fix(viewer): restore live updates and sibling assets

[isuttell]

Summary

Production needs the local viewer fixes shipped through CI. This restores live viewer updates, keeps the iframe mounted through transient metadata refetch failures, and fixes signed content URLs so same-revision sibling assets can load without loosening web viewer scope beyond the artifact file list.

Changes

• Sign web dashboard viewer URLs from the full agent-view file list so iframe HTML can load sibling assets.
• Keep CLI publish-result entrypoint URLs unscoped by path so relative assets continue to work from the returned live URL.
• Add the stream Worker's ARTIFACT_LIVE Durable Object binding to preview and production Wrangler envs.
• Apply live update pointers immediately in the web artifact route and preserve the last good artifact during post-publish refetch timeouts.

Risk: HIGH

• Areas touched: API signed content URLs, web artifact viewer route, stream Worker production config.
• Security: signed content token path scoping changes; web viewer remains scoped to the artifact revision file list.
• Performance: one extra getAgentView lookup when serving web artifact details with a viewer.
• Breaking: no.

Test plan

• pnpm verify
• Pre-push pnpm test:coverage
• Preview live viewer smoke: published revision 5 to art_0TA3F2YKDMKRQZDJ3NGEW1G50Z; already-open preview viewer updated without reload; iframe HTML and test-image.png returned 200; no browser console errors.

Linear: none

Summary by CodeRabbit

• New Features

  • Web artifact viewers now support seamless access to sibling files and resources, enabling richer preview experiences.

• Bug Fixes

  • Fixed viewer state preservation during live artifact updates to prevent blanking.
  • Improved handling of live-update races and metadata refetch timeouts for better stability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 01afa9a4-a1f3-4280-a2f2-f0ceba53dbbb

📥 Commits

Reviewing files that changed from the base of the PR and between 3ae7ad0 and 3b2945e.

📒 Files selected for processing (7)

• apps/api/src/agent-view.test.ts
• apps/api/src/agent-view.ts
• apps/api/src/index.test.ts
• apps/api/src/routes/web.ts
• apps/stream/wrangler.jsonc
• apps/web/src/routes/_authed.artifacts.$artifactId.tsx
• apps/web/test/viewer-live-revoked.test.tsx

---

📝 Walkthrough

Walkthrough

This PR expands content token signing to control path scoping, collects multiple sibling file paths in revision URLs, integrates signed URLs into the web route and frontend viewer hooks, and enriches live-update callbacks with revision metadata. Durable object bindings are added to environment-specific Wrangler configuration.

Changes

Signed viewer URL flow

Layer / File(s)	Summary
Signing contract: paths inclusion control apps/api/src/agent-view.ts, apps/api/src/agent-view.test.ts	signedContentUrl extends signature with options parameter controlling whether paths field appears in token payloads; defaults to [path] but omits when options.paths === null. signPublishResult calls with { paths: null } to exclude path scoping. Test suite imports and validates publish-result signing omits paths.
Multi-file revision path collection apps/api/src/agent-view.ts	resolveRevisionContentUrl accepts agent view files and uses revisionFilePaths helper to build paths from entrypoint plus additional unique file paths, supplying expanded set to signedContentUrl. signAgentViewContentUrls passes data.files so revision URLs include sibling file scope.
Agent view and API signing test coverage apps/api/src/agent-view.test.ts, apps/api/src/index.test.ts	Access-link test expanded to include image file, verifies signed URLs and token payloads include both paths. Revision URL test expects both docs/index.html and index.html in paths. New API integration test validates web artifact endpoint signing: fetches agent view, returns signed viewer iframe src, decodes token to verify artifact/revision ids and sibling file paths.
Web route artifact viewer signing integration apps/api/src/routes/web.ts	Route imports contentBaseUrl, fetches optional agent view from db.getAgentView, and passes view (or null) into signAgentViewContentUrls. Signed revision_content_url overrides viewer iframe src with scoped authenticated URL.
Frontend viewer source hooks with live-update state apps/web/src/routes/_authed.artifacts.$artifactId.tsx	Route imports WebArtifactDetailResponse and QueryClient types. Component derives artifact and iframeSrc from new hooks. useLastGoodArtifact caches latest artifact response to prevent refetch races from blanking viewer. useArtifactViewerSrc centralizes live-update connection, pointer/revocation events, query invalidation, and iframe source derivation using lockdown and pointer state.
Live-update callback payload enrichment and test updates apps/web/test/viewer-live-revoked.test.tsx	Callback type expanded to include revision_id and render_mode alongside iframe_src. Publish-event test invokes callback with revision metadata and asserts viewer iframe src updates. Timeout test mocks network error on metadata refetch while invoking callback with revision metadata, asserts artifact refetch occurs twice and iframe src switches to next revision without showing error message.

Durable objects binding configuration

Layer / File(s)	Summary
Durable objects environment bindings apps/stream/wrangler.jsonc	env.preview and env.production blocks add durable_objects sections, each binding ARTIFACT_LIVE to the ArtifactLiveUpdates class for per-environment durable object access.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• zaks-io/agent-paste#460: Both PRs update the signed revision_content_url flow for API viewer signing and access-link routes, though this PR additionally changes token payload paths inclusion/omission logic.
• zaks-io/agent-paste#141: Both PRs modify apps/api content-token minting; #141 changes the signing secret backing signPublishResult, while this PR updates signPublishResult and signedContentUrl to control paths payload behavior.

Poem

🐰 A token signed with paths untethered,
Sibling files in scope now gathered,
Frontend hooks the pointer spy,
Viewer sources dance and fly,
Live updates refresh the view! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main changes: restoring live updates and enabling sibling assets in the viewer, which aligns with the primary PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/live-view-prod-fix

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

agent-paste PR preview resources were cleaned up. The shared Preview GitHub Environment is retained for future preview deploys.