muaddib-scanner 2.11.58 → 2.11.60

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "muaddib-scanner",
-  "version": "2.11.58",
+  "version": "2.11.60",
   "description": "Supply-chain threat detection & response for npm & PyPI/Python",
   "main": "src/index.js",
   "bin": {

package/{self-scan-v2.11.58.json → self-scan-v2.11.60.json}

@@ -1,6 +1,6 @@
 {
   "target": "node_modules",
-  "timestamp": "2026-06-04T21:33:40.755Z",
+  "timestamp": "2026-06-05T10:13:00.374Z",
   "threats": [
     {
       "type": "string_mutation_obfuscation",

package/src/monitor/daemon.js

@@ -5,7 +5,7 @@ const os = require('os');
 const v8 = require('v8');
 const { isDockerAvailable, SANDBOX_CONCURRENCY_MAX, killAllSandboxContainers } = require('../sandbox/index.js');
 const { setVerboseMode, isSandboxEnabled, isCanaryEnabled, isLlmDetectiveEnabled, getLlmDetectiveMode, DOWNLOADS_CACHE_TTL } = require('./classify.js');
-const { loadState, saveState, loadDailyStats, saveDailyStats, purgeTarballCache, getParisHour, atomicWriteFileSync, saveNpmSeq, ALERTS_FILE, runStateMigrations } = require('./state.js');
+const { loadState, saveState, loadDailyStats, saveDailyStats, purgeTarballCache, getParisHour, atomicWriteFileSync, saveNpmSeq, ALERTS_FILE, runStateMigrations, loadRecentlyScanned, saveRecentlyScanned } = require('./state.js');
 const { isTemporalEnabled, isTemporalAstEnabled, isTemporalPublishEnabled, isTemporalMaintainerEnabled } = require('./temporal.js');
 const { pendingGrouped, flushScopeGroup, sendDailyReport, DAILY_REPORT_HOUR, alertedPackageRules, ALERTED_PACKAGES_MAX: MAX_ALERTED_PACKAGES } = require('./webhook.js');
 const { poll } = require('./ingestion.js');
@@ -504,6 +504,9 @@ function reportStats(stats) {
   const avg = stats.scanned > 0 ? (stats.totalTimeMs / stats.scanned / 1000).toFixed(1) : '0.0';
   const { t1, t1a, t1b, t2, t3 } = stats.suspectByTier;
   console.log(`[MONITOR] Stats: ${stats.scanned} scanned, ${stats.clean} clean, ${stats.suspect} suspect (T1a:${t1a} T1b:${t1b} T1:${t1} T2:${t2} T3:${t3}), ${stats.errors} error${stats.errors !== 1 ? 's' : ''}, avg ${avg}s/pkg`);
+  if (stats.temporalLoadShed || stats.queueHardDrops || (stats.restartsToday || 0) > 1) {
+    console.log(`[MONITOR]   Stability: restarts(24h)=${stats.restartsToday || 0}, temporal load-shed=${stats.temporalLoadShed || 0}, queue hard-drops=${stats.queueHardDrops || 0}`);
+  }
   if (stats.changesStreamPackages) {
     console.log(`[MONITOR]   Changes stream packages: ${stats.changesStreamPackages}`);
   }
@@ -532,6 +535,99 @@ function isDailyReportDue(stats) {
   return !hasReportBeenSentToday(stats);
 }
 
