exomonad 0.1.0

ExoMonad: Rust host with Haskell WASM plugin for Claude Code hooks/MCP
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316

use anyhow::{Context, Result};
use std::fs::{self, File, OpenOptions};
use std::io::{Seek, SeekFrom, Write};
use std::path::{Path, PathBuf};
use tracing::{info, warn};

#[cfg(unix)]
use nix::sys::signal::{self, Signal};
#[cfg(unix)]
use nix::unistd::Pid;
#[cfg(unix)]
use std::os::unix::io::AsRawFd;

/// Enforces that only one instance of the sidecar is running for this project.
///
/// Uses file locking (flock) to prevent race conditions.
/// 1. Opens the PID file.
/// 2. Tries to acquire an exclusive lock.
/// 3. If locked by another process:
///    a. Reads the PID.
///    b. Verifies the process identity (to avoid killing unrelated processes on PID reuse).
///    c. Kills the process.
///    d. Retries locking.
/// 4. Once locked, writes the current PID.
/// 5. Returns a guard that holds the lock (and file handle) until dropped.
pub fn enforce_singleton(pid_file: &Path) -> Result<PidGuard> {
    #[cfg(unix)]
    return unix_enforce_singleton(pid_file);

    #[cfg(not(unix))]
    {
        warn!("PID enforcement is only supported on Unix systems");
        Ok(PidGuard {
            path: pid_file.to_path_buf(),
            file: None,
        })
    }
}

#[cfg(unix)]
fn unix_enforce_singleton(pid_file: &Path) -> Result<PidGuard> {
    if let Some(parent) = pid_file.parent() {
        fs::create_dir_all(parent).context("Failed to create directory for PID file")?;
    }

    // Open with read/write/create. We keep this file open in the guard.
    #[allow(clippy::suspicious_open_options)]
    let mut file = OpenOptions::new()
        .read(true)
        .write(true)
        .create(true)
        .truncate(false)
        .open(pid_file)
        .context("Failed to open PID file")?;

    let timeout = std::time::Duration::from_secs(10);
    let start = std::time::Instant::now();

    loop {
        // Try to acquire exclusive, non-blocking lock
        #[allow(deprecated)]
        match nix::fcntl::flock(
            file.as_raw_fd(),
            nix::fcntl::FlockArg::LockExclusiveNonblock,
        ) {
            Ok(_) => {
                // Lock acquired! We are the singleton.
                break;
            }
            Err(nix::errno::Errno::EWOULDBLOCK) => {
                // Locked by another process.
                if start.elapsed() > timeout {
                    anyhow::bail!("Timed out waiting for previous sidecar instance to exit");
                }

                // Read PID from file to kill it
                let content = fs::read_to_string(pid_file).unwrap_or_default();
                let trimmed = content.trim();

                if let Ok(old_pid_u32) = trimmed.parse::<u32>() {
                    // Safe cast to i32 (PID type in nix)
                    if let Ok(old_pid) = i32::try_from(old_pid_u32) {
                        let pid = Pid::from_raw(old_pid);

                        // Verify process identity if possible (rudimentary check via ps)
                        if is_sidecar_process(old_pid_u32) {
                            kill_process(pid, old_pid_u32)?;
                        } else {
                            warn!(pid = old_pid, "Process holding lock does not appear to be exomonad (or cannot be verified). Waiting...");
                            // We can't kill it safely if we don't know what it is.
                            // But if it holds the lock on our PID file, it's likely relevant or a zombie.
                            // However, flock locks are released on process termination.
                            // If it's still holding the lock, it's alive.
                            // If check fails, maybe it's a false negative?
                            // Let's retry kill logic but be careful.
                            // Actually, if we can't verify it, we probably shouldn't kill random PIDs.
                            // But checking 'ps' is flaky.
                            // Let's stick to the Copilot requirement: verify identity.
                        }
                    }
                }

                // Wait a bit before retrying lock
                std::thread::sleep(std::time::Duration::from_millis(200));
            }
            Err(e) => {
                return Err(e).context("Failed to acquire lock on PID file");
            }
        }
    }

    // We have the lock. Truncate and write our PID.
    file.set_len(0).context("Failed to truncate PID file")?;
    file.seek(SeekFrom::Start(0))
        .context("Failed to seek PID file")?;

    let current_pid = std::process::id();
    file.write_all(current_pid.to_string().as_bytes())
        .context("Failed to write to PID file")?;

    info!(pid = current_pid, path = %pid_file.display(), "PID file locked and written");

    Ok(PidGuard {
        path: pid_file.to_path_buf(),
        file: Some(file),
    })
}

#[cfg(unix)]
fn is_sidecar_process(pid: u32) -> bool {
    // Simple check using `ps -p <pid> -o command=`
    // This is portable enough for standard Unixes (Linux, macOS).
    let output = std::process::Command::new("ps")
        .arg("-p")
        .arg(pid.to_string())
        .arg("-o")
        .arg("command=")
        .output();

    match output {
        Ok(out) => {
            let stdout = String::from_utf8_lossy(&out.stdout);
            stdout.contains("exomonad")
        }
        Err(_) => false, // Cannot verify
    }
}

