fix(electrobun): complete all 16 Codex #3 findings

CRITICAL: - Message persistence race: snapshot batchEnd before async save - Double-start guard: startingProjects Set prevents concurrent launches - Symlink path traversal: fs.realpathSync() in path-guard.ts - Relay false success: connect() returns { ok, machineId, error } HIGH: - Session restore skips if active session exists - Remote remove: new RPC, cleans backend map - Task board poll token: stale responses discarded after drag-drop - Health concurrent tools: toolsInFlight counter (was boolean) - bttask transactions: delete wraps comments+task, addComment validates - PTY buffer cleared on reconnect - PTY large paste: chunked String.fromCharCode (8KB chunks) - Sidecar max line: 10MB limit prevents unbounded memory - btmsg authorization: group validation, channel membership checks MEDIUM: - Session retention: max 5 per project, purgeSession/untrackProject - Relay IPv6: URL parser replaces string split - PTY schema: fixed misleading base64 comment
2026-03-22 02:52:04 +01:00 · 2026-03-22 02:52:04 +01:00 · 0f75cb8e32
commit 0f75cb8e32
parent c145e37316
12 changed files with 190 additions and 42 deletions
--- a/ui-electrobun/src/bun/btmsg-db.ts
+++ b/ui-electrobun/src/bun/btmsg-db.ts
@ -200,6 +200,9 @@ export class BtmsgDb {
  // ── Direct messages ──────────────────────────────────────────────────────
  /**
   * Fix #13 (Codex audit): Validate sender and recipient are in the same group.
   */
  sendMessage(fromAgent: string, toAgent: string, content: string): string {
    // Get sender's group_id
    const sender = this.db.query<{ group_id: string }, [string]>(
@ -207,6 +210,15 @@ export class BtmsgDb {
    ).get(fromAgent);
    if (!sender) throw new Error(`Sender agent '${fromAgent}' not found`);
    // Validate recipient exists and is in the same group
    const recipient = this.db.query<{ group_id: string }, [string]>(
      "SELECT group_id FROM agents WHERE id = ?"
    ).get(toAgent);
    if (!recipient) throw new Error(`Recipient agent '${toAgent}' not found`);
    if (sender.group_id !== recipient.group_id) {
      throw new Error(`Cross-group messaging denied: '${fromAgent}' (${sender.group_id}) -> '${toAgent}' (${recipient.group_id})`);
    }
    const id = randomUUID();
    this.db.query(
      `INSERT INTO messages (id, from_agent, to_agent, content, group_id, sender_group_id)
@ -249,12 +261,23 @@ export class BtmsgDb {
  // ── Channels ─────────────────────────────────────────────────────────────
  /**
   * Fix #13 (Codex audit): Auto-add creator to channel membership on create.
   */
  createChannel(name: string, groupId: string, createdBy: string): string {
    const id = randomUUID();
-    this.db.query(
+    const tx = this.db.transaction(() => {
-      `INSERT INTO channels (id, name, group_id, created_by)
+      this.db.query(
-       VALUES (?1, ?2, ?3, ?4)`
+        `INSERT INTO channels (id, name, group_id, created_by)
-    ).run(id, name, groupId, createdBy);
+         VALUES (?1, ?2, ?3, ?4)`
      ).run(id, name, groupId, createdBy);
      // Auto-add creator as channel member
      this.db.query(
        `INSERT OR IGNORE INTO channel_members (channel_id, agent_id)
         VALUES (?1, ?2)`
      ).run(id, createdBy);
    });
    tx();
    return id;
  }
@ -292,7 +315,17 @@ export class BtmsgDb {
    }));
  }
  /**
   * Fix #13 (Codex audit): Validate sender is a member of the channel.
   */
  sendChannelMessage(channelId: string, fromAgent: string, content: string): string {
    const member = this.db.query<{ agent_id: string }, [string, string]>(
      "SELECT agent_id FROM channel_members WHERE channel_id = ? AND agent_id = ?"
    ).get(channelId, fromAgent);
    if (!member) {
      throw new Error(`Agent '${fromAgent}' is not a member of channel '${channelId}'`);
    }
    const id = randomUUID();
    this.db.query(
      `INSERT INTO channel_messages (id, channel_id, from_agent, content)
--- a/ui-electrobun/src/bun/bttask-db.ts
+++ b/ui-electrobun/src/bun/bttask-db.ts
@ -137,14 +137,26 @@ export class BttaskDb {
    return expectedVersion + 1;
  }
  /** Fix #9 (Codex audit): Wrap delete in transaction for atomicity. */
  deleteTask(taskId: string): void {
-    this.db.query("DELETE FROM task_comments WHERE task_id = ?").run(taskId);
+    const tx = this.db.transaction(() => {
-    this.db.query("DELETE FROM tasks WHERE id = ?").run(taskId);
+      this.db.query("DELETE FROM task_comments WHERE task_id = ?").run(taskId);
      this.db.query("DELETE FROM tasks WHERE id = ?").run(taskId);
    });
    tx();
  }
  // ── Comments ─────────────────────────────────────────────────────────────
  /** Fix #9 (Codex audit): Validate task exists before adding comment. */
  addComment(taskId: string, agentId: string, content: string): string {
    const task = this.db.query<{ id: string }, [string]>(
      "SELECT id FROM tasks WHERE id = ?"
    ).get(taskId);
    if (!task) {
      throw new Error(`Task '${taskId}' not found`);
    }
    const id = randomUUID();
    this.db.query(
      `INSERT INTO task_comments (id, task_id, agent_id, content)
--- a/ui-electrobun/src/bun/handlers/path-guard.ts
+++ b/ui-electrobun/src/bun/handlers/path-guard.ts
@ -5,6 +5,7 @@
 */
 import path from "path";
 import fs from "fs";
 import { settingsDb } from "../settings-db.ts";
 import { homedir } from "os";
 import { join } from "path";
@ -29,14 +30,36 @@ function getAllowedRoots(): string[] {
 /**
 * Validate that a file path is within an allowed boundary.
- * Returns the resolved path if valid, or null if outside boundaries.
+ * Fix #3 (Codex audit): Uses realpathSync to resolve symlinks, preventing
 * symlink-based traversal attacks (CWE-59).
 * Returns the resolved real path if valid, or null if outside boundaries.
 */
 export function validatePath(filePath: string): string | null {
-  const resolved = path.resolve(filePath);
+  let resolved: string;
  try {
    // Resolve symlinks to their actual target to prevent symlink traversal
    resolved = fs.realpathSync(path.resolve(filePath));
  } catch {
    // If the file doesn't exist yet, resolve without symlink resolution
    // but only allow if the parent directory resolves within boundaries
    const parent = path.dirname(path.resolve(filePath));
    try {
      const realParent = fs.realpathSync(parent);
      resolved = path.join(realParent, path.basename(filePath));
    } catch {
      return null; // Parent doesn't exist either — reject
    }
  }
  const roots = getAllowedRoots();
  for (const root of roots) {
-    const resolvedRoot = path.resolve(root);
+    let resolvedRoot: string;
    try {
      resolvedRoot = fs.realpathSync(path.resolve(root));
    } catch {
      resolvedRoot = path.resolve(root);
    }
    if (resolved === resolvedRoot || resolved.startsWith(resolvedRoot + path.sep)) {
      return resolved;
    }
--- a/ui-electrobun/src/bun/handlers/remote-handlers.ts
+++ b/ui-electrobun/src/bun/handlers/remote-handlers.ts
@ -6,10 +6,11 @@ import type { RelayClient } from "../relay-client.ts";
 export function createRemoteHandlers(relayClient: RelayClient) {
  return {
    // Fix #4 (Codex audit): relay-client.connect() now returns { ok, machineId, error }
    "remote.connect": async ({ url, token, label }: { url: string; token: string; label?: string }) => {
      try {
-        const machineId = await relayClient.connect(url, token, label);
+        const result = await relayClient.connect(url, token, label);
-        return { ok: true, machineId };
+        return result;
      } catch (err) {
        const error = err instanceof Error ? err.message : String(err);
        console.error("[remote.connect]", err);
@ -28,6 +29,18 @@ export function createRemoteHandlers(relayClient: RelayClient) {
      }
    },
    // Fix #6 (Codex audit): Add remote.remove RPC that disconnects AND deletes
    "remote.remove": ({ machineId }: { machineId: string }) => {
      try {
        relayClient.removeMachine(machineId);
        return { ok: true };
      } catch (err) {
        const error = err instanceof Error ? err.message : String(err);
        console.error("[remote.remove]", err);
        return { ok: false, error };
      }
    },
    "remote.list": () => {
      try {
        return { machines: relayClient.listMachines() };
--- a/ui-electrobun/src/bun/pty-client.ts
+++ b/ui-electrobun/src/bun/pty-client.ts
@ -25,7 +25,7 @@ export interface SessionInfo {
 export type DaemonEvent =
  | { type: "auth_result"; ok: boolean }
  | { type: "session_created"; session_id: string; pid: number }
-  /** data is base64-encoded bytes from the PTY. */
+  /** data is base64-encoded raw bytes from the PTY daemon. Decoded to Uint8Array by the consumer. */
  | { type: "session_output"; session_id: string; data: string }
  | { type: "session_closed"; session_id: string; exit_code: number | null }
  | { type: "session_list"; sessions: SessionInfo[] }
@ -60,6 +60,9 @@ export class PtyClient extends EventEmitter {
  /** Connect to daemon and authenticate. Fix #10: 5-second timeout. */
  async connect(): Promise<void> {
    // Fix #10 (Codex audit): Clear stale buffer from any previous connection
    this.buffer = "";
    return new Promise((resolve, reject) => {
      let token: string;
      try {
@ -157,14 +160,24 @@ export class PtyClient extends EventEmitter {
    });
  }
-  /** Write input to a session's PTY. data is encoded as base64 for transport. */
+  /**
   * Write input to a session's PTY. data is encoded as base64 for transport.
   * Fix #11 (Codex audit): Uses chunked approach instead of String.fromCharCode(...spread)
   * which can throw RangeError on large pastes (>~65K bytes).
   */
  writeInput(sessionId: string, data: string | Uint8Array): void {
    const bytes =
      typeof data === "string"
        ? new TextEncoder().encode(data)
        : data;
    // Daemon expects base64 string per protocol.rs WriteInput { data: String }
-    const b64 = btoa(String.fromCharCode(...bytes));
+    const CHUNK_SIZE = 8192;
    let binary = "";
    for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {
      const chunk = bytes.subarray(i, Math.min(i + CHUNK_SIZE, bytes.length));
      binary += String.fromCharCode(...chunk);
    }
    const b64 = btoa(binary);
    this.send({ type: "write_input", session_id: sessionId, data: b64 });
  }
--- a/ui-electrobun/src/bun/relay-client.ts
+++ b/ui-electrobun/src/bun/relay-client.ts
@ -63,8 +63,12 @@ export class RelayClient {
    this.statusListeners.push(cb);
  }
-  /** Connect to an agor-relay instance. Returns a machine ID. */
+  /**
-  async connect(url: string, token: string, label?: string): Promise<string> {
+   * Connect to an agor-relay instance.
   * Fix #4 (Codex audit): Returns { ok, machineId, error } instead of always
   * returning machineId even on failure.
   */
  async connect(url: string, token: string, label?: string): Promise<{ ok: boolean; machineId?: string; error?: string }> {
    const machineId = randomUUID();
    const machine: MachineConnection = {
      machineId,
@ -84,14 +88,14 @@ export class RelayClient {
    try {
      await this.openWebSocket(machine);
      return { ok: true, machineId };
    } catch (err) {
      const msg = err instanceof Error ? err.message : String(err);
      machine.status = "error";
      this.emitStatus(machineId, "error", msg);
      this.scheduleReconnect(machine);
      return { ok: false, machineId, error: msg };
    }
    return machineId;
  }
  /** Disconnect from a relay and stop reconnection attempts. */
@ -299,16 +303,24 @@ export class RelayClient {
    machine.reconnectTimer = setTimeout(attempt, delay);
  }
-  /** TCP-only probe to check if the relay host is reachable. */
+  /**
-  private tcpProbe(url: string): Promise<boolean> {
+   * TCP-only probe to check if the relay host is reachable.
   * Fix #15 (Codex audit): Uses URL() to correctly parse IPv6, ports, etc.
