oh-my-codex 0.13.1 → 0.13.2

package/Cargo.lock

@@ -32,11 +32,11 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "omx-explore-harness"
-version = "0.13.1"
+version = "0.13.2"
 
 [[package]]
 name = "omx-mux"
-version = "0.13.1"
+version = "0.13.2"
 dependencies = [
  "serde",
  "serde_json",
@@ -44,7 +44,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime"
-version = "0.13.1"
+version = "0.13.2"
 dependencies = [
  "omx-mux",
  "omx-runtime-core",
@@ -53,7 +53,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime-core"
-version = "0.13.1"
+version = "0.13.2"
 dependencies = [
  "fs2",
  "serde",
@@ -62,7 +62,7 @@ dependencies = [
 
 [[package]]
 name = "omx-sparkshell"
-version = "0.13.1"
+version = "0.13.2"
 dependencies = [
  "omx-mux",
 ]

package/Cargo.toml

@@ -10,7 +10,7 @@ resolver = "2"
 
 [workspace.package]
 
-version = "0.13.1"
+version = "0.13.2"
 
 edition = "2021"
 license = "MIT"

package/README.md

@@ -218,6 +218,8 @@ omx doctor --team
 
 Only use the forced team shutdown for a team you have confirmed is dead or intentionally abandoned.
 
+If `Shift+Enter` still submits instead of inserting a newline inside an OMX-managed tmux session, see [Troubleshooting execution readiness](./docs/troubleshooting.md#shiftenter-submits-instead-of-inserting-a-newline-in-tmux-backed-omx-sessions). Current OMX already enables tmux extended-key forwarding around its own Codex launch paths, so a persistent failure is usually a tmux terminal-capability/discoverability problem rather than a net-new OMX feature gap.
+
 ### Explore and sparkshell
 
 - `omx explore --prompt "..."` is for read-only repository lookup

package/crates/omx-explore/src/main.rs

@@ -12,6 +12,8 @@ const CODEX_BIN_ENV: &str = "OMX_EXPLORE_CODEX_BIN";
 const HARNESS_ROOT_ENV: &str = "OMX_EXPLORE_ROOT";
 const INTERNAL_DIRECT_WRAPPER_FLAG: &str = "--internal-allowlist-direct";
 const INTERNAL_SHELL_WRAPPER_FLAG: &str = "--internal-allowlist-shell";
+const TEMP_ALLOWLIST_DIR_PREFIX: &str = "omx-explore-allowlist-";
+const SHELL_STARTUP_ENV_VARS: &[&str] = &["BASH_ENV", "ENV", "PROMPT_COMMAND"];
 const WINDOWS_UNSUPPORTED_ALLOWLIST_MESSAGE: &str =
     "omx explore built-in harness is not ready on Windows because its allowlist runtime relies on POSIX sh/bash wrappers. Set OMX_EXPLORE_BIN to a compatible custom harness, prefer `omx sparkshell` for shell-native read-only lookups, or run `omx doctor` for readiness details.";
 
@@ -226,6 +228,7 @@ fn invoke_codex(args: &Args, model: &str, prompt_contract: &str) -> io::Result<A
         .env(HARNESS_ROOT_ENV, &args.cwd)
         .env("PATH", &allowlist.bin_dir)
         .env("SHELL", &allowlist.shell_path);
+    sanitize_explore_subprocess_env(&mut command);
     let output = command.output()?;
 
     let markdown = read_to_string(&output_path).ok();
@@ -580,20 +583,46 @@ fn build_direct_wrapper(self_exe: &Path, command: &str) -> Result<String, String
 
 fn resolve_host_command(command: &str) -> Option<PathBuf> {
     let candidate = Path::new(command);
-    if candidate.is_absolute() && is_usable_host_command(candidate) {
+    if candidate.is_absolute()
+        && is_usable_host_command(candidate)
+        && !is_omx_explore_allowlist_path(candidate)
+    {
         return Some(candidate.to_path_buf());
     }
 
     let path = env::var_os("PATH")?;
     for entry in env::split_paths(&path) {
         let resolved = entry.join(command);
-        if is_usable_host_command(&resolved) {
+        if is_usable_host_command(&resolved) && !is_omx_explore_allowlist_path(&resolved) {
             return Some(resolved);
         }
     }
     None
 }
 
