tandem-editor 0.9.0 → 0.11.0

package/dist/channel/index.js

@@ -3106,6 +3106,9 @@ var require_utils = __commonJS({
     "use strict";
     var isUUID = RegExp.prototype.test.bind(/^[\da-f]{8}-[\da-f]{4}-[\da-f]{4}-[\da-f]{4}-[\da-f]{12}$/iu);
     var isIPv4 = RegExp.prototype.test.bind(/^(?:(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)\.){3}(?:25[0-5]|2[0-4]\d|1\d{2}|[1-9]\d|\d)$/u);
+    var isHexPair = RegExp.prototype.test.bind(/^[\da-f]{2}$/iu);
+    var isUnreserved = RegExp.prototype.test.bind(/^[\da-z\-._~]$/iu);
+    var isPathCharacter = RegExp.prototype.test.bind(/^[\da-z\-._~!$&'()*+,;=:@/]$/iu);
     function stringArrayToHexStripped(input) {
       let acc = "";
       let code = 0;
@@ -3298,27 +3301,77 @@ var require_utils = __commonJS({
       }
       return output.join("");
     }
-    function normalizeComponentEncoding(component, esc2) {
-      const func = esc2 !== true ? escape : unescape;
-      if (component.scheme !== void 0) {
-        component.scheme = func(component.scheme);
-      }
-      if (component.userinfo !== void 0) {
-        component.userinfo = func(component.userinfo);
-      }
-      if (component.host !== void 0) {
-        component.host = func(component.host);
+    var HOST_DELIMS = { "@": "%40", "/": "%2F", "?": "%3F", "#": "%23", ":": "%3A" };
+    var HOST_DELIM_RE = /[@/?#:]/g;
+    var HOST_DELIM_NO_COLON_RE = /[@/?#]/g;
+    function reescapeHostDelimiters(host, isIP) {
+      const re = isIP ? HOST_DELIM_NO_COLON_RE : HOST_DELIM_RE;
+      re.lastIndex = 0;
+      return host.replace(re, (ch) => HOST_DELIMS[ch]);
+    }
+    function normalizePercentEncoding(input, decodeUnreserved = false) {
+      if (input.indexOf("%") === -1) {
+        return input;
       }
-      if (component.path !== void 0) {
-        component.path = func(component.path);
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            const normalizedHex = hex.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decodeUnreserved && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        output += input[i];
       }
-      if (component.query !== void 0) {
-        component.query = func(component.query);
+      return output;
+    }
+    function normalizePathEncoding(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            const normalizedHex = hex.toUpperCase();
+            const decoded = String.fromCharCode(parseInt(normalizedHex, 16));
+            if (decoded !== "." && isUnreserved(decoded)) {
+              output += decoded;
+            } else {
+              output += "%" + normalizedHex;
+            }
+            i += 2;
+            continue;
+          }
+        }
+        if (isPathCharacter(input[i])) {
+          output += input[i];
+        } else {
+          output += escape(input[i]);
+        }
       }
-      if (component.fragment !== void 0) {
-        component.fragment = func(component.fragment);
+      return output;
+    }
+    function escapePreservingEscapes(input) {
+      let output = "";
+      for (let i = 0; i < input.length; i++) {
+        if (input[i] === "%" && i + 2 < input.length) {
+          const hex = input.slice(i + 1, i + 3);
+          if (isHexPair(hex)) {
+            output += "%" + hex.toUpperCase();
+            i += 2;
+            continue;
+          }
+        }
+        output += escape(input[i]);
       }
-      return component;
+      return output;
     }
     function recomposeAuthority(component) {
       const uriTokens = [];
@@ -3333,7 +3386,7 @@ var require_utils = __commonJS({
           if (ipV6res.isIPV6 === true) {
             host = `[${ipV6res.escapedHost}]`;
           } else {
-            host = component.host;
+            host = reescapeHostDelimiters(host, false);
           }
         }
         uriTokens.push(host);
@@ -3347,7 +3400,10 @@ var require_utils = __commonJS({
     module.exports = {
       nonSimpleDomain,
       recomposeAuthority,
-      normalizeComponentEncoding,
+      reescapeHostDelimiters,
+      normalizePercentEncoding,
+      normalizePathEncoding,
+      escapePreservingEscapes,
       removeDotSegments,
       isIPv4,
       isUUID,
@@ -3571,12 +3627,12 @@ var require_schemes = __commonJS({
 var require_fast_uri = __commonJS({
   "node_modules/fast-uri/index.js"(exports, module) {
     "use strict";
-    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizeComponentEncoding, isIPv4, nonSimpleDomain } = require_utils();
+    var { normalizeIPv6, removeDotSegments, recomposeAuthority, normalizePercentEncoding, normalizePathEncoding, escapePreservingEscapes, reescapeHostDelimiters, isIPv4, nonSimpleDomain } = require_utils();
     var { SCHEMES, getSchemeHandler } = require_schemes();
     function normalize(uri, options) {
       if (typeof uri === "string") {
         uri = /** @type {T} */
-        serialize(parse3(uri, options), options);
+        normalizeString(uri, options);
       } else if (typeof uri === "object") {
         uri = /** @type {T} */
         parse3(serialize(uri, options), options);
@@ -3643,19 +3699,9 @@ var require_fast_uri = __commonJS({
       return target;
     }
     function equal(uriA, uriB, options) {
-      if (typeof uriA === "string") {
-        uriA = unescape(uriA);
-        uriA = serialize(normalizeComponentEncoding(parse3(uriA, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriA === "object") {
-        uriA = serialize(normalizeComponentEncoding(uriA, true), { ...options, skipEscape: true });
-      }
-      if (typeof uriB === "string") {
-        uriB = unescape(uriB);
-        uriB = serialize(normalizeComponentEncoding(parse3(uriB, options), true), { ...options, skipEscape: true });
-      } else if (typeof uriB === "object") {
-        uriB = serialize(normalizeComponentEncoding(uriB, true), { ...options, skipEscape: true });
-      }
-      return uriA.toLowerCase() === uriB.toLowerCase();
+      const normalizedA = normalizeComparableURI(uriA, options);
+      const normalizedB = normalizeComparableURI(uriB, options);
+      return normalizedA !== void 0 && normalizedB !== void 0 && normalizedA.toLowerCase() === normalizedB.toLowerCase();
     }
     function serialize(cmpts, opts) {
       const component = {
@@ -3680,12 +3726,12 @@ var require_fast_uri = __commonJS({
       if (schemeHandler && schemeHandler.serialize) schemeHandler.serialize(component, options);
       if (component.path !== void 0) {
         if (!options.skipEscape) {
-          component.path = escape(component.path);
+          component.path = escapePreservingEscapes(component.path);
           if (component.scheme !== void 0) {
             component.path = component.path.split("%3A").join(":");
           }
         } else {
-          component.path = unescape(component.path);
+          component.path = normalizePercentEncoding(component.path);
         }
       }
       if (options.reference !== "suffix" && component.scheme) {
@@ -3720,7 +3766,16 @@ var require_fast_uri = __commonJS({
       return uriTokens.join("");
     }
     var URI_PARSE = /^(?:([^#/:?]+):)?(?:\/\/((?:([^#/?@]*)@)?(\[[^#/?\]]+\]|[^#/:?]*)(?::(\d*))?))?([^#?]*)(?:\?([^#]*))?(?:#((?:.|[\n\r])*))?/u;
-    function parse3(uri, opts) {
+    function getParseError(parsed, matches) {
+      if (matches[2] !== void 0 && parsed.path && parsed.path[0] !== "/") {
+        return 'URI path must start with "/" when authority is present.';
+      }
