Review — end-to-end ✅ (clean approve, regression test pushed)

What this ships

A 1-line removal in static/boot.js:906-918: the empty-session guard added in #1182 was calling localStorage.removeItem('hermes-webui-session'). That made the FIRST refresh of an empty conversation work (loadSession → loadDir runs, then guard fires and clears the key) but the SECOND refresh fell into the "no saved session" boot path which never calls loadDir() — file tree went permanently blank until the user clicked + or sent a message.

Removing the removeItem() call means every refresh takes the same path:

loadSession(saved) → loadDir('.') populates the workspace tree
  → ephemeral guard fires (message_count=0)
  → S.session=null in memory only
  → workspace panel stays open with files visible

Traced against upstream hermes-agent

Pure WebUI boot/state flow. Zero agent coupling.

End-to-end trace

Refresh sequence — pre-fix vs post-fix

Why keeping the localStorage key is safe

Three concerns I traced:

1. Sidebar pollution: would the empty session_A show up as an "Untitled" entry? No — all_sessions() at api/models.py:564-567 filters Untitled+0-message sessions regardless of age (#1171/#1182). Server returns them filtered.

2. In-memory state: the guard still sets S.session=null and S.messages=[] (boot.js:907) so the user isn't locked into the empty conversation as the active session. They're back to the empty-state UI.

3. Recovery path: when the user actually creates a real session via "+" or sending a message, newSession() creates a fresh session in SESSIONS (per #1184 the empty session never went to disk anyway) and localStorage.setItem('hermes-webui-session', new_id) overwrites the key naturally.

Edge case: server restart with stale localStorage

Trace I walked through:

• After #1184, empty sessions live only in SESSIONS dict (no disk write)
• Server restart wipes SESSIONS
• localStorage still points to the now-gone session_A
• Refresh: loadSession(A) → API 404 → loadSession at sessions.js:131-143 sets msgInner to "Session not available in web UI", returns silently (no throw)
• S.session stays null (loadSession doesn't reset it)
• Ephemeral guard: if(S.session && ...) is false → falls through
• User sees the "Session not available" message until they click + or send a message — recovery works via newSession overwriting the key

This isn't a regression introduced by the PR — same behaviour as before. Just noting that the localStorage key persisting across server restarts is benign (recovery is automatic).

What I pushed — 5d9b38c

3 static-analysis tests in tests/test_workspace_files_persist_on_empty_reload.py:

1. test_ephemeral_guard_does_not_remove_session_localstorage_key — locks the actual fix: the guard block must NOT contain localStorage.removeItem('hermes-webui-session'). If a future "cleanup" reintroduces the call, this test fires.
2. test_ephemeral_guard_still_clears_in_memory_session_state — locks S.session=null and S.messages=[] so the in-memory clear isn't accidentally removed alongside the localStorage cleanup.
3. test_ephemeral_guard_still_restores_panel_pref — locks PR #1187's panel-pref restore so it can't regress in this same block.

Together these pin the three coupled invariants: localStorage key stays (this PR), in-memory state clears (#1182), panel pref restores (#1187). CI re-ran green on 5d9b38c.

Edge-case trace

Tests

• My 3 new tests: pass.
• Local full suite: 2684 passed, 47 skipped, 0 failures (the macOS test_sprint3 quirk is now fixed by my own #1186 which landed in v0.50.231 batch — visible in git log).
• CI on PR after my push: ✅ test (3.11), ✅ test (3.12), ✅ test (3.13).

Other audit — confirmed correct

• JS syntax: node --check passes on boot.js.
• No agent coupling: pure UI state flow.
• renderSessionListFromCache active-session preservation: with S.session=null, the OR clause S.session && s.session_id===S.session.session_id is false, so the empty session_A won't accidentally appear in the sidebar via that path either.
• Cooperative with #1187: panel pref restore still runs in the same block; both fixes coexist.

Minor observations (non-blocking)

• The persistent localStorage→deleted-session 404 path could be tightened in a follow-up: loadSession could detect 404 and clear localStorage itself, sending the next refresh into the no-saved-session path with the workspace panel correctly opening from _freshPanelPref. Not in scope here.
• The sequence diagram in the PR description is excellent — accurate trace of the bug and the fix.

Recommendation

Approved. Surgical 1-line removal that resolves the second-refresh regression introduced by #1182. The PR description's bug analysis is correct: removing the localStorage key sent later refreshes into a path that doesn't call loadDir(). Keeping the key is safe because (a) the in-memory state still clears, (b) the server-side sidebar filter still hides the empty session, and (c) newSession() overwrites the key when the user creates a real session. Pushed 3 regression tests pinning the contract. CI green; full suite clean. Parked at approval — ready for the release agent's merge/tag pipeline.