feat: session resilience

[pedronauck]

Summary by CodeRabbit

• New Features

  • Sessions now record and expose termination reason and detail (user, crash, timeout, etc.).
  • Configurable session timeout limits.

• Bug Fixes

  • Persisted stop reasons on shutdown/crash and improved crash detection during resume.

• Improvements

  • Stronger resume validation and repair checks; refined session lifecycle and metadata persistence.
  • Session events and API payloads include stop classification.

• Documentation

  • Added ANP/agent-network protocol proof-of-concept transcript.

[coderabbitai]

Walkthrough

Adds end-to-end session stop reason/detail tracking: enums, classification, stop-with-cause APIs, resume validation/classification, DB schema + migrations, propagation to API/observer/daemon, and extensive tests. Also adds a docs JSONL transcript (ANP discussion) as a PoC artifact.

Changes

Cohort / File(s)	Summary
Core stop types & mapping internal/store/types.go, internal/session/stop_cause.go, internal/session/stop_reason.go, internal/session/stop_reason_test.go, internal/store/stop_reason_test.go	Introduce StopReason enum, StopCause enum, and classifyStopReason mapping; tests cover classification and validity.
Session model & APIs internal/session/session.go, internal/session/session_test.go, internal/session/stop_cause.go, internal/session/stop_reason.go, internal/session/stop_reason_test.go	Extend Session/SessionInfo with stop fields, add stop-cause helpers, change prepareStop signature, add StopWithCause and update Meta() persistence. Tests added/updated to assert stop metadata.
Manager lifecycle & resume repair internal/session/manager_lifecycle.go, internal/session/resume_repair.go, internal/session/resume_repair_test.go, internal/session/manager_test.go	Stop now delegates to StopWithCause; Resume classifies previous stops, validates infrastructure, persists crash classifications, and logs resume validation failures. New validation/classification helpers and tests.
Integration stop behavior & tests internal/session/manager_stop_integration_test.go, internal/session/manager_test.go, internal/session/stop_*_integration_tests	Multiple integration tests added: process kill/crash persistence, resume failure modes (missing workspace/agent/empty DB), multi-cycle Stop→Resume→Stop checks, and helpers for real ACP harnesses.
Global DB schema & persistence internal/store/globaldb/global_db.go, internal/store/globaldb/global_db_session.go, internal/store/globaldb/migrate_workspace.go, internal/store/globaldb/global_db_test.go, internal/store/globaldb/global_db_session_test.go	Add stop_reason and stop_detail columns, migrate when absent, update queries (register/update/list/scan) to read/write stop fields, and add migration/tests ensuring backward compatibility.
Store types & meta handling internal/store/types.go, internal/store/meta_test.go	Extend SessionMeta, SessionInfo, and SessionStateUpdate with stop fields; validate stop_reason values and add tests including legacy omission handling.
Observer & reconciliation internal/observe/observer.go, internal/observe/reconcile.go, internal/observe/reconcile_test.go	Observer writes stop reason/detail on session stop; reconciliation normalizes stop reason when loading metadata; tests updated to assert stop fields.
API contract & conversions internal/api/contract/contract.go, internal/api/contract/contract_test.go, internal/api/core/conversions.go, internal/api/core/conversions_parsers_test.go	Expose optional stop_reason/stop_detail in SessionPayload and populate them from session info; tests assert omit-empty behavior and inclusion when set.
HTTP & daemon integration tests / driver changes internal/api/httpapi/httpapi_integration_test.go, internal/daemon/daemon.go, internal/daemon/daemon_test.go, internal/daemon/daemon_integration_test.go	Integration harness and driver extended to inject crashes and assert stop reason propagation to DB and HTTP API. Daemon now attempts StopWithCause (CauseShutdown) when supported; tests and helper subprocess agent added.
Config: session limits internal/config/config.go, internal/config/config_test.go, internal/config/merge.go	Add SessionConfig and SessionLimitsConfig with session.limits.timeout, initialization, validation, merging logic, and tests (including negative timeout rejection).
Workspace cloning internal/workspace/clone.go, internal/workspace/resolver_test.go	Ensure Session config is copied by cloneConfig; updated test to assert deep copy of session limits.
Docs / PoC transcript docs/ideas/anp/conversa.jsonl	Add newline-delimited JSON transcript of an assistant-to-assistant conversation proposing ANP (Agent Network Protocol) and discussing session resilience—serves as RFC/PoC artifact.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Manager
    participant Driver
    participant Session
    participant Store
    participant GlobalDB
    participant HTTPAPI

    Client->>Manager: StopWithCause(id, cause, detail)
    Manager->>Session: prepareStop(cause, detail)
    Manager->>Driver: Stop(proc)
    Driver-->>Manager: Stop result / waitErr
    Manager->>Session: finalizeStopped(waitErr)
    Session->>Store: write SessionMeta (stop_reason, stop_detail)
    Store->>GlobalDB: persist session row (stop_reason, stop_detail)
    Manager->>HTTPAPI: update session payload (stop fields)
    HTTPAPI-->>Client: GET /api/sessions/{id} (includes stop_reason)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• refactor: project structure #7 — Touches the same API contract (internal/api/contract.SessionPayload) and conversion logic related to stop reason/detail fields.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 2.70% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: session resilience' clearly and directly summarizes the primary change: introducing session resilience capabilities including stop reason tracking, crash classification, and session recovery mechanisms.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pn/session-resilience

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 13

🧹 Nitpick comments (3)

internal/session/query.go (1)

213-216: Prefer reusing existing stop-reason helper to avoid duplicated normalization.

This block duplicates logic already present in the same package (sessionMetaStopReason). Reusing the helper keeps stop normalization behavior centralized.

♻️ Proposed refactor

 func sessionInfoFromMeta(meta store.SessionMeta) *SessionInfo {
-	stopReason := store.StopReason("")
-	if meta.StopReason != nil {
-		stopReason = *meta.StopReason
-	}
+	stopReason := sessionMetaStopReason(meta)
 
 	return &SessionInfo{
 		ID:           meta.ID,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/session/query.go` around lines 213 - 216, The code manually
normalizes stop reason by creating stopReason := store.StopReason("") and then
overriding it from meta.StopReason; replace this duplicated logic by calling the
existing helper sessionMetaStopReason(meta) to obtain the normalized stop reason
(use that return in place of stopReason) so normalization is centralized and
avoids duplication; update any variable names as needed to use the helper's
output where the manual block currently appears.

internal/session/query_test.go (1)

358-371: Split the legacy-path assertions into an explicit subtest.

This introduces a second scenario in the same test body; isolating it in t.Run("Should ...") keeps failures scoped and aligns with the test conventions.

🧪 Suggested structure

-	legacyInfo := sessionInfoFromMeta(store.SessionMeta{
-		ID:          "sess-legacy",
-		AgentName:   "coder",
-		WorkspaceID: "ws-1",
-		State:       string(StateStopped),
-		CreatedAt:   createdAt,
-		UpdatedAt:   updatedAt,
-	})
-	if got := legacyInfo.StopReason; got != "" {
-		t.Fatalf("sessionInfoFromMeta(legacy).StopReason = %q, want empty", got)
-	}
-	if got := legacyInfo.StopDetail; got != "" {
-		t.Fatalf("sessionInfoFromMeta(legacy).StopDetail = %q, want empty", got)
-	}
+	t.Run("Should keep stop fields empty for legacy metadata", func(t *testing.T) {
+		legacyInfo := sessionInfoFromMeta(store.SessionMeta{
+			ID:          "sess-legacy",
+			AgentName:   "coder",
+			WorkspaceID: "ws-1",
+			State:       string(StateStopped),
+			CreatedAt:   createdAt,
+			UpdatedAt:   updatedAt,
+		})
+		if got := legacyInfo.StopReason; got != "" {
+			t.Fatalf("sessionInfoFromMeta(legacy).StopReason = %q, want empty", got)
+		}
+		if got := legacyInfo.StopDetail; got != "" {
+			t.Fatalf("sessionInfoFromMeta(legacy).StopDetail = %q, want empty", got)
+		}
+	})

As per coding guidelines, "MUST use t.Run(\"Should...\") pattern for ALL test cases" and "Use table-driven tests with subtests (`t.Run`) as default in Go tests".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/session/query_test.go` around lines 358 - 371, The assertions
checking legacyInfo returned by sessionInfoFromMeta (verifying StopReason and
StopDetail are empty) should be moved into a subtest using t.Run to isolate the
scenario; replace the inline checks with t.Run("Should handle legacy session
without stop info", func(t *testing.T) { legacyInfo :=
sessionInfoFromMeta(store.SessionMeta{ ID: "sess-legacy", AgentName: "coder",
WorkspaceID: "ws-1", State: string(StateStopped), CreatedAt: createdAt,
UpdatedAt: updatedAt }) if got := legacyInfo.StopReason; got != "" {
t.Fatalf(...) } if got := legacyInfo.StopDetail; got != "" { t.Fatalf(...) } })
so the legacy-path assertions run as their own subtest and follow the
t.Run("Should...") convention.

internal/session/stop_reason.go (1)

11-47: Substring-based stop reason classification may be fragile.

