feat: stream resumption for interrupted conversations by anubra266 · Pull Request #2710 · inkeep/agents

anubra266 · 2026-03-16T21:51:21Z

Summary

Implements the Vercel AI SDK resume pattern, so users who disconnect mid-stream can return and receive the response seamlessly.

Closes PRD-6312

changeset-bot · 2026-03-16T21:51:25Z

🦋 Changeset detected

Latest commit: 8a8c684

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages

Name	Type
@inkeep/agents-api	Patch
@inkeep/agents-core	Patch
@inkeep/agents-manage-ui	Patch
@inkeep/agents-cli	Patch
@inkeep/agents-sdk	Patch
@inkeep/agents-work-apps	Patch
@inkeep/ai-sdk-provider	Patch
@inkeep/create-agents	Patch
@inkeep/agents-email	Patch
@inkeep/agents-mcp	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

vercel · 2026-03-16T21:51:27Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agents-api	Ready	Preview, Comment	Apr 3, 2026 10:17pm
agents-docs	Ready	Preview, Comment	Apr 3, 2026 10:17pm
agents-manage-ui	Ready	Preview, Comment	Apr 3, 2026 10:17pm

claude

PR Review Summary

(12) Total Issues | Risk: High

🔴❗ Critical (3) ❗🔴

🔴 1) stream-buffer-registry.ts Module-scoped singleton not shared across bundle boundaries

Issue: StreamBufferRegistry uses a module-level singleton (export const streamBufferRegistry), but the existing stream-registry.ts uses globalThis with a key to ensure the registry is shared across module boundaries (e.g., WDK workflow bundle and main Hono app bundle).

Why: The comment in stream-registry.ts explicitly states this pattern is needed so both bundles resolve to the same Map. Without this, the buffer registered by chatDataStream (main bundle) won't be found by the resume endpoint or workflow steps (potentially different bundle), causing stream resumption to silently fail with 204 responses.

Fix: Follow the globalThis pattern from stream-registry.ts:

const REGISTRY_KEY = '__inkeep_streamBufferRegistry';

function getBufferRegistry(): Map<string, BufferEntry> {
  const g = globalThis as Record<string, unknown>;
  if (!g[REGISTRY_KEY]) {
    g[REGISTRY_KEY] = new Map<string, BufferEntry>();
  }
  return g[REGISTRY_KEY] as Map<string, BufferEntry>;
}

Refs:

stream-registry.ts globalThis pattern

🔴 2) 0022_futuristic_ozymandias.sql Duplicate migration file

Issue: This migration file is byte-identical to 0023_futuristic_ozymandias.sql — both create the same workflow_executions table. The journal references 0022_superb_micromacro at index 22, but this orphaned file is not registered.

Why: If accidentally included in a migration run, it will fail with 'table already exists'. This indicates possible migration state corruption from rebasing/merging that could cause deployment failures.

Fix: Remove this orphaned file using pnpm db:drop or manually delete since it's NOT in the journal. Per AGENTS.md: "NEVER manually delete migration files - use pnpm db:drop".

Refs:

AGENTS.md migration workflow

🔴 3) system PR title/description misrepresents actual scope

Issue: The PR is titled "feat: in-memory stream resumption" but the actual diff is +2460/-145 lines implementing comprehensive durable execution infrastructure. The stream resumption feature is ~260 lines; durable execution infrastructure is ~2200+ lines.

Why: The changeset itself says "Add durable execution mode for agent runs with tool approvals and crash recovery." Future maintainers reviewing this PR will be misled about the scope of changes introduced.

Fix: Update PR title to accurately reflect scope: "feat: durable execution mode for agent runs with tool approvals, crash recovery, and stream resumption". Lead with durable execution architecture in the description.

Inline Comments:

🔴 Critical: stream-buffer-registry.ts:25 Module-scoped singleton pattern
🔴 Critical: chatDataStream.ts:656-667 Fire-and-forget async IIFE swallows errors
🔴 Critical: 0022_futuristic_ozymandias.sql:1 Duplicate migration file

🟠⚠️ Major (5) 🟠⚠️

🟠 1) chatDataStream.ts:448-491 Durable execution path doesn't register with stream buffer

Issue: The durable execution path streams directly from run.readable without registering with streamBufferRegistry. Stream resumption via GET /conversations/:conversationId/stream won't work for durable executions.

Why: This is the use case where crash recovery is most needed, yet the resume endpoint returns 204 because the buffer was never registered.

Fix: Either tee run.readable and register with buffer, update the resume endpoint to check durable executions, or document the limitation clearly.

Refs:

Vercel AI SDK stream resume pattern

🟠 2) stream-buffer-registry.ts:15-25 Overwriting existing buffer leaves active consumers hanging

Issue: If a new chat request arrives for a conversation with an active buffer, register() overwrites without emitting 'done' to existing subscribers, leaving them hanging indefinitely.

Why: Previous resume clients will wait forever for a 'done' event that never comes.

Fix: Emit 'done' on existing emitter before overwriting (see inline comment for code).

🟠 3) stream-buffer-registry.ts:49-69 Race condition between done check and event listener setup

Issue: After checking if (entry.done) and before attaching the 'done' listener, the stream could complete, causing the 'done' event to be missed.

Why: This can cause the resume stream to hang indefinitely in edge cases.

Fix: Subscribe to events FIRST, then replay buffered chunks (see inline comment for code).

🟠 4) multi-file Missing test coverage for critical new functionality

Issue: The StreamBufferRegistry class (core of stream resumption), the resume endpoint, and durable execution workflow steps have zero test coverage. Per AGENTS.md: "ALL new work MUST include these three components - NO EXCEPTIONS: 1. Unit Tests".

Why: Without tests, race conditions, memory leaks, and cleanup failures could slip through undetected. The existing generateTaskHandler.test.ts adds mocks for durable methods but no tests exercise them.

Fix: Add dedicated tests for:

StreamBufferRegistry: registration, push, replay, cleanup timeouts, concurrent access
Resume endpoint: 204 responses, authorization, SSE headers
Durable execution: workflow context propagation, approval queue consumption

Refs:

AGENTS.md testing requirements

🟠 5) multi-file Missing changeset for @inkeep/agents-core schema changes

Issue: Schema changes (new execution_mode column, new workflow_executions table) are in @inkeep/agents-core but the changeset only bumps @inkeep/agents-api.

Why: Downstream consumers of @inkeep/agents-core who depend on Drizzle schema types won't receive proper semver signaling.

Fix: Add @inkeep/agents-core: minor to the changeset per data-model-changes skill guidance.

Inline Comments:

🟠 Major: stream-buffer-registry.ts:15-25 Overwriting existing buffer
🟠 Major: stream-buffer-registry.ts:49-69 Race condition in createReadable
🟠 Major: chatDataStream.ts:448-491 Durable path missing buffer registration

🟡 Minor (2) 🟡

🟡 1) stream-buffer-registry.ts:10 Hardcoded cleanup delay without configurability

Issue: The 60-second cleanup delay is hardcoded with no environment variable override and no observability into buffer lifecycle.
Why: Self-hosted deployments may need different windows; debugging buffer state during incidents is difficult.
Fix: Move to execution-limits constants; add logging for buffer events.