+      if (typeof parsed.port === "number" && (parsed.port < 0 || parsed.port > 65535)) {
+        return "URI port is malformed.";
+      }
+      return void 0;
+    }
+    function parseWithStatus(uri, opts) {
       const options = Object.assign({}, opts);
       const parsed = {
         scheme: void 0,
@@ -3731,6 +3786,7 @@ var require_fast_uri = __commonJS({
         query: void 0,
         fragment: void 0
       };
+      let malformedAuthorityOrPort = false;
       let isIP = false;
       if (options.reference === "suffix") {
         if (options.scheme) {
@@ -3751,6 +3807,11 @@ var require_fast_uri = __commonJS({
         if (isNaN(parsed.port)) {
           parsed.port = matches[5];
         }
+        const parseError = getParseError(parsed, matches);
+        if (parseError !== void 0) {
+          parsed.error = parsed.error || parseError;
+          malformedAuthorityOrPort = true;
+        }
         if (parsed.host) {
           const ipv4result = isIPv4(parsed.host);
           if (ipv4result === false) {
@@ -3789,14 +3850,18 @@ var require_fast_uri = __commonJS({
               parsed.scheme = unescape(parsed.scheme);
             }
             if (parsed.host !== void 0) {
-              parsed.host = unescape(parsed.host);
+              parsed.host = reescapeHostDelimiters(unescape(parsed.host), isIP);
             }
           }
           if (parsed.path) {
-            parsed.path = escape(unescape(parsed.path));
+            parsed.path = normalizePathEncoding(parsed.path);
           }
           if (parsed.fragment) {
-            parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            try {
+              parsed.fragment = encodeURI(decodeURIComponent(parsed.fragment));
+            } catch {
+              parsed.error = parsed.error || "URI malformed";
+            }
           }
         }
         if (schemeHandler && schemeHandler.parse) {
@@ -3805,7 +3870,29 @@ var require_fast_uri = __commonJS({
       } else {
         parsed.error = parsed.error || "URI can not be parsed.";
       }
-      return parsed;
+      return { parsed, malformedAuthorityOrPort };
+    }
+    function parse3(uri, opts) {
+      return parseWithStatus(uri, opts).parsed;
+    }
+    function normalizeString(uri, opts) {
+      return normalizeStringWithStatus(uri, opts).normalized;
+    }
+    function normalizeStringWithStatus(uri, opts) {
+      const { parsed, malformedAuthorityOrPort } = parseWithStatus(uri, opts);
+      return {
+        normalized: malformedAuthorityOrPort ? uri : serialize(parsed, opts),
+        malformedAuthorityOrPort
+      };
+    }
+    function normalizeComparableURI(uri, opts) {
+      if (typeof uri === "string") {
+        const { normalized, malformedAuthorityOrPort } = normalizeStringWithStatus(uri, opts);
+        return malformedAuthorityOrPort ? void 0 : normalized;
+      }
+      if (typeof uri === "object") {
+        return serialize(uri, opts);
+      }
     }
     var fastUri = {
       SCHEMES,
@@ -17914,6 +18001,14 @@ var IDLE_TIMEOUT = 30 * 60 * 1e3;
 var SESSION_MAX_AGE = 30 * 24 * 60 * 60 * 1e3;
 var CHANNEL_MAX_RETRIES = 5;
 var CHANNEL_RETRY_DELAY_MS = 2e3;
+var CHANNEL_CONNECT_FETCH_TIMEOUT_MS = 1e4;
+var CHANNEL_SSE_INACTIVITY_TIMEOUT_MS = 6e4;
+var CHANNEL_MODE_FETCH_TIMEOUT_MS = 2e3;
+var CHANNEL_AWARENESS_FETCH_TIMEOUT_MS = 5e3;
+var CHANNEL_ERROR_REPORT_TIMEOUT_MS = 3e3;
+var CHANNEL_REPLY_FETCH_TIMEOUT_MS = 5e3;
+var CHANNEL_PERMISSION_FETCH_TIMEOUT_MS = 5e3;
+var CHANNEL_MAX_SSE_BUFFER_BYTES = 1e6;
 
 // src/shared/cli-runtime.ts
 function redirectConsoleToStderr() {
@@ -17922,34 +18017,73 @@ function redirectConsoleToStderr() {
   console.info = console.error;
 }
