npm - thinkpool-pair - Versions diffs - 0.7.17 → 0.7.19 - Mend

thinkpool-pair 0.7.17 → 0.7.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/account.mjs CHANGED Viewed

@@ -104,6 +104,57 @@ export async function authedClient(SUPABASE_URL, SUPABASE_ANON) {
   } catch { return null }
 }
+// ── keep the account JWT fresh (presence keepalive) ─────────────────────────
+// The account supervisor authenticates its realtime PRESENCE connection with the
+// account access token. Supabase Realtime enforces the JWT `exp` (~1h): once it
+// lapses the server deauths the socket, presence vanishes, and the dashboard
+// flips to "No bridge connected" — while sessions keep running, because the room
+// children are SEPARATE anon-keyed processes. The supervisor used to refresh the
+// token exactly once at startup (autoRefreshToken:false), so presence silently
+// died ~1h in and never came back until a restart. This refreshes BEFORE expiry,
+// pushes the new token to the realtime socket (setAuth) so it never drops, and
+// re-announces presence. onRefreshed persists the rotated refresh token + re-tracks.
+// Returns { cancel } and exposes _tick for the deterministic test harness.
+//   skewMs  — refresh this far ahead of expiry (default 90s)
+//   forceMs — fixed interval override (test hook: TP_TOKEN_REFRESH_FORCE_MS)
+//   retryMs — backoff after a transient failure (offline / rotation race)
+export function scheduleTokenRefresh({ sb, session, onRefreshed, skewMs = 90_000, forceMs = 0, retryMs = 30_000 }) {
+  let timer = null
+  let cur = session
+  let cancelled = false
+  const arm = (delay) => {
+    if (cancelled) return
+    clearTimeout(timer)
+    timer = setTimeout(tick, Math.max(1_000, delay))
+    if (timer?.unref) timer.unref()
+  }
+  // expires_at is unix SECONDS; fall back to a 1h horizon if absent.
+  const nextDelay = () => {
+    if (forceMs) return forceMs
+    const expMs = cur?.expires_at ? cur.expires_at * 1000 : Date.now() + 3600_000
+    return Math.max(30_000, expMs - Date.now() - skewMs)
+  }
+  async function tick() {
+    if (cancelled) return
+    try {
+      const { data, error } = await sb.auth.refreshSession({ refresh_token: cur.refresh_token })
+      if (error || !data?.session) throw error || new Error('no session')
+      cur = data.session
+      // Hand the fresh token to the live realtime socket so the presence
+      // connection stays authed across the swap (no drop, no rejoin needed).
+      try { sb.realtime?.setAuth?.(cur.access_token) } catch { /* noop */ }
+      try { onRefreshed?.(cur) } catch { /* noop */ }
+      arm(nextDelay())
+    } catch {
+      // Transient (offline, or a refresh-token rotation race with another login).
+      // Retry soon; NEVER crash the bridge and NEVER clearAuth (see runAccount).
+      arm(retryMs)
+    }
+  }
+  arm(nextDelay())
+  return { cancel: () => { cancelled = true; clearTimeout(timer) }, _tick: tick }
+}
 export function runBind(room, dir) {
   const r = (room || '').toUpperCase().trim()
   if (!r) { console.error('usage: npx thinkpool-pair bind <ROOM> <directory>'); process.exit(1) }
@@ -165,10 +216,34 @@ export async function runAccount(SUPABASE_URL, SUPABASE_ANON) {
   const machine = os.hostname().replace(/\.local$/, '')
   const acct = sb.channel(`tpacct:${session.user.id}`, { config: { presence: { key: machine }, broadcast: { self: false } } })
   // Dashboard "Disconnect" → broadcast shutdown → clean exit (presence leaves, bar flips live).
-  acct.on('broadcast', { event: 'shutdown' }, () => { process.stderr.write('\n  ◇ disconnect requested from the dashboard — stopping bridge.\n'); process.kill(process.pid, 'SIGTERM') })
+  // If we're the auto-restarting background service (launchd KeepAlive / systemd
+  // Restart=always sets AUTOUPDATE=1), a bare exit would be respawned ~2s later —
+  // so the toggle would appear to do nothing (presence leaves, then rejoins).
+  // Uninstall the account service FIRST so the supervisor won't restart us, then
+  // stop. Mirrors the per-room session-deleted guard in bridge.mjs.
+  acct.on('broadcast', { event: 'shutdown' }, async () => {
+    process.stderr.write('\n  ◇ disconnect requested from the dashboard — stopping bridge.\n')
+    if (process.env.THINKPOOL_PAIR_AUTOUPDATE === '1') {
+      try { const svc = await import('./service.mjs'); svc.uninstallService(null) } catch { /* noop */ }
+    }
+    process.kill(process.pid, 'SIGTERM')
+  })
   const pushPresence = () => { try { acct.track({ name: machine, version: VERSION, rooms: [...children.keys()], ts: Date.now() }) } catch { /* noop */ } }
+  // Re-track on EVERY (re)subscribe, not just the first: a realtime reconnect
+  // (network blip, or a token swap mid-flight) rejoins the channel and must
+  // re-announce, or the dashboard would read "no bridge" until the next restart.
   await new Promise((res) => acct.subscribe((st) => { if (st === 'SUBSCRIBED') { pushPresence(); res() } }))
+  // Keep the account JWT fresh so the presence socket never gets deauthed at
+  // expiry (the 2026-06-17 "No bridge connected while sessions run" bug). On each
+  // refresh: persist the rotated refresh token + re-announce presence.
+  const keepFresh = scheduleTokenRefresh({
+    sb,
+    session,
+    onRefreshed: (s) => { saveAuth(s); pushPresence() },
+    forceMs: parseInt(process.env.TP_TOKEN_REFRESH_FORCE_MS, 10) || 0,
+  })
   const tick = async () => {
     let rooms = []
     try {
@@ -206,6 +281,7 @@ export async function runAccount(SUPABASE_URL, SUPABASE_ANON) {
   const stop = (sig) => {
     if (stopping) return; stopping = true
     clearInterval(iv)
+    keepFresh.cancel()
     releaseSingleton()
     for (const c of children.values()) { try { c.kill(sig || 'SIGTERM') } catch { /* noop */ } }
     // Flush the presence LEAVE before exiting so the dashboard flips to

package/bridge.mjs CHANGED Viewed

@@ -36,7 +36,7 @@ import { spawn } from 'node:child_process'
 import { randomUUID } from 'node:crypto'
 import { createClient } from '@supabase/supabase-js'
 import { startClaudeSession } from './claude-session.mjs'
-import { saveSession, flushSession, loadAll, canResume, loadPtyId, savePtyId } from './session-store.mjs'
+import { saveSession, flushSession, deleteSession, loadAll, canResume, loadPtyId, savePtyId } from './session-store.mjs'
 // Public client creds (the same anon values the web app ships — safe to embed).
 // Override with TP_SUPABASE_URL / TP_SUPABASE_ANON if you ever need to.
@@ -582,6 +582,22 @@ function openStructured({ id, model, resume, log, commands, mode }) {
   return entry
 }
+// Authoritative close for a structured session: end the live SDK session, drop it
+// from memory, delete its on-disk record (so a restart can't resurrect it), and tell
+// every client it's gone. Idempotent + id-scoped — no-ops for ids that aren't a
+// structured session, so it's safe to call from the PTY-oriented term-close path too.
+function endStructured(id) {
+  if (!id) return
+  const s = sessions.get(id)
+  if (s) {
+    try { s.session?.end() } catch { /* noop */ }
+    sessions.delete(id)
+    bcast('term-exit', { id })
+  }
+  deleteSession(room, id)   // remove <id>.json so loadAll() won't bring it back
+  if (s) announce()
+}
 // After the attached CLI exits, the host's stdin stops feeding a PTY —
 // restore the cooked terminal so Ctrl-C reaches the bridge itself.
 const detachLocal = () => {
@@ -661,6 +677,9 @@ channel
   .on('broadcast', { event: 'term-close' }, ({ payload }) => {
     const t = payload?.id && terms.get(payload.id)
     if (t && !t.attached) { try { t.term.kill() } catch { /* noop */ } }
+    // Insurance: a client (or older build) that sends term-close for a STRUCTURED
+    // terminal still gets it closed — endStructured no-ops if it's not a session.
+    else if (!t) endStructured(payload?.id)
   })
   .on('broadcast', { event: 'replay-request' }, ({ payload }) => {
     // Flush pending bytes first so the replay is complete up to "now"; both
@@ -769,8 +788,7 @@ channel
     if (s) { s.mode = payload.mode; s.session.setMode(payload.mode) }  // track for persist/restore
   })
   .on('broadcast', { event: 'code-close' }, ({ payload }) => {
-    const s = payload?.id && sessions.get(payload.id)
-    if (s) { try { s.session.end() } catch { /* noop */ } ; sessions.delete(payload.id); bcast('term-exit', { id: payload.id }); announce() }
+    endStructured(payload?.id)
   })
   .on('broadcast', { event: 'who' }, announce)
   .subscribe(status => {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "thinkpool-pair",
-  "version": "0.7.17",
+  "version": "0.7.19",
   "description": "Share a local coding-agent CLI (Claude Code, Codex, Gemini, Aider, …) into a ThinkPool Code room, live.",
   "type": "module",
   "bin": {

package/session-store.mjs CHANGED Viewed

@@ -46,6 +46,14 @@ export function saveSession(room, id, data) {
   timers.set(id, setTimeout(() => write(room, id, data), 1500))
 }
 export function flushSession(room, id, data) { clearTimeout(timers.get(id)); write(room, id, data) }
+// User-initiated close: cancel any pending debounced save and remove the on-disk
+// record so a later loadAll() (bridge restart) can't resurrect a closed terminal.
+// PTY ids never have an <id>.json (they use the .pty-id dotfile), so this no-ops
+// harmlessly for them.
+export function deleteSession(room, id) {
+  clearTimeout(timers.get(id)); timers.delete(id)
+  try { fs.unlinkSync(path.join(dir(room), `${id}.json`)) } catch { /* noop */ }
+}
 // Most-recently-saved structured session for the room (drives attached restore).
 export function loadLatest(room) {