The runtime currently accepts a resume payload from Arcp::Client.open, but lib/arcp/runtime/session_actor.rb:54 only parses it and lib/arcp/runtime/session_actor.rb:62 through lib/arcp/runtime/session_actor.rb:64 always assigns the incoming envelope session id and a newly generated resume token. There is no token lookup, no resume-window validation, no restoration of the prior session authority, and no replay of events after the client's last processed sequence. This contradicts the public README resume example and CONFORMANCE.md, and it means a client that reconnects with resume: { 'token' => token, 'last_event_seq' => seq } silently receives a new session instead of a resumed stream.
Fix prompt: Implement actual resume semantics in the runtime. Store enough server-side state to map issued resume tokens to resumable sessions until resume_window_sec expires, validate that the reconnecting principal is allowed to use the token, restore the original session authority expected by cancel and subscription paths, replay buffered events with event_seq greater than the supplied last processed sequence, and raise Arcp::Errors::ResumeWindowExpired or a protocol/authentication error when the token is invalid or expired. Add an integration spec that starts a job, consumes only part of the stream, reconnects with the previous resume token, and proves the missing events and terminal result are delivered without duplicating acknowledged events.
The runtime currently accepts a resume payload from
Arcp::Client.open, butlib/arcp/runtime/session_actor.rb:54only parses it andlib/arcp/runtime/session_actor.rb:62throughlib/arcp/runtime/session_actor.rb:64always assigns the incoming envelope session id and a newly generated resume token. There is no token lookup, no resume-window validation, no restoration of the prior session authority, and no replay of events after the client's last processed sequence. This contradicts the public README resume example andCONFORMANCE.md, and it means a client that reconnects withresume: { 'token' => token, 'last_event_seq' => seq }silently receives a new session instead of a resumed stream.Fix prompt: Implement actual resume semantics in the runtime. Store enough server-side state to map issued resume tokens to resumable sessions until
resume_window_secexpires, validate that the reconnecting principal is allowed to use the token, restore the original session authority expected by cancel and subscription paths, replay buffered events withevent_seqgreater than the supplied last processed sequence, and raiseArcp::Errors::ResumeWindowExpiredor a protocol/authentication error when the token is invalid or expired. Add an integration spec that starts a job, consumes only part of the stream, reconnects with the previous resume token, and proves the missing events and terminal result are delivered without duplicating acknowledged events.