clawmatrix 0.4.2 → 0.5.0

package/src/router.ts

@@ -1,10 +1,13 @@
 import type { ClusterFrame, AnyClusterFrame, PeerInfo, AgentInfo, ModelInfo, DeviceInfo, ToolProxyInfo, AcpAgentInfo } from "./types.ts";
 import type { Connection } from "./connection.ts";
+import { LRUCache } from "lru-cache";
+import { debug } from "./debug.ts";
 
 const DEFAULT_TTL = 3;
 const MAX_SEEN_FRAMES = 10_000;
 const MAX_FAILED_REQUESTS = 5_000;
-const ROTATE_INTERVAL = 60_000; // rotate dedup maps every 60s
+const SEEN_FRAME_TTL = 120_000;      // 2 minutes (was ~60-120s with double-map rotation)
+const FAILED_REQUEST_TTL = 900_000;   // 15 minutes
 
 export interface RouteEntry {
   nodeId: string;
@@ -33,12 +36,17 @@ export class Router {
   private connections = new Map<string, Connection>(); // nodeId → active (best) direct connection
   /** All live channels per nodeId (multi-channel support). */
   private channels = new Map<string, Set<Connection>>();
-  /** Double-map dedup: current window + previous window. Rotated periodically. */
-  private seenCurrent = new Map<string, true>();
-  private seenPrevious = new Map<string, true>();
-  private rotateTimer: ReturnType<typeof setInterval> | null = null;
-  /** Failed request IDs with expiry timestamps. Separate from dedup to support longer TTLs. */
-  private failedRequests = new Map<string, number>(); // requestId → expiresAt
+
+  // ── Delta sync versioning ─────────────────────────────────────
+  private syncVersion = 0;
+  /** Version at which each nodeId was last added/updated. */
+  private peerVersions = new Map<string, number>();
+  /** Removed nodeIds with their removal version. Pruned when gap > 200. */
+  private removedPeers = new Map<string, number>();
+  /** LRU-based frame deduplication with TTL. */
+  private seenFrames = new LRUCache<string, true>({ max: MAX_SEEN_FRAMES, ttl: SEEN_FRAME_TTL });
+  /** Failed request IDs with TTL. Separate from dedup to support longer TTLs. */
+  private failedRequests = new LRUCache<string, true>({ max: MAX_FAILED_REQUESTS, ttl: FAILED_REQUEST_TTL });
 
   // ── Indexes for O(1) lookups in hot paths ──────────────────────
   /** agentId → Set of nodeIds that host this agent. */
@@ -59,18 +67,6 @@ export class Router {
     this.localDeviceInfo = localCapabilities?.deviceInfo;
     this.localToolProxy = localCapabilities?.toolProxy;
     this.localAcpAgents = localCapabilities?.acpAgents;
-
-    this.rotateTimer = setInterval(() => this.rotateSeenFrames(), ROTATE_INTERVAL);
-  }
-
-  /** Rebuild all indexes from scratch. Called after any route table mutation. */
-  private rebuildIndexes() {
-    this.agentIndex.clear();
-    this.tagIndex.clear();
-    this.modelIndex.clear();
-    for (const entry of this.routes.values()) {
-      this.indexEntry(entry);
-    }
   }
 
   /** Add a single entry to all indexes. */
@@ -98,15 +94,25 @@ export class Router {
     }
   }
 
-  /** Remove a single entry from all indexes. */
+  /** Remove a single entry from all indexes. Cleans up empty Sets to prevent memory leaks. */
   private unindexEntry(entry: RouteEntry) {
     const nid = entry.nodeId;
     for (const a of entry.agents ?? []) {
-      this.agentIndex.get(a.id)?.delete(nid);
-      for (const t of a.tags ?? []) this.tagIndex.get(t)?.delete(nid);
+      const aSet = this.agentIndex.get(a.id);
+      if (aSet) { aSet.delete(nid); if (aSet.size === 0) this.agentIndex.delete(a.id); }
+      for (const t of a.tags ?? []) {
+        const tSet = this.tagIndex.get(t);
+        if (tSet) { tSet.delete(nid); if (tSet.size === 0) this.tagIndex.delete(t); }
+      }
+    }
+    for (const t of entry.tags ?? []) {
+      const tSet = this.tagIndex.get(t);
+      if (tSet) { tSet.delete(nid); if (tSet.size === 0) this.tagIndex.delete(t); }
+    }
+    for (const m of entry.models ?? []) {
+      const mSet = this.modelIndex.get(m.id);
+      if (mSet) { mSet.delete(nid); if (mSet.size === 0) this.modelIndex.delete(m.id); }
     }
-    for (const t of entry.tags ?? []) this.tagIndex.get(t)?.delete(nid);
-    for (const m of entry.models ?? []) this.modelIndex.get(m.id)?.delete(nid);
   }
 
   /** Update locally advertised ACP agents (used after auto-detection). */
@@ -123,12 +129,7 @@ export class Router {
 
   /** Stop periodic cleanup. Call on shutdown. */
   destroy() {
-    if (this.rotateTimer) {
-      clearInterval(this.rotateTimer);
-      this.rotateTimer = null;
-    }
-    this.seenCurrent.clear();
-    this.seenPrevious.clear();
+    this.seenFrames.clear();
     this.failedRequests.clear();
     this.channels.clear();
   }
@@ -162,6 +163,9 @@ export class Router {
     };
     this.routes.set(nodeId, entry);
     this.indexEntry(entry);
+    this.syncVersion++;
+    this.peerVersions.set(nodeId, this.syncVersion);
+    this.removedPeers.delete(nodeId);
   }
 
   /** Add an additional channel to an existing peer (multi-channel). */
@@ -263,6 +267,9 @@ export class Router {
     };
     this.routes.set(peer.nodeId, entry);
     this.indexEntry(entry);
+    this.syncVersion++;
+    this.peerVersions.set(peer.nodeId, this.syncVersion);
+    this.removedPeers.delete(peer.nodeId);
   }
 
   removePeer(nodeId: string) {
@@ -272,12 +279,17 @@ export class Router {
     if (removed) {
       this.unindexEntry(removed);
       this.routes.delete(nodeId);
+      this.syncVersion++;
+      this.removedPeers.set(nodeId, this.syncVersion);
+      this.peerVersions.delete(nodeId);
     }
     // Also remove routes that relied on this node as relay
     for (const [id, entry] of this.routes) {
       if (entry.reachableVia === nodeId) {
         this.unindexEntry(entry);
         this.routes.delete(id);
+        this.removedPeers.set(id, this.syncVersion);
+        this.peerVersions.delete(id);
       }
     }
   }
@@ -302,6 +314,8 @@ export class Router {
       entry.acpAgents = capabilities.acpAgents;
       entry.lastSeen = Date.now();
       this.indexEntry(entry);
+      this.syncVersion++;
+      this.peerVersions.set(nodeId, this.syncVersion);
     }
   }
 
@@ -317,8 +331,9 @@ export class Router {
     return this.routes.get(nodeId);
   }
 
-  /** Resolve target agent to a specific nodeId. Supports agent ID or "tags:<tag>". */
-  resolveAgent(target: string): RouteEntry | undefined {
+  /** Resolve target agent to a specific nodeId. Supports agent ID or "tags:<tag>".
+   *  Optionally excludes nodes in the `exclude` set (e.g. previously failed nodes). */
+  resolveAgent(target: string, exclude?: Set<string>): RouteEntry | undefined {
     const isTagQuery = target.startsWith("tags:");
 
     let nodeIds: Set<string> | undefined;
@@ -332,6 +347,7 @@ export class Router {
     if (nodeIds) {
       for (const nid of nodeIds) {
         if (nid === this.nodeId) continue;
+        if (exclude?.has(nid)) continue;
         const entry = this.routes.get(nid);
         if (entry) candidates.push(entry);
       }
@@ -339,8 +355,10 @@ export class Router {
 
     // Fallback: if no agent ID or tag matched, try matching by nodeId
     if (candidates.length === 0 && !isTagQuery) {
-      const byNode = this.routes.get(target);
-      if (byNode && byNode.nodeId !== this.nodeId) candidates.push(byNode);
+      if (!exclude?.has(target)) {
+        const byNode = this.routes.get(target);
+        if (byNode && byNode.nodeId !== this.nodeId) candidates.push(byNode);
+      }
     }
 
     if (candidates.length === 0) return undefined;
@@ -452,6 +470,7 @@ export class Router {
       }
     }
 
+    debug("router", `sendTo(${targetNodeId}): all paths failed (conn open=${route.connection?.isOpen}, relay=${route.reachableVia})`);
     return false;
   }
 
@@ -477,70 +496,26 @@ export class Router {
     return relayed;
   }
 
-  // ── Deduplication (double-map rotation) ────────────────────────
+  // ── Deduplication (LRU with TTL) ──────────────────────────────
   /**
    * Returns true if the frame has been seen before (duplicate).
-   * Uses a double-map strategy: entries live in `seenCurrent` and are
-   * promoted from `seenPrevious` on access. Every ROTATE_INTERVAL the
-   * previous map is discarded and current becomes previous — O(1) cleanup.
+   * Uses LRU cache with TTL — automatic eviction by age and size.
    */
   isDuplicate(frameId: string): boolean {
     if (!frameId) return false;
-    if (this.seenCurrent.has(frameId)) return true;
-    if (this.seenPrevious.has(frameId)) {
-      // Promote to current so it survives the next rotation
-      this.seenCurrent.set(frameId, true);
-      return true;
-    }
-
-    this.seenCurrent.set(frameId, true);
-    // Safety valve: if current map grows too large, force a rotation
-    if (this.seenCurrent.size > MAX_SEEN_FRAMES) {
-      this.rotateSeenFrames();
-    }
+    if (this.seenFrames.has(frameId)) return true;
+    this.seenFrames.set(frameId, true);
     return false;
   }
 
   /** Mark a request ID as failed so late responses are ignored.
    *  TTL defaults to 15 minutes — long enough for handoff timeouts. */
   markFailed(requestId: string, ttlMs = 900_000) {
-    this.failedRequests.set(requestId, Date.now() + ttlMs);
-    // Evict entries when map grows too large: first expired, then FIFO
-    if (this.failedRequests.size > MAX_FAILED_REQUESTS) {
-      const now = Date.now();
-      // Pass 1: remove expired entries
-      for (const [id, expiresAt] of this.failedRequests) {
-        if (now > expiresAt) this.failedRequests.delete(id);
-      }
-      // Pass 2: if still over limit, remove oldest (insertion-order) entries
-      if (this.failedRequests.size > MAX_FAILED_REQUESTS) {
-        for (const [id] of this.failedRequests) {
-          if (this.failedRequests.size <= MAX_FAILED_REQUESTS) break;
-          this.failedRequests.delete(id);
-        }
-      }
-    }
+    this.failedRequests.set(requestId, true, { ttl: ttlMs });
   }
 
   isFailed(requestId: string): boolean {
-    const expiresAt = this.failedRequests.get(requestId);
-    if (expiresAt === undefined) return false;
-    if (Date.now() > expiresAt) {
-      this.failedRequests.delete(requestId);
-      return false;
-    }
-    return true;
-  }
-
-  private rotateSeenFrames() {
-    this.seenPrevious = this.seenCurrent;
-    this.seenCurrent = new Map();
-
-    // Prune expired failed requests
-    const now = Date.now();
-    for (const [id, expiresAt] of this.failedRequests) {
-      if (now > expiresAt) this.failedRequests.delete(id);
-    }
+    return this.failedRequests.has(requestId);
   }
 
   // ── Accessors ──────────────────────────────────────────────────
@@ -562,38 +537,111 @@ export class Router {
     return [...this.connections.values()];
   }
 
-  /** Build PeerInfo list for peer_sync. */
-  buildPeerSyncPayload(): PeerInfo[] {
-    const peers: PeerInfo[] = [];
-    // Include ourselves with our direct peer list
-    const myDirectPeers = [...this.connections.keys()];
-    peers.push({
+  /** Current sync version for delta protocol. */
+  get currentSyncVersion(): number {
+    return this.syncVersion;
+  }
+
+  /** Convert a RouteEntry to PeerInfo for wire transmission. */
+  private entryToPeerInfo(entry: RouteEntry): PeerInfo {
+    return {
+      nodeId: entry.nodeId,
+      agents: entry.agents,
+      models: entry.models,
+      tags: entry.tags,
+      reachableVia: entry.reachableVia ?? undefined,
+      directPeers: entry.directPeers.length > 0 ? entry.directPeers : undefined,
+      deviceInfo: entry.deviceInfo,
+      toolProxy: entry.toolProxy,
+      acpAgents: entry.acpAgents,
+      latencyMs: entry.latencyMs > 0 ? entry.latencyMs : undefined,
+    };
+  }
+
+  /** Build local node PeerInfo. */
+  private localPeerInfo(): PeerInfo {
+    return {
       nodeId: this.nodeId,
       agents: this.localAgents,
       models: this.localModels,
       tags: this.localTags,
-      directPeers: myDirectPeers,
+      directPeers: [...this.connections.keys()],
       deviceInfo: this.localDeviceInfo,
       toolProxy: this.localToolProxy,
       acpAgents: this.localAcpAgents,
-    });
+    };
+  }
+
+  /** Build PeerInfo list for peer_sync. */
+  buildPeerSyncPayload(): PeerInfo[] {
+    const peers: PeerInfo[] = [this.localPeerInfo()];
     for (const entry of this.routes.values()) {
       // Same-nodeId 本地客户端（Mac/iOS）不出现在 peer_sync 中，
       // 客户端通过 auth_ok 获取网关 capabilities，无需在此重复。
       if (entry.nodeId === this.nodeId) continue;
-      peers.push({
-        nodeId: entry.nodeId,
-        agents: entry.agents,
-        models: entry.models,
-        tags: entry.tags,
-        reachableVia: entry.reachableVia ?? undefined,
-        directPeers: entry.directPeers.length > 0 ? entry.directPeers : undefined,
-        deviceInfo: entry.deviceInfo,
-        toolProxy: entry.toolProxy,
-        acpAgents: entry.acpAgents,
-        latencyMs: entry.latencyMs > 0 ? entry.latencyMs : undefined,
-      });
+      peers.push(this.entryToPeerInfo(entry));
     }
     return peers;
   }
+
+  /** Build delta peer_sync payload since a given version.
+   *  Returns { version, peers (full) } if delta is too large or sinceVersion=0.
+   *  Returns { version, added, removed, updated, peers (compat) } for incremental. */
+  buildPeerSyncDelta(sinceVersion: number): {
+    version: number;
+    peers: PeerInfo[];
+    added?: PeerInfo[];
+    removed?: string[];
+    updated?: PeerInfo[];
+  } {
+    const version = this.syncVersion;
+
+    // Full sync if: first sync, version gap too large, or no history
+    if (sinceVersion === 0 || version - sinceVersion > 100) {
+      return { version, peers: this.buildPeerSyncPayload() };
+    }
+
+    const added: PeerInfo[] = [];
+    const updated: PeerInfo[] = [];
+    const removed: string[] = [];
+
+    // Collect changes since sinceVersion
+    for (const [nodeId, ver] of this.peerVersions) {
+      if (ver > sinceVersion) {
+        const entry = this.routes.get(nodeId);
+        if (entry && entry.nodeId !== this.nodeId) {
+          // Distinguish add vs update: if version was set before sinceVersion, it's an update
+          // But we don't track the original add version separately, so treat all as "updated"
+          updated.push(this.entryToPeerInfo(entry));
+        }
+      }
+    }
+
+    // Always include self in updated (directPeers may have changed)
+    updated.push(this.localPeerInfo());
+
+    for (const [nodeId, ver] of this.removedPeers) {
+      if (ver > sinceVersion) {
+        removed.push(nodeId);
+      }
+    }
+
+    // Prune stale removedPeers entries
+    if (this.removedPeers.size > 200) {
+      const threshold = this.syncVersion - 100;
+      for (const [nodeId, ver] of this.removedPeers) {
+        if (ver < threshold) this.removedPeers.delete(nodeId);
+      }
+    }
+
+    // If delta is > 50% of full sync, just send full
+    const fullSize = this.routes.size + 1;
+    if (updated.length + removed.length > fullSize * 0.5) {
+      return { version, peers: this.buildPeerSyncPayload() };
+    }
+
+    // For backward compatibility: peers field contains updated entries
+    // so old nodes that only read `peers` still get capability changes
+    return { version, peers: updated, added, removed, updated };
+  }
 }

package/src/sentinel.ts

@@ -15,6 +15,7 @@
 
 import { spawn } from "node:child_process";
 import { readFileSync, writeFileSync, unlinkSync, existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
 import { createServer, type Server } from "node:http";
 import { WebSocketServer, WebSocket as WsWebSocket } from "ws";
 import path from "node:path";
@@ -253,11 +254,11 @@ function handleFrame(frame: AnyClusterFrame, conn: Connection) {
 }
 
 function handleDiagnosticExec(frame: DiagnosticExec, conn: Connection) {
-  // Rate limiting
+  // Rate limiting — index-based pruning avoids O(n) shift() reallocation
   const now = Date.now();
-  while (execTimestamps.length > 0 && now - execTimestamps[0]! > EXEC_RATE_WINDOW) {
-    execTimestamps.shift();
-  }
+  let firstValid = 0;
+  while (firstValid < execTimestamps.length && now - execTimestamps[firstValid]! > EXEC_RATE_WINDOW) firstValid++;
+  if (firstValid > 0) execTimestamps.splice(0, firstValid);
   if (execTimestamps.length >= EXEC_RATE_LIMIT) {
     conn.send({
       type: "diagnostic_exec_res",
@@ -339,10 +340,10 @@ function handleDiagnosticStatus(frame: DiagnosticStatus, conn: Connection) {
 
