@mndrk/agx 1.4.23 → 1.4.25

package/lib/storage/locks.js

@@ -2,7 +2,12 @@
  * Task-level file locking for agx local state storage.
  * 
  * Prevents concurrent execution of the same task.
- * Lock file contains: { pid, at, host }
+ * Lock file contains: { pid, at, host, startedAt }
+ * 
+ * Lock validity checks:
+ * 1. Process must be alive (kill(pid, 0) succeeds)
+ * 2. Process start time must match (guards against PID reuse)
+ * 3. Lock must not be stale (default: 5 minutes)
  */
 
 const fs = require('fs');
@@ -21,6 +26,9 @@ const LOCK_STALE_MS = process.env.AGX_LOCK_STALE_MS
     ? parseInt(process.env.AGX_LOCK_STALE_MS, 10)
     : DEFAULT_LOCK_STALE_MS;
 
+// Process start time - used to detect PID reuse
+const PROCESS_STARTED_AT = Date.now();
+
 // ============================================================
 // Lock Management
 // ============================================================
@@ -30,6 +38,7 @@ const LOCK_STALE_MS = process.env.AGX_LOCK_STALE_MS
  * @property {string} lockPath - Path to the lock file
  * @property {number} pid - Process ID that holds the lock
  * @property {string} at - ISO timestamp when lock was acquired
+ * @property {number} startedAt - Process start timestamp (ms since epoch)
  * @property {boolean} released - Whether the lock has been released
  */
 
@@ -38,8 +47,27 @@ const LOCK_STALE_MS = process.env.AGX_LOCK_STALE_MS
  * @property {number} pid
  * @property {string} at
  * @property {string} host
+ * @property {number} [startedAt] - Process start timestamp (ms since epoch)
  */
 
+/**
+ * Check if a lock is owned by the current process instance.
+ * This guards against PID reuse by comparing process start times.
+ * @param {LockPayload} lock
+ * @returns {boolean}
+ */
+function isCurrentProcessLock(lock) {
+    if (lock.pid !== process.pid) {
+        return false;
+    }
+    // If startedAt is present, it must match our start time
+    if (typeof lock.startedAt === 'number') {
+        return lock.startedAt === PROCESS_STARTED_AT;
+    }
+    // Legacy lock without startedAt - be conservative, assume it's not ours
+    return false;
+}
+
 /**
  * Attempt to acquire a task lock.
  * @param {string} taskRootPath - Path to the task directory
@@ -56,18 +84,44 @@ async function acquireTaskLock(taskRootPath, options = {}) {
     const existingLock = await readJsonSafe(lockPath);
 
     if (existingLock && !force) {
-        // Check if the process is still alive
-        const isAlive = isProcessAlive(existingLock.pid);
-        const isStale = isLockStale(existingLock);
-
-        if (isAlive && !isStale) {
-            throw new Error(
-                `Task is locked by process ${existingLock.pid} since ${existingLock.at}. ` +
-                `Use --force to override if you're sure the lock is stale.`
-            );
-        }
+        // First check: is this our own lock from a previous run that wasn't released?
+        // This handles the case where the same process crashed/restarted mid-task.
+        if (existingLock.pid === process.pid) {
+            // Same PID - check if it's truly from this process instance
+            if (!isCurrentProcessLock(existingLock)) {
+                // Lock is from a previous instance of this PID (PID was reused)
+                // or from before this process started - safe to take over
+                // This is the key fix: we clean up our own stale locks
+            } else {
+                // Lock is from current process instance - we already hold it
+                // This shouldn't happen in normal operation, but return the existing lock
+                // Actually, this would be a programming error, so let's throw
+                throw new Error(
+                    `Lock already held by this process instance. ` +
+                    `This indicates a logic error - lock should be released before re-acquiring.`
+                );
+            }
+        } else {
+            // Different PID - check if the process is still alive and lock is fresh
+            const isAlive = isProcessAlive(existingLock.pid);
+            const isStale = isLockStale(existingLock);
+
+            if (isAlive && !isStale) {
+                // Also check process start time if available
+                const startTimeValid = !existingLock.startedAt || 
+                    isProcessStartTimeValid(existingLock.pid, existingLock.startedAt);
+                
+                if (startTimeValid) {
+                    throw new Error(
+                        `Task is locked by process ${existingLock.pid} since ${existingLock.at}. ` +
+                        `Use --force to override if you're sure the lock is stale.`
+                    );
+                }
+                // Process has same PID but different start time (PID reuse) - lock is stale
+            }
 
-        // Lock is stale or process is dead - we can take it
+            // Lock is stale or process is dead - we can take it
+        }
     }
 
     const now = new Date().toISOString();
@@ -78,6 +132,7 @@ async function acquireTaskLock(taskRootPath, options = {}) {
         pid,
         at: now,
         host: os.hostname(),
+        startedAt: PROCESS_STARTED_AT,
     };
 
     // Ensure task directory exists
@@ -97,6 +152,7 @@ async function acquireTaskLock(taskRootPath, options = {}) {
         lockPath,
         pid,
         at: now,
+        startedAt: PROCESS_STARTED_AT,
         released: false,
     };
 
@@ -114,23 +170,51 @@ async function releaseTaskLock(handle) {
         return;
     }
 
+    let deleted = false;
+    let ownershipVerified = false;
+
     try {
         // Verify we still own the lock before removing
         const current = await readJsonSafe(handle.lockPath);
 
         if (current && current.pid === handle.pid && current.at === handle.at) {
+            ownershipVerified = true;
             await fs.promises.unlink(handle.lockPath);
+            deleted = true;
+        } else if (!current) {
+            // Lock file doesn't exist - already released or never created
+            deleted = true;
         }
-        // If someone else took the lock, don't remove it
+        // If someone else took the lock, don't remove it (deleted stays false)
 
