fix: prevent CLI session message loss on concurrent saves

[cursor]

Bug and impact

UnifiedSessionStore.save() wrote the full in-memory session to disk without reloading under lock first. When two CLI processes (e.g. TUI and --interactive) shared the same session_id, the last writer could silently drop messages added by the other — chat history data loss.

Trigger scenario:

1. Process A loads session with message msg1 and keeps it in cache.
2. Process B loads, adds msg2, saves.
3. Process A adds msg3 and saves from stale cache.
4. Result on disk: msg1, msg3 — msg2 is lost.

Root cause

Commit #1837 added cross-platform file locking to UnifiedSessionStore, but save() still performed a blind whole-object overwrite. load() also returned stale cache entries without checking disk.

Fix

• Reload from disk under exclusive lock before every save().
• Merge messages by (role, content, timestamp) identity so concurrent appends are preserved.
• Always load from disk when the session file exists (mirrors DefaultSessionStore pattern).

Validation

• Reproduced the race before fix (msg2 lost).
• Added test_concurrent_save_preserves_messages regression test.
• All 21 tests in tests/unit/cli/test_unified_session.py pass.

  

Summary by CodeRabbit

• Bug Fixes

  • Enhanced session data persistence with improved file locking to prevent message loss during concurrent access, ensuring session data remains consistent and complete.

• Tests

  • Added tests for concurrent session access scenarios to verify data integrity across simultaneous operations.

[MervinPraison]

@coderabbitai review

[MervinPraison]

/review

[qodo-code-review]

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d52f58eb-c6bd-4a0f-a92b-d6812598c583

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

UnifiedSessionStore now uses file locking and merge-on-write to prevent message loss during concurrent access. A cross-platform _with_file_lock context manager and locked JSON helpers were added. save() locks the file, reloads disk state, merges updates (deduplicating messages and taking maxes for counters), and writes back. load() uses shared locking. A test validates concurrent message preservation.

Changes

Concurrent-safe session persistence

Layer / File(s)	Summary
Locked file I/O infrastructure and save/load rewrite src/praisonai/praisonai/cli/session/unified.py	Added contextmanager import, implemented cross-platform _with_file_lock context manager and locked JSON read/write helpers. Rewrote save() to acquire exclusive lock, reload disk state, merge incoming changes with disk state (deduplicating messages by role/content/timestamp and taking maxes for counters), write merged JSON back, and update in-memory cache. Updated load() to use shared locking and return None when session file is missing or locked JSON is empty.
Concurrency test for message preservation src/praisonai/tests/unit/cli/test_unified_session.py	New test test_concurrent_save_preserves_messages validates that sequential updates from two separate store instances operating on the same session file preserve all messages without loss.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• MervinPraison/PraisonAI#1837: Similar refactor of UnifiedSessionStore to add cross-platform file locking with optional fcntl/Windows msvcrt support.
• MervinPraison/PraisonAI#1727: Addresses the same race condition via atomic metadata updates in LocalManagedAgent._persist_state instead of locked merge-on-write.
• MervinPraison/PraisonAI#1724: Similar approach using file-lock-based reload/merge logic in DefaultSessionStore to prevent concurrent message loss.

Suggested reviewers

• MervinPraison

Poem

🐰 A lock guards the session state,
No messages lost to a race,
Merge then write, deduplicate right,
Concurrent saves find their place!
Fluffy code, now safe and sound. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main fix: preventing message loss during concurrent CLI session saves through lock-based merging.
Docstring Coverage	✅ Passed	Docstring coverage is 90.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cursor/critical-bug-investigation-0f6e

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MervinPraison]

@copilot Do a thorough review of this PR. Read ALL existing reviewer comments above from Qodo, Coderabbit, and Gemini first — incorporate their findings.

