feat(guard): Windows lifecycle partial parity — Job Object + CTRL events (#10)#75
Merged
Merged
Conversation
…nts (mcp-warden#10) Upgrades Windows guard teardown from terminate-only to a proper best-effort model aligned with GUARD_PROXY_V3.md §3.2: - Child spawned with CREATE_NEW_PROCESS_GROUP so CTRL_BREAK_EVENT targets only the child's console group, not guard itself. - win32_register_child(): assigns child to a Job Object with JOB_OBJECT_LIMIT_ KILL_ON_JOB_CLOSE immediately after spawn so the child tree is reaped when guard exits (even on unexpected exit). Best-effort — logs debug note if unavailable. - win32_release_child(): closes the job handle explicitly on normal exit; still fires KILL_ON_JOB_CLOSE passively on guard crash. - _teardown_windows() upgraded to async: sends CTRL_BREAK_EVENT (approximate SIGTERM), waits TERM_GRACE_S, falls back to proc.terminate() if child persists. - DEGRADED_GUARANTEES updated to reflect partial parity; orphan-freedom still not asserted when Job Object is unavailable. - 22 new unit tests in tests/test_guard_windows.py cover all helpers + teardown paths; run on any platform via mock ctypes injection. - Full suite: 524 passed, 4 skipped (no regressions).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CREATE_NEW_PROCESS_GROUPon Windows soCTRL_BREAK_EVENTtargets only the child's console groupJOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE: child tree is reaped when guard exits (even unexpectedly); best-effort — logs degradation if unavailable_teardown_windowsupgraded to async:CTRL_BREAK_EVENT→TERM_GRACE_Swait →proc.terminate()fallback (replaces terminate-only)DEGRADED_GUARANTEES: reflects partial parity — signal forwarding is now approximate, orphan-freedom not asserted only when Job Object is unavailableTest plan
tests/test_guard_windows.py: 22 new tests cover_win32_send_ctrl,_win32_create_and_assign_job,win32_register_child,win32_release_child,_teardown_windows(all async paths),teardown_childroutingcreate=Truepatch)Closes #10
🤖 Generated with Claude Code