mstro-app 0.4.16 → 0.4.20

package/server/services/websocket/autocomplete.ts

@@ -8,10 +8,10 @@
  */
 
 import { existsSync, readdirSync, statSync } from 'node:fs';
-import { join, } from 'node:path';
+import { join, normalize, resolve } from 'node:path';
 import Fuse, { type FuseResult } from 'fuse.js';
 import {
-  CACHE_TTL_MS, 
+  CACHE_TTL_MS,
   directoryCache,
   getFileType,
   isIgnored,
@@ -100,6 +100,30 @@ function shouldIncludeEntry(
   return true;
 }
 
+interface PathScope {
+  scopedDir: string;
+  searchQuery: string;
+  pathPrefix: string;
+  maxDepth: number;
+}
+
+/** Parse a partial path into its directory scope, search query, and depth limit. */
+function resolvePathScope(cleanPath: string, workingDir: string, sandboxed?: boolean): PathScope | null {
+  const lastSlashIndex = cleanPath.lastIndexOf('/');
+  if (lastSlashIndex === -1) {
+    return { scopedDir: workingDir, searchQuery: cleanPath, pathPrefix: '', maxDepth: cleanPath === '' ? 4 : 10 };
+  }
+
+  const dirPath = cleanPath.substring(0, lastSlashIndex);
+  if (sandboxed && !isPathWithinDir(dirPath, workingDir)) return null;
+
+  const candidateDir = join(workingDir, dirPath);
+  if (existsSync(candidateDir) && statSync(candidateDir).isDirectory()) {
+    return { scopedDir: candidateDir, searchQuery: cleanPath.substring(lastSlashIndex + 1), pathPrefix: `${dirPath}/`, maxDepth: 3 };
+  }
+  return { scopedDir: workingDir, searchQuery: cleanPath, pathPrefix: '', maxDepth: 10 };
+}
+
 export class AutocompleteService {
   private frecencyData: FrecencyData = {};
 
@@ -175,12 +199,18 @@ export class AutocompleteService {
   /**
    * Get file completions for autocomplete with directory-scoped navigation
    */
-  getFileCompletions(partialPath: string, workingDir: string): AutocompleteResult[] {
+  getFileCompletions(partialPath: string, workingDir: string, sandboxed?: boolean): AutocompleteResult[] {
     try {
       // Handle @ symbol prefix for file autocomplete
       const isAtSymbol = partialPath.startsWith('@');
       const cleanPath = isAtSymbol ? partialPath.substring(1) : partialPath;
 
+      // Sandboxed users: block path traversal outside the working directory.
+      // Resolves the target path and checks it stays within workingDir boundaries.
+      if (sandboxed && cleanPath && !isPathWithinDir(cleanPath, workingDir)) {
+        return [];
+      }
+
       // Parse .gitignore patterns
       const gitignorePatterns = parseGitignore(workingDir);
 
@@ -189,28 +219,10 @@ export class AutocompleteService {
         return this.getDirectoryContentsEnhanced(cleanPath, workingDir, gitignorePatterns);
       }
 
-      // STRICT PATH SEGMENT MATCHING
-      const lastSlashIndex = cleanPath.lastIndexOf('/');
-      let scopedDir = workingDir;
-      let searchQuery = cleanPath;
-      let pathPrefix = '';
-      let maxDepth = 10;
-
-      if (lastSlashIndex !== -1) {
-        const dirPath = cleanPath.substring(0, lastSlashIndex);
-        const candidateDir = join(workingDir, dirPath);
-
-        if (existsSync(candidateDir) && statSync(candidateDir).isDirectory()) {
-          scopedDir = candidateDir;
-          searchQuery = cleanPath.substring(lastSlashIndex + 1);
-          pathPrefix = `${dirPath}/`;
-          maxDepth = 3;
-        }
-      } else if (cleanPath === '') {
-        maxDepth = 4;
-      }
+      const scope = resolvePathScope(cleanPath, workingDir, sandboxed);
+      if (!scope) return [];
 
-      const filesWithMetadata = this.getFilesWithCache(scopedDir, gitignorePatterns, maxDepth, pathPrefix);
+      const filesWithMetadata = this.getFilesWithCache(scope.scopedDir, gitignorePatterns, scope.maxDepth, scope.pathPrefix);
 
       // Track which files are recent
       const recentFiles = new Set<string>();
@@ -220,9 +232,9 @@ export class AutocompleteService {
         }
       }
 
-      const scoredMatches = searchQuery === ''
+      const scoredMatches = scope.searchQuery === ''
         ? this.scoreEmptyQuery(filesWithMetadata)
-        : this.scoreWithQuery(filesWithMetadata, searchQuery, recentFiles);
+        : this.scoreWithQuery(filesWithMetadata, scope.searchQuery, recentFiles);
 
       const results: AutocompleteResult[] = scoredMatches.slice(0, 15).map(file => {
         const displayPath = file.isDirectory ? `${file.relativePath}/` : file.relativePath;
@@ -440,3 +452,13 @@ export class AutocompleteService {
     }
   }
 }
+
+/**
+ * Check if a relative path resolves to a location within the working directory.
+ * Used to prevent path traversal (../) in sandboxed autocomplete.
+ */
+function isPathWithinDir(relativePath: string, workingDir: string): boolean {
+  const resolved = normalize(resolve(workingDir, relativePath));
+  const normalizedWorkDir = resolve(workingDir);
+  return resolved === normalizedWorkDir || resolved.startsWith(`${normalizedWorkDir}/`);
+}

package/server/services/websocket/file-explorer-handlers.ts

@@ -16,24 +16,31 @@ import { readFileContent } from './file-utils.js';
 import type { HandlerContext } from './handler-context.js';
 import type { WebSocketMessage, WebSocketResponse, WSContext } from './types.js';
 
-export function handleFileMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
+export function handleFileMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
+  const isSandboxed = !!permission;
   switch (msg.type) {
     case 'autocomplete':
       if (!msg.data?.partialPath) throw new Error('Partial path is required');
-      ctx.send(ws, { type: 'autocomplete', tabId, data: { completions: ctx.autocompleteService.getFileCompletions(msg.data.partialPath, workingDir) } });
+      ctx.send(ws, { type: 'autocomplete', tabId, data: { completions: ctx.autocompleteService.getFileCompletions(msg.data.partialPath, workingDir, isSandboxed || undefined) } });
       break;
     case 'readFile':
       handleReadFile(ctx, ws, msg, tabId, workingDir, permission);
       break;
     case 'recordSelection':
-      if (msg.data?.filePath) ctx.recordFileSelection(msg.data.filePath);
+      if (msg.data?.filePath) {
+        if (isSandboxed) {
+          const validation = validatePathWithinWorkingDir(msg.data.filePath, workingDir);
+          if (!validation.valid) break; // Silently ignore out-of-bounds selections
+        }
+        ctx.recordFileSelection(msg.data.filePath);
+      }
       break;
   }
 }
 
-function handleReadFile(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
+function handleReadFile(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
   if (!msg.data?.filePath) throw new Error('File path is required');
-  const isSandboxed = permission === 'control' || permission === 'view';
+  const isSandboxed = !!permission;
   if (isSandboxed) {
     const validation = validatePathWithinWorkingDir(msg.data.filePath, workingDir);
     if (!validation.valid) {
@@ -51,8 +58,8 @@ function sendFileResult(ctx: HandlerContext, ws: WSContext, type: WebSocketRespo
   ctx.send(ws, { type, tabId, data });
 }
 
-export function handleFileExplorerMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
-  const isSandboxed = permission === 'control' || permission === 'view';
+export function handleFileExplorerMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
+  const isSandboxed = !!permission;
   const handlers: Record<string, () => void> = {
     listDirectory: () => {
       if (isSandboxed && msg.data?.dirPath) {

package/server/services/websocket/handler.ts

@@ -140,7 +140,7 @@ export class WebSocketImproviseHandler implements HandlerContext {
     fileUploadStart: 'fileUpload', fileUploadChunk: 'fileUpload', fileUploadComplete: 'fileUpload', fileUploadCancel: 'fileUpload',
   };
 
