@hienlh/ppm 0.8.95 → 0.8.96

package/.claude.bak/agent-memory/tester/MEMORY.md

@@ -0,0 +1,3 @@
+# Tester Agent Memory Index
+
+- [project-ppm-test-conventions.md](project-ppm-test-conventions.md) - PPM test setup, gotchas, and conventions

package/.claude.bak/agent-memory/tester/project-ppm-test-conventions.md

@@ -0,0 +1,32 @@
+---
+name: PPM test conventions and gotchas
+description: Key patterns, pitfalls, and setup details for writing tests in the PPM project
+type: project
+---
+
+## Test runner: `bun test` (Jest-compatible API from `bun:test`)
+
+## Test structure
+- `tests/setup.ts` — shared helpers: `createTempDir`, `cleanupDir`, `createTempGitRepo`, `buildTestApp`
+- `tests/unit/services/` — unit tests for ConfigService, ProjectService, FileService, GitService
+- `tests/integration/api/` — integration tests using `app.request()` (no real server needed)
+
+## Critical gotchas
+
+### ppm.yaml in CWD
+The project root has a real `ppm.yaml` with `port: 5555`. `ConfigService.load(missingPath)` falls through to `LOCAL_CONFIG = "ppm.yaml"` in CWD when the given path doesn't exist. Always write an actual file before calling `load()` to avoid picking up this real config.
+
+### Global configService in git routes
+`src/server/routes/git.ts` imports and uses the global `configService` singleton (not injected). Integration tests for git API must mutate `configService.config.projects` directly to register the test repo. Restore to `[]` in `afterEach`.
+
+### ConfigService.load() fallback behavior
+Candidates checked in order: explicit path → PPM_CONFIG env → LOCAL_CONFIG (ppm.yaml) → HOME_CONFIG (~/.ppm/config.yaml). A missing explicit path does NOT stop the fallback chain.
+
+### buildTestApp in setup.ts
+Overrides `configService.save = () => {}` (no-op) to prevent tests writing to disk. Injects config directly by mutating private fields via `as unknown as`.
+
+### Real git repos for git tests
+`createTempGitRepo()` uses `Bun.spawn` with git env vars (author name/email) to create a real repo with an initial commit. No mocks for git operations.
+
+**Why:** Tests must use real implementations — no fakes/mocks that diverge from production behavior.
+**How to apply:** Always use `createTempGitRepo` for anything touching GitService or git API routes.

package/CHANGELOG.md

@@ -1,10 +1,18 @@
 # Changelog
 
-## [0.8.95] - 2026-04-02
+## [0.8.96] - 2026-04-03
+
+_Version bump — 0.8.95 published with incomplete commit set._
+
+## [0.8.95] - 2026-04-03
+
+### Added
+- **Rate-limit auto-retry**: SDK automatically retries on rate_limit/server_error with exponential backoff (15s, 30s, 60s) up to 3 attempts
+- **Increased max turns**: Default maxTurns bumped from 100 to 1000 for longer agent sessions
 
 ### Fixed
-- **Streaming auth loop**: SDK auth errors in streaming mode don't emit result events, leaving the session alive with broken credentials — every follow-up message fails with 401 forever. Now breaks the loop, cooldowns the account, and tears down the session so the next message picks a different account.
-- **Streaming session resource leak**: `finally` block now properly closes SDK subprocess and generator instead of just removing from map.
+- **Session mapping on resume**: Preserve existing sdk_id mapping when resuming sessions to prevent orphaning JSONL conversation history
+- **Usage list expired accounts**: Exclude expired temporary accounts (no refresh token) from usage dashboard
 
 ## [0.8.94] - 2026-04-02
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hienlh/ppm",
-  "version": "0.8.95",
+  "version": "0.8.96",
   "description": "Personal Project Manager — mobile-first web IDE with AI assistance",
   "author": "hienlh",
   "license": "MIT",

