triflux 10.33.1 → 10.34.0

package/config/mcp-registry.json

@@ -41,15 +41,6 @@
       "targets": ["claude", "gemini", "codex", "antigravity"],
       "description": "Exa neural/semantic web search — 학술/기술 깊이. Key 발급: https://exa.ai/dashboard → secrets.env의 EXA_API_KEY"
     },
-    "serena": {
-      "policy": "gateway-http",
-      "transport": "http",
-      "gateway_port": 8105,
-      "gateway_path": "/mcp",
-      "safe": true,
-      "targets": ["claude", "gemini", "codex", "antigravity"],
-      "description": "Serena MCP — local supergateway stateful Streamable HTTP endpoint (:8105/mcp)"
-    },
     "brave-search": {
       "policy": "gateway-http",
       "transport": "http",

package/config/mcp-registry.json.bak-pre-serena-removal

@@ -0,0 +1,89 @@
+{
+  "$schema": "mcp-registry-schema",
+  "version": 1,
+  "description": "MCP 서버 중앙 레지스트리 — 진실의 원천",
+  "defaults": {
+    "transport": "hub-url",
+    "hub_base": "http://127.0.0.1:27888"
+  },
+  "policy_notes": {
+    "policy": "Server policy is the SSOT for client sync shape: hosted writes url+headers, gateway-sse writes http://127.0.0.1:81XX/sse with SSE metadata, gateway-http writes http://127.0.0.1:81XX/mcp with HTTP metadata, and stdio writes command/args/env.",
+    "transport": "Server transport accepts \"hub-url\" for triflux Hub URL flow, \"http\" for direct Streamable HTTP MCP endpoints, or \"stdio\" for upstream-stdio-only MCP servers. Gateway-backed stdio upstreams should use policy:\"gateway-http\" plus gateway_port/gateway_path so clients receive reconnect-safe HTTP MCP config; legacy policy:\"gateway-sse\" remains supported only for backward compatibility.",
+    "headers": "Optional headers are allowed only for HTTP-compatible transports. Each header value must be a descriptor: {\"value\":\"literal\"} for non-secret static values, {\"env\":\"ENV_VAR_NAME\"} for secrets resolved at sync/runtime, or {\"env\":\"ENV_VAR_NAME\",\"prefix\":\"Bearer \"} for common authorization formats.",
+    "secret_safety": "Resolved secret values must not be written back to this registry file. Missing env vars warn during sync and do not emit empty secret headers.",
+    "sync_denylist": "Array of client:server strings skipped by proactive registry sync, for example gemini:tfx-hub."
+  },
+  "servers": {
+    "tfx-hub": {
+      "policy": "hosted",
+      "transport": "hub-url",
+      "url": "http://127.0.0.1:27888/mcp",
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "triflux Hub MCP 서버"
+    },
+    "context7": {
+      "policy": "hosted",
+      "transport": "http",
+      "url": "https://mcp.context7.com/mcp",
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "Upstash Context7 — 라이브러리 문서/코드 컨텍스트 (HTTP MCP, API key 불필요)"
+    },
+    "exa": {
+      "policy": "hosted",
+      "transport": "http",
+      "url": "https://mcp.exa.ai/mcp",
+      "headers": {
+        "Authorization": { "env": "EXA_API_KEY", "prefix": "Bearer " }
+      },
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "Exa neural/semantic web search — 학술/기술 깊이. Key 발급: https://exa.ai/dashboard → secrets.env의 EXA_API_KEY"
+    },
+    "serena": {
+      "policy": "gateway-http",
+      "transport": "http",
+      "gateway_port": 8105,
+      "gateway_path": "/mcp",
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "Serena MCP — local supergateway stateful Streamable HTTP endpoint (:8105/mcp)"
+    },
+    "brave-search": {
+      "policy": "gateway-http",
+      "transport": "http",
+      "gateway_port": 8101,
+      "gateway_path": "/mcp",
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "Brave Search MCP — local supergateway stateful Streamable HTTP endpoint (:8101/mcp). BRAVE_API_KEY 환경변수 필요 (https://brave.com/search/api/). secrets.env 의 BRAVE_API_KEY 참조."
+    },
+    "tavily": {
+      "policy": "hosted",
+      "transport": "http",
+      "url": "https://mcp.tavily.com/mcp",
+      "headers": {
+        "Authorization": { "env": "TAVILY_API_KEY", "prefix": "Bearer " }
+      },
+      "safe": true,
+      "targets": ["claude", "gemini", "codex", "antigravity"],
+      "description": "Tavily research — 비용/운영/DX/일반 웹. Key 발급: https://app.tavily.com/home → secrets.env의 TAVILY_API_KEY"
+    }
+  },
+  "policies": {
+    "stdio_action": "replace-with-hub",
+    "unknown_server_action": "warn",
+    "sync_denylist": [],
+    "watched_paths": [
+      "~/.gemini/settings.json",
+      "~/.codex/config.toml",
+      "~/.claude.json",
+      "~/.claude/settings.json",
+      "~/.claude/settings.local.json",
+      ".claude/mcp.json",
+      ".mcp.json",
+      "~/.gemini/config/mcp_config.json"
+    ]
+  }
+}

