§ PL jTCãó—UdZddlmZddlZddlZddlZddlZddlZddlZddl m Z ddlmZm Z mZmZiZded<dD]Zeeed¦«Zeeeee¦«<Œ d)d „Zd*d„Zd+d„Zd,d„Zd-d.d„Zddœd/d „Zd0d"„Zd0d#„Zd1d&„Zd2d(„ZdS)3uShutdown forensics â€” capture context when the gateway receives SIGTERM/SIGINT. The gateway's ``shutdown_signal_handler`` runs synchronously inside the asyncio event loop. We can't safely block it for long, but we DO want a durable record of who/what triggered the shutdown so that "the gateway keeps dying" incidents can be diagnosed after the fact. This module exposes :func:`snapshot_shutdown_context`, a fast (<10ms), non-blocking probe that returns a structured dict the signal handler can log immediately, plus :func:`spawn_async_diagnostic`, a fire-and-forget ``ps`` walk that runs as a detached subprocess so it can't block teardown even if /proc is wedged. Anything that needs to wait (e.g. shelling out to ``ps aux``) belongs in the async helper, never in the synchronous probe. é)ÚannotationsN)ÚPath)ÚAnyÚDictÚListÚOptionalzDict[int, str]Ú_SIGNAL_NAME_BY_NUM)ÚSIGTERMÚSIGINTÚSIGHUPÚSIGQUITÚSIGUSR1ÚSIGUSR2ÚsigrÚreturnÚstrcó´—|€dS t|¦«}n&#ttf$rt|¦«cYSwxYwt |d|›¦«S)zBReturn a human-readable signal name (or ``str(sig)`` as fallback).NÚUNKNOWNzsignal#)ÚintÚ TypeErrorÚ ValueErrorrr Úget)rÚsig_ints ú>/home/kuhnn/.hermes/hermes-agent/gateway/shutdown_forensics.pyÚ_signal_namer%sl€à €{ØˆyðÝc‘(”(ˆˆøÝ•zÐ"ðððÝ3‰xŒxˆˆˆðøøøå×"Ò" 7Ð,?°gÐ,?Ð,?Ñ@Ô@Ð@s†– 9¸9ÚpidrÚkeyú Optional[str]cóR— td|›dd¬¦«5}|D]V}| |dz¦«r<| dd¦«d ¦«ccddd¦«SŒW ddd¦«n#1swxYwYn#tt tf$rYnwxYwdS)zIRead a single field from /proc//status. Linux only; None elsewhere.ú/proc/z/statusúutf-8©Úencodingú:éN)ÚopenÚ startswithÚsplitÚstripÚFileNotFoundErrorÚPermissionErrorÚOSError)rrÚfhÚlines rÚ_read_proc_fieldr/0s(€ð Ý Ð'˜3Ð'Ð'Ð'°'Ð :Ñ :Ô :ð 9¸bØð 9ð 9Ø—?’? 3¨¡9Ñ-Ô-ð9ØŸ:š: c¨1Ñ-Ô-¨aÔ0×6Ò6Ñ8Ô8Ð8Ð8ð 9ð 9ð 9ð 9ñ 9ô 9ð 9ð 9ð9ð 9ð 9ð 9ð 9ñ 9ô 9ð 9ð 9ð 9ð 9ð 9ð 9øøøð 9ð 9ð 9ð 9øøõ µÐ8ð ð ð Øˆð øøøàˆ4sA‚B —AA>Á#B Á0A>Á2B Á>BÂB ÂBÂB Â B$Â#B$cóD— td|›dd¦«5}| ¦«}ddd¦«n#1swxYwYn#tttf$rYdSwxYw|sdS| dd¦« dd¬ ¦« ¦«S) zLRead /proc//cmdline as a printable string. Linux only; None elsewhere.r z/cmdlineÚrbNóó r!