Skip to content

fix(wire): transient-5xx handshake, encrypted-session rotation retry, throttle-aware timeout, since encoding#7

Merged
dotCooCoo merged 1 commit into
mainfrom
fix/wire-robustness
Jun 14, 2026
Merged

fix(wire): transient-5xx handshake, encrypted-session rotation retry, throttle-aware timeout, since encoding#7
dotCooCoo merged 1 commit into
mainfrom
fix/wire-robustness

Conversation

@dotCooCoo

@dotCooCoo dotCooCoo commented Jun 14, 2026

Copy link
Copy Markdown
Owner

Four wire-layer robustness fixes (ws-client + http-client):

  • Transient 5xx handshake. The bad-status handler emitted upgrade_rejected for all statuses, but the wrapper only treats 4xx as terminal — a 5xx reconnects. The engine treats a non-4xx upgrade_rejected as PERMANENT ('restart the daemon'), so a transient 502/503 (e.g. a reverse proxy during a deploy) logged a false 'permanently closed' alarm while the socket self-healed. Now only terminal (4xx) rejections emit upgrade_rejected.
  • since encoding. The dial URL interpolated since raw while bundleId was percent-encoded; now since is integer-coerced and encodeURIComponent'd.
  • Encrypted-session rotation retry. On HTTP 400 encrypted-payload-rejected (the server rotated its api-encrypt keypair and the cached pubkey is stale), rebuild the encrypted session and retry once — mirroring the existing 401 session-recovery branches.
  • Throttle-aware transfer timeout. A fixed 30s socket-inactivity timeout aborted a transfer when a configured bandwidth throttle made a single chunk's wait exceed 30s (sub-~2 KiB/s rates). The idle window now scales to the worst-case single-chunk throttle-wait plus the 30s base when a throttle is set; unthrottled transfers are unchanged.

@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown
Check Status
ESLint (JS + security)
Codebase-patterns (static-shape gates)
Changelog drift gate
Hadolint (Dockerfile)
ShellCheck (shell scripts)

@dotCooCoo
fix(wire): transient-5xx handshake signalling, encrypted-session rota…
66a52e6 
…tion retry, throttle-aware timeout, since encoding

- ws-client: only emit upgrade_rejected for terminal (4xx) handshake
  rejections. A transient 5xx is reconnected by the wrapper, but still drove
  the engine's permanent-rejection handler ('restart the daemon'),
  contradicting the self-healing reconnect.
- ws-client: integer-coerce and percent-encode the since cursor in the dial
  URL, matching the bundleId treatment.
- http-client: on HTTP 400 encrypted-payload-rejected (server key rotation /
  stale cached pubkey), rebuild the encrypted session and retry once, as the
  401 session paths already do.
- http-client: scale the transfer idle timeout when a bandwidth throttle is
  configured so a slow-but-progressing throttled transfer isn't aborted by
  the fixed 30s socket-inactivity window.
@dotCooCoo dotCooCoo force-pushed the fix/wire-robustness branch from 663b2eb to 66a52e6 Compare June 14, 2026 04:19
@github-actions

github-actions Bot commented Jun 14, 2026

Copy link
Copy Markdown

🎉 Linting finished with no errors or warnings 🎉

Check Status
ESLint (JS + security)
Codebase-patterns (static-shape gates)
Changelog drift gate
Hadolint (Dockerfile)
ShellCheck (shell scripts)

@dotCooCoo dotCooCoo merged commit d1dd94a into main Jun 14, 2026
5 checks passed
@dotCooCoo dotCooCoo deleted the fix/wire-robustness branch June 14, 2026 13:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dotCooCoo