fix(t099): notification & transport reliability#11
Merged
Conversation
Dokploy Preview Deployment
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the notification + transport reliability cluster from the deep review (t099). Four P1 "notifications silently stop" fixes on the phone, plus the server/client hardening P2s. One PR, four commit boundaries.
What & why
C1 — push recovery (
fix(push)): the foreground re-validate was a dead// TODOand the SW-message listener was bound to the wrong target (dead on every platform) — so t095's headline recovery never actually ran. Now the visibility gate re-validates for real, the listener is on the container, and boot reconciles the deviceId by push endpoint (which survives a localStorage wipe) before reading device-keyed ui-state, so mutes/master/toggle stop silently pointing at an orphaned id. Intent = the durable server flag. Endpoint rotation now re-binds a client-asserted deviceId instead of orphaning per-device prefs.C2 — Slack capture continuity (
fix(slack), ADR-0016): the sweep watermark was memory-only, so every deploy/restart re-seeded from "now" and silently dropped the downtime window. Now{watermark, seeded}persists toslack-sweep-state.json(debounced atomic write + SIGTERM flush) and resumes on boot. Stale creds self-heal:markCredsStalere-extracts over the live side-channel socket; if still stuck, it closes the keeper-owned parked tab for a fresh token — never a user pin (t098).C3 — server hardening (
fix(server)): WS heartbeat +bufferedAmountbackpressure so a suspended iPad can't buffer frames unbounded (or pace every viewer to ~1fps); all JSON persistence is atomic write-temp-rename; a malformed/undecryptable POST body is now a 400 (not a masked{}that could wipe pins/config) + config/pins shape guards; the 15s sweep backstop is single-flighted so a 429 sleep can't stack duplicate sweeps.C4 — client resilience (
fix(client)): the reconnect driver no longer wedges on a rejected/api/connect; one throwing listener or failed E2E decode no longer poisons the whole downlink chain; a foreground wake-resync probe kills the "frozen frame labelled Connected" bug after a suspend; the resize reissue preserves the quality tier + t054 rate ceiling instead of hardcoding quality 80; and the health endpoint routes through the E2E crypto bridge.Verification (AFK-green)
pnpm test993 ·pnpm test:e2e47 ·pnpm typecheckclean ·pnpm buildclean ·node --checkboth backends ·check:changedexit 0.docs/tasks/done/099-*.md.Needs a real device before merge (non-blocking)
Lock-screen push arrival, badge count, revoked-sub self-heal on foreground, Slack token-rotation recovery, suspend/resume shows a live frame. Checklist in the task file.