Clear incompatible Freebuff sessions on poll

Author: jahooma

web/src/server/free-session/__tests__/public-api.test.ts

@@ -1,6 +1,7 @@
 import { beforeEach, describe, expect, test } from 'bun:test'
 
 import {
+  FREEBUFF_DEEPSEEK_V4_FLASH_MODEL_ID,
   FREEBUFF_DEEPSEEK_V4_PRO_MODEL_ID,
   FREEBUFF_GEMINI_PRO_MODEL_ID,
   FREEBUFF_GLM_MODEL_ID,
@@ -936,6 +937,68 @@ describe('getSessionState', () => {
     ).toEqual(expectedRateLimit(FREEBUFF_DEEPSEEK_V4_PRO_MODEL_ID, 1))
   })
 
+  test('limited access deletes an incompatible queued row before returning none', async () => {
+    await requestSession({ userId: 'u1', model: DEFAULT_MODEL, deps })
+    expect(deps.rows.has('u1')).toBe(true)
+
+    const state = await getSessionState({
+      userId: 'u1',
+      accessTier: 'limited',
+      deps,
+    })
+
+    expect(state).toEqual({
+      status: 'none',
+      accessTier: 'limited',
+      queueDepthByModel: {},
+    })
+    expect(deps.rows.has('u1')).toBe(false)
+  })
+
+  test('limited access deletes a queued full-tier Flash row before returning none', async () => {
+    await requestSession({
+      userId: 'u1',
+      model: FREEBUFF_DEEPSEEK_V4_FLASH_MODEL_ID,
+      deps,
+    })
+    expect(deps.rows.get('u1')?.access_tier).toBe('full')
+
+    const state = await getSessionState({
+      userId: 'u1',
+      accessTier: 'limited',
+      deps,
+    })
+
+    expect(state).toEqual({
+      status: 'none',
+      accessTier: 'limited',
+      queueDepthByModel: {},
+    })
+    expect(deps.rows.has('u1')).toBe(false)
+  })
+
+  test('limited access deletes an incompatible active row before returning none', async () => {
+    await requestSession({ userId: 'u1', model: DEFAULT_MODEL, deps })
+    const row = deps.rows.get('u1')!
+    row.status = 'active'
+    row.admitted_at = deps._now()
+    row.expires_at = new Date(deps._now().getTime() + SESSION_LEN)
+
+    const state = await getSessionState({
+      userId: 'u1',
+      accessTier: 'limited',
+      claimedInstanceId: row.active_instance_id,
+      deps,
+    })
+
+    expect(state).toEqual({
+      status: 'none',
+      accessTier: 'limited',
+      queueDepthByModel: {},
+    })
+    expect(deps.rows.has('u1')).toBe(false)
+  })
+
   test('active session with matching instance id returns active', async () => {
     await requestSession({ userId: 'u1', model: DEFAULT_MODEL, deps })
     const row = deps.rows.get('u1')!

web/src/server/free-session/public-api.ts

@@ -278,6 +278,16 @@ const defaultDeps: SessionDeps = {
 
 const nowOf = (deps: SessionDeps): Date => (deps.now ?? (() => new Date()))()
 
+function isSessionRowCompatibleWithAccessTier(
+  row: InternalSessionRow,
+  accessTier: FreebuffAccessTier,
+): boolean {
+  if (accessTier === 'limited' && (row.access_tier ?? 'full') !== 'limited') {
+    return false
+  }
+  return isFreebuffModelAllowedForAccessTier(row.model, accessTier)
+}
+
 async function viewForRow(
   userId: string,
   deps: SessionDeps,
@@ -389,14 +399,7 @@ export async function requestSession(params: {
   // fresh admissions — blocking a reclaim here would strand a user with an
   // active 5th session unable to reconnect after a CLI restart.
   let existing = await deps.getSessionRow(params.userId)
-  const existingAccessTier = existing?.access_tier ?? 'full'
-  if (
-    existing &&
-    (accessTier === 'limited'
-      ? existingAccessTier !== 'limited' ||
-        !isFreebuffModelAllowedForAccessTier(existing.model, accessTier)
-      : !isFreebuffModelAllowedForAccessTier(existing.model, accessTier))
-  ) {
+  if (existing && !isSessionRowCompatibleWithAccessTier(existing, accessTier)) {
     await deps.endSession({
       userId: params.userId,
       now,
@@ -539,9 +542,11 @@ async function attachRateLimit(
 }
 
 /**
- * Read-only check of the caller's current state. Does not mutate or rotate
- * `instance_id`. The CLI sends its currently-held `claimedInstanceId` so we
- * can return `superseded` if a newer CLI on the same account took over.
+ * Check of the caller's current state. Does not rotate `instance_id`. The CLI
+ * sends its currently-held `claimedInstanceId` so we can return `superseded`
+ * if a newer CLI on the same account took over. Mutates only to clear rows
+ * that the current access tier can no longer use, so they don't leak queue or
+ * active capacity after the CLI receives `none`.
  *
  * Returns:
  *   - `disabled` when the waiting room is off
@@ -593,11 +598,12 @@ export async function getSessionState(params: {
 
   if (!row) return noneResponse()
 
-  if (
-    accessTier === 'limited' &&
-    ((row.access_tier ?? 'full') !== 'limited' ||
-      !isFreebuffModelAllowedForAccessTier(row.model, accessTier))
-  ) {
+  if (!isSessionRowCompatibleWithAccessTier(row, accessTier)) {
+    await deps.endSession({
+      userId: params.userId,
+      now: nowOf(deps),
+      sessionLengthMs: deps.sessionLengthMs,
+    })
     return noneResponse()
   }
 
@@ -747,11 +753,7 @@ export async function checkSessionAdmissible(params: {
     }
   }
 
-  if (
-    accessTier === 'limited' &&
-    ((row.access_tier ?? 'full') !== 'limited' ||
-      !isFreebuffModelAllowedForAccessTier(row.model, accessTier))
-  ) {
+  if (!isSessionRowCompatibleWithAccessTier(row, accessTier)) {
     return {
       ok: false,
       code: 'session_model_mismatch',