lidguard-session-runtimelisted

# LidGuard Session Runtime ## Process Exit Watcher Hook stop events may be missed, so LidGuard also watches the agent process. - Prefer a provided parent process id when hooks can supply one. - Managed Codex, Claude Code, GitHub Copilot CLI, and OpenCode hooks should resolve a watched process id from the hook process ancestry on their start events when `WatchParentProcess` is enabled. - Working directory must not be used to auto-resolve watched processes. Keep it only for status, logs, transcript fallback, and webhook payload metadata. - If neither an explicit parent process id nor a hook ancestry owner process id is available, start or update the session with `process=none`. - On Windows, open the target process with synchronize/query rights and wait with `WaitForSingleObject`. - On Windows, read hook process ancestry with CsWin32/WDK `NtQueryInformationProcess(ProcessBasicInformation)`. - On Linux, read hook process ancestry with `/proc/<pid>/stat`, `/proc/<pid>/comm`, and `/proc/<pid>/cmdline`. - On macOS, read hook process ancestry from `ps -axo pid=,ppid=,comm=,command=`. - On Linux and macOS, use `Process.GetProcessById().WaitForExitAsync()` for process exit watching. - Treat the first cleanup signal as authoritative; later stop/watchdog events for the same session should be harmless. - If a provider launches a short-lived wrapper that exits before the real agent, prefer provider-specific process selection rather than broadening the generic resolver. - Watched parent