@portel/photon 1.20.1 → 1.21.0

package/dist/daemon/server.js

@@ -24,6 +24,7 @@ import { timingSafeEqual, readBody, SimpleRateLimiter } from '../shared/security
 import { audit } from '../shared/audit.js';
 import { WorkerManager } from './worker-manager.js';
 import fastJsonPatch from 'fast-json-patch';
+import { getOwnerFilePath, isPidAlive, readOwnerRecord, removeOwnerRecord, waitForPidExit, writeOwnerRecord, } from './ownership.js';
 // eslint-disable-next-line @typescript-eslint/unbound-method
 const jsonPatchCompare = fastJsonPatch.compare;
 // Command line args: socketPath (global daemon only needs socket path)
@@ -37,6 +38,29 @@ if (!socketPath) {
     logger.error('Missing required argument: socketPath');
     process.exit(1);
 }
+const pidFile = path.join(path.dirname(socketPath), 'daemon.pid');
+const ownerFile = getOwnerFilePath(socketPath);
+let daemonOwnershipConfirmed = false;
+async function isSocketResponsive(target) {
+    if (process.platform === 'win32' || !fs.existsSync(target))
+        return false;
+    return new Promise((resolve) => {
+        const client = net.createConnection(target);
+        const timer = setTimeout(() => {
+            client.destroy();
+            resolve(false);
+        }, 1000);
+        client.on('connect', () => {
+            clearTimeout(timer);
+            client.destroy();
+            resolve(true);
+        });
+        client.on('error', () => {
+            clearTimeout(timer);
+            resolve(false);
+        });
+    });
+}
 // ════════════════════════════════════════════════════════════════════════════════
 // IN-PROCESS BROKER
 // All photons run inside the daemon process, so pub/sub is just in-memory dispatch.
@@ -104,6 +128,38 @@ workerManager.onPublish = (channel, message) => {
     // Also forward to other workers
     workerManager.dispatchToWorkers(channel, message);
 };
+// Track connected sockets for graceful shutdown broadcast
+const connectedSockets = new Set();
+/** Reference to the daemon server for closing the listener during shutdown */
+let daemonServer = null;
+/** Whether the daemon is shutting down (reject new commands) */
+let isShuttingDown = false;
+/** Tracks active executeTool calls per composite key */
+const activeExecutions = new Map();
+/** Per-key mutex to prevent concurrent reloads (format-on-save race) */
+const reloadMutex = new Map();
+function trackExecution(key) {
+    const tracker = activeExecutions.get(key);
+    if (tracker) {
+        tracker.count++;
+    }
+    else {
+        activeExecutions.set(key, { count: 1 });
+    }
+}
+function untrackExecution(key) {
+    const tracker = activeExecutions.get(key);
+    if (!tracker)
+        return;
+    tracker.count--;
+    if (tracker.count <= 0 && tracker.drainResolve) {
+        tracker.drainResolve();
+        tracker.drainResolve = undefined;
+    }
+    if (tracker.count <= 0) {
+        activeExecutions.delete(key);
+    }
+}
 // Map of compositeKey -> SessionManager (lazy initialized)
 const sessionManagers = new Map();
 const photonPaths = new Map(); // compositeKey -> photonPath
@@ -484,6 +540,7 @@ async function runJob(jobId) {
         return;
     }
     logger.info('Running scheduled job', { jobId, method: job.method, photon: job.photonName });
+    trackExecution(key);
     try {
         const session = await sessionManager.getOrCreateSession('scheduler', 'scheduler');
         await sessionManager.loader.executeTool(session.instance, job.method, job.args || {});
@@ -511,6 +568,9 @@ async function runJob(jobId) {
             error: getErrorMessage(error),
         });
     }
+    finally {
+        untrackExecution(key);
+    }
     scheduleJob(job);
 }
 function unscheduleJob(jobId) {
@@ -525,13 +585,14 @@ function unscheduleJob(jobId) {
     }
     return existed;
 }
-/** Update persisted schedule file (from ScheduleProvider) after job execution */
+/** Update persisted schedule file after job execution */
 function updatePersistedSchedule(jobId, photonName, updates) {
-    // Only for jobs loaded from schedule files (format: photonName:sched:uuid)
-    const match = jobId.match(/^[^:]+:sched:(.+)$/);
-    if (!match)
+    // Handle both ScheduleProvider jobs (photonName:sched:uuid) and IPC jobs (photonName:*:ipc:uuid)
+    const schedMatch = jobId.match(/^[^:]+:sched:(.+)$/);
+    const ipcMatch = jobId.match(/^[^:]+(?::[^:]+)?:ipc:(.+)$/);
