bosun 0.41.3 → 0.41.5

package/agent/agent-pool.mjs

@@ -2846,6 +2846,10 @@ function isPoisonedCodexResumeError(errorValue) {
   );
 }
 
+function isCodexResumeTimeoutError(errorValue) {
+  return String(errorValue || "").toLowerCase().includes("codex resume timeout");
+}
+
 /**
  * Resume an existing Codex thread and run a follow-up prompt.
  * Uses `codex.resumeThread(threadId)` from @openai/codex-sdk.
@@ -3017,6 +3021,7 @@ async function resumeCodexThread(threadId, prompt, cwd, timeoutMs, extra = {}) {
         : `Thread resume error: ${err.message}`,
       sdk: "codex",
       threadId: null,
+      staleResumeState: isTimeout,
       poisonedResumeState:
         !isTimeout && isPoisonedCodexResumeError(err.message),
     };
@@ -3194,10 +3199,12 @@ export async function launchOrResumeThread(
         // Resume failed — fall through to fresh launch
         if (
           result.poisonedResumeState ||
-          isPoisonedCodexResumeError(result.error)
+          result.staleResumeState ||
+          isPoisonedCodexResumeError(result.error) ||
+          isCodexResumeTimeoutError(result.error)
         ) {
           console.warn(
-            `${TAG} resume failed for task "${taskKey}" with corrupted state: ${result.error}. Dropping cached thread metadata and starting fresh.`,
+            `${TAG} resume failed for task "${taskKey}" with stale or corrupted state: ${result.error}. Dropping cached thread metadata and starting fresh.`,
           );
           threadRegistry.delete(taskKey);
         } else {

package/agent/agent-supervisor.mjs

@@ -30,6 +30,12 @@
  */
 
 const TAG = "[agent-supervisor]";
+const API_ERROR_CONTINUE_COOLDOWNS_MS = Object.freeze([
+  3 * 60_000,
+  5 * 60_000,
+  5 * 60_000,
+]);
+const API_ERROR_RECOVERY_RESET_MS = 15 * 60_000;
 
 // ── Situation Types (30+ edge cases) ────────────────────────────────────────
 
@@ -140,7 +146,7 @@ const INTERVENTION_LADDER = {
   [SITUATION.PRE_PUSH_FAILURE]:   [INTERVENTION.INJECT_PROMPT, INTERVENTION.INJECT_PROMPT, INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.BLOCK_AND_NOTIFY],
 
   [SITUATION.RATE_LIMITED]:       [INTERVENTION.COOLDOWN, INTERVENTION.COOLDOWN, INTERVENTION.PAUSE_EXECUTOR],
-  [SITUATION.API_ERROR]:          [INTERVENTION.COOLDOWN, INTERVENTION.COOLDOWN, INTERVENTION.BLOCK_AND_NOTIFY],
+  [SITUATION.API_ERROR]:          [INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.REDISPATCH_TASK, INTERVENTION.BLOCK_AND_NOTIFY],
   [SITUATION.TOKEN_OVERFLOW]:     [INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.BLOCK_AND_NOTIFY],
   [SITUATION.SESSION_EXPIRED]:    [INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.FORCE_NEW_THREAD, INTERVENTION.BLOCK_AND_NOTIFY],
   [SITUATION.MODEL_ERROR]:        [INTERVENTION.BLOCK_AND_NOTIFY],       // Not retryable — wrong model name
@@ -443,13 +449,15 @@ export class AgentSupervisor {
     const signals = this._gatherSignals(taskId, context);
     const situation = this._diagnose(signals, context);
     const healthScore = this._computeHealthScore(signals);
+    const recoveryOverride = this._selectRecoveryIntervention(taskId, situation, context, state);
     const attemptIndex = Math.min(
       state.interventionCount,
       (INTERVENTION_LADDER[situation] || [INTERVENTION.NONE]).length - 1,
     );
-    const intervention = (INTERVENTION_LADDER[situation] || [INTERVENTION.NONE])[attemptIndex];
+    const intervention = recoveryOverride?.intervention
+      || (INTERVENTION_LADDER[situation] || [INTERVENTION.NONE])[attemptIndex];
     const prompt = this._buildPrompt(situation, taskId, context);
-    const reason = this._buildReason(situation, signals, context);
+    const reason = recoveryOverride?.reason || this._buildReason(situation, signals, context);
 