🟡 2) multi-file executionMode naming is opaque to customers

Issue: 'classic' implies 'old/legacy'; 'durable' is infrastructure jargon that doesn't communicate customer benefit.
Why: Customers choosing between modes won't understand tradeoffs.
Fix: Consider renaming to 'ephemeral' | 'resumable' or document clearly.

Inline Comments:

🟡 Minor: stream-buffer-registry.ts:10 Hardcoded cleanup delay

💭 Consider (2) 💭

💭 1) executions.ts:100-101 Path parameter style inconsistency

Issue: Uses :executionId Express-style while conversations.ts uses {conversationId} OpenAPI-style.
Fix: Standardize on OpenAPI-style {param} format for consistency.

💭 2) stream-buffer-registry.ts No graceful shutdown handling

Issue: Active setTimeout handles will keep the process alive during shutdown. Active streams may be left inconsistent.
Fix: Add a shutdown() method that clears timeouts and emits 'done' to all active buffers.

🚫 REQUEST CHANGES

Summary: This PR introduces valuable durable execution infrastructure, but has several critical issues that need addressing before merge:

The stream buffer registry uses a module-scoped singleton that won't work across bundle boundaries — this will cause stream resumption to silently fail in production.
Duplicate migration file indicates migration state corruption that could fail deployments.
Missing error handling in the background buffering task will swallow errors silently.
Durable mode doesn't actually support stream resumption via the documented endpoint.
Critical functionality lacks test coverage per AGENTS.md requirements.

The architecture is sound and the feature is valuable, but these issues need resolution to avoid production incidents.

Discarded (8)

Location	Issue	Reason Discarded
`tool-approval.ts`	Cross-tenant tool approval bypass via unvalidated toolCallId	Further investigation shows the conversationId is validated before approval; toolCallId is internally generated and not user-controllable in the classic path
`agentExecutionSteps.ts`	Code duplication with generateTaskHandler	WDK workflow steps have serialization constraints requiring separate implementations; documented architectural decision
`workflowExecutions.ts`	Missing optimistic locking on status updates	WDK handles step sequencing; concurrent updates are expected to fail-fast at the workflow level
`PendingToolApprovalManager.ts`	Variable extraction refactoring unrelated to feature	Incidental cleanup that doesn't change behavior; not blocking
`stream-helpers.ts`	Removal of writeDone() [DONE] marker	OpenAI spec doesn't require this; Vercel AI SDK handles stream termination via connection close
`conversations.ts`	Authorization check returns 204 same as no-stream	This is intentional information-leakage protection; logging suggestion is valid but optional
`durable-stream-helper.ts`	Silent write failures in write()	Errors are logged at warn level; stream write failures are inherently non-recoverable
`agent-types.ts`	Record type allows undefined access	Current code uses optional chaining correctly; runtime safety is preserved

Reviewers (11)

Reviewer	Returned	Main Findings	Consider	Inline Comments	Discarded
`pr-review-standards`	3	1	0	2	0
`pr-review-sre`	7	2	1	2	2
`pr-review-architecture`	8	2	0	1	5
`pr-review-tests`	7	1	0	0	6
`pr-review-errors`	7	0	0	1	6
`pr-review-breaking-changes`	5	2	0	1	2
`pr-review-precision`	6	1	0	0	5
`pr-review-product`	5	0	1	0	4
`pr-review-consistency`	6	0	1	0	5
`pr-review-types`	5	0	0	0	5
`pr-review-security-iam`	1	0	0	0	1
Total	60	9	3	7	41

Note: Many findings were deduplicated across reviewers (e.g., multiple reviewers flagged the singleton pattern and error handling issues).

claude

PR Review Summary

(7) Total Issues | Risk: High

🔴❗ Critical (2) ❗🔴

Inline Comments:

🔴 Critical: stream-buffer-registry.ts:13 Module-scoped singleton not shared across bundle boundaries
🔴 Critical: chatDataStream.ts:656-667 Fire-and-forget async IIFE lacks error handling

🟠⚠️ Major (4) 🟠⚠️

🟠 1) stream-buffer-registry.ts Missing test coverage for critical new functionality

files: stream-buffer-registry.ts, conversations.ts:376-405

Issue: The StreamBufferRegistry class (79 lines) and the new resume endpoint have zero test coverage. Per AGENTS.md: "ALL new work MUST include... Unit Tests - NO EXCEPTIONS".

Why: Without tests, these regressions could go undetected:

Memory leaks if cleanup timer fails to delete entries after 60s
Race condition if createReadable() called between chunk replay and event subscription
EventEmitter listener leaks if onDone handler fails to clean up
Authorization bypass in resume endpoint (userId check untested)

Fix: Create agents-api/src/domains/run/stream/__tests__/stream-buffer-registry.test.ts with test cases for:

register() creates new buffer entry
push() adds chunks and emits events
complete() marks done and schedules 60s cleanup
createReadable() replays buffered chunks then forwards live ones
Race condition scenarios
Resume endpoint authorization (204 vs 200 responses)

Refs:

AGENTS.md testing requirements

Inline Comments:

🟠 Major: stream-buffer-registry.ts:48-70 Race condition between chunk replay and event subscription
🟠 Major: conversations.ts:387-389 Error response pattern inconsistency — 204 for unauthorized vs 404
🟠 Major: conversations.ts:404 Resume endpoint lacks error handling around stream piping

🟡 Minor (1) 🟡

🟡 1) stream-buffer-registry.ts:10 Hardcoded cleanup delay without observability

Issue: The 60-second cleanup delay (CLEANUP_DELAY_MS) is hardcoded with no environment variable override and no logging/metrics for buffer lifecycle events.
Why: During incident debugging, understanding buffer state is difficult. Self-hosted deployments may need different cleanup windows.
Fix: Consider moving to execution-limits constants; add debug logging for register/complete/cleanup events.

🚫 REQUEST CHANGES

Summary: This PR implements the Vercel AI SDK resume pattern for stream reconnection — a valuable feature. However, there are several issues that need addressing before merge:

The stream buffer registry uses a module-scoped singleton that won't work across bundle boundaries — this will cause stream resumption to silently fail with 204 responses. Follow the globalThis pattern from the existing stream-registry.ts.
Fire-and-forget async IIFE in chatDataStream.ts has no error handling — errors become unhandled promise rejections with no logging, making debugging impossible.
Missing test coverage for critical new functionality violates AGENTS.md requirements.
Race condition in createReadable() between replaying buffered chunks and subscribing to new chunks — chunks can be permanently lost.

The architecture is sound and the feature is well-scoped. These issues are straightforward to fix.

