codex-overleaf-link 1.3.7 → 1.3.9

package/extension/src/shared/storageDb.js

@@ -41,7 +41,8 @@
   var VALID_TRACKED_CHANGE_STATUSES = {
     pending: true,
     accepted: true,
-    rejected: true
+    rejected: true,
+    needs_review: true
   };
   var SECRET_REDACTION_PATTERNS = [
     /-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z0-9 ]*PRIVATE KEY-----/g,
@@ -237,6 +238,27 @@
   function buildSessionRecord(input) {
     var now = new Date().toISOString();
     var titleSource = input.titleSource === 'manual' ? 'manual' : 'auto';
+    var updatedAt = typeof input.updatedAt === 'string' ? input.updatedAt : now;
+    // Welcome-panel + write-guard: persist the four
+    // Recent-projects fields on every session record so the cross-project
+    // query (`listRecentProjectsAcrossAccount`) can filter / sort / render
+    // without touching the raw `task` text.
+    //
+    // `accountScopeId` is derived via the page-side injection point — T4
+    // installs the real implementation on `window.codexOverleafDeriveAccountScopeId`.
+    // For T3 the fallback is `() => null`; records persisted with a null scope
+    // surface `accountScopeUnavailable: true` and are filtered out of the
+    // cross-project query (spec §5.2 degraded mode).
+    var safeTaskSummary = typeof input.safeTaskSummary === 'string'
+      ? input.safeTaskSummary
+      : deriveSafeTaskSummaryFromInput(input);
+    var accountScopeId = resolveAccountScopeId(input);
+    var accountScopeUnavailable = typeof input.accountScopeUnavailable === 'boolean'
+      ? input.accountScopeUnavailable
+      : !accountScopeId;
+    var lastActivityAt = typeof input.lastActivityAt === 'string' && input.lastActivityAt
+      ? input.lastActivityAt
+      : updatedAt;
     return {
       id: input.id || generateId('ses'),
       projectId: input.projectId || '',
@@ -254,10 +276,77 @@
       speedTier: typeof input.speedTier === 'string' ? input.speedTier : '',
       requireReviewing: input.requireReviewing !== false,
       createdAt: typeof input.createdAt === 'string' ? input.createdAt : now,
-      updatedAt: typeof input.updatedAt === 'string' ? input.updatedAt : now
+      updatedAt: updatedAt,
+      lastActivityAt: lastActivityAt,
+      accountScopeId: accountScopeId,
+      accountScopeUnavailable: accountScopeUnavailable,
+      safeTaskSummary: safeTaskSummary
     };
   }
 
