vigthoria-cli 1.9.10 → 1.9.19

package/dist/utils/project-memory.js

@@ -0,0 +1,289 @@
+/**
+ * Vigthoria Project Memory Service
+ *
+ * Local-first project brain stored inside .vigthoria/memory. It keeps durable,
+ * compact facts that can be retrieved for follow-up prompts without replaying
+ * full chat history or noisy tool traces.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { createHash } from 'node:crypto';
+const MAX_ITEMS = 240;
+const MAX_TEXT_LENGTH = 320;
+const MAX_CONTEXT_ITEMS = 14;
+const STOP_WORDS = new Set([
+    'about', 'after', 'again', 'also', 'because', 'before', 'could', 'from', 'have', 'into', 'just', 'make', 'need',
+    'only', 'please', 'should', 'that', 'their', 'there', 'this', 'with', 'work', 'working', 'would', 'your', 'vigthoria',
+]);
+function nowIso() {
+    return new Date().toISOString();
+}
+function normalizeText(value) {
+    return String(value || '')
+        .replace(/<tool_call>[\s\S]*?<\/tool_call>/g, ' ')
+        .replace(/[ \t\r\n]+/g, ' ')
+        .trim();
+}
+function clampText(value, max = MAX_TEXT_LENGTH) {
+    const normalized = normalizeText(value);
+    return normalized.length > max ? `${normalized.slice(0, max - 3)}...` : normalized;
+}
+function slugHash(value) {
+    return createHash('sha1').update(value).digest('hex').slice(0, 12);
+}
+function tokenize(value) {
+    return Array.from(new Set(String(value || '')
+        .toLowerCase()
+        .replace(/[^a-z0-9_./-]+/g, ' ')
+        .split(/\s+/)
+        .filter((word) => word.length >= 3 && !STOP_WORDS.has(word)))).slice(0, 48);
+}
+function inferTags(text) {
+    const tags = new Set();
+    const lower = text.toLowerCase();
+    if (/login|auth|token|session/.test(lower))
+        tags.add('auth');
+    if (/cli|terminal|command/.test(lower))
+        tags.add('cli');
+    if (/code|extension|vscode|webview/.test(lower))
+        tags.add('code');
+    if (/agent|v3|executor|planner/.test(lower))
+        tags.add('agent');
+    if (/memory|context|summary|follow/.test(lower))
+        tags.add('memory');
+    if (/windows|win32|desktop/.test(lower))
+        tags.add('windows');
+    if (/release|publish|version|manifest|update/.test(lower))
+        tags.add('release');
+    if (/test|validated|passed|build|verify/.test(lower))
+        tags.add('validation');
+    return Array.from(tags).slice(0, 8);
+}
+export class ProjectMemoryService {
+    workspacePath;
+    memoryDir;
+    brainPath;
+    constructor(workspacePath = process.cwd()) {
+        this.workspacePath = path.resolve(workspacePath || process.cwd());
+        this.memoryDir = path.join(this.workspacePath, '.vigthoria', 'memory');
+        this.brainPath = path.join(this.memoryDir, 'brain.json');
+    }
+    getMemoryDir() {
+        return this.memoryDir;
+    }
+    loadBrain() {
+        try {
+            if (fs.existsSync(this.brainPath)) {
+                const parsed = JSON.parse(fs.readFileSync(this.brainPath, 'utf8'));
+                if (parsed && parsed.version === 1 && Array.isArray(parsed.items)) {
+                    return parsed;
+                }
+            }
+        }
+        catch {
+            // Corrupt memory should never break chat.
+        }
+        return {
+            version: 1,
+            workspaceName: path.basename(this.workspacePath),
+            updatedAt: nowIso(),
+            items: [],
+        };
+    }
+    saveBrain(brain) {
+        try {
+            fs.mkdirSync(this.memoryDir, { recursive: true });
+            const normalized = {
+                ...brain,
+                workspaceName: brain.workspaceName || path.basename(this.workspacePath),
+                updatedAt: nowIso(),
+                items: this.dedupeAndTrim(brain.items || []),
+            };
+            fs.writeFileSync(this.brainPath, JSON.stringify(normalized, null, 2) + '\n', 'utf8');
+            this.writeMarkdownViews(normalized);
+        }
+        catch {
+            // Project memory is best effort. Never fail the user's main request.