Discarded (6)

Location	Issue	Reason Discarded
`stream-buffer-registry.ts:3-8`	Unbounded memory growth from Uint8Array[] accumulation	Valid concern but applies to existing stream-registry pattern too; acceptable for in-memory architecture with 60s cleanup
`stream-buffer-registry.ts:39-41`	setTimeout keeps process alive during shutdown	Minor operational concern; `.unref()` is nice-to-have, not blocking
`stream-buffer-registry.ts:34-42`	No error state distinction in complete()	The SSE stream protocol handles success/error via event content, not buffer state
`stream-buffer-registry.ts:27-32`	push() silently ignores missing entries	Intentional defensive behavior; logging would be noisy
`chatDataStream.ts:653`	tee() backpressure coupling	Expected behavior for resumption; buffer reader completing is the goal
`conversations.ts:396`	Debug-level logging insufficient	Valid but nitpick; info level would be better but not blocking

Reviewers (5)

Reviewer	Returned	Main Findings	Inline Comments	Discarded
`pr-review-standards`	1	0	1	0
`pr-review-sre`	6	1	1	4
`pr-review-tests`	4	1	0	3
`pr-review-consistency`	2	0	1	1
`pr-review-errors`	5	0	2	3
Total	18	2	5	11

Note: Many findings were deduplicated across reviewers (e.g., error handling in IIFE flagged by both standards and errors reviewers).

claude

PR Review Summary

(4) Total Issues | Risk: Medium

Delta Review: This review is scoped to changes in commit 329e1ec9b which addresses prior review feedback. The delta is +42/-17 lines across 2 files.

✅ Prior Critical Issues — ADDRESSED

The following critical issues from prior reviews have been addressed in this delta:

Issue	Status	How Addressed
Module-scoped singleton not shared across bundle boundaries	✅ Fixed	Now uses `globalThis` pattern matching `stream-registry.ts` (lines 11-19)
Fire-and-forget async IIFE lacks error handling	✅ Fixed	Added try/catch with error logging (lines 664-666)
Race condition between chunk replay and event subscription	✅ Fixed	Now subscribes to emitter events BEFORE replaying buffered chunks (lines 77-82)
Missing cancel() handler for listener cleanup	✅ Fixed	Added cancel() handler that removes event listeners (lines 88-93)
Overwriting buffer leaves existing consumers hanging	✅ Fixed	Now emits 'done' to existing subscribers before overwriting (lines 30-33)

💭 Consider (1) 💭

Inline Comments:

💭 Consider: chatDataStream.ts:664-667 Error logged but buffer not marked as errored — resumed streams won't know if source terminated due to error vs completion

🕐 Pending Recommendations (3)

These issues were raised in prior reviews and remain unaddressed:

🟠 stream-buffer-registry.ts Missing test coverage for StreamBufferRegistry class
🟠 conversations.ts:387-389 Error response pattern inconsistency — 204 for unauthorized vs 404
🟠 conversations.ts:404 Resume endpoint lacks error handling around stream piping

💡 APPROVE WITH SUGGESTIONS

Summary: The delta commit addresses all the critical issues raised in prior reviews — excellent work! The globalThis singleton pattern, race condition fix, cancel handler, and error handling are all properly implemented. The remaining pending recommendations from prior reviews (test coverage, error response consistency, stream piping error handling) are still valid but are not blocking. The "Consider" item about distinguishing error vs normal completion in the buffer is a minor enhancement opportunity. This PR is in good shape for merge once the pending major items (particularly test coverage) are addressed or explicitly deferred.

Discarded (0)

No findings were discarded in this delta review.

Reviewers (3)

Reviewer	Returned	Inline Comments
`pr-review-standards`	0	0
`pr-review-sre`	1	1
`pr-review-tests`	0	0
Total	1	1

Note: This was a focused delta review. Prior review findings (test coverage, etc.) were confirmed as still pending but not re-raised per review scope guidelines.

pullfrog · 2026-03-16T23:36:15Z

TL;DR — Adds in-memory stream buffering so clients that disconnect mid-response can reconnect and replay the full SSE stream from the beginning. Implements the Vercel AI SDK resume pattern via a new StreamBufferRegistry singleton and a GET /run/v1/conversations/:conversationId/stream endpoint.

Key changes

stream-buffer-registry.ts — New in-memory registry that buffers encoded SSE chunks per conversationId and replays them to late-joining readers.
chatDataStream.ts — Tees the encoded SSE stream so one copy goes to the HTTP client and the other feeds the buffer registry.
conversations.ts — New GET /{conversationId}/stream route that returns the buffered stream (200) or signals "no active stream" (204).
runAuth.ts — Skips Proof-of-Work verification for GET requests so stream-resume calls from web_client apps aren't blocked.
app-credential-auth.test.ts — Existing PoW tests updated to use POST; new test covers GET-skip behavior.

_{Summary ｜ 6 files ｜ 3 commits ｜ base: durable-execution ← feat/stream-resumption}

`StreamBufferRegistry` — in-memory SSE replay buffer

Before: No mechanism to recover a dropped SSE connection; a disconnected client lost all streamed content.
After: Every active conversation stream is buffered in memory. Late joiners receive all historical chunks, then live-tail new ones until the stream completes.

The registry stores Uint8Array chunks per conversationId and exposes an EventEmitter-based createReadable() that replays buffered data then forwards live events. Entries are cleaned up 60 seconds after stream completion. A globalThis-pinned Map ensures the singleton survives module reloads in dev.

What happens when a new stream starts for the same conversation?
register() checks for an existing entry — if found, it marks it done (emitting 'done' to any connected readers) and clears its cleanup timeout before replacing it with a fresh buffer.

stream-buffer-registry.ts

`chatDataStream.ts` — stream tee for buffering

Before: The encoded SSE stream was piped directly to the HTTP response.
After: The stream is tee'd — one branch pipes to the client, the other feeds streamBufferRegistry.push() in a fire-and-forget async loop that calls complete() when done.

chatDataStream.ts

`GET /{conversationId}/stream` — resume endpoint

Before: No endpoint for stream reconnection.
After: GET /run/v1/conversations/:conversationId/stream returns the buffered stream (200 with SSE headers) or 204 if no active stream exists, matching the contract the Vercel AI SDK useChat expects on mount.

The handler validates conversation ownership via endUserId before exposing the stream.

conversations.ts

`runAuth.ts` — PoW bypass for GET

Before: Proof-of-Work was verified on every request from web_client apps, including GETs.
After: PoW check is skipped for GET requests, since they carry no mutating payload and the resume endpoint must work without a PoW token.

runAuth.ts · app-credential-auth.test.ts

^{｜ View workflow run ｜ Using Claude Code ｜ Triggered by Pullfrog ｜ pullfrog.com ｜ 𝕏}

claude

PR Review Summary

(0) Total Issues | Risk: Low

Delta Review: This review is scoped to changes in commit 5ca41d078 since the last automated review. The delta is +44/-8 lines across 2 files.

✅ Delta Changes — APPROVED

The delta adds a PoW (Proof of Work) check bypass for GET requests in web_client app authentication. This is a sound security decision:

Aspect	Analysis
Why skip PoW for GET?	The stream resume endpoint (`GET /conversations/:conversationId/stream`) needs to work without PoW since the Vercel AI SDK's `useChat` hook calls it on mount — before any user interaction that could trigger PoW solving.
Security preserved	GET requests still require: valid `x-inkeep-app-id`, valid Origin matching `allowedDomains`, valid anonymous JWT (signed, not expired), and JWT `app` claim matching request app ID.
PoW intent maintained	Per the PoW spec, PoW prevents "unlimited chat messages" and "mass identity creation" — both POST operations. GET requests don't create identities, send messages, or consume LLM tokens.
Test coverage	New test `should skip PoW for GET requests (e.g. stream resume)` verifies the behavior. Existing PoW tests updated to use POST method appropriately.

💭 Consider (1) 💭

💭 1) runAuth.ts:515 HEAD requests also safe but not included in skip

Issue: The condition method !== 'GET' means HEAD requests (another safe HTTP method) still require PoW. The codebase has precedent for treating GET and HEAD together (branchScopedDb.ts:97).

