mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-27 13:34:25 +02:00
Garry Tan
920a13a17f
* fix(browse): identity-based terminal-agent kill replaces pkill regex
Commit 0 of the v1.44 long-lived-sidebar PR — foundation for the watchdog
and removes a latent cross-session footgun.
`pkill -f terminal-agent\.ts` (cli.ts spawn site + server.ts shutdown) matched
by argv regex and would kill ANY process whose argv contained the string —
sibling gstack sessions on the same host, an editor with the file open, a
second `$B connect` run. Identity-based PID kill via a new helper module
removes that whole class of bug.
* New `browse/src/terminal-agent-control.ts`: `readAgentRecord`,
`writeAgentRecord`, `clearAgentRecord`, `killAgentByRecord`. Validates
PID liveness via `isProcessAlive` before signaling (PID-reuse defense).
* `terminal-agent.ts` writes `<stateDir>/terminal-agent-pid` (JSON
`{pid, gen, startedAt}`) at boot; clears on SIGTERM/SIGINT.
* New per-boot `CURRENT_GEN` (16-byte random); `/internal/*` callers can
include `X-Browse-Gen` to defend against split-brain in the upcoming
watchdog. Absent header is accepted (backward compat); mismatch returns
409. New `checkInternalAuth` helper centralizes bearer + gen checks.
* New `/internal/healthz` route — agent liveness probe used by the
upcoming watchdog (returns pid/gen/sessions, no claude-binary lookup).
* `cli.ts` and `server.ts` both call `killAgentByRecord` instead of pkill.
* `ServerConfig.ownsTerminalAgent` JSDoc updated; the gated teardown now
runs 4 side effects (was 3) — adds the new agent-record unlink.
Test changes:
* New `browse/test/terminal-agent-pid-identity.test.ts` — static-grep
tripwire that fails CI if any source file re-introduces `pkill ...
terminal-agent` or `spawnSync('pkill', ...)`; round-trips
write/read/clear; verifies killAgentByRecord no-ops on dead PIDs.
* `browse/test/server-embedder-terminal-port.test.ts` rewritten to
intercept `process.kill` (not `child_process.spawnSync`); writes a
sentinel agent-record with a guaranteed-dead PID; asserts probe-only
(signal 0) calls, no termination signals; verifies all 3 discovery
files including the new terminal-agent-pid.
Closes TODOS.md P3 ("Identity-based terminal-agent kill").
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(tests): repair 7 pre-existing failures (env pollution + stale markers)
All 7 failures existed on main before this branch — verified via `git stash`
round-trip. Bundling them into the long-lived-sidebar PR because we kept
tripping over them while running `bun test` to verify Commit 0.
* Global afterEach restores `process.env.PATH` (new bunfig.toml +
test-setup.ts). browser-skill-commands.test.ts sets
`PATH = '/test/bin:/usr/bin'` to exercise a scrubbed-env fixture and
used the broken `process.env = origEnv` reassignment pattern that
swaps the proxy reference; the underlying env stayed mutated and
leaked downstream. Fixed three call sites in that file and added a
narrow PATH-only global guardrail so a future polluter can't bring
the bug back. Killed: pair-agent-tunnel-eval (bun ENOENT),
security.test.ts > resolveBashBinary (Bun.which('bash') null),
server-no-import-side-effects (bun ENOENT).
* server-auth.test.ts: two `sliceBetween` markers referenced strings
deleted when sidebar-agent.ts was ripped — `'Sidebar agent started'`
→ `'Terminal agent started'`, `'Sidebar endpoints'` → `'Batch endpoint'`.
Also fixed the pair-agent BROWSE_PARENT_PID assertion (the literal
`serverEnv.BROWSE_PARENT_PID` never existed in source; the actual
contract is the object-literal `BROWSE_PARENT_PID: '0'` inside the
`const serverEnv` declaration).
* test/upgrade-migration-v1.test.ts: also overrides HOME in the spawn
env. The migration shells out to `${HOME}/.claude/skills/gstack/bin/gstack-config`
and a developer's real config with `explain_level` set causes the
script to take the "user already decided" branch and skip writing
the pending-prompt flag the test asserts on.
* test/setup-codesign.test.ts: replaced fragile `bun run build`
string-match (which hit a comment 700 lines later) with the actual
invocation `bun_cmd run build` used in the setup script.
Net: full suite is now green; CI no longer trips on bash/bun-ENOENT
from PATH pollution or on test markers that drifted with the codebase.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* refactor(terminal-agent): extract internalHandler<T> helper for /internal/* routes
Replaces the copy-pasted bearer-auth + X-Browse-Gen + req.json().then().catch()
boilerplate on /internal/grant and /internal/revoke with a single
internalHandler<T>(req, fn) wrapper. Future /internal/* routes added by the
v1.44 long-lived-sidebar work (/internal/lease-refresh, /internal/restart)
land as one-liners using the same helper. Pure refactor; no behavior change.
/internal/healthz stays on the bare checkInternalAuth gate because it's a
GET with no JSON body to parse — the helper's body-parse path would 400 it.
* browse/src/terminal-agent.ts — new internalHandler<T>; /internal/grant
+ /internal/revoke routed through it.
* browse/test/terminal-agent-internal-handler.test.ts — static-grep
tripwire that fails CI if the helper goes away or either of the two
refactored routes regresses to the old inline pattern.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(terminal-agent): 25s WS keepalive ping/pong + client keepalive frames
PTY connections were dying silently after NAT idle timeouts (30-60s on most
home routers, even shorter on some carrier-grade NAT) and Chrome MV3 panel
suspension. Neither side noticed until the user's next keystroke produced
no output. Both sides now drive a 25s keepalive cycle.
Server side (browse/src/terminal-agent.ts):
* New ws.open handler constructs the PtySession eagerly and starts a
setInterval that sends `{type:"ping",ts:Date.now()}` every 25s.
Interval handle stored on session.pingInterval so close() can clear it.
* PtySession.pingInterval field added; cleared in ws.close before
disposeSession runs. Prevents timer leak across reconnects.
* Message handler accepts `{type:"ping"|"pong"|"keepalive"}` silently —
keepalive frames are a liveness signal at the TCP layer, no state to
update. Existing resize/tabSwitch/tabState handling unchanged.
* GSTACK_PTY_KEEPALIVE_INTERVAL_MS env knob (default 25000) lets the
upcoming e2e tests compress idle assertions without 30s waits.
Client side (extension/sidepanel-terminal.js):
* Belt-and-suspenders: client also runs a 25s setInterval that sends
`{type:"keepalive"}`. Defends against Chrome pausing our timers if
the server-side ping ever gets dropped (rare but possible in MV3).
* Ping reply: on `{type:"ping",ts}` from the server, immediately send
`{type:"pong",ts}`. Lets the agent observe round-trip latency for
free and confirms the channel is bidirectional.
* Interval cleared in three teardown paths: ws.close handler,
teardown(), forceRestart(). Three paths exist because the sidebar
can exit the LIVE state through any of them; all three must clean up
or we leak timers across reconnects.
Test (browse/test/terminal-agent-keepalive.test.ts):
* Static-grep tripwires for the 7-point protocol contract: agent has
a configurable interval, open() starts the ping, close() clears it,
message handler accepts keepalive vocabulary, client sends keepalive
+ replies pong, and all three client teardown paths clear the timer.
* Wire-level tests (actually observe a ping after 25s) belong in the
e2e tier — adding them here would either flake on slow CI or require
a real Bun.serve listener per test which we don't want to pay for
in the free tier.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(sidebar): patient tryAutoConnect — poll forever with ascending status, abort only on 401
The 15s give-up message ("Browse server not ready. Reload sidebar to retry.")
fired on every cold start where the daemon took >15s to bind — common on
Conductor workspaces, CI runners, and any system under load. The user
already opened the sidebar; telling them to give up is the wrong default.
Now polls every 2s indefinitely with ascending status messages:
* 0 - 15s : silent (handles the happy path on a warm laptop)
* 15 - 60s : "Waiting for browse server..."
* 60s - 5m : "Still waiting — browse server may be slow to start."
* > 5m : "Browse server still not responding after 5 min. Try `$B status`."
Loop aborts on three signals only:
* state transitions out of IDLE (connect succeeded or user navigated)
* autoConnectAborted sticky flag set on unrecoverable error
* the panel itself unloading (browser handles this; pagehide cleanup
arrives with T8 of the larger plan)
401 from /pty-session sets the sticky flag with a clear "Auth invalid —
reload the sidebar or restart your gstack session." message. Without the
flag, the loop would re-call connect() every 2s and spam the same error;
with it, the user sees the message once and the loop holds. forceRestart()
clears the flag so clicking Restart is the explicit "try again" escape hatch.
Bumped poll interval 200ms → 2000ms — the legacy tight loop burned CPU
for no reason. 2s is plenty fast for a "did the daemon come up yet" check.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(browse): terminal-agent watchdog with PID liveness + crash-loop guard
terminal-agent could die independently of the server — SIGKILL from the OS
OOM killer, an uncaught exception under PTY churn, an external `pkill` from
a sibling debugging session. Pre-v1.44 the sidebar would observe the broken
connection and stay broken until the user reloaded the sidebar. Now a 60s
ticker checks the recorded agent PID and respawns via the shared
spawnTerminalAgent helper when dead.
Identity-based liveness (T4 from the eng review):
* Uses readAgentRecord + isProcessAlive (signal 0 probe), not a name match.
