superset-sh · Kitenite · Feb 10, 2026 · Feb 10, 2026 · Feb 10, 2026 · Feb 10, 2026
diff --git a/.env.example b/.env.example
@@ -68,15 +68,14 @@ FREESTYLE_API_KEY=
 # -----------------------------------------------------------------------------
 # Streams (AI Chat Server)
 # -----------------------------------------------------------------------------
-# Desktop app / client-facing
+# Clients (Desktop Web Mobile)
 STREAMS_URL=http://localhost:8080
-STREAMS_SECRET=
 
-# Streams server internals
+# Streams server internals (optional)
 STREAMS_PORT=8080
 STREAMS_INTERNAL_PORT=8081
-STREAMS_INTERNAL_URL=http://127.0.0.1:8081
-STREAMS_DATA_DIR=.data
+STREAMS_INTERNAL_URL=http://localhost:8081
+STREAMS_DATA_DIR=./data
 
 # -----------------------------------------------------------------------------
 # Sentry Error Tracking

diff --git a/apps/desktop/src/renderer/index.html b/apps/desktop/src/renderer/index.html
@@ -11,11 +11,11 @@
       - default-src 'self': Only allow resources from same origin
       - script-src 'self' 'wasm-unsafe-eval' https://*.posthog.com: Allow scripts from same origin + WebAssembly (for xterm ImageAddon) + PostHog
       - style-src 'self' 'unsafe-inline': Allow styles from same origin + inline (needed for CSS-in-JS)
-      - connect-src 'self' ws: wss: %NEXT_PUBLIC_API_URL% http://localhost:8080 http://localhost:8081 https://*.posthog.com https://*.sentry.io sentry-ipc:: Allow WebSocket + API (includes Electric proxy) + Durable Streams proxy + PostHog + Sentry
+      - connect-src 'self' ws: wss: %NEXT_PUBLIC_API_URL% %STREAMS_URL% https://*.posthog.com https://*.sentry.io sentry-ipc:: Allow WebSocket + API (includes Electric proxy) + Durable Streams proxy + PostHog + Sentry
       - img-src 'self' data: %NEXT_PUBLIC_API_URL% https://*.public.blob.vercel-storage.com https://github.com https://avatars.githubusercontent.com https://models.dev: Allow images from same origin + data URIs + API (Linear image proxy) + Vercel blob storage + GitHub avatars + model provider logos
       - font-src 'self': Allow fonts from same origin
     -->
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://*.posthog.com; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: %NEXT_PUBLIC_API_URL% http://localhost:8080 http://localhost:8081 https://*.posthog.com https://*.sentry.io sentry-ipc:; img-src 'self' data: %NEXT_PUBLIC_API_URL% https://*.public.blob.vercel-storage.com https://github.com https://avatars.githubusercontent.com https://models.dev; font-src 'self';" />
+    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval' https://*.posthog.com; style-src 'self' 'unsafe-inline'; connect-src 'self' ws: wss: %NEXT_PUBLIC_API_URL% %STREAMS_URL% https://*.posthog.com https://*.sentry.io sentry-ipc:; img-src 'self' data: %NEXT_PUBLIC_API_URL% https://*.public.blob.vercel-storage.com https://github.com https://avatars.githubusercontent.com https://models.dev; font-src 'self';" />
   </head>
 
   <body>

diff --git a/...ts/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/ChatInterface.tsx b/...ts/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/ChatInterface.tsx
@@ -1,3 +1,4 @@
+import { StreamError } from "@superset/durable-session";
 import { useDurableChat } from "@superset/durable-session/react";
 import {
 	Conversation,
@@ -343,11 +344,16 @@ export function ChatInterface({
 
 			<div className="border-t bg-background px-4 py-3">
 				<div className="mx-auto w-full max-w-3xl">
-					{error && (
-						<div className="rounded-md border border-destructive/20 bg-destructive/10 px-4 py-2 text-sm text-destructive mb-3">
-							{error.message}
-						</div>
-					)}
+					{error &&
+						(() => {
+							const { message, code } = StreamError.friendly(error);
+							return (
+								<div className="select-text rounded-md border border-destructive/20 bg-destructive/10 px-4 py-2 text-sm text-destructive mb-3">
+									{message}
+									{code && <span className="ml-1 opacity-50">({code})</span>}
+								</div>
+							);
+						})()}
 					<PromptInputProvider>
 						<FileMentionProvider cwd={cwd}>
 							<SlashCommandInput

diff --git a/apps/desktop/vite/helpers.ts b/apps/desktop/vite/helpers.ts
@@ -68,10 +68,15 @@ export function htmlEnvTransformPlugin(): Plugin {
 	return {
 		name: "html-env-transform",
 		transformIndexHtml(html) {
-			return html.replace(
-				/%NEXT_PUBLIC_API_URL%/g,
-				process.env.NEXT_PUBLIC_API_URL || "https://api.superset.sh",
-			);
+			return html
+				.replace(
+					/%NEXT_PUBLIC_API_URL%/g,
+					process.env.NEXT_PUBLIC_API_URL || "https://api.superset.sh",
+				)
+				.replace(
+					/%STREAMS_URL%/g,
+					process.env.STREAMS_URL || "https://superset-stream.fly.dev",
+				);
 		},
 	};
 }
diff --git a/apps/streams/src/env.ts b/apps/streams/src/env.ts
@@ -1,12 +1,15 @@
 import { createEnv } from "@t3-oss/env-core";
 import { z } from "zod";
 
