feat: add daemon mode, URL routing, and bounded dedup to debug server

Self-daemonizing --daemon flag eliminates backgrounding issues across
agents. URL route validation at /ingest/:sessionId enables multi-session
support and 404s for malformed paths. Bounded dedup set caps at 10k
entries. SKILL.md updated to use --daemon and DELETE endpoint.

Author: aidenybai

packages/debug-agent/skill/SKILL.md

@@ -42,17 +42,13 @@ They guess based on code alone. You **cannot** and **must NOT** fix bugs this wa
 
 ### STEP 0: Start the logging server (MANDATORY BEFORE ANY INSTRUMENTATION)
 
-**CRITICAL: The server is a long-running process. You MUST run it in the BACKGROUND.**
-
-Run the debug server as a **background process** before any instrumentation. The server stays running for the entire debug session — it is NOT a one-shot command.
+Run the debug server in **daemon mode** before any instrumentation. The `--daemon` flag starts the server in the background and exits immediately with the server info — no backgrounding or `&` required.
 
 ```bash
-npx debug-agent 2>&1 &
+npx debug-agent --daemon
 ```
 
-**YOU MUST BACKGROUND THIS COMMAND.** Do NOT run it in the foreground. Do NOT wait for it to complete — it never completes, it is a persistent server. Use `&` (shell background), `nohup`, or your agent's background/async command execution. If your agent platform supports `block_until_ms: 0` or equivalent, use that. If it supports running commands in a separate terminal, do that. **The command MUST NOT block your workflow.**
-
-The server prints a single JSON line to stdout on startup:
+The command prints a single JSON line to stdout and exits:
 
 ```json
 {
@@ -129,12 +125,10 @@ fetch('ENDPOINT',{method:'POST',headers:{'Content-Type':'application/json'},body
 
 ### STEP 3: Clear previous log file before each run (MANDATORY)
 
-- Use the delete_file tool to delete the file at the **log path** before asking the user to run.
-- If delete_file unavailable or fails: instruct user to manually delete the log file.
+- Send a `DELETE` request to the **server endpoint** to clear the log file before each run. For example: `curl -X DELETE ENDPOINT` (replace `ENDPOINT` with the endpoint value from Step 0).
 - This ensures clean logs for the new run without mixing old and new data.
-- Do NOT use shell commands (rm, touch, etc.); use the delete_file tool only.
 - Clearing the log file is NOT the same as removing instrumentation; do not remove any debug logs from code here.
-- **CRITICAL:** Only delete YOUR log file (the one at the log path from Step 0). NEVER delete, modify, or overwrite log files belonging to other debug sessions. Other sessions may have log files in the same directory with different session IDs in their filenames — leave them untouched.
+- **CRITICAL:** Only clear YOUR session's logs (via your endpoint from Step 0). NEVER delete, modify, or overwrite log files belonging to other debug sessions.
 
 ### STEP 4: Read logs after user runs the program
 
@@ -159,7 +153,7 @@ fetch('ENDPOINT',{method:'POST',headers:{'Content-Type':'application/json'},body
 - FORBIDDEN: Using `setTimeout`, `sleep`, or artificial delays as a "fix"; use proper reactivity/events/lifecycles.
 - FORBIDDEN: Removing instrumentation before analyzing post-fix verification logs or receiving explicit user confirmation.
 - Verification requires before/after log comparison with cited log lines; do not claim success without log proof.
-- Clear logs using the delete_file tool only (never shell commands like rm, touch, etc.).
+- Clear logs by sending a DELETE request to the server endpoint.
 - Do not create the log file manually; it's created automatically.
 - Clearing the log file is not removing instrumentation.
 - NEVER delete or modify log files that do not belong to this session. Only touch the log file at the exact path from Step 0.

packages/debug-agent/src/commands/serve.ts

@@ -1,4 +1,5 @@
 import { Command } from "commander";
+import { spawn } from "node:child_process";
 import { createServer } from "../server.js";
 import { logger } from "../utils/logger.js";
 import { highlighter } from "../utils/highlighter.js";
@@ -13,31 +14,113 @@ export const serveCommand = new Command("serve")
     "-l, --log-path <path>",
     "log file path (default: <tmpdir>/debug-agent/debug-<sessionId>.log)",
   )
+  .option("-d, --daemon", "start server in background and exit")
+  .option("--json", "output server info as JSON (no spinner/colors)")
   .action(async (options) => {
-    const startSpinner = spinner("Starting debug-agent server...").start();
-
-    const { server, info } = await createServer({
-      port: options.port,
-      host: options.host,
-      sessionId: options.sessionId,
-      logPath: options.logPath,
-    });
+    if (options.daemon) {
+      await startDaemon(options);
