isProcessRunning() previously only checked whether a PID existed via signal(0)/OpenProcess, without confirming the process was actually picoclaw. When the PID was reused by an unrelated process (e.g., systemd-resolved after a kill -9), the gateway would refuse to start with 'already running'.
Add isPicoclawProcess() that verifies the process name matches picoclaw:
- Unix: reads /proc/<pid>/comm
- Windows: calls QueryFullProcessImageNameW
If the running process is not picoclaw, treat the PID file as stale and proceed with normal startup. Falls back to trusting the liveness check when identity verification is unavailable (e.g., /proc unreadable, API call fails).
Fixes#2720.
- pid: When a container stops and leaves behind a PID file with PID 1
on a shared volume, the host's init process (PID 1) passes the
isProcessRunning check, blocking new gateway starts. Treat recorded
PID 1 as always stale in both WritePidFile and ReadPidFileWithCheck.
Added unit tests covering the PID=1 container leftover scenario.
- isolation: Fix govet shadow warning on platform_windows.go line 105
where := shadows the outer err variable. Changed to = assignment.
- gitattributes: Enforce LF line endings for shell scripts to prevent
CRLF issues when checking out on Windows (breaks Docker entrypoint).
Co-authored-by: BeaconCat <BeaconCat@users.noreply.github.com>
* fix(gateway): validate PID ownership and clean stale pid files
- include `pid` in health responses for runtime PID verification
- add `RemovePidFileIfPID` to safely delete PID files only on PID match
- sanitize gateway PID data via process-command checks with health fallback
- ignore and remove stale/non-gateway PID files before gateway operations
- refuse stop/restart actions when the attached process is not a gateway
- update gateway and websocket tests to cover PID validation and safety paths
* test(seahorse): use shared in-memory SQLite DB in tests to fix async compaction failures
* test: remove unused sendMediaErr field from hook test mock
- treat `EPERM` from `signal(0)` as “process exists” on Unix
- classify malformed PID files as invalid and auto-remove them during read
- keep cached `pidData` only for transient races and downgrade `running` to `stopped` when the tracked process is gone
- refresh PID data on WebSocket proxy requests and reject stale cached gateway state
- add regression tests for invalid PID files, status downgrade, on-demand PID loading, and stale proxy rejection
程智超0668000959