fix(notifications): restore background push notifications and improve SW session recovery

[Just-Insane]

Description

Restores background push notification delivery and hardens the service worker's session management. Notifications were silently dropped when the app was backgrounded because two upstream mechanisms — the appIsVisible flag in the SW and togglePusher on visibility changes — had been removed.

Notification & visibility fixes

• Restore appIsVisible flag and setAppVisible handler in sw.ts — the SW now tracks whether the app is visible via messages from the main thread, used alongside clients.matchAll() visibilityState as a dual-signal check before suppressing push notifications.
• Post setAppVisible from the main thread in ClientNonUIFeatures.tsx — bridges document visibility changes to the service worker.
• Reconnect togglePusher on visibility changes in useAppVisibility.ts — re-registers the push endpoint when the app returns to the foreground, ensuring the homeserver can deliver pushes.

Service worker session recovery

• Increase session TTL from 30 min → 24 h — push notifications can arrive hours after last active use; the short TTL caused unnecessary re-fetches and auth errors.
• requestSessionWithTimeout fallback — Promise.race wrapper so the SW falls back to its cached preloadedSession if the main client is unresponsive, instead of hanging.
• Reset heartbeat backoff on foreground sync — the exponential backoff counter resets when the user foregrounds the app, allowing immediate session refresh.
• Warm preloadedSession from push handler — the session fetched during push processing is stored for reuse within the same SW lifetime.

Robustness improvements

• appEvents.ts → Set-based multi-subscriber pattern — replaces single-callback slots with Set-backed subscriptions that return unsubscribe functions, preventing silent overwrites when multiple consumers subscribe.
• BackgroundNotifications.tsx retry timer cleanup — tracks setTimeout IDs in a Set and cancels them on effect cleanup, preventing orphaned background clients on unmount.

Experiment / session-sync config types

• useClientConfig.ts — adds ExperimentConfig, SessionSyncConfig, and ExperimentSelection types plus selectExperimentVariant / useExperimentVariant hooks for feature-flag gating.

DM sidebar fixes

• RoomNavItem.tsx — fix room topic/status description sticking to the wrong row by replacing useRoomTopic with a per-room getStateEvent + useEffect.
• useUserPresence.ts — simplify null-safety with optional chaining on the User object.
• DirectDMsList.tsx — use getDirectRoomAvatarUrl directly instead of falling through getRoomAvatarUrl first.

Fixes #

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings

AI disclosure:

• Partially AI assisted (clarify which code was AI assisted and briefly explain what it does).

The notification/visibility restoration (appIsVisible flag, setAppVisible handler, togglePusher reconnection), the appEvents multi-subscriber refactor, and the BackgroundNotifications retry timer cleanup were developed with AI assistance. The session recovery improvements (requestSessionWithTimeout, backoff reset, TTL increase) were drafted with AI assistance and reviewed against the existing SW session-handshake protocol. The experiment config types, DM sidebar fixes, and presence cleanup were developed with AI assistance.

[Copilot]

Pull request overview

This PR improves service worker (SW) session recovery and media authentication behavior to reduce missed/incorrect push notifications and 401s when the SW restarts or a tab is unavailable, and adds an app↔SW “live visibility” handshake to decide when to suppress OS notifications.

Changes:

• Persist SW session with a timestamp and enforce a 24h TTL; warm SW preloadedSession during push handling.
• Add SW↔client live visibility ping and use it to suppress OS notifications only when a tab confirms it’s visible.
• Expand authenticated media interception and add retry logic to recover from token refresh races.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.

File	Description
src/sw.ts	Session persistence/TTL, push visibility ping, media auth path expansion, media fetch retry, and Workbox precache call change.
src/app/pages/client/ClientNonUIFeatures.tsx	Responds to SW visibility pings from the client page.
src/app/hooks/useAppVisibility.ts	Adds foreground/focus/heartbeat-driven session push behavior (plus experiment/config wiring).
.changeset/sw-push-session-recovery.md	Changeset entry for the SW reliability fix.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

loadPersistedSession() no longer validates that the cached JSON has string accessToken/baseUrl before using them. As written, a corrupted cache entry can throw (e.g. s.accessToken.slice(...)) and/or propagate non-string values into fetch/auth, and the debug log leaks part of the access token. Please restore strict type checks (and avoid logging token material) before returning a SessionInfo.

[Copilot]

checkLiveVisibility() builds checkId from Date.now() + idx, which can collide across overlapping calls (e.g. multiple push events close together), overwriting entries in visibilityCheckPendingMap and resolving the wrong promise. Use a collision-resistant id (e.g. crypto.randomUUID() or a monotonic counter) for the map key.

[Copilot]

In handleMinimalPushPayload(), using Promise.race over per-client requestSessionWithTimeout calls can return undefined as soon as the first client responds with no session (or a fast failure), even if another client would return a valid session shortly after. This defeats the intended fallback behavior; prefer selecting the first defined session (e.g. Promise.all + find, or a Promise.any-style helper that ignores undefined).

Suggested change

	const result = await Promise.race(
	Array.from(windowClients).map((c) => requestSessionWithTimeout(c.id, 1500))
	);
	session = result ?? undefined;
	const results = await Promise.all(
	Array.from(windowClients).map((c) => requestSessionWithTimeout(c.id, 1500))
	);
	session = results.find((result) => result != null) ?? undefined;

[Copilot]

The comment says persisting the session into preloadedSession makes getAnyStoredSession() return it, but getAnyStoredSession() only reads from the sessions Map. As a result, handleMinimalPushPayload() will still re-read the cache (and won’t benefit from preloadedSession). Either update the comment or wire preloadedSession into getAnyStoredSession()/handleMinimalPushPayload() so the warm-up actually avoids the extra cache read.

[Copilot]

precacheAndRoute(self.__WB_MANIFEST) is now unguarded. If __WB_MANIFEST is undefined in any build mode (e.g. dev, tests, or if injectManifest fails), this will throw at SW startup. Safer is to keep the guard or default to an empty array when the manifest isn’t injected.

Suggested change

	precacheAndRoute(self.__WB_MANIFEST);
	precacheAndRoute(self.__WB_MANIFEST ?? []);

[Copilot]

The visibility ping response uses navigator.serviceWorker.controller?.postMessage(...). Since the SW uses clients.matchAll({ includeUncontrolled: true }), some visible clients may be uncontrolled and have controller === null, so they’ll never respond and the SW will incorrectly treat the app as not visible. Consider posting via (await navigator.serviceWorker.ready).active (or the registration) when controller is null so uncontrolled-but-visible tabs can respond.

[Copilot]

useAppVisibility imports useExperimentVariant from ./useClientConfig, but src/app/hooks/useClientConfig.ts does not export it, and ClientConfig also doesn’t declare the sessionSync property used below. This file will not typecheck/compile as-is; either add the missing export/types to useClientConfig.ts or remove/guard the experiment + sessionSync usage here.

[Copilot]

useAppVisibility now relies on activeSession (baseUrl/accessToken/userId) for pushSessionNow/heartbeat, but no call sites pass it (e.g. ClientRoot still calls useAppVisibility(mx) only). With activeSession undefined, the new session-sync logic will always be skipped and the backoff reset/heartbeat won’t take effect. Either make activeSession required or update the callers to pass the current session.

Suggested change

	export function useAppVisibility(mx: MatrixClient | undefined, activeSession?: Session) {
	const clientConfig = useClientConfig();
	const [usePushNotifications] = useSetting(settingsAtom, 'usePushNotifications');
	const pushSubAtom = useAtom(pushSubscriptionAtom);
	const isMobile = mobileOrTablet();
	const sessionSyncConfig = clientConfig.sessionSync;
	const sessionSyncVariant = useExperimentVariant('sessionSyncStrategy', activeSession?.userId);
	function getActiveSessionFromClient(mx: MatrixClient | undefined): Session | undefined {
	if (!mx) return undefined;
	const baseUrl = mx.getHomeserverUrl?.();
	const accessToken = mx.getAccessToken?.();
	const userId = mx.getUserId?.();
	if (!baseUrl || !accessToken || !userId) return undefined;
	return {
	baseUrl,
	accessToken,
	userId,
	} as Session;
	}
	export function useAppVisibility(mx: MatrixClient | undefined, activeSession?: Session) {
	const clientConfig = useClientConfig();
	const [usePushNotifications] = useSetting(settingsAtom, 'usePushNotifications');
	const pushSubAtom = useAtom(pushSubscriptionAtom);
	const isMobile = mobileOrTablet();
	const resolvedActiveSession = activeSession ?? getActiveSessionFromClient(mx);
	const sessionSyncConfig = clientConfig.sessionSync;
	const sessionSyncVariant = useExperimentVariant('sessionSyncStrategy', resolvedActiveSession?.userId);