More robust SignalR connection handling

[myieye]

Resolves #2331 — production symptoms and log evidence live there.

From manual testing, syncing (both pulling and pushing) appear to recover very quickly on connectivity and auth changes, even when opening projects when offline or unauthenticated, which previously caused trouble. The sync dialog also refreshed and keeps state info up-to-date. Tested most thoroughly on Android, but also on desktop (MAUI).

FwLite listens for Lexbox project-change push notifications over a per-server SignalR HubConnection. After network loss or an OS-frozen app (Android Doze) that connection could end up dead-but-cached: opening a project occasionally threw SendCoreAsync … not active, but more often push just silently stopped until a manual sync or restart. This makes the whole lifecycle robust, on the FwLite client side.

Don't get stuck. Check auth before reconnecting or handing back a cached connection; abort the infinite retry loop only on a real logout — decided by local account presence (IsSignedIn), not by whether a token can be fetched mid-outage, which was a false-logout trap. Guard Closed/eviction with ReferenceEquals so a live replacement is never evicted, tolerate SendAsync racing a drop, dispose on failed StartAsync, and serialize connection creation per server so concurrent callers can't build duplicates that dispose each other mid-use.

Always recover. A new _trackedProjects map (kept across rebuilds) lets listeners be re-established from every angle: auth change, successful sync, MAUI connectivity-regained, MAUI app-resume, and a 5-minute periodic backstop. All idempotent, and healing is per-project so siblings on a rebuilt connection get resubscribed rather than silently dropped.

Recover faster. Reconnect backoff adapts to device-reported network state (retry ~10s while online, back off to 60s while offline); and because SignalR has no retry-now API, strong recovery signals (connectivity/resume/post-sync) interrupt a mid-backoff reconnect instead of waiting it out.

Show offline, don't error. When a sync can't reach the server — connection drop or timeout — it now reports an Offline status instead of surfacing a raw connection error, and the FwLite sync dialog shows a brief offline notice while leaving the pending-change counts intact rather than optimistically zeroing them.

Be diagnosable. HubConnection's own logs now flow into the app logger, so the next occurrence is debuggable from user logs.

Depended on #2308 (merged) — the "logged out" signal is only trustworthy with those OAuth fixes in place. New/updated unit tests cover the reconnect decision, adaptive backoff, eviction guards, and resubscribe bookkeeping; the connection-orchestration paths that need a live HubConnection are exercised manually (cold-start network isolation needs per-process network control, not in CI). Manual check for the offline path: go offline, press Sync → the dialog shows the offline notice and the pending-change counts are preserved.

Housekeeping in this PR: .editorconfig silences IDE0061/IDE0022 for the expression-bodied members added here, and .gitignore excludes *.props.user and a local-only signalr-acceptance-tests.md manual-test cookbook.

Known follow-up: _trackedProjects is process-lifetime with no untrack path — a project opened once keeps being resubscribed for the session (bounded by distinct projects opened, not per-open). Intentional for now; revisit if listeners should stop on project-close.

🤖 Generated with Claude Code

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds network-aware SignalR push-listener recovery for MAUI and web: introduces an INetworkStatus abstraction, refactors LexboxProjectService with a tracked-project registry and AdaptiveRetryPolicy, and adds new hosted services (ConnectivitySyncTrigger, NetworkChangeSyncTrigger, PushListenerRecoveryService, AuthChangeListenerTrigger) that trigger listener reconnection on network/auth/resume events. SyncService gains an offline early-return gate and CrdtHttpSyncService gains health-cache invalidation. The frontend SyncDialog shows a "local changes safe" warning toast on unsynced results.