The classification logic (Lines 24-33) relies on the detail string containing exact substrings like "max_iterations", "loop_detected", or "budget_exceeded". This creates implicit coupling between the caller's detail message format and the classification logic.

Consider defining constants or a more explicit mechanism to communicate these sub-reasons, which would make the contract clearer and less prone to breaking if detail messages are refactored.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/session/stop_reason.go` around lines 11 - 47, The substring-based
classification in classifyStopReason (especially the CauseUserRequested branch)
is brittle; replace implicit parsing of detail for "max_iterations",
"loop_detected", "budget_exceeded" with an explicit signal (e.g., add a new
enum/constant type or string constants and a dedicated param) so callers can
pass a concrete subreason instead of encoding it in detail; update
classifyStopReason signature (or add a helper) to accept that subreason (e.g.,
userStopSubreason or StopSubreason constants) and switch on those constants in
the CauseUserRequested case, ensuring existing callers are migrated to pass the
new explicit value and keeping detail for human-readable messages only.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@conversa.jsonl`:
- Around line 1-37: Some JSONL events are missing the ts field which breaks
deterministic ordering and auditability; for every JSONL record/event ensure a
ts property is present (use ISO 8601 UTC, e.g. 2026-04-10T02:35:00Z) and update
all entries that lack it so every message has a consistent timestamp; implement
this by adding ts to each JSON object in the transcript generator/writer (or
backfill missing records in the dataset), and add a validation check in the
writer/CI to reject or autofill records missing ts to prevent regressions.
- Around line 18-31: The file has malformed JSONL because the Claude-B entry's
"content" field (and other entries) contain literal newlines instead of escaped
"\n"; fix by auditing each JSON object (check "role"/"author"/"content" fields),
replace real line breaks inside string values with escaped "\n" and ensure
proper JSON string quoting/escaping for characters like quotes and backslashes,
then validate the entire conversa.jsonl parses as NDJSON (e.g., parse each line
as JSON) before committing; specifically update the Claude-B entry that begins
with "Meta-cognição como feature — essa frase resume tudo!" so its multi-line
RFC text (Pillar 3/Pillar 4/Proof of Concept) is a single JSON string with "\n"
where line breaks were.

In `@internal/api/contract/contract_test.go`:
- Around line 60-86: Wrap the test body of
TestSessionPayloadJSONIncludesSessionStopFields in a t.Run call with a
descriptive "Should..." name (e.g., t.Run("Should include session stop fields in
JSON", func(t *testing.T) { ... })) and move the existing t.Parallel() and
assertions inside that closure; do the same refactor for
TestSessionPayloadJSONShape and TestWorkspacePayloadPreservesOmitEmptyBehavior
so each top-level test uses the t.Run("Should...") pattern while preserving
existing assertions and calls to marshalJSON and t.Parallel().

In `@internal/config/config_test.go`:
- Around line 288-295: Update the test
TestSessionLimitsConfigValidateRejectsNegativeTimeout to use a t.Run("Should
reject negative timeout") subtest and assert the returned error contains the
validation context string (e.g., "session.limits.timeout"); locate the test
function name TestSessionLimitsConfigValidateRejectsNegativeTimeout and the
validator SessionLimitsConfig.Validate, wrap the existing check in t.Run, call
cfg.Validate(), and replace the nil check with an assertion that the error is
non-nil and its message contains "session.limits.timeout" (use ErrorContains or
equivalent).

In `@internal/config/config.go`:
- Line 130: The clone function that constructs and returns a Config literal
currently omits the new Session field, which causes Session.Limits.Timeout to
reset; update that clone code to copy the Session value from the source Config
into the returned Config (preserving nested SessionConfig fields), i.e., include
Session: src.Session (or a deep copy if other mutable subfields exist) alongside
the existing copied fields so the cloned Config retains the original Session
settings.