+        }
+    }
+    remember(type, text, options = {}) {
+        const clean = clampText(text);
+        if (!clean || clean.length < 12)
+            return;
+        const brain = this.loadBrain();
+        const item = this.createItem(type, clean, options);
+        brain.items.push(item);
+        this.saveBrain(brain);
+    }
+    rememberConversation(messages, options = {}) {
+        const recent = (messages || []).slice(-16);
+        const candidates = [];
+        for (const message of recent) {
+            const content = clampText(message.content);
+            if (!content || content.length < 16)
+                continue;
+            if (message.role === 'user') {
+                const lower = content.toLowerCase();
+                if (/\b(need|fix|make|implement|build|verify|publish|release|check|investigate|remember|prefer|should|must|do not|don't)\b/.test(lower)) {
+                    candidates.push(this.createItem(this.inferUserMemoryType(content), content, { ...options, source: options.source || 'user' }));
+                }
+                continue;
+            }
+            if (message.role === 'assistant') {
+                const lower = content.toLowerCase();
+                if (/\b(done|fixed|implemented|published|validated|verified|passed|updated|created|rebuilt|released)\b/.test(lower)) {
+                    candidates.push(this.createItem('validation', content, { ...options, source: options.source || 'assistant' }));
+                }
+            }
+        }
+        if (options.sessionSummary && options.sessionSummary.trim()) {
+            for (const line of options.sessionSummary.split('\n').slice(-10)) {
+                const clean = clampText(line.replace(/^[-*]\s*/, ''));
+                if (clean.length >= 16) {
+                    candidates.push(this.createItem('fact', clean, { ...options, source: 'session-summary' }));
+                }
+            }
+        }
+        if (candidates.length === 0)
+            return;
+        const brain = this.loadBrain();
+        brain.items.push(...candidates);
+        this.saveBrain(brain);
+    }
+    buildContextForPrompt(prompt) {
+        const items = this.retrieveRelevantMemory(prompt, MAX_CONTEXT_ITEMS);
+        if (items.length === 0)
+            return '';
+        const grouped = new Map();
+        for (const item of items) {
+            if (!grouped.has(item.type))
+                grouped.set(item.type, []);
+            grouped.get(item.type).push(item);
+        }
+        const lines = [
+            'Vigthoria project brain memory.',
+            'Use these durable project facts for follow-up continuity. Do not repeat them unless relevant.',
+        ];
+        for (const [type, group] of grouped) {
+            lines.push(`${type}:`);
+            for (const item of group.slice(0, 5)) {
+                lines.push(`- ${item.text}`);
+            }
+        }
+        return lines.join('\n').slice(0, 3200);
+    }
+    retrieveRelevantMemory(prompt, limit = MAX_CONTEXT_ITEMS) {
+        const brain = this.loadBrain();
+        const promptTokens = new Set(tokenize(prompt));
+        const scored = brain.items.map((item) => {
+            const haystack = tokenize(`${item.type} ${item.text} ${item.tags.join(' ')}`);
+            let score = item.weight || 1;
+            for (const token of haystack) {
+                if (promptTokens.has(token))
+                    score += 4;
+            }
+            if (item.type === 'preference')
+                score += 2;
+            if (item.type === 'task')
+                score += 1;
+            return { item, score };
+        });
+        return scored
+            .filter((entry) => entry.score > 1 || promptTokens.size === 0)
+            .sort((a, b) => b.score - a.score || b.item.updatedAt.localeCompare(a.item.updatedAt))
+            .slice(0, limit)
+            .map((entry) => entry.item);
+    }
+    getStatus() {
+        const brain = this.loadBrain();
+        const typeCounts = {};
+        for (const item of brain.items) {
+            typeCounts[item.type] = (typeCounts[item.type] || 0) + 1;
+        }
+        return {
+            memoryDir: this.memoryDir,
+            itemCount: brain.items.length,
+            updatedAt: brain.updatedAt,
+            typeCounts,
+        };
+    }
+    createItem(type, text, options) {
+        const clean = clampText(text);