-  private async dispatchMessage(ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): Promise<void> {
+  private async dispatchMessage(ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): Promise<void> {
     // Handle messages with custom inline logic first
     switch (msg.type) {
       case 'ping':
@@ -185,7 +185,7 @@ export class WebSocketImproviseHandler implements HandlerContext {
       case 'session':    return handleSessionMessage(this, ws, msg, tabId, permission);
       case 'history':    return handleHistoryMessage(this, ws, msg, tabId, workingDir);
       case 'file':       return handleFileMessage(this, ws, msg, tabId, effectiveDir, permission);
-      case 'terminal':   return handleTerminalMessage(this, ws, msg, tabId, workingDir, permission);
+      case 'terminal':   return handleTerminalMessage(this, ws, msg, tabId, workingDir);
       case 'fileExplorer': return handleFileExplorerMessage(this, ws, msg, tabId, effectiveDir, permission);
       case 'git':        return handleGitMessage(this, ws, msg, tabId, workingDir);
       case 'quality':    return handleQualityMessage(this, ws, msg, tabId, workingDir, permission);
@@ -233,6 +233,12 @@ export class WebSocketImproviseHandler implements HandlerContext {
     this.connections.delete(ws);
     this.allConnections.delete(ws);
     cleanupTerminalSubscribers(this, ws);
+
+    // Clean up file upload handler when no connections remain
+    if (this.allConnections.size === 0 && this.fileUploadHandler) {
+      this.fileUploadHandler.destroy();
+      this.fileUploadHandler = null;
+    }
   }
 
   send(ws: WSContext, response: WebSocketResponse): void {

package/server/services/websocket/plan-board-handlers.ts

@@ -16,7 +16,7 @@ import type { WebSocketMessage, WSContext } from './types.js';
 
 export function handleCreateBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -99,7 +99,7 @@ paused: false
 
 export function handleUpdateBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -133,7 +133,7 @@ export function handleUpdateBoard(
 
 export function handleArchiveBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -204,7 +204,7 @@ export function handleGetBoardState(
 
 export function handleReorderBoards(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -229,7 +229,7 @@ export function handleReorderBoards(
 
 export function handleSetActiveBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 

package/server/services/websocket/plan-execution-handlers.ts

@@ -14,7 +14,7 @@ import type { WebSocketMessage, WSContext } from './types.js';
 
 export function handlePrompt(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -24,8 +24,7 @@ export function handlePrompt(
     ctx.send(ws, { type: 'planError', data: { error: 'Prompt required' } });
     return;
   }
-  const sandboxed = permission === 'control';
-  handlePlanPrompt(ctx, ws, prompt, workingDir, boardId, sandboxed).catch(error => {
+  handlePlanPrompt(ctx, ws, prompt, workingDir, boardId).catch(error => {
     ctx.send(ws, {
       type: 'planError',
       data: { error: error instanceof Error ? error.message : String(error) },
@@ -96,12 +95,11 @@ function wireExecutorEvents(executor: PlanExecutor, ctx: HandlerContext, working
 
 export function handleExecute(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
   const executor = getExecutor(workingDir);
-  executor.setSandboxed(permission === 'control');
 
   if (executor.getStatus() === 'executing' || executor.getStatus() === 'starting') {
     ctx.send(ws, { type: 'planError', data: { error: 'Execution already in progress' } });
@@ -123,7 +121,7 @@ export function handleExecute(
 
 export function handleExecuteEpic(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -134,7 +132,6 @@ export function handleExecuteEpic(
   }
 
   const executor = getExecutor(workingDir);
-  executor.setSandboxed(permission === 'control');
 
   if (executor.getStatus() === 'executing' || executor.getStatus() === 'starting') {
     ctx.send(ws, { type: 'planError', data: { error: 'Execution already in progress' } });
@@ -154,7 +151,7 @@ export function handleExecuteEpic(
 
 export function handlePause(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);
@@ -163,7 +160,7 @@ export function handlePause(
 
 export function handleStop(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);
@@ -172,7 +169,7 @@ export function handleStop(
 
 export function handleResume(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);

package/server/services/websocket/plan-handlers.ts

@@ -24,7 +24,7 @@ export function handlePlanMessage(
   msg: WebSocketMessage,
   _tabId: string,
   workingDir: string,
-  permission?: 'control' | 'view',
+  permission?: 'view',
 ): void {
   const handlers: Record<string, () => void> = {
     planInit: () => handlePlanInit(ctx, ws, workingDir),

package/server/services/websocket/plan-helpers.ts

@@ -23,7 +23,7 @@ export function resolvePlanPath(workingDir: string, relativePath: string): strin
 }
 