* Slow-but-alive agents intentionally fall through — respawning around a
living agent would create split-brain (two agents writing the port
file, tokens diverging between them, mystery upgrade 401s).
* Pairs with the v1.44 generation counter in /internal/* loopback calls:
if a stale agent does come back to life mid-cycle, its X-Browse-Gen
no longer matches and the parent's calls 409 cleanly.
Crash-loop guard:
* 3 respawn attempts inside a rolling 60s window → stop trying. A daemon
up for a week with one crash a day shouldn't trip the guard.
* On trip: one-line error to console (`respawn guard tripped`) and the
watchdog goes dormant. Manual restart via the sidebar Restart button
is the explicit signal to re-arm (added in Commit 2 of the larger PR).
Shared spawn path (refactor):
* New spawnTerminalAgent(opts) in terminal-agent-control.ts handles:
prior-PID cleanup → spawn → record stash. Both the CLI cold-start path
in cli.ts and the new server.ts watchdog route through it. Removes the
copy-paste between them; future env wiring lands in one place.
Gated on cfg.ownsTerminalAgent — embedders that pre-launch their own PTY
server (gbrowser phoenix overlay) still own the full lifecycle.
GSTACK_AGENT_WATCHDOG_TICK_MS env knob compresses the 60s tick for e2e
tests without 60s waits per assertion.
Tests:
* browse/test/terminal-agent-watchdog.test.ts — 7 static-grep tripwires
for the load-bearing invariants (ownsTerminalAgent gate, PID-based
liveness, crash-loop guard with window pruning, shutdown cleanup,
CLI cold-start uses the same helper, env knob exists).
* Live process-kill tests belong in the e2e tier; cheaper invariants
here catch refactor regressions in ~1ms each.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(cli): opt-in outer supervisor — respawn browse server on crash
Pre-v1.44 `$B connect` was fire-and-forget: spawn server detached, CLI
exits, server runs unsupervised. If the server crashed (OOM, uncaught
exception, signal kill from a runaway debugger), the user had to notice,
re-run `$B connect`, and resume work. The v1.44 terminal-agent watchdog
recovers from one layer of failure; this commit closes the outer loop.
Opt-in via `--supervise` flag or `BROWSE_SUPERVISE=1` env. Default
behavior is unchanged — every existing caller (Claude Code's Bash tool,
scripts, CI) still gets a prompt return. When the flag is set:
* CLI stays attached, polls server PID every 30s via readState() +
isProcessAlive (same identity primitive as the terminal-agent watchdog).
* On unexpected exit: respawn via the same headed-mode startServer path
used initially, then re-spawn the terminal-agent so the PTY recovers
too (otherwise sidebar Restart is the only path back).
* Crash-loop guard: 5 respawns in a rolling 5-min window → exit 1 with
a clear error. Window pruning means a long-lived daemon with sporadic
crashes does NOT trip the guard (otherwise we punish the user for the
supervisor doing its job).
* Backoff: 1s, 2s, 4s, 8s, 30s capped. Env-overridable via
GSTACK_SUPERVISOR_BACKOFF for tests.
* SIGINT / SIGTERM: clean teardown — signals the supervised server
before exiting itself. Without this, Ctrl-C leaves an orphaned server.
Out of scope (deferred follow-up): routing the Chromium-disconnect
exit-code-1 path back through this supervisor. The terminal-agent
watchdog already covers the highest-frequency restart case; Chromium
crash recovery joins the queue as its own commit.
Test (browse/test/cli-supervisor.test.ts):
* 6 static-grep tripwires: opt-in default, signal wiring, crash-loop
guard with window pruning, backoff schedule env knob, tick interval
env knob, terminal-agent re-spawn after server respawn.
* Live respawn tests belong in the e2e tier (real spawn cycles take
3-8s each; spamming these in the free tier would balloon CI time).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(browse): pty-session-lease registry — stable sessionId + lease lifecycle
Foundation for Commit 2 of the long-lived-sidebar PR. Separates two
concerns that pre-v1.44 were conflated under one token:
* sessionId — stable, non-secret identifier for a single PTY session.
Safe to log, safe in URLs, safe in DevTools. Identifies "this terminal,"
not "you're allowed to use this terminal."
* lease — server-side bookkeeping that maps sessionId → expiresAt.
Re-attach within the lease window resumes the same PTY; expiry tears
it down.
The companion attach-token primitive (short-lived 30s bearer) reuses the
existing browse/src/pty-session-cookie.ts module unchanged — the lease
adds a name-space alongside, it doesn't replace anything.
Codex outside-voice (T1 of the eng review) flagged the original D4
"token IS sessionId" design as conflating identity with auth. The fix
is this lease registry: re-attach URLs carry the stable sessionId
(loggable), the short-lived attachToken stays out of logs.
API:
* mintLease() → { sessionId, expiresAt }
* validateLease(sessionId) → { ok: true, expiresAt } | { ok: false }
* refreshLease(sessionId) — validate-first, never resurrects expired
leases. Security-critical: the 30-min TTL is what bounds blast
radius for a leaked attachToken whose lease should have GC'd.
* revokeLease(sessionId) — explicit dispose path.
* leaseCount() — observability helper.
* __resetLeases() — test-only.
TTL env knob (GSTACK_PTY_LEASE_TTL_MS) lets v1.44 e2e tests compress
the detach window to 1s instead of waiting 30 minutes per assertion.
Server.ts wiring + /pty-session shape change + /pty-restart + /pty-dispose
+ /pty-session/reattach all land in subsequent commits in this branch.
Test (browse/test/pty-session-lease.test.ts):
* 8 cases pinning mint uniqueness, validate-first refresh contract,
revoke idempotency, null/undefined tolerance, and the negative case
that refresh never resurrects a revoked lease (same code path as
expired-and-pruned).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(terminal-agent): sessionId-aware grant + scoped restart + eager spawn
Wires the pty-session-lease primitive (3aada48b) into terminal-agent so
the Commit 2 work in server.ts (next commit) can route /pty-restart and
re-attach by session identity rather than by single-use token.
Changes:
* validTokens: Set<string> → Map<string, string|null>. Each grant carries
its bound sessionId (or null for legacy single-grant callers). On WS
upgrade, the agent surfaces the bound sessionId via ws.data so open()
can register the session in the new reverse index.
* sessionsById: Map<sessionId, PtySession> — populated in open(),
cleared in close(). Required so /internal/restart can find and dispose
one specific session by id rather than enumerating all live sessions.
* /internal/restart: scoped to one sessionId. Codex T2 of the eng review
caught the gap — pre-spec the route would have disposed every PTY on
the agent, breaking pair-agent and any future multi-sidebar setup.
The body now requires `{sessionId}`; missing or unknown id returns
`{killed: 0}` and leaves siblings alone.
* maybeSpawnPty(ws, session): hoisted from the inline binary-frame spawn
block so both the legacy "spawn on first keystroke" trigger AND the
new `{type:"start"}` text-frame trigger land in the same code path.
Idempotent on session.spawned.
* `{type:"start"}` text frame: explicit spawn trigger. forceRestart
(extension side, lands in Commit 2C) sends this immediately on every
fresh WS so claude boots without requiring a keystroke. Pre-v1.44 the
lazy-binary-spawn pattern made the restart feel stuck.
* close(ws): drops the sessionsById entry alongside the existing
sessions WeakMap + validTokens cleanup. Commit 3 will revisit this to
keep the session alive for a 60s detach window before disposing.
Test (browse/test/terminal-agent-session-routing.test.ts):
* 8 static-grep tripwires pinning the load-bearing properties: validTokens
is a Map (not Set), sessionsById exists, /internal/restart is scoped
(negative-assert against enumerate-all patterns), WS upgrade plumbs
sessionId, maybeSpawnPty is the single spawn entry, close() drops the
index. Live spawn cycles belong in the e2e tier.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(server): /pty-session 4-tuple + /pty-restart + /pty-dispose + lease-refresh
Wires the lease + attachToken model end-to-end on the server side. The
client side (extension) lands in the next commit; agent side already
shipped in 449144cd.
Routes:
* POST /pty-session — mints sessionId (stable, loggable) + lease
(server-side bookkeeping) + attachToken (short-lived bearer for the
WS upgrade). Returns the 4-tuple in one round trip. Legacy
ptySessionToken / expiresAt aliases kept for one minor release so
extensions on the v1.43 wire shape keep working.
* POST /pty-session/reattach — validates a sessionId's lease and mints
a FRESH attachToken bound to the same sessionId. Used by Commit 3's
re-attach loop; 410 Gone when the lease has expired so the client
knows to fall back to a brand-new /pty-session.
* POST /pty-restart — one transaction: dispose the caller's existing
PtySession on the agent (via /internal/restart, scoped to one
sessionId — codex T2), revoke the old lease, mint a fresh
sessionId + lease + attachToken, return the 4-tuple. Zero race
window between kill and mint (codex T2 + D8 of the eng review).
* POST /pty-dispose — explicit teardown. sendBeacon-compatible: accepts
auth token in the body so the extension's pagehide handler (Commit 2C)
can fire it without setting custom headers (sendBeacon doesn't
support those). Without this route, every clean browser quit leaves
a zombie PTY alive for the 60s detach window — codex T3 caught it.
* POST /internal/lease-refresh — loopback from terminal-agent on its
25s keepalive cycle (lazy: only when lease is within 5 min of
expiry). Refreshes the lease AND resets the daemon idle timer. T6
of the eng review: PTY activity (not arbitrary SSE consumers) is
what keeps the daemon alive when the sidebar is in use.
