Make lockfile cleanup more resilient (#1722)

* Config lock files were not being cleaned up.
* Ensure lock files get cleaned up as part of signal handling.
* Ensure stale lock files get cleaned up.

Author: dmjb

cmd/thv/main.go

@@ -3,10 +3,16 @@ package main
 
 import (
 	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/adrg/xdg"
 
 	"github.com/stacklok/toolhive/cmd/thv/app"
 	"github.com/stacklok/toolhive/pkg/client"
 	"github.com/stacklok/toolhive/pkg/container/runtime"
+	"github.com/stacklok/toolhive/pkg/lockfile"
 	"github.com/stacklok/toolhive/pkg/logger"
 	"github.com/stacklok/toolhive/pkg/migration"
 )
@@ -15,6 +21,12 @@ func main() {
 	// Initialize the logger
 	logger.Initialize()
 
+	// Setup signal handling for graceful cleanup
+	setupSignalHandler()
+
+	// Clean up stale lock files on startup
+	cleanupStaleLockFiles()
+
 	// Check and perform auto-discovery migration if needed
 	// Handles the auto-discovery flag depreciation, only executes once on old config files
 	client.CheckAndPerformAutoDiscoveryMigration()
@@ -25,6 +37,48 @@ func main() {
 
 	// Skip update check for completion command or if we are running in kubernetes
 	if err := app.NewRootCmd(!app.IsCompletionCommand(os.Args) && !runtime.IsKubernetesRuntime()).Execute(); err != nil {
+		// Clean up any remaining lock files on error exit
+		lockfile.CleanupAllLocks()
 		os.Exit(1)
 	}
+
+	// Clean up lock files on normal exit
+	lockfile.CleanupAllLocks()
+}
+
+// setupSignalHandler configures signal handling to ensure lock files are cleaned up
+func setupSignalHandler() {
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM, syscall.SIGQUIT)
+
+	go func() {
+		<-sigCh
+		logger.Debugf("Received signal, cleaning up lock files...")
+		lockfile.CleanupAllLocks()
+		os.Exit(0)
+	}()
+}
+
+// cleanupStaleLockFiles removes stale lock files from known directories on startup
+func cleanupStaleLockFiles() {
+	// Common directories where lock files are created
+	var directories []string
+
+	// Config directory
+	if configDir, err := xdg.ConfigFile("toolhive"); err == nil {
+		directories = append(directories, configDir)
+	}
+
+	// Data directory (for statuses and updates)
+	if dataDir, err := xdg.DataFile("toolhive"); err == nil {
+		directories = append(directories, dataDir)
+
+		// Specific subdirectories
+		if statusDir, err := xdg.DataFile("toolhive/statuses"); err == nil {
+			directories = append(directories, statusDir)
+		}
+	}
+
+	// Clean up lock files older than 5 minutes (should be safe for most operations)
+	lockfile.CleanupStaleLocks(directories, 5*time.Minute)
 }

pkg/client/config_editor.go

@@ -8,11 +8,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/gofrs/flock"
 	"github.com/tailscale/hujson"
 	"github.com/tidwall/gjson"
 	"gopkg.in/yaml.v3"
 
+	"github.com/stacklok/toolhive/pkg/lockfile"
 	"github.com/stacklok/toolhive/pkg/logger"
 )
 
@@ -39,7 +39,8 @@ type JSONConfigUpdater struct {
 // Upsert inserts or updates an MCP server in the MCP client config file
 func (jcu *JSONConfigUpdater) Upsert(serverName string, data MCPServer) error {
 	// Create a lock file
-	fileLock := flock.New(jcu.Path + ".lock")
+	lockPath := jcu.Path + ".lock"
+	fileLock := lockfile.NewTrackedLock(lockPath)
 
 	// Create a context with timeout
 	ctx, cancel := context.WithTimeout(context.Background(), lockTimeout)
@@ -53,7 +54,7 @@ func (jcu *JSONConfigUpdater) Upsert(serverName string, data MCPServer) error {
 	if !locked {
 		return fmt.Errorf("failed to acquire lock: timeout after %v", lockTimeout)
 	}
-	defer fileLock.Unlock()
+	defer lockfile.ReleaseTrackedLock(lockPath, fileLock)
 
 	content, err := os.ReadFile(jcu.Path)
 	if err != nil {
@@ -98,7 +99,8 @@ func (jcu *JSONConfigUpdater) Upsert(serverName string, data MCPServer) error {
 // Remove removes an MCP server from the MCP client config file
 func (jcu *JSONConfigUpdater) Remove(serverName string) error {
 	// Create a lock file
-	fileLock := flock.New(jcu.Path + ".lock")
+	lockPath := jcu.Path + ".lock"
+	fileLock := lockfile.NewTrackedLock(lockPath)
 
 	// Create a context with timeout
 	ctx, cancel := context.WithTimeout(context.Background(), lockTimeout)
@@ -112,7 +114,7 @@ func (jcu *JSONConfigUpdater) Remove(serverName string) error {
 	if !locked {
 		return fmt.Errorf("failed to acquire lock: timeout after %v", lockTimeout)
 	}
-	defer fileLock.Unlock()
+	defer lockfile.ReleaseTrackedLock(lockPath, fileLock)
 
 	content, err := os.ReadFile(jcu.Path)
 	if err != nil {
@@ -162,7 +164,8 @@ type YAMLConfigUpdater struct {
 // Upsert inserts or updates an MCP server in the config.yaml file using the converter
 func (ycu *YAMLConfigUpdater) Upsert(serverName string, data MCPServer) error {
 	// Create a lock file
-	fileLock := flock.New(ycu.Path + ".lock")
+	lockPath := ycu.Path + ".lock"
+	fileLock := lockfile.NewTrackedLock(lockPath)
 
 	// Create a context with timeout
 	ctx, cancel := context.WithTimeout(context.Background(), lockTimeout)
@@ -176,7 +179,7 @@ func (ycu *YAMLConfigUpdater) Upsert(serverName string, data MCPServer) error {
 	if !locked {
 		return fmt.Errorf("failed to acquire lock: timeout after %v", lockTimeout)
 	}
-	defer fileLock.Unlock()
+	defer lockfile.ReleaseTrackedLock(lockPath, fileLock)
 
 	content, err := os.ReadFile(ycu.Path)
 	if err != nil && !os.IsNotExist(err) {
@@ -227,7 +230,8 @@ func (ycu *YAMLConfigUpdater) Upsert(serverName string, data MCPServer) error {
 // Remove removes an entry from the config.yaml file using the converter
 func (ycu *YAMLConfigUpdater) Remove(serverName string) error {
 	// Create a lock file
-	fileLock := flock.New(ycu.Path + ".lock")
+	lockPath := ycu.Path + ".lock"
+	fileLock := lockfile.NewTrackedLock(lockPath)
 
 	ctx, cancel := context.WithTimeout(context.Background(), lockTimeout)
 	defer cancel()
@@ -240,7 +244,7 @@ func (ycu *YAMLConfigUpdater) Remove(serverName string) error {
 	if !locked {
 		return fmt.Errorf("failed to acquire lock: timeout after %v", lockTimeout)
 	}
-	defer fileLock.Unlock()
+	defer lockfile.ReleaseTrackedLock(lockPath, fileLock)
 
 	// Read existing config
 	content, err := os.ReadFile(ycu.Path)

pkg/config/config.go

@@ -11,10 +11,10 @@ import (
 	"time"
 
 	"github.com/adrg/xdg"
-	"github.com/gofrs/flock"
 	"gopkg.in/yaml.v3"
 
 	"github.com/stacklok/toolhive/pkg/env"
+	"github.com/stacklok/toolhive/pkg/lockfile"
 	"github.com/stacklok/toolhive/pkg/logger"
 	"github.com/stacklok/toolhive/pkg/secrets"
 )
@@ -265,7 +265,7 @@ func UpdateConfigAtPath(configPath string, updateFn func(*Config)) error {
 
 	// Use a separate lock file for cross-platform compatibility
 	lockPath := configPath + ".lock"
-	fileLock := flock.New(lockPath)
+	fileLock := lockfile.NewTrackedLock(lockPath)
 	ctx, cancel := context.WithTimeout(context.Background(), lockTimeout)
 	defer cancel()
 
@@ -277,7 +277,7 @@ func UpdateConfigAtPath(configPath string, updateFn func(*Config)) error {
 	if !locked {
 		return fmt.Errorf("failed to acquire lock: timeout after %v", lockTimeout)
 	}
-	defer fileLock.Unlock()
+	defer lockfile.ReleaseTrackedLock(lockPath, fileLock)
 
