npm - git-watchtower - Versions diffs - 1.12.2 → 1.12.4 - Mend

git-watchtower 1.12.2 → 1.12.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/git-watchtower.js +118 -24
package/package.json +1 -1
package/src/server/coordinator.js +83 -9

package/bin/git-watchtower.js CHANGED Viewed

@@ -101,7 +101,7 @@ const store = new Store();
 // Web dashboard server
 const { WebDashboardServer } = require('../src/server/web');
-const { Coordinator, Worker, generateProjectId, getActiveCoordinator, writeLock, removeLock } = require('../src/server/coordinator');
+const { Coordinator, Worker, generateProjectId, getActiveCoordinator, tryAcquireLock, finalizeLock, removeLock, removeSocket, isProcessAlive } = require('../src/server/coordinator');
 const PROJECT_ROOT = process.cwd();
@@ -802,7 +802,7 @@ const { ansi, box, truncate, sparkline: uiSparkline, visibleLength, stripAnsi, p
 // Error detection utilities imported from src/utils/errors.js
 const { ErrorHandler, isAuthError, isMergeConflict, isNetworkError } = require('../src/utils/errors');
-const { Mutex } = require('../src/utils/async');
+const { Mutex, sleep } = require('../src/utils/async');
 // Keyboard handling utilities imported from src/ui/keybindings.js
 const { filterBranches } = require('../src/ui/keybindings');
@@ -3081,6 +3081,50 @@ async function handleWebAction(action, payload) {
   }
 }
+/**
+ * Maximum attempts to connect to an existing coordinator as a worker
+ * before giving up (or reclaiming the lock if the coordinator is dead).
+ */
+const WORKER_CONNECT_MAX_ATTEMPTS = 3;
+/**
+ * Base delay for exponential backoff between worker-connect attempts (ms).
+ * Delays are 200ms, 400ms — total added latency ~600ms in the worst case.
+ */
+const WORKER_CONNECT_BASE_DELAY_MS = 200;
+/**
+ * Attempt to connect to an existing coordinator as a worker, with bounded
+ * exponential backoff. Returns the connected Worker on success, or null if
+ * every attempt failed. Between attempts, if the coordinator's process is
+ * no longer alive, we stop retrying so the caller can reclaim the lock.
+ *
+ * @param {{pid: number, port: number, socketPath: string}} existing - Coordinator lock info
+ * @param {string} projectIdArg - Project ID for worker registration
+ * @returns {Promise<Worker|null>}
+ */
+async function connectWorkerWithRetry(existing, projectIdArg) {
+  for (let attempt = 1; attempt <= WORKER_CONNECT_MAX_ATTEMPTS; attempt++) {
+    try {
+      const w = new Worker({
+        id: projectIdArg,
+        projectPath: PROJECT_ROOT,
+        projectName: path.basename(PROJECT_ROOT),
+        socketPath: existing.socketPath,
+      });
+      w.onCommand = (action, payload) => handleWebAction(action, payload);
+      await w.connect();
+      return w;
+    } catch (err) {
+      if (attempt >= WORKER_CONNECT_MAX_ATTEMPTS) return null;
+      // Stop early if the coordinator has exited — caller will reclaim.
+      if (!isProcessAlive(existing.pid)) return null;
+      await sleep(WORKER_CONNECT_BASE_DELAY_MS * Math.pow(2, attempt - 1));
+    }
+  }
+  return null;
+}
 /**
  * Create and start the web dashboard, with coordinator support.
  * @param {boolean} openBrowser - Whether to auto-open the browser
@@ -3104,20 +3148,42 @@ async function startWebDashboard(openBrowser) {
     if (url) webDashboard.setRepoWebUrl(url);
   }).catch(() => {});
-  // Check if a coordinator is already running
-  const existing = getActiveCoordinator();
+  // Atomically try to claim the coordinator role. If another live instance
+  // already owns the lock, connect as a worker instead. This prevents a
+  // TOCTOU race where two instances both pass a "no coordinator" check and
+  // then clobber each other's socket in Coordinator.start().
+  //
+  // The outer loop runs at most twice so we can reclaim the coordinator
+  // role if the existing coordinator dies while we're retrying the worker
+  // handshake (e.g. it crashed just before we attached). Without this, a
+  // transient connect failure (peer not yet accepting, EPIPE, slow fork)
+  // against a coordinator that later crashes would leave us with no web
+  // dashboard even though we could safely take over.
+  let acquired = false;
+  let existing = null;
+  for (let outer = 0; outer < 2 && !acquired; outer++) {
+    const lockResult = tryAcquireLock(process.pid);