#[cfg(unix)]
fn kill_process(pid: Pid, old_pid: u32) -> Result<()> {
    info!(
        pid = old_pid,
        "Attempting to terminate existing sidecar process"
    );

    // Try SIGTERM
    match signal::kill(pid, Signal::SIGTERM) {
        Ok(_) => {
            // Poll for exit
            let timeout = std::time::Duration::from_secs(5);
            let start = std::time::Instant::now();

            while start.elapsed() < timeout {
                if signal::kill(pid, None).is_err() {
                    info!(pid = old_pid, "Process terminated after SIGTERM");
                    return Ok(());
                }
                std::thread::sleep(std::time::Duration::from_millis(100));
            }

            warn!(
                pid = old_pid,
                "Process still alive after SIGTERM timeout, sending SIGKILL"
            );
        }
        Err(nix::errno::Errno::ESRCH) => return Ok(()), // Already gone
        Err(nix::errno::Errno::EPERM) => {
            warn!(
                pid = old_pid,
                "Permission denied when trying to kill process"
            );
            return Ok(()); // We can't do anything, loop will likely timeout on lock acquire
        }
        Err(e) => warn!(pid = old_pid, error = %e, "Failed to send SIGTERM"),
    }

    // Try SIGKILL
    match signal::kill(pid, Signal::SIGKILL) {
        Ok(_) => {
            // Brief wait
            std::thread::sleep(std::time::Duration::from_millis(100));
            if signal::kill(pid, None).is_ok() {
                anyhow::bail!(
                    "Failed to kill process {} with SIGKILL (still running)",
                    old_pid
                );
            }
            info!(pid = old_pid, "Process terminated after SIGKILL");
            Ok(())
        }
        Err(nix::errno::Errno::ESRCH) => Ok(()),
        Err(nix::errno::Errno::EPERM) => {
            warn!(
                pid = old_pid,
                "Permission denied when trying to kill process (SIGKILL)"
            );
            Ok(())
        }
        Err(e) => {
            warn!(pid = old_pid, error = %e, "Failed to send SIGKILL");
            Ok(()) // Loop will handle retry/timeout
        }
    }
}

/// RAII guard for PID file.
pub struct PidGuard {
    path: PathBuf,
    #[cfg(unix)]
    #[allow(dead_code)]
    file: Option<File>, // Holds the lock (fd)
    #[cfg(not(unix))]
    file: Option<()>,
}

impl PidGuard {
    pub fn new(path: &Path) -> Result<Self> {
        enforce_singleton(path)
    }
}

impl Drop for PidGuard {
    fn drop(&mut self) {
        // Close file (releases lock) and remove it
        // Note: verify we are still the owner?
        // Since we held the lock exclusive, no one else should have written to it.
        // Unless they force deleted it.
        // We can just remove it.

        // On Unix, we need to explicitly unlock? No, closing fd unlocks.
        // Drop of File closes fd.

        // Remove file
        if self.path.exists() {
            let _ = fs::remove_file(&self.path);
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use tempfile::tempdir;

    #[test]
    fn test_pid_guard_lifecycle() {
        let dir = tempdir().unwrap();
        let pid_file = dir.path().join("sidecar.pid");

        {
            let _guard = PidGuard::new(&pid_file).unwrap();
            assert!(pid_file.exists());
            let content = fs::read_to_string(&pid_file).unwrap();
            assert_eq!(content.trim(), std::process::id().to_string());
        }

        assert!(!pid_file.exists());
    }

    #[cfg(unix)]
    #[test]
    fn test_lock_contention() {
        // Test requires spawning a child to hold the lock
        // This is complex to test in unit test without external binary.
        // We can simulate by flocking in the same process on a different fd?
        // flock is per-file-handle in Linux usually, checking nix behavior.

        let dir = tempdir().unwrap();
        let pid_file = dir.path().join("contention.pid");

        let file1 = OpenOptions::new()
            .create(true)
            .write(true)
            .truncate(false)
            .open(&pid_file)
            .unwrap();
        #[allow(deprecated)]
        nix::fcntl::flock(file1.as_raw_fd(), nix::fcntl::FlockArg::LockExclusive).unwrap();

        // Try to acquire in background thread? flock is process-associated on some systems (BSD/macOS)?
        // On Linux flock is associated with the file description (fd).
        // Let's try separate thread with separate opening.

        let path_clone = pid_file.clone();
        let handle = std::thread::spawn(move || {
            // Should block or fail
            enforce_singleton(&path_clone).is_ok()
        });

        // The other thread will try to lock. It will block or loop.
        // Since we hold the lock and are "sidecar-like" (same process name), it might try to kill us?
        // Wait, current process IS "exomonad".
        // `is_sidecar_process` checks for that name.
        // The test runner name is usually different.
        // So `is_sidecar_process` will return false.
        // So it should just loop waiting.

        std::thread::sleep(std::time::Duration::from_millis(500));

        // Release lock
        drop(file1);

        // Now thread should succeed
        assert!(handle.join().unwrap());
    }
}