fix(execution): resolve guest module imports against the live guest filesystem#194
Merged
Conversation
Guest https.get to an in-guest TLS server failed with ERR_AGENTOS_NODE_SYNC_RPC: the client upgrade leaves the rustls handshake incomplete (looping would deadlock the guest thread that must service the server-side upgrade), so the first write hit WouldBlock from the loopback transport and surfaced as a fatal sync-RPC error. - Buffer plaintext writes on loopback TLS sockets while the handshake is pending (bounded 4 MiB, warn at 80%, typed error on overflow); the TLS reader thread drives the handshake with a short poll timeout, flushes the buffer on completion, enforces TLS_HANDSHAKE_TIMEOUT, and honors deferred shutdown. - Interrupt flags on the loopback transport let a direct write reclaim the stream mutex from the reader without waiting out its poll. - Bridge: https.createServer now actually upgrades accepted sockets to TLS (options were previously discarded); client secureConnect defers to a macrotask without double-starting the read pump; first-read wake scheduling no longer requires bench metrics to be enabled; localAddress/localPort flow through connect. - New net/tls_loopback_get bench op (guest+node lanes, explicit unsupported native/wasm reasons) and engine support for unsupported-lane rendering. - Regression tests: loopback https round-trip; pending-write buffer cap.
… sync-RPC wait Any guest http2.createServer().listen() wedged the whole guest: Http2Server/ Http2Session._retain() issued a long-lived net.http2_*_wait sync RPC, and guest sync-RPC servicing is serialized, so the in-flight wait starved every later RPC (including the listen response the isolate was blocked on). - _retain() now drives bounded net.http2_*_poll calls (wait_ms=0) on a timer loop and dispatches polled events through http2Dispatch; the loop stops on release/close/terminal events. - New regression test: guest h2c listen -> request -> response round-trip. - New net/http2_loopback_get matrix op (node + guest lanes, explicit unsupported native/wasm reasons) with body verification.
This was referenced Jul 2, 2026
Merged
Member
Author
|
Stack for rivet-dev/secure-exec
Get stack: |
…ilesystem Guest write-then-import failed: fs.writeFileSync goes through the process' mapped host shadow (reconciled to the kernel only at exit), while module resolution read vm.kernel directly — so files the running guest wrote were invisible to import(), and resolution misses were negative-cached forever. - Module resolution for live JS processes now reads through the process shadow first (same confined mapped-runtime open helpers as the fs RPCs), falling back to the kernel VFS. - The session-thread direct module reader still answers host-dir hits first, but forwards misses to the sidecar instead of answering not-found locally. - Negative resolution/package-json cache entries are kept only for stable node_modules paths, so retry-after-miss works for app paths while the node_modules hot path stays cached. - Restored the fs/module_import_fresh matrix op and added a write-then-import regression test.
b459831 to
f094c3c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Guest write-then-import failed: fs.writeFileSync goes through the process'
mapped host shadow (reconciled to the kernel only at exit), while module
resolution read vm.kernel directly — so files the running guest wrote were
invisible to import(), and resolution misses were negative-cached forever.
first (same confined mapped-runtime open helpers as the fs RPCs), falling
back to the kernel VFS.
but forwards misses to the sidecar instead of answering not-found locally.
node_modules paths, so retry-after-miss works for app paths while the
node_modules hot path stays cached.
regression test.