mstro-app 0.1.57 → 0.2.0

package/dist/server/cli/headless/claude-invoker.js

@@ -6,10 +6,12 @@
  * Handles spawning and managing Claude CLI processes.
  */
 import { spawn } from 'node:child_process';
+import { sanitizeEnvForSandbox } from '../../services/sandbox-utils.js';
 import { generateMcpConfig } from './mcp-config.js';
 import { detectErrorInStderr, } from './output-utils.js';
 import { buildMultimodalMessage } from './prompt-utils.js';
-import { assessStall } from './stall-assessor.js';
+import { assessStall, assessToolTimeout, classifyError } from './stall-assessor.js';
+import { ToolWatchdog } from './tool-watchdog.js';
 // ========== Stall Detection Helpers ==========
 /** Summarize a tool's input for stall assessment context */
 function summarizeToolInput(input) {
@@ -45,12 +47,21 @@ function terminateStallProcess(claudeProcess, interval, config, message) {
 }
 /** Run stall assessment and return updated state if extended, null otherwise */
 async function runStallAssessment(params) {
-    const { stallCtx, config, now, extensionsGranted, maxExtensions } = params;
+    const { stallCtx, config, now, extensionsGranted, maxExtensions, toolWatchdogActive } = params;
     try {
-        const verdict = await assessStall(stallCtx, config.claudeCommand, config.verbose);
+        const verdict = await assessStall(stallCtx, config.claudeCommand, config.verbose, toolWatchdogActive);
         if (verdict.action === 'extend') {
             const newExtensions = extensionsGranted + 1;
-            config.outputCallback?.(`\n[[MSTRO_STALL_EXTENDED]] Assessment: process likely working. ${verdict.reason}. Extension ${newExtensions}/${maxExtensions}.\n`);
+            const elapsedMin = Math.round(stallCtx.elapsedTotalMs / 60_000);
+            const pendingNames = stallCtx.pendingToolNames ?? new Set();
+            // Emit a progress message instead of a scary stall warning.
+            // Task subagents get a friendlier message since long silence is expected.
+            if (pendingNames.has('Task')) {
+                config.outputCallback?.(`\n[[MSTRO_STALL_EXTENDED]] Task subagent still running (${elapsedMin} min elapsed). ${verdict.reason}.\n`);
+            }
+            else {
+                config.outputCallback?.(`\n[[MSTRO_STALL_EXTENDED]] Process still working (${elapsedMin} min elapsed). ${verdict.reason}. Extension ${newExtensions}/${maxExtensions}.\n`);
+            }
             if (config.verbose) {
                 console.log(`[STALL] Extended by ${Math.round(verdict.extensionMs / 60_000)} min: ${verdict.reason}`);
             }
@@ -68,6 +79,115 @@ async function runStallAssessment(params) {
     }
     return null;
 }
+// ========== Native Timeout Detection ==========
+/** Regex matching Claude Code's internal tool timeout messages */
+const NATIVE_TIMEOUT_PATTERN = /^(\w+) timed out — (continuing|retrying) with (\d+) results? preserved$/;
+/** Quick prefix check: does incomplete text look like it might be a timeout? */
+const TIMEOUT_PREFIX_PATTERN = /^(\w+) timed/;
+/** Known tool names that Claude Code may report timeouts for */
+const NATIVE_TIMEOUT_TOOL_NAMES = new Set([
+    'Read', 'Grep', 'Glob', 'Edit', 'Write', 'Bash',
+    'WebFetch', 'WebSearch', 'Task', 'TodoRead', 'TodoWrite',
+    'NotebookEdit', 'MultiEdit',
+]);
+/**
+ * Detects Claude Code's internal tool timeout messages in the text stream.
+ *
+ * Buffers text at newline boundaries to detect complete timeout lines.
+ * Non-matching text is forwarded immediately to minimize streaming latency.
+ */
+class NativeTimeoutDetector {
+    lineBuffer = '';
+    detectedTimeouts = [];
+    /** Text buffered after native timeouts — held back from streaming until context is assessed */
+    postTimeoutBuffer = '';
+    /**
+     * Process a text_delta chunk.
+     * Returns passthrough text (for outputCallback) and any detected timeouts.