 function resolveTandemUrl(override) {
-  const raw = override ?? process.env.TANDEM_URL ?? `http://localhost:${DEFAULT_MCP_PORT}`;
-  return raw.replace(/\/$/, "");
+  return resolveTandemUrlCandidate(override).replace(/\/+$/, "");
+}
+function resolveTandemUrlCandidate(override) {
+  const candidates = [
+    override,
+    process.env.CLAUDE_PLUGIN_OPTION_SERVER_URL,
+    process.env.TANDEM_URL
+  ];
+  for (const url of candidates) {
+    if (url !== void 0 && url.trim() !== "") return url.trim();
+  }
+  return `http://localhost:${DEFAULT_MCP_PORT}`;
+}
+function resolveAuthTokenCandidate(override) {
+  const candidates = [
+    ["explicit override", override],
+    ["CLAUDE_PLUGIN_OPTION_AUTH_TOKEN", process.env.CLAUDE_PLUGIN_OPTION_AUTH_TOKEN],
+    ["TANDEM_AUTH_TOKEN", process.env.TANDEM_AUTH_TOKEN]
+  ];
+  for (const [source, token] of candidates) {
+    if (token !== void 0 && token.trim() !== "") return { token, source };
+  }
+  return { token: void 0, source: void 0 };
 }
 var VALID_TOKEN_RE = /^[A-Za-z0-9_\-]{32,}$/;
 var _warnedInvalidToken = false;
 async function authFetch(url, init) {
-  const token = process.env.TANDEM_AUTH_TOKEN;
-  if (token !== void 0 && token.trim() !== "") {
-    if (VALID_TOKEN_RE.test(token.trim())) {
+  const { token, source } = resolveAuthTokenCandidate();
+  if (token !== void 0) {
+    const trimmed = token.trim();
+    if (VALID_TOKEN_RE.test(trimmed)) {
       const headers = new Headers(init?.headers);
-      headers.set("Authorization", `Bearer ${token.trim()}`);
+      headers.set("Authorization", `Bearer ${trimmed}`);
       return fetch(url, { ...init, headers });
     }
     if (!_warnedInvalidToken) {
       _warnedInvalidToken = true;
       console.error(
-        "[tandem] authFetch: TANDEM_AUTH_TOKEN is set but invalid (must be 32+ alphanumeric chars [A-Za-z0-9_-]); sending without Authorization header"
+        `[tandem] authFetch: ${source} is set but invalid (must be 32+ alphanumeric chars [A-Za-z0-9_-]); sending without Authorization header`
       );
     }
   }
   return fetch(url, init);
 }
 
+// src/shared/fetch-with-timeout.ts
+async function fetchWithTimeout(url, init, timeoutMs) {
+  const timeoutSignal = AbortSignal.timeout(timeoutMs);
+  const signal = init.signal ? AbortSignal.any([init.signal, timeoutSignal]) : timeoutSignal;
+  return authFetch(url, { ...init, signal });
+}
+function describeFetchError(err, endpoint, timeoutMs) {
+  if (err instanceof Error && (err.name === "TimeoutError" || err.name === "AbortError")) {
+    return `${endpoint} timed out after ${timeoutMs}ms`;
+  }
+  return err instanceof Error ? err.message : String(err);
+}
+function isAbortOrTimeoutError(err) {
+  return err instanceof Error && (err.name === "TimeoutError" || err.name === "AbortError");
+}
+
 // src/shared/events/types.ts
 var VALID_EVENT_TYPES = /* @__PURE__ */ new Set([
   "annotation:created",
   "annotation:accepted",
   "annotation:dismissed",
+  "annotation:edited",
   "annotation:reply",
   "chat:message",
   "document:opened",
@@ -17966,9 +18100,9 @@ function formatEventContent(event) {
   const doc = event.documentId ? ` [doc: ${event.documentId}]` : "";
   switch (event.type) {
     case "annotation:created": {
-      const { annotationType, content, textSnippet, hasSuggestedText, directedAt } = event.payload;
+      const { annotationType, content, textSnippet, hasSuggestedText } = event.payload;
       const snippet = textSnippet ? ` on "${textSnippet}"` : "";
-      const label = hasSuggestedText ? "replacement" : directedAt === "claude" ? "question for Claude" : annotationType;
+      const label = hasSuggestedText ? "replacement" : annotationType;
       return `User created ${label}${snippet}: ${content || "(no content)"}${doc}`;
     }
     case "annotation:accepted": {
@@ -17979,6 +18113,10 @@ function formatEventContent(event) {
       const { annotationId, textSnippet } = event.payload;
       return `User dismissed annotation ${annotationId}${textSnippet ? ` ("${textSnippet}")` : ""}${doc}`;
     }
+    case "annotation:edited": {
+      const { content } = event.payload;
+      return `User edited annotation: "${content}"${doc}`;
+    }
     case "annotation:reply": {
       const { annotationId, replyAuthor, replyText, textSnippet } = event.payload;
       const who = replyAuthor === "claude" ? "Claude" : "User";
@@ -18021,6 +18159,10 @@ function formatEventMeta(event) {
     case "annotation:dismissed":
       meta.annotation_id = event.payload.annotationId;
       break;
+    case "annotation:edited":
+      meta.annotation_id = event.payload.annotationId;
+      meta.edited_at = String(event.payload.editedAt);
+      break;
     case "annotation:reply":
       meta.annotation_id = event.payload.annotationId;
       meta.reply_id = event.payload.replyId;
@@ -18063,18 +18205,22 @@ async function startEventBridge(mcp, tandemUrl) {
       if (retries >= CHANNEL_MAX_RETRIES) {
         console.error("[Channel] SSE connection exhausted, reporting error and exiting");
         try {
-          await authFetch(`${tandemUrl}/api/channel-error`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
-              error: "CHANNEL_CONNECT_FAILED",
-              message: `Channel shim lost connection after ${CHANNEL_MAX_RETRIES} retries.`
-            })
-          });
+          await fetchWithTimeout(
+            `${tandemUrl}/api/channel-error`,
+            {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({
+                error: "CHANNEL_CONNECT_FAILED",
+                message: `Channel shim lost connection after ${CHANNEL_MAX_RETRIES} retries.`
+              })
+            },
+            CHANNEL_ERROR_REPORT_TIMEOUT_MS
+          );
         } catch (reportErr) {
           console.error(
             "[Channel] Could not report failure to server:",
-            reportErr instanceof Error ? reportErr.message : reportErr
+            describeFetchError(reportErr, "/api/channel-error", CHANNEL_ERROR_REPORT_TIMEOUT_MS)
           );
         }
         process.exit(1);
@@ -18086,29 +18232,52 @@ async function startEventBridge(mcp, tandemUrl) {
 async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
   const headers = { Accept: "text/event-stream" };
   if (lastEventId) headers["Last-Event-ID"] = lastEventId;
-  const res = await authFetch(`${tandemUrl}/api/events`, { headers });
+  const connectCtrl = new AbortController();
+  const connectTimer = setTimeout(
+    () => connectCtrl.abort(new Error("handshake timeout")),
+    CHANNEL_CONNECT_FETCH_TIMEOUT_MS
+  );
+  let res;
+  try {
+    res = await authFetch(`${tandemUrl}/api/events`, { headers, signal: connectCtrl.signal });
+  } finally {
+    clearTimeout(connectTimer);
+  }
   if (!res.ok) throw new Error(`SSE endpoint returned ${res.status}`);
   if (!res.body) throw new Error("SSE endpoint returned no body");
   const reader = res.body.getReader();
   const decoder = new TextDecoder();
   let buffer = "";
+  let lastActivityAt = Date.now();
+  let inactivityTimedOut = false;
+  const watchdog = setInterval(() => {
+    if (Date.now() - lastActivityAt > CHANNEL_SSE_INACTIVITY_TIMEOUT_MS) {
+      inactivityTimedOut = true;
+      reader.cancel(new Error("SSE inactivity timeout")).catch(() => {
+      });
+    }
+  }, CHANNEL_SSE_INACTIVITY_TIMEOUT_MS / 4);
   let awarenessTimer = null;
   let clearAwarenessTimer = null;
   let pendingAwareness = null;
   const AWARENESS_CLEAR_MS = 3e3;
   function clearAwareness(documentId) {
-    authFetch(`${tandemUrl}/api/channel-awareness`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        documentId: documentId ?? null,
-        status: "idle",
-        active: false
-      })
-    }).catch((err) => {
+    fetchWithTimeout(
+      `${tandemUrl}/api/channel-awareness`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          documentId: documentId ?? null,
+          status: "idle",
+          active: false
+        })
+      },
+      CHANNEL_AWARENESS_FETCH_TIMEOUT_MS
+    ).catch((err) => {
       console.error(
         "[Channel] clearAwareness failed (non-fatal):",
-        err instanceof Error ? err.message : err
+        describeFetchError(err, "/api/channel-awareness clear", CHANNEL_AWARENESS_FETCH_TIMEOUT_MS)
       );
     });
   }
@@ -18116,16 +18285,27 @@ async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
     if (!pendingAwareness) return;
     const event = pendingAwareness;
     pendingAwareness = null;
-    authFetch(`${tandemUrl}/api/channel-awareness`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        documentId: event.documentId,
-        status: `processing: ${event.type}`,
-        active: true
-      })
-    }).catch((err) => {
-      console.error("[Channel] Awareness update failed:", err instanceof Error ? err.message : err);
+    fetchWithTimeout(
+      `${tandemUrl}/api/channel-awareness`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          documentId: event.documentId,
+          status: `processing: ${event.type}`,
+          active: true
+        })
+      },
+      CHANNEL_AWARENESS_FETCH_TIMEOUT_MS
+    ).catch((err) => {
+      console.error(
+        "[Channel] Awareness update failed:",
+        describeFetchError(
+          err,
+          "/api/channel-awareness update",
+          CHANNEL_AWARENESS_FETCH_TIMEOUT_MS
+        )
+      );
     });
     if (clearAwarenessTimer) clearTimeout(clearAwarenessTimer);
     clearAwarenessTimer = setTimeout(() => clearAwareness(event.documentId), AWARENESS_CLEAR_MS);
@@ -18135,66 +18315,81 @@ async function connectAndStream(mcp, tandemUrl, lastEventId, onEventId) {
     if (awarenessTimer) clearTimeout(awarenessTimer);
     awarenessTimer = setTimeout(flushAwareness, AWARENESS_DEBOUNCE_MS);
   }
-  while (true) {
-    const { done, value } = await reader.read();
-    if (done) throw new Error("SSE stream ended");
-    buffer += decoder.decode(value, { stream: true });
-    let boundary;
-    while ((boundary = buffer.indexOf("\n\n")) !== -1) {
-      const frame = buffer.slice(0, boundary);
-      buffer = buffer.slice(boundary + 2);
-      if (frame.startsWith(":")) continue;
-      let eventId;
-      let data;
-      for (const line of frame.split("\n")) {
-        if (line.startsWith("id: ")) eventId = line.slice(4);
-        else if (line.startsWith("data: ")) data = line.slice(6);
-      }
-      if (!data) continue;
-      let event;
-      try {
-        event = parseTandemEvent(JSON.parse(data));
-      } catch {
-        console.error(
-          "[Channel] Malformed SSE event data (skipping), eventId=%s:",
-          eventId,
-          data.slice(0, 200)
-        );
-        if (eventId) onEventId(eventId);
-        continue;
-      }
-      if (!event) {
-        console.error(
-          "[Channel] Invalid SSE event structure (skipping), eventId=%s:",
-          eventId,
-          data.slice(0, 200)
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) {
+        if (inactivityTimedOut) throw new Error("SSE inactivity timeout");
+        throw new Error("SSE stream ended");
+      }
+      lastActivityAt = Date.now();
+      buffer += decoder.decode(value, { stream: true });
+      if (buffer.length > CHANNEL_MAX_SSE_BUFFER_BYTES) {
+        throw new Error(
+          `SSE buffer exceeded ${CHANNEL_MAX_SSE_BUFFER_BYTES} bytes without a frame boundary`
         );
-        if (eventId) onEventId(eventId);
-        continue;
       }
-      if (event.type !== "chat:message") {
-        const mode = await getCachedMode(tandemUrl);
-        if (mode === "solo") {
-          console.error(`[Channel] Solo mode: suppressed ${event.type} event`);
+      let boundary;
+      while ((boundary = buffer.indexOf("\n\n")) !== -1) {
+        const frame = buffer.slice(0, boundary);
+        buffer = buffer.slice(boundary + 2);
+        if (frame.startsWith(":")) continue;
+        let eventId;
+        let data;
+        for (const line of frame.split("\n")) {
+          if (line.startsWith("id: ")) eventId = line.slice(4);
+          else if (line.startsWith("data: ")) data = line.slice(6);
+        }
+        if (!data) continue;
+        let event;
+        try {
+          event = parseTandemEvent(JSON.parse(data));
+        } catch {
+          console.error(
+            "[Channel] Malformed SSE event data (skipping), eventId=%s:",
+            eventId,
+            data.slice(0, 200)
+          );
           if (eventId) onEventId(eventId);
           continue;
         }
-      }
-      try {
-        await mcp.notification({
-          method: "notifications/claude/channel",
-          params: {
-            content: formatEventContent(event),
-            meta: formatEventMeta(event)
+        if (!event) {
+          console.error(
+            "[Channel] Invalid SSE event structure (skipping), eventId=%s:",
+            eventId,
+            data.slice(0, 200)
+          );
+          if (eventId) onEventId(eventId);
+          continue;
+        }
+        if (event.type !== "chat:message") {
+          const mode = await getCachedMode(tandemUrl);
+          if (mode === "solo") {
+            console.error(`[Channel] Solo mode: suppressed ${event.type} event`);
+            if (eventId) onEventId(eventId);
+            continue;
           }
-        });
-      } catch (err) {
-        console.error("[Channel] MCP notification failed (transport broken?):", err);
-        throw err;
+        }
+        try {
+          await mcp.notification({
+            method: "notifications/claude/channel",
+            params: {
+              content: formatEventContent(event),
+              meta: formatEventMeta(event)
+            }
+          });
+        } catch (err) {
+          console.error("[Channel] MCP notification failed (transport broken?):", err);
+          throw err;
+        }
+        if (eventId) onEventId(eventId);
+        scheduleAwareness(event);
       }
-      if (eventId) onEventId(eventId);
-      scheduleAwareness(event);
     }
+  } finally {
+    clearInterval(watchdog);
+    if (awarenessTimer) clearTimeout(awarenessTimer);
+    if (clearAwarenessTimer) clearTimeout(clearAwarenessTimer);
   }
 }
 var cachedMode = "tandem";
@@ -18203,7 +18398,7 @@ async function getCachedMode(tandemUrl) {
   const now = Date.now();
   if (now - cachedModeAt < MODE_CACHE_TTL_MS) return cachedMode;
   try {
-    const res = await authFetch(`${tandemUrl}/api/mode`);
+    const res = await fetchWithTimeout(`${tandemUrl}/api/mode`, {}, CHANNEL_MODE_FETCH_TIMEOUT_MS);
     if (res.ok) {
       const { mode } = await res.json();
       cachedMode = mode;
@@ -18214,7 +18409,7 @@ async function getCachedMode(tandemUrl) {
   } catch (err) {
     console.error(
       "[Channel] Mode check failed, delivering event (fail-open):",
-      err instanceof Error ? err.message : err
