Mark sessions as expired when authentication fails#40
Merged
Conversation
When a server rejects an unauthenticated connection, the session was still showing as 'live' because the session status was never updated to 'expired'. This fix marks the session as expired in three places: 1. Bridge startup: auth errors now trigger expired status (previously only session ID rejection did) 2. ensureBridgeReady: marks session expired before throwing auth error (both on initial check and after restart attempt) https://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL
The run_xmcpc invariant check compares --json and --json --verbose outputs for equality. The lastSeenAt field can change between calls due to bridge keepalive pings, causing spurious failures. Normalize this field before comparison. https://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL
Now that lastSeenAt is normalized in the invariant comparison, restore run_xmcpc (with full --json/--verbose invariant checks) in session tests that were previously downgraded to run_mcpc to avoid lastSeenAt timestamp drift between the 4 variant calls. https://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL
Shared-home tests cannot use run_xmcpc because parallel tests modify the session list (adding/removing sessions, changing status) between the 4 invariant-check variant calls. The lastSeenAt normalization only fixes timestamp drift — it doesn't help when the session list itself changes due to concurrent test execution. https://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL
The bridge IPC serializes MCP auth failures (e.g. 401 from server) as NetworkError (code 3). Previously, ensureBridgeReady treated all NetworkErrors as "socket not responding" and fell through to restart, only checking for auth patterns after restart. This caused connect to silently succeed in Bun when the second check path behaved differently. Now check isAuthenticationError() on the error message before falling through to restart, so auth failures are detected immediately on the first health check regardless of runtime. https://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR ensures that sessions are correctly marked as
expiredwhen the server rejects authentication, rather than remaining in alivestate. This improves the user experience by accurately reflecting the session status in the session list.Key Changes
ensureBridgeReady()when authentication errors are detected during MCP connection attempts (two locations: initial connection and post-restart health checks)Implementation Details
status: 'expired'before throwing the auth errorisAuthenticationError()utility function for consistencyhttps://claude.ai/code/session_01Vz55QPzBXfNxd34dRQZxHL