fix: recover from panics in websocket handlers to prevent server crash

[gmegidish]

a panic in any handler propagated up and killed the process; defer recover logs the method name and stack trace, then sends a clean error response

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ca224266-9ac5-4b26-aec3-aa6e51a4abab

📥 Commits

Reviewing files that changed from the base of the PR and between 8906ebb and a17de48.

📒 Files selected for processing (1)

• server/websocket.go

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

---

Walkthrough

This PR makes two independent changes. First, it reorganizes the go.mod file by consolidating module dependencies: most entries previously marked as // indirect in a secondary require block are moved into the primary block without the indirect comments, while a smaller secondary block retains only three indirect dependencies. Second, it enhances error handling in server/websocket.go by adding fmt and runtime/debug imports and wrapping the method invocation path with a deferred panic recovery handler that captures panics with stack traces and converts them to JSON-RPC server error responses.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding panic recovery to websocket handlers to prevent server crashes, which aligns with the primary modification in server/websocket.go.
Description check	✅ Passed	The description is directly related to the changeset, explaining how panics in handlers are now caught and logged with stack traces before sending error responses, which matches the server/websocket.go modifications.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-websocket-panic-recovery

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 6-53: The go.mod changes removed or altered // indirect markers
for many modules (the entries shown) though none are directly imported; restore
correct indirect/direct annotations by reverting the reorganization or running
"go mod tidy" to regenerate go.mod and go.sum, ensuring modules like
github.com/Masterminds/semver, github.com/sirupsen/logrus, golang.org/x/crypto,
etc. return to their proper indirect status; verify the go.mod matches the
output of "go mod tidy" and commit that result.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 10e89f54-8627-4773-8ab1-b1d18a852786

📥 Commits

Reviewing files that changed from the base of the PR and between a47cb8f and 8906ebb.

📒 Files selected for processing (2)

• go.mod
• server/websocket.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if packages marked as direct dependencies are actually imported

packages=(
  "al.essio.dev/pkg/shellescape"
  "github.com/Masterminds/semver"
  "github.com/cenkalti/backoff"
  "github.com/davecgh/go-spew"
  "github.com/go-task/slim-sprig"
  "github.com/godbus/dbus/v5"
  "github.com/google/btree"
  "github.com/google/pprof"
  "github.com/grandcat/zeroconf"
  "github.com/inconshreveable/mousetrap"
  "github.com/kardianos/osext"
  "github.com/miekg/dns"
  "github.com/onsi/ginkgo/v2"
  "github.com/pierrec/lz4"
  "github.com/pkg/errors"
  "github.com/pmezard/go-difflib"
  "github.com/songgao/water"
  "github.com/spf13/pflag"
  "github.com/tadglines/go-pkgs"
  "go.mozilla.org/pkcs7"
  "go.uber.org/mock"
  "golang.org/x/crypto"
  "golang.org/x/exp"
  "golang.org/x/mod"
  "golang.org/x/net"
  "golang.org/x/sync"
  "golang.org/x/sys"
  "golang.org/x/text"
  "golang.org/x/time"
  "golang.org/x/tools"
  "golang.zx2c4.com/wintun"
  "gopkg.in/yaml.v3"
  "gvisor.dev/gvisor"
  "software.sslmate.com/src/go-pkcs12"
)

echo "Checking which packages are directly imported in .go files..."
echo ""

for pkg in "${packages[@]}"; do
  # Escape dots and slashes for regex
  escaped=$(echo "$pkg" | sed 's/\./\\./g')
  
  # Search for import statements in .go files (excluding vendor and test files for cleaner output)
  matches=$(rg -t go --no-heading -n "\"$escaped" -g '!vendor/**' -g '!**/*_test.go' | head -5)
  
  if [ -n "$matches" ]; then
    echo "✓ $pkg - FOUND (directly imported)"
    echo "$matches" | head -3
    echo ""
  else
    echo "✗ $pkg - NOT FOUND (likely should be marked // indirect)"
  fi
done

echo ""
echo "To verify and fix, run: go mod tidy"

Repository: mobile-next/mobilecli

Length of output: 2736

---

🏁 Script executed:

#!/bin/bash
cd "$(git rev-parse --show-toplevel)" || exit 1

packages=(
  "al.essio.dev/pkg/shellescape"
  "github.com/Masterminds/semver"
  "github.com/cenkalti/backoff"
  "github.com/davecgh/go-spew"
  "github.com/go-task/slim-sprig"
  "github.com/godbus/dbus/v5"
  "github.com/google/btree"
  "github.com/google/pprof"
  "github.com/grandcat/zeroconf"
  "github.com/inconshreveable/mousetrap"
  "github.com/kardianos/osext"
  "github.com/miekg/dns"
  "github.com/onsi/ginkgo/v2"
  "github.com/pierrec/lz4"
  "github.com/pkg/errors"
  "github.com/pmezard/go-difflib"
  "github.com/songgao/water"
  "github.com/spf13/pflag"
  "github.com/tadglines/go-pkgs"
  "go.mozilla.org/pkcs7"
  "go.uber.org/mock"
  "golang.org/x/crypto"
  "golang.org/x/exp"
  "golang.org/x/mod"
  "golang.org/x/net"
  "golang.org/x/sync"
  "golang.org/x/sys"
  "golang.org/x/text"
  "golang.org/x/time"
  "golang.org/x/tools"
  "golang.zx2c4.com/wintun"
  "gopkg.in/yaml.v3"
  "gvisor.dev/gvisor"
  "software.sslmate.com/src/go-pkcs12"
)

echo "Checking direct imports in .go files (including *_test.go), excluding vendor..."
echo ""

for pkg in "${packages[@]}"; do
  escaped=$(printf "%s" "$pkg" | sed 's/\./\\./g')
  matches=$(rg -t go --no-heading -n "\"$escaped" -g '!vendor/**' | head -3)
  if [ -n "$matches" ]; then
    echo "✓ $pkg - FOUND"
    echo "$matches"
    echo ""
  else
    echo "✗ $pkg - NOT FOUND"
  fi
done

Repository: mobile-next/mobilecli

Length of output: 1425

---

go.mod: revert/remove // indirect changes for unimported dependencies (go.mod lines 6-53)

Repo-wide scan found none of the listed modules being imported anywhere in non-vendored .go files (including *_test.go). Removing // indirect from these entries is therefore likely incorrect; run go mod tidy (or revert the dependency reorganization) to restore correct indirect/direct requirements.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 6 - 53, The go.mod changes removed or altered //
indirect markers for many modules (the entries shown) though none are directly
imported; restore correct indirect/direct annotations by reverting the
reorganization or running "go mod tidy" to regenerate go.mod and go.sum,
ensuring modules like github.com/Masterminds/semver, github.com/sirupsen/logrus,
golang.org/x/crypto, etc. return to their proper indirect status; verify the
go.mod matches the output of "go mod tidy" and commit that result.