0c2d245632
state.sh used SESSION_FILE for session.json (global tracking data). Both hook handlers override SESSION_FILE to sessions/<pgrp>.json for per-session isolation. buddymon_session_reset() at session-stop end was writing _version:1 data INTO sessions/<pgrp>.json, leaving stale wrong-format session files that broke buddy lookup. Fix: rename state.sh variable to SESSION_DATA_FILE — no more collision. Also: - Add matcher:'*' to SessionStart and Stop hooks (CC 2.x compatibility) - Add dead-session GC to session-start.sh (cleans up orphaned PGRP files) - Add 5 new privacy/security bug_monsters: LeakWraith (uncommon) — exposed credentials CipherNull (uncommon) — weak/broken crypto (MD5, ECB, rand() for secrets) ConsentShadow (rare) — tracking/analytics without consent (CF flagship villain) ThrottleDemon (common) — ignored 429s and missing backoff PrivacyLich (legendary) — GDPR/CCPA/breach debt; unkillable, only containable |
||
|---|---|---|
| .. | ||
| catalog.json | ||
| state.sh | ||
| statusline.sh | ||