teleportation-cli 1.3.0 → 1.4.1

package/lib/config/manager.js

@@ -49,6 +49,15 @@ const DEFAULT_CONFIG = {
     enabled: true,
     sound: false
   },
+  transcriptSync: {
+    enabled: false,
+    intervalMs: 300000, // 5 minutes
+    machineId: null,
+    peer: null,
+    peerMirrorDir: null,
+    mode: 'local', // local|push|pull|bidirectional
+    mirrorDir: join(homedir(), '.teleportation', 'transcript-mirror')
+  },
   installation: {
     scope: null,        // 'global' | 'project' | null (not installed)
     hooksPath: null,    // Path where hooks are installed
@@ -99,7 +108,8 @@ function validateConfig(config) {
   const booleanFields = [
     'hooks.autoUpdate',
     'notifications.enabled',
-    'notifications.sound'
+    'notifications.sound',
+    'transcriptSync.enabled'
   ];
 
   booleanFields.forEach(field => {
@@ -109,6 +119,40 @@ function validateConfig(config) {
     }
   });
 
+  // Validate transcript sync block if present
+  if (config.transcriptSync) {
+    const ts = config.transcriptSync;
+    const validModes = ['local', 'push', 'pull', 'bidirectional'];
+
+    if (ts.intervalMs !== undefined) {
+      if (typeof ts.intervalMs !== 'number' || ts.intervalMs < 10000 || ts.intervalMs > 86400000) {
+        errors.push('transcriptSync.intervalMs must be a number between 10000 and 86400000');
+      }
+    }
+
+    if (ts.mode !== undefined && !validModes.includes(ts.mode)) {
+      errors.push('transcriptSync.mode must be one of: local, push, pull, bidirectional');
+    }
+
+    ['mirrorDir', 'peerMirrorDir'].forEach(field => {
+      const value = ts[field];
+      if (value !== null && value !== undefined && typeof value !== 'string') {
+        errors.push(`transcriptSync.${field} must be a string path or null`);
+      }
+    });
+
+    ['machineId', 'peer'].forEach(field => {
+      const value = ts[field];
+      if (value !== null && value !== undefined && typeof value !== 'string') {
+        errors.push(`transcriptSync.${field} must be a string or null`);
+      }
+    });
+
+    if (['push', 'pull', 'bidirectional'].includes(ts.mode)) {
+      warnings.push('Non-local transcript sync modes require repo peer auto-discovery (set via git config teleportation.transcriptSyncPeer)');
+    }
+  }
+
   // Validate installation block if present
   if (config.installation) {
     const installation = config.installation;

package/lib/daemon/session-file-registry.js

@@ -0,0 +1,207 @@
+/**
+ * File-based session registry.
+ *
+ * Hooks write a session file once on session_start. The daemon scans this
+ * directory to discover sessions, checks PID liveness, and heartbeats the
+ * relay on their behalf. This decouples registration from the daemon's HTTP
+ * server — a file write never times out and survives daemon restarts.
+ *
+ * File location: /tmp/teleportation-sessions/<session_id>.json
+ */
+
+import { readdir, readFile, writeFile, unlink, mkdir } from 'node:fs/promises';
+import { join } from 'node:path';
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { tmpdir } from 'node:os';
+
+const execFileAsync = promisify(execFile);
+
+export const SESSIONS_DIR = join(tmpdir(), 'teleportation-sessions');
+
+/** Guard against path traversal: session_ids must be standard lowercase hex UUIDs */
+function assertValidSessionId(session_id) {
+  if (typeof session_id !== 'string' || !/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(session_id)) {
+    throw new Error(`Invalid session_id: ${String(session_id)}`);
+  }
+}
+
+/** Ensure the sessions directory exists (mode 0700 — only owner can read/list) */
+export async function ensureSessionsDir(dir = SESSIONS_DIR) {
+  await mkdir(dir, { recursive: true, mode: 0o700 });
+}
+
+/**
+ * Write a session registration file.
+ * Called ONCE by session_start.mjs. Never updated by the hook after this.
+ *
+ * @param {object} opts
+ * @param {string} opts.session_id
+ * @param {number} opts.claude_pid  - process.ppid inside the hook (the parent claude process)
+ * @param {string} opts.cwd
+ * @param {object} opts.meta
+ * @param {string} [opts._dir]      - override directory (for testing)
+ */
+export async function writeSessionFile({ session_id, claude_pid, cwd, meta, _dir }) {
+  assertValidSessionId(session_id);
+  const dir = _dir || SESSIONS_DIR;
+  await ensureSessionsDir(dir);
+  const path = join(dir, `${session_id}.json`);
+  const record = {
+    session_id,
+    claude_pid,
+    cwd,
+    meta: meta || {},
+    registered_at: Date.now(),
+    acked: false,
+    ended: false,
+  };
+  await writeFile(path, JSON.stringify(record, null, 2), { encoding: 'utf8', mode: 0o600 });
+  return record;
+}
+
+/**
+ * Mark a session file as ended (written by session_end.mjs).
+ * Daemon will stop heartbeating on its next poll cycle.
+ *
+ * Note: read-modify-write is not atomic. If session_end.mjs and the daemon
+ * call this simultaneously (e.g., daemon cleanup races with hook), one write
+ * may clobber the other. The window is ~1ms and the worst outcome is a
+ * missed ended=true flag — the daemon will catch the dead PID within 60s.
+ *
+ * @param {string} session_id
+ * @param {string} [_dir] - override directory (for testing)
+ */
+export async function markSessionEnded(session_id, _dir) {
+  assertValidSessionId(session_id);
+  const path = join(_dir || SESSIONS_DIR, `${session_id}.json`);
+  try {
+    const raw = await readFile(path, 'utf8');
+    const record = JSON.parse(raw);
+    record.ended = true;
+    record.ended_at = Date.now();
+    await writeFile(path, JSON.stringify(record, null, 2), { encoding: 'utf8', mode: 0o600 });
+  } catch {
+    // File may not exist if daemon already cleaned it up — that's fine
+  }
+}
+
+/**
+ * Ack a session file (written by daemon after picking it up).
+ *
+ * @param {string} session_id
+ * @param {number} daemon_pid
+ * @param {string} [_dir] - override directory (for testing)
+ */
+export async function ackSessionFile(session_id, daemon_pid, _dir) {
+  assertValidSessionId(session_id);
+  const path = join(_dir || SESSIONS_DIR, `${session_id}.json`);
+  try {
+    const raw = await readFile(path, 'utf8');
+    const record = JSON.parse(raw);
+    record.acked = true;
+    record.daemon_pid = daemon_pid;
+    record.acked_at = Date.now();
+    await writeFile(path, JSON.stringify(record, null, 2), { encoding: 'utf8', mode: 0o600 });
+  } catch {
+    // File may have been deleted concurrently — ignore
+  }
+}
+
+/**
+ * Delete a session file (daemon cleanup after session ends or PID dies).
+ *
+ * @param {string} session_id
+ * @param {string} [_dir] - override directory (for testing)
+ */
+export async function deleteSessionFile(session_id, _dir) {
+  assertValidSessionId(session_id);
+  try {
+    await unlink(join(_dir || SESSIONS_DIR, `${session_id}.json`));
+  } catch {
+    // Already gone — fine
+  }
+}
+
+/**
+ * Read all session files from the sessions directory.
+ * Returns an array of parsed records, skipping malformed files.
+ *
+ * @param {string} [_dir] - override directory (for testing)
+ * @returns {Promise<Array>}
+ */
+export async function readAllSessionFiles(_dir) {
+  const dir = _dir || SESSIONS_DIR;
+  await ensureSessionsDir(dir);
+  let files;
+  try {
+    files = await readdir(dir);
+  } catch {
+    return [];
+  }
+
+  const records = [];
+  for (const file of files) {
+    if (!file.endsWith('.json')) continue;
+    const expectedId = file.slice(0, -5); // strip .json
+    try {
+      const raw = await readFile(join(dir, file), 'utf8');
+      const record = JSON.parse(raw);
+      // Validate session_id is a proper UUID and matches filename to prevent path traversal
+      if (
+        record.session_id &&
+        record.claude_pid &&
+        /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.test(record.session_id) &&
+        record.session_id === expectedId
+      ) {
+        records.push(record);
+      }
+    } catch {
+      // Malformed or mid-write — skip
+    }
+  }
+  return records;
+}
+
+/**
+ * Check whether a PID belongs to a live `claude` process.
+ *
+ * Uses two signals:
+ * 1. kill -0 (signal 0): tests if the process exists without sending a signal
+ * 2. ps comm=: verifies the process name is "claude" to guard against PID reuse
+ *
+ * Async to avoid blocking the event loop — execSync would stall the daemon's
+ * heartbeat and relay polling for up to 1s per call × N sessions.
+ *
+ * Known edge case: if a new `claude` process reuses the exact PID of a
+ * just-exited session, this returns true until the 60s grace period expires.
+ * Probability is extremely low in practice given PID space on modern systems.
+ *
+ * @param {number} pid
+ * @returns {Promise<boolean>}
+ */
+export async function isClaudePidAlive(pid) {
+  if (!pid || typeof pid !== 'number') return false;
+  try {
+    // kill(pid, 0) throws ESRCH if process doesn't exist, EPERM if exists but no permission
+    process.kill(pid, 0);
+  } catch (e) {
+    // EPERM means process exists but we can't signal it — treat as alive
+    if (e.code === 'EPERM') return true;
+    return false;
+  }
+
+  // Verify process name to guard against PID reuse by non-claude processes.
+  // Uses async execFile to avoid blocking the event loop.
+  try {
+    const { stdout } = await execFileAsync('ps', ['-p', String(pid), '-o', 'comm='], { timeout: 1000 });
+    const comm = stdout.trim();
+    // Accept "claude" or paths ending in "/claude"
+    return comm === 'claude' || comm.endsWith('/claude');
+  } catch {
+    // ps failed (process just died, or ps unavailable in container). When kill -0
+    // already confirmed the process exists (we get here only if kill -0 succeeded),
+    // optimistically treat it as alive — kill -0 is the stronger liveness signal.
+    return true;
+  }
+}

