quadwork 1.11.0 → 1.11.1

package/server/__tests__/scrub-secrets.test.js

@@ -0,0 +1,234 @@
+/**
+ * #545: QA verification for #538 PTY scrollback secret scrubbing.
+ *
+ * Tests the production scrubSecrets / scrubScrollback from server/scrub-secrets.js:
+ *  - Redact secrets correctly (SECRET_NAME, API key prefixes, Bearer)
+ *  - Pass through normal terminal output unchanged
+ *  - Preserve ANSI escape codes on non-secret lines
+ *  - Handle edge cases (empty input, very long lines, rapid multi-line output)
+ *
+ * Integration-level checklist items (resize, reconnect/replay flow,
+ * multi-agent isolation, two-tab behavior) are verified by code-path
+ * analysis in the PR description — they depend on WS + PTY runtime
+ * that cannot be unit-tested without a full server harness.
+ */
+
+const { scrubSecrets, scrubScrollback, _REDACTED } = require("../scrub-secrets");
+
+// ---- Tests ----
+
+const assert = require("assert");
+let passed = 0;
+let failed = 0;
+
+function test(name, fn) {
+  try {
+    fn();
+    passed++;
+    console.log(`  PASS  ${name}`);
+  } catch (e) {
+    failed++;
+    console.error(`  FAIL  ${name}`);
+    console.error(`        ${e.message}`);
+  }
+}
+
+console.log("\n#545 QA — scrubSecrets / scrubScrollback (production module)\n");
+
+// --- 1. Secret redaction (true positives) ---
+
+test("redacts ANTHROPIC_API_KEY=value", () => {
+  const input = "ANTHROPIC_API_KEY=sk-ant-api03-xxxxxxxxxxxx";
+  const out = scrubSecrets(input);
+  assert(!out.includes("sk-ant-api03"), `got: ${out}`);
+  assert(out.includes(_REDACTED));
+});
+
+test("redacts DB_PASSWORD: hunter2", () => {
+  const out = scrubSecrets("DB_PASSWORD: hunter2");
+  assert(!out.includes("hunter2"), `got: ${out}`);
+});
+
+test("redacts GITHUB_TOKEN=ghp_...", () => {
+  const token = "ghp_" + "A".repeat(36);
+  const out = scrubSecrets(`export GITHUB_TOKEN=${token}`);
+  assert(!out.includes(token), `got: ${out}`);
+});
+
+test("redacts Bearer token header", () => {
+  const out = scrubSecrets("Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.payload.sig");
+  assert(!out.includes("eyJhbG"), `got: ${out}`);
+  assert(out.includes(_REDACTED));
+});
+
+test("redacts standalone Bearer (no Authorization: prefix)", () => {
+  const out = scrubSecrets("curl -H 'Bearer eyJhbGciOiJIUzI1NiJ9.xxxxxxxxxxxx'");
+  assert(!out.includes("eyJhbG"), `got: ${out}`);
+  assert(out.includes(`Bearer ${_REDACTED}`));
+});
+
+test("redacts sk- OpenAI key inline", () => {
+  const key = "sk-" + "a".repeat(48);
+  const out = scrubSecrets(`Using key ${key} for request`);
+  assert(!out.includes(key), `got: ${out}`);
+});
+
+test("redacts Slack xoxb token", () => {
+  const token = "xoxb-" + "1234567890-" + "A".repeat(20);
+  const out = scrubSecrets(`SLACK_TOKEN=${token}`);
+  assert(!out.includes(token), `got: ${out}`);
+});
+
+// --- 2. Normal output passes through unchanged ---
+
+test("preserves plain text", () => {
+  const input = "Hello, world! This is normal output.";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("preserves npm install output", () => {
+  const input = "added 1423 packages in 45s\n182 packages are looking for funding";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("preserves git clone output", () => {
+  const input = "Cloning into 'repo'...\nremote: Enumerating objects: 1234, done.\nReceiving objects: 100% (1234/1234)";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("preserves test runner output", () => {
+  const input = "Tests: 42 passed, 42 total\nTime: 3.456 s";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("preserves JSON output without secrets", () => {
+  const input = '{"status":"ok","count":42,"items":["a","b","c"]}';
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+// --- 3. ANSI escape code handling ---
+
+test("preserves ANSI colors on non-secret lines", () => {
+  const input = "\x1b[32m✓\x1b[0m test passed";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("redacts secret even inside ANSI-styled line", () => {
+  const input = "\x1b[33mAPI_KEY=\x1b[31msecretvalue123\x1b[0m";
+  const out = scrubSecrets(input);
+  assert(!out.includes("secretvalue123"), `got: ${out}`);
+  assert(out.includes(_REDACTED));
+});
+
+test("ANSI bold output without secrets passes through", () => {
+  const input = "\x1b[1mBuilding project...\x1b[0m\nCompiled successfully.";
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+// --- 4. Edge cases ---
+
+test("handles empty string", () => {
+  assert.strictEqual(scrubSecrets(""), "");
+});
+
+test("handles null/undefined", () => {
+  assert.strictEqual(scrubSecrets(null), null);
+  assert.strictEqual(scrubSecrets(undefined), undefined);
+});
+
+test("handles very long line (>1000 chars) without secrets", () => {
+  const longLine = "x".repeat(2000);
+  assert.strictEqual(scrubSecrets(longLine), longLine);
+});
+
+test("handles very long line with embedded secret", () => {
+  const prefix = "a".repeat(500);
+  const suffix = "b".repeat(500);
+  const key = "sk-" + "c".repeat(48);
+  const input = `${prefix} ${key} ${suffix}`;
+  const out = scrubSecrets(input);
+  assert(!out.includes(key), `key should be redacted`);
+});
+
+test("handles rapid multi-line output (100 lines)", () => {
+  const lines = Array.from({ length: 100 }, (_, i) => `line ${i}: output data here`);
+  const input = lines.join("\n");
+  assert.strictEqual(scrubSecrets(input), input);
+});
+
+test("handles multi-line with mixed secrets and normal output", () => {
+  const input = [
+    "Starting deploy...",
+    "AWS_SECRET_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE",
+    "Uploading artifacts...",
+    "Bearer eyJhbGciOiJIUzI1NiJ9.xxxxxxxxxxxx",
+    "Deploy complete!",
+  ].join("\n");
+  const out = scrubSecrets(input);
+  assert(out.includes("Starting deploy..."));
+  assert(out.includes("Uploading artifacts..."));
+  assert(out.includes("Deploy complete!"));
+  assert(!out.includes("AKIAIOSFODNN7EXAMPLE"));
+  assert(!out.includes("eyJhbGci"));
+});
+
+// --- 5. scrubScrollback (Buffer handling) ---
+
+test("scrubScrollback returns Buffer", () => {
+  const buf = Buffer.from("SOME_SECRET_KEY=abc123\nnormal line");
+  const out = scrubScrollback(buf);
+  assert(Buffer.isBuffer(out), "should return a Buffer");
+  assert(!out.toString().includes("abc123"));
+});
+
+test("scrubScrollback handles empty buffer", () => {
+  const buf = Buffer.alloc(0);
+  const out = scrubScrollback(buf);
+  assert(Buffer.isBuffer(out));
+  assert.strictEqual(out.length, 0);
+});
+
+test("scrubScrollback handles null", () => {
+  assert.strictEqual(scrubScrollback(null), null);
+});
+
+test("scrubScrollback preserves non-secret content", () => {
+  const content = "Hello world\nBuild succeeded\n42 tests passed";
+  const buf = Buffer.from(content);
+  const out = scrubScrollback(buf);
+  assert.strictEqual(out.toString(), content);
+});
+
+// --- 6. Integration path verification ---
+// These tests verify that server/index.js imports from the same module
+// we're testing, ensuring no copy-paste drift.
+
+test("server/index.js imports scrubSecrets from scrub-secrets.js", () => {
+  const serverSource = require("fs").readFileSync(
+    require("path").join(__dirname, "..", "index.js"), "utf-8"
+  );
+  assert(
+    serverSource.includes('require("./scrub-secrets")') ||
+    serverSource.includes("require('./scrub-secrets')"),
+    "server/index.js must import from ./scrub-secrets"
+  );
+});
+
+test("server/index.js uses scrubSecrets in PTY data handler", () => {
+  const serverSource = require("fs").readFileSync(
+    require("path").join(__dirname, "..", "index.js"), "utf-8"
+  );
+  assert(serverSource.includes("scrubSecrets(data)"), "live PTY path must call scrubSecrets");
+});
+
+test("server/index.js uses scrubScrollback in replay handler", () => {
+  const serverSource = require("fs").readFileSync(
+    require("path").join(__dirname, "..", "index.js"), "utf-8"
+  );
+  assert(serverSource.includes("scrubScrollback(session.scrollback)"), "replay path must call scrubScrollback");
+});
+
+// --- Summary ---
+
+console.log(`\nResults: ${passed} passed, ${failed} failed, ${passed + failed} total\n`);
+process.exit(failed > 0 ? 1 : 0);

package/server/__tests__/v1110-security-qa.test.js

@@ -0,0 +1,312 @@
+/**
+ * #549: QA verification for v1.11.0 security hardening.
