Skip to content

feat: observer-stream live chat (flag-gated, cursor-resumable) with polling fallback#393

Open
willwashburn wants to merge 2 commits into
mainfrom
claude/agent-relay-sdk-review-78901d
Open

feat: observer-stream live chat (flag-gated, cursor-resumable) with polling fallback#393
willwashburn wants to merge 2 commits into
mainfrom
claude/agent-relay-sdk-review-78901d

Conversation

@willwashburn

@willwashburn willwashburn commented Jul 2, 2026

Copy link
Copy Markdown
Member

Summary

Wires pear's Slack-like UI to the new observer plane (durable workspace event log — AgentWorkforce/relaycast#233), replacing dependence on broker relay_inbound side effects + 3s active-room polling as the primary live path. Gated behind PEAR_OBSERVER_STREAM=1 (default off) with silent fallback to the existing untouched polling on any missing server capability, so it's safe to merge ahead of the engine/relay releases.

How it works (src/main/observer-stream.ts, new ObserverStreamManager):

  • Mints a read-only observer token via the broker's existing POST /api/observer-token (reuses pear's existing mintObserverToken caller/cache), opens the live /v1/ws observer WebSocket and buffers frames, REST-backfills GET /v1/workspace/events from a persisted per-workspace cursor (paginated ≤500), merges by seq (dedupe, ascending), then goes live — advancing and debounce-persisting the cursor (observerStreamCursors in the existing projects store).
  • Exponential-backoff reconnect (1s→30s) with re-backfill from the cursor on each reopen; re-mints a fresh token on 401/403. First run per workspace adopts latest_seq instead of replaying full history (REST reconcile owns room hydration).
  • Fallback triggers: flag off, broker token endpoint missing, /v1/workspace/events 404 (old engine), or WS auth failure — each degrades silently to today's polling.

Store integration: observer events are translated into BrokerReconciledChatMessage batches and merged via the same reconcileMessages path the 3s polling feeds — observer payloads carry canonical relaycast message ids, so id-dedupe converges regardless of which plane delivers first (synthesizing relay_inbound events would duplicate against REST-reconciled records and mis-time backfilled history). DM to participants are resolved from the conversation's known messages; thread.reply merges by cloning the in-store parent with the appended reply. message.reacted/message.read are left as an explicit TODO — the renderer store has no incremental merge path for them yet.

Glue in src/main/broker.ts (start/stop per session), plus a new observer:chat-update IPC channel (ObserverChatUpdate type through preload/ipc-mock).

Test Plan

  • Tests added/updated — 26 new vitest tests on the manager's pure logic (event translation shapes, seq merge/dedupe/cursor advance, backfill pagination, first-run cursor adoption, 404 permanent fallback on both endpoints, auth-failure fresh-mint, WS 401 rejection, stop semantics, backoff progression). Affected suites: 181/181; node:test suite 123/123; typecheck (web + node) and eslint clean.
  • Manual testing completed — live end-to-end requires the engine + relay releases; the server contract was verified separately via a cross-repo E2E (relay SDK observer mode against the engine source: live + reactions + cursor-resume after an offline gap, no duplicates). Electron/playwright suites not run per scope.

Screenshots

N/A

🤖 Generated with Claude Code

https://claude.ai/code/session_01VASvErz2MxkQMCsSzTgsbe


Generated by Claude Code

Review in cubic

…ERVER_STREAM

Add a feature-flagged (default OFF) main-process ObserverStreamManager that
mints a scoped read-only observer token via the local broker's
POST /api/observer-token, opens the engine observer WebSocket
(wss://<relay base>/v1/ws?token=...), REST-backfills missed events from a
persisted per-workspace cursor (GET /v1/workspace/events?since=<seq>), merges
by seq (dedupe, ascending), and reconnects with exponential backoff,
re-minting the token on auth failure.

Message-class events (message.created, thread.reply, dm/group_dm.received)
are translated into BrokerReconciledChatMessage batches and merged through
the renderer's existing reconcileMessages store path — the same id-deduping
merge the 3s REST polling reconciliation feeds — so both planes converge on
canonical relaycast message ids with no parallel store. message.reacted /
message.read are left as a TODO (the store has no incremental merge path
for them yet).

Every failure mode degrades silently to the untouched polling path: flag
off, observer-token endpoint missing (broker 404), /v1/workspace/events 404
(older engine), or a WS that will not authenticate.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VASvErz2MxkQMCsSzTgsbe
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@willwashburn, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 49 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e105aec6-5f5a-4299-88ee-febb161957a3

📥 Commits

Reviewing files that changed from the base of the PR and between 15329b9 and b6d5ed7.

📒 Files selected for processing (10)
  • electron-builder.mcp-resources.yml
  • src/main/broker.ts
  • src/main/observer-stream.test.ts
  • src/main/observer-stream.ts
  • src/main/store.ts
  • src/preload/index.ts
  • src/renderer/src/hooks/use-broker-events.ts
  • src/renderer/src/lib/ipc-mock.ts
  • src/renderer/src/lib/observer-chat.ts
  • src/shared/types/ipc.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/agent-relay-sdk-review-78901d

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a feature-flagged (PEAR_OBSERVER_STREAM) relaycast observer-stream consumer that streams chat updates via WebSockets and REST backfills, integrating with the existing renderer message state. Feedback on the changes highlights three key issues: a potential lost update bug in observer-chat.ts when processing multiple thread replies for the same parent in a single batch, a missing state check in observer-stream.ts that could lead to wasted network requests during backfill if the manager is stopped, and an issue in broker.ts where forceFresh fails to clear the in-flight token promise cache.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment on lines +60 to +72
for (const entry of update.threadReplies) {
const parent = existingMessages.find((message) => message.id === entry.parentId)
// A reply whose parent we have never merged is skipped — the store only
// carries thread replies attached to a full parent record. The polling
// reconciliation cannot recover these either (it does not fetch thread
// replies), so a skipped reply reappears only when the parent lands.
if (!parent) continue
if (parent.threadReplies?.some((reply) => reply.id === entry.reply.id)) continue
incoming.push({
...toReconciled(parent),
threadReplies: [...(parent.threadReplies || []), entry.reply]
})
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

There is a potential lost update bug when multiple thread replies for the same parent message are received in the same batch. Since existingMessages is not updated during the loop, each iteration retrieves the stale parent message from existingMessages (which does not contain the previously processed replies from the same batch). As a result, only the last reply in the batch for a given parent will survive, and previous ones will be overwritten and lost.

To fix this, group the incoming thread replies by parentId first, and then merge them with the parent's existing replies in a single update per parent.

  const repliesByParent = new Map<string, typeof update.threadReplies[number]['reply'][]>()
  for (const entry of update.threadReplies) {
    const list = repliesByParent.get(entry.parentId) || []
    list.push(entry.reply)
    repliesByParent.set(entry.parentId, list)
  }

  for (const [parentId, newReplies] of repliesByParent.entries()) {
    const parent = existingMessages.find((message) => message.id === parentId)
    if (!parent) continue

    const combinedReplies = [...(parent.threadReplies || [])]
    for (const reply of newReplies) {
      if (!combinedReplies.some((r) => r.id === reply.id)) {
        combinedReplies.push(reply)
      }
    }

    incoming.push({
      ...toReconciled(parent),
      threadReplies: combinedReplies
    })
  }

Comment on lines +531 to +552
private async backfill(token: string): Promise<void> {
if (this.cursor === undefined) {
// First run for this workspace: don't replay the entire history — adopt
// the current head and stream from here on. The REST reconciliation
// already hydrates canonical room history on demand.
const page = await this.fetchEventsPage(token, 0, 1)
this.setCursor(page.latestSeq ?? 0)
this.log(`observer stream cursor initialized at seq ${this.cursor}`)
return
}

const limit = Math.min(this.options.backfillPageLimit ?? DEFAULT_BACKFILL_PAGE_LIMIT, MAX_BACKFILL_PAGE_LIMIT)
let since = this.cursor
for (;;) {
const page = await this.fetchEventsPage(token, since, limit)
this.processEvents(page.events)
const pageMax = maxObserverSeq(page.events)
if (page.events.length < limit) break
if (pageMax === undefined || pageMax <= since) break
since = pageMax
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

If the manager is stopped or disabled while backfill is in progress, the loop will continue to fetch pages and process events unnecessarily. Adding a check for this.state !== 'running' inside the loop and after the first-run fetch will prevent wasted network requests and processing.

  private async backfill(token: string): Promise<void> {
    if (this.cursor === undefined) {
      // First run for this workspace: don't replay the entire history — adopt
      // the current head and stream from here on. The REST reconciliation
      // already hydrates canonical room history on demand.
      const page = await this.fetchEventsPage(token, 0, 1)
      if (this.state !== 'running') return
      this.setCursor(page.latestSeq ?? 0)
      this.log(`observer stream cursor initialized at seq ${this.cursor}`)
      return
    }

    const limit = Math.min(this.options.backfillPageLimit ?? DEFAULT_BACKFILL_PAGE_LIMIT, MAX_BACKFILL_PAGE_LIMIT)
    let since = this.cursor
    for (;;) {
      if (this.state !== 'running') break
      const page = await this.fetchEventsPage(token, since, limit)
      this.processEvents(page.events)
      const pageMax = maxObserverSeq(page.events)
      if (page.events.length < limit) break
      if (pageMax === undefined || pageMax <= since) break
      since = pageMax
    }
  }

Comment thread src/main/broker.ts
Comment on lines +1864 to +1866
mintToken: async ({ forceFresh }) => {
if (forceFresh) this.observerTokens.delete(projectId)
try {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

When forceFresh is true, deleting the cached token from this.observerTokens is not sufficient if there is an active in-flight promise in this.observerTokenMints. The manager would still return the existing in-flight promise (which resolves to the old/stale token) instead of minting a fresh one. Deleting the entry from this.observerTokenMints as well ensures a truly fresh token is minted.

      mintToken: async ({ forceFresh }) => {
        if (forceFresh) {
          this.observerTokens.delete(projectId)
          this.observerTokenMints.delete(projectId)
        }
        try {

CI's verify:mcp-resources-drift gate compares against the merge with
main, where @relayfile/client entered the dependency tree; the generated
resources list needed the corresponding entry.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01VASvErz2MxkQMCsSzTgsbe

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

5 issues found and verified against the latest diff

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/main/observer-stream.ts">

<violation number="1" location="src/main/observer-stream.ts:375">
P2: A stale socket callback can still emit events after reconnect because the handler only checks `state`, not socket identity. Adding a `this.socket === socket` guard makes reconnect behavior match the repo’s stale-listener hardening pattern.</violation>

<violation number="2" location="src/main/observer-stream.ts:488">
P2: Auth-expired live sockets can reconnect with the same stale token because post-open close codes are treated as a normal close. Handling auth close codes in the settled-open branch and marking `nextMintForceFresh` would keep re-auth behavior consistent with the pre-open auth-failure path.</violation>

<violation number="3" location="src/main/observer-stream.ts:544">
P2: The backfill pagination loop doesn't check whether the manager has been stopped between page fetches. If `stop()` is called while backfill is in progress (e.g., a session is dropped), this loop will continue issuing network requests and processing events until pagination naturally terminates. Adding a `if (this.state !== 'running') break` at the top of the loop (and after the first-run fetch) would avoid wasted work.</violation>
</file>

<file name="src/renderer/src/lib/observer-chat.ts">

<violation number="1" location="src/renderer/src/lib/observer-chat.ts:61">
P1: Thread replies can be lost when multiple `update.threadReplies` entries target the same parent (or when parent arrives in `update.messages` in the same batch). The loop resolves from `existingMessages` only, so it doesn't accumulate against already-prepared `incoming` parent state before `reconcileMessages` merges.</violation>
</file>

<file name="src/main/broker.ts">

<violation number="1" location="src/main/broker.ts:1867">
P2: Cloud observer streams can authenticate with the local broker's observer token when a local and cloud session coexist, because this session-scoped manager mints by projectId and getSessionForProject prefers the local session. Consider minting through the current sessionKey (and scoping the token cache accordingly) so the stream's token/workspace matches the broker session it is attached to.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

}

for (const entry of update.threadReplies) {
const parent = existingMessages.find((message) => message.id === entry.parentId)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: Thread replies can be lost when multiple update.threadReplies entries target the same parent (or when parent arrives in update.messages in the same batch). The loop resolves from existingMessages only, so it doesn't accumulate against already-prepared incoming parent state before reconcileMessages merges.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/renderer/src/lib/observer-chat.ts, line 61:

<comment>Thread replies can be lost when multiple `update.threadReplies` entries target the same parent (or when parent arrives in `update.messages` in the same batch). The loop resolves from `existingMessages` only, so it doesn't accumulate against already-prepared `incoming` parent state before `reconcileMessages` merges.</comment>

<file context>
@@ -0,0 +1,77 @@
+  }
+
+  for (const entry of update.threadReplies) {
+    const parent = existingMessages.find((message) => message.id === entry.parentId)
+    // A reply whose parent we have never merged is skipped — the store only
+    // carries thread replies attached to a full parent record. The polling
</file context>

}

private async runCycle(): Promise<void> {
if (this.state !== 'running') return

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: A stale socket callback can still emit events after reconnect because the handler only checks state, not socket identity. Adding a this.socket === socket guard makes reconnect behavior match the repo’s stale-listener hardening pattern.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/main/observer-stream.ts, line 375:

<comment>A stale socket callback can still emit events after reconnect because the handler only checks `state`, not socket identity. Adding a `this.socket === socket` guard makes reconnect behavior match the repo’s stale-listener hardening pattern.</comment>

<file context>
@@ -0,0 +1,630 @@
+  }
+
+  private async runCycle(): Promise<void> {
+    if (this.state !== 'running') return
+    try {
+      const token = await this.options.mintToken({ forceFresh: this.nextMintForceFresh })
</file context>


socket.on('close', ((code: unknown) => {
if (settledOpen) {
if (this.socket === socket) this.socket = null

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Auth-expired live sockets can reconnect with the same stale token because post-open close codes are treated as a normal close. Handling auth close codes in the settled-open branch and marking nextMintForceFresh would keep re-auth behavior consistent with the pre-open auth-failure path.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/main/observer-stream.ts, line 488:

<comment>Auth-expired live sockets can reconnect with the same stale token because post-open close codes are treated as a normal close. Handling auth close codes in the settled-open branch and marking `nextMintForceFresh` would keep re-auth behavior consistent with the pre-open auth-failure path.</comment>

<file context>
@@ -0,0 +1,630 @@
+
+      socket.on('close', ((code: unknown) => {
+        if (settledOpen) {
+          if (this.socket === socket) this.socket = null
+          resolve()
+        } else {
</file context>

Comment thread src/main/broker.ts
mintToken: async ({ forceFresh }) => {
if (forceFresh) this.observerTokens.delete(projectId)
try {
return (await this.mintObserverToken(projectId)).token

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Cloud observer streams can authenticate with the local broker's observer token when a local and cloud session coexist, because this session-scoped manager mints by projectId and getSessionForProject prefers the local session. Consider minting through the current sessionKey (and scoping the token cache accordingly) so the stream's token/workspace matches the broker session it is attached to.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/main/broker.ts, line 1867:

<comment>Cloud observer streams can authenticate with the local broker's observer token when a local and cloud session coexist, because this session-scoped manager mints by projectId and getSessionForProject prefers the local session. Consider minting through the current sessionKey (and scoping the token cache accordingly) so the stream's token/workspace matches the broker session it is attached to.</comment>

<file context>
@@ -1830,6 +1843,69 @@ export class BrokerManager {
+      mintToken: async ({ forceFresh }) => {
+        if (forceFresh) this.observerTokens.delete(projectId)
+        try {
+          return (await this.mintObserverToken(projectId)).token
+        } catch (err) {
+          // mintObserverTokenUncached maps a broker 404 (route predates
</file context>


const limit = Math.min(this.options.backfillPageLimit ?? DEFAULT_BACKFILL_PAGE_LIMIT, MAX_BACKFILL_PAGE_LIMIT)
let since = this.cursor
for (;;) {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: The backfill pagination loop doesn't check whether the manager has been stopped between page fetches. If stop() is called while backfill is in progress (e.g., a session is dropped), this loop will continue issuing network requests and processing events until pagination naturally terminates. Adding a if (this.state !== 'running') break at the top of the loop (and after the first-run fetch) would avoid wasted work.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At src/main/observer-stream.ts, line 544:

<comment>The backfill pagination loop doesn't check whether the manager has been stopped between page fetches. If `stop()` is called while backfill is in progress (e.g., a session is dropped), this loop will continue issuing network requests and processing events until pagination naturally terminates. Adding a `if (this.state !== 'running') break` at the top of the loop (and after the first-run fetch) would avoid wasted work.</comment>

<file context>
@@ -0,0 +1,630 @@
+
+    const limit = Math.min(this.options.backfillPageLimit ?? DEFAULT_BACKFILL_PAGE_LIMIT, MAX_BACKFILL_PAGE_LIMIT)
+    let since = this.cursor
+    for (;;) {
+      const page = await this.fetchEventsPage(token, since, limit)
+      this.processEvents(page.events)
</file context>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants