fix(bin): forward signals from pty wrapper to inner CLI

[schickling-assistant]

Independent from #35.

Problem

bin/pty is a thin Node wrapper that re-execs the real CLI via
spawnSync(node, [cli.js, ...args]). spawnSync blocks the wrapper's
event loop, so any signal the wrapper receives is delivered to the
wrapper only — the inner cli.js child never sees it.

This is invisible under most service managers because the manager
SIGKILLs the whole cgroup. It bites hard under systemd with
KillMode=process:

1. systemd tracks the wrapper as MainPID and SIGTERMs it on stop.
2. Wrapper dies. The inner node cli.js supervisor start (which has
   its own SIGTERM handler that runs Supervisor.stop() and releases
   supervisor.lock) is reparented to PID 1 and keeps running.
3. systemd starts a new unit invocation. The new wrapper spawns a new
   inner CLI. acquireLock(\"supervisor\") correctly sees the orphan is
   still alive and exits 1 with [supervisor] another supervisor is already running.
4. systemd's Restart=on-failure loops forever. Reproduced on a NixOS
   host where the restart counter climbed past 500 with the original
   supervisor still alive after an hour.

The supervisor-side stale-lock check (src/sessions.ts:578-623) is
already correct — it inspects the holder pid via kill(pid, 0) and
reclaims dead locks. The bug is upstream: the holder is genuinely alive
because the wrapper never told it to shut down.

Change

bin/pty:

• spawn instead of spawnSync so the wrapper's event loop stays live.
• Forward SIGTERM/SIGINT/SIGHUP/SIGQUIT/SIGUSR1/SIGUSR2 to
  the child.
• Drive the wrapper's own exit from the child's exit event so the
  child has time to flush before status is propagated.
• Normal exit-code passthrough is unchanged. Signal-death maps to
  128 + signum, matching shell convention.
• No new dependencies; still node:child_process + node:os.

tests/wrapper-signal-forwarding.test.ts:

• Spawns the wrapper running supervisor start against an isolated
  PTY_SESSION_DIR, waits for supervisor.pid + supervisor.lock to
  appear, SIGTERMs the wrapper, and asserts:
  1. Wrapper exits within the timeout.
  2. The inner cli.js pid (read from supervisor.pid) dies — proves
     the signal was forwarded.
  3. supervisor.lock is gone — proves the child shut down gracefully
     rather than being SIGKILLed.

Verification

• npx vitest run tests/wrapper-signal-forwarding.test.ts — passes.
• Manually re-applied the old spawnSync wrapper and confirmed the
  test fails (orphan inner pid, leaked lock) — i.e. the test catches
  the regression it's meant to catch.
• npx vitest run (full suite) — 6 pre-existing failures in
  tests/screenshot.test.ts (vim) and tests/shells.test.ts (zsh)
  caused by missing local binaries, unrelated to this change.
  Confirmed the same 6 fail on origin/main without this patch.
• npx tsc -p tsconfig.build.json — clean.

Posted on behalf of @schickling

field	value
agent_name	🪁 cl2-kite
agent_session_id	021feea5-3c35-4d56-a9d5-7d35b4bfcc74
agent_tool	Claude Code
agent_tool_version	2.1.121
agent_runtime	Claude Code 2.1.121
agent_model	claude-opus-4-7
worktree	pty/fix/wrapper-forward-signals
machine	dev3
tooling_profile	dotfiles@unknown-dirty