+        const tags = Array.from(new Set([...inferTags(clean), ...(options.mode ? [options.mode] : [])])).slice(0, 10);
+        const source = options.source || 'conversation';
+        const id = slugHash(`${type}:${source}:${clean.toLowerCase()}`);
+        const timestamp = nowIso();
+        return {
+            id,
+            type,
+            text: clean,
+            tags,
+            source,
+            createdAt: timestamp,
+            updatedAt: timestamp,
+            weight: type === 'preference' || type === 'decision' ? 4 : type === 'task' ? 3 : 2,
+        };
+    }
+    inferUserMemoryType(text) {
+        const lower = text.toLowerCase();
+        if (/\b(prefer|should|must|always|never|do not|don't|dont)\b/.test(lower))
+            return 'preference';
+        if (/\b(decide|decision|architecture|approach)\b/.test(lower))
+            return 'decision';
+        if (/\b(error|bug|issue|problem|fail|broken)\b/.test(lower))
+            return 'issue';
+        return 'task';
+    }
+    dedupeAndTrim(items) {
+        const byId = new Map();
+        for (const item of items) {
+            const clean = clampText(item.text);
+            if (!clean)
+                continue;
+            const id = item.id || slugHash(`${item.type}:${clean.toLowerCase()}`);
+            const existing = byId.get(id);
+            if (existing) {
+                byId.set(id, {
+                    ...existing,
+                    text: clean,
+                    tags: Array.from(new Set([...(existing.tags || []), ...(item.tags || [])])).slice(0, 10),
+                    updatedAt: item.updatedAt || nowIso(),
+                    weight: Math.max(existing.weight || 1, item.weight || 1),
+                });
+            }
+            else {
+                byId.set(id, { ...item, id, text: clean });
+            }
+        }
+        return Array.from(byId.values())
+            .sort((a, b) => b.updatedAt.localeCompare(a.updatedAt))
+            .slice(0, MAX_ITEMS)
+            .sort((a, b) => a.createdAt.localeCompare(b.createdAt));
+    }
+    writeMarkdownViews(brain) {
+        const groups = ['preference', 'decision', 'task', 'issue', 'validation', 'file', 'fact'];
+        const title = `# Vigthoria Project Brain\n\nUpdated: ${brain.updatedAt}\nWorkspace: ${brain.workspaceName}\n\n`;
+        const allLines = [title.trimEnd(), ''];
+        for (const type of groups) {
+            const items = brain.items.filter((item) => item.type === type);
+            if (items.length === 0)
+                continue;
+            const heading = this.headingForType(type);
+            const lines = [`# ${heading}`, '', ...items.map((item) => `- ${item.text}`)];
+            fs.writeFileSync(path.join(this.memoryDir, `${type}s.md`), lines.join('\n') + '\n', 'utf8');
+            allLines.push(`## ${heading}`, '', ...items.slice(-40).map((item) => `- ${item.text}`), '');
+        }
+        fs.writeFileSync(path.join(this.memoryDir, 'README.md'), allLines.join('\n').trimEnd() + '\n', 'utf8');
+    }
+    headingForType(type) {
+        switch (type) {
+            case 'preference': return 'User Preferences';
+            case 'decision': return 'Decisions';
+            case 'task': return 'Tasks';
+            case 'issue': return 'Known Issues';
+            case 'validation': return 'Validations';
+            case 'file': return 'Important Files';
+            default: return 'Facts';
+        }
+    }
+}

package/dist/utils/session.d.ts

@@ -16,10 +16,22 @@ export type CliError = {
 };
 /**
  * Validate persisted authentication state without assuming any field is present.
+ *
+ * Production hygiene: by default this helper is SILENT.  Earlier revisions
+ * wrote ``console.warn`` for every missing-token branch, which polluted
+ * stderr on PowerShell (NativeCommandError styling) and surfaced as noise
+ * on first-run installs.  Pass ``{ silent: false }`` only when the caller
+ * actually wants the warning visible.
  */
-export declare function validateSession(session: AuthState): boolean;
+export declare function validateSession(session: AuthState, options?: {
+    silent?: boolean;
+}): boolean;
 /**
  * Load persisted authentication state and normalize nullable token fields safely.
+ *
+ * Production behaviour: first-run users (no session file yet) get a clean
+ * ``{ token: null, expiresAt: null, isValid: false }`` instead of an
+ * exception.  Callers that need a hard failure can inspect ``isValid``.
  */
 export declare function loadSession(): Promise<AuthState>;
 export interface Session {
@@ -39,8 +51,20 @@ export declare class SessionManager {
     private sessionsDir;
     private readonly compactThreshold;
     private readonly retainRecentMessages;
+    /** Keep at most this many session files on disk per CLI install. */
+    private readonly maxRetainedSessions;
+    /** Sessions older than this are pruned (90 days). */
+    private readonly retentionWindowMs;
+    /** Avoid running prune on every save — at most once per CLI process. */
+    private prunedThisProcess;
     constructor();
     private ensureDir;
+    /**
+     * Prune sessions older than the retention window AND cap the number of
+     * retained files.  This is best-effort: any unreadable file is treated
+     * as stale and removed.  Pruning is bounded to once per process.
+     */
+    private pruneIfNeeded;
     /**
      * Generate unique session ID
      */
@@ -50,7 +74,8 @@ export declare class SessionManager {
      */
     create(project: string, model: string, agentMode?: boolean, operatorMode?: boolean): Session;
     /**
-     * Save session to disk
+     * Save session to disk — atomic + 0600 mode so transcripts cannot be
+     * read by other local users on a shared POSIX host.
      */
     save(session: Session): void;
     /**
@@ -62,7 +87,8 @@ export declare class SessionManager {
      */
     getLatest(project: string): Session | null;
     /**
-     * List all sessions (metadata only)
+     * List all sessions (metadata only) — corrupt or unreadable files are
+     * skipped silently unless VIGTHORIA_DEBUG=1.
      */
     list(): Omit<Session, 'messages'>[];
     /**

package/dist/utils/session.js

@@ -1,48 +1,11 @@
-"use strict";
 /**
  * Session Manager - Persist and resume conversations
  * Similar to Vigthoria's session persistence
  */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionManager = void 0;
-exports.validateSession = validateSession;
-exports.loadSession = loadSession;
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const os = __importStar(require("os"));
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { atomicWriteJson, secureFileMode } from './cli-state.js';
 function createSessionLoadError(message, details) {
     return {
         code: 'SESSION_LOAD_FAILED',
@@ -53,9 +16,7 @@ function createSessionLoadError(message, details) {
 }
 function normalizeAuthState(raw) {
     if (!raw || typeof raw !== 'object') {
-        const session = { token: null, expiresAt: null, isValid: false };
-        session.isValid = validateSession(session);
-        return session;
+        return { token: null, expiresAt: null, isValid: false };
     }
     const source = raw.auth && typeof raw.auth === 'object' ? raw.auth : raw;
     const rawToken = source.token ?? source.accessToken ?? source.jwt ?? null;
@@ -63,75 +24,89 @@ function normalizeAuthState(raw) {
     const token = typeof rawToken === 'string' && rawToken.trim().length > 0 ? rawToken.trim() : null;
     const expiresAt = typeof rawExpiresAt === 'number' && Number.isFinite(rawExpiresAt) ? rawExpiresAt : null;
     const session = { token, expiresAt, isValid: false };
-    session.isValid = validateSession(session);
+    session.isValid = validateSession(session, { silent: true });
     return session;
 }
 /**
  * Validate persisted authentication state without assuming any field is present.
+ *
+ * Production hygiene: by default this helper is SILENT.  Earlier revisions
+ * wrote ``console.warn`` for every missing-token branch, which polluted
+ * stderr on PowerShell (NativeCommandError styling) and surfaced as noise
+ * on first-run installs.  Pass ``{ silent: false }`` only when the caller
+ * actually wants the warning visible.
  */
-function validateSession(session) {
+export function validateSession(session, options = {}) {
+    const silent = options.silent !== false;
     if (!session || typeof session !== 'object') {
-        console.warn('Invalid session: session state is missing.');
+        if (!silent)
+            console.warn('Invalid session: session state is missing.');
         return false;
     }
     if (typeof session.token !== 'string' || session.token.trim().length === 0) {
-        console.warn('Invalid session: authentication token is missing.');
+        if (!silent)
+            console.warn('Invalid session: authentication token is missing.');
         return false;
     }
     if (typeof session.expiresAt !== 'number' || !Number.isFinite(session.expiresAt)) {
-        console.warn('Invalid session: expiration timestamp is missing.');
+        if (!silent)
+            console.warn('Invalid session: expiration timestamp is missing.');
         return false;
     }
     if (session.expiresAt <= Date.now()) {
-        console.warn('Invalid session: authentication token has expired.');
+        if (!silent)
+            console.warn('Invalid session: authentication token has expired.');
         return false;
     }
     return true;
 }
 /**
  * Load persisted authentication state and normalize nullable token fields safely.
