Skip to content

feat(runtime): remote runtime with full TUI parity and production readiness#2749

Merged
dgageot merged 20 commits into
docker:mainfrom
dgageot:board/074ed77690091b57
May 11, 2026
Merged

feat(runtime): remote runtime with full TUI parity and production readiness#2749
dgageot merged 20 commits into
docker:mainfrom
dgageot:board/074ed77690091b57

Conversation

@dgageot
Copy link
Copy Markdown
Member

@dgageot dgageot commented May 11, 2026

Summary

This PR implements 20 incremental steps to bring the remote runtime to full TUI parity and production readiness, building on top of the wire protocol scaffolding introduced in #2723.

Batch 1 — Feature parity (19 commits)

Every ErrUnsupported in RemoteRuntime is now gone.

Commit What
50de1ad SSE event streaming — GET /v1/sessions/:id/events
0215b65 Remote session store — list, get, delete sessions over wire
b90e7c8 Agent tools list — GET /v1/sessions/:id/tools
d081fdb Model switching, MCP prompts, skills, compact, toolsets, pause
f9c333a Snapshot operations — undo, reset, list snapshots
e960c67 Session store writes — add/update messages and summaries
89eb319 Session metadata — token counts, starred
f90424 Health & readiness endpoints — /health, /ready
4234c21 + 48d32a2 SSE reconnection with exponential backoff

Batch 2 — Production readiness

Commit What
080da02 Per-request timeouts (30s metadata / 5m streaming) + server respects ctx cancellation
59fd74b Batch session delete & export — one round-trip instead of N
1b9f9541 Graceful degradation on store failure + /v1/sessions/:id/recovery
0608896 Bearer token auth — --auth-token flag, middleware, WithAuthToken client option
bf25b1f Queue depth endpoint + 429 backpressure with Retry-After header

Security fixes (post-review)

Commit What
f061ac8 Constant-time token comparison, missing auth headers on SSE, context shadowing fix, backoff underflow guard
8360baa Remove redundant UpdateSession calls that could overwrite concurrent writes
0105b5a Missing select statement in retry backoff loop
c74ce71 Linter cleanup

@dgageot dgageot requested a review from a team as a code owner May 11, 2026 14:02
@dgageot dgageot force-pushed the board/074ed77690091b57 branch from c74ce71 to 77e084c Compare May 11, 2026 14:45
dgageot added 20 commits May 11, 2026 17:12
@dgageot
feat(runtime): add SSE event streaming to RemoteClient
92d7208
@dgageot
feat(runtime): add remote session store operations
87c2cc5
@dgageot
feat(runtime): add agent tools retrieval from session
62f3e38
@dgageot
feat(runtime): add model switching, MCP prompts, skills, compaction, …
46e1aac 
…toolsets, and pause
@dgageot
feat(runtime): add snapshot operations for undo and reset
d9dd88b
@dgageot
feat: session store write operations - add message and summary endpoints
7483143
@dgageot
feat: session metadata updates - add tokens and starred endpoints
0df94f1
@dgageot
feat: health and readiness endpoints - add /health and /ready with st…
46ae4f2 
…ore connectivity
@dgageot
feat: SSE reconnection with exponential backoff - auto-reconnect with…
4f58a21 
… connection loss/restored events
@dgageot
fix: add linter directive for backoff calculation
02d0829
@dgageot
feat: per-request timeouts and context cancellation propagation
aabc07f
@dgageot
feat: batch session delete and export operations
0885664
@dgageot
feat: graceful degradation on session store failure with recovery end…
d23ea10 
…point
@dgageot
feat: optional bearer token authentication for API server
12739a9
@dgageot
feat: queue depth endpoint and 429 backpressure for full queues
fd856d7
@dgageot
fix: security and bug fixes for API authentication and client
61e6aec 
- Use constant-time comparison for bearer token to prevent timing attacks
- Remove duplicate Authorization header in runAgentWithAgentName
- Fix context cancellation in StreamSessionEvents (was cancelling too early)
- Add missing Authorization header to StreamSessionEvents
- Fix backoff calculation to avoid underflow when attempt==1
- Use request context instead of Background() in ready endpoint
- Add safe type assertions in QueueStatus to prevent panics
@dgageot
fix: remove redundant UpdateSession calls in AddMessage and UpdateMes…
3c103c8 
…sage

The AddMessage and UpdateMessage methods were calling UpdateSession with
stale session objects, which could overwrite concurrent changes. The
store methods already persist the changes, so the UpdateSession calls
are unnecessary and potentially harmful.
@dgageot
fix: add missing select statement in backoff retry logic
68d79d2
@dgageot
fix: remove extra blank line for linter
a5372ee
@dgageot
fix: resolve rebase conflicts - update method signatures and stub cli…
dc7a37e 
…ent for interface compatibility
@dgageot dgageot force-pushed the board/074ed77690091b57 branch from 77e084c to dc7a37e Compare May 11, 2026 15:14
@dgageot dgageot merged commit f31c2e3 into docker:main May 11, 2026
5 checks passed
@BrewTestBot BrewTestBot mentioned this pull request May 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rumpl rumpl rumpl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dgageot @rumpl