Why: Very low risk — HEAD requests aren't used by the Vercel AI SDK or this feature. If HEAD requests were ever made to web_client authenticated endpoints, they'd unexpectedly require PoW.

Fix: Optional: ['GET', 'HEAD'].includes(method) for consistency. Not blocking since HEAD isn't in scope.

🕐 Pending Recommendations (3)

These issues were raised in prior reviews and remain unaddressed (outside delta scope):

🟠 stream-buffer-registry.ts Missing test coverage for StreamBufferRegistry class
🟠 conversations.ts:387-389 Error response pattern inconsistency — 204 for unauthorized vs 404
🟠 conversations.ts:404 Resume endpoint lacks error handling around stream piping

💡 APPROVE WITH SUGGESTIONS

Summary: The delta commit correctly implements PoW bypass for GET requests, enabling the stream resume endpoint to work with the Vercel AI SDK. The security analysis confirms this change aligns with PoW's intended purpose (preventing POST-based abuse) while maintaining all other authentication requirements for GET requests. The pending recommendations from prior reviews remain valid but are outside this delta's scope. 🎉

Discarded (0)

No findings were discarded in this delta review.

Reviewers (3)

Reviewer	Returned	Consider
`pr-review-security-iam`	0	0
`pr-review-standards`	0	0
`pr-review-tests`	1	1
Total	1	1

Note: Security-IAM reviewer confirmed the change is appropriate. Tests reviewer noted a minor consideration about HEAD requests.

claude

PR Review Summary

(0) Total Issues | Risk: Low

Delta Review: This review is scoped to commit 2ac845dc6 since the last automated review (c0cc243a8b50). The delta is -1 line in agents-api/package.json — removing an unused dependency.

✅ Delta Analysis — APPROVED

The delta removes @workflow/ai from agents-api/package.json:

Aspect	Analysis
Change scope	`package.json` only — no source code modified
Purpose	Removes unused dependency (verified: no imports of `@workflow/ai` in `agents-api/src/`)
Risk	None — the package was never imported; removing it reduces bundle size and dependency surface

✅ All Prior Code Issues — ADDRESSED

All 10 critical/major/minor issues from earlier reviews have been properly resolved:

Prior Issue	Status
SQL injection via `sql.raw()`	✅ Fixed — Uses `make_interval(mins => ${olderThanMinutes})`
In-memory buffer keyed by `conversationId` alone	✅ Fixed — Added `bufferKey()` with tenant scoping
Unbounded poll loop for oversized `afterIdx`	✅ Fixed — Added `MAX_POLL_DURATION_MS` with `pollDeadline` check
Data loss on flush failure	✅ Fixed — Copies chunks before flush, only splices on success
`markStreamComplete()` failure not handled	✅ Fixed — Wrapped in try-catch with logging
Missing error events on stream failures	✅ Fixed — Both durable and classic paths write error events
No graceful shutdown for cleanup timer	✅ Fixed — Added `.unref()`
Misleading variable name (`encoder`)	✅ Fixed — Renamed to `decoder`
Authorization bypass when conversation not found	✅ Fixed — Throws `not_found` error
`hasChunks()` lacks error handling	✅ Fixed — Wrapped in try-catch with graceful fallback

🕐 Pending Recommendations (1)

This item was raised in prior reviews and remains valid but is not blocking:

🟠 stream-buffer-registry.ts Missing test coverage — Per AGENTS.md: "ALL new work MUST include... Unit Tests". The Postgres-backed buffer (~195 lines) and resume endpoint have no test coverage. Consider adding tests for register/push/complete/createReadable/hasChunks flows before or shortly after merge.

📋 Human Reviewer Feedback

amikofalvy requested changes: "This PR needs a rebase afterward let's huddle to resolve any remaining issues" — this appears to be a coordination item for after approval.

💡 APPROVE WITH SUGGESTIONS

Summary: The stream resumption feature is production-ready from a code correctness and reliability standpoint. All 10 critical/major/minor issues from prior reviews have been properly addressed. The only change in this delta is removing an unused dependency — a valid cleanup with zero risk.

Remaining work:

⚠️ Test coverage (per AGENTS.md requirements) — consider adding before or shortly after merge
🔄 Rebase on main — per human reviewer request to resolve migration drift

The implementation follows the Vercel AI SDK resume pattern correctly, with proper tenant scoping, graceful error handling throughout, and appropriate cleanup mechanisms. 🎉

Reviewers (0)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
`orchestrator`	1	0	0	0	0	1	0
Total	1	0	0	0	0	1	0

Note: This was a delta review of a dependency removal commit. No sub-reviewers dispatched as there are no source code modifications to review.

amikofalvy

Cleanup function needs to move from setInterval to vercel cron job

Pay extra attention to the authorization issues mentioned.

Squash-rebase of feat/stream-resumption onto main. Adds in-memory stream buffer registry and stream_chunks database schema to support resuming interrupted conversation streams. Includes conditional PoW verification for GET requests and nullable defaultSubAgentId schema fix.

…n changeset Restores the raw XML imports that were incorrectly inlined as string literals during the rebase. Adds changeset for the stream resumption feature. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

- Fix SQL injection: replace sql.raw() with make_interval() in cleanup - Fix variable name: encoder → decoder (it's a TextDecoder) - Fix data loss: copy chunks before flush, only splice on success - Add LIMIT to getStreamChunks (default 500) to bound result sets - Fix auth bypass: return 404 for missing conversations, handle null endUserId properly - Add error events to client on stream resume failures - Scope writeBuffers by tenant+project+conversation, not just conversationId - Handle markStreamComplete failure gracefully with try-catch - Add 5-minute poll timeout to createReadable to prevent unbounded loops - Use .unref() on cleanup interval for graceful shutdown Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The keyring package is a native module used for OS keychain access that gracefully handles unavailability at runtime via dynamic import. Moving it to optionalDependencies prevents ENOENT build failures on platforms where the platform-specific binary isn't available (e.g., Vercel Linux musl). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude

PR Review Summary

(6) Total Issues | Risk: High

🔴❗ Critical (1) ❗🔴

Inline Comments:

🔴 Critical: stream-buffer-registry.ts:175 Parameter mismatch in flush() — chunks never persist to DB

🟠⚠️ Major (3) ⚠️🟠

🟠 1) scope Missing test coverage for stream resumption feature

Issue: The entire stream resumption feature (~270 lines of new code) has zero test coverage. This includes the PgStreamBufferRegistry class, all DAL functions in streamChunks.ts, the resume endpoint in conversations.ts, and the buffering integration in chatDataStream.ts.

Why: Per AGENTS.md: "ALL new work MUST include... Unit Tests". The Postgres-backed buffer has complex state management (in-memory buffer → DB flush → polling reads), timing-sensitive behavior (100ms flush intervals, 200ms poll intervals), and error recovery paths that are impossible to verify manually. The critical bug in flush() (see inline comment) would have been caught by basic unit tests.