package/hooks/session-start-fast.mjs

@@ -10,7 +10,7 @@
 //
 // external source 훅 (session-vault 등)은 여전히 execFile로 실행된다.
 
-import { execFile } from "node:child_process";
+import { execFile, execFileSync } from "node:child_process";
 import { dirname, join } from "node:path";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import {
@@ -40,6 +40,55 @@ function parseStartPayload(stdinData) {
   }
 }
 
+function readAncestorCommands(pid = process.ppid, maxDepth = 6) {
+  if (process.platform === "win32") return [];
+  const commands = [];
+  let currentPid = Number(pid);
+  for (let depth = 0; depth < maxDepth; depth++) {
+    if (!Number.isInteger(currentPid) || currentPid <= 1) break;
+    try {
+      const output = execFileSync(
+        "ps",
+        ["-o", "ppid=", "-o", "command=", "-p", String(currentPid)],
+        {
+          encoding: "utf8",
+          timeout: 200,
+          windowsHide: true,
+        },
+      ).trim();
+      const match = output.match(/^(\d+)\s+([\s\S]+)$/);
+      if (!match) break;
+      commands.push(match[2]);
+      currentPid = Number(match[1]);
+    } catch {
+      break;
+    }
+  }
+  return commands;
+}
+
+function commandUsesClaudePrintMode(command) {
+  return /\bclaude(?:\s+\S+)*\s+(?:--print|-p)(?:\s|=|$)/u.test(
+    String(command || ""),
+  );
+}
+
+function shouldSkipInteractiveRegistration(payload, seams = {}) {
+  const declaredKind = String(
+    payload?.sessionKind || payload?.session_kind || "",
+  )
+    .trim()
+    .toLowerCase();
+  if (declaredKind === "headless") return true;
+
+  const ancestorCommands = Array.isArray(seams.ancestorCommands)
+    ? seams.ancestorCommands
+    : readAncestorCommands(seams.parentPid);
+  return ancestorCommands.some((command) =>
+    commandUsesClaudePrintMode(command),
+  );
+}
+
 /**
  * cwd 기준 git 컨텍스트(worktree root / branch)를 best-effort, 비동기로 수집.
  * execFileSync 와 달리 호출자(BACKGROUND)를 블로킹하지 않는다. 각 git 호출은
@@ -107,6 +156,7 @@ export function registerInteractiveSession(stdinData, seams = {}) {
     const payload = parseStartPayload(stdinData);
     const sessionId = String(payload?.session_id || "").trim();
     if (!sessionId) return;
+    if (shouldSkipInteractiveRegistration(payload, seams)) return;
     const cwd = typeof payload?.cwd === "string" ? payload.cwd : process.cwd();
 
     // 1) cwd 만으로 즉시 minimal register (블로킹 git 없음, latency 0).

package/hub/hub-lifecycle.mjs

@@ -15,15 +15,21 @@ const EPHEMERAL_ENV_KEYS = [
   "TFX_TEAM_AGENT_NAME",
   "TFX_EPHEMERAL",
 ];
+const WORKTREE_CWD_PATTERNS = [
+  /\/\.claude\/worktrees\//u,
+  /\/\.worktrees\//u,
+  /\/\.codex-swarm\/wt-[^/]+(?:\/|$)/u,
+  /(^|\/)wt-[^/]+(?:\/|$)/u,
+];
 
-function parsePositiveInt(value) {
+function parsePositivePort(value) {
   const parsed = Number.parseInt(String(value ?? ""), 10);
   return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
 }
 
-function parsePortFromUrl(value) {
+function parsePortFromHubUrl(value) {
   try {
-    return parsePositiveInt(new URL(String(value)).port);
+    return parsePositivePort(new URL(String(value)).port);
   } catch {
     return null;
   }
@@ -40,12 +46,7 @@ export function isWorktreeOrEphemeralHubContext({
   env = process.env,
 } = {}) {
   const normalizedCwd = String(cwd || "").replace(/\\/g, "/");
-  if (
-    normalizedCwd.includes("/.claude/worktrees/") ||
-    normalizedCwd.includes("/.worktrees/") ||
-    normalizedCwd.includes("/.codex-swarm/wt-") ||
-    /(^|\/)wt-[^/]+(?:\/|$)/u.test(normalizedCwd)
-  ) {
+  if (WORKTREE_CWD_PATTERNS.some((pattern) => pattern.test(normalizedCwd))) {
     return true;
   }
   return EPHEMERAL_ENV_KEYS.some((key) => String(env?.[key] || "").length > 0);
@@ -57,11 +58,16 @@ export function resolveHubPortForContext({
   cwd = process.cwd(),
   defaultPort = HUB_DEFAULT_PORT,
 } = {}) {
-  const envPort = parsePositiveInt(port) ?? parsePositiveInt(env?.TFX_HUB_PORT);
-  const urlPort = parsePortFromUrl(env?.TFX_HUB_URL);
+  const envPort =
+    parsePositivePort(port) ?? parsePositivePort(env?.TFX_HUB_PORT);
+  const urlPort = parsePortFromHubUrl(env?.TFX_HUB_URL);
   const resolvedPort = envPort ?? urlPort ?? defaultPort;
   if (
     resolvedPort !== defaultPort &&
+    // Test-only opt-in seam: TFX_HUB_ALLOW_EPHEMERAL_PORT=1 lets an ephemeral
+    // context (worktree cwd / TFX_TEAM_* env) honor the resolved port instead
+    // of clamping to the canonical default. Default-off — production unchanged.
+    String(env?.TFX_HUB_ALLOW_EPHEMERAL_PORT ?? "") !== "1" &&
     isWorktreeOrEphemeralHubContext({ cwd, env })
   ) {
     return defaultPort;
@@ -181,7 +187,7 @@ export async function reapExistingHubProcesses({
     typeof readPidFileFn === "function"
       ? readPidFileFn()
       : { pid: readPidFilePid({ pidFilePath }) };
-  const pidFilePid = parsePositiveInt(pidFileInfo?.pid);
+  const pidFilePid = parsePositivePort(pidFileInfo?.pid);
   const defaultPortPids = [
     ...new Set(
       (typeof findListeningPidsForPortFn === "function"

package/hub/server.mjs

@@ -2461,6 +2461,7 @@ export async function startHub({
                   hubLog.warn(
                     {
                       failed: failed.length,
+                      failedCount: failed.length,
                       processes: failed,
                       caller: "startup",
                     },

package/hub/team/claude-daemon-control.mjs

@@ -113,6 +113,29 @@ export function sendClaudeControlRequest(
   });
 }
 
+// claude daemon 은 control.sock 의 mutating op(dispatch 등)에 control-key
+// 인증을 강제한다 (미제시 시 EAUTH "didn't present the daemon control key").
+// key 는 <configDir>/daemon/control.key (configDir 스코프별). 파일이 없으면
+// 인증 미강제 daemon 으로 보고 auth 필드를 생략한다 (fail-open — 구버전 호환).
+export async function readDaemonControlKey(
+  configDir = resolveClaudeConfigDir(),
+) {
+  try {
+    const key = await fs.readFile(
+      path.join(configDir, "daemon", "control.key"),
+      "utf8",
+    );
+    return key.trim() || undefined;
+  } catch {
+    return undefined;
+  }
+}
+
+export async function buildDaemonControlAuth(configDir) {
+  const auth = await readDaemonControlKey(configDir);
+  return auth ? { auth } : {};
+}
+
 export function buildDaemonAttachRequest({
   short,
   cols = DEFAULT_DAEMON_ATTACH_COLS,
@@ -1146,11 +1169,12 @@ export async function resolveDaemonBridgeSessionId({
   }
 }
 
