fix: resolve Issue #56 - fix stack overflow on large session files

[caiyongtian]

Problem

Accessing sessions with large message history (e.g. 1068+ messages) caused HTTP 500 errors due to RangeError: Maximum call stack size exceeded during JSON serialization.

Root Cause

• Massive session objects from buildSessionContext could not be serialized by NextResponse.json
• No error handling for corrupted session files
• No fallback scanning when SessionManager fails
• Deep agent state objects caused additional serialization issues

Solution

1. lib/session-reader.ts

• Added 5-second TTL cache for listAllSessions() to avoid repeated expensive scans
• Implemented safeManualScan() - async fallback scanner using fs/promises
  • Reads only session headers (not full message history)
  • Prevents symlink loops with visitedDirs tracking
  • Non-blocking: runs asynchronously to not block the event loop
• Added sessions cache integration to resolveSessionPath()

2. app/api/sessions/[id]/route.ts

• Granular try-catch blocks for: SessionManager.open, getEntries, getTree, getLeafId, getHeader, buildSessionContext, getSessionName, getRpcSession
• Message truncation: sessions with >500 messages are truncated to last 500
• Serialization safety net: pre-checks JSON.stringify, falls back to minimal response (empty tree, last 50 messages) if serialization fails
• Simplified agentState extraction: only includes isStreaming, isCompacting, contextUsage, systemPrompt, thinkingLevel (primitive-safe)
• Better error responses with details and stack traces

3. next.config.ts

• Added '127.0.0.1' and 'localhost' to allowedDevOrigins to fix HMR WebSocket errors

Testing

• Verified GET /api/sessions/019eb1da-0e62-775b-a744-520fb1da496d (1068 messages) now returns 200 with truncated data instead of 500 error
• Verified GET /api/sessions works correctly with caching
• Verified GET /api/sessions/:id?includeState works with simplified state