package/lib/daemon/task-executor-v2.js

@@ -18,10 +18,42 @@ import { ingestTranscriptToTimeline } from './transcript-ingestion.js';
 const CLAUDE_CLI = process.env.CLAUDE_CLI_PATH || 'claude';
 const DEFAULT_TIMEOUT_MS = 600000; // 10 minutes per turn
 const MAX_TURNS = 100;
+const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 
 // Track running processes for stop functionality (only active processes)
 const runningProcesses = new Map();
 
+/**
+ * Extract Claude's text response from stream-json output
+ * Stream-json format: one JSON object per line, assistant text is in
+ * {"type":"assistant","message":{"content":[{"type":"text","text":"..."}]}}
+ * @param {string} output - Raw stream-json stdout
+ * @returns {string} Extracted text or empty string
+ */
+function extractAssistantText(output) {
+  if (!output) return '';
+  const lines = output.split('\n');
+  // Search from end — the last assistant message is most relevant for display
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const line = lines[i];
+    if (!line.trim()) continue;
+    try {
+      const event = JSON.parse(line);
+      if (event.type === 'assistant' && event.message?.content) {
+        const textBlock = Array.isArray(event.message.content)
+          ? event.message.content.find(c => c.type === 'text')
+          : null;
+        if (textBlock?.text) {
+          return textBlock.text.trim().substring(0, 2000);
+        }
+      }
+    } catch {
+      // Not JSON, skip
+    }
+  }
+  return '';
+}
+
 /**
  * Execute a single turn for a task
  * Stateless - queries timeline to determine what to do
@@ -65,48 +97,91 @@ export async function executeTaskTurn(options) {
   }
 
   // 6. Determine prompt
-  const prompt = getNextPrompt(state, task);
+  let prompt = getNextPrompt(state, task);
   if (!prompt) {
     return { success: false, error: 'No prompt available' };
   }
 
   // 7. Determine which session to resume
-  // First turn: resume parent session for context
-  // Subsequent turns: resume child session from previous turn
-  const resumeSessionId = state.claude_session_id || task.parent_claude_session_id;
-
-  if (!resumeSessionId) {
-    console.error(`[task-v2] No session ID to resume for task ${task_id}`);
-    return { success: false, error: 'No session ID to resume' };
-  }
+  // Turn 1: resume parent session so Claude has full conversation context
+  // Turn 2+: resume child session from previous turn for continuity
+  // Safety: relay guarantees parent session is idle when this task was created (mobile Send
+  // flow only fires when the user is waiting for a response). Claude Code branches on --resume
+  // so the parent transcript is never mutated — only the child session ID is written back.
+  const validParentSessionId = UUID_PATTERN.test(task.parent_claude_session_id || '')
+    ? task.parent_claude_session_id
+    : null;
+  const resumeSessionId = state.claude_session_id  // child session from previous turns
+    || validParentSessionId                        // parent session for turn 1 context
+    || null;                                       // fallback: fresh session (tests / legacy tasks without relay validation)
 
