Fix flaky fake cli test (failed on CI)

Author: iagooar

Cargo.toml

@@ -42,3 +42,6 @@ tokio = { version = "1.39", features = ["rt-multi-thread", "macros", "io-util"]
 serial_test = "3.1"
 assert_cmd = "2.0"
 rcgen = "0.13"
+
+[target.'cfg(unix)'.dev-dependencies]
+libc = "0.2"

src/perms.rs

@@ -52,10 +52,6 @@ pub fn set_custom_allowlist(commands: Vec<String>) {
     }
 }
 
-pub fn clear_custom_allowlist() {
-    custom_allowlist().lock().unwrap().clear();
-}
-
 /// Ensure a path is within HOME or current working directory.
 pub fn ensure_safe_path(p: &Path) -> Result<()> {
     let resolved = resolve_path(p)?;

tests/cli_backend_tests.rs

@@ -1,11 +1,13 @@
 #![cfg(unix)]
 
+use anyhow::Result;
 use qqqa::ai::{CliCompletionRequest, run_cli_completion};
 use qqqa::config::CliEngine;
 use std::fs;
 use std::os::unix::fs::PermissionsExt;
 use std::path::Path;
 use tempfile::tempdir;
+use tokio::time::{sleep, Duration};
 
 fn read_args(path: &Path) -> Vec<String> {
     let data = fs::read(path).expect("args file");
@@ -33,6 +35,39 @@ fn write_executable_script(path: &Path, contents: &str) {
     fs::set_permissions(path, perms).unwrap();
 }
 
+async fn run_cli_completion_with_retry<'a, F>(mut make_req: F) -> Result<String>
+where
+    F: FnMut() -> CliCompletionRequest<'a>,
+{
+    const MAX_ATTEMPTS: usize = 3;
+    let mut attempt = 0;
+    loop {
+        match run_cli_completion(make_req()).await {
+            Ok(text) => return Ok(text),
+            Err(err) => {
+                if should_retry_etxtbsy(&err) && attempt < MAX_ATTEMPTS {
+                    attempt += 1;
+                    sleep(Duration::from_millis(25 * attempt as u64)).await;
+                    continue;
+                }
+                return Err(err);
+            }
+        }
+    }
+}
+
+#[cfg(unix)]
+fn should_retry_etxtbsy(err: &anyhow::Error) -> bool {
+    err.chain()
+        .filter_map(|cause| cause.downcast_ref::<std::io::Error>())
+        .any(|io_err| io_err.raw_os_error() == Some(libc::ETXTBSY))
+}
+
+#[cfg(not(unix))]
+fn should_retry_etxtbsy(_: &anyhow::Error) -> bool {
+    false
+}
+
 #[tokio::test]
 async fn run_cli_completion_returns_agent_message_from_script() {
     let dir = tempdir().unwrap();
@@ -43,7 +78,7 @@ printf '%s\n' '{"type":"item.completed","item":{"type":"agent_message","text":"h
 "#;
     write_executable_script(&script_path, script);
 
-    let text = run_cli_completion(CliCompletionRequest {
+    let text = run_cli_completion_with_retry(|| CliCompletionRequest {
         engine: CliEngine::Codex,
         binary: script_path.to_str().unwrap(),
         base_args: &[],
@@ -79,7 +114,7 @@ printf '%s\n' '{{"type":"item.completed","item":{{"type":"agent_message","text":
     write_executable_script(&script_path, &script);
 
     let base_args = vec!["exec".to_string()];
-    let text = run_cli_completion(CliCompletionRequest {
+    let text = run_cli_completion_with_retry(|| CliCompletionRequest {
         engine: CliEngine::Codex,
         binary: script_path.to_str().unwrap(),
         base_args: &base_args,

tests/perms_tests.rs

@@ -1,14 +1,13 @@
 use qqqa::perms::{
-    CommandDisposition, clear_custom_allowlist, ensure_safe_command, ensure_safe_path,
-    set_custom_allowlist,
+    CommandDisposition, ensure_safe_command, ensure_safe_path, set_custom_allowlist,
 };
 use serial_test::serial;
 use std::path::Path;
 
