feat(serve): POST /session/:id/compress + POST /session/:id/_meta (T1.3 + T1.4 from #4514)

[doudouOUC]

Summary

Closes the two Tier-1 S-sized routes called out in the daemon capability backlog #4514 (claimed in this comment):

• T1.3 POST /session/:id/compress — manual compaction over HTTP, equivalent to TUI /compress. Mutates session history.
• T1.4 POST /session/:id/_meta + GET /session/:id/_meta — daemon-side per-session KV bag for IM/channel adapters (chat_id, sender_id, thread_id).

Bundled as ONE PR because both are S-sized session-mutation routes touching the same surface (status / bridgeTypes / bridge / server / capabilities / events / SDK / barrels / tests / docs) and share the mutation-gate plumbing. Template: shipped POST /session/:id/approval-mode (Wave 4 PR 17).

T1.3 design — POST /session/:id/compress

• Forwards through new qwen/control/session/compress ACP extMethod into the agent's GeminiClient.tryCompressChat(force=true). Always force=true server-side (matches TUI); accepts empty {} body — no force field in v1 schema.
• Returns {sessionId, originalTokenCount, newTokenCount, compressionStatus, durationMs}. compressionStatus is the string name of core's CompressionStatus enum ('COMPRESSED', 'NOOP', 'COMPRESSION_FAILED_*').
• Publishes session_compacted SSE event ONLY when compressionStatus !== 'NOOP' — NOOP means below-threshold, history unchanged; emitting would falsely bump the reducer's sessionCompactedCount.
• Two-tier concurrency guard:
  • CompactionInFlightError → HTTP 409 compaction_in_flight when another compress is mid-LLM-call.
  • PromptInFlightError → HTTP 409 prompt_in_flight when entry.activePromptOriginatorClientId is set; the agent's own pre-send tryCompress inside sendMessageStream would race the daemon-driven call on the same chat object.
• Non-strict mutation gate (parity with /prompt and feat(serve): add POST /session/:id/recap #4504 /recap template).
• 180s timeout (SESSION_COMPRESS_TIMEOUT_MS). AbortSignal propagation deferred to a follow-up — placeholder signal in v1; operators wait or killSession.

T1.4 design — POST/GET /session/:id/_meta

• Daemon-side only — no ACP roundtrip; in-memory map on SessionEntry evicted automatically by byId.delete(sessionId) in close/kill.
• NOT injected into LLM prompt in v1; surfaced via the GET route, echoed on GET /session/:id/context (state.meta, always present even when {} when the session_meta capability tag is advertised — avoids old-daemon-vs-empty-bag ambiguity), and pushed via session_meta_changed SSE event on every write.
• Event carries the FULL new bag, not a diff, so subscribers converge regardless of Last-Event-ID gaps.
• Validation:
  • Key regex: ^[a-zA-Z][a-zA-Z0-9_.-]{0,63}$ → 400 invalid_meta_key.
  • Reserved qwen. prefix → 400 reserved_meta_key.
  • Total serialized cap 8 KB → 413 meta_too_large.
  • null values under merge:true SET the key to null (per JSON semantics); per-key DELETE deferred.
• Not persisted across daemon restart in v1; sessions restored via load/resume come back with meta: {}.

Wire surface added

• 2 capability tags: session_compress, session_meta.
• 1 ACP control extMethod: qwen/control/session/compress.
• 2 SSE event types: session_compacted, session_meta_changed.
• 6 SDK type exports re-exported from both barrels:
  • DaemonCompressSessionResult, DaemonSessionMetaResult (result types)
  • DaemonSessionCompactedData, DaemonSessionMetaChangedData (event data shapes)
  • DaemonSessionCompactedEvent, DaemonSessionMetaChangedEvent (envelopes)
• SDK helpers:
  • DaemonClient.compressSession(sessionId, {clientId?})
  • DaemonClient.setSessionMeta(sessionId, {meta, merge?}, {clientId?})
  • DaemonClient.getSessionMeta(sessionId, {clientId?})
  • DaemonSessionClient.compress() / .setMeta(meta, {merge?}) / .getMeta()

Out of scope (parked follow-ups)

• Auto-inject _meta into LLM prompt context (needs pilot to validate prompt format).
• Durable _meta across daemon restart (revisit when T2.1 graduates unstable_session_resume to stable).
• Per-key DELETE /_meta/:key (replace-with-fewer-keys covers v1).
• AbortSignal propagation on compress (cancel surface is its own design).
• Hard prompt-side serialization vs in-flight compress (v1 only fences at compress START).
• ETag / optimistic concurrency on _meta (last-write-wins in v1).

Test plan

• npm run typecheck --workspace packages/acp-bridge --workspace packages/cli --workspace packages/sdk-typescript — all green
• packages/acp-bridge/src/bridge.test.ts — 198 tests passing (15 new: 5 T1.3 + 10 T1.4)
• packages/cli/src/serve/server.test.ts — 270 tests passing (15 new: 6 T1.3 + 9 T1.4) + EXPECTED_*_FEATURES fixtures bumped for the two new capability tags
• packages/sdk-typescript/test/unit/{DaemonClient,DaemonSessionClient,daemonEvents,daemon-public-surface}.test.ts — 238 tests passing (14 new: 7 DaemonClient + 1 DaemonSessionClient + 5 reducer/narrow + 1 public-surface)
• Manual smoke against local qwen serve --token=dev-token:

  curl -X POST http://127.0.0.1:4170/session/$SID/compress
  curl -X POST http://127.0.0.1:4170/session/$SID/_meta -d '{"meta":{"chat_id":"42","sender":"u9"},"merge":true}'
  curl http://127.0.0.1:4170/session/$SID/_meta
  curl http://127.0.0.1:4170/session/$SID/context | jq .state.meta
  

• Manual SSE echo: subscribe with curl -N, verify session_compacted + session_meta_changed frames arrive.
• Manual 409 collision: fire two parallel compress calls; expect one 200 + one 409 compaction_in_flight.

Docs

• docs/developers/qwen-serve-protocol.md — 3 new subsections (compress, POST meta, GET meta) + capability list bump + state.meta echo on the context section.
• docs/users/qwen-serve.md — 2 new bullets under "What it gives you" + updated §363 wire-event caveat (compress + meta now DO publish events).

🤖 Generated with Qwen Code

[github-actions]

📋 Review Summary

This PR implements two Tier-1 S-sized routes from the daemon capability backlog (#4514): manual session compression (POST /session/:id/compress) and per-session metadata bag (POST/GET /session/:id/_meta). The implementation is well-structured with comprehensive test coverage, clear error handling, and thoughtful concurrency guards. The changes span the full stack (bridge, server, SDK, docs) with consistent patterns.

🔍 General Feedback

• Strong architectural consistency: Both routes follow established patterns from prior mutation routes (/prompt, /recap, /approval-mode) with non-strict mutation gates and proper event fan-out.
• Excellent documentation: The PR body provides exceptional design rationale, wire contract details, and explicit out-of-scope items for follow-ups.
• Comprehensive test coverage: Tests cover happy paths, error cases (409 conflicts, 400 validation, 413 size limits), and event emission patterns.
• Thoughtful concurrency handling: Two-tier guards for compress (compaction-in-flight + prompt-in-flight) demonstrate careful consideration of race conditions.
• Clean separation of concerns: T1.4 meta is daemon-side only (no ACP roundtrip), keeping the hot path fast and simple.
• SDK type safety: Proper TypeScript types with forward-compatibility considerations (e.g., compressionStatus as string rather than closed union).

🎯 Specific Feedback

🟡 High

• File: packages/cli/src/serve/server.ts (compress route timeout) — The 180s timeout (SESSION_COMPRESS_TIMEOUT_MS) is reasonable, but the v1 limitation note about cancellation not being propagated is a potential operational concern. For large histories (200k+ tokens), a user-initiated cancel would be valuable. Consider documenting this more prominently in the user-facing docs or adding a follow-up issue reference.

• File: packages/acp-bridge/src/bridge.ts (meta validation order) — The validation order comment states "fail-fast, before any mutation" but the size cap check happens AFTER the merge operation creates next. While this is correct (you need to validate the result), a malicious client could theoretically craft a merge request that passes individual key validation but exceeds the cap. This is handled correctly, but consider adding a pre-check estimate for merge operations to reject obviously oversized payloads earlier.

