fix: preserve gateways across dev restarts (#662)

2026-05-12 21:35:17 +08:00
parent ebb166abee
commit 5bd1475a83
2 changed files with 338 additions and 3 deletions
@@ -0,0 +1,326 @@
+# Gateway Development Guide
+
+This document explains how Hermes Web UI manages Hermes Agent gateway processes during local development and production runtime.
+
+## Scope
+
+Gateway lifecycle is owned by `GatewayManager`:
+
+- Source: `packages/server/src/services/hermes/gateway-manager.ts`
+- Bootstrap: `packages/server/src/services/gateway-bootstrap.ts`
+- Shutdown: `packages/server/src/services/shutdown.ts`
+- Dev restart config: `nodemon.json`
+
+The manager supports multiple Hermes profiles. Each profile gets its own gateway process and API server port.
+
+## Startup Flow
+
+Server bootstrap creates one `GatewayManager` instance:
+
+```text
+packages/server/src/index.ts
+-> initGatewayManager()
+-> new GatewayManager(activeProfile)
+-> detectAllOnStartup()
+-> startAll()
+```
+
+The startup process is intentionally split into two phases.
+
+1. `detectAllOnStartup()`
+   - Lists Hermes profiles.
+   - Reads profile gateway metadata.
+   - Checks whether an existing gateway process is alive.
+   - Checks the configured `/health` endpoint.
+   - Registers healthy existing gateways in memory.
+
+2. `startAll()`
+   - Skips profiles that are already healthy.
+   - Skips remote profiles that cannot be started locally.
+   - Resolves a local port.
+   - Starts missing local gateways.
+
+## Profile Paths
+
+Profile directories are resolved as:
+
+| Profile | Directory |
+|---|---|
+| `default` | `HERMES_BASE` |
+| non-default | `HERMES_BASE/profiles/<profile>` |
+
+`HERMES_BASE` comes from `detectHermesHome()` in `packages/server/src/services/hermes/hermes-path.ts`.
+
+## Gateway Address Configuration
+
+Gateway API server host and port are read from:
+
+```yaml
+platforms:
+  api_server:
+    extra:
+      host: 127.0.0.1
+      port: 8642
+```
+
+The manager writes the same structure when assigning a port. Older top-level `platforms.api_server.host` and `platforms.api_server.port` values are removed when writing, because Hermes reads the values from `extra`.
+
+## PID Sources
+
+`GatewayManager` reads gateway PID metadata in this order:
+
+1. `gateway.pid`
+2. `gateway_state.json`
+
+`gateway.pid` is authoritative when present.
+
+`gateway_state.json` is only a fallback when `gateway.pid` is missing. The fallback PID is accepted only when:
+
+- the PID is finite;
+- the PID is greater than `0`;
+- `gateway_state` is `running` or `starting`.
+
+The PID alone is not enough to mark a gateway as healthy. Callers also check process liveness and the configured `/health` endpoint.
+
+## Process Liveness
+
+Process liveness uses:
+
+```ts
+process.kill(pid, 0)
+```
+
+This does not terminate the process. It only checks whether the process exists and whether the current process can signal it.
+
+`EPERM` is treated as alive. This matters on Windows and other restricted environments: `EPERM` means the process exists, but the current process does not have permission to signal it.
+
+## Health Checks
+
+Gateway readiness is determined by:
+
+```text
+GET <gateway-url>/health
+```
+
+A gateway is considered usable only when the health response is successful.
+
+This protects against stale PID files and process ID reuse.
+
+## Port Resolution
+
+Before starting a gateway, `resolvePort()`:
+
+1. Checks whether the profile already has a healthy in-memory gateway.
+2. Checks whether PID metadata points to a healthy gateway on the configured URL.
+3. Tracks ports already allocated in the current startup pass.
+4. Finds a free local port with a TCP bind test.
+5. Writes the selected port back to profile `config.yaml`.
+
+Port allocation intentionally starts from the gateway base range used by this application.
+
+## Gateway Start Mode
+
+All platforms use:
+
+```bash
+hermes gateway run --replace
+```
+
+The process is started with:
+
+```text
+HERMES_HOME=<profile-dir>
+```
+
+This keeps each profile isolated.
+
+`--replace` lets Hermes handle stale gateway lock files more reliably than service-manager mode.
+
+## Development Mode on Windows
+
+Windows development has one important difference: `nodemon` restarts can terminate child processes as part of the process tree.
+
+To avoid closing every gateway on each server restart, `nodemon.json` sets:
+
+```json
+{
+  "env": {
+    "HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN": "0"
+  }
+}
+```
+
+When this variable is `0` or `false`:
+
+- shutdown skips `gatewayManager.stopAll()`;
+- gateway processes are spawned with `detached: true`;
+- gateway child processes are `unref()`ed;
+- the restarted server re-detects running gateways during `detectAllOnStartup()`.
+
+This is the intended local development behavior. Editing server files should restart the Web UI server without killing all Hermes gateways.
+
+## Production Shutdown Behavior
+
+In production, the env override is normally unset.
+
+On shutdown:
+
+```text
+bindShutdown()
+-> shouldStopGatewaysOnShutdown(signal)
+-> gatewayManager.stopAll()
+```
+
+Only gateways marked as `owned` by the current Web UI instance are stopped by `stopAll()`.
+
+`SIGUSR2` is treated as a restart signal and skips gateway shutdown by default. This keeps compatibility with restart tools that use `SIGUSR2`.
+
+## Stop Flow
+
+Stopping a profile gateway collects candidate PIDs from:
+
+- the spawned child process reference;
+- the in-memory gateway record;
+- `gateway.pid` or `gateway_state.json`;
+- local listening PIDs on the configured port.
+
+Then it:
+
+1. Calls `hermes gateway stop` for the profile.
+2. Checks whether `/health` is already down.
+3. Sends termination signals to candidate PIDs.
+4. Waits until `/health` fails.
+5. Force kills remaining local listeners only if the gateway is still healthy after the timeout.
+
+Because local port listener detection can include unrelated processes, prefer PID metadata and health checks when debugging stop behavior.
+
+## CLI PID Recovery
+
+The npm CLI entrypoint `bin/hermes-web-ui.mjs` also has PID recovery logic for the Web UI server itself.
+
+The safe order is:
+
+1. Read `~/.hermes-web-ui/server.pid`.
+2. If the PID is alive, use it.
+3. If the PID is stale, remove it.
+4. Only then use port listener detection as a fallback.
+
+The CLI should not recover from a port before checking the PID file. Doing so can mistake an unrelated process for Hermes Web UI.
+
+## Port Listener Detection
+
+The CLI uses platform-specific listener detection:
+
+| Platform | Primary command | Fallback |
+|---|---|---|
+| Windows | `netstat -aon -p tcp` | none |
+| macOS/Linux | `lsof -tiTCP:<port> -sTCP:LISTEN` | `ss -ltnp 'sport = :<port>'` |
+
+The server-side `GatewayManager` uses:
+
+| Platform | Command |
+|---|---|
+| Windows | `netstat -ano -p tcp` |
+| macOS/Linux | `lsof -tiTCP:<port> -sTCP:LISTEN` |
+
+Port detection is best-effort. Some minimal Linux containers may not have `lsof`; some restricted systems may hide PIDs owned by another user.
+
+## Environment Variables
+
+| Variable | Values | Purpose |
+|---|---|---|
+| `HERMES_HOME` | path | Overrides Hermes home/profile root when launching Hermes commands. |
+| `HERMES_BIN` | path | Overrides Hermes CLI binary path. |
+| `GATEWAY_HOST` | host | Default gateway host when config does not define one. |
+| `HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN` | `0`, `false`, `1`, `true` | Controls whether shutdown stops owned gateways. `0`/`false` also enables detached gateway processes. |
+
+## Recommended Local Development Workflow
+
+Use:
+
+```bash
+npm run dev
+```
+
+Expected behavior:
+
+- client and server both run in dev mode;
+- `nodemon` restarts the server when `packages/server/src` changes;
+- gateways keep running across server restarts;
+- the restarted server re-registers healthy gateways during bootstrap.
+
+If a gateway fails after restart, check:
+
+1. `HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN` is `0` in the server process.
+2. Gateway start logs include `detached: true`.
+3. The profile has a valid `gateway.pid` or `gateway_state.json`.
+4. The configured gateway `/health` endpoint is reachable.
+5. No unrelated process occupies the profile's configured port.
+
+## Troubleshooting
+
+### Gateways close on every Windows restart
+
+Check that the server process was launched through `nodemon.json` and that the environment contains:
+
+```bash
+HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN=0
+```
+
+Also confirm the gateway start log prints:
+
+```text
+detached: true
+```
+
+If it prints `detached: false`, the dev opt-out env did not reach the server process.
+
+### Gateway is alive but Web UI does not detect it
+
+Check:
+
+- the profile `config.yaml` host and port;
+- `gateway.pid`;
+- `gateway_state.json`;
+- `GET http://<host>:<port>/health`;
+- whether the PID exists and is visible to the Web UI process.
+
+Detection requires both PID liveness and a healthy endpoint.
+
+### Port is occupied
+
+The manager will allocate another available gateway port for local profiles.
+
+For manual debugging:
+
+Windows:
+
+```powershell
+netstat -aon -p tcp
+```
+
+macOS/Linux:
+
+```bash
+lsof -tiTCP:<port> -sTCP:LISTEN
+ss -ltnp 'sport = :<port>'
+```
+
+### Stale lock file on Windows
+
+Before starting a gateway on Windows, the manager checks `gateway.lock`. If the lock PID is no longer alive, it removes the stale lock file.
+
+If startup still fails, inspect the profile directory for:
+
+- `gateway.lock`;
+- `gateway.pid`;
+- `gateway_state.json`;
+- Hermes gateway logs.
+
+## Development Notes
+
+- Keep startup detection read-only. Process cleanup belongs in start/stop paths.
+- Treat PID files as hints, not proof. Always combine PID liveness with health checks.
+- Treat port listener discovery as a fallback. A listening port can belong to another process.
+- Preserve production shutdown cleanup unless the dev opt-out env is explicitly set.
+- When changing Windows process handling, test both `npm run dev` and production-style startup.
@@ -147,6 +147,11 @@ function isLocalHost(host: string): boolean {
  return ['127.0.0.1', 'localhost', '::1', '[::1]', '0.0.0.0'].includes(host)
 }

