refactor: fix security hardcode, dead code, resource leaks, operator bugs

src/bridge.ts

@@ -135,9 +135,26 @@ export class BridgeServer {
         }
 
         const result = await this.aiService.call(`Analyze chat history for metrics (JSON):\n${historyText.slice(-6000)}`);
-        const jsonMatch = result.match(/\{[\s\S]*?\}/);
-        res.writeHead(jsonMatch ? 200 : 500, { 'Content-Type': 'application/json' });
-        res.end(jsonMatch ? jsonMatch[0] : JSON.stringify({ error: "Parse failed", raw: result }));
+        
+        // Try to extract valid JSON from the AI response
+        let parsed: any = null;
+        try {
+            parsed = JSON.parse(result);
+        } catch {
+            // AI may wrap JSON in markdown code fences — try to extract
+            const fenceMatch = result.match(/```(?:json)?\s*([\s\S]*?)```/);
+            if (fenceMatch) {
+                try { parsed = JSON.parse(fenceMatch[1].trim()); } catch { /* fall through */ }
+            }
+        }
+
+        if (parsed) {
+            res.writeHead(200, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify(parsed));
+        } else {
+            res.writeHead(500, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: "Failed to parse AI response as JSON", raw: summarizeText(result, 500) }));
+        }
     }
 
     private async processBrainInject(data: any, res: http.ServerResponse) {