+     *
+     * After the first native timeout is detected, subsequent passthrough text
+     * is held in postTimeoutBuffer instead of returned as passthrough. This
+     * prevents confused "What were you working on?" responses from streaming
+     * to the user before context loss can be assessed.
+     */
+    processChunk(text) {
+        const timeouts = [];
+        let passthrough = '';
+        this.lineBuffer += text;
+        const lines = this.lineBuffer.split('\n');
+        const incomplete = lines.pop() ?? '';
+        for (const line of lines) {
+            const trimmed = line.trim();
+            const match = trimmed.match(NATIVE_TIMEOUT_PATTERN);
+            if (match) {
+                const event = {
+                    toolName: match[1],
+                    action: match[2],
+                    preservedCount: parseInt(match[3], 10),
+                };
+                timeouts.push(event);
+                this.detectedTimeouts.push(event);
+                // Suppress this line from passthrough — replaced by structured marker
+            }
+            else {
+                passthrough += `${line}\n`;
+            }
+        }
+        // Handle incomplete trailing text
+        if (incomplete) {
+            const prefixMatch = incomplete.match(TIMEOUT_PREFIX_PATTERN);
+            if (prefixMatch && NATIVE_TIMEOUT_TOOL_NAMES.has(prefixMatch[1])) {
+                // Looks like the start of a timeout message — hold it
+                this.lineBuffer = incomplete;
+            }
+            else {
+                passthrough += incomplete;
+                this.lineBuffer = '';
+            }
+        }
+        else {
+            this.lineBuffer = '';
+        }
+        // After native timeouts, buffer passthrough text instead of returning it.
+        // The session manager will assess context loss and either flush or discard.
+        if (this.detectedTimeouts.length > 0 && passthrough) {
+            this.postTimeoutBuffer += passthrough;
+            passthrough = '';
+        }
+        return { passthrough, timeouts };
+    }
+    /** Flush any held buffer (call on stream end).
+     *  Also checks remaining buffer for timeout patterns so the last
+     *  timeout message (without trailing newline) is always counted.
+     */
+    flush() {
+        const remaining = this.lineBuffer;
+        this.lineBuffer = '';
+        // Check if the unflushed buffer IS a timeout message
+        if (remaining) {
+            const trimmed = remaining.trim();
+            const match = trimmed.match(NATIVE_TIMEOUT_PATTERN);
+            if (match) {
+                this.detectedTimeouts.push({
+                    toolName: match[1],
+                    action: match[2],
+                    preservedCount: parseInt(match[3], 10),
+                });
+                // Return empty — this was a timeout message, not user-visible text
+                return '';
+            }
+        }
+        return remaining;
+    }
+    /** Get count of detected timeouts */
+    get timeoutCount() {
+        return this.detectedTimeouts.length;
+    }
+    /** Get buffered post-timeout text (for session manager to flush or discard) */
+    get bufferedPostTimeoutOutput() {
+        return this.postTimeoutBuffer;
+    }
+}
 function handleSessionCapture(parsed, captured) {
     if (parsed.type === 'system' && parsed.subtype === 'init' && parsed.session_id) {
         captured.claudeSessionId = parsed.session_id;
@@ -82,6 +202,14 @@ function handleThinkingDelta(event, ctx) {
         !event.delta?.thinking) {
         return ctx.accumulatedThinking;
     }
+    // Thinking activity confirms Claude has context — flush resume buffer
+    if (ctx.resumeAssessmentActive) {
+        ctx.resumeAssessmentActive = false;
+        if (ctx.resumeAssessmentBuffer) {
+            ctx.config.outputCallback?.(ctx.resumeAssessmentBuffer);
+            ctx.resumeAssessmentBuffer = '';
+        }
+    }
     const thinking = event.delta.thinking;
     const updated = ctx.accumulatedThinking + thinking;
     if (ctx.config.thinkingCallback) {
@@ -102,9 +230,26 @@ function handleTextDelta(event, ctx) {
         return ctx.accumulatedAssistantResponse;
     }
     const text = event.delta.text;
+    // Always accumulate raw text for checkpoint context
     const updated = ctx.accumulatedAssistantResponse + text;
-    if (ctx.config.outputCallback) {
-        ctx.config.outputCallback(text);
+    // Route through native timeout detector to intercept Claude Code's internal timeout messages
+    const { passthrough, timeouts } = ctx.nativeTimeoutDetector.processChunk(text);
+    // Emit structured markers for detected native timeouts
+    for (const timeout of timeouts) {
+        ctx.config.outputCallback?.(`\n[[MSTRO_NATIVE_TIMEOUT]] ${timeout.toolName} timed out \u2014 ${timeout.action} with ${timeout.preservedCount} results preserved\n`);
+    }
+    // When resume assessment is active, buffer text instead of forwarding.