Úreplace)Úerrors)r&Úreadr*r+r,r4Údecoder))rr-Údatas rÚ_read_proc_cmdliner9<sì€ðÝ Ð(˜3Ð(Ð(Ð(¨$Ñ /Ô /ð °2Ø—7’7‘9”9ˆDð ð ð ñ ô ð ð ð ð ð ð øøøð ð ð ð øøåµÐ8ðððØˆtˆtðøøøàðØˆtà<Š<˜ Ñ&Ô&×-Ò-¨g¸iÐ-ÑHÔH×NÒNÑPÔPÐPs,‚A–7«A·;»A¾;¿AÁAÁAúDict[str, Any]cóˆ—d|i}|dkr|St|d¦«}|||d<t|d¦«}|||d<t|d¦«}|$ t|¦«|d <n#t$rYnwxYwt|d ¦«}|!|r| ¦«dn||d<t |¦«}|r |dd…|d <|S)zŒCompact /proc/ snapshot: pid, ppid, state, uid, cmdline. Best-effort. Missing fields are simply omitted rather than raising. rrÚNameNÚnameÚStateÚstateÚPPidÚppidÚUidÚuidé,Úcmdline)r/rrr(r9)rÚsummaryr=r?rArCrEs rÚ _proc_summaryrGIs€ð % c˜l€GØ ˆa‚x€xØˆÝ˜C Ñ(Ô(€DØÐØˆ‰Ý˜S 'Ñ*Ô*€EØÐØ ˆÑÝ˜C Ñ(Ô(€DØÐð Ý! $™iœiˆGF‰OˆOøÝð ð ð ØˆDð øøøå ˜3 Ñ &Ô &€CØ €à+.Ð7˜Ÿš™œ Qœ˜°Cˆ‰Ý Ñ%Ô%€GØð+à$ T c Tœ]ˆ ÑØ€NsÁA!Á! A.Á-A.Úreceived_signalc óf—tj¦«}tj¦«}tj¦«}tj¦«}||t|¦«|t |¦«nd||t|¦«t|¦«dœ}tj d¦«}|r||d<tj d¦«}|r||d<t|¦«p|dk|d< tj¦«d |d <n#ttf$rYnwxYw t|d¦«}|c|dkr]| ¦«rt |¦«n||d <| ¦«rtt |¦«¦«nd|d<n#t t"f$rYnwxYw tj d¦«} | rÇt%| ¦«dz} | ¦«rF | d¬¦«}|dd…|d<d|›|vpd|›|v|d<n#t$rYnwxYwt%| ¦«dz}| ¦«r5 | d¬¦«}|dd…|d<n#t$rYnwxYwn#t*$rYnwxYw|S)a'Fast (<10ms) snapshot of who/what is asking us to shut down. Captures: * The signal number/name (so SIGINT vs SIGTERM is visible) * Our own PID/ppid + parent process info from /proc (Linux) * Whether systemd is our parent (``ppid==1`` or ``INVOCATION_ID`` set) * Whether takeover/planned-stop markers exist (consumed lazily by the caller) * /proc/self limits + load average (1-min) * Wall-clock and monotonic timestamps for cross-correlating later phases Pure stdlib, never raises, never blocks on subprocesses. N)ÚtsÚts_monotonicÚsignalÚ signal_numrrAÚparentÚselfÚ INVOCATION_IDÚsystemd_invocation_idÚJOURNAL_STREAMÚsystemd_journal_streamr%Ú under_systemdrÚ loadavg_1mÚ TracerPidÚ0Ú tracer_pidÚtracerÚHERMES_HOMEz.gateway-takeover.jsonr!r"rDÚtakeover_markerz"target_pid": z'target_pid': Útakeover_marker_for_selfz.gateway-planned-stop.jsonÚplanned_stop_marker)ÚtimeÚ monotonicÚosÚgetpidÚgetppidrrrGÚenvironrÚboolÚ getloadavgr,ÚAttributeErrorr/ÚisdigitrrrÚexistsÚ read_textÚ Exception) rHÚnowr_rrAÚctxÚ invocation_idÚjournal_streamrYÚhermes_home_strÚ takeover_pathÚrawÚplanned_stop_paths rÚsnapshot_shutdown_contextrshs0€õŒ)‰+Œ+€CÝ”Ñ Ô €IÝ Œ)‰+Œ+€CÝ Œ:‰<Œ<€DðØ!