fix(serve): fold-in 4 — qwen-latest review (#4175 Wave 4 PR 17)

doudouOUC · doudouOUC · commit a04789048ff2 · 2026-05-18T23:51:23.000+08:00
Round-4 reviewer adoption (qwen-latest-series-invite-beta-v28):

- C1: hoist `persistApprovalMode` guard before the ACP roundtrip so a
  missing callback no longer leaves the daemon's mode shifted while the
  caller observes a 500 (httpAcpBridge.ts).
- C2: serialize `persistApprovalMode` and `persistDisabledTools` through
  a per-workspace promise chain (`withSettingsLock`) so concurrent
  toggles can't lose updates in the read-modify-write window
  (runQwenServe.ts).
- C3: trim `toolName` before persisting in `/workspace/tools/:name/enable`
  so the write path matches `loadCliConfig`'s `.trim()` on read.
  Re-validates empty-after-trim with 400 `invalid_tool_name`.
- S1: cap `serverName` at `MAX_SERVER_NAME_LENGTH=256` on
  `/workspace/mcp/:server/restart` for parity with the tool-toggle cap.
- S2: when `persist:true` succeeds, mirror `approval_mode_changed` via
  `broadcastWorkspaceEvent` so peer sessions in the same workspace
  observe the new default before their next ACP child spawn.
- S3: `'noop'` added to `FakeBridge.initWorkspaceImpl` return type.
- S5: `qwen-serve-protocol.md` action enumeration now includes
  `'noop'` and notes how the SSE event mirrors the response action.

S4 (sync IO inside async persist callbacks) is acknowledged but
deferred — `loadSettings` is the project-wide read path and the H2
fold-in already restricted us to workspace-scope-only consumption,
keeping the sync window bounded. Fully eliminating it requires
swapping `loadSettings` to async across the CLI, which is out of scope.

7 new tests:
- server.test.ts × 3: tool-name trim, whitespace-only 400, server-name
  256 cap.
- httpAcpBridge.test.ts × 4: pre-call guard ordering for persist:true
  (no callback), persist:false bypasses guard, persist:true broadcasts
  to peer sessions, persist:false stays session-scoped.

Typecheck clean across cli / sdk-typescript / core.
1599/1599 unit tests pass.
diff --git a/docs/developers/qwen-serve-protocol.md b/docs/developers/qwen-serve-protocol.md
@@ -1183,7 +1183,7 @@ Response (200):
 { "path": "/work/bound/QWEN.md", "action": "created" }
 ```
 
-`action` is `'created'` for fresh creates and whitespace-only overrides; `'overwrote'` when `force: true` replaced non-empty content.
+`action` is `'created'` for fresh creates, `'noop'` when an existing whitespace-only file was left untouched (no write performed), and `'overwrote'` when `force: true` replaced non-empty content. The `workspace_initialized` SSE event mirrors the response action — observers can filter for `action !== 'noop'` to react only to actual on-disk changes.
 
 Errors:
 
diff --git a/packages/cli/src/serve/httpAcpBridge.test.ts b/packages/cli/src/serve/httpAcpBridge.test.ts
@@ -53,6 +53,7 @@ import {
 } from './httpAcpBridge.js';
 import { createInMemoryChannel } from './inMemoryChannel.js';
 import type { BridgeEvent } from './eventBus.js';
+import { ApprovalMode } from '@qwen-code/qwen-code-core';
 
 // Workspace fixtures must round-trip through `path.resolve` so the
 // expected values match what the bridge canonicalizes internally on
@@ -4279,6 +4280,189 @@ describe('createHttpAcpBridge', () => {
     });
   });
 
+  describe('setSessionApprovalMode (#4175 Wave 4 PR 17)', () => {
+    /**
+     * #4282 fold-in 4 (qwen-latest C1). Build a channel factory whose
+     * extMethod handler answers `qwen/control/session/approval_mode`
+     * with the expected `{previous, current}` shape. Tracks invocations
+     * so the guard-ordering tests can assert that the ACP call did NOT
+     * happen when the persist contract was already violated upfront.
+     */
+    function approvalModeFactoryWithCallTracker(): {
+      factory: ChannelFactory;
+      getCalls: () => Array<{ method: string }>;
+    } {
+      const calls: Array<{ method: string }> = [];
+      const factory: ChannelFactory = async () => {
+        const { clientStream, agentStream } = createInMemoryChannel();
+        const agent = new FakeAgent({
+          extMethodImpl: (method, params) => {
+            calls.push({ method });
+            if (method === 'qwen/control/session/approval_mode') {
+              return Promise.resolve({
+                previous: 'default',
+                current: (params as { mode: string }).mode,
+              });
+            }
+            return Promise.resolve({});
+          },
+        });
+        new AgentSideConnection(() => agent as Agent, agentStream);
+        return {
+          stream: clientStream,
+          exited: new Promise<
+            | { exitCode: number | null; signalCode: NodeJS.Signals | null }
+            | undefined
+          >(() => {}),
+          kill: async () => {},
+          killSync: () => {},
+        };
+      };
+      return { factory, getCalls: () => calls };
+    }
+
+    it('throws BEFORE the ACP roundtrip when persist:true but no callback wired', async () => {
+      // The previous post-ACP placement of the persist guard meant a
+      // missing callback produced a 500 *after* the ACP child had
+      // already applied the mode change — observable to other in-flight
+      // requests but invisible to the caller. Pre-call ordering closes
+      // that window; assert by checking the ACP `extMethod` was never
+      // invoked when the guard fires.
+      const { factory, getCalls } = approvalModeFactoryWithCallTracker();
+      const bridge = makeBridge({ channelFactory: factory });
+      const session = await bridge.spawnOrAttach({ workspaceCwd: WS_A });
+      await expect(
+        bridge.setSessionApprovalMode(
+          session.sessionId,
+          ApprovalMode.YOLO,
+          { persist: true },
+          undefined,
+        ),
+      ).rejects.toThrow(/persistApprovalMode/);
+      expect(
+        getCalls().some(
+          (c) => c.method === 'qwen/control/session/approval_mode',
+        ),
+      ).toBe(false);
+      await bridge.shutdown();
+    });
+
+    it('persist:false bypasses the guard regardless of callback wiring', async () => {
+      // Symmetric coverage for the guard: when `persist` is omitted /
+      // false, the missing callback is irrelevant and the ACP call must
+      // proceed normally. Without this check, a future regression that
+      // moves the guard could over-restrict the no-persist path.
+      const { factory } = approvalModeFactoryWithCallTracker();
+      const bridge = makeBridge({ channelFactory: factory });
+      const session = await bridge.spawnOrAttach({ workspaceCwd: WS_A });
+      const res = await bridge.setSessionApprovalMode(
+        session.sessionId,
+        ApprovalMode.YOLO,
+        { persist: false },
+        undefined,
+      );
+      expect(res.persisted).toBe(false);
+      expect(res.mode).toBe('yolo');
+      await bridge.shutdown();
+    });
+
+    it('broadcasts approval_mode_changed to peer sessions when persisted (#4282 fold-in 4 S2)', async () => {
+      // When `persist:true` succeeds the change becomes the workspace
+      // default, so a peer session needs to know its next ACP child
+      // will spawn into a different mode. The session-scoped publish
+      // remains the authoritative signal for the requester; the
+      // workspace broadcast is the informational mirror for peers.
+      const { factory } = approvalModeFactoryWithCallTracker();
+      const bridge = makeBridge({
+        channelFactory: factory,
+        persistApprovalMode: async () => {},
+      });
+      const a = await bridge.spawnOrAttach({
+        workspaceCwd: WS_A,
+        sessionScope: 'thread',
+      });
+      const b = await bridge.spawnOrAttach({
+        workspaceCwd: WS_A,
+        sessionScope: 'thread',
+      });
+      const aborts = [new AbortController(), new AbortController()];
+      const itA = bridge
+        .subscribeEvents(a.sessionId, { signal: aborts[0]!.signal })
+        [Symbol.asyncIterator]();
+      const itB = bridge
+        .subscribeEvents(b.sessionId, { signal: aborts[1]!.signal })
+        [Symbol.asyncIterator]();
+      await bridge.setSessionApprovalMode(
+        a.sessionId,
+        ApprovalMode.YOLO,
+        { persist: true },
+        undefined,
+      );
+      // Session A receives both the session-scoped event and the
+      // workspace-scoped mirror; collect two events.
+      const aFirst = await itA.next();
+      const aSecond = await itA.next();
+      const aTypes = [aFirst.value?.type, aSecond.value?.type];
+      expect(aTypes.filter((t) => t === 'approval_mode_changed').length).toBe(
+        2,
+      );
+      // Session B receives only the workspace-scoped mirror.
+      const bFirst = await itB.next();
+      expect(bFirst.value?.type).toBe('approval_mode_changed');
+      expect(bFirst.value?.data).toMatchObject({
+        sessionId: a.sessionId,
+        previous: 'default',
+        next: 'yolo',
+        persisted: true,
+      });
+      aborts.forEach((a) => a.abort());
+      await bridge.shutdown();
+    });
+
+    it('does NOT broadcast to peers when persisted is false', async () => {
+      // Symmetric coverage: ephemeral changes affect only the
+      // requesting session and must not surface on peer SSE buses, or
+      // peer UIs would react to a workspace-wide change that didn't
+      // happen.
+      const { factory } = approvalModeFactoryWithCallTracker();
+      const bridge = makeBridge({ channelFactory: factory });
+      const a = await bridge.spawnOrAttach({
+        workspaceCwd: WS_A,
+        sessionScope: 'thread',
+      });
+      const b = await bridge.spawnOrAttach({
+        workspaceCwd: WS_A,
+        sessionScope: 'thread',
+      });
+      const aborts = [new AbortController(), new AbortController()];
+      const itA = bridge
+        .subscribeEvents(a.sessionId, { signal: aborts[0]!.signal })
+        [Symbol.asyncIterator]();
+      const itB = bridge
+        .subscribeEvents(b.sessionId, { signal: aborts[1]!.signal })
+        [Symbol.asyncIterator]();
+      await bridge.setSessionApprovalMode(
+        a.sessionId,
+        ApprovalMode.YOLO,
+        { persist: false },
+        undefined,
+      );
+      const aFirst = await itA.next();
+      expect(aFirst.value?.type).toBe('approval_mode_changed');
+      // Race the peer subscriber against a 50ms timer. Without a
+      // timeout the test would hang because no event is expected.
+      const timed = await Promise.race([
+        itB.next().then((v) => ({ kind: 'event' as const, v })),
+        new Promise((r) => setTimeout(r, 50)).then(() => ({
+          kind: 'timeout' as const,
+        })),
+      ]);
+      expect(timed.kind).toBe('timeout');
+      aborts.forEach((a) => a.abort());
+      await bridge.shutdown();
+    });
+  });
+
   describe('setWorkspaceToolEnabled (#4175 Wave 4 PR 17)', () => {
     it('throws when no persistDisabledTools callback is wired', async () => {
       const bridge = makeBridge();
diff --git a/packages/cli/src/serve/httpAcpBridge.ts b/packages/cli/src/serve/httpAcpBridge.ts
@@ -3792,6 +3792,21 @@ export function createHttpAcpBridge(opts: BridgeOptions): HttpAcpBridge {
         entry,
         context?.clientId,
       );
+      // #4282 fold-in 4 (qwen-latest C1): validate the persist contract
+      // BEFORE the ACP roundtrip changes the in-process mode. The previous
+      // post-call placement meant a missing `persistApprovalMode` callback
+      // produced a 500 *after* the ACP child had already applied the
+      // mode change — observable to other in-flight requests but
+      // invisible to the caller. Mirrors the pre-call validation in
+      // `setWorkspaceToolEnabled`.