+// ─── P1.0 — memory-trend instrumentation ───
+// Append one sample per memory-watchdog tick so the off-heap leak can be localised
+// offline: rss climbing while heapUsed stays flat points at external/arrayBuffers
+// (native tarball/AST buffers) vs liveWorkers (worker-isolate heaps) vs runscDirs
+// (gVisor /tmp/runsc state dirs that survive `docker kill`). The heap-only breaker is
+// blind to all three — this is the data needed to choose the P1.2/P1.3 fix.
+const MEM_TREND_FILE = path.join(__dirname, '..', '..', 'data', 'mem-trend.jsonl');
+const MEM_TREND_MAX_BYTES = 5 * 1024 * 1024; // bounded: truncate-rotate past 5MB
+
+function countRunscDirs() {
+  try {
+    const dir = process.env.MUADDIB_GVISOR_LOG_DIR || '/tmp/runsc';
+    return fs.existsSync(dir) ? fs.readdirSync(dir).length : 0;
+  } catch { return 0; }
+}
+
+function appendMemTrend(currentMem, liveWorkers, queueLen) {
+  try {
+    // Bounded resource (CLAUDE.md §2): rotate the JSONL once past the cap.
+    try {
+      const st = fs.statSync(MEM_TREND_FILE);
+      if (st.size > MEM_TREND_MAX_BYTES) fs.renameSync(MEM_TREND_FILE, MEM_TREND_FILE + '.1');
+    } catch { /* no file yet — fine */ }
+    const entry = {
+      ts: new Date().toISOString(),
+      rss: currentMem.rss,
+      heapUsed: currentMem.heapUsed,
+      heapTotal: currentMem.heapTotal,
+      external: currentMem.external || 0,
+      arrayBuffers: currentMem.arrayBuffers || 0,
+      liveWorkers,
+      queueLen,
+      runscDirs: countRunscDirs(),
+    };
+    fs.appendFileSync(MEM_TREND_FILE, JSON.stringify(entry) + '\n', 'utf8');
+  } catch { /* instrumentation must never crash the daemon */ }
+}
+
+// ─── P2.1 / P2.4 — restart tracking + crash-loop alert ───
+// The chronic ~10×/day OOM crash-loop went unnoticed for weeks because NOTHING counted
+// restarts. Record each boot, expose the 24h count for the daily report, and fire an
+// alert (journal + rate-limited webhook) when the daemon is restarting abnormally often.
+const RESTARTS_FILE = path.join(__dirname, '..', '..', 'data', 'restarts.jsonl');
+const RESTARTS_MAX_LINES = 500;               // bounded resource (CLAUDE.md §2)
+const CRASH_LOOP_THRESHOLD_24H = 6;           // restarts/24h above this = alert
+const CRASH_LOOP_ALERT_MARKER = path.join(__dirname, '..', '..', 'data', '.crashloop-alert.json');
+const CRASH_LOOP_ALERT_INTERVAL_MS = 6 * 3600 * 1000; // webhook at most once per 6h
+
+function countRecentRestarts(windowMs = 24 * 3600 * 1000) {
+  try {
+    if (!fs.existsSync(RESTARTS_FILE)) return 0;
+    const cutoff = Date.now() - windowMs;
+    let n = 0;
+    for (const line of fs.readFileSync(RESTARTS_FILE, 'utf8').split('\n')) {
+      if (!line) continue;
+      try { if (new Date(JSON.parse(line).ts).getTime() >= cutoff) n++; } catch { /* skip bad line */ }
+    }
+    return n;
+  } catch { return 0; }
+}
+
+function maybeSendCrashLoopWebhook(count24h) {
+  try {
+    let last = 0;
+    try { last = JSON.parse(fs.readFileSync(CRASH_LOOP_ALERT_MARKER, 'utf8')).ts || 0; } catch { /* no marker */ }
+    if (Date.now() - last < CRASH_LOOP_ALERT_INTERVAL_MS) return; // rate-limited
+    const { getWebhookUrl, sendWebhook } = require('../webhook.js');
+    const url = (typeof getWebhookUrl === 'function' && getWebhookUrl()) || process.env.MUADDIB_WEBHOOK_URL;
+    if (!url) return;
+    atomicWriteFileSync(CRASH_LOOP_ALERT_MARKER, JSON.stringify({ ts: Date.now(), count24h }));
+    const payload = { content: `🚨 MUAD'DIB crash-loop: ${count24h} restarts in the last 24h (threshold ${CRASH_LOOP_THRESHOLD_24H}). Likely OOM — check data/mem-trend.jsonl (rss vs external/arrayBuffers).` };
+    Promise.resolve(sendWebhook(url, payload)).catch(() => { /* best-effort */ });
+  } catch { /* never block boot on alerting */ }
+}
+
+function recordRestart() {
+  try {
+    fs.appendFileSync(RESTARTS_FILE, JSON.stringify({ ts: new Date().toISOString(), pid: process.pid }) + '\n', 'utf8');
+    try {
+      const lines = fs.readFileSync(RESTARTS_FILE, 'utf8').split('\n').filter(Boolean);
+      if (lines.length > RESTARTS_MAX_LINES) fs.writeFileSync(RESTARTS_FILE, lines.slice(-RESTARTS_MAX_LINES).join('\n') + '\n', 'utf8');
+    } catch { /* trim best-effort */ }
+  } catch { /* best-effort: never block boot on telemetry */ }
+  const count24h = countRecentRestarts();
+  if (count24h > CRASH_LOOP_THRESHOLD_24H) {
+    console.error(`[MONITOR] CRASH-LOOP ALERT: ${count24h} restarts in the last 24h (threshold ${CRASH_LOOP_THRESHOLD_24H}) — daemon restarting abnormally often (OOM?). Check data/mem-trend.jsonl.`);
+    maybeSendCrashLoopWebhook(count24h);
+  } else {
+    console.log(`[MONITOR] BOOT: restart #${count24h} in the last 24h (pid ${process.pid})`);
+  }
+  return count24h;
+}
+
 async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downloadsCache, scanQueue, sandboxAvailableRef) {
   if (options && options.verbose) {
     setVerboseMode(true);
@@ -543,8 +639,13 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
   cleanupOrphanTmpDirs();
   // Kill orphan sandbox containers from previous crash (npm-audit-* prefix)
   cleanupOrphanContainers();
-  // Clean up stale gVisor runtime dirs (runsc leak — caused 61GB disk fill in prod)
-  cleanupRunscOrphans();
+  // Clean up stale gVisor runtime dirs (runsc leak — caused 61GB disk fill in prod).
+  // At boot the previous process (often OOM-killed mid-scan in the ~10×/day crash-loop)
+  // owns NO live container, so every runsc dir is an orphan → clear them ALL (age 0),
+  // not just those >1h old. The hourly call below keeps the default age for live runtime.
+  cleanupRunscOrphans(0);
+  // P2.1/P2.4: record this boot, expose the 24h restart count, alert if crash-looping.
+  stats.restartsToday = recordRestart();
   // Layer 3: Purge expired cached tarballs on startup
   purgeTarballCache();
   // Purge archived tarballs older than MUADDIB_ARCHIVE_RETENTION_DAYS (default 7).
@@ -668,6 +769,10 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
     console.log(`[MONITOR] ${restoredCount} packages pre-loaded from previous session`);
   }
 
