Drop per-session file lock; rely on transcript-path repair

The InitializeSession race the lock guarded doesn't fire in practice —
field logs from a Cursor IDE session show only Cursor's TurnStart fires
(beforeSubmitPrompt is not forwarded to .claude/settings.json), and
correctSessionAgentType already repairs wrong AgentType from the
transcript path on the next turn.

Removing it eliminates a generic synchronization primitive that future
code could expand, plus the cleanup race in ClearSessionState where
unlinking a held .lock file orphans the inode.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 14da5eb72d51

Author: Soph

.golangci.yaml

@@ -108,7 +108,6 @@ linters:
         - grpc.DialOption
         - github.com/entireio/cli/cmd/entire/cli/agent\..+
         - github.com/entireio/cli/cmd/entire/cli/checkpoint.CommittedReader
-        - github.com/entireio/cli/cmd/entire/cli/filelock\..+
         - github.com/entireio/cli/cmd/entire/cli/strategy.Strategy
         - github.com/entireio/cli/cmd/entire/cli/summarize.Generator
         - github.com/go-git/go-git/v6/plumbing/storer.ReferenceIter

cmd/entire/cli/filelock/filelock.go

@@ -168,17 +168,16 @@ func TestInitializeSession_TranscriptPathRepairsExistingState(t *testing.T) {
 	assert.Equal(t, cursorTranscript, state.TranscriptPath)
 }
 
-// TestInitializeSession_ConcurrentCallsConvergeToTranscriptOwner simulates
-// the bug from the field: two processes (Cursor IDE forwarding the prompt to
-// both .cursor/hooks.json and .claude/settings.json) call InitializeSession
-// concurrently for the same session ID. Without the per-session lock, the
-// last writer wins. With the lock the runner-up sees the existing state and
-// applies correctSessionAgentType.
-//
-// The transcript-bearing call is the authoritative one. Regardless of which
-// goroutine wins the lock first, the final AgentType must come from the
-// transcript path.
-func TestInitializeSession_ConcurrentCallsConvergeToTranscriptOwner(t *testing.T) {
+// TestInitializeSession_ConcurrentRaceRepairsOnNextTurn simulates the bug
+// from the field: two processes (Cursor IDE forwarding the prompt to both
+// .cursor/hooks.json and .claude/settings.json) call InitializeSession
+// concurrently for the same session ID. We do not serialize them — the
+// race may leave AgentType wrong for a single turn (both goroutines see
+// no existing state and run the "initialize new session" path; last
+// writer wins). The contract is eventual consistency: the next turn that
+// arrives with the cursor transcript path repairs AgentType via
+// correctSessionAgentType.
+func TestInitializeSession_ConcurrentRaceRepairsOnNextTurn(t *testing.T) {
 	dir := setupGitRepo(t)
 	t.Chdir(dir)
 	cursorTranscript := withCursorSessionDir(t)
@@ -191,16 +190,14 @@ func TestInitializeSession_ConcurrentCallsConvergeToTranscriptOwner(t *testing.T
 	require.NoError(t, err)
 
 	// Two parallel hook processes: claude-code (no transcript) and cursor
-	// (with transcript). Whichever grabs the lock first creates the state;
-	// the other follows and either matches or repairs via correctSessionAgentType.
+	// (with transcript). Errors are non-fatal — without serialization the
+	// goroutines may step on each other's writes; convergence is asserted
+	// via the next-turn call below.
 	s := &ManualCommitStrategy{}
 	var wg sync.WaitGroup
 	wg.Add(2)
 	go func() {
 		defer wg.Done()
-		// Errors here are non-fatal — the goroutines race; either may turn
-		// out to be a no-op or hit a benign concurrent-update edge case.
-		// What we assert is the final state below.
 		_ = s.InitializeSession(ctx, sessionID, agent.AgentTypeClaudeCode, "", "prompt", "") //nolint:errcheck // see comment above
 	}()
 	go func() {
@@ -209,11 +206,15 @@ func TestInitializeSession_ConcurrentCallsConvergeToTranscriptOwner(t *testing.T
 	}()
 	wg.Wait()
 
+	// Simulate the next turn: cursor's hook fires again with its transcript
+	// path. correctSessionAgentType repairs any wrong AgentType from the race.
+	require.NoError(t, s.InitializeSession(ctx, sessionID, agent.AgentTypeCursor, cursorTranscript, "next prompt", ""))
+
 	state, lErr := s.loadSessionState(ctx, sessionID)
 	require.NoError(t, lErr)
 	require.NotNil(t, state)
 	assert.Equal(t, agent.AgentTypeCursor, state.AgentType,
-		"the transcript-bearing call must determine the final AgentType regardless of goroutine ordering")
+		"the transcript-bearing turn must repair AgentType to Cursor regardless of how the prior race resolved")
 }
 
