triflux 9.5.1 → 9.7.0

package/hub/team/headless.mjs

@@ -243,10 +243,12 @@ function dispatchBatch(sessionName, assignments, opts = {}) {
  * @returns {Promise<Array<{d, completion, output}>>}
  */
 async function awaitAll(sessionName, dispatches, timeoutSec, safeProgress, progressIntervalSec) {
+  const ac = new AbortController();
+
   // 병렬 대기 (Promise.all — 모든 pane 동시 폴링, 총 시간 = max(개별 시간))
   return Promise.all(dispatches.map(async (d) => {
     // onPoll → onProgress 변환 (throttle by progressIntervalSec)
-    const pollOpts = {};
+    const pollOpts = { signal: ac.signal };
     if (safeProgress && progressIntervalSec > 0) {
       let lastProgressAt = 0;
       const intervalMs = progressIntervalSec * 1000;
@@ -268,6 +270,11 @@ async function awaitAll(sessionName, dispatches, timeoutSec, safeProgress, progr
     if (d.logPath) pollOpts.logPath = d.logPath;
     const completion = await waitForCompletion(sessionName, d.paneId || d.paneName, d.token, timeoutSec, pollOpts);
 
+    // 세션 사망 감지 시 나머지 워커 폴링 즉시 중단
+    if (completion.sessionDead && !ac.signal.aborted) {
+      ac.abort();
+    }
+
     const output = completion.matched
       ? readResult(d.resultFile, d.paneId)
       : "";

package/hub/team/psmux.mjs

@@ -570,7 +570,7 @@ function killOrphanPipeHelpers(sessionName) {
   const safeSession = sanitizePathPart(sessionName);
   try {
     const output = childProcess.execSync(
-      `powershell -NoProfile -WindowStyle Hidden -Command "$ErrorActionPreference='SilentlyContinue'; Get-CimInstance Win32_Process | Where-Object { $_.CommandLine -match 'pipe-pane-capture' -and $_.CommandLine -match '${safeSession}' } | Select-Object -ExpandProperty ProcessId"`,
+      `powershell -NoProfile -WindowStyle Hidden -Command "$ErrorActionPreference='SilentlyContinue'; Get-CimInstance Win32_Process | Where-Object { $_.CommandLine -match 'pipe-pane-capture' -and $_.CommandLine -match 'tfx-headless[/\\\\]${safeSession}' } | Select-Object -ExpandProperty ProcessId"`,
       { encoding: "utf8", timeout: 8000, stdio: ["pipe", "pipe", "pipe"], windowsHide: true },
     );
     const pids = output.split(/\r?\n/).map((l) => Number.parseInt(l.trim(), 10)).filter((p) => Number.isFinite(p) && p > 0);
@@ -605,7 +605,7 @@ function killOrphanMcpProcesses(sessionName) {
   try {
     // 세션 결과 디렉토리 패턴으로 MCP 서버 프로세스 식별
     const output = childProcess.execSync(
-      `powershell -NoProfile -WindowStyle Hidden -Command "$ErrorActionPreference='SilentlyContinue'; Get-CimInstance Win32_Process | Where-Object { $_.Name -eq 'node.exe' -and $_.CommandLine -match '${safeSession}' } | Select-Object -ExpandProperty ProcessId"`,
+      `powershell -NoProfile -WindowStyle Hidden -Command "$ErrorActionPreference='SilentlyContinue'; Get-CimInstance Win32_Process | Where-Object { $_.Name -eq 'node.exe' -and $_.CommandLine -match 'tfx-headless[/\\\\]${safeSession}' } | Select-Object -ExpandProperty ProcessId"`,
       { encoding: "utf8", timeout: 8000, stdio: ["pipe", "pipe", "pipe"], windowsHide: true },
     );
     const pids = output.split(/\r?\n/).map((l) => Number.parseInt(l.trim(), 10)).filter((p) => Number.isFinite(p) && p > 0 && p !== hubPid);
@@ -632,6 +632,9 @@ export function killPsmuxSession(sessionName) {
   }
   disableAllPipeCaptures(sessionName, paneIds);
 
+  // pipe-pane reader가 EOF를 처리하고 정상 종료할 시간 확보
+  sleepMs(500);
+
   // 2. pane 프로세스 트리 강제 종료 (MCP 서버 포함)
   const pids = collectPanePids(sessionName);
   for (const pid of pids) {
@@ -856,7 +859,8 @@ export function dispatchCommand(sessionName, paneNameOrTarget, commandText) {
  * @param {number} timeoutSec
  * @param {object} [opts]
  * @param {(snapshot: {content: string, paneId: string, paneName: string, elapsed: number}) => void} [opts.onPoll] — 각 폴링 주기마다 호출
- * @returns {{ matched: boolean, paneId: string, paneName: string, logPath: string, match: string|null }}
+ * @param {AbortSignal} [opts.signal] — 외부에서 폴링 중단 요청 시 사용
+ * @returns {{ matched: boolean, paneId: string, paneName: string, logPath: string, match: string|null, aborted?: boolean }}
  */
 export async function waitForPattern(sessionName, paneNameOrTarget, pattern, timeoutSec = 300, opts = {}) {
   ensurePsmuxInstalled();
@@ -892,7 +896,14 @@ export async function waitForPattern(sessionName, paneNameOrTarget, pattern, tim
   const deadline = startTime + Math.max(0, Math.trunc(timeoutSec * 1000));
   const regex = toPatternRegExp(pattern);
 
+  if (opts?.signal?.aborted) {
+    return { matched: false, paneId: pane.paneId, paneName, logPath, match: null, aborted: true };
+  }
+
   while (Date.now() <= deadline) {
+    if (opts?.signal?.aborted) {
+      return { matched: false, paneId: pane.paneId, paneName, logPath, match: null, aborted: true };
+    }
     // E4 크래시 복구: capture 실패 시 세션 생존 체크
     try {
       if (opts.logPath) {
@@ -940,6 +951,9 @@ export async function waitForPattern(sessionName, paneNameOrTarget, pattern, tim
       break;
     }
     await sleepMsAsync(POLL_INTERVAL_MS);
+    if (opts?.signal?.aborted) {
+      return { matched: false, paneId: pane.paneId, paneName, logPath, match: null, aborted: true };
+    }
   }
 
   return {
@@ -1112,7 +1126,13 @@ export function killWorker(sessionName, workerName) {
       // send-keys 실패 무시
     }
 
-    sleepMs(1000);
+    try {
+      psmuxExec(["send-keys", "-t", paneId, "exit", "Enter"]);
+    } catch {
+      // send-keys 실패 무시
+    }
+
+    sleepMs(2000);
 
     try {
       psmuxExec(["kill-pane", "-t", paneId]);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "triflux",
-  "version": "9.5.1",
+  "version": "9.7.0",
   "description": "CLI-first multi-model orchestrator for Claude Code — route tasks to Codex, Gemini, and Claude",
   "type": "module",
   "bin": {

