npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.10.14 → 0.10.15 - Mend

@agent-team-foundation/first-tree-hub 0.10.14 → 0.10.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/{bootstrap-B2x4TTyJ.mjs → bootstrap-DUeYbwm-.mjs} +60 -4
package/dist/cli/index.mjs +4 -4
package/dist/index.mjs +3 -3
package/dist/{saas-connect-DWcxHtjX.mjs → saas-connect-CebXWFF-.mjs} +135 -117
package/package.json +1 -1

package/dist/{bootstrap-B2x4TTyJ.mjs → bootstrap-DUeYbwm-.mjs} RENAMED Viewed

@@ -3,7 +3,7 @@ import { o as logFormatSchema, s as logLevelSchema } from "./logger-core-BTmvdfl
 import { z } from "zod";
 import { dirname, join } from "node:path";
 import { homedir } from "node:os";
-import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
+import { chmodSync, cpSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, statSync, unlinkSync, writeFileSync } from "node:fs";
 import { randomBytes } from "node:crypto";
 import { parse, stringify } from "yaml";
 //#region ../shared/dist/config/index.mjs
@@ -650,6 +650,7 @@ const serverConfigSchema = defineConfig({
 //#region src/core/bootstrap.ts
 var bootstrap_exports = /* @__PURE__ */ __exportAll({
 	AuthRefreshFailedError: () => AuthRefreshFailedError,
+	AuthRefreshRateLimitedError: () => AuthRefreshRateLimitedError,
 	ensureFreshAccessToken: () => ensureFreshAccessToken,
 	ensureFreshAdminToken: () => ensureFreshAdminToken,
 	loadCredentials: () => loadCredentials,
@@ -706,6 +707,39 @@ var AuthRefreshFailedError = class extends Error {
 	}
 };
 /**
+* Thrown when `/auth/refresh` returns 429. Carries the server-suggested
+* retry-after (or a sane default) so the WS reconnect loop can wait at
+* least that long instead of pounding the limiter inside the same window
+* with its default 1/2/4/8s exponential backoff — which would just keep
+* the rate-limit bucket full and stretch the outage. Defaults to 30s when
+* the server omits the header.
+*/
+var AuthRefreshRateLimitedError = class extends Error {
+	retryAfterMs;
+	constructor(retryAfterMs, message) {
+		super(message ?? `Refresh request rate-limited; retry after ${Math.round(retryAfterMs / 1e3)}s.`);
+		this.name = "AuthRefreshRateLimitedError";
+		this.retryAfterMs = retryAfterMs;
+	}
+};
+/**
+* Parse an HTTP `Retry-After` header. Accepts either an integer seconds
+* value (the form fastify-rate-limit emits) or an RFC 7231 HTTP-date.
+* Returns ms, or `null` when the header is absent / malformed.
+*/
+function parseRetryAfterMs(header) {
+	if (!header) return null;
+	const trimmed = header.trim();
+	const seconds = Number(trimmed);
+	if (Number.isFinite(seconds) && seconds >= 0) return seconds * 1e3;
+	const date = Date.parse(trimmed);
+	if (Number.isFinite(date)) {
+		const delta = date - Date.now();
+		return delta > 0 ? delta : 0;
+	}
+	return null;
+}
+/**
 * In-flight refresh promise. Multiple callers (WS handshake, proactive
 * refresh timer, every SDK request) can see an expired token within the same
 * millisecond — without dedupe each would fire an independent `/auth/refresh`
@@ -747,6 +781,7 @@ async function ensureFreshAccessToken(opts) {
 			signal: AbortSignal.timeout(1e4)
 		});
 		if (res.status === 401) throw new AuthRefreshFailedError("Refresh token rejected by server. Re-run `first-tree-hub connect <token>` (get a fresh token from the Web Computers page → New Connection).");
+		if (res.status === 429) throw new AuthRefreshRateLimitedError(parseRetryAfterMs(res.headers.get("retry-after")) ?? 3e4);
 		if (!res.ok) throw new Error(`Refresh request failed with status ${res.status}.`);
 		const data = await res.json();
 		saveCredentials({
@@ -775,13 +810,34 @@ function isTokenStale(token, minValidityMs) {
 		return true;
 	}
 }
-/** Persist credentials to disk. */
+/**
+* Persist credentials to disk atomically.
+*
+* Plain `writeFileSync` opens with `O_TRUNC` then writes — between those
+* calls the file is empty, and a concurrent `loadCredentials()` (e.g. a
+* background daemon refreshing while the user runs a foreground CLI command)
+* reads "" → `JSON.parse` throws → we fall back to "no credentials" and
+* surface a misleading "run `client connect` again" error. write-to-temp +
+* rename gives readers an all-or-nothing view: they see the old file or the
+* new file, never a half-written one. Server-side the sliding-window design
+* already accepts last-writer-wins semantics for the refresh token itself
+* (see auth service comment), so atomicity at the file level is enough.