🟢 Medium

• File: packages/acp-bridge/src/bridgeTypes.ts (line ~420) — The compressionStatus field is typed as string with JSDoc explaining the decoupling rationale. While this is defensible for forward compatibility, consider adding a type union for known values plus & {} to allow extension while still providing IDE autocomplete:

compressionStatus: ('COMPRESSED' | 'NOOP' | 'COMPRESSION_FAILED_INFLATED_TOKEN_COUNT' | 'COMPRESSION_FAILED_OTHER') & {};

• File: packages/sdk-typescript/src/daemon/events.ts — The session_compacted event reducer increments the counter even for NOOP status (per the comment "if you see it, it happened"). However, the bridge explicitly does NOT emit NOOP events. This is correct but the comment could be clearer: the reducer handles NOOP events defensively in case a future daemon version emits them, not because the current bridge does.

• File: packages/cli/src/serve/capabilities.ts — The new capability tags (session_compress, session_meta) are added at the end of the registry. Consider grouping them near related session capabilities (e.g., after session_approval_mode_control) for better discoverability, though this is a minor organizational preference.

🔵 Low

• File: docs/developers/qwen-serve-protocol.md (line ~830) — The documentation states state.meta is "always present (even {})" when the capability is advertised. Consider adding an explicit example showing the empty state:

"state": {
  "meta": {}
}

• File: packages/acp-bridge/src/bridgeErrors.ts — The error messages are detailed and helpful. Consider adding a code property to each error class (e.g., this.code = 'compaction_in_flight') to make the HTTP route mapping more maintainable and testable, rather than relying on error type names.

• File: packages/sdk-typescript/test/unit/DaemonClient.test.ts — The test for compressSession with clientId forwards the header correctly. Consider adding a test that verifies the X-Qwen-Client-Id header is NOT sent when clientId is undefined (to ensure we don't send empty headers).

• File: packages/cli/src/serve/server.ts (meta route) — The GET route for _meta has no authentication gate (per design, matching GET /session/:id/context). Consider adding an inline comment at the route registration noting this is intentional for consistency with other session read routes.

✅ Highlights

• Excellent concurrency design: The two-tier guard for compress (blocking both concurrent compresses AND active prompts) shows deep understanding of the agent's internal tryCompress behavior. This prevents subtle race conditions that could corrupt history state.

• Smart event design for meta: Publishing the FULL bag on every change (not a diff) is the right choice for convergence. This eliminates ordering concerns and makes the system resilient to Last-Event-ID gaps.

• Proper NOOP handling: The decision to NOT emit session_compacted events for NOOP compression (while still returning the status in the HTTP response) is subtle and correct. It keeps the SDK reducer's sessionCompactedCount accurate for "real" compactions.

• Reserved namespace foresight: The qwen. prefix reservation for daemon-owned keys (qwen.lastSeenAt, qwen.audit.*) shows forward thinking. This prevents future conflicts without requiring breaking changes.

• Comprehensive validation: The meta key regex (^[a-zA-Z][a-zA-Z0-9_.-]{0,63}$) with reserved prefix check and 8KB cap provides defense in depth against malformed or abusive payloads.

• Test discipline: The type-only imports in daemon-public-surface.test.ts that would fail to compile if exports are missing from src/index.ts is an excellent regression fence for published barrel drift.

[Copilot]

Pull request overview

Adds two new Tier-1 qwen serve session-scoped HTTP surfaces—manual session compaction and a daemon-side per-session metadata bag—wired end-to-end across the CLI daemon, ACP bridge, TypeScript SDK, events/reducer support, tests, and docs.

Changes:

• Add POST /session/:id/compress (+ session_compress capability), forwarding through a new ACP extMethod and emitting session_compacted SSE events only when history actually changes.
• Add POST /session/:id/_meta + GET /session/:id/_meta (+ session_meta capability), with validation, size limits, session_meta_changed SSE events, and state.meta echoed on GET /session/:id/context.
• Extend the TypeScript SDK with new client helpers, event typing/reducer support, and public barrel exports; add broad unit/integration test coverage and update docs.

Reviewed changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
packages/cli/src/serve/server.ts	Registers the new /compress and /_meta routes and maps new bridge errors to stable HTTP responses.
packages/cli/src/serve/server.test.ts	Adds route-level tests for /compress and /_meta, and updates expected capability tag fixtures.
packages/cli/src/serve/httpAcpBridge.ts	Re-exports newly introduced bridge error classes for server route mapping.
packages/cli/src/serve/capabilities.ts	Advertises new always-on capability tags: session_compress, session_meta.
packages/cli/src/acp-integration/acpAgent.ts	Implements ACP extMethod handler for session compression via the agent’s GeminiClient.tryCompressChat(force=true).
packages/acp-bridge/src/status.ts	Extends session context status type to optionally include daemon-side state.meta.
packages/acp-bridge/src/bridgeTypes.ts	Adds compressSession, setSessionMeta, and getSessionMeta to the HttpAcpBridge interface contract.
packages/acp-bridge/src/bridgeErrors.ts	Introduces typed errors for compress concurrency and _meta validation/size violations.
packages/acp-bridge/src/bridge.ts	Implements compress concurrency fencing + SSE publish, _meta in-memory storage, validation, SSE publish, and context meta splice-in.
packages/acp-bridge/src/bridge.test.ts	Adds bridge-level tests for compress behavior/eventing and _meta validation/merge semantics/eventing.
packages/sdk-typescript/src/daemon/DaemonClient.ts	Adds compressSession, setSessionMeta, and getSessionMeta HTTP helpers.
packages/sdk-typescript/src/daemon/DaemonSessionClient.ts	Adds session-bound wrappers: compress(), setMeta(), getMeta().
packages/sdk-typescript/src/daemon/events.ts	Adds event types (session_compacted, session_meta_changed), guards, reducer state/counters, and union wiring.
packages/sdk-typescript/src/daemon/types.ts	Adds DaemonCompressSessionResult and DaemonSessionMetaResult result shapes.
packages/sdk-typescript/src/daemon/index.ts	Re-exports the new daemon types/events from the daemon barrel.
packages/sdk-typescript/src/index.ts	Re-exports new types from the published top-level SDK barrel.
packages/sdk-typescript/test/unit/DaemonClient.test.ts	Adds unit tests for the new DaemonClient methods and error passthrough.
packages/sdk-typescript/test/unit/DaemonSessionClient.test.ts	Adds unit tests ensuring session-bound wrappers forward sessionId and X-Qwen-Client-Id.
packages/sdk-typescript/test/unit/daemonEvents.test.ts	Adds reducer coverage for session_compacted and session_meta_changed events.
packages/sdk-typescript/test/unit/daemon-public-surface.test.ts	Adds type-only assertions ensuring new exports are present in the published entrypoint.
docs/developers/qwen-serve-protocol.md	Documents new routes, capabilities, state.meta echo semantics, and event contracts.
docs/users/qwen-serve.md	Adds user-facing bullets describing compress + per-session _meta behavior and event publication.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[wenshao]

[Critical] The entire sessionCompress extMethod handler (~75 lines of new code) has zero test coverage in acpAgent.test.ts. Untested branches include:

• sessionId missing or non-string → invalidParams error
• session.getConfig().getGeminiClient() returns null → NO_CLIENT RequestError
• tryCompressChat returns a *_FAILED_* status → translated to compress_failed RequestError
• tryCompressChat throws a non-RequestError exception → re-wrapped as RequestError
• Existing RequestError passes through untouched
• CompressionStatus[info.compressionStatus] ?? 'UNKNOWN' fallback path

This is the agent-side half of the compress feature. The bridge and route layers are well-tested (198 + 270 tests), but the code that actually calls tryCompressChat and translates its result into a wire response is entirely uncovered. A regression in enum reverse-lookup, error re-wrapping, or the NO_CLIENT guard would silently reach production.

Suggested fix: Add describe('extMethod qwen/control/session/compress', ...) to acpAgent.test.ts covering at minimum: success (COMPRESSED + NOOP), missing sessionId, null GeminiClient, FAILED status translation, thrown-error re-wrap, and RequestError passthrough.

— qwen3.7-max via Qwen Code /review

[wenshao]

[Suggestion] Several specific branches in the compress/meta surface lack test coverage:

1. PromptInFlightError branch (this line) — bridge.test.ts covers CompactionInFlightError but never sets activePromptOriginatorClientId to exercise this path. The server.test.ts test only proves the route maps a thrown error correctly, not that the bridge detects the condition.