Helpers:
* grantPtyToken now accepts optional sessionId and passes it through
to the agent's /internal/grant body. The agent binds token → sessionId
in its validTokens Map so /ws upgrades carry the sessionId for
/internal/restart and Commit 3 re-attach lookups.
* restartPtySession() — new loopback helper that POSTs the agent's
scoped /internal/restart with a sessionId body. Used by /pty-restart
and /pty-dispose.
Auth contract on /pty-dispose deliberately accepts the auth token in
EITHER the Authorization header OR the request body. The body path is
required for sendBeacon (which can't set custom headers); the header
path stays available for non-beacon callers and tests.
Test (browse/test/server-pty-lease-routes.test.ts):
* 7 static-grep tripwires pinning the 4-tuple shape, validate-first
re-attach with 410 fallback, one-transaction restart semantics,
sendBeacon-compatible dispose auth, and the T6 PTY-only idle reset.
* Live route exercises (full mint + grant + WS upgrade cycle) belong
in the e2e tier — they require a real terminal-agent loopback and
take seconds per assertion.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(sidebar): forceRestart via /pty-restart + pagehide /pty-dispose
Closes the Commit 2 loop: server-side lease + restart routes shipped in
25ef24e9; this commit wires the extension client to use them. End-to-end
result — clicking Restart now actually kills the server's PTY before
opening a new WS (zero race window), and closing the sidebar / quitting
the browser disposes the PTY immediately instead of letting it linger
for the upcoming 60s detach window.
sidepanel-terminal.js:
* mintSession callers read the v1.44 4-tuple (sessionId + attachToken)
from /pty-session, with a backward-compat fallback to ptySessionToken
so a partially-updated extension still works against a fresh server
for one minor release.
* Eager spawn via {type:"start"} text frame replaces the legacy
`TextEncoder().encode("\n")` newline hack. Pre-v1.44, the lazy-binary-
spawn pattern made forceRestart look stuck until the user typed —
now claude boots before the prompt renders.
* forceRestart() rewritten as an async one-transaction handler:
1. close current WS with code 4001 (intentional-restart)
2. POST /pty-restart with priorSessionId so the server can scope
the dispose, then mint fresh sessionId + lease + attachToken
in the same response
3. Open new WS with the returned attachToken, send {type:"start"}
immediately for eager spawn
4. On 401: sticky-abort the auto-connect loop (no spam)
5. On 503 / network failure: fall back to patient autoconnect
* currentSessionId tracked and exposed on window.gstackPtySession so
sidepanel.js's pagehide handler can sendBeacon the dispose.
sidepanel.js:
* New pagehide handler fires navigator.sendBeacon('/pty-dispose',
{sessionId, authToken}) on tab close, panel close, browser quit,
or extension reload. sendBeacon-compatible: auth token rides in
the body since sendBeacon can't set custom headers (server route
accepts body-auth per 25ef24e9).
* try/catch around the entire body so a sendBeacon failure can't
interfere with the browser's unload sequence — the 60s detach
window from Commit 3 catches anything we miss.
There's bounded duplication between connect() and forceRestart() (~70
lines of WS attach/handler wiring). Extracting a shared helper is a
clean follow-up but out of scope for the v1.44 ship — both paths are
exercised by the same e2e test.
Test (browse/test/sidepanel-restart-dispose.test.ts):
* 9 static-grep tripwires pinning the 4-tuple parse, eager spawn,
close-code 4001 contract, /pty-restart wire shape, sticky-abort
401 path, sessionId window plumbing, sendBeacon body contract,
and the best-effort try/catch around pagehide.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(terminal-agent): scrollback ring buffer + detach state machine + re-attach
The agent side of Commit 3 — the "magic" feature. A network blip (wifi
hiccup, MV3 panel suspend, brief Chromium pause) now silently reconnects
the sidebar to the SAME claude session with scrollback intact. No more
"Session ended" message + manual Restart click + losing your tool-call
output. Server-side /pty-session/reattach (25ef24e9) and the extension
re-attach loop (next commit) close the loop end-to-end.
Ring buffer (T10):
* Per-session frames: Buffer[] capped at 1 MB (env-overridable via
GSTACK_PTY_RING_BUFFER_BYTES). Each PTY write is one frame, so
eviction is at frame boundaries and never cuts a UTF-8 sequence or
ANSI CSI in half.
* appendToRingBuffer eviction loop keeps at least one frame even at
extreme caps — a single oversized frame can't empty the buffer.
* Alt-screen tracking via canonical xterm CSI ?1049h / CSI ?1049l
sequences. lastIndexOf comparison so trailing state wins when both
appear in one render frame (quick tool-call open+close).
Replay payload (T5 — codex outside-voice):
* buildReplayPayload prefixes DECSTR soft reset (\x1b[!p) and
conditionally re-enters alt-screen if claude was in a tool call at
detach. The client writes RIS (\x1bc) FIRST to clear pre-blip xterm
content; the server's prelude resets character attributes; the ring
buffer replays cleanly on top.
* Order is enforced by the {type:"reattach-begin"} text frame the
agent sends right before the binary replay — client waits for it,
writes RIS, then treats the next binary frame as the replay payload.
Detach state machine (T9):
* PtySession.liveWs decouples the PTY callback from the original ws
closure. On re-attach, swapping session.liveWs is enough — the
on-data callback writes to the new ws automatically.
* close(ws, code, _reason): codes 4001 (intentional restart), 4404
(no-claude), and 1000 (clean exit) trigger immediate dispose.
Anything else (1006 abnormal, 1001 going-away from network blip /
panel suspend) starts a 60s detach timer instead. claude keeps
running, output keeps accumulating in the ring buffer.
* Detach timer is unref'd so the bun process can still exit cleanly
on natural shutdown.
* Sessions without a sessionId (legacy single-shot grants) can't
re-attach by definition — those fall through to immediate dispose.
Re-attach lookup (T9):
* WS open() checks sessionsById[sessionId] FIRST. If a detached
session is sitting there, cancel its detach timer, swap liveWs,
rebind the WS-keyed map, restart keepalive, send reattach-begin
+ replay payload. The PTY process is unchanged.
* /internal/restart now cancels any pending detach timer before
disposal — otherwise the timer would later try to dispose an
already-disposed session.
Env knobs for e2e:
* GSTACK_PTY_RING_BUFFER_BYTES — compress to 256 for eviction tests.
* GSTACK_PTY_DETACH_WINDOW_MS — compress to 1000 for "did the timer
fire?" tests without waiting a minute per assertion.
Tests:
* browse/test/terminal-agent-detach-reattach.test.ts — 10 static-grep
tripwires for the load-bearing properties: interface shape, env
knobs, eviction floor, alt-screen tracking, replay prelude
composition, re-attach lookup, close-code routing, detach timer
unref, /internal/restart timer cancellation, on-data through
session.liveWs.
* browse/test/terminal-agent-session-routing.test.ts test 7 widened
to match the new close(ws, code, _reason) signature.
* browse/test/terminal-agent-keepalive.test.ts test 3 widened
similarly. Both stay regressions for the prior contract.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat(sidebar): silent re-attach with scrollback replay (Commit 3 client side)
Closes the v1.44 long-lived-sidebar loop end-to-end. When the WS dies for
a transient reason (wifi blip, MV3 panel suspend, brief Chromium pause),
the sidebar now silently re-attaches to the SAME claude session inside the
server's 60s detach window. Scrollback replays cleanly; the user keeps
typing without noticing anything happened.
State machine:
* New STATE.RECONNECTING covers the in-flight re-attach window.
setState transitions out of this state reset reattachInFlight so a
concurrent user action (Restart click, panel navigate) short-circuits
cleanly.
* Backoff schedule REATTACH_BACKOFF_MS = [1000, 2000, 4000, 8000] then
8s steady until REATTACH_WINDOW_MS (60s) elapses. Past that point
the server has disposed our session and /pty-session/reattach
returns 410 Gone.
startReattachLoop(prevSessionId):
* Posts /pty-session/reattach with sessionId.
* On 200 with a valid 4-tuple, opens the post-reattach WS directly.
* On 410 (lease expired) — short-circuits to ENDED. No retry; the user
clicks Restart for a fresh session.
* On 401 — sticky-aborts the auto-connect loop. Same defense as 25ef24e9
so we don't spam "Auth invalid" every 2s.
* On network failure or other non-OK status — schedules the next
backoff tick.
openReattachWebSocket(terminalPort, attachToken, sessionId):
* Mostly a clone of connect()'s attach wiring. Reuses the live xterm
element — RIS clears the buffer cleanly when the agent's
{type:"reattach-begin"} arrives, so the visual flash is minimal.
* Handshake: on `{type:"reattach-begin"}` text frame → write `\x1bc`
(RIS) to xterm + set nextBinaryIsReplay = true. The next binary
frame IS the server-built replay payload (DECSTR soft-reset prefix
+ optional alt-screen re-enter + ring buffer contents).
* If THIS reattach WS also dies uncleanly, recurses into another
re-attach loop with the same sessionId — the server's detach window
may still be open. State guard prevents runaway recursion.
connect() + forceRestart() close handlers (existing):
* Both updated to call startReattachLoop on transient close codes
(anything other than 1000 / 4001 / 4404). Was just setState(ENDED).
* Clean codes still bypass — re-attaching to a force-restart's
pre-restart session would be the bug we're avoiding.
Test (browse/test/sidepanel-reattach.test.ts):
* 8 static-grep tripwires for the load-bearing properties: state
constant, backoff schedule, /pty-session/reattach wiring, 410
short-circuit (no retry past lease window), 401 sticky-abort,
reattach-begin → RIS handshake, all three close handlers route
through the loop, clean-code bypass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* chore: bump version and changelog (v1.44.0.0)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* test(terminal-agent): runtime tests for ring buffer + replay + alt-screen tracking
Companion to browse/test/terminal-agent-detach-reattach.test.ts (static-grep
tripwires) — calls appendToRingBuffer + buildReplayPayload directly to prove
behavioral correctness without spinning up a real Bun.serve listener.
* 11 runtime cases: append + byte counting, oversize eviction with
one-frame floor (the eviction loop guard that prevents an oversized
single frame from emptying the buffer), alt-screen tracking via
canonical xterm CSI ?1049h / CSI ?1049l, trailing-state-wins for
enter+exit pairs inside a single render frame, soft-reset prefix
ordering, optional alt-screen re-enter, payload length math.
* Exports appendToRingBuffer, buildReplayPayload, and the PtySession
interface from terminal-agent.ts (purely for testability — they
were module-private; the change is annotation-only).
* Lease registry sanity check: mint two sessions, verify distinct
sessionIds, both valid simultaneously. Catches future refactors
that accidentally couple lease + ring buffer.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(tests): explain_level unset returns the documented default, not empty
Pre-existing failure on main — the test expected gstack-config to return
"" for an unset explain_level (with the comment "preamble default takes
over"), but the script at bin/gstack-config:103 explicitly returns
"default" inline for that key. Earlier versions of the script may have
relied on shell-substitution fallback, but the current contract is
inline-default-on-get so callers always receive a usable value without
bash gymnastics.
Updated the test to match the actual contract. Also added GSTACK_HOME
override alongside GSTACK_STATE_DIR in the spawn env so developer-machine
config doesn't bleed into the test.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1025 lines
38 KiB
JavaScript
1025 lines
38 KiB
JavaScript
/**
|
|
* Terminal sidebar tab — interactive Claude Code PTY in xterm.js.
|
|
*
|
|
* Lifecycle (per plan + codex review):
|
|
* 1. Sidebar opens. Terminal is the default-active tab.
|
|
* 2. Bootstrap card shows "Press any key to start Claude Code."
|
|
* 3. On first keystroke (lazy spawn — codex finding #8): the extension
|
|
* a) POSTs /pty-session on the browse server with the AUTH_TOKEN to
|
|
* mint a short-lived HttpOnly cookie scoped to the terminal-agent.
|
|
* b) Opens ws://127.0.0.1:<terminalPort>/ws — the cookie travels
|
|
* automatically. Terminal-agent validates the cookie + the
|
|
* chrome-extension:// Origin (codex finding #9), then spawns
|
|
* claude in a PTY.
|
|
* 4. Bytes pump both ways. Resize observer sends {type:"resize"} text
|
|
* frames; tab-switch hooks send {type:"tabSwitch"} frames.
|
|
* 5. PTY exits or WS closes -> we show "Session ended" with a restart
|
|
* button. We do NOT auto-reconnect (codex finding #8: auto-reconnect
|
|
* = burn fresh claude session every time).
|
|
*
|
|
* Keep this file dependency-free. xterm.js + xterm-addon-fit are loaded
|
|
* via <script src> tags in sidepanel.html (window.Terminal, window.FitAddon).
|
|
*/
|
|
(function () {
|
|
'use strict';
|
|
|
|
const Terminal = window.Terminal;
|
|
const FitAddonModule = window.FitAddon;
|
|
if (!Terminal) {
|
|
console.error('[gstack terminal] xterm not loaded');
|
|
return;
|
|
}
|
|
|
|
const els = {
|
|
bootstrap: document.getElementById('terminal-bootstrap'),
|
|
bootstrapStatus: document.getElementById('terminal-bootstrap-status'),
|
|
installCard: document.getElementById('terminal-install-card'),
|
|
installRetry: document.getElementById('terminal-install-retry'),
|
|
mount: document.getElementById('terminal-mount'),
|
|
ended: document.getElementById('terminal-ended'),
|
|
restart: document.getElementById('terminal-restart'),
|
|
restartNow: document.getElementById('terminal-restart-now'),
|
|
};
|
|
|
|
/** State machine. */
|
|
const STATE = {
|
|
IDLE: 'idle',
|
|
CONNECTING: 'connecting',
|
|
LIVE: 'live',
|
|
ENDED: 'ended',
|
|
NO_CLAUDE: 'no-claude',
|
|
RECONNECTING: 'reconnecting', // v1.44 Commit 3 — re-attach loop active
|
|
};
|
|
let state = STATE.IDLE;
|
|
|
|
let term = null;
|
|
let fitAddon = null;
|
|
let ws = null;
|
|
/**
|
|
* Sticky abort flag for tryAutoConnect's polling loop. Set when we
|
|
* receive an unrecoverable signal (auth invalid → 401, claude not
|
|
* found, fatal server error) so the loop doesn't keep retrying and
|
|
* spamming the user with the same failure message every 2s. Cleared
|
|
* by forceRestart() so the user can re-enter the polling loop after
|
|
* fixing whatever was wrong.
|
|
*/
|
|
let autoConnectAborted = false;
|
|
/**
|
|
* v1.44 session identity. The stable, non-secret sessionId minted by
|
|
* /pty-session and surfaced back via window.gstackPtySession so the
|
|
* sidepanel.js pagehide handler can sendBeacon /pty-dispose for THIS
|
|
* specific session. forceRestart sends this to /pty-restart so the
|
|
* server can scope the disposal to one terminal rather than all.
|
|
*/
|
|
let currentSessionId = null;
|
|
/**
|
|
* Commit 3 re-attach loop. Set true while a re-attach is in flight so
|
|
* concurrent ws.close events (e.g. user clicks Restart mid-reconnect)
|
|
* can short-circuit. Reset by every state transition out of RECONNECTING.
|
|
*/
|
|
let reattachInFlight = false;
|
|
/**
|
|
* Set true after a {type:"reattach-begin"} text frame and reset after
|
|
* the next binary frame is treated as replay payload. The flag is what
|
|
* lets the message handler distinguish "this binary is the scrollback
|
|
* replay, write RIS first to clear xterm" from "this is live PTY
|
|
* output, just feed it through."
|
|
*/
|
|
let nextBinaryIsReplay = false;
|
|
/**
|
|
* Re-attach backoff schedule (ms). 1s, 2s, 4s, 8s, then 8s steady until
|
|
* 60s total elapsed (Commit 3 detach window). If all attempts fail,
|
|
* fall through to ENDED state and the user clicks Restart for a fresh
|
|
* session.
|
|
*/
|
|
const REATTACH_BACKOFF_MS = [1000, 2000, 4000, 8000];
|
|
const REATTACH_WINDOW_MS = 60_000;
|
|
/**
|
|
* 25s client-side WS keepalive interval (v1.44+). Belt-and-suspenders with
|
|
* the server-side ping in terminal-agent.ts: server pings cover most
|
|
* idle-NAT cases, client keepalive frames also defend against Chromium's
|
|
* MV3-adjacent panel suspension heuristics that can pause our timers.
|
|
* Started on ws.open, cleared on ws.close. The agent silently accepts
|
|
* `{type:"keepalive"}` text frames.
|
|
*/
|
|
let keepaliveInterval = null;
|
|
const KEEPALIVE_INTERVAL_MS = 25000;
|
|
|
|
function show(el) { el.style.display = ''; }
|
|
function hide(el) { el.style.display = 'none'; }
|
|
|
|
function setState(next, opts = {}) {
|
|
state = next;
|
|
switch (next) {
|
|
case STATE.IDLE:
|
|
show(els.bootstrap);
|
|
hide(els.installCard);
|
|
hide(els.mount);
|
|
hide(els.ended);
|
|
els.bootstrapStatus.textContent = opts.message || 'Press any key to start Claude Code.';
|
|
break;
|
|
case STATE.CONNECTING:
|
|
show(els.bootstrap);
|
|
hide(els.installCard);
|
|
hide(els.mount);
|
|
hide(els.ended);
|
|
els.bootstrapStatus.textContent = 'Connecting...';
|
|
break;
|
|
case STATE.LIVE:
|
|
hide(els.bootstrap);
|
|
hide(els.installCard);
|
|
show(els.mount);
|
|
hide(els.ended);
|
|
break;
|
|
case STATE.ENDED:
|
|
hide(els.bootstrap);
|
|
hide(els.installCard);
|
|
hide(els.mount);
|
|
show(els.ended);
|
|
break;
|
|
case STATE.NO_CLAUDE:
|
|
show(els.bootstrap);
|
|
show(els.installCard);
|
|
hide(els.mount);
|
|
hide(els.ended);
|
|
els.bootstrapStatus.textContent = '';
|
|
break;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Read auth + terminalPort from the server's /health. We don't fetch this
|
|
* here — sidepanel.js already polls /health for connection state and
|
|
* exposes the relevant fields on window.gstackHealth (set below in init()).
|
|
* If terminalPort is missing, the agent isn't ready yet.