+    // This prevents confused "What were you working on?" responses from streaming
+    // to the user before we can assess whether Claude retained context.
+    if (ctx.resumeAssessmentActive) {
+        if (passthrough) {
+            ctx.resumeAssessmentBuffer += passthrough;
+        }
+        return updated;
+    }
+    // Forward non-timeout text to output
+    if (passthrough && ctx.config.outputCallback) {
+        ctx.config.outputCallback(passthrough);
     }
     return updated;
 }
@@ -113,6 +258,14 @@ function handleToolStart(event, ctx) {
         event.content_block?.type !== 'tool_use') {
         return;
     }
+    // Tool activity confirms Claude has context — flush resume buffer
+    if (ctx.resumeAssessmentActive) {
+        ctx.resumeAssessmentActive = false;
+        if (ctx.resumeAssessmentBuffer) {
+            ctx.config.outputCallback?.(ctx.resumeAssessmentBuffer);
+            ctx.resumeAssessmentBuffer = '';
+        }
+    }
     const toolName = event.content_block.name;
     const toolId = event.content_block.id;
     const index = event.index;
@@ -214,6 +367,18 @@ function processStreamLines(buffer, sessionCapture, ctx) {
     return remainder;
 }
 function processStreamEvent(parsed, ctx) {
+    // Handle error events from Claude CLI (API errors, model errors, etc.)
+    if (parsed.type === 'error') {
+        const errorMessage = parsed.error?.message || parsed.message || JSON.stringify(parsed);
+        ctx.config.outputCallback?.(`\n[[MSTRO_ERROR:CLAUDE_ERROR]] ${errorMessage}\n`);
+        return;
+    }
+    // Handle result events that contain error info
+    if (parsed.type === 'result' && parsed.is_error) {
+        const errorMessage = parsed.error || parsed.result || 'Unknown error in result';
+        ctx.config.outputCallback?.(`\n[[MSTRO_ERROR:CLAUDE_RESULT_ERROR]] ${errorMessage}\n`);
+        return;
+    }
     if (parsed.type === 'stream_event' && parsed.event) {
         const event = parsed.event;
         ctx.accumulatedThinking = handleThinkingDelta(event, ctx);
@@ -224,6 +389,33 @@ function processStreamEvent(parsed, ctx) {
     }
     handleToolResult(parsed, ctx);
 }
+// ========== Close Handler Helpers ==========
+/** Flush native timeout detector buffers and return post-timeout output if any */
+function flushNativeTimeoutBuffers(ctx) {
+    const remaining = ctx.nativeTimeoutDetector.flush();
+    const buffered = ctx.nativeTimeoutDetector.bufferedPostTimeoutOutput;
+    const postTimeout = (buffered + remaining) || undefined;
+    // Only flush remaining text if there were no native timeouts
+    // (when there are timeouts, the session manager decides what to show)
+    if (!postTimeout && remaining) {
+        ctx.config.outputCallback?.(remaining);
+    }
+    return postTimeout;
+}
+/** Classify unmatched stderr via Haiku when process exits with error */
+async function classifyUnmatchedStderr(stderr, errorAlreadySurfaced, code, config) {
+    if (!stderr || errorAlreadySurfaced || code === 0)
+        return;
+    try {
+        const classified = await classifyError(stderr, config.claudeCommand, config.verbose);
+        if (classified) {
+            config.outputCallback?.(`\n[[MSTRO_ERROR:${classified.errorCode}]] ${classified.message}\n`);
+        }
+    }
+    catch {
+        // Haiku classification failed — proceed without it
+    }
+}
 // ========== Error Handling ==========
 const SPAWN_ERROR_MAP = {
     ENOENT: {
@@ -280,94 +472,253 @@ function buildClaudeArgs(config, prompt, hasImageAttachments, useStreamJson, mcp
     }
     return args;
 }
-/**
- * Execute a Claude CLI command for a single movement
- * Supports multimodal prompts via --input-format stream-json when image attachments are present
- */
-export async function executeClaudeCommand(prompt, _movementId, _sessionNumber, options) {
-    const { config, runningProcesses } = options;
-    const perfStart = Date.now();
-    if (config.verbose) {
-        console.log(`[PERF] executeMovement started`);
+/** Write image attachments to the Claude process stdin as stream-json */
+function writeImageAttachmentsToStdin(claudeProcess, prompt, config) {
+    claudeProcess.stdin.on('error', (err) => {
+        if (config.verbose) {
+            console.error('[STDIN] Write error:', err.message);
+        }
+        config.outputCallback?.(`\n[[MSTRO_ERROR:STDIN_WRITE_FAILED]] Failed to send image data to Claude: ${err.message}\n`);
+    });
+    const multimodalMessage = buildMultimodalMessage(prompt, config.imageAttachments);
+    claudeProcess.stdin.write(multimodalMessage);
+    claudeProcess.stdin.end();
+}
+/** Run a single stall-check tick. Extracted to reduce cognitive complexity of executeClaudeCommand. */
+async function runStallCheckTick(state, opts) {
+    const now = Date.now();
+    const silenceMs = now - state.lastActivityTime;
+    const totalElapsed = now - opts.perfStart;
+    if (totalElapsed >= opts.stallHardCapMs) {
+        terminateStallProcess(opts.claudeProcess, opts.stallCheckInterval, opts.config, `\n[[MSTRO_ERROR:EXECUTION_STALLED]] Hard time limit reached (${Math.round(opts.stallHardCapMs / 60000)} min total). Terminating process.\n`);
+        return;
     }
-    const hasImageAttachments = config.imageAttachments && config.imageAttachments.length > 0;
-    const useStreamJson = hasImageAttachments || config.thinkingCallback || config.outputCallback || config.toolUseCallback;
+    if (now >= state.currentKillDeadline) {
+        terminateStallProcess(opts.claudeProcess, opts.stallCheckInterval, opts.config, `\n[[MSTRO_ERROR:EXECUTION_STALLED]] No output for ${Math.round(silenceMs / 60_000)} minutes. Terminating process.\n`);
+        return;
+    }
+    if (silenceMs < opts.stallWarningMs || state.stallWarningEmitted || now < state.nextWarningAfter || state.assessmentInProgress)
+        return;
+    const stallCtx = {
+        originalPrompt: opts.prompt,
+        silenceMs,
+        lastToolName: opts.pendingTools.size > 0 ? Array.from(opts.pendingTools.values()).pop() : undefined,
+        lastToolInputSummary: opts.lastToolInputSummary,
+        pendingToolCount: opts.pendingTools.size,
+        pendingToolNames: new Set(opts.pendingTools.values()),
+        totalToolCalls: opts.totalToolCalls,
+        elapsedTotalMs: totalElapsed,
+    };
+    if (opts.stallAssessEnabled && state.extensionsGranted < opts.maxExtensions) {
+        state.assessmentInProgress = true;
+        const result = await runStallAssessment({ stallCtx, config: opts.config, now, extensionsGranted: state.extensionsGranted, maxExtensions: opts.maxExtensions, toolWatchdogActive: opts.toolWatchdogActive });
+        state.assessmentInProgress = false;
+        if (result) {
+            state.extensionsGranted = result.extensionsGranted;
+            state.currentKillDeadline = result.currentKillDeadline;
+            state.nextWarningAfter = now + opts.stallWarningMs;
+            return;
+        }
+    }
+    state.stallWarningEmitted = true;
+    const killIn = Math.round((state.currentKillDeadline - now) / 60_000);
+    opts.config.outputCallback?.(`\n[[MSTRO_ERROR:EXECUTION_STALLED]] No output for ${Math.round(silenceMs / 60_000)} minutes. Will terminate in ${killIn} minutes if no activity.\n`);
+}
+/** Handle tool_start events. Extracted to reduce cognitive complexity. */
+function onToolStart(event, s) {
+    const id = event.toolId;
+    s.pendingTools.set(id, event.toolName);
+    s.counters.totalToolCalls++;
+    s.toolIdToName.set(id, event.toolName);
+    if (s.watchdog) {
+        s.watchdog.startWatch(id, event.toolName, {}, () => { s.onTimeout(id); });
+    }
+}
+/** Handle tool_complete events. Extracted to reduce cognitive complexity. */
+function onToolComplete(event, s) {
+    const id = event.toolId;