package/src/providers/claude-agent-sdk.ts

@@ -650,7 +650,7 @@ export class ClaudeAgentSdkProvider implements AIProvider {
         allowDangerouslySkipPermissions: isBypass,
         ...(providerConfig.model && { model: providerConfig.model }),
         ...(providerConfig.effort && { effort: providerConfig.effort }),
-        maxTurns: providerConfig.max_turns ?? 100,
+        maxTurns: providerConfig.max_turns ?? 1000,
         ...(providerConfig.max_budget_usd && { maxBudgetUsd: providerConfig.max_budget_usd }),
         ...(providerConfig.thinking_budget_tokens != null && {
           thinkingBudgetTokens: providerConfig.thinking_budget_tokens,
@@ -688,7 +688,10 @@ export class ClaudeAgentSdkProvider implements AIProvider {
       // it's a transient subprocess failure — retry once before surfacing the error.
       // Also handles authentication_failed by refreshing OAuth token and retrying.
       const MAX_RETRIES = 1;
+      const MAX_RATE_LIMIT_RETRIES = 3;
+      const RATE_LIMIT_BACKOFF_MS = [15_000, 30_000, 60_000]; // 15s, 30s, 60s
       let retryCount = 0;
+      let rateLimitRetryCount = 0;
       let authRetried = false;
 
       let hadAnyEvents = false;
@@ -736,7 +739,17 @@ export class ClaudeAgentSdkProvider implements AIProvider {
           if (subtype === "init") {
             const initMsg = msg as any;
             if (initMsg.session_id && initMsg.session_id !== sessionId) {
-              setSessionMapping(sessionId, initMsg.session_id, meta.projectName, meta.projectPath);
+              // Only update sdk_id mapping for brand-new sessions (first message).
+              // For resumed sessions the SDK may create a new session_id, but the
+              // old JSONL (keyed by the original sdk_id) still holds the full
+              // conversation history.  Overwriting the mapping would orphan it.
+              const existingSdkId = getSessionMapping(sessionId);
+              const isFirstMessage = existingSdkId === null || existingSdkId === sessionId;
+              if (isFirstMessage) {
+                setSessionMapping(sessionId, initMsg.session_id, meta.projectName, meta.projectPath);
+              } else {
+                console.log(`[sdk] session=${sessionId} ignoring new sdk_id=${initMsg.session_id} to preserve existing mapping → ${existingSdkId}`);
+              }
               const oldMeta = this.activeSessions.get(sessionId);
               if (oldMeta) {
                 this.activeSessions.set(initMsg.session_id, { ...oldMeta, id: initMsg.session_id });
@@ -910,24 +923,36 @@ export class ClaudeAgentSdkProvider implements AIProvider {
               }
             }
 
-            // Auth failed permanently after retry — cooldown account and break loop.
-            // SDK doesn't send a result event after auth errors in streaming mode,
-            // so the streaming session would stay alive with broken credentials forever.
-            // Breaking here lets the finally block tear down the session, so the next
-            // user message creates a fresh session with a different account.
-            if (assistantError === "authentication_failed" && account && authRetried) {
-              accountSelector.onAuthError(account.id);
-              console.warn(`[sdk] session=${sessionId} auth permanently failed — tearing down streaming session`);
-              yield { type: "error", message: "API authentication failed. Check your account credentials in Settings → Accounts." };
-              break;
+            // Rate limit — auto-retry with exponential backoff
+            if ((assistantError === "rate_limit" || assistantError === "server_error") && rateLimitRetryCount < MAX_RATE_LIMIT_RETRIES) {
+              const backoff = RATE_LIMIT_BACKOFF_MS[rateLimitRetryCount] ?? 60_000;
+              rateLimitRetryCount++;
+              if (account) accountSelector.onRateLimit(account.id);
+              console.warn(`[sdk] session=${sessionId} rate limited — retrying in ${backoff / 1000}s (attempt ${rateLimitRetryCount}/${MAX_RATE_LIMIT_RETRIES})`);
+              yield { type: "error", message: `Rate limited. Auto-retrying in ${backoff / 1000}s... (${rateLimitRetryCount}/${MAX_RATE_LIMIT_RETRIES})` };
+              await new Promise((r) => setTimeout(r, backoff));
+              // Close failed query and recreate
+              streamCtrl.done();
+              q.close();
+              const { generator: rlRetryGen, controller: rlRetryCtrl } = createMessageChannel();
+              rlRetryCtrl.push(firstMsg);
+              const retryOpts = { ...queryOptions, sessionId: undefined, resume: undefined };
+              const rq = query({
+                prompt: rlRetryGen,
+                options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
+              });
+              this.streamingSessions.set(sessionId, { meta, query: rq, controller: rlRetryCtrl });
+              this.activeQueries.set(sessionId, rq);
+              eventSource = rq;
+              continue retryLoop;
             }
 