+fn is_omx_explore_allowlist_path(path: &Path) -> bool {
+    fn is_under_allowlist_bin(path: &Path) -> bool {
+        path.ancestors().any(|ancestor| {
+            let is_allowlist_root = ancestor
+                .file_name()
+                .and_then(|name| name.to_str())
+                .is_some_and(|name| name.starts_with(TEMP_ALLOWLIST_DIR_PREFIX));
+            if !is_allowlist_root {
+                return false;
+            }
+            path.strip_prefix(ancestor)
+                .ok()
+                .and_then(|relative| relative.components().next())
+                .is_some_and(|component| component.as_os_str() == "bin")
+        })
+    }
+
+    is_under_allowlist_bin(path)
+        || canonicalize_existing_prefix(path)
+            .as_deref()
+            .is_some_and(is_under_allowlist_bin)
+}
+
 fn is_usable_host_command(path: &Path) -> bool {
     let metadata = match path.metadata() {
         Ok(metadata) => metadata,
@@ -617,6 +646,12 @@ fn shell_quote(value: &str) -> String {
     format!("'{}'", value.replace('\'', "'\"'\"'"))
 }
 
+fn sanitize_explore_subprocess_env(command: &mut Command) {
+    for key in SHELL_STARTUP_ENV_VARS {
+        command.env_remove(key);
+    }
+}
+
 fn run_internal_direct_wrapper<I>(mut args: I) -> Result<(), String>
 where
     I: Iterator<Item = OsString>,
@@ -653,6 +688,7 @@ where
     if real_shell.ends_with("bash") {
         child.arg("--noprofile").arg("--norc");
     }
+    sanitize_explore_subprocess_env(&mut child);
     let status = child
         .arg("-lc")
         .arg(&command)
@@ -735,7 +771,7 @@ fn validate_direct_command(command_name: &str, args: &[String]) -> Result<(), St
                 );
             }
         }
-        "find" => {
+        "find"
             if args.iter().any(|arg| {
                 matches!(
                     arg.as_str(),
@@ -749,13 +785,14 @@ fn validate_direct_command(command_name: &str, args: &[String]) -> Result<(), St
                         | "-fprintf"
                         | "-fls"
                 )
-            }) {
-                return Err(
-                    "find actions that execute, delete, or write files are not allowed in omx explore"
-                        .to_string(),
-                );
-            }
+            }) =>
+        {
+            return Err(
+                "find actions that execute, delete, or write files are not allowed in omx explore"
+                    .to_string(),
+            );
         }
+        "find" => {}
         "cat" => {
             let operands = non_option_operands(args);
             if operands.is_empty() {
@@ -987,7 +1024,17 @@ mod tests {
     #[test]
     fn resolve_codex_binary_resolves_bare_env_override_from_path() {
         let _guard = env_lock();
-        let root = temp_allowlist_dir().expect("temp root");
+        let root = TempDirGuard {
+            path: env::temp_dir().join(format!(
+                "omx-explore-resolve-codex-binary-{}-{}",
+                std::process::id(),
+                SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap_or_default()
+                    .as_nanos()
+            )),
+        };
+        create_dir_all(&root.path).expect("create temp root");
         let bin_dir = root.path.join("bin");
         create_dir_all(&bin_dir).expect("create bin");
         let fake_codex = bin_dir.join("codex-custom");
@@ -1271,6 +1318,72 @@ exec node "$basedir/../@openai/codex/bin/codex.js" "$@"
         assert!(!wrapper.contains("exit 127"));
     }
 
+    #[cfg(unix)]
+    #[test]
+    fn resolve_host_command_skips_omx_explore_allowlist_wrappers() {
+        let _guard = env_lock();
+        let allowlist_root = temp_allowlist_dir().expect("allowlist root");
+        let real_root = TempDirGuard {
+            path: env::temp_dir().join(format!(
+                "omx-explore-host-resolution-{}-{}",
+                std::process::id(),
+                SystemTime::now()
+                    .duration_since(UNIX_EPOCH)
+                    .unwrap_or_default()
+                    .as_nanos()
+            )),
+        };
+        create_dir_all(&real_root.path).expect("create real root");
+        let real_bin = real_root.path.join("real-bin");
+        let allowlist_bin = allowlist_root
+            .path
+            .join(format!("{TEMP_ALLOWLIST_DIR_PREFIX}fixture"))
+            .join("bin");
+        create_dir_all(&real_bin).expect("create real bin");
+        create_dir_all(&allowlist_bin).expect("create allowlist bin");
+
+        let real_grep = real_bin.join("grep");
+        write_executable(&real_grep, "#!/bin/sh\nexit 0\n").expect("write real grep");
+        let wrapper_grep = allowlist_bin.join("grep");
+        write_executable(&wrapper_grep, "#!/bin/sh\nexit 0\n").expect("write wrapper grep");
+
+        let original_path = env::var_os("PATH");
+        unsafe {
+            env::set_var(
+                "PATH",
+                env::join_paths([allowlist_bin.as_path(), real_bin.as_path()]).expect("join path"),
+            );
+        }
+
+        let resolved = resolve_host_command("grep");
+
+        match original_path {
+            Some(value) => unsafe { env::set_var("PATH", value) },
+            None => unsafe { env::remove_var("PATH") },
+        }
+
+        assert_eq!(resolved, Some(real_grep));
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn resolve_host_command_rejects_absolute_allowlist_wrapper_paths() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let wrapper_dir = root
+            .path
+            .join(format!("{TEMP_ALLOWLIST_DIR_PREFIX}fixture"))
+            .join("bin");
+        create_dir_all(&wrapper_dir).expect("create wrapper dir");
+        let wrapper = wrapper_dir.join("grep");
+        write_executable(&wrapper, "#!/bin/sh\nexit 0\n").expect("write wrapper");
+
+        assert_eq!(
+            resolve_host_command(wrapper.to_str().expect("wrapper path")),
+            None
+        );
+    }
+
     #[test]
     fn discover_codex_support_dirs_includes_home_omx_and_codex_when_present() {
         let _guard = env_lock();
@@ -1520,6 +1633,104 @@ exit 17
         let _error = result.expect_err("both attempts should fail");
     }
 
+    #[test]
+    fn invoke_codex_clears_shell_startup_env_before_launching_codex() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let repo = root.path.join("repo");
+        create_dir_all(&repo).expect("create repo");
+        let prompt_file = root.path.join("prompt.md");
+        write(&prompt_file, "contract").expect("write prompt");
+        let capture_path = root.path.join("capture.txt");
+        let fake_codex = root.path.join("codex-stub");
+        write_executable(
+            &fake_codex,
+            &format!(
+                r#"#!/bin/sh
+set -eu
+output_path=""
+while [ "$#" -gt 0 ]; do
+  if [ "$1" = "-o" ]; then
+    shift
+    output_path="$1"
+  fi
+  shift
+done
+printf 'BASH_ENV=%s\nENV=%s\nPROMPT_COMMAND=%s\n' "${{BASH_ENV:-}}" "${{ENV:-}}" "${{PROMPT_COMMAND:-}}" > {}
+printf '# Answer\nok\n' > "$output_path"
+"#,
+                shell_quote(&capture_path.display().to_string())
+            ),
+        )
+        .expect("write fake codex");
+
+        unsafe {
+            env::set_var(CODEX_BIN_ENV, &fake_codex);
+            env::set_var("BASH_ENV", "/tmp/bash-env-should-not-leak");
+            env::set_var("ENV", "/tmp/env-should-not-leak");
+            env::set_var("PROMPT_COMMAND", "printf should-not-run");
+        }
+        let attempt = invoke_codex(
+            &Args {
+                cwd: repo.clone(),
+                prompt: "find tests".to_string(),
+                prompt_file,
+                spark_model: "spark-model".to_string(),
+                fallback_model: "fallback-model".to_string(),
+            },
+            "spark-model",
+            "contract",
+        )
+        .expect("invoke codex");
+        unsafe {
+            env::remove_var(CODEX_BIN_ENV);
+            env::remove_var("BASH_ENV");
+            env::remove_var("ENV");
+            env::remove_var("PROMPT_COMMAND");
+        }
+
+        assert_eq!(attempt.status_code, 0);
+        assert_eq!(
+            read_to_string(&capture_path).expect("read capture"),
+            "BASH_ENV=\nENV=\nPROMPT_COMMAND=\n"
+        );
+    }
+
+    #[test]
+    fn sanitize_explore_subprocess_env_blocks_bash_env_startup_hooks() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let bash_env_log = root.path.join("bash-env.log");
+        let bash_env = root.path.join("bash-env.sh");
+        write(
+            &bash_env,
+            format!(
+                "printf 'startup:%s\\n' \"$BASH_ENV\" >> {}\n",
+                shell_quote(&bash_env_log.display().to_string())
+            ),
+        )
+        .expect("write bash env");
+        let bash_path = resolve_host_command("bash").expect("host bash path");
+
+        unsafe {
+            env::set_var("BASH_ENV", &bash_env);
+        }
+        let mut child = Command::new(&bash_path);
+        child
+            .arg("--noprofile")
+            .arg("--norc")
+            .arg("-lc")
+            .arg("true");
+        sanitize_explore_subprocess_env(&mut child);
+        let status = child.status().expect("run bash");
+        unsafe {
+            env::remove_var("BASH_ENV");
+        }
+
+        assert!(status.success());
+        assert_eq!(read_to_string(&bash_env_log).unwrap_or_default(), "");
+    }
+
     #[test]
     fn print_attempt_output_requires_markdown_artifact() {
         let result = print_attempt_output(AttemptResult {

