Distinguish auth failures from session expiry with new 'unauthorized' state#46
Merged
Distinguish auth failures from session expiry with new 'unauthorized' state#46
Conversation
Split the overloaded 'expired' state into distinct states: - 'unauthorized' (new): auth failures (401/403, token refresh failure) with actionable login guidance in session listing - 'expired': session ID rejection (404) only Add 'disconnected' display state: shown when bridge is alive but server hasn't responded in >2 minutes (uses existing lastSeenAt field, no new persisted data). Auto-recovers silently. https://claude.ai/code/session_01SXnUgdS4xhnQXbvCxEXcAG
…d constants Move both constants to src/lib/types.ts so bridge and CLI reference a single source of truth. DISCONNECTED_THRESHOLD_MS is now 4 × KEEPALIVE_INTERVAL_MS instead of a hardcoded 2-minute value. https://claude.ai/code/session_01SXnUgdS4xhnQXbvCxEXcAG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR introduces a new
unauthorizedsession state to distinguish authentication failures (401/403 responses or token refresh failures) from session expiry (404 responses). It also adds adisconnecteddisplay state to surface when the bridge process is alive but the server has been unreachable for more than 2 minutes.Key Changes
New session states: Added
unauthorizedstatus for auth failures, separate fromexpired(which now specifically means session ID rejection). UpdatedSessionStatustype to includeunauthorized.Disconnected state detection: Implemented
DISCONNECTED_THRESHOLD_MS(2 minutes) to detect when a bridge is running but the server hasn't responded recently. This is displayed as a yellow "disconnected" indicator without blocking operations (auto-recovers when server responds).Improved status display:
live(green) - Bridge running and server respondingdisconnected(yellow) - Bridge running but server unreachable >2mincrashed(yellow) - Bridge process deadunauthorized(red) - Auth rejected; shows recovery hint:mcpc login <target> && mcpc <session> restartexpired(red) - Session ID rejected; shows recovery hint:mcpc <session> restartAuth error handling: Updated bridge process to distinguish between authentication errors (mark as
unauthorized) and session expiry errors (mark asexpired), with appropriate logging and recovery guidance.Session consolidation: Updated cleanup logic to remove both
expiredandunauthorizedsessions whencleanExpiredis enabled, and to preserve these states during bridge crash detection.Error messages: Improved
createServerAuthErrorto suggestmcpc <session> restartinstead of full reconnect flow.Documentation: Updated CLAUDE.md and CHANGELOG.md to document the new session states and their recovery procedures.
Implementation Details
getBridgeStatus()function now checkslastSeenAttimestamp to determine if a bridge is truly disconnected vs. live.handlePossibleExpiration()method now branches on authentication errors vs. session expiry errors.unauthorizedsessions to guide users toward the correct fix.https://claude.ai/code/session_01SXnUgdS4xhnQXbvCxEXcAG