c0358a2fc7
Two upgrade-safety gaps codex flagged in the round before, both now
closed:
1. Next.js HTTP request drain — web/instrumentation.ts.
Next.js calls `register()` once at server boot. Installs one
SIGTERM/SIGINT/SIGHUP listener that:
- marks shutdown-state.ts (so /api/healthz returns 503 immediately
— LB/Traefik readinessProbe drains traffic away within ~4s)
- schedules process.exit after SF_WEB_SHUTDOWN_GRACE_MS (default
30s) — in-flight HTTP requests have time to finish; timer is
NOT unref'd so it keeps the process alive during the drain
Single-install guard via globalThis Symbol so jiti/bundle splits
don't end up with multiple racing timers.
2. Autonomous loop iteration-boundary shutdown awareness —
src/resources/extensions/sf/auto/shutdown-signal.js +
src/resources/extensions/sf/auto/loop.js iteration check.
Before: a SIGTERM mid-iteration killed the loop process before
the current unit's tool calls + DB writes could complete cleanly.
After: shutdown-signal flips a flag on first SIGTERM; loop polls
it at the top of each `while (s.active)` iteration; current unit
finishes, loop exits gracefully, the existing forceShutdown path
takes over to drain the sf_feedback queue and exit.
Includes a force-exit safety timer (SF_AUTONOMOUS_SHUTDOWN_GRACE_MS
or SF_RPC_SHUTDOWN_GRACE_MS, default 10 min) so a hung iteration
doesn't block exit indefinitely.
Test coverage:
- web-shutdown-state.test.ts extended: 6/6 (added ready-route
503-during-drain assertion).
- shutdown-signal: covered indirectly by loop dispatch tests; a
standalone unit test for register/request/snapshot is a small
follow-up.
Net of today's work, the upgrade safety chain for SF on Vega (Layer-1,
Tailscale Serve only) is operationally complete. Layer-2 (cluster
Traefik ingress with weighted blue/green) plugs in via the same
healthz-503 + recovery primitives — no further SF source changes
needed for that path.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| app | ||
| components | ||
| hooks | ||
| lib | ||
| pages | ||
| public | ||
| styles | ||
| .gitignore | ||
| components.json | ||
| eslint.config.mjs | ||
| instrumentation.ts | ||
| next-env.d.ts | ||
| next.config.mjs | ||
| package-lock.json | ||
| package.json | ||
| postcss.config.mjs | ||
| proxy.ts | ||
| README.md | ||
| tsconfig.json | ||
sf server
Next.js 15 (App Router) frontend for sf server. Ships as a standalone bundle
baked into the sf release; can also be run from source for development.
What this is
The web UI is a browser workspace for sf. It connects to a bridge service
(src/web/bridge-service.ts) that manages an sf subprocess per project CWD and
proxies RPC commands over stdio. The page is a single-page app: no server-side
rendering, client-only via dynamic(..., { ssr: false }).
How to run
Packaged (normal use)
sf server # launches Next.js standalone server and opens browser
sf server --port 3000 # pick a specific port
Source dev mode (requires the repo checked out)
npm --prefix web run dev
The dev server needs these env vars (set automatically by sf server; set
manually for source dev):
| Variable | Description |
|---|---|
SF_WEB_AUTH_TOKEN |
Bearer token for all API requests |
SF_WEB_PROJECT_CWD |
Absolute path of the project being served |
SF_WEB_HOST |
Host to bind (default 127.0.0.1) |
SF_WEB_PORT |
Port to bind |
Auth
On first page load the client reads the bearer token from the URL fragment
(#token=…), stores it in localStorage under sf-auth-token, and strips the
fragment from the URL.
All subsequent requests attach it:
- Fetch / API routes —
Authorization: Bearer <token>header (viaauthFetch/authHeadersinweb/lib/auth.ts). - SSE routes —
?_token=<token>query parameter (EventSource doesn't support custom headers).
Architecture
Browser
└─ page.tsx (dynamic, ssr:false)
└─ SFAppShell
├─ WorkspaceChrome — layout chrome, sidebar, status bar
│ └─ 7 views (see below)
└─ CommandSurface — slash-command palette
Next.js API routes (web/app/api/**/route.ts)
└─ delegate to *-service.ts files in src/web/
└─ bridge-service.ts — per-CWD singleton sf subprocess (RPC over stdio)
bridge-service.ts spawns sf as a child process, speaks JSON-RPC over stdio,
and multiplexes all API routes onto that single bridge. Auth is enforced before
requests reach the bridge via requireProjectCwd() (which validates the token
and resolves the CWD from SF_WEB_PROJECT_CWD).
The 7 views
| View key | Component | Purpose |
|---|---|---|
dashboard |
Dashboard |
Live project status, metrics, quick-start panel |
chat |
ChatMode |
Conversational agent interface |
power |
DualTerminal |
Full-screen split terminal (agent + shell) |
roadmap |
Roadmap |
Milestone and slice plan explorer |
files |
FilesView |
Project file browser with syntax highlighting |
activity |
ActivityView |
Event log and session history |
visualize |
VisualizerView |
Dependency graph and architecture visualizer |
Adding a new API route
- Create
web/app/api/<name>/route.tsthat callsrequireProjectCwd(request)for auth/CWD resolution, then delegates to a service:
// web/app/api/my-feature/route.ts
import { requireProjectCwd } from "../../../../src/web/bridge-service.ts";
import { collectMyFeatureData } from "../../../../src/web/my-feature-service.ts";
export const runtime = "nodejs";
export const dynamic = "force-dynamic";
export async function GET(request: Request): Promise<Response> {
const projectCwd = requireProjectCwd(request);
const data = await collectMyFeatureData(projectCwd);
return Response.json(data, { headers: { "Cache-Control": "no-store" } });
}
- Implement
src/web/my-feature-service.tswith the actual logic (may call the bridge or read disk directly).
Tests
Tests for web utilities live in web/lib/__tests__/ and run via Vitest:
npx vitest run web/lib --config vitest.config.ts
Note: co-located
*.test.tsfiles insideweb/outside of__tests__/subdirectories are silently skipped by the root Vitest config. Always place web tests underweb/lib/__tests__/.