+    if (!schedMatch && !ipcMatch)
         return;
-    const taskId = match[1];
+    const taskId = schedMatch ? schedMatch[1] : ipcMatch[1];
     const schedulesDir = path.join(process.env.PHOTON_SCHEDULES_DIR || path.join(os.homedir(), '.photon', 'schedules'), photonName.replace(/[^a-zA-Z0-9_-]/g, '_'));
     const filePath = path.join(schedulesDir, `${taskId}.json`);
     try {
@@ -547,6 +608,152 @@ function updatePersistedSchedule(jobId, photonName, updates) {
         // File may have been removed — ignore
     }
 }
+/** Persist an IPC-created schedule job to disk for daemon restart recovery */
+function persistIpcSchedule(job) {
+    const schedulesDir = path.join(process.env.PHOTON_SCHEDULES_DIR || path.join(os.homedir(), '.photon', 'schedules'), job.photonName.replace(/[^a-zA-Z0-9_-]/g, '_'));
+    try {
+        fs.mkdirSync(schedulesDir, { recursive: true });
+    }
+    catch {
+        // Directory may already exist
+    }
+    // Extract taskId from job ID (format: photonName:dirHash:ipc:taskId or photonName:ipc:taskId)
+    const match = job.id.match(/:ipc:(.+)$/);
+    const taskId = match ? match[1] : job.id;
+    const filePath = path.join(schedulesDir, `${taskId}.json`);
+    const persisted = {
+        id: job.id,
+        method: job.method,
+        args: job.args || {},
+        cron: job.cron,
+        photonName: job.photonName,
+        workingDir: job.workingDir,
+        source: 'ipc',
+        status: 'active',
+        createdAt: new Date(job.createdAt).toISOString(),
+        createdBy: job.createdBy,
+        executionCount: job.runCount,
+        lastExecutionAt: job.lastRun ? new Date(job.lastRun).toISOString() : null,
+    };
+    try {
+        fs.writeFileSync(filePath, JSON.stringify(persisted, null, 2));
+        logger.debug('Persisted IPC schedule', { jobId: job.id, path: filePath });
+    }
+    catch (err) {
+        logger.warn('Failed to persist IPC schedule', {
+            jobId: job.id,
+            error: getErrorMessage(err),
+        });
+    }
+}
+/** Delete a persisted IPC schedule file */
+function deletePersistedIpcSchedule(jobId, photonName) {
+    const match = jobId.match(/:ipc:(.+)$/);
+    if (!match)
+        return;
+    const taskId = match[1];
+    const schedulesDir = path.join(process.env.PHOTON_SCHEDULES_DIR || path.join(os.homedir(), '.photon', 'schedules'), photonName.replace(/[^a-zA-Z0-9_-]/g, '_'));
+    const filePath = path.join(schedulesDir, `${taskId}.json`);
+    try {
+        if (fs.existsSync(filePath)) {
+            fs.unlinkSync(filePath);
+            logger.debug('Deleted persisted IPC schedule', { jobId, path: filePath });
+        }
+    }
+    catch {
+        // Ignore — file may already be gone
+    }
+}
+/** Load all persisted schedules from disk on daemon startup */
+function loadAllPersistedSchedules() {
+    const baseDir = process.env.PHOTON_SCHEDULES_DIR || path.join(os.homedir(), '.photon', 'schedules');
+    if (!fs.existsSync(baseDir))
+        return;
+    let loadedCount = 0;
+    let skippedCount = 0;
+    const TTL_DAYS = 30;
+    const ttlMs = TTL_DAYS * 24 * 60 * 60 * 1000;
+    try {
+        const photonDirs = fs.readdirSync(baseDir, { withFileTypes: true });
+        for (const dir of photonDirs) {
+            if (!dir.isDirectory())
+                continue;
+            const schedulesPath = path.join(baseDir, dir.name);
+            const files = fs.readdirSync(schedulesPath).filter((f) => f.endsWith('.json'));
+            for (const file of files) {
+                const filePath = path.join(schedulesPath, file);
+                try {
+                    const content = fs.readFileSync(filePath, 'utf-8');
+                    const task = JSON.parse(content);
+                    // Skip non-IPC jobs (ScheduleProvider handles its own)
+                    if (task.source !== 'ipc')
+                        continue;
+                    // Validate required fields
+                    if (!task.id || !task.method || !task.cron || !task.photonName) {
+                        logger.warn('Skipping invalid persisted schedule', { file: filePath });
+                        skippedCount++;
+                        continue;
+                    }
+                    // TTL check: skip jobs not executed in 30+ days
+                    const lastExec = task.lastExecutionAt ? new Date(task.lastExecutionAt).getTime() : 0;