-export async function killDaemonJob(controlSock, short) {
+export async function killDaemonJob(controlSock, short, { auth } = {}) {
   return await sendClaudeControlRequest(controlSock, {
     proto: 1,
     op: "kill",
     short,
+    ...(auth ? { auth } : {}),
   });
 }
 
@@ -1237,6 +1261,7 @@ export async function dispatchClaudeDaemonJob({
   const writeProjection =
     _deps.writeClaudeSessionProjection || writeClaudeSessionProjection;
   const readProcStart = _deps.getProcStart || getProcStart;
+  const buildAuth = _deps.buildDaemonControlAuth || buildDaemonControlAuth;
 
   const short = payload.short;
   const sessionsDir =
@@ -1246,6 +1271,7 @@ export async function dispatchClaudeDaemonJob({
   // native-bridge 는 control.sock 존재를 미리 점검한다 (없으면 fast-fail).
   if (accessControlSock) await accessControlSock(resolvedControlSock);
 
+  const controlAuth = await buildAuth(paths?.configDir);
   const dispatch = await sendControl(
     resolvedControlSock,
     {
@@ -1253,11 +1279,17 @@ export async function dispatchClaudeDaemonJob({
       op: "dispatch",
       d: payload,
       timeoutMs: dispatchTimeoutMs,
+      ...controlAuth,
     },
     { timeoutMs: dispatchTimeoutMs },
   );
   if (dispatch?.ok !== true) {
-    throw new Error(`Claude daemon dispatch failed for ${name || short}`);
+    // daemon 거부 사유를 보존한다 — generic 메시지만 던지면 EAUTH 같은
+    // 실원인이 묻혀 진단이 어려워진다.
+    const reason = dispatch?.error ? `: ${dispatch.error}` : "";
+    throw new Error(
+      `Claude daemon dispatch failed for ${name || short}${reason}`,
+    );
   }
 
   const pidOpts =

package/hub/team/synapse-registry.mjs

@@ -6,6 +6,7 @@ const DEFAULT_LOCAL_TIMEOUT_MS = 30_000;
 const DEFAULT_REMOTE_HEARTBEAT_INTERVAL_MS = 15_000;
 const DEFAULT_REMOTE_TIMEOUT_MS = 90_000;
 const DEFAULT_EXPIRE_TIMEOUT_MS = 24 * 60 * 60 * 1000;
+const DEFAULT_CLEAN_EXPIRE_TIMEOUT_MS = 2 * 60 * 60 * 1000;
 // Interactive (Claude/Codex) sessions idle for long stretches; a 30s local
 // timeout produces stale false-positives. 5-minute TTL + an `idle` state
 // distinguishes "alive but inactive" from "presumed dead".
@@ -23,6 +24,27 @@ function normalizeSessionKind(raw) {
   return VALID_SESSION_KINDS.has(raw) ? raw : "headless";
 }
 
+function normalizeDurationMs(raw, fallback) {
+  if (raw == null) return fallback;
+  const str = String(raw).trim();
+  if (!str) return fallback;
+  const parsed = Number(str);
+  return Number.isFinite(parsed) && parsed >= 0 ? parsed : fallback;
+}
+
+function defaultCleanExpireTimeoutMs() {
+  return normalizeDurationMs(
+    process.env.TFX_SYNAPSE_CLEAN_EXPIRE_MS,
+    DEFAULT_CLEAN_EXPIRE_TIMEOUT_MS,
+  );
+}
+
+function hasDirtyFiles(session) {
+  return Array.isArray(session?.dirtyFiles)
+    ? session.dirtyFiles.some((file) => typeof file === "string" && file)
+    : false;
+}
+
 // A session is "live" while active OR idle. Idle is an interactive session that
 // missed its heartbeat interval but is still under the TTL — alive but inactive,
 // not presumed dead. getActive() and querySessions() share this single predicate
@@ -135,6 +157,7 @@ export function createSynapseRegistry(opts = {}) {
     interactiveHeartbeatIntervalMs = DEFAULT_INTERACTIVE_HEARTBEAT_INTERVAL_MS,
     interactiveTimeoutMs = DEFAULT_INTERACTIVE_TIMEOUT_MS,
     expireTimeoutMs = DEFAULT_EXPIRE_TIMEOUT_MS,
+    cleanExpireTimeoutMs = defaultCleanExpireTimeoutMs(),
   } = opts;
 
   const sessions = new Map();
@@ -357,19 +380,23 @@ export function createSynapseRegistry(opts = {}) {
     return true;
   }
 
