runtime-http: make error payload/timeout/invalid-json failures explicit

[bbopen]

Summary

• include payload snippets in SafeCodec JSON parse failures so invalid HTTP response bodies surface actionable context
• add local HTTP fixture tests for HttpBridge to cover invalid JSON, top-level {error} payloads, HTTP 500 JSON bodies, and timeout behavior
• assert explicit bridge error types/messages for each runtime-http failure mode

Testing

• npx eslint src/runtime/safe-codec.ts test/runtime_http.test.ts
• npm run typecheck
• npm test -- test/runtime_http.test.ts
• npm test -- test/safe-codec.test.ts
• npm test -- test/runtime_http.test.ts test/safe-codec.test.ts test/transport.test.ts

Closes #56

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds concise payload-snippet extraction for JSON parse errors in the runtime codec and expands HTTP integration tests to validate invalid JSON, {error} payloads, 500 responses, and timeout handling for HttpBridge.

Changes

Cohort / File(s)	Summary
Safe codec src/runtime/safe-codec.ts	Adds internal ERROR_PAYLOAD_SNIPPET_LENGTH constant and summarizePayloadForError(payload) helper; appends a payload snippet to JSON parse failure messages in both synchronous and async decode paths (no public API changes).
HTTP runtime tests test/runtime_http.test.ts	Adds withHttpFixture() test helper and a new "HttpBridge runtime error handling" suite that exercises invalid JSON, top-level {error} payloads, HTTP 500 error bodies, and timeout/abort behavior against a real HTTP fixture.

Sequence Diagram(s)

(omitted — changes are focused on error reporting and tests without introducing a new multi-component control flow that requires sequence visualization)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(runtime): complete ADR-002 bridge migration to BridgeProtocol #153: Modifies src/runtime/safe-codec.ts decode paths — closely related to JSON-parse handling changes.
• feat: add protocol version validation to SafeCodec #158: Also touches src/runtime/safe-codec.ts, adding protocol/version validation adjacent to parse/error handling.

Poem

🐰 I hopped through bytes and found a clue,
A snippet of payload to show to you.
Tests stood guard by server and clock,
Timeouts caught, and bad JSON blocked.
Now errors whisper where bugs once grew.

🚥 Pre-merge checks | ✅ 5 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main changes: enhancing error handling in runtime-http by making error payload, timeout, and invalid-json failures explicit.
Description check	✅ Passed	The description is well-related to the changeset, explaining payload snippet inclusion, HTTP fixture tests, and explicit error type assertions.
Linked Issues check	✅ Passed	The PR fully implements issue #56 requirements: payload snippets in JSON errors, explicit error handling for invalid JSON/error payloads/timeouts, and comprehensive HTTP fixture tests.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to issue #56 objectives: SafeCodec payload snippet handling and HttpBridge error handling tests with local HTTP fixtures.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/56-runtime-http-error-surface-hardening

---

No actionable comments were generated in the recent review. 🎉

📜 Recent review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73ef801 and b5d5666.

📒 Files selected for processing (2)

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:40.872Z
Learning: In `src/runtime/bridge-core.ts` and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (e.g., runtime shape checks on error payloads) in tight loops unless the protocol boundary is untrusted or there's a concrete bug report. The Python bridge protocol is controlled and validated via tests, so defensive checks would add unnecessary branching overhead without meaningful benefit.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-298
Timestamp: 2026-01-19T21:48:45.693Z
Learning: In `src/runtime/bridge-core.ts`, keep `normalizeErrorPayload` to validate error payloads from the Python subprocess. The subprocess boundary is effectively untrusted, and normalizing error responses prevents `undefined: undefined` errors on malformed payloads. Error responses are not the hot path, so the small validation overhead is acceptable for the added resilience.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:375-385
Timestamp: 2026-01-19T21:14:37.032Z
Learning: In tywrap (src/runtime/bridge-core.ts and similar), environment variable parsing follows a tolerant/best-effort policy. For example, `TYWRAP_CODEC_MAX_BYTES=1024abc` should be accepted as 1024. Only reject clearly invalid values (non-numeric start or <=0). This avoids surprising failures from minor typos.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 136
File: src/runtime/node.ts:238-249
Timestamp: 2026-01-20T01:33:12.841Z
Learning: In the tywrap repository, when reviewing init/startup patterns, prioritize cases that break core functionality over edge cases with diagnostic-only impact (e.g., missing bridgeInfo metadata). If workers are healthy and operational, defer low-impact defensive checks to follow-up PRs.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:203-211
Timestamp: 2026-01-20T16:00:58.747Z
Learning: In the BridgeProtocol implementation for the tywrap repository, Map and Set instances should be explicitly rejected before serialization (e.g., in `safeStringify` or at the serialization entrypoint) with a clear error message like "Bridge protocol does not support Map/Set values", rather than checking for non-string keys after the fact, since Maps and Sets cannot round-trip through JSON.stringify.

📚 Learning: 2026-01-19T21:48:45.693Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-298
Timestamp: 2026-01-19T21:48:45.693Z
Learning: In `src/runtime/bridge-core.ts`, keep `normalizeErrorPayload` to validate error payloads from the Python subprocess. The subprocess boundary is effectively untrusted, and normalizing error responses prevents `undefined: undefined` errors on malformed payloads. Error responses are not the hot path, so the small validation overhead is acceptable for the added resilience.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:14:29.869Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:375-385
Timestamp: 2026-01-19T21:14:29.869Z
Learning: In the runtime env-var parsing (e.g., in src/runtime/bridge-core.ts and similar modules), adopt a tolerant, best-effort policy: numeric env values should parse by taking the leading numeric portion (e.g., TYWRAP_CODEC_MAX_BYTES=1024abc -> 1024). Only reject clearly invalid values (non-numeric start or <= 0). This reduces surprising failures from minor typos. Add tests to cover partial numeric prefixes, and ensure downstream logic documents the trusted range; consider a small helper to extract a positive integer from a string with a safe fallback.

Applied to files:

• src/runtime/safe-codec.ts

📚 Learning: 2026-01-19T21:14:35.390Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:35.390Z
Learning: In src/runtime/bridge-core.ts and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (such as runtime, shape, or error-payload checks) inside tight loops unless the protocol boundary is untrusted or there is a concrete bug report. The Python bridge protocol is controlled via tests, so these checks add unnecessary branching overhead without meaningful benefit. Apply this guidance to other hot-path runtime loops in src/runtime/**/*.ts, and re-enable additional validations only when a documented risk or failure scenario is identified. Ensure tests cover protocol validation where applicable.

Applied to files:

• src/runtime/safe-codec.ts

📚 Learning: 2026-01-20T16:00:49.829Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:203-211
Timestamp: 2026-01-20T16:00:49.829Z
Learning: In the BridgeProtocol implementation (tywrap), reject Map and Set explicitly before serialization (e.g., in safeStringify or the serialization entrypoint) with a clear error like "Bridge protocol does not support Map/Set values". Do not rely on post-hoc checks of non-string keys at the point of JSON.stringify, since Maps/Sets cannot round-trip. This should be enforced at the boundary where data is prepared for serialization to ensure deterministic errors and prevent invalid data from propagating.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-20T01:34:07.064Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 136
File: src/runtime/node.ts:444-458
Timestamp: 2026-01-20T01:34:07.064Z
Learning: When reviewing promise-based polling patterns (e.g., recursive setTimeout in waitForAvailableWorker functions), ensure that any recursive timer is tracked and cleared on timeout or promise resolution to prevent timer leaks. Do not rely on no-op checks after settlement; verify clearTimeout is invoked in all paths and consider using an explicit cancellation (e.g., AbortController) or a guard to cancel pending timers when the promise settles.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-20T18:37:05.670Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: src/runtime/process-io.ts:37-40
Timestamp: 2026-01-20T18:37:05.670Z
Learning: In the tywrap repo, ESLint is used for linting (not Biome). Do not flag regex literals that contain control characters (e.g., \u001b, \u0000-\u001F) as lint errors, since the current ESLint configuration allows them. When reviewing TypeScript files (e.g., src/**/*.ts), rely on ESLint results and avoid raising issues about these specific control-character regex literals unless there is a competing config change or a policy requiring explicit escaping.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:30.825Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/adversarial_playground.test.ts:339-360
Timestamp: 2026-01-19T21:00:30.825Z
Learning: In adversarial tests for the bridge (test/adversarial_playground.test.ts), recovery assertions should be kept in the finally block adjacent to cleanup to verify resilience under stress, even if that means post-timeout checks might mask the original error. The goal is to surface recovery failures as legitimate test failures.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:14:40.872Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:40.872Z
Learning: In `src/runtime/bridge-core.ts` and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (e.g., runtime shape checks on error payloads) in tight loops unless the protocol boundary is untrusted or there's a concrete bug report. The Python bridge protocol is controlled and validated via tests, so defensive checks would add unnecessary branching overhead without meaningful benefit.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-20T16:01:14.323Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:599-602
Timestamp: 2026-01-20T16:01:14.323Z
Learning: In `src/runtime/node-bridge.ts` (NodeBridge), a test message is sent to the Python subprocess to confirm the bridge is responsive before marking it as ready.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:48:27.823Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/runtime_bridge_fixtures.test.ts:59-66
Timestamp: 2026-01-19T21:48:27.823Z
Learning: In fixture-based tests (e.g., test/runtime_bridge_fixtures.test.ts) and similar tests in the tywrap repository, prefer early returns when Python or fixture files are unavailable. Do not rely on Vitest dynamic skip APIs; a silent pass is intentional for environments lacking Python/fixtures. Treat missing fixtures as optional soft-guards and ensure the test remains non-disruptive in non-availability scenarios.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-20T01:36:14.701Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 136
File: src/runtime/node.ts:743-759
Timestamp: 2026-01-20T01:36:14.701Z
Learning: In the tywrap repository, when reviewing concurrent request handling patterns (especially with BridgeCore request multiplexing), flag uses of boolean `busy` flags that should be request counters instead. A boolean flag creates a race condition: when request A completes and sets `busy = false`, request B (still in flight via multiplexing) is incorrectly treated as idle. The fix is to use an `inFlightRequests: number` counter that increments on request start and decrements on completion, then check `worker.inFlightRequests === 0` before cleanup/termination.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:52.689Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/fixtures/out_of_order_bridge.py:29-48
Timestamp: 2026-01-19T21:00:52.689Z
Learning: In `test/fixtures/out_of_order_bridge.py`, the fixture intentionally leaves a pending request unanswered at EOF to simulate missing/out-of-order responses and validate bridge behavior when requests never complete; this is the exact failure mode being tested and must be preserved.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:52.689Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/fixtures/out_of_order_bridge.py:29-48
Timestamp: 2026-01-19T21:00:52.689Z
Learning: Policy for adversarial test fixtures: adversarial fixtures must preserve the failure mode they exercise, even if that behavior would be "bad" in real code. When reviewing test fixtures with unusual patterns (e.g., missing error handling, intentional protocol violations, unanswered requests), ask for clarifying comments about the intent rather than suggesting normalization or fixes.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-20T16:01:39.136Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:826-830
Timestamp: 2026-01-20T16:01:39.136Z
Learning: In the tywrap BridgeProtocol architecture (ADR-002), `HttpIO` (and other Transport implementations like `ProcessIO`, `PyodideIO`) implements only the `Transport` interface (methods: `send`, `isReady`, `dispose`). The `RuntimeExecution` interface methods (`call`, `instantiate`, `callMethod`, `disposeInstance`) are implemented by `BridgeProtocol`, which delegates to `Transport` instances. Transport implementations should not include RuntimeExecution methods.

Applied to files:

• test/runtime_http.test.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: os (windows-latest)
• GitHub Check: codec-suite

🔇 Additional comments (7)

src/runtime/safe-codec.ts (2)

222-231: Clean helper with correct truncation semantics.

The function handles edge cases well (empty/whitespace payloads, short payloads, long payloads) and runs only on the error path, so there's no performance concern. The snippet length limit keeps error messages actionable without being overwhelming.

---

456-458: Consistent snippet augmentation across both decode paths — LGTM.

Both decodeResponse and decodeResponseAsync now surface the same payload context on JSON parse failures, which is exactly what the PR objectives call for.

Also applies to: 501-503

test/runtime_http.test.ts (5)

14-38: Well-structured test fixture utility with proper teardown.

Good defensive handling: the address-type guard (line 25), deterministic server shutdown in finally, and binding to 127.0.0.1:0 for port isolation are all solid patterns.

One minor note: on line 26, the server.close callback ignores its error argument (unlike the finally path on line 35 which rejects on error). Since this branch is only reachable in the near-impossible case of a string/null address after a successful TCP listen, it's not worth changing.

---

91-112: Good integration coverage of the new payload-snippet error path.

This test validates end-to-end that an invalid JSON response from a real HTTP server produces a BridgeProtocolError whose message includes both the parse failure reason and the payload snippet. Matches the PR objective of surfacing actionable context.

---

114-141: Correctly validates top-level {error} payloads on HTTP 200.