package/scripts/__tests__/mcp-guard-engine.test.mjs

@@ -0,0 +1,118 @@
+import assert from "node:assert/strict";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { dirname, join, resolve } from "node:path";
+import { describe, it, afterEach } from "node:test";
+import { fileURLToPath } from "node:url";
+
+import {
+  isWatchedPath,
+  loadRegistry,
+  remediate,
+  resolveHubUrl,
+  scanForStdioServers,
+} from "../lib/mcp-guard-engine.mjs";
+
+const TEST_DIR = dirname(fileURLToPath(import.meta.url));
+const PROJECT_ROOT = resolve(TEST_DIR, "..", "..");
+const originalHome = {
+  HOME: process.env.HOME,
+  USERPROFILE: process.env.USERPROFILE,
+  TFX_HUB_PORT: process.env.TFX_HUB_PORT,
+};
+
+function createHomeDir(prefix = "mcp-guard-") {
+  const base = join(tmpdir(), `${prefix}${Date.now()}-${Math.random().toString(16).slice(2)}`);
+  mkdirSync(base, { recursive: true });
+  mkdirSync(join(base, ".gemini"), { recursive: true });
+  mkdirSync(join(base, ".claude", "cache", "tfx-hub"), { recursive: true });
+  mkdirSync(join(base, ".codex"), { recursive: true });
+  return base;
+}
+
+function withHome(homeDir) {
+  process.env.HOME = homeDir;
+  process.env.USERPROFILE = homeDir;
+}
+
+afterEach(() => {
+  if (originalHome.HOME === undefined) delete process.env.HOME;
+  else process.env.HOME = originalHome.HOME;
+
+  if (originalHome.USERPROFILE === undefined) delete process.env.USERPROFILE;
+  else process.env.USERPROFILE = originalHome.USERPROFILE;
+
+  if (originalHome.TFX_HUB_PORT === undefined) delete process.env.TFX_HUB_PORT;
+  else process.env.TFX_HUB_PORT = originalHome.TFX_HUB_PORT;
+});
+
+describe("mcp guard engine", () => {
+  it("loads the MCP registry", () => {
+    const registry = loadRegistry();
+    assert.equal(registry.version, 1);
+    assert.equal(registry.servers["tfx-hub"].url, "http://127.0.0.1:27888/mcp");
+    assert.equal(registry.policies.watched_paths.length, 5);
+  });
+
+  it("matches watched paths for Gemini and local .mcp.json", () => {
+    const homeDir = createHomeDir();
+    withHome(homeDir);
+
+    assert.equal(isWatchedPath(join(homeDir, ".gemini", "settings.json")), true);
+    assert.equal(isWatchedPath(join(PROJECT_ROOT, "nested", ".mcp.json")), true);
+    assert.equal(isWatchedPath(join(PROJECT_ROOT, "nested", "settings.yaml")), false);
+  });
+
+  it("detects stdio MCP servers from JSON config", () => {
+    const homeDir = createHomeDir();
+    withHome(homeDir);
+
+    const settingsPath = join(homeDir, ".gemini", "settings.json");
+    writeFileSync(settingsPath, JSON.stringify({
+      mcpServers: {
+        "unsafe-stdio": { command: "node", args: ["server.js"] },
+        "safe-url": { url: "http://127.0.0.1:27888/mcp" },
+      },
+    }, null, 2));
+
+    const found = scanForStdioServers(settingsPath);
+    assert.deepEqual(found.map((server) => server.name), ["unsafe-stdio"]);
+  });
+
+  it("replaces stdio MCP entries with tfx-hub and writes a backup", () => {
+    const homeDir = createHomeDir();
+    withHome(homeDir);
+
+    const pidPath = join(homeDir, ".claude", "cache", "tfx-hub", "hub.pid");
+    writeFileSync(pidPath, JSON.stringify({ host: "127.0.0.1", port: 30123 }), "utf8");
+
+    const settingsPath = join(homeDir, ".gemini", "settings.json");
+    writeFileSync(settingsPath, JSON.stringify({
+      mcpServers: {
+        "unsafe-stdio": { command: "node", args: ["server.js"] },
+      },
+    }, null, 2));
+
+    const result = remediate(settingsPath, scanForStdioServers(settingsPath), { stdio_action: "replace-with-hub" });
+    const updated = JSON.parse(readFileSync(settingsPath, "utf8"));
+
+    assert.equal(result.modified, true);
+    assert.equal(existsSync(`${settingsPath}.bak`), true);
+    assert.deepEqual(result.removedServers, ["unsafe-stdio"]);
+    assert.equal(updated.mcpServers["tfx-hub"].url, "http://127.0.0.1:30123/mcp");
+    assert.equal(Object.hasOwn(updated.mcpServers, "unsafe-stdio"), false);
+  });
+
+  it("uses hub.pid port before registry fallback when resolving Hub URL", () => {
+    const homeDir = createHomeDir();
+    withHome(homeDir);
+
+    writeFileSync(
+      join(homeDir, ".claude", "cache", "tfx-hub", "hub.pid"),
+      JSON.stringify({ host: "127.0.0.1", port: 29991 }),
+      "utf8",
+    );
+
+    assert.equal(resolveHubUrl(), "http://127.0.0.1:29991/mcp");
+  });
+});

package/scripts/headless-guard.mjs

@@ -193,7 +193,7 @@ async function main() {
     }
 
     // codex/gemini 직접 CLI 호출 → deny
-    if (/\bcodex\s+exec\b/.test(cmd) || /\bgemini\s+(-p|--prompt)\b/.test(cmd)) {
+    if (/\bcodex\b.*\bexec\b/.test(cmd) || /\bgemini\s+(-p|--prompt)\b/.test(cmd)) {
       deny(
         "[headless-guard] codex/gemini 직접 호출은 spawn-session에서 차단됩니다. " +
         `승인된 경로: ${HEADLESS_FALLBACK_COMMAND}. ` +