mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-30 11:52:04 +00:00
|
Some checks are pending
CI / Detect affected areas (push) Waiting to run
CI / Python tests (push) Blocked by required conditions
CI / Python lints (push) Blocked by required conditions
CI / TypeScript (push) Blocked by required conditions
CI / Docs Site (push) Blocked by required conditions
CI / Deny unrelated histories (push) Blocked by required conditions
CI / Check contributors (push) Blocked by required conditions
CI / Check uv.lock (push) Blocked by required conditions
CI / Lint Docker scripts (push) Blocked by required conditions
CI / Build&Test Docker image (push) Blocked by required conditions
CI / Supply-chain scan (push) Blocked by required conditions
CI / OSV scan (push) Waiting to run
CI / All required checks pass (push) Blocked by required conditions
Deploy Site / deploy-vercel (push) Waiting to run
Deploy Site / deploy-docs (push) Waiting to run
The register path builds each profile-gateway slot in a sibling staging dir under /run/service (the scandir s6-svscan watches), then atomically renames it to the live gateway-<profile> name. The staging dir was named gateway-<profile>.tmp — a NON-dotfile — so a concurrent `s6-svscanctl -a` rescan (fired by the cont-init reconciler registering gateway-default, or by a sibling register) would supervise the half-built slot the moment it had a valid type/run: s6-supervise spawns AS ROOT and mkdirs supervise/ root-owned 0700, then the in-flight _seed_supervise_skeleton early-returns on the now-existing supervise/ and the next `mkdir supervise/event` hits PermissionError. That is the arm64-only CI flake on test_s6_unregister_removes_service_dir_in_live_container (PermissionError: /run/service/gateway-phase3test.tmp/supervise/event) — arm64-only because the native-arm runner's wider scheduling jitter lets the rescan land inside the ~ms seed window; amd64 ran 30/30 clean. Fix: dot-prefix the staging dir (.gateway-<profile>.tmp) in both register paths (S6ServiceManager.register_profile_gateway and container_boot._register_service). s6-svscan skips any scandir entry whose name begins with '.', so the half-built slot can never be supervised mid-build. The atomic rename to the dotless live name is unchanged. Verified on a real s6 image (amd64): a non-dotted staging dir is picked up by an svscanctl -a rescan (SUPERVISED owner=root) while a dot-prefixed one is ignored (NOT-SUPERVISED). Added a docker-harness regression test that asserts both, plus a unit test that the staging dir is dot-prefixed. |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| conftest.py | ||
| test_config_migration.py | ||
| test_container_restart.py | ||
| test_dashboard.py | ||
| test_docker_exec_privilege_drop.py | ||
| test_dump_build_sha.py | ||
| test_gateway_bootstrap_state.py | ||
| test_gateway_run_supervised.py | ||
| test_home_override_scripts.py | ||
| test_immutable_install.py | ||
| test_immutable_install_permissions.py | ||
| test_license_file_present.py | ||
| test_log_dir_seed.py | ||
| test_main_invocation.py | ||
| test_profile_gateway.py | ||
| test_puid_pgid_remap.py | ||
| test_s6_profile_gateway_integration.py | ||
| test_smoke.py | ||
| test_stage2_browser_discovery.py | ||
| test_tini_compat_shim.py | ||
| test_toplevel_chown.py | ||
| test_tui_passthrough.py | ||
| test_tui_prebuilt_bundle.py | ||
| test_user_flag_guard.py | ||
| test_zombie_reaping.py | ||