mstro-app 0.3.0 → 0.3.4

package/server/cli/headless/claude-invoker.ts

@@ -21,6 +21,10 @@ import type {
   ToolUseEvent,
 } from './types.js';
 
+/** Parsed JSON from Claude CLI stream — structure varies by event type */
+// biome-ignore lint/suspicious/noExplicitAny: external CLI stream JSON with heterogeneous shapes
+type StreamJson = any;
+
 export interface ClaudeInvokerOptions {
   config: ResolvedHeadlessConfig;
   runningProcesses: Map<number, ChildProcess>;
@@ -281,7 +285,7 @@ interface StreamHandlerContext {
 }
 
 function handleSessionCapture(
-  parsed: any,
+  parsed: StreamJson,
   captured: { claudeSessionId?: string }
 ): void {
   if (parsed.type === 'system' && parsed.subtype === 'init' && parsed.session_id) {
@@ -292,7 +296,7 @@ function handleSessionCapture(
   }
 }
 
-function handleThinkingDelta(event: any, ctx: StreamHandlerContext): string {
+function handleThinkingDelta(event: StreamJson, ctx: StreamHandlerContext): string {
   if (
     event.type !== 'content_block_delta' ||
     event.delta?.type !== 'thinking_delta' ||
@@ -324,7 +328,7 @@ function handleThinkingDelta(event: any, ctx: StreamHandlerContext): string {
   return updated;
 }
 
-function handleTextDelta(event: any, ctx: StreamHandlerContext): string {
+function handleTextDelta(event: StreamJson, ctx: StreamHandlerContext): string {
   if (
     event.type !== 'content_block_delta' ||
     event.delta?.type !== 'text_delta' ||
@@ -366,7 +370,7 @@ function handleTextDelta(event: any, ctx: StreamHandlerContext): string {
   return updated;
 }
 
-function handleToolStart(event: any, ctx: StreamHandlerContext): void {
+function handleToolStart(event: StreamJson, ctx: StreamHandlerContext): void {
   if (
     event.type !== 'content_block_start' ||
     event.content_block?.type !== 'tool_use'
@@ -399,7 +403,7 @@ function handleToolStart(event: any, ctx: StreamHandlerContext): void {
   }
 }
 
-function handleToolInputDelta(event: any, ctx: StreamHandlerContext): void {
+function handleToolInputDelta(event: StreamJson, ctx: StreamHandlerContext): void {
   if (
     event.type !== 'content_block_delta' ||
     event.delta?.type !== 'input_json_delta'
@@ -420,7 +424,7 @@ function handleToolInputDelta(event: any, ctx: StreamHandlerContext): void {
   }
 }
 
-function handleToolComplete(event: any, ctx: StreamHandlerContext): void {
+function handleToolComplete(event: StreamJson, ctx: StreamHandlerContext): void {
   if (event.type !== 'content_block_stop') {
     return;
   }
@@ -431,7 +435,7 @@ function handleToolComplete(event: any, ctx: StreamHandlerContext): void {
     return;
   }
 
-  let completeInput: any = {};
+  let completeInput: Record<string, unknown> = {};
   try {
     completeInput = JSON.parse(toolBuffer.inputJson);
   } catch (_e) {
@@ -460,7 +464,7 @@ function handleToolComplete(event: any, ctx: StreamHandlerContext): void {
 }
 
 /** Accumulate input tokens from a message_start event. Returns true if any tokens were added. */
-function handleMessageStartTokens(event: any, ctx: StreamHandlerContext): boolean {
+function handleMessageStartTokens(event: StreamJson, ctx: StreamHandlerContext): boolean {
   if (event.type !== 'message_start' || !event.message?.usage) return false;
   const usage = event.message.usage;
   ctx.currentStepOutputTokens = 0;
@@ -488,7 +492,7 @@ function handleMessageStartTokens(event: any, ctx: StreamHandlerContext): boolea
  * message_delta event are cumulative" and there can be "one or more message_delta
  * events" per message. We track the delta from the previous value to avoid
  * double-counting when multiple message_delta events fire per step. */
-function handleMessageDeltaTokens(event: any, ctx: StreamHandlerContext): boolean {
+function handleMessageDeltaTokens(event: StreamJson, ctx: StreamHandlerContext): boolean {
   if (event.type !== 'message_delta' || !event.usage) return false;
   if (typeof event.usage.output_tokens !== 'number') return false;
   const increment = event.usage.output_tokens - ctx.currentStepOutputTokens;
@@ -500,7 +504,7 @@ function handleMessageDeltaTokens(event: any, ctx: StreamHandlerContext): boolea
   return true;
 }
 