 // ── Port takeover: listen when gateway dies, release when it returns ──
 
-function startListening() {
+async function startListening() {
   if (listening || !config.listenPort) return;
   // If we've been replaced by a new sentinel, exit instead of competing for the port
-  if (isReplaced()) {
+  if (await isReplaced()) {
     log("PID file replaced — another sentinel is active, exiting");
     cleanup();
     return;
@@ -372,7 +373,7 @@ function startListening() {
 
   wss.on("connection", (ws) => {
     const transport: WsTransport = {
-      send(data: string) { ws.send(data); },
+      send(data: string | Buffer) { ws.send(data); },
       close(code?: number, reason?: string) { ws.close(code, reason); },
       get readyState() { return ws.readyState; },
     };
@@ -421,7 +422,7 @@ function startListening() {
     conn.on("error", () => { /* close will follow */ });
 
     ws.on("message", (data) => {
-      conn.feedMessage(typeof data === "string" ? data : String(data));
+      conn.feedMessage(Buffer.isBuffer(data) ? data : typeof data === "string" ? data : String(data));
     });
 
     ws.on("close", (code, reason) => {
@@ -439,15 +440,17 @@ function startListening() {
     listening = false;
 
     // If we've been replaced by a new sentinel, exit gracefully
-    if (isReplaced()) {
-      log("PID file replaced — exiting");
-      cleanup();
-      return;
-    }
-    // Port may still be held briefly by the dying gateway — retry after a delay
-    setTimeout(() => {
-      if (!gatewayAlive && config.listenPort) startListening();
-    }, 3_000);
+    isReplaced().then((replaced) => {
+      if (replaced) {
+        log("PID file replaced — exiting");
+        cleanup();
+        return;
+      }
+      // Port may still be held briefly by the dying gateway — retry after a delay
+      setTimeout(() => {
+        if (!gatewayAlive && config.listenPort) startListening();
+      }, 3_000);
+    });
   });
 
   httpServer.listen(port, host, () => {
@@ -458,21 +461,31 @@ function startListening() {
 
 function stopListening() {
   if (!listening) return;
-  // Gracefully close all inbound connections
-  for (const [ws, conn] of inboundConnections) {
-    conn.close(1001, "gateway recovered");
-    ws.close(1001, "gateway recovered");
+  // Notify peers before closing so they reconnect immediately
+  for (const [, conn] of inboundConnections) {
+    try {
+      conn.send({
+        type: "peer_sync", from: sentinelNodeId(), timestamp: Date.now(),
+        payload: { peers: [] },
+      } as AnyClusterFrame);
+    } catch { /* best effort */ }
   }
-  inboundConnections.clear();
-  wss?.close();
-  wss = null;
-  httpServer?.close();
-  httpServer = null;
-  listening = false;
-  // Mark voluntary release — sentinel will not re-listen during cooldown
-  // to give the gateway time to bind the port.
-  voluntaryReleaseAt = Date.now();
-  log("Port released — gateway is back");
+  // Delay 200ms to let notification frames flush
+  setTimeout(() => {
+    for (const [ws, conn] of inboundConnections) {
+      conn.close(1001, "gateway recovered");
+    }
+    inboundConnections.clear();
+    wss?.close();
+    wss = null;
+    httpServer?.close();
+    httpServer = null;
+    listening = false;
+    // Mark voluntary release — sentinel will not re-listen during cooldown
+    // to give the gateway time to bind the port.
+    voluntaryReleaseAt = Date.now();
+    log("Port released — gateway is back");
+  }, 200);
 }
 
 // ── PID file management ─────────────────────────────────────────
@@ -480,8 +493,9 @@ function writePidFile() {
   writeFileSync(config.pidFile, String(process.pid));
 }
 