+    s.counters.lastToolInputSummary = summarizeToolInput(event.completeInput);
+    s.toolIdToInput.set(id, event.completeInput);
+    if (!s.watchdog)
+        return;
+    const toolName = s.toolIdToName.get(id);
+    if (toolName) {
+        s.watchdog.startWatch(id, toolName, event.completeInput, () => { s.onTimeout(id); });
+    }
+}
+/** Handle tool_result events. Extracted to reduce cognitive complexity. */
+function onToolResult(event, s) {
+    const id = event.toolId;
+    s.pendingTools.delete(id);
+    s.stallState.stallWarningEmitted = false;
+    s.stallState.lastActivityTime = Date.now();
+    const toolEntry = s.ctx.accumulatedToolUse.find(t => t.toolId === id);
+    if (!s.watchdog || !toolEntry)
+        return;
+    const toolName = s.toolIdToName.get(id);
+    if (toolName && toolEntry.duration) {
+        s.watchdog.recordCompletion(toolName, toolEntry.duration);
+    }
+    s.watchdog.clearWatch(id);
+}
+/** Resolve a display URL from tool input for timeout messages */
+function resolveToolUrl(toolInput) {
+    if (toolInput.url)
+        return String(toolInput.url);
+    if (toolInput.query)
+        return String(toolInput.query);
+    return undefined;
+}
+/** Handle a tool timeout by building a checkpoint and killing the process. */
+function executeToolTimeout(hungToolId, watchdog, killCtx, s, config, prompt, sessionCapture, perfStart) {
+    const checkpoint = watchdog.buildCheckpoint(prompt, s.ctx.accumulatedAssistantResponse, s.ctx.accumulatedThinking, s.ctx.accumulatedToolUse, hungToolId, sessionCapture.claudeSessionId, perfStart);
+    const toolName = s.toolIdToName.get(hungToolId) || 'unknown';
+    const toolInput = s.toolIdToInput.get(hungToolId) || {};
+    const timeoutMs = watchdog.getTimeout(toolName);
+    const url = resolveToolUrl(toolInput);
+    config.outputCallback?.(`\n[[MSTRO_TOOL_TIMEOUT]] ${toolName} timed out after ${Math.round(timeoutMs / 1000)}s${url ? ` fetching: ${url.slice(0, 100)}` : ''}. ${s.ctx.accumulatedToolUse.filter(t => t.result !== undefined).length} completed results preserved.\n`);
+    if (checkpoint) {
+        config.onToolTimeout?.(checkpoint);
+    }
+    verboseLog(config.verbose, `[WATCHDOG] Killing process due to ${toolName} timeout`);
+    watchdog.clearAll();
+    clearInterval(killCtx.stallCheckInterval);
+    killCtx.claudeProcess.kill('SIGTERM');
+    const proc = killCtx.claudeProcess;
+    setTimeout(() => { if (!proc.killed)
+        proc.kill('SIGKILL'); }, 5000);
+}
+/** Set up tool activity tracking and watchdog. Extracted to reduce cognitive complexity. */
+function setupToolTracking(config, stallState, ctx, sessionCapture, prompt, perfStart) {
+    const pendingTools = new Map();
+    const counters = { lastToolInputSummary: undefined, totalToolCalls: 0 };
+    const toolWatchdogActive = config.enableToolWatchdog !== false;
+    const watchdog = toolWatchdogActive
+        ? new ToolWatchdog({
+            profiles: config.toolTimeoutProfiles,
+            verbose: config.verbose,
+            onTiebreaker: async (toolName, toolInput, elapsedMs) => {
+                return assessToolTimeout(toolName, toolInput, elapsedMs, config.claudeCommand, config.verbose);
+            },
+        })
+        : null;
+    // Deferred kill context — set after stallCheckInterval is created
+    let killCtx = null;
+    const trackingState = {
+        pendingTools, counters,
+        toolIdToName: new Map(), toolIdToInput: new Map(),
+        watchdog, stallState, ctx,
+        onTimeout: (hungToolId) => {
+            if (!watchdog || !killCtx)
+                return;
+            executeToolTimeout(hungToolId, watchdog, killCtx, trackingState, config, prompt, sessionCapture, perfStart);
+        },
+    };
+    const origToolUseCallback = config.toolUseCallback;
+    config.toolUseCallback = (event) => {
+        if (event.type === 'tool_start' && event.toolName && event.toolId) {
