aicodeman 0.3.6 → 0.3.8

package/dist/web/server.js

@@ -64,7 +64,7 @@ import { SseEvent } from './sse-events.js';
 import { registerAuthMiddleware, registerSecurityHeaders } from './middleware/auth.js';
 import { registerPushRoutes, registerTeamRoutes, registerMuxRoutes, registerFileRoutes, registerScheduledRoutes, registerHookEventRoutes, registerSystemRoutes, registerCaseRoutes, registerSessionRoutes, registerRespawnRoutes, registerRalphRoutes, registerPlanRoutes, } from './routes/index.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
-import { TERMINAL_BATCH_INTERVAL, TASK_UPDATE_BATCH_INTERVAL, STATE_UPDATE_DEBOUNCE_INTERVAL, SESSIONS_LIST_CACHE_TTL, SCHEDULED_CLEANUP_INTERVAL, SCHEDULED_RUN_MAX_AGE, SSE_HEARTBEAT_INTERVAL, SSE_PADDING_SIZE, SESSION_LIMIT_WAIT_MS, ITERATION_PAUSE_MS, BATCH_FLUSH_THRESHOLD, STATS_COLLECTION_INTERVAL_MS, } from '../config/server-timing.js';
+import { TERMINAL_BATCH_INTERVAL, TASK_UPDATE_BATCH_INTERVAL, STATE_UPDATE_DEBOUNCE_INTERVAL, SESSIONS_LIST_CACHE_TTL, SCHEDULED_CLEANUP_INTERVAL, SCHEDULED_RUN_MAX_AGE, SSE_HEARTBEAT_INTERVAL, SSE_PADDING_SIZE, SESSION_LIMIT_WAIT_MS, ITERATION_PAUSE_MS, BATCH_FLUSH_THRESHOLD, STATS_COLLECTION_INTERVAL_MS, INACTIVITY_TIMEOUT_MS, } from '../config/server-timing.js';
 // DEC mode 2026 - Synchronized Output
 // When terminal supports this, it buffers all output between start/end markers
 // and renders atomically, eliminating partial-frame flicker from Ink redraws.
@@ -113,7 +113,14 @@ export class WebServer extends EventEmitter {
     // Store session listener references for explicit cleanup (prevents memory leaks)
     sessionListenerRefs = new Map();
     scheduledRuns = new Map();
-    sseClients = new Set();
+    /**
+     * SSE clients mapped to their session subscription filter.
+     * Value is a Set of session IDs the client wants events for,
+     * or `null` meaning "receive all events" (backwards-compatible default).
+     */
+    sseClients = new Map();
+    /** SSE clients connecting from non-localhost (i.e. through tunnel) */
+    remoteSseClients = new Set();
     /** Clients with backpressure — skip writes until 'drain' fires */
     backpressuredClients = new Set();
     store = getStore();
@@ -128,7 +135,7 @@ export class WebServer extends EventEmitter {
     // Adaptive batching: track rapid events to extend batch window (per-session)
     // StaleExpirationMap auto-cleans entries for sessions that stop generating output
     lastTerminalEventTime = new StaleExpirationMap({
-        ttlMs: 5 * 60 * 1000, // 5 minutes - auto-expire stale session timing data
+        ttlMs: INACTIVITY_TIMEOUT_MS, // 5 minutes - auto-expire stale session timing data
         refreshOnGet: false, // Don't refresh on reads, only on explicit sets
     });
     // Centralized cleanup for standalone timers (intervals + resettable timeouts)
@@ -370,6 +377,7 @@ export class WebServer extends EventEmitter {
             batchTerminalData: this.batchTerminalData.bind(this),
             broadcastSessionStateDebounced: this.broadcastSessionStateDebounced.bind(this),
             batchTaskUpdate: this.batchTaskUpdate.bind(this),
+            getSseClientCount: () => this.remoteSseClients.size,
             // RespawnPort
             respawnControllers: this.respawnControllers,
             respawnTimers: this.respawnTimers,
@@ -453,13 +461,32 @@ export class WebServer extends EventEmitter {
                 reply.code(503).send('Too many SSE connections');
                 return;
             }
+            // Parse optional session subscription filter from query parameter.