This covers the case where the HTTP status is 200 but the body contains a Python error envelope—exactly the scenario described in issue #56. The assertion on ValueError: bad input confirms the error is surfaced as a BridgeExecutionError with the original type and message.

---

173-200: Timer leak fix from prior review is properly applied — LGTM.

The res.on('close', () => clearTimeout(timer)) on lines 182–184 ensures the delayed handler doesn't outlive the aborted request. The writableEnded guard and 50ms vs 200ms timing give comfortable headroom. Based on learnings, when reviewing promise-based polling patterns, ensuring timers are tracked and cleared on all paths prevents timer leaks.

---

143-171: The assertion is correct and will pass as written. HttpIO's send() method (line 179 of src/runtime/http-io.ts) explicitly includes the HTTP status code in error messages via HTTP ${response.status}: ${errorBody || response.statusText}. For a 500 response, this produces "HTTP 500: {error body}" which matches the /HTTP 500/ regex. The error propagates unchanged through BridgeProtocol to the caller, so the test correctly verifies this behavior. This pattern is confirmed by multiple transport-level tests (test/transport.test.ts:792, 808, 907).

Likely an incorrect or invalid review comment.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@src/runtime/safe-codec.ts`:
- Around line 222-231: The constant name ERROR_PAYLOAD_SNIPPET_BYTES is
misleading because summarizePayloadForError uses string.length (UTF-16 code
units) not bytes; either rename the constant to ERROR_PAYLOAD_SNIPPET_LENGTH and
update all references (including exports/tests) to reflect character-count
semantics, or change the implementation in summarizePayloadForError to use a
TextEncoder to measure and slice by bytes if true byte-length truncation is
required—update the constant name/comment accordingly and adjust any dependent
code/tests to match the chosen semantics.

In `@test/runtime_http.test.ts`:
- Around line 173-197: The handler in the test installs a 200ms setTimeout that
may outlive the request and leak handles; modify the handler inside
withHttpFixture to store the timer id (e.g., const timer = setTimeout(...)) and
add a res.on('close', () => clearTimeout(timer)) listener so the pending timer
is cleared if the client aborts; update the same handler referenced in the test
that uses HttpBridge and BridgeTimeoutError to ensure the timer is cleared when
the response is closed.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5e5393a and 73ef801.

📒 Files selected for processing (2)

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

🧰 Additional context used

🧠 Learnings (15)

📓 Common learnings

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-298
Timestamp: 2026-01-19T21:48:45.693Z
Learning: In `src/runtime/bridge-core.ts`, keep `normalizeErrorPayload` to validate error payloads from the Python subprocess. The subprocess boundary is effectively untrusted, and normalizing error responses prevents `undefined: undefined` errors on malformed payloads. Error responses are not the hot path, so the small validation overhead is acceptable for the added resilience.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:40.872Z
Learning: In `src/runtime/bridge-core.ts` and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (e.g., runtime shape checks on error payloads) in tight loops unless the protocol boundary is untrusted or there's a concrete bug report. The Python bridge protocol is controlled and validated via tests, so defensive checks would add unnecessary branching overhead without meaningful benefit.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:375-385
Timestamp: 2026-01-19T21:14:37.032Z
Learning: In tywrap (src/runtime/bridge-core.ts and similar), environment variable parsing follows a tolerant/best-effort policy. For example, `TYWRAP_CODEC_MAX_BYTES=1024abc` should be accepted as 1024. Only reject clearly invalid values (non-numeric start or <=0). This avoids surprising failures from minor typos.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 136
File: src/runtime/node.ts:238-249
Timestamp: 2026-01-20T01:33:12.841Z
Learning: In the tywrap repository, when reviewing init/startup patterns, prioritize cases that break core functionality over edge cases with diagnostic-only impact (e.g., missing bridgeInfo metadata). If workers are healthy and operational, defer low-impact defensive checks to follow-up PRs.

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:203-211
Timestamp: 2026-01-20T16:00:58.747Z
Learning: In the BridgeProtocol implementation for the tywrap repository, Map and Set instances should be explicitly rejected before serialization (e.g., in `safeStringify` or at the serialization entrypoint) with a clear error message like "Bridge protocol does not support Map/Set values", rather than checking for non-string keys after the fact, since Maps and Sets cannot round-trip through JSON.stringify.

