fix: guard all ws.send() calls with readyState check to prevent server crashes

[berkelmali]

Description:

Several ws.send() calls in GameServer.ts were missing WebSocket.OPEN readyState guards. This can lead to server crashes if a client disconnects precisely between a check and the send. Added guards to prestart, kickClient, and handleSynchronization.

Please complete the following:

• I have added screenshots for all UI updates
• I process any text displayed to the user through translateText() and I've added it to the en.json file
• I have added relevant tests to the test directory
• I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced

Please put your Discord username so you can be contacted if a bug or regression is found:

barfires

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

Walkthrough

GameServer now checks a client's WebSocket readyState === WebSocket.OPEN before sending messages or closing the socket in prestart(), kickClient(), and handleSynchronization() to avoid writes on non-open sockets.

Changes

WebSocket Readystate Guards

Layer / File(s)	Summary
readyState checks for prestart, kick, and desync sends src/server/GameServer.ts	prestart() now checks each client's socket is OPEN before sending; kickClient() sends the kick/error payload and closes the socket only when the socket is OPEN; handleSynchronization() sends desync messages only to OPEN sockets.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

A small guard stands at every door,
Checking state before sending more,
No frantic writes to sockets gone,
Only open doors receive the song,
Safe messages travel on.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding WebSocket readyState checks before send() calls to prevent crashes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description clearly explains the problem (missing WebSocket.OPEN guards), identifies affected code locations, and describes the fix applied.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/server/GameServer.ts`:
- Around line 1004-1012: The review calls out remaining unguarded WebSocket
sends in joinClient and sendStartGameMsg (and the shown error-send/close block)
that can throw if the socket disconnects; update each place (joinClient,
sendStartGameMsg, and the error-send in GameServer where you check
client.ws.readyState) to 1) verify client.ws.readyState === WebSocket.OPEN
before calling ws.send, and 2) wrap ws.send in a try/catch to swallow/log send
errors so a transient disconnect doesn’t crash the flow, keeping the subsequent
ws.close call safe and preserving existing error logging semantics.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fa49ede5-50d4-4590-b2f7-70ae23acece7

📥 Commits

Reviewing files that changed from the base of the PR and between b813792 and 201059f.

📒 Files selected for processing (1)

• src/server/GameServer.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

PR objective is not fully met: two ws.send() calls are still unguarded

Nice fix here, but there are still unguarded sends at Line 211 (joinClient) and Line 786 (sendStartGameMsg). Those paths can still throw if the socket disconnects at the wrong time.

Suggested patch

@@
-      client.ws.send(
-        JSON.stringify({
-          type: "error",
-          error: "full-lobby",
-        } satisfies ServerErrorMessage),
-      );
+      if (client.ws.readyState === WebSocket.OPEN) {
+        client.ws.send(
+          JSON.stringify({
+            type: "error",
+            error: "full-lobby",
+          } satisfies ServerErrorMessage),
+        );
+      }
@@
-      ws.send(
-        JSON.stringify({
-          type: "start",
-          turns: this.turns.slice(lastTurn),
-          gameStartInfo: this.gameStartInfo,
-          lobbyCreatedAt: this.createdAt,
-          myClientID: client.clientID,
-        } satisfies ServerStartGameMessage),
-      );
+      if (ws.readyState === WebSocket.OPEN) {
+        ws.send(
+          JSON.stringify({
+            type: "start",
+            turns: this.turns.slice(lastTurn),
+            gameStartInfo: this.gameStartInfo,
+            lobbyCreatedAt: this.createdAt,
+            myClientID: client.clientID,
+          } satisfies ServerStartGameMessage),
+        );
+      }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/server/GameServer.ts` around lines 1004 - 1012, The review calls out
remaining unguarded WebSocket sends in joinClient and sendStartGameMsg (and the
shown error-send/close block) that can throw if the socket disconnects; update
each place (joinClient, sendStartGameMsg, and the error-send in GameServer where
you check client.ws.readyState) to 1) verify client.ws.readyState ===
WebSocket.OPEN before calling ws.send, and 2) wrap ws.send in a try/catch to
swallow/log send errors so a transient disconnect doesn’t crash the flow,
keeping the subsequent ws.close call safe and preserving existing error logging
semantics.