fix(root): warn when PTY_ROOT masks a co-set PTY_SESSION_DIR (#67)
Follow-up to the scratch-session leak smalltalk-claude hit: a harness that
sets the deprecated PTY_SESSION_DIR to isolate, while running in an env that
already exports PTY_ROOT (e.g. a supervised session tree), had its
PTY_SESSION_DIR silently ignored — getSessionDir() prefers the canonical
PTY_ROOT — so its scratch sessions landed in the ambient registry.
Precedence is correct and unchanged (canonical PTY_ROOT wins over the
deprecated legacy var). The fix is visibility: getSessionDir() now warns once
(unless PTY_ROOT_LEGACY_SILENT) when BOTH are set, naming both dirs and
pointing at PTY_ROOT as the isolation mechanism — so the masking is obvious
instead of an invisible leak.
- src/sessions.ts: one-time masking warning when PTY_ROOT + PTY_SESSION_DIR
are both set.
- tests/pty-root.test.ts: regression that a `run -d` session with PTY_ROOT set
lands ONLY under it (not the co-set PTY_SESSION_DIR, not the default), plus
warning visible / PTY_ROOT_LEGACY_SILENT suppresses it.
- README: PTY_ROOT is the isolation mechanism; document the masking + warning.
Verified: pty-root suite 16/16; npm run typecheck clean.