@1presence/bridge 0.22.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/claude.js +18 -3
- package/dist/index.js +8 -4
- package/package.json +1 -1
package/dist/claude.js
CHANGED
|
@@ -97,8 +97,12 @@ function spawnClaude(params) {
|
|
|
97
97
|
// - `--no-session-persistence` keeps no jsonl on disk. The bridge has zero
|
|
98
98
|
// local filesystem dependency for continuity; Firestore is the only
|
|
99
99
|
// source of truth.
|
|
100
|
-
// - `--session-id <
|
|
101
|
-
//
|
|
100
|
+
// - `--session-id <uuid>` must be a fresh UUID per spawn: the CLI treats
|
|
101
|
+
// this flag as a "claim a new session ID" operation and rejects the
|
|
102
|
+
// second spawn with "Session ID X is already in use" if we reuse one
|
|
103
|
+
// across turns of a chat — even with --no-session-persistence. The
|
|
104
|
+
// bridge passes the per-spawn `conversationId` here; the presence
|
|
105
|
+
// sessionId is correlated separately via bridge logs and spool records.
|
|
102
106
|
const args = [
|
|
103
107
|
'--print',
|
|
104
108
|
'--input-format', 'stream-json',
|
|
@@ -228,7 +232,18 @@ function spawnClaude(params) {
|
|
|
228
232
|
// --setting-sources "") are supposed to make this unreachable. If we see a
|
|
229
233
|
// non-1Presence tool here anyway, something has bypassed those guards — kill
|
|
230
234
|
// immediately so any side effect already in flight is the only damage done.
|
|
231
|
-
|
|
235
|
+
//
|
|
236
|
+
// Valid forms:
|
|
237
|
+
// mcp__1presence__<name> — namespaced MCP form
|
|
238
|
+
// <snake_case_name> — bare form; Claude Code may omit the prefix in
|
|
239
|
+
// stream-json output. Safe because --strict-mcp-config
|
|
240
|
+
// limits MCP to the 1presence server only.
|
|
241
|
+
// Invalid (real violations):
|
|
242
|
+
// PascalCase (Bash, Read, Write, …) — Claude Code built-ins
|
|
243
|
+
// mcp__<other>__* — tools from a different MCP server
|
|
244
|
+
const isMcp1presence = toolName.startsWith('mcp__1presence__');
|
|
245
|
+
const isBareName = /^[a-z][a-z0-9_]*$/.test(toolName);
|
|
246
|
+
if (!isMcp1presence && !isBareName) {
|
|
232
247
|
killedForViolation = true;
|
|
233
248
|
const violation = `bridge tool violation: ${toolName} is not allowed in Local Mode`;
|
|
234
249
|
process.stderr.write(`[bridge] FATAL ${violation} — killing\n`);
|
package/dist/index.js
CHANGED
|
@@ -171,10 +171,14 @@ async function handleMessage(conversationId, text, sessionId, history, auth, vau
|
|
|
171
171
|
const accumulator = (0, accumulator_1.makeBridgeAccumulator)();
|
|
172
172
|
const startedAt = Date.now();
|
|
173
173
|
const turnSessionId = sessionId ?? conversationId; // gateway always supplies one; defensive fallback
|
|
174
|
-
//
|
|
175
|
-
//
|
|
176
|
-
//
|
|
177
|
-
|
|
174
|
+
// The CLI's `--session-id` is treated as a "claim this new session ID"
|
|
175
|
+
// operation — passing the same UUID across turns of one chat (which is
|
|
176
|
+
// what the presence sessionId is) makes turn 2 fail with "Session ID X
|
|
177
|
+
// is already in use", even with --no-session-persistence. Use the
|
|
178
|
+
// per-spawn conversationId instead — continuity comes from history
|
|
179
|
+
// replay via --input-format stream-json, not from CLI session tracking.
|
|
180
|
+
// turnSessionId is still kept for spool records / log correlation.
|
|
181
|
+
const claudePinnedSessionId = isUuid(conversationId) ? conversationId : crypto.randomUUID();
|
|
178
182
|
function buildSpoolRecord(usage, model) {
|
|
179
183
|
const s = accumulator.state();
|
|
180
184
|
return {
|