Lines 75-115javascript
75// a flow-revert kill and the next dispatch wave loses the pending resume record, so the task
76// re-dispatches COLD (fresh lane, no resume). That's safe: the healed transcript survives on
77// disk (sanitizeSession wrote it), so a cold re-dispatch can't 400 on a dangling tool_use — it
78// just loses the resume/revert-target carry. Not worth persisting for that narrow window.
79const flowRedispatch = new Map()
80// FL-B2 — per-flow HARD budget ledger (flowId → budget). Accumulates each lane's
81// completed-turn output tokens (onEvent 'result') so the autopilot cap stops the next
82// wave BEFORE overrun. Lives bridge-side because waves dispatch across separate
83// broadcasts; without persistent state the cap can never bite.
84const flowBudgets = new Map()
85import { formatPeek, PEEK, siblingsOf, resolveSibling, crossPostDecision, CROSSPOST, spawnDecision, SPAWN, CROSSROOM, formatPairRoster, crossRoomPostDecision, formatRoomNow } from './cross-terminal.mjs'
86import { turnInFlight } from './update-gate.mjs'
87import { saveSession, flushSession, deleteSession, loadAll, canResume, loadPtyId, savePtyId, loadNames, saveNames, appendDurableEvents, seedDurableEvents, readDurablePage, readDurableOldestSeq, loadSummary, saveSummary } from './session-store.mjs'
88import { stampEvent, makeSeqCounter, maxSeq, seqable, capReplayEvents, chunkReplayEvents, boundEventForBroadcast, inlineImageBlocks, usageReportLine } from './event-id.mjs'
89import { makeThrottledTrack } from './presence.mjs'
91// Public client creds (the same anon values the web app ships — safe to embed).
92// Override with TP_SUPABASE_URL / TP_SUPABASE_ANON if you ever need to.
93const SUPABASE_URL = process.env.TP_SUPABASE_URL || 'https://daytvtakmlixpfbbqzjd.supabase.co'
94const WEB_BASE = process.env.TP_WEB_BASE || 'https://thinkpool.io'
95const SUPABASE_ANON = process.env.TP_SUPABASE_ANON || 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImRheXR2dGFrbWxpeHBmYmJxempkIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzgwNTMxNzEsImV4cCI6MjA5MzYyOTE3MX0.zYmz8bHUNEY4STUr2JuXChAsKwxNwkwFHe1Hd0Betqo'
CriticalCritical Secret
Package contains a critical-looking secret pattern.
bridge.mjsView on unpkg · L95 97// Owner access token for AUTHED web writes (currently /api/code-mockup, whip L16).
98// The room-bridge is anon by design; the account supervisor (account.mjs) owns the
99// session, so it hands a fresh owner token in at spawn (TP_ACCESS_TOKEN) and pushes
100// a rotated one over IPC ({ t:'token' }) on each refresh. Stays null for a
101// directly-started bridge with no account login — those writes go unattributed,
102// never owner-spoofed (the server treats a missing/!owner token accordingly).
103let codeAuthToken = process.env.TP_ACCESS_TOKEN || null
105// Per-terminal rolling scrollback (raw chars). Replayed to joining clients.
106// Kept comfortably under realtime payload limits once base64'd.
107const SCROLLBACK_MAX = 120_000
109// node-pty is a native module — loaded lazily so a friendly message shows
110// if it isn't built yet.
111// Structured Claude (the default) runs through the Agent SDK and needs NO PTY,
112// so a failed node-pty build must not block the bridge — it only disables the
113// raw-PTY path (other CLIs / TP_PTY=1), which we flag clearly if it's used.
115try { pty = (await import('node-pty')).default ?? (await import('node-pty')) }