+            // /api/events?sessions=id1,id2 — client only receives events for those sessions.
+            // /api/events (no param) — client receives all events (backwards-compatible).
+            const query = req.query;
+            let sessionFilter = null;
+            if (query.sessions) {
+                const ids = query.sessions
+                    .split(',')
+                    .map((s) => s.trim())
+                    .filter(Boolean);
+                if (ids.length > 0) {
+                    sessionFilter = new Set(ids);
+                }
+            }
             reply.raw.writeHead(200, {
                 'Content-Type': 'text/event-stream',
                 'Cache-Control': 'no-cache',
                 Connection: 'keep-alive',
                 'X-Accel-Buffering': 'no', // Disable nginx buffering
             });
-            this.sseClients.add(reply);
+            this.sseClients.set(reply, sessionFilter);
+            // Track tunnel clients — cloudflared proxies locally so req.ip is always
+            // 127.0.0.1; detect tunnel traffic via Cf-Connecting-Ip header instead.
+            if (req.headers['cf-connecting-ip']) {
+                this.remoteSseClients.add(reply);
+            }
             // Send initial state
             // Use light state for SSE init to avoid sending 2MB+ terminal buffers
             // Buffers are fetched on-demand when switching tabs
@@ -476,6 +503,7 @@ export class WebServer extends EventEmitter {
             }
             req.raw.on('close', () => {
                 this.sseClients.delete(reply);
+                this.remoteSseClients.delete(reply);
                 this.backpressuredClients.delete(reply);
             });
         });
@@ -1625,6 +1653,7 @@ export class WebServer extends EventEmitter {
         }
         catch {
             this.sseClients.delete(reply);
+            this.remoteSseClients.delete(reply);
         }
     }
     // Optimized: send pre-formatted SSE message to a client
@@ -1644,7 +1673,8 @@ export class WebServer extends EventEmitter {
                     // Client may have missed terminal data during backpressure.
                     // Tell it to reload the active session's buffer to recover.
                     try {
-                        reply.raw.write(`event: ${SseEvent.SessionNeedsRefresh}\ndata: {}\n\n`);
+                        const drainPadding = this._isTunnelActive ? SSE_PADDING : '';
+                        reply.raw.write(`event: ${SseEvent.SessionNeedsRefresh}\ndata: {}\n\n${drainPadding}`);
                     }
                     catch {
                         /* client gone */
@@ -1654,6 +1684,7 @@ export class WebServer extends EventEmitter {
         }
         catch {
             this.sseClients.delete(reply);
+            this.remoteSseClients.delete(reply);
             this.backpressuredClients.delete(reply);
         }
     }
@@ -1671,9 +1702,12 @@ export class WebServer extends EventEmitter {
             this.cachedSessionsList = null;
         }
         // Performance optimization: serialize JSON once for all clients.
-        // Only append Cloudflare tunnel padding when tunnel is actually active —
-        // direct/Tailscale clients don't need 8KB padding on every event.
-        const padding = this._isTunnelActive ? SSE_PADDING : '';
+        // Only append Cloudflare tunnel padding for latency-sensitive events —
+        // Recovery events need immediate proxy flush; low-frequency metadata events
+        // (session:created, ralph:*, respawn:*, etc.) don't need padding.
+        // Note: session:terminal has its own padding in flushSessionTerminalBatch().
+        const needsPadding = this._isTunnelActive && event === SseEvent.SessionNeedsRefresh;
+        const padding = needsPadding ? SSE_PADDING : '';
         let message;
         try {
             message = `event: ${event}\ndata: ${JSON.stringify(data)}\n\n` + padding;
@@ -1683,10 +1717,33 @@ export class WebServer extends EventEmitter {
             console.error(`[Server] Failed to serialize SSE event "${event}":`, err);
             return;
         }
-        for (const client of this.sseClients) {
+        // Extract sessionId from event data for subscription filtering.
+        const eventSessionId = this.extractSessionId(event, data);
+        for (const [client, filter] of this.sseClients) {
+            // No filter (null) = receive everything. Otherwise, skip if event is
+            // session-scoped and the session isn't in the client's subscription set.
+            if (filter && eventSessionId && !filter.has(eventSessionId))
+                continue;
             this.sendSSEPreformatted(client, message);
         }
     }
+    /**
+     * Extract the session ID from an event's data payload for subscription filtering.
+     * Returns the sessionId string if the event is session-scoped, or null for global events.
+     */
+    extractSessionId(event, data) {
+        if (data == null || typeof data !== 'object')
+            return null;
+        const record = data;
+        // Most session-scoped events use `sessionId`
+        if (typeof record.sessionId === 'string')
+            return record.sessionId;
+        // Session lifecycle events (session:*) use `id` from the session state object
+        if (typeof record.id === 'string' && event.startsWith('session:'))
+            return record.id;
+        // No session ID found — treat as global event (sent to all clients)
+        return null;
+    }
     // Batch terminal data for better performance (60fps)
     // Uses per-session timers with adaptive intervals to prevent thundering herd:
     // each session flushes independently rather than all sessions flushing in one burst.
@@ -1759,8 +1816,14 @@ export class WebServer extends EventEmitter {
             // Fast path: build SSE message directly without JSON.stringify on wrapper object.
             // Only the terminal data string needs escaping; sessionId is a UUID (safe to template).
             const escapedData = JSON.stringify(syncData);
-            const message = `event: session:terminal\ndata: {"id":"${sessionId}","data":${escapedData}}\n\n`;
-            for (const client of this.sseClients) {
+            // Append tunnel padding for immediate Cloudflare proxy flush —
+            // terminal data is high-frequency and latency-sensitive.
+            const padding = this._isTunnelActive ? SSE_PADDING : '';
+            const message = `event: session:terminal\ndata: {"id":"${sessionId}","data":${escapedData}}\n\n` + padding;
+            for (const [client, filter] of this.sseClients) {
+                // Skip clients that have a session filter and aren't subscribed to this session
+                if (filter && !filter.has(sessionId))
+                    continue;
                 this.sendSSEPreformatted(client, message);
             }
         }
@@ -1909,7 +1972,7 @@ export class WebServer extends EventEmitter {
      */
     cleanupDeadSSEClients() {
         const deadClients = [];
-        for (const client of this.sseClients) {
+        for (const [client] of this.sseClients) {
             try {
                 // Check if the underlying socket is still writable
                 const socket = client.raw.socket;
@@ -1932,6 +1995,7 @@ export class WebServer extends EventEmitter {
         // Remove dead clients
         for (const client of deadClients) {
             this.sseClients.delete(client);
+            this.remoteSseClients.delete(client);
             this.backpressuredClients.delete(client);
         }
         if (deadClients.length > 0) {
@@ -1991,7 +2055,7 @@ export class WebServer extends EventEmitter {
         // Start token recording timer (every 5 minutes for long-running sessions)
         this.cleanup.setInterval(() => {
             this.recordPeriodicTokenUsage();
-        }, 5 * 60 * 1000, { description: 'periodic token recording' });
+        }, INACTIVITY_TIMEOUT_MS, { description: 'periodic token recording' });
         // Start subagent watcher for Claude Code background agent visibility (if enabled)
         if (await this.isSubagentTrackingEnabled()) {
             subagentWatcher.start();
@@ -2247,7 +2311,7 @@ export class WebServer extends EventEmitter {
         // Dispose all managed timers (intervals + resettable timeouts)
         this.cleanup.dispose();
         // Gracefully close all SSE connections before clearing
-        for (const client of this.sseClients) {
+        for (const [client] of this.sseClients) {
             try {
                 // Send a final event to notify clients of shutdown
                 this.sendSSE(client, 'server:shutdown', { reason: 'Server stopping' });
@@ -2258,6 +2322,7 @@ export class WebServer extends EventEmitter {
             }
         }
         this.sseClients.clear();
+        this.remoteSseClients.clear();
         this.backpressuredClients.clear();
         // Clear per-session batch timers
         for (const timer of this.terminalBatchTimers.values()) {