+                    const created = task.createdAt ? new Date(task.createdAt).getTime() : 0;
+                    const lastActivity = Math.max(lastExec, created);
+                    if (lastActivity > 0 && Date.now() - lastActivity > ttlMs) {
+                        logger.info('Removing expired schedule (TTL)', {
+                            jobId: task.id,
+                            lastActivity: new Date(lastActivity).toISOString(),
+                        });
+                        try {
+                            fs.unlinkSync(filePath);
+                        }
+                        catch {
+                            /* ignore */
+                        }
+                        skippedCount++;
+                        continue;
+                    }
+                    // Skip if already registered (ScheduleProvider may have loaded it)
+                    if (scheduledJobs.has(task.id))
+                        continue;
+                    const job = {
+                        id: task.id,
+                        method: task.method,
+                        args: task.args || {},
+                        cron: task.cron,
+                        runCount: task.executionCount || 0,
+                        createdAt: created || Date.now(),
+                        createdBy: task.createdBy,
+                        photonName: task.photonName,
+                        workingDir: task.workingDir,
+                    };
+                    if (scheduleJob(job)) {
+                        loadedCount++;
+                    }
+                    else {
+                        logger.warn('Failed to schedule persisted job (invalid cron?)', { jobId: task.id });
+                        skippedCount++;
+                    }
+                }
+                catch (err) {
+                    logger.warn('Failed to load persisted schedule file', {
+                        file: filePath,
+                        error: getErrorMessage(err),
+                    });
+                    skippedCount++;
+                }
+            }
+        }
+    }
+    catch (err) {
+        logger.warn('Failed to scan schedules directory', {
+            dir: baseDir,
+            error: getErrorMessage(err),
+        });
+    }
+    if (loadedCount > 0 || skippedCount > 0) {
+        logger.info('Loaded persisted schedules', { loaded: loadedCount, skipped: skippedCount });
+    }
+}
 // ════════════════════════════════════════════════════════════════════════════════
 // WEBHOOK HTTP SERVER
 // ════════════════════════════════════════════════════════════════════════════════
@@ -644,6 +851,8 @@ function startWebhookServer(port) {
                 }
                 resolvedMethod = mapped;
             }
+            const webhookKey = compositeKey(photonName);
+            trackExecution(webhookKey);
             try {
                 const session = await sessionManager.getOrCreateSession('webhook', 'webhook');
                 const result = await sessionManager.loader.executeTool(session.instance, resolvedMethod, args);
@@ -665,6 +874,9 @@ function startWebhookServer(port) {
                 res.writeHead(500, { 'Content-Type': 'application/json' });
                 res.end(JSON.stringify({ error: getErrorMessage(error) }));
             }
+            finally {
+                untrackExecution(webhookKey);
+            }
         })();
     });
     webhookServer.listen(port, () => {
@@ -821,8 +1033,14 @@ async function getOrCreateSessionManager(photonName, photonPath, workingDir) {
                     const depManager = sessionManagers.get(depKey);
                     if (!depManager)
                         throw new Error(`Dependency ${depName} not loaded`);
-                    const loaded = await depManager.getOrLoadInstance('');
-                    return depManager.loader.executeTool(loaded, method, args);
+                    trackExecution(depKey);
+                    try {
+                        const loaded = await depManager.getOrLoadInstance('');
+                        return await depManager.loader.executeTool(loaded, method, args);
+                    }
+                    finally {
+                        untrackExecution(depKey);
+                    }
                 };
             }
             logger.info('Spawning worker thread for @worker photon', { photonName, key });
@@ -852,6 +1070,7 @@ async function getOrCreateSessionManager(photonName, photonPath, workingDir) {
             key,
             photonPath: pathToUse,
             workingDir,
+            ownerPid: daemonOwnershipConfirmed ? process.pid : null,
         });
         manager = new SessionManager(pathToUse, photonName, idleTimeout, logger.child({ scope: photonName }), workingDir);
         // Wire @photon dependency resolver: when this photon's loader encounters
@@ -895,8 +1114,15 @@ async function getOrCreateSessionManager(photonName, photonPath, workingDir) {
                                 prop !== 'on' &&
                                 prop !== 'off') {
                                 return async (params) => {
-                                    const latest = depManager.getCurrentInstance(depInstanceKey) ?? loaded;
-                                    return depManager.loader.executeTool(latest, prop, params || {});
+                                    const depExecKey = compositeKey(depName, workingDir);
+                                    trackExecution(depExecKey);
+                                    try {
+                                        const latest = depManager.getCurrentInstance(depInstanceKey) ?? loaded;
+                                        return await depManager.loader.executeTool(latest, prop, params || {});
+                                    }
+                                    finally {
+                                        untrackExecution(depExecKey);
+                                    }
                                 };
                             }
                             // Bind methods to current instance so `this` resolves correctly
@@ -1107,6 +1333,15 @@ async function handleRequest(request, socket) {
     if (request.type === 'ping') {
         return { type: 'pong', id: request.id };
     }
+    // Reject new commands during shutdown (allow ping for health checks)
+    if (isShuttingDown && request.type !== 'shutdown') {
+        return {
+            type: 'error',
+            id: request.id,
+            error: 'Daemon is shutting down',
+            suggestion: 'Retry after the daemon restarts',
+        };
+    }
     if (request.type === 'status') {
         let totalSessions = 0;
         for (const sm of sessionManagers.values()) {
@@ -1403,9 +1638,16 @@ async function handleRequest(request, socket) {
                 suggestion: 'Include photonName in the request payload',
             };
         }
-        const existing = scheduledJobs.get(request.jobId);
+        // Generate IPC job ID with workingDir hash to prevent cross-project collisions
+        const dirHash = request.workingDir
+            ? crypto.createHash('sha256').update(request.workingDir).digest('hex').slice(0, 8)
+            : '';
+        const ipcJobId = dirHash
+            ? `${photonName}:${dirHash}:ipc:${request.jobId}`
+            : `${photonName}:ipc:${request.jobId}`;
+        const existing = scheduledJobs.get(ipcJobId);
         const job = {
-            id: request.jobId,
+            id: ipcJobId,
             method: request.method,
             args: request.args,
             cron: request.cron,
@@ -1416,6 +1658,9 @@ async function handleRequest(request, socket) {
             workingDir: request.workingDir,
         };
         const scheduled = scheduleJob(job);
+        if (scheduled) {
+            persistIpcSchedule(job);
+        }
         return {
             type: 'result',
             id: request.id,
@@ -1428,8 +1673,28 @@ async function handleRequest(request, socket) {
     // Handle job unscheduling
     if (request.type === 'unschedule') {
         const jobId = request.jobId;
-        const unscheduled = unscheduleJob(jobId);
-        return { type: 'result', id: request.id, success: true, data: { unscheduled, jobId } };
+        // Try exact match first, then look for IPC-prefixed version
+        let actualJobId = jobId;
+        if (!scheduledJobs.has(jobId)) {
+            // Search for IPC-prefixed job
+            for (const key of scheduledJobs.keys()) {
+                if (key.endsWith(`:ipc:${jobId}`)) {
+                    actualJobId = key;
+                    break;
+                }
+            }
+        }
+        const job = scheduledJobs.get(actualJobId);
+        const unscheduled = unscheduleJob(actualJobId);
+        if (unscheduled && job) {
+            deletePersistedIpcSchedule(actualJobId, job.photonName);
+        }
+        return {
+            type: 'result',
+            id: request.id,
+            success: true,
+            data: { unscheduled, jobId: actualJobId },
+        };
     }
     // Handle list jobs
     if (request.type === 'list_jobs') {
@@ -1705,7 +1970,14 @@ async function handleRequest(request, socket) {
                 // Snapshot state before execution for JSON Patch diffing
                 const preSnapshot = await snapshotState(targetInst, photonName);
                 const startTime = Date.now();
-                const result = await sessionManager.loader.executeTool(targetInst, request.method, request.args || {}, { outputHandler });
+                trackExecution(cmdKey);
+                let result;
+                try {
+                    result = await sessionManager.loader.executeTool(targetInst, request.method, request.args || {}, { outputHandler });
+                }
+                finally {
+                    untrackExecution(cmdKey);
+                }
                 const durationMs = Date.now() - startTime;
                 setPromptHandler(null);
                 logger.info('Request completed', {
@@ -1791,7 +2063,14 @@ async function handleRequest(request, socket) {
             // Snapshot state before execution for JSON Patch diffing
             const preSnapshot = await snapshotState(session.instance, photonName);
             const startTime = Date.now();
-            const result = await sessionManager.loader.executeTool(session.instance, request.method, request.args || {}, { outputHandler });
+            trackExecution(cmdKey);
+            let result;
+            try {
+                result = await sessionManager.loader.executeTool(session.instance, request.method, request.args || {}, { outputHandler });
+            }
+            finally {
+                untrackExecution(cmdKey);
+            }
             const durationMs = Date.now() - startTime;
             setPromptHandler(null);
             logger.info('Request completed', {
@@ -2583,8 +2862,29 @@ function watchStateDir(workingDir) {
 // HOT RELOAD
 // ════════════════════════════════════════════════════════════════════════════════
 async function reloadPhoton(photonName, newPhotonPath, workingDir) {
+    const key = compositeKey(photonName, workingDir);
+    // Reload mutex: prevent concurrent reloads for the same photon
+    // (format-on-save can trigger two rapid file change events)
+    const existing = reloadMutex.get(key);
+    if (existing) {
+        logger.debug('Reload already in progress, waiting...', { photonName, key });
+        await existing;
+    }
+    let mutexResolve;
+    const mutexPromise = new Promise((resolve) => {
+        mutexResolve = resolve;
+    });
+    reloadMutex.set(key, mutexPromise);
+    try {
+        return await doReloadPhoton(photonName, newPhotonPath, workingDir, key);
+    }
+    finally {
+        reloadMutex.delete(key);
+        mutexResolve();
+    }
+}
+async function doReloadPhoton(photonName, newPhotonPath, workingDir, key) {
     try {
-        const key = compositeKey(photonName, workingDir);
         logger.info('Hot-reloading photon', { photonName, key, path: newPhotonPath });
         // If running in a worker, delegate reload to the worker
         if (workerManager.has(key)) {
@@ -2596,6 +2896,7 @@ async function reloadPhoton(photonName, newPhotonPath, workingDir) {
                     worker: true,
                 });
                 logger.info('Worker photon reloaded', { photonName });
+                workerManager.resetCrashHistory(key);
             }
             else {
                 publishToChannel(`system:${photonName}`, {
@@ -2638,6 +2939,30 @@ async function reloadPhoton(photonName, newPhotonPath, workingDir) {
             });
             return { success: false, error: errorMessage };
         }
+        // Drain: wait for in-flight executions to complete before swapping instances
+        const DRAIN_TIMEOUT_MS = 2000;
+        const tracker = activeExecutions.get(key);
+        if (tracker && tracker.count > 0) {
+            logger.info('Draining in-flight executions before reload', {
+                photonName,
+                activeCount: tracker.count,
+            });
+            await Promise.race([
+                new Promise((resolve) => {
+                    tracker.drainResolve = resolve;
+                }),
+                new Promise((resolve) => setTimeout(() => {
+                    logger.warn('Drain timeout, proceeding with reload', {
+                        photonName,
+                        activeCount: tracker.count,
+                        timeoutMs: DRAIN_TIMEOUT_MS,
+                    });
+                    resolve();
+                }, DRAIN_TIMEOUT_MS)),
+            ]);
+            // Clean up drain resolve if it was set but not called
+            tracker.drainResolve = undefined;
+        }
         const sessions = sessionManager.getSessions();
         let updatedCount = 0;
         for (const session of sessions) {
@@ -2891,7 +3216,11 @@ function startupWatchPhotons() {
                     const manager = await getOrCreateSessionManager(p.name, p.path);
                     if (manager) {
                         await manager.getOrLoadInstance('');
-                        logger.info('Eager-loaded lifecycle photon', { name: p.name });
+                        logger.info('Eager-loaded lifecycle photon', {
+                            name: p.name,
+                            photonPath: p.path,
+                            ownerPid: process.pid,
+                        });
                     }
                 }
                 catch (err) {
@@ -2903,6 +3232,13 @@ function startupWatchPhotons() {
             }
         };
         setTimeout(() => {
+            if (!daemonOwnershipConfirmed) {
+                logger.warn('Skipping eager lifecycle load before exclusive ownership confirmation', {
+                    socketPath,
+                    currentPid: process.pid,
+                });
+                return;
+            }
             eagerLoad().catch(() => { });
         }, 1000);
     }
@@ -2944,6 +3280,7 @@ function startupWatchPhotons() {
 function startServer() {
     const server = net.createServer((socket) => {
         logger.info('Client connected');
+        connectedSockets.add(socket);
         let buffer = '';
         socket.on('data', (chunk) => {
             void (async () => {
@@ -2975,18 +3312,26 @@ function startServer() {
         });
         socket.on('end', () => {
             logger.info('Client disconnected');
+            connectedSockets.delete(socket);
             cleanupSocketSubscriptions(socket);
         });
         socket.on('error', (error) => {
             logger.warn('Socket error', { error: getErrorMessage(error) });
+            connectedSockets.delete(socket);
             cleanupSocketSubscriptions(socket);
         });
         socket.on('close', () => {
+            connectedSockets.delete(socket);
             cleanupSocketSubscriptions(socket);
         });
     });
+    daemonServer = server;
     server.listen(socketPath, () => {
-        logger.info('Global Photon daemon listening', { socketPath, pid: process.pid });
+        logger.info('Global Photon daemon listening', {
+            socketPath,
+            pid: process.pid,
+            ownerPid: process.pid,
+        });
     });
     server.on('error', (error) => {
         logger.error('Server error', { error: getErrorMessage(error) });
@@ -3008,88 +3353,209 @@ function startServer() {
         });
     });
 }
-function shutdown() {
-    logger.info('Shutting down global daemon');
-    if (idleTimer) {
-        clearTimeout(idleTimer);
+async function claimExclusiveOwnership() {
+    const owner = readOwnerRecord(ownerFile);
+    if (owner && owner.socketPath === socketPath && owner.pid !== process.pid) {
+        if (isPidAlive(owner.pid)) {
+            logger.warn('Sibling daemon detected for socket', {
+                socketPath,
+                currentPid: process.pid,
+                ownerPid: owner.pid,
+                action: 'terminate-stale-owner',
+            });
+            try {
+                process.kill(owner.pid, 'SIGTERM');
+            }
+            catch {
+                // Ignore races with process exit
+            }
+            const exited = await waitForPidExit(owner.pid, 5000);
+            if (!exited) {
+                logger.error('Failed to gain exclusive daemon ownership', {
+                    socketPath,
+                    currentPid: process.pid,
+                    ownerPid: owner.pid,