+*/
 function saveCredentials(creds) {
 	mkdirSync(dirname(CREDENTIALS_PATH), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), { mode: 384 });
+	const tmp = `${CREDENTIALS_PATH}.tmp.${process.pid}`;
+	try {
+		writeFileSync(tmp, JSON.stringify(creds, null, 2), { mode: 384 });
+		renameSync(tmp, CREDENTIALS_PATH);
+	} catch (err) {
+		try {
+			unlinkSync(tmp);
+		} catch {}
+		throw err;
+	}
 }
 /**
 * Load persisted credentials saved by the `connect` command.
@@ -808,4 +864,4 @@ function saveAgentConfig(agentName, agentId, runtime) {
 	return agentDir;
 }
 //#endregion
-export { resolveConfigReadonly as C, resetConfigMeta as S, setConfigValue as T, initConfig as _, loadCredentials as a, readConfigFile as b, saveAgentConfig as c, DEFAULT_DATA_DIR as d, DEFAULT_HOME_DIR as f, getConfigValue as g, collectMissingPrompts as h, ensureFreshAdminToken as i, saveCredentials as l, clientConfigSchema as m, bootstrap_exports as n, resolveAccessToken as o, agentConfigSchema as p, ensureFreshAccessToken as r, resolveServerUrl as s, AuthRefreshFailedError as t, DEFAULT_CONFIG_DIR as u, loadAgents as v, serverConfigSchema as w, resetConfig as x, migrateLegacyHome as y };
+export { resetConfigMeta as C, setConfigValue as E, resetConfig as S, serverConfigSchema as T, getConfigValue as _, ensureFreshAdminToken as a, migrateLegacyHome as b, resolveServerUrl as c, DEFAULT_CONFIG_DIR as d, DEFAULT_DATA_DIR as f, collectMissingPrompts as g, clientConfigSchema as h, ensureFreshAccessToken as i, saveAgentConfig as l, agentConfigSchema as m, AuthRefreshRateLimitedError as n, loadCredentials as o, DEFAULT_HOME_DIR as p, bootstrap_exports as r, resolveAccessToken as s, AuthRefreshFailedError as t, saveCredentials as u, initConfig as v, resolveConfigReadonly as w, readConfigFile as x, loadAgents as y };

package/dist/cli/index.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 import "../observability-DPyf745N-BSc8QNcR.mjs";
-import { $ as findStaleAliases, A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, I as checkWebSocket, L as printResults, M as checkNodeVersion, N as checkServerConfig, O as checkBackgroundService, P as checkServerHealth, R as reconcileAgentConfigs, S as saveOnboardState, T as migrateLocalAgentDirs, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, _t as probeCapabilities, a as declineUpdate, at as fail, b as onboardCheck, c as detectInstallMode, ct as print, d as startServer, dt as ClientOrgMismatchError, et as formatStaleReason, f as COMMAND_VERSION, ft as ClientUserMismatchError, g as promptAddAgent, gt as cleanWorkspaces, h as isInteractive, ht as SessionRegistry, i as createExecuteUpdate, it as resolveReplyToFromEnv, j as checkDocker, k as checkClientConfig, l as fetchLatestVersion, lt as setJsonMode, m as uploadClientCapabilities, mt as SdkError, nt as createOwner, o as promptUpdate, ot as success, p as reconcileLocalRuntimeProviders, pt as FirstTreeHubSDK, r as registerSaaSConnectCommand, s as PACKAGE_NAME, tt as removeLocalAgent, u as installGlobalLatest, v as formatCheckReport, vt as applyClientLoggerConfig, w as createApiNameResolver, x as onboardCreate, y as loadOnboardState, yt as configureClientLoggerForService, z as getClientServiceStatus } from "../saas-connect-DWcxHtjX.mjs";
+import { $ as findStaleAliases, A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, I as checkWebSocket, L as printResults, M as checkNodeVersion, N as checkServerConfig, O as checkBackgroundService, P as checkServerHealth, R as reconcileAgentConfigs, S as saveOnboardState, T as migrateLocalAgentDirs, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, _t as probeCapabilities, a as declineUpdate, at as fail, b as onboardCheck, c as detectInstallMode, ct as print, d as startServer, dt as ClientOrgMismatchError, et as formatStaleReason, f as COMMAND_VERSION, ft as ClientUserMismatchError, g as promptAddAgent, gt as cleanWorkspaces, h as isInteractive, ht as SessionRegistry, i as createExecuteUpdate, it as resolveReplyToFromEnv, j as checkDocker, k as checkClientConfig, l as fetchLatestVersion, lt as setJsonMode, m as uploadClientCapabilities, mt as SdkError, nt as createOwner, o as promptUpdate, ot as success, p as reconcileLocalRuntimeProviders, pt as FirstTreeHubSDK, r as registerSaaSConnectCommand, s as PACKAGE_NAME, tt as removeLocalAgent, u as installGlobalLatest, v as formatCheckReport, vt as applyClientLoggerConfig, w as createApiNameResolver, x as onboardCreate, y as loadOnboardState, yt as configureClientLoggerForService, z as getClientServiceStatus } from "../saas-connect-CebXWFF-.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as resolveConfigReadonly, S as resetConfigMeta, T as setConfigValue, _ as initConfig, a as loadCredentials, b as readConfigFile, c as saveAgentConfig, d as DEFAULT_DATA_DIR, f as DEFAULT_HOME_DIR, g as getConfigValue, i as ensureFreshAdminToken, l as saveCredentials, m as clientConfigSchema, p as agentConfigSchema, r as ensureFreshAccessToken, s as resolveServerUrl, u as DEFAULT_CONFIG_DIR, v as loadAgents, w as serverConfigSchema, x as resetConfig } from "../bootstrap-B2x4TTyJ.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, _ as getConfigValue, a as ensureFreshAdminToken, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, x as readConfigFile, y as loadAgents } from "../bootstrap-DUeYbwm-.mjs";
 import "../dist-D6AOiyNg.mjs";
 import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-DQ1l18Ah.mjs";
 import "../invitation-B1pjAyOz-BaCA9PII.mjs";
@@ -1608,13 +1608,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-B2x4TTyJ.mjs").then((n) => n.n);
+		const { resolveServerUrl } = await import("../bootstrap-DUeYbwm-.mjs").then((n) => n.r);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-B2x4TTyJ.mjs").then((n) => n.n);
+	const { loadCredentials } = await import("../bootstrap-DUeYbwm-.mjs").then((n) => n.r);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });

package/dist/index.mjs CHANGED Viewed

@@ -1,8 +1,8 @@
 import "./observability-DPyf745N-BSc8QNcR.mjs";
-import { A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, H as resolveCliInvocation, I as checkWebSocket, J as isDockerAvailable, K as uninstallClientService, L as printResults, M as checkNodeVersion, N as checkServerConfig, P as checkServerHealth, Q as rotateClientIdWithBackup, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, b as onboardCheck, d as startServer, g as promptAddAgent, h as isInteractive, j as checkDocker, k as checkClientConfig, mt as SdkError, n as deriveHubUrlFromToken, nt as createOwner, pt as FirstTreeHubSDK, q as ensurePostgres, rt as hasUser, st as blank, t as HubUrlDerivationError, ut as status, v as formatCheckReport, x as onboardCreate, z as getClientServiceStatus } from "./saas-connect-DWcxHtjX.mjs";
+import { A as checkDatabase, B as installClientService, C as runHomeMigration, D as checkAgentConfigs, E as runMigrations, F as checkServerReachable, G as stopClientService, H as resolveCliInvocation, I as checkWebSocket, J as isDockerAvailable, K as uninstallClientService, L as printResults, M as checkNodeVersion, N as checkServerConfig, P as checkServerHealth, Q as rotateClientIdWithBackup, U as restartClientService, V as isServiceSupported, W as startClientService, X as ClientRuntime, Y as stopPostgres, Z as handleClientOrgMismatch, _ as promptMissingFields, b as onboardCheck, d as startServer, g as promptAddAgent, h as isInteractive, j as checkDocker, k as checkClientConfig, mt as SdkError, n as deriveHubUrlFromToken, nt as createOwner, pt as FirstTreeHubSDK, q as ensurePostgres, rt as hasUser, st as blank, t as HubUrlDerivationError, ut as status, v as formatCheckReport, x as onboardCreate, z as getClientServiceStatus } from "./saas-connect-CebXWFF-.mjs";
 import "./logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { i as ensureFreshAdminToken, o as resolveAccessToken, r as ensureFreshAccessToken, s as resolveServerUrl, t as AuthRefreshFailedError } from "./bootstrap-B2x4TTyJ.mjs";
+import { a as ensureFreshAdminToken, c as resolveServerUrl, i as ensureFreshAccessToken, n as AuthRefreshRateLimitedError, s as resolveAccessToken, t as AuthRefreshFailedError } from "./bootstrap-DUeYbwm-.mjs";
 import "./dist-D6AOiyNg.mjs";
 import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-DQ1l18Ah.mjs";
 import "./invitation-B1pjAyOz-BaCA9PII.mjs";
-export { AuthRefreshFailedError, ClientRuntime, FirstTreeHubSDK, HubUrlDerivationError, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, deriveHubUrlFromToken, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, restartClientService, rotateClientIdWithBackup, runHomeMigration, runMigrations, startClientService, startServer, status, stopClientService, stopPostgres, uninstallClientService };
+export { AuthRefreshFailedError, AuthRefreshRateLimitedError, ClientRuntime, FirstTreeHubSDK, HubUrlDerivationError, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, deriveHubUrlFromToken, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, restartClientService, rotateClientIdWithBackup, runHomeMigration, runMigrations, startClientService, startServer, status, stopClientService, stopPostgres, uninstallClientService };

package/dist/{saas-connect-DWcxHtjX.mjs → saas-connect-CebXWFF-.mjs} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { m as __toESM } from "./esm-CYu4tXXn.mjs";
 import { _ as withSpan, a as endWsConnectionSpan, b as require_pino, c as messageAttrs, d as rootLogger$1, g as startWsConnectionSpan, i as currentTraceId, n as applyLoggerConfig, o as getFastifyOtelPlugin, p as setWsConnectionAttrs, r as createLogger$1, t as adapterAttrs, u as observabilityPlugin, v as withWsMessageSpan, y as FIRST_TREE_HUB_ATTR } from "./observability-DPyf745N-BSc8QNcR.mjs";
-import { C as resolveConfigReadonly, S as resetConfigMeta, T as setConfigValue, _ as initConfig, a as loadCredentials, c as saveAgentConfig, d as DEFAULT_DATA_DIR$1, f as DEFAULT_HOME_DIR$1, h as collectMissingPrompts, l as saveCredentials, m as clientConfigSchema, p as agentConfigSchema, r as ensureFreshAccessToken, s as resolveServerUrl, u as DEFAULT_CONFIG_DIR, v as loadAgents, w as serverConfigSchema, x as resetConfig, y as migrateLegacyHome } from "./bootstrap-B2x4TTyJ.mjs";
+import { C as resetConfigMeta, E as setConfigValue, S as resetConfig, T as serverConfigSchema, b as migrateLegacyHome, c as resolveServerUrl, d as DEFAULT_CONFIG_DIR, f as DEFAULT_DATA_DIR$1, g as collectMissingPrompts, h as clientConfigSchema, i as ensureFreshAccessToken, l as saveAgentConfig, m as agentConfigSchema, o as loadCredentials, p as DEFAULT_HOME_DIR$1, u as saveCredentials, v as initConfig, w as resolveConfigReadonly, y as loadAgents } from "./bootstrap-DUeYbwm-.mjs";
 import { $ as refreshTokenSchema, A as createOrgFromMeSchema, B as imageInlineContentSchema, C as clientRegisterSchema, D as createAgentSchema, E as createAdapterMappingSchema, F as dryRunAgentRuntimeConfigSchema, G as isReservedAgentName$1, H as inboxDeliverFrameSchema$1, I as extractMentions, J as loginSchema, K as joinByInvitationSchema, L as githubCallbackQuerySchema, M as createTaskSchema, N as defaultRuntimeConfigPayload, O as createChatSchema, P as delegateFeishuUserSchema, Q as rebindAgentSchema, R as githubDevCallbackQuerySchema, S as clientCapabilitiesSchema$1, St as wsAuthFrameSchema, T as createAdapterConfigSchema, U as inboxPollQuerySchema, V as inboxAckFrameSchema, W as isRedactedEnvValue, X as notificationQuerySchema, Y as messageSourceSchema$1, Z as paginationQuerySchema, _ as adminUpdateTaskSchema, _t as updateClientCapabilitiesSchema, a as AGENT_STATUSES, at as sendToAgentSchema, b as agentRuntimeConfigPayloadSchema$1, bt as updateSystemConfigSchema, ct as sessionEventSchema$1, d as TASK_HEALTH_SIGNALS, dt as switchOrgSchema, et as runtimeStateMessageSchema, f as TASK_STATUSES, ft as taskListQuerySchema, g as adminCreateTaskSchema, gt as updateChatSchema, h as addParticipantSchema, ht as updateAgentSchema, i as AGENT_SOURCES, it as sendMessageSchema, j as createOrganizationSchema, k as createMemberSchema, l as SYSTEM_CONFIG_DEFAULTS, lt as sessionReconcileRequestSchema, m as WS_AUTH_FRAME_TIMEOUT_MS, mt as updateAgentRuntimeConfigSchema, n as AGENT_NAME_REGEX$1, nt as scanMentionTokens, o as AGENT_TYPES, ot as sessionCompletionMessageSchema, p as TASK_TERMINAL_STATUSES, pt as updateAdapterConfigSchema, q as linkTaskChatSchema, r as AGENT_SELECTOR_HEADER$1, rt as selfServiceFeishuBotSchema, s as AGENT_VISIBILITY, st as sessionEventMessageSchema, t as AGENT_BIND_REJECT_REASONS, tt as safeRedirectPath, u as TASK_CREATOR_TYPES, ut as sessionStateMessageSchema, v as agentBindRequestSchema, vt as updateMemberSchema, w as connectTokenExchangeSchema, x as agentTypeSchema$1, xt as updateTaskStatusSchema, y as agentPinnedMessageSchema$1, yt as updateOrganizationSchema, z as githubStartQuerySchema } from "./dist-D6AOiyNg.mjs";
 import { _ as recordRedemption, a as ConflictError, b as uuidv7, c as UnauthorizedError, d as findActiveByToken, f as getActiveInvitation, h as organizations, i as ClientUserMismatchError$1, l as buildInviteUrl, m as invitations, n as BadRequestError, o as ForbiddenError, p as invitationRedemptions, r as ClientOrgMismatchError$1, s as NotFoundError, t as AppError, u as ensureActiveInvitation, y as users } from "./invitation-B1pjAyOz-BaCA9PII.mjs";
 import { createRequire } from "node:module";
@@ -21,7 +21,7 @@ import { fileURLToPath } from "node:url";
 import * as semver from "semver";
 import { confirm, input, password, select } from "@inquirer/prompts";
 import bcrypt from "bcrypt";
-import { and, asc, count, desc, eq, gt, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
+import { and, asc, count, desc, eq, gt, gte, inArray, isNotNull, isNull, lt, ne, or, sql } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/postgres-js";
 import postgres from "postgres";
 import { migrate } from "drizzle-orm/postgres-js/migrator";
@@ -1883,6 +1883,13 @@ var ClientConnection = class extends EventEmitter {
 	/** Fires ~60s before JWT exp so we reconnect with a fresh token first. */
 	authRefreshTimer = null;
 	reconnectAttempt = 0;
+	/**
+	* If the most recent refresh attempt was rate-limited (HTTP 429), the
+	* server-suggested wait in ms — consumed by the next `scheduleReconnect`
+	* to floor its delay so we don't keep retrying inside the same 60s
+	* limiter window. Cleared after one use.
