✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

✅ PR preview is ready!

📈 Frontend coverage change detected

The frontend unit test (vitest) coverage has increased by 0.1500%

• Current PR: 86.5900% (13740 lines, 1842 missed)
• Latest develop: 86.4400% (13715 lines, 1859 missed)

🎉 Great job on improving test coverage!

📊 View detailed coverage comparison

Summary

This PR extends the existing SEND_APP_HEARTBEAT mechanism to include server acknowledgments. When the frontend sends an app_heartbeat BackMsg, the server now responds with a heartbeat_ack ForwardMsg. The frontend tracks these acks and triggers a websocket reconnect if an ack isn't received within 29 seconds (1 second shorter than the expected 30s heartbeat interval in hosted environments).

Main changes:

• Added heartbeat_ack field (field 26) to ForwardMsg.proto
• Backend: _handle_app_heartbeat_request() now enqueues a heartbeat_ack ForwardMsg
• Frontend: ConnectionManager tracks heartbeat timeouts and triggers reconnects on timeout
• Frontend: WebsocketConnection added reconnect() method that transitions FSM to PINGING_SERVER
• Frontend: App.tsx handles heartbeatAck messages and notifies ConnectionManager

Code Quality

The code is well-structured and follows existing patterns in the codebase.

Strengths:

• Clear separation of concerns: ConnectionManager handles timeout tracking, WebsocketConnection handles FSM transitions
• Proper cleanup in disconnect() to prevent memory leaks (line 227 in ConnectionManager.ts)
• Good defensive programming with isConnected() check before reconnect (line 250 in ConnectionManager.ts)
• Well-documented constants with rationale (HEARTBEAT_ACK_TIMEOUT_MS in constants.ts:76-83)
• Clean docstrings following numpydoc style in the Python code

Minor observations:

• The awaitingHeartbeatAck flag (line 104 in ConnectionManager.ts) is technically redundant since heartbeatAckTimeoutId !== undefined serves the same purpose, but it adds clarity and is an acceptable defensive pattern.

Test Coverage

Test coverage is comprehensive and follows best practices.

Python tests (app_session_test.py:1279-1291):

• Tests that heartbeat_ack ForwardMsg is enqueued with correct type
• Includes negative assertion (WhichOneof("type") == "heartbeat_ack") to verify correct message type

Frontend tests:

1. ConnectionManager.test.ts (new file, 194 lines):

   • Tests timeout starting when heartbeat is sent
   • Tests reconnect triggered on timeout
   • Tests timeout clearing when new heartbeat sent (proper debounce)
   • Tests timeout clearing on ack received
   • Tests no error when ack received without pending heartbeat
   • Tests timeout cleared on disconnect
   • Tests no reconnect attempt when already disconnected
   • Good use of vi.useFakeTimers() for deterministic timing tests

2. WebsocketConnection.test.tsx (lines 1018-1032):

   • Tests reconnect() transitions to PINGING_SERVER when connected
   • Tests reconnect() does nothing when not connected (negative assertion)

3. App.test.tsx (lines 4590-4606):

   • Tests onHeartbeatSent called on SEND_APP_HEARTBEAT message
   • Tests onHeartbeatAckReceived called on heartbeatAck ForwardMsg

E2E test infrastructure:

• Updated hostframe.html with "Send Heartbeat" button for manual testing

Backwards Compatibility

Fully backwards compatible:

• Proto field 26 is purely additive; old clients ignore unknown fields
• In OSS Streamlit, SEND_APP_HEARTBEAT is never sent by hosts, so this code path is never executed
• Old servers won't send heartbeat_ack, but this only matters in hosted environments that would update both client and server together
• The reconnect() method uses existing FSM transitions (PINGING_SERVER), not new states

Security & Risk

No security concerns identified:

• No new attack vectors introduced
• Heartbeat mechanism doesn't expose sensitive information
• No new authentication or authorization paths

Risk assessment:

• Low risk: The feature is opt-in (only triggered by hosted environments sending SEND_APP_HEARTBEAT)
• Graceful degradation: If server doesn't respond with ack, worst case is a reconnect attempt
• Timeout value: 29s timeout assumes 30s heartbeat interval. If configured differently, could cause unnecessary reconnects, but this is documented and acceptable for hosted use cases

Recommendations

No blocking issues found. The implementation is clean, well-tested, and follows established patterns.

Optional consideration (non-blocking):

1. The timeout constant HEARTBEAT_ACK_TIMEOUT_MS = 29 * 1000 assumes a 30s heartbeat interval. If this interval ever becomes configurable per-deployment, consider making the timeout configurable as well. This is documented in the code comments and acceptable for current use cases.

Verdict

APPROVED: This is a well-implemented feature with comprehensive test coverage, proper cleanup handling, and full backwards compatibility. The code follows existing patterns and best practices, and the PR description clearly explains the motivation and testing approach.

This is an automated AI review using opus-4.5-thinking. Please verify the feedback and use your judgment.