📚 Learning: 2026-01-19T21:48:45.693Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-298
Timestamp: 2026-01-19T21:48:45.693Z
Learning: In `src/runtime/bridge-core.ts`, keep `normalizeErrorPayload` to validate error payloads from the Python subprocess. The subprocess boundary is effectively untrusted, and normalizing error responses prevents `undefined: undefined` errors on malformed payloads. Error responses are not the hot path, so the small validation overhead is acceptable for the added resilience.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:14:29.869Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:375-385
Timestamp: 2026-01-19T21:14:29.869Z
Learning: In the runtime env-var parsing (e.g., in src/runtime/bridge-core.ts and similar modules), adopt a tolerant, best-effort policy: numeric env values should parse by taking the leading numeric portion (e.g., TYWRAP_CODEC_MAX_BYTES=1024abc -> 1024). Only reject clearly invalid values (non-numeric start or <= 0). This reduces surprising failures from minor typos. Add tests to cover partial numeric prefixes, and ensure downstream logic documents the trusted range; consider a small helper to extract a positive integer from a string with a safe fallback.

Applied to files:

• src/runtime/safe-codec.ts

📚 Learning: 2026-01-19T21:14:35.390Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:35.390Z
Learning: In src/runtime/bridge-core.ts and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (such as runtime, shape, or error-payload checks) inside tight loops unless the protocol boundary is untrusted or there is a concrete bug report. The Python bridge protocol is controlled via tests, so these checks add unnecessary branching overhead without meaningful benefit. Apply this guidance to other hot-path runtime loops in src/runtime/**/*.ts, and re-enable additional validations only when a documented risk or failure scenario is identified. Ensure tests cover protocol validation where applicable.

Applied to files:

• src/runtime/safe-codec.ts

📚 Learning: 2026-01-20T16:00:49.738Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:168-172
Timestamp: 2026-01-20T16:00:49.738Z
Learning: In the tywrap project's BridgeProtocol SafeCodec implementation, Arrow format decoders can produce NaN/Infinity values from binary representations even when the raw JSON payload doesn't contain them. This is why validation for special floats must occur both before encoding (to reject invalid inputs) and after applying decoders (to catch values introduced during Arrow deserialization), protecting downstream consumers from unexpected NaN/Infinity values.

Applied to files:

• src/runtime/safe-codec.ts

📚 Learning: 2026-01-20T16:00:49.829Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:203-211
Timestamp: 2026-01-20T16:00:49.829Z
Learning: In the BridgeProtocol implementation (tywrap), reject Map and Set explicitly before serialization (e.g., in safeStringify or the serialization entrypoint) with a clear error like "Bridge protocol does not support Map/Set values". Do not rely on post-hoc checks of non-string keys at the point of JSON.stringify, since Maps/Sets cannot round-trip. This should be enforced at the boundary where data is prepared for serialization to ensure deterministic errors and prevent invalid data from propagating.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-20T01:34:07.064Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 136
File: src/runtime/node.ts:444-458
Timestamp: 2026-01-20T01:34:07.064Z
Learning: When reviewing promise-based polling patterns (e.g., recursive setTimeout in waitForAvailableWorker functions), ensure that any recursive timer is tracked and cleared on timeout or promise resolution to prevent timer leaks. Do not rely on no-op checks after settlement; verify clearTimeout is invoked in all paths and consider using an explicit cancellation (e.g., AbortController) or a guard to cancel pending timers when the promise settles.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-20T18:37:05.670Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: src/runtime/process-io.ts:37-40
Timestamp: 2026-01-20T18:37:05.670Z
Learning: In the tywrap repo, ESLint is used for linting (not Biome). Do not flag regex literals that contain control characters (e.g., \u001b, \u0000-\u001F) as lint errors, since the current ESLint configuration allows them. When reviewing TypeScript files (e.g., src/**/*.ts), rely on ESLint results and avoid raising issues about these specific control-character regex literals unless there is a competing config change or a policy requiring explicit escaping.

Applied to files:

• src/runtime/safe-codec.ts
• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:30.825Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/adversarial_playground.test.ts:339-360
Timestamp: 2026-01-19T21:00:30.825Z
Learning: In adversarial tests for the bridge (test/adversarial_playground.test.ts), recovery assertions should be kept in the finally block adjacent to cleanup to verify resilience under stress, even if that means post-timeout checks might mask the original error. The goal is to surface recovery failures as legitimate test failures.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:14:40.872Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: src/runtime/bridge-core.ts:260-263
Timestamp: 2026-01-19T21:14:40.872Z
Learning: In `src/runtime/bridge-core.ts` and similar hot request/response loop implementations in the tywrap repository, avoid adding extra defensive validation (e.g., runtime shape checks on error payloads) in tight loops unless the protocol boundary is untrusted or there's a concrete bug report. The Python bridge protocol is controlled and validated via tests, so defensive checks would add unnecessary branching overhead without meaningful benefit.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-20T16:01:14.323Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:599-602
Timestamp: 2026-01-20T16:01:14.323Z
Learning: In `src/runtime/node-bridge.ts` (NodeBridge), a test message is sent to the Python subprocess to confirm the bridge is responsive before marking it as ready.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:48:27.823Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/runtime_bridge_fixtures.test.ts:59-66
Timestamp: 2026-01-19T21:48:27.823Z
Learning: In fixture-based tests (e.g., test/runtime_bridge_fixtures.test.ts) and similar tests in the tywrap repository, prefer early returns when Python or fixture files are unavailable. Do not rely on Vitest dynamic skip APIs; a silent pass is intentional for environments lacking Python/fixtures. Treat missing fixtures as optional soft-guards and ensure the test remains non-disruptive in non-availability scenarios.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:52.689Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/fixtures/out_of_order_bridge.py:29-48
Timestamp: 2026-01-19T21:00:52.689Z
Learning: In `test/fixtures/out_of_order_bridge.py`, the fixture intentionally leaves a pending request unanswered at EOF to simulate missing/out-of-order responses and validate bridge behavior when requests never complete; this is the exact failure mode being tested and must be preserved.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-19T21:00:52.689Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 127
File: test/fixtures/out_of_order_bridge.py:29-48
Timestamp: 2026-01-19T21:00:52.689Z
Learning: Policy for adversarial test fixtures: adversarial fixtures must preserve the failure mode they exercise, even if that behavior would be "bad" in real code. When reviewing test fixtures with unusual patterns (e.g., missing error handling, intentional protocol violations, unanswered requests), ask for clarifying comments about the intent rather than suggesting normalization or fixes.

Applied to files:

• test/runtime_http.test.ts

📚 Learning: 2026-01-20T16:01:39.136Z

Learnt from: bbopen
Repo: bbopen/tywrap PR: 152
File: docs/adr/002-bridge-protocol.md:826-830
Timestamp: 2026-01-20T16:01:39.136Z
Learning: In the tywrap BridgeProtocol architecture (ADR-002), `HttpIO` (and other Transport implementations like `ProcessIO`, `PyodideIO`) implements only the `Transport` interface (methods: `send`, `isReady`, `dispose`). The `RuntimeExecution` interface methods (`call`, `instantiate`, `callMethod`, `disposeInstance`) are implemented by `BridgeProtocol`, which delegates to `Transport` instances. Transport implementations should not include RuntimeExecution methods.

Applied to files:

• test/runtime_http.test.ts

🧬 Code graph analysis (1)

src/runtime/safe-codec.ts (1)

src/index.ts (1)

• BridgeProtocolError (58-58)

🔇 Additional comments (5)

src/runtime/safe-codec.ts (1)

456-458: Payload snippets in both decodeResponse and decodeResponseAsync — consistent and useful.

Both JSON-parse failure paths now surface actionable context via summarizePayloadForError. This aligns well with the PR objective and the learning about providing actionable error context at untrusted boundaries.

Also applies to: 501-503

test/runtime_http.test.ts (4)

14-38: Well-structured HTTP fixture utility with proper cleanup.

The withHttpFixture helper correctly uses server.listen(0) for ephemeral ports, handles the edge case of string addresses, and ensures cleanup in finally. Clean pattern.

---

91-112: Good coverage of invalid-JSON path with payload snippet assertion.

The test verifies both the error type (BridgeProtocolError) and the presence of the new "Payload snippet:" context in the message, which directly validates the summarizePayloadForError integration.

---

114-141: Good coverage of top-level error payload as BridgeExecutionError.

This test validates that even HTTP 200 responses with {error: ...} are treated as failures, matching the issue #56 objective.

---

143-171: The test assertion is correct and will pass. HttpBridge does include "HTTP 500" in the error message.

The implementation in src/runtime/http-io.ts (lines 176-182) explicitly handles non-2xx responses by throwing BridgeExecutionError with the message format HTTP ${response.status}: ${errorBody}. For the test's 500 response with the JSON body, the error message will be HTTP 500: {"error":{"type":"RuntimeError","message":"server exploded"}}, which matches both /HTTP 500/ and /server exploded/ assertions.

Likely an incorrect or invalid review comment.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

Addressed in commit b5d5666; dismissing stale automated changes-request review.