fix: harden bounded agent communication review fixes

CodeRabbit and Codecov surfaced real gaps in UDS framing, peer discovery, mailbox retention, and summary context coverage. This tightens those paths without suppressing review or coverage signals.

Constraint: PR #369 must address CodeRabbit and Codecov findings without warning suppression or fake fallbacks

Rejected: Suppress Codecov or CodeRabbit warnings | leaves real receive-path and test-isolation gaps

Rejected: Add unreachable feature-gated tests | bun:bundle keeps those branches compile-time gated in local tests

Confidence: high

Scope-risk: moderate

Directive: Keep UDS auth-token rejection outside feature flags; do not reintroduce inline token fallbacks

Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run test:all; bun run lint; bun run build; bun run build:vite; bun audit; git diff --cached --check

Not-tested: Remote Codecov/CodeRabbit refreshed reports until pushed

Author: unraid

packages/builtin-tools/src/tools/ListPeersTool/ListPeersTool.ts

@@ -84,19 +84,27 @@ Use this tool to discover messaging targets before sending cross-session message
     // UDS socket directory. The implementation scans for live sockets
     // and optionally includes Remote Control bridge peers.
     const peers: PeerInfo[] = []
+    const seen = new Set<string>()
+    const addPeer = (peer: PeerInfo): void => {
+      if (seen.has(peer.address)) return
+      seen.add(peer.address)
+      peers.push(peer)
+    }
 
     /* eslint-disable @typescript-eslint/no-require-imports */
     const udsMessaging =
       require('src/utils/udsMessaging.js') as typeof import('src/utils/udsMessaging.js')
     const udsClient =
       require('src/utils/udsClient.js') as typeof import('src/utils/udsClient.js')
+    const bridgePeers =
+      require('src/bridge/peerSessions.js') as typeof import('src/bridge/peerSessions.js')
     /* eslint-enable @typescript-eslint/no-require-imports */
 
     const messagingSocketPath = udsMessaging.getUdsMessagingSocketPath()
     if (messagingSocketPath) {
       // Self entry for reference
       if (_input.include_self) {
-        peers.push({
+        addPeer({
           address: udsMessaging.formatUdsAddress(messagingSocketPath),
           name: 'self',
           pid: process.pid,
@@ -106,14 +114,18 @@ Use this tool to discover messaging targets before sending cross-session message
 
     for (const peer of await udsClient.listPeers()) {
       if (!peer.messagingSocketPath) continue
-      peers.push({
+      addPeer({
         address: udsMessaging.formatUdsAddress(peer.messagingSocketPath),
         name: peer.name ?? peer.kind,
         cwd: peer.cwd,
         pid: peer.pid,
       })
     }
 
+    for (const peer of await bridgePeers.listBridgePeers()) {
+      addPeer(peer)
+    }
+
     return {
       data: { peers },
     }

packages/builtin-tools/src/tools/SendMessageTool/SendMessageTool.ts

@@ -672,17 +672,15 @@ export const SendMessageTool: Tool<InputSchema, SendMessageToolOutput> =
           errorCode: 9,
         }
       }
-      if (feature('UDS_INBOX')) {
-        if (
-          addr.scheme === 'uds' &&
-          (hasInlineUdsToken(input.to) || wasInlineUdsTokenRejected(input))
-        ) {
-          return {
-            result: false,
-            message:
-              'uds addresses must not include inline auth tokens; use the ListPeers address',
-            errorCode: 9,
-          }
+      if (
+        addr.scheme === 'uds' &&
+        (hasInlineUdsToken(input.to) || wasInlineUdsTokenRejected(input))
+      ) {
+        return {
+          result: false,
+          message:
+            'uds addresses must not include inline auth tokens; use the ListPeers address',
+          errorCode: 9,
         }
       }
       if (input.to.includes('@')) {
@@ -808,6 +806,22 @@ export const SendMessageTool: Tool<InputSchema, SendMessageToolOutput> =
     },
 
     async call(input, context, canUseTool, assistantMessage) {
+      if (typeof input.message === 'string') {
+        const addr = parseAddress(input.to)
+        if (
+          addr.scheme === 'uds' &&
+          (hasInlineUdsToken(input.to) || wasInlineUdsTokenRejected(input))
+        ) {
+          return {
+            data: {
+              success: false,
+              message:
+                'uds addresses must not include inline auth tokens; use the ListPeers address',
+            },
+          }
+        }
+      }
+
       if (feature('UDS_INBOX') && typeof input.message === 'string') {
         const addr = parseAddress(input.to)
         if (addr.scheme === 'bridge') {
@@ -827,10 +841,10 @@ export const SendMessageTool: Tool<InputSchema, SendMessageToolOutput> =
           const { postInterClaudeMessage } =
             require('src/bridge/peerSessions.js') as typeof import('src/bridge/peerSessions.js')
           /* eslint-enable @typescript-eslint/no-require-imports */
-          const result = await postInterClaudeMessage(
+          const result = (await postInterClaudeMessage(
             addr.target,
             input.message,
-          ) as { ok: boolean; error?: string }
+          )) as { ok: boolean; error?: string }
           const preview = input.summary || truncate(input.message, 50)
           return {
             data: {

packages/builtin-tools/src/tools/SendMessageTool/__tests__/udsRecipientSanitization.test.ts

@@ -1,8 +1,4 @@
-import { describe, expect, mock, test } from 'bun:test'
-
-mock.module('bun:bundle', () => ({
-  feature: (name: string) => name === 'UDS_INBOX',
-}))
+import { describe, expect, test } from 'bun:test'
 
 describe('SendMessageTool UDS recipient handling', () => {
   test('redacts inline UDS tokens before classifier and observable paths', async () => {
@@ -25,6 +21,62 @@ describe('SendMessageTool UDS recipient handling', () => {
     ).toBe('to uds:/tmp/peer.sock: hello')
   })
 
+  test('keeps redacted UDS token rejection through observable backfill', async () => {
+    const { SendMessageTool } = await import('../SendMessageTool.js')
+    const observableInput = {
+      to: 'uds:/tmp/peer.sock#token=secret-token',
+      message: {
+        type: 'plan_approval_response',
+        request_id: 'req-1',
+        approve: false,
+        reason: 'needs tests',
+      },
+    } as Record<string, unknown>
+
+    SendMessageTool.backfillObservableInput!(observableInput)
+
+    expect(observableInput.to).toBe('uds:/tmp/peer.sock')
+    expect(observableInput.recipient).toBe('uds:/tmp/peer.sock')
+    expect(observableInput.type).toBe('plan_approval_response')
+    expect(observableInput.request_id).toBe('req-1')
+    expect(observableInput.approve).toBe(false)
+    expect(observableInput.content).toBe('needs tests')
+    expect(JSON.stringify(observableInput)).not.toContain('secret-token')
+
+    const result = await SendMessageTool.validateInput!(
+      observableInput as never,
+      {} as never,
+    )
+
+    expect(result.result).toBe(false)
+    if (result.result !== false) {
+      throw new Error('expected validation to reject redacted inline UDS token')
+    }
+    expect(result.message).toContain('inline auth tokens')
+  })
+
+  test('redacts UDS tokens in structured classifier text', async () => {
+    const { SendMessageTool } = await import('../SendMessageTool.js')
+    const to = 'uds:/tmp/peer.sock#token=secret-token'
+
+    expect(
+      SendMessageTool.toAutoClassifierInput({
+        to,
+        message: { type: 'shutdown_request' },
+      }),
+    ).toBe('shutdown_request to uds:/tmp/peer.sock')
+    expect(
+      SendMessageTool.toAutoClassifierInput({
+        to,
+        message: {
+          type: 'plan_approval_response',
+          request_id: 'req-1',
+          approve: true,
+        },
+      }),
+    ).toBe('plan_approval approve to uds:/tmp/peer.sock')
+  })
+
   test('rejects inline UDS tokens during validation', async () => {
     const { SendMessageTool } = await import('../SendMessageTool.js')
     const result = await SendMessageTool.validateInput!(
@@ -36,6 +88,26 @@ describe('SendMessageTool UDS recipient handling', () => {
     )
 
     expect(result.result).toBe(false)
+    if (result.result !== false) {
+      throw new Error('expected validation to reject inline UDS token')
+    }
+    expect(result.message).toContain('inline auth tokens')
+    expect(JSON.stringify(result)).not.toContain('secret-token')
+  })
+
+  test('rejects inline UDS tokens during execution without leaking them', async () => {
+    const { SendMessageTool } = await import('../SendMessageTool.js')
+    const result = await SendMessageTool.call(
+      {
+        to: 'uds:/tmp/peer.sock#token=secret-token',
+        message: 'hello',
+      },
+      {} as never,
+      undefined as never,
+      undefined as never,
+    )
+
+    expect(result.data.success).toBe(false)
     expect(JSON.stringify(result)).not.toContain('secret-token')
   })
 })

src/bridge/peerSessions.ts

@@ -6,6 +6,38 @@ import { getBridgeAccessToken } from './bridgeConfig.js'
 import { getReplBridgeHandle } from './replBridgeHandle.js'
 import { toCompatSessionId } from './sessionIdCompat.js'
 
+export type BridgePeerSession = {
+  address: string
+  name?: string
+  cwd?: string
+  pid?: number
+}
+
+/**
+ * List locally registered sessions that have published a Remote Control
+ * session ID. The PID registry is the local source of truth for bridge peers
+ * already known to this machine; SendMessage can use these bridge:<id>
+ * addresses when the current process has an active bridge handle.
+ */
+export async function listBridgePeers(): Promise<BridgePeerSession[]> {
+  const { listAllLiveSessions } = await import('../utils/udsClient.js')
+  const sessions = await listAllLiveSessions()
+  const peers: BridgePeerSession[] = []
+
+  for (const session of sessions) {
+    if (session.pid === process.pid || !session.bridgeSessionId) continue
+    const compatId = toCompatSessionId(session.bridgeSessionId)
+    peers.push({
+      address: `bridge:${compatId}`,
+      name: session.name ?? session.kind,
+      cwd: session.cwd,
+      pid: session.pid,
+    })
+  }
+
+  return peers
+}
+
 /**
  * Send a plain-text message to another Claude session via the bridge API.
  *

src/cli/print.ts

@@ -2773,7 +2773,7 @@ function runHeadlessStreaming(
         const value =
           typeof entry.message.data === 'string'
             ? entry.message.data
-            : jsonStringify(entry.message)
+            : jsonStringify(entry.message.data)
         enqueue({
           mode: 'prompt',
           value,

src/services/AgentSummary/__tests__/agentSummary.test.ts

@@ -0,0 +1,133 @@
+import {
+  afterAll,
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  mock,
+  test,
+} from 'bun:test'
+import { debugMock } from '../../../../tests/mocks/debug'
+import { logMock } from '../../../../tests/mocks/log'
+import { asAgentId } from '../../../types/ids.js'
+import type { CacheSafeParams } from '../../../utils/forkedAgent.js'
+
+const transcriptMessages = [
+  { type: 'user', message: { content: 'start' }, uuid: 'u1' },
+  {
+    type: 'assistant',
+    message: { content: [{ type: 'text', text: 'working' }] },
+    uuid: 'a1',
+  },
+  { type: 'user', message: { content: 'continue' }, uuid: 'u2' },
+]
+
+let poorModeActive = false
+let forkCalls = 0
+let updateCalls: Array<{ taskId: string; summary: string }> = []
+let transcript = { messages: transcriptMessages }
+const sessionStorageSnapshot = {
+  ...(require('../../../utils/sessionStorage.ts') as Record<string, unknown>),
+}
+
+mock.module('src/commands/poor/poorMode.js', () => ({
+  isPoorModeActive: () => poorModeActive,
+}))
+
+mock.module('src/tasks/LocalAgentTask/LocalAgentTask.js', () => ({
+  updateAgentSummary: (taskId: string, summary: string) => {
+    updateCalls.push({ taskId, summary })
+  },
+}))
+
+mock.module(
+  '@claude-code-best/builtin-tools/tools/AgentTool/runAgent.js',
+  () => ({
+    filterIncompleteToolCalls: <T>(messages: T) => messages,
+  }),
+)
+
+mock.module('src/utils/debug.js', debugMock)
+mock.module('src/utils/log.js', logMock)
+
+mock.module('src/utils/forkedAgent.js', () => ({
+  runForkedAgent: async () => {
+    forkCalls += 1
+    return {
+      messages: [
+        {
+          type: 'assistant',
+          message: {
+            content: [{ type: 'text', text: 'Reading udsClient.ts' }],
+          },
+        },
+      ],
+    }
+  },
+}))
+
+mock.module('src/utils/sessionStorage.js', () => ({
+  ...sessionStorageSnapshot,
+  getAgentTranscript: async () => transcript,
+}))
+
+afterAll(() => {
+  mock.module('src/utils/sessionStorage.js', () =>
+    require('../../../utils/sessionStorage.ts'),
+  )
+})
+
+describe('startAgentSummarization', () => {
+  const realSetTimeout = globalThis.setTimeout
+  const realClearTimeout = globalThis.clearTimeout
+  let scheduled:
+    | ((...args: Parameters<TimerHandler & ((...args: unknown[]) => void)>) => void)
+    | undefined
+
+  beforeEach(() => {
+    poorModeActive = false
+    forkCalls = 0
+    updateCalls = []
+    transcript = { messages: transcriptMessages }
+    scheduled = undefined
+    globalThis.setTimeout = ((callback: TimerHandler) => {
+      scheduled = callback as (...args: unknown[]) => void
+      return 1 as unknown as ReturnType<typeof setTimeout>
+    }) as unknown as typeof setTimeout
+    globalThis.clearTimeout = (() => undefined) as typeof clearTimeout
+  })
+
+  afterEach(() => {
+    globalThis.setTimeout = realSetTimeout
+    globalThis.clearTimeout = realClearTimeout
+  })
+
+  test('summarizes bounded transcript once and skips unchanged fingerprints', async () => {
+    const { startAgentSummarization } = await import('../agentSummary.js')
+
+    const handle = startAgentSummarization(
+      'task-1',
+      asAgentId('a0000000000000000'),
+      {
+        forkContextMessages: [{ type: 'user', message: { content: 'old' } }],
+        model: 'claude-test',
+      } as unknown as CacheSafeParams,
+      () => undefined,
+    )
+
+    expect(typeof scheduled).toBe('function')
+    await scheduled!()
+
+    expect(forkCalls).toBe(1)
+    expect(updateCalls).toEqual([
+      { taskId: 'task-1', summary: 'Reading udsClient.ts' },
+    ])
+
+    await scheduled!()
+
+    expect(forkCalls).toBe(1)
+    expect(updateCalls).toHaveLength(1)
+
+    handle.stop()
+  })
+})