@abir-taheerchecks…abir/tool-router-session-delete → master14 files · +1276 −34review: @sohamganatrareview: @kaavee315review: @anshugarg15updated 2d agoAdds a user-facing endpoint to delete tool router sessions. A deleted session immediately stops being retrievable and executable — GET / PATCH / execute / search / MCP all return 404 — and the compute attached to it is torn down, including paused E2B sandboxes that today linger until their retention window lapses.
Semantics (matches existing platform conventions, e.g. connected accounts):
ToolRouterSession.deletedAt column — every read path already filters deletedAt: null, and config history / metering joins survive for audit. No new status field: in this codebase a status enum means reversible operational state, deletedAt means terminal; sessions are cheap to recreate so pause semantics don't pull their weight.no-new-v3-endpoints freeze.updateMany guarded on deletedAt: null (count 0 → 404; concurrent deletes resolve to one winner; no cross-tenant deletes).SandboxManager.killSessionSandboxes: lists E2B sandboxes by the {project, sessionId} metadata written at creation across running and paused states, and kills each. Failures are logged and span-attributed but never fail the request — the tombstone is the source of truth and orphans expire on E2B retention.pages/api/v3.1/tool_router/session/[session_id]/index.ts — DELETE route (project API key + cookie auth, same visibility as GET/PATCH)features/session/delete.ts + dbUtils/deleteToolRouterSession.ts — service + data layer (plain exported functions)lib/sandbox/sandboxManager.ts — killSessionSandboxes (metadata-filtered list incl. paused, per-sandbox failure tolerance, pagination cap)features/session/session_response_cache.ts — extracted shared cache key/TTL out of get.ts (get/patch/delete all consume it)invalidateWorkbenchForResize → invalidateWorkbenchCaches (no longer resize-specific)pages/api/CLAUDE.mdAll tests are behavior-based — assertions on observable outcomes, no spying on internals.
features/session/delete.test.ts, 9 tests): stateful fakes at process boundaries (DB rows, cache, E2B registry). Covers: delete-once/repeat-404, unknown-404, cross-project isolation (failed attempt doesn't tombstone), cache eviction, running+paused sandboxes killed while other sessions/projects untouched, and resilience — E2B unreachable / kill failure / cache failure still delete; DB down → 500 and nothing deleted.delete_session.test.ts, 5 tests): real handlers against the test DB + Redis (only the E2B SDK stubbed). Covers 401, 404, delete → GET 404 → repeat-DELETE 404, cache eviction through the public read path (warm GET → DELETE → GET 404), and cross-project 404 with the session still deletable by its owner.tsgo typecheck and oxlint clean.🤖 Generated with Claude Code