+ *
+ * Production behaviour: first-run users (no session file yet) get a clean
+ * ``{ token: null, expiresAt: null, isValid: false }`` instead of an
+ * exception.  Callers that need a hard failure can inspect ``isValid``.
  */
-async function loadSession() {
+export async function loadSession() {
     const configDir = path.join(os.homedir(), '.vigthoria');
     const candidateFiles = [
         path.join(configDir, 'auth.json'),
         path.join(configDir, 'session.json'),
         path.join(configDir, 'config.json'),
     ];
-    try {
-        const sessionFile = candidateFiles.find((filePath) => fs.existsSync(filePath));
-        if (!sessionFile) {
-            const session = { token: null, expiresAt: null, isValid: false };
-            validateSession(session);
-            throw createSessionLoadError('Failed to load persisted authentication session: no session file found.');
+    const sessionFile = candidateFiles.find((filePath) => {
+        try {
+            return fs.existsSync(filePath);
+        }
+        catch {
+            return false;
         }
+    });
+    if (!sessionFile) {
+        return { token: null, expiresAt: null, isValid: false };
+    }
+    try {
         const content = fs.readFileSync(sessionFile, 'utf-8');
         const parsed = JSON.parse(content);
-        const session = normalizeAuthState(parsed);
-        if (session.token === null || session.expiresAt === null || !session.isValid) {
-            throw createSessionLoadError('Failed to load persisted authentication session: token is missing or expired.', {
-                sessionFile,
-                hasToken: session.token !== null,
-                expiresAt: session.expiresAt,
-            });
-        }
-        return session;
+        return normalizeAuthState(parsed);
     }
     catch (error) {
-        if (error?.code === 'SESSION_LOAD_FAILED') {
-            console.error(error.message, error.details ?? '');
-            throw error;
+        if (process.env.VIGTHORIA_DEBUG === '1') {
+            console.error('[vigthoria] Could not read session file:', error?.message ?? error);
         }
-        console.error('Failed to load persisted authentication session.', error?.message ?? error);
-        throw createSessionLoadError('Failed to load persisted authentication session.', {
-            message: error?.message ?? String(error),
-        });
+        return { token: null, expiresAt: null, isValid: false };
     }
 }
-class SessionManager {
+export class SessionManager {
     sessionsDir;
     compactThreshold = 40;
     retainRecentMessages = 18;
+    /** Keep at most this many session files on disk per CLI install. */
+    maxRetainedSessions = 200;
+    /** Sessions older than this are pruned (90 days). */
+    retentionWindowMs = 90 * 24 * 60 * 60 * 1000;
+    /** Avoid running prune on every save — at most once per CLI process. */
+    prunedThisProcess = false;
     constructor() {
         this.sessionsDir = path.join(os.homedir(), '.vigthoria', 'sessions');
         this.ensureDir();
@@ -139,18 +114,77 @@ class SessionManager {
     ensureDir() {
         try {
             if (!fs.existsSync(this.sessionsDir)) {
-                fs.mkdirSync(this.sessionsDir, { recursive: true, mode: 0o755 });
+                fs.mkdirSync(this.sessionsDir, { recursive: true, mode: 0o700 });
+            }
+            if (process.platform !== 'win32') {
+                try {
+                    fs.chmodSync(this.sessionsDir, 0o700);
+                }
+                catch { /* best-effort */ }
             }
         }
         catch (error) {
-            if (error.code === 'EACCES' || error.code === 'EPERM') {
+            if (error?.code === 'EACCES' || error?.code === 'EPERM') {
                 this.sessionsDir = path.join(os.tmpdir(), 'vigthoria-sessions');
-                if (!fs.existsSync(this.sessionsDir)) {
-                    fs.mkdirSync(this.sessionsDir, { recursive: true });
+                try {
+                    if (!fs.existsSync(this.sessionsDir)) {
+                        fs.mkdirSync(this.sessionsDir, { recursive: true });
+                    }
+                }
+                catch {
+                    // If even tmpdir is unwritable we'll fail at write time with a useful error.