+  // Restore the dedup Set so the restored backlog isn't re-scanned from scratch
+  // (an empty dedup set after each of ~10 daily restarts = thousands of wasted re-scans).
+  loadRecentlyScanned(recentlyScanned);
+
   // Restore deferred sandbox queue from previous run
   const deferredRestored = restoreDeferredQueue();
   if (deferredRestored > 0) {
@@ -697,6 +802,7 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
     await drainWorkers();
     // Persist remaining queue items so they survive the restart
     persistQueue(scanQueue, state);
+    saveRecentlyScanned(recentlyScanned); // Persist dedup set too (avoid re-scan storm on restart)
     // Stop deferred sandbox worker and persist its queue
     stopDeferredWorker();
     persistDeferredQueue();
@@ -787,6 +893,7 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
   queuePersistHandle = setInterval(() => {
     if (!running) return;
     persistQueue(scanQueue, state);
+    saveRecentlyScanned(recentlyScanned); // Piggyback: persist dedup set on the same 60s interval
     persistDeferredQueue(); // Piggyback: persist deferred sandbox queue on same interval
   }, QUEUE_PERSIST_INTERVAL);
 
@@ -824,6 +931,8 @@ async function startMonitor(options, stats, dailyAlerts, recentlyScanned, downlo
       const pctUsed = (heapRatio * 100).toFixed(0);
       const levelName = Object.keys(MEMORY_PRESSURE_LEVELS).find(k => MEMORY_PRESSURE_LEVELS[k] === pressureLevel) || 'UNKNOWN';
       console.log(`[MONITOR] MEMORY: heap=${heapUsedMB}MB/${heapLimitMB}MB (${pctUsed}%), rss=${rssMB}MB (${(rssRatio * 100).toFixed(0)}%/${RSS_LIMIT_MB}MB), queue=${scanQueue.length}, dedup=${recentlyScanned.size}, downloads=${downloadsCache.size}, alerts=${alertedPackageRules.size}, dailyAlerts=${dailyAlerts.length}, pressure=${levelName}`);
+      // P1.0: persist the same sample as a time series for offline leak localisation.
+      appendMemTrend(currentMem, getActiveWorkers(), scanQueue.length);
 
       // Graduated response at HIGH+
       if (pressureLevel >= MEMORY_PRESSURE_LEVELS.HIGH) {
@@ -881,6 +990,10 @@ module.exports = {
   sleep,
   persistQueue,
   restoreQueue,
+  appendMemTrend,
+  countRunscDirs,
+  recordRestart,
+  countRecentRestarts,
   POLL_INTERVAL,
   PROCESS_LOOP_INTERVAL,
   QUEUE_WARNING_THRESHOLD,

package/src/monitor/ingestion.js

@@ -10,6 +10,7 @@
 const https = require('https');
 const { acquireRegistrySlot, releaseRegistrySlot } = require('../shared/http-limiter.js');
 const { loadCachedIOCs } = require('../ioc/updater.js');
+const { enqueueScan } = require('./scan-queue.js');
 const {
   saveNpmSeq, CHANGES_STREAM_URL, CHANGES_LIMIT, CHANGES_CATCHUP_MAX,
   savePypiSerial, PYPI_XMLRPC_URL, PYPI_CATCHUP_MAX
@@ -523,7 +524,7 @@ async function preResolveNpmBatch(items, stats, scanQueue) {
     // already done. Items keep their original order because chunks complete
     // sequentially.
     if (scanQueue) {
-      for (const item of chunk) scanQueue.push(item);
+      for (const item of chunk) enqueueScan(scanQueue, item, stats);
     }
   }
   if (stats) {
@@ -566,7 +567,7 @@ async function preResolvePyPIBatch(items, stats, scanQueue) {
       }
     }));
     if (scanQueue) {
-      for (const item of chunk) scanQueue.push(item);
+      for (const item of chunk) enqueueScan(scanQueue, item, stats);
     }
   }
   if (stats) {

package/src/monitor/queue.js

@@ -77,6 +77,7 @@ const {
 
 // From ./ingestion.js
 const { getNpmLatestTarball, getPyPITarballUrl } = require('./ingestion.js');
+const { enqueueScan } = require('./scan-queue.js');
 
 // From ./tarball-archive.js
 const { archiveSuspectTarball } = require('./tarball-archive.js');
@@ -445,6 +446,24 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
     // ML Phase 2a: Count JS files and detect test presence for enriched features
     const { fileCountTotal, hasTests } = countPackageFiles(extractedDir);
 
+    // Hoisted before the worker spawn (per-worker 429-storm fix): fetch the npm
+    // registry metadata ONCE on the main thread. The shared http-limiter coordinates
+    // it and the temporal cache is warm (npm-registry.js reads it first), so only
+    // weekly_downloads + author hit the network. Passed to the worker via scanContext
+    // so the worker's processor consumes it instead of re-fetching on its OWN module-
+    // level limiter — N worker_threads = N uncoordinated limiters → ~Nx npm throughput
+    // → 429 bursts. Also reused below (ML / first-publish / training records /
+    // reputation) — previously this was a SECOND main-side fetch after the worker.
+    let npmRegistryMeta = null;
+    if (ecosystem === 'npm') {
+      try {
+        const { getPackageMetadata } = require('../scanner/npm-registry.js');
+        npmRegistryMeta = await getPackageMetadata(name);
+      } catch (err) {
+        console.error(`[ML] npm registry fetch failed for ${name}: ${err.message}`);
+      }
+    }
+
     let result;
     try {
       // scanContext: feeds monitor-side info (name/version/ecosystem) and the
@@ -463,6 +482,11 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
         // the full 20-scanner pipeline (unchanged behaviour).
         scanMode: (meta && meta.scanMode) || 'full'
       };
+      // Hand the main-thread-fetched metadata to the worker so its processor skips
+      // the per-worker getPackageMetadata fetch (429-storm fix). npm only; the key
+      // is set even when null ("main already tried, don't refetch"). pypi leaves it
+      // absent so the worker takes the unchanged CLI/else-if path.
+      if (ecosystem === 'npm') scanContext.npmRegistryMeta = npmRegistryMeta;
       result = await runScanInWorker(extractedDir, STATIC_SCAN_TIMEOUT_MS, scanContext, signal);
     } catch (staticErr) {
       if (/static scan timeout/i.test(staticErr.message)) {
@@ -494,22 +518,11 @@ async function scanPackage(name, version, ecosystem, tarballUrl, registryMeta, s
     // First-publish detection: used for sandbox priority below
     const isFirstPublish = cacheTrigger && cacheTrigger.reason === 'first_publish';
 