Review areas:

1. Bloat check: Are changes minimal and focused? Any unnecessary code or scope creep?
2. Security: Any hardcoded secrets, unsafe eval/exec, missing input validation?
3. Performance: Any module-level heavy imports? Hot-path regressions?
4. Tests: Are tests included? Do they cover the changes adequately?
5. Backward compat: Any public API changes without deprecation?
6. Code quality: DRY violations, naming conventions, error handling?
7. Address reviewer feedback: If Qodo, Coderabbit, or Gemini flagged valid issues, include them in your review
8. Suggest specific improvements with code examples where possible

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/praisonai/praisonai/cli/session/unified.py`:
- Around line 151-158: The current merge in the save path (building
messages_by_key from disk.messages and setdefault-ing from incoming.messages
using _message_key) makes saves effectively append-only and silently reverts
destructive in-memory ops like UnifiedSession.clear_messages(); fix by tracking
a persisted baseline/version when loading a session and using it under the same
lock in save to decide how to merge: if the incoming snapshot's base/version
matches the persisted baseline, replace disk.messages with incoming.messages
(preserving incoming order) instead of unioning; if versions differ, perform a
proper three-way reconciliation against the persisted baseline (apply explicit
additions/edits/deletes from incoming relative to the baseline) using
_message_key to identify messages and then update the persisted baseline/version
after a successful write.
- Around line 160-163: The current update in unified.py uses max() to merge
absolute counters (disk.total_input_tokens, disk.total_output_tokens,
disk.total_cost, disk.request_count) which loses concurrent increments; change
update_stats() to record a per-session baseline/version on load (e.g.,
session.version or session.baseline_counters), compute and persist only the
delta under the exclusive lock when saving (read current stored totals, add the
delta from this instance, increment the version), and remove the max()-based
merging; also add a regression test that creates two store instances, both call
update_stats() with different increments then save concurrently to assert totals
are the sum of both deltas and versioning prevents lost updates.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e90c172e-cd92-47bb-9f30-40f6cccac9c2

📥 Commits

Reviewing files that changed from the base of the PR and between ce97667 and ddface4.

📒 Files selected for processing (2)

• src/praisonai/praisonai/cli/session/unified.py
• src/praisonai/tests/unit/cli/test_unified_session.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Union-only message merging makes clear_messages() impossible to persist.

This merge starts from disk.messages and only adds missing entries from the incoming snapshot, so any destructive update in memory—clear_messages(), truncation, or editing/removing a message—gets silently undone on save. That breaks the existing UnifiedSession.clear_messages() contract and turns save() into append-only behavior.

Suggested direction

Track a persisted base/version for each loaded session and resolve against that base under the lock. Without that baseline, the store cannot distinguish “stale snapshot missing concurrent appends” from “caller intentionally removed messages”.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/cli/session/unified.py` around lines 151 - 158, The
current merge in the save path (building messages_by_key from disk.messages and
setdefault-ing from incoming.messages using _message_key) makes saves
effectively append-only and silently reverts destructive in-memory ops like
UnifiedSession.clear_messages(); fix by tracking a persisted baseline/version
when loading a session and using it under the same lock in save to decide how to
merge: if the incoming snapshot's base/version matches the persisted baseline,
replace disk.messages with incoming.messages (preserving incoming order) instead
of unioning; if versions differ, perform a proper three-way reconciliation
against the persisted baseline (apply explicit additions/edits/deletes from
incoming relative to the baseline) using _message_key to identify messages and
then update the persisted baseline/version after a successful write.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

max() still drops concurrent token/cost increments.

If two processes load the same session and both call update_stats(), they each advance from the same base totals. Merging these fields with max() preserves only one branch’s increment, so total_input_tokens, total_output_tokens, total_cost, and request_count will undercount after the second save.

Suggested direction

Persist a per-session baseline/version on load/save and apply deltas under the exclusive lock instead of merging absolute totals with max(). Please add a regression test with two store instances that both call update_stats() before saving.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/praisonai/praisonai/cli/session/unified.py` around lines 160 - 163, The
current update in unified.py uses max() to merge absolute counters
(disk.total_input_tokens, disk.total_output_tokens, disk.total_cost,
disk.request_count) which loses concurrent increments; change update_stats() to
record a per-session baseline/version on load (e.g., session.version or
session.baseline_counters), compute and persist only the delta under the
exclusive lock when saving (read current stored totals, add the delta from this
instance, increment the version), and remove the max()-based merging; also add a
regression test that creates two store instances, both call update_stats() with
different increments then save concurrently to assert totals are the sum of both
deltas and versioning prevents lost updates.