Changes

SignalR Push Listener Recovery

Layer / File(s)	Summary
INetworkStatus interface and platform implementations backend/FwLite/FwLiteShared/Services/INetworkStatus.cs, backend/FwLite/FwLiteShared/Services/NetworkInterfaceNetworkStatus.cs, backend/FwLite/FwLiteMaui/Services/ConnectivityNetworkStatus.cs	Defines INetworkStatus with bool IsOnline. NetworkInterfaceNetworkStatus (web/shared default) uses NetworkInterface.GetIsNetworkAvailable(). ConnectivityNetworkStatus (MAUI) uses IConnectivity.NetworkAccess == Internet.
LexboxProjectService refactor: tracked projects, adaptive retry, auth handling backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs	Removes IDisposable and GlobalEventBus subscription. Adds _trackedProjects registry, ILoggerFactory/INetworkStatus injection, HandleAuthChanged, EnsureListenersForTrackedProjects, and kickReconnecting support. Replaces constant infinite retry with AdaptiveRetryPolicy. Adds EvictAndStopIfCached with identity guard, HandleReconnecting with connection-identity checks, per-server SemaphoreSlim gates, and updated BuildAndStartConnection lifecycle callbacks.
Recovery hosted services and DI wiring backend/FwLite/FwLiteShared/Projects/AuthChangeListenerTrigger.cs, backend/FwLite/FwLiteShared/Projects/PushListenerRecoveryService.cs, backend/FwLite/FwLiteMaui/Services/ConnectivitySyncTrigger.cs, backend/FwLite/FwLiteWeb/Services/NetworkChangeSyncTrigger.cs, backend/FwLite/FwLiteMaui/App.xaml.cs, backend/FwLite/FwLiteShared/FwLiteSharedKernel.cs, backend/FwLite/FwLiteMaui/FwLiteMauiKernel.cs, backend/FwLite/FwLiteWeb/FwLiteWebKernel.cs	AuthChangeListenerTrigger subscribes to GlobalEventBus.OnAuthenticationChanged and calls HandleAuthChanged. PushListenerRecoveryService runs EnsureListenersForTrackedProjects on a 5-minute PeriodicTimer. ConnectivitySyncTrigger (MAUI) triggers recovery on internet-access transitions. NetworkChangeSyncTrigger (web) triggers recovery on NetworkAvailabilityChanged. App.xaml.cs adds a Resumed-event hook. All registered in kernel DI.
SyncService offline gate and CrdtHttpSyncService health-cache invalidation backend/FwLite/FwLiteShared/Sync/SyncService.cs, backend/FwLite/LcmCrdt/RemoteSync/CrdtHttpSyncService.cs	SyncService.ExecuteSync gains an early offline return via INetworkStatus.IsOnline; mid-sync HttpRequestException/OperationCanceledException are mapped to Offline. UploadProject throws on non-synced result. CrdtHttpSyncService extracts HealthCacheKey helper and adds InvalidateServerHealth to evict a cached verdict.
Tests: LexboxProjectService, AdaptiveRetryPolicy, ConnectivitySyncTrigger, CrdtHttpSyncService backend/FwLite/FwLiteShared.Tests/Projects/LexboxProjectServiceTests.cs, backend/FwLite/FwLiteShared.Tests/Projects/AdaptiveRetryPolicyTests.cs, backend/FwLite/FwLiteMaui.Tests/ConnectivitySyncTriggerTests.cs, backend/FwLite/LcmCrdt.Tests/CrdtHttpSyncServiceTests.cs	LexboxProjectServiceTests covers cached-connection reuse, HandleReconnecting sign-in/logout/replacement cases, EvictAndStopIfCached guards, and RegisterForResubscribe. AdaptiveRetryPolicyTests covers immediate early attempts, online/offline delays, per-attempt re-evaluation, and never-null guarantee. ConnectivitySyncTriggerTests covers ShouldRecover transition matrix. CrdtHttpSyncServiceTests covers health caching and InvalidateServerHealth.
Frontend SyncDialog warning toast and locale strings frontend/viewer/src/project/SyncDialog.svelte, frontend/viewer/src/locales/*.po	SyncDialog.svelte checks result.isSynced instead of falsy return, showing a "local changes are safe" warning and calling refreshStatus(). New msgid for that toast added to 8 locale files (en, es, fr, id, ko, ms, sw, vi); "Failed to synchronize" source reference updated across those files.
Tooling config .gitignore, backend/.editorconfig	.gitignore adds *.props.user and signalr-acceptance-tests.md. .editorconfig silences IDE0061/IDE0022 and repositions trim_trailing_whitespace.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• sillsdev/languageforge-lexbox#2174: Modifies the same ListenForProjectChanges/SignalR reconnect flow in LexboxProjectService that this PR significantly refactors.
• sillsdev/languageforge-lexbox#2308: Both PRs modify SyncService.ExecuteSync offline/logged-out state detection in the same code path.
• sillsdev/languageforge-lexbox#1971: Directly overlaps with this PR's changes to SyncDialog.svelte's syncLexboxToLocal control flow and failure-messaging logic.

Suggested reviewers

• hahn-kev

Poem

🐇 The network went dark, the listeners fell asleep,
But now a brave rabbit has promises to keep!
On resume, on auth-change, on signal regained,
The hubs reconnect swiftly — no changes are maimed.
"Your local edits are safe!" the toast kindly says,
While AdaptiveRetryPolicy counts offline days. 🌐✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 15.94% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'More robust SignalR connection handling' is closely related to the main change—addressing production failures in SignalR/HubConnection lifecycle management.
Description check	✅ Passed	The description is comprehensive and directly addresses the changeset, explaining network recovery, auth handling, offline presentation, and the recovery mechanisms implemented.
Linked Issues check	✅ Passed	The PR successfully addresses issue #2331: implements multi-path recovery (auth change, sync, connectivity, resume, periodic backstop), adaptive backoff based on network state, offline status reporting, robust lifecycle management with proper eviction guards, and per-project healing—all key objectives identified in the issue.
Out of Scope Changes check	✅ Passed	All changes are within scope: core improvements to SignalR/listener recovery, new hosted services for recovery triggers, adaptive retry policy, offline detection, plus housekeeping in .editorconfig and .gitignore directly related to the implementation.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch signalr-retry-improvements-v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

UI unit Tests

  1 files  ±0   62 suites  ±0   32s ⏱️ +5s
186 tests ±0  186 ✅ ±0  0 💤 ±0  0 ❌ ±0 
258 runs  ±0  258 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 4177009. ± Comparison against base commit fa14cfa.

