fix(hooks): use shared renameWithRetry in writeWarnState (ecc-context-monitor)

Mirror the previous commit's Windows-EPERM retry on the companion `writeWarnState` in `scripts/hooks/ecc-context-monitor.js`. Same race: two PostToolUse subprocesses writing concurrent debounce state racing on `MoveFileExW`, target-in-use throwing EPERM on Windows even though each writer's tmp path is now unique. Implementation: import `renameWithRetry` from `scripts/lib/session-bridge.js` (exported in the previous commit) instead of duplicating the helper. The retry policy, backoff schedule, and main-thread `Atomics.wait` strategy stay identical to `writeBridgeAtomic`. Three writers in the repo now share the same atomic-write contract: - `writeBridgeAtomic` (scripts/lib/session-bridge.js) — round 1 + this round's retry - `writeWarnState` (this file) — round 1 + this round's retry via shared helper - `writeCostWarningIfChanged` (scripts/hooks/ecc-metrics-bridge.js) — out of scope for this PR (already uses unique tmp suffix; a future consolidation could move it to the shared helper too). Local: `yarn test` green, `yarn lint` clean. The companion test suite for `ecc-context-monitor.js` does not currently exercise concurrent `writeWarnState` writes, but the helper it now uses is covered by the `tests/lib/session-bridge.test.js` concurrent-write regression added in round 1's last commit.
fix(lib): retry rename on Windows EPERM/EACCES/EBUSY in writeBridgeAtomic
2026-06-15 20:51:22 +08:00 · 2026-05-19 11:01:28 +09:00 · 2026-05-19 11:01:10 +09:00 · 2026-05-19 09:44:53 +09:00 · 2026-05-19 09:31:35 +09:00 · 2026-05-19 09:30:07 +09:00
3 changed files with 41 additions and 135 deletions
@@ -4,9 +4,9 @@

 ![Everything Claude Code — the performance system for AI agent harnesses](assets/hero.png)

-[![Stars](https://img.shields.io/github/stars/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/stargazers)
-[![Forks](https://img.shields.io/github/forks/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/network/members)
-[![Contributors](https://img.shields.io/github/contributors/affaan-m/ECC?style=flat)](https://github.com/affaan-m/ECC/graphs/contributors)
+[![Stars](https://img.shields.io/github/stars/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/stargazers)
+[![Forks](https://img.shields.io/github/forks/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/network/members)
+[![Contributors](https://img.shields.io/github/contributors/affaan-m/everything-claude-code?style=flat)](https://github.com/affaan-m/everything-claude-code/graphs/contributors)
 [![npm ecc-universal](https://img.shields.io/npm/dw/ecc-universal?label=ecc-universal%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-universal)
 [![npm ecc-agentshield](https://img.shields.io/npm/dw/ecc-agentshield?label=ecc-agentshield%20weekly%20downloads&logo=npm)](https://www.npmjs.com/package/ecc-agentshield)
 [![GitHub App Install](https://img.shields.io/badge/GitHub%20App-150%20installs-2ea44f?logo=github)](https://github.com/marketplace/ecc-tools)
@@ -59,7 +59,7 @@ ECC v2.0.0-rc.1 adds the public Hermes operator story on top of that reusable la
  </a>
 </td>
 <td width="25%" align="center">
-  <a href="https://github.com/affaan-m/ECC/discussions">
+  <a href="https://github.com/affaan-m/everything-claude-code/discussions">
    <strong>Community</strong>
    <br />
    <sub>Discussions · Q&amp;A · Show & Tell</sub>
@@ -172,7 +172,7 @@ This repo is the raw code only. The guides explain everything.