   console.log(`[task-v2] Executing turn ${state.turn_count + 1} for task ${task_id.slice(0, 20)}...`);
-  console.log(`[task-v2] Resuming session: ${resumeSessionId}`);
+  if (state.claude_session_id) {
+    console.log(`[task-v2] Resuming child session: ${state.claude_session_id}`);
+  } else if (validParentSessionId) {
+    console.log(`[task-v2] Turn 1: resuming parent session for context: ${validParentSessionId}`);
+  } else {
+    if (task.parent_claude_session_id && !validParentSessionId) {
+      console.warn(`[task-v2] parent_claude_session_id is not a valid UUID, starting fresh: ${task.parent_claude_session_id}`);
+    }
+    // Fresh session: inject caller context so Claude is never completely blind
+    const contextLines = [];
+    if (task.caller) contextLines.push(`Triggered by: ${task.caller}`);
+    if (task.cwd) contextLines.push(`Working directory: ${task.cwd}`);
+    if (task.project_name) contextLines.push(`Project: ${task.project_name}`);
+    if (task.branch) contextLines.push(`Branch: ${task.branch}`);
+    if (task.hostname) contextLines.push(`Host: ${task.hostname}`);
+
+    if (contextLines.length > 0) {
+      const preamble = `[Context]\n${contextLines.join('\n')}\n\n`;
+      prompt = preamble + prompt;
+      console.log(`[task-v2] Starting fresh session with context preamble (${contextLines.length} fields)`);
+    } else {
+      console.log(`[task-v2] Starting fresh session (no context metadata available)`);
+    }
+  }
   console.log(`[task-v2] Prompt: ${prompt.slice(0, 100)}...`);
 
+  // 7.5 Check remaining budget before executing
+  const remainingBudget = (task.budget_usd || 0) - (task.cost_usd || 0);
+  if (remainingBudget <= 0) {
+    console.log(`[task-v2] Budget exhausted: $${task.cost_usd} of $${task.budget_usd} used`);
+    await updateTaskStatus(task_id, session_id, 'stopped', config);
+    return { success: true, stopped: true, reason: 'Budget exhausted' };
+  }
+
   // 8. Execute Claude headless
   try {
     const result = await executeClaudeHeadless({
       prompt,
       cwd: task.cwd || process.cwd(),
       resumeSessionId,
-      budgetUsd: task.budget_usd - task.cost_usd,
+      budgetUsd: remainingBudget,
       taskId: task_id,
       parentSessionId: task.session_id,
+      bypassPermissions: task.bypass_permissions,
     });
 
     // 9. Ingest transcript to timeline
     // This ensures all events (especially assistant responses) are captured
     // even if hooks failed to log them during execution
+    let transcriptIngested = false;
     if (result.session_id) {
       try {
-        await ingestTranscriptToTimeline({
+        const ingestionResult = await ingestTranscriptToTimeline({
           claude_session_id: result.session_id,
           parent_session_id: session_id,
           task_id: task_id,
           cwd: task.cwd || process.cwd(), // Pass cwd for project slug derivation
           config,
         });
+        // Only consider ingested if events were actually pushed to timeline
+        // When transcript isn't found (child session in different project dir),
+        // events_pushed will be 0 and we must fall back to manual POST
+        transcriptIngested = (ingestionResult?.events_pushed || 0) > 0;
+        if (!transcriptIngested) {
+          console.log(`[task-v2] Transcript ingestion returned 0 events — will use fallback POST`);
+        }
       } catch (error) {
         // Don't fail the whole turn if transcript ingestion fails
         console.error(`[task-v2] Failed to ingest transcript:`, error.message);
@@ -116,6 +191,66 @@ export async function executeTaskTurn(options) {
     // 10. Update task in Redis with results
     await updateTaskAfterTurn(task_id, session_id, result, task, config);
 