+	*/
+	nextReconnectMinDelayMs = 0;
 	closing = false;
 	registered = false;
 	/** Count of `server:welcome` frames received; drives `isReconnect` flag. */
@@ -2095,6 +2102,10 @@ var ClientConnection = class extends EventEmitter {
 					if (e.name === "AuthRefreshFailedError") {
 						this.closing = true;
 						this.emit("auth:fatal", e);
+					} else if (e.name === "AuthRefreshRateLimitedError") {
+						const retryAfterMs = e.retryAfterMs ?? 3e4;
+						this.nextReconnectMinDelayMs = Math.max(this.nextReconnectMinDelayMs, retryAfterMs);
+						this.authLogger.warn({ retryAfterMs }, "refresh rate-limited; deferring reconnect");
 					}
 					settle(reject, e);
 					ws.close();
@@ -2348,10 +2359,18 @@ var ClientConnection = class extends EventEmitter {
 		if (this.closing) return;
 		this.reconnectAttempt++;
 		this.emit("reconnecting", this.reconnectAttempt);
-		const delay = Math.min(RECONNECT_BASE_MS * 2 ** (this.reconnectAttempt - 1), RECONNECT_MAX_MS);
+		const exponential = Math.min(RECONNECT_BASE_MS * 2 ** (this.reconnectAttempt - 1), RECONNECT_MAX_MS);
+		const floor = this.nextReconnectMinDelayMs;
+		this.nextReconnectMinDelayMs = 0;
+		let delay = Math.max(exponential, floor);
+		if (floor > 0) {
+			const jitter = delay * .2 * (Math.random() * 2 - 1);
+			delay = Math.max(0, Math.round(delay + jitter));
+		}
 		this.wsLogger.debug({
 			attempt: this.reconnectAttempt,
-			delayMs: delay
+			delayMs: delay,
+			floorMs: floor || void 0
 		}, "scheduling reconnect");
 		this.reconnectTimer = setTimeout(() => {
 			this.reconnectTimer = null;
@@ -2401,6 +2420,18 @@ var ClientConnection = class extends EventEmitter {
 	* before the server's scheduleAuthExpiry timer fires. Short-lived tokens
 	* (exp <= lead window) skip the proactive reconnect entirely — we let the
 	* server push `auth:expired` and handle that path.
+	*
+	* Order is "refresh-then-close", not "close-then-let-reconnect-refresh".
+	* The earlier shape relied on the new connection's open handler to do the
+	* `/auth/refresh` HTTP, which forced ≥1s of WS downtime per cycle even on
+	* the happy path (one base reconnect delay + the refresh round-trip) and
+	* compounded badly under 429: every retry attempt also closed/reopened the
+	* WS, holding the agent offline for 15-20s while the limiter cooled down.
+	* Refreshing first lets us swap the new token onto a still-open WS with no
+	* observable disconnect when the refresh succeeds; the original close-and-
+	* reconnect flow only runs on failure as a last-ditch fallback (it'll hit
+	* the same 429 on its next retry, but at least the Retry-After floor is
+	* now wired up so we don't pile attempts inside the same window).
 	*/
 	scheduleProactiveAuthRefresh(token) {
 		this.clearAuthRefreshTimer();
@@ -2410,12 +2441,29 @@ var ClientConnection = class extends EventEmitter {
 		if (delay <= 0) return;
 		this.authLogger.debug({ delayMs: delay }, "scheduled proactive auth refresh");
 		this.authRefreshTimer = setTimeout(() => {
-			this.authRefreshTimer = null;
-			if (this.closing) return;
-			this.authLogger.info("triggering proactive auth refresh");
-			this.ws?.close(1e3, "proactive auth refresh");
+			this.runProactiveAuthRefresh();
 		}, delay);
 	}
+	async runProactiveAuthRefresh() {
+		this.authRefreshTimer = null;
+		if (this.closing) return;
+		this.authLogger.info("triggering proactive auth refresh");
+		try {
+			await this.getAccessToken({ minValidityMs: AUTH_REFRESH_LEAD_MS + 5e3 });
+		} catch (err) {
+			const e = err instanceof Error ? err : new Error(String(err));
+			if (e.name === "AuthRefreshRateLimitedError") {
+				const retryAfterMs = e.retryAfterMs ?? 3e4;
+				this.nextReconnectMinDelayMs = Math.max(this.nextReconnectMinDelayMs, retryAfterMs);
+				this.authLogger.warn({ retryAfterMs }, "proactive refresh rate-limited; deferring reconnect");
+			} else if (e.name === "AuthRefreshFailedError") {
+				this.closing = true;
+				this.emit("auth:fatal", e);
+				return;
+			} else this.authLogger.warn({ err: e }, "proactive refresh failed; falling back to reconnect path");
+		}
+		this.ws?.close(1e3, "proactive auth refresh");
+	}
 };
 /** Built-in handler registry. Populated by handler modules. */
 const HANDLER_REGISTRY = /* @__PURE__ */ new Map();
@@ -9078,7 +9126,7 @@ function createFeedbackHandler(config) {
 	return { handle };
 }
 //#endregion
-//#region ../server/dist/app-Le92-WQA.mjs
+//#region ../server/dist/app-DFDhctwC.mjs
 var __defProp = Object.defineProperty;
 var __exportAll = (all, no_symbols) => {
 	let target = {};
@@ -11316,6 +11364,22 @@ function removeClientConnection(clientId, ws) {
 	clientConnections.delete(clientId);
 	return agentIds;
 }
+/**
+* Was `ws` the socket currently registered as `clientId`'s active connection
+* at the time of the call? Used by ws-client.ts's `socket.on("close")` to
+* decide whether to write `clients.status='disconnected'` to the DB — when a
+* fast reconnect happens, the new socket has already swapped itself in via
+* `setClientConnection`, so the old socket's late-arriving onClose must NOT
+* stamp the row back to disconnected.