     } catch (err) {
-        if (err.code !== 'ENOENT') {
-            // Log but don't throw - lock release is best-effort
+        if (err.code === 'ENOENT') {
+            // File doesn't exist - that's fine
+            deleted = true;
+        } else {
+            // Log the error but continue - we'll try a forceful cleanup below
             console.error(`Warning: Failed to release lock ${handle.lockPath}:`, err.message);
+            
+            // If we verified ownership but failed to delete, try once more
+            if (ownershipVerified) {
+                try {
+                    await fs.promises.unlink(handle.lockPath);
+                    deleted = true;
+                } catch (retryErr) {
+                    if (retryErr.code === 'ENOENT') {
+                        deleted = true; // Succeeded (file was removed between attempts)
+                    } else {
+                        console.error(`Warning: Retry failed for lock ${handle.lockPath}:`, retryErr.message);
+                    }
+                }
+            }
         }
     }
 
     handle.released = true;
+    
+    // Return status for debugging (callers typically ignore this)
+    return { deleted, ownershipVerified };
 }
 
 /**
@@ -146,12 +230,10 @@ async function checkTaskLock(taskRootPath) {
         return null;
     }
 
-    // Check if still valid
-    const isAlive = isProcessAlive(lock.pid);
-    const isStale = isLockStale(lock);
-
-    if (!isAlive || isStale) {
-        return null; // Lock is stale
+    // Check if lock is valid
+    const { valid } = isLockValid(lock);
+    if (!valid) {
+        return null; // Lock is stale or invalid
     }
 
     return lock;
@@ -170,10 +252,9 @@ async function cleanStaleLock(taskRootPath) {
         return false;
     }
 
-    const isAlive = isProcessAlive(lock.pid);
-    const isStale = isLockStale(lock);
+    const { valid, reason } = isLockValid(lock);
 
-    if (!isAlive || isStale) {
+    if (!valid) {
         try {
             await fs.promises.unlink(lockPath);
             return true;
@@ -181,6 +262,8 @@ async function cleanStaleLock(taskRootPath) {
             if (err.code !== 'ENOENT') {
                 throw err;
             }
+            // File already deleted - that's fine
+            return true;
         }
     }
 
@@ -206,6 +289,40 @@ function isProcessAlive(pid) {
     }
 }
 
+/**
+ * Check if a process start time is valid (the lock was created by the current
+ * instance of that process, not a previous one that had the same PID).
+ * 
+ * This is a heuristic: if the startedAt is in the future or very old compared
+ * to the lock timestamp, something is wrong.
+ * 
+ * @param {number} pid
+ * @param {number} startedAt - Process start time from lock
+ * @returns {boolean}
+ */
+function isProcessStartTimeValid(pid, startedAt) {
+    if (typeof startedAt !== 'number') {
+        // No start time recorded - be conservative and assume valid
+        return true;
+    }
+    
+    const now = Date.now();
+    
+    // If startedAt is in the future, that's suspicious
+    if (startedAt > now + 60000) { // Allow 1 minute clock skew
+        return false;
+    }
+    
+    // If the lock holder is our own process, check if startedAt matches
+    if (pid === process.pid) {
+        return startedAt === PROCESS_STARTED_AT;
+    }
+    
+    // For other processes, we can't reliably verify start time
+    // Just do a sanity check that it's not impossibly old
+    return true;
+}
+
 /**
  * Check if a lock is stale based on timestamp.
  * @param {LockPayload} lock
@@ -221,14 +338,52 @@ function isLockStale(lock) {
     }
 }
 
+/**
+ * Determine if a lock is valid (should block acquisition).
+ * @param {LockPayload} lock
+ * @returns {{ valid: boolean, reason: string }}
+ */
+function isLockValid(lock) {
+    if (!lock) {
+        return { valid: false, reason: 'no lock' };
+    }
+
+    // Check if process is alive
+    const alive = isProcessAlive(lock.pid);
+    if (!alive) {
+        return { valid: false, reason: 'process dead' };
+    }
+
+    // Check if lock is stale
+    if (isLockStale(lock)) {
+        return { valid: false, reason: 'lock stale' };
+    }
+
+    // Check process start time if available
+    if (lock.startedAt && !isProcessStartTimeValid(lock.pid, lock.startedAt)) {
+        return { valid: false, reason: 'pid reused' };
+    }
+
+    // Check if it's our own lock from a previous run
+    if (lock.pid === process.pid && !isCurrentProcessLock(lock)) {
+        return { valid: false, reason: 'own stale lock' };
+    }
+
+    return { valid: true, reason: 'valid' };
+}
+
 // ============================================================
 // Exports
 // ============================================================
 
 module.exports = {
     LOCK_STALE_MS,
+    PROCESS_STARTED_AT,
     acquireTaskLock,
     releaseTaskLock,
     checkTaskLock,
     cleanStaleLock,
+    isProcessAlive,
+    isLockStale,
+    isLockValid,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mndrk/agx",
-  "version": "1.4.23",
+  "version": "1.4.25",
   "description": "Autonomous AI Agent Orchestrator for Claude, Gemini, and Ollama",
   "main": "lib/index.js",
   "exports": {
@@ -19,6 +19,7 @@
     "cloud-runtime/**"
   ],
   "scripts": {
+    "postinstall": "node ./scripts/postinstall.js || true",
     "prepack": "node ./scripts/package-board-runtime.js",
     "board:bundle": "node ./scripts/package-board-runtime.js",
     "test": "node --localstorage-file=/tmp/agx-jest-localstorage ./node_modules/jest/bin/jest.js --forceExit",