kimi-code/packages/server/test/lock.test.ts
liruifengv b51e13538d
ci: run unit tests on windows (#1037)
* ci: run unit tests on windows

* fix(migration-legacy): align workdir bucket key with agent-core

computeWorkdirBucket used a local node:path-based resolve that yields backslash-separated paths on Windows, while agent-core's encodeWorkDirKey uses pathe (forward slashes on every platform). The SHA-256 inputs diverged, so migrated sessions were written to a bucket that the session picker never reads, making them invisible on Windows.

Alias computeWorkdirBucket to encodeWorkDirKey so both sides stay byte-identical, drop the local slugify copy, and update the workdir-bucket test reference accordingly.

* test(acp-adapter): expect platform-native separators in e2e-fs path

The e2e-fs test asserted the fs/readTextFile wire path as the raw POSIX targetPath, but AcpKaos.toClientPath converts '/' to '\' when the inner LocalKaos reports pathClass 'win32' (Windows). On Windows the wire path became '\Users\test\x.ts' and the assertion failed.

Mirror toClientPath in the test: expect backslash separators on win32 and the raw path otherwise. Implementation is unchanged.

* test(sdk): normalize workDir and skillDir paths in session tests

SessionStore.create/list and the skill loader normalize paths through pathe (forward slashes). The SDK tests compared the resulting workDir and skill loaded-dir against raw mkdtemp / node:path strings, which use backslashes on Windows (and node:fs realpath also returns backslashes for the skill dir), failing three toMatchObject assertions.

Build the expected paths with agent-core's normalizeWorkDir so they match the internal pathe representation on every platform. The skill dir keeps its realpath() (the loader realpaths the root) and only normalizes separators.

* test(skill): normalize realpath to forward slashes in scanner tests

resolveSkillRoots normalizes every root.path through fs.realpath followed by replacing backslashes with forward slashes (scanner.ts). The scanner tests compared root.path against node:fs realpath directly, which returns backslashes on Windows, so twenty assertions failed (toEqual / toContain / toHaveLength) even though the resolved paths were identical.

Wrap realpath at the top of the test file to mirror the implementation's normalization, so every comparison uses the same forward-slash form on every platform.

* test: skip Unix-only permission tests on Windows

The Unix file-permission assertions (mode bits like 0o600 / 0o700 and chmod 000 making a path unreadable) have no equivalent on Windows, which uses ACLs; fs.chmod there can only toggle the read-only bit. These six tests failed on Windows with mismatched mode values or a missing 40411.

Skip them on win32 via it.skipIf(process.platform === 'win32'): oauth FileTokenStorage (0600 file, 0700 dir), agent-core BackgroundTaskPersistence (0700 tasks dir), agent-core createPerIdJsonStore (0700 subdir), migration-legacy atomicWrite (0600 file), and server fs:browse (chmod 000 -> 40411).

* test(tui): make platform-sensitive assertions cross-platform

The TUI implementations are already platform-aware (pathe-style paths, pathToFileURL, quoteShellArg cmd/POSIX quoting, Alt+V on Windows for paste expansion), but the tests hard-coded POSIX expectations and failed on Windows.

Align the assertions with the implementation's platform behavior: footer-goal-badge matches the '[goal' badge prefix instead of /goal/ (toolbar tips contain '/goal'); tool-call expects backslash relative paths on win32; plan-box builds the file:// URL via pathToFileURL; custom-editor sends Alt+V on win32 for paste expansion; file-mention-provider normalizes the expected description to forward slashes; kimi-tui-startup builds the resume command with quoteShellArg; kimi-tui-message-flow builds the expected install path with resolve().

* test: align path assertions with pathe on Windows

Several test suites asserted paths produced by node:path/node:os/node:fs against values that agent-core, node-sdk and kaos normalize through pathe (forward slashes). On Windows the two forms diverge (backslashes vs forward slashes), failing about 19 assertions.

Mirror the implementation's normalization in the assertions via a local toPosix helper (or agent-core's normalizeWorkDir), so expected paths use forward slashes on every platform: kaos LocalKaos, node-sdk export/list/resume/config/transport sessions, cli FileMentionProvider, and agent-core skill-session.

* test(native): build path expectations with node:path.resolve

paths.mjs builds every path with node:path.resolve, which yields backslash-separated absolute paths on Windows. The path-helpers tests asserted against template strings that mixed the backslash appRoot with forward-slash segments, so Object.is failed on Windows even though the strings looked identical.

Build the expectations with the same resolve(appRoot, ...) helper so the separators match on every platform.

* fix: make Windows CI tests pass across all packages

Fix the remaining Windows CI failures so the Windows test job can go green. The changes fall into a few categories:

- Path separators: agent-core/node-sdk/kaos normalize paths via pathe (forward slashes); align test expectations and a couple of implementations (native cache base, workspace registry) with that.

- Platform-only services: skip launchd/systemd manager suites on win32 (Windows uses schtasks).

- Process/signal lifecycle: skip or relax tests that rely on POSIX signals / SIGTERM semantics that Windows does not support.

- Hook shell syntax: rewrite hook test commands from POSIX shell (single quotes, semicolons, stderr redirects, if/then/fi) to node -e / .cjs files that run under cmd.exe.

- CRLF: make Bash tool description stripping tolerate CRLF line endings.

- Misc: realpath short-name divergence, port-retry timing, telemetry spawn, fs-watch timing, snapshot path normalization, etc.

* fix: remove unused basename import in workspaceRegistryService

Fix lint error (no-unused-vars): basename from node:path is no longer used after switching to posixBasename from pathe.

* fix: align resume harness pathClass and wait for banner state on Windows

Two more Windows CI fixes:

- createResumeNoSideEffectKaos now reports pathClass 'win32' on Windows so tool descriptions (e.g. Glob's Windows note) match the live agent in expectResumeMatches, fixing usage/description deep-equal drift.

- kimi-tui-startup once-banner test now waits for writeBannerDisplayState to land before asserting, since the atomic write can lag behind the render on Windows.

* fix: resolve remaining Windows unit test failures

Make the new Windows CI job green across agent-core, kaos, node-sdk and server:

- Align the resume harness kaos pathClass with the live agent so platform-conditional tool descriptions (Glob's Windows note) match in expectResumeMatches instead of drifting on win32.
- Rewrite hook commands in agent-core tests as cross-platform node one-liners; single-quote echo, >&2 and ';' do not work under cmd.exe.
- Add .gitattributes enforcing LF so raw-imported templates (e.g. the compaction instruction) produce byte-identical token counts on Windows and POSIX.
- Terminate the full process tree on Windows in both the hook runner and kaos (taskkill /T /F) so grandchildren cannot outlive their parent and keep the cwd locked.
- Normalize workDir path separators in two kimi-sdk session tests to match the stored canonical form.
- Avoid cmd.exe arg-quoting pitfalls in the kaos cmd.exe test, and run the Windows process-tree kill test from a script file with the pid path passed via argv.
- Give the first fs-git e2e test more time on Windows and retry the temp-dir cleanup; skip the fs-watch overflow-burst assertion on Windows where fs-event coalescing prevents the single-window spike.

* ci: retrigger checks

* fix: resolve remaining Windows failures after merging main

- Terminate the spawned git/gh process tree on Windows in FsGitService (taskkill /T /F on timeout) so a timed-out 'gh pr view' cannot leave a grandchild holding the workspace cwd, which made the fs-git e2e cleanup fail with EPERM.

- Give the fs:git_status e2e suite a longer timeout on Windows and retry the temp-dir cleanup longer to ride out the slower child-process teardown.

- Make the third-party plugin install trust test assert the resolved install path via node:path so it matches the Windows-resolved path (D:\tmp\...) as well as the POSIX one.

* fix: align workspace registry roots and harden fs-git cleanup on Windows

- workspace-registry test: compare normalized (forward-slash) roots, since the registry and session index both store workDir via pathe.resolve (forward slashes on every platform). realpath() yields backslashes on Windows and diverged from the stored root.

- fs-git e2e: bump the temp-dir cleanup retries and the afterEach timeout, since Windows child-process teardown after server.close() is asynchronous and can keep the workspace cwd locked for several seconds.

* test: stub openUrl in kimi-tui-message-flow feedback tests

The /feedback command falls back to openUrl(FEEDBACK_ISSUE_URL) when submission fails, which spawned a real browser window on every test run. Mock #/utils/open-url (matching the existing login/message-replay/server test convention) so the suite never opens a browser.

* test: harden fs-git e2e cleanup against Windows cwd locks

On Windows, git/gh child processes and the session core process can outlive server.close() and keep the temp workspace as their cwd, so rmSync fails with EPERM even after a long retry. Add rmSyncRobust that retries and, if the cwd is still locked, swallows EPERM/EBUSY on Windows — the OS reclaims the temp dir and a cleanup hiccup must not fail an otherwise-passing test.

* test: harden server e2e cleanup against async teardown races

server.close() does not fully await the server's asynchronous teardown, so on a loaded CI runner the temp home/workspace dirs can still be held or written to when the afterEach rmSync runs, failing with EPERM (Windows) or ENOTEMPTY (Linux). Use a rmSyncRobust helper (retry + swallow EPERM/EBUSY/ENOTEMPTY) in the fs-git and question e2e cleanup. Also fix a leftover `throw err` (renamed to `throw error`) that broke the typecheck.
2026-06-26 11:56:41 +08:00

270 lines
8.7 KiB
TypeScript

/**
* Lock file semantics (ROADMAP P0.12 AC).
*
* Hermetic strategy: every test uses a tmpdir lock path so production
* `~/.kimi/server/lock` is never touched. We mint pid values that don't
* collide with the real process (we ARE the test process, so use a clearly
* dead high pid like 0x7fffffff for stale-takeover tests; `process.kill(pid,
* 0)` returns ESRCH for any unallocated pid on Linux/macOS).
*/
import { mkdtempSync, readFileSync, rmSync, statSync, writeFileSync, existsSync } from 'node:fs';
import { tmpdir } from 'node:os';
import { join } from 'node:path';
import { afterEach, beforeEach, describe, expect, it } from 'vitest';
import {
DEFAULT_LOCK_PATH,
ServerLockedError,
acquireLock,
getLiveLock,
type LockContents,
} from '../src/lock';
let tmpDir: string;
let lockPath: string;
beforeEach(() => {
tmpDir = mkdtempSync(join(tmpdir(), 'kimi-server-lock-test-'));
lockPath = join(tmpDir, 'lock');
});
afterEach(() => {
rmSync(tmpDir, { recursive: true, force: true });
});
describe('acquireLock — basic acquire / release', () => {
it('writes pid/started_at/port JSON and release deletes the file', () => {
const handle = acquireLock({
lockPath,
port: 58627,
nowIso: '2026-06-05T00:00:00.000Z',
});
expect(handle.lockPath).toBe(lockPath);
expect(existsSync(lockPath)).toBe(true);
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored).toEqual({
pid: process.pid,
started_at: '2026-06-05T00:00:00.000Z',
port: 58627,
});
handle.release();
expect(existsSync(lockPath)).toBe(false);
});
it('defaults nowIso + pid when not provided', () => {
const handle = acquireLock({ lockPath, port: 1234 });
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored.pid).toBe(process.pid);
expect(stored.port).toBe(1234);
// ISO 8601 with milliseconds + Z. Loose check — full format coverage lives in protocol/time.test.ts.
expect(stored.started_at).toMatch(/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z$/);
handle.release();
});
it('release is idempotent — second call is a no-op', () => {
const handle = acquireLock({ lockPath, port: 9 });
handle.release();
handle.release(); // would throw if not guarded
expect(existsSync(lockPath)).toBe(false);
});
it('release tolerates a missing lock file (best-effort)', () => {
const handle = acquireLock({ lockPath, port: 9 });
// Operator manually rm'd it between acquire and release.
rmSync(lockPath);
expect(() => handle.release()).not.toThrow();
});
it.skipIf(process.platform === 'win32')('creates the lock file with 0600 permissions (ROADMAP M5.2)', () => {
const handle = acquireLock({ lockPath, port: 58627 });
// The lock file lives next to the per-pid bearer token; it must not be
// group/world readable.
expect(statSync(lockPath).mode & 0o777).toBe(0o600);
handle.release();
});
});
describe('acquireLock — concurrent-instance protection', () => {
it('throws ServerLockedError when a live owner already holds the lock', () => {
// Simulate "another live server" by writing a lock file with our own pid
// (which is definitely alive — this test runner) but a fake port.
const existing: LockContents = {
pid: process.pid,
started_at: '2026-06-05T00:00:00.000Z',
port: 58627,
};
writeFileSync(lockPath, JSON.stringify(existing));
// Same-pid double-acquire is also a conflict (single-server-per-process
// invariant). Caller must release the previous handle first.
expect(() => acquireLock({ lockPath, port: 58627 })).toThrow(ServerLockedError);
try {
acquireLock({ lockPath, port: 58627 });
} catch (err) {
const e = err as ServerLockedError;
expect(e.code).toBe('ESERVER_LOCKED');
expect(e.exitCode).toBe(2);
expect(e.message).toContain(`pid=${process.pid}`);
expect(e.message).toContain('port=58627');
expect(e.existing).toEqual(existing);
}
});
it('takes over a stale lock whose recorded pid is dead', () => {
// 0x7fffffff (2147483647) is the max signed-32 pid on Linux/macOS; the
// kernel never allocates pids that high in normal operation. ESRCH guaranteed.
const stalePid = 0x7fffffff;
writeFileSync(
lockPath,
JSON.stringify({
pid: stalePid,
started_at: '2025-01-01T00:00:00.000Z',
port: 58627,
} satisfies LockContents),
);
const handle = acquireLock({ lockPath, port: 58627 });
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored.pid).toBe(process.pid);
expect(stored.port).toBe(58627);
handle.release();
});
it('takes over an unparseable lock file', () => {
writeFileSync(lockPath, '{garbage');
const handle = acquireLock({ lockPath, port: 4242 });
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored.pid).toBe(process.pid);
handle.release();
});
it('does NOT delete the lock if a third party stole ownership between acquire and release', () => {
const handle = acquireLock({ lockPath, port: 9999 });
// Simulate another server clobbering the file with its own pid+port.
const otherPid = 0x7ffffff0;
writeFileSync(
lockPath,
JSON.stringify({ pid: otherPid, started_at: 'x', port: 1234 } satisfies LockContents),
);
handle.release();
expect(existsSync(lockPath)).toBe(true); // mismatched pid → preserved
});
});
describe('acquireLock — updatePort', () => {
it('rewrites the recorded port when our pid owns the lock', () => {
const handle = acquireLock({ lockPath, port: 7878 });
handle.updatePort(7879);
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored.port).toBe(7879);
expect(stored.pid).toBe(process.pid);
handle.release();
});
it('preserves unrelated fields when rewriting the port', () => {
const handle = acquireLock({
lockPath,
port: 7878,
host: '127.0.0.1',
hostVersion: '1.2.3',
entry: '/usr/local/bin/kimi',
nowIso: '2026-06-05T00:00:00.000Z',
});
handle.updatePort(7880);
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored).toEqual({
pid: process.pid,
started_at: '2026-06-05T00:00:00.000Z',
host: '127.0.0.1',
port: 7880,
host_version: '1.2.3',
entry: '/usr/local/bin/kimi',
});
handle.release();
});
it('is a no-op when the port is unchanged', () => {
const handle = acquireLock({ lockPath, port: 7878 });
const before = readFileSync(lockPath, 'utf8');
handle.updatePort(7878);
expect(readFileSync(lockPath, 'utf8')).toBe(before);
handle.release();
});
it('is a no-op when the lock file is missing', () => {
const handle = acquireLock({ lockPath, port: 7878 });
rmSync(lockPath);
expect(() => {
handle.updatePort(7879);
}).not.toThrow();
expect(existsSync(lockPath)).toBe(false);
handle.release();
});
it('does NOT rewrite the port when a third party owns the lock', () => {
const handle = acquireLock({ lockPath, port: 7878 });
// Simulate another server clobbering the file with its own pid+port.
writeFileSync(
lockPath,
JSON.stringify({ pid: 0x7ffffff0, started_at: 'x', port: 7878 } satisfies LockContents),
);
handle.updatePort(7879);
const stored = JSON.parse(readFileSync(lockPath, 'utf8')) as LockContents;
expect(stored.port).toBe(7878); // untouched — we don't own it anymore
handle.release();
});
});
describe('acquireLock — defaults', () => {
it('DEFAULT_LOCK_PATH points under the kimi-code home', () => {
expect(DEFAULT_LOCK_PATH).toMatch(/[/\\]\.kimi-code[/\\]server[/\\]lock$/);
});
});
describe('getLiveLock', () => {
it('returns undefined when the lock file is missing', () => {
expect(getLiveLock(lockPath)).toBeUndefined();
});
it('returns undefined for an unparseable lock file', () => {
writeFileSync(lockPath, '{garbage');
expect(getLiveLock(lockPath)).toBeUndefined();
});
it('returns undefined for a stale lock whose recorded pid is dead', () => {
writeFileSync(
lockPath,
JSON.stringify({
pid: 0x7fffffff,
started_at: '2025-01-01T00:00:00.000Z',
port: 58627,
} satisfies LockContents),
);
expect(getLiveLock(lockPath)).toBeUndefined();
});
it('returns the contents when the recorded pid is alive', () => {
const live: LockContents = {
pid: process.pid,
started_at: '2026-06-05T00:00:00.000Z',
port: 9000,
};
writeFileSync(lockPath, JSON.stringify(live));
expect(getLiveLock(lockPath)).toEqual(live);
});
});