+  function resolveAccountScopeId(input) {
+    if (input && typeof input.accountScopeId === 'string' && input.accountScopeId) {
+      return input.accountScopeId;
+    }
+    var globalScope = typeof globalThis !== 'undefined' ? globalThis : (typeof window !== 'undefined' ? window : null);
+    var derive = globalScope && globalScope.window && globalScope.window.codexOverleafDeriveAccountScopeId;
+    if (!(derive instanceof Function)) {
+      // No injection installed (T3 fallback): tests + early page-load reads
+      // both land here. Returning `null` puts the session in degraded mode
+      // and excludes it from the cross-project query.
+      return null;
+    }
+    try {
+      var value = derive();
+      return typeof value === 'string' && value ? value : null;
+    } catch (_error) {
+      return null;
+    }
+  }
+
+  function deriveSafeTaskSummaryFromInput(input) {
+    var SessionState = loadSessionState();
+    if (!SessionState || !(SessionState.computeSafeTaskSummary instanceof Function)) {
+      return '';
+    }
+    var task = typeof input.task === 'string' && input.task ? input.task : '';
+    if (!task && Array.isArray(input.runs) && input.runs.length) {
+      var firstRun = input.runs[0];
+      if (firstRun && typeof firstRun.task === 'string') {
+        task = firstRun.task;
+      }
+    }
+    return SessionState.computeSafeTaskSummary(task);
+  }
+
+  // Module-local lazy require of the sibling sessionState module. CommonJS
+  // resolves once; subsequent calls hit the require cache. We avoid an import
+  // at the top of the file so the module surface remains friendly to the
+  // page-side IIFE wrapper (no `require` available in that context — the page
+  // build uses the global `CodexOverleafSessionState` via the IIFE branch).
+  var _sessionStateCache = null;
+  function loadSessionState() {
+    if (_sessionStateCache !== null) {
+      return _sessionStateCache || null;
+    }
+    var globalScope = typeof globalThis !== 'undefined' ? globalThis : (typeof window !== 'undefined' ? window : null);
+    if (globalScope && globalScope.CodexOverleafSessionState) {
+      _sessionStateCache = globalScope.CodexOverleafSessionState;
+      return _sessionStateCache;
+    }
+    if (typeof require === 'function') {
+      try {
+        _sessionStateCache = require('./sessionState');
+        return _sessionStateCache;
+      } catch (_error) {
+        _sessionStateCache = false;
+        return null;
+      }
+    }
+    _sessionStateCache = false;
+    return null;
+  }
+
   function buildTurnRecord(input) {
     var now = new Date().toISOString();
     return {
@@ -556,6 +645,7 @@
       speedTier: typeof run.speedTier === 'string' ? redactSecretLikeText(run.speedTier) : '',
       status: normalizeRunStatus(run.status),
       statusText: normalizeDisplayTextForStorage(run.statusText, SESSION_STORAGE_LIMITS.statusTextChars),
+      runProjectId: normalizeProjectPrefKey(run.runProjectId),
       startedAt: typeof run.startedAt === 'string' ? redactSecretLikeText(run.startedAt) : '',
       finishedAt: typeof run.finishedAt === 'string' ? redactSecretLikeText(run.finishedAt) : '',
       events: compactRunEventsForStorage(run.events),
@@ -755,7 +845,19 @@
   }
 
   function normalizeRunStatus(status) {
-    return ['running', 'completed', 'failed'].indexOf(status) !== -1 ? status : 'completed';
+    // Welcome-panel + write-guard: the run-status
+    // enum gained three post-navigation values. The storage normalizer must
+    // accept them so a settled run round-trips intact through `buildSessionRecord`.
+    // Unknown legacy values fall through to `completed` (the historical default).
+    return [
+      'pending',
+      'running',
+      'completed',
+      'failed',
+      'background_completed',
+      'needs_review_after_navigation',
+      'abandoned_after_navigation'
+    ].indexOf(status) !== -1 ? status : 'completed';
   }
 
   function normalizeEventStatus(status) {
@@ -963,6 +1065,113 @@
     return result;
   }
 