|
|
*/
|
|
function getHealth() {
|
|
return window.gstackHealth || {};
|
|
}
|
|
|
|
function getServerPort() {
|
|
return window.gstackServerPort || null;
|
|
}
|
|
|
|
function getAuthToken() {
|
|
return window.gstackAuthToken || null;
|
|
}
|
|
|
|
/**
|
|
* POST /pty-session to mint a fresh terminal session. Returns
|
|
* { terminalPort, ptySessionToken, expiresAt } on success, or
|
|
* { error } on failure. The token rides on the WebSocket
|
|
* Sec-WebSocket-Protocol header, which is the only auth header
|
|
* the browser WebSocket API lets us set. The token is NOT persisted —
|
|
* each sidebar load mints a fresh one and discards it on close.
|
|
*/
|
|
async function mintSession() {
|
|
const serverPort = getServerPort();
|
|
const token = getAuthToken();
|
|
if (!serverPort || !token) {
|
|
return { error: 'browse server not ready' };
|
|
}
|
|
try {
|
|
const resp = await fetch(`http://127.0.0.1:${serverPort}/pty-session`, {
|
|
method: 'POST',
|
|
headers: { 'Authorization': `Bearer ${token}` },
|
|
credentials: 'include',
|
|
});
|
|
if (!resp.ok) {
|
|
const body = await resp.text().catch(() => '');
|
|
return { error: `${resp.status} ${body || resp.statusText}` };
|
|
}
|
|
return await resp.json();
|
|
} catch (err) {
|
|
return { error: err && err.message ? err.message : String(err) };
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Commit 3 — re-attach loop. Triggered by an unexpected WS close
|
|
* (anything other than the v1.44 intentional codes) while state was
|
|
* LIVE. Posts /pty-session/reattach with the current sessionId; on
|
|
* success opens a new WS, feeds the {type:"reattach-begin"} +
|
|
* replay-binary handshake from the agent into xterm.
|
|
*
|
|
* Backoff: 1s, 2s, 4s, 8s, then 8s steady. Total wall budget is the
|
|
* server's DETACH_WINDOW_MS (default 60s) — past that point the
|
|
* server has disposed our session and any re-attach attempt will
|
|
* return 410 Gone.
|
|
*
|
|
* Aborts on:
|
|
* - reattachInFlight transitions to false (user clicked Restart or
|
|
* navigated away)
|
|
* - 410 Gone from /pty-session/reattach (lease expired)
|
|
* - 401 (auth invalid)
|
|
* - REATTACH_WINDOW_MS elapsed
|
|
*/
|
|
function startReattachLoop(prevSessionId) {
|
|
if (!prevSessionId) {
|
|
setState(STATE.ENDED);
|
|
return;
|
|
}
|
|
const serverPort = getServerPort();
|
|
const authToken = getAuthToken();
|
|
if (!serverPort || !authToken) {
|
|
setState(STATE.ENDED);
|
|
return;
|
|
}
|
|
reattachInFlight = true;
|
|
setState(STATE.RECONNECTING);
|
|
const startedAt = Date.now();
|
|
let attempt = 0;
|
|
|
|
const tick = async () => {
|
|
if (!reattachInFlight) return;
|
|
if (Date.now() - startedAt > REATTACH_WINDOW_MS) {
|
|
reattachInFlight = false;
|
|
setState(STATE.ENDED);
|
|
return;
|
|
}
|
|
attempt += 1;
|
|
let resp;
|
|
try {
|
|
resp = await fetch(`http://127.0.0.1:${serverPort}/pty-session/reattach`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Bearer ${authToken}`,
|
|
},
|
|
body: JSON.stringify({ sessionId: prevSessionId }),
|
|
credentials: 'include',
|
|
});
|
|
} catch (err) {
|
|
scheduleNextAttempt();
|
|
return;
|
|
}
|
|
if (resp.status === 410) {
|
|
// Server disposed the session — lease window closed. No point
|
|
// retrying; fall through so the user clicks Restart for a fresh
|
|
// session.
|
|
reattachInFlight = false;
|
|
setState(STATE.ENDED);
|
|
return;
|
|
}
|
|
if (resp.status === 401) {
|
|
reattachInFlight = false;
|
|
autoConnectAborted = true;
|
|
setState(STATE.IDLE, {
|
|
message: 'Auth invalid — reload the sidebar or restart your gstack session.',
|
|
});
|
|
return;
|
|
}
|
|
if (!resp.ok) {
|
|
scheduleNextAttempt();
|
|
return;
|
|
}
|
|
let body;
|
|
try { body = await resp.json(); } catch { body = null; }
|
|
if (!body || !body.terminalPort || !body.attachToken) {
|
|
scheduleNextAttempt();
|
|
return;
|
|
}
|
|
reattachInFlight = false;
|
|
openReattachWebSocket(body.terminalPort, body.attachToken, body.sessionId || prevSessionId);
|
|
};
|
|
|
|
const scheduleNextAttempt = () => {
|
|
const backoffIdx = Math.min(attempt - 1, REATTACH_BACKOFF_MS.length - 1);
|
|
const delay = REATTACH_BACKOFF_MS[backoffIdx] ?? 8000;
|
|
setTimeout(tick, delay);
|
|
};
|
|
|
|
tick();
|
|
}
|
|
|
|
/**
|
|
* Open the post-reattach WebSocket. Mostly a clone of connect()'s
|
|
* attach wiring but with the {type:"reattach-begin"} → RIS → binary
|
|
* replay handshake added. The xterm element is REUSED (not disposed) so
|
|
* the buffer flash is minimal — RIS clears it cleanly just before the
|
|
* replay arrives.
|
|
*/
|
|
function openReattachWebSocket(terminalPort, attachToken, sessionId) {
|
|
currentSessionId = sessionId || null;
|
|
try { window.gstackPtySession = currentSessionId; } catch {}
|
|
setState(STATE.LIVE);
|
|
ensureXterm();
|
|
nextBinaryIsReplay = false;
|
|
ws = new WebSocket(`ws://127.0.0.1:${terminalPort}/ws`, [`gstack-pty.${attachToken}`]);
|
|
ws.binaryType = 'arraybuffer';
|
|
|
|
ws.addEventListener('open', () => {
|
|
try {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
} catch {}
|
|
if (keepaliveInterval) clearInterval(keepaliveInterval);
|
|
keepaliveInterval = setInterval(() => {
|
|
if (!ws || ws.readyState !== WebSocket.OPEN) return;
|
|
try { ws.send(JSON.stringify({ type: 'keepalive' })); } catch {}
|
|
}, KEEPALIVE_INTERVAL_MS);
|
|
});
|
|
|
|
ws.addEventListener('message', (ev) => {
|
|
if (typeof ev.data === 'string') {
|
|
try {
|
|
const msg = JSON.parse(ev.data);
|
|
if (msg.type === 'reattach-begin') {
|
|
// Clear xterm before the replay binary arrives — RIS (\x1bc)
|
|
// is a full hardware reset that flushes the buffer and
|
|
// resets all attributes. The server's replay starts with
|
|
// DECSTR + optional alt-screen re-enter for safety.
|
|
try { term.write('\x1bc'); } catch {}
|
|
nextBinaryIsReplay = true;
|
|
return;
|
|
}
|
|
if (msg.type === 'error' && msg.code === 'CLAUDE_NOT_FOUND') {
|
|
setState(STATE.NO_CLAUDE);
|
|
try { ws.close(); } catch {}
|
|
return;
|
|
}
|
|
if (msg.type === 'ping') {
|
|
try { ws.send(JSON.stringify({ type: 'pong', ts: msg.ts })); } catch {}
|
|
return;
|
|
}
|
|
} catch {}
|
|
return;
|
|
}
|
|
const buf = ev.data instanceof ArrayBuffer ? new Uint8Array(ev.data) : ev.data;
|
|
// First binary frame after reattach-begin is the replay payload;
|
|
// write it through unchanged (server already prefixed soft-reset).
|
|
// Subsequent binary frames are live PTY output.
|
|
term.write(buf);
|
|
if (nextBinaryIsReplay) nextBinaryIsReplay = false;
|
|
});
|
|
|
|
ws.addEventListener('close', (ev) => {
|
|
ws = null;
|
|
if (keepaliveInterval) {
|
|
clearInterval(keepaliveInterval);
|
|
keepaliveInterval = null;
|
|
}
|
|
// If THIS reattach WS also closes uncleanly, recurse into another
|
|
// re-attach loop with the SAME sessionId — the server may still
|
|
// be inside the detach window. The state check + sessionId guard
|
|
// prevent runaway recursion (ENDED short-circuits the next loop).
|
|
if (state !== STATE.LIVE) return;
|
|
const code = (ev && (ev.code ?? 1006)) || 1006;
|
|
const intentional = code === 1000 || code === 4001 || code === 4404;
|
|
if (intentional || !currentSessionId) {
|
|
setState(intentional ? STATE.ENDED : STATE.ENDED);
|
|
return;
|
|
}
|
|
startReattachLoop(currentSessionId);
|
|
});
|
|
ws.addEventListener('error', (err) => {
|
|
console.error('[gstack terminal] reattach ws error', err);
|
|
});
|
|
}
|
|
|
|
async function checkClaudeAvailable(terminalPort) {
|
|
try {
|
|
const resp = await fetch(`http://127.0.0.1:${terminalPort}/claude-available`, {
|
|
credentials: 'include',
|
|
});
|
|
if (!resp.ok) return { available: false };
|
|
return await resp.json();
|
|
} catch {
|
|
return { available: false };
|
|
}
|
|
}
|
|
|
|
function ensureXterm() {
|
|
if (term) return;
|
|
term = new Terminal({
|
|
fontFamily: '"JetBrains Mono", "SF Mono", Menlo, "Noto Sans Mono CJK KR", "Malgun Gothic", monospace',
|
|
fontSize: 13,
|
|
theme: { background: '#0a0a0a', foreground: '#e5e5e5' },
|
|
cursorBlink: true,
|
|
scrollback: 5000,
|
|
allowTransparency: false,
|
|
convertEol: false,
|
|
});
|
|
if (FitAddonModule && FitAddonModule.FitAddon) {
|
|
fitAddon = new FitAddonModule.FitAddon();
|
|
term.loadAddon(fitAddon);
|
|
}
|
|
// CRITICAL: caller must make els.mount visible BEFORE invoking
|
|
// ensureXterm. xterm.js measures the container synchronously inside
|
|
// term.open() — if the mount is display:none, xterm caches a 0-size
|
|
// viewport and never auto-grows even after the container goes
|
|
// visible. The visible-first pattern is enforced by connect()
|
|
// calling setState(STATE.LIVE) before us.
|
|
term.open(els.mount);
|
|
// First fit waits for the next paint frame so the browser has
|
|
// applied the .active class transition. Otherwise term.cols/rows
|
|
// can come back as the minimum (2x2) when the mount's clientHeight
|
|
// is still being computed.
|
|
requestAnimationFrame(() => {
|
|
try {
|
|
fitAddon && fitAddon.fit();
|
|
if (ws && ws.readyState === WebSocket.OPEN) {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
}
|
|
} catch {}
|
|
});
|
|
|
|
const ro = new ResizeObserver(() => {
|
|
try {
|
|
fitAddon && fitAddon.fit();
|
|
if (ws && ws.readyState === WebSocket.OPEN) {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
}
|
|
} catch {}
|
|
});
|
|
ro.observe(els.mount);
|
|
|
|
// IME composition handling for Korean/CJK input (issue #1272).
|
|
// Suppress partial jamo during composition; only send the final
|
|
// composed string on compositionend. Without this, Korean IME
|
|
// sends fragmented input or doubles characters.
|
|
let composing = false;
|
|
const ta = term.textarea;
|
|
if (ta) {
|
|
ta.addEventListener('compositionstart', () => { composing = true; });
|
|
ta.addEventListener('compositionend', (e) => {
|
|
composing = false;
|
|
if (e.data && ws && ws.readyState === WebSocket.OPEN) {
|
|
ws.send(new TextEncoder().encode(e.data));
|
|
}
|
|
});
|
|
}
|
|
|
|
|
|
term.onData((data) => {
|
|
if (composing) return; // suppress partial input events during IME composition
|
|
if (ws && ws.readyState === WebSocket.OPEN) {
|
|
ws.send(new TextEncoder().encode(data));
|
|
}
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Inject a string into the live PTY (the same way a real keystroke would).
|
|
* Used by the toolbar's Cleanup button and the Inspector's "Send to Code"
|
|
* action so the user can drive claude from outside-the-keyboard surfaces.
|
|
* Returns true if the bytes went out, false if no live session.
|
|
*
|
|
* IMPORTANT (D6): this function stays SYNCHRONOUS and SCAN-FREE. Page-
|
|
* derived input MUST be pre-scanned via window.gstackScanForPTYInject()
|
|
* before calling this. The invariant test in
|
|
* test/extension-pty-inject-invariant.test.ts fails the build if any
|
|
* extension/*.js path calls this without the preceding scan.
|
|
*
|
|
* Why not move the scan inside this function: callers already use the
|
|
* sync `const ok = gstackInjectToTerminal?.(text)` pattern. Making the
|
|
* inject async would turn `ok` into a Promise and silently break every
|
|
* existing call site. Pre-scanning at the caller keeps the boundary
|
|
* clean and the invariant testable.
|
|
*/
|
|
window.gstackInjectToTerminal = function (text) {
|
|
if (!text || !ws || ws.readyState !== WebSocket.OPEN) return false;
|
|
try {
|
|
ws.send(new TextEncoder().encode(text));
|
|
return true;
|
|
} catch {
|
|
return false;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Scan page-derived text via the browse server's /pty-inject-scan
|
|
* endpoint before injecting it into the PTY. Returns:
|
|
* { allow: true, verdict: "PASS" } → safe to inject
|
|
* { allow: true, verdict: "WARN", reasons: [...] } → caller should
|
|
* prompt the user before injecting
|
|
* { allow: false, verdict: "BLOCK", reasons: [...]} → drop the text;
|
|
* caller should surface a banner to the user
|
|
*
|
|
* On any network / endpoint failure: returns
|
|
* { allow: true, verdict: "WARN", reasons: ["scan-unreachable"] }
|
|
* so the caller falls back to WARN+confirm rather than silent PASS.
|
|
*
|
|
* Closes #1370.
|
|
*/
|
|
window.gstackScanForPTYInject = async function (text, origin) {
|
|
if (!text) return { allow: false, verdict: 'BLOCK', reasons: ['empty-text'] };
|
|
try {
|
|
const resp = await fetch('http://127.0.0.1:34567/pty-inject-scan', {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Bearer ${await getAuthTokenForScan()}`,
|
|
},
|
|
body: JSON.stringify({ text, origin: origin || 'extension' }),
|
|
});
|
|
if (!resp.ok) {
|
|
return { allow: true, verdict: 'WARN', reasons: [`scan-http-${resp.status}`] };
|
|
}
|
|
const body = await resp.json();
|
|
const verdict = body.verdict || 'WARN';
|
|
const allow = verdict !== 'BLOCK';
|
|
return { allow, verdict, reasons: body.reasons || [], l4: body.l4 };
|
|
} catch (err) {
|
|
return {
|
|
allow: true,
|
|
verdict: 'WARN',
|
|
reasons: ['scan-unreachable', err && err.message ? err.message : 'fetch-failed'],
|
|
};
|
|
}
|
|
};
|
|
|
|
// The auth token for /pty-inject-scan comes from the same source the
|
|
// sidepanel uses for /pty-session — a runtime fetch from /health (which
|
|
// already returns AUTH_TOKEN in headed mode per CLAUDE.md's v1.1 TODO).
|
|
// We don't echo the token here; this helper is a thin proxy around the
|
|
// existing pattern.
|
|
async function getAuthTokenForScan() {
|
|
if (window.__gstackPtyScanToken) return window.__gstackPtyScanToken;
|
|
try {
|
|
const resp = await fetch('http://127.0.0.1:34567/health');
|
|
const body = await resp.json();
|
|
const token = body.AUTH_TOKEN || body.authToken || '';
|
|
if (token) window.__gstackPtyScanToken = token;
|
|
return token;
|
|
} catch {
|
|
return '';
|
|
}
|
|
}
|
|
|
|
async function connect() {
|
|
if (state !== STATE.IDLE) return; // already connecting/live
|
|
setState(STATE.CONNECTING);
|
|
|
|
const minted = await mintSession();
|
|
if (minted.error) {
|
|
// 401 = stale auth token; no amount of retrying will fix it. Sticky
|
|
// abort the polling loop so we don't spam the same error every 2s
|
|
// until the user clicks Restart (which clears the flag).
|
|
if (typeof minted.error === 'string' && minted.error.startsWith('401')) {
|
|
autoConnectAborted = true;
|
|
setState(STATE.IDLE, {
|
|
message: 'Auth invalid — reload the sidebar or restart your gstack session.',
|
|
});
|
|
return;
|
|
}
|
|
setState(STATE.IDLE, { message: `Cannot start: ${minted.error}` });
|
|
return;
|
|
}
|
|
// v1.44 4-tuple: { terminalPort, sessionId, attachToken, leaseExpiresAt }
|
|
// Falls back to the legacy `ptySessionToken` field for one minor release
|
|
// (server keeps the alias) so a partially-updated extension still works
|
|
// against a fresh server.
|
|
const { terminalPort, sessionId } = minted;
|
|
const attachToken = minted.attachToken || minted.ptySessionToken;
|
|
if (!attachToken) {
|
|
setState(STATE.IDLE, { message: 'Cannot start: no attach token returned' });
|
|
return;
|
|
}
|
|
currentSessionId = sessionId || null;
|
|
// Expose for sidepanel.js pagehide handler — see Commit 2C wiring.
|
|
try { window.gstackPtySession = currentSessionId; } catch {}
|
|
|
|
// Pre-flight: does claude even exist on PATH?
|
|
const claudeStatus = await checkClaudeAvailable(terminalPort);
|
|
if (!claudeStatus.available) {
|
|
setState(STATE.NO_CLAUDE);
|
|
return;
|
|
}
|
|
|
|
// setState(LIVE) flips terminal-mount from display:none to display:flex.
|
|
// We MUST do that BEFORE ensureXterm() — xterm.js measures the container
|
|
// synchronously inside term.open() and a hidden container yields a 0x0
|
|
// terminal that never recovers. ensureXterm + the requestAnimationFrame
|
|
// fit() inside it run after the browser has applied the layout.
|
|
setState(STATE.LIVE);
|
|
ensureXterm();
|
|
|
|
// Token rides on Sec-WebSocket-Protocol — the only auth header the
|
|
// browser WebSocket API lets us set. Cross-port HttpOnly cookies with
|
|
// SameSite=Strict don't survive the jump from server.ts:34567 to the
|
|
// agent's random port from a chrome-extension origin, so cookies
|
|
// alone weren't reliable.