-function handleTokenUsage(event: any, ctx: StreamHandlerContext): void {
+function handleTokenUsage(event: StreamJson, ctx: StreamHandlerContext): void {
   const changed = handleMessageStartTokens(event, ctx) || handleMessageDeltaTokens(event, ctx);
   if (changed) {
     ctx.lastTokenActivityTime = Date.now();
@@ -514,7 +518,7 @@ function handleTokenUsage(event: any, ctx: StreamHandlerContext): void {
  * accumulated stream-based counts which may be incomplete (e.g., when extended thinking
  * suppresses stream_event emissions).
  */
-function handleResultTokenUsage(parsed: any, ctx: StreamHandlerContext): void {
+function handleResultTokenUsage(parsed: StreamJson, ctx: StreamHandlerContext): void {
   if (!parsed.usage) return;
   const u = parsed.usage;
   const input = (typeof u.input_tokens === 'number' ? u.input_tokens : 0)
@@ -533,7 +537,7 @@ function handleResultTokenUsage(parsed: any, ctx: StreamHandlerContext): void {
   }
 }
 
-function handleToolResult(parsed: any, ctx: StreamHandlerContext): void {
+function handleToolResult(parsed: StreamJson, ctx: StreamHandlerContext): void {
   if (parsed.type !== 'user' || !parsed.message?.content) {
     return;
   }
@@ -583,7 +587,7 @@ function processStreamLines(
   return remainder;
 }
 
-function processStreamEvent(parsed: any, ctx: StreamHandlerContext): void {
+function processStreamEvent(parsed: StreamJson, ctx: StreamHandlerContext): void {
   // Handle error events from Claude CLI (API errors, model errors, etc.)
   if (parsed.type === 'error') {
     const errorMessage = parsed.error?.message || parsed.message || JSON.stringify(parsed);
@@ -870,12 +874,13 @@ function onToolStart(event: ToolUseEvent, s: ToolTrackingState): void {
 /** Handle tool_complete events. Extracted to reduce cognitive complexity. */
 function onToolComplete(event: ToolUseEvent, s: ToolTrackingState): void {
   const id = event.toolId!;
-  s.counters.lastToolInputSummary = summarizeToolInput(event.completeInput);
-  s.toolIdToInput.set(id, event.completeInput);
+  const input = event.completeInput ?? {};
+  s.counters.lastToolInputSummary = summarizeToolInput(input);
+  s.toolIdToInput.set(id, input);
   if (!s.watchdog) return;
   const toolName = s.toolIdToName.get(id);
   if (toolName) {
-    s.watchdog.startWatch(id, toolName, event.completeInput, () => { s.onTimeout(id); });
+    s.watchdog.startWatch(id, toolName, input, () => { s.onTimeout(id); });
   }
 }
 

package/server/cli/headless/mcp-config.ts

@@ -12,8 +12,8 @@ import { MCP_SERVER_PATH, MSTRO_ROOT } from '../../utils/paths.js';
 /**
  * Load user's MCP servers from ~/.claude.json (global + project-level)
  */
-function loadUserMcpServers(workingDir: string, verbose: boolean): Record<string, any> {
-  const servers: Record<string, any> = {};
+function loadUserMcpServers(workingDir: string, verbose: boolean): Record<string, unknown> {
+  const servers: Record<string, unknown> = {};
   const claudeConfigPath = join(homedir(), '.claude.json');
 