   */
  private tcpProbe(wsUrl: string): Promise<boolean> {
    return new Promise((resolve) => {
-      const host = this.extractHost(url);
+      let hostname: string;
-      if (!host) { resolve(false); return; }
+      let port: number;
-
+      try {
-      const [hostname, portStr] = host.includes(":")
+        // Convert ws/wss to http/https so URL() can parse it
-        ? [host.split(":")[0], host.split(":")[1]]
+        const httpUrl = wsUrl.replace(/^ws(s)?:\/\//, "http$1://");
-        : [host, "9750"];
+        const parsed = new URL(httpUrl);
-      const port = parseInt(portStr, 10);
+        hostname = parsed.hostname; // strips IPv6 brackets automatically
        port = parsed.port ? parseInt(parsed.port, 10) : 9750;
      } catch {
        resolve(false);
        return;
      }
      const socket = new Socket();
      const timer = setTimeout(() => { socket.destroy(); resolve(false); }, 5_000);
@ -327,10 +339,6 @@ export class RelayClient {
    });
  }
  private extractHost(url: string): string | null {
    return url.replace("wss://", "").replace("ws://", "").split("/")[0] ?? null;
  }
  private emitStatus(machineId: string, status: ConnectionStatus, error?: string): void {
    for (const cb of this.statusListeners) {
      try {
--- a/ui-electrobun/src/bun/sidecar-manager.ts
+++ b/ui-electrobun/src/bun/sidecar-manager.ts
@ -134,6 +134,8 @@ function findNodeRuntime(): string {
 // ── Cleanup grace period ─────────────────────────────────────────────────────
 const CLEANUP_GRACE_MS = 60_000; // 60s after done/error before removing session
 // Fix #12 (Codex audit): Max NDJSON line size — prevent OOM on malformed output
 const MAX_LINE_SIZE = 10 * 1024 * 1024; // 10 MB
 // ── SidecarManager ───────────────────────────────────────────────────────────
@ -369,6 +371,13 @@ export class SidecarManager {
      for await (const chunk of reader) {
        buffer += decoder.decode(chunk, { stream: true });
        // Fix #12 (Codex audit): Guard against unbounded buffer growth
        if (buffer.length > MAX_LINE_SIZE && !buffer.includes("\n")) {
          console.error(`[sidecar] Buffer exceeded ${MAX_LINE_SIZE} bytes without newline for ${sessionId}, truncating`);
          buffer = "";
          continue;
        }
        let newlineIdx: number;
        while ((newlineIdx = buffer.indexOf("\n")) !== -1) {
          const line = buffer.slice(0, newlineIdx).trim();
@ -379,7 +388,7 @@ export class SidecarManager {
        }
      }
-      // Fix #12: Parse any residual data left in the buffer after stream ends
+      // Parse any residual data left in the buffer after stream ends
      const residual = buffer.trim();
      if (residual) {
        this.handleNdjsonLine(sessionId, session, residual);
--- a/ui-electrobun/src/mainview/TaskBoardTab.svelte
+++ b/ui-electrobun/src/mainview/TaskBoardTab.svelte
@ -46,6 +46,9 @@
  let draggedTaskId = $state<string | null>(null);
  let dragOverCol = $state<string | null>(null);
  // Fix #7 (Codex audit): Poll token to discard stale responses
  let pollToken = $state(0);
  // ── Derived ──────────────────────────────────────────────────────────
  let tasksByCol = $derived(
@ -58,8 +61,11 @@
  // ── Data fetching ────────────────────────────────────────────────────
  async function loadTasks() {
    // Fix #7 (Codex audit): Capture token before async call, discard if stale
    const tokenAtStart = ++pollToken;
    try {
      const res = await appRpc.request['bttask.listTasks']({ groupId });
      if (tokenAtStart < pollToken) return; // Stale response — discard
      tasks = res.tasks;
    } catch (err) {
      console.error('[TaskBoard] loadTasks:', err);
@ -98,6 +104,7 @@
    const task = tasks.find(t => t.id === taskId);
    if (!task || task.status === newStatus) return;
    pollToken++; // Fix #7: Invalidate in-flight polls
    try {
      const res = await appRpc.request['bttask.updateTaskStatus']({
        taskId,
--- a/ui-electrobun/src/mainview/agent-store.svelte.ts
+++ b/ui-electrobun/src/mainview/agent-store.svelte.ts
@ -259,6 +259,8 @@ function ensureListeners() {
      }
      persistMessages(session);
      scheduleCleanup(session.sessionId, session.projectId);
      // Fix #14 (Codex audit): Enforce max sessions per project on completion
      enforceMaxSessions(session.projectId);
    }
  });
--- a/ui-electrobun/src/mainview/health-store.svelte.ts
+++ b/ui-electrobun/src/mainview/health-store.svelte.ts
@ -36,7 +36,8 @@ interface ProjectTracker {
  projectId: string;
  lastActivityTs: number;
  lastToolName: string | null;
-  toolInFlight: boolean;
+  // Fix #8 (Codex audit): Counter instead of boolean for concurrent tools
  toolsInFlight: number;
  costSnapshots: Array<[number, number]>; // [timestamp, costUsd]