|
|
ws = new WebSocket(`ws://127.0.0.1:${terminalPort}/ws`, [`gstack-pty.${attachToken}`]);
|
|
ws.binaryType = 'arraybuffer';
|
|
|
|
ws.addEventListener('open', () => {
|
|
try {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
} catch {}
|
|
// Push a fresh tab snapshot so claude's tabs.json is populated by
|
|
// the time the lazy spawn finishes booting. Background.js exposes
|
|
// the snapshot helper via chrome.runtime; we ask for it here and
|
|
// forward whatever comes back.
|
|
try {
|
|
chrome.runtime.sendMessage({ type: 'getTabState' }, (resp) => {
|
|
if (resp && ws && ws.readyState === WebSocket.OPEN) {
|
|
try {
|
|
ws.send(JSON.stringify({
|
|
type: 'tabState',
|
|
active: resp.active,
|
|
tabs: resp.tabs,
|
|
reason: 'initial',
|
|
}));
|
|
} catch {}
|
|
}
|
|
});
|
|
} catch {}
|
|
// v1.44 eager spawn: send {type:"start"} so the agent boots claude
|
|
// without requiring the user to type a keystroke. Pre-v1.44 the
|
|
// lazy-binary-spawn pattern made forceRestart look stuck for ~2-3s
|
|
// until the user pressed any key.
|
|
try { ws.send(JSON.stringify({ type: 'start' })); } catch {}
|
|
// v1.44 client-side keepalive. Server pings every 25s; we ALSO send
|
|
// keepalive frames at the same cadence so a paused timer on either
|
|
// side still has the other to lean on. Both are silently dropped
|
|
// by the agent's message handler.
|
|
if (keepaliveInterval) clearInterval(keepaliveInterval);
|
|
keepaliveInterval = setInterval(() => {
|
|
if (!ws || ws.readyState !== WebSocket.OPEN) return;
|
|
try { ws.send(JSON.stringify({ type: 'keepalive' })); } catch {}
|
|
}, KEEPALIVE_INTERVAL_MS);
|
|
});
|
|
|
|
ws.addEventListener('message', (ev) => {
|
|
if (typeof ev.data === 'string') {
|
|
// Agent control message. Treat as JSON; error frames carry code,
|
|
// ping frames trigger an immediate pong reply.
|
|
try {
|
|
const msg = JSON.parse(ev.data);
|
|
if (msg.type === 'error' && msg.code === 'CLAUDE_NOT_FOUND') {
|
|
setState(STATE.NO_CLAUDE);
|
|
try { ws.close(); } catch {}
|
|
return;
|
|
}
|
|
if (msg.type === 'ping') {
|
|
// Mirror the server's timestamp back. Cheap liveness ACK that
|
|
// lets the agent observe round-trip latency for free.
|
|
try { ws.send(JSON.stringify({ type: 'pong', ts: msg.ts })); } catch {}
|
|
return;
|
|
}
|
|
} catch {}
|
|
return;
|
|
}
|
|
// Binary: feed to xterm.
|
|
const buf = ev.data instanceof ArrayBuffer ? new Uint8Array(ev.data) : ev.data;
|
|
term.write(buf);
|
|
});
|
|
|
|
ws.addEventListener('close', (ev) => {
|
|
ws = null;
|
|
if (keepaliveInterval) {
|
|
clearInterval(keepaliveInterval);
|
|
keepaliveInterval = null;
|
|
}
|
|
if (state === STATE.NO_CLAUDE) return;
|
|
// v1.44 Commit 3 — re-attach loop on transient close. Clean codes
|
|
// (1000 = pty exited, 4001 = intentional restart, 4404 = no-claude)
|
|
// skip the loop and fall through to ENDED. Any other code
|
|
// (1006 abnormal, 1001 going-away) is a candidate for re-attach
|
|
// within the 60s server-side detach window, provided we still
|
|
// have a sessionId to match against.
|
|
const code = (ev && (ev.code ?? 1006)) || 1006;
|
|
const intentional = code === 1000 || code === 4001 || code === 4404;
|
|
if (state === STATE.LIVE && !intentional && currentSessionId) {
|
|
startReattachLoop(currentSessionId);
|
|
return;
|
|
}
|
|
setState(STATE.ENDED);
|
|
});
|
|
|
|
ws.addEventListener('error', (err) => {
|
|
console.error('[gstack terminal] ws error', err);
|
|
});
|
|
}
|
|
|
|
function teardown() {
|
|
if (keepaliveInterval) {
|
|
clearInterval(keepaliveInterval);
|
|
keepaliveInterval = null;
|
|
}
|
|
try { ws && ws.close(); } catch {}
|
|
ws = null;
|
|
if (term) {
|
|
try { term.dispose(); } catch {}
|
|
term = null;
|
|
fitAddon = null;
|
|
}
|
|
setState(STATE.IDLE);
|
|
}
|
|
|
|
// ─── Wiring ───────────────────────────────────────────────────
|
|
|
|
/**
|
|
* Force a fresh session: close any open WS, dispose xterm, return to
|
|
* IDLE, kick off auto-connect. Safe to call from any state.
|
|
*/
|
|
/**
|
|
* v1.44 forceRestart: hits the server's /pty-restart one-transaction
|
|
* endpoint with the current sessionId. The server kills the old PtySession
|
|
* scope-to-our-id, mints a fresh sessionId + lease + attachToken, and
|
|
* returns the new 4-tuple in one round trip. Zero race window between
|
|
* kill and mint (codex D8).
|
|
*
|
|
* If we don't have a sessionId (sidebar is in IDLE / ENDED state because
|
|
* the prior session ended cleanly), the route accepts that gracefully —
|
|
* skips the dispose step and just mints fresh. Either way the user sees
|
|
* the same "Restarting..." → fresh prompt UX.
|
|
*/
|
|
async function forceRestart() {
|
|
if (keepaliveInterval) {
|
|
clearInterval(keepaliveInterval);
|
|
keepaliveInterval = null;
|
|
}
|
|
// Re-arm the auto-connect loop in case a prior auth failure stuck the
|
|
// sticky flag — explicit user action is the cleared-flag signal.
|
|
autoConnectAborted = false;
|
|
setState(STATE.IDLE, { message: 'Restarting Claude Code...' });
|
|
|
|
const serverPort = getServerPort();
|
|
const authToken = getAuthToken();
|
|
const priorSessionId = currentSessionId;
|
|
|
|
// Close the local WS BEFORE the server-side kill so the agent's
|
|
// close handler doesn't race with the dispose call.
|
|
try { ws && ws.close(4001, 'intentional-restart'); } catch {}
|
|
ws = null;
|
|
if (term) {
|
|
try { term.dispose(); } catch {}
|
|
term = null;
|
|
fitAddon = null;
|
|
}
|
|
|
|
if (!serverPort || !authToken) {
|
|
// Server hasn't been discovered yet — fall back to the patient
|
|
// polling loop. forceRestart's promise of "fresh prompt now" can't
|
|
// be met without a live server; user sees the patient status path.
|
|
tryAutoConnect();
|
|
return;
|
|
}
|
|
|
|
let nextTuple = null;
|
|
try {
|
|
const resp = await fetch(`http://127.0.0.1:${serverPort}/pty-restart`, {
|
|
method: 'POST',
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
'Authorization': `Bearer ${authToken}`,
|
|
},
|
|
body: JSON.stringify(priorSessionId ? { sessionId: priorSessionId } : {}),
|
|
credentials: 'include',
|
|
});
|
|
if (resp.ok) {
|
|
nextTuple = await resp.json();
|
|
} else if (resp.status === 401) {
|
|
autoConnectAborted = true;
|
|
setState(STATE.IDLE, {
|
|
message: 'Auth invalid — reload the sidebar or restart your gstack session.',
|
|
});
|
|
return;
|
|
} else if (resp.status === 503) {
|
|
// Agent down — fall through to patient autoconnect which will
|
|
// surface the appropriate "waiting for server" status.
|
|
setState(STATE.IDLE, { message: 'Restart failed: terminal agent not ready. Retrying...' });
|
|
} else {
|
|
const body = await resp.text().catch(() => '');
|
|
setState(STATE.IDLE, { message: `Restart failed: ${resp.status} ${body || resp.statusText}` });
|
|
}
|
|
} catch (err) {
|
|
setState(STATE.IDLE, {
|
|
message: `Restart failed: ${err && err.message ? err.message : String(err)}`,
|
|
});
|
|
}
|
|
|
|
if (!nextTuple) {
|
|
// Restart didn't yield a fresh tuple. Fall back to the regular
|
|
// connect path; tryAutoConnect will retry as the server recovers.
|
|
currentSessionId = null;
|
|
try { window.gstackPtySession = null; } catch {}
|
|
tryAutoConnect();
|
|
return;
|
|
}
|
|
|
|
// We have a fresh 4-tuple — open the new WS directly without going
|
|
// through mintSession again. This is the explicit "no race window"
|
|
// path the codex D8 redesign was after.
|
|
const { terminalPort, sessionId, attachToken, expiresAt: _expiresAt } = nextTuple;
|
|
const token = attachToken || nextTuple.ptySessionToken;
|
|
if (!terminalPort || !token) {
|
|
currentSessionId = null;
|
|
tryAutoConnect();
|
|
return;
|
|
}
|
|
currentSessionId = sessionId || null;
|
|
try { window.gstackPtySession = currentSessionId; } catch {}
|
|
|
|
// Pre-flight: claude still on PATH?
|
|
const claudeStatus = await checkClaudeAvailable(terminalPort);
|
|
if (!claudeStatus.available) {
|
|
setState(STATE.NO_CLAUDE);
|
|
return;
|
|
}
|
|
|
|
setState(STATE.LIVE);
|
|
ensureXterm();
|
|
ws = new WebSocket(`ws://127.0.0.1:${terminalPort}/ws`, [`gstack-pty.${token}`]);
|
|
ws.binaryType = 'arraybuffer';
|
|
|
|
ws.addEventListener('open', () => {
|
|
try {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
} catch {}
|
|
try {
|
|
chrome.runtime.sendMessage({ type: 'getTabState' }, (resp) => {
|
|
if (resp && ws && ws.readyState === WebSocket.OPEN) {
|
|
try {
|
|
ws.send(JSON.stringify({
|
|
type: 'tabState',
|
|
active: resp.active,
|
|
tabs: resp.tabs,
|
|
reason: 'restart',
|
|
}));
|
|
} catch {}
|
|
}
|
|
});
|
|
} catch {}
|
|
// Eager spawn — fresh claude prompt visible without user keystroke.
|
|
try { ws.send(JSON.stringify({ type: 'start' })); } catch {}
|
|
if (keepaliveInterval) clearInterval(keepaliveInterval);
|
|
keepaliveInterval = setInterval(() => {
|
|
if (!ws || ws.readyState !== WebSocket.OPEN) return;
|
|
try { ws.send(JSON.stringify({ type: 'keepalive' })); } catch {}
|
|
}, KEEPALIVE_INTERVAL_MS);
|
|
});
|
|
|
|
ws.addEventListener('message', (ev) => {
|
|
if (typeof ev.data === 'string') {
|
|
try {
|
|
const msg = JSON.parse(ev.data);
|
|
if (msg.type === 'error' && msg.code === 'CLAUDE_NOT_FOUND') {
|
|
setState(STATE.NO_CLAUDE);
|
|
try { ws.close(); } catch {}
|
|
return;
|
|
}
|
|
if (msg.type === 'ping') {
|
|
try { ws.send(JSON.stringify({ type: 'pong', ts: msg.ts })); } catch {}
|
|
return;
|
|
}
|
|
} catch {}
|
|
return;
|
|
}
|
|
const buf = ev.data instanceof ArrayBuffer ? new Uint8Array(ev.data) : ev.data;
|
|
term.write(buf);
|
|
});
|
|
|
|
ws.addEventListener('close', (ev) => {
|
|
ws = null;
|
|
if (keepaliveInterval) {
|
|
clearInterval(keepaliveInterval);
|
|
keepaliveInterval = null;
|
|
}
|
|
if (state === STATE.NO_CLAUDE) return;
|
|
// v1.44 Commit 3 — re-attach loop on transient close. Clean codes
|
|
// (1000 = pty exited, 4001 = intentional restart, 4404 = no-claude)
|
|
// skip the loop and fall through to ENDED. Any other code
|
|
// (1006 abnormal, 1001 going-away) is a candidate for re-attach
|
|
// within the 60s server-side detach window, provided we still
|
|
// have a sessionId to match against.
|
|
const code = (ev && (ev.code ?? 1006)) || 1006;
|
|
const intentional = code === 1000 || code === 4001 || code === 4404;
|
|
if (state === STATE.LIVE && !intentional && currentSessionId) {
|
|
startReattachLoop(currentSessionId);
|
|
return;
|
|
}
|
|
setState(STATE.ENDED);
|
|
});
|
|
ws.addEventListener('error', (err) => {
|
|
console.error('[gstack terminal] ws error', err);
|
|
});
|
|
}
|
|
|
|
/**
|
|
* Repaint xterm when the Terminal pane becomes visible. xterm.js has a
|
|
* known issue where its renderer doesn't redraw after a display:none →
|
|
* display:flex flip — the canvas/DOM stays blank until something forces
|
|
* a layout pass. fit() recomputes dimensions, refresh() redraws.
|
|
*/
|
|
function repaintIfLive() {
|
|
if (state !== STATE.LIVE || !term) return;
|
|
try { fitAddon && fitAddon.fit(); } catch {}
|
|
try { term.refresh(0, term.rows - 1); } catch {}
|
|
try {
|
|
if (ws && ws.readyState === WebSocket.OPEN) {
|
|
ws.send(JSON.stringify({ type: 'resize', cols: term.cols, rows: term.rows }));
|
|
}
|
|
} catch {}
|
|
}
|
|
|
|
function init() {
|
|
setState(STATE.IDLE, { message: 'Starting Claude Code...' });
|
|
|
|
els.installRetry?.addEventListener('click', () => {
|
|
// Re-probe claude on PATH, then try a connect.
|
|
setState(STATE.IDLE, { message: 'Starting Claude Code...' });
|
|
tryAutoConnect();
|
|
});
|
|
|
|
// Two restart buttons:
|
|
// - els.restart lives inside the ENDED state card (visible only after
|
|
// a session has ended).
|
|
// - els.restartNow lives in the always-visible toolbar (lets the user
|
|
// force a fresh claude mid-session without waiting for it to exit).
|
|
els.restart?.addEventListener('click', forceRestart);
|
|
els.restartNow?.addEventListener('click', forceRestart);
|
|
|
|
|
|
// Live browser-tab state. background.js → sidepanel.js → us. We
|
|
// forward over the live PTY WebSocket; terminal-agent.ts writes
|
|
// <stateDir>/active-tab.json + <stateDir>/tabs.json so claude can
|
|
// always read the current tab landscape.
|
|
document.addEventListener('gstack:tab-state', (ev) => {
|
|
if (!ws || ws.readyState !== WebSocket.OPEN) return;
|
|
try {
|
|
ws.send(JSON.stringify({
|
|
type: 'tabState',
|
|
active: ev.detail?.active,
|
|
tabs: ev.detail?.tabs,
|
|
reason: ev.detail?.reason,
|
|
}));
|
|
} catch {}
|
|
});
|
|
|
|
// Repaint after a debug-tab → primary-pane transition. The debug
|
|
// tabs (Activity / Refs / Inspector) hide the Terminal pane via
|
|
// .tab-content { display: none }; xterm doesn't auto-redraw when its
|
|
// container flips back to visible, so we listen for the close-debug
|
|
// event and force a fit + refresh.
|
|
const observer = new MutationObserver(() => {
|
|
const term = document.getElementById('tab-terminal');
|
|
if (term?.classList.contains('active')) {
|
|
requestAnimationFrame(repaintIfLive);
|
|
}
|
|
});
|
|
const target = document.getElementById('tab-terminal');
|
|
if (target) observer.observe(target, { attributes: true, attributeFilter: ['class'] });
|
|
|
|
tryAutoConnect();
|
|
}
|
|
|
|
/**
|
|
* Eager-connect when the sidebar opens. Polls for sidepanel.js to populate
|
|
* window.gstackServerPort + window.gstackAuthToken (which it does as soon
|
|
* as /health succeeds), then fires connect() automatically. The user
|
|
* doesn't have to press a key — Terminal is the default tab and "tap to
|
|
* start" was a needless paper cut on every reload.
|
|
*
|
|
* v1.44 patience overhaul: no more 15s give-up. The user already opened
|
|
* the sidebar; giving up tells them "you did something wrong" when the
|
|
* truth is the daemon is slow to boot (or restarting via the upstream
|
|
* supervisor). We poll forever at 2s intervals with ascending status
|
|
* messages so the user knows we're still trying, and ONLY abort on
|
|
* explicit signals: state transition out of IDLE (connect succeeded
|
|
* or user navigated), or an unrecoverable auth/network signal.
|
|
*/
|
|
function tryAutoConnect() {
|
|
if (state !== STATE.IDLE) return;
|
|
if (autoConnectAborted) return;
|
|
const startedAt = Date.now();
|
|
const tick = () => {
|
|
// If the user navigated away (Chat tab) or already connected, drop out.
|
|
if (state !== STATE.IDLE) return;
|
|
// If a prior attempt hit an unrecoverable error (401, etc.), stop
|
|
// polling. The user clears the flag by clicking Restart.
|
|
if (autoConnectAborted) return;
|
|
if (getServerPort() && getAuthToken()) {
|
|
connect();
|
|
return;
|
|
}
|
|
// Ascending status messages — the user wants to know the sidebar is
|
|
// still trying. Each threshold is the moment the message would
|
|
// mislead if left silent: at 15s "should have started by now," at
|
|
// 60s "the server might be in trouble," at 5min "stop waiting and
|
|
// check on it manually."
|
|
const elapsed = Date.now() - startedAt;
|
|
if (elapsed > 300_000) {
|
|
setState(STATE.IDLE, {
|
|
message: 'Browse server still not responding after 5 min. Try `$B status` in a terminal.',
|
|
});
|
|
} else if (elapsed > 60_000) {
|
|
setState(STATE.IDLE, {
|
|
message: 'Still waiting — browse server may be slow to start.',
|
|
});
|
|
} else if (elapsed > 15_000) {
|
|
setState(STATE.IDLE, { message: 'Waiting for browse server...' });
|
|
}
|
|
setTimeout(tick, 2000);
|
|
};
|
|
tick();
|
|
}
|
|
|
|
if (document.readyState === 'loading') {
|
|
document.addEventListener('DOMContentLoaded', init);
|
|
} else {
|
|
init();
|
|
}
|
|
})();
|