fix: use a deadline timer for peer connects

The raw socket handoff no longer needs Socket#setTimeout; an ordinary connection deadline keeps the timeout behavior while avoiding an internal socket timeout listener that has no reliable UDS integration path to exercise. Constraint: Keep Codecov coverage honest without adding ignore pragmas, mocks, or fallback suppression. Rejected: c8 ignore on the timeout listener | hides the uncovered branch instead of simplifying the lifecycle. Rejected: keep Socket#setTimeout listener | leaves a socket listener lifecycle to manage for a connect-only deadline. Confidence: high Scope-risk: narrow Directive: Keep connectToPeer errors caller-owned via onSocketError and reject pre-connect failures with UdsPeerConnectionError. Tested: bun test src/utils/__tests__/udsMessaging.test.ts src/services/AgentSummary/__tests__/agentSummary.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun test src/utils/__tests__/udsMessaging.test.ts --coverage --coverage-reporter lcov --coverage-dir coverage-uds Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Tested: bun audit Not-tested: Manual external ACP peer runtime beyond repository tests.
fix: close peer socket listener handoff window
2026-06-16 05:15:51 +00:00 · 2026-04-27 17:41:23 +08:00 · 2026-04-27 17:20:51 +08:00 · 2026-04-27 16:40:48 +08:00 · 2026-04-27 16:32:07 +08:00 · 2026-04-27 16:22:13 +08:00
4 changed files with 71 additions and 35 deletions
--- a/contributors.svg
+++ b/contributors.svg
--- a/src/services/AgentSummary/tests/agentSummary.test.ts
+++ b/src/services/AgentSummary/tests/agentSummary.test.ts
@@ -161,7 +161,9 @@ describe('startAgentSummarization', () => {

    expect(forkCalls).toEqual([])
    expect(updateCalls).toEqual([])
-    expectDebugLogContaining('no bounded context available')
+    expectDebugLogContaining(
+      '[AgentSummary] Skipping summary for task-1: no bounded context available',
+    )
  })

  test('skips summarization before building context when transcript is too short', async () => {
@@ -173,7 +175,9 @@ describe('startAgentSummarization', () => {

    expect(forkCalls).toEqual([])
    expect(updateCalls).toEqual([])
-    expectDebugLogContaining('not enough messages (2)')
+    expectDebugLogContaining(
+      '[AgentSummary] Skipping summary for task-1: not enough messages (2)',
+    )
  })

  test('skips and reschedules while poor mode is active', async () => {
@@ -188,7 +192,7 @@ describe('startAgentSummarization', () => {

    expect(forkCalls).toEqual([])
    expect(updateCalls).toEqual([])
-    expectDebugLogContaining('poor mode active')
+    expectDebugLogContaining('[AgentSummary] Skipping summary — poor mode active')
    expect(scheduledCount).toBe(initialScheduledCount + 1)
    expect(lastTimerHandle).not.toBe(initialTimerHandle)
  })
@@ -218,7 +222,7 @@ describe('startAgentSummarization', () => {

    handle.stop()

-    expectDebugLogContaining('Stopping summarization for task-1')
+    expectDebugLogContaining('[AgentSummary] Stopping summarization for task-1')
    expect(clearedHandles).toEqual([pendingHandle])
  })
 })
--- a/src/utils/tests/udsMessaging.test.ts
+++ b/src/utils/tests/udsMessaging.test.ts
@@ -307,7 +307,9 @@ describe('UDS inbox retention', () => {
      '../udsClient.js'
    )

-    const error = await connectToPeer(path).then(
+    const error = await connectToPeer(path, () => {
+      throw new Error('Unexpected post-connect socket error')
+    }).then(
      () => undefined,
      err => err,
    )
@@ -338,13 +340,24 @@ describe('UDS inbox retention', () => {
    })

    let client: Socket | undefined
+    const socketErrors: Error[] = []
    try {
      const { connectToPeer } = await import('../udsClient.js')
-      client = await connectToPeer(path, 50)
+      client = await connectToPeer(
+        path,
+        error => {
+          socketErrors.push(error)
+        },
+        1000,
+      )
      await new Promise(resolve => setTimeout(resolve, 100))

      expect(client.destroyed).toBe(false)
-      expect(client.listenerCount('error')).toBe(0)
+      expect(client.listenerCount('error')).toBe(1)
+
+      const socketError = new Error('post-connect failure')
+      client.emit('error', socketError)
+      expect(socketErrors).toEqual([socketError])
    } finally {
      client?.destroy()
      for (const socket of sockets) {
--- a/src/utils/udsClient.ts
+++ b/src/utils/udsClient.ts
@@ -266,33 +266,48 @@ export async function sendToUdsSocket(

 /**
 * Connect to a peer and return the raw socket for bidirectional communication.
- * The caller is responsible for managing the connection lifecycle.
+ * The caller owns the post-connect lifecycle through onSocketError, which is
+ * attached before the Promise resolves so peer socket errors cannot be
+ * swallowed or surface through a listener handoff window.
+ * Pre-connect failures reject with UdsPeerConnectionError.
+ * This only opens the transport; callers still own any capability handshake.
 */
 export function connectToPeer(
  socketPath: string,
+  onSocketError: (error: Error) => void,
  timeoutMs = 5000,
 ): Promise<Socket> {
  return new Promise<Socket>((resolve, reject) => {
    const conn = createConnection(socketPath)
    let settled = false
-    const fail = (cause: unknown) => {
+    const timeout = setTimeout(
+      fail,
+      timeoutMs,
+      new Error('Connection timed out'),
+    )
+    function cleanupListeners(): void {
+      clearTimeout(timeout)
+      conn.off('error', fail)
+    }
+    function fail(cause: unknown): void {
      if (settled) {
        return
      }
      settled = true
+      cleanupListeners()
      conn.destroy()
      reject(new UdsPeerConnectionError(socketPath, cause))
    }
    conn.once('connect', () => {
+      if (settled) {
+        return
+      }
      settled = true
-      conn.setTimeout(0)
-      conn.off('error', fail)
+      cleanupListeners()
+      conn.on('error', onSocketError)
      resolve(conn)
    })
    conn.on('error', fail)
-    conn.setTimeout(timeoutMs, () => {
-      fail(new Error('Connection timed out'))
-    })
  })
 }
Author	SHA1	Message	Date
unraid	d3b16ae040	fix: use a deadline timer for peer connects The raw socket handoff no longer needs Socket#setTimeout; an ordinary connection deadline keeps the timeout behavior while avoiding an internal socket timeout listener that has no reliable UDS integration path to exercise. Constraint: Keep Codecov coverage honest without adding ignore pragmas, mocks, or fallback suppression. Rejected: c8 ignore on the timeout listener \| hides the uncovered branch instead of simplifying the lifecycle. Rejected: keep Socket#setTimeout listener \| leaves a socket listener lifecycle to manage for a connect-only deadline. Confidence: high Scope-risk: narrow Directive: Keep connectToPeer errors caller-owned via onSocketError and reject pre-connect failures with UdsPeerConnectionError. Tested: bun test src/utils/__tests__/udsMessaging.test.ts src/services/AgentSummary/__tests__/agentSummary.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun test src/utils/__tests__/udsMessaging.test.ts --coverage --coverage-reporter lcov --coverage-dir coverage-uds Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Tested: bun audit Not-tested: Manual external ACP peer runtime beyond repository tests.	2026-04-27 17:41:23 +08:00
unraid	a90c16431b	fix: close peer socket listener handoff window CodeRabbit and Claude review found that documenting caller-owned raw socket errors still left a Promise handoff window and a stale timeout-listener risk. The peer connection API now requires a caller error handler and installs it before resolving, while cleanup removes internal error and timeout listeners on every path. Constraint: Keep the fix precise to PR #375 review feedback and avoid warning suppression or fallback behavior. Rejected: Leave the behavior documented only \| still permits an unhandled socket error window between resolve and caller listener attachment. Rejected: Keep a no-op internal error listener \| would silently swallow caller-owned socket errors. Confidence: high Scope-risk: narrow Directive: Do not add raw connectToPeer callers without providing a real onSocketError handler and capability handshake. Tested: bun test src/utils/__tests__/udsMessaging.test.ts src/services/AgentSummary/__tests__/agentSummary.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Tested: bun audit Not-tested: Manual external ACP peer runtime beyond repository tests.	2026-04-27 17:20:51 +08:00
unraid	a5ede237f0	docs: clarify UDS peer socket ownership CodeRabbit's #375 pass found that connectToPeer now correctly hands socket errors to the caller, but the JSDoc needed to spell out that contract. The lifecycle test also uses a less brittle post-connect timeout so slow CI does not turn the ownership check into a connection-speed race. Constraint: The raw socket API intentionally detaches its internal listener after successful connect so caller-owned errors are not swallowed. Rejected: Keep the test timeout at 50ms \| it tests scheduler speed instead of socket lifecycle ownership. Confidence: high Scope-risk: narrow Directive: connectToPeer callers must attach their own error listener immediately after awaiting the socket. Tested: bun test src/utils/__tests__/udsMessaging.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: git diff --check Tested: bun run test:all Not-tested: GitHub-hosted CodeRabbit refresh until pushed.	2026-04-27 16:40:48 +08:00
unraid	85dc1b9462	fix: keep UDS peer failures structured CodeRabbit and Claude cross-review identified that timeout and raw peer connection failures should share one observable error contract. UDS peer failures now use UdsPeerConnectionError consistently, and connectToPeer hands the socket lifecycle back to the caller after a successful connection instead of retaining an internal timeout or error listener. The tests cover the real socket paths with capability files, timeout behavior, connection failure structure, post-connect listener handoff, AgentSummary rescheduling observations, and platform-specific mailbox directory errno handling. Constraint: Preserve the 5000ms production timeout default while allowing tests to exercise timeout paths quickly. Rejected: Suppress CodeRabbit warnings in tests \| would hide the real timeout/error contract gap. Rejected: Keep connectToPeer post-connect error listener \| it would silently swallow caller-owned socket errors. Confidence: high Scope-risk: narrow Directive: Keep UDS send/connect timeout and socket-error paths on the same structured peer error contract. Tested: bun test src/utils/__tests__/udsMessaging.test.ts src/services/AgentSummary/__tests__/agentSummary.test.ts src/utils/__tests__/teammateMailbox.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Tested: omx ask claude simplify review artifact .omx/artifacts/claude-review-only-cross-check-for-pr-374-on-branch-codex-codecov-r-2026-04-27T08-17-47-309Z.md Tested: omx ask claude security review artifact .omx/artifacts/claude-security-review-cross-check-for-pr-374-current-working-tree--2026-04-27T08-26-54-079Z.md Not-tested: GitHub-hosted CodeRabbit refresh until pushed.	2026-04-27 16:32:07 +08:00
Dosion	b47731a3f3	test: keep Codecov coverage on real agent communication paths (#374 ) * test: keep Codecov coverage on real agent communication paths PR #369 was merged before the final Codecov coverage fix landed, so this follow-up carries only the incremental real-path tests needed on top of main. The tests exercise AgentSummary lifecycle branches, mailbox fail-closed behavior, UDS client connection failure through a real capability file, and UDS response-reader framing without mock.module, warning suppression, feature fallback, or production-code churn. Constraint: PR #369 is already merged; this branch must contain only the incremental Codecov repair on top of latest main Rejected: Reopen or keep pushing the merged PR branch \| merged PR refs do not update and would leave Codecov stale Rejected: Mock bun:bundle or hide warnings \| would reintroduce cross-test pollution and pseudo coverage Rejected: Keep unrelated SendMessageTool production diff \| it created avoidable patch-coverage debt without improving the runtime path Confidence: high Scope-risk: narrow Directive: Keep these coverage tests on real paths; do not replace them with output suppression or feature-flag mocks Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun test src\utils\__tests__\teammateMailbox.test.ts Tested: bun test src\services\AgentSummary\__tests__\agentSummary.test.ts src\services\AgentSummary\__tests__\summaryContext.test.ts src\utils\__tests__\teammateMailbox.test.ts src\utils\__tests__\udsMessaging.test.ts src\utils\__tests__\udsResponseReader.test.ts packages\builtin-tools\src\tools\SendMessageTool\__tests__\udsRecipientSanitization.test.ts Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Tested: bun audit Tested: git diff --check Tested: Claude simplify review GO (.omx/artifacts/claude-simplify-codecov-20260427-1521.md) Tested: Claude security review GO (.omx/artifacts/claude-security-codecov-20260427-1522.md) Not-tested: GitHub-hosted Codecov upload after this amended commit until PR checks rerun * test: keep review assertions tied to real failure paths CodeRabbit flagged three non-blocking but valid review gaps: platform-specific mailbox errno checks, brittle UDS connection-failure message assertions, and missing AgentSummary reschedule proof after fork errors. This keeps the fixes narrow by tightening the affected assertions and adding a structured UDS connection error for tests to assert behavior instead of prose. Constraint: PR #374 is a review follow-up and must not hide warnings, skip tests, or merge the PR. Rejected: Matching the UDS failure message literal \| preserves the brittle coupling CodeRabbit flagged. Rejected: Asserting only that mailbox writes throw \| would allow unrelated pre-path failures to pass. Confidence: high Scope-risk: narrow Directive: Keep UDS connection-failure tests on structured error data, not display wording. Tested: bun test src/services/AgentSummary/__tests__/agentSummary.test.ts src/utils/__tests__/teammateMailbox.test.ts src/utils/__tests__/udsMessaging.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Not-tested: GitHub-hosted CodeRabbit refresh until pushed. * test: remove brittle review follow-up assumptions CodeRabbit's second pass found two valid brittleness issues and one suggested callback-reference assertion that would not match production behavior. This keeps the production behavior unchanged: timers still schedule the summarizer closure, tests now assert timer-handle identity, and UDS connection errors use native Error.cause instead of shadowing it. Constraint: Do not manufacture behavior just to satisfy a review hint; assertions must match the real AgentSummary scheduling contract. Rejected: Assert a fresh scheduled callback function \| scheduleNext intentionally passes the same runSummary closure each time. Rejected: Store a custom cause field on UdsPeerConnectionError \| native Error.cause is available under ESNext/Bun. Confidence: high Scope-risk: narrow Directive: Timer tests should assert returned handle identity for ownership, not incidental numeric values. Tested: bun test src/services/AgentSummary/__tests__/agentSummary.test.ts src/utils/__tests__/udsMessaging.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Not-tested: GitHub-hosted CodeRabbit refresh until pushed. * test: enforce structured UDS timeout failures CodeRabbit's follow-up surfaced a real consistency gap: UDS send socket errors used UdsPeerConnectionError while response timeouts still rejected a generic Error. Timeouts now use the same structured peer failure contract, and the test exercises that path through a short explicit timeout instead of waiting for the production default. The AgentSummary unchanged-fingerprint test now also asserts that the second unchanged tick does not log errors, preserving the existing behavior checks without changing production scheduling semantics. Constraint: Keep the production timeout default at 5000ms while allowing tests to exercise the timeout path quickly. Rejected: Leave timeout failures as generic Error \| callers would need separate handling for the same peer connection failure class. Confidence: high Scope-risk: narrow Directive: Keep UDS send timeout and socket-error branches on the same structured error contract. Tested: bun test src/services/AgentSummary/__tests__/agentSummary.test.ts src/utils/__tests__/udsMessaging.test.ts Tested: bunx tsc --noEmit --pretty false Tested: bun run lint Tested: bun run test:all Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage Tested: bun run build Tested: bun run build:vite Not-tested: GitHub-hosted CodeRabbit refresh until pushed. --------- Co-authored-by: unraid <local@unraid.local>	2026-04-27 16:22:13 +08:00
claude-code-best	a65df4a102	docs: update contributors	2026-04-27 07:57:43 +00:00