-/** Check if another sentinel has replaced us (PID file contains a different PID). */
-function isReplaced(): boolean {
+/** Check if another sentinel has replaced us (PID file contains a different PID).
+ *  Sync variant — only used in uncaughtException handler where the event loop may be draining. */
+function isReplacedSync(): boolean {
   try {
     if (!existsSync(config.pidFile)) return true;
     const filePid = parseInt(readFileSync(config.pidFile, "utf-8").trim(), 10);
@@ -491,7 +505,19 @@ function isReplaced(): boolean {
   }
 }
 
-function killOldSentinel() {
+/** Async variant of isReplaced — used in recurring timer callbacks to avoid blocking the event loop. */
+async function isReplaced(): Promise<boolean> {
+  try {
+    const content = await readFile(config.pidFile, "utf-8");
+    const filePid = parseInt(content.trim(), 10);
+    return filePid !== process.pid;
+  } catch {
+    // File doesn't exist or can't be read — assume replaced
+    return true;
+  }
+}
+
+async function killOldSentinel() {
   if (!existsSync(config.pidFile)) return;
   try {
     const oldPid = parseInt(readFileSync(config.pidFile, "utf-8").trim(), 10);
@@ -505,9 +531,8 @@ function killOldSentinel() {
         while (Date.now() < deadline) {
           try {
             process.kill(oldPid, 0);
-            // Still alive — busy-wait briefly
-            const waitUntil = Date.now() + 100;
-            while (Date.now() < waitUntil) { /* spin */ }
+            // Still alive — async wait to avoid blocking the event loop
+            await new Promise((r) => setTimeout(r, 100));
           } catch {
             // Process exited
             log(`Old sentinel (pid ${oldPid}) exited`);
@@ -564,7 +589,7 @@ process.on("uncaughtException", (err) => {
   log(`Uncaught exception: ${err.stack || err.message}`);
   // EADDRINUSE from a listen call means the port is taken — if we've been
   // replaced by a new sentinel/gateway, exit cleanly instead of looping.
-  if ((err as NodeJS.ErrnoException).code === "EADDRINUSE" && isReplaced()) {
+  if ((err as NodeJS.ErrnoException).code === "EADDRINUSE" && isReplacedSync()) {
     log("Port in use and PID file replaced — exiting");
     cleanup();
   }
@@ -588,15 +613,24 @@ function connectAllPeers() {
 
 /** Disconnect from all peers (called when gateway recovers). */
 function disconnectAllPeers() {
-  for (const [nodeId, conn] of connections) {
-    conn.close(1000, "gateway recovered");
-    connections.delete(nodeId);
-  }
-  for (const [nodeId, timer] of reconnectTimers) {
-    clearTimeout(timer);
-    reconnectTimers.delete(nodeId);
+  // Notify peers before closing so they reconnect immediately
+  for (const [, conn] of connections) {
+    try {
+      conn.send({
+        type: "peer_sync", from: sentinelNodeId(), timestamp: Date.now(),
+        payload: { peers: [] },
+      } as AnyClusterFrame);
+    } catch { /* best effort */ }
   }
-  reconnectAttempts.clear();
+  setTimeout(() => {
+    for (const [nodeId, conn] of connections) {
+      conn.close(1001, "gateway recovered");
+      connections.delete(nodeId);
+    }
+    for (const [, timer] of reconnectTimers) clearTimeout(timer);
+    reconnectTimers.clear();
+    reconnectAttempts.clear();
+  }, 200);
 }
 
 /** Periodically check if the gateway process is still alive via kill(pid, 0). */
@@ -625,22 +659,22 @@ function startGatewayHealthCheck() {
         if (config.listenPort) {
           const cooldownRemaining = PORT_RELEASE_COOLDOWN - (Date.now() - voluntaryReleaseAt);
           const delay = Math.max(2_000, cooldownRemaining);
-          setTimeout(() => {
-            if (!gatewayAlive && !isReplaced()) startListening();
+          setTimeout(async () => {
+            if (!gatewayAlive && !(await isReplaced())) startListening();
           }, delay);
         }
       }
     }
-  }, 5_000);
+  }, 2_000);
 }
 
-function boot() {
+async function boot() {
   // Prefer explicit gatewayPid from config (sent by SentinelManager),
   // fall back to ppid (may be inaccurate if forked indirectly).
   gatewayPid = config.gatewayPid ?? process.ppid;
 
   loadApprovedPeers();
-  killOldSentinel();
+  await killOldSentinel();
   writePidFile();
   log(`Started (pid ${process.pid}, gateway ${gatewayPid}, nodeId ${sentinelNodeId()}, takeover port ${config.listenPort || "none"})`);