 /** Guard for write operations — returns true if denied. */
-export function denyIfViewOnly(ctx: HandlerContext, ws: WSContext, permission?: 'control' | 'view'): boolean {
+export function denyIfViewOnly(ctx: HandlerContext, ws: WSContext, permission?: 'view'): boolean {
   if (permission === 'view') {
     ctx.send(ws, { type: 'planError', data: { error: 'Permission denied' } });
     return true;

package/server/services/websocket/plan-issue-handlers.ts

@@ -5,6 +5,7 @@ import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from '
 import { basename, join } from 'node:path';
 import { replaceFrontMatterField } from '../plan/front-matter.js';
 import { defaultPmDir, getNextId, parseBoardDirectory, parsePlanDirectory, parseSingleIssue, parseSingleMilestone, parseSingleSprint, planDirExists, resolvePmDir } from '../plan/parser.js';
+import { tryCompleteParentEpic } from '../plan/state-reconciler.js';
 import type { HandlerContext } from './handler-context.js';
 import { buildIssueMarkdown, denyIfViewOnly, formatYamlValue, getWatcher, resolvePlanPath, scaffoldPmDirectory } from './plan-helpers.js';
 import type { WebSocketMessage, WSContext } from './types.js';
@@ -108,7 +109,7 @@ function resolveBacklogContext(pmDir: string, workingDir: string, boardId?: stri
 
 export function handleCreateIssue(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -135,7 +136,7 @@ export function handleCreateIssue(
 
 export function handleUpdateIssue(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -166,11 +167,20 @@ export function handleUpdateIssue(
 
   const issue = parseSingleIssue(workingDir, path);
   ctx.broadcastToAll({ type: 'planIssueUpdated', data: issue });
+
+  // Auto-complete parent epic if all its children are now done
+  if (issue) {
+    const epicPath = tryCompleteParentEpic(workingDir, issue);
+    if (epicPath) {
+      const epic = parseSingleIssue(workingDir, epicPath);
+      if (epic) ctx.broadcastToAll({ type: 'planIssueUpdated', data: epic });
+    }
+  }
 }
 
 export function handleDeleteIssue(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -192,7 +202,7 @@ export function handleDeleteIssue(
 
 export function handleScaffold(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 

package/server/services/websocket/plan-sprint-handlers.ts

@@ -60,7 +60,7 @@ function assignIssuesToSprint(workingDir: string, issues: Issue[], issueIds: str
 
 export function handleCreateSprint(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -116,7 +116,7 @@ function updateFileField(filePath: string, field: string, value: string): void {
 
 export function handleActivateSprint(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -162,7 +162,7 @@ export function handleActivateSprint(
 
 export function handleCompleteSprint(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 

package/server/services/websocket/quality-handlers.ts

@@ -10,7 +10,7 @@
  * - quality-fix-agent.ts     — AI fix prompt, progress tracking, handler
  */
 
-import { join } from 'node:path';
+import { join, resolve } from 'node:path';
 import { validatePathWithinWorkingDir } from '../pathUtils.js';
 import type { HandlerContext } from './handler-context.js';
 import type { FindingForFix } from './quality-fix-agent.js';
@@ -36,8 +36,12 @@ function getPersistence(workingDir: string): QualityPersistence {
 
 function resolvePath(workingDir: string, dirPath?: string): string {
   if (!dirPath || dirPath === '.' || dirPath === './') return workingDir;
-  if (dirPath.startsWith('/')) return dirPath;
-  return join(workingDir, dirPath);
+  const resolved = dirPath.startsWith('/') ? dirPath : join(workingDir, dirPath);
+  // Ensure path is within working directory even for non-sandboxed users
+  const normalizedResolved = resolve(resolved);
+  const normalizedWorkingDir = resolve(workingDir);
+  if (!normalizedResolved.startsWith(normalizedWorkingDir)) return workingDir;
+  return normalizedResolved;
 }
 