     // Record
     state.situationHistory.push({ situation, ts: Date.now() });
@@ -485,6 +493,9 @@ export class AgentSupervisor {
           break;
 
         case INTERVENTION.CONTINUE_SIGNAL:
+          if (situation === SITUATION.API_ERROR) {
+            this._recordApiErrorContinue(taskId);
+          }
           if (this._sendContinueSignal) {
             this._sendContinueSignal(taskId);
           }
@@ -725,6 +736,12 @@ export class AgentSupervisor {
       qualityScore: state.qualityScore,
       reviewVerdict: state.reviewVerdict,
       reviewIssueCount: state.reviewIssues?.length || 0,
+      apiErrorRecovery: state.apiErrorRecovery
+        ? {
+            ...state.apiErrorRecovery,
+            cooldownRemainingMs: Math.max(0, Number(state.apiErrorRecovery.cooldownUntil || 0) - Date.now()),
+          }
+        : null,
       recentSituations: state.situationHistory.slice(-10),
     };
   }
@@ -789,11 +806,104 @@ export class AgentSupervisor {
         qualityScore: null,
         reviewVerdict: null,
         reviewIssues: null,
+        apiErrorRecovery: null,
       });
     }
     return this._taskState.get(taskId);
   }
 
+  _normalizeApiErrorSignature(context) {
+    const raw = String(context?.error || context?.output || "").trim().toLowerCase();
+    if (!raw) return "api_error";
+    return raw
+      .replace(/\s+/g, " ")
+      .replace(/\b\d{2,}\b/g, "#")
+      .slice(0, 240);
+  }
+
+  _selectRecoveryIntervention(taskId, situation, context, state) {
+    if (situation !== SITUATION.API_ERROR) {
+      if (state?.apiErrorRecovery) state.apiErrorRecovery = null;
+      return null;
+    }
+
+    const now = Date.now();
+    const signature = this._normalizeApiErrorSignature(context);
+    const current = state.apiErrorRecovery || {
+      signature,
+      continueAttempts: 0,
+      lastErrorAt: 0,
+      cooldownUntil: 0,
+    };
+
+    const shouldReset =
+      current.signature !== signature ||
+      (current.lastErrorAt > 0 && now - current.lastErrorAt > API_ERROR_RECOVERY_RESET_MS);
+
+    const nextState = shouldReset
+      ? {
+          signature,
+          continueAttempts: 0,
+          lastErrorAt: now,
+          cooldownUntil: 0,
+        }
+      : {
+          ...current,
+          signature,
+          lastErrorAt: now,
+        };
+
+    state.apiErrorRecovery = nextState;
+
+    if (Number(nextState.cooldownUntil || 0) > now) {
+      const remainingMs = Math.max(0, nextState.cooldownUntil - now);
+      return {
+        intervention: INTERVENTION.COOLDOWN,
+        reason: `Transient API failure on cooldown for ${Math.ceil(remainingMs / 60000)} minute(s) before retrying the same thread.`,
+      };
+    }
+
+    if (nextState.continueAttempts < API_ERROR_CONTINUE_COOLDOWNS_MS.length) {
+      const cooldownMs = API_ERROR_CONTINUE_COOLDOWNS_MS[nextState.continueAttempts];
+      return {
+        intervention: INTERVENTION.CONTINUE_SIGNAL,
+        reason: `Transient API failure — continue the current thread and back off for ${Math.ceil(cooldownMs / 60000)} minute(s) if it repeats.`,
+      };
+    }
+
+    const ladder = INTERVENTION_LADDER[SITUATION.API_ERROR] || [INTERVENTION.BLOCK_AND_NOTIFY];
+    const escalationIndex = Math.min(
+      nextState.continueAttempts - API_ERROR_CONTINUE_COOLDOWNS_MS.length,
+      ladder.length - 1,
+    );
+    const escalation = ladder[escalationIndex];
+    const escalationReason = escalation === INTERVENTION.FORCE_NEW_THREAD
+      ? "Repeated API failures survived 3 continue attempts — forcing a fresh thread."
+      : escalation === INTERVENTION.REDISPATCH_TASK
+        ? "Repeated API failures survived continue attempts and a fresh thread — redispatching the task."
+        : "Repeated API failures survived all automated recovery attempts — blocking for human review.";
+    return {
+      intervention: escalation,
+      reason: escalationReason,
+    };
+  }
+
+  _recordApiErrorContinue(taskId) {
+    const state = this._getTaskState(taskId);
+    if (!state?.apiErrorRecovery) return;
+    const attemptIndex = Math.min(
+      state.apiErrorRecovery.continueAttempts,
+      API_ERROR_CONTINUE_COOLDOWNS_MS.length - 1,
+    );
+    const cooldownMs = API_ERROR_CONTINUE_COOLDOWNS_MS[attemptIndex] || 0;
+    state.apiErrorRecovery = {
+      ...state.apiErrorRecovery,
+      continueAttempts: Number(state.apiErrorRecovery.continueAttempts || 0) + 1,
+      cooldownUntil: cooldownMs > 0 ? Date.now() + cooldownMs : 0,
+      lastErrorAt: Date.now(),
+    };
+  }
+
   _getTaskState(taskId) {
     return this._taskState.get(taskId) || null;
   }