+ *
+ * Covers PRs #543, #546, #547, #548:
+ *  - #543: execFileSync refactor (no shell interpolation)
+ *  - #546: Next.js upgrade to 16.2.4
+ *  - #547: File/directory permission hardening (0o700/0o600)
+ *  - #548: WebSocket resize input validation
+ *
+ * Integration-level items (wizard flow, browser open, AC start,
+ * multi-tab WS) require a live server and are verified by code-path
+ * analysis in the PR description.
+ */
+
+const assert = require("assert");
+const fs = require("fs");
+const path = require("path");
+
+let passed = 0;
+let failed = 0;
+
+function test(name, fn) {
+  try {
+    fn();
+    passed++;
+    console.log(`  PASS  ${name}`);
+  } catch (e) {
+    failed++;
+    console.error(`  FAIL  ${name}`);
+    console.error(`        ${e.message}`);
+  }
+}
+
+const ROOT = path.resolve(__dirname, "../..");
+const SERVER_DIR = path.resolve(__dirname, "..");
+
+console.log("\n#549 QA — v1.11.0 security hardening\n");
+
+// ============================================================================
+// PR #543 — execFileSync refactor
+// ============================================================================
+
+console.log("--- PR #543: execFileSync refactor ---\n");
+
+test("bin/quadwork.js has no execSync import", () => {
+  const src = fs.readFileSync(path.join(ROOT, "bin/quadwork.js"), "utf-8");
+  // execFileSync is OK, execSync is not
+  const lines = src.split("\n");
+  const badLines = lines.filter(
+    (l) => /\bexecSync\b/.test(l) && !/execFileSync/.test(l)
+  );
+  assert.strictEqual(badLines.length, 0, `Found execSync: ${badLines[0]}`);
+});
+
+test("server/index.js has no execSync import", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  const lines = src.split("\n");
+  const badLines = lines.filter(
+    (l) => /\bexecSync\b/.test(l) && !/execFileSync/.test(l)
+  );
+  assert.strictEqual(badLines.length, 0, `Found execSync: ${badLines[0]}`);
+});
+
+test("server/install-agentchattr.js has no execSync import", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "install-agentchattr.js"), "utf-8");
+  const lines = src.split("\n");
+  const badLines = lines.filter(
+    (l) => /\bexecSync\b/.test(l) && !/execFileSync/.test(l)
+  );
+  assert.strictEqual(badLines.length, 0, `Found execSync: ${badLines[0]}`);
+});
+
+test("scripts/e2e-per-project.js has no execSync import", () => {
+  const src = fs.readFileSync(path.join(ROOT, "scripts/e2e-per-project.js"), "utf-8");
+  const lines = src.split("\n");
+  const badLines = lines.filter(
+    (l) => /\bexecSync\b/.test(l) && !/execFileSync/.test(l)
+  );
+  assert.strictEqual(badLines.length, 0, `Found execSync: ${badLines[0]}`);
+});
+
+test("bin/quadwork.js run() uses execFileSync with array args", () => {
+  const src = fs.readFileSync(path.join(ROOT, "bin/quadwork.js"), "utf-8");
+  assert(src.includes("function run(cmd, args = [], opts = {})"), "run() signature should accept array args");
+  assert(src.includes("execFileSync(cmd, args,"), "run() should call execFileSync with cmd, args");
+});
+
+test("bin/quadwork.js which() uses run() with array args", () => {
+  const src = fs.readFileSync(path.join(ROOT, "bin/quadwork.js"), "utf-8");
+  assert(src.includes('run("which", [cmd])'), "which() should use array args");
+});
+
+test("bin/quadwork.js browser-open uses execFileSync (no shell)", () => {
+  const src = fs.readFileSync(path.join(ROOT, "bin/quadwork.js"), "utf-8");
+  // Windows path: cmd /c start
+  assert(src.includes('execFileSync("cmd", ["/c", "start"'), "Windows browser open should use execFileSync");
+  // macOS/Linux: open or xdg-open
+  assert(src.includes('execFileSync(process.platform === "darwin" ? "open" : "xdg-open"'), "macOS/Linux browser open should use execFileSync");
+});
+
+test("server/index.js isCliInstalled uses execFileSync", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes('execFileSync("which", [cmd]'), "isCliInstalled should use execFileSync");
