npm - @synergenius/flow-weaver - Versions diffs - 0.26.5 → 0.26.7 - Mend

@synergenius/flow-weaver 0.26.5 → 0.26.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/agent/cli-session.d.ts +24 -0
package/dist/agent/cli-session.js +68 -3
package/dist/cli/flow-weaver.mjs +2 -2
package/dist/generated-version.d.ts +1 -1
package/dist/generated-version.js +1 -1
package/package.json +1 -1

package/dist/agent/cli-session.d.ts CHANGED Viewed

@@ -60,14 +60,31 @@ export declare class CliSession {
      * to prevent TOCTOU races.
      */
     send(userMessage: string, systemPromptPrefix?: string): AsyncGenerator<StreamEvent>;
+    /** Whether a send() call is currently active. */
+    get hasActiveTurn(): boolean;
     /**
      * Kill the CLI process.
      */
     kill(): void;
+    /** Callback for session kill events — wire to audit logging. */
+    private _onSessionKilled?;
+    /** Register a callback that fires when this session is killed. */
+    set onSessionKilled(cb: ((info: {
+        sessionId: string;
+        hadActiveTurn: boolean;
+        eventsInTurn: number;
+    }) => void) | undefined);
     /**
      * Compute a fingerprint of CLI-relevant options for cache comparison.
      * Field order is significant for JSON.stringify comparison.
      * Add new CLI-relevant fields here when they're added to CliSessionOptions.
+     *
+     * NOTE: mcpConfigPath is EXCLUDED. It's an ephemeral temp path that changes
+     * on every createMcpBridge() call. Including it causes fingerprint mismatches
+     * that kill active sessions mid-turn when a second provider is created for
+     * the same project (e.g., orchestrator + worker sharing the same projectDir).
+     * The MCP bridge is swapped per-request via setHandlers() — the config path
+     * is only needed at spawn time, not for session identity.
      */
     private static fingerprint;
     private pushEvent;
@@ -81,6 +98,13 @@ export declare class CliSession {
  * Get an existing session or create a new one.
  * Phase 1.4: Validates that cached sessions have matching CLI-relevant options.
  * If options changed on the same key, the old session is killed and recreated.
+ *
+ * SAFETY: Refuses to kill a session with an active turn. This prevents data
+ * loss when multiple providers share the same session key (e.g., orchestrator
+ * and worker both using projectDir as key). If the fingerprint doesn't match
+ * but the session has an active turn, we return the existing session and log
+ * a warning — better to reuse a session with slightly different options than
+ * to kill an active conversation and lose costUsd/result data.
  */
 export declare function getOrCreateCliSession(key: string, options: CliSessionOptions): CliSession;
 /**

package/dist/agent/cli-session.js CHANGED Viewed

@@ -191,9 +191,11 @@ export class CliSession {
             // later events including the result's usage with total_cost_usd.
             const originalPush = this.pushEvent.bind(this);
             this.parser = new StreamJsonParser((event) => {
-                if (event.type === 'message_stop' && !sawResult) {
+                if (event.type === 'message_stop' && !sawResult && event.finishReason !== 'error') {
                     // Suppress — not the real turn end. The result event will emit
                     // the final message_stop after all usage data is captured.
+                    // Error stops (e.g. authentication_failed) must pass through
+                    // so runAgentLoop can detect the failure.
                     return;
                 }
                 originalPush(event);
@@ -257,14 +259,31 @@ export class CliSession {
             }
         }
         finally {
+            // Log how the turn ended for debugging cost/result event issues.
+            // If turn.done is false here, the generator was abandoned by the consumer
+            // (e.g., for-await broke out) before completeTurn/markDead fired.
+            // This means the result event hasn't been processed yet, and any
+            // subsequent stdout data (including the result) will be silently dropped
+            // because activeTurn is about to be set to null.
+            if (!turn.done) {
+                process.stderr.write(`\x1b[33m  ⚠ CliSession: generator abandoned before turn.done (events=${turn.events.length}). Result event will be lost.\x1b[0m\n`);
+            }
             this.activeTurn = null;
             this.resetIdleTimer();
         }
     }
+    /** Whether a send() call is currently active. */
+    get hasActiveTurn() {
+        return this.activeTurn !== null && !this.activeTurn.done;
+    }
     /**
      * Kill the CLI process.
      */
     kill() {
+        if (this.hasActiveTurn) {
+            process.stderr.write(`\x1b[31m  ✗ CliSession.kill() called with active turn — data loss will occur (session=${this.sessionId.slice(0, 8)})\x1b[0m\n`);
+            this._onSessionKilled?.({ sessionId: this.sessionId, hadActiveTurn: true, eventsInTurn: this.activeTurn.events.length });
+        }
         this.clearIdleTimer();
         if (this.child && this.alive) {
             this.log?.info('Killing CLI session', { sessionId: this.sessionId });
@@ -279,6 +298,12 @@ export class CliSession {
         }
         this.markDead();
     }
+    /** Callback for session kill events — wire to audit logging. */
+    _onSessionKilled;
+    /** Register a callback that fires when this session is killed. */
+    set onSessionKilled(cb) {
+        this._onSessionKilled = cb;
+    }
     // ---------------------------------------------------------------------------
     // Private
     // ---------------------------------------------------------------------------
@@ -286,12 +311,19 @@ export class CliSession {
      * Compute a fingerprint of CLI-relevant options for cache comparison.
      * Field order is significant for JSON.stringify comparison.
      * Add new CLI-relevant fields here when they're added to CliSessionOptions.
+     *
+     * NOTE: mcpConfigPath is EXCLUDED. It's an ephemeral temp path that changes
+     * on every createMcpBridge() call. Including it causes fingerprint mismatches
+     * that kill active sessions mid-turn when a second provider is created for
+     * the same project (e.g., orchestrator + worker sharing the same projectDir).
+     * The MCP bridge is swapped per-request via setHandlers() — the config path
+     * is only needed at spawn time, not for session identity.
      */
     static fingerprint(options) {
         return JSON.stringify({
             _coreVersion: CORE_VERSION, // auto-invalidate cache on core update
             model: options.model,
-            mcpConfigPath: options.mcpConfigPath,
+            // mcpConfigPath deliberately excluded — see comment above
             strictMcpConfig: options.strictMcpConfig,
             disallowedTools: options.disallowedTools,
             tools: options.tools,
@@ -318,6 +350,26 @@ export class CliSession {
         this.cleanupFn?.();
         this.cleanupFn = null;
         if (this.activeTurn && !this.activeTurn.done) {
+            // KNOWN ISSUE: On long orchestrator runs (many MCP tool calls), the CLI
+            // process can die before emitting the `result` event. This means:
+            // - costUsd from total_cost_usd is lost (stays 0)
+            // - cacheReadTokens / cacheCreationTokens are lost
+            // - The turn ends via markDead instead of completeTurn
+            // When this happens, consumers should fall back to cost-update events
+            // from the global usage callback for accurate cost tracking.
+            // See: project_costUsd_bench_issue.md in memory for full investigation.
+            const eventCount = this.activeTurn.events.length;
+            const hasResult = this.activeTurn.events.some((e) => e.type === 'usage' && e.costUsd != null);
+            if (!hasResult) {
+                const lastStderr = this.stderrBuf.slice(-500);
+                this.log?.warn('CLI session died before result event — costUsd will be 0', {
+                    sessionId: this.sessionId,
+                    eventsInTurn: eventCount,
+                    lastStderr: lastStderr || '(empty)',
+                });
+                // Always log to stderr so it's visible in bench output
+                process.stderr.write(`\x1b[33m  ⚠ CLI session died before result event (${eventCount} events buffered). costUsd will be 0. stderr: ${lastStderr.slice(0, 200)}\x1b[0m\n`);
+            }
             if (!this.activeTurn.events.some((e) => e.type === 'message_stop')) {
                 this.activeTurn.events.push({ type: 'message_stop', finishReason: 'error' });
             }
@@ -357,6 +409,13 @@ const sessions = new Map();
  * Get an existing session or create a new one.
  * Phase 1.4: Validates that cached sessions have matching CLI-relevant options.
  * If options changed on the same key, the old session is killed and recreated.
+ *
+ * SAFETY: Refuses to kill a session with an active turn. This prevents data
+ * loss when multiple providers share the same session key (e.g., orchestrator
+ * and worker both using projectDir as key). If the fingerprint doesn't match
+ * but the session has an active turn, we return the existing session and log
+ * a warning — better to reuse a session with slightly different options than
+ * to kill an active conversation and lose costUsd/result data.
  */
 export function getOrCreateCliSession(key, options) {
     const existing = sessions.get(key);
@@ -365,7 +424,13 @@ export function getOrCreateCliSession(key, options) {
         if (existing.matchesOptions(options)) {
             return existing;
         }
-        // Options changed — kill old session and recreate
+        // Options changed — but REFUSE to kill if there's an active turn
+        if (existing.hasActiveTurn) {
+            process.stderr.write(`\x1b[33m  ⚠ getOrCreateCliSession: fingerprint mismatch on key "${key}" but session has active turn — reusing existing session to prevent data loss\x1b[0m\n`);
+            return existing;
+        }
+        // No active turn — safe to kill and recreate
+        process.stderr.write(`\x1b[2m  [session-cache] killing session for key "${key}" — fingerprint changed\x1b[0m\n`);
         existing.kill();
         sessions.delete(key);
     }

package/dist/cli/flow-weaver.mjs CHANGED Viewed

@@ -9886,7 +9886,7 @@ var VERSION;
 var init_generated_version = __esm({
   "src/generated-version.ts"() {
     "use strict";
-    VERSION = "0.26.5";
+    VERSION = "0.26.7";
   }
 });
@@ -95973,7 +95973,7 @@ function parseIntStrict(value) {
 // src/cli/index.ts
 init_logger();
 init_error_utils();
-var version2 = true ? "0.26.5" : "0.0.0-dev";
+var version2 = true ? "0.26.7" : "0.0.0-dev";
 var program2 = new Command();
 program2.name("fw").description("Flow Weaver Annotations - Compile and validate workflow files").option("-v, --version", "Output the current version").option("--no-color", "Disable colors").option("--color", "Force colors").on("option:version", () => {
   logger.banner(version2);

package/dist/generated-version.d.ts CHANGED Viewed

@@ -1,2 +1,2 @@
-export declare const VERSION = "0.26.5";
+export declare const VERSION = "0.26.7";
 //# sourceMappingURL=generated-version.d.ts.map

package/dist/generated-version.js CHANGED Viewed

@@ -1,3 +1,3 @@
 // Auto-generated by scripts/generate-version.ts — do not edit manually
-export const VERSION = '0.26.5';
+export const VERSION = '0.26.7';
 //# sourceMappingURL=generated-version.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@synergenius/flow-weaver",
-  "version": "0.26.5",
+  "version": "0.26.7",
   "description": "Deterministic workflow compiler for AI agents. Compiles to standalone TypeScript, no runtime dependencies.",
   "private": false,
   "type": "module",