+            onToolStart(event, trackingState);
+        }
+        else if (event.type === 'tool_complete' && event.completeInput && event.toolId) {
+            onToolComplete(event, trackingState);
+        }
+        else if (event.type === 'tool_result' && event.toolId) {
+            onToolResult(event, trackingState);
+        }
+        origToolUseCallback?.(event);
+    };
+    return {
+        pendingTools, watchdog, toolWatchdogActive, counters,
+        setKillContext: (claudeProcess, stallCheckInterval) => {
+            killCtx = { claudeProcess, stallCheckInterval };
+        },
+    };
+}
+/** Log messages when verbose mode is enabled. Extracted to reduce cognitive complexity. */
+function verboseLog(verbose, ...msgs) {
+    if (verbose) {
+        for (const msg of msgs)
+            console.log(msg);
+    }
+}
+/** Spawn the Claude CLI process and register it. Extracted to reduce cognitive complexity. */
+function spawnAndRegister(config, prompt, hasImageAttachments, useStreamJson, runningProcesses, perfStart) {
     const mcpConfigPath = generateMcpConfig(config.workingDir, config.verbose);
     if (!mcpConfigPath && config.outputCallback) {
         config.outputCallback('\n[[MSTRO_ERROR:BOUNCER_UNAVAILABLE]] Security bouncer not available. Running with limited permissions — file edits allowed, but shell commands may be restricted.\n');
     }
-    const args = buildClaudeArgs(config, prompt, !!hasImageAttachments, !!useStreamJson, mcpConfigPath);
-    if (config.verbose) {
-        console.log(`[PERF] About to spawn: ${Date.now() - perfStart}ms`);
-        console.log(`[PERF] Command: ${config.claudeCommand} ${args.join(' ')}`);
-    }
+    const args = buildClaudeArgs(config, prompt, hasImageAttachments, useStreamJson, mcpConfigPath);
+    verboseLog(config.verbose, `[PERF] About to spawn: ${Date.now() - perfStart}ms`, `[PERF] Command: ${config.claudeCommand} ${args.join(' ')}`);
     const claudeProcess = spawn(config.claudeCommand, args, {
         cwd: config.workingDir,
-        env: { ...process.env },
+        env: config.sandboxed
+            ? sanitizeEnvForSandbox(process.env, config.workingDir)
+            : { ...process.env },
         stdio: [hasImageAttachments ? 'pipe' : 'ignore', 'pipe', 'pipe']
     });
     if (hasImageAttachments && claudeProcess.stdin) {
-        const multimodalMessage = buildMultimodalMessage(prompt, config.imageAttachments);
-        claudeProcess.stdin.write(multimodalMessage);
-        claudeProcess.stdin.end();
+        writeImageAttachmentsToStdin(claudeProcess, prompt, config);
     }
     if (claudeProcess.pid) {
         runningProcesses.set(claudeProcess.pid, claudeProcess);
     }
-    if (config.verbose) {
-        console.log(`[PERF] Spawned: ${Date.now() - perfStart}ms`);
-    }
+    verboseLog(config.verbose, `[PERF] Spawned: ${Date.now() - perfStart}ms`);
+    return claudeProcess;
+}
+/**
+ * Execute a Claude CLI command for a single movement
+ * Supports multimodal prompts via --input-format stream-json when image attachments are present
+ */
+export async function executeClaudeCommand(prompt, _movementId, _sessionNumber, options) {
+    const { config, runningProcesses } = options;
+    const perfStart = Date.now();
+    verboseLog(config.verbose, `[PERF] executeMovement started`);
+    const hasImageAttachments = config.imageAttachments && config.imageAttachments.length > 0;
+    const useStreamJson = hasImageAttachments || config.thinkingCallback || config.outputCallback || config.toolUseCallback;
+    const claudeProcess = spawnAndRegister(config, prompt, !!hasImageAttachments, !!useStreamJson, runningProcesses, perfStart);
     let stdout = '';
     let stderr = '';
     let thinkingBuffer = '';
     let firstStdoutReceived = false;
     let errorAlreadySurfaced = false;
     const sessionCapture = {};
+    // Activate resume assessment buffering when resuming a session.