+    // 11. Log task turn completion to timeline so analyzeTaskState() can track progress
+    // Only emit this fallback marker if transcript ingestion didn't already emit events.
+    // Both paths produce assistant_response events with task_id, so emitting both
+    // would double-count turns in analyzeTaskState().
+    if (!transcriptIngested) {
+      try {
+        const resp = await fetch(`${relayApiUrl}/api/timeline`, {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${apiKey}`
+          },
+          body: JSON.stringify({
+            session_id,
+            type: 'task_update',
+            data: {
+              task_id,
+              source: 'cli_interactive',
+              claude_session_id: result.session_id,
+              turn_number: state.turn_count + 1,
+              status: 'turn_complete',
+              cost_usd: result.cost_usd,
+              timestamp: Date.now(),
+              message: extractAssistantText(result.output) || 'Turn completed',
+            }
+          })
+        });
+        if (!resp.ok) {
+          console.error(`[task-v2] Turn completion POST failed: ${resp.status}`);
+        } else {
+          console.log(`[task-v2] Logged turn ${state.turn_count + 1} completion to timeline (fallback)`);
+        }
+      } catch (e) {
+        console.error(`[task-v2] Failed to log turn completion:`, e.message);
+      }
+    } else {
+      console.log(`[task-v2] Turn ${state.turn_count + 1} events already ingested via transcript`);
+    }
+
+    // 12. Auto-pause: unless auto_continue is set, pause after each turn
+    // This is the default behavior — user must send a message to continue
+    // CRITICAL: If this fails, the task stays 'running' and re-executes on the next
+    // poll cycle, causing the same infinite loop this PR fixes. Retry once on failure.
+    if (!task.auto_continue) {
+      console.log(`[task-v2] Pausing task after turn ${state.turn_count + 1} (auto_continue not set)`);
+      try {
+        await updateTaskStatus(task_id, session_id, 'paused', config);
+      } catch (pauseError) {
+        console.error(`[task-v2] Failed to pause task (retrying once): ${pauseError.message}`);
+        try {
+          await new Promise(r => setTimeout(r, 1000));
+          await updateTaskStatus(task_id, session_id, 'paused', config);
+        } catch (retryError) {
+          console.error(`[task-v2] CRITICAL: Failed to pause task after retry: ${retryError.message}`);
+          // Return error so daemon doesn't re-execute this turn
+          return { success: false, error: 'Failed to pause task — cannot guarantee no re-execution' };
+        }
+      }
+    }
+
     return {
       success: true,
       executed: true,
@@ -187,11 +322,19 @@ async function updateTaskAfterTurn(task_id, session_id, result, currentTask, con
   const totalCost = (currentTask.cost_usd || 0) + (result.cost_usd || 0);
 
   const updates = {
-    claude_session_id: result.session_id || currentTask.claude_session_id,
     cost_usd: totalCost,
     turn_count: (currentTask.turn_count || 0) + 1,
+    // Clear consumed prompts to prevent re-use on next turn
+    pending_answer: null,
+    pending_redirect: null,
   };
 
+  // Only include claude_session_id if we have a valid one (relay rejects null)
+  const sessionId = result.session_id || currentTask.claude_session_id;
+  if (sessionId) {
+    updates.claude_session_id = sessionId;
+  }
+
   const response = await fetch(
     `${relayApiUrl}/api/sessions/${session_id}/tasks/${task_id}`,
     {
@@ -205,7 +348,8 @@ async function updateTaskAfterTurn(task_id, session_id, result, currentTask, con
   );
 
   if (!response.ok) {
-    throw new Error(`Failed to update task: ${response.status}`);
+    const body = await response.text().catch(() => '');
+    throw new Error(`Failed to update task: ${response.status} ${body}`);
   }
 
   return await response.json();
@@ -241,6 +385,13 @@ async function executeClaudeHeadless(options) {
     args.push('--output-format', 'stream-json');
     args.push('--verbose');
 
+    // Permission mode: configurable per-task or via config
+    // Default: no override (uses hooks → approvals show on mobile UI)
+    // User can set bypass to skip approvals for trusted tasks
+    if (options.bypassPermissions) {
+      args.push('--permission-mode', 'bypassPermissions');
+    }
+
     // Budget control
     if (budgetUsd > 0) {
       args.push('--max-budget-usd', budgetUsd.toFixed(2));
@@ -248,21 +399,25 @@ async function executeClaudeHeadless(options) {
 
     console.log(`[task-v2] Executing: ${CLAUDE_CLI} ${args.join(' ')}`);
 
+    // Build child env: unset CLAUDECODE to allow nested Claude launches
+    const childEnv = {
+      ...process.env,
+      CI: 'true',
+      TELEPORTATION_TASK_MODE: 'true',
+      // Route approvals to parent session timeline
+      ...(parentSessionId && { TELEPORTATION_PARENT_SESSION_ID: parentSessionId }),
+    };
+    delete childEnv.CLAUDECODE;
+
     const proc = spawn(CLAUDE_CLI, args, {
       cwd,
       stdio: 'pipe',
-      env: {
-        ...process.env,
-        CI: 'true',
-        TELEPORTATION_TASK_MODE: 'true',
-        // Route approvals to parent session timeline
-        ...(parentSessionId && { TELEPORTATION_PARENT_SESSION_ID: parentSessionId }),
-      },
+      env: childEnv,
     });
 
-    // Track process for stop functionality
+    // Track process for stop functionality (includes session_id for per-session filtering)
     if (taskId) {
-      runningProcesses.set(taskId, proc);
+      runningProcesses.set(taskId, { proc, session_id: parentSessionId });
     }
 
     // Close stdin
@@ -279,6 +434,7 @@ async function executeClaudeHeadless(options) {
       exit_code: 0,
       session_id: null,
       cost_usd: 0,
+      _costExplicitlySet: false, // Track if total_cost_usd was found
       usage: {
         input_tokens: 0,
         output_tokens: 0,
@@ -311,8 +467,18 @@ async function executeClaudeHeadless(options) {
           }
 
           // Extract cost and usage
+          // stream-json 'result' event has total_cost_usd at top level
+          // e.g. {"type":"result","total_cost_usd":0.72,"usage":{...}}
+          if (event.total_cost_usd != null) {
+            result.cost_usd = event.total_cost_usd;
+            result._costExplicitlySet = true;
+          }
           if (event.usage) {
-            result.cost_usd = event.usage.total_cost || 0;
+            // Fallback: older format had usage.total_cost
+            // Only use fallback if total_cost_usd was never found (not just zero)
+            if (!result._costExplicitlySet && event.usage.total_cost) {
+              result.cost_usd = event.usage.total_cost;
+            }
             result.usage = event.usage;
           }
         } catch (e) {
@@ -337,6 +503,10 @@ async function executeClaudeHeadless(options) {
       result.error = stderr;
       result.success = code === 0;
 
+      if (!result._costExplicitlySet && result.cost_usd === 0 && code === 0) {
+        console.warn(`[task-v2] No cost data found in stream-json output`);
+      }
+
       resolve(result);
     });
 
@@ -356,19 +526,57 @@ async function executeClaudeHeadless(options) {
  * Stop a running task
  */
 export function stopTask(task_id) {
-  const proc = runningProcesses.get(task_id);
-  if (proc) {
+  const entry = runningProcesses.get(task_id);
+  if (entry) {
+    // All entries are {proc, session_id} objects (set in executeClaudeHeadless)
+    const proc = entry.proc;
+    // If process already exited, no need to kill or set timer
+    if (proc.exitCode !== null) {
+      runningProcesses.delete(task_id);
+      return true;
+    }
     proc.kill('SIGTERM');
-    setTimeout(() => {
+    const killTimer = setTimeout(() => {
       if (runningProcesses.has(task_id)) {
-        proc.kill('SIGKILL');
+        try { proc.kill('SIGKILL'); } catch {}
       }
     }, 2000);
+    proc.once('exit', () => clearTimeout(killTimer));
     return true;
   }
   return false;
 }
 
+/**
+ * Stop all running tasks for a specific session
+ * Returns number of processes killed
+ */
+export function stopTasksForSession(session_id) {
+  let killed = 0;
+  for (const [task_id, entry] of runningProcesses) {
+    if (entry.session_id !== session_id) continue;
+    const proc = entry.proc;
+    if (proc.exitCode !== null) {
+      runningProcesses.delete(task_id);
+      continue;
+    }
+    try {
+      proc.kill('SIGTERM');
+      const killTimer = setTimeout(() => {
+        try { proc.kill('SIGKILL'); } catch {}
+      }, 2000);
+      proc.once('exit', () => {
+        clearTimeout(killTimer);
+        runningProcesses.delete(task_id);
+      });
+      killed++;
+    } catch (err) {
+      // Process may already be dead
+    }
+  }
+  return killed;
+}
+
 /**
  * Stop all running tasks
  * Used during daemon shutdown to ensure clean exit
@@ -376,8 +584,10 @@ export function stopTask(task_id) {
 export function stopAllTasks() {
   console.log(`[task-v2] Stopping all tasks (${runningProcesses.size} processes active)`);
 
-  for (const [task_id, proc] of runningProcesses) {
+  for (const [task_id, entry] of runningProcesses) {
     try {
+      // All entries are {proc, session_id} objects (set in executeClaudeHeadless)
+      const proc = entry.proc;
       let killTimer = null;
 
       // Setup exit handler to clear timer