+      return;
+    }
 
-    if (!server) {
-      startSpinner.succeed(`Server already running on port ${highlighter.bold(String(info.port))}`);
-      logger.dim(`  ${info.endpoint}`);
+    if (options.json) {
+      await startJson(options);
       return;
     }
 
-    startSpinner.succeed(`Server listening on port ${highlighter.bold(String(info.port))}`);
-    logger.dim(`  Endpoint: ${info.endpoint}`);
-    logger.dim(`  Log path: ${info.logPath}`);
+    await startInteractive(options);
+  });
+
+interface ServeOptions {
+  port?: number;
+  host: string;
+  sessionId?: string;
+  logPath?: string;
+}
+
+const startDaemon = async (options: ServeOptions) => {
+  const childArgs = [process.argv[1], "serve", "--json"];
+  if (options.port) childArgs.push("-p", String(options.port));
+  if (options.host !== "127.0.0.1") childArgs.push("-H", options.host);
+  if (options.sessionId) childArgs.push("-s", options.sessionId);
+  if (options.logPath) childArgs.push("-l", options.logPath);
+
+  const childProcess = spawn(process.execPath, childArgs, {
+    detached: true,
+    stdio: ["ignore", "pipe", "ignore"],
+  });
+
+  if (!childProcess.stdout) {
+    logger.error("Failed to start daemon");
+    process.exit(1);
+  }
+
+  let stdoutBuffer = "";
+  const serverInfoLine = await new Promise<string>((resolve, reject) => {
+    childProcess.stdout!.on("data", (chunk: Buffer) => {
+      stdoutBuffer += chunk.toString();
+      const newlineIndex = stdoutBuffer.indexOf("\n");
+      if (newlineIndex !== -1) {
+        resolve(stdoutBuffer.slice(0, newlineIndex));
+      }
+    });
+    childProcess.on("error", reject);
+    childProcess.on("exit", (code) => {
+      if (code !== 0) reject(new Error(`Server process exited with code ${code}`));
+    });
+  });
+
+  console.log(serverInfoLine);
+  childProcess.unref();
+  process.exit(0);
+};
+
+const startJson = async (options: ServeOptions) => {
+  const { server, info } = await createServer({
+    port: options.port,
+    host: options.host,
+    sessionId: options.sessionId,
+    logPath: options.logPath,
+  });
+
+  console.log(JSON.stringify(info));
 
-    const shutdown = () => {
-      server.close();
-      process.exit(0);
-    };
+  if (!server) {
+    process.exit(0);
+  }
 
-    process.on("SIGINT", shutdown);
-    process.on("SIGTERM", shutdown);
+  const shutdown = () => {
+    server.close();
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+};
+
+const startInteractive = async (options: ServeOptions) => {
+  const startSpinner = spinner("Starting debug-agent server...").start();
+
+  const { server, info } = await createServer({
+    port: options.port,
+    host: options.host,
+    sessionId: options.sessionId,
+    logPath: options.logPath,
   });
+
+  if (!server) {
+    startSpinner.succeed(`Server already running on port ${highlighter.bold(String(info.port))}`);
+    logger.dim(`  ${info.endpoint}`);
+    return;
+  }
+
+  startSpinner.succeed(`Server listening on port ${highlighter.bold(String(info.port))}`);
+  logger.dim(`  Endpoint: ${info.endpoint}`);
+  logger.dim(`  Log path: ${info.logPath}`);
+
+  const shutdown = () => {
+    server.close();
+    process.exit(0);
+  };
+
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+};

packages/debug-agent/src/constants.ts

@@ -1,4 +1,5 @@
 export const SESSION_ID_BYTE_LENGTH = 3;
 export const LOCK_PING_TIMEOUT_MS = 1000;
 export const LOG_DIRECTORY_NAME = "debug-agent";
+export const MAX_DEDUP_ENTRIES = 10_000;
 export const VERSION_API_URL = "https://www.debug-agent.com/api/version";

packages/debug-agent/src/server.ts

@@ -3,7 +3,7 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import crypto from "node:crypto";
-import { SESSION_ID_BYTE_LENGTH, LOG_DIRECTORY_NAME } from "./constants.js";
+import { SESSION_ID_BYTE_LENGTH, LOG_DIRECTORY_NAME, MAX_DEDUP_ENTRIES } from "./constants.js";
 import { getErrorMessage } from "./utils/get-error-message.js";
 import { readServerLock, writeServerLock, removeServerLock } from "./utils/server-lock.js";
 import { pingServer } from "./utils/ping-server.js";
@@ -29,10 +29,25 @@ export interface ServerResult {
   reused: boolean;
 }
 
+interface SessionState {
+  logPath: string;
+  processedEntryIds: Set<string>;
+}
+
+const parseIngestPath = (url: string): string | null => {
+  try {
+    const { pathname } = new URL(url, "http://localhost");
+    const match = pathname.match(/^\/ingest\/([a-zA-Z0-9_-]+)\/?$/);
+    return match ? match[1] : null;
+  } catch {
+    return null;
+  }
+};
+
 export const createServer = async (options: ServerOptions = {}): Promise<ServerResult> => {
   const sessionId = options.sessionId || crypto.randomBytes(SESSION_ID_BYTE_LENGTH).toString("hex");
   const logDirectory = path.join(options.cwd || os.tmpdir(), LOG_DIRECTORY_NAME);