In `@internal/session/session_test.go`:
- Around line 104-141: Wrap the existing TestSessionInfoAndMetaIncludeStopFields
body inside a subtest using t.Run with a "Should..." name (e.g., t.Run("Should
include stop fields", func(t *testing.T) { ... })), move t.Parallel() into the
subtest (call t.Parallel() at the start of the subtest), and keep the existing
assertions and use of Session.Info() and Session.Meta() unchanged; this ensures
TestSessionInfoAndMetaIncludeStopFields uses the required t.Run convention while
preserving the test logic around the Session struct and its stop fields.

In `@internal/session/session.go`:
- Around line 72-74: When a session transitions back to active, clear the stale
stop metadata so Info()/Meta() don't expose or persist previous stop
attribution: reset stopCause, stopReason and stopDetail (e.g., stopCause =
StopCause(0) or appropriate zero value, stopReason = store.StopReason{} and
stopDetail = "") wherever the session state is set to active (the
activation/reactivation code paths referenced around the regions for lines
72-74, 107-108 and 443-444). Locate the methods that set the session state to
active (the activation/reactivation functions) and add these three field resets
immediately after the state is made active so subsequent Info() and Meta() calls
return cleared values.

In `@internal/session/stop_reason_test.go`:
- Around line 98-110: Update the test case names in the tests table used by
t.Run to follow the "Should..." convention: locate the test cases slice (the
variable tests) in internal/session/stop_reason_test.go and rename each
case.name string to a descriptive "Should..." phrase (e.g., "Should classify
shutdown without error as StopShutdown", "Should classify process exited with
error as StopProcessError", etc.) so t.Run(tc.name, ...) uses the new names;
leave the test logic calling classifyStopReason(tc.cause, tc.waitErr, tc.detail)
unchanged.

In `@internal/store/globaldb/global_db_session.go`:
- Around line 55-60: The update currently only writes stop_reason/stop_detail
when StopReason != nil, so there's no way to clear those columns; change the
update API/handling to carry an explicit presence flag (e.g. StopReasonSet or
StopReasonExplicit) and in the UpdateSessionState path use that flag instead of
nil-checking to decide whether to append "stop_reason = ?" and "stop_detail = ?"
to assignments and append store.NullableStringPointer(update.StopReason) /
store.NullableString(update.StopDetail) to args; this lets callers set
StopReason to nil while setting StopReasonSet=true to clear persisted stop
metadata while leaving existing behavior when the flag is false.

In `@internal/store/globaldb/migrate_workspace.go`:
- Around line 73-80: Run the PRAGMA on the same SQLite connection used for the
migration: obtain a dedicated connection via db.Conn(ctx) (use the Conn type),
call conn.ExecContext(ctx, "PRAGMA foreign_keys = OFF") on that conn, then start
the migration using conn.BeginTx(ctx, nil) so the transaction uses the same
connection; after commit/rollback re-enable the PRAGMA with
conn.ExecContext(context.Background(), "PRAGMA foreign_keys = ON") and finally
close the conn. Replace uses of db.ExecContext(...) and db.BeginTx(...) with
conn.ExecContext(...) and conn.BeginTx(...) and reference conn, tx,
tx.Commit/tx.Rollback accordingly to ensure PRAGMA toggles affect only the
connection running the migration.

In `@internal/store/meta_test.go`:
- Around line 105-134: The test function
TestReadSessionMetaLegacyStopFieldsOmitted must be converted to use a subtest
with the t.Run("Should...") pattern: wrap the existing test logic inside
t.Run("Should handle legacy stop fields omitted", func(t *testing.T) { ... })
and call t.Parallel() inside that subtest (not at the top-level), keeping all
current assertions that exercise ReadSessionMeta and SessionMetaName unchanged;
ensure the outer TestReadSessionMetaLegacyStopFieldsOmitted only contains the
t.Run invocation so the test conforms to the project's subtest naming guideline.

In `@internal/store/stop_reason_test.go`:
- Around line 27-40: Update the subtest names to follow the "Should..." naming
convention: in the table-driven tests that call t.Run for each StopReason (the
loop using ValidStopReason(reason)) and for invalidReasons as well as other
cases that use tt.name, replace dynamic names like string(reason),
"invalid_"+..., and tt.name with descriptive "Should..." names that include a
sanitized reason (e.g., "ShouldValidate_completed",
"ShouldRejectInvalid_unknown", "ShouldValidate_nilStopReason"); keep the same
t.Run structure and test body, only change the first argument to a stable
"Should..." string so names are consistent with the coding guidelines while
still unique per case.
- Around line 81-87: The test currently only checks presence/absence of an error
from meta.Validate(); update the tt.wantError branch to assert the error message
content: when tt.wantError is true ensure err is non-nil and that err.Error()
contains the expected substring "invalid session stop reason" (use
strings.Contains(err.Error(), "invalid session stop reason") and fail with
t.Errorf if it does not). Keep the existing non-error branch unchanged;
reference the Validate() call, the err variable, and tt.wantError when making
the new assertion and add the strings import if missing.

---

Nitpick comments:
In `@internal/session/query_test.go`:
- Around line 358-371: The assertions checking legacyInfo returned by
sessionInfoFromMeta (verifying StopReason and StopDetail are empty) should be
moved into a subtest using t.Run to isolate the scenario; replace the inline
checks with t.Run("Should handle legacy session without stop info", func(t
*testing.T) { legacyInfo := sessionInfoFromMeta(store.SessionMeta{ ID:
"sess-legacy", AgentName: "coder", WorkspaceID: "ws-1", State:
string(StateStopped), CreatedAt: createdAt, UpdatedAt: updatedAt }) if got :=
legacyInfo.StopReason; got != "" { t.Fatalf(...) } if got :=
legacyInfo.StopDetail; got != "" { t.Fatalf(...) } }) so the legacy-path
assertions run as their own subtest and follow the t.Run("Should...")
convention.

In `@internal/session/query.go`:
- Around line 213-216: The code manually normalizes stop reason by creating
stopReason := store.StopReason("") and then overriding it from meta.StopReason;
replace this duplicated logic by calling the existing helper
sessionMetaStopReason(meta) to obtain the normalized stop reason (use that
return in place of stopReason) so normalization is centralized and avoids
duplication; update any variable names as needed to use the helper's output
where the manual block currently appears.

In `@internal/session/stop_reason.go`:
- Around line 11-47: The substring-based classification in classifyStopReason
(especially the CauseUserRequested branch) is brittle; replace implicit parsing
of detail for "max_iterations", "loop_detected", "budget_exceeded" with an
explicit signal (e.g., add a new enum/constant type or string constants and a
dedicated param) so callers can pass a concrete subreason instead of encoding it
in detail; update classifyStopReason signature (or add a helper) to accept that
subreason (e.g., userStopSubreason or StopSubreason constants) and switch on
those constants in the CauseUserRequested case, ensuring existing callers are
migrated to pass the new explicit value and keeping detail for human-readable
messages only.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e58d7095-e423-45dd-abd7-d664ca5ca70f

📥 Commits

Reviewing files that changed from the base of the PR and between 4ac04d9 and c6ecf77.

⛔ Files ignored due to path filters (53)

• .compozy/tasks/_archived/20260410-021708-hooks/_meta.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/_tasks.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/_techspec.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-001.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-002.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-003.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-004.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-005.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-006.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-007.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-008.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-009.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-010.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-011.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-012.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/adrs/adr-013.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/MEMORY.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_01.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_02.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_03.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_04.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_05.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_06.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_07.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_08.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_09.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_10.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_11.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/memory/task_12.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_01.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_02.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_03.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_04.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_05.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_06.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_07.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_08.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_09.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_10.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_11.md is excluded by !**/*.md
• .compozy/tasks/_archived/20260410-021708-hooks/task_12.md is excluded by !**/*.md
• .compozy/tasks/extensability/_meta.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/_meta.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/_tasks.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/memory/MEMORY.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/memory/task_01.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/memory/task_02.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/memory/task_03.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/memory/task_04.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/task_01.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/task_02.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/task_03.md is excluded by !**/*.md
• .compozy/tasks/session-resilience/task_04.md is excluded by !**/*.md

📒 Files selected for processing (35)

