fix(webapp): address #3417 PR review feedback

Three fixes after pushing the Sessions-as-run-manager commit:

- `api.v1.sessions.$session.end-and-continue.ts` was destructuring only
  `{ action }` from `createActionApiRoute`, which means Remix had no
  handler for OPTIONS preflight on this route. Browser CORS would 405.
  Sibling routes (`close.ts`) already export `{ action, loader }`. Fix:
  destructure and export both.

- `ensureRunForSession`'s pathological "lost the claim race AND the
  winner's run was already terminal" branch recursed without bound. In
  practice progress through the run engine bounds it, but a misconfigured
  task that crashes before being dequeued could blow the stack. Add a
  hidden `_attempt` counter, throw `SessionRunManagerError` once it
  exceeds 3.

- `sessionsReplicationService.test.ts` was failing in CI because the
  sessions-as-run-manager schema migration made `taskIdentifier` and
  `triggerConfig` required on `Session`. The two `prisma.session.create`
  calls in the test predate the migration. Add the now-required fields
  to both fixtures.

Author: ericallam

apps/webapp/app/routes/api.v1.sessions.$session.end-and-continue.ts

@@ -27,7 +27,7 @@ const ParamsSchema = z.object({
 // (PRIVATE) bypasses authorization; a browser holding the session PAT
 // can also reach this endpoint, which is fine: if you have the session
 // PAT, you own the chat.
-const { action } = createActionApiRoute(
+const { action, loader } = createActionApiRoute(
   {
     params: ParamsSchema,
     body: EndAndContinueSessionRequestBody,
@@ -129,4 +129,4 @@ const { action } = createActionApiRoute(
   }
 );
 
-export { action };
+export { action, loader };

apps/webapp/app/services/realtime/sessionRunManager.server.ts

@@ -25,6 +25,17 @@ export type SessionTriggerConfig = z.infer<typeof SessionTriggerConfigSchema>;
 
 export type EnsureRunReason = "initial" | "continuation" | "upgrade" | "manual";
 
+/**
+ * Hard cap on how many times `ensureRunForSession` will recurse on the
+ * pathological "we lost the claim race AND the winner's run was already
+ * terminal" path. In practice progress through the run engine bounds
+ * this, but a misconfigured task that crashes before it can be dequeued
+ * could otherwise loop without limit. After this many attempts we
+ * surface `SessionRunManagerError` so the caller can 5xx instead of
+ * blowing the stack.
+ */
+const ENSURE_RUN_FOR_SESSION_MAX_ATTEMPTS = 3;
+
 type EnsureRunForSessionParams = {
   /**
    * Session row to operate on. Caller is responsible for the env match —
@@ -42,6 +53,14 @@ type EnsureRunForSessionParams = {
    * "preload"` vs `"trigger"`, etc).
    */
   payloadOverrides?: Record<string, unknown>;
+  /**
+   * @internal Recursion-guard counter for the lost-claim-race retry path.
+   * Public callers should leave this unset; the function recurses with
+   * an incremented value on the pathological "winner's run was already
+   * terminal" branch and throws once it exceeds
+   * {@link ENSURE_RUN_FOR_SESSION_MAX_ATTEMPTS}.
+   */
+  _attempt?: number;
 };
 
 export type EnsureRunResult = {
@@ -69,7 +88,13 @@ export type EnsureRunResult = {
 export async function ensureRunForSession(
   params: EnsureRunForSessionParams
 ): Promise<EnsureRunResult> {
-  const { session, environment, reason, payloadOverrides } = params;
+  const { session, environment, reason, payloadOverrides, _attempt = 1 } = params;
+
+  if (_attempt > ENSURE_RUN_FOR_SESSION_MAX_ATTEMPTS) {
+    throw new SessionRunManagerError(
+      `ensureRunForSession exceeded ${ENSURE_RUN_FOR_SESSION_MAX_ATTEMPTS} attempts for session ${session.id} — every triggered run reached a terminal state before claim could resolve`
+    );
+  }
 
   // 1. Probe currentRunId.
   if (session.currentRunId) {
@@ -153,13 +178,15 @@ export async function ensureRunForSession(
   }
 
   // Pathological: winner's run already terminal. Recurse with the fresh
-  // version. Bounded by run-engine progress — if every triggered run
-  // dies instantly we'll loop, but that's a deeper bug worth surfacing.
+  // version. Bounded by `ENSURE_RUN_FOR_SESSION_MAX_ATTEMPTS` so a task
+  // that always crashes before being dequeued surfaces as an error
+  // instead of a stack overflow.
   return ensureRunForSession({
     session: fresh,
     environment,
     reason,
     payloadOverrides,
+    _attempt: _attempt + 1,
   });
 }
 

apps/webapp/test/sessionsReplicationService.test.ts

@@ -74,6 +74,9 @@ describe("SessionsReplicationService", () => {
           environmentType: "DEVELOPMENT",
           organizationId: organization.id,
           taskIdentifier: "my-agent",
+          triggerConfig: {
+            basePayload: { messages: [], trigger: "preload" },
+          },
           tags: ["user:42", "plan:pro"],
           metadata: { plan: "pro", seats: 3 },
         },
@@ -174,6 +177,10 @@ describe("SessionsReplicationService", () => {
           runtimeEnvironmentId: environment.id,
           environmentType: "DEVELOPMENT",
           organizationId: organization.id,
+          taskIdentifier: "my-agent",
+          triggerConfig: {
+            basePayload: { messages: [], trigger: "preload" },
+          },
         },
       });