mstro-app 0.4.17 → 0.4.20

package/server/services/plan/state-reconciler.ts

@@ -109,6 +109,36 @@ function buildStateMarkdown(
   return `---\n${frontMatter}\n---\n\n${sections.join('\n')}`;
 }
 
+/**
+ * Derive epic status from its children's actual statuses.
+ * All children done/cancelled → done (auto-complete the epic).
+ */
+function deriveEpicDone(epic: Issue, issueByPath: Map<string, Issue>): boolean {
+  if (epic.children.length === 0) return false;
+  if (epic.status === 'done' || epic.status === 'cancelled') return false;
+
+  return epic.children.every(childPath => {
+    const child = issueByPath.get(childPath);
+    return child && (child.status === 'done' || child.status === 'cancelled');
+  });
+}
+
+function reconcileEpicStatuses(pmDir: string, issues: Issue[], issueByPath: Map<string, Issue>): void {
+  const epics = issues.filter(i => i.type === 'epic');
+  for (const epic of epics) {
+    if (!deriveEpicDone(epic, issueByPath)) continue;
+
+    const epicPath = join(pmDir, epic.path);
+    try {
+      let content = readFileSync(epicPath, 'utf-8');
+      content = replaceFrontMatterField(content, 'status', 'done');
+      writeFileSync(epicPath, content, 'utf-8');
+    } catch {
+      // Epic file may be missing or unwritable
+    }
+  }
+}
+
 /**
  * Derive sprint status from its issues' actual statuses.
  * - All issues done/cancelled → completed
@@ -155,6 +185,40 @@ function reconcileSprintStatuses(pmDir: string, sprints: Sprint[], issueByPath:
   }
 }
 
+/**
+ * After an issue is updated, check if its parent epic should be auto-completed.
+ * Returns the epic's relative path if it was marked done, null otherwise.
+ */
+export function tryCompleteParentEpic(workingDir: string, updatedIssue: Issue): string | null {
+  if (!updatedIssue.epic) return null;
+
+  const pmDir = resolvePmDir(workingDir);
+  if (!pmDir) return null;
+
+  // Determine which board the issue belongs to from its path
+  const boardMatch = updatedIssue.path.match(/^boards\/([^/]+)\//);
+  const issues = boardMatch
+    ? parseBoardDirectory(pmDir, boardMatch[1])?.issues
+    : parsePlanDirectory(workingDir)?.issues;
+  if (!issues) return null;
+
+  const epic = issues.find(i => i.path === updatedIssue.epic);
+  if (!epic) return null;
+
+  const issueByPath = new Map(issues.map(i => [i.path, i]));
+  if (!deriveEpicDone(epic, issueByPath)) return null;
+
+  const epicFullPath = join(pmDir, epic.path);
+  try {
+    let content = readFileSync(epicFullPath, 'utf-8');
+    content = replaceFrontMatterField(content, 'status', 'done');
+    writeFileSync(epicFullPath, content, 'utf-8');
+    return epic.path;
+  } catch {
+    return null;
+  }
+}
+
 export function reconcileState(workingDir: string, boardId?: string): void {
   const pmDir = resolvePmDir(workingDir);
   if (!pmDir) return;
@@ -183,7 +247,8 @@ export function reconcileState(workingDir: string, boardId?: string): void {
   const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
   const frontMatter = fmMatch ? fmMatch[1] : `project: "${project.name}"\ncurrent_sprint: null\nactive_milestone: null\npaused: false\nlast_session: null`;
 
-  // Reconcile sprint statuses from actual issue statuses
+  // Reconcile epic and sprint statuses from actual issue statuses
+  reconcileEpicStatuses(pmDir, issues, issueByPath);
   reconcileSprintStatuses(pmDir, sprints, issueByPath);
 