  totalTokens: number;
  totalCost: number;
@ -87,7 +88,7 @@ function computeHealth(tracker: ProjectTracker, now: number): ProjectHealth {
  if (tracker.status === 'inactive' || tracker.status === 'done' || tracker.status === 'error') {
    activityState = 'inactive';
-  } else if (tracker.toolInFlight) {
+  } else if (tracker.toolsInFlight > 0) {
    activityState = 'running';
    activeTool = tracker.lastToolName;
  } else {
@ -125,7 +126,7 @@ export function trackProject(projectId: string): void {
    projectId,
    lastActivityTs: Date.now(),
    lastToolName: null,
-    toolInFlight: false,
+    toolsInFlight: 0,
    costSnapshots: [],
    totalTokens: 0,
    totalCost: 0,
@ -142,7 +143,8 @@ export function recordActivity(projectId: string, toolName?: string): void {
  t.status = 'running';
  if (toolName !== undefined) {
    t.lastToolName = toolName;
-    t.toolInFlight = true;
+    // Fix #8 (Codex audit): Increment counter for concurrent tool tracking
    t.toolsInFlight++;
  }
  if (!tickInterval) startHealthTick();
 }
@ -152,7 +154,8 @@ export function recordToolDone(projectId: string): void {
  const t = trackers.get(projectId);
  if (!t) return;
  t.lastActivityTs = Date.now();
-  t.toolInFlight = false;
+  // Fix #8 (Codex audit): Decrement counter, floor at 0
  t.toolsInFlight = Math.max(0, t.toolsInFlight - 1);
 }
 /** Record a token/cost snapshot for burn rate calculation. */
@ -220,6 +223,16 @@ function startHealthTick(): void {
  }, TICK_INTERVAL_MS);
 }
 /** Untrack a project (e.g. when project is removed). Fix #14 (Codex audit). */
 export function untrackProject(projectId: string): void {
  trackers.delete(projectId);
  // Stop tick if no more tracked projects
  if (trackers.size === 0 && tickInterval) {
    clearInterval(tickInterval);
    tickInterval = null;
  }
 }
 /** Stop the health tick timer. */
 export function stopHealthTick(): void {
  if (tickInterval) {
--- a/ui-electrobun/src/mainview/settings/RemoteMachinesSettings.svelte
+++ b/ui-electrobun/src/mainview/settings/RemoteMachinesSettings.svelte
@ -84,10 +84,11 @@
    } catch { /* ignore */ }
  }
  // Fix #6 (Codex audit): Use remote.remove RPC that disconnects AND deletes
  async function handleRemove(machineId: string) {
    try {
-      await appRpc.request['remote.disconnect']({ machineId });
+      await appRpc.request['remote.remove']({ machineId });
-    } catch { /* may already be disconnected */ }
+    } catch { /* may already be disconnected/removed */ }
    removeMachine(machineId);
  }
@ -131,6 +132,9 @@
            <span class="status-text" style:color={statusColor(m.status)}>
              {statusLabel(m.status)}
            </span>
            {#if m.error}
              <span class="machine-error" title={m.error}>{m.error}</span>
            {/if}
          </div>
          <div class="machine-actions">
            {#if m.status === 'connected'}
@ -239,6 +243,7 @@
  }
  .status-text { font-size: 0.6875rem; font-weight: 500; }
  .machine-error { font-size: 0.625rem; color: var(--ctp-red); max-width: 10rem; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
  .machine-actions { display: flex; gap: 0.25rem; flex-shrink: 0; }
--- a/ui-electrobun/src/shared/pty-rpc-schema.ts
+++ b/ui-electrobun/src/shared/pty-rpc-schema.ts
@ -23,11 +23,16 @@ export type PtyRPCRequests = {
    };
    response: { ok: boolean; error?: string };
  };
-  /** Write raw input bytes (base64-encoded) to a PTY session. */
+  /**
   * Write input to a PTY session.
   * `data` is raw UTF-8 text from the user (xterm onData). The pty-client
   * layer encodes it to base64 before sending to the daemon; this RPC boundary
   * carries raw text which the Bun handler forwards to PtyClient.writeInput().
   */
  "pty.write": {
    params: {
      sessionId: string;
-      /** UTF-8 text typed by the user (xterm onData delivers this). */
+      /** Raw UTF-8 text typed by the user (xterm onData delivers this). Encoded to base64 by pty-client before daemon transport. */
      data: string;
    };
    response: { ok: boolean };
@ -549,11 +554,16 @@ export type PtyRPCRequests = {
    params: { url: string; token: string; label?: string };
    response: { ok: boolean; machineId?: string; error?: string };
  };
-  /** Disconnect from a relay instance. */
+  /** Disconnect from a relay instance (keeps machine in list for reconnect). */
  "remote.disconnect": {
    params: { machineId: string };
    response: { ok: boolean; error?: string };
  };
  /** Remove a machine entirely — disconnects AND deletes from tracking. */
  "remote.remove": {
    params: { machineId: string };
    response: { ok: boolean; error?: string };
  };
  /** List all known remote machines with connection status. */
  "remote.list": {
    params: Record<string, never>;