+  // Welcome-panel + write-guard: the Recent-projects
+  // dashboard variant calls `listRecentProjectsAcrossAccount` to get the
+  // sorted, deduped, capped list of projects in the current account scope.
+  //
+  // Contract (spec §5.6.1):
+  //   Input:  { accountScopeId: string, limit?: number = 10 }
+  //   Output: Array<{ projectId, lastActivityAt, safeTaskSummary, primaryStatusBadge }>
+  //
+  // Fail-closed: if `accountScopeId` is falsy, returns `[]`. This is the
+  // privacy floor — degraded mode must never leak across accounts.
+  //
+  // Implementation: full scan of the sessions store, group by `projectId`,
+  // keep the row with the largest `lastActivityAt`, sort desc, cap at
+  // `limit`. Full scan is acceptable for v1 given the small session count
+  // (max ~12 per project × small number of projects). A future index on
+  // `accountScopeId + lastActivityAt` is possible without a contract change.
+  function listRecentProjectsAcrossAccount(options) {
+    var accountScopeId = options && options.accountScopeId;
+    var limit = options && Number.isFinite(options.limit) ? options.limit : 10;
+    if (!accountScopeId) {
+      return Promise.resolve([]);
+    }
+    return getAllSessions().then(function (all) {
+      return filterRecentProjectsAcrossAccount(all, { accountScopeId: accountScopeId, limit: limit });
+    });
+  }
+
+  // Pure helper extracted from `listRecentProjectsAcrossAccount` so the
+  // filtering / dedupe / sort / cap behavior can be tested without an
+  // IndexedDB stub. Same contract as the async wrapper; takes the raw session
+  // records as an array instead of opening the database.
+  function filterRecentProjectsAcrossAccount(sessions, options) {
+    var accountScopeId = options && options.accountScopeId;
+    var limit = options && Number.isFinite(options.limit) ? options.limit : 10;
+    if (!accountScopeId) {
+      return [];
+    }
+    var byProject = {}; // projectId → session
+    var all = Array.isArray(sessions) ? sessions : [];
+    for (var i = 0; i < all.length; i++) {
+      var s = all[i];
+      if (!s) continue;
+      if (s.accountScopeId !== accountScopeId) continue;
+      if (typeof s.lastActivityAt !== 'string' || !s.lastActivityAt) continue;
+      if (typeof s.projectId !== 'string' || !s.projectId) continue;
+      var prev = byProject[s.projectId];
+      if (!prev || prev.lastActivityAt < s.lastActivityAt) {
+        byProject[s.projectId] = s;
+      }
+    }
+    var survivors = [];
+    var keys = Object.keys(byProject);
+    for (var j = 0; j < keys.length; j++) {
+      survivors.push(byProject[keys[j]]);
+    }
+    survivors.sort(function (a, b) {
+      return b.lastActivityAt.localeCompare(a.lastActivityAt);
+    });
+    var rows = [];
+    for (var k = 0; k < survivors.length && k < limit; k++) {
+      var session = survivors[k];
+      rows.push({
+        projectId: session.projectId,
+        lastActivityAt: session.lastActivityAt,
+        safeTaskSummary: typeof session.safeTaskSummary === 'string' ? session.safeTaskSummary : '',
+        primaryStatusBadge: derivePrimaryStatusBadge(session)
+      });
+    }
+    return rows;
+  }
+
+  // Per spec §5.10:
+  //   1. trackedChangeStatus if set (pending/accepted/rejected/needs_review)
+  //   2. else run status (running/completed/failed/background_completed/
+  //                       needs_review_after_navigation/abandoned_after_navigation)
+  //   3. fallback `pending`.
+  function derivePrimaryStatusBadge(session) {
+    var runs = session && Array.isArray(session.runs) ? session.runs : [];
+    if (!runs.length) return 'pending';
+    var latestRun = runs[runs.length - 1];
+    if (!latestRun) return 'pending';
+    if (typeof latestRun.trackedChangeStatus === 'string' && latestRun.trackedChangeStatus) {
+      return latestRun.trackedChangeStatus;
+    }
+    if (typeof latestRun.status === 'string' && latestRun.status) {
+      return latestRun.status;
+    }
+    return 'pending';
+  }
+
+  // Full scan of the sessions store, used by the cross-project query above.
+  // We deliberately do not go through `getAllByIndex` because the existing
+  // session indexes are keyed by `projectId` / `updatedAt` — neither matches
+  // the account-scope filter. A direct `getAll` over the whole store is the
+  // simplest correct read.
+  function getAllSessions() {
+    return openDb().then(function (db) {
+      return new Promise(function (resolve, reject) {
+        var tx = db.transaction('sessions', 'readonly');
+        var store = tx.objectStore('sessions');
+        var request = store.getAll();
+        request.onsuccess = function (event) { resolve(event.target.result || []); };
+        request.onerror = function (event) { reject(event.target.error); };
+      });
+    });
+  }
+
   function buildActiveSessionByProject(existing, projectId, sessionId) {
     var result = {};
     if (existing && typeof existing === 'object') {
@@ -1068,6 +1277,10 @@
     buildAuditLogRecord: buildAuditLogRecord,
     extractLightweightPrefs: extractLightweightPrefs,
     buildActiveSessionByProject: buildActiveSessionByProject,
-    createEventBuffer: createEventBuffer
+    createEventBuffer: createEventBuffer,
+    listRecentProjectsAcrossAccount: listRecentProjectsAcrossAccount,
+    filterRecentProjectsAcrossAccount: filterRecentProjectsAcrossAccount,
+    derivePrimaryStatusBadge: derivePrimaryStatusBadge,
+    getAllSessions: getAllSessions
   };
 });