Ý˜Ñ/Ô/Ø.=Ð.I•c˜/Ñ*Ô*Ð*ÈtØØÝ Ñ%Ô%Ý˜cÑ"Ô"ð ð €Cõ”J—N’N ?Ñ3Ô3€MØð5Ø'4ˆÐ#Ñ$Ý”Z—^’^Ð$4Ñ5Ô5€NØð7Ø(6ˆÐ$Ñ%Ý Ñ.Ô.Ð;°$¸!²)€CˆÑð ÝœM™OœO¨AÔ.ˆˆLÑÐøÝ•^Ð$ð ð ð Øˆð øøøð Ý! # {Ñ3Ô3ˆØÐ &¨C¢- -Ø/5¯~ª~Ñ/?Ô/?Ð K¥ F¡¤ ÀVˆCÑØ:@¿.º.Ñ:JÔ:JÐTM#¨f©+¬+Ñ6Ô6Ð6ÐPTˆC‰MøøÝ•zÐ"ð ð ð Øˆð øøøð Ýœ*Ÿ.š.¨Ñ7Ô7ˆØð Ý Ñ1Ô1Ð4LÑLˆMØ×#Ò#Ñ%Ô%ð ðØ'×1Ò1¸7Ð1ÑCÔCCØ-0°°#°¬YCÐ)Ñ*à.¨Ð.Ð.°#Ð5ð9Ø1¨CÐ1Ð1°SÐ8ðÐ2Ñ3Ð3øõðððØDðøøøå $ _Ñ 5Ô 5Ð8TÑ TÐØ ×'Ò'Ñ)Ô)ð ðØ+×5Ò5¸wÐ5ÑGÔGCØ14°T°c°T´CÐ-Ñ.Ð.øÝðððØDðøøøøøåð ð ð Øˆð øøøð€Js€Ã5DÄD&Ä%D&Ä*A5F Æ F4Æ3F4Æ8AJ!È4H5È4J!È5 IÈ?J!ÉIÉ)J!É,#JÊJ!Ê JÊJ!ÊJÊJ!Ê! J.Ê-J.g@)Útimeout_secondsÚlog_pathrÚsignal_namertÚfloatú Optional[int]cóR— |j dd¬¦«n#t$rYdSwxYwtjdkrdSd|›dtj¦«›d} tjt|¦«t j t j zt jzd¦«}n#t$rYdSwxYw tj d |d ›dd|g|tjtjdd¬ ¦«}nd#t tf$rP tj|¦«n#t$rYnwxYwY tj|¦«dS#t$rYdSwxYwwxYw tj|¦«n:#t$rYn.wxYw# tj|¦«w#t$rYwwxYwxYw|jS)aœFire-and-forget ``ps``-style snapshot written to ``log_path``. Runs as a detached subprocess so it can't block the asyncio event loop or compete with platform teardown. The subprocess uses its own ``timeout`` so a wedged ``ps`` still self-cleans within ``timeout_seconds``. Returns the subprocess PID on success, ``None`` on failure. Never raises. We deliberately avoid ``subprocess.run(["ps", "aux"])`` from inside the signal handler (the pre-existing pattern): on a busy host with hundreds of processes, ``ps aux`` can take >2s to walk /proc, during which the asyncio loop is frozen and adapter teardown can't begin. T)ÚparentsÚexist_okNÚwin32z echo '=== shutdown diagnostic @ zº ==='; echo '--- date ---'; date -u +%Y-%m-%dT%H:%M:%SZ; echo '--- ps auxf (top 60 by cpu) ---'; ps auxf --sort=-pcpu 2>/dev/null | head -60; echo '--- pstree of self ---'; pstree -plau a 2>/dev/null | head -40 || true; echo '--- /proc/loadavg ---'; cat /proc/loadavg 2>/dev/null || true; echo '--- recent dmesg (oom/killed) ---'; dmesg -T 2>/dev/null | tail -20 || journalctl --user -n 20 --no-pager 2>/dev/null | tail -20 || true; echo '=== end ==='i¤Útimeoutz.