+      if (opts.persist && !persistApprovalMode) {
+        throw new Error(
+          'setSessionApprovalMode called with `persist: true` but no ' +
+            '`persistApprovalMode` callback wired in BridgeOptions. ' +
+            'runQwenServe wires the production callback; direct embeds ' +
+            'and tests must opt in or omit `persist`.',
+        );
+      }
       let response: { previous: ApprovalMode; current: ApprovalMode };
       try {
         response = (await Promise.race([
@@ -3828,21 +3843,6 @@ export function createHttpAcpBridge(opts: BridgeOptions): HttpAcpBridge {
         }
         throw err;
       }
-      // #4282 wenshao H3 fold-in: throw clearly when the caller asked
-      // for `persist: true` but the bridge wasn't wired with a
-      // `persistApprovalMode` callback. The previous silent
-      // `persisted: false` was indistinguishable from "hook ran but
-      // failed" or genuine `persisted: true` from the caller's point
-      // of view, leaving a contract gap. Mirrors the throw in
-      // `setWorkspaceToolEnabled` for the same situation.
-      if (opts.persist && !persistApprovalMode) {
-        throw new Error(
-          'setSessionApprovalMode called with `persist: true` but no ' +
-            '`persistApprovalMode` callback wired in BridgeOptions. ' +
-            'runQwenServe wires the production callback; direct embeds ' +
-            'and tests must opt in or omit `persist`.',
-        );
-      }
       let persisted = false;
       if (opts.persist) {
         try {
@@ -3874,6 +3874,25 @@ export function createHttpAcpBridge(opts: BridgeOptions): HttpAcpBridge {
       } catch {
         /* bus closed */
       }
+      // #4282 fold-in 4 (qwen-latest S2): when the change is persisted to
+      // workspace settings, the new mode becomes the default for every
+      // future session in this workspace. Fan out a workspace-scoped
+      // mirror so peer sessions can update their UI before they next
+      // spawn an ACP child. The session-scoped publish above remains the
+      // authoritative signal for the requesting session (and carries the
+      // sessionId in `data`); the workspace mirror is informational.
+      if (persisted) {
+        broadcastWorkspaceEvent({
+          type: 'approval_mode_changed',
+          data: {
+            sessionId: entry.sessionId,
+            previous: response.previous,
+            next: response.current,
+            persisted,
+          },
+          ...(originatorClientId ? { originatorClientId } : {}),
+        });
+      }
       return {
         sessionId: entry.sessionId,
         mode: response.current,
diff --git a/packages/cli/src/serve/runQwenServe.ts b/packages/cli/src/serve/runQwenServe.ts
@@ -48,6 +48,40 @@ function formatHostForUrl(host: string): string {
   return host;
 }
 
+/**
+ * #4282 fold-in 4 (qwen-latest C2). Per-workspace promise chain that
+ * serializes settings read-modify-write cycles inside this process.
+ *
+ * Both `persistApprovalMode` and `persistDisabledTools` re-read
+ * `tools.disabled` (or `tools.approvalMode`) from disk before writing
+ * the merged result back, which is a textbook lost-update window if
+ * two concurrent HTTP requests land at the same workspace. Threading
+ * each call through this lock collapses the window: the first request
+ * holds the chain until its `setValue` flush completes, and the second
+ * sees the post-write state when it runs its own load.
+ *
+ * Scope is INTRA-process: a separate `qwen serve` invocation against
+ * the same workspace would not share the Map, but per-workspace
+ * single-daemon is the supported deployment shape (see #3803 §02).
+ * The lock decays naturally — when no callers are queued, the chain
+ * resolves and stays mounted in the Map; the per-workspace memory
+ * cost is one settled Promise and one Map entry.