 /**
@@ -68,9 +72,9 @@ export function handleQualityMessage(
   msg: WebSocketMessage,
   _tabId: string,
   workingDir: string,
-  permission?: 'control' | 'view',
+  permission?: 'view',
 ): void {
-  const isSandboxed = permission === 'control' || permission === 'view';
+  const isSandboxed = !!permission;
   const sendPathError = (path: string, error: string) => {
     ctx.send(ws, { type: 'qualityError', data: { path, error } });
   };

package/server/services/websocket/quality-review-agent.ts

@@ -571,8 +571,11 @@ function persistReviewResults(
 ): import('./quality-service.js').QualityResults | null {
   const persistence = getPersistence(workingDir);
   const existingReport = persistence.loadReport(reportPath);
+  // CodeReviewFinding is structurally compatible with QualityFinding (category is a narrower union)
+  const findings = reviewResult.findings as import('./quality-types.js').QualityFinding[];
+  const findingsRecord = reviewResult.findings as unknown[] as Record<string, unknown>[];
   if (!existingReport) {
-    persistence.saveCodeReview(reportPath, reviewResult.findings as unknown as Record<string, unknown>[], reviewResult.summary);
+    persistence.saveCodeReview(reportPath, findingsRecord, reviewResult.summary);
     return null;
   }
 
@@ -582,17 +585,17 @@ function persistReviewResults(
       ...existingReport,
       overall: reviewResult.score,
       grade: reviewResult.grade,
-      codeReview: reviewResult.findings as unknown as typeof existingReport.codeReview,
+      codeReview: findings,
       scoreRationale: reviewResult.scoreRationale ?? undefined,
     };
   } else {
     updatedResults = recomputeWithAiReview(existingReport, reviewResult.findings);
-    updatedResults = { ...updatedResults, codeReview: reviewResult.findings as unknown as typeof updatedResults.codeReview };
+    updatedResults = { ...updatedResults, codeReview: findings };
   }
 
   persistence.saveReport(reportPath, updatedResults);
   persistence.appendHistory(updatedResults, reportPath);
-  persistence.saveCodeReview(reportPath, reviewResult.findings as unknown as Record<string, unknown>[], reviewResult.summary);
+  persistence.saveCodeReview(reportPath, findingsRecord, reviewResult.summary);
   return updatedResults;
 }
 

package/server/services/websocket/session-handlers.ts

@@ -178,15 +178,20 @@ function mergePreUploadedAttachments(ctx: HandlerContext, tabId: string, inlineA
   return merged;
 }
 
-export function handleSessionMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, permission?: 'control' | 'view'): void {
+const WRITE_OPS = new Set(['execute', 'cancel', 'new', 'approve', 'reject']);
+
+export function handleSessionMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, permission?: 'view'): void {
+  if (permission === 'view' && WRITE_OPS.has(msg.type)) {
+    throw new Error('View-only users cannot perform write operations');
+  }
+
   switch (msg.type) {
     case 'execute': {
       if (!msg.data?.prompt) throw new Error('Prompt is required');
       const session = requireSession(ctx, ws, tabId);
-      const sandboxed = permission === 'control' || permission === 'view';
       const worktreeDir = ctx.gitDirectories.get(tabId);
       const attachments = mergePreUploadedAttachments(ctx, tabId, msg.data.attachments);
-      session.executePrompt(msg.data.prompt, attachments, { sandboxed, workingDir: worktreeDir });
+      session.executePrompt(msg.data.prompt, attachments, { workingDir: worktreeDir });
       break;
     }
     case 'cancel': {

package/server/services/websocket/terminal-handlers.ts

@@ -7,11 +7,11 @@ import { getPTYManager } from '../terminal/pty-manager.js';
 import type { HandlerContext } from './handler-context.js';
 import type { WebSocketMessage, WSContext } from './types.js';
 
-export function handleTerminalMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
+export async function handleTerminalMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string): Promise<void> {
   const termId = msg.terminalId || tabId;
   switch (msg.type) {
     case 'terminalInit':
-      handleTerminalInit(ctx, ws, termId, workingDir, msg.data?.shell, msg.data?.cols, msg.data?.rows, permission);
+      await handleTerminalInit(ctx, ws, termId, workingDir, msg.data?.shell, msg.data?.cols, msg.data?.rows);
       break;
     case 'terminalReconnect':
       handleTerminalReconnect(ctx, ws, termId);
@@ -31,7 +31,7 @@ export function handleTerminalMessage(ctx: HandlerContext, ws: WSContext, msg: W
   }
 }
 
-function handleTerminalInit(
+async function handleTerminalInit(
   ctx: HandlerContext,
   ws: WSContext,
   terminalId: string,
@@ -39,8 +39,7 @@ function handleTerminalInit(
   requestedShell?: string,
   cols?: number,
   rows?: number,
-  permission?: 'control' | 'view'
-): void {
+): Promise<void> {
   const ptyManager = getPTYManager();
 
   if (!ptyManager.isPtyAvailable()) {
@@ -59,13 +58,12 @@ function handleTerminalInit(
   setupTerminalBroadcastListeners(ctx, terminalId);
 
   try {
-    const { shell, cwd, isReconnect, platform } = ptyManager.create(
+    const { shell, cwd, isReconnect, platform } = await ptyManager.create(
       terminalId,
       workingDir,
       cols || 80,
       rows || 24,
       requestedShell,
-      { sandboxed: permission === 'control' || permission === 'view' }
     );
 
     if (!isReconnect) {
@@ -94,11 +92,12 @@ function handleTerminalInit(
       is_reconnect: isReconnect,
     });
   } catch (error: unknown) {
+    const errorMsg = error instanceof Error ? error.message : String(error);
     console.error(`[WebSocketImproviseHandler] Failed to create terminal:`, error);
     ctx.send(ws, {
       type: 'terminalError',
       terminalId,
-      data: { error: (error instanceof Error ? error.message : String(error)) || 'Failed to create terminal' }
+      data: { error: errorMsg || 'Failed to create terminal' }
     });
     removeTerminalSubscriber(ctx, terminalId, ws);
   }

package/server/services/websocket/types.ts

@@ -158,8 +158,8 @@ export interface WebSocketMessage {
   terminalId?: string;
   // biome-ignore lint/suspicious/noExplicitAny: message envelope carries heterogeneous payloads
   data?: any;
-  /** Injected by server relay for sandboxed shared users (control + view) */
-  _permission?: 'control' | 'view';
+  /** Injected by server relay for view-only shared users */
+  _permission?: 'view';
 }
 
 export interface WebSocketResponse {

package/server/utils/port.ts

@@ -59,44 +59,3 @@ export async function findAvailablePort(startPort: number, maxTries: number = 20
   }
   throw new Error(`No available ports found between ${startPort} and ${startPort + maxTries}`)
 }
-
-/**
- * Find an available port pair for frontend and backend
- * Frontend = EVEN port (3000, 3002, 3004...)
- * Backend = ODD port (3001, 3003, 3005...)
- *
- * Checks all candidate ports in parallel for fast detection.
- */
-export async function findAvailablePortPair(startPort: number = 3000, maxPairs: number = 20): Promise<{ frontend: number; backend: number }> {
-  // Ensure startPort is even
-  const basePort = startPort % 2 === 0 ? startPort : startPort + 1
-
-  // Generate all candidate pairs
-  const pairs: { frontend: number; backend: number }[] = []
-  for (let i = 0; i < maxPairs; i++) {
-    pairs.push({
-      frontend: basePort + (i * 2),      // 3000, 3002, 3004...
-      backend: basePort + (i * 2) + 1    // 3001, 3003, 3005...
-    })
-  }
-
-  // Check all ports in parallel (both frontend and backend ports)
-  const allPorts = pairs.flatMap(p => [p.frontend, p.backend])
-  const results = await Promise.all(
-    allPorts.map(async (port) => ({ port, available: await isPortAvailable(port) }))
-  )
-
-  // Build a set of available ports for O(1) lookup
-  const availablePorts = new Set(
-    results.filter(r => r.available).map(r => r.port)
-  )
-
-  // Find first pair where both ports are available
-  for (const pair of pairs) {
-    if (availablePorts.has(pair.frontend) && availablePorts.has(pair.backend)) {
-      return pair
-    }
-  }
-
-  throw new Error(`No available port pairs found starting from ${startPort}`)
-}