-    // Fetch npm registry metadata for ALL npm packages (not just those with findings).
-    // Needed for: (1) isFirstPublishHighRisk decision, (2) ML classifier features,
-    // (3) JSONL training records — clean packages MUST have metadata to prevent
-    // data leakage (model learning "metadata=0 → clean" instead of behavioral signals).
-    // Cost: near-zero for npm packages because temporal checks (line ~1014) already
-    // pre-fetch registry metadata into temporal-analysis._metadataCache, and
-    // getPackageMetadata() reads this cache first (npm-registry.js:87-95).
-    let npmRegistryMeta = null;
-    if (ecosystem === 'npm') {
-      try {
-        const { getPackageMetadata } = require('../scanner/npm-registry.js');
-        npmRegistryMeta = await getPackageMetadata(name);
-      } catch (err) {
-        console.error(`[ML] npm registry fetch failed for ${name}: ${err.message}`);
-      }
-    }
+    // npm registry metadata was fetched ONCE before the worker spawn (hoisted above
+    // to feed scanContext.npmRegistryMeta) and is reused here for: isFirstPublishHigh-
+    // Risk, ML classifier features, JSONL training records, and reputation scoring.
+    // Clean packages MUST carry metadata to prevent training-data leakage (model
+    // learning "metadata=0 → clean" instead of behavioral signals).
 
     // First-publish sandbox priority: sandbox even with 0 static findings
     // if the package is from a new/unknown maintainer without a linked repository.
@@ -1243,7 +1256,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
           if (!recent || !recent.tarball || !recent.version) continue;
           const dedupeKey = `${item.name}@${recent.version}`;
           if (recentlyScanned.has(dedupeKey)) continue;
-          scanQueue.push({
+          enqueueScan(scanQueue, {
             name: item.name,
             version: recent.version,
             ecosystem: 'npm',
@@ -1252,7 +1265,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
             registryScripts: recent.scripts || null,
             atoSignal: item.atoSignal === true,
             isATOBurstExtra: true,
-          });
+          }, stats);
         }
 
         // Fast-track decision: large packages (>15MB) with no lifecycle scripts and no IOC match.
@@ -1365,6 +1378,7 @@ async function resolveTarballAndScan(item, stats, dailyAlerts, recentlyScanned,
     publishResult = pubRes.status === 'fulfilled' ? pubRes.value : null;
     maintainerResult = maintRes.status === 'fulfilled' ? maintRes.value : null;
   } else if (skipTemporal && item.ecosystem === 'npm' && !item.fastTrack) {
+    stats.temporalLoadShed = (stats.temporalLoadShed || 0) + 1; // P2.2: count the coverage degradation
     console.log(`[MONITOR] TEMPORAL LOAD-SHED: ${item.name}@${item.version} (queue=${scanQueue.length} > ${TEMPORAL_LOAD_SHED_THRESHOLD})`);
   }
 

package/src/monitor/scan-queue.js

@@ -0,0 +1,48 @@
+/**
+ * Shared bounded enqueue for the scan queue.
+ *
+ * CLAUDE.md §2 (bounded resources): every in-memory structure needs an explicit max.
+ * The scan queue had none — ingestion pushed straight into a plain array, so a
+ * backpressure gap or the burst-publish path could grow it without bound. enqueueScan
+ * caps it at MAX_SCAN_QUEUE and drops the OLDEST item when full (newest packages are the
+ * most likely to still exist on the registry for a later re-scan — the same policy as
+ * the EMERGENCY queue truncation in daemon.js). Drops are counted (stats.queueHardDrops)
+ * and logged (rate-limited) so a coverage loss can't hide — CLAUDE.md "no silent caps".
+ *
+ * Lives in its own module so both ingestion.js and queue.js can import it without a
+ * circular require (queue.js already requires ingestion.js).
+ */
+
+// Hard ceiling on live queue growth. Sits above the 30K soft-backpressure threshold
+// (ingestion.js pauses polling at 30K), so it only fires if backpressure is bypassed
+// (e.g. the burst path) or breaks. Env-tunable for ops.
+const MAX_SCAN_QUEUE = (() => {
+  const v = parseInt(process.env.MUADDIB_MAX_SCAN_QUEUE, 10);
+  return Number.isFinite(v) && v > 0 ? v : 50_000;
+})();
+
+const HARD_DROP_LOG_INTERVAL_MS = 10_000;
+let _lastHardDropLog = 0;
+
+/**
+ * Push an item onto the scan queue, enforcing the hard cap by dropping the oldest item
+ * when at capacity. `max` defaults to MAX_SCAN_QUEUE (overridable for tests). Returns
+ * true iff an item was dropped to make room.
+ */
+function enqueueScan(scanQueue, item, stats, max = MAX_SCAN_QUEUE) {
+  let dropped = false;
+  if (scanQueue.length >= max) {
+    scanQueue.shift(); // drop oldest
+    dropped = true;
+    if (stats) stats.queueHardDrops = (stats.queueHardDrops || 0) + 1;
+    const now = Date.now();
+    if (now - _lastHardDropLog > HARD_DROP_LOG_INTERVAL_MS) {
+      _lastHardDropLog = now;
+      console.warn(`[MONITOR] QUEUE_HARD_DROP: scan queue at cap ${max} — dropping oldest item(s) (total dropped this session: ${stats ? stats.queueHardDrops : '?'}). Ingestion is outrunning scanning.`);
+    }
+  }
+  scanQueue.push(item);
+  return dropped;
+}
+
+module.exports = { enqueueScan, MAX_SCAN_QUEUE };