package/native-host/src/codexPromptAssembly.js

@@ -193,11 +193,15 @@ function formatWriteExpectation({ mode = 'auto', task = '', skillInvocation = nu
     return '- This is read-only. Inspect and explain; do not edit files.';
   }
   if (requestImpliesFileChanges(task)) {
-    return [
+    const lines = [
       '- The request asks for file changes. You must edit the local workspace when you find concrete fixes.',
       '- Do not stop at a suggestion list or say you will not modify files unless no safe concrete edit exists.',
       '- If you intentionally leave files unchanged, explain the specific blocker in the final answer.'
-    ].join('\n');
+    ];
+    if (requestTargetsAbstract(task)) {
+      lines.push('- The request targets the abstract/summary. Locate the LaTeX abstract environment or summary paragraph and edit that local project file directly.');
+    }
+    return lines.join('\n');
   }
   return [
     '- This mode can write. If the request asks for corrections, revisions, fixes, polishing, updates, or implementation, edit the local workspace directly.',
@@ -209,6 +213,10 @@ function requestImpliesFileChanges(task = '') {
   return /修正|修复|修改|改[一-龥]*|完善|补全|补充|润色|重写|改写|整理|调整|应用|写入|fix|correct|repair|revise|edit|update|rewrite|polish|improve|apply/i.test(String(task || ''));
 }
 
+function requestTargetsAbstract(task = '') {
+  return /摘要|abstract|summary/i.test(String(task || ''));
+}
+
 function normalizeFocusFiles(value) {
   const seen = new Set();
   const files = [];

package/native-host/src/codexSessionRunner.js

@@ -677,9 +677,23 @@ function runCodexAppServerSession(input) {
     const assistantMessages = new Map();
     const assistantMessageOrder = [];
     let settled = false;
+    // Two-layer timeout strategy:
+    //   1. Optional absolute deadline (CODEX_OVERLEAF_CODEX_TIMEOUT_MS) —
+    //      legacy override; off by default. When set, the whole run must
+    //      finish within that envelope.
+    //   2. Idle watchdog — fires after a stretch of silence from the
+    //      app-server (no stdout / no messages). Default 10 minutes; the
+    //      runtime resets it on every incoming line and on every outgoing
+    //      request. This catches the failure mode where Codex sends
+    //      turn/started, then hangs without ever emitting completed/error
+    //      and the project lock would otherwise be held forever.
     const timeout = createOptionalTimeout(childEnv.CODEX_OVERLEAF_CODEX_TIMEOUT_MS, timeoutMs => {
       fail(new Error(`Codex app-server did not complete within configured timeout (${timeoutMs}ms)`));
     });
+    const idleTimeoutMs = parseOptionalPositiveInteger(childEnv.CODEX_OVERLEAF_CODEX_IDLE_TIMEOUT_MS) || 600000;
+    const idleWatchdog = createCodexIdleWatchdog(idleTimeoutMs, ms => {
+      fail(new Error(`Codex app-server produced no events for ${ms}ms (idle watchdog); the run was aborted to release the project lock.`));
+    });
     const onAbort = () => {
       fail(getAbortReason(input.signal));
     };
@@ -688,6 +702,7 @@ function runCodexAppServerSession(input) {
     child.stdout.setEncoding('utf8');
     child.stderr.setEncoding('utf8');
     child.stdout.on('data', chunk => {
+      idleWatchdog.reset();
       stdoutBuffer += chunk;
       const lines = stdoutBuffer.split(/\r?\n/);
       stdoutBuffer = lines.pop() || '';
@@ -821,13 +836,22 @@ function runCodexAppServerSession(input) {
 
