fix(update): make in-app Update reliable — bounded stop hook + untrack build artifact#517
Merged
Conversation
…k build artifact Two issues made the in-app Update / restart appear to fail and leave the box unreachable: 1. taos-graceful-stop.sh curled /api/system/prepare-shutdown with --max-time 320 and the unit allowed TimeoutStopSec=360. When that endpoint hung, every restart sat in 'deactivating' for ~5min with the port dead. Bound the curl to 25s and TimeoutStopSec to 45s so a hung drain can never stall a restart. 2. desktop/tsconfig.tsbuildinfo was tracked but is regenerated on every SPA build, so it perpetually dirtied the working tree and could block 'git pull' during an update. Untrack it and add it to .gitignore.
📝 WalkthroughWalkthroughThis PR bounds service shutdown time to prevent update/restart failures by reducing timeouts across systemd and graceful stop, and excludes regenerated TypeScript build metadata from version control. ChangesBuild Artifact Exclusion
Service Shutdown Timeout Bounding
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@scripts/taos-graceful-stop.sh`:
- Line 10: The curl call in scripts/taos-graceful-stop.sh is hardcoded to
localhost:6969 so it ignores custom TAOS_PORT used by tinyagentos.service;
update that line to build the URL from environment variables (use TAOS_PORT with
a default of 6969 and optionally TAOS_HOST with a default of localhost) so
prepare-shutdown targets the actual controller address used at runtime (keep
--max-time and other flags intact and ensure proper quoting/expansion of
${TAOS_PORT:-6969} and ${TAOS_HOST:-localhost} in the curl invocation).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: f4a29111-33b8-459a-b273-6e98f9599173
📒 Files selected for processing (4)
.gitignoredesktop/tsconfig.tsbuildinfoscripts/systemd/tinyagentos.servicescripts/taos-graceful-stop.sh
💤 Files with no reviewable changes (1)
- desktop/tsconfig.tsbuildinfo
| # service in `deactivating` with the port dead for minutes — which also makes the | ||
| # in-app Update appear to fail, since it restarts the service. Draining must be | ||
| # best-effort and quick; anything slower belongs in an async background task. | ||
| curl -fsS -X POST --max-time 25 http://localhost:6969/api/system/prepare-shutdown || true |
There was a problem hiding this comment.
Stop hook still ignores custom controller ports.
scripts/systemd/tinyagentos.service starts uvicorn on TAOS_PORT (Line 33), but this hook is still pinned to localhost:6969. Since scripts/install-server.sh copies this script verbatim, any install with a non-default TAOS_PORT will skip prepare-shutdown entirely, so updates/restarts lose the graceful-drain path this PR is trying to harden.
Suggested fix
# scripts/systemd/tinyagentos.service
@@
-Environment=PYTHONUNBUFFERED=1
+Environment=PYTHONUNBUFFERED=1
+Environment=TAOS_PORT=TAOS_PORT# scripts/taos-graceful-stop.sh
-curl -fsS -X POST --max-time 25 http://localhost:6969/api/system/prepare-shutdown || true
+curl -fsS -X POST --max-time 25 \
+ "http://localhost:${TAOS_PORT:-6969}/api/system/prepare-shutdown" || true📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| curl -fsS -X POST --max-time 25 http://localhost:6969/api/system/prepare-shutdown || true | |
| curl -fsS -X POST --max-time 25 \ | |
| "http://localhost:${TAOS_PORT:-6969}/api/system/prepare-shutdown" || true |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@scripts/taos-graceful-stop.sh` at line 10, The curl call in
scripts/taos-graceful-stop.sh is hardcoded to localhost:6969 so it ignores
custom TAOS_PORT used by tinyagentos.service; update that line to build the URL
from environment variables (use TAOS_PORT with a default of 6969 and optionally
TAOS_HOST with a default of localhost) so prepare-shutdown targets the actual
controller address used at runtime (keep --max-time and other flags intact and
ensure proper quoting/expansion of ${TAOS_PORT:-6969} and
${TAOS_HOST:-localhost} in the curl invocation).
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
| # `deactivating` (which also breaks the in-app Update). Paired with the short | ||
| # --max-time in taos-graceful-stop.sh. | ||
| TimeoutStopSec=45 | ||
| Environment=PYTHONUNBUFFERED=1 |
There was a problem hiding this comment.