             const errorHints: Record<string, string> = {
               authentication_failed: "API authentication failed. Check your account credentials in Settings → Accounts.",
               billing_error: "Billing error on this account. Check your subscription status.",
-              rate_limit: "Rate limited by the API. Please wait and try again.",
+              rate_limit: `Rate limited by the API. Retried ${MAX_RATE_LIMIT_RETRIES} times without success.`,
               invalid_request: "Invalid request sent to the API.",
-              server_error: "Anthropic API server error. Try again shortly.",
+              server_error: `Anthropic API server error. Retried ${MAX_RATE_LIMIT_RETRIES} times without success.`,
               unknown: `API error in project "${effectiveCwd}". Debug:\n1. Run: \`cd ${effectiveCwd} && claude -p "hi"\`\n2. Check env: \`echo $ANTHROPIC_API_KEY $ANTHROPIC_BASE_URL\` — stale/invalid keys cause this\n3. Try: \`ANTHROPIC_API_KEY="" ANTHROPIC_BASE_URL="" claude -p "hi"\`\n4. Refresh auth: \`claude login\``,
             };
             const hint = errorHints[assistantError] ?? `API error: ${assistantError}`;
@@ -985,8 +1010,28 @@ export class ClaudeAgentSdkProvider implements AIProvider {
             const errCode = this.detectResultErrorCode(msg);
             if (errCode === 429) {
               accountSelector.onRateLimit(account.id);
-              // Post-stream 429 — surface error, continue waiting for next turn
-              yield { type: "error", message: "Rate limited. This account is now on cooldown. Please retry." };
+              // Auto-retry with backoff for result-level 429
+              if (rateLimitRetryCount < MAX_RATE_LIMIT_RETRIES) {
+                const backoff = RATE_LIMIT_BACKOFF_MS[rateLimitRetryCount] ?? 60_000;
+                rateLimitRetryCount++;
+                console.warn(`[sdk] session=${sessionId} result 429 — retrying in ${backoff / 1000}s (attempt ${rateLimitRetryCount}/${MAX_RATE_LIMIT_RETRIES})`);
+                yield { type: "error", message: `Rate limited. Auto-retrying in ${backoff / 1000}s... (${rateLimitRetryCount}/${MAX_RATE_LIMIT_RETRIES})` };
+                await new Promise((r) => setTimeout(r, backoff));
+                streamCtrl.done();
+                q.close();
+                const { generator: rlRetryGen, controller: rlRetryCtrl } = createMessageChannel();
+                rlRetryCtrl.push(firstMsg);
+                const retryOpts = { ...queryOptions, sessionId: undefined, resume: undefined };
+                const rq = query({
+                  prompt: rlRetryGen,
+                  options: { ...retryOpts, ...(permissionHooks && { hooks: permissionHooks }), canUseTool } as any,
+                });
+                this.streamingSessions.set(sessionId, { meta, query: rq, controller: rlRetryCtrl });
+                this.activeQueries.set(sessionId, rq);
+                eventSource = rq;
+                continue retryLoop;
+              }
+              yield { type: "error", message: `Rate limited. Retried ${MAX_RATE_LIMIT_RETRIES} times without success.` };
               continue;
             } else if (errCode === 401) {
               // Refresh token and retry with fresh session (same logic as assistant-level auth retry)
@@ -1170,13 +1215,7 @@ export class ClaudeAgentSdkProvider implements AIProvider {
       }
     } finally {
       this.activeQueries.delete(sessionId);
-      // Properly close streaming session: terminate subprocess + generator
-      const ss = this.streamingSessions.get(sessionId);
-      if (ss) {
-        ss.controller.done();
-        ss.query.close();
-        this.streamingSessions.delete(sessionId);
-      }
+      this.streamingSessions.delete(sessionId);
       console.log(`[sdk] session=${sessionId} streaming session ended`);
     }
 

package/src/services/claude-usage.service.ts

@@ -278,18 +278,23 @@ export function getAllAccountUsages(): AccountUsageEntry[] {
   const accounts = accountService.list();
   const snapshots = getAllLatestSnapshots();
   const snapshotMap = new Map(snapshots.map(s => [s.account_id, s]));
-  return accounts.map(acc => {
+  const nowS = Math.floor(Date.now() / 1000);
+  const result: AccountUsageEntry[] = [];
+  for (const acc of accounts) {
     const withTokens = accountService.getWithTokens(acc.id);
+    // Skip expired accounts without refresh token (temporary/disposable)
+    if (acc.expiresAt && acc.expiresAt < nowS && !withTokens?.refreshToken) continue;
     const isOAuth = withTokens?.accessToken.startsWith("sk-ant-oat") ?? false;
     const row = snapshotMap.get(acc.id);
-    return {
+    result.push({
       accountId: acc.id,
       accountLabel: acc.label,
       accountStatus: acc.status,
       isOAuth,
       usage: row ? snapshotToUsage(row) : {},
-    };
-  });
+    });
+  }
+  return result;
 }
 
 /** Get cached usage for active account (used by chat header) */

package/docs/streaming-input-guide.md

@@ -1,267 +0,0 @@
-# Streaming Input Migration Quick Reference (v0.8.55+)
-
-## What Changed?
-
-**Before (v0.8.54):** Each message triggered a new SDK query
-```
-Message 1 → SDK subprocess spawn → generate response → close
-Message 2 → SDK subprocess spawn → generate response → close
-(Slow, context resets between messages)
-```
-
-**After (v0.8.55):** Single persistent streaming session
-```
-Session created → AsyncGenerator streaming input opened
-Message 1 → Push into generator → process events
-Message 2 → Push into same generator → continue streaming
-(Fast, continuous context, no SDK restarts)
-```
-
-## Key Concepts
-
-### Session State (BE-Owned)
-The backend maintains a `SessionEntry` per chat session:
-- Tracks connected clients (can be zero if FE disconnected)
-- Maintains streaming phase (idle, connecting, thinking, streaming)
-- Buffers events for reconnection sync
-- Auto-cleans after 5 minutes of FE inactivity
-
-### Message Priority (v0.8.55+)
-```typescript
-// Send message with priority
-ws.send({
-  type: "message",
-  content: "Debug this code",
-  priority: "now"  // "now" | "next" | "later"
-})
-```
-- **"now"** — Abort current query, restart with this message
-- **"next"** — Queue after current, run next
-- **"later"** — Append to queue, run last
-
-### Event Buffering on Reconnect
-When FE WS reconnects after disconnect:
-1. BE sends `session_state` with current phase + pending approval
-2. BE sends `turn_events` with all buffered events since last connection
-3. FE rebuilds chat UI state from buffered events
-4. No message loss (unless session cleaned up after 5min)
-
-## Common Patterns
-
-### Frontend: Send Message
-```typescript
-// In useChat hook or message input handler
-ws.send(JSON.stringify({
-  type: "message",
-  content: userInput,
-  priority: "now",  // Optional
-  images: [{ id: "img1", data: "base64..." }]  // Optional
-}));
-```
-
-### Frontend: Handle Reconnection
-```typescript
-function handleReconnect() {
-  // 1. WS open fires
-  // 2. Server sends session_state
-  const sessionState = JSON.parse(msg);
-  // 3. Server sends turn_events
-  const turnEvents = JSON.parse(msg);
-
-  // 4. FE rebuilds state from buffered events
-  turnEvents.events.forEach(event => {
-    chatStore.addEvent(event);
-  });
-
-  // 5. FE is now synced with BE
-}
-```
-
-### Backend: Session Lifecycle
-```typescript
-// 1. FE connects
-open(ws) {
-  const entry = activeSessions.get(sessionId);
-  if (!entry) {
-    // Create new session entry
-    activeSessions.set(sessionId, {
-      phase: "idle",
-      clients: new Set([ws]),
-      turnEvents: []
-    });
-  } else {
-    // Reconnect: clear cleanup timer, add client
-    entry.clients.add(ws);
-  }
-}
-
-// 2. FE sends message
-message(ws, data) {
-  const parsed = JSON.parse(data);
-  if (parsed.type === "message") {
-    // Abort current if streaming, wait for cleanup
-    if (entry.phase !== "idle") {
-      entry.abort.abort();
-      await entry.streamPromise;
-    }
-    // Start new streaming loop (detached)
-    entry.streamPromise = runStreamLoop(...);
-  }
-}
-
-// 3. Streaming loop runs independently
-async function runStreamLoop() {
-  for await (const event of chatService.sendMessage(...)) {
-    bufferAndBroadcast(sessionId, event);  // To all connected clients
-  }
-  setPhase(sessionId, "idle");  // Back to idle when done
-  if (entry.clients.size === 0) {
-    startCleanupTimer(sessionId);  // 5-min cleanup
-  }
-}
-
-// 4. FE disconnects
-close(ws) {
-  entry.clients.delete(ws);
-  // Stream continues! (BE owns the connection)
-  // Timer started if no more clients
-}
-```
-
-## Phase State Machine
-
-```
-     ┌─ initializing  (setup, session resume)
-     ↓
-  idle ←→ connecting  (waiting for first SDK event, heartbeat)
-     ↑         ↓
-     │    ┌──→ thinking  (extended thinking)
-     │    ↓  ↓
-     └─── streaming  (text/tool_use content)
-          ↑     ↓
-          └─────┘ (dynamic switch)
-```
-
-**Transitions:**
-- Heartbeat: `connecting` → (5s elapsed updates) → `thinking` (when content arrives)
-- Content: `thinking` → `streaming` (first text event)
-- Dynamic: `streaming` ↔ `thinking` (based on event types)
-- Done: Any → `idle` (stream complete, ready for next message)
-
-## WebSocket Messages (v0.8.55+)
-
-### Client → Server
-```typescript
-// Send message
-{ type: "message"; content: string; priority?: string; images?: {...}[] }
-
-// Approve tool
-{ type: "approval_response"; requestId: string; approved: boolean }
-
-// Cancel current
-{ type: "cancel" }
-
-// Handshake after open
-{ type: "ready" }
-```
-
-### Server → Client
-```typescript
-// Content
-{ type: "text"; content: string }
-{ type: "thinking"; content: string }
-
-// Tool execution
-{ type: "tool_use"; tool: string; input: unknown }
-{ type: "tool_result"; output: string; isError?: boolean }
-
-// User approval request
-{ type: "approval_request"; requestId: string; tool: string; input: unknown }
-
-// Session state (sent on open/ready)
-{ type: "session_state"; sessionId: string; phase: SessionPhase; pendingApproval: {...} | null }
-
-// Buffered events (on reconnect)
-{ type: "turn_events"; events: unknown[] }
-
-// Metadata
-{ type: "account_info"; accountId: string; accountLabel: string }
-{ type: "phase_changed"; phase: SessionPhase; elapsed?: number }
-{ type: "title_updated"; title: string }
-
-// Completion
-{ type: "done"; sessionId: string; contextWindowPct?: number }
-
-// Error
-{ type: "error"; message: string }
-
-// Keepalive
-{ type: "ping" }
-```
-
-## Benefits
-
-| Aspect | Before (v0.8.54) | After (v0.8.55) |
-|--------|------------------|-----------------|
-| **SDK Restarts** | Per message | Once per session |
-| **Context** | Resets between messages | Persistent |
-| **Startup Time** | 2-5s per message | Instant follow-ups |
-| **Reconnection** | Message loss | Event buffering ensures sync |
-| **Concurrency** | N/A | Multiple clients per session |
-| **Tool Approvals** | Restarts query | Integrated in stream |
-
-## Troubleshooting
-
-### Session Cleaned Up (No Longer Exists)
-**Cause:** FE disconnected for >5 minutes
-**Solution:** Create new session, FE reconnects with new sessionId
-
-### Events Missing After Reconnect
-**Cause:** Server-side event buffer (10k event limit) overflowed
-**Solution:** Flush buffer periodically or increase limit if needed
-
-### Phase Stuck in "Connecting"
-**Cause:** SDK subprocess not responding (120s timeout)
-**Solution:** Check environment (ANTHROPIC_API_KEY, network), see error message for hints
-
-### Multiple Clients Out of Sync
-**Cause:** Broadcast failed for one client, others ahead
-**Solution:** Evicted client will reconnect and re-sync from buffered events
-
-## Debugging
-
-### Enable Logging
-```bash
-# Check server logs for session lifecycle
-[chat] session=abc123 phase → connecting
-[chat] session=abc123 first SDK event after 1250ms: type=text
-[chat] session=abc123 stream completed (45 events)
-[chat] session=abc123 phase → idle
-```
-
-### Check Session State
-```typescript
-// On WS message handler
-console.log(`Session entry:`, activeSessions.get(sessionId));
-// Outputs: { phase, clients.size, pendingApprovalEvent, turnEvents.length }
-```
-
-### Monitor Reconnections
-```typescript
-// In WS open handler
-console.log(`FE reconnected (phase=${existing.phase}, clients=${existing.clients.size})`);
-// Tells you: active streaming, how many clients connected
-```
-
-## Performance Notes
-
-- **No SDK overhead:** Persistent streaming eliminates subprocess spawn overhead
-- **Event buffering:** Clients see all events after reconnect (max 10k events per turn)
-- **Memory:** Session entries cleaned after 5min (bounded memory usage)
-- **Latency:** Follow-up messages start immediately (no SDK init)
-
----
-
-**For detailed architecture:** See `docs/system-architecture.md` → "Chat Streaming Flow" section
-**For API types:** See `src/types/api.ts` and `src/types/chat.ts`
-**For implementation:** See `src/server/ws/chat.ts` and `src/providers/claude-agent-sdk.ts`