feat: onboarding and improvements

[pedronauck]

Summary

• Makes session reads and clear/restart flows more durable around detached viewers, stopped-session transcript reads, and finalization races.
• Hardens daemon-served E2E onboarding/default-provider setup so release checks use real server state instead of brittle local assumptions.
• Leaves the follow-up CodeRabbit/compozy review loop to the user per latest instruction.

Changes

• Session event storage: Adds a read-only per-session SQLite opener for query paths, retries transient BUSY/LOCKED read opens, and keeps mutation/repair paths on the normal writer opener.
• Clear conversation lifecycle: Ensures clear/restart resets replacement event stores, discards clear-triggered ledger materialization, and preserves explicit stop/cancel semantics.
• API cancellation mapping: Maps request-context cancellation during workspace/session resolution to client-closed behavior instead of surfacing it as a server error.
• E2E harness: Boots first-run defaults, provider settings, and workspace selection from daemon APIs so daemon-served browser tests can start from a clean home.
• Session controls: Keeps session page controls enabled for attachable running sessions and covered by route-hook tests.

Release Notes

• Fixes session transcript/event reads during finalization so returning to active or recently stopped sessions is less likely to lose visible history.
• Fixes clear-conversation replacement stores leaking stale event rows back into the UI.
• Improves daemon-served E2E reliability around onboarding and workspace setup.

AGH Impact Audit

• Native tools: no public tool ID or schema break; checked session prompt/cancel/interrupt/steer/transcript/stream path compatibility through existing API routes and focused backend tests.
• Extensibility and hooks: no hook taxonomy/config lifecycle change; prompt/session event reads continue to use durable store events and explicit stop causes.
• Workspace data isolation: query/store changes remain session-scoped and routed through existing workspace/session APIs; web E2E fixtures select daemon workspaces through workspace-scoped endpoints.
• Official AGH skill: no bundled skill behavior updated; this PR changes runtime durability/test harness behavior rather than public agent guidance.

Screenshots

• Session thread: /tmp/agh-ui-screenshots-session-reattach/session-thread-mixed-streaming.png
• Agent sessions list: /tmp/agh-ui-screenshots-session-reattach/agent-sessions-list-default.png
• App sidebar: /tmp/agh-ui-screenshots-session-reattach/app-sidebar-categorized.png

Test plan

• rtk go test ./internal/store/sessiondb ./internal/session -run 'TestOpenSessionDBReadOnly|TestClearConversation|TestClassifyStopReason|TestManagerEventsAndHistoryRetryClosedActiveRecorder|TestManagerEventsAndHistoryUseStoredEvents' -count=1
• rtk go test ./internal/session ./internal/api/httpapi ./internal/api/udsapi
• rtk go test ./internal/api/core ./internal/store/sessiondb -run 'TestSessionWorkspaceStatusMappings|TestOpenSessionDBReadOnly' -count=1
• rtk bunx turbo run test --filter=./web
• rtk make bun-lint
• rtk make bun-typecheck
• rtk make bun-test
• rtk make lint
• rtk bunx playwright test e2e/__tests__/session-hardening.spec.ts -g "operator repairs an interrupted session" --reporter=line --workers=1 --repeat-each=10 --max-failures=1
• rtk bunx playwright test e2e/__tests__/session-hardening.spec.ts --reporter=line --workers=1 --repeat-each=8 --max-failures=1
• rtk make verify (captured with VERIFY_EXIT=0 in /tmp/agh-final-verify.log)
• agh-ui-screenshot captures for session thread, agent sessions list, and app sidebar

Summary by CodeRabbit

• Bug Fixes

  • Clear conversation reliably removes session history and ledger data and resets persisted stores.
  • Session transcript/events queries retry when a recorder briefly closes, avoiding intermittent failures.
  • Context-canceled requests now return a client-closed status instead of spurious errors.

• New Features

  • Read-only session event viewing added for safer event inspection.

• Improvements

  • Improved session error logging for clearer troubleshooting.
  • E2E tests and onboarding flows unified for more consistent workspace setup.
  • UI: session page can clear when transcript thread messages exist.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agh-site	Ready	Preview, Comment	May 26, 2026 3:22pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e313c116-3d81-4582-a53a-3c7d7cb97372

📥 Commits

Reviewing files that changed from the base of the PR and between 974343e and 2b1760e.

📒 Files selected for processing (11)

• internal/api/core/handlers.go
• internal/session/manager_start.go
• internal/session/query_test.go
• internal/session/transcript.go
• internal/store/sessiondb/read_only.go
• internal/store/sessiondb/session_db.go
• internal/store/sessiondb/session_db_test.go
• web/src/components/assistant-ui/session-thread.tsx
• web/src/hooks/routes/__tests__/use-session-page-controls.test.tsx
• web/src/hooks/routes/use-session-page-controls.ts
• web/src/systems/session/index.ts

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

Walkthrough

Adds a Clear Conversation flow (new stop cause, ledger discard, clearing on reopen), introduces a read-only per-session SQLite store with retry, refactors recorder open and query retry for Events/History/Transcript, exports SQLite helpers, and consolidates E2E onboarding helpers and transcript-aware clear controls.

Changes

Clear Conversation & Query Infrastructure

Layer / File(s)	Summary
Stop Cause & Stop Reason Foundation internal/session/stop_cause.go, internal/session/stop_reason.go, internal/session/stop_reason_test.go, internal/session/session.go	CauseClearConversation added; classified as store.StopCompleted with default detail "conversation cleared". Sessions treat this cause as a stop request.
Ledger Discard Implementation internal/session/interfaces.go, internal/sessions/ledger/materializer.go, internal/session/ledger.go	LedgerMaterializer gains DiscardSessionLedger. Materializer deletes ledger files; helpers sessionLedgerRecordFromInfo/sessionLedgerRecordFromMeta centralize record construction; discardMaterializedSessionLedger orchestrates discard.
Clear Conversation Manager Implementation internal/session/manager_clear.go, internal/session/manager_clear_test.go	ClearConversation stops active sessions with CauseClearConversation, sets clearEventStoreOnOpen, performs DB backup-for-clear, discards materialized ledger, and includes tests for ledger discard and stale-row reset scenarios.
Event Store Clearing on Session Open internal/session/manager_start.go	sessionStartSpec.clearEventStoreOnOpen added. When set, opening session-start storage attempts to clear the recorder via a Clear(context.Context) error-style helper and joins clear/close errors on failure.
Read-Only Session DB Implementation internal/store/sessiondb/read_only.go	New ReadOnlySessionDB and OpenSessionDBReadOnly open existing per-session SQLite DBs read-only (mode=ro, PRAGMA query_only=ON), support retry-on-lock, provide Query/History/Close, and reject write ops.
Export Query Store Infrastructure internal/session/manager.go, internal/session/manager_test.go, internal/store/store.go, internal/store/write.go, internal/store/sessiondb/session_db_test.go	Manager adds openQueryStore field and WithQueryStore option; default is OpenSessionDBReadOnly. Exposes DefaultSQLiteBusyTimeoutMS and IsSQLiteBusy. Tests exercise read-only open and retry behavior.
Recorder Opening Refactor and Events/History Retry internal/session/query.go, internal/session/query_test.go, internal/session/repair.go	openRecorder centralizes opening via injected opener. Manager.Events/History trim target id, retry up to 2 attempts, always call per-attempt cleanup, join query+cleanup errors, and on first store.ErrClosed wait for finalization then retry. Tests added for retry-on-closed recorder.
Session DB Clear & Transcript Retry internal/store/sessiondb/session_db.go, internal/session/transcript.go	SessionDB.Clear removes events/token usage/hook runs in one write transaction. Manager.Transcript retries queries with per-attempt cleanup, waits on first store.ErrClosed, and centralizes cleanup-error logging.
HTTP Status Mapping for Canceled Contexts internal/api/core/session_workspace.go, internal/api/core/session_workspace_internal_test.go, internal/api/core/handlers.go	Adds statusClientClosedRequest (HTTP 499) and maps context.Canceled to it. SessionEvents logs enriched session read errors; BaseHandlers.logSessionReadError now accepts variadic structured attrs.

Web E2E Test Consolidation & UI Updates

Layer / File(s)	Summary
E2E Test Helper Consolidation web/e2e/__tests__/* (agents, agent-categories, extensibility, settings, settings-hardening, workspace-setup, session-onboarding, session-provider-override, tasks-hardening, network, sandbox)	Multiple specs import and use shared useGlobalWorkspaceIfPrompted fixture instead of local helpers; onboarding handling centralized across tests.
Harness Smoke & UI Selector Updates web/e2e/__tests__/harness-smoke.spec.ts, web/e2e/__tests__/network.spec.ts, web/e2e/__tests__/sandbox.spec.ts, web/e2e/__tests__/session-provider-override.spec.ts, web/e2e/__tests__/settings-transport.spec.ts	Switches onboarding selector to onboarding-wizard, ensures workspace helper calls where needed, and consolidates settings transport error assertions to onboarding-gate-error.
Dashboard Dynamic Status Assertions web/e2e/__tests__/dashboard.spec.ts	Adds dashboardStatusKey helper and updates tests to compute normalized home-daemon-card data-status from /api/status for healthy/degraded/restart scenarios.
Session Page Controls & Transcript Hooks web/src/hooks/routes/use-session-page-controls.ts, web/src/hooks/routes/__tests__/use-session-page-controls.test.tsx	useSessionPageControls now consumes useSessionTranscriptThreadMessages() so canClear considers transcript thread messages. Tests mock transcript messages and assert clearing is allowed when durable transcript exists.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• compozy/agh#4: Both PRs touch the session transcript pipeline—this PR adds retry/cleanup logic and read-only query support while the related PR introduces transcript API plumbing.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.28% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'feat: onboarding and improvements' is vague and generic, using non-descriptive terms that don't clearly convey the specific technical changes implemented across session durability, read-only stores, clear operations, and E2E harness improvements.	Consider a more specific title that highlights the primary change, such as 'feat: add read-only session store and improve clear/restart durability' or 'feat: improve session durability with read-only stores and ledger discard'.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/e2e-onboarding-contract

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (3)

internal/session/manager_start.go (1)

453-455: ⚡ Quick win

Preserve context values when detaching recorder cleanup.

context.Background() severs request-scoped values here. context.WithoutCancel(ctx) plus the existing timeout keeps context propagation intact while still preventing caller cancellation from aborting Close.

