Skip to content

Two-phase atomic multi-file apply (no half-applied state on crash) #17

Description

@codex-devlab

Severity: Critical (correctness under failure)
Source: PR #16 review (C7)

rune/review/applier.py:62 does path.write_text(...) per file in sequence. If the process dies after file #1 is written but before file #2, the repo is in a half-applied state with no rollback marker.

Fix

  1. Phase 1: write all target temp files (path.with_suffix(path.suffix + ".rune-tmp")), fsync each.
  2. Phase 2: os.replace(tmp, path) for all files in order.
  3. On failure during Phase 1 → clean up tmp files, no changes visible.
  4. On failure during Phase 2 → record the rename position so --restore can complete the rollback automatically.

Spec at ~/ToolSet/rune/spec-2026-06-11.md claims "no half-applied state" — current implementation does not satisfy this under hard-crash scenarios.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions