refactor: architecture audit fixes round 2 (P0-P2)

- Fix curl subprocess leak on client disconnect (abort signal propagation)
- Cap SSE parse buffer at 10MB to prevent memory exhaustion
- Fatal error triggers graceful shutdown instead of hard exit
- Session hash: 128-bit + JSON.stringify to prevent collisions
- Gemini SSE line endings normalized to \n\n
- Extract shared translation utils (desktop context, instructions, budgetToEffort)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

src/index.ts

@@ -150,5 +150,7 @@ async function main() {
 
 main().catch((err) => {
   console.error("Fatal error:", err);
-  process.exit(1);
+  // Trigger graceful shutdown instead of hard exit
+  process.kill(process.pid, "SIGTERM");
+  setTimeout(() => process.exit(1), 2000).unref();
 });

src/proxy/codex-api.ts

@@ -356,6 +356,7 @@ export class CodexApi {
       .pipeThrough(new TextDecoderStream())
       .getReader();
 
+    const MAX_SSE_BUFFER = 10 * 1024 * 1024; // 10MB
     let buffer = "";
     try {
       while (true) {
@@ -363,6 +364,9 @@ export class CodexApi {
         if (done) break;
 
         buffer += value;
+        if (buffer.length > MAX_SSE_BUFFER) {
+          throw new Error(`SSE buffer exceeded ${MAX_SSE_BUFFER} bytes — aborting stream`);
+        }
         const parts = buffer.split("\n\n");
         buffer = parts.pop()!;
 

src/routes/shared/proxy-handler.ts

@@ -91,6 +91,7 @@ export async function handleProxyRequest(
 
   // P0-2: AbortController to kill curl when client disconnects
   const abortController = new AbortController();
+  c.req.raw.signal.addEventListener("abort", () => abortController.abort(), { once: true });
 
   try {
     // 3. Retry + send to Codex
@@ -106,6 +107,7 @@ export async function handleProxyRequest(
       c.header("Connection", "keep-alive");
 
       return stream(c, async (s) => {
+        s.onAbort(() => abortController.abort());
         let sessionTaskId: string | null = null;
         try {
           for await (const chunk of fmt.streamTranslator(

src/session/manager.ts

@@ -36,8 +36,8 @@ export class SessionManager {
   hashMessages(
     messages: Array<{ role: string; content: string }>,
   ): string {
-    const data = messages.map((m) => `${m.role}:${m.content}`).join("|");
-    return createHash("sha256").update(data).digest("hex").slice(0, 16);
+    const data = JSON.stringify(messages.map((m) => [m.role, m.content]));
+    return createHash("sha256").update(data).digest("hex").slice(0, 32);
   }
 
   /**

src/translation/anthropic-to-codex.ts

@@ -2,8 +2,6 @@
  * Translate Anthropic Messages API request → Codex Responses API request.
  */
 
-import { readFileSync } from "fs";
-import { resolve } from "path";
 import type { AnthropicMessagesRequest } from "../types/anthropic.js";
 import type {
   CodexResponsesRequest,
@@ -11,19 +9,7 @@ import type {
 } from "../proxy/codex-api.js";
 import { resolveModelId, getModelInfo } from "../routes/models.js";
 import { getConfig } from "../config.js";
-
-const DESKTOP_CONTEXT = loadDesktopContext();
-
-function loadDesktopContext(): string {
-  try {
-    return readFileSync(
-      resolve(process.cwd(), "config/prompts/desktop-context.md"),
-      "utf-8",
-    );
-  } catch {
-    return "";
-  }
-}
+import { buildInstructions, budgetToEffort } from "./shared-utils.js";
 
 /**
  * Map Anthropic thinking budget_tokens to Codex reasoning effort.
@@ -32,11 +18,7 @@ function mapThinkingToEffort(
   thinking: AnthropicMessagesRequest["thinking"],
 ): string | undefined {
   if (!thinking || thinking.type === "disabled") return undefined;
-  const budget = thinking.budget_tokens;
-  if (budget < 2000) return "low";
-  if (budget < 8000) return "medium";
-  if (budget < 20000) return "high";
-  return "xhigh";
+  return budgetToEffort(thinking.budget_tokens);
 }
 
 /**
@@ -76,9 +58,7 @@ export function translateAnthropicToCodexRequest(
   } else {
     userInstructions = "You are a helpful assistant.";
   }
-  const instructions = DESKTOP_CONTEXT
-    ? `${DESKTOP_CONTEXT}\n\n${userInstructions}`
-    : userInstructions;
+  const instructions = buildInstructions(userInstructions);
 
   // Build input items from messages
   const input: CodexInputItem[] = [];

src/translation/codex-to-gemini.ts

@@ -53,7 +53,7 @@ export async function* streamCodexToGemini(
             ],
             modelVersion: model,
           };
-          yield `data: ${JSON.stringify(chunk)}\r\n\r\n`;
+          yield `data: ${JSON.stringify(chunk)}\n\n`;
         }
         break;
       }
@@ -84,7 +84,7 @@ export async function* streamCodexToGemini(
           },
           modelVersion: model,
         };
-        yield `data: ${JSON.stringify(finalChunk)}\r\n\r\n`;
+        yield `data: ${JSON.stringify(finalChunk)}\n\n`;
         break;
       }
     }

src/translation/gemini-to-codex.ts

@@ -2,8 +2,6 @@
  * Translate Google Gemini generateContent request → Codex Responses API request.
  */
 
-import { readFileSync } from "fs";
-import { resolve } from "path";
 import type {
   GeminiGenerateContentRequest,
   GeminiContent,
@@ -14,30 +12,7 @@ import type {
 } from "../proxy/codex-api.js";
 import { resolveModelId, getModelInfo } from "../routes/models.js";
 import { getConfig } from "../config.js";
-
-const DESKTOP_CONTEXT = loadDesktopContext();
-
-function loadDesktopContext(): string {
-  try {
-    return readFileSync(
-      resolve(process.cwd(), "config/prompts/desktop-context.md"),
-      "utf-8",
-    );
-  } catch {
-    return "";
-  }
-}
-
-/**
- * Map Gemini thinkingBudget to Codex reasoning effort.
- */
-function budgetToEffort(budget?: number): string | undefined {
-  if (!budget || budget <= 0) return undefined;
-  if (budget < 2000) return "low";
-  if (budget < 8000) return "medium";
-  if (budget < 20000) return "high";
-  return "xhigh";
-}
+import { buildInstructions, budgetToEffort } from "./shared-utils.js";
 
 /**
  * Extract text from Gemini content parts.
@@ -96,9 +71,7 @@ export function translateGeminiToCodexRequest(
   } else {
     userInstructions = "You are a helpful assistant.";
   }
-  const instructions = DESKTOP_CONTEXT
-    ? `${DESKTOP_CONTEXT}\n\n${userInstructions}`
-    : userInstructions;
+  const instructions = buildInstructions(userInstructions);
 
   // Build input items from contents
   const input: CodexInputItem[] = [];

src/translation/openai-to-codex.ts

@@ -2,8 +2,6 @@
  * Translate OpenAI Chat Completions request → Codex Responses API request.
  */
 
-import { readFileSync } from "fs";
-import { resolve } from "path";
 import type { ChatCompletionRequest } from "../types/openai.js";
 import type {
   CodexResponsesRequest,
@@ -11,19 +9,7 @@ import type {
 } from "../proxy/codex-api.js";
 import { resolveModelId, getModelInfo } from "../routes/models.js";
 import { getConfig } from "../config.js";
-
-const DESKTOP_CONTEXT = loadDesktopContext();
-
-function loadDesktopContext(): string {
-  try {
-    return readFileSync(
-      resolve(process.cwd(), "config/prompts/desktop-context.md"),
-      "utf-8",
-    );
-  } catch {
-    return "";
-  }
-}
+import { buildInstructions } from "./shared-utils.js";
 
 /**
  * Convert a ChatCompletionRequest to a CodexResponsesRequest.
@@ -43,9 +29,7 @@ export function translateToCodexRequest(
   const userInstructions =
     systemMessages.map((m) => m.content).join("\n\n") ||
     "You are a helpful assistant.";
-  const instructions = DESKTOP_CONTEXT
-    ? `${DESKTOP_CONTEXT}\n\n${userInstructions}`
-    : userInstructions;
+  const instructions = buildInstructions(userInstructions);
 
   // Build input items from non-system messages
   const input: CodexInputItem[] = [];

src/translation/shared-utils.ts

@@ -0,0 +1,47 @@
+/**
+ * Shared utilities for request translation modules.
+ *
+ * Deduplicates: desktop context loading, instruction building, budget→effort mapping.
+ */
+
+import { readFileSync } from "fs";
+import { resolve } from "path";
+
+let cachedDesktopContext: string | null = null;
+
+/**
+ * Lazily load and cache the desktop context prompt.
+ * File is maintained by apply-update.ts; cached once per process lifetime.
+ */
+export function getDesktopContext(): string {
+  if (cachedDesktopContext !== null) return cachedDesktopContext;
+  try {
+    cachedDesktopContext = readFileSync(
+      resolve(process.cwd(), "config/prompts/desktop-context.md"),
+      "utf-8",
+    );
+  } catch {
+    cachedDesktopContext = "";
+  }
+  return cachedDesktopContext;
+}
+
+/**
+ * Assemble final instructions from desktop context + user instructions.
+ */
+export function buildInstructions(userInstructions: string): string {
+  const ctx = getDesktopContext();
+  return ctx ? `${ctx}\n\n${userInstructions}` : userInstructions;
+}
+
+/**
+ * Map a token budget (e.g. Anthropic thinking.budget_tokens or Gemini thinkingBudget)
+ * to a Codex reasoning effort level.
+ */
+export function budgetToEffort(budget: number | undefined): string | undefined {
+  if (!budget || budget <= 0) return undefined;
+  if (budget < 2000) return "low";
+  if (budget < 8000) return "medium";
+  if (budget < 20000) return "high";
+  return "xhigh";
+}