+      describeFetchError(err, "/api/mode", CHANNEL_MODE_FETCH_TIMEOUT_MS)
     );
     cachedModeAt = now;
   }
@@ -18241,7 +18436,7 @@ async function runChannel(opts = {}) {
         "Event types: annotation:created, annotation:accepted, annotation:dismissed, annotation:reply,",
         "chat:message, document:opened, document:closed, document:switched.",
         "Chat messages may include a 'selection' field with buffered selection context.",
-        "Use your tandem MCP tools (tandem_getTextContent, tandem_comment, tandem_highlight, etc.) to act on them.",
+        "Use your tandem MCP tools (tandem_getTextContent, tandem_comment, tandem_edit, etc.) to act on them.",
         "Reply to chat messages using tandem_reply. Pass document_id from the tag attributes.",
         "Do not reply to non-chat events \u2014 just act on them using tools.",
         "If you haven't received channel notifications recently, call tandem_checkInbox as a fallback."
@@ -18275,15 +18470,20 @@ async function runChannel(opts = {}) {
     if (req.params.name === "tandem_reply") {
       const args = req.params.arguments;
       try {
-        const res = await authFetch(`${tandemUrl}/api/channel-reply`, {
-          method: "POST",
-          headers: { "Content-Type": "application/json" },
-          body: JSON.stringify(args)
-        });
+        const res = await fetchWithTimeout(
+          `${tandemUrl}/api/channel-reply`,
+          {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(args)
+          },
+          CHANNEL_REPLY_FETCH_TIMEOUT_MS
+        );
         let data;
         try {
           data = await res.json();
-        } catch {
+        } catch (parseErr) {
+          if (isAbortOrTimeoutError(parseErr)) throw parseErr;
           data = { message: "Non-JSON response" };
         }
         if (!res.ok) {
@@ -18303,7 +18503,11 @@ async function runChannel(opts = {}) {
           content: [
             {
               type: "text",
-              text: `Failed to send reply: ${err instanceof Error ? err.message : String(err)}`
+              text: `Failed to send reply: ${describeFetchError(
+                err,
+                "/api/channel-reply",
+                CHANNEL_REPLY_FETCH_TIMEOUT_MS
+              )}`
             }
           ],
           isError: true
@@ -18323,23 +18527,30 @@ async function runChannel(opts = {}) {
   });
   mcp.setNotificationHandler(PermissionRequestSchema, async ({ params }) => {
     try {
-      const res = await authFetch(`${tandemUrl}/api/channel-permission`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({
-          requestId: params.request_id,
-          toolName: params.tool_name,
-          description: params.description,
-          inputPreview: params.input_preview
-        })
-      });
+      const res = await fetchWithTimeout(
+        `${tandemUrl}/api/channel-permission`,
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({
+            requestId: params.request_id,
+            toolName: params.tool_name,
+            description: params.description,
+            inputPreview: params.input_preview
+          })
+        },
+        CHANNEL_PERMISSION_FETCH_TIMEOUT_MS
+      );
       if (!res.ok) {
         console.error(
           `[Channel] Permission relay got HTTP ${res.status} \u2014 browser may not see prompt`
         );
       }
     } catch (err) {
-      console.error("[Channel] Failed to forward permission request:", err);
+      console.error(
+        "[Channel] Failed to forward permission request:",
+        describeFetchError(err, "/api/channel-permission", CHANNEL_PERMISSION_FETCH_TIMEOUT_MS)
+      );
     }
   });
   console.error(`[Channel] Tandem channel shim starting (server: ${tandemUrl})`);