+    if (lockResult.acquired) {
+      acquired = true;
+      break;
+    }
-  if (existing) {
-    // Connect as a worker to the existing coordinator
-    try {
-      worker = new Worker({
-        id: projectId,
-        projectPath: PROJECT_ROOT,
-        projectName: path.basename(PROJECT_ROOT),
-        socketPath: existing.socketPath,
-      });
-      worker.onCommand = (action, payload) => handleWebAction(action, payload);
-      await worker.connect();
+    existing = lockResult.existing || getActiveCoordinator();
+    if (!existing) {
+      // Lock exists but we couldn't claim it and couldn't read the owner.
+      // Bail out rather than race a concurrent startup.
+      addLog('Web dashboard unavailable: could not acquire coordinator lock', 'error');
+      webDashboard = null;
+      render();
+      return;
+    }
+    // Try to connect as a worker with bounded retry + exponential backoff.
+    // The coordinator may still be finishing its bind after finalizeLock()
+    // writes the real socket path, or temporarily unresponsive.
+    const connectedWorker = await connectWorkerWithRetry(existing, projectId);
+    if (connectedWorker) {
+      worker = connectedWorker;
       addLog(`Joined web dashboard at ${localhostUrl(existing.port)} (tab)`, 'success');
       // Push state periodically
@@ -3135,13 +3201,35 @@ async function startWebDashboard(openBrowser) {
       WEB_PORT = existing.port;
       render();
       return;
-    } catch (err) {
-      // Couldn't connect — become coordinator instead
-      worker = null;
     }
+    // Every connect attempt failed. If the coordinator process died while
+    // we were retrying, clean up the stale lock/socket and loop once to
+    // claim the coordinator role ourselves. Otherwise abort — do NOT take
+    // over a live coordinator's socket.
+    if (!isProcessAlive(existing.pid)) {
+      removeLock();
+      removeSocket();
+      continue;
+    }
+    addLog(`Could not join web dashboard at ${localhostUrl(existing.port)}: coordinator unreachable`, 'error');
+    webDashboard = null;
+    render();
+    return;
   }
-  // We are the coordinator
+  if (!acquired) {
+    addLog('Web dashboard unavailable: could not acquire coordinator lock after retry', 'error');
+    webDashboard = null;
+    render();
+    return;
+  }
+  // We hold the lock — it is now safe to remove any leftover socket and
+  // start listening. The lock file contains a placeholder pid-only entry
+  // until finalizeLock() writes the real port/socketPath after a successful
+  // bind.
   try {
     coordinator = new Coordinator();
     coordinator.onProjectsChanged = (projects) => {
@@ -3155,7 +3243,12 @@ async function startWebDashboard(openBrowser) {
     await coordinator.start();
     coordinator.registerLocal(projectId, PROJECT_ROOT, path.basename(PROJECT_ROOT), webDashboard.getSerializableState());
-    // Update coordinator with our latest state periodically
+    const { port } = await webDashboard.start();
+    WEB_PORT = port;
+    finalizeLock(process.pid, port, coordinator.socketPath);
+    // Update coordinator with our latest state periodically. Started only
+    // after a successful bind so a failed start doesn't leak an interval.
     webStateInterval = setInterval(() => {
       if (coordinator && webDashboard) {
         coordinator.updateLocal(projectId, webDashboard.getSerializableState());
@@ -3165,15 +3258,16 @@ async function startWebDashboard(openBrowser) {
       }
     }, 500);
-    const { port } = await webDashboard.start();
-    WEB_PORT = port;
-    writeLock(process.pid, port, coordinator.socketPath);
     addLog(`Web dashboard: ${localhostUrl(port)}`, 'success');
     if (openBrowser) openInBrowser(localhostUrl(port));
     render();
   } catch (err) {
     addLog(`Web dashboard failed: ${err.message}`, 'error');
+    if (coordinator) {
+      try { coordinator.stop(); } catch (_) { /* ignore */ }
+    }
+    removeLock();
+    removeSocket();
     webDashboard = null;
     coordinator = null;
     render();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "git-watchtower",
-  "version": "1.12.2",
+  "version": "1.12.4",
   "description": "Terminal-based Git branch monitor with activity sparklines and optional dev server with live reload",
   "main": "bin/git-watchtower.js",
   "bin": {