-  // stale/expired 세션이 expireTimeoutMs 넘게 누적되면 Map에서 제거.
+  // stale/expired 세션이 cutoff 넘게 누적되면 Map에서 제거.
   // live(active/idle)는 lastHeartbeat가 오래돼도 보존 — git-preflight dirty-file 가드가 의존.
+  // Dirty stale rows keep the historical 24h window because same-id resume
+  // revives their dirty-file guard; clean stale rows expire quickly to avoid
+  // daily dummy rows after overnight operator gaps.
   function pruneExpired(opts2 = {}) {
     if (destroyed) return { removed: [], count: 0 };
 
-    const cutoff =
-      typeof opts2.olderThanMs === "number"
-        ? opts2.olderThanMs
-        : expireTimeoutMs;
+    const explicitCutoff =
+      typeof opts2.olderThanMs === "number" ? opts2.olderThanMs : null;
     const removed = [];
     const currentTime = now();
 
     for (const [sessionId, session] of sessions) {
+      const cutoff =
+        explicitCutoff ??
+        (hasDirtyFiles(session) ? expireTimeoutMs : cleanExpireTimeoutMs);
       if (
         isLiveStatus(session.status) ||
         currentTime - session.lastHeartbeat <= cutoff

package/hub/tray-lifecycle.mjs

@@ -1,7 +1,10 @@
 // hub/tray-lifecycle.mjs — Hub/Tray bidirectional auto-start helpers
 
 import { spawn } from "node:child_process";
-import { resolveHubPortForContext } from "./hub-lifecycle.mjs";
+import {
+  isWorktreeOrEphemeralHubContext,
+  resolveHubPortForContext,
+} from "./hub-lifecycle.mjs";
 
 const DEFAULT_HUB_PORT = "27888";
 const DEFAULT_HEALTH_TIMEOUT_MS = 1_000;
@@ -117,6 +120,9 @@ export function spawnTrayForHub({
   spawnFn = spawn,
 } = {}) {
   if (env?.TFX_HUB_AUTO_TRAY === "0") return { status: "disabled" };
+  if (isWorktreeOrEphemeralHubContext({ env })) {
+    return { status: "disabled", reason: "ephemeral-or-worktree-context" };
+  }
   if (platform !== "darwin") return { status: "unsupported-platform" };
   if (!trayPath) return { status: "missing-tray-path" };
 

package/hub/tray.mjs

@@ -19,15 +19,20 @@ function sleep(ms) {
   return new Promise((resolveSleep) => setTimeout(resolveSleep, ms));
 }
 
+function isNodeCommand(command) {
+  return /\bnode(?:\s|$)|[/\\]node(?:\s|$)/u.test(command);
+}
+
+function hasMacTrayScriptArg(command) {
+  return /(?:^|[\s"'])[^"'<>|]*[/\\]hub[/\\]tray\.mjs(?:$|[\s"'])/u.test(
+    command,
+  );
+}
+
 export function collectMacTrayProcesses(
   psOutput = "",
-  {
-    scriptPath = fileURLToPath(import.meta.url),
-    currentPid = process.pid,
-  } = {},
+  { currentPid = process.pid } = {},
 ) {
-  const target = String(scriptPath || "");
-  if (!target) return [];
   const ownPid = Number(currentPid);
   return String(psOutput)
     .split(/\r?\n/u)
@@ -38,8 +43,8 @@ export function collectMacTrayProcesses(
       const ppid = Number.parseInt(match[2], 10);
       const command = match[3].trim();
       if (!Number.isFinite(pid) || pid === ownPid) return [];
-      if (!command.includes(target)) return [];
-      if (!/\bnode(?:\s|$)|\/node(?:\s|$)/u.test(command)) return [];
+      if (!isNodeCommand(command)) return [];
+      if (!hasMacTrayScriptArg(command)) return [];
       return [{ pid, ppid, command }];
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "10.33.1",
+  "version": "10.34.0",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Antigravity, and Claude",
   "type": "module",
   "bin": {

package/scripts/__tests__/ensure-codex-hooks.test.mjs

@@ -0,0 +1,183 @@
+// ensure-codex-hooks 직렬화/멱등 회귀 테스트 (issue #394 배경)
+//
+// 핵심 계약:
+// 1. 기록은 codex CLI 0.137+ canonical 인 table-header 형식만 사용한다.
+// 2. strip/수렴 판정은 inline dotted-key / table-header 양 형식을 모두 인식한다.
+// 3. 이미 수렴 상태면 config 를 재기록하지 않는다 (SessionStart 마다 호출되므로).
+// 4. 어떤 입력 조합에서도 같은 키가 2회 직렬화되지 않는다 (TOML duplicate key
+//    = codex 전 호출 즉사).
+//
+// 전부 mkdtemp 격리 — 실 ~/.codex 무접촉.
+
+import assert from "node:assert/strict";
+import { mkdtempSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import { afterEach, describe, it } from "node:test";
+import { ensureCodexHooks } from "../ensure-codex-hooks.mjs";
+
+const TEMP_DIRS = [];
+
+function makeCodexHome() {
+  const dir = mkdtempSync(join(tmpdir(), "tfx-ensure-codex-hooks-"));
+  TEMP_DIRS.push(dir);
+  return dir;
+}
+
+afterEach(() => {
+  while (TEMP_DIRS.length > 0) {
+    rmSync(TEMP_DIRS.pop(), { recursive: true, force: true });
+  }
+});
+
+function countOccurrences(content, needle) {
+  return content.split(needle).length - 1;
+}
+
+function managedKeyCounts(content, hooksPath) {
+  const counts = {};
+  for (const label of ["session_start", "user_prompt_submit"]) {
+    const key = `${hooksPath}:${label}:0:0`;
+    const inline = countOccurrences(content, `"${key}" = {`);
+    const table = countOccurrences(content, `[hooks.state."${key}"]`);
+    counts[label] = { inline, table, total: inline + table };
+  }
+  return counts;
+}
+
+describe("ensureCodexHooks — table-header 직렬화 + 멱등", () => {
+  it("fresh install: table-header 형식으로 각 키 1회 기록", () => {
+    const codexHome = makeCodexHome();
+    const result = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+
+    assert.equal(result.skipped, false);
+    assert.equal(result.changedHooks, true);
+    assert.equal(result.changedConfig, true);
+
+    const config = readFileSync(result.configPath, "utf8");
+    const counts = managedKeyCounts(config, result.hooksPath);
+    for (const label of ["session_start", "user_prompt_submit"]) {
+      assert.equal(counts[label].table, 1, `${label} table 형식 1회`);
+      assert.equal(counts[label].inline, 0, `${label} inline 형식 0회`);
+    }
+  });
+
+  it("멱등: 2회 실행 시 changedConfig=false, 내용 불변", () => {
+    const codexHome = makeCodexHome();
+    const first = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+    const before = readFileSync(first.configPath, "utf8");
+
+    const second = ensureCodexHooks({ codexHome, backupTimestamp: "t1" });
+    assert.equal(second.changedConfig, false, "2회차 config 무변경");
+    assert.equal(second.changedHooks, false, "2회차 hooks 무변경");
+    assert.equal(readFileSync(first.configPath, "utf8"), before);
+  });
+
+  it("재발 시나리오: inline+table 이중화 config 를 단일 table 로 dedupe", () => {
+    const codexHome = makeCodexHome();
+    const first = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+    const config = readFileSync(first.configPath, "utf8");
+
+    // 과거 설치기(inline)와 codex 재직렬화(table)가 공존하는 오염 상태 재현:
+    // 현재 table 기록 위에, 같은 키/해시의 inline 라인을 [hooks.state] 헤더와
+    // 함께 prepend 한다 — 2026-06-10 실측 config.toml:151-156 구조.
+    const counts0 = managedKeyCounts(config, first.hooksPath);
+    assert.equal(counts0.session_start.table, 1);
+    const tableBlocks = config
+      .split("\n")
+      .filter((l) => l.includes("trusted_hash"));
+    assert.ok(tableBlocks.length >= 2);
+    const hashOf = (label) => {
+      const idx = config.indexOf(
+        `[hooks.state."${first.hooksPath}:${label}:0:0"]`,
+      );