♻️ This comment has been updated with latest results.

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	✅ No changes detected	-	Jun 17, 2026, 4:21 PM

[github-actions]

C# Unit Tests

165 tests   165 ✅  23s ⏱️
 23 suites    0 💤
  1 files      0 ❌

Results for commit 4177009.

♻️ This comment has been updated with latest results.

[github-actions]

C# FwHeadless Unit Tests

48 tests   48 ✅  16s ⏱️
 5 suites   0 💤
 1 files     0 ❌

Results for commit 4177009.

♻️ This comment has been updated with latest results.

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch signalr-retry-improvements-v2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs (1)

32-35: 🏗️ Heavy lift

Add an untrack path for _trackedProjects to prevent stale recovery/sync fan-out.

_trackedProjects is session-lifetime and currently only grows. Over long sessions, closed/removed projects will still be iterated by periodic recovery and reconnect sync triggers, which can create avoidable background work. Consider adding an explicit unregistration hook on project close/removal and pruning dead entries.

Also applies to: 395-401

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs` around lines 32
- 35, The _trackedProjects ConcurrentDictionary grows indefinitely over the
session lifetime and never removes closed or removed projects, causing
unnecessary iteration and background work in periodic recovery and reconnect
sync operations. Add an explicit untracking method that removes entries from
_trackedProjects when projects are closed or removed, and call this method in
the appropriate project lifecycle handlers (project close/removal events or
callbacks). This ensures dead entries are pruned and don't create avoidable
background work during periodic recovery and reconnect sync triggers.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs`:
- Around line 32-35: The _trackedProjects ConcurrentDictionary grows
indefinitely over the session lifetime and never removes closed or removed
projects, causing unnecessary iteration and background work in periodic recovery
and reconnect sync operations. Add an explicit untracking method that removes
entries from _trackedProjects when projects are closed or removed, and call this
method in the appropriate project lifecycle handlers (project close/removal
events or callbacks). This ensures dead entries are pruned and don't create
avoidable background work during periodic recovery and reconnect sync triggers.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: df2671f8-6e2c-4bd2-a51e-a0202d3ef5f2

📥 Commits

Reviewing files that changed from the base of the PR and between fa14cfa and 4177009.

📒 Files selected for processing (29)

• .gitignore
• backend/.editorconfig
• backend/FwLite/FwLiteMaui.Tests/ConnectivitySyncTriggerTests.cs
• backend/FwLite/FwLiteMaui/App.xaml.cs
• backend/FwLite/FwLiteMaui/FwLiteMauiKernel.cs
• backend/FwLite/FwLiteMaui/Services/ConnectivityNetworkStatus.cs
• backend/FwLite/FwLiteMaui/Services/ConnectivitySyncTrigger.cs
• backend/FwLite/FwLiteShared.Tests/Projects/AdaptiveRetryPolicyTests.cs
• backend/FwLite/FwLiteShared.Tests/Projects/LexboxProjectServiceTests.cs
• backend/FwLite/FwLiteShared/FwLiteSharedKernel.cs
• backend/FwLite/FwLiteShared/Projects/AuthChangeListenerTrigger.cs
• backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs
• backend/FwLite/FwLiteShared/Projects/PushListenerRecoveryService.cs
• backend/FwLite/FwLiteShared/Services/INetworkStatus.cs
• backend/FwLite/FwLiteShared/Services/NetworkInterfaceNetworkStatus.cs
• backend/FwLite/FwLiteShared/Sync/SyncService.cs
• backend/FwLite/FwLiteWeb/FwLiteWebKernel.cs
• backend/FwLite/FwLiteWeb/Services/NetworkChangeSyncTrigger.cs
• backend/FwLite/LcmCrdt.Tests/CrdtHttpSyncServiceTests.cs
• backend/FwLite/LcmCrdt/RemoteSync/CrdtHttpSyncService.cs
• frontend/viewer/src/locales/en.po
• frontend/viewer/src/locales/es.po
• frontend/viewer/src/locales/fr.po
• frontend/viewer/src/locales/id.po
• frontend/viewer/src/locales/ko.po
• frontend/viewer/src/locales/ms.po
• frontend/viewer/src/locales/sw.po
• frontend/viewer/src/locales/vi.po
• frontend/viewer/src/project/SyncDialog.svelte