 ### v1.4.1 — Bug Fix (Feb 2026)

- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/ECC/issues/148), [#161](https://github.com/affaan-m/ECC/pull/161))
+- **Fixed instinct import content loss** — `parse_instinct_file()` was silently dropping all content after frontmatter (Action, Evidence, Examples sections) during `/instinct-import`. ([#148](https://github.com/affaan-m/everything-claude-code/issues/148), [#161](https://github.com/affaan-m/everything-claude-code/pull/161))

 ### v1.4.0 — Multi-Language Rules, Installation Wizard & PM2 (Feb 2026)

@@ -196,7 +196,7 @@ This repo is the raw code only. The guides explain everything.
 - **Session management** — `/sessions` command for session history
 - **Continuous learning v2** — Instinct-based learning with confidence scoring, import/export, evolution

-See the full changelog in [Releases](https://github.com/affaan-m/ECC/releases).
+See the full changelog in [Releases](https://github.com/affaan-m/everything-claude-code/releases).

 ---

@@ -265,7 +265,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear

 ```bash
 # Add marketplace
-/plugin marketplace add https://github.com/affaan-m/ECC
+/plugin marketplace add https://github.com/affaan-m/everything-claude-code

 # Install plugin
 /plugin install ecc@ecc
@@ -275,7 +275,7 @@ npx ecc install --profile minimal --target claude --with capability:machine-lear

 ECC now has three public identifiers, and they are not interchangeable:

- GitHub source repo: `affaan-m/ECC`
+- GitHub source repo: `affaan-m/everything-claude-code`
 - Claude marketplace/plugin identifier: `ecc@ecc`
 - npm package: `ecc-universal`

@@ -295,8 +295,8 @@ This is intentional. Anthropic marketplace/plugin installs are keyed by a canoni

 ```bash
 # Clone the repo first
-git clone https://github.com/affaan-m/ECC.git
-cd ECC
+git clone https://github.com/affaan-m/everything-claude-code.git
+cd everything-claude-code

 # Install dependencies (pick your package manager)
 npm install        # or: pnpm install | yarn install | bun install
@@ -494,7 +494,7 @@ Windows PowerShell:
 This repo is a **Claude Code plugin** - install it directly or copy components manually.

 ```
-ECC/
+everything-claude-code/
 |-- .claude-plugin/   # Plugin and marketplace manifests
 |   |-- plugin.json         # Plugin metadata and component paths
 |   |-- marketplace.json    # Marketplace catalog for /plugin marketplace add
@@ -812,7 +812,7 @@ Claude Code v2.1+ **automatically loads** `hooks/hooks.json` from any installed
 Duplicate hooks file detected: ./hooks/hooks.json resolves to already-loaded file
 ```

-**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.
+**History:** This has caused repeated fix/revert cycles in this repo ([#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103)). The behavior changed between Claude Code versions, leading to confusion. We now have a regression test to prevent this from being reintroduced.

 ---

@@ -824,7 +824,7 @@ The easiest way to use this repo - install as a Claude Code plugin:

 ```bash
 # Add this repo as a marketplace
-/plugin marketplace add https://github.com/affaan-m/ECC
+/plugin marketplace add https://github.com/affaan-m/everything-claude-code

 # Install the plugin
 /plugin install ecc@ecc
@@ -838,7 +838,7 @@ Or add directly to your `~/.claude/settings.json`:
    "ecc": {
      "source": {
        "source": "github",
-        "repo": "affaan-m/ECC"
+        "repo": "affaan-m/everything-claude-code"
      }
    }
  },
@@ -854,21 +854,20 @@ This gives you instant access to all commands, agents, skills, and hooks.
 >
 > ```bash
 > # Clone the repo first
-> git clone https://github.com/affaan-m/ECC.git
-> cd ECC
+> git clone https://github.com/affaan-m/everything-claude-code.git
 >
 > # Option A: User-level rules (applies to all projects)
 > mkdir -p ~/.claude/rules/ecc
-> cp -r rules/common ~/.claude/rules/ecc/
-> cp -r rules/typescript ~/.claude/rules/ecc/   # pick your stack
-> cp -r rules/python ~/.claude/rules/ecc/
-> cp -r rules/golang ~/.claude/rules/ecc/
-> cp -r rules/php ~/.claude/rules/ecc/
+> cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
+> cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/   # pick your stack
+> cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
+> cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
+> cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
 >
 > # Option B: Project-level rules (applies to current project only)
 > mkdir -p .claude/rules/ecc
-> cp -r rules/common .claude/rules/ecc/
-> cp -r rules/typescript .claude/rules/ecc/     # pick your stack
+> cp -r everything-claude-code/rules/common .claude/rules/ecc/
+> cp -r everything-claude-code/rules/typescript .claude/rules/ecc/     # pick your stack
 > ```

 ---
@@ -879,35 +878,34 @@ If you prefer manual control over what's installed:

 ```bash
 # Clone the repo
-git clone https://github.com/affaan-m/ECC.git
-cd ECC
+git clone https://github.com/affaan-m/everything-claude-code.git

 # Copy agents to your Claude config
-cp agents/*.md ~/.claude/agents/
+cp everything-claude-code/agents/*.md ~/.claude/agents/

 # Copy rules directories (common + language-specific)
 mkdir -p ~/.claude/rules/ecc
-cp -r rules/common ~/.claude/rules/ecc/
-cp -r rules/typescript ~/.claude/rules/ecc/   # pick your stack
-cp -r rules/python ~/.claude/rules/ecc/
-cp -r rules/golang ~/.claude/rules/ecc/
-cp -r rules/php ~/.claude/rules/ecc/
-cp -r rules/arkts ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/typescript ~/.claude/rules/ecc/   # pick your stack
+cp -r everything-claude-code/rules/python ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/golang ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/php ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/arkts ~/.claude/rules/ecc/

 # Copy skills first (primary workflow surface)
 # Recommended (new users): core/general skills only
 mkdir -p ~/.claude/skills/ecc
-cp -r .agents/skills/* ~/.claude/skills/ecc/
-cp -r skills/search-first ~/.claude/skills/ecc/
+cp -r everything-claude-code/.agents/skills/* ~/.claude/skills/ecc/
+cp -r everything-claude-code/skills/search-first ~/.claude/skills/ecc/

 # Optional: add niche/framework-specific skills only when needed
 # for s in django-patterns django-tdd laravel-patterns springboot-patterns quarkus-patterns; do
-# cp -r skills/$s ~/.claude/skills/ecc/
+# cp -r everything-claude-code/skills/$s ~/.claude/skills/ecc/
 # done

 # Optional: keep maintained slash-command compatibility during migration
 mkdir -p ~/.claude/commands
-cp commands/*.md ~/.claude/commands/
+cp everything-claude-code/commands/*.md ~/.claude/commands/

 # Retired shims live in legacy-command-shims/commands/.
 # Copy individual files from there only if you still need old names such as /tdd.
@@ -1085,7 +1083,7 @@ This shows all available agents, commands, and skills from the plugin.
 <details>
 <summary><b>My hooks aren't working / I see "Duplicate hooks file" errors</b></summary>

-This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/ECC/issues/29), [#52](https://github.com/affaan-m/ECC/issues/52), [#103](https://github.com/affaan-m/ECC/issues/103).
+This is the most common issue. **Do NOT add a `"hooks"` field to `.claude-plugin/plugin.json`.** Claude Code v2.1+ automatically loads `hooks/hooks.json` from installed plugins. Explicitly declaring it causes duplicate detection errors. See [#29](https://github.com/affaan-m/everything-claude-code/issues/29), [#52](https://github.com/affaan-m/everything-claude-code/issues/52), [#103](https://github.com/affaan-m/everything-claude-code/issues/103).
 </details>

 <details>
@@ -1130,11 +1128,11 @@ Yes. Use Option 2 (manual installation) and copy only what you need:

 ```bash
 # Just agents
-cp agents/*.md ~/.claude/agents/
+cp everything-claude-code/agents/*.md ~/.claude/agents/

 # Just rules
 mkdir -p ~/.claude/rules/ecc/
-cp -r rules/common ~/.claude/rules/ecc/
+cp -r everything-claude-code/rules/common ~/.claude/rules/ecc/
 ```

 Each component is fully independent.
@@ -1147,7 +1145,7 @@ Yes. ECC is cross-platform:
 - **Cursor**: Pre-translated configs in `.cursor/`. See [Cursor IDE Support](#cursor-ide-support).
 - **Gemini CLI**: Experimental project-local support via `.gemini/GEMINI.md` and shared installer plumbing.
 - **OpenCode**: Full plugin support in `.opencode/`. See [OpenCode Support](#opencode-support).
- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/ECC/pull/257).
+- **Codex**: First-class support for both macOS app and CLI, with adapter drift guards and SessionStart fallback. See PR [#257](https://github.com/affaan-m/everything-claude-code/pull/257).
 - **GitHub Copilot (VS Code)**: Instruction and prompt layer via `.github/copilot-instructions.md`, `.vscode/settings.json`, and `.github/prompts/`. See [GitHub Copilot Support](#github-copilot-support).
 - **Antigravity**: Tightly integrated setup for workflows, skills, and flattened rules in `.agent/`. See [Antigravity Guide](docs/ANTIGRAVITY-GUIDE.md).
 - **JoyCode / CodeBuddy**: Project-local selective install adapters for commands, agents, skills, and flattened rules. See [JoyCode Adapter Guide](docs/JOYCODE-GUIDE.md).
@@ -1490,7 +1488,7 @@ OpenCode's plugin system is MORE sophisticated than Claude Code with 20+ event t

 **Option 1: Use directly**
 ```bash
-cd ECC
+cd everything-claude-code
 opencode
 ```

@@ -1740,7 +1738,7 @@ This project is free and open source. Sponsors help keep it maintained and growi

 ## Star History

-[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/ECC&type=Date)](https://star-history.com/#affaan-m/ECC&Date)
+[![Star History Chart](https://api.star-history.com/svg?repos=affaan-m/everything-claude-code&type=Date)](https://star-history.com/#affaan-m/everything-claude-code&Date)

 ---

@@ -114,31 +114,7 @@ function isDangerousInvisibleCodePoint(codePoint) {
    (codePoint >= 0x202A && codePoint <= 0x202E) ||
    (codePoint >= 0x2066 && codePoint <= 0x2069) ||
    (codePoint >= 0xFE00 && codePoint <= 0xFE0F) ||
-    (codePoint >= 0xE0100 && codePoint <= 0xE01EF) ||
-    // Unicode Tag block (U+E0000–U+E007F). Tag characters were proposed
-    // for language tagging in Unicode 3.1 and have been deprecated since
-    // Unicode 5.1, so no legitimate text uses them. They are the canonical
-    // vector for "ASCII smuggling" / "Tag smuggling" prompt injection:
-    // an attacker hides instructions inside ASCII-looking strings (PR
-    // bodies, SKILL.md, frontmatter), the LLM consumes the tag bytes,
-    // and the human reviewer sees nothing.
-    (codePoint >= 0xE0000 && codePoint <= 0xE007F) ||
-    // U+180E MONGOLIAN VOWEL SEPARATOR — formerly classified as a space
-    // separator, reclassified as a format control in Unicode 6.3; renders
-    // as zero-width and routinely abused for homograph / smuggling.
-    codePoint === 0x180E ||
-    // U+115F / U+1160 HANGUL CHOSEONG/JUNGSEONG FILLER — zero-width fillers
-    // used in Korean text shaping; abused as invisible characters.
-    codePoint === 0x115F ||
-    codePoint === 0x1160 ||
-    // U+2061–U+2064 invisible math operators (FUNCTION APPLICATION,
-    // INVISIBLE TIMES, INVISIBLE SEPARATOR, INVISIBLE PLUS). Zero-width
-    // and not used outside math typesetting; legitimate Markdown / source
-    // does not contain them.
-    (codePoint >= 0x2061 && codePoint <= 0x2064) ||
-    // U+3164 HANGUL FILLER — zero-width filler reportedly used in Discord
-    // / Twitter smuggling attacks; not used in legitimate Korean text.
-    codePoint === 0x3164
+    (codePoint >= 0xE0100 && codePoint <= 0xE01EF)
  );
 }