 #[test]
 #[serial]
 fn ensure_safe_command_allows_allowlisted_commands() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::remove_var("QQQA_ALLOW_UNSAFE_COMMANDS");
     }
@@ -37,7 +36,7 @@ fn ensure_safe_command_allows_allowlisted_commands() {
 #[test]
 #[serial]
 fn ensure_safe_command_blocks_dangerous_patterns() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::remove_var("QQQA_ALLOW_UNSAFE_COMMANDS");
     }
@@ -50,7 +49,7 @@ fn ensure_safe_command_blocks_dangerous_patterns() {
 #[test]
 #[serial]
 fn ensure_safe_command_blocks_connectors_and_inplace_edits() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::remove_var("QQQA_ALLOW_UNSAFE_COMMANDS");
     }
@@ -73,7 +72,7 @@ fn ensure_safe_command_blocks_connectors_and_inplace_edits() {
 #[test]
 #[serial]
 fn ensure_safe_command_checks_all_segments() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::remove_var("QQQA_ALLOW_UNSAFE_COMMANDS");
     }
@@ -89,7 +88,7 @@ fn ensure_safe_command_checks_all_segments() {
 #[test]
 #[serial]
 fn ensure_safe_command_respects_override_env() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::set_var("QQQA_ALLOW_UNSAFE_COMMANDS", "1");
     }
@@ -105,7 +104,7 @@ fn ensure_safe_command_respects_override_env() {
 #[test]
 #[serial]
 fn ensure_safe_command_respects_custom_allowlist() {
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::remove_var("QQQA_ALLOW_UNSAFE_COMMANDS");
     }
@@ -114,7 +113,7 @@ fn ensure_safe_command_respects_custom_allowlist() {
         ensure_safe_command("ffmpeg -i in.mp4 out.mp3").unwrap(),
         CommandDisposition::Allowed
     ));
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
 }
 
 #[test]

tests/tools_tests.rs

@@ -1,4 +1,4 @@
-use qqqa::perms::{clear_custom_allowlist, ensure_safe_path};
+use qqqa::perms::{ensure_safe_path, set_custom_allowlist};
 use qqqa::shell::ShellKind;
 use qqqa::tools::parse_tool_call;
 use qqqa::tools::read_file;
@@ -15,7 +15,10 @@ struct TempCwdGuard {
 impl TempCwdGuard {
     fn new(dir: &Path) -> Self {
         static CWD_LOCK: OnceLock<Mutex<()>> = OnceLock::new();
-        let lock = CWD_LOCK.get_or_init(|| Mutex::new(())).lock().unwrap();
+        let lock = CWD_LOCK
+            .get_or_init(|| Mutex::new(()))
+            .lock()
+            .unwrap_or_else(|poisoned| poisoned.into_inner());
         let previous = std::env::current_dir().expect("read current dir");
         std::env::set_current_dir(dir).expect("set current dir");
         Self {
@@ -31,12 +34,47 @@ impl Drop for TempCwdGuard {
     }
 }
 
+struct EnvVarGuard {
+    key: &'static str,
+    previous: Option<String>,
+}
+
+impl EnvVarGuard {
+    fn set(key: &'static str, value: Option<&str>) -> Self {
+        let previous = std::env::var(key).ok();
+        if let Some(val) = value {
+            unsafe {
+                std::env::set_var(key, val);
+            }
+        } else {
+            unsafe {
+                std::env::remove_var(key);
+            }
+        }
+        Self { key, previous }
+    }
+}
+
+impl Drop for EnvVarGuard {
+    fn drop(&mut self) {
+        if let Some(ref val) = self.previous {
+            unsafe {
+                std::env::set_var(self.key, val);
+            }
+        } else {
+            unsafe {
+                std::env::remove_var(self.key);
+            }
+        }
+    }
+}
+
 #[test]
 #[serial]
 fn read_and_write_file_tools_and_path_safety() {
     // Set HOME and CWD to a temp folder for deterministic safety checks.
     let temp = tempfile::tempdir().unwrap();
-    clear_custom_allowlist();
+    set_custom_allowlist(Vec::new());
     unsafe {
         std::env::set_var("HOME", temp.path());
     }
@@ -141,39 +179,38 @@ async fn execute_command_honors_pty_force_flag() {
     let _cwd_guard = TempCwdGuard::new(temp.path());
 
     let probe = "env sh -lc '[ -t 1 ] && echo tty || echo notty'";
-    let baseline = qqqa::tools::execute_command::run(
-        qqqa::tools::execute_command::Args {
-            command: probe.into(),
-            cwd: None,
-        },
-        true,
-        false,
-        ShellKind::Posix,
-        None,
-    )
-    .await
-    .expect("baseline execute_command should succeed");
+    let baseline = {
+        let _disable_guard = EnvVarGuard::set("QQQA_DISABLE_PTY", Some("1"));
+        qqqa::tools::execute_command::run(
+            qqqa::tools::execute_command::Args {
+                command: probe.into(),
+                cwd: None,
+            },
+            true,
+            false,
+            ShellKind::Posix,
+            None,
+        )
+        .await
+        .expect("baseline execute_command should succeed")
+    };
     assert!(baseline.contains("notty"));
 
-    unsafe {
-        std::env::set_var("QQQA_FORCE_PTY", "1");
-    }
-    let forced = qqqa::tools::execute_command::run(
-        qqqa::tools::execute_command::Args {
-            command: probe.into(),
-            cwd: None,
-        },
-        true,
-        false,
-        ShellKind::Posix,
-        None,
-    )
-    .await
-    .expect("execute_command with forced PTY should succeed");
-
-    unsafe {
-        std::env::remove_var("QQQA_FORCE_PTY");
-    }
+    let forced = {
+        let _force_guard = EnvVarGuard::set("QQQA_FORCE_PTY", Some("1"));
+        qqqa::tools::execute_command::run(
+            qqqa::tools::execute_command::Args {
+                command: probe.into(),
+                cwd: None,
+            },
+            true,
+            false,
+            ShellKind::Posix,
+            None,
+        )
+        .await
+        .expect("execute_command with forced PTY should succeed")
+    };
 
     assert!(
         forced.contains("tty"),
@@ -193,43 +230,37 @@ async fn execute_command_respects_disable_flag() {
     let _cwd_guard = TempCwdGuard::new(temp.path());
 
     let probe = "env sh -lc '[ -t 1 ] && echo tty || echo notty'";
-    unsafe {
-        std::env::set_var("QQQA_FORCE_PTY", "1");
-    }
-    let forced = qqqa::tools::execute_command::run(
-        qqqa::tools::execute_command::Args {
-            command: probe.into(),
-            cwd: None,
-        },
-        true,
-        false,
-        ShellKind::Posix,
-        None,
-    )
-    .await
-    .expect("forced PTY should succeed");
-
-    unsafe {
-        std::env::remove_var("QQQA_FORCE_PTY");
-        std::env::set_var("QQQA_DISABLE_PTY", "1");
-    }
-
-    let res = qqqa::tools::execute_command::run(
-        qqqa::tools::execute_command::Args {
-            command: probe.into(),
-            cwd: None,
-        },
-        true,
-        false,
-        ShellKind::Posix,
-        None,
-    )
-    .await
-    .expect("execute_command fallback should succeed");
+    let forced = {
+        let _force_guard = EnvVarGuard::set("QQQA_FORCE_PTY", Some("1"));
+        qqqa::tools::execute_command::run(
+            qqqa::tools::execute_command::Args {
+                command: probe.into(),
+                cwd: None,
+            },
+            true,
+            false,
+            ShellKind::Posix,
+            None,
+        )
+        .await
+        .expect("forced PTY should succeed")
+    };
 
-    unsafe {
-        std::env::remove_var("QQQA_DISABLE_PTY");
-    }
+    let res = {
+        let _disable_guard = EnvVarGuard::set("QQQA_DISABLE_PTY", Some("1"));
+        qqqa::tools::execute_command::run(
+            qqqa::tools::execute_command::Args {
+                command: probe.into(),
+                cwd: None,
+            },
+            true,
+            false,
+            ShellKind::Posix,
+            None,
+        )
+        .await
+        .expect("execute_command fallback should succeed")
+    };
 
     assert!(forced.contains("tty"));
     assert!(