package/src/monitor/state.js

@@ -5,6 +5,7 @@
 
 const fs = require('fs');
 const path = require('path');
+const { isMainThread, threadId } = require('worker_threads');
 const { sanitizePackageName } = require('../shared/download.js');
 
 // --- File path constants ---
@@ -19,6 +20,7 @@ const DETECTIONS_FILE_LEGACY = path.join(__dirname, '..', '..', 'data', 'detecti
 const SCAN_STATS_FILE = path.join(__dirname, '..', '..', 'data', 'scan-stats.json');
 const LAST_DAILY_REPORT_FILE = path.join(__dirname, '..', '..', 'data', 'last-daily-report.json');
 const DAILY_STATS_FILE = path.join(__dirname, '..', '..', 'data', 'daily-stats.json');
+const RECENTLY_SCANNED_FILE = path.join(__dirname, '..', '..', 'data', 'recently-scanned.json');
 const TEMPORAL_DETECTIONS_FILE = path.join(__dirname, '..', '..', 'data', 'temporal-detections.jsonl');
 const TEMPORAL_DETECTIONS_FILE_LEGACY = path.join(__dirname, '..', '..', 'data', 'temporal-detections.json');
 
@@ -43,13 +45,21 @@ const FALLBACK_ALERTS_DIR = path.join(require('os').tmpdir(), 'muaddib-alerts');
  * Try to ensure a directory exists and is writable. Returns the usable path
  * or a fallback path if the primary is read-only / permission-denied.
  */
-function resolveWritableDir(primary, fallback) {
+function resolveWritableDir(primary, fallback, isMain = isMainThread) {
   try {
     fs.mkdirSync(primary, { recursive: true });
-    // Verify writability with a probe file
-    const probe = path.join(primary, '.write-test');
-    fs.writeFileSync(probe, '', 'utf8');
-    fs.unlinkSync(probe);
+    // Only the MAIN thread writes reports/alerts. Each of the up-to-16 scan worker
+    // threads also loads this module (via the transitive require chain), so if they
+    // all ran the probe they'd race on the shared path and throw ENOENT on unlink
+    // (8 such errors/day in prod). Workers skip the probe — the main thread's is enough.
+    if (isMain) {
+      // Unique name per process+thread so overlapping processes (restart storms) and
+      // any future multi-thread probing can't collide. force:true on removal tolerates
+      // an already-gone probe (the very race this fixes) instead of throwing ENOENT.
+      const probe = path.join(primary, `.write-test-${process.pid}-${threadId}`);
+      fs.writeFileSync(probe, '', 'utf8');
+      fs.rmSync(probe, { force: true });
+    }
     return primary;
   } catch (err) {
     if (err.code === 'EROFS' || err.code === 'EACCES' || err.code === 'EPERM') {
@@ -1075,6 +1085,66 @@ function maybePersistDailyStats(stats, dailyAlerts) {
   }
 }
 