package/infra/monitor.mjs

@@ -663,6 +663,7 @@ async function ensureWorkflowAutomationEngine() {
             "template-task-lifecycle",
             "template-task-finalization-guard",
             "template-agent-session-monitor",
+            "template-github-kanban-sync",
           ],
         });
         if (Number(reconcile?.autoUpdated || 0) > 0) {
@@ -673,6 +674,15 @@ async function ensureWorkflowAutomationEngine() {
                 : ""),
           );
         }
+        if (
+          typeof engine.load === "function" &&
+          (Number(reconcile?.autoUpdated || 0) > 0 ||
+            Number(reconcile?.metadataUpdated || 0) > 0 ||
+            (Array.isArray(reconcile?.updatedWorkflowIds) &&
+              reconcile.updatedWorkflowIds.length > 0))
+        ) {
+          engine.load();
+        }
       }
       for (const summary of engine.list?.() || []) {
         const installedFrom = String(summary?.metadata?.installedFrom || "").trim();
@@ -724,6 +734,13 @@ async function ensureWorkflowAutomationEngine() {
           );
         }
       }
+
+      // Resume runs paused by a previous monitor shutdown after services are wired.
+      if (typeof engine.resumeInterruptedRuns === "function") {
+        engine.resumeInterruptedRuns().catch((err) => {
+          console.warn(`[workflows] Failed to resume interrupted runs: ${err?.message || err}`);
+        });
+      }
       workflowAutomationInitDone = true;
       return engine;
     } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bosun",
-  "version": "0.41.3",
+  "version": "0.41.5",
   "description": "Bosun Autonomous Engineering — manages AI agent executors with failover, extremely powerful workflow builder, and a massive amount of included default workflow templates for autonomous engineering, creates PRs via Vibe-Kanban API, and sends Telegram notifications. Supports N executors with weighted distribution, multi-repo projects, and auto-setup.",
   "type": "module",
   "license": "Apache-2.0",

package/server/setup-web-server.mjs

@@ -39,6 +39,61 @@ function trimTrailingSlashes(value) {
   return out;
 }
 
+function isAzureOpenAIHost(value) {
+  try {
+    const parsed = value instanceof URL ? value : new URL(String(value || "").trim());
+    const host = String(parsed.hostname || "").toLowerCase();
+    return host === "openai.azure.com" || host.endsWith(".openai.azure.com");
+  } catch {
+    return false;
+  }
+}
+
+function buildModelsProbeRequest({ apiKey = "", baseUrl = "" } = {}) {
+  const trimmedBase = String(baseUrl || "").trim();
+  const fallbackBase = "https://api.openai.com";
+  const headers = { "Content-Type": "application/json" };
+
+  try {
+    const parsed = new URL(trimmedBase || fallbackBase);
+    const pathname = trimTrailingSlashes(parsed.pathname || "");
+    const lowerPath = pathname.toLowerCase();
+    const isAzure = isAzureOpenAIHost(parsed);
+
+    if (apiKey) {
+      if (isAzure) headers["api-key"] = apiKey;
+      else headers.Authorization = `Bearer ${apiKey}`;
+    }
+
+    if (lowerPath.endsWith("/models")) {
+      return { endpoint: parsed.toString(), headers };
+    }
+
+    if (isAzure || lowerPath === "/openai" || lowerPath.startsWith("/openai/")) {
+      parsed.pathname = "/openai/models";
+      if (!parsed.searchParams.has("api-version")) {
+        parsed.searchParams.set("api-version", "2024-10-21");
+      }
+      return { endpoint: parsed.toString(), headers };
+    }
+
+    const v1Match = lowerPath.match(/^(.*\/v1)(?:\/.*)?$/);
+    if (v1Match) {
+      parsed.pathname = `${v1Match[1]}/models`;
+      parsed.search = "";
+      return { endpoint: parsed.toString(), headers };
+    }
+
+    parsed.pathname = `${pathname || ""}/v1/models`;
+    parsed.search = "";
+    return { endpoint: parsed.toString(), headers };
+  } catch {
+    const resolvedBase = trimTrailingSlashes(trimmedBase || fallbackBase);
+    if (apiKey) headers.Authorization = `Bearer ${apiKey}`;
+    return { endpoint: `${resolvedBase}/v1/models`, headers };
+  }
+}
+
 
