Skip to content

fix(execution): resolve guest module imports against the live guest filesystem#194

Merged
NathanFlurry merged 4 commits into
mainfrom
stack/fix-execution-resolve-guest-module-imports-against-the-live-guest-filesystem-nwqxkrwv
Jul 2, 2026
Merged

fix(execution): resolve guest module imports against the live guest filesystem#194
NathanFlurry merged 4 commits into
mainfrom
stack/fix-execution-resolve-guest-module-imports-against-the-live-guest-filesystem-nwqxkrwv

Conversation

@NathanFlurry

Copy link
Copy Markdown
Member

Guest write-then-import failed: fs.writeFileSync goes through the process'
mapped host shadow (reconciled to the kernel only at exit), while module
resolution read vm.kernel directly — so files the running guest wrote were
invisible to import(), and resolution misses were negative-cached forever.

  • Module resolution for live JS processes now reads through the process shadow
    first (same confined mapped-runtime open helpers as the fs RPCs), falling
    back to the kernel VFS.
  • The session-thread direct module reader still answers host-dir hits first,
    but forwards misses to the sidecar instead of answering not-found locally.
  • Negative resolution/package-json cache entries are kept only for stable
    node_modules paths, so retry-after-miss works for app paths while the
    node_modules hot path stays cached.
  • Restored the fs/module_import_fresh matrix op and added a write-then-import
    regression test.

Guest https.get to an in-guest TLS server failed with ERR_AGENTOS_NODE_SYNC_RPC:
the client upgrade leaves the rustls handshake incomplete (looping would deadlock
the guest thread that must service the server-side upgrade), so the first write
hit WouldBlock from the loopback transport and surfaced as a fatal sync-RPC error.

- Buffer plaintext writes on loopback TLS sockets while the handshake is pending
  (bounded 4 MiB, warn at 80%, typed error on overflow); the TLS reader thread
  drives the handshake with a short poll timeout, flushes the buffer on
  completion, enforces TLS_HANDSHAKE_TIMEOUT, and honors deferred shutdown.
- Interrupt flags on the loopback transport let a direct write reclaim the
  stream mutex from the reader without waiting out its poll.
- Bridge: https.createServer now actually upgrades accepted sockets to TLS
  (options were previously discarded); client secureConnect defers to a
  macrotask without double-starting the read pump; first-read wake scheduling
  no longer requires bench metrics to be enabled; localAddress/localPort flow
  through connect.
- New net/tls_loopback_get bench op (guest+node lanes, explicit unsupported
  native/wasm reasons) and engine support for unsupported-lane rendering.
- Regression tests: loopback https round-trip; pending-write buffer cap.
… sync-RPC wait

Any guest http2.createServer().listen() wedged the whole guest: Http2Server/
Http2Session._retain() issued a long-lived net.http2_*_wait sync RPC, and guest
sync-RPC servicing is serialized, so the in-flight wait starved every later RPC
(including the listen response the isolate was blocked on).

- _retain() now drives bounded net.http2_*_poll calls (wait_ms=0) on a timer
  loop and dispatches polled events through http2Dispatch; the loop stops on
  release/close/terminal events.
- New regression test: guest h2c listen -> request -> response round-trip.
- New net/http2_loopback_get matrix op (node + guest lanes, explicit
  unsupported native/wasm reasons) with body verification.
@NathanFlurry

NathanFlurry commented Jul 2, 2026

Copy link
Copy Markdown
Member Author

Stack for rivet-dev/secure-exec

Get stack: forklift get 194
Push local edits: forklift submit
Merge when ready: forklift merge 194

…ilesystem

Guest write-then-import failed: fs.writeFileSync goes through the process'
mapped host shadow (reconciled to the kernel only at exit), while module
resolution read vm.kernel directly — so files the running guest wrote were
invisible to import(), and resolution misses were negative-cached forever.

- Module resolution for live JS processes now reads through the process shadow
  first (same confined mapped-runtime open helpers as the fs RPCs), falling
  back to the kernel VFS.
- The session-thread direct module reader still answers host-dir hits first,
  but forwards misses to the sidecar instead of answering not-found locally.
- Negative resolution/package-json cache entries are kept only for stable
  node_modules paths, so retry-after-miss works for app paths while the
  node_modules hot path stays cached.
- Restored the fs/module_import_fresh matrix op and added a write-then-import
  regression test.
@NathanFlurry NathanFlurry force-pushed the stack/fix-execution-resolve-guest-module-imports-against-the-live-guest-filesystem-nwqxkrwv branch from b459831 to f094c3c Compare July 2, 2026 08:00
@NathanFlurry NathanFlurry changed the base branch from stack/fix-bridge-poll-http2-server-session-retain-instead-of-monopolizing-sync-rpc-wait-ulysquzo to main July 2, 2026 08:48
@NathanFlurry NathanFlurry merged commit f094c3c into main Jul 2, 2026
1 check passed
@NathanFlurry NathanFlurry deleted the stack/fix-execution-resolve-guest-module-imports-against-the-live-guest-filesystem-nwqxkrwv branch July 2, 2026 08:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant