1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
use ;
static HARN_STATE_LOCK: = new;
/// Process-global env vars that point harn_vm at a specific state dir.
/// Any test that leaves these set leaks its (now-deleted) `TempDir`
/// path into subsequent tests' `install_default_for_base_dir(base_dir)`
/// calls because `state_root()` / `event_log_*` resolvers honor an
/// absolute env-var value over the supplied `base_dir`, silently
/// pointing every test at the same stale SQLite file.
const LEAKY_STATE_ENV_VARS: & = &;
/// Serialize tests that mutate harn_vm process-global state.
///
/// Covers:
/// - `HARN_STATE_DIR` and sibling env vars read by
/// `harn_vm::runtime_paths::state_root()` / `event_log_*` and written
/// by `OrchestratorRole::build_vm()`. The lock helper unsets them on
/// entry so each test starts from a clean env instead of inheriting
/// a previous test's absolute state path.
/// - The thread-local `ACTIVE_EVENT_LOG`, which is reused across
/// cargo test-thread handoffs.
/// - The process-global `harn_vm` trigger registry mutated by
/// `install_manifest_triggers` / `clear_trigger_registry`.
///
/// Tests grabbing this lock should not assume the global state is clean
/// on entry — always call `reset_active_event_log()` +
/// `harn_vm::clear_trigger_registry()` as applicable.
///
/// Poison recovery: a prior panic may poison the mutex. We recover the
/// guard because each test resets the state on entry, so the mutex's
/// `()` payload is irrelevant and propagating `PoisonError` would
/// cascade a single legitimate failure across every downstream test.
pub