- AI CODE CREATION
  GitHub CopilotWrite better code with AI
  
  GitHub Copilot appDirect agents from issue to merge
  
  MCP Registry^NewIntegrate external tools
- DEVELOPER WORKFLOWS
  ActionsAutomate any workflow
  
  CodespacesInstant dev environments
  
  IssuesPlan and track work
  
  Code ReviewManage code changes
- APPLICATION SECURITY
  GitHub Advanced SecurityFind and fix vulnerabilities
  
  Code securitySecure your code as you build
  
  Secret protectionStop leaks before they start
- EXPLORE
  Why GitHub
  Documentation
  Blog
  Changelog
  Marketplace
View all features
- BY COMPANY SIZE
  Enterprises
  Small and medium teams
  Startups
  Nonprofits
- BY USE CASE
  App Modernization
  DevSecOps
  DevOps
  CI/CD
  View all use cases
- BY INDUSTRY
  Healthcare
  Financial services
  Manufacturing
  Government
  View all industries
View all solutions
- EXPLORE BY TOPIC
  AI
  Software Development
  DevOps
  Security
  View all topics
- EXPLORE BY TYPE
  Customer stories
  Events & webinars
  Ebooks & reports
  Business insights
  GitHub Skills
- SUPPORT & SERVICES
  Documentation
  Customer support
  Community forum
  Trust center
  Partners
View all resources
- COMMUNITY
  GitHub SponsorsFund open source developers
- PROGRAMS
  Security Lab
  Maintainer Community
  Accelerator
  GitHub Stars
  Archive Program
- REPOSITORIES
  Topics
  Trending
  Collections
- ENTERPRISE SOLUTIONS
  Enterprise platformAI-powered developer platform
- AVAILABLE ADD-ONS
  GitHub Advanced SecurityEnterprise-grade security features
  
  Copilot for BusinessEnterprise-grade AI features
  
  Premium SupportEnterprise-grade 24/7 support
Pricing

Search code, repositories, users, issues, pull requests...

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

alookai / alook Public

Notifications You must be signed in to change notification settings
Fork 46
Star 328

Code
Issues 54
Pull requests 14
Actions
Projects
Security and quality
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security and quality
Insights

fix: daemon bugs — flush race, readline leak, timeline lock, client retry, file-request scope#117

Open

gusye1234 wants to merge 1 commit into

main alookai/alook:mainfrom

fix/cli-daemon-bugs alookai/alook:fix/cli-daemon-bugsCopy head branch name to clipboard

Conversation Commits1 (1) Checks Files changed

Open

fix: daemon bugs — flush race, readline leak, timeline lock, client retry, file-request scope #117
gusye1234 wants to merge 1 commit into
main from
fix/cli-daemon-bugs

Conversation

@gusye1234

@gusye1234 gusye1234 commented May 25, 2026

Copy link

Copy Markdown

Contributor

Summary

Flush race condition (Bug: Race condition in session-runner flushMessages can lose messages #108 ): Add isFlushing guard to prevent concurrent flushMessages calls from racing
Readline memory leak (Bug: Readline interface never closed in all 3 agent backends #109 ): Add rl.close() in process close handlers for all 3 agent backends (claude, codex, opencode)
Timeline lock drop (Bug: Timeline updateEntry silently drops updates on lock failure #110 ): Add retry loop (2 retries with spin-wait) in updateEntry when lock acquisition fails
Client throw-undefined (Bug: client.ts retry loop can throw undefined on final attempt #115 ): Initialize lastError with a meaningful Error in both retry loops
File-request scope (Security: Missing workspace scoping in getRequest (workspace-file-request) #107 ): Add optional workspaceId to getRequest query for defense-in-depth

Test plan

All 662 CLI tests pass
All 241 shared tests pass
Lint passes (warnings only, pre-existing)
Manual test: verify daemon handles concurrent message flush without loss
Manual test: verify timeline entries are updated when lock contention occurs

Closes #107, #108, #109, #110, #115

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

@gusye1234


 fix: address multiple daemon bugs (flush race, readline leak, timelin...

b785bbc

...e lock, client retry)
1. session-runner: Add isFlushing guard to prevent concurrent
 flushMessages calls from racing and dropping messages (#108)
2. agent backends (claude, codex, opencode): Add rl.close() in
 process close handlers to prevent readline memory leaks (#109)
3. timeline: Add retry loop (2 retries with spin-wait) in
 updateEntry when lock acquisition fails, reducing silent
 update drops (#110)
4. client: Initialize lastError with a meaningful Error instead
 of undefined, preventing throw-undefined edge case (#115)
5. workspace-file-request: Add optional workspaceId parameter to
 getRequest for defense-in-depth scoping (#107)
Closes #107, #108, #109, #110, #115

@gusye1234 gusye1234 requested a review from a team as a code owner

May 25, 2026 04:39

gusye1234

gusye1234 commented

May 25, 2026

View reviewed changes

@gusye1234 gusye1234 left a comment

Copy link

Copy Markdown

Contributor Author

There was a problem hiding this comment.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review — PR #117: fix: daemon bugs — flush race, readline leak, timeline lock, client retry, file-request scope

What it does

Fixes five independent daemon bugs:

Readline leak — closes readline interfaces on process exit across all agent backends
Flush race — adds an isFlushing guard to prevent concurrent message batch flushes
Timeline lock — retries lock acquisition with short spin-waits before giving up
Client retry — initializes lastError with a descriptive Error so the throw path always has a meaningful message
File-request scope — scopes getRequest lookup by workspaceId so one workspace can't access another's file requests

Code Quality Checklist

Functionality

Code does what it's supposed to do
Edge cases handled
Error handling appropriate
No logic errors

Code Quality

Readable and well-structured
Functions are small and focused
No code duplication
Follows project conventions

Code Simplification

Changes are minimal and targeted
One concern: The spin-wait in timeline.ts (lines 157-161) uses a busy loop (while (Date.now() - start < 50 * (retry + 1)) {}) which blocks the Node.js event loop. Since this appears to be in a synchronous file-lock context, it's likely acceptable for 50-100ms, but worth noting. If this ever becomes a hot path, consider Atomics.wait or restructuring to async.

Security

No security vulnerabilities
Good catch: The workspaceId scoping on file requests closes a potential cross-workspace data access bug
No hardcoded secrets

Tests Coverage

No new tests added for these fixes. The flush race guard, timeline retry, and workspace-scoped query would benefit from unit tests, especially:
- Concurrent flush prevention
- Lock retry behavior (acquired on 2nd/3rd try vs. still failing)
- getRequest with/without workspaceId

Project Syncing

All three agent backends (claude, codex, opencode) updated consistently for rl.close()
Both retry paths in client.ts updated

Observations

Flush race — lost messages on failure: When reportMessages throws, the spliced batch is silently lost (only logged at debug level). The previous code had the same issue, so this PR doesn't regress it — but it's worth considering a re-queue or at least a warning-level log for dropped messages.
Spin-wait justification: The spin-wait is a pragmatic choice for a sync file-lock path, but 50-100ms of event-loop blocking could stall other timers. Since this only triggers under contention (lock already held), it's probably fine in practice.
and(...conditions) — when workspaceId is undefined, conditions has only one element. Verify that and() with a single argument works correctly in your Drizzle version (it should, but worth a quick check).

Verdict

Solid set of targeted bug fixes. All changes are low-risk and improve correctness. Would be stronger with unit tests for the new behaviors, but the fixes themselves are clean and well-scoped. Looks ready to merge.

Sorry, something went wrong.

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security: Missing workspace scoping in getRequest (workspace-file-request)

Uh oh!

There was an error while loading. Please reload this page.

1 participant

@gusye1234

Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Footer

Footer navigation

Terms
Privacy
Security
Status
Community
Docs
Contact

You can’t perform that action at this time.