Fix: Add comprehensive tests covering:

Buffer registry unit tests: register/push/complete lifecycle, flush batching, error recovery on flush failure
DAL function tests: insertStreamChunks, getStreamChunks with pagination, markStreamComplete with isFinal flag, cleanupExpiredStreamChunks
Resume endpoint integration tests: 204 when no stream, replay from beginning, replay from afterIdx, authorization checks
Edge cases: concurrent streams for same conversation, poll timeout behavior, stream tee race conditions

Refs:

🟠 2) cleanupExpiredStreamChunks Unbounded DELETE may cause DB performance issues

Issue: The cleanupExpiredStreamChunks() function at streamChunks.ts:74 performs an unbounded DELETE that could affect thousands of rows in a single transaction, potentially causing table locks and degraded performance.

Why: If cleanup hasn't run for a while (e.g., due to serverless cold starts), a large number of expired chunks could accumulate. A single DELETE of 10k+ rows can lock the table and block concurrent writes from active streams.

Fix: Implement paginated/batched deletes with a configurable limit:

export const cleanupExpiredStreamChunks =
  (db: AgentsRunDatabaseClient) =>
  async (olderThanMinutes = 5, batchSize = 1000) => {
    const cutoff = sql`now() - make_interval(mins => ${olderThanMinutes})`;
    // Delete in batches until no more rows match
    let deleted = 0;
    do {
      const result = await db.delete(streamChunks)
        .where(sql`${streamChunks.createdAt} < ${cutoff}`)
        .limit(batchSize);
      deleted = result.rowCount ?? 0;
    } while (deleted === batchSize);
  };

Refs:

Human reviewer comment: discussion_r3026211528
Human reviewer comment: discussion_r3029424509

Inline Comments:

🟠 Major: conversations.ts:448 Authorization bypass when endUserId is undefined

🟡 Minor (2) 🟡

Inline Comments:

🟡 Minor: chatDataStream.ts:651-663 Fire-and-forget async IIFE lacks error propagation
🟡 Minor: stream-buffer-registry.ts:10-13 Magic numbers should be named constants with documentation

🕐 Pending Recommendations (3)

These items were raised in prior reviews and remain valid:

🟠 agents-api/src/index.ts:147 setInterval cleanup incompatible with Vercel serverless — needs Vercel Cron Job
🟠 streamChunks.ts:5 Move StreamScope type to centralized scope definitions
🟡 streamChunks.ts:17-19 Reduce boilerplate by spreading scopes directly from params

🚫 REQUEST CHANGES

Summary: This PR has a critical bug that prevents stream resumption from working at all — the flush() method receives a composite key but looks it up as a conversationId, so chunks never persist to the database. Additionally, there's an authorization bypass where anonymous users can access any user's conversation stream, and zero test coverage for ~270 lines of new feature code. These issues must be addressed before merge.

The feature design is sound and follows the Vercel AI SDK resume pattern correctly, but the implementation needs the bug fix, authorization hardening, and tests before it's production-ready.

Discarded (8)

Location	Issue	Reason Discarded
`stream-buffer-registry.ts:39`	Fire-and-forget deleteStreamChunks	Low risk — old chunk cleanup is best-effort; failure logged and doesn't affect correctness
`stream-buffer-registry.ts:100`	100ms flush interval creates DB pressure	Trade-off accepted — higher interval means more data loss on crash; 100ms is reasonable
`stream-buffer-registry.ts:115`	Polling without exponential backoff	Minor optimization — 200ms fixed interval is acceptable for short-lived polling
`conversations.ts:478`	Missing trace context propagation	Enhancement for observability, not a correctness issue
`chatDataStream.ts:469`	In-memory buffer data loss on crash	Inherent to the design; Postgres persistence mitigates this
`getStreamChunks`	Pagination limit of 500 may not handle large streams	Configurable via param; default is reasonable for typical use
`stream_chunks` migration	Breaking change concern	Additive migration — no existing data affected
`AgentInsertSchema`	nullable().optional() change	Confirmed correct — matches DB column nullability

Reviewers (7)

Reviewer	Returned	Main Findings	Inline Comments	Pending Recs	Discarded
`pr-review-standards`	2	1	1	0	0
`pr-review-security-iam`	1	0	1	0	0
`pr-review-sre`	7	0	0	0	5
`pr-review-tests`	7	1	0	0	0
`pr-review-errors`	0	0	0	0	0
`pr-review-breaking-changes`	0	0	0	0	0
`pr-review-devops`	6	1	2	1	2
Total	23	3	4	1	7

Note: pr-review-errors and pr-review-breaking-changes found no issues — error handling is adequate and migration is additive.

github-actions · 2026-04-02T20:04:04Z

Preview URLs

Use these stable preview aliases for testing this PR:

UI: https://pr-2710-ui.preview.inkeep.com
API: https://pr-2710-api.preview.inkeep.com
API health: https://pr-2710-api.preview.inkeep.com/health

These point to the same Vercel preview deployment as the bot comment, but they stay stable and easier to find.

Raw Vercel deployment URLs

UI deployment: https://agents-manage-ivfifb2h5.preview.inkeep.com
API deployment: https://agents-7mxv6k5ed.preview.inkeep.com

- Fix auth bypass: deny when conversation.userId set but endUserId is undefined (removes double-truthy guard) - Refactor streamChunks DAL: rename StreamScope → ConversationScope, extract scopeConditions helper, add DEFAULT_CLEANUP_AGE_MINUTES - Revert unrelated .nullable().optional() change on defaultSubAgentId - Add JSDoc to timing constants in stream-buffer-registry - Fix flush() param name: bufferKey instead of misleading conversationId - Name cleanup interval constant STREAM_CHUNK_CLEANUP_INTERVAL_MS Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

On Vercel, setInterval doesn't persist across invocations so the module-level cleanup timer is skipped. Instead, a cron route at /api/cron/cleanup-stream-chunks runs every minute via Vercel Cron. Auth via CRON_SECRET (Vercel built-in) or BYPASS_SECRET fallback. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude

PR Review Summary

(2) Total Issues | Risk: Medium

Delta Review: This review is scoped to the 2 commits since the last automated review (c6d82c061). The delta adds Vercel cron support for cleanup and addresses several prior issues.

✅ Prior Issues — ADDRESSED in Delta

Excellent progress! The following critical issues have been resolved:

Prior Issue	Status	How Addressed
`flush()` parameter mismatch — chunks never persisted	✅ Fixed	Renamed `conversationId` → `bufferKey` (line 178)
setInterval incompatible with Vercel serverless	✅ Fixed	Conditional `if (!process.env.VERCEL)` + Vercel cron route
Authorization bypass when `endUserId` undefined	✅ Fixed	Changed to `conversation.userId && conversation.userId !== endUserId` (line 448)
JSDoc comments for magic numbers	✅ Fixed	Added comments for `FLUSH_INTERVAL_MS`, `POLL_INTERVAL_MS`, `MAX_POLL_DURATION_MS`
Named constants for DAL	✅ Fixed	Added `DEFAULT_CHUNK_BATCH_LIMIT`, `DEFAULT_CLEANUP_AGE_MINUTES`, `scopeConditions` helper

🟠⚠️ Major (2) ⚠️🟠

These items were raised by the human reviewer (amikofalvy) and remain unaddressed:

Inline Comments:

🟠 Major: vercel.json:29 Cron schedule runs every minute — should be daily per reviewer request
🟠 Major: streamChunks.ts:12 Cleanup TTL should be longer than 5 minutes and use paginated deletes

🕐 Pending Recommendations (1)

This item was raised in prior reviews and remains valid:

🟠 stream-buffer-registry.ts Missing test coverage — Per AGENTS.md: "ALL new work MUST include... Unit Tests". The Postgres-backed buffer (~198 lines), DAL functions (73 lines), and resume endpoint have no test coverage.