+});
+
+test("server/index.js killProcessOnPort uses execFileSync", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes('execFileSync("lsof", ["-ti"'), "killProcessOnPort should use execFileSync");
+});
+
+// ============================================================================
+// PR #546 — Next.js upgrade
+// ============================================================================
+
+console.log("\n--- PR #546: Next.js upgrade ---\n");
+
+test("package.json specifies Next.js >= 16.2.4 (not vulnerable 16.2.1-16.2.3)", () => {
+  const pkg = JSON.parse(fs.readFileSync(path.join(ROOT, "package.json"), "utf-8"));
+  const nextVersion = pkg.dependencies?.next || "";
+  // Strip leading ^ or ~ for comparison
+  const bare = nextVersion.replace(/^[~^]+/, "");
+  const [major, minor, patch] = bare.split(".").map(Number);
+  assert(
+    major > 16 || (major === 16 && minor > 2) || (major === 16 && minor === 2 && patch >= 4),
+    `Expected next >= 16.2.4, got ${nextVersion}`
+  );
+});
+
+test("package-lock.json has Next.js 16.2.4+ (resolved version)", () => {
+  const lock = JSON.parse(fs.readFileSync(path.join(ROOT, "package-lock.json"), "utf-8"));
+  const nextPkg = lock.packages?.["node_modules/next"];
+  assert(nextPkg, "next should be in package-lock.json");
+  const version = nextPkg.version;
+  const [major, minor, patch] = version.split(".").map(Number);
+  assert(
+    major > 16 || (major === 16 && minor > 2) || (major === 16 && minor === 2 && patch >= 4),
+    `Expected >= 16.2.4, got ${version}`
+  );
+});
+
+test("next build succeeds (runs build from scratch)", () => {
+  // Actually run the build to verify Next.js 16.2.4 works.
+  const { execFileSync } = require("child_process");
+  try {
+    execFileSync("npx", ["next", "build"], {
+      cwd: ROOT,
+      stdio: "pipe",
+      timeout: 120000,
+    });
+  } catch (e) {
+    assert.fail(`next build failed: ${e.stderr?.toString().slice(-500) || e.message}`);
+  }
+  const outIndex = path.join(ROOT, "out", "index.html");
+  assert(fs.existsSync(outIndex), "out/index.html should exist after build");
+});
+
+// ============================================================================
+// PR #547 — File/directory permission hardening
+// ============================================================================
+
+console.log("\n--- PR #547: File/directory permission hardening ---\n");
+
+test("server/config.js exports ensureSecureDir", () => {
+  const config = require(path.join(SERVER_DIR, "config.js"));
+  assert(typeof config.ensureSecureDir === "function", "ensureSecureDir should be exported");
+});
+
+test("server/config.js exports writeSecureFile", () => {
+  const config = require(path.join(SERVER_DIR, "config.js"));
+  assert(typeof config.writeSecureFile === "function", "writeSecureFile should be exported");
+});
+
+test("server/config.js exports writeConfig", () => {
+  const config = require(path.join(SERVER_DIR, "config.js"));
+  assert(typeof config.writeConfig === "function", "writeConfig should be exported");
+});
+
+test("ensureSecureDir creates dir with 0o700", () => {
+  const { ensureSecureDir } = require(path.join(SERVER_DIR, "config.js"));
+  const tmpDir = path.join(require("os").tmpdir(), `qw-qa-test-${Date.now()}`);
+  try {
+    ensureSecureDir(tmpDir);
+    const stat = fs.statSync(tmpDir);
+    assert(stat.isDirectory(), "should be a directory");
+    assert.strictEqual(stat.mode & 0o777, 0o700, `expected 0o700, got ${(stat.mode & 0o777).toString(8)}`);
+  } finally {
+    try { fs.rmdirSync(tmpDir); } catch {}
+  }
+});
+
+test("writeSecureFile creates file with 0o600", () => {
+  const { writeSecureFile } = require(path.join(SERVER_DIR, "config.js"));
+  const tmpFile = path.join(require("os").tmpdir(), `qw-qa-test-${Date.now()}.txt`);
+  try {
+    writeSecureFile(tmpFile, "test content");
+    const stat = fs.statSync(tmpFile);
+    assert(stat.isFile(), "should be a file");
+    assert.strictEqual(stat.mode & 0o777, 0o600, `expected 0o600, got ${(stat.mode & 0o777).toString(8)}`);
+    assert.strictEqual(fs.readFileSync(tmpFile, "utf-8"), "test content");
+  } finally {
+    try { fs.unlinkSync(tmpFile); } catch {}
+  }
+});
+
+test("server/index.js imports ensureSecureDir and writeSecureFile", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes("ensureSecureDir"), "should import ensureSecureDir");
+  assert(src.includes("writeSecureFile"), "should import writeSecureFile");
+  assert(src.includes("writeConfig"), "should import writeConfig");
+});
+
+test("server/routes.js imports ensureSecureDir and writeSecureFile", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "routes.js"), "utf-8");
+  assert(src.includes("ensureSecureDir"), "should import ensureSecureDir");
+  assert(src.includes("writeSecureFile"), "should import writeSecureFile");
+  assert(src.includes("writeConfig"), "should import writeConfig");
+});
+
+test("no raw mkdirSync without mode in server files", () => {
+  const files = ["index.js", "routes.js", "config.js"];
+  for (const file of files) {
+    const src = fs.readFileSync(path.join(SERVER_DIR, file), "utf-8");
+    const lines = src.split("\n");
+    const badLines = lines.filter(
+      (l) =>
+        /fs\.mkdirSync\(/.test(l) &&
+        !l.includes("mode:") &&
+        !l.includes("ensureSecureDir") &&
+        !l.trim().startsWith("//")
+    );
+    assert.strictEqual(
+      badLines.length,
+      0,
+      `${file} has raw mkdirSync without mode: ${badLines[0]}`
+    );
+  }
+});
+
+test("bin/quadwork.js uses ensureSecureDir for directory creation", () => {
+  const src = fs.readFileSync(path.join(ROOT, "bin/quadwork.js"), "utf-8");
+  assert(src.includes("ensureSecureDir"), "bin/quadwork.js should use ensureSecureDir");
+});
+
+test("install-agentchattr.js uses mode: 0o700 for mkdirSync", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "install-agentchattr.js"), "utf-8");
+  const lines = src.split("\n");
+  const mkdirLines = lines.filter((l) => /fs\.mkdirSync\(/.test(l) && !l.trim().startsWith("//"));
+  for (const line of mkdirLines) {
+    assert(line.includes("mode: 0o700"), `Missing mode: 0o700 in: ${line.trim()}`);
+  }
+});
+
+test("install-agentchattr.js uses mode: 0o600 for writeFileSync (security-sensitive files)", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "install-agentchattr.js"), "utf-8");
+  const lines = src.split("\n");
+  const writeLines = lines.filter(
+    (l) =>
+      /fs\.writeFileSync\(/.test(l) &&
+      !l.trim().startsWith("//") &&
+      // CSS/JS patches are non-sensitive (cosmetic overrides to AC UI)
+      !l.includes("cssPath") &&
+      !l.includes("jsPath")
+  );
+  for (const line of writeLines) {
+    assert(line.includes("mode: 0o600"), `Missing mode: 0o600 in: ${line.trim()}`);
+  }
+});
+
+// ============================================================================
+// PR #548 — WebSocket resize validation
+// ============================================================================
+
+console.log("\n--- PR #548: WebSocket resize validation ---\n");
+
+test("server/index.js has typeof number check for resize cols", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes('typeof parsed.cols === "number"'), "should check typeof cols");
+});
+
+test("server/index.js has typeof number check for resize rows", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes('typeof parsed.rows === "number"'), "should check typeof rows");
+});
+
+test("server/index.js validates Number.isFinite for resize", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes("Number.isFinite(parsed.cols)"), "should validate isFinite for cols");
+  assert(src.includes("Number.isFinite(parsed.rows)"), "should validate isFinite for rows");
+});
+
+test("server/index.js bounds-checks resize to 1-500", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  assert(src.includes("parsed.cols >= 1"), "should lower-bound cols");
+  assert(src.includes("parsed.cols <= 500"), "should upper-bound cols");
+  assert(src.includes("parsed.rows >= 1"), "should lower-bound rows");
+  assert(src.includes("parsed.rows <= 500"), "should upper-bound rows");
+});
+
+test("resize validation is inside the resize handler block", () => {
+  const src = fs.readFileSync(path.join(SERVER_DIR, "index.js"), "utf-8");
+  // Verify the validation is between 'parsed.type === "resize"' and 'session.term.resize'
+  const resizeIdx = src.indexOf('parsed.type === "resize"');
+  const termResizeIdx = src.indexOf("session.term.resize(parsed.cols, parsed.rows)");
+  const typeofIdx = src.indexOf('typeof parsed.cols === "number"');
+  assert(resizeIdx > 0 && termResizeIdx > resizeIdx && typeofIdx > resizeIdx && typeofIdx < termResizeIdx,
+    "validation should be between resize type check and term.resize call");
+});
+
+// ============================================================================
+
+console.log(`\nResults: ${passed} passed, ${failed} failed, ${passed + failed} total\n`);
+process.exit(failed > 0 ? 1 : 0);

package/server/index.js

@@ -1402,7 +1402,12 @@ async function sendTriggerMessage(projectId) {
             console.log(`[auto-trigger] ${projectId}: caffeinate auto-stopped (no active triggers remain)`);
           }
           // #518: also stop bridges when batch completes
-          await autoStopBridges(projectId, project, qwPort);
+          // #542: transition guard — only stop if not already stopped for this completion
+          const prev = _bridgeBatchPrev.get(projectId);
+          _bridgeBatchPrev.set(projectId, { complete: true, hasItems: !!(bp.items && bp.items.length) });
+          if (!prev || !prev.complete) {
+            await autoStopBridges(projectId, project, qwPort);
+          }
           return;
         }
       }
@@ -1718,55 +1723,8 @@ app.use((req, res, next) => {
   }
 });
 
-// --- #538: PTY output secret scrubbing ---
-// Redact likely secrets from both live PTY streaming and scrollback
-// replay so echoed credentials are not exposed to dashboard clients.
-//
-// Threat model: QuadWork binds to 127.0.0.1 only. The scrub is
-// defense-in-depth — it reduces exposure if a secret is accidentally
-// echoed, but cannot catch every possible format. Operators who handle
-// highly sensitive credentials should avoid echoing them in agent
-// terminals.
-//
-// Live chunks from term.onData() are typically line-aligned (shell
-// flushes on newline), so per-chunk scrubbing catches the vast majority
-// of secrets. A secret split across two chunks is a theoretical edge
-// case that the scrollback scrub (which sees the full buffer) covers
-// on reconnect.
-
-// Patterns that indicate a line contains a secret value.
-const _SECRET_NAME_RE = /\b\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|PASSPHRASE|AUTH)\w*\s*[=:]/i;
-// Known API key prefixes (Anthropic, GitHub, OpenAI, etc.).
-const _API_KEY_PREFIX_RE = /\b(sk-ant-api\d{2}-[A-Za-z0-9_-]{20,}|ghp_[A-Za-z0-9]{36,}|ghu_[A-Za-z0-9]{36,}|ghs_[A-Za-z0-9]{36,}|sk-[A-Za-z0-9]{20,}|xoxb-[A-Za-z0-9-]{20,}|xoxp-[A-Za-z0-9-]{20,})\b/;
-// Bearer authorization headers.
-const _BEARER_RE = /\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/i;
-const _REDACTED = "[REDACTED]";
-
-function scrubSecrets(text) {
-  if (!text) return text;
-  return text.split("\n").map((line) => {
-    // Strip ANSI escape codes for pattern matching, but redact the
-    // original line (preserves terminal formatting around non-secret
-    // lines while ensuring secrets inside styled output are caught).
-    const plain = line.replace(/\x1b\[[0-9;]*[A-Za-z]/g, "");
-    if (_SECRET_NAME_RE.test(plain)) {
-      // Redact the value portion after the = or : delimiter.
-      return line.replace(/([=:])\s*\S.*/, `$1 ${_REDACTED}`);
-    }
-    if (_API_KEY_PREFIX_RE.test(plain)) {
-      return line.replace(_API_KEY_PREFIX_RE, _REDACTED);
-    }
-    if (_BEARER_RE.test(plain)) {
-      return line.replace(/\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/gi, `Bearer ${_REDACTED}`);
-    }
-    return line;
-  }).join("\n");
-}
-
-function scrubScrollback(buf) {
-  if (!buf || buf.length === 0) return buf;
-  return Buffer.from(scrubSecrets(buf.toString("utf-8")), "utf-8");
-}
+// --- #538: PTY output secret scrubbing (extracted to scrub-secrets.js) ---
+const { scrubSecrets, scrubScrollback } = require("./scrub-secrets");
 
 // --- WebSocket + PTY ---
 // WS connects to an existing PTY session (started via lifecycle API)
@@ -1933,7 +1891,8 @@ async function autoStopPollingTick() {
           }
         }
         // #518: also stop bridges when batch completes
-        if (hasBridgeAuto) {
+        // #542: only fire on the transition (incomplete→complete), not every tick
+        if (hasBridgeAuto && (!prev || !prev.complete)) {
           await autoStopBridges(project.id, project, qwPort);
         }
       }

package/server/scrub-secrets.js

@@ -0,0 +1,51 @@
+// --- #538: PTY output secret scrubbing ---
+// Redact likely secrets from both live PTY streaming and scrollback
+// replay so echoed credentials are not exposed to dashboard clients.
+//
+// Threat model: QuadWork binds to 127.0.0.1 only. The scrub is
+// defense-in-depth — it reduces exposure if a secret is accidentally
+// echoed, but cannot catch every possible format. Operators who handle
+// highly sensitive credentials should avoid echoing them in agent
+// terminals.
+//
+// Live chunks from term.onData() are typically line-aligned (shell
+// flushes on newline), so per-chunk scrubbing catches the vast majority
+// of secrets. A secret split across two chunks is a theoretical edge
+// case that the scrollback scrub (which sees the full buffer) covers
+// on reconnect.
+
+// Patterns that indicate a line contains a secret value.
+const _SECRET_NAME_RE = /\b\w*(KEY|TOKEN|SECRET|PASSWORD|CREDENTIAL|PASSPHRASE|AUTH)\w*\s*[=:]/i;
+// Known API key prefixes (Anthropic, GitHub, OpenAI, etc.).
+const _API_KEY_PREFIX_RE = /\b(sk-ant-api\d{2}-[A-Za-z0-9_-]{20,}|ghp_[A-Za-z0-9]{36,}|ghu_[A-Za-z0-9]{36,}|ghs_[A-Za-z0-9]{36,}|sk-[A-Za-z0-9]{20,}|xoxb-[A-Za-z0-9-]{20,}|xoxp-[A-Za-z0-9-]{20,})\b/;
+// Bearer authorization headers.
+const _BEARER_RE = /\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/i;
+const _REDACTED = "[REDACTED]";
+
+function scrubSecrets(text) {
+  if (!text) return text;
+  return text.split("\n").map((line) => {
+    // Strip ANSI escape codes for pattern matching, but redact the
+    // original line (preserves terminal formatting around non-secret
+    // lines while ensuring secrets inside styled output are caught).
+    const plain = line.replace(/\x1b\[[0-9;]*[A-Za-z]/g, "");
+    if (_SECRET_NAME_RE.test(plain)) {
+      // Redact the value portion after the = or : delimiter.
+      return line.replace(/([=:])\s*\S.*/, `$1 ${_REDACTED}`);
+    }
+    if (_API_KEY_PREFIX_RE.test(plain)) {
+      return line.replace(_API_KEY_PREFIX_RE, _REDACTED);
+    }
+    if (_BEARER_RE.test(plain)) {
+      return line.replace(/\bBearer\s+[A-Za-z0-9_.+/=-]{20,}/gi, `Bearer ${_REDACTED}`);
+    }
+    return line;
+  }).join("\n");
+}
+
+function scrubScrollback(buf) {
+  if (!buf || buf.length === 0) return buf;
+  return Buffer.from(scrubSecrets(buf.toString("utf-8")), "utf-8");
+}
+
+module.exports = { scrubSecrets, scrubScrollback, _REDACTED };