fix(proxy): stop keeps the port alive; default guard watchdog#13
Merged
Conversation
…atchdog A soft `burnwall stop` now leaves the proxy up as a pass-through relay and pauses protection, so an already-running AI tool keeps working instead of failing on a dead port. The relay does no scanning/budget/cost capture and retires itself once traffic goes idle, freeing the port. `burnwall stop --hard` keeps the immediate-terminate behavior (used by uninstall/upgrade), and a fresh `start` takes over a draining proxy so `stop` -> `start` re-arms protection seamlessly. `burnwall start --daemon` now spawns the guard watchdog by default (`--no-guard` to opt out): it pauses shell routing within seconds when the proxy dies silently (best-effort relaunch on). The guard now watches the proxy's ACTUAL port -- a `--port` differing from config previously made it misread a healthy proxy as dead. The dead-proxy guidance in `status`/`stop` now points at `burnwall start` (revive) and `burnwall recover` (go direct) and shows a draining state. Bumps 0.11.0 -> 0.11.1.
The Linux branch compared only the bare file name, so a binary launched from a burnwall checkout (the daemon_test-* integration runner) read as not-burnwall and process_is_alive returned false on Linux only. Match the full /proc/<pid>/exe path, consistent with the Windows (full image path) and macOS (ps -o comm=) checks. Fixes the two Linux-only daemon test failures.
Formatting-only; clears the tree-wide rustfmt --check failures that predate this branch (accuracy/doctor/explain/export/history/nudge/security/status/term/...).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Stopping Burnwall could strand an already-running AI tool: the tool froze the
proxy URL at launch, so when
stopkilled the proxy the tool's next request hita dead port (a bare connection error), and neither
stopnorpausegave aclean escape. This makes the proxy lifecycle resilient.
burnwall stop(default) now drains instead of vacating the port. It flipsthe proxy to a relay-only pass-through and leaves it serving, so a running tool
keeps working (protection off — no scan/budget/cost capture) until traffic goes
idle, at which point the proxy retires itself and frees the port.
burnwall stop --hardkeeps the immediate-terminate behavior (used byuninstall/upgrade).starttakes over a draining proxy and clears stale bypass, sostop→startre-arms protection seamlessly.start --daemon(--no-guardto optout): it pauses shell routing within seconds when the proxy dies silently, so
new shells go direct. It now watches the proxy's actual port — previously it
watched the configured port, so a non-default
--portcould make it misread ahealthy proxy as dead.
status/stop, pointing atburnwall start(revive) and
burnwall recover(go direct);statusshows a "stopped(draining)" state instead of a misleading green.
Tests
New coverage for the drain bypass mode + relay, the idle-retire decision, soft vs
hard stop, guard spawn/terminate, and
--no-guard. Full suite passes, clippy-D warningsclean, no leaked processes.Bumps 0.11.0 → 0.11.1.