+ *
+ * Errors propagate to the caller; the chain advances to the next
+ * waiter regardless via the `.then(fn, fn)` pattern, so a single
+ * failed write doesn't permanently stall persistence.
+ */
+const settingsWriteLocks = new Map<string, Promise<unknown>>();
+function withSettingsLock<T>(
+  workspace: string,
+  fn: () => Promise<T>,
+): Promise<T> {
+  const prev = settingsWriteLocks.get(workspace) ?? Promise.resolve();
+  const next = prev.then(fn, fn);
+  settingsWriteLocks.set(workspace, next);
+  return next;
+}
+
 export interface RunHandle {
   server: Server;
   url: string;
@@ -285,10 +319,22 @@ export async function runQwenServe(
       // another writer (CLI, another daemon, an editor) could have
       // touched the file between calls, so the freshest state wins
       // over a stale in-memory cache.
-      persistApprovalMode: async (workspace, mode) => {
-        const fresh = loadSettings(workspace);
-        fresh.setValue(SettingScope.Workspace, 'tools.approvalMode', mode);
-      },
+      //
+      // #4282 fold-in 4 (qwen-latest C2): both persist callbacks run
+      // through `withSettingsLock` — a per-workspace promise chain that
+      // serializes the read-modify-write cycle. Without the lock, two
+      // concurrent `POST /workspace/tools/:name/enable` requests could
+      // both read the same pre-modification state and the second write
+      // would silently overwrite the first toggle, leaving the disk
+      // copy out of sync with the SDK reducer's view. The lock costs
+      // one tick of latency per call but eliminates the lost-update
+      // window for the entire process; cross-daemon races against the
+      // same workspace file remain (rare; documented).
+      persistApprovalMode: (workspace, mode) =>
+        withSettingsLock(workspace, async () => {
+          const fresh = loadSettings(workspace);
+          fresh.setValue(SettingScope.Workspace, 'tools.approvalMode', mode);
+        }),
       // #4175 Wave 4 PR 17: `POST /workspace/tools/:name/enable` writes
       // through this callback. Re-reads settings on each call (same
       // freshness rationale as `persistApprovalMode`) and merges into
@@ -303,22 +349,23 @@ export async function runQwenServe(
       // toggle. Subsequent removals at the originating scope (e.g.
       // User) would no longer take effect because the names have been
       // baked into the workspace file with no obvious source.
-      persistDisabledTools: async (workspace, toolName, enabled) => {
-        const fresh = loadSettings(workspace);
-        const wsScope = fresh.forScope(SettingScope.Workspace).settings;
-        const wsDisabled = wsScope.tools?.disabled;
-        const current = Array.isArray(wsDisabled)
-          ? wsDisabled.filter((v): v is string => typeof v === 'string')
-          : [];
-        const next = new Set(current);
-        if (enabled) next.delete(toolName);
-        else next.add(toolName);
-        fresh.setValue(
-          SettingScope.Workspace,
-          'tools.disabled',
-          [...next].sort(),
-        );
-      },
+      persistDisabledTools: (workspace, toolName, enabled) =>
+        withSettingsLock(workspace, async () => {
+          const fresh = loadSettings(workspace);
+          const wsScope = fresh.forScope(SettingScope.Workspace).settings;
+          const wsDisabled = wsScope.tools?.disabled;
+          const current = Array.isArray(wsDisabled)
+            ? wsDisabled.filter((v): v is string => typeof v === 'string')
+            : [];
+          const next = new Set(current);
+          if (enabled) next.delete(toolName);
+          else next.add(toolName);
+          fresh.setValue(
+            SettingScope.Workspace,
+            'tools.disabled',
+            [...next].sort(),
+          );
+        }),
     });
   let actualPort = opts.port;
   // Pass the already-canonical `boundWorkspace` into `createServeApp`
diff --git a/packages/cli/src/serve/server.test.ts b/packages/cli/src/serve/server.test.ts
diff --git a/packages/cli/src/serve/server.ts b/packages/cli/src/serve/server.ts
