Replace flat restart counter with windowed restart guard

[Copilot]

The consecutiveRestarts counter (cap=3) only resets on fully clean completion, so any long-running session that legitimately restarts >3 times across its lifetime gets permanently aborted — stranding pending messages with no recovery. The guard itself is necessary to prevent tight crash-loops from burning tokens, so it can't simply be removed.

Approach

Replace the flat counter with a time-windowed guard: only restarts within a 60-second sliding window count toward the limit (max 5). Tight loops trip the guard in seconds; occasional restarts across hours never accumulate.

Changes

• src/services/worker/RestartGuard.ts — new shared module with recordRestart(), resetRestarts(), getRecentRestartCount(). Prunes timestamps outside the window on each call.
• src/services/worker-types.ts — add restartTimestamps: number[] to ActiveSession
• src/services/worker/SessionManager.ts — initialize restartTimestamps: []
• SessionRoutes.ts + worker-service.ts — both call sites now use the shared windowed guard instead of independent flat counters
• SessionRoutes.ts — guard trip now calls markAllSessionMessagesAbandoned() instead of just aborting (previously left messages stranded forever)

// RestartGuard.ts — core logic
export function recordRestart(tracker: RestartTracker, now = Date.now()): boolean {
  tracker.restartTimestamps = tracker.restartTimestamps.filter(
    (ts) => now - ts < RESTART_WINDOW_MS, // 60s window
  );
  tracker.restartTimestamps.push(now);
  tracker.consecutiveRestarts = tracker.restartTimestamps.length;
  return tracker.restartTimestamps.length <= MAX_RESTARTS_IN_WINDOW; // 5
}

Tests

16 tests covering windowed pruning, guard trip/allow logic, and the two acceptance scenarios:

• Session restarting a few times per hour over a long day → not terminated
• Session in a tight crash-loop → guard trips within seconds

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf972f43-d68f-455b-a00c-487a3a2fb46c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch copilot/fix-generator-restart-guard

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}