WARNING: Stop timeout may be too low for graceful shutdown
Reducing TimeoutStopSec from 360s to 45s may not give the service enough time to shut down gracefully under load, potentially leading to forced termination and data loss. Ensure the application can stop within 45 seconds after the graceful-stop script exits.
Code Review SummaryStatus: 1 Issues Found | Recommendation: Address before merge Overview
Issue Details (click to expand)WARNING
Other Observations (not in diff)No other observations. Files Reviewed (4 files)
Reviewed by nemotron-3-super-120b-a12b-20230311:free · 432,824 tokens |
jaylfc
added a commit
that referenced
this pull request
Jun 2, 2026
jaylfc
added a commit
that referenced
this pull request
Jun 2, 2026
…ng 6969 Addresses CodeRabbit on #517: a custom-port install would drain a hardcoded localhost:6969 (silently no-op via '|| true'). systemd already passes TAOS_PORT into the unit Environment (this PR), so the hook inherits it and falls back to 6969 only when unset.
jaylfc
added a commit
that referenced
this pull request
Jun 2, 2026
… cross-origin CSP) (#518) * fix(browser): make the proxy work on real deploys (dual-port launch + cross-origin CSP) The Browser app (#511) never worked on a systemd deploy. Two bugs: 1. The unit's ExecStart ran 'uvicorn tinyagentos.app:create_app' directly, which never starts the second browser-proxy origin (that only launches via __main__.main() -> _serve_dual_port). So nothing listened on the proxy port and pages failed to load. Switch ExecStart to 'python -m tinyagentos' and inject TAOS_HOST/TAOS_PORT into the unit Environment (install-server.sh) so the module entrypoint binds the same host/port and runs both origins. 2. Proxied responses set 'frame-ancestors self', which blocks the taOS shell (main origin) from embedding the proxy origin (different port = different origin) — so even with both origins up, the iframe was CSP- blocked. Compute frame-ancestors per-request as "'self' <shell-origin>" (same host, main port), so only the shell can frame it (clickjacking defence preserved). Requires main_port on app.state and main_port/ browser_proxy_port added to the proxy origin's shared-state allowlist. Verified live: example.org renders through the proxy and links are rewritten to flow back through it. Adds CSP unit tests for both the single-port ('self' only) and dual-origin (shell origin allowed) cases. * fix(deploy): graceful-stop hook honours TAOS_PORT instead of hardcoding 6969 Addresses CodeRabbit on #517: a custom-port install would drain a hardcoded localhost:6969 (silently no-op via '|| true'). systemd already passes TAOS_PORT into the unit Environment (this PR), so the hook inherits it and falls back to 6969 only when unset. * fix(browser): robust host/scheme parsing in _shell_origin (CodeRabbit #518) - Handle IPv6 literal Host headers: a bare [::1] would be mangled by rsplit(':',1) into '[', producing a malformed frame-ancestors CSP that breaks framing for IPv6 access. Extract via the closing bracket instead. - Clamp x-forwarded-proto to http/https (take the first value of a comma list) so a hostile/odd proto can't deform the CSP. - Unit tests for _strip_port covering host:port, bare host, IPv6 ±port, empty.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Updating taOS via the in-app Update button was failing and leaving the box unreachable. Root-caused on the Pi during a live update. Two independent issues:
1. The graceful-stop hook could stall every restart for ~5 minutes
scripts/taos-graceful-stop.shPOSTed to/api/system/prepare-shutdownwith--max-time 320, and the unit allowedTimeoutStopSec=360. When that endpoint hangs (observed:curl (28) timed out after 320001 ms), the service sits indeactivatingwith port 6969 dead. Since the in-app Update applies the pull then restarts the service, the restart stalls and the update looks like it failed / the box looks down.Fix: bound the curl to 25s and
TimeoutStopSecto 45s. Draining is best-effort; anything slower belongs in an async task, never inline in shutdown.2. A tracked build artifact dirtied the tree and could block
git pulldesktop/tsconfig.tsbuildinfowas tracked but is regenerated on everynpm run build, so it perpetually showed as modified and could block the fast-forward pull the update performs.Fix:
git rm --cachedit and add it to.gitignore(consistent withstatic/desktop/, the built bundle, already being ignored).Notes
--max-time 25+ aTimeoutStopSec=45drop-in); this lands it at the source so a reinstall doesn't regress./api/system/prepare-shutdowncan hang at all.Summary by CodeRabbit
Bug Fixes
Chores