+// --- Daily report headline reconciliation (crash-safe) ---
+//
+// A restart-storm around the daily-report hour can zero/corrupt the in-memory
+// `stats` counter (the monitor was OOM-restarted ~10×/day in prod), producing a
+// report like "scanned=5" while ~44k packages were actually scanned that day.
+// scan-stats.json's `stats.total_scanned` is a MONOTONIC all-time counter, written
+// atomically on every scan and NEVER reset — so "scans since the last report" is a
+// restart-proof delta. We persist that counter as a per-report baseline and floor
+// the published headline at the delta, so a report can never under-count below what
+// really happened. No-op on healthy days (in-memory counter >= delta).
+
+/**
+ * Snapshot the monotonic all-time scan-stats totals, to persist as a baseline at
+ * report time. The next report computes "since last report" as a delta from it.
+ */
+function captureScanStatsBaseline() {
+  const s = loadScanStats().stats || {};
+  return {
+    total_scanned: s.total_scanned || 0,
+    clean: s.clean || 0,
+    suspect: s.suspect || 0
+  };
+}
+
+/**
+ * Floor the in-memory daily headline (scanned/clean/suspect) at the durable
+ * scan-stats delta since the last report. Mutates `stats` UPWARD only; never lowers
+ * a value. Returns { applied, floor, before } for observability and tests. Safe
+ * no-op when there is no baseline yet (first report ever) or when the in-memory
+ * counter already meets/exceeds the delta.
+ */
+function reconcileDailyHeadline(stats) {
+  const summary = { applied: false, floor: 0, before: stats.scanned };
+  let baseline = null;
+  try {
+    baseline = JSON.parse(fs.readFileSync(LAST_DAILY_REPORT_FILE, 'utf8')).scanStatsBaseline;
+  } catch { /* no file / corrupt — no baseline, treat as first report */ }
+  if (!baseline || typeof baseline.total_scanned !== 'number') return summary;
+  const cur = loadScanStats().stats || {};
+  const dScanned = Math.max(0, (cur.total_scanned || 0) - baseline.total_scanned);
+  const dClean = Math.max(0, (cur.clean || 0) - (baseline.clean || 0));
+  const dSuspect = Math.max(0, (cur.suspect || 0) - (baseline.suspect || 0));
+  summary.floor = dScanned;
+  // Trigger on SIGNIFICANT loss (in-memory below 80% of the durable delta = a
+  // restart-storm dropped counter increments), not on normal drift. The two counters
+  // drift a few percent (in-memory also counts SIZE_REJECT/SKIP-large paths scan-stats
+  // doesn't — so on a healthy day delta <= in-memory, making a false trigger require an
+  // implausible +25% over-count). 0.8 catches half-catastrophes (e.g. 25k in-memory vs
+  // 48k durable) while staying well above the ~5-10% normal-drift band.
+  const LOSS_FLOOR_RATIO = 0.8;
+  if (dScanned > 100 && stats.scanned < dScanned * LOSS_FLOOR_RATIO) {
+    console.warn(`[MONITOR] DAILY RECONCILE: in-memory scanned=${stats.scanned} ≪ durable scan-stats delta=${dScanned} (restart-storm counter loss) — publishing durable count`);
+    stats.scanned = dScanned;
+    if (dClean > stats.clean) stats.clean = dClean;
+    if (dSuspect > stats.suspect) stats.suspect = dSuspect;
+    summary.applied = true;
+  }
+  return summary;
+}
+
 // --- Daily report date persistence ---
 
 /**
@@ -1092,11 +1162,15 @@ function loadLastDailyReportDate() {
 }
 
 /**
- * Persist the date of the last daily report sent (YYYY-MM-DD).
+ * Persist the date of the last daily report sent (YYYY-MM-DD), and optionally the
+ * monotonic scan-stats baseline captured at that moment (used by the next report's
+ * crash-safe headline reconciliation). Baseline is optional for backward compat.
  */
-function saveLastDailyReportDate(dateStr) {
+function saveLastDailyReportDate(dateStr, scanStatsBaseline) {
   try {
-    atomicWriteFileSync(LAST_DAILY_REPORT_FILE, JSON.stringify({ lastReportDate: dateStr }, null, 2));
+    const payload = { lastReportDate: dateStr };
+    if (scanStatsBaseline) payload.scanStatsBaseline = scanStatsBaseline;
+    atomicWriteFileSync(LAST_DAILY_REPORT_FILE, JSON.stringify(payload, null, 2));
   } catch (err) {
     console.error(`[MONITOR] Failed to save last daily report date: ${err.message}`);
   }
@@ -1136,6 +1210,56 @@ function getParisDateString() {
   return formatter.format(new Date());
 }
 
+// --- recentlyScanned dedup-set persistence (survives restarts → no re-scan storm) ---
+//
+// The dedup Set is in-memory only, so every restart starts it empty and re-scans the
+// whole restored backlog (wasted work — the monitor OOM-restarts ~10×/day). We persist
+// the keys alongside the queue so the dedup survives. Entries are timestampless (the Set
+// is FIFO-capped and cleared at each daily report, so it holds at most ~24h of keys), so
+// freshness is guarded at the whole-file level with a savedAt — same shape as queue-state.
+const RECENTLY_SCANNED_PERSIST_MAX = 50_000;             // mirrors RECENTLY_SCANNED_MAX (queue.js)
+const RECENTLY_SCANNED_MAX_AGE_MS = 24 * 60 * 60 * 1000; // discard a stale file (monitor down >24h)
+
+function saveRecentlyScanned(recentlyScanned) {
+  try {
+    if (!recentlyScanned || recentlyScanned.size === 0) {
+      try { fs.unlinkSync(RECENTLY_SCANNED_FILE); } catch {}
+      return;
+    }
+    let keys = Array.from(recentlyScanned);
+    if (keys.length > RECENTLY_SCANNED_PERSIST_MAX) keys = keys.slice(-RECENTLY_SCANNED_PERSIST_MAX);
+    atomicWriteFileSync(RECENTLY_SCANNED_FILE, JSON.stringify({ savedAt: new Date().toISOString(), count: keys.length, keys }));
+  } catch (err) {
+    console.error(`[MONITOR] Failed to persist recentlyScanned: ${err.message}`);
+  }
+}
+
+/**
+ * Restore the dedup Set on boot by adding keys into the passed Set in place. Returns
+ * the count restored. Safe no-op on missing / corrupt / stale (>24h) file.
+ */
+function loadRecentlyScanned(recentlyScanned) {
+  try {
+    if (!fs.existsSync(RECENTLY_SCANNED_FILE)) return 0;
+    const data = JSON.parse(fs.readFileSync(RECENTLY_SCANNED_FILE, 'utf8'));
+    if (!data || !Array.isArray(data.keys) || !data.savedAt) return 0;
+    const ageMs = Date.now() - new Date(data.savedAt).getTime();
+    if (ageMs > RECENTLY_SCANNED_MAX_AGE_MS) {
+      console.log(`[MONITOR] recentlyScanned state expired (${Math.round(ageMs / 3600000)}h old) — ignoring`);
+      try { fs.unlinkSync(RECENTLY_SCANNED_FILE); } catch {}
+      return 0;
+    }
+    let keys = data.keys;
+    if (keys.length > RECENTLY_SCANNED_PERSIST_MAX) keys = keys.slice(-RECENTLY_SCANNED_PERSIST_MAX);
+    for (const k of keys) recentlyScanned.add(k);
+    console.log(`[MONITOR] Restored ${keys.length} dedup keys from previous session (no re-scan storm)`);
+    return keys.length;
+  } catch (err) {
+    console.log(`[MONITOR] WARNING: could not restore recentlyScanned: ${err.message}`);
+    return 0;
+  }
+}
+
 // --- Raw state loader (CLI report helpers) ---
 