• conversa.jsonl
• internal/api/contract/contract.go
• internal/api/contract/contract_test.go
• internal/api/core/conversions.go
• internal/api/core/conversions_parsers_test.go
• internal/api/httpapi/httpapi_integration_test.go
• internal/config/config.go
• internal/config/config_test.go
• internal/config/merge.go
• internal/daemon/daemon.go
• internal/daemon/daemon_integration_test.go
• internal/daemon/daemon_test.go
• internal/observe/observer.go
• internal/observe/reconcile.go
• internal/observe/reconcile_test.go
• internal/session/manager_lifecycle.go
• internal/session/manager_stop_integration_test.go
• internal/session/manager_test.go
• internal/session/query.go
• internal/session/query_test.go
• internal/session/resume_repair.go
• internal/session/resume_repair_test.go
• internal/session/session.go
• internal/session/session_test.go
• internal/session/stop_cause.go
• internal/session/stop_reason.go
• internal/session/stop_reason_test.go
• internal/store/globaldb/global_db.go
• internal/store/globaldb/global_db_session.go
• internal/store/globaldb/global_db_session_test.go
• internal/store/globaldb/global_db_test.go
• internal/store/globaldb/migrate_workspace.go
• internal/store/meta_test.go
• internal/store/stop_reason_test.go
• internal/store/types.go

[coderabbitai]

♻️ Duplicate comments (1)

internal/store/globaldb/global_db_session.go (1)

55-60: ⚠️ Potential issue | 🟠 Major

Clear stop metadata on the orphaning path too.

This new StopReasonSet contract fixes explicit stop-field updates, but ReconcileSessions() still marks missing rows as orphaned with state/updated_at only. A previously stopped session can therefore become orphaned while still exposing an old stop_reason/stop_detail, and ListSessions() now returns those stale values.

Suggested fix

-		if _, err := tx.ExecContext(
-			ctx,
-			`UPDATE sessions SET state = ?, updated_at = ? WHERE id = ?`,
-			"orphaned",
-			orphanedAt,
-			id,
-		); err != nil {
+		if _, err := tx.ExecContext(
+			ctx,
+			`UPDATE sessions
+			 SET state = ?, stop_reason = NULL, stop_detail = NULL, updated_at = ?
+			 WHERE id = ?`,
+			"orphaned",
+			orphanedAt,
+			id,
+		); err != nil {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/store/globaldb/global_db_session.go` around lines 55 - 60, The
orphaning path in ReconcileSessions() doesn't clear prior stop metadata, so
previously stopped sessions can become orphaned while retaining stale
stop_reason/stop_detail; when building the UPDATE (the assignments and args
slices) for orphaning, append "stop_reason = ?" and "stop_detail = ?" to
assignments and add arguments that clear those columns (e.g. pass a nil nullable
pointer for stop_reason and an empty nullable string for stop_detail using the
same helpers used elsewhere such as store.NullableStringPointer(nil) and
store.NullableString("")) alongside the existing updated_at and id args
(updatedAt, update.ID) so ListSessions() no longer returns stale stop fields.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@internal/store/globaldb/global_db_session.go`:
- Around line 55-60: The orphaning path in ReconcileSessions() doesn't clear
prior stop metadata, so previously stopped sessions can become orphaned while
retaining stale stop_reason/stop_detail; when building the UPDATE (the
assignments and args slices) for orphaning, append "stop_reason = ?" and
"stop_detail = ?" to assignments and add arguments that clear those columns
(e.g. pass a nil nullable pointer for stop_reason and an empty nullable string
for stop_detail using the same helpers used elsewhere such as
store.NullableStringPointer(nil) and store.NullableString("")) alongside the
existing updated_at and id args (updatedAt, update.ID) so ListSessions() no
longer returns stale stop fields.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1ca00fb2-6b88-4d83-b238-c7c1756cee97

📥 Commits

Reviewing files that changed from the base of the PR and between c6ecf77 and d8639a0.

📒 Files selected for processing (17)

• conversa.jsonl
• docs/ideas/anp/conversa.jsonl
• internal/api/contract/contract_test.go
• internal/config/config_test.go
• internal/observe/observer.go
• internal/session/query.go
• internal/session/query_test.go
• internal/session/session_test.go
• internal/session/stop_reason_test.go
• internal/store/globaldb/global_db_session.go
• internal/store/globaldb/global_db_test.go
• internal/store/globaldb/migrate_workspace.go
• internal/store/meta_test.go
• internal/store/stop_reason_test.go
• internal/store/types.go
• internal/workspace/clone.go
• internal/workspace/resolver_test.go

✅ Files skipped from review due to trivial changes (5)

• internal/session/session_test.go
• internal/store/meta_test.go
• conversa.jsonl
• docs/ideas/anp/conversa.jsonl
• internal/session/stop_reason_test.go

🚧 Files skipped from review as they are similar to previous changes (5)

• internal/session/query_test.go
• internal/api/contract/contract_test.go
• internal/config/config_test.go
• internal/store/stop_reason_test.go
• internal/store/types.go