fix(acp): harden session lifecycle against flooding

2026-05-10 00:23:29 +00:00 · 2026-02-19 14:50:02 +01:00
parent 4ddc4dfd76
commit e01011e3e4
6 changed files with 364 additions and 7 deletions
--- a/src/acp/types.ts
+++ b/src/acp/types.ts
@@ -6,6 +6,7 @@ export type AcpSession = {
  sessionKey: string;
  cwd: string;
  createdAt: number;
+  lastTouchedAt: number;
  abortController: AbortController | null;
  activeRunId: string | null;
 };
@@ -19,6 +20,10 @@ export type AcpServerOptions = {
  requireExistingSession?: boolean;
  resetSession?: boolean;
  prefixCwd?: boolean;
+  sessionCreateRateLimit?: {
+    maxRequests?: number;
+    windowMs?: number;
+  };
  verbose?: boolean;
 };