+const DEFAULT_PORT = 8080;
+const DEFAULT_INTERNAL_PORT = 8081;
+
 export const env = createEnv({
 	server: {
-		STREAMS_PORT: z.coerce.number(),
-		STREAMS_INTERNAL_PORT: z.coerce.number(),
-		STREAMS_INTERNAL_URL: z.string().url(),
-		STREAMS_DATA_DIR: z.string().min(1),
+		STREAMS_PORT: z.coerce.number().default(DEFAULT_PORT),
+		STREAMS_INTERNAL_PORT: z.coerce.number().default(DEFAULT_INTERNAL_PORT),
+		STREAMS_INTERNAL_URL: z.string().url().optional(),
+		STREAMS_DATA_DIR: z.string().min(1).default("./data"),
 		DATABASE_URL: z.string().url(),
 	},
 	clientPrefix: "PUBLIC_",

diff --git a/apps/streams/src/index.ts b/apps/streams/src/index.ts
@@ -1,28 +1,9 @@
-import { execSync } from "node:child_process";
 import { existsSync, mkdirSync } from "node:fs";
 import { DurableStreamTestServer } from "@durable-streams/server";
 import { serve } from "@hono/node-server";
 import { env } from "./env";
 import { createServer } from "./server";
 
-// Kill stale listeners left behind by dev server restarts
-function freePort(port: number): void {
-	try {
-		const pid = execSync(`lsof -iTCP:${port} -sTCP:LISTEN -t`, {
-			encoding: "utf-8",
-		}).trim();
-		if (pid) {
-			process.kill(Number(pid), "SIGKILL");
-			console.log(`[streams] Killed stale process ${pid} on port ${port}`);
-		}
-	} catch {
-		// No process found on this port — nothing to do
-	}
-}
-
-freePort(env.STREAMS_PORT);
-freePort(env.STREAMS_INTERNAL_PORT);
-
 if (!existsSync(env.STREAMS_DATA_DIR)) {
 	mkdirSync(env.STREAMS_DATA_DIR, { recursive: true });
 }
@@ -36,8 +17,11 @@ console.log(
 	`[streams] Durable stream server on port ${env.STREAMS_INTERNAL_PORT}`,
 );
 
+const internalUrl =
+	env.STREAMS_INTERNAL_URL ?? `http://localhost:${env.STREAMS_INTERNAL_PORT}`;
+
 const { app } = createServer({
-	baseUrl: env.STREAMS_INTERNAL_URL,
+	baseUrl: internalUrl,
 	cors: true,
 	logging: true,
 });

diff --git a/docs/replace-streams-secret-with-session-auth.md b/docs/replace-streams-secret-with-session-auth.md
diff --git a/packages/durable-session/src/client.ts b/packages/durable-session/src/client.ts
@@ -24,6 +24,7 @@ import {
 	createToolResultsCollection,
 	updateConnectionStatus,
 } from "./collections";
+import { StreamError } from "./errors";
 import { extractTextContent, messageRowToUIMessage } from "./materialize";
 import type {
 	ActorType,
@@ -131,7 +132,10 @@ export class DurableChatClient<
 	// ═══════════════════════════════════════════════════════════════════════
 
 	constructor(options: DurableChatClientOptions<TTools>) {
-		this.options = options;
+		this.options = {
+			...options,
+			proxyUrl: options.proxyUrl.replace(/\/+$/, ""),
+		};
 		this.sessionId = options.sessionId;
 		this.actorId = options.actorId ?? crypto.randomUUID();
 		this.actorType = options.actorType ?? "user";
@@ -335,8 +339,7 @@ export class DurableChatClient<
 		});
 
 		if (!response.ok) {
-			const errorText = await response.text();
-			throw new Error(`Request failed: ${response.status} ${errorText}`);
+			throw StreamError.fromResponse(response);
 		}
 	}
 