+function shouldDetachGatewayProcess(): boolean {
+  const override = process.env.HERMES_WEB_UI_STOP_GATEWAYS_ON_SHUTDOWN?.trim().toLowerCase()
+  return override === '0' || override === 'false'
+}
+
 // ============================
 // GatewayManager
 // ============================
@@ -560,18 +565,22 @@ export class GatewayManager {
      }
    }

-    // 所有平台统一使用 run 模式：子进程跟随父进程生命周期
+    // 所有平台统一使用 run 模式；dev/nodemon 可通过 env 保留 gateway 进程。
    return new Promise((resolve, reject) => {
      const env = { ...process.env, HERMES_HOME: hermesHome }
+      const detachGateway = shouldDetachGatewayProcess()
      const child = spawn(HERMES_BIN, ['gateway', 'run', '--replace'], {
        stdio: 'ignore',
+        detached: detachGateway,
        windowsHide: true,
        env,
      })
-      // 不使用 detached 和 unref，让子进程跟随父进程生命周期
+      if (detachGateway) {
+        child.unref()
+      }

      const pid = child.pid ?? 0
-      logger.info('Starting gateway for profile "%s" (run mode, PID: %d, port: %d)', name, pid, port)
+      logger.info('Starting gateway for profile "%s" (run mode, PID: %d, port: %d, detached: %s)', name, pid, port, detachGateway)

      // 保存子进程引用，用于后续管理
      this.gateways.set(name, { pid, port, host, url, owned: true, process: child })