Add collaboration provider diagnostics to sync timeout errors#3404
Conversation
Before, COLLABORATION_SYNC_TIMEOUT details only contained
{ timeoutMs }. DNS failures, refused TCP, failed WS upgrades, and
auth rejections all collapsed to the same useless payload. The
timeout now captures last status/connection-error/connection-close/
authenticationFailed plus event counts, sanitized URL, documentId,
tokenEnv state, and paramsKeys.
Sensitive query params are redacted in URL and event payload
strings. y-websocket's [event, provider] emit pattern is reduced
to the first arg so the provider self-ref graph does not bloat
the envelope or risk leaking document content.
Mock constructors in runtime.test.ts updated: the previous pattern
returned undefined instances under bun's mock wrapping, which was
harmless when the runtime did not touch the provider synchronously.
The new attachProviderDiagnostics binding does.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d14abfffac
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
decodeURIComponent throws URIError on malformed percent-encoding (e.g. a raw `%` in a query key). The diagnostics sanitizer runs inside the sync-timeout callback, so an uncaught throw would suppress the COLLABORATION_SYNC_TIMEOUT envelope entirely - the exact failure mode the rest of the module defends against. Falls back to the raw key on URIError so the sensitivity check still runs. Decoding stays in place so encoded variants like `%74oken` continue to redact correctly.
|
Reviewed and tested against the real triage servers ( Test matrix
PR's own suite: What this confirms
|
|
🎉 This PR is included in superdoc-cli v0.12.0 The release is available on GitHub release |
|
🎉 This PR is included in superdoc-sdk v1.11.0 |
|
🎉 This PR is included in @superdoc-dev/mcp v0.7.0 The release is available on GitHub release |
Surfaces the actual provider failure (close code, error message, auth state, event counts) in
COLLABORATION_SYNC_TIMEOUT.detailsinstead of the current{ timeoutMs }. Several distinct failure modes that customers hit today collapse into the same useless error — this is the load-bearing fix that lets a customer report self-diagnose to "expected 101", "DNS failed", "auth rejected", or "broker accepted upgrade but never synced".Sanitization redacts
token/auth/secret/password/credential/apiKeyin both URL fields and captured event payload strings. The provider self-reference in y-websocket's[event, provider]emit pattern is dropped to keep envelopes compact and forward-leak-safe.Existing
runtime.test.tsmocks updated: the previous constructor pattern returned undefined instances under bun's mock wrapping, which was harmless when the runtime did not touch the provider synchronously. The new diagnostics binding does. 23 new tests added covering redaction, field shape, event capture, null-payload close filtering, provider self-ref stripping, and defensive subscription.Verified:
bun testinsideapps/cli→ 1260 pass, 0 fail (346 skipped). Live customer replication against the live test endpoint now returns a fully populated details payload instead of{ timeoutMs: 10000 }.