+      const m = config.slice(idx).match(/trusted_hash = "([^"]+)"/);
+      return m[1];
+    };
+    const polluted = [
+      "[hooks.state]",
+      `"${first.hooksPath}:session_start:0:0" = { trusted_hash = "${hashOf("session_start")}" }`,
+      `"${first.hooksPath}:user_prompt_submit:0:0" = { trusted_hash = "${hashOf("user_prompt_submit")}" }`,
+      config,
+    ].join("\n");
+    writeFileSync(first.configPath, polluted, "utf8");
+
+    const second = ensureCodexHooks({ codexHome, backupTimestamp: "t1" });
+    assert.equal(second.changedConfig, true, "오염 감지 시 재기록");
+    const cleaned = readFileSync(first.configPath, "utf8");
+    const counts = managedKeyCounts(cleaned, first.hooksPath);
+    for (const label of ["session_start", "user_prompt_submit"]) {
+      assert.equal(counts[label].total, 1, `${label} 총 1회 (duplicate 해소)`);
+      assert.equal(counts[label].table, 1, `${label} table 형식으로 수렴`);
+    }
+  });
+
+  it("codex 가 table 로만 재직렬화한 config 는 수렴 상태로 보고 무변경", () => {
+    const codexHome = makeCodexHome();
+    const first = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+    const config = readFileSync(first.configPath, "utf8");
+
+    // codex 재직렬화 시뮬레이션: 동일 키/해시가 table 형식으로만 존재
+    // (이미 우리 기록이 table 이므로 그대로가 그 상태다). 위에 무관 설정만 추가.
+    writeFileSync(first.configPath, `model = "gpt-5.5"\n\n${config}`, "utf8");
+
+    const second = ensureCodexHooks({ codexHome, backupTimestamp: "t1" });
+    assert.equal(second.changedConfig, false, "수렴 상태 무변경");
+    const after = readFileSync(first.configPath, "utf8");
+    assert.ok(after.startsWith('model = "gpt-5.5"'), "비관리 설정 보존");
+  });
+
+  it("비관리 hooks.state 키(oh-my-codex 등)는 보존", () => {
+    const codexHome = makeCodexHome();
+    const configPath = join(codexHome, "config.toml");
+    const foreign =
+      '[hooks.state."oh-my-codex@local:hooks/hooks.json:stop:0:0"]\ntrusted_hash = "sha256:aaaa"\n';
+    writeFileSync(configPath, foreign, "utf8");
+
+    const result = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+    const config = readFileSync(result.configPath, "utf8");
+    assert.ok(
+      config.includes("oh-my-codex@local:hooks/hooks.json:stop:0:0"),
+      "외부 키 보존",
+    );
+    assert.equal(
+      countOccurrences(config, "oh-my-codex@local"),
+      1,
+      "외부 키 중복 없음",
+    );
+    const counts = managedKeyCounts(config, result.hooksPath);
+    assert.equal(counts.session_start.total, 1);
+  });
+
+  it("hash 불일치(stale trust) 시 양 형식 strip 후 table 1회 재기록", () => {
+    const codexHome = makeCodexHome();
+    const first = ensureCodexHooks({ codexHome, backupTimestamp: "t0" });
+    const config = readFileSync(first.configPath, "utf8");
+    // 해시를 임의 값으로 바꿔 stale trust 상태 재현
+    writeFileSync(
+      first.configPath,
+      config.replace(
+        /trusted_hash = "sha256:[0-9a-f]+"/g,
+        'trusted_hash = "sha256:stale"',
+      ),
+      "utf8",
+    );
+
+    const second = ensureCodexHooks({ codexHome, backupTimestamp: "t1" });
+    assert.equal(second.changedConfig, true);
+    const after = readFileSync(first.configPath, "utf8");
+    const counts = managedKeyCounts(after, first.hooksPath);
+    for (const label of ["session_start", "user_prompt_submit"]) {
+      assert.equal(counts[label].total, 1);
+      assert.equal(counts[label].table, 1);
+    }
+    // 관리 키 영역은 stale 해시가 아닌 유효한 sha256 으로 갱신됐다
+    assert.equal(
+      countOccurrences(after, "sha256:stale"),
+      0,
+      "stale 해시 잔존 없음",
+    );
+    const m = after.match(/trusted_hash = "(sha256:[0-9a-f]{64})"/);
+    assert.ok(m, "유효한 sha256 해시로 재기록");
+  });
+});