package/src/server/coordinator.js CHANGED Viewed

@@ -68,13 +68,18 @@ function isProcessAlive(pid) {
 /**
  * Read the lock file.
- * @returns {{ pid: number, port: number, socketPath: string } | null}
+ *
+ * A lock may be a placeholder (pid only, no port/socketPath) while a new
+ * coordinator is still binding its socket. Callers that need a connectable
+ * coordinator should use getActiveCoordinator(), which rejects placeholders.
+ *
+ * @returns {{ pid: number, port?: number, socketPath?: string, pending?: boolean } | null}
  */
 function readLock() {
   try {
     if (!fs.existsSync(LOCK_FILE)) return null;
     const data = JSON.parse(fs.readFileSync(LOCK_FILE, 'utf8'));
-    if (!data || !data.pid || !data.port) return null;
+    if (!data || !data.pid) return null;
     return data;
   } catch (e) {
     return null;
@@ -92,6 +97,66 @@ function writeLock(pid, port, socketPath) {
   fs.writeFileSync(LOCK_FILE, JSON.stringify({ pid, port, socketPath }, null, 2) + '\n', 'utf8');
 }
+/**
+ * Atomically reserve the coordinator lock.
+ *
+ * Uses `fs.openSync(..., 'wx')` to create the lock file exclusively, so two
+ * instances racing to become coordinator cannot both succeed. A placeholder
+ * entry ({ pid, pending: true }) is written immediately so that any process
+ * reading the lock while we bind our socket still sees a valid owning PID.
+ *
+ * If the lock already exists but the owning process is dead, the stale lock
+ * (and socket) are cleaned up and the acquisition is retried once.
+ *
+ * @param {number} pid - PID of the acquiring process
+ * @returns {{acquired: true} | {acquired: false, existing: {pid: number, port?: number, socketPath?: string, pending?: boolean} | null}}
+ */
+function tryAcquireLock(pid) {
+  ensureDir();
+  // One retry after stale-lock cleanup; avoids looping if another process
+  // keeps recreating the lock faster than we can clean it up.
+  for (let attempt = 0; attempt < 2; attempt++) {
+    try {
+      const fd = fs.openSync(LOCK_FILE, 'wx');
+      try {
+        fs.writeSync(fd, JSON.stringify({ pid, pending: true }) + '\n');
+      } finally {
+        fs.closeSync(fd);
+      }
+      return { acquired: true };
+    } catch (err) {
+      if (err.code !== 'EEXIST') throw err;
+      // Lock file exists — check if the owner is alive.
+      const existing = readLock();
+      if (existing && isProcessAlive(existing.pid)) {
+        return { acquired: false, existing };
+      }
+      // Stale or unreadable — clean up and retry the exclusive create.
+      removeLock();
+      removeSocket();
+    }
+  }
+  // Another process raced us to re-create the lock. Treat it as active.
+  const existing = readLock();
+  return { acquired: false, existing: existing || null };
+}
+/**
+ * Replace the placeholder lock with the final port/socket details after the
+ * coordinator has successfully bound its IPC socket and the web server has
+ * started listening. Caller must already own the lock via tryAcquireLock().
+ *
+ * @param {number} pid
+ * @param {number} port
+ * @param {string} socketPath
+ */
+function finalizeLock(pid, port, socketPath) {
+  writeLock(pid, port, socketPath);
+}
 /**
  * Remove the lock file.
  */
@@ -107,18 +172,25 @@ function removeSocket() {
 }
 /**
- * Check if a coordinator is already running.
- * Cleans up stale lock if the process is dead.
+ * Check if a coordinator is already running and reachable.
+ *
+ * Returns null for stale locks (cleans them up) and for placeholder locks
+ * that haven't finished binding yet — callers shouldn't try to connect to
+ * a coordinator that isn't listening.
+ *
  * @returns {{ pid: number, port: number, socketPath: string } | null}
  */
 function getActiveCoordinator() {
   const lock = readLock();
   if (!lock) return null;
-  if (isProcessAlive(lock.pid)) return lock;
-  // Stale lock — clean up
-  removeLock();
-  removeSocket();
-  return null;
+  if (!isProcessAlive(lock.pid)) {
+    removeLock();
+    removeSocket();
+    return null;
+  }
+  // Placeholder (pending) — coordinator is still binding.
+  if (!lock.port || !lock.socketPath) return null;
+  return /** @type {{pid:number,port:number,socketPath:string}} */ (lock);
 }
 // ─── Coordinator (first instance) ────────────────────────────────
@@ -533,6 +605,8 @@ module.exports = {
   getActiveCoordinator,
   readLock,
   writeLock,
+  tryAcquireLock,
+  finalizeLock,
   removeLock,
   removeSocket,
   isProcessAlive,