alvin-bot 4.18.3 → 4.18.5

package/CHANGELOG.md

@@ -2,6 +2,40 @@
 
 All notable changes to Alvin Bot are documented here.
 
+## [4.18.5] — 2026-04-23
+
+### 🐛 Fix: auto-reset stale SDK sessionId on empty-stream detection
+
+**Problem:** After a round of failed queries (common trigger: token rotation, quota exhaustion mid-turn, Claude backend dropping the session silently), the stored `session.sessionId` references a conversation that the Claude backend has already discarded. Every subsequent query passes `resume: session.sessionId` into the SDK, the backend can't find the session, and the stream terminates with zero text chunks. The v4.18.3 empty-stream detector only invalidated the availability cache — the sessionId stayed stale, so the next retry resumed the same dead session. A burn-credits loop that required a manual `/new` to escape.
+
+**Fix:** the provider now sets a new `sessionResetRequested: true` flag on the empty-stream text chunk. Both message handlers (`handlers/message.ts` and `handlers/platform-message.ts`) listen for it and clear `session.sessionId` + `session.lastSdkHistoryIndex` immediately, so the very next user message starts a fresh SDK session instead of resuming the dead one.
+
+**Net effect:** after a single empty-stream, the bot self-heals. One resend from the user is enough; no manual `/new`, no bot restart.
+
+## [4.18.4] — 2026-04-23
+
+### 🐛 Critical fix: detect Anthropic quota-exhausted responses
+
+**Problem:** When a Claude Max subscription runs out of weekly limit or extra-usage credits, Anthropic's gateway responds to every query with a short text chunk like *"You're out of extra usage · resets 9pm (Europe/Berlin)"* — delivered as `output_tokens=0`. The SDK surfaces it as a normal assistant text message. The bot has no way to distinguish it from a real Claude response, so one of two things happens:
+
+1. The text passes through unchanged and the user sees the raw quota message as if it were Claude's reply.
+2. The text is filtered downstream (some legacy paths) and the user sees `"(Keine Antwort)"` with zero explanation.
+
+Both outcomes hide the real cause (credits) and every retry attempt wastes more credits on nothing.
+
+**Symptoms observed on 2026-04-23:**
+- User activates `/extra-usage`, sends query → `(Keine Antwort)` or raw limit text.
+- Assumes bot / workspace / token is broken, spends hours debugging.
+- Actual cause: extra-usage quota silently exhausted mid-debug-session.
+
+**Fix** (`src/providers/claude-sdk-provider.ts`):
+
+- New `isQuotaLimitOutput(text)` detects the Anthropic-gateway quota signatures (multiple English/German variants: "out of extra usage", "weekly usage limit", "rate limit exceeded", "quota exceeded", etc.).
+- In the SDK stream loop: when the first text chunk matches this pattern, rewrite it as a clear actionable hint (*"⚠️ …Top up the plan or wait for the reset…"*) AND invalidate the availability cache so the next heartbeat re-probes — but do NOT yield an `error` chunk (that would trigger fallback-cascade to Ollama and waste more credits on retries).
+- In `isAvailable()`: the heartbeat probe now treats quota-exhausted output as "unavailable" in the same way it treats auth errors. Provider is marked unhealthy, bot stops trying until the next probe succeeds.
+
+**Net effect:** bot no longer silently wastes credits after a quota limit is hit. Users see a plain, actionable message pointing at the right fix.
+
 ## [4.18.3] — 2026-04-23
 
 ### 🐛 Hotfix: 4.18.2 triggered unwanted failover to Ollama

package/dist/handlers/message.js

@@ -446,6 +446,16 @@ export async function handleMessage(ctx) {
                     // Clear any tool-use status line — real content is flowing now.
                     streamer.setStatus(null);
                     await streamer.update(finalText);
+                    // v4.18.5 — Provider requested a session reset (empty-stream / stale
+                    // sessionId recovery). Clear the session's sessionId + SDK anchor so
+                    // the next query starts a fresh Claude session instead of resuming
+                    // the broken one. Without this, the bot would loop empty-stream
+                    // replies and burn credits until the user manually runs /new.
+                    if (chunk.sessionResetRequested) {
+                        console.warn(`[session] provider requested reset for ${sessionKey} — clearing sessionId + SDK anchor`);
+                        session.sessionId = null;
+                        session.lastSdkHistoryIndex = -1;
+                    }
                     // Emit the new delta for observers — accumulated text minus what
                     // we already broadcast.
                     if (finalText.length > lastBroadcastLen) {

package/dist/handlers/platform-message.js

@@ -194,6 +194,13 @@ export async function handlePlatformMessage(msg, adapter) {
             switch (chunk.type) {
                 case "text":
                     finalText = chunk.text || "";
+                    // v4.18.5 — Provider-requested session reset on empty-stream detection.
+                    // Mirror of the same handling in handlers/message.ts.
+                    if (chunk.sessionResetRequested) {
+                        console.warn(`[session] provider requested reset for ${sessionKey} — clearing sessionId + SDK anchor`);
+                        session.sessionId = null;
+                        session.lastSdkHistoryIndex = -1;
+                    }
                     break;
                 case "done":
                     if (chunk.sessionId)

package/dist/providers/claude-sdk-provider.js

@@ -25,6 +25,34 @@ export function isAuthErrorOutput(text) {
         return false;
     return /^\s*not logged in\b/i.test(text);
 }
+/**
+ * Detects Anthropic's rate-limit / quota-exhausted gateway responses.
+ * These are NOT model outputs — they come back as a single text chunk with
+ * output_tokens = 0 before the model even sees the prompt. Without this
+ * detection, the bot would forward the gateway message as if it were the
+ * assistant's reply ("(Keine Antwort)" or the raw quota text), masking the
+ * real cause and wasting more calls on retries.
+ *
+ * Covers the observed variants:
+ *   - "You're out of extra usage · resets 9pm (Europe/Berlin)"
+ *   - "You've reached your weekly usage limit. …"
+ *   - "Rate limit exceeded"
+ *   - Claude Max / Pro quota messages in both EN/DE
+ */
+export function isQuotaLimitOutput(text) {
+    if (!text)
+        return false;
+    const t = text.trim();
+    if (t.length === 0)
+        return false;
+    return (/you['’]re out of extra usage/i.test(t) ||
+        /reached (your |the )?(weekly |monthly |daily )?(usage|rate) limit/i.test(t) ||
+        /rate[- ]?limit(ed)? (exceeded|reached)/i.test(t) ||
+        /quota exceeded/i.test(t) ||
+        /usage limit reached/i.test(t) ||
+        /limit (reached|hit) for (this|your) (week|month|day)/i.test(t) ||
+        /resets? \d{1,2}(am|pm|:)/i.test(t) && /usage|limit/i.test(t));
+}
 const BOT_PROJECT_ROOT = resolve(dirname(fileURLToPath(import.meta.url)), "../..");
 // Load CLAUDE.md once at startup
 let botClaudeMd = "";
@@ -198,6 +226,24 @@ export class ClaudeSDKProvider {
                                     };
                                     return;
                                 }
+                                // v4.18.4 — Guard against Anthropic rate-limit / quota-exhausted
+                                // gateway messages that also arrive as a single text chunk (with
+                                // output_tokens = 0). Pass them through as a friendly text chunk
+                                // (NOT an error — would trigger fallback cascade to Ollama) and
+                                // mark the provider as degraded so the next heartbeat re-checks.
+                                if (!accumulatedText && isQuotaLimitOutput(block.text)) {
+                                    const hint = "⚠️ " + block.text.trim() +
+                                        "\n\nTop up the plan or wait for the reset. No message was sent to Claude.";
+                                    this.invalidateAvailabilityCache();
+                                    yield {
+                                        type: "text",
+                                        text: hint,
+                                        delta: hint,
+                                        sessionId: capturedSessionId,
+                                    };
+                                    accumulatedText = hint;
+                                    continue;
+                                }
                                 accumulatedText += block.text;
                                 yield {
                                     type: "text",
@@ -331,13 +377,19 @@ export class ClaudeSDKProvider {
                     //      and knows to resend — without tripping the failover.
                     if (accumulatedText === "" && outputTok === 0) {
                         this.invalidateAvailabilityCache();
-                        const hint = "⚠️ Claude antwortete mit leerem Stream (meist nach /extra-usage, /login oder Token-Refresh). " +
-                            "Der SDK-Token-Cache wurde geleert — bitte schick die Nachricht einfach nochmal.";
+                        const hint = "⚠️ Claude antwortete mit leerem Stream. " +
+                            "Meist Folge einer stale SDK-Session nach /extra-usage, /login oder Token-Refresh. " +
+                            "Ich starte die Session automatisch neu — bitte schick die Nachricht einfach nochmal.";
                         yield {
                             type: "text",
                             text: hint,
                             delta: hint,
                             sessionId: resultMsg.session_id || capturedSessionId,
+                            // v4.18.5 — Signal to the message handler that it should clear
+                            // session.sessionId now. Without this the next query resumes
+                            // the same stale sessionId and produces another empty stream
+                            // in a loop that burns credits until the user manually /new's.
+                            sessionResetRequested: true,
                         };
                     }
                     yield {
@@ -411,7 +463,9 @@ export class ClaudeSDKProvider {
                 // sniff-stdout approach for backward compat.
                 try {
                     const { stdout: probeOut } = await execFileAsync(claudePath, ["-p", "ping", "--output-format", "text"], { timeout: 15000 });
-                    return cache(!isAuthErrorOutput(probeOut));
+                    // v4.18.4 — treat quota-exhausted as "unavailable" so heartbeat
+                    // surfaces it and stops wasting extra-usage credits on retries.
+                    return cache(!isAuthErrorOutput(probeOut) && !isQuotaLimitOutput(probeOut));
                 }
                 catch {
                     // Both checks failed — treat as unavailable

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "alvin-bot",
-  "version": "4.18.3",
+  "version": "4.18.5",
   "description": "Alvin Bot \u2014 Your personal AI agent on Telegram, WhatsApp, Discord, Signal, and Web.",
   "type": "module",
   "main": "dist/index.js",