fix(electrobun): complete all 16 Codex #3 findings

CRITICAL: - Message persistence race: snapshot batchEnd before async save - Double-start guard: startingProjects Set prevents concurrent launches - Symlink path traversal: fs.realpathSync() in path-guard.ts - Relay false success: connect() returns { ok, machineId, error } HIGH: - Session restore skips if active session exists - Remote remove: new RPC, cleans backend map - Task board poll token: stale responses discarded after drag-drop - Health concurrent tools: toolsInFlight counter (was boolean) - bttask transactions: delete wraps comments+task, addComment validates - PTY buffer cleared on reconnect - PTY large paste: chunked String.fromCharCode (8KB chunks) - Sidecar max line: 10MB limit prevents unbounded memory - btmsg authorization: group validation, channel membership checks MEDIUM: - Session retention: max 5 per project, purgeSession/untrackProject - Relay IPv6: URL parser replaces string split - PTY schema: fixed misleading base64 comment
2026-03-22 02:52:04 +01:00 · 2026-03-22 02:52:04 +01:00 · 0f75cb8e32
commit 0f75cb8e32
parent c145e37316
12 changed files with 190 additions and 42 deletions
--- a/ui-electrobun/src/shared/pty-rpc-schema.ts
+++ b/ui-electrobun/src/shared/pty-rpc-schema.ts
@ -23,11 +23,16 @@ export type PtyRPCRequests = {
    };
    response: { ok: boolean; error?: string };
  };
-  /** Write raw input bytes (base64-encoded) to a PTY session. */
+  /**
+   * Write input to a PTY session.
+   * `data` is raw UTF-8 text from the user (xterm onData). The pty-client
+   * layer encodes it to base64 before sending to the daemon; this RPC boundary
+   * carries raw text which the Bun handler forwards to PtyClient.writeInput().
+   */
  "pty.write": {
    params: {
      sessionId: string;
-      /** UTF-8 text typed by the user (xterm onData delivers this). */
+      /** Raw UTF-8 text typed by the user (xterm onData delivers this). Encoded to base64 by pty-client before daemon transport. */
      data: string;
    };
    response: { ok: boolean };
@ -549,11 +554,16 @@ export type PtyRPCRequests = {
    params: { url: string; token: string; label?: string };
    response: { ok: boolean; machineId?: string; error?: string };
  };
-  /** Disconnect from a relay instance. */
+  /** Disconnect from a relay instance (keeps machine in list for reconnect). */
  "remote.disconnect": {
    params: { machineId: string };
    response: { ok: boolean; error?: string };
  };
+  /** Remove a machine entirely — disconnects AND deletes from tracking. */
+  "remote.remove": {
+    params: { machineId: string };
+    response: { ok: boolean; error?: string };
+  };
  /** List all known remote machines with connection status. */
  "remote.list": {
    params: Record<string, never>;