+    // Text is held until thinking/tool activity confirms Claude has context.
+    const isResumeMode = !!(config.continueSession && config.claudeSessionId);
     const ctx = {
         config,
         accumulatedAssistantResponse: '',
         accumulatedThinking: '',
         accumulatedToolUse: [],
         toolInputBuffers: new Map(),
+        nativeTimeoutDetector: new NativeTimeoutDetector(),
+        resumeAssessmentActive: isResumeMode,
+        resumeAssessmentBuffer: '',
     };
-    // Stall detection state
-    let lastActivityTime = Date.now();
-    let stallWarningEmitted = false;
-    let assessmentInProgress = false;
-    let extensionsGranted = 0;
-    let currentKillDeadline = Date.now() + (config.stallKillMs ?? 1_800_000);
-    // Tool activity tracking for stall assessment context
-    let lastToolName;
-    let lastToolInputSummary;
-    let pendingToolCount = 0;
-    let totalToolCalls = 0;
-    // Wrap the existing tool handlers to track activity
-    const origToolUseCallback = config.toolUseCallback;
-    config.toolUseCallback = (event) => {
-        if (event.type === 'tool_start' && event.toolName) {
-            lastToolName = event.toolName;
-            pendingToolCount++;
-            totalToolCalls++;
-        }
-        else if (event.type === 'tool_complete' && event.completeInput) {
-            lastToolInputSummary = summarizeToolInput(event.completeInput);
-        }
-        else if (event.type === 'tool_result') {
-            pendingToolCount = Math.max(0, pendingToolCount - 1);
-        }
-        origToolUseCallback?.(event);
+    // Stall detection state (mutable object shared with runStallCheckTick)
+    const stallState = {
+        lastActivityTime: Date.now(),
+        stallWarningEmitted: false,
+        assessmentInProgress: false,
+        extensionsGranted: 0,
+        currentKillDeadline: Date.now() + (config.stallKillMs ?? 1_800_000),
+        nextWarningAfter: 0,
     };
+    // Tool activity tracking for stall assessment context
+    const toolTracking = setupToolTracking(config, stallState, ctx, sessionCapture, prompt, perfStart);
+    const { pendingTools, watchdog, toolWatchdogActive } = toolTracking;
+    // Mutable counters accessed by stall check tick
+    const toolCounters = toolTracking.counters;
     claudeProcess.stdout.on('data', (data) => {
-        lastActivityTime = Date.now();
-        stallWarningEmitted = false;
+        stallState.lastActivityTime = Date.now();
+        stallState.stallWarningEmitted = false;
+        stallState.nextWarningAfter = 0; // Real activity resets throttle
         // Push kill deadline forward on any activity
         const killMs = config.stallKillMs ?? 1_800_000;
-        currentKillDeadline = Date.now() + killMs;
+        stallState.currentKillDeadline = Date.now() + killMs;
         if (!firstStdoutReceived) {
             firstStdoutReceived = true;
-            if (config.verbose) {
-                console.log(`[PERF] First stdout data: ${Date.now() - perfStart}ms`);
-            }
+            verboseLog(config.verbose, `[PERF] First stdout data: ${Date.now() - perfStart}ms`);
         }
         const chunk = data.toString();
         stdout += chunk;
@@ -393,50 +744,24 @@ export async function executeClaudeCommand(prompt, _movementId, _sessionNumber,
     const stallHardCapMs = config.stallHardCapMs ?? 3_600_000;
     const maxExtensions = config.stallMaxExtensions ?? 3;
     const stallAssessEnabled = config.stallAssessEnabled !== false;
-    const stallCheckInterval = setInterval(async () => {
-        const now = Date.now();
-        const silenceMs = now - lastActivityTime;
-        const totalElapsed = now - perfStart;
-        // Hard cap: absolute wall-clock limit regardless of extensions
-        if (totalElapsed >= stallHardCapMs) {
-            terminateStallProcess(claudeProcess, stallCheckInterval, config, `\n[[MSTRO_ERROR:EXECUTION_STALLED]] Hard time limit reached (${Math.round(stallHardCapMs / 60000)} min total). Terminating process.\n`);