 	// Load the config after acquiring the lock to avoid race conditions
 	c, err := LoadOrCreateConfigWithPath(configPath)

pkg/lockfile/cleanup.go

@@ -0,0 +1,121 @@
+// Package lockfile provides utilities for managing file locks and cleanup.
+package lockfile
+
+import (
+	"os"
+	"path/filepath"
+	"sync"
+	"time"
+
+	"github.com/gofrs/flock"
+
+	"github.com/stacklok/toolhive/pkg/logger"
+)
+
+var (
+	// globalRegistry holds all active lock files for cleanup
+	globalRegistry = &lockRegistry{
+		locks: make(map[string]*flock.Flock),
+	}
+)
+
+// lockRegistry manages active file locks for cleanup purposes
+type lockRegistry struct {
+	mu    sync.RWMutex
+	locks map[string]*flock.Flock
+}
+
+// RegisterLock adds a lock to the global registry for cleanup
+func (lr *lockRegistry) RegisterLock(lockPath string, lock *flock.Flock) {
+	lr.mu.Lock()
+	defer lr.mu.Unlock()
+	lr.locks[lockPath] = lock
+}
+
+// UnregisterLock removes a lock from the global registry
+func (lr *lockRegistry) UnregisterLock(lockPath string) {
+	lr.mu.Lock()
+	defer lr.mu.Unlock()
+	delete(lr.locks, lockPath)
+}
+
+// CleanupAll unlocks and removes all registered lock files
+func (lr *lockRegistry) CleanupAll() {
+	lr.mu.Lock()
+	defer lr.mu.Unlock()
+
+	for lockPath, lock := range lr.locks {
+		if err := lock.Unlock(); err != nil && !os.IsNotExist(err) {
+			logger.Warnf("failed to unlock file %s: %v", lockPath, err)
+		}
+
+		if err := os.Remove(lockPath); err != nil && !os.IsNotExist(err) {
+			logger.Warnf("failed to remove lock file %s: %v", lockPath, err)
+		}
+	}
+
+	// Clear the registry
+	lr.locks = make(map[string]*flock.Flock)
+}
+
+// NewTrackedLock creates a new file lock and registers it for cleanup
+func NewTrackedLock(lockPath string) *flock.Flock {
+	lock := flock.New(lockPath)
+	globalRegistry.RegisterLock(lockPath, lock)
+	return lock
+}
+
+// ReleaseTrackedLock unlocks, removes, and unregisters a lock file
+func ReleaseTrackedLock(lockPath string, lock *flock.Flock) {
+	if err := lock.Unlock(); err != nil && !os.IsNotExist(err) {
+		logger.Warnf("failed to unlock file %s: %v", lockPath, err)
+	}
+
+	if err := os.Remove(lockPath); err != nil && !os.IsNotExist(err) {
+		logger.Warnf("failed to remove lock file %s: %v", lockPath, err)
+	}
+
+	globalRegistry.UnregisterLock(lockPath)
+}
+
+// CleanupAllLocks provides global cleanup of all registered lock files
+func CleanupAllLocks() {
+	globalRegistry.CleanupAll()
+}
+
+// CleanupStaleLocks removes stale lock files from the specified directories
+// A lock file is considered stale if it's older than the maxAge duration
+func CleanupStaleLocks(directories []string, maxAge time.Duration) {
+	cutoff := time.Now().Add(-maxAge)
+
+	for _, dir := range directories {
+		matches, err := filepath.Glob(filepath.Join(dir, "*.lock"))
+		if err != nil {
+			logger.Warnf("failed to glob lock files in %s: %v", dir, err)
+			continue
+		}
+
+		for _, lockFile := range matches {
+			info, err := os.Stat(lockFile)
+			if err != nil {
+				continue // File may have been removed already
+			}
+
+			if info.ModTime().Before(cutoff) {
+				// Try to acquire the lock to check if it's really stale
+				lock := flock.New(lockFile)
+				if locked, err := lock.TryLock(); err == nil && locked {
+					// Lock was acquired, so it was stale
+					if err := lock.Unlock(); err != nil && !os.IsNotExist(err) {
+						logger.Warnf("failed to unlock stale lock file %s: %v", lockFile, err)
+					}
+					if err := os.Remove(lockFile); err != nil && !os.IsNotExist(err) {
+						logger.Warnf("failed to remove stale lock file %s: %v", lockFile, err)
+					} else {
+						logger.Debugf("removed stale lock file: %s", lockFile)
+					}
+				}
+			}
+		}
+	}
+}