fix: harden gateway SIGTERM shutdown (#51242) (thanks @juliabush)

* fix: increase shutdown timeout to avoid SIGTERM hang * fix(telegram): abort polling fetch on shutdown to prevent SIGTERM hang * fix(gateway): enforce hard exit on shutdown timeout for SIGTERM * fix: tighten gateway shutdown watchdog * fix: harden gateway SIGTERM shutdown (#51242) (thanks @juliabush) --------- Co-authored-by: Ayaan Zaidi <hi@obviy.us>
2026-05-01 08:40:24 +00:00 · 2026-03-23 10:31:42 +01:00
parent 95fec668a0
commit e94ebfa084
3 changed files with 15 additions and 5 deletions
--- a/src/cli/gateway-cli/run-loop.ts
+++ b/src/cli/gateway-cli/run-loop.ts
@@ -97,7 +97,8 @@ export async function runGatewayLoop(params: {
  };

  const DRAIN_TIMEOUT_MS = 90_000;
-  const SHUTDOWN_TIMEOUT_MS = 5_000;
+  const SUPERVISOR_STOP_TIMEOUT_MS = 30_000;
+  const SHUTDOWN_TIMEOUT_MS = SUPERVISOR_STOP_TIMEOUT_MS - 5_000;

  const request = (action: GatewayRunSignalAction, signal: string) => {
    if (shuttingDown) {
@@ -112,10 +113,10 @@ export async function runGatewayLoop(params: {
    const forceExitMs = isRestart ? DRAIN_TIMEOUT_MS + SHUTDOWN_TIMEOUT_MS : SHUTDOWN_TIMEOUT_MS;
    const forceExitTimer = setTimeout(() => {
      gatewayLog.error("shutdown timed out; exiting without full cleanup");
-      // Exit non-zero on restart timeout so launchd/systemd treats it as a
-      // failure and triggers a clean process restart instead of assuming the
-      // shutdown was intentional. Stop-timeout stays at 0 (graceful). (#36822)
-      exitProcess(isRestart ? 1 : 0);
+      // Keep the in-process watchdog below the supervisor stop budget so this
+      // path wins before launchd/systemd escalates to a hard kill. Exit
+      // non-zero on any timeout so supervised installs restart cleanly.
+      exitProcess(1);
    }, forceExitMs);

    void (async () => {