 // ── Vendor file serving (hoisting-safe) ───────────────────────────────────────────
 // Resolution order:
@@ -1750,13 +1805,9 @@ async function handleModelsProbe(body) {
   }
 
   // For OpenAI / compatible endpoints, try GET /v1/models
-  const resolvedBase = trimTrailingSlashes(baseUrl || "https://api.openai.com");
-  const endpoint = `${resolvedBase}/v1/models`;
+  const { endpoint, headers } = buildModelsProbeRequest({ apiKey, baseUrl });
 
   try {
-    const headers = { "Content-Type": "application/json" };
-    if (apiKey) headers["Authorization"] = `Bearer ${apiKey}`;
-
     const controller = new AbortController();
     const timeout = setTimeout(() => controller.abort(), 8000);
 
@@ -3008,7 +3059,9 @@ export async function startSetupServer(options = {}) {
 export {
   applyTelegramMiniAppSetupEnv,
   applyNonBlockingSetupEnvDefaults,
+  buildModelsProbeRequest,
   handleTelegramChatIdLookup,
+  isAzureOpenAIHost,
   normalizeWorkflowTemplateOverrides,
   normalizeTelegramUiPort,
   normalizeRepoConfigEntry,

package/server/ui-server.mjs

@@ -7032,13 +7032,58 @@ function extractSafeErrorMessage(payload) {
   return "Internal server error";
 }
 
+function createRequestDiagnosticId() {
+  return `req_${randomBytes(6).toString("hex")}`;
+}
+
+function ensureResponseDiagnosticId(res) {
+  if (!res || typeof res !== "object") return createRequestDiagnosticId();
+  if (!res.__bosunDiagnosticId) {
+    res.__bosunDiagnosticId = createRequestDiagnosticId();
+  }
+  return res.__bosunDiagnosticId;
+}
+
+function describePayloadForErrorLog(payload, depth = 0) {
+  if (payload instanceof Error) {
+    const described = {
+      name: String(payload.name || "Error"),
+      message: String(payload.message || ""),
+    };
+    if (payload.stack) described.stack = String(payload.stack);
+    if (payload.code != null) described.code = String(payload.code);
+    if (depth < 3 && payload.cause) {
+      described.cause = describePayloadForErrorLog(payload.cause, depth + 1);
+    }
+    return described;
+  }
+  return makeJsonSafe(payload, { maxDepth: 6 });
+}
+
+function logJsonFailure(res, statusCode, payload, diagnosticId) {
+  const requestContext = res?.__bosunRequestContext || {};
+  console.error("[ui-server] request failed", {
+    diagnosticId,
+    statusCode,
+    method: requestContext.method || null,
+    path: requestContext.path || null,
+    query: requestContext.query || "",
+    payload: describePayloadForErrorLog(payload),
+  });
+}
+
 function jsonResponse(res, statusCode, payload) {
+  const diagnosticId = statusCode >= 500 ? ensureResponseDiagnosticId(res) : null;
+  if (statusCode >= 500) {
+    logJsonFailure(res, statusCode, payload, diagnosticId);
+  }
   const normalizedPayload = normalizeJsonResponsePayload(payload);
   const safePayload =
     statusCode >= 500
       ? {
           ok: false,
           error: extractSafeErrorMessage(normalizedPayload),
+          diagnosticId,
         }
       : normalizedPayload;
   const body = JSON.stringify(safePayload, null, 2);
@@ -7890,6 +7935,129 @@ function withTaskRuntimeSnapshot(task) {
   };
 }
 
