Exact

Exact Union RegExp

jinye 0eed884c0b fix(rewind): restore upstream TOCTOU ordering + heal sticky failed marker (#4216) ... * fix(rewind): restore upstream TOCTOU ordering + heal sticky failed marker Two related bugs that landed in #4064: 1. **trackEdit widened the pre-write TOCTOU window**. PR #4064 inserted `await trackEdit(filePath)` between `checkPriorRead` and `writeTextFile` in both `edit.ts` and `write-file.ts`. trackEdit does `stat` + `copyFile` and on large files can take hundreds of milliseconds. The pre-existing comment above `checkPriorRead` acknowledged a stat-then-write race window of "two adjacent syscalls"; the new ordering widened that to "freshness check → potentially-multi-second backup → write", so an external mutation landing during the backup would no longer be detected before the write clobbered it. The fix is the ordering upstream `claude-code/src/tools/FileEditTool` uses, with its own explicit comment on the equivalent block: > These awaits must stay OUTSIDE the critical section below — a > yield between the staleness check and writeTextContent lets > concurrent edits interleave. Moved `trackEdit` to BEFORE `checkPriorRead` in both tools. Backups are idempotent (deterministic `{hash}@v{version}` filename), so running the backup on a path that ends up rejected just leaves an unused-but-correct backup of the pre-edit state, not corrupt state. 2. **The `failed` marker added in d59838338 stayed sticky in `trackEdit`**. When `makeSnapshot` recorded `failed: true` for a file (transient I/O error during per-file backup), the next `trackEdit` for that file skipped because the early guard only checked existence, not the failed bit. The pre-edit state never got re-captured even after the underlying I/O recovered, leaving the snapshot marked filesFailed forever for that path. The guard now skips only on confirmed (non-failed) entries: `if (existing && !existing.failed) return;`. The re-check guard at the end is updated symmetrically so the fresh backup actually replaces the failed entry (instead of being silently dropped by the "already present" branch). Tests: - `edit.test.ts`: pin the TOCTOU ordering via spy on `fileReadCache.check` and `mockFileHistoryService.trackEdit`. Verifies `trackEdit` is called before the last `cache.check` (the pre-write freshness guard). Same pattern in `write-file.test.ts`. Both tests fail on the old ordering (verified by stashing the production change). - `fileHistoryService.test.ts`: `heals a failed entry on the next trackEdit attempt` — sabotage storage so makeSnapshot records failed, restore storage, run trackEdit, assert the entry is now non-failed with a real backupFileName. * test(rewind): switch TOCTOU tests to behavioral assertions + harden heal test Address review feedback from code-reviewer agent: - The TOCTOU ordering tests previously asserted ordering via `callOrder.lastIndexOf('cache.check')`, which would silently degrade to a tautology if a future refactor added any `cache.check` call AFTER the pre-write check (e.g. the deferred atomic-write + content- hash post-check explicitly mentioned in the comment above the freshness guard). Switch to a behavioral assertion that directly tests the invariant: install a `trackEdit` mock that mutates the file on disk (bumps mtime) before returning. The pre-write `checkPriorRead` must catch the in-trackEdit mutation — that only happens if `trackEdit` runs BEFORE the pre-write check. The broken ordering would run pre-write check first (passing on pre-mutation stats), then trackEdit (which mutates), then write (which clobbers the external mutation). Asserting on `result.error?.type === FILE_CHANGED_SINCE_READ` exercises the actual race protection the fix exists to preserve, and survives any future refactor that keeps the invariant intact regardless of how many `cache.check` calls happen on the way. Verified by reverting just the production change to HEAD~1: both behavioral tests fail under the broken ordering (file is silently overwritten, no FILE_CHANGED_SINCE_READ error), and pass under the fix. - The heal test (`heals a failed entry on the next trackEdit attempt`) previously asserted `backupFileName !== null` but not that the file on disk at that name actually contained the current content. Add a `readFile + expect(...).toBe('p2-content')` assertion so a regression that wrongly reuses `previous.backupFileName` (pointing to `p1-content`) fails loudly instead of silently passing.		2026-05-17 02:01:58 +08:00
..
channels	chore(release): v0.15.11 [skip ci]	2026-05-14 09:51:46 +08:00
cli	fix(lsp): expose status and startup diagnostics (#3649)	2026-05-17 01:42:28 +08:00
core	fix(rewind): restore upstream TOCTOU ordering + heal sticky failed marker (#4216)	2026-05-17 02:01:58 +08:00
sdk-java	fix(sdk-java): pass custom env to CLI process (#3543)	2026-04-24 10:37:52 +08:00
sdk-python	doc[sdk-python] Expand Python SDK usage documentation (#3995)	2026-05-12 15:27:00 +08:00
sdk-typescript	feat(sdk): add DaemonSessionClient skeleton (#4201)	2026-05-17 01:01:12 +08:00
vscode-ide-companion	feat(telemetry): add detailed sensitive span attributes (#4097)	2026-05-17 00:36:48 +08:00
web-templates	chore(release): v0.15.11 [skip ci]	2026-05-14 09:51:46 +08:00
webui	chore(release): v0.15.11 [skip ci]	2026-05-14 09:51:46 +08:00
zed-extension	chore(deps): upgrade ink 6.2.3 → 7.0.2 + bump Node engine to 22 (#3860)	2026-05-11 17:29:50 +08:00