+*
+* The check is "this socket equals the registered ws", not "this socket is
+* still OPEN" — the close handler runs precisely when the socket is no
+* longer OPEN, but the in-memory entry might still legitimately point at
+* us if no new connection has taken over yet.
+*/
+function isActiveClientConnection(clientId, ws) {
+	return clientConnections.get(clientId)?.ws === ws;
+}
 /** Send a message to a client's WebSocket. Returns true if delivered. */
 function sendToClient(clientId, message) {
 	const entry = clientConnections.get(clientId);
@@ -14406,18 +14470,11 @@ async function pollInbox(db, inboxId, limit) {
 }
 async function pollInboxInner(db, inboxId, limit) {
 	return db.transaction(async (tx) => {
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
-      UPDATE inbox_entries
-      SET status = 'delivered', delivered_at = NOW()
-      WHERE id IN (
-        SELECT id FROM inbox_entries
-        WHERE inbox_id = ${inboxId} AND status = 'pending' AND notify = true
-        ORDER BY created_at
-        LIMIT ${limit}
-        FOR UPDATE SKIP LOCKED
-      )
-      RETURNING *
-    `));
+		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(limit).for("update", { skipLocked: true });
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
+			status: "delivered",
+			deliveredAt: /* @__PURE__ */ new Date()
+		}).where(inArray(inboxEntries.id, targetIds)).returning());
 	});
 }
 /**
@@ -14430,7 +14487,7 @@ async function pollInboxInner(db, inboxId, limit) {
 * hub-inbox-ws-data-plane §3.2 risk #1).
 *
 * Steps:
-*   1. Sort by `created_at` ASC (PG `RETURNING` does not guarantee order).
+*   1. Sort by `createdAt` ASC (PG `RETURNING` does not guarantee order).
 *   2. For each trigger, collect silent context & bulk-ack stale silent rows.
 *   3. Fetch the trigger messages.
 *   4. Build wire payloads via the single dispatcher.
@@ -14439,16 +14496,16 @@ async function pollInboxInner(db, inboxId, limit) {
 */
 async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
 	if (claimed.length === 0) return [];
-	claimed.sort((a, b) => a.created_at.localeCompare(b.created_at));
+	claimed.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
 	const precedingByEntryId = await collectPrecedingContext(tx, inboxId, claimed);
-	const messageIds = claimed.map((e) => e.message_id);
+	const messageIds = claimed.map((e) => e.messageId);
 	const msgs = await tx.select().from(messages).where(inArray(messages.id, messageIds));
 	const msgMap = new Map(msgs.map((m) => [m.id, m]));
 	const payloads = await buildClientMessagePayloadsForInbox(tx, inboxId, claimed.map((entry) => {
-		const msg = msgMap.get(entry.message_id);
-		if (!msg) throw new Error(`Unexpected: message ${entry.message_id} not found`);
+		const msg = msgMap.get(entry.messageId);
+		if (!msg) throw new Error(`Unexpected: message ${entry.messageId} not found`);
 		return {
-			entryChatId: entry.chat_id,
+			entryChatId: entry.chatId,
 			precedingMessages: precedingByEntryId.get(entry.id) ?? [],
 			message: {
 				id: msg.id,
@@ -14469,15 +14526,15 @@ async function bundleDeliveryWithSilentContext(tx, inboxId, claimed) {
 		const payload = payloads[idx];
 		if (!payload) throw new Error(`Unexpected: payload for entry ${entry.id} not built`);
 		return {
-			id: Number(entry.id),
-			inboxId: entry.inbox_id,
-			messageId: entry.message_id,
-			chatId: entry.chat_id,
+			id: entry.id,
+			inboxId: entry.inboxId,
+			messageId: entry.messageId,
+			chatId: entry.chatId,
 			status: entry.status,
-			retryCount: entry.retry_count,
-			createdAt: entry.created_at,
-			deliveredAt: entry.delivered_at ?? null,
-			ackedAt: entry.acked_at ?? null,
+			retryCount: entry.retryCount,
+			createdAt: entry.createdAt.toISOString(),
+			deliveredAt: entry.deliveredAt?.toISOString() ?? null,
+			ackedAt: entry.ackedAt?.toISOString() ?? null,
 			message: payload
 		};
 	});
@@ -14512,21 +14569,11 @@ async function claimAndBuildForPush(db, inboxId, messageId) {
 		"inbox.id": inboxId,
 		"message.id": messageId
 	}, () => db.transaction(async (tx) => {
-		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.execute(sql`
-          UPDATE inbox_entries
-          SET status = 'delivered', delivered_at = NOW()
-          WHERE id IN (
-            SELECT id FROM inbox_entries