 // TestInitializeSession_ClaudeCodeTranscriptKeepsClaudeCode verifies the negative case:

cmd/entire/cli/filelock/filelock_test.go

@@ -2210,29 +2210,14 @@ func correctSessionAgentType(ctx context.Context, currentType types.AgentType, t
 // userPrompt is the user's prompt text (stored truncated as LastPrompt for display).
 // model is the LLM model identifier (e.g., "claude-sonnet-4-20250514"); empty if unknown.
 func (s *ManualCommitStrategy) InitializeSession(ctx context.Context, sessionID string, agentType types.AgentType, transcriptPath string, userPrompt string, model string) error {
-	// Serialize concurrent InitializeSession calls for the same session ID.
-	// Cursor IDE forwards a single user prompt to both .cursor/hooks.json and
-	// .claude/settings.json, so two `entire` hook processes can race here. The
-	// lock ensures the runner-up sees the state file the first process wrote
-	// and goes through the cheap update path (correctSessionAgentType handles
-	// any AgentType mismatch via the transcript-path signal).
-	lock, lockErr := AcquireSessionLock(ctx, sessionID)
-	if lockErr != nil {
-		// Logged but not fatal — fall through and accept the existing race.
-		// The most we lose is the correctness improvement; pre-fix behavior.
-		logging.Warn(logging.WithComponent(ctx, "hooks"), "failed to acquire session lock; proceeding without serialization",
-			slog.String("session_id", sessionID),
-			slog.String("error", lockErr.Error()))
-	} else {
-		defer func() {
-			if rErr := lock.Release(); rErr != nil {
-				logging.Warn(logging.WithComponent(ctx, "hooks"), "failed to release session lock",
-					slog.String("session_id", sessionID),
-					slog.String("error", rErr.Error()))
-			}
-		}()
-	}
-
+	// Concurrent InitializeSession calls for the same session ID are possible
+	// — Cursor IDE forwards one prompt to both .cursor/hooks.json and
+	// .claude/settings.json, so two `entire` processes race here. We do not
+	// serialize them: the SessionStart hint plus correctSessionAgentType
+	// converge on the right AgentType across turns. The cost of the race is
+	// at most one redundant full setup (idempotent shadow-branch creation)
+	// and a possibly-wrong AgentType for one turn, which the next turn's
+	// transcript-path repair fixes.
 	repo, err := OpenRepository(ctx)
 	if err != nil {
 		return fmt.Errorf("failed to open git repository: %w", err)

cmd/entire/cli/filelock/filelock_unix.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/entireio/cli/cmd/entire/cli/agent"
 	"github.com/entireio/cli/cmd/entire/cli/agent/types"
-	"github.com/entireio/cli/cmd/entire/cli/filelock"
 	"github.com/entireio/cli/cmd/entire/cli/jsonutil"
 	"github.com/entireio/cli/cmd/entire/cli/logging"
 	"github.com/entireio/cli/cmd/entire/cli/paths"
@@ -271,38 +270,6 @@ func LoadModelHint(ctx context.Context, sessionID string) string {
 	return strings.TrimSpace(string(data))
 }
 
-// AcquireSessionLock takes an exclusive per-session-id lock. Used to
-// serialize concurrent processes that initialize the same session — when
-// Cursor IDE forwards a single user prompt to both its own hook system and
-// Claude Code's, two `entire` hook processes can otherwise each
-// create-from-scratch in parallel and race for the last write. With the lock
-// the second arrival sees the existing state and goes through the cheap
-// update path (correctSessionAgentType repairs AgentType if the transcript
-// path indicates a different agent).
-//
-// Lock files live under a dedicated `entire-locks/` directory in the git
-// common dir — separate from `entire-sessions/` so callers that enumerate
-// session state files (status, doctor, tests) don't have to filter lock
-// artifacts.
-func AcquireSessionLock(ctx context.Context, sessionID string) (*filelock.Lock, error) {
-	if err := validation.ValidateSessionID(sessionID); err != nil {
-		return nil, fmt.Errorf("invalid session ID: %w", err)
-	}
-	commonDir, err := GetGitCommonDir(ctx)
-	if err != nil {
-		return nil, fmt.Errorf("failed to get git common dir: %w", err)
-	}
-	lockDir := filepath.Join(commonDir, "entire-locks")
-	if err := os.MkdirAll(lockDir, 0o750); err != nil {
-		return nil, fmt.Errorf("failed to create lock directory: %w", err)
-	}
-	lock, err := filelock.Acquire(filepath.Join(lockDir, sessionID+".lock"))
-	if err != nil {
-		return nil, fmt.Errorf("failed to acquire session lock: %w", err)
-	}
-	return lock, nil
-}
-
 // StoreAgentTypeHint records the agent type that owns a session before
 // SessionState exists. Used by the lifecycle dispatcher when SessionStart fires
 // (state isn't created until TurnStart, so we need a place to remember which
@@ -405,10 +372,5 @@ func ClearSessionState(ctx context.Context, sessionID string) error {
 		_ = os.Remove(f)
 	}
 
-	// Remove the lock file (lives in a separate directory; see AcquireSessionLock).
-	if commonDir, cdErr := GetGitCommonDir(ctx); cdErr == nil {
-		_ = os.Remove(filepath.Join(commonDir, "entire-locks", sessionID+".lock"))
-	}
-
 	return nil
 }