Summary
SessionManager handles session CRUD, tmux window lifecycle, permission guard, hook settings, JSONL discovery (two algorithms), permission resolution, question answering, transcript reading, health checks, state persistence, latency metrics, subagent tracking, and session map cleanup.
Details
- File:
src/session.ts (1341 lines)
- Severity: High
- No schema validation on
state.json load — corrupted JSON silently resets all sessions
- No cleanup on tmux
createWindow failure — permission guard + hook settings left orphaned on disk
reconcile() window liveness uses OR (windowId || windowName) — too permissive for tmux ID reusesave() called on every API read (excessive disk I/O for read-heavy patterns)- Race condition: concurrent
createSession and killSession can resurrect deleted sessions
session_map.json read/written by 3 methods with no write coordination (no queue)activeSubagents uses array with O(n) operations — should be Set- Discovery timeout handles leak (not cleared on session kill)
- Case sensitivity inconsistency between
reconcile() and purgeStaleSessionMapEntries()
readMessages and readMessagesForMonitor silently swallow JSONL read errors
Suggested Fix
Extract into focused classes:
SessionDiscovery (~190 lines) — session_map.json + filesystem scanningPermissionGateway (~155 lines) — pending permission/question resolutionStateStore (~60 lines) — persistence with write queue- Add schema validation on state.json load (Zod or manual checks)
- Wrap
createWindow in try/catch with cleanup on failure
- Use AND for window liveness check
- Debounce
save() for offset-only changes
Summary
SessionManagerhandles session CRUD, tmux window lifecycle, permission guard, hook settings, JSONL discovery (two algorithms), permission resolution, question answering, transcript reading, health checks, state persistence, latency metrics, subagent tracking, and session map cleanup.Details
src/session.ts(1341 lines)state.jsonload — corrupted JSON silently resets all sessionscreateWindowfailure — permission guard + hook settings left orphaned on diskreconcile()window liveness uses OR (windowId || windowName) — too permissive for tmux ID reusesave()called on every API read (excessive disk I/O for read-heavy patterns)createSessionandkillSessioncan resurrect deleted sessionssession_map.jsonread/written by 3 methods with no write coordination (no queue)activeSubagentsuses array with O(n) operations — should be Setreconcile()andpurgeStaleSessionMapEntries()readMessagesandreadMessagesForMonitorsilently swallow JSONL read errorsSuggested Fix
Extract into focused classes:
SessionDiscovery(~190 lines) — session_map.json + filesystem scanningPermissionGateway(~155 lines) — pending permission/question resolutionStateStore(~60 lines) — persistence with write queuecreateWindowin try/catch with cleanup on failuresave()for offset-only changes