });
+            // Record in history (cap output size and total entries to prevent unbounded growth)
+            const MAX_OUTPUT_BYTES = 64 * 1024;
+            const MAX_HISTORY = 200;
+            const truncatedOutput = output.length > MAX_OUTPUT_BYTES
+                ? output.slice(0, MAX_OUTPUT_BYTES) + '\n[... truncated ...]'
+                : output;
+            session.history.push({ command, output: truncatedOutput, timestamp, exitCode });
+            if (session.history.length > MAX_HISTORY) {
+                session.history.splice(0, session.history.length - MAX_HISTORY);
+            }
             session.lastActivity = timestamp;
             session.status = 'active';
             saveTerminalStore(store);
@@ -203,7 +244,11 @@ export const terminalTools = [
         handler: async (input) => {
             const store = loadTerminalStore();
             const sessionId = input.sessionId;
-            const session = store.sessions[sessionId];
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+            if (!sessionId || FORBIDDEN_KEYS.has(sessionId)) {
+                return { success: false, error: 'Invalid sessionId' };
+            }
+            const session = Object.hasOwn(store.sessions, sessionId) ? store.sessions[sessionId] : undefined;
             if (!session) {
                 return { success: false, error: 'Session not found' };
             }
@@ -233,7 +278,11 @@ export const terminalTools = [
             const sessionId = input.sessionId;
             const limit = input.limit || 50;
             const offset = input.offset || 0;
+            const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
             if (sessionId) {
+                if (typeof sessionId !== 'string' || FORBIDDEN_KEYS.has(sessionId) || !Object.hasOwn(store.sessions, sessionId)) {
+                    return { success: false, error: 'Invalid sessionId' };
+                }
                 const session = store.sessions[sessionId];
                 if (!session) {
                     return { success: false, error: 'Session not found' };