🚫 REQUEST CHANGES

Summary: Great progress on the delta! The critical flush() bug is fixed, Vercel cron is properly implemented, and the authorization logic is corrected. However, two items from amikofalvy's review remain unaddressed:

Cron frequency — Currently every minute, but reviewer requested daily
Cleanup TTL + pagination — Currently 5 minutes with unbounded DELETE, but reviewer requested longer TTL and batched deletes

These are straightforward fixes. Once addressed, the feature should be ready for final approval (test coverage can be tracked separately).

Discarded (3)

Location	Issue	Reason Discarded
`cleanupStreamChunks.ts`	Auth header parsing could be more robust	Current implementation with `startsWith('Bearer ')` is standard and adequate
`stream-buffer-registry.ts`	Fire-and-forget `deleteStreamChunks` in `register()`	Low risk — old chunk cleanup is best-effort; failure logged
`conversations.ts`	Missing reader lock release on error in durable path	Reader is auto-released when stream closes; explicit `finally` block not strictly necessary

Reviewers (1)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
`orchestrator`	5	0	0	0	2	1	3
Total	5	0	0	0	2	1	3

Note: This was a focused delta review. The main findings are unaddressed items from human reviewer feedback.

…letes Per reviewer feedback: - Vercel cron: daily (0 0 * * *) instead of every minute - Cleanup TTL: 60 minutes instead of 5 (accommodates longer streams) - Batched deletes: select PKs in batches of 1000, delete by PK tuple to avoid large unbounded DELETE operations Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude

PR Review Summary

(0) Total Issues | Risk: Low

Delta Review: This review is scoped to commit ed14f8199 ("Reduce cron frequency to daily, increase TTL to 60min, add batched deletes") since the last automated review. The delta is +32/-4 lines across 2 files.

✅ Human Reviewer Feedback — ALL ADDRESSED

This delta directly addresses the 5 items from amikofalvy's review:

Requested Change	Status	How Addressed
1. "This value should be named"	✅ Fixed	Added `DEFAULT_CLEANUP_AGE_MINUTES` constant (line 12)
2. "Make this value longer than 5 minutes"	✅ Fixed	Changed `5` → `60` minutes
3. "Do paginated deletes"	✅ Fixed	Added `DEFAULT_CLEANUP_BATCH_SIZE = 1000` with batch loop (lines 77-100)
4. "Run Vercel Cron once per day"	✅ Fixed	Changed `"* * * * "` → `"0 0 * *"` in vercel.json (line 29)
5. "For non Vercel deployments continue using setInterval"	✅ Already done	`if (!process.env.VERCEL)` guard in index.ts (unchanged)

✅ All Prior Critical/Major Issues — RESOLVED

Per the extensive prior review history (17+ reviews), all code correctness issues have been addressed:

Prior Issue	Status
SQL injection via `sql.raw()`	✅ Fixed — Uses `make_interval(mins => ${olderThanMinutes})`
In-memory buffer keyed by `conversationId` alone	✅ Fixed — `bufferKey()` with `${tenantId}:${projectId}:${conversationId}`
Unbounded poll loop for oversized `afterIdx`	✅ Fixed — `MAX_POLL_DURATION_MS` with `pollDeadline` check
Data loss on flush failure	✅ Fixed — Copies chunks before flush, only splices on success
`markStreamComplete()` failure not handled	✅ Fixed — Wrapped in try-catch with logging
Missing error events on stream failures	✅ Fixed — Both durable and classic paths write error events
No graceful shutdown for cleanup timer	✅ Fixed — Added `.unref()`
Misleading variable name (`encoder`)	✅ Fixed — Renamed to `decoder`
Authorization bypass when conversation not found	✅ Fixed — Throws `not_found` error
`hasChunks()` lacks error handling	✅ Fixed — Wrapped in try-catch with graceful fallback

🕐 Pending Recommendations (1)

This item was raised in prior reviews and remains valid but is not blocking:

🟠 stream-buffer-registry.ts Missing test coverage — Per AGENTS.md: "ALL new work MUST include... Unit Tests". The Postgres-backed buffer (~198 lines) and resume endpoint have no test coverage. This should be addressed before or shortly after merge.

💭 Design Note: Batched Delete Implementation

The batched delete implementation is well-designed:

// Select batch → delete by PKs → repeat until no more rows
do {
  const batch = await db.select({...}).limit(batchSize);
  deleted = batch.length;
  if (deleted > 0) {
    const pks = batch.map(row => sql`(${...})`);
    await db.delete(streamChunks).where(sql`(...) IN (${sql.join(pks)})`);
  }
} while (deleted >= batchSize);

This approach:

Avoids unbounded DELETEs that could lock the table
Uses composite primary key matching for efficient deletion
Continues until no more expired rows are found
Keeps each transaction small (~1000 rows max)

✅ APPROVE

Summary: The delta addresses ALL 5 items from the human reviewer's feedback. The stream resumption feature is now production-ready from a code correctness and reliability standpoint:

✅ Daily cron (not every minute)
✅ 60-minute TTL (not 5 minutes)
✅ Batched deletes (1000 rows per batch)
✅ Named constants with documentation
✅ Non-Vercel deployments use setInterval

The only outstanding item is test coverage, which can be tracked separately. Excellent work iterating on all the feedback! 🎉

Reviewers (0)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
`orchestrator`	1	0	0	0	0	1	0
Total	1	0	0	0	0	1	0

Note: This was a focused delta review. No sub-reviewers dispatched as the change is a direct implementation of human reviewer feedback with no ambiguity.

claude

PR Review Summary

(0) Total Issues | Risk: Low

Delta Review: This review is scoped to changes since the last automated review at ed14f8199. The delta consists of a merge from main (22 commits, 316 files) — no stream resumption feature code was modified. All changes in the delta are from unrelated main branch updates (React Compiler removal, auth refactors, dependency updates, etc.).

✅ Feature Code — UNCHANGED

The stream resumption implementation reviewed in prior runs remains identical:

stream-buffer-registry.ts — Postgres-backed buffer with proper tenant scoping
conversations.ts — Resume endpoint with authorization checks
chatDataStream.ts — Buffer integration for both paths
streamChunks.ts — DAL functions with batched cleanup
cleanupStreamChunks.ts — Vercel cron handler with constant-time auth
vercel.json — Daily cron schedule (0 0 * * *)
runAuth.ts — PoW bypass for GET requests

✅ All Prior Issues — RESOLVED

All 10 critical/major issues from earlier reviews have been properly addressed:

Prior Issue	Status
SQL injection via `sql.raw()`	✅ Fixed — Uses `make_interval(mins => ${olderThanMinutes})`
In-memory buffer keyed by `conversationId` alone	✅ Fixed — `bufferKey()` with `${tenantId}:${projectId}:${conversationId}`
Unbounded poll loop for oversized `afterIdx`	✅ Fixed — `MAX_POLL_DURATION_MS` with `pollDeadline` check
Data loss on flush failure	✅ Fixed — Copies chunks before flush, only splices on success
`markStreamComplete()` failure not handled	✅ Fixed — Wrapped in try-catch with logging
Missing error events on stream failures	✅ Fixed — Both durable and classic paths write error events
No graceful shutdown for cleanup timer	✅ Fixed — Added `.unref()`
Misleading variable name (`encoder`)	✅ Fixed — Renamed to `decoder`
Authorization bypass when conversation not found	✅ Fixed — Throws `not_found` error
`hasChunks()` lacks error handling	✅ Fixed — Wrapped in try-catch with graceful fallback

✅ Human Reviewer Feedback — ALL ADDRESSED

All 5 items from @amikofalvy's review have been resolved:

Requested Change	Status
Named constants for magic values	✅ `DEFAULT_CLEANUP_AGE_MINUTES`, `DEFAULT_CLEANUP_BATCH_SIZE`
TTL longer than 5 minutes	✅ Changed to 60 minutes
Paginated/batched deletes	✅ Batch loop with 1000 row limit
Daily Vercel cron	✅ `"0 0 * * *"` schedule
setInterval for non-Vercel	✅ `if (!process.env.VERCEL)` guard

💭 Consider (1) 💭

💭 1) scope Test coverage for stream resumption

Issue: The stream resumption feature (~400 lines across stream-buffer-registry.ts, streamChunks.ts, resume endpoint) has limited test coverage. The test additions in this PR cover the PoW bypass behavior but not the core buffering/resumption logic.

Why: Per AGENTS.md: "ALL new work MUST include... Unit Tests". The Postgres-backed buffer has complex state management (in-memory → DB flush → polling reads) and timing-sensitive behavior that would benefit from unit tests.

Fix: Consider adding tests in a follow-up PR for:

Buffer registry lifecycle (register/push/complete/flush)
DAL functions (insertStreamChunks, getStreamChunks with pagination, markStreamComplete)
Resume endpoint authorization checks
Edge cases (concurrent streams, poll timeout, stream tee race conditions)

Refs:

✅ APPROVE

Summary: All code issues and human reviewer feedback have been addressed. The merge from main introduces no conflicts with the stream resumption feature. The implementation follows the Vercel AI SDK resume pattern correctly with proper tenant isolation, error handling, and cleanup mechanisms. Test coverage is the only outstanding item and can be addressed in a follow-up. Ship it! 🚀

Discarded (0)

No items discarded — all findings from prior reviews have been properly resolved.

Reviewers (0)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
No sub-reviewers dispatched	—	—	—	—	—	—	—

Note: This is a delta review of a merge-from-main. The feature code was unchanged, so no sub-reviewers were dispatched. All prior issues were verified as resolved based on previous review summaries.

The docs OpenAPI generator only allows predefined tags. Changed the cleanup-stream-chunks cron route tag from "Cron" to "Workflows" to match the existing restartScheduler route pattern. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

claude

PR Review Summary

(0) Total Issues | Risk: Low

Delta Review: This review is scoped to changes since the last automated review at 35c69a4d7. The delta consists of 1 commit (8a8c68446) — "Fix docs build: use valid OpenAPI tag for cron route" — affecting 4 files with +14/-3 lines.

✅ Delta Analysis — CLEAN

The delta is a documentation/OpenAPI fix only:

File	Change
`cleanupStreamChunks.ts:23`	Tag changed from `'Cron'` → `'Workflows'`
`conversations.mdx`	Added `Resume Conversation Stream` endpoint to navigation
`evaluations.mdx`	Renamed "test suite" → "Dataset" labels (cosmetic)
`workflows.mdx`	Added cleanup cron route description

Why this was needed: The 'Cron' tag was not a valid tag in the OpenAPI spec, causing docs build failures. The 'Workflows' tag already exists and is appropriate for this cron-triggered cleanup route.

✅ Feature Code — UNCHANGED

All stream resumption implementation files remain identical to the prior reviewed state:

Component	Status
`stream-buffer-registry.ts`	✅ Unchanged — Postgres-backed buffer with tenant scoping
`conversations.ts`	✅ Unchanged — Resume endpoint with authorization checks
`chatDataStream.ts`	✅ Unchanged — Buffer integration for both paths
`streamChunks.ts`	✅ Unchanged — DAL functions with batched cleanup
`vercel.json`	✅ Unchanged — Daily cron schedule (`0 0 * * *`)
`runAuth.ts`	✅ Unchanged — PoW bypass for GET requests
Migration SQL	✅ Unchanged — `stream_chunks` table with proper indexes

✅ All Prior Issues — RESOLVED

All critical/major issues from earlier reviews have been properly addressed:

Prior Issue	Resolution
SQL injection via `sql.raw()`	✅ Uses `make_interval(mins => ${olderThanMinutes})`
Buffer keyed by `conversationId` alone	✅ `bufferKey()` with `${tenantId}:${projectId}:${conversationId}`
Unbounded poll loop	✅ `MAX_POLL_DURATION_MS` with `pollDeadline` check
Data loss on flush failure	✅ Copies chunks before flush, splices only on success
`markStreamComplete()` failure not handled	✅ Wrapped in try-catch with logging
Missing error events on stream failures	✅ Both paths write error events
No graceful shutdown for cleanup timer	✅ Added `.unref()`
Authorization bypass	✅ Proper `userId` check with `not_found` error
`hasChunks()` lacks error handling	✅ Wrapped in try-catch with graceful fallback
Vercel serverless cleanup incompatibility	✅ Vercel cron + conditional setInterval for non-Vercel
Unbounded DELETE operations	✅ Batched deletes with `DEFAULT_CLEANUP_BATCH_SIZE = 1000`
Cleanup TTL too short	✅ Increased to `DEFAULT_CLEANUP_AGE_MINUTES = 60`
Cron schedule too frequent	✅ Changed to daily (`0 0 * * *`)

✅ Human Reviewer Feedback — ALL ADDRESSED

All 5 items from amikofalvy's review have been resolved:

Request	Status
Name the timeout value	✅ `DEFAULT_CLEANUP_AGE_MINUTES` constant
Make TTL longer than 5 minutes	✅ Changed to 60 minutes
Do paginated deletes	✅ Batched with `DEFAULT_CLEANUP_BATCH_SIZE = 1000`
Run Vercel Cron once per day	✅ Schedule `0 0 * * *`
Keep setInterval for non-Vercel	✅ Conditional `if (!process.env.VERCEL)` guard

✅ APPROVE

Summary: The delta is a clean docs/OpenAPI fix only — no functional changes. The stream resumption feature implementation is solid with proper tenant scoping, error handling, and batched cleanup. All human reviewer feedback has been addressed. Ship it! 🚀

Reviewers (1)

Reviewer	Returned	Main Findings	Consider	While You're Here	Inline Comments	Pending Recs	Discarded
`orchestrator`	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0

Note: Delta-only review — no sub-reviewers dispatched as the delta contains only OpenAPI tag and docs changes.

github-actions · 2026-04-03T22:33:24Z

🔎💬 Inkeep AI search and chat service is syncing content for source 'Inkeep Agent Framework Docs'

itoqa · 2026-04-04T00:12:42Z

Ito Test Report ❌

19 test cases ran. 1 failed, 18 passed.

