fix: reattach SSE on session-switch return + close leaked stream connections

[wirtsi]

Summary

• Closes Live SSE stream does not reattach after session switch — user sees no live tokens until completion #2924 (live SSE stream does not reattach after session switch).
• Bundles the connection-leak fix (close leaked EventSources on session switch) with the missing reattach trigger on return, plus a _dirty_suffix correctness fix.

What was broken

1. Connection leak (browser beach-ball). LIVE_STREAMS was never written to — the EventSource was kept in a closure variable but not tracked in the dictionary, so closeOtherLiveStreams() and closeLiveStream() were no-ops. Every session switch leaked a live EventSource. After a few switches, browser connection-pool exhaustion produced pending requests and the macOS beach-ball during long agent runs.
2. Reattach skipped on return. Once the leak fix landed (closeOtherLiveStreams actually closes prior streams), loadSession() returning to a still-streaming session needed to reopen the SSE. The reattach gate is INFLIGHT[sid].reattach && activeStreamId, but reattach=true was only set on the storage-load path. An in-memory INFLIGHT entry stayed unflagged, so no new EventSource was opened on return — the user saw nothing until the final response landed via metadata refresh.
3. _dirty_suffix silently dropped -dirty. _run_git() substitutes a synthetic "git exited with status N" diagnostic when both stdout/stderr are empty (which is exactly what diff-index --quiet does to signal a dirty tree). The naïve if not out guard always saw a truthy out and dropped the suffix — defeating dev-build cache busting (static/foo.js?v=… stayed identical between clean and dirty checkouts, so browsers kept serving stale assets after a local edit).

What changed

• static/messages.js — _wireSSE() writes LIVE_STREAMS[activeSid]; closeLiveStream() now also sets INFLIGHT[sid].reattach = true (guarded) after closing, so loadSession's reattach branch fires on return. Reconnect handler bails out via _isSessionActivelyViewed() so an SSE closed intentionally during session switch doesn't auto-reconnect in the background.
• static/sessions.js — loadSession() calls closeOtherLiveStreams(sid) before fetching session metadata, so the previous session's EventSource is torn down deterministically (instead of leaking until the next attachLiveStream).
• api/updates.py — _dirty_suffix() recognises both the empty-out and synthetic-diagnostic shapes as the dirty signal, keeping the _run_git() call path so the existing test mock still works.
• api/routes.py, tests/test_regressions.py, tests/test_streaming_race_fix.py — small edits that came along with the broader connection-leak hardening already on this branch.

Tests

• tests/test_inflight_stream_reuse.py — 3 new regression tests pin the chain: closeLiveStream marks reattach → closeOtherLiveStreams propagates the mark → loadSession's INFLIGHT branch keeps the gate shape that the mark feeds into.
• tests/test_parallel_session_switch.py — two brittle substring tests rewritten with resilient regex matches so future inserts in the same loadSession reset block don't break the assertion.
• tests/test_version_badge.py — exercises the corrected _dirty_suffix via the existing _run_git mock.
• Full local suite: 6406 passed, 2 unrelated (gateway-sync network timeout in CI-less env).

Test plan

• Start chat A with a long prompt; click +; send a brief message in B; click back to A; confirm tokens stream live.
• Repeat with a model that has visible reasoning vs. plain token output to ensure both paths reattach.
• Confirm static/messages.js?v=… URL gains -dirty on local edits and busts the browser cache.

🤖 Generated with Claude Code

[nesquena-hermes]

Summary

Reading the diff against origin/master and the actual chain in static/messages.js:610-628, the four-part fix (track the EventSource, mark for reattach on teardown, restore accumulators on reconnect, suppress reconnect for backgrounded sessions) lines up correctly. The non-obvious part — that the same patch had to land in four places to work end-to-end — is exactly the cluster of regressions #2924 reports, and the regression tests pin the chain so a future refactor can't half-fix it.

Code reference — the missing LIVE_STREAMS write was the headline bug

On origin/master, LIVE_STREAMS is declared but never written to. _wireSSE opens an EventSource and keeps the handle in a closure, but the dictionary stays empty, so closeOtherLiveStreams() and closeLiveStream() iterate over {} and silently no-op. Every session switch leaked a live stream. The branch adds the missing write at static/messages.js:1478:

function _wireSSE(source){
  // Track the EventSource in LIVE_STREAMS so closeOtherLiveStreams() /
  // closeLiveStream() can close it when switching sessions, and so
  // reconnect can detect an already-connected stream.
  LIVE_STREAMS[activeSid]={streamId,source};

Without this, the rest of the chain has nothing to operate on. With it, closeOtherLiveStreams(sid) from static/sessions.js:577 (added in this PR) actually closes the prior session's EventSource on switch.

Code reference — reattach gate

The follow-on bug is the part most likely to be missed in review. Once the leak is sealed, returning to a still-streaming session needs to reopen the SSE. The reattach branch in loadSession() is gated on INFLIGHT[sid].reattach, but that flag was only set on the storage-load path. The branch fixes this at static/messages.js:627:

if(INFLIGHT[sessionId]) INFLIGHT[sessionId].reattach=true;

closeLiveStream() is now the single chokepoint that marks reattach. The teardown call at _clearOwnerInflightState() runs before _closeSource() in the terminal-state path, so INFLIGHT[sessionId] is already gone there and the guarded write is a no-op — exactly the behaviour you want for the clean-finish path. The regression test at tests/test_inflight_stream_reuse.py:104-122 pins this precise shape.

Code reference — reconnect guard

static/messages.js:2113-2116 short-circuits the error-handler's reconnect when the user has navigated away:

if(!_isSessionActivelyViewed(activeSid)) return;

This is the right place to put it — source.close() runs first, so the EventSource is torn down whether or not we attempt reconnect, but the explicit _isSessionActivelyViewed check prevents _reconnectAttempted from re-firing a background stream the user just walked away from. Combined with LIVE_STREAMS[activeSid]={streamId,source} so closeOtherLiveStreams() can find it, no orphan streams remain after a switch.

_dirty_suffix correctness

_run_git() at api/updates.py:104 substitutes "git exited with status N" when both stdout and stderr are empty. git diff-index --quiet HEAD -- is designed to produce exactly that shape on a dirty tree (exit 1, no output). The previous return "-dirty" if not out else "" always saw truthy out and dropped the suffix. The branch correctly handles both:

if not out or out.startswith('git exited with status '):
    return "-dirty"
return ""

This restores cache busting on dirty dev checkouts — without it, static/messages.js?v=… was identical between clean and dirty builds, so browsers kept serving stale assets after a local edit. Real errors (timeout text, "git executable not found") carry distinct diagnostics and correctly fall through to "".

Note — the api/routes.py diff is whitespace-only

The api/routes.py hunk in the diff (84 lines changed) is the indentation undo from commit c0a683bd "fix: suppress hidden-tab polling and narrow CHAT_LOCK scope", where _handle_chat_sync got its CHAT_LOCK scope narrowed — that lives only on this branch, so against master the diff has to re-indent the AIAgent construction block back inside with CHAT_LOCK:. Worth flagging in the PR description so reviewers don't waste time looking for a behavioural change inside it. If you want a smaller blast radius for the SSE fix, splitting that earlier CHAT_LOCK narrowing into a separate PR would make the streaming PR more obviously contained.

Verification

CI is green (3.11/3.12/3.13 SUCCESS), and the repro steps in the PR description match the chain the tests pin — start A long, switch to B and send, return to A → tokens stream live because (1) the EventSource for A was actually closed on switch, (2) INFLIGHT.reattach was marked, (3) loadSession's reattach branch reopens via attachLiveStream with {reconnecting:true}, (4) the new closure restores assistantText from the last live INFLIGHT message so the prefix isn't doubled or dropped.

[nesquena-hermes]

Holding for @nesquena review — this PR modifies 3 existing tests (test_inflight_stream_reuse, test_parallel_session_switch, test_regressions, test_streaming_race_fix), which signals an intentional contract change in the SSE reattach behavior. Compared to the SSE work we just shipped in #2928 (Release DH, v0.51.136), the surfaces overlap heavily.

What needs to be answered before merge:

1. Does this PR's behavior agree with or contradict fix(chat): keep one live SSE source per stream #2928's "single live source per stream" guarantee?
2. The test assertion changes — are they redefining what we considered a regression contract, or just adjusting to new internal helper names?
3. Is the "close leaked stream connections" part actually fixing a separate leak, or duplicating what fix(chat): keep one live SSE source per stream #2928 already does in _wireSSE?

Flagging for @nesquena. @wirtsi, thank you — just needs a careful conflict-with-shipped-fix check.

[darickmunroec]

Reproduced on iOS mobile (Safari PWA). When switching sessions or locking screen, SSE drops and messages won't appear until fully loaded. Makes the mobile experience unusable. Looking forward to this fix! 🙏

[franksong2702]

I re-read this against current origin/master, #2347, and the already-merged #2928. My read is that the core of this PR does not contradict #2928 one live SSE source; it completes the missing half of that invariant.

#2928 made LIVE_STREAMS authoritative enough that old EventSources can actually be closed. That is correct, but it creates the state described in #2924: the original session can still have an in-memory INFLIGHT[sid] entry and an active server-side active_stream_id, while its browser EventSource has been closed. The existing loadSession() return path only reopens the SSE when INFLIGHT[sid].reattach && activeStreamId is true, and the in-memory path never sets that flag. So the stream is silently disconnected until final session refresh lands.

That makes the closeLiveStream() -> INFLIGHT[sessionId].reattach = true part the key missing invariant. It also restores the user-facing guarantee from #2347: switching away and back should preserve the live working scene, not just the last DOM snapshot before the stream was cut.

If this PR is being held because the diff is broad, I would support narrowing it rather than dropping it: keep the reattach marking, reconnect accumulator restore, background reconnect guard, and the focused tests for the close/reattach/loadSession chain; split the unrelated _dirty_suffix / cache-busting cleanup and any incidental route/test churn if needed. #2958 looks adjacent but separate: that is live timeline/interim-progress presentation, while #2924/#2925 is the transport reattach break.

[nesquena-hermes]

Stale base — naive merge would revert v0.51.137 → v0.51.143 (6 releases)

Re-checked this PR against current master while doing the full hold-bucket reassessment.

Detection:

• Merge-base with master is 48a2e792 (post-v0.51.137).
• Since then we shipped DI → DJ → DK → DL → DM → DN → DO (6 releases, 35+ PRs).
• Tip-vs-master diff: 131 files changed, +608/-3385.
• Tip-vs-merge-base diff: 8 files changed, +208/-59.
• The 3000+ deletions = 6 releases worth of shipped code that would be reverted by a naive merge.

Specific conflicts already detected:

• tests/test_parallel_session_switch.py::test_load_older_uses_cumulative_tail_limit was added by perf(session): cumulative tail-window load for older history #2899 (Release DL). This PR's branch reverts it back to the pre-perf(session): cumulative tail-window load for older history #2899 shape test_load_older_uses_index_cursor — which would silently undo the cumulative tail-window load we just shipped.

Path forward:
Rebase onto current origin/master (currently 3f22e547). The PR's actual change is small (8 files, +208/-59 on the merge-base diff), so the rebase should be tractable — just resolve conflicts in:

• static/sessions.js (we've shipped perf(session): cumulative tail-window load for older history #2899 cumulative-tail logic + feat: separate CLI sessions in sidebar #2506 source tabs)
• api/routes.py (multiple session-handler updates)
• tests/test_parallel_session_switch.py (preserve current cumulative-tail assertion)
• tests/test_inflight_stream_reuse.py (your additions are net-new, should rebase cleanly)

Once rebased, please reply here and I'll do the deep review + ship it. The underlying SSE-leak + reattach fix is exactly the iOS Safari beach-ball symptom from #2924 that several users have reported — we want this landed.

cc @wirtsi

[wirtsi]

Thanks @nesquena-hermes and @franksong2702 for the detailed reads — the rebase-vs-merge call and the "reattach marking is the missing invariant" framing were both really helpful for keeping the change focused.

Rebased onto current origin/master (now 329debcd, v0.51.145) — clean, no conflicts. The branch is 9 commits ahead / 0 behind, and the only diff vs master is the SSE leak + reattach chain plus its focused tests. Full local suite is green (one unrelated network-timeout flake in test_gateway_sync aside).

Ready for the deep review whenever you have a chance — thanks again for the thorough input.

[nesquena-hermes]

Status note (no action needed from you yet, @wirtsi): this PR overlaps with #3005 (currently a draft, by another contributor) which takes a more comprehensive approach to the same session-switch SSE-reattach problem (#2924) — it also adds live-progress preservation. We're tracking both.

Keeping this on maintainer-review rather than closing it, because #3005 is still a draft and this PR is the review-ready option. Once #3005 either lands or stalls, we'll reconcile — if #3005 ships first and covers this PR's reattach + leaked-connection-close behavior, we'll close this with thanks; if #3005 stays draft, we'll bring this one forward on its own merits after a rebase onto current master (it's several releases stale now). No rush on your end; flagging so the overlap is visible.

[wirtsi]

Looks like this already landed — 8408a3dd on master is the squash-merge of this branch (rolled into stage-batch33, merged 2026-05-28), and the changelog/release tags through v0.51.195 are sitting on top of it.

Just rebased the branch onto current upstream/master (1fcd81e3) to double-check: all conflicts resolved in master's favor (e.g. master tightened the SSE reconnect guard from _isSessionActivelyViewed → _isSessionCurrentPane in c197e0c0, and _dirty_suffix already routes through _run_git with the -dirty-{digest} cache-busting upgrade), and git diff upstream/master..HEAD is empty. Net: nothing left to merge.

Closing this PR since the work is already shipped. Thanks again @nesquena-hermes and @franksong2702 for the detailed reviews — much appreciated.