+function normalizeTaskDiagnosticText(value) {
+  const text = String(value || "").trim();
+  return text ? text.replace(/\s+/g, " ") : "";
+}
+
+function buildTaskStableCause(task, supervisorDiagnostics = null) {
+  const lastError = normalizeTaskDiagnosticText(task?.lastError || "");
+  const blockedReason = normalizeTaskDiagnosticText(task?.blockedReason || "");
+  const errorPattern = String(task?.errorPattern || "").trim().toLowerCase();
+  const apiErrorRecovery = supervisorDiagnostics?.apiErrorRecovery || null;
+  const apiSignature = normalizeTaskDiagnosticText(apiErrorRecovery?.signature || "");
+  const lastErrorLower = lastError.toLowerCase();
+  const blockedReasonLower = blockedReason.toLowerCase();
+
+  if (lastErrorLower.includes("codex resume timeout")) {
+    return {
+      code: "codex_resume_timeout",
+      title: "Codex resume timed out",
+      severity: "warning",
+      summary: "Bosun timed out while resuming a cached Codex thread and will start fresh on the next attempt.",
+    };
+  }
+  if (
+    lastErrorLower.includes("invalid_encrypted_content") ||
+    lastErrorLower.includes("state db missing rollout path") ||
+    lastErrorLower.includes("could not be verified") ||
+    lastErrorLower.includes("tool_call_id")
+  ) {
+    return {
+      code: "codex_resume_corrupted_state",
+      title: "Codex resume state is corrupted",
+      severity: "error",
+      summary: "Bosun detected poisoned Codex thread metadata and will discard the cached resume state.",
+    };
+  }
+  if (errorPattern === "rate_limit") {
+    return {
+      code: "agent_rate_limit",
+      title: "Agent is rate limited",
+      severity: "warning",
+      summary: "The assigned agent hit a rate limit and Bosun is waiting before retrying.",
+    };
+  }
+  if (errorPattern === "token_overflow") {
+    return {
+      code: "token_overflow",
+      title: "Context window exhausted",
+      severity: "error",
+      summary: "The current task exceeded the model context budget and needs a smaller prompt or a fresh session.",
+    };
+  }
+  if (errorPattern === "api_error" || apiErrorRecovery) {
+    return {
+      code: Number(apiErrorRecovery?.cooldownUntil || 0) > Date.now()
+        ? "api_error_cooldown"
+        : "api_error_recovery",
+      title: "Transient API failure",
+      severity: "warning",
+      summary: "Bosun detected a backend API failure and is applying the task-level recovery ladder before escalating.",
+    };
+  }
+  if (blockedReason && blockedReasonLower.includes("dependency")) {
+    return {
+      code: "dependency_blocked",
+      title: "Dependency is still blocked",
+      severity: "warning",
+      summary: "Bosun is holding this task until one or more dependencies finish.",
+    };
+  }
+  if (blockedReason) {
+    return {
+      code: "task_blocked",
+      title: "Task is blocked",
+      severity: "warning",
+      summary: "Bosun recorded a blocking condition for this task and will not dispatch it until the condition clears.",
+    };
+  }
+  if (lastError || apiSignature) {
+    return {
+      code: "agent_runtime_error",
+      title: "Agent runtime error",
+      severity: "error",
+      summary: "Bosun recorded an agent-side runtime failure for this task.",
+    };
+  }
+  return null;
+}
+
+function buildTaskDiagnostics(task, supervisorDiagnostics = null) {
+  if (!task || typeof task !== "object") return null;
+  const apiErrorRecovery = supervisorDiagnostics?.apiErrorRecovery
+    ? makeJsonSafe(supervisorDiagnostics.apiErrorRecovery, { maxDepth: 4 })
+    : null;
+  const diagnostics = {
+    stableCause: buildTaskStableCause(task, supervisorDiagnostics),
+    lastError: normalizeTaskDiagnosticText(task?.lastError || "") || null,
+    errorPattern: normalizeTaskDiagnosticText(task?.errorPattern || "") || null,
+    blockedReason: normalizeTaskDiagnosticText(task?.blockedReason || "") || null,
+    cooldownUntil: task?.cooldownUntil || apiErrorRecovery?.cooldownUntil || null,
+    supervisor: supervisorDiagnostics
+      ? {
+          interventionCount: Number(supervisorDiagnostics.interventionCount || 0),
+          lastIntervention: supervisorDiagnostics.lastIntervention || null,
+          lastDecision: supervisorDiagnostics.lastDecision
+            ? makeJsonSafe(supervisorDiagnostics.lastDecision, { maxDepth: 3 })
+            : null,
+          apiErrorRecovery,
+        }
+      : null,
+  };
+  if (
+    !diagnostics.stableCause &&
+    !diagnostics.lastError &&
+    !diagnostics.errorPattern &&
+    !diagnostics.blockedReason &&
+    !diagnostics.cooldownUntil &&
+    !diagnostics.supervisor
+  ) {
+    return null;
+  }
+  return diagnostics;
+}
+
 async function maybeStartTaskFromLifecycleAction({
   taskId,
   updatedTask,
@@ -11364,6 +11532,12 @@ async function handleApi(req, res, url) {
           reqUrl: url,
           adapter,
         });
+        const supervisor = typeof uiDeps.getAgentSupervisor === "function"
+          ? uiDeps.getAgentSupervisor()
+          : null;
+        const supervisorDiagnostics = typeof supervisor?.getTaskDiagnostics === "function"
+          ? supervisor.getTaskDiagnostics(detailTask.id)
+          : null;
 
