fix(workers): stop host workers from resurrecting after stop (#375)#376
Merged
Conversation
A host worker that the user stopped via the UI or `lerd worker stop` was getting silently revived. Two paths were doing it. On Linux and macOS, every HEAD write inside a worktree (commit, checkout, rebase, branch rename) fires the fsnotify "changed" handler, which was unconditionally calling AutoStartOptedInWorktreeWorkers and re-bootstrapping every opted-in host worker. The fix gates that call to action=="added" via a tiny shouldAutoStartWorkersOnSync helper, so HEAD movement leaves existing units alone. On macOS the launchd heal loop additionally treated a missing plist as drift and recreated it, even though WorkerStopForSite removes the plist precisely to represent user intent. shouldHealOnReason now skips "plist missing" and only heals genuine drift like "not loaded in launchd" or "loaded but no live process". The same report also flagged a separate symptom: when Vite did run, Inertia's wayfinder plugin shelled out to `php artisan wayfinder:generate --with-form` and failed with "/bin/sh: php: command not found". The launchd guard script and the systemd unit for host workers were never putting lerd's bin directory on PATH, so the php/composer/laravel shims couldn't be reached from npm-spawned subprocesses. Both paths now prepend config.BinDir(), and the Linux unit additionally re-adds ~/.local/bin so we don't quietly narrow what systemd-user previously inherited.
#365's address-bar header for site detail landed with English literals on the TLS toggle, LAN toggle, mobile overflow LAN entry, and the overflow menu's aria-label. The Paraglide message keys all existed already (sites_controls_httpsToggle_on/off, sites_controls_lanToggle_on/off, common_moreActions) and tr.json was complete — the new component just skipped them. Non-English users (tr just shipped in #355) saw English on the most heavily-touched UI of v1.21.0.
This was referenced May 19, 2026
Merged
geodro
added a commit
that referenced
this pull request
May 19, 2026
The 1.21.0 line graduates from beta with eight follow-up commits on top of v1.21.0-beta.1. A LAN-exposure audit closes three dashboard endpoints that were reachable on lan:expose installs (raw .env, push-test, an unauthenticated mailpit webhook) and adds path-traversal validation for the new public_dir override (#382). mysql and mariadb pick up catatonit as PID 1 via a new init flag on the preset schema, so podman stop returns in around a second instead of timing out at 30s and lerd service restart stops wedging at the 30-90s mark (#383, closes #380). Host workers stopped via the UI or lerd worker stop no longer resurrect on the next fsnotify event or launchd heal tick, and the same fix puts lerd's bin directory on PATH for npm-spawned subprocesses so wayfinder and friends can find php (#375, #376, closes #381). The PHP-FPM runtime stage gets git back after the multi-stage split in #364 dropped it (#377), restoring VCS-typed composer repositories. Notification clicks land on the right tab now: worker_failed deep-links via the site's primary domain and dump arrivals jump straight to the Dumps sub-tab (#384). The .lerd.yaml container block accepts a target field for multi-stage Containerfiles, with the cache key mixing target in so flipping stages on an unchanged file actually rebuilds (#385, addresses #379), and the MCP service_add tool picks up the matching init argument so agent-driven flows reach feature parity with the YAML path (#386). And a security pass bumps jwt-go to 5.2.2, svelte to 5.55.8, and kysely to 0.28.17 closing one high-severity JWT header-parsing flaw, three medium svelte XSS paths, and one high kysely JSON-path traversal injection (#387).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #375.
Host workers that the user stopped via the UI or
lerd worker stopcould come back on without warning. Two unrelated paths were silently turning a stopped host worker back on, and a third one was making the in-container php unreachable from Vite's subprocesses, which surfaced as "/bin/sh: php: command not found" in the launchd guard script logs.On both Linux and macOS, every HEAD write inside a worktree fires fsnotify's "changed" handler. The handler regenerates vhosts and reissues certs, which is fine, but it was also calling AutoStartOptedInWorktreeWorkers unconditionally. The worktree path doesn't move on a commit or branch rename, so the existing units don't need a kick, and resurrecting them clobbered the user's manual stop on every commit. The fix is a small shouldAutoStartWorkersOnSync gate so only action=="added" runs the auto-start pass. The boot-time scanWorktrees path goes through AutoStartOptedInWorktreeWorkers directly and is unaffected.
On macOS the launchd heal loop ran every 60 seconds and treated a missing plist as drift, which made it call WorkerStartForSite and write a fresh plist back to disk. But WorkerStopForSite removes the plist on purpose: it's how user intent is recorded. shouldHealOnReason now skips "plist missing" and only heals genuine drift ("not loaded in launchd", "loaded but no live process"). lerd start still writes plists for opted-in workers when the user actually wants them back, and the watcher's onAdded path writes plists for new worktrees, so nothing legitimate goes uncovered.
The php-not-found error was caused by both host-worker scripts ignoring lerd's bin directory. The macOS guard script's PATH was "/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:$PATH" and the Linux systemd unit had no PATH directive at all, so the php/composer/laravel shims at $XDG_DATA_HOME/lerd/bin were never on the search path for processes that npm run dev spawned. Both paths now prepend config.BinDir(). The Linux unit also re-adds ~/.local/bin so we don't quietly narrow what systemd-user normally inherits.