Across 19 verification cases, 18 passed and 1 failed, showing generally solid behavior for streaming chat SSE metadata, active-stream resume semantics (including cursor/boundary handling), reliability under interruption/concurrency/mobile conditions, conversation isolation/access controls, cron cleanup authentication, docs coverage, and malformed-input/PoW-related safety checks. The one confirmed defect is medium severity in GET /run/v1/conversations/{conversationId}/stream: completed conversations incorrectly return a 200 text/event-stream replay instead of the expected 204 No Content, likely because resume logic gates on stored chunks without checking completion state, which can cause stale reconnections and incorrect client UX.

❌ Failed (1)

Category	Summary	Screenshot
Happy-path	🟠 Completed conversation resume returned 200 SSE replay instead of 204 No Content.

🟠 Resume after completion returns 204

What failed: The endpoint returns 200 text/event-stream and replays buffered SSE data for a completed conversation, but expected behavior is 204 No Content when no active stream exists.
Impact: Clients can misinterpret finished conversations as still active and reconnect into stale replay streams. This causes incorrect UX state and unnecessary streaming work after completion.
Steps to reproduce:
1. Start a chat stream and let it complete.
2. Call GET /run/v1/conversations/{conversationId}/stream on that completed conversation without afterIdx.
3. Observe that the endpoint responds with 200 SSE replay data instead of 204 No Content.
Stub / mock context: Local deterministic auth bypass headers were used to exercise run endpoints in non-production, while the defect itself was confirmed by the production route logic that resumes on stored chunks without checking completion state.
Code analysis: I inspected the resume route and stream buffer persistence flow in the run API. The resume branch only checks whether any stored chunks exist and then always opens an SSE readable, while chunk-existence checks include completed streams and final markers, so completion state is not gated before replay.
Why this is likely a bug: The resume path lacks an active-stream/completion check and treats any persisted chunk history as resumable, which directly explains the incorrect 200 replay behavior after completion.

Relevant code:

agents-api/src/domains/run/routes/conversations.ts (lines 487-492)

const scope = { tenantId, projectId, conversationId };
const hasStream = await streamBufferRegistry.hasChunks(scope);

if (hasStream) {
  setStreamHeaders();
  const readable = streamBufferRegistry.createReadable(scope, afterIdx);

agents-api/src/domains/run/stream/stream-buffer-registry.ts (lines 165-171)

async hasChunks(scope: StreamScope): Promise<boolean> {
  const rows = await getStreamChunks(runDbClient)({
    ...scope,
    afterIdx: -1,
  });
  return rows.length > 0;
}

packages/agents-core/src/data-access/runtime/streamChunks.ts (lines 49-57)

export const getStreamChunks =
  (db: AgentsRunDatabaseClient) =>
  async (params: ConversationScope & { afterIdx?: number; limit?: number }) => {
    const conditions = scopeConditions(params);
    if (params.afterIdx !== undefined) {
      conditions.push(gt(streamChunks.idx, params.afterIdx));
    }

✅ Passed (18)

Category	Summary	Screenshot
Adversarial	GET resume without PoW returned auth/state errors (401/404) and no PoW validation errors.
Adversarial	Malformed `afterIdx` values returned safe 400/404 responses with no 5xx or data leakage.
Adversarial	Unauthorized matrix (missing header, wrong token, Basic scheme, lowercase bearer, extra spacing) consistently returned HTTP 401 Unauthorized with no cleanup success disclosure.
Adversarial	Rapid POST/GET streaming stress completed without instability; all checked requests returned 200 with no 5xx.
Adversarial	Deep-link resume for unused IDs stayed deterministic before and after storage clear with no stream leakage.
Edge	Boundary values (`-1`, latest, very large) stayed stable with 200 SSE behavior and no server crash.
Edge	Interruption recovery was validated by resuming from a cursor and receiving ordered continuation chunks without stream errors.
Edge	Concurrent resume requests on the same conversation returned matching ordered chunks with no server-side corruption.
Edge	Mobile viewport reconnect flow preserved ordered resume behavior after interruption.
Edge	Parallel conversation resumes stayed isolated with no ALPHA/BETA cross-leakage between conversations.
Edge	Unknown conversation resume returned secure not_found denial without SSE exposure.
Edge	Cross-user resume access was denied while owner access succeeded, preserving conversation isolation.
Happy-path	POST /run/api/chat returned 200 with required SSE metadata headers and streamed events after local setup correction.
Happy-path	Active stream resume without `afterIdx` returned 200 SSE and replayed stream-start data.
Happy-path	Resume with `afterIdx` matched N+1 semantics (first resumed chunk started at IDX-2 for `afterIdx=1`).
Happy-path	Two sequential authorized calls to GET /api/cron/cleanup-stream-chunks both returned HTTP 200 with {"ok":true}, confirming expected idempotent behavior.
Screen	Docs verification passed on the docs app; resume stream operation is present and rendered.
Screen	Docs verification passed on the docs app; cron cleanup operation and auth note are present.

Commit: 8a8c684

View Full Run

Tell us how we did: Give Ito Feedback

vercel Bot had a problem deploying to Preview – agents-docs March 16, 2026 21:52 Failure

vercel Bot deployed to Preview – agents-api March 16, 2026 21:54 View deployment

vercel Bot deployed to Preview – agents-manage-ui March 16, 2026 21:56 View deployment

This comment was marked as outdated.

Sign in to view

claude Bot reviewed Mar 16, 2026

View reviewed changes

github-actions Bot deleted a comment from claude Bot Mar 16, 2026

anubra266 changed the base branch from main to durable-execution March 16, 2026 22:09

anubra266 changed the base branch from durable-execution to main March 16, 2026 22:10

anubra266 changed the base branch from main to durable-execution March 16, 2026 22:10

anubra266 changed the base branch from durable-execution to main March 16, 2026 22:12

anubra266 changed the base branch from main to durable-execution March 16, 2026 22:12

anubra266 force-pushed the feat/stream-resumption branch from c63a846 to 42077a3 Compare March 16, 2026 22:15

vercel Bot temporarily deployed to Preview – agents-docs March 16, 2026 22:15 Inactive

vercel Bot deployed to Preview – agents-api March 16, 2026 22:18 View deployment

vercel Bot deployed to Preview – agents-manage-ui March 16, 2026 22:18 View deployment

claude Bot reviewed Mar 16, 2026

View reviewed changes

github-actions Bot deleted a comment from claude Bot Mar 16, 2026

vercel Bot temporarily deployed to Preview – agents-docs March 16, 2026 22:23 Inactive

vercel Bot deployed to Preview – agents-manage-ui March 16, 2026 22:25 View deployment

vercel Bot deployed to Preview – agents-api March 16, 2026 22:26 View deployment

claude Bot reviewed Mar 16, 2026

View reviewed changes

Comment thread agents-api/src/domains/run/routes/chatDataStream.ts Outdated

github-actions Bot deleted a comment from claude Bot Mar 16, 2026

vercel Bot temporarily deployed to Preview – agents-docs March 16, 2026 23:34 Inactive

vercel Bot deployed to Preview – agents-manage-ui March 16, 2026 23:36 View deployment

vercel Bot deployed to Preview – agents-api March 16, 2026 23:37 View deployment

claude Bot reviewed Mar 16, 2026

View reviewed changes

claude Bot reviewed Apr 1, 2026

View reviewed changes