   if (!existsSync(claudeConfigPath)) {
@@ -29,7 +29,7 @@ function loadUserMcpServers(workingDir: string, verbose: boolean): Record<string
 
     if (claudeConfig.projects && typeof claudeConfig.projects === 'object') {
       for (const [projectPath, projectConfig] of Object.entries(claudeConfig.projects)) {
-        const projectServers = (projectConfig as any)?.mcpServers;
+        const projectServers = (projectConfig as Record<string, unknown>)?.mcpServers;
         if (workingDir.startsWith(projectPath) && typeof projectServers === 'object') {
           Object.assign(servers, projectServers);
         }
@@ -39,8 +39,8 @@ function loadUserMcpServers(workingDir: string, verbose: boolean): Record<string
     if (verbose) {
       console.log(`[${new Date().toISOString()}] Loaded ${Object.keys(servers).length} user MCP servers from ~/.claude.json`);
     }
-  } catch (parseError: any) {
-    console.error(`[${new Date().toISOString()}] Failed to parse ~/.claude.json: ${parseError.message}`);
+  } catch (parseError: unknown) {
+    console.error(`[${new Date().toISOString()}] Failed to parse ~/.claude.json: ${parseError instanceof Error ? parseError.message : String(parseError)}`);
   }
 
   return servers;
@@ -57,7 +57,7 @@ export function generateMcpConfig(workingDir: string, verbose: boolean = false):
       return null;
     }
 
-    const mcpServers: Record<string, any> = {
+    const mcpServers: Record<string, unknown> = {
       'mstro-bouncer': {
         command: 'npx',
         args: ['tsx', MCP_SERVER_PATH],
@@ -80,8 +80,8 @@ export function generateMcpConfig(workingDir: string, verbose: boolean = false):
     }
 
     return configPath;
-  } catch (error: any) {
-    console.error(`[${new Date().toISOString()}] Failed to generate MCP config: ${error.message}`);
+  } catch (error: unknown) {
+    console.error(`[${new Date().toISOString()}] Failed to generate MCP config: ${error instanceof Error ? error.message : String(error)}`);
     return null;
   }
 }

package/server/cli/headless/runner.ts

@@ -175,12 +175,40 @@ export class HeadlessRunner {
   }
 
   /**
-   * Cleanup on exit
+   * Cleanup on exit — SIGTERM all tracked processes, then SIGKILL stragglers after 5s
    */
   cleanup(): void {
-    for (const [_pid, process] of this.runningProcesses) {
-      process.kill();
+    if (this.runningProcesses.size === 0) return;
+
+    const pids = new Set<number>();
+    for (const [pid, proc] of this.runningProcesses) {
+      pids.add(pid);
+      try { proc.kill('SIGTERM'); } catch { /* already dead */ }
+    }
+
+    // SIGKILL fallback after 5 seconds for any process that didn't exit
+    setTimeout(() => {
+      for (const [pid, proc] of this.runningProcesses) {
+        if (pids.has(pid) && !proc.killed) {
+          try { proc.kill('SIGKILL'); } catch { /* already dead */ }
+        }
+      }
+      this.runningProcesses.clear();
+    }, 5000);
+  }
+
+  /**
+   * Sweep for zombie processes — entries in runningProcesses whose underlying
+   * process has already exited but whose 'close' event was missed.
+   */
+  sweepZombies(): number {
+    let swept = 0;
+    for (const [pid, proc] of this.runningProcesses) {
+      if (proc.exitCode !== null || proc.killed) {
+        this.runningProcesses.delete(pid);
+        swept++;
+      }
     }
-    this.runningProcesses.clear();
+    return swept;
   }
 }

package/server/cli/headless/types.ts

@@ -19,7 +19,7 @@ export interface ToolUseEvent {
   toolId?: string;
   index?: number;
   partialJson?: string;
-  completeInput?: any;
+  completeInput?: Record<string, unknown>;
   result?: string;
   isError?: boolean;
 }

package/server/cli/improvisation-session-manager.ts

@@ -114,7 +114,7 @@ export class ImprovisationSessionManager extends EventEmitter {
   private currentRunner: HeadlessRunner | null = null;
   private options: ImprovisationOptions;
   private pendingApproval?: {
-    plan: any;
+    plan: unknown;
     resolve: (approved: boolean) => void;
   };
   private outputQueue: Array<{ text: string; timestamp: number }> = [];
@@ -129,7 +129,7 @@ export class ImprovisationSessionManager extends EventEmitter {
   /** Timestamp when current execution started (for accurate elapsed time across reconnects) */
   private _executionStartTimestamp: number | undefined;
   /** Buffered events during current execution, for replay on reconnect */
-  private executionEventLog: Array<{ type: string; data: any; timestamp: number }> = [];
+  private executionEventLog: Array<{ type: string; data: unknown; timestamp: number }> = [];
   /** Set by cancel() to signal the retry loop to exit */
   private _cancelled: boolean = false;
 
@@ -383,19 +383,20 @@ export class ImprovisationSessionManager extends EventEmitter {
       this.emitMovementComplete(movement, result, _execStart, sequenceNumber);
       return movement;
 
-    } catch (error: any) {
+    } catch (error: unknown) {
       this._isExecuting = false;
       this._executionStartTimestamp = undefined;
       this.executionEventLog = [];
       this.currentRunner = null;
       this.emit('onMovementError', error);
+      const errorMessage = error instanceof Error ? error.message : String(error);
       trackEvent(AnalyticsEvents.IMPROVISE_MOVEMENT_ERROR, {
-        error_message: error.message?.slice(0, 200),
+        error_message: errorMessage.slice(0, 200),
         sequence_number: this.history.movements.length + 1,
         duration_ms: Date.now() - _execStart,
         model: this.options.model || 'default',
       });
-      this.queueOutput(`\n❌ Error: ${error.message}\n`);
+      this.queueOutput(`\n❌ Error: ${errorMessage}\n`);
       this.flushOutputQueue();
       throw error;
     } finally {
@@ -1510,7 +1511,7 @@ export class ImprovisationSessionManager extends EventEmitter {
    * Request user approval for a plan
    * Returns a promise that resolves when the user approves/rejects
    */
-  async requestApproval(plan: any): Promise<boolean> {
+  async requestApproval(plan: unknown): Promise<boolean> {
     return new Promise((resolve) => {
       this.pendingApproval = { plan, resolve };
       this.emit('onApprovalRequired', plan);
@@ -1559,7 +1560,7 @@ export class ImprovisationSessionManager extends EventEmitter {
    * Get buffered execution events for replay on reconnect.
    * Only meaningful while isExecuting is true.
    */
-  getExecutionEventLog(): Array<{ type: string; data: any; timestamp: number }> {
+  getExecutionEventLog(): Array<{ type: string; data: unknown; timestamp: number }> {
     return this.executionEventLog;
   }
 

package/server/index.ts

@@ -7,11 +7,11 @@
 
 import { randomBytes } from 'node:crypto'
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
-import type { IncomingMessage } from 'node:http'
+import type { IncomingMessage, Server } from 'node:http'
 import { homedir } from 'node:os'
 import { basename, join } from 'node:path'
 import { serve } from '@hono/node-server'
-import { Hono } from 'hono'
+import { type Context, Hono, type Next } from 'hono'
 import { cors } from 'hono/cors'
 import { logger } from 'hono/logger'
 import { type WebSocket as NodeWebSocket, WebSocketServer } from 'ws'
@@ -26,10 +26,10 @@ import {
 import { AnalyticsEvents, initAnalytics, shutdownAnalytics, trackEvent } from './services/analytics.js'
 import { AuthService } from './services/auth.js'
 import { FileService } from './services/files.js'
-import { InstanceRegistry } from './services/instances.js'
+import { InstanceRegistry, type MstroInstance } from './services/instances.js'
 import { PlatformConnection } from './services/platform.js'
 import { captureException, flushSentry, initSentry } from './services/sentry.js'
-import { getPTYManager } from './services/terminal/pty-manager.js'
+import { getPTYManager, reloadPty } from './services/terminal/pty-manager.js'
 import { WebSocketImproviseHandler } from './services/websocket/index.js'
 import type { WSContext } from './services/websocket/types.js'
 import { findAvailablePort } from './utils/port.js'
@@ -126,7 +126,7 @@ const fileService = new FileService(WORKING_DIR)
 const wsHandler = new WebSocketImproviseHandler()
 
 // Instance registration deferred to startServer() when port is known
-let _currentInstance: any
+let _currentInstance: MstroInstance | undefined
 
 // Global middleware
 // In production, restrict CORS to block cross-origin browser requests to localhost.
@@ -149,7 +149,7 @@ app.use('*', logger())
 // Authentication Middleware
 // ========================================
 
-const authMiddleware = async (c: any, next: any) => {
+const authMiddleware = async (c: Context, next: Next) => {
   // Skip auth for health check and config
   const publicPaths = ['/health', '/api/config']
   if (publicPaths.some(path => c.req.path.startsWith(path))) {
@@ -207,6 +207,12 @@ app.route('/api/improvise', createImproviseRoutes(WORKING_DIR))
 app.route('/api/files', createFileRoutes(fileService))
 app.route('/api/notifications', createNotificationRoutes(WORKING_DIR))
 
+// Reload node-pty after setup-terminal compiles the native module
+app.post('/api/reload-pty', async (c) => {
+  const success = await reloadPty()
+  return c.json({ success, available: success })
+})
+
 // ========================================
 // Static File Serving (Production Only)
 // ========================================
@@ -257,7 +263,7 @@ function wrapWebSocket(ws: NodeWebSocket, workingDir: string): WSContext {
  * This allows messages from the web (via platform) to be handled by the same wsHandler
  */
 function createPlatformRelayContext(
-  platformSend: (message: any) => void,
+  platformSend: (message: unknown) => void,
   workingDir: string
 ): WSContext {
   return {
@@ -299,7 +305,7 @@ async function startServer() {
   })
 
   // Create WebSocket server attached to the HTTP server
-  const wss = new WebSocketServer({ server: server as any })
+  const wss = new WebSocketServer({ server: server as Server })
 
   wss.on('connection', (ws: NodeWebSocket, req: IncomingMessage) => {
     const url = new URL(req.url || '/', `http://localhost:${PORT}`)
@@ -354,7 +360,7 @@ async function startServer() {
 
   // Queue for messages that arrive before relay context is ready
   // This handles race conditions where initTab arrives before web_connected
-  let pendingRelayMessages: any[] = []
+  let pendingRelayMessages: unknown[] = []
 
   // Connect to platform
   const platformConnection = new PlatformConnection(WORKING_DIR, {

package/server/mcp/README.md

@@ -22,7 +22,6 @@ MCP (Model Context Protocol) server that provides tool approval decisions for Cl
 - **bouncer-integration.ts** — Core 2-layer security review logic. Orchestrates pattern check → AI analysis flow.
 - **security-patterns.ts** — Pattern definitions: CRITICAL_THREATS, SAFE_OPERATIONS, NEEDS_AI_REVIEW, SENSITIVE_PATHS.
 - **security-audit.ts** — Audit logging to `~/.mstro/logs/bouncer-audit.jsonl` (JSON Lines format).
-- **bouncer-cli.ts** — Shell-callable wrapper invoked by `~/.claude/hooks/bouncer.sh`. Reads JSON from stdin, outputs decision to stdout.
 
 ## Usage
 
@@ -49,10 +48,6 @@ claude --print \
 
 The MCP config is auto-generated by the headless runner at `~/.mstro/mcp-config.json`. It includes the bouncer server plus any user-configured MCP servers from `~/.claude.json`.
 
-### Hook Integration
-
-When installed via `mstro configure-hooks`, a shell script at `~/.claude/hooks/bouncer.sh` calls `bouncer-cli.ts` as a PreToolUse hook. This provides security for both mstro sessions and standalone Claude Code usage.
-
 ## Environment Variables
 
 | Variable | Default | Description |