-            return;
-        }
-        // Kill deadline reached
-        if (now >= currentKillDeadline) {
-            terminateStallProcess(claudeProcess, stallCheckInterval, config, `\n[[MSTRO_ERROR:EXECUTION_STALLED]] No output for ${Math.round(silenceMs / 60_000)} minutes. Terminating process.\n`);
-            return;
-        }
-        // Warning + assessment trigger
-        if (silenceMs < stallWarningMs || stallWarningEmitted)
-            return;
-        stallWarningEmitted = true;
-        const killIn = Math.round((currentKillDeadline - now) / 60_000);
-        config.outputCallback?.(`\n[[MSTRO_ERROR:EXECUTION_STALLED]] No output for ${Math.round(silenceMs / 60_000)} minutes. Will terminate in ${killIn} minutes if no activity.\n`);
-        // Run stall assessment if enabled and we haven't exhausted extensions
-        if (!stallAssessEnabled || assessmentInProgress || extensionsGranted >= maxExtensions)
-            return;
-        assessmentInProgress = true;
-        const stallCtx = {
-            originalPrompt: prompt,
-            silenceMs,
-            lastToolName,
-            lastToolInputSummary,
-            pendingToolCount,
-            totalToolCalls,
-            elapsedTotalMs: totalElapsed,
-        };
-        const result = await runStallAssessment({ stallCtx, config, now, extensionsGranted, maxExtensions });
-        if (result) {
-            extensionsGranted = result.extensionsGranted;
-            currentKillDeadline = result.currentKillDeadline;
-            stallWarningEmitted = false; // Allow re-warning after extension
-        }
-        assessmentInProgress = false;
+    // eslint-disable-next-line prefer-const
+    let stallCheckInterval;
+    stallCheckInterval = setInterval(() => {
+        runStallCheckTick(stallState, {
+            perfStart, stallWarningMs, stallHardCapMs, maxExtensions, stallAssessEnabled,
+            toolWatchdogActive, prompt, pendingTools, lastToolInputSummary: toolCounters.lastToolInputSummary, totalToolCalls: toolCounters.totalToolCalls,
+            claudeProcess, stallCheckInterval, config,
+        });
     }, 10_000);
+    // Wire up the kill context now that stallCheckInterval exists
+    toolTracking.setKillContext(claudeProcess, stallCheckInterval);
     return new Promise((resolve, reject) => {
-        claudeProcess.on('close', (code) => {
+        claudeProcess.on('close', async (code) => {
             clearInterval(stallCheckInterval);
+            watchdog?.clearAll();
+            const postTimeout = flushNativeTimeoutBuffers(ctx);
+            await classifyUnmatchedStderr(stderr, errorAlreadySurfaced, code, config);
+            const resumeBuffered = ctx.resumeAssessmentActive ? (ctx.resumeAssessmentBuffer || undefined) : undefined;
             if (claudeProcess.pid) {
                 runningProcesses.delete(claudeProcess.pid);
             }
@@ -447,11 +772,15 @@ export async function executeClaudeCommand(prompt, _movementId, _sessionNumber,
                 assistantResponse: ctx.accumulatedAssistantResponse || undefined,
                 thinkingOutput: ctx.accumulatedThinking || undefined,
                 toolUseHistory: ctx.accumulatedToolUse.length > 0 ? ctx.accumulatedToolUse : undefined,
-                claudeSessionId: sessionCapture.claudeSessionId
+                claudeSessionId: sessionCapture.claudeSessionId,
+                nativeTimeoutCount: ctx.nativeTimeoutDetector.timeoutCount || undefined,
+                postTimeoutOutput: postTimeout,
+                resumeBufferedOutput: resumeBuffered,
             });
         });
         claudeProcess.on('error', (error) => {
             clearInterval(stallCheckInterval);
+            watchdog?.clearAll();
             if (claudeProcess.pid) {
                 runningProcesses.delete(claudeProcess.pid);
             }