 // --- JSONL migration (one-shot, idempotent) ---
@@ -1320,9 +1444,13 @@ module.exports = {
   saveDailyStats,
   resetDailyStats,
   maybePersistDailyStats,
+  captureScanStatsBaseline,
+  reconcileDailyHeadline,
   loadLastDailyReportDate,
   saveLastDailyReportDate,
   hasReportBeenSentToday,
+  saveRecentlyScanned,
+  loadRecentlyScanned,
   getParisHour,
   getParisDateString,
   loadStateRaw

package/src/monitor/webhook.js

@@ -20,6 +20,8 @@ const {
   loadDetections,
   saveLastDailyReportDate,
   resetDailyStats,
+  reconcileDailyHeadline,
+  captureScanStatsBaseline,
   saveScanMemory,
   shouldSuppressByMemory,
   recordScanMemory,
@@ -1019,6 +1021,7 @@ function buildDailyReportEmbed(stats, dailyAlerts) {
         ...((stats.sandboxDeferred || stats.deferredProcessed || stats.deferredExpired)
           ? [{ name: 'Deferred Sandbox', value: `Enqueued: ${stats.sandboxDeferred || 0} | Processed: ${stats.deferredProcessed || 0} | Expired: ${stats.deferredExpired || 0}`, inline: false }]
           : []),
+        { name: 'Stability', value: `Restarts (24h): ${stats.restartsToday || 0} | Temporal load-shed: ${stats.temporalLoadShed || 0} | Queue hard-drops: ${stats.queueHardDrops || 0}`, inline: false },
         { name: 'System', value: healthText, inline: false }
       ],
       footer: {
@@ -1037,6 +1040,11 @@ function buildDailyReportEmbed(stats, dailyAlerts) {
  * @param {Map} downloadsCache - In-memory downloads cache (will be cleared)
  */
 async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCache) {
+  // Crash-safe headline: a restart-storm around report time can zero the in-memory
+  // counter (the monitor OOM-restarts ~10×/day). Floor scanned/clean/suspect at the
+  // durable scan-stats delta so we never publish "5" when ~44k were really scanned.
+  reconcileDailyHeadline(stats);
+
   // Never send an empty report (0 scanned — restart with no work done)
   if (stats.scanned === 0) {
     console.log('[MONITOR] Daily report skipped (0 packages scanned)');
@@ -1048,7 +1056,9 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
   // recorded on disk and prevents duplicate reports on next startup.
   const today = getParisDateString();
   stats.lastDailyReportDate = today;
-  saveLastDailyReportDate(today);
+  // Persist the monotonic scan-stats counter as the baseline for the NEXT report's
+  // delta. Written before the (now last) webhook so a mid-send kill can't double-count.
+  saveLastDailyReportDate(today, captureScanStatsBaseline());
 
   const payload = buildDailyReportEmbed(stats, dailyAlerts);
 
@@ -1068,22 +1078,12 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
     deferredProcessed: stats.deferredProcessed || 0,
     deferredExpired: stats.deferredExpired || 0,
     changesStreamPackages: stats.changesStreamPackages || 0,
+    restartsToday: stats.restartsToday || 0,
+    temporalLoadShed: stats.temporalLoadShed || 0,
+    queueHardDrops: stats.queueHardDrops || 0,
     topSuspects: dailyAlerts.slice().sort((a, b) => (b.score || 0) - (a.score || 0) || b.findingsCount - a.findingsCount).slice(0, 10)
   });
 
-  // Send webhook only if configured
-  const url = getWebhookUrl();
-  if (url) {
-    try {
-      await sendWebhook(url, payload, { rawPayload: true });
-      console.log('[MONITOR] Daily report sent');
-    } catch (err) {
-      console.error(`[MONITOR] Daily report webhook failed: ${err.message}`);
-    }
-  } else {
-    console.log('[MONITOR] Daily report persisted locally (no webhook URL configured)');
-  }
-
   // Reset daily counters
   stats.scanned = 0;
   stats.clean = 0;
@@ -1122,6 +1122,8 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
   stats.pypiCatchupSkips = 0;
   stats.pypiWheelsScanned = 0;
   stats.pypiSkippedNoArchive = 0;
+  stats.temporalLoadShed = 0;
+  stats.queueHardDrops = 0;
   stats.rssFallbackCount = 0;
   dailyAlerts.length = 0;
   recentlyScanned.clear();
@@ -1132,9 +1134,26 @@ async function sendDailyReport(stats, dailyAlerts, recentlyScanned, downloadsCac
   }
   pendingGrouped.clear();
   downloadsCache.clear();
+  // Reset the durable daily-stats counter. Done BEFORE the (now last) webhook so a
+  // SIGKILL during the send can't leave the counter un-reset (which would double-count
+  // into the next day's report). loadDailyStats() treats the absent file as zeros.
   resetDailyStats();
   // C3: Flush scan memory to disk on daily reset (ensures no data loss)
   saveScanMemory();
+
+  // Send webhook LAST (best-effort). The reset + baseline above are already durable,
+  // so a kill during the send loses only the Discord ping — never the accounting.
+  const url = getWebhookUrl();
+  if (url) {
+    try {
+      await sendWebhook(url, payload, { rawPayload: true });
+      console.log('[MONITOR] Daily report sent');
+    } catch (err) {
+      console.error(`[MONITOR] Daily report webhook failed: ${err.message}`);
+    }
+  } else {
+    console.log('[MONITOR] Daily report persisted locally (no webhook URL configured)');
+  }
 }
 