@@ -109,74 +109,6 @@ if (
  passed++;
 else failed++;

-// Invisible code points newly covered by the denylist. These were missing
-// from the previous denylist and silently passed through both detection and
-// `--write` mode. Each is a documented LLM-prompt-injection vector
-// (Tag block "ASCII smuggling"; the other invisibles are widely cited in
-// homograph / Discord / Twitter smuggling references).
-
-const NEWLY_COVERED_RANGES = [
-  { codePoint: 0xE0041, label: 'Tag block U+E0041 (TAG LATIN CAPITAL LETTER A)' },
-  { codePoint: 0xE007F, label: 'Tag block U+E007F (CANCEL TAG, range end)' },
-  { codePoint: 0x180E, label: 'U+180E MONGOLIAN VOWEL SEPARATOR' },
-  { codePoint: 0x115F, label: 'U+115F HANGUL CHOSEONG FILLER' },
-  { codePoint: 0x1160, label: 'U+1160 HANGUL JUNGSEONG FILLER' },
-  { codePoint: 0x2061, label: 'U+2061 FUNCTION APPLICATION' },
-  { codePoint: 0x2064, label: 'U+2064 INVISIBLE PLUS (range end)' },
-  { codePoint: 0x3164, label: 'U+3164 HANGUL FILLER' },
-];
-
-for (const { codePoint, label } of NEWLY_COVERED_RANGES) {
-  if (
-    test(`detects ${label}`, () => {
-      const root = makeTempRoot('ecc-unicode-newly-covered-');
-      fs.mkdirSync(path.join(root, 'docs'), { recursive: true });
-      const hex = codePoint.toString(16).toUpperCase().padStart(4, '0');
-      fs.writeFileSync(
-        path.join(root, 'docs', `probe-${hex}.md`),
-        `# Probe\n\nBenign${String.fromCodePoint(codePoint)}text\n`
-      );
-      const result = runCheck(root);
-      assert.notStrictEqual(result.status, 0,
-        `expected exit non-zero on U+${hex}, got ${result.status}: ${result.stderr}`);
-      assert.match(result.stderr, new RegExp(`dangerous-invisible U\\+${hex}`),
-        `expected violation message for U+${hex}, got: ${result.stderr}`);
-    })
-  )
-    passed++;
-  else failed++;
-}
-
-if (
-  test('write mode strips newly-covered invisibles from markdown', () => {
-    const root = makeTempRoot('ecc-unicode-newly-covered-write-');
-    fs.mkdirSync(path.join(root, 'docs'), { recursive: true });
-    const tagHidden = [...Array(5)].map((_, i) => String.fromCodePoint(0xE0041 + i)).join('');
-    const mongolianHidden = String.fromCodePoint(0x180E);
-    const filePath = path.join(root, 'docs', 'mixed.md');
-    fs.writeFileSync(filePath, `# Title\n\nBenign${tagHidden}${mongolianHidden}text.\n`);
-
-    const writeResult = runCheck(root, ['--write']);
-    assert.strictEqual(writeResult.status, 0,
-      `expected --write to succeed, got ${writeResult.status}: ${writeResult.stderr}`);
-
-    const sanitized = fs.readFileSync(filePath, 'utf8');
-    assert.doesNotMatch(sanitized, /[\u{E0000}-\u{E007F}]/u,
-      'expected tag block characters stripped');
-    assert.doesNotMatch(sanitized, /\u{180E}/u,
-      'expected U+180E stripped');
-    assert.strictEqual(sanitized, '# Title\n\nBenigntext.\n',
-      'expected only the invisible characters removed, surrounding text preserved');
-
-    // Re-run without --write; should now pass cleanly.
-    const clean = runCheck(root);
-    assert.strictEqual(clean.status, 0,
-      `expected post-sanitize re-run to pass, got: ${clean.stderr}`);
-  })
-)
-  passed++;
-else failed++;
-
 if (
  test('skips Python virtual environments', () => {
    const root = makeTempRoot('ecc-unicode-venv-');
Author	SHA1	Message	Date
Jamkris	1f6fc9c27d	fix(hooks): use shared renameWithRetry in writeWarnState (ecc-context-monitor) Mirror the previous commit's Windows-EPERM retry on the companion `writeWarnState` in `scripts/hooks/ecc-context-monitor.js`. Same race: two PostToolUse subprocesses writing concurrent debounce state racing on `MoveFileExW`, target-in-use throwing EPERM on Windows even though each writer's tmp path is now unique. Implementation: import `renameWithRetry` from `scripts/lib/session-bridge.js` (exported in the previous commit) instead of duplicating the helper. The retry policy, backoff schedule, and main-thread `Atomics.wait` strategy stay identical to `writeBridgeAtomic`. Three writers in the repo now share the same atomic-write contract: - `writeBridgeAtomic` (scripts/lib/session-bridge.js) — round 1 + this round's retry - `writeWarnState` (this file) — round 1 + this round's retry via shared helper - `writeCostWarningIfChanged` (scripts/hooks/ecc-metrics-bridge.js) — out of scope for this PR (already uses unique tmp suffix; a future consolidation could move it to the shared helper too). Local: `yarn test` green, `yarn lint` clean. The companion test suite for `ecc-context-monitor.js` does not currently exercise concurrent `writeWarnState` writes, but the helper it now uses is covered by the `tests/lib/session-bridge.test.js` concurrent-write regression added in round 1's last commit.	2026-05-19 11:01:28 +09:00
Jamkris	bcbd2acee2	fix(lib): retry rename on Windows EPERM/EACCES/EBUSY in writeBridgeAtomic PR #1983 round 1 introduced unique-suffix tmp paths so two concurrent writers no longer share a single `.tmp` file. That fix is correct under POSIX semantics — `rename(2)` is atomic between source and destination, so each writer renames onto the same target without conflict. Windows `MoveFileExW` is not the same. It fails with EPERM / EACCES / EBUSY when the target is currently being renamed by another process — a short race window that fires reliably under this hook's PostToolUse + statusline concurrency. Round 1's CI run made this visible: Test (windows-latest, Node 18.x, npm) — FAILURE Error: EPERM: operation not permitted, rename 'C:\…\ecc-metrics-test-bridge-race-….json.9504.4aef575a.tmp' -> 'C:\…\ecc-metrics-test-bridge-race-….json' at writeBridgeAtomic (scripts/lib/session-bridge.js:79:8) All nine Windows matrix cells (Node 18 / 20 / 22 × npm / pnpm / yarn) hit the same path. POSIX matrices (Linux + macOS) passed unchanged. Fix: extract a `renameWithRetry(tmp, target)` helper that retries `fs.renameSync` up to 5 times on EPERM / EACCES / EBUSY with exponential backoff (20 ms → 320 ms total). Other error codes (ENOENT, ENOSPC, EROFS, …) re-throw on the first attempt — they are not transient. POSIX runs hit the first try and exit immediately. The backoff uses `Atomics.wait` on a throwaway `SharedArrayBuffer` so the retry path does not busy-spin the CPU; verified on Node ≥ 17 that this works on the main thread. There is a `try/catch` fallback to a brief busy-wait for older runtimes where `Atomics.wait` is restricted to workers. `writeBridgeAtomic` calls the helper instead of `fs.renameSync` and keeps its existing best-effort tmp cleanup on terminal failure. `renameWithRetry` is added to `module.exports` so the companion `writeWarnState` in `scripts/hooks/ecc-context-monitor.js` can adopt the same retry policy without duplicating the helper. That adoption lands in the next commit. Local: `node tests/lib/session-bridge.test.js` 14/14, `yarn test` green, `yarn lint` clean. The round-1 test (two concurrent child writers, 200 iterations each) now passes on macOS without retrying at all (POSIX path) and is expected to pass on Windows via the new retry loop.	2026-05-19 11:01:10 +09:00
