git-paw 0.7.0

Parallel AI Worktrees — orchestrate multiple AI coding CLI sessions across git worktrees
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

//! Advisory lock for mutating a live session's branch set.
//!
//! `git paw add` and `git paw remove` both splice panes into / out of a
//! running tmux session and rewrite the session JSON. Two of these running
//! concurrently — or one racing a supervisor sweep that is itself sending
//! keys to panes — can corrupt the grid or the session receipt (design
//! "Risks / Trade-offs: Race: add/remove while a sweep is mutating panes").
//!
//! The mitigation is a single advisory lock file under the repo's `.git-paw/`
//! directory, taken by both subcommands. It is *advisory*: it guards git-paw's
//! own `add`/`remove` invocations against each other, not arbitrary external
//! tmux activity. Acquisition is an atomic `create_new` — the first caller
//! wins, a second concurrent caller gets a clear "operation in progress"
//! error rather than interleaving its mutations. The lock is released (file
//! removed) when the [`SessionLock`] guard drops, including on early-return
//! error paths.

use std::fs::{self, File, OpenOptions};
use std::io::ErrorKind;
use std::path::{Path, PathBuf};

use crate::error::PawError;

/// File name of the add/remove advisory lock within `<repo>/.git-paw/`.
pub const LOCK_FILE_NAME: &str = ".add-remove.lock";

/// Returns the advisory lock path for a repository:
/// `<repo>/.git-paw/.add-remove.lock`.
#[must_use]
pub fn lock_path(repo_root: &Path) -> PathBuf {
    repo_root.join(".git-paw").join(LOCK_FILE_NAME)
}

/// RAII guard for the add/remove advisory lock.
///
/// Acquired with [`SessionLock::acquire`]; the lock file is removed when the
/// guard drops. Hold it for the entire mutate-the-session critical section of
/// `cmd_add` / `cmd_remove`.
#[derive(Debug)]
pub struct SessionLock {
    path: PathBuf,
    // Held only so the underlying handle lives as long as the guard; the file
    // is removed on drop via `path`.
    _file: File,
}

impl SessionLock {
    /// Attempts to acquire the advisory lock for `repo_root`.
    ///
    /// Creates `<repo>/.git-paw/` if needed, then atomically creates the lock
    /// file. Returns [`PawError::SessionError`] with an actionable
    /// "operation in progress" message when the lock is already held (the
    /// file already exists) — the second concurrent `add`/`remove` SHALL see
    /// this rather than proceed.
    pub fn acquire(repo_root: &Path) -> Result<Self, PawError> {
        let path = lock_path(repo_root);
        if let Some(parent) = path.parent() {
            fs::create_dir_all(parent).map_err(|e| {
                PawError::SessionError(format!(
                    "failed to create lock directory {}: {e}",
                    parent.display()
                ))
            })?;
        }

        match OpenOptions::new().write(true).create_new(true).open(&path) {
            Ok(file) => Ok(Self { path, _file: file }),
            Err(e) if e.kind() == ErrorKind::AlreadyExists => Err(PawError::SessionError(format!(
                "another `git paw add` / `git paw remove` operation is in progress for this \
                 repository.\n\
                 \n\
                 Wait for it to finish, then retry. If no such command is running, a previous \
                 invocation crashed mid-operation — remove the stale lock and retry:\n  \
                 rm {}",
                path.display()
            ))),
            Err(e) => Err(PawError::SessionError(format!(
                "failed to acquire session lock {}: {e}",
                path.display()
            ))),
        }
    }
}

impl Drop for SessionLock {
    fn drop(&mut self) {
        // Best-effort release; a leftover lock surfaces the actionable
        // "remove the stale lock" hint on the next acquire.
        let _ = fs::remove_file(&self.path);
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use tempfile::TempDir;

    #[test]
    fn lock_path_is_under_git_paw_dir() {
        let repo = TempDir::new().unwrap();
        let p = lock_path(repo.path());
        assert_eq!(p, repo.path().join(".git-paw").join(".add-remove.lock"));
    }

    #[test]
    fn acquire_creates_the_lock_file() {
        let repo = TempDir::new().unwrap();
        let _guard = SessionLock::acquire(repo.path()).expect("first acquire should succeed");
        assert!(
            lock_path(repo.path()).exists(),
            "lock file should exist while the guard is held"
        );
    }

    #[test]
    fn second_concurrent_acquire_errors_with_in_progress_message() {
        let repo = TempDir::new().unwrap();
        let _guard = SessionLock::acquire(repo.path()).expect("first acquire should succeed");

        let err = SessionLock::acquire(repo.path())
            .expect_err("second concurrent acquire must fail while the first is held");
        let msg = err.to_string();
        assert!(
            msg.contains("in progress"),
            "second acquire should report an operation in progress; got: {msg}"
        );
        assert!(
            msg.contains(".add-remove.lock"),
            "error should name the lock file so a stale lock can be removed; got: {msg}"
        );
    }

    #[test]
    fn lock_is_released_on_drop_allowing_reacquire() {
        let repo = TempDir::new().unwrap();
        {
            let _guard = SessionLock::acquire(repo.path()).expect("acquire");
        }
        assert!(
            !lock_path(repo.path()).exists(),
            "lock file should be removed when the guard drops"
        );
        // A fresh acquire after release must succeed — serialized, not blocked.
        let _again = SessionLock::acquire(repo.path())
            .expect("re-acquire after the previous guard dropped should succeed");
    }

    #[test]
    fn acquire_creates_git_paw_dir_when_absent() {
        let repo = TempDir::new().unwrap();
        // No .git-paw/ yet.
        assert!(!repo.path().join(".git-paw").exists());
        let _guard = SessionLock::acquire(repo.path()).expect("acquire should create .git-paw/");
        assert!(repo.path().join(".git-paw").is_dir());
    }
}