                 }
             }
         }
     }
+    /**
+     * Prune sessions older than the retention window AND cap the number of
+     * retained files.  This is best-effort: any unreadable file is treated
+     * as stale and removed.  Pruning is bounded to once per process.
+     */
+    pruneIfNeeded() {
+        if (this.prunedThisProcess)
+            return;
+        this.prunedThisProcess = true;
+        try {
+            const now = Date.now();
+            const files = fs.readdirSync(this.sessionsDir)
+                .filter((f) => f.endsWith('.json'))
+                .map((f) => {
+                const full = path.join(this.sessionsDir, f);
+                let mtimeMs = 0;
+                try {
+                    mtimeMs = fs.statSync(full).mtimeMs;
+                }
+                catch { /* treat as stale */ }
+                return { file: f, full, mtimeMs };
+            });
+            // Drop everything older than the retention window.
+            for (const entry of files) {
+                if (entry.mtimeMs === 0 || now - entry.mtimeMs > this.retentionWindowMs) {
+                    try {
+                        fs.unlinkSync(entry.full);
+                    }
+                    catch { /* ignore */ }
+                }
+            }
+            // Cap retained-session count (keep most recent).
+            const remaining = files
+                .filter((e) => e.mtimeMs > 0 && now - e.mtimeMs <= this.retentionWindowMs)
+                .sort((a, b) => b.mtimeMs - a.mtimeMs);
+            if (remaining.length > this.maxRetainedSessions) {
+                for (const entry of remaining.slice(this.maxRetainedSessions)) {
+                    try {
+                        fs.unlinkSync(entry.full);
+                    }
+                    catch { /* ignore */ }
+                }
+            }
+        }
+        catch {
+            // Pruning is purely a hygiene step — never block on failure.
+        }
+    }
     /**
      * Generate unique session ID
      */
@@ -180,14 +214,25 @@ class SessionManager {
         return session;
     }
     /**
-     * Save session to disk
+     * Save session to disk — atomic + 0600 mode so transcripts cannot be
+     * read by other local users on a shared POSIX host.
      */
     save(session) {
         const compacted = this.compactSession(session);
         const targetSession = compacted.session;
         targetSession.updatedAt = new Date().toISOString();
         const filePath = path.join(this.sessionsDir, `${session.id}.json`);
-        fs.writeFileSync(filePath, JSON.stringify(targetSession, null, 2), 'utf-8');
+        try {
+            atomicWriteJson(filePath, targetSession, 0o600);
+            secureFileMode(filePath);
+        }
+        catch (error) {
+            // Surface a best-effort hint rather than crashing the active chat.
+            if (process.env.VIGTHORIA_DEBUG === '1') {
+                console.error('[vigthoria] session save failed:', error?.message ?? error);
+            }
+        }
+        this.pruneIfNeeded();
     }
     /**
      * Load session by ID
@@ -217,11 +262,17 @@ class SessionManager {
         return projectSessions.length > 0 ? this.load(projectSessions[0].id) : null;
     }
     /**
-     * List all sessions (metadata only)
+     * List all sessions (metadata only) — corrupt or unreadable files are
+     * skipped silently unless VIGTHORIA_DEBUG=1.
      */
     list() {
-        const files = fs.readdirSync(this.sessionsDir)
-            .filter(f => f.endsWith('.json'));
+        let files = [];
+        try {
+            files = fs.readdirSync(this.sessionsDir).filter(f => f.endsWith('.json'));
+        }
+        catch {
+            return [];
+        }
         return files.map(f => {
             try {
                 const content = fs.readFileSync(path.join(this.sessionsDir, f), 'utf-8');
@@ -230,7 +281,9 @@ class SessionManager {
                 return { ...metadata, messages: [] };
             }
             catch (error) {
-                console.warn(`Failed to read session metadata from ${f}:`, error);
+                if (process.env.VIGTHORIA_DEBUG === '1') {
+                    console.warn(`Failed to read session metadata from ${f}:`, error);
+                }
                 return null;
             }
         }).filter(Boolean);
@@ -368,4 +421,3 @@ class SessionManager {
         return `[${session.id}] ${preview} (${userMessages.length} messages)`;
     }
 }
-exports.SessionManager = SessionManager;