Jamkris	8149beac02	test(lib): make concurrent-write test actually concurrent + use regex matcher for assert.throws Two round-1 review findings in `tests/lib/session-bridge.test.js`, both about test correctness rather than the underlying fix: 1. greptile P1 + coderabbitai Major + cubic P2 (all three): concurrent-write test ran sequentially. The test spawned two child processes with two consecutive `spawnSync` calls. Because `spawnSync` blocks until the child exits, the second writer started after the first finished — the two writers never overlapped, so the rename race the fix targets was never actually exercised. The test would have passed with the old broken `${target}.tmp` suffix. Fix: introduce a one-off "race runner" helper that runs inside its own subprocess and uses async `spawn` to start both writers simultaneously. The runner waits for both to exit (the event loop is local to the runner subprocess, so this stays compatible with the synchronous test harness used elsewhere in this file) and reports both exit codes plus stderrs on stdout. The test then calls the runner via `spawnSync` and parses the result. Both writer children now overlap for the duration of their 200 `writeBridgeAtomic` calls each, which is enough wall time to reliably trigger the rename race against the pre-fix code. Verified: with the fixed `${target}.${pid}.${nonce}.tmp` suffix, the test passes; with the old fixed `${target}.tmp` suffix reintroduced, it fails as expected (one writer hits ENOENT on roughly half its rename calls). 2. greptile P2 + cubic P3: `assert.throws` used a string as the second argument. Node deprecated passing a string as the second argument to `assert.throws` years ago: the string is silently treated as the assertion failure message (what to print when the function does not throw) rather than as an error matcher. The check passed for any thrown error, not just the rename failure. Fix: pass a regex matcher as the second arg and keep the explanatory text as the third. The regex matches `EISDIR`, `EPERM`, `ENOTDIR`, or `ENOENT` because `renameSync` of a regular tmp file onto an existing directory raises different codes on Linux / macOS / BSD — making the matcher portable across CI runners. Test count unchanged at 14; `npm test` green; `npm run lint` clean. The two helper files (`tests/__tmp_bridge_writer.js`, `tests/__tmp_bridge_race_runner.js`) are written and unlinked inside the test's try/finally so they never persist beyond the test run.	2026-05-19 09:44:53 +09:00
Jamkris	a2b98be4a3	test(lib): concurrent writeBridgeAtomic + tmp-cleanup regression Two regression tests pin down the previous two commits' atomic-rename fixes: 1. concurrent writes don't throw ENOENT or corrupt the file — spawns two child Node processes (`tests/__tmp_bridge_writer.js` created in-test, cleaned up in finally) that each call `writeBridgeAtomic(sid, …)` 200 times against the same session ID with independent payloads. Asserts both subprocesses exit 0 (the previous implementation produced ENOENT on roughly 50% of rename calls, all swallowed by the in-test catch) and the final bridge file is parseable JSON belonging to one of the two writers (last-writer-wins is fine; the contract is no corruption and no rename ENOENT, not data preservation). 2. tmp file cleanup on rename failure — pre-creates a directory at the target bridge path so `renameSync(tmp, target)` fails, calls `writeBridgeAtomic`, asserts the call throws AND that no tmp file with the writer's `pid.<nonce>.tmp` prefix is left behind in `os.tmpdir()`. The previous code had no cleanup; the fix's `try/catch + unlinkSync` keeps tmpdir from accumulating orphan files across repeated rename failures. The first test deliberately writes independent payloads from each subprocess so this regression doesn't try to claim a property the fix doesn't actually deliver (read-modify-write race in the caller is a separate issue and out of scope per PR body). Test count: 12 → 14 in `tests/lib/session-bridge.test.js`; `npm test` green; `npm run lint` clean.	2026-05-19 09:31:35 +09:00