-            WHERE inbox_id = ${inboxId}
-              AND message_id = ${messageId}
-              AND status = 'pending'
-              AND notify = true
-            ORDER BY created_at
-            LIMIT ${PUSH_CLAIM_BATCH_LIMIT}
-            FOR UPDATE SKIP LOCKED
-          )
-          RETURNING *
-        `));
+		const targetIds = tx.select({ id: inboxEntries.id }).from(inboxEntries).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.messageId, messageId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, true))).orderBy(asc(inboxEntries.createdAt)).limit(PUSH_CLAIM_BATCH_LIMIT).for("update", { skipLocked: true });
+		return bundleDeliveryWithSilentContext(tx, inboxId, await tx.update(inboxEntries).set({
+			status: "delivered",
+			deliveredAt: /* @__PURE__ */ new Date()
+		}).where(inArray(inboxEntries.id, targetIds)).returning());
 	}));
 }
 /**
@@ -14549,7 +14596,7 @@ async function claimBacklogForPush(db, inboxId, limit) {
 * `PRECEDING_CONTEXT_WINDOW_SECONDS`. Returned messages are oldest-first.
 *
 * Side effect: bulk-ack ALL silent pending rows in each chat with
-* created_at < latest_trigger.created_at — including ones that fell outside
+* createdAt < latest_trigger.createdAt — including ones that fell outside
 * the window/cap. Otherwise stale silent rows would accumulate and re-load
 * on every poll.
 */
@@ -14557,51 +14604,41 @@ async function collectPrecedingContext(tx, inboxId, triggers) {
 	const result = /* @__PURE__ */ new Map();
 	const byChat = /* @__PURE__ */ new Map();
 	for (const t of triggers) {
-		if (t.chat_id === null) continue;
-		const list = byChat.get(t.chat_id) ?? [];
+		if (t.chatId === null) continue;
+		const list = byChat.get(t.chatId) ?? [];
 		list.push(t);
-		byChat.set(t.chat_id, list);
+		byChat.set(t.chatId, list);
 	}
 	for (const [chatId, chatTriggers] of byChat) {
-		chatTriggers.sort((a, b) => a.created_at.localeCompare(b.created_at));
+		chatTriggers.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
 		let prevCreatedAt = null;
 		for (const trigger of chatTriggers) {
-			const preceding = (await tx.execute(sql`
-        SELECT ie.id, m.id AS message_id, m.sender_id, m.format, m.content, m.metadata,
-               m.created_at
-        FROM inbox_entries ie
-        JOIN messages m ON m.id = ie.message_id
-        WHERE ie.inbox_id = ${inboxId}
-          AND ie.chat_id = ${chatId}
-          AND ie.status = 'pending'
-          AND ie.notify = false
-          AND ie.created_at < ${trigger.created_at}
-          ${prevCreatedAt === null ? sql`` : sql`AND ie.created_at > ${prevCreatedAt}`}
-          AND ie.created_at > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})
-        ORDER BY ie.created_at DESC
-        LIMIT ${50}
-        FOR UPDATE OF ie SKIP LOCKED
-      `)).map((r) => ({
-				id: r.message_id,
-				senderId: r.sender_id,
+			const preceding = (await tx.select({
+				messageId: messages.id,
+				senderId: messages.senderId,
+				format: messages.format,
+				content: messages.content,
+				metadata: messages.metadata,
+				createdAt: messages.createdAt
+			}).from(inboxEntries).innerJoin(messages, eq(messages.id, inboxEntries.messageId)).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, trigger.createdAt), prevCreatedAt === null ? void 0 : gt(inboxEntries.createdAt, prevCreatedAt), sql`${inboxEntries.createdAt} > NOW() - make_interval(secs => ${PRECEDING_CONTEXT_WINDOW_SECONDS})`)).orderBy(desc(inboxEntries.createdAt)).limit(50).for("update", {
+				of: inboxEntries,
+				skipLocked: true
+			})).map((r) => ({
+				id: r.messageId,
+				senderId: r.senderId,
 				format: r.format,
 				content: r.content,
 				metadata: r.metadata ?? {},
-				createdAt: r.created_at
+				createdAt: r.createdAt.toISOString()
 			})).reverse();
 			result.set(trigger.id, preceding);
-			prevCreatedAt = trigger.created_at;
+			prevCreatedAt = trigger.createdAt;
 		}
 		const latestTrigger = chatTriggers[chatTriggers.length - 1];
-		if (latestTrigger) await tx.execute(sql`
-        UPDATE inbox_entries
-        SET status = 'acked', acked_at = NOW()
-        WHERE inbox_id = ${inboxId}
-          AND chat_id = ${chatId}
-          AND status = 'pending'
-          AND notify = false
-          AND created_at < ${latestTrigger.created_at}
-      `);
+		if (latestTrigger) await tx.update(inboxEntries).set({
+			status: "acked",
+			ackedAt: /* @__PURE__ */ new Date()
+		}).where(and(eq(inboxEntries.inboxId, inboxId), eq(inboxEntries.chatId, chatId), eq(inboxEntries.status, "pending"), eq(inboxEntries.notify, false), lt(inboxEntries.createdAt, latestTrigger.createdAt)));
 	}
 	return result;
 }
@@ -14644,23 +14681,14 @@ async function renewEntry(db, entryId, inboxId) {
 	return entry;
 }
 async function resetTimedOutEntries(db, timeoutSeconds = DEFAULT_INBOX_TIMEOUT_SECONDS, maxRetries = DEFAULT_MAX_RETRY_COUNT) {
-	const resetResult = await db.execute(sql`
-    UPDATE inbox_entries SET status = 'pending', retry_count = retry_count + 1
-    WHERE status = 'delivered'
-      AND delivered_at < NOW() - make_interval(secs => ${timeoutSeconds})
-      AND retry_count < ${maxRetries}
-    RETURNING id
-  `);
-	const failedResult = await db.execute(sql`
-    UPDATE inbox_entries SET status = 'failed'
-    WHERE status = 'delivered'
-      AND delivered_at < NOW() - make_interval(secs => ${timeoutSeconds})
-      AND retry_count >= ${maxRetries}
-    RETURNING id
-  `);
+	const reset = await db.update(inboxEntries).set({
+		status: "pending",
+		retryCount: sql`${inboxEntries.retryCount} + 1`
+	}).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, lt(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
+	const failed = await db.update(inboxEntries).set({ status: "failed" }).where(and(eq(inboxEntries.status, "delivered"), sql`${inboxEntries.deliveredAt} < NOW() - make_interval(secs => ${timeoutSeconds})`, gte(inboxEntries.retryCount, maxRetries))).returning({ id: inboxEntries.id });
 	return {
-		reset: resetResult.length,
-		failed: failedResult.length
+		reset: reset.length,
+		failed: failed.length
 	};
 }
 /** Default age (30 days) past which silent rows that no notify-true delivery
@@ -14679,7 +14707,7 @@ const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
 *      `(inbox_id, message_id, chat_id)` means leaving them around blocks
 *      legitimate retries with the same key.
 *
-*   2. `notify=false AND status='pending' AND created_at < NOW() - maxAge` —
+*   2. `notify=false AND status='pending' AND createdAt < NOW() - maxAge` —
 *      stale silent rows that no trigger ever caught up with. After 30
 *      days they're useless as preceding context (the @mention almost
 *      certainly already happened or the chat went dormant).
@@ -14688,22 +14716,11 @@ const SILENT_ROW_GC_MAX_AGE_SECONDS = 720 * 60 * 60;
 * can log meaningful counts.
 */
 async function pruneStaleSilentEntries(db, maxAgeSeconds = SILENT_ROW_GC_MAX_AGE_SECONDS) {
-	const ackedResult = await db.execute(sql`
-    DELETE FROM inbox_entries
-    WHERE notify = false
-      AND status = 'acked'
-    RETURNING id
-  `);
-	const staleResult = await db.execute(sql`
-    DELETE FROM inbox_entries
-    WHERE notify = false
-      AND status = 'pending'
-      AND created_at < NOW() - make_interval(secs => ${maxAgeSeconds})
-    RETURNING id
-  `);
+	const ackedDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "acked"))).returning({ id: inboxEntries.id });
+	const stalePendingDeleted = await db.delete(inboxEntries).where(and(eq(inboxEntries.notify, false), eq(inboxEntries.status, "pending"), sql`${inboxEntries.createdAt} < NOW() - make_interval(secs => ${maxAgeSeconds})`)).returning({ id: inboxEntries.id });
 	return {
-		ackedDeleted: ackedResult.length,
-		stalePendingDeleted: staleResult.length
+		ackedDeleted: ackedDeleted.length,
+		stalePendingDeleted: stalePendingDeleted.length
 	};
 }
 async function agentInboxRoutes(app) {
@@ -15581,8 +15598,9 @@ function clientWsRoutes(notifier, instanceId) {
 				}
 				boundAgents.clear();
 				if (clientId) {
+					const stillActive = isActiveClientConnection(clientId, socket);
 					removeClientConnection(clientId, socket);
-					try {
+					if (stillActive) try {
 						await disconnectClient(app.db, clientId);
 					} catch {}
 				}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agent-team-foundation/first-tree-hub",
-  "version": "0.10.14",
+  "version": "0.10.15",
   "type": "module",
   "description": "First Tree Hub — unified CLI for server, client, and agent management",
   "exports": {