fix(appkit): ownership-guard the typegen spawn lock with a token [F4]#426
Draft
atilafassina wants to merge 1 commit into
Draft
fix(appkit): ownership-guard the typegen spawn lock with a token [F4]#426atilafassina wants to merge 1 commit into
atilafassina wants to merge 1 commit into
Conversation
The single-flight spawn lock was released by path alone: any process (a
worker whose lock had been stolen as stale, or a stray call) could unlink a
lock it no longer owned, deleting a live worker's lock.
- spawn-lock.ts: acquireSpawnLock(lockPath, token) writes `${pid} ${ts}
${token}`; a stale-steal recreates with the new owner's token.
releaseSpawnLock(lockPath, token) reads the body and unlinks ONLY when it
carries that token (whitespace-delimited match) — otherwise a no-op.
- generate-types.ts: the foreground mints a random token (randomUUID),
passes it to acquireSpawnLock and to the worker via `--worker-token`
(replacing `--worker-lock`); the worker re-derives the lock path from its
rootDir positional and releases with the token. Keeps `...process.execArgv`
+ `--wait` on the worker argv.
Tests: token-match release, non-matching-token no-op, foreign/arbitrary path
no-op (file survives), steal-then-displaced-release doesn't delete the new
owner's lock; worker argv carries the token; existing single-flight cycle
preserved.
Co-authored-by: Isaac
Signed-off-by: Atila Fassina <atila@fassina.eu>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR4 of the typegen review-fix stack. Independent of PR1/PR2/PR3 (branches off
main). Scope: make spawn-lock release ownership-checked (F4).The bug
The single-flight spawn lock was released by path alone — any process (a worker
whose lock had been stolen as stale, or a stray
releaseSpawnLockcall) couldunlink a lock it no longer owned, deleting a live worker's lock.
Changes
spawn-lock.ts—acquireSpawnLock(lockPath, token)writes${pid} ${ts} ${token}; a stale-steal recreates with the new owner's token.releaseSpawnLock(lockPath, token)reads the body and unlinks only when itcarries that token (whitespace-delimited match); otherwise it's a no-op.
generate-types.ts— the foreground mints a random token (randomUUID),passes it to
acquireSpawnLockand to the worker via--worker-token(replacing
--worker-lock); the worker re-derives the lock path from itsrootDirpositional and releases with the token. Worker argv keeps...process.execArgv+--wait.Acceptance criteria (asserted)
foreign/arbitrary path is a no-op (the file survives).
delete the new owner's lock.
into the worker argv.
Checks
pnpm test(shared CLI),pnpm -r typecheck,pnpm check,pnpm --filter shared build:packageall green.Note
Touches
generate-types.ts, which PR3 (--no-cache) also edits. Branchedindependently off
main, so the two will textually conflict at merge — expectedand resolved at merge time.
This pull request and its description were written by Isaac.