 // --- CLI report helpers (muaddib report --now / --status) ---

package/src/pipeline/processor.js

@@ -191,6 +191,31 @@ async function process(threats, targetPath, options, pythonDeps, warnings, scann
   // 3 metadata-dependent gates (METADATA_FACTOR, MATURE_CAP, DELTA_MODE) in
   // one shot. Individual gates can still be turned off via their own =0 flag.
   if (
+    packageName &&
+    _pkgMeta &&
+    options &&
+    Object.prototype.hasOwnProperty.call(options, 'npmRegistryMeta')
+  ) {
+    // The monitor fetched the registry metadata ONCE on the main thread (shared
+    // http-limiter, warm temporal cache) and passed it via scanContext.npmRegistry-
+    // Meta. Consume it here instead of re-fetching: a per-worker getPackageMetadata()
+    // runs on the worker's OWN module-level limiter, so N worker_threads = N
+    // uncoordinated limiters → ~Nx npm throughput → 429 storms. Strict semantics —
+    // the key being present (even null) means "main already handled it"; a null
+    // value (main fetch failed) leaves the gates to no-op, identical to a failed
+    // fetch (best-effort metadata signals stay silent). CLI / `muaddib replay`
+    // never set the key → the else-if fetch path below is unchanged.
+    const injected = options.npmRegistryMeta;
+    if (injected) {
+      // Attach the scanned version (getPackageMetadata never sets it) so
+      // applyMatureStableCap can require scan_version === latest_version — a
+      // historical compromised version must not inherit live "stable" reputation.
+      if (injected.scan_version == null && packageVersion != null) {
+        injected.scan_version = packageVersion;
+      }
+      _pkgMeta.npmRegistryMeta = injected;
+    }
+  } else if (
     packageName &&
     _pkgMeta &&
     globalThis.process.env.MUADDIB_NO_REGISTRY_FETCH !== '1' &&

package/src/scanner/trusted-dep-diff.js

@@ -29,6 +29,7 @@
 const fs = require('fs');
 const path = require('path');
 const https = require('https');
+const { acquireRegistrySlot, releaseRegistrySlot, signal429 } = require('../shared/http-limiter.js');
 
 const TRUSTED_DEP_AGE_THRESHOLD_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
 
@@ -80,7 +81,17 @@ function httpsGet(url, timeoutMs = 30_000) {
 async function checkDepDiff(name, newVersion) {
   const findings = [];
   try {
-    const body = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(name)}`, PACKUMENT_TIMEOUT_MS);
+    // Route through the shared http-limiter (concurrency + token bucket + 429
+    // backoff) instead of a raw uncoordinated httpsGet — this scanner runs inside
+    // the monitor worker_threads, where an unbounded fetch joins the per-worker
+    // 429 storm. finally-release keeps the semaphore balanced even on reject.
+    await acquireRegistrySlot();
+    let body;
+    try {
+      body = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(name)}`, PACKUMENT_TIMEOUT_MS);
+    } finally {
+      releaseRegistrySlot();
+    }
     const packument = JSON.parse(body);
 
     if (!packument.versions || !packument.time) return findings;
@@ -107,13 +118,20 @@ async function checkDepDiff(name, newVersion) {
     for (const dep of addedDeps) {
       let ageMs = null;
       try {
-        const depBody = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(dep)}`, DEP_AGE_TIMEOUT_MS);
+        await acquireRegistrySlot();
+        let depBody;
+        try {
+          depBody = await httpsGet(`https://registry.npmjs.org/${encodeURIComponent(dep)}`, DEP_AGE_TIMEOUT_MS);
+        } finally {
+          releaseRegistrySlot();
+        }
         const depData = JSON.parse(depBody);
         const created = depData.time && depData.time.created;
         if (created) {
           ageMs = Date.now() - new Date(created).getTime();
         }
       } catch (err) {
+        if (/HTTP 429/.test(err.message)) { try { signal429(); } catch { /* limiter best-effort */ } }
         console.log(`[SCANNER] trusted-dep-diff: could not check age of dependency ${dep}: ${err.message}`);
       }
 
@@ -152,6 +170,7 @@ async function checkDepDiff(name, newVersion) {
 
     return findings;
   } catch (err) {
+    if (/HTTP 429/.test(err.message)) { try { signal429(); } catch { /* limiter best-effort */ } }
     console.log(`[SCANNER] trusted-dep-diff: check failed for ${name}@${newVersion}: ${err.message}`);
     return findings;
   }