-  const logPath = options.logPath || path.join(logDirectory, `debug-${sessionId}.log`);
+  const primaryLogPath = options.logPath || path.join(logDirectory, `debug-${sessionId}.log`);
   const host = options.host || "127.0.0.1";
   const port = options.port || 0;
 
@@ -56,7 +71,20 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
     removeServerLock(logDirectory);
   }
 
-  const processedEntryIds = new Set<string>();
+  const sessions = new Map<string, SessionState>();
+
+  const getSessionState = (requestSessionId: string): SessionState => {
+    const existing = sessions.get(requestSessionId);
+    if (existing) return existing;
+
+    const sessionLogPath =
+      requestSessionId === sessionId
+        ? primaryLogPath
+        : path.join(logDirectory, `debug-${requestSessionId}.log`);
+    const state: SessionState = { logPath: sessionLogPath, processedEntryIds: new Set() };
+    sessions.set(requestSessionId, state);
+    return state;
+  };
 
   const server = http.createServer((request, response) => {
     response.setHeader("Access-Control-Allow-Origin", "*");
@@ -68,25 +96,45 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
       return;
     }
 
+    const url = request.url || "/";
+
+    if (url === "/" && request.method === "GET") {
+      response.writeHead(200, { "Content-Type": "application/json" });
+      response.end(JSON.stringify({ ok: true }));
+      return;
+    }
+
+    const requestSessionId = parseIngestPath(url);
+    if (!requestSessionId) {
+      response.writeHead(404, { "Content-Type": "application/json" });
+      response.end(JSON.stringify({ error: "Not found" }));
+      return;
+    }
+
+    const sessionState = getSessionState(requestSessionId);
+
     if (request.method === "POST") {
-      let body = "";
-      request.on("data", (chunk: Buffer) => (body += chunk));
+      let requestBody = "";
+      request.on("data", (chunk: Buffer) => (requestBody += chunk));
       request.on("end", () => {
         try {
-          const logEntry = JSON.parse(body);
+          const logEntry = JSON.parse(requestBody);
 
-          if (logEntry.id && processedEntryIds.has(logEntry.id)) {
+          if (logEntry.id && sessionState.processedEntryIds.has(logEntry.id)) {
             response.writeHead(200, { "Content-Type": "application/json" });
             response.end(JSON.stringify({ ok: true, duplicate: true }));
             return;
           }
 
-          logEntry.sessionId = logEntry.sessionId || sessionId;
+          logEntry.sessionId = logEntry.sessionId || requestSessionId;
           logEntry.timestamp = logEntry.timestamp || Date.now();
-          fs.appendFileSync(logPath, JSON.stringify(logEntry) + "\n");
+          fs.appendFileSync(sessionState.logPath, JSON.stringify(logEntry) + "\n");
 
           if (logEntry.id) {
-            processedEntryIds.add(logEntry.id);
+            if (sessionState.processedEntryIds.size >= MAX_DEDUP_ENTRIES) {
+              sessionState.processedEntryIds.clear();
+            }
+            sessionState.processedEntryIds.add(logEntry.id);
           }
 
           response.writeHead(200, { "Content-Type": "application/json" });
@@ -101,8 +149,8 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
 
     if (request.method === "DELETE") {
       try {
-        if (fs.existsSync(logPath)) fs.unlinkSync(logPath);
-        processedEntryIds.clear();
+        if (fs.existsSync(sessionState.logPath)) fs.unlinkSync(sessionState.logPath);
+        sessionState.processedEntryIds.clear();
         response.writeHead(200, { "Content-Type": "application/json" });
         response.end(JSON.stringify({ ok: true, cleared: true }));
       } catch (error: unknown) {
@@ -114,7 +162,9 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
 
     if (request.method === "GET") {
       try {
-        const logContent = fs.existsSync(logPath) ? fs.readFileSync(logPath, "utf-8") : "";
+        const logContent = fs.existsSync(sessionState.logPath)
+          ? fs.readFileSync(sessionState.logPath, "utf-8")
+          : "";
         response.writeHead(200, { "Content-Type": "application/x-ndjson" });
         response.end(logContent);
       } catch (error: unknown) {
@@ -139,7 +189,7 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
         sessionId,
         port: serverAddress.port,
         endpoint: `http://${host}:${serverAddress.port}/ingest/${sessionId}`,
-        logPath,
+        logPath: primaryLogPath,
       };
 
       writeServerLock(logDirectory, {
@@ -148,7 +198,7 @@ export const createServer = async (options: ServerOptions = {}): Promise<ServerR
         port: serverAddress.port,
         sessionId,
         endpoint: info.endpoint,
-        logPath,
+        logPath: primaryLogPath,
       });
 
       server.on("close", () => removeServerLock(logDirectory));