Greptile Summary

This PR adds live-session disconnect logic to the gateway device handlers: when a paired device is removed or a device token is revoked, all active WebSocket clients matching that deviceId are immediately closed (code 4001). The implementation wires a new disconnectClientsForDevice hook into GatewayRequestContext, provides the concrete implementation in server.impl.ts, and ships handler-level tests covering both success and failure branches.\n\nKey changes:\n- types.ts: new optional disconnectClientsForDevice?: (deviceId: string) => void on GatewayRequestContext\n- devices.ts: calls the hook (with optional chaining) after a confirmed successful removal or revocation\n- server.impl.ts: iterates the clients Set and closes matching sockets; errors are swallowed\n- devices.test.ts: four tests asserting that disconnect is called on success and not called on failure\n\nOne design concern to consider: device.token.revoke targets a single role's token, but the implementation disconnects every active session for the entire deviceId. If the same device can have multiple simultaneous connections under different roles (e.g., "admin" and "operator"), revoking the "operator" token will also force-close the valid "admin" session. device.pair.remove disconnecting all sessions is unambiguously correct; the revoke path may warrant role-scoped filtering (or at least a comment confirming the all-sessions intent is deliberate).

Confidence Score: 5/5

Safe to merge; the core logic is correct and well-tested, with only a P2 design question about role-scoped vs. device-scoped disconnection on token revoke.

All findings are P2 or lower. The implementation is straightforward, errors are properly guarded with optional chaining, the try/catch prevents iterator errors from propagating, and four new tests cover the critical happy-path and failure-path branches.

src/gateway/server.impl.ts — the disconnectClientsForDevice implementation uses device-level granularity for both remove and revoke; worth confirming role-scoped filtering is not needed for the revoke case.

This is a comment left during a code review.
Path: src/gateway/server.impl.ts
Line: 1199-1210

Comment:
**Token revoke disconnects all device sessions regardless of role**

`device.token.revoke` revokes a token for a *specific* role (e.g., "operator"), but `disconnectClientsForDevice` closes every active socket for the entire `deviceId`. If a device has simultaneous connections for different roles (e.g., one session as "operator" and another as "admin"), revoking the "operator" token will also drop the still-valid "admin" session.

`device.pair.remove` disconnecting all sessions for the device is correct — the whole device is de-paired. But for `device.token.revoke`, the intent is presumably to invalidate a single role's token. The implementation in `devices.ts` calls the same broad helper for both operations, so there is no per-role filtering.

If the correct behaviour really is "revoke any one token → disconnect every session for the device", that should be documented. If not, consider adding a `role?: string` parameter to `disconnectClientsForDevice` so the iterator can additionally check `gatewayClient.connect.role === role` before closing.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "Gateway: disconnect revoked device sessi..." | Re-trigger Greptile}