@@ -381,17 +384,12 @@ export class DurableChatClient<
 		});
 	}
 
-	stop(): void {
-		fetch(`${this.options.proxyUrl}/v1/sessions/${this.sessionId}/stop`, {
-			method: "POST",
-			headers: { "Content-Type": "application/json" },
-			body: JSON.stringify({ messageId: null }), // null = stop all
-		}).catch((err) => {
-			console.warn("Failed to stop generation:", err);
+	async stop(): Promise<void> {
+		await this.postToProxy(`/v1/sessions/${this.sessionId}/stop`, {
+			messageId: null,
 		});
 	}
-	async stop(): Promise<void> {
-		await this.postToProxy(`/v1/sessions/${this.sessionId}/stop`, {
-			messageId: null,
-		});
-	}
+	async stop(): Promise<void> {
+		if (!this._isConnected) {
+			throw new Error("Client not connected. Call connect() first.");
+		}
+		try {
+			await this.postToProxy(`/v1/sessions/${this.sessionId}/stop`, {
+				messageId: null,
+			});
+		} catch (error) {
+			this._error = error instanceof Error ? error : new Error(String(error));
+			this.options.onError?.(this._error);
+			throw error;
+		}
+	}
-	async stop(): Promise<void> {
-		await this.postToProxy(`/v1/sessions/${this.sessionId}/stop`, {
-			messageId: null,
-		});
-	}
+	async stop(): Promise<void> {
+		if (!this._isConnected) {
+			throw new Error("Client not connected. Call connect() first.");
+		}
+		try {
+			await this.postToProxy(`/v1/sessions/${this.sessionId}/stop`, {
+				messageId: null,
+			});
+		} catch (error) {
+			this._error = error instanceof Error ? error : new Error(String(error));
+			this.options.onError?.(this._error);
+			throw error;
+		}
+	}
 
-	/** Local-only clear — does not affect the durable stream. */
 	clear(): void {
 		this.options.onMessagesChange?.([]);
 	}
@@ -589,10 +587,7 @@ export class DurableChatClient<
 		);
 
 		if (!response.ok) {
-			const errorText = await response.text();
-			throw new Error(
-				`Failed to fork session: ${response.status} ${errorText}`,
-			);
+			throw StreamError.fromResponse(response);
 		}
 
 		return (await response.json()) as ForkResult;
@@ -614,10 +609,7 @@ export class DurableChatClient<
 		);
 
 		if (!response.ok) {
-			const errorText = await response.text();
-			throw new Error(
-				`Failed to register agents: ${response.status} ${errorText}`,
-			);
+			throw StreamError.fromResponse(response);
 		}
 	}
 
@@ -635,10 +627,7 @@ export class DurableChatClient<
 		);
 
 		if (!response.ok) {
-			const errorText = await response.text();
-			throw new Error(
-				`Failed to unregister agent: ${response.status} ${errorText}`,
-			);
+			throw StreamError.fromResponse(response);
 		}
 	}
 
@@ -660,7 +649,6 @@ export class DurableChatClient<
 				updateConnectionStatus(meta, "connecting"),
 			);
 
-			// Skip server call in test mode (injected sessionDB)
 			if (!this.options.sessionDB) {
 				const response = await fetch(
 					`${this.options.proxyUrl}/v1/sessions/${this.sessionId}`,
@@ -671,12 +659,8 @@ export class DurableChatClient<
 					},
 				);
 
-				if (
-					!response.ok &&
-					response.status !== 200 &&
-					response.status !== 201
-				) {
-					throw new Error(`Failed to create session: ${response.status}`);
+				if (!response.ok) {
+					throw StreamError.fromResponse(response);
 				}
 			}
 

diff --git a/packages/durable-session/src/errors.ts b/packages/durable-session/src/errors.ts
@@ -0,0 +1,53 @@
+const FRIENDLY_MESSAGES: Record<number, string> = {
+	401: "Your session has expired. Please sign in again.",
+	403: "You don't have permission to access this chat.",
+	404: "Chat session not found. It may have been deleted.",
+	429: "Too many requests. Please wait a moment and try again.",
+	500: "Something went wrong on our end. Please try again.",
+	502: "Chat server is temporarily unavailable. Please try again.",
+	503: "Chat server is temporarily unavailable. Please try again.",
+};
+
+const NETWORK_MESSAGE =
+	"Unable to connect to the chat server. Check your internet connection.";
+
+export class StreamError extends Error {
+	readonly status: number;
+	readonly friendlyMessage: string;
+
+	constructor(status: number, detail?: string) {
+		const friendly =
+			FRIENDLY_MESSAGES[status] ?? `Unexpected error (${status})`;
+		super(detail ?? friendly);
+		this.name = "StreamError";
+		this.status = status;
+		this.friendlyMessage = friendly;
+	}
+
+	static fromResponse(response: Response): StreamError {
+		return new StreamError(response.status);
+	}
+
+	static friendly(error: unknown): { message: string; code: string | null } {
+		if (error instanceof StreamError) {
+			return {
+				message: error.friendlyMessage,
+				code: error.status > 0 ? `HTTP ${error.status}` : "NETWORK_ERROR",
+			};
+		}
+		if (error instanceof TypeError && error.message.includes("fetch")) {
+			return { message: NETWORK_MESSAGE, code: "NETWORK_ERROR" };
+		}
+		if (error instanceof Error) {
+			if (error.message.includes("Content Security Policy")) {
+				return {
+					message:
+						"Connection blocked by security policy. The chat server URL may not be allowed.",
+					code: "CSP_VIOLATION",
+				};
+			}
+			return { message: error.message, code: null };
+		}
+		return { message: "An unexpected error occurred.", code: "UNKNOWN" };
+	}
+}