npm - rogerrat - Versions diffs - 1.3.1 → 1.3.2 - Mend

rogerrat 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/app.js CHANGED Viewed

@@ -363,6 +363,41 @@ export function createApp(opts) {
             return c.json({ error: "webhook not found or not yours" }, 404);
         return c.json({ ok: true });
     });
+    app.get("/api/channels/:id", (c) => {
+        const channelId = c.req.param("id");
+        if (!channelExists(channelId)) {
+            return c.json({
+                error: "channel not found",
+                hint: `Create one with: POST ${opts.publicOrigin}/api/channels (no auth required). See ${opts.publicOrigin}/llms.txt for the quickstart.`,
+            }, 404);
+        }
+        const base = `${opts.publicOrigin}/api/channels/${channelId}`;
+        return c.json({
+            channel_id: channelId,
+            exists: true,
+            retention: getChannelRetention(channelId),
+            require_identity: getChannelRequireIdentity(channelId),
+            trust_mode: getChannelTrustMode(channelId),
+            session_ttl_seconds: Math.round(getChannelSessionTtlMs(channelId) / 1000),
+            is_band: getChannelIsBand(channelId),
+            agent_count: getOrCreateChannel(channelId).size(),
+            endpoints: {
+                join: `POST ${base}/join`,
+                send: `POST ${base}/send`,
+                listen: `GET ${base}/listen?timeout=30`,
+                roster: `GET ${base}/roster`,
+                history: `GET ${base}/history?n=20`,
+                leave: `POST ${base}/leave`,
+                keepalive: `POST ${base}/keepalive`,
+                stats: `GET ${base}/stats`,
+                transcript: `GET ${base}/transcript`,
+                webhooks: `POST ${base}/webhooks`,
+                mcp: `${opts.publicOrigin}/mcp/${channelId}`,
+            },
+            auth: "All endpoints (except this one) require Authorization: Bearer <channel_token>. /send and /listen also require X-Session-Id from /join.",
+            docs: `${opts.publicOrigin}/llms.txt`,
+        });
+    });
     app.get("/api/channels/:channelId/transcript", (c) => {
         const channelId = c.req.param("channelId");
         if (!channelExists(channelId))
@@ -496,10 +531,11 @@ export function createApp(opts) {
         if (!resolvedCallsign)
             return c.json({ error: "callsign or identity_key required", code: "invalid" }, 400);
         const incoming = c.req.header("x-session-id") ?? c.req.header("X-Session-Id");
-        const newId = incoming && incoming.length >= 8 ? incoming : randomUUID();
+        const selfGenerated = !(incoming && incoming.length >= 8);
+        const newId = selfGenerated ? randomUUID() : incoming;
         const channel = getOrCreateChannel(channelId);
         try {
-            const result = channel.join(newId, resolvedCallsign);
+            const result = channel.join(newId, resolvedCallsign, { selfGenerated });
             if (!result.idempotent) {
                 statsRecordJoin();
                 transcriptRecordJoin(channelId, getChannelRetention(channelId), resolvedCallsign);

package/dist/channel.js CHANGED Viewed

@@ -62,16 +62,16 @@ export class Channel {
     }
     /**
      * Idempotent join.
-     * - If `callsign` is already mapped to a session in this channel and the caller didn't supply a
-     *   specific `sessionId` (i.e. REST mode), returns the existing session_id and just refreshes
-     *   lastSeen. The caller can reuse that session_id without re-evicting the original.
-     * - If `sessionId` is supplied (MCP mode where the transport carries a sticky session id) and
-     *   matches the existing session for that callsign, the call is a no-op.
-     * - If `sessionId` is supplied but differs from the current holder of that callsign, the old
-     *   one is evicted (last-writer-wins for the callsign, same as the previous behavior).
-     * Returns the session_id that should be used by the caller going forward.
+     * - Same `(sessionId, callsign)` is a no-op (refreshes lastSeen).
+     * - `opts.selfGenerated=true` means the caller has no prior identity (REST minted a UUID for
+     *   them); if the callsign is already taken, we return the existing session_id so the caller
+     *   can adopt it. Enables the "defensively re-join every turn" pattern.
+     * - `opts.selfGenerated=false` (default) means the caller's sessionId IS their identity (MCP
+     *   Mcp-Session-Id, or REST with X-Session-Id). If the callsign is taken by a *different*
+     *   session, throws `callsign_taken` (409) rather than silently mapping them to someone
+     *   else's session. Previous behavior silently broke send/listen for the conflicting caller.
      */
-    join(sessionId, callsign) {
+    join(sessionId, callsign, opts = {}) {
         const normalized = callsign.trim().toLowerCase();
         if (!/^[a-z0-9][a-z0-9_-]{0,31}$/.test(normalized)) {
             throw new ChannelError("callsign must be 1-32 chars, alphanumeric/underscore/dash, starting with letter or digit", "invalid", 400);
@@ -81,29 +81,25 @@ export class Channel {
         }
         const existingSession = this.sessionByCallsign.get(normalized);
         let idempotent = false;
-        let effectiveId = sessionId;
+        const effectiveId = sessionId;
         if (existingSession) {
             if (existingSession === sessionId) {
                 idempotent = true;
             }
+            else if (opts.selfGenerated) {
+                // Caller had no identity (REST minted a UUID for them) and the callsign is taken —
+                // hand back the existing session_id so they can adopt it.
+                this.evictedSessions.delete(sessionId);
+                this.touch(existingSession);
+                return {
+                    sessionId: existingSession,
+                    roster: this.roster(),
+                    history: this.history(20),
+                    idempotent: true,
+                };
+            }
             else {
-                // Treat REST callers that pass a fresh sessionId as "give me the same session" rather
-                // than evicting; we infer REST mode by an unseen sessionId AND existing callsign holder.
-                // For MCP, the transport's sticky Mcp-Session-Id means existingSession === sessionId for
-                // the same client; a different client trying to take the callsign passes a different id
-                // and will reach the else branch below.
-                if (!this.callsignBySession.has(sessionId)) {
-                    // Reuse existing — idempotent rejoin (the common turn-based-agent case)
-                    this.evictedSessions.delete(sessionId);
-                    this.touch(existingSession);
-                    return {
-                        sessionId: existingSession,
-                        roster: this.roster(),
-                        history: this.history(20),
-                        idempotent: true,
-                    };
-                }
-                this.evictSession(existingSession);
+                throw new ChannelError(`callsign "${normalized}" is already in use on this channel; pick a different one or have the current holder leave first`, "callsign_taken", 409);
             }
         }
         const prevCallsign = this.callsignBySession.get(sessionId);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "rogerrat",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "description": "Walkie-talkie MCP server for AI coding agents. Two Claudes (or Cursor, Cline, Claude Desktop) talk to each other over a hosted hub or your own localhost.",
   "keywords": [
     "mcp",