Jamkris	74fda58a9c	fix(hooks): use unique tmp suffix in writeWarnState (ecc-context-monitor) Mirror the previous commit's `writeBridgeAtomic` fix on the companion `writeWarnState` in `ecc-context-monitor.js`. Same shape: fixed `${target}.tmp` → `${target}.${process.pid}.${randomNonce}.tmp`, plus best-effort cleanup of the tmp file on `renameSync` failure (throws original error after cleanup). `writeWarnState` debounces the context-monitor's threshold alarms (`COST_NOTICE_USD`, `COST_WARNING_USD`, `COST_CRITICAL_USD`, plus the context-remaining and loop-detection ones). Without unique suffixes, two PostToolUse subprocesses racing on the warn-state file produce either a corrupted JSON debounce-state on disk or an ENOENT throw that the hook catches and swallows — either way the next warn-state read returns the default `{callsSinceWarn: 0, lastSeverity: null}` and the threshold alarms re-fire or stop firing erratically. Users see warning messages flicker or vanish; debounce no longer works. Three call sites in this repo now share the same atomic-write contract: - `writeBridgeAtomic` (scripts/lib/session-bridge.js) — primary - `writeCostWarningIfChanged` (scripts/hooks/ecc-metrics-bridge.js) — cost cache - `writeWarnState` (this file) — debounce state `yarn lint` clean. Regression test covering both `writeBridgeAtomic` and `writeWarnState` under concurrent load lands in the next commit.	2026-05-19 09:30:07 +09:00
Jamkris	95602cc27b	fix(lib): use unique tmp suffix in writeBridgeAtomic to eliminate ENOENT race `writeBridgeAtomic` wrote to a fixed `${target}.tmp` path before calling `renameSync`. When two processes write to the same session bridge concurrently (e.g. PostToolUse `ecc-metrics-bridge` + the background `ecc-statusline`, both calling `writeBridgeAtomic(sessionId, ...)`), the canonical atomic-rename race fires: 1. Process A: writeFileSync(target.tmp, JSON_A) — tmp file exists. 2. Process B: writeFileSync(target.tmp, JSON_B) — tmp file overwritten. 3. Process A: renameSync(target.tmp, target) — succeeds; target = JSON_B (A's payload silently corrupted en-route). 4. Process B: renameSync(target.tmp, target) — throws ENOENT (the rename consumed the file). Every caller in the repo wraps `writeBridgeAtomic` in `try {} catch {}`, so the ENOENT exception is swallowed and the user-visible symptom is just "the bridge file occasionally contains the wrong process's payload" with no diagnostic. Reproduced before this commit: $ # two concurrent writers, each calling writeBridgeAtomic 500 times $ # against the same session ID [A] errors=244 # 244 ENOENT exceptions swallowed [B] errors=248 # ditto After this commit the same workload reports 0 errors in both subprocesses: tmp paths no longer collide. Fix: change `${target}.tmp` to `${target}.${process.pid}.${crypto.randomBytes(4).toString('hex')}.tmp`, matching the pattern already used by `writeCostWarningIfChanged` in `scripts/hooks/ecc-metrics-bridge.js` (commit `9b1d8918`). The pid + 4-byte nonce gives each writer process a distinct tmp path, so step 2 above no longer overwrites step 1's payload and step 4 no longer races step 3. Also added: on `renameSync` failure, attempt `fs.unlinkSync(tmp)` so a writer that fails (disk full, permission, parent dir gone) does not leak its tmp file. The cleanup is best-effort and the original error is still re-thrown. Scope clarification. This commit closes the atomic-rename primitive's race only. The read-modify-write race in callers — two writers each read the same bridge state, increment, and write back, the second clobbering the first — is a separate concern that needs locking or per-writer logs, and is intentionally out of scope for this PR. The cost-tracker / metrics-bridge callers tolerate last-writer-wins on their cumulative aggregates today and this commit does not change that contract. The companion `writeWarnState` in `ecc-context-monitor.js` has the same fixed-suffix pattern and the same race; that fix lands in the next commit so each can be reviewed against its own diff.	2026-05-19 09:29:09 +09:00