fix: critical bug fixes, snap sandbox support, and resource monitoring

[chadru]

Summary

8 commits rebased cleanly onto v10.0.7 (post PR #792 HTTP Chroma migration).

• 7 critical bug fixes: stuck messages, race conditions, path handling, process leaks, hook timeouts, CORS, search wildcards, migration idempotency
• Bun snap sandbox support: resolves node/claude/uvx paths when running under snap confinement (common on Ubuntu/WSL) — fixes MCP, SDK agent, and Chroma vector search
• ResourceMonitor: lightweight memory/token leak detection agent (30s sampling, ring buffer, anomaly alerts)
• MCP non-blocking init: core worker initializes immediately instead of waiting up to 5 minutes for MCP connection
• Greptile review fixes: PATH dedup uses exact segment matching (split(':') instead of substring), MCP timeout promise cleanup on success/failure

Fixes addressed

• Process leaks: ensureProcessExit() on idle timeout and natural completion
• Hook timeouts: fetchWithTimeout across all 6 hook handlers (context, file-edit, observation, user-message, session-complete, session-init)
• CORS: regex-based origin matching for localhost variants
• Search: wildcard * queries routed to SQLite instead of Chroma
• Migration: idempotent Migration004 with table existence check
• isProjectRoot: git subdirectory detection via git rev-parse --show-toplevel
• CLAUDECODE env var stripped from SDK subprocess to prevent nested session rejection
• Snap PATH: derives nvm bin dir from CLAUDE_CODE_PATH, resolves real homedir for ~/.local/bin
• MCP timeout: clearTimeout() in both success and failure paths to prevent timer leak

Test plan

• Build passes (npm run build)
• 907 tests pass, 32 fail (pre-existing — unrelated to this PR), 0 regressions
• Worker starts healthy on port 37777 with status: ok
• Rebased cleanly onto v10.0.7 (no conflicts with HTTP Chroma from PR feat: Replace MCP subprocess with persistent Chroma HTTP server #792)
• All 3 Greptile review comments addressed
• Tested on Ubuntu 24.04 WSL2 with Bun snap (v1.3.9) and nvm node v22.22.0

🤖 Generated with Claude Code

[greptile-apps]

Greptile Overview

Greptile Summary

This PR delivers 7 critical bug fixes, Bun snap sandbox support, and resource monitoring infrastructure. The changes address production stability issues: process leaks fixed by calling ensureProcessExit() after abort(), race conditions resolved with atomic transactions wrapping observation storage + message confirmation, stuck messages recovered via 60s periodic cleanup, hook timeouts prevented with fetchWithTimeout() wrapper, CORS improved with regex-based origin matching, wildcard search routed to SQLite, migration idempotency achieved with table existence checks, and git subdirectory detection fixed using git rev-parse. Snap sandbox support resolves PATH restrictions by deriving nvm bin directory from CLAUDE_CODE_PATH setting and augmenting PATH with ~/.local/bin. ResourceMonitor provides lightweight token/memory leak detection with 30s sampling, ring buffer history, and anomaly alerts. MCP initialization is now non-blocking (60s timeout) so core functionality initializes immediately instead of waiting up to 5 minutes. The changes are well-structured, defensive, and include proper error handling.

Confidence Score: 4/5

• This PR is safe to merge with minor considerations around testing edge cases
• Score reflects comprehensive bug fixes addressing critical production issues (process leaks, race conditions, stuck messages). All changes are defensive and include proper error handling. ResourceMonitor is observability-only (no side effects). The snap sandbox support is well-isolated. Main consideration is the scope of changes (26 files) requiring thorough integration testing.
• Pay close attention to src/services/worker-service.ts (MCP non-blocking init timing) and src/services/worker/agents/ResponseProcessor.ts (atomic transaction pattern)

Important Files Changed

Filename	Overview
src/services/infrastructure/ResourceMonitor.ts	New ResourceMonitor with memory/token leak detection. Well-structured with ring buffer, anomaly detection algorithms, and configurable thresholds.
src/shared/EnvManager.ts	Snap sandbox support added: resolves node/claude/uvx paths from CLAUDE_CODE_PATH setting, fixes Bun snap PATH restrictions, strips CLAUDECODE env var.
src/services/worker-service.ts	MCP non-blocking init (60s timeout), stuck message recovery interval, ResourceMonitor integration, PATH augmentation for snap support.
src/services/worker/SessionManager.ts	Process leak fix: onIdleTimeout now calls ensureProcessExit() after abort() to guarantee subprocess termination (Issues #1010, #1068, #1089, #1090).
src/services/worker/agents/ResponseProcessor.ts	Critical race condition fix: atomic transaction wraps storeObservations + confirmProcessed to prevent duplicate observations on crash (Issues #1036, #1091).
src/cli/handlers/session-init.ts	Hook timeout fix: replaced fetch with fetchWithTimeout (15s) to prevent indefinite hangs.
src/services/sqlite/migrations/runner.ts	Migration idempotency fix: checks table existence and uses INSERT OR IGNORE to handle interrupted migrations (Issue #979).
src/services/worker/http/middleware.ts	CORS regex fix: proper localhost/127.0.0.1/[::1] matching with optional port numbers (Issue #1029).
src/services/worker/search/SearchOrchestrator.ts	Wildcard search fix: treats '*' as filter-only query, routes to SQLite instead of Chroma (Issue #714).
src/utils/claude-md-utils.ts	Git subdirectory detection fix: uses 'git rev-parse --show-toplevel' instead of just checking for .git directory (Issue #793).