       if (message.method) {
         recordAssistantMessage(message);
-        emitCodexEvent(input.emit, 'codex.session.event', message.method, {
+        // For `error` events surface the actual error text as the visible
+        // title so the run timeline reads "Reconnecting... 2/5" instead of
+        // a generic "error". Other methods continue to use the method name.
+        const eventTitle = message.method === 'error'
+          ? (extractCodexAppServerErrorMessage(message.params) || message.method)
+          : message.method;
+        emitCodexEvent(input.emit, 'codex.session.event', eventTitle, {
           method: message.method,
           params: message.params || {}
         }, inferNotificationStatus(message));
         if (message.method === 'turn/completed' && (!activeTurnId || message.params?.turn?.id === activeTurnId || message.params?.turnId === activeTurnId)) {
           succeed();
         }
+        if (message.method === 'error' && isTransientCodexAppServerError(message.params)) {
+          return;
+        }
         if (message.method === 'error') {
           fail(new Error(message.params?.error?.message || 'Codex turn failed'));
         }
@@ -915,6 +939,7 @@ function runCodexAppServerSession(input) {
 
     function cleanup() {
       timeout.cancel();
+      idleWatchdog.cancel();
       input.signal?.removeEventListener('abort', onAbort);
     }
   });
@@ -1132,6 +1157,30 @@ function createOptionalTimeout(value, onTimeout) {
   };
 }
 
+// Idle-style watchdog: fires only after the app-server has been silent for
+// `idleMs`. Callers must invoke .reset() on every signal of liveness
+// (incoming line, outgoing request). cancel() stops the timer on settle.
+// Returns no-op when idleMs is non-positive (defensive guard against bad env
+// var values).
+function createCodexIdleWatchdog(idleMs, onIdle) {
+  if (!(idleMs > 0)) {
+    return {
+      reset() {},
+      cancel() {}
+    };
+  }
+  let timer = setTimeout(() => onIdle(idleMs), idleMs);
+  return {
+    reset() {
+      clearTimeout(timer);
+      timer = setTimeout(() => onIdle(idleMs), idleMs);
+    },
+    cancel() {
+      clearTimeout(timer);
+    }
+  };
+}
+
 function parseOptionalPositiveInteger(value) {
   if (value === undefined || value === null || value === '') {
     return 0;
@@ -1211,12 +1260,35 @@ function emitCodexEvent(emit, type, title, detail = {}, status = 'running') {
 }
 
 function inferNotificationStatus(message) {
+  if (message.method === 'error' && isTransientCodexAppServerError(message.params)) {
+    return 'warning';
+  }
   if (/completed|updated|delta|started/.test(message.method || '')) {
     return /completed/.test(message.method || '') ? 'completed' : 'running';
   }
   return 'running';
 }
 
+function isTransientCodexAppServerError(params = {}) {
+  const message = extractCodexAppServerErrorMessage(params);
+  return /^Reconnecting(?:\.\.\.|…)?\s+\d+\s*\/\s*\d+\.?$/i.test(message);
+}
+
+function extractCodexAppServerErrorMessage(params = {}) {
+  const candidates = [
+    params?.error?.message,
+    params?.message,
+    params?.title,
+    params?.error
+  ];
+  for (const candidate of candidates) {
+    if (typeof candidate === 'string' && candidate.trim()) {
+      return candidate.trim();
+    }
+  }
+  return '';
+}
+
 function normalizeReasoningEffort(value) {
   return ['none', 'minimal', 'low', 'medium', 'high', 'xhigh'].includes(value) ? value : null;
 }

package/native-host/src/taskRunnerRuntime.js

@@ -25,6 +25,11 @@ const { version: PACKAGE_VERSION } = require('../../package.json');
 
 const activeProjectLocks = new Map();
 const activeRunControllers = new Map();
+// Parallel index of active runs by projectKey so codex.cancel can find a
+// controller even when the original request id is unknown (e.g. after the
+// Overleaf tab was reloaded — the requestId lived in content-side JS state
+// and is gone, but the native-host-side controller is still running).
+const activeRunByProject = new Map();
 const pendingPlans = new Map();
 const PENDING_PLAN_TTL_MS = 30 * 60 * 1000;
 const CODEX_RUN_PASSTHROUGH_ERROR_CODES = new Set(['thread_resume_failed']);
@@ -138,6 +143,7 @@ async function handleCodexRun(request, env, emit) {
   const abortController = new AbortController();
   if (request.id) {
     activeRunControllers.set(request.id, abortController);
+    activeRunByProject.set(projectKey, { id: request.id, controller: abortController });
   }
   try {
     if (params.useExistingMirror) {
@@ -213,24 +219,63 @@ async function handleCodexRun(request, env, emit) {
     if (request.id && activeRunControllers.get(request.id) === abortController) {
       activeRunControllers.delete(request.id);
     }
+    if (activeRunByProject.get(projectKey)?.controller === abortController) {
+      activeRunByProject.delete(projectKey);
+    }
     releaseProjectLock(projectKey, lockToken);
   }
 }
 
+// Cancel paths, in priority order:
+//   1. By requestId (legacy + primary, when the caller still has it)
+//   2. By projectKey (after page refresh — requestId is lost but projectKey
+//      is derivable from the Overleaf URL)
+//   3. Force-release the project lock when no controller is registered for
+//      the given projectKey. Covers the zombie-lock case where a previous
+//      run leaked the lock (unhandled error path, process bug, etc.) and
+//      the user otherwise has no way to recover short of restarting Chrome.
+//      Only fires when `force: true` is explicitly set so accidental calls
+//      can't punch through a real live run.
 function handleCodexCancel(request) {
-  const targetId = request.params?.requestId || request.params?.id;
-  if (!targetId || !activeRunControllers.has(targetId)) {
+  const params = request.params || {};
+  const targetId = params.requestId || params.id;
+  const projectKey = typeof params.projectKey === 'string' ? params.projectKey : '';
+  const force = params.force === true;
+
+  if (targetId && activeRunControllers.has(targetId)) {
+    activeRunControllers.get(targetId).abort(createCancellationError());
     return okResponse(request.id, {
-      cancelled: false,
-      reason: 'No active Codex run matched the cancellation request'
+      cancelled: true,
+      requestId: targetId
     });
   }
 
-  const controller = activeRunControllers.get(targetId);
-  controller.abort(createCancellationError());
+  if (projectKey) {
+    const entry = activeRunByProject.get(projectKey);
+    if (entry?.controller) {
+      entry.controller.abort(createCancellationError());
+      return okResponse(request.id, {
+        cancelled: true,
+        projectKey,
+        requestId: entry.id || ''
+      });
+    }
+    if (force && activeProjectLocks.has(projectKey)) {
+      activeProjectLocks.delete(projectKey);
+      activeRunByProject.delete(projectKey);
+      logDebug('codex.cancel.force_released_zombie_lock', { projectKey });
+      return okResponse(request.id, {
+        cancelled: false,
+        lockReleased: true,
+        projectKey,
+        reason: 'No active controller; force-released the project lock entry'
+      });
+    }
+  }
+
   return okResponse(request.id, {
-    cancelled: true,
-    requestId: targetId
+    cancelled: false,
+    reason: 'No active Codex run matched the cancellation request'
   });
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-overleaf-link",
-  "version": "1.3.7",
+  "version": "1.3.9",
   "description": "Cross-platform Chrome bridge that connects Codex to the active Overleaf project.",
   "license": "MIT",
   "type": "commonjs",