♻️ Proposed fix

-			closeCtx, cancel := context.WithTimeout(context.Background(), defaultLifecycleTimeout)
+			closeCtx, cancel := context.WithTimeout(context.WithoutCancel(ctx), defaultLifecycleTimeout)

As per coding guidelines "Always pass context.Context as the first parameter in functions and methods; maintain context propagation through the call stack" and "context.WithoutCancel does NOT preserve deadlines. Re-attach a deadline if needed."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/session/manager_start.go` around lines 453 - 455, Replace
context.Background() when creating closeCtx so request-scoped values are
preserved: derive baseCtx := context.WithoutCancel(ctx) then if ctx has a
deadline reattach it (use ctx.Deadline() to compute an appropriate deadline or
remaining timeout) before applying the defaultLifecycleTimeout; e.g. create
closeCtx via context.WithTimeout(baseCtxWithDeadline, defaultLifecycleTimeout)
and use that for recorder.Close(closeCtx) in the return that constructs
sessionStartStorage{}, keeping the cancel defer as-is.

internal/session/query_test.go (1)

443-499: ⚡ Quick win

Add t.Parallel() to the new subtest (or document why it must remain serial).

The t.Run("Should ...") block at Line 443 currently runs serially without a stated reason.

As per coding guidelines: "**/*_test.go: Structure tests with t.Run(\"Should ...\") subtests and mark them with t.Parallel() by default unless there is a specific reason to disable parallelization."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/session/query_test.go` around lines 443 - 499, This subtest ("Should
retry when finalization closes the active recorder during a query") is not
marked parallel; add t.Parallel() as the first statement inside the t.Run
closure to follow the test-suite guideline (or, if parallelization would break
shared state such as newHarness(), createSession(), session.recorderHandle(), or
the queryRecorderStub usage, add a short comment above the t.Run explaining the
specific reason it must remain serial). Ensure the parallelization change is
applied inside the subtest body so setup/cleanup (including h.manager.Stop and
session.setRecorder) remain valid when run concurrently.

internal/session/transcript.go (1)

26-26: ⚡ Quick win

Propagate ctx into the cleanup logger helper.

This helper drops request context from the call chain, so the warning cannot use WarnContext or inherit request-scoped values.

Suggested fix

-		m.logTranscriptCleanupError(target, cleanup())
+		m.logTranscriptCleanupError(ctx, target, cleanup())
…
-func (m *Manager) logTranscriptCleanupError(sessionID string, err error) {
+func (m *Manager) logTranscriptCleanupError(ctx context.Context, sessionID string, err error) {
 	if err == nil {
 		return
 	}
 	logger := m.logger
 	if logger == nil {
 		logger = slog.Default()
 	}
-	logger.Warn("session: transcript cleanup failed", "session_id", sessionID, "error", err)
+	logger.WarnContext(ctx, "session: transcript cleanup failed", "session_id", sessionID, "error", err)
 }

As per coding guidelines, "Always pass context.Context as the first parameter in functions and methods; maintain context propagation through the call stack."

Also applies to: 45-53

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/session/transcript.go` at line 26, The helper
m.logTranscriptCleanupError drops request context — change its signature to
accept ctx context.Context as the first parameter and update all call sites
(e.g., where m.logTranscriptCleanupError(target, cleanup()) is invoked and the
other occurrences at lines ~45-53) to pass the current ctx; inside the helper
use the context-aware logger method (e.g., WarnContext/WithContext) to emit the
warning so request-scoped values are preserved, and ensure any helper callers
pass ctx through as the first arg.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/api/core/handlers.go`:
- Around line 639-646: The current unconditional h.Logger.Warn call for
SessionEvents query failures logs expected client cancellations; change it to
detect cancellation/timeouts (e.g., errors.Is(err, context.Canceled) or
errors.Is(err, context.DeadlineExceeded)) and log those cases at debug/info
level instead of warn, while retaining warn for other errors. Update the logging
around the SessionEvents query handler where h.Logger.Warn is called
(referencing h.Logger.Warn, err, sessionID, query.AfterSequence, query.Type,
query.TurnID) so cancellations produce a non-noisy log level and genuine
failures remain warnings.

In `@internal/session/transcript.go`:
- Around line 16-20: The loop currently trims the session ID into variable
target but still passes the original id into m.openQueryRecorder, causing
divergence; change the call sites that use id when opening the recorder to use
the normalized target instead (i.e., replace uses of id in the
m.openQueryRecorder call and any retry/wait/error paths tied to that open with
target) so the open/query/cleanup paths consistently use the trimmed session ID.

In `@internal/store/sessiondb/read_only.go`:
- Around line 16-20: The retry tuning constants readOnlyOpenMaxAttempts,
readOnlyOpenMinRetryDelay, and readOnlyOpenMaxRetryDelay must be removed as
hardcoded literals and sourced from configuration or injected options; update
the code that constructs or defines the read-only session DB (e.g., the
ReadOnlyStore constructor or NewReadOnly... factory) to accept configured values
(or read them from the config system) and replace uses of those constants with
the injected/configured fields so environments can tune max attempts and min/max
retry delays at runtime.
- Around line 157-163: Define exported package-level sentinel errors and return
them from the read-only methods instead of allocating new errors each call: add
e.g. var ErrReadOnlySessionDBWrite = errors.New("store: read-only session
database: write rejected") (or two specific exported vars like
ErrReadOnlySessionDBCannotRecordEvents and
ErrReadOnlySessionDBCannotRecordTokenUsage) and change ReadOnlySessionDB.Record
and ReadOnlySessionDB.RecordTokenUsage to return those variables; update
callers/tests to use errors.Is(err, ErrReadOnlySessionDBWrite) (or the specific
sentinels) for stable comparisons.

In `@internal/store/sessiondb/session_db_test.go`:
- Around line 172-173: The subtest "Should retry transient SQLite locks while
opening" in the t.Run closure is missing parallelization; inside that t.Run's
func(t *testing.T) add t.Parallel() as the first statement to match the suite's
parallel-subtest convention and ensure the subtest runs concurrently with its
siblings (locate the t.Run block with the exact title "Should retry transient
SQLite locks while opening" in session_db_test.go).

In `@internal/store/sessiondb/session_db.go`:
- Around line 286-293: The Clear path currently only holds acceptMu and calls
clearSessionSQLite directly, but that doesn't prevent in-flight writer goroutine
requests from re-inserting rows; modify Clear to serialize through the writer
loop by enqueuing a special "clear" request on the same writer channel used by
the writer goroutine (e.g., the writeRequests/writerCh used by the write loop)
and wait for its acknowledgement before returning, instead of calling
clearSessionSQLite directly; ensure Clear still uses acceptMu to block new API
callers, but the actual DB clear is performed by the writer goroutine (which
then calls clearSessionSQLite) so any queued writes before the clear are
processed in order and no post-clear reinserts can occur (also apply same change
to the other Clear instance around the code referenced at 699-718).

In `@web/src/hooks/routes/use-session-page-controls.ts`:
- Line 18: The file use-session-page-controls.ts imports the hook
useSessionTranscriptThreadMessages via a deep import into another system's
internals; instead, re-export useSessionTranscriptThreadMessages from the public
session barrel (export it from the index file under the systems/session barrel)
and update this file to import the hook from "`@/systems/session`". Also update
any mocks/tests that currently deep-import useSessionTranscriptThreadMessages to
use the public barrel import so all cross-system imports follow the
public-barrel rule.

---

Nitpick comments:
In `@internal/session/manager_start.go`:
- Around line 453-455: Replace context.Background() when creating closeCtx so
request-scoped values are preserved: derive baseCtx :=
context.WithoutCancel(ctx) then if ctx has a deadline reattach it (use
ctx.Deadline() to compute an appropriate deadline or remaining timeout) before
applying the defaultLifecycleTimeout; e.g. create closeCtx via
context.WithTimeout(baseCtxWithDeadline, defaultLifecycleTimeout) and use that
for recorder.Close(closeCtx) in the return that constructs
sessionStartStorage{}, keeping the cancel defer as-is.

In `@internal/session/query_test.go`:
- Around line 443-499: This subtest ("Should retry when finalization closes the
active recorder during a query") is not marked parallel; add t.Parallel() as the
first statement inside the t.Run closure to follow the test-suite guideline (or,
if parallelization would break shared state such as newHarness(),
createSession(), session.recorderHandle(), or the queryRecorderStub usage, add a
short comment above the t.Run explaining the specific reason it must remain
serial). Ensure the parallelization change is applied inside the subtest body so
setup/cleanup (including h.manager.Stop and session.setRecorder) remain valid
when run concurrently.

In `@internal/session/transcript.go`:
- Line 26: The helper m.logTranscriptCleanupError drops request context — change
its signature to accept ctx context.Context as the first parameter and update
all call sites (e.g., where m.logTranscriptCleanupError(target, cleanup()) is
invoked and the other occurrences at lines ~45-53) to pass the current ctx;
inside the helper use the context-aware logger method (e.g.,
WarnContext/WithContext) to emit the warning so request-scoped values are
preserved, and ensure any helper callers pass ctx through as the first arg.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 96fb2ddf-389f-4f72-afff-4b77368fe9fd

📥 Commits

Reviewing files that changed from the base of the PR and between 3b2d810 and 8f86a08.

⛔ Files ignored due to path filters (1)

• web/e2e/fixtures/workspace.ts is excluded by !**/fixtures/**

📒 Files selected for processing (40)

• internal/api/core/handlers.go
• internal/api/core/session_workspace.go
• internal/api/core/session_workspace_internal_test.go
• internal/session/interfaces.go
• internal/session/ledger.go
• internal/session/manager.go
• internal/session/manager_clear.go
• internal/session/manager_clear_test.go
• internal/session/manager_start.go
• internal/session/manager_test.go
• internal/session/query.go
• internal/session/query_test.go
• internal/session/repair.go
• internal/session/session.go
• internal/session/stop_cause.go
• internal/session/stop_reason.go
• internal/session/stop_reason_test.go
• internal/session/transcript.go
• internal/sessions/ledger/materializer.go
• internal/store/sessiondb/read_only.go
• internal/store/sessiondb/session_db.go
• internal/store/sessiondb/session_db_test.go
• internal/store/store.go
• internal/store/write.go
• web/e2e/__tests__/agent-categories.spec.ts
• web/e2e/__tests__/agents.spec.ts
• web/e2e/__tests__/dashboard.spec.ts
• web/e2e/__tests__/extensibility.spec.ts
• web/e2e/__tests__/harness-smoke.spec.ts
• web/e2e/__tests__/network.spec.ts
• web/e2e/__tests__/sandbox.spec.ts
• web/e2e/__tests__/session-onboarding.spec.ts
• web/e2e/__tests__/session-provider-override.spec.ts
• web/e2e/__tests__/settings-hardening.spec.ts
• web/e2e/__tests__/settings-transport.spec.ts
• web/e2e/__tests__/settings.spec.ts
• web/e2e/__tests__/tasks-hardening.spec.ts
• web/e2e/__tests__/workspace-setup.spec.ts
• web/src/hooks/routes/__tests__/use-session-page-controls.test.tsx
• web/src/hooks/routes/use-session-page-controls.ts

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (4)

web/src/hooks/routes/use-session-page-controls.ts (1)

18-18: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use the session public barrel instead of a deep hook import.

This import reaches into another system's internals (@/systems/session/hooks/...). The hook should be exported from @/systems/session and imported from that barrel here.

As per coding guidelines: "Cross-system imports: Only through the public barrel (@/systems/<domain>). Never reach into another system's internals."

♻️ Suggested change

-import { useSessionTranscriptThreadMessages } from "`@/systems/session/hooks/use-session-transcript-thread-messages`";
+import { useSessionTranscriptThreadMessages } from "`@/systems/session`";

Note: You'll also need to export useSessionTranscriptThreadMessages from the @/systems/session barrel index file and update the mock in the test file to import from the barrel.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@web/src/hooks/routes/use-session-page-controls.ts` at line 18, The file
imports the hook directly from internals; replace the deep import of
useSessionTranscriptThreadMessages with an import from the public barrel
`@/systems/session`, and add an export of useSessionTranscriptThreadMessages in
that barrel (index) so it’s publicly available; also update any tests/mocks that
currently import the hook from the deep path to import from `@/systems/session` so
the mock targets the barrel export instead of the internal path.

internal/store/sessiondb/session_db_test.go (1)

172-173: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Parallelize this subtest for consistency with test guidelines.

Add t.Parallel() as the first statement inside this t.Run block.

Proposed diff

 	t.Run("Should retry transient SQLite locks while opening", func(t *testing.T) {
+		t.Parallel()
 		ctx := testutil.Context(t)
 		path := filepath.Join(t.TempDir(), SessionDatabaseName)

As per coding guidelines, "Structure tests with t.Run("Should ...") subtests and mark them with t.Parallel() by default unless there is a specific reason to disable parallelization."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/store/sessiondb/session_db_test.go` around lines 172 - 173, The
subtest started with t.Run("Should retry transient SQLite locks while opening",
func(t *testing.T) { ... }) is not marked for parallel execution; update that
subtest by adding t.Parallel() as the first statement inside the func(t
*testing.T) body so the subtest runs in parallel with other subtests and follows
the test guidelines.

internal/store/sessiondb/read_only.go (2)

16-20: 🛠️ Refactor suggestion | 🟠 Major | 🏗️ Heavy lift

Avoid hardcoded retry tuning in the read-open path.

Line 16–Line 20 hardcode retry attempts and delays, which makes lock-retry behavior non-tunable per environment. Move these values to config/injected options.

As per coding guidelines, "Never hardcode configuration values — always retrieve configuration from the config system or environment, never from constants or literals."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/store/sessiondb/read_only.go` around lines 16 - 20, The read-only
open retry parameters are hardcoded as constants (readOnlyOpenMaxAttempts,
readOnlyOpenMinRetryDelay, readOnlyOpenMaxRetryDelay) in read_only.go; make them
configurable instead by wiring them into the sessiondb read-only opener via
configuration or injected options (e.g., add fields to the ReadOnlyStore /
NewReadOnlyStore constructor or accept a RetryOptions struct) and replace uses
of those constants with the injected values, defaulting to the current constants
only when config/env values are absent; update any references in methods that
perform the open/retry logic to read from the new config/option fields rather
than the file-level constants.

---

157-163: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Return stable sentinel errors for read-only write rejections.

Line 157 and Line 161 allocate new errors each call, so callers/tests can’t reliably use errors.Is. Define package-level sentinel errors and return those instead.

Proposed diff

+var (
+	ErrReadOnlyRecordEvents     = errors.New("store: read-only session database cannot record events")
+	ErrReadOnlyRecordTokenUsage = errors.New("store: read-only session database cannot record token usage")
+)
+
 func (s *ReadOnlySessionDB) Record(context.Context, store.SessionEvent) error {
-	return errors.New("store: read-only session database cannot record events")
+	return ErrReadOnlyRecordEvents
 }
 
 func (s *ReadOnlySessionDB) RecordTokenUsage(context.Context, store.TokenUsage) error {
-	return errors.New("store: read-only session database cannot record token usage")
+	return ErrReadOnlyRecordTokenUsage
 }

As per coding guidelines, "Use error wrapping with %w format specifier and handle errors with errors.Is() or errors.As() only — no type assertions on errors."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/store/sessiondb/read_only.go` around lines 157 - 163, Define
package-level sentinel errors (e.g., var ErrReadOnlyRecord = errors.New("store:
read-only session database cannot record events") and var ErrReadOnlyTokenUsage
= errors.New("store: read-only session database cannot record token usage")) and
replace the current ad-hoc errors in ReadOnlySessionDB.Record and
ReadOnlySessionDB.RecordTokenUsage with wrapped returns that use those sentinels
(e.g., return fmt.Errorf("%w", ErrReadOnlyRecord) / return fmt.Errorf("%w",
ErrReadOnlyTokenUsage)) so callers can reliably use errors.Is; reference the
ReadOnlySessionDB.Record and ReadOnlySessionDB.RecordTokenUsage methods when
making the change.

🧹 Nitpick comments (2)

web/e2e/__tests__/dashboard.spec.ts (1)

462-468: 💤 Low value

Consider explicit handling of undefined or unexpected status values.

The dashboardStatusKey helper defaults to "degraded" for any status that isn't explicitly "ok", "healthy", or "running". This includes undefined and unexpected values. While this provides a safe fallback, it could mask bugs where the backend sends an unexpected status or undefined.

Consider either:

1. Explicitly handling undefined to return a specific value or throw
2. Logging a warning when an unexpected status is encountered
3. Adding a comment documenting that the default is intentional

💡 Example with explicit undefined handling

 function dashboardStatusKey(status: string | undefined): "healthy" | "degraded" {
+  if (status === undefined) {
+    return "degraded"; // or throw new Error("Status is undefined")
+  }
   const normalized = status?.trim().toLowerCase();
   if (normalized === "ok" || normalized === "healthy" || normalized === "running") {
     return "healthy";
   }
+  // Unknown status values default to degraded
   return "degraded";
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@web/e2e/__tests__/dashboard.spec.ts` around lines 462 - 468,
dashboardStatusKey currently treats any non-matching string (including
undefined) as "degraded"; update the dashboardStatusKey function to explicitly
handle undefined (e.g., if status === undefined return "degraded" or throw) and
add a warning log for unexpected values so backend anomalies are visible; modify
the function dashboardStatusKey to first check for undefined, then normalize and
match "ok"/"healthy"/"running", and if falling back to "degraded" emit a
console.warn or use the test logger with the unexpected status value and a short
comment explaining the intentional default.

internal/session/manager_start.go (1)

467-480: 💤 Low value

Consider adding documentation for the internal interface pattern.

The clearableEventRecorder interface and clearSessionStartRecorder helper implement a capability-check pattern for optional clear support. While the implementation is correct and idiomatic, a brief comment explaining when/why this pattern is used would help future maintainers understand the clearing flow.

📝 Optional documentation improvement

+// clearableEventRecorder is an optional interface for EventRecorder implementations
+// that support clearing/resetting their event store. Used during conversation clearing
+// to reset the recorder when reopening a session.
 type clearableEventRecorder interface {
 	Clear(context.Context) error
 }
 