         const sprintId = resolveTaskSprintId(detailTask);
         const sprintDag = includeDag && sprintId ? await getSprintDagData(sprintId) : null;
@@ -11373,6 +11547,7 @@ async function handleApi(req, res, url) {
           workflowRuns: mergedWorkflowRuns,
           workspaceDir: workspaceContext?.workspaceDir || repoRoot,
         });
+        const diagnostics = buildTaskDiagnostics(detailTask, supervisorDiagnostics);
 
         detailTask.meta = {
           ...(detailTask.meta || {}),
@@ -11381,6 +11556,7 @@ async function handleApi(req, res, url) {
           timelineCount: Array.isArray(detailTask.timeline) ? detailTask.timeline.length : 0,
           canStart,
           blockedContext,
+          ...(diagnostics ? { diagnostics } : {}),
           ...(sprintId ? { sprintId } : {}),
           ...(sprintDag ? { sprintDag: sprintDag.data } : {}),
           ...(globalDag ? { dagOfDags: globalDag.data } : {}),
@@ -11389,6 +11565,7 @@ async function handleApi(req, res, url) {
         if (globalDag) detailTask.dagOfDags = globalDag.data;
         detailTask.canStart = canStart;
         detailTask.blockedContext = blockedContext;
+        if (diagnostics) detailTask.diagnostics = diagnostics;
         detailTask = withTaskRuntimeSnapshot(detailTask);
       }
       jsonResponse(res, 200, { ok: true, data: detailTask });
@@ -19169,8 +19346,16 @@ export async function startTelegramUiServer(options = {}) {
       req.url || "/",
       `http://${req.headers.host || "localhost"}`,
     );
+    res.__bosunRequestContext = {
+      diagnosticId: ensureResponseDiagnosticId(res),
+      method: String(req?.method || "GET").toUpperCase(),
+      path: url.pathname,
+      query: url.search || "",
+    };
     const webhookPath = getGitHubWebhookPath();
 
+    try {
+
     // Token exchange: ?token=<hex> → set session cookie and redirect to clean URL
     const qToken = url.searchParams.get("token");
     if (qToken && sessionToken) {
@@ -19312,6 +19497,21 @@ export async function startTelegramUiServer(options = {}) {
       }
     }
     await handleStatic(req, res, url);
+    } catch (err) {
+      if (res.headersSent) {
+        console.error("[ui-server] unhandled request failure after headers sent", {
+          diagnosticId: ensureResponseDiagnosticId(res),
+          payload: describePayloadForErrorLog(err),
+        });
+        try {
+          res.destroy?.(err);
+        } catch {
+          /* best effort */
+        }
+        return;
+      }
+      jsonResponse(res, 500, err);
+    }
   };
 
   try {

package/tools/syntax-check.mjs

@@ -54,7 +54,14 @@ function validateModuleSyntax(filePath) {
 function validateBrowserModuleSyntax(filePath) {
   const source = readFileSync(filePath, "utf8");
   const mod = new vm.SourceTextModule(source, { identifier: filePath });
-  if (typeof mod.hasTopLevelAwait === "function" && mod.hasTopLevelAwait()) {
+  let hasTLA = false;
+  const tlaProp = mod.hasTopLevelAwait;
+  if (typeof tlaProp === "function") {
+    hasTLA = !!tlaProp.call(mod);
+  } else if (typeof tlaProp === "boolean") {
+    hasTLA = tlaProp;
+  }
+  if (hasTLA) {
     throw new Error(
       "Top-level await is not allowed in browser-served modules because embedded WebViews can fail with 'Unexpected reserved word'.",
     );