Flowchart

flowchart TD
    A[Hook Handlers] -->|fetchWithTimeout 10-15s| B[Worker Service API]
    B -->|Queue Message| C[PendingMessageStore]
    C -->|MAX_QUEUE_DEPTH=100| D{Queue Full?}
    D -->|Yes| E[Drop Oldest Pending]
    D -->|No| F[Enqueue Message]
    
    G[SessionManager] -->|Claim & Process| C
    G -->|Spawns| H[Claude SDK Agent]
    H -->|Generates| I[Observations]
    
    I -->|Atomic Transaction| J[ResponseProcessor]
    J -->|1. Store Observations| K[SQLite DB]
    J -->|2. Confirm Messages| C
    
    L[Idle Timeout] -->|abort + ensureProcessExit| H
    M[Stuck Message Recovery] -->|Every 60s| C
    M -->|Reset processing > 5min| N[Back to Pending]
    
    O[ResourceMonitor] -->|30s Sampling| P[Memory + Tokens]
    P -->|Detect Anomalies| Q[Alerts]
    
    R[Snap Sandbox] -->|resolveRuntimeBinDir| S[CLAUDE_CODE_PATH]
    S -->|Augment PATH| T[node/claude/uvx]
    
    U[MCP Init] -->|Non-blocking 60s| V{Success?}
    V -->|Yes| W[Vector Search Available]
    V -->|No| X[Core Still Works]

Loading

_{Last reviewed commit: e5eeb5b}

[thedotmack]

@chadru have you ever seen a greptile chart THIS clean??? This is a REALLY great job, running it to see how it goes! :)

[chadru]

Thank you, working on merging it with the new release. It looks like it dropped while I was working on it.

[greptile-apps]

_{26 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

timeout promise never cleaned up if connection succeeds

Suggested change

	Promise.race([mcpConnectionPromise, timeoutPromise])
	.then(() => {
	this.mcpReady = true;
	logger.success('WORKER', 'Connected to MCP server');
	})
	.catch((error) => {
	logger.warn('WORKER', 'MCP connection failed (vector search unavailable)', {
	error: error instanceof Error ? error.message : String(error)
	});
	});
	const timeoutId = setTimeout(() => reject(new Error('MCP connection timeout after 60s')), MCP_INIT_TIMEOUT_MS);
	const timeoutPromise = new Promise<never>((_, reject) => timeoutId);
	Promise.race([mcpConnectionPromise, timeoutPromise])
	.then(() => {
	clearTimeout(timeoutId);
	this.mcpReady = true;
	logger.success('WORKER', 'Connected to MCP server');
	})
	.catch((error) => {
	clearTimeout(timeoutId);
	logger.warn('WORKER', 'MCP connection failed (vector search unavailable)', {
	error: error instanceof Error ? error.message : String(error)
	});
	});

[chadru]

Fixed in b9d2f89 — added clearTimeout(timeoutId) in both .then() and .catch() paths.

[greptile-apps]

substring match may cause false positives (e.g., /usr/local/bin contains /usr/bin)

Suggested change

	const missing = extraDirs.filter(d => !currentPath.includes(d));
	const missing = extraDirs.filter(d => !currentPath.split(':').includes(d));

[chadru]

Fixed in b9d2f89 — now using currentPath.split(':').includes(d) for exact segment matching.

[greptile-apps]

substring match may cause false positives (e.g., /usr/local/bin contains /usr/bin)

Suggested change

	const missingDirs = extraDirs.filter(d => !currentPath.includes(d));
	const missingDirs = extraDirs.filter(d => !currentPath.split(':').includes(d));

[chadru]

Fixed in b9d2f89 — same split(':') fix applied here.

[thedotmack]

This omnibus PR contains excellent fixes (fetchWithTimeout, atomic store+confirm, subprocess exit verification, migration idempotency, and more). It now has conflicts due to recently merged PRs (#995, #1022, #1031, #1112) touching overlapping files. Could you rebase onto main? The code quality is high and this is next in line for merge after rebase.

[Chriscross475]

This PR addresses critical bug fixes but has blockers:

1. No CI checks running - Need GitHub Actions to verify build
2. 32 test failures reported - Even if pre-existing, they need to be addressed or documented separately from this PR
3. Large scope (1053 additions) - Multiple concerns mixed: bug fixes, snap support, resource monitoring, MCP changes

Recommendations:

• Split into smaller, focused PRs (one for bug fixes, one for snap support, one for ResourceMonitor)
• Fix the 32 test failures or confirm they're unrelated
• Get CI passing before requesting review

Once CI is green and tests pass, I'll review the implementation.

[thedotmack]

Note: The Process Supervisor (PR #1370, v10.5.6) now covers several of the concerns in this PR (sandbox support, resource monitoring foundations, PID management). Please rebase and check what's still needed vs what's now redundant.