+// clearSessionStartRecorder attempts to clear the event recorder if it supports the
+// clearableEventRecorder interface. Returns an error if the recorder doesn't support
+// clearing or if the Clear operation fails.
 func clearSessionStartRecorder(ctx context.Context, recorder EventRecorder, dbPath string) error {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/session/manager_start.go` around lines 467 - 480, Add a brief doc
comment above the clearableEventRecorder type and/or the
clearSessionStartRecorder function explaining this is an optional-capability
pattern: EventRecorder implementations may or may not implement Clear, so we
type-assert to clearableEventRecorder to detect and invoke the capability only
when present; mention the semantics (reset/clear of persisted session start
events) and why we return an error when Clear is unsupported or fails. Reference
the clearableEventRecorder interface and clearSessionStartRecorder helper in the
comment so future maintainers can quickly understand the intent and usage.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/api/core/session_workspace_internal_test.go`:
- Around line 157-159: The two flat assertions that call
statusForWorkspaceError(context.Canceled) and compare to
statusClientClosedRequest (and the similar check at the later occurrence) should
be converted into t.Run subtests using the "Should ..." naming pattern; wrap
each assertion in its own t.Run block (e.g., t.Run("Should map context.Canceled
to statusClientClosedRequest", func(t *testing.T) { if got :=
statusForWorkspaceError(context.Canceled); got != statusClientClosedRequest {
t.Fatalf(...) } })) so each check becomes an isolated subtest and follow the
same pattern for the other occurrence.

In `@internal/session/manager_clear_test.go`:
- Around line 94-160: The two new subtests created with t.Run (including the one
titled "Should remove stale materialized ledger before replacing the event
store" and the other new subtest around lines 166-220) must be marked to run in
parallel; inside each subtest's func(t *testing.T) body add a call to
t.Parallel() as the first statement to follow the project's test guidelines for
subtests. Ensure you place t.Parallel() at the top of the anonymous test
function in the subtests that exercise manager.ClearConversation/Resume/Stop and
related helpers (e.g., where newHarness, NewMaterializer, createSession,
h.manager.Prompt/Resume/ClearConversation are used).

---

Duplicate comments:
In `@internal/store/sessiondb/read_only.go`:
- Around line 16-20: The read-only open retry parameters are hardcoded as
constants (readOnlyOpenMaxAttempts, readOnlyOpenMinRetryDelay,
readOnlyOpenMaxRetryDelay) in read_only.go; make them configurable instead by
wiring them into the sessiondb read-only opener via configuration or injected
options (e.g., add fields to the ReadOnlyStore / NewReadOnlyStore constructor or
accept a RetryOptions struct) and replace uses of those constants with the
injected values, defaulting to the current constants only when config/env values
are absent; update any references in methods that perform the open/retry logic
to read from the new config/option fields rather than the file-level constants.
- Around line 157-163: Define package-level sentinel errors (e.g., var
ErrReadOnlyRecord = errors.New("store: read-only session database cannot record
events") and var ErrReadOnlyTokenUsage = errors.New("store: read-only session
database cannot record token usage")) and replace the current ad-hoc errors in
ReadOnlySessionDB.Record and ReadOnlySessionDB.RecordTokenUsage with wrapped
returns that use those sentinels (e.g., return fmt.Errorf("%w",
ErrReadOnlyRecord) / return fmt.Errorf("%w", ErrReadOnlyTokenUsage)) so callers
can reliably use errors.Is; reference the ReadOnlySessionDB.Record and
ReadOnlySessionDB.RecordTokenUsage methods when making the change.

In `@internal/store/sessiondb/session_db_test.go`:
- Around line 172-173: The subtest started with t.Run("Should retry transient
SQLite locks while opening", func(t *testing.T) { ... }) is not marked for
parallel execution; update that subtest by adding t.Parallel() as the first
statement inside the func(t *testing.T) body so the subtest runs in parallel
with other subtests and follows the test guidelines.

In `@web/src/hooks/routes/use-session-page-controls.ts`:
- Line 18: The file imports the hook directly from internals; replace the deep
import of useSessionTranscriptThreadMessages with an import from the public
barrel `@/systems/session`, and add an export of
useSessionTranscriptThreadMessages in that barrel (index) so it’s publicly
available; also update any tests/mocks that currently import the hook from the
deep path to import from `@/systems/session` so the mock targets the barrel export
instead of the internal path.

---

Nitpick comments:
In `@internal/session/manager_start.go`:
- Around line 467-480: Add a brief doc comment above the clearableEventRecorder
type and/or the clearSessionStartRecorder function explaining this is an
optional-capability pattern: EventRecorder implementations may or may not
implement Clear, so we type-assert to clearableEventRecorder to detect and
invoke the capability only when present; mention the semantics (reset/clear of
persisted session start events) and why we return an error when Clear is
unsupported or fails. Reference the clearableEventRecorder interface and
clearSessionStartRecorder helper in the comment so future maintainers can
quickly understand the intent and usage.

In `@web/e2e/__tests__/dashboard.spec.ts`:
- Around line 462-468: dashboardStatusKey currently treats any non-matching
string (including undefined) as "degraded"; update the dashboardStatusKey
function to explicitly handle undefined (e.g., if status === undefined return
"degraded" or throw) and add a warning log for unexpected values so backend
anomalies are visible; modify the function dashboardStatusKey to first check for
undefined, then normalize and match "ok"/"healthy"/"running", and if falling
back to "degraded" emit a console.warn or use the test logger with the
unexpected status value and a short comment explaining the intentional default.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 38967b21-6c34-4e2b-87c5-d9823d4a5193

📥 Commits

Reviewing files that changed from the base of the PR and between 8f86a08 and 974343e.

⛔ Files ignored due to path filters (1)

• web/e2e/fixtures/workspace.ts is excluded by !**/fixtures/**

📒 Files selected for processing (40)

• internal/api/core/handlers.go
• internal/api/core/session_workspace.go
• internal/api/core/session_workspace_internal_test.go
• internal/session/interfaces.go
• internal/session/ledger.go
• internal/session/manager.go
• internal/session/manager_clear.go
• internal/session/manager_clear_test.go
• internal/session/manager_start.go
• internal/session/manager_test.go
• internal/session/query.go
• internal/session/query_test.go
• internal/session/repair.go
• internal/session/session.go
• internal/session/stop_cause.go
• internal/session/stop_reason.go
• internal/session/stop_reason_test.go
• internal/session/transcript.go
• internal/sessions/ledger/materializer.go
• internal/store/sessiondb/read_only.go
• internal/store/sessiondb/session_db.go
• internal/store/sessiondb/session_db_test.go
• internal/store/store.go
• internal/store/write.go
• web/e2e/__tests__/agent-categories.spec.ts
• web/e2e/__tests__/agents.spec.ts
• web/e2e/__tests__/dashboard.spec.ts
• web/e2e/__tests__/extensibility.spec.ts
• web/e2e/__tests__/harness-smoke.spec.ts
• web/e2e/__tests__/network.spec.ts
• web/e2e/__tests__/sandbox.spec.ts
• web/e2e/__tests__/session-onboarding.spec.ts
• web/e2e/__tests__/session-provider-override.spec.ts
• web/e2e/__tests__/settings-hardening.spec.ts
• web/e2e/__tests__/settings-transport.spec.ts
• web/e2e/__tests__/settings.spec.ts
• web/e2e/__tests__/tasks-hardening.spec.ts
• web/e2e/__tests__/workspace-setup.spec.ts
• web/src/hooks/routes/__tests__/use-session-page-controls.test.tsx
• web/src/hooks/routes/use-session-page-controls.ts

✅ Files skipped from review due to trivial changes (2)

• internal/session/stop_reason.go
• internal/store/write.go

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Move these status-mapping checks into t.Run("Should ...") subtests.

Adding more inline assertions here keeps extending a flat test body instead of the required subtest structure, and failures stay less targeted than they need to be.

As per coding guidelines: "**/*_test.go: MUST use t.Run("Should...") pattern for ALL test cases`."

Also applies to: 185-187

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/api/core/session_workspace_internal_test.go` around lines 157 - 159,
The two flat assertions that call statusForWorkspaceError(context.Canceled) and
compare to statusClientClosedRequest (and the similar check at the later
occurrence) should be converted into t.Run subtests using the "Should ..."
naming pattern; wrap each assertion in its own t.Run block (e.g., t.Run("Should
map context.Canceled to statusClientClosedRequest", func(t *testing.T) { if got
:= statusForWorkspaceError(context.Canceled); got != statusClientClosedRequest {
t.Fatalf(...) } })) so each check becomes an isolated subtest and follow the
same pattern for the other occurrence.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add t.Parallel() to the new subtests.

Both newly added t.Run("Should ...") blocks are missing t.Parallel() with no stated reason to run serially.

Suggested patch

 func TestClearConversationDiscardsMaterializedLedger(t *testing.T) {
 	t.Parallel()

 	t.Run("Should remove stale materialized ledger before replacing the event store", func(t *testing.T) {
+		t.Parallel()
 		h := newHarness(t)
 		materializer, err := sessionledger.NewMaterializer(sessionledger.Config{
 			RootDir: h.homePaths.SessionsDir,
@@
 func TestClearConversationResetsStoreOpenedWithStaleRows(t *testing.T) {
 	t.Parallel()

 	t.Run("Should clear stale rows present when the replacement store opens", func(t *testing.T) {
+		t.Parallel()
 		h := newHarness(t)
 		var openCount atomic.Int32
 		h.manager = newManagerWithHarness(

As per coding guidelines "**/*_test.go: Structure tests with t.Run(\"Should ...\") subtests and mark them with t.Parallel() by default unless there is a specific reason to disable parallelization."

Also applies to: 166-220

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/session/manager_clear_test.go` around lines 94 - 160, The two new
subtests created with t.Run (including the one titled "Should remove stale
materialized ledger before replacing the event store" and the other new subtest
around lines 166-220) must be marked to run in parallel; inside each subtest's
func(t *testing.T) body add a call to t.Parallel() as the first statement to
follow the project's test guidelines for subtests. Ensure you place t.Parallel()
at the top of the anonymous test function in the subtests that exercise
manager.ClearConversation/Resume/Stop and related helpers (e.g., where
newHarness, NewMaterializer, createSession,
h.manager.Prompt/Resume/ClearConversation are used).