package/dist/catalog/__tests__/generator.test.js

@@ -30,8 +30,10 @@ describe('catalog reader/contract', () => {
         assert.equal(contract.counts.skillCount, expected.skills);
         assert.equal(contract.counts.promptCount, expected.agents);
         assert.ok(contract.aliases.some((a) => a.name === 'swarm' && a.canonical === 'team'));
+        assert.ok(!contract.aliases.some((a) => a.name === 'analyze'));
         assert.ok(contract.internalHidden.includes('worker'));
         assert.ok(contract.coreSkills.includes('autopilot'));
+        assert.ok(contract.skills.some((s) => s.name === 'analyze' && s.status === 'active'));
         assert.ok(contract.skills.some((s) => s.name === 'ask-claude' && s.status === 'active'));
         assert.ok(contract.skills.some((s) => s.name === 'ask-gemini' && s.status === 'active'));
         assert.ok(contract.skills.some((s) => s.name === 'ai-slop-cleaner' && s.status === 'active'));

package/dist/catalog/__tests__/generator.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"generator.test.js","sourceRoot":"","sources":["../../../src/catalog/__tests__/generator.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAE5E,KAAK,UAAU,qBAAqB;IAClC,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;AAClF,CAAC;AAED,KAAK,UAAU,wBAAwB;IACrC,MAAM,GAAG,GAAG,MAAM,qBAAqB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA6C,CAAC;IAC3E,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;KAC7B,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QAC3D,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,SAAS,CACb,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,uBAAuB,CAAC,EAChD,MAAM,qBAAqB,EAAE,CAC9B,CAAC;QAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,QAAQ,GAAG,uBAAuB,CAAC,mBAAmB,EAAE,CAAC,CAAC;QAChE,MAAM,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtD,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;QACjG,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,uBAAuB,CAAC,EAAE,MAAM,CAAC,CAAC;QACpG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,CAAC;IAC3F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"generator.test.js","sourceRoot":"","sources":["../../../src/catalog/__tests__/generator.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAE5E,KAAK,UAAU,qBAAqB;IAClC,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;AAClF,CAAC;AAED,KAAK,UAAU,wBAAwB;IACrC,MAAM,GAAG,GAAG,MAAM,qBAAqB,EAAE,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA6C,CAAC;IAC3E,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM;KAC7B,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QAC3D,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,MAAM,SAAS,CACb,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,uBAAuB,CAAC,EAChD,MAAM,qBAAqB,EAAE,CAC9B,CAAC;QAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,QAAQ,GAAG,uBAAuB,CAAC,mBAAmB,EAAE,CAAC,CAAC;QAChE,MAAM,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,OAAO,IAAI,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC;QAC/D,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACtD,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;QACtF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;QACzF,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,iBAAiB,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC;IAChG,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;QACjG,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,uBAAuB,CAAC,EAAE,MAAM,CAAC,CAAC;QACpG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,CAAC;IAC3F,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/cli/__tests__/index.test.js

@@ -1,6 +1,6 @@
 import { afterEach, describe, it, mock } from "node:test";
 import assert from "node:assert/strict";
-import { existsSync } from "node:fs";
+import { existsSync, mkdirSync, utimesSync } from "node:fs";
 import { chmod, mkdir, mkdtemp, readFile, rm, writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
 import { tmpdir } from "node:os";
@@ -457,6 +457,7 @@ describe("reapStaleNotifyFallbackWatcher", () => {
             await writeFile(pidPath, JSON.stringify({ pid: 4321, started_at: "2026-04-05T00:00:00.000Z" }), "utf-8");
             const killed = [];
             await reapStaleNotifyFallbackWatcher(pidPath, {
+                isWatcherProcess: () => true,
                 tryKillPid(pid, signal) {
                     killed.push({ pid, signal });
                     return true;
@@ -504,6 +505,7 @@ describe("reapStaleNotifyFallbackWatcher", () => {
             const warned = [];
             await reapStaleNotifyFallbackWatcher(pidPath, {
                 readFile: async (path, encoding) => readFile(path, encoding),
+                isWatcherProcess: () => true,
                 tryKillPid() {
                     throw new Error("permission denied");
                 },
@@ -1307,6 +1309,98 @@ exit 0
             ["run"],
         ]);
     });
+    it("reapStaleNotifyFallbackWatcher skips kill when process identity does not match a watcher", async () => {
+        const cwd = await mkdtemp(join(tmpdir(), "omx-reap-pid-identity-"));
+        const pidPath = join(cwd, "watcher.pid");
+        await writeFile(pidPath, JSON.stringify({ pid: 99999, started_at: new Date().toISOString() }));
+        const killed = [];
+        await reapStaleNotifyFallbackWatcher(pidPath, {
+            isWatcherProcess: () => false,
+            tryKillPid: (pid) => { killed.push(pid); return true; },
+        });
+        assert.equal(killed.length, 0, "should not kill a process that is not a watcher");
+        await rm(cwd, { recursive: true, force: true });
+    });
+    it("reapStaleNotifyFallbackWatcher sends SIGTERM only after confirming watcher identity", async () => {
+        const cwd = await mkdtemp(join(tmpdir(), "omx-reap-pid-confirmed-"));
+        const pidPath = join(cwd, "watcher.pid");
+        await writeFile(pidPath, JSON.stringify({ pid: 12345, started_at: new Date().toISOString() }));
+        const killed = [];
+        await reapStaleNotifyFallbackWatcher(pidPath, {
+            isWatcherProcess: () => true,
+            tryKillPid: (pid) => { killed.push(pid); return true; },
+        });
+        assert.deepEqual(killed, [12345], "should SIGTERM the verified watcher process");
+        await rm(cwd, { recursive: true, force: true });
+    });
+    it("reuses legacy plain-text PID parsing without widening stale reap semantics across PID reuse", async () => {
+        const cwd = await mkdtemp(join(tmpdir(), "omx-reap-legacy-pid-"));
+        try {
+            const pidPath = join(cwd, "watcher.pid");
+            await writeFile(pidPath, "12345\n", "utf-8");
+            const observed = [];
+            await reapStaleNotifyFallbackWatcher(pidPath, {
+                isWatcherProcess(pid) {
+                    observed.push(pid);
+                    return false;
+                },
+                tryKillPid: (pid) => {
+                    observed.push(pid);
+                    return true;
+                },
+            });
+            assert.deepEqual(observed, [12345], "legacy plain-text PID files should still identity-check reused PIDs before any kill");
+        }
+        finally {
+            await rm(cwd, { recursive: true, force: true });
+        }
+    });
+    it("reaps watcher-record PIDs only after the record path confirms watcher identity across PID reuse", async () => {
+        const cwd = await mkdtemp(join(tmpdir(), "omx-reap-record-pid-"));
+        try {
+            const pidPath = join(cwd, "watcher.pid");
+            await writeFile(pidPath, JSON.stringify({ pid: 54321, started_at: "2026-04-05T00:00:00.000Z" }), "utf-8");
+            const observed = [];
+            await reapStaleNotifyFallbackWatcher(pidPath, {
+                isWatcherProcess(pid) {
+                    observed.push({ step: "identity", pid });
+                    return true;
+                },
+                tryKillPid(pid) {
+                    observed.push({ step: "kill", pid });
+                    return true;
+                },
+            });
+            assert.deepEqual(observed, [
+                { step: "identity", pid: 54321 },
+                { step: "kill", pid: 54321 },
+            ]);
+        }
+        finally {
+            await rm(cwd, { recursive: true, force: true });
+        }
+    });
+    it("acquireTmuxExtendedKeysLease recovers from a stale lock left by a crashed process", async () => {
+        const cwd = await mkdtemp(join(tmpdir(), "omx-tmux-stale-lock-"));
+        const leaseDir = join(cwd, ".omx", "state", "tmux-extended-keys");
+        const lockDir = join(leaseDir, "tmp-stale-sock.lock");
+        mkdirSync(lockDir, { recursive: true });
+        const staleTime = new Date(Date.now() - 60_000);
+        utimesSync(lockDir, staleTime, staleTime);
+        const calls = [];
+        const execStub = (_file, args) => {
+            calls.push([...args]);
+            if (args[0] === "display-message")
+                return "/tmp/stale-sock";
+            return "";
+        };
+        const lease = acquireTmuxExtendedKeysLease(cwd, execStub);
+        assert.equal(typeof lease, "string", "lease should succeed after stale lock recovery");
+        assert.ok(!existsSync(lockDir), "stale lock directory should be removed");
+        if (lease)
+            releaseTmuxExtendedKeysLease(cwd, lease, execStub);
+        await rm(cwd, { recursive: true, force: true });
+    });
     it("buildDetachedSessionFinalizeSteps keeps schedule after split-capture and before attach", () => {
         const steps = buildDetachedSessionFinalizeSteps("omx-demo", "%12", "3", true);
         const names = steps.map((step) => step.name);