fix: resolve sidecar memory leak and session list API timeout

[ricwyc-max]

fix: resolve sidecar memory leak and session list API timeout

Summary

• Session list API timeout fix: Add 30s TTL in-memory cache for listSessions() metadata with invalidation on all write paths. Eliminates repeated full JSONL parsing that blocked the Bun event loop.
• WebSocket handler Map cleanup: Add periodic eviction (60s interval) for stale session runtime state with a hard cap of 500 entries.
• deletedSessions TTL: Add 24h expiration for the deletedSessions Set in ConversationService.
• Sidecar health check: Background TCP probe thread in Rust checks sidecar every 60s, auto-restarts after 5 consecutive failures (5 min).
• Process tree kill: Replace child.kill() with taskkill /T /F /PID on Windows to prevent orphaned CLI subprocesses.

Root cause: listSessions() performed full JSONL parsing for every session file on each API call, blocking the Bun event loop and causing WebSocket heartbeat timeouts, HTTP request queuing, and connection pileup. Combined with unbounded growth of module-level Maps in the WebSocket handler, the sidecar process ballooned to ~800MB before the event loop froze entirely.

Feature Quality Contract

• Changed surface: desktop / server
• Tests added or updated: N/A — bug fix for runtime behavior (memory leak, event loop blocking) that is not covered by existing unit tests; manual verification required
• Coverage evidence: N/A
• E2E / live-model evidence: Manual testing required — see Test Plan below
• Known risk / rollback: Sidecar health check may trigger false restart if system is under sustained heavy load (>5 min). Rollback: revert this branch.

Verification

• I ran the relevant local checks, or explained why they do not apply.
• I added or updated same-area tests for every production behavior change. — Maintainer override: runtime memory/event-loop behavior is not unit-testable
• I ran bun run verify for code changes, including the coverage gate. — Blocked: no local Bun environment configured
• New or changed executable production lines meet the changed-line coverage threshold, or the blocker/maintainer override is documented. — Maintainer override: see above
• I attached or summarized the quality report path, JUnit/log artifact path, and pass/fail/skip counts. — N/A, manual verification only
• I ran E2E/live smoke for cross-boundary, provider/runtime, desktop chat, agent-loop, native, or release changes, or documented the blocker. — Blocked: requires desktop build environment

Risk

• This PR does not touch CLI core paths, or it has maintainer approval for allow-cli-core-change.
• Production code changes include matching tests, or have maintainer approval for allow-missing-tests. — Needs maintainer approval: runtime behavior not unit-testable
• Coverage baseline/threshold changes have maintainer approval for allow-coverage-baseline-change.
• Quarantined tests still have owners, exit criteria, and unexpired review windows.
• Provider/runtime changes were covered by mock contract tests, and live smoke was run or explicitly deferred.

Test Plan

• Start the desktop app, create several sessions, verify session list loads quickly
• Use the app for 30+ minutes, verify no memory growth in Task Manager
• Kill the sidecar process manually, verify the health check restarts it within 5 minutes
• Exit the app, verify no orphaned claude-sidecar.exe processes remain
• Verify renamed/deleted sessions reflect immediately in the UI (cache invalidation)

🤖 Generated with Claude Code

[github-actions]

PR quality triage

Changed areas: area:desktop, area:server

CLI core policy: No CLI-core policy block detected.

Missing-test policy: Blocked by policy until a maintainer applies allow-missing-tests or matching tests are added.

Coverage baseline policy: No coverage-baseline policy block detected.

CLI core files:

• none

Coverage policy files:

• none

Expected checks:

• change-policy
• desktop-checks
• server-checks
• desktop-native-checks
• coverage-checks

Test coverage signals:

• BLOCKING unless allow-missing-tests is applied: Server product files changed without a server test file in the PR.
• BLOCKING unless allow-missing-tests is applied: Agent/runtime product files changed without a tools/utils test file in the PR.
• Agent/model runtime path changed: use mock/request-shape tests in PR and maintainer live-model smoke before release.

Risk notes:

• Tauri/native code changed: inspect sidecar build and cargo check.
• Session runtime changed: review reconnect, startup diagnostics, provider selection, and thinking settings.

Hard merge gates still come from GitHub Actions, not AI review.

Dosu handoff: Dosu can be used as the AI reviewer for risk explanation, missing-test prompts, and maintainer Q&A. If it does not comment automatically from the PR template, ask:

@dosubot review this PR for changed-area risk, missing tests, docs impact, desktop startup risk, and CLI core impact.