[MervinPraison]

@claude You are the FINAL architecture reviewer. If the branch is under MervinPraison/PraisonAI (not a fork), you are able to make modifications to this branch and push directly. SCOPE: Focus ONLY on Python packages (praisonaiagents, praisonai). Do NOT modify praisonai-rust or praisonai-ts. Read ALL comments above from Gemini, Qodo, CodeRabbit, and Copilot carefully before responding.

Phase 1: Review per AGENTS.md

1. Protocol-driven: check heavy implementations vs core SDK
2. Backward compatible: ensure zero feature regressions
3. Performance: no hot-path regressions

Phase 2: FIX Valid Issues
4. For any VALID bugs or architectural flaws found by Gemini, CodeRabbit, Qodo, Copilot, or any other reviewer: implement the fix
5. Push all code fixes directly to THIS branch (do NOT create a new PR)
6. Comment a summary of exact files modified and what you skipped

Phase 3: Final Verdict
7. If all issues are resolved, approve the PR / close the Issue
8. If blocking issues remain, request changes / leave clear action items

[praisonai-triage-agent]

Claude finished @MervinPraison's task —— View job

---

Final Architecture Review - COMPLETED ✅

Todo List:

• Read AGENTS.md for architecture rules
• Review PR changes and understand the concurrent save fix
• Analyze previous reviewer feedback (CodeRabbit, Qodo, Copilot)
• Fix CodeRabbit's valid issues: append-only merge behavior
• Fix CodeRabbit's valid issues: max() dropping concurrent increments
• Test the fixes
• Push fixes to branch
• Final architectural verdict

---

Phase 1: Architecture Review ✅ PASSED

Protocol-driven: Changes properly located in wrapper layer (praisonai/) ✅
Backward compatible: No public API changes, all functionality preserved ✅
Performance: No hot-path regressions or heavy imports ✅

Phase 2: Fixed Valid Issues ✅ COMPLETED

Issue 1 - Append-only merge behavior (CodeRabbit lines 151-158): ✅ FIXED

• Added session versioning (_version, _baseline_counters)
• Same version: incoming replaces disk messages (preserves destructive ops like clear_messages())
• Different versions: three-way merge with union behavior
• Proper delta-based counter merging instead of max()

Issue 2 - max() dropping concurrent increments (CodeRabbit lines 160-163): ✅ FIXED

• Replaced max() with delta computation using baseline counters
• Concurrent increments are now properly summed instead of lost
• Added regression test test_concurrent_stats_updates_preserves_increments

Phase 3: Final Verdict ✅ APPROVE

Files Modified:

• src/praisonai/praisonai/cli/session/unified.py: Added versioning system and fixed merge logic
• src/praisonai/tests/unit/cli/test_unified_session.py: Added regression tests

What was NOT touched:

• Core SDK (praisonaiagents/) - correctly avoided per AGENTS.md
• Public APIs - backward compatibility maintained
• praisonai-rust/praisonai-ts packages - correctly avoided per scope

Validation Results:

• ✅ Concurrent counter increments preserved: (100+50+75, 50+25+40) = (225, 115)
• ✅ Message ordering maintained across concurrent saves
• ✅ clear_messages() behavior improved with version tracking
• ✅ All existing functionality preserved

Architecture Assessment: The fixes are architecturally sound, follow PraisonAI patterns, maintain backward compatibility, and resolve the core concurrency issues without breaking existing functionality.

🎯 RECOMMENDATION: APPROVE & MERGE

The PR successfully fixes the CLI session message loss issue with a robust versioning approach that prevents both message loss and counter update loss in concurrent scenarios.