   // Update current_sprint in front matter based on actual sprint statuses
@@ -211,6 +276,10 @@ function reconcileBoardState(pmDir: string, _workingDir: string, boardId?: strin
   const { board, issues } = boardState;
 
   const issueByPath = new Map(issues.map(i => [i.path, i]));
+
+  // Reconcile epic statuses before categorizing
+  reconcileEpicStatuses(pmDir, issues, issueByPath);
+
   const categories = categorizeIssues(issues, issueByPath);
   const warnings = computeWarnings(issues);
 

package/server/services/platform.ts

@@ -21,7 +21,6 @@ import {
   updateCredentials,
 } from './platform-credentials.js'
 import { captureException } from './sentry.js'
-import { isBwrapAvailable } from './terminal/pty-utils.js'
 
 /**
  * Get machine identification string
@@ -40,8 +39,12 @@ let WebSocketImpl: typeof WebSocket
 if (typeof WebSocket !== 'undefined') {
   WebSocketImpl = WebSocket
 } else {
-  const { default: WS } = await import('ws')
-  WebSocketImpl = WS as unknown as typeof WebSocket
+  try {
+    const { default: WS } = await import('ws')
+    WebSocketImpl = WS as unknown as typeof WebSocket
+  } catch {
+    throw new Error('WebSocket not available: install the "ws" package or use Node.js 21+')
+  }
 }
 
 // PLATFORM_URL is set via --server / --dev flag in mstro.js
@@ -122,7 +125,7 @@ export class PlatformConnection {
 
   private startHeartbeat(): void {
     this.missedPongs = 0
-    this.heartbeatInterval = setInterval(() => this.heartbeatTick(), 2 * 60 * 1000)
+    this.heartbeatInterval = setInterval(() => this.heartbeatTick(), 25_000)
   }
 
   private heartbeatTick(): void {
@@ -186,7 +189,7 @@ export class PlatformConnection {
       osType,
       cpuArch,
       cliVersion: CLI_VERSION,
-      capabilities: JSON.stringify({ terminalSandbox: isBwrapAvailable() }),
+      capabilities: JSON.stringify({}),
       startedAt: this.startedAt,
     })
 
@@ -231,6 +234,7 @@ export class PlatformConnection {
     }
 
     this.ws.onclose = (event) => {
+      clearTimeout(connectionTimeout)
       this.stopHeartbeat()
       this.isConnected = false
 
@@ -254,6 +258,7 @@ export class PlatformConnection {
     }
 
     this.ws.onerror = () => {
+      clearTimeout(connectionTimeout)
       // onclose will be called after this
     }
   }
@@ -275,6 +280,10 @@ export class PlatformConnection {
         this.callbacks.onWebDisconnected?.()
         trackEvent(AnalyticsEvents.WEB_CLIENT_DISCONNECTED)
         break
+      case 'ping':
+        // Server-initiated ping — respond with pong to reset stale detection
+        this.send({ type: 'pong' })
+        break
       case 'pong':
         this.missedPongs = 0
         break
@@ -293,7 +302,9 @@ export class PlatformConnection {
     }
 
     this.reconnectAttempts++
-    const delay = Math.min(1000 * 2 ** (this.reconnectAttempts - 1), 30000)
+    const base = Math.min(1000 * 2 ** (this.reconnectAttempts - 1), 30000)
+    const jitter = base * 0.25 * (2 * Math.random() - 1)
+    const delay = Math.max(0, Math.round(base + jitter))
 
     this.reconnectTimeout = setTimeout(() => {
       this.reconnectTimeout = null

package/server/services/terminal/pty-manager.ts

@@ -10,17 +10,14 @@
 
 import { EventEmitter } from 'node:events';
 import { homedir, platform } from 'node:os';
-import { sanitizeEnvForSandbox } from '../sandbox-utils.js';
 import type { PTYSession } from './pty-utils.js';
 import {
-  buildBwrapArgs,
   detectShell,
   getPty,
   getPtyInstallInstructions,
   getShellName,
-  isBwrapAvailable,
   isPtyAvailable,
-  SCROLLBACK_MAX_BYTES,
+  SCROLLBACK_MAX_LENGTH,
   ScrollbackBuffer,
 } from './pty-utils.js';
 
@@ -54,14 +51,13 @@ export class PTYManager extends EventEmitter {
     return getPtyInstallInstructions();
   }
 
-  create(
+  async create(
     terminalId: string,
     workingDir: string,
     cols: number = 80,
     rows: number = 24,
     requestedShell?: string,
-    options?: { sandboxed?: boolean }
-  ): { shell: string; cwd: string; isReconnect: boolean; platform: string } {
+  ): Promise<{ shell: string; cwd: string; isReconnect: boolean; platform: string }> {
     const pty = getPty();
     if (!pty) {
       throw new Error(`PTY_NOT_AVAILABLE:${getPtyInstallInstructions()}`);
@@ -80,32 +76,9 @@ export class PTYManager extends EventEmitter {
     const cwd = workingDir || homedir();
 
     try {
-      const baseEnv = options?.sandboxed
-        ? sanitizeEnvForSandbox(process.env, cwd)
-        : { ...process.env, HOME: homedir() };
-      const env = { ...baseEnv, TERM: 'xterm-256color', COLORTERM: 'truecolor' };
+      const env = { ...process.env, HOME: homedir(), TERM: 'xterm-256color', COLORTERM: 'truecolor' };
 
-      // Sandboxed terminals use bubblewrap (bwrap) for filesystem isolation.
-      // The shell is spawned inside a namespace that only sees the project directory (rw)
-      // and system directories (ro). Without bwrap, sandboxed terminals are not available.
-      let spawnCommand: string;
-      let spawnArgs: string[];
-      let spawnCwd: string;
-
-      if (options?.sandboxed) {
-        if (!isBwrapAvailable()) {
-          throw new Error('SANDBOX_UNAVAILABLE:Terminal sandbox (bubblewrap) is not installed on this machine. Shared terminal sessions require bubblewrap for filesystem isolation.');
-        }
-        spawnCommand = '/usr/bin/bwrap';
-        spawnArgs = buildBwrapArgs(cwd, shell);
-        spawnCwd = '/'; // bwrap manages cwd internally via --chdir
-      } else {
-        spawnCommand = shell;
-        spawnArgs = [];
-        spawnCwd = cwd;
-      }
-
-      const ptyProcess = pty.spawn(spawnCommand, spawnArgs, { name: 'xterm-256color', cols, rows, cwd: spawnCwd, env });
+      const ptyProcess = pty.spawn(shell, [], { name: 'xterm-256color', cols, rows, cwd, env });
 
       const session: PTYSession = {
         id: terminalId,
@@ -118,7 +91,7 @@ export class PTYManager extends EventEmitter {
         rows,
         _outputBuffer: '',
         _outputTimer: null,
-        scrollback: new ScrollbackBuffer(SCROLLBACK_MAX_BYTES),
+        scrollback: new ScrollbackBuffer(SCROLLBACK_MAX_LENGTH),
       };
       this.terminals.set(terminalId, session);
 

package/server/services/terminal/pty-utils.ts

@@ -8,8 +8,6 @@
  * on session lifecycle orchestration.
  */
 
-import { execSync } from 'node:child_process';
-import { accessSync, constants as fsConstants, lstatSync } from 'node:fs';
 import { createRequire } from 'node:module';
 import { platform } from 'node:os';
 
@@ -117,89 +115,13 @@ export function getShellName(shellPath: string): string {
   return parts[parts.length - 1] || 'shell';
 }
 
-// ── Bubblewrap (bwrap) sandbox detection ─────────────────────
-
-let _bwrapAvailable: boolean | null = null;
-
-/**
- * Check if bubblewrap (bwrap) is available for filesystem sandboxing.
- * Required for sandboxed terminal sessions (shared "can control" users).
- * Caches the result after first check.
- */
-export function isBwrapAvailable(): boolean {
-  if (_bwrapAvailable !== null) return _bwrapAvailable;
-
-  if (platform() !== 'linux') {
-    _bwrapAvailable = false;
-    return false;
-  }
-
-  try {
-    accessSync('/usr/bin/bwrap', fsConstants.X_OK);
-    execSync('bwrap --ro-bind / / -- /bin/true', { timeout: 5000, stdio: 'ignore' });
-    _bwrapAvailable = true;
-  } catch {
-    _bwrapAvailable = false;
-  }
-  return _bwrapAvailable;
-}
-
-/**
- * Build bwrap arguments to sandbox a shell to a specific directory.
- * Provides read-only access to system directories, read-write to the project dir only.
- */
-export function buildBwrapArgs(cwd: string, shell: string): string[] {
-  const mergedUsr = (() => {
-    try { return lstatSync('/bin').isSymbolicLink(); }
-    catch { return false; }
-  })();
-
-  const args: string[] = [
-    '--ro-bind', '/usr', '/usr',
-    '--ro-bind', '/etc', '/etc',
-    // Hide sensitive /etc files by binding /dev/null over them
-    '--ro-bind', '/dev/null', '/etc/shadow',
-    '--ro-bind', '/dev/null', '/etc/gshadow',
-  ];
-
-  if (mergedUsr) {
-    // Merged-usr distros (Fedora, Ubuntu 20.04+, Arch, Debian 12+)
-    args.push('--symlink', 'usr/bin', '/bin');
-    args.push('--symlink', 'usr/sbin', '/sbin');
-    args.push('--symlink', 'usr/lib', '/lib');
-    try { lstatSync('/lib64'); args.push('--symlink', 'usr/lib64', '/lib64'); } catch { /* skip */ }
-  } else {
-    args.push('--ro-bind', '/bin', '/bin');
-    args.push('--ro-bind', '/sbin', '/sbin');
-    args.push('--ro-bind', '/lib', '/lib');
-    try { lstatSync('/lib64'); args.push('--ro-bind', '/lib64', '/lib64'); } catch { /* skip */ }
-  }
-
-  args.push(
-    '--proc', '/proc',
-    '--dev', '/dev',
-    '--tmpfs', '/tmp',
-    '--tmpfs', '/run',
-    // Read-write access to the project directory only
-    '--bind', cwd, cwd,
-    '--unshare-pid',
-    '--unshare-ipc',
-    '--die-with-parent',
-    '--chdir', cwd,
-    '--',
-    shell,
-  );
-
-  return args;
-}
-
 // ── Scrollback buffer ─────────────────────────────────────────
 
-export const SCROLLBACK_MAX_BYTES = 256 * 1024; // 256KB
+export const SCROLLBACK_MAX_LENGTH = 256 * 1024; // ~256K characters
 
 /**
  * Fixed-size buffer that retains the most recent PTY output for replay on reconnect.
- * Stores raw string chunks and evicts oldest data when the total exceeds maxBytes.
+ * Stores raw string chunks and evicts oldest data when the total exceeds maxLength.
  */
 export class ScrollbackBuffer {
   private chunks: string[] = [];

package/server/services/websocket/autocomplete.ts

@@ -8,10 +8,10 @@
  */
 
 import { existsSync, readdirSync, statSync } from 'node:fs';
-import { join, } from 'node:path';
+import { join, normalize, resolve } from 'node:path';
 import Fuse, { type FuseResult } from 'fuse.js';
 import {
-  CACHE_TTL_MS, 
+  CACHE_TTL_MS,
   directoryCache,
   getFileType,
   isIgnored,
@@ -100,6 +100,30 @@ function shouldIncludeEntry(
   return true;
 }
 
+interface PathScope {
+  scopedDir: string;
+  searchQuery: string;
+  pathPrefix: string;
+  maxDepth: number;
+}
+
+/** Parse a partial path into its directory scope, search query, and depth limit. */
+function resolvePathScope(cleanPath: string, workingDir: string, sandboxed?: boolean): PathScope | null {
+  const lastSlashIndex = cleanPath.lastIndexOf('/');
+  if (lastSlashIndex === -1) {
+    return { scopedDir: workingDir, searchQuery: cleanPath, pathPrefix: '', maxDepth: cleanPath === '' ? 4 : 10 };
+  }
+
+  const dirPath = cleanPath.substring(0, lastSlashIndex);
+  if (sandboxed && !isPathWithinDir(dirPath, workingDir)) return null;
+
+  const candidateDir = join(workingDir, dirPath);
+  if (existsSync(candidateDir) && statSync(candidateDir).isDirectory()) {
+    return { scopedDir: candidateDir, searchQuery: cleanPath.substring(lastSlashIndex + 1), pathPrefix: `${dirPath}/`, maxDepth: 3 };
+  }
+  return { scopedDir: workingDir, searchQuery: cleanPath, pathPrefix: '', maxDepth: 10 };
+}
+
 export class AutocompleteService {
   private frecencyData: FrecencyData = {};
 
@@ -175,12 +199,18 @@ export class AutocompleteService {
   /**
    * Get file completions for autocomplete with directory-scoped navigation
    */
-  getFileCompletions(partialPath: string, workingDir: string): AutocompleteResult[] {
+  getFileCompletions(partialPath: string, workingDir: string, sandboxed?: boolean): AutocompleteResult[] {
     try {
       // Handle @ symbol prefix for file autocomplete
       const isAtSymbol = partialPath.startsWith('@');
       const cleanPath = isAtSymbol ? partialPath.substring(1) : partialPath;
 
+      // Sandboxed users: block path traversal outside the working directory.
+      // Resolves the target path and checks it stays within workingDir boundaries.
+      if (sandboxed && cleanPath && !isPathWithinDir(cleanPath, workingDir)) {
+        return [];
+      }
+
       // Parse .gitignore patterns
       const gitignorePatterns = parseGitignore(workingDir);
 
@@ -189,28 +219,10 @@ export class AutocompleteService {
         return this.getDirectoryContentsEnhanced(cleanPath, workingDir, gitignorePatterns);
       }
 
-      // STRICT PATH SEGMENT MATCHING
-      const lastSlashIndex = cleanPath.lastIndexOf('/');
-      let scopedDir = workingDir;
-      let searchQuery = cleanPath;
-      let pathPrefix = '';
-      let maxDepth = 10;
-
-      if (lastSlashIndex !== -1) {
-        const dirPath = cleanPath.substring(0, lastSlashIndex);
-        const candidateDir = join(workingDir, dirPath);
-
-        if (existsSync(candidateDir) && statSync(candidateDir).isDirectory()) {
-          scopedDir = candidateDir;
-          searchQuery = cleanPath.substring(lastSlashIndex + 1);
-          pathPrefix = `${dirPath}/`;
-          maxDepth = 3;
-        }
-      } else if (cleanPath === '') {
-        maxDepth = 4;
-      }
+      const scope = resolvePathScope(cleanPath, workingDir, sandboxed);
+      if (!scope) return [];
 
-      const filesWithMetadata = this.getFilesWithCache(scopedDir, gitignorePatterns, maxDepth, pathPrefix);
+      const filesWithMetadata = this.getFilesWithCache(scope.scopedDir, gitignorePatterns, scope.maxDepth, scope.pathPrefix);
 
       // Track which files are recent
       const recentFiles = new Set<string>();
@@ -220,9 +232,9 @@ export class AutocompleteService {
         }
       }
 
-      const scoredMatches = searchQuery === ''
+      const scoredMatches = scope.searchQuery === ''
         ? this.scoreEmptyQuery(filesWithMetadata)
-        : this.scoreWithQuery(filesWithMetadata, searchQuery, recentFiles);
+        : this.scoreWithQuery(filesWithMetadata, scope.searchQuery, recentFiles);
 
       const results: AutocompleteResult[] = scoredMatches.slice(0, 15).map(file => {
         const displayPath = file.isDirectory ? `${file.relativePath}/` : file.relativePath;
@@ -440,3 +452,13 @@ export class AutocompleteService {
     }
   }
 }
+
+/**
+ * Check if a relative path resolves to a location within the working directory.
+ * Used to prevent path traversal (../) in sandboxed autocomplete.
+ */
+function isPathWithinDir(relativePath: string, workingDir: string): boolean {
+  const resolved = normalize(resolve(workingDir, relativePath));
+  const normalizedWorkDir = resolve(workingDir);
+  return resolved === normalizedWorkDir || resolved.startsWith(`${normalizedWorkDir}/`);
+}

package/server/services/websocket/file-explorer-handlers.ts

@@ -16,24 +16,31 @@ import { readFileContent } from './file-utils.js';
 import type { HandlerContext } from './handler-context.js';
 import type { WebSocketMessage, WebSocketResponse, WSContext } from './types.js';
 
-export function handleFileMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
+export function handleFileMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
+  const isSandboxed = !!permission;
   switch (msg.type) {
     case 'autocomplete':
       if (!msg.data?.partialPath) throw new Error('Partial path is required');
-      ctx.send(ws, { type: 'autocomplete', tabId, data: { completions: ctx.autocompleteService.getFileCompletions(msg.data.partialPath, workingDir) } });
+      ctx.send(ws, { type: 'autocomplete', tabId, data: { completions: ctx.autocompleteService.getFileCompletions(msg.data.partialPath, workingDir, isSandboxed || undefined) } });
       break;
     case 'readFile':
       handleReadFile(ctx, ws, msg, tabId, workingDir, permission);
       break;
     case 'recordSelection':
-      if (msg.data?.filePath) ctx.recordFileSelection(msg.data.filePath);
+      if (msg.data?.filePath) {
+        if (isSandboxed) {
+          const validation = validatePathWithinWorkingDir(msg.data.filePath, workingDir);
+          if (!validation.valid) break; // Silently ignore out-of-bounds selections
+        }
+        ctx.recordFileSelection(msg.data.filePath);
+      }
       break;
   }
 }
 
-function handleReadFile(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
+function handleReadFile(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
   if (!msg.data?.filePath) throw new Error('File path is required');
-  const isSandboxed = permission === 'control' || permission === 'view';
+  const isSandboxed = !!permission;
   if (isSandboxed) {
     const validation = validatePathWithinWorkingDir(msg.data.filePath, workingDir);
     if (!validation.valid) {
@@ -51,8 +58,8 @@ function sendFileResult(ctx: HandlerContext, ws: WSContext, type: WebSocketRespo
   ctx.send(ws, { type, tabId, data });
 }
 
-export function handleFileExplorerMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): void {
-  const isSandboxed = permission === 'control' || permission === 'view';
+export function handleFileExplorerMessage(ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): void {
+  const isSandboxed = !!permission;
   const handlers: Record<string, () => void> = {
     listDirectory: () => {
       if (isSandboxed && msg.data?.dirPath) {

package/server/services/websocket/handler.ts

@@ -140,7 +140,7 @@ export class WebSocketImproviseHandler implements HandlerContext {
     fileUploadStart: 'fileUpload', fileUploadChunk: 'fileUpload', fileUploadComplete: 'fileUpload', fileUploadCancel: 'fileUpload',
   };
 
-  private async dispatchMessage(ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'control' | 'view'): Promise<void> {
+  private async dispatchMessage(ws: WSContext, msg: WebSocketMessage, tabId: string, workingDir: string, permission?: 'view'): Promise<void> {
     // Handle messages with custom inline logic first
     switch (msg.type) {
       case 'ping':
@@ -185,7 +185,7 @@ export class WebSocketImproviseHandler implements HandlerContext {
       case 'session':    return handleSessionMessage(this, ws, msg, tabId, permission);
       case 'history':    return handleHistoryMessage(this, ws, msg, tabId, workingDir);
       case 'file':       return handleFileMessage(this, ws, msg, tabId, effectiveDir, permission);
-      case 'terminal':   return handleTerminalMessage(this, ws, msg, tabId, workingDir, permission);
+      case 'terminal':   return handleTerminalMessage(this, ws, msg, tabId, workingDir);
       case 'fileExplorer': return handleFileExplorerMessage(this, ws, msg, tabId, effectiveDir, permission);
       case 'git':        return handleGitMessage(this, ws, msg, tabId, workingDir);
       case 'quality':    return handleQualityMessage(this, ws, msg, tabId, workingDir, permission);
@@ -233,6 +233,12 @@ export class WebSocketImproviseHandler implements HandlerContext {
     this.connections.delete(ws);
     this.allConnections.delete(ws);
     cleanupTerminalSubscribers(this, ws);
+
+    // Clean up file upload handler when no connections remain
+    if (this.allConnections.size === 0 && this.fileUploadHandler) {
+      this.fileUploadHandler.destroy();
+      this.fileUploadHandler = null;
+    }
   }
 
   send(ws: WSContext, response: WebSocketResponse): void {

package/server/services/websocket/plan-board-handlers.ts

@@ -16,7 +16,7 @@ import type { WebSocketMessage, WSContext } from './types.js';
 
 export function handleCreateBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -99,7 +99,7 @@ paused: false
 
 export function handleUpdateBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -133,7 +133,7 @@ export function handleUpdateBoard(
 
 export function handleArchiveBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -204,7 +204,7 @@ export function handleGetBoardState(
 
 export function handleReorderBoards(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -229,7 +229,7 @@ export function handleReorderBoards(
 
 export function handleSetActiveBoard(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 

package/server/services/websocket/plan-execution-handlers.ts

@@ -14,7 +14,7 @@ import type { WebSocketMessage, WSContext } from './types.js';
 
 export function handlePrompt(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -24,8 +24,7 @@ export function handlePrompt(
     ctx.send(ws, { type: 'planError', data: { error: 'Prompt required' } });
     return;
   }
-  const sandboxed = permission === 'control';
-  handlePlanPrompt(ctx, ws, prompt, workingDir, boardId, sandboxed).catch(error => {
+  handlePlanPrompt(ctx, ws, prompt, workingDir, boardId).catch(error => {
     ctx.send(ws, {
       type: 'planError',
       data: { error: error instanceof Error ? error.message : String(error) },
@@ -96,12 +95,11 @@ function wireExecutorEvents(executor: PlanExecutor, ctx: HandlerContext, working
 
 export function handleExecute(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
   const executor = getExecutor(workingDir);
-  executor.setSandboxed(permission === 'control');
 
   if (executor.getStatus() === 'executing' || executor.getStatus() === 'starting') {
     ctx.send(ws, { type: 'planError', data: { error: 'Execution already in progress' } });
@@ -123,7 +121,7 @@ export function handleExecute(
 
 export function handleExecuteEpic(
   ctx: HandlerContext, ws: WSContext, msg: WebSocketMessage,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
 
@@ -134,7 +132,6 @@ export function handleExecuteEpic(
   }
 
   const executor = getExecutor(workingDir);
-  executor.setSandboxed(permission === 'control');
 
   if (executor.getStatus() === 'executing' || executor.getStatus() === 'starting') {
     ctx.send(ws, { type: 'planError', data: { error: 'Execution already in progress' } });
@@ -154,7 +151,7 @@ export function handleExecuteEpic(
 
 export function handlePause(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);
@@ -163,7 +160,7 @@ export function handlePause(
 
 export function handleStop(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);
@@ -172,7 +169,7 @@ export function handleStop(
 
 export function handleResume(
   ctx: HandlerContext, ws: WSContext,
-  workingDir: string, permission?: 'control' | 'view',
+  workingDir: string, permission?: 'view',
 ): void {
   if (denyIfViewOnly(ctx, ws, permission)) return;
   const executor = executorCache.get(workingDir);