@geometra/mcp 1.37.0 → 1.38.0

package/dist/__tests__/session-isolation.test.js

@@ -156,4 +156,38 @@ describe('connectThroughProxy({ isolated: true })', () => {
         expect(markerB).toBe('marker-from-/page-a');
         disconnect({ sessionId: sessionB.id, closeProxy: true });
     }, 30_000);
+    it('serializes concurrent default connects to a pooled proxy onto a single session', async () => {
+        // Regression for the per-proxy attach race. Before the attachLock fix,
+        // two concurrent connectThroughProxy calls that both picked the same
+        // pooled proxy entry could both pass attachToReusableProxy's
+        // "reusedExistingSession" check (because neither's session was in
+        // activeSessions yet — connect() runs first) and then both call
+        // connect(proxy.wsUrl), creating two distinct WebSocket sessions
+        // bound to the same Chromium. Two agents would silently mutate the
+        // same DOM. With the lock, the second connect waits for the first,
+        // re-picks via findReusableProxy, and takes the reusedExistingSession
+        // branch — both calls return the same Session object.
+        //
+        // Step 1: warm the pool with a single connect+disconnect so the next
+        // connects find an existing entry. Cold-start parallel connects
+        // legitimately create separate browsers (no shared state to leak), so
+        // the race only matters when the pool is already populated.
+        const warmup = await connectThroughProxy({
+            pageUrl: `${baseUrl}/page-a`,
+            headless: true,
+        });
+        disconnect({ sessionId: warmup.id, closeProxy: false });
+        // Step 2: fire two concurrent connects. Without the lock, both would
+        // call connect(proxy.wsUrl) and create distinct sessions bound to the
+        // same browser. With the lock, the second waits for the first to bind,
+        // then sees the bound session and reuses it.
+        const [sessionA, sessionB] = await Promise.all([
+            connectThroughProxy({ pageUrl: `${baseUrl}/page-a`, headless: true }),
+            connectThroughProxy({ pageUrl: `${baseUrl}/page-a`, headless: true }),
+        ]);
+        // Both connects must converge on the same underlying session. If they
+        // don't, the race re-emerged: two agents would race in the same browser.
+        expect(sessionA.id).toBe(sessionB.id);
+        disconnect({ sessionId: sessionA.id, closeProxy: true });
+    }, 30_000);
 });

package/dist/server.js

@@ -3403,9 +3403,22 @@ async function executeBatchAction(session, action, detail, includeSteps) {
             for (let index = 0; index < resolvedFields.fields.length; index++) {
                 const field = resolvedFields.fields[index];
                 const result = await executeFillField(session, field, detail);
+                // A step is only honestly "ok" when the proxy's underlying action
+                // both (a) did not throw and (b) reported a tree-updating ack —
+                // `wait: 'timed_out'` means the action was sent but the proxy never
+                // confirmed a DOM change that matched the request, which is the
+                // silent-failure mode that used to leak through as a false positive
+                // (e.g. react-select listbox picks that revert on the next render).
+                // Choice fields that land in this branch are almost always failed
+                // commits, not slow commits, so we surface the failure to the caller
+                // instead of pretending the field was set.
+                const waitStatus = result.compact && typeof result.compact === 'object' && 'wait' in result.compact
+                    ? result.compact.wait
+                    : undefined;
+                const ok = waitStatus !== 'timed_out';
                 steps.push(detail === 'verbose'
-                    ? { index, kind: field.kind, ok: true, summary: result.summary }
-                    : { index, kind: field.kind, ok: true, ...result.compact });
+                    ? { index, kind: field.kind, ok, summary: result.summary }
+                    : { index, kind: field.kind, ok, ...result.compact });
             }
             return {
                 summary: steps.map(step => String(step.summary ?? '')).filter(Boolean).join('\n'),

package/dist/session.js

@@ -460,6 +460,7 @@ async function startFreshProxySession(options) {
         : options.awaitInitialFrame !== false
             ? undefined
             : false;
+    let pendingEmbeddedRuntime;
     try {
         const proxyStartStartedAt = performance.now();
         const { runtime, wsUrl } = await startEmbeddedGeometraProxy({
@@ -471,12 +472,16 @@ async function startFreshProxySession(options) {
             slowMo: options.slowMo,
             eagerInitialExtract,
         });
+        pendingEmbeddedRuntime = runtime;
         const proxyStartMs = performance.now() - proxyStartStartedAt;
         const session = await connect(wsUrl, {
             skipInitialResize: true,
             closePreviousProxy: false,
             awaitInitialFrame: options.awaitInitialFrame,
         });
+        // Connect succeeded — the session now owns the runtime, so the
+        // catch-block cleanup below must not also close it.
+        pendingEmbeddedRuntime = undefined;
         session.proxyRuntime = runtime;
         session.proxyReusable = !options.isolated;
         if (options.isolated) {
@@ -508,6 +513,16 @@ async function startFreshProxySession(options) {
         return session;
     }
     catch (e) {
+        // If startEmbeddedGeometraProxy() returned but the subsequent connect()
+        // threw (e.g. WebSocket failure, first-frame timeout), the runtime
+        // still owns a launched Chromium that nobody is going to clean up.
+        // Without this, that Chromium leaks for the lifetime of the MCP server
+        // every time we fall through to the child-process fallback path.
+        if (pendingEmbeddedRuntime) {
+            const leaked = pendingEmbeddedRuntime;
+            pendingEmbeddedRuntime = undefined;
+            void leaked.close().catch(() => { });
+        }
         const proxyStartStartedAt = performance.now();
         const { child, wsUrl } = await spawnGeometraProxy({
             pageUrl: options.pageUrl,
@@ -721,14 +736,36 @@ export async function connectThroughProxy(options) {
         return await startFreshProxySession({ ...options, isolated: true });
     }
     let reuseFailure;
-    const reusableProxy = findReusableProxy(options);
-    if (reusableProxy) {
+    // Loop because if a candidate is currently being attached by another
+    // concurrent connectThroughProxy call we wait for it, then re-pick. The
+    // second pick may now find the same entry already bound to an active
+    // session — attachToReusableProxy's reusedExistingSession branch then
+    // returns that session instead of opening a second WebSocket. Bounded
+    // by the pool size to defend against pathological churn.
+    for (let attempt = 0; attempt < REUSABLE_PROXY_POOL_LIMIT + 1; attempt++) {
+        const reusableProxy = findReusableProxy(options);
+        if (!reusableProxy)
+            break;
+        if (reusableProxy.attachLock) {
+            try {
+                await reusableProxy.attachLock;
+            }
+            catch { /* lock holder failed; we'll re-pick */ }
+            continue;
+        }
+        let releaseLock = () => { };
+        reusableProxy.attachLock = new Promise(resolve => { releaseLock = resolve; });
         try {
             return await attachToReusableProxy(reusableProxy, options);
         }
         catch (err) {
             reuseFailure = err;
             closeReusableProxy(reusableProxy);
+            break;
+        }
+        finally {
+            reusableProxy.attachLock = null;
+            releaseLock();
         }
     }
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@geometra/mcp",
-  "version": "1.37.0",
+  "version": "1.38.0",
   "description": "MCP server for Geometra — interact with running Geometra apps via the geometry protocol, no browser needed",
   "license": "MIT",
   "type": "module",