+                    action: 'startup-rejected',
+                });
+                throw new Error(`Could not terminate sibling daemon ${owner.pid}`);
+            }
+        }
+        else {
+            logger.warn('Removing stale daemon owner record', {
+                socketPath,
+                currentPid: process.pid,
+                ownerPid: owner.pid,
+            });
+        }
+        removeOwnerRecord(ownerFile);
     }
-    clearInterval(lockCleanupInterval);
-    clearInterval(staleMapCleanupInterval);
-    for (const timer of jobTimers.values()) {
-        clearTimeout(timer);
+    if (process.platform !== 'win32' && fs.existsSync(socketPath)) {
+        const responsive = await isSocketResponsive(socketPath);
+        if (!responsive) {
+            logger.warn('Removing stale daemon socket before listen', {
+                socketPath,
+                currentPid: process.pid,
+            });
+            try {
+                fs.unlinkSync(socketPath);
+            }
+            catch {
+                // Ignore races with other cleanup
+            }
+        }
     }
-    jobTimers.clear();
-    scheduledJobs.clear();
-    activeLocks.clear();
-    channelEventBuffers.clear();
-    eventLogSeq.clear();
-    stateKeysCache.clear();
-    // Resolve any pending prompts so promises don't hang
-    for (const [_id, pending] of pendingPrompts.entries()) {
-        pending.resolve(null);
-    }
-    pendingPrompts.clear();
-    socketPromptIds.clear();
-    // Close file watchers and debounce timers
-    for (const photonPath of fileWatchers.keys()) {
-        unwatchPhotonFile(photonPath);
-    }
-    // Clean up poll-based watchers (bun fallback)
-    for (const timer of pollTimers) {
-        clearInterval(timer);
-    }
-    pollTimers.clear();
-    // Terminate all worker threads
-    void workerManager.terminateAll().catch((err) => {
-        logger.warn('Error terminating workers during shutdown', { error: getErrorMessage(err) });
+    writeOwnerRecord(ownerFile, {
+        pid: process.pid,
+        socketPath,
+        claimedAt: Date.now(),
     });
-    for (const manager of sessionManagers.values()) {
-        manager.destroy();
-    }
-    sessionManagers.clear();
-    if (webhookServer) {
-        webhookServer.close();
-    }
-    // Only delete the socket if we still own it.
-    // After `daemon stop` + `daemon start`, a new daemon may have already created
-    // a new socket at this path. Deleting it would orphan the new daemon's listener.
-    if (fs.existsSync(socketPath) && process.platform !== 'win32') {
-        let weOwnSocket = true;
+    fs.writeFileSync(pidFile, process.pid.toString());
+    daemonOwnershipConfirmed = true;
+    logger.info('Daemon ownership claimed', {
+        socketPath,
+        currentPid: process.pid,
+        ownerPid: process.pid,
+        pidFile,
+        ownerFile,
+    });
+}
+function shutdown() {
+    // Guard against multiple shutdown calls (e.g. SIGTERM + SIGINT in quick succession)
+    if (isShuttingDown)
+        return;
+    isShuttingDown = true;
+    logger.info('Shutting down global daemon');
+    // Step 1: Close the listener — stop accepting new connections
+    if (daemonServer) {
+        daemonServer.close();
+    }
+    // Step 2: Broadcast shutdown signal to all connected sockets
+    const shutdownMessage = JSON.stringify({
+        type: 'shutdown',
+        id: 'daemon-shutdown',
+        reason: 'daemon-shutting-down',
+    }) + '\n';
+    for (const socket of connectedSockets) {
         try {
-            const pidFile = getDefaultContext().pidFile;
-            const pidContent = fs.readFileSync(pidFile, 'utf-8').trim();
-            const filePid = parseInt(pidContent, 10);
-            if (!isNaN(filePid) && filePid !== process.pid) {
-                // PID file points to a different process — new daemon already started
-                weOwnSocket = false;
-                logger.info('Socket belongs to new daemon, skipping cleanup', {
-                    ourPid: process.pid,
-                    newPid: filePid,
-                });
-            }
+            socket.write(shutdownMessage);
         }
         catch {
-            // PID file missing (deleted by stop) — another process may own the socket now.
-            // If the socket still exists, it likely belongs to a new daemon. Don't delete.
-            weOwnSocket = false;
+            // Socket may already be closed
+        }
+    }
+    // Step 3: Async cleanup with grace period for shutdown message flush
+    void (async () => {
+        // Give sockets 500ms to receive the shutdown message
+        await new Promise((resolve) => setTimeout(resolve, 500));
+        if (idleTimer) {
+            clearTimeout(idleTimer);
+        }
+        clearInterval(lockCleanupInterval);
+        clearInterval(staleMapCleanupInterval);
+        for (const timer of jobTimers.values()) {
+            clearTimeout(timer);
+        }
+        jobTimers.clear();
+        scheduledJobs.clear();
+        activeLocks.clear();
+        channelEventBuffers.clear();
+        eventLogSeq.clear();
+        stateKeysCache.clear();
+        // Resolve any pending prompts so promises don't hang
+        for (const [_id, pending] of pendingPrompts.entries()) {
+            pending.resolve(null);
+        }
+        pendingPrompts.clear();
+        socketPromptIds.clear();
+        // Close file watchers and debounce timers
+        for (const photonPath of fileWatchers.keys()) {
+            unwatchPhotonFile(photonPath);
+        }
+        // Clean up poll-based watchers (bun fallback)
+        for (const timer of pollTimers) {
+            clearInterval(timer);
+        }
+        pollTimers.clear();
+        // Terminate all worker threads FIRST (before session destroy,
+        // so @photon deps in workers still respond during onShutdown)
+        try {
+            await workerManager.terminateAll();
+        }
+        catch (err) {
+            logger.warn('Error terminating workers during shutdown', { error: getErrorMessage(err) });
+        }
+        // Gracefully destroy all session managers (calls onShutdown on instances)
+        await Promise.allSettled(Array.from(sessionManagers.values()).map((m) => m.destroyGraceful()));
+        sessionManagers.clear();
+        if (webhookServer) {
+            webhookServer.close();
         }
-        if (weOwnSocket) {
+        if (daemonOwnershipConfirmed) {
+            const owner = readOwnerRecord(ownerFile);
+            if (owner?.pid === process.pid && owner.socketPath === socketPath) {
+                removeOwnerRecord(ownerFile, process.pid);
+            }
             try {
-                fs.unlinkSync(socketPath);
+                const pidContent = fs.readFileSync(pidFile, 'utf-8').trim();
+                if (parseInt(pidContent, 10) === process.pid) {
+                    fs.unlinkSync(pidFile);
+                }
             }
             catch {
-                // Ignore cleanup errors
+                // Ignore missing pid file
             }
         }
-    }
-    process.exit(0);
+        // Only delete the socket if we still own it.
+        // After `daemon stop` + `daemon start`, a new daemon may have already created
+        // a new socket at this path. Deleting it would orphan the new daemon's listener.
+        if (fs.existsSync(socketPath) && process.platform !== 'win32') {
+            let weOwnSocket = true;
+            try {
+                const pidContent = fs.readFileSync(pidFile, 'utf-8').trim();
+                const filePid = parseInt(pidContent, 10);
+                if (!isNaN(filePid) && filePid !== process.pid) {
+                    // PID file points to a different process — new daemon already started
+                    weOwnSocket = false;
+                    logger.info('Socket belongs to new daemon, skipping cleanup', {
+                        ourPid: process.pid,
+                        newPid: filePid,
+                    });
+                }
+            }
+            catch {
+                // PID file missing (deleted by stop) — another process may own the socket now.
+                // If the socket still exists, it likely belongs to a new daemon. Don't delete.
+                weOwnSocket = false;
+            }
+            if (weOwnSocket) {
+                try {
+                    fs.unlinkSync(socketPath);
+                }
+                catch {
+                    // Ignore cleanup errors
+                }
+            }
+        }
+        process.exit(0);
+    })();
 }
 // Main execution
-(() => {
+void (async () => {
+    await claimExclusiveOwnership();
     startupWatchPhotons();
     startServer();
+    loadAllPersistedSchedules();
     startWebhookServer(WEBHOOK_PORT);
     startIdleTimer();
     startHealthMonitor();
-})();
+    // Notify photons that any locks from a prior daemon session are gone
+    publishToChannel('system:*', {
+        event: 'locks-reset',
+        reason: 'daemon-startup',
+        timestamp: Date.now(),
+    });
+})().catch((err) => {
+    logger.error('Daemon startup failed', { error: getErrorMessage(err) });
+    process.exit(1);
+});
 //# sourceMappingURL=server.js.map