2. getSessionContextStatus meta splice — no test verifies that a prior setSessionMeta write is visible in the context status response, or that the defensive entry?.meta ?? {} fallback works when the entry is gone between ACP roundtrip and splice.

3. 500 path on POST /session/:id/compress — the route test block covers 200, 409, and 404 but not the upstream failure path where compressSessionImpl throws.

4. Compress timeout path — no test exercises withTimeout firing on the compress call (180s backstop). This is the most dangerous failure mode since compressInFlight clears but the agent's tryCompressChat continues running.

Suggested fix: Add targeted tests for each gap. For the timeout path, use fake timers with a short timeout override.

— qwen3.7-max via Qwen Code /review

[wenshao]

[Critical] SDK timeout mismatch: compressSession() uses the default 30s fetch timeout (DEFAULT_FETCH_TIMEOUT_MS), but the daemon has a 180s timeout (SESSION_COMPRESS_TIMEOUT_MS). Any compression lasting >30s will timeout on the SDK side while the daemon continues working with compressInFlight=true, causing all retries to fail with 409 compaction_in_flight for up to 150 seconds. This creates a zombie window where the operator has no way to know if the original compress is still running, when it will finish, or whether it succeeded.

Suggested change

	return await this.fetchWithTimeout(
	return await this.fetchWithTimeout(
	`${this.baseUrl}/session/${encodeURIComponent(sessionId)}/compress`,
	{
	method: 'POST',
	headers: this.headers(
	{ 'Content-Type': 'application/json' },
	opts?.clientId,
	),
	body: '{}',
	},
	async (res) => {
	if (!res.ok) {
	throw await this.failOnError(res, 'POST /session/:id/compress');
	}
	return (await res.json()) as DaemonCompressSessionResult;
	},
	190_000, // Match daemon's 180s timeout + buffer
	);

— qwen3.7-max via Qwen Code /review

[wenshao]

[Critical] Mutation before authorization: entry.meta = next and entry.metaSerializedByteSize = byteSize are assigned BEFORE resolveTrustedClientId() is called. If the caller supplies an unregistered clientId, the authorization check throws InvalidClientIdError but the meta bag has already been mutated. No session_meta_changed SSE event is published (that happens after the throw), so legitimate subscribers never learn about the poisoning. Subsequent GET /session/:id/_meta or GET /session/:id/context from legitimate clients returns the poisoned data.

The JSDoc above this function states the intended contract: "Validation order (fail-fast, before any mutation)" — but the implementation violates it. Compare with compressSession in the same file, which correctly calls resolveTrustedClientId before setting entry.compressInFlight = true.

Suggested change

	entry.meta = next;
	// Move authorization BEFORE mutation
	const originatorClientId = resolveTrustedClientId(
	entry,
	context?.clientId,
	);
	entry.meta = next;
	entry.metaSerializedByteSize = byteSize;
	const changeKind: 'replace' | 'merge' = merge ? 'merge' : 'replace';

— qwen3.7-max via Qwen Code /review

[wenshao]

Round 2 review at ca570660e. The two R1 Critical findings (SDK timeout mismatch, mutation-before-auth) have been addressed — setSessionMeta now resolves clientId before mutation (C1 fix), confirmed by code and tests.

5 new inline Suggestions below (test gaps + robustness). The R1 Critical test-coverage gap on acpAgent.ts:2248 is still open (skipped here — existing comment at same line).

Build/Test: typecheck clean (3 packages), 443/443 tests pass (205 bridge + 271 server + 238 SDK). CI: no checks reported.

— qwen3.7-max via Qwen Code /review

[wenshao]

[Suggestion] Both session_compacted (this line) and session_meta_changed (line 3328) publish without the try { ... } catch { /* bus closed */ } wrapper used by every other entry.events.publish site in this file (see lines 2492, 2567, 2977, 2992, 3088). If the session's SSE bus closes between the extMethod resolution and the publish (e.g. a concurrent killSession), publish() throws and the route converts a successful compress (history already rewritten inside the agent) into a 500. For setSessionMeta, the state mutation (entry.meta = next) happens two lines before the publish, so a throwing publish aborts the route with a 500 AFTER the daemon's state has already changed.

Suggested change

	entry.events.publish({
	if (response.compressionStatus !== 'NOOP') {
	try {
	entry.events.publish({
	type: 'session_compacted',
	data: result,
	...(originatorClientId ? { originatorClientId } : {}),
	});
	} catch {
	/* bus closed */
	}
	}

Apply the same try/catch pattern at line 3328 for session_meta_changed.

— qwen3.7-max via Qwen Code /review

[wenshao]

[Suggestion] If entry.connection.extMethod(...) throws synchronously (before returning a promise — e.g. a connection-disposed precondition check), extPromise is never assigned, the .finally() that clears compressInFlight is never attached, and the flag stays true permanently. Every subsequent compress on this session will 409 with CompactionInFlightError until the daemon restarts or the session is killed.

Suggested change

	const extPromise = entry.connection.extMethod(
	let extPromise: ReturnType<typeof entry.connection.extMethod>;
	try {
	extPromise = entry.connection.extMethod(
	SERVE_CONTROL_EXT_METHODS.sessionCompress,
	{ sessionId },
	);
	} catch (err) {
	entry.compressInFlight = false;
	throw err;
	}
	extPromise
	.finally(() => {
	entry.compressInFlight = false;
	})
	.catch(() => {});

— qwen3.7-max via Qwen Code /review

[wenshao]

[Suggestion] The SESSION_COMPRESS_TIMEOUT_MS (180s) race arm has no test coverage. Bridge tests cover concurrent refusal, error reconstruction, and async-rejection finally-clearing, but no test exercises the withTimeout path. The C2 comment (line 3183) documents a load-bearing invariant — flag-clear coupled to extPromise.finally, NOT the outer Promise.race settlement — with no test pinning it. A future refactor moving the finally to the outer try/finally would silently reintroduce the setHistory race the C2 fix prevents.

Consider adding a test with a delayed extMethodImpl that exceeds a test-local timeout: verify (1) the call rejects, (2) a second compress still gets CompactionInFlightError (flag still set), (3) after the delayed promise settles, a third compress succeeds (flag cleared by extPromise.finally).

— qwen3.7-max via Qwen Code /review

[wenshao]

[Suggestion] The compressSession test suite covers success, clientId forwarding, and 409 compaction_in_flight. Three other error shapes from the server lack SDK-level tests:

1. 409 { code: 'prompt_in_flight' } — callers need the distinct code to choose the right retry strategy
2. 500 { code: 'compress_failed', compressionStatus: '...' } — SDK should propagate compressionStatus for diagnostic branching
3. 404 session not found — basic error path

Without these tests, a regression in the SDK's error parsing (e.g. stripping code or normalizing both 409s to the same shape) would go undetected. Consider adding test cases mirroring the existing 409 test, each with a recordingFetch returning the corresponding error shape.

— qwen3.7-max via Qwen Code /review

[wenshao]

[Nice to have] The _meta test suite covers the happy path for both POST and GET, but no test covers the 404 response when setSessionMeta or getSessionMeta throws SessionNotFoundError. The compress route tests do cover this 404 path, but the _meta routes' sendBridgeError mapping for dead sessions is untested end-to-end. Consider adding tests where setSessionMetaImpl/getSessionMetaImpl throw new SessionNotFoundError(sessionId), then assert 404.

— qwen3.7-max via Qwen Code /review

[doudouOUC]

Closing this for now after re-triaging #4514.

Two parts of this PR are now classified differently:

• POST /session/:id/compress: base behavior is already reachable through the existing slash-command passthrough path via POST /session/:id/prompt with /compress. A dedicated route/SSE/SDK helper would be structured API polish, not a missing daemon capability.
• POST/GET /session/:id/_meta: this is not currently a must-have. POST /session/:id/prompt already supports per-request ACP _meta passthrough, and a session-level KV store is only needed if a concrete channel adapter wants the daemon to own external context such as chat/thread/sender ids. Also, the v1 design here does not inject _meta into later prompts, so it does not fully satisfy the original "attached to subsequent prompts" wording from Daemon mode (qwen serve): proposal & open decisions #3803 without more product decisions.

So this PR is valid as optional convenience/product work, but it should not stay open as a Tier-1 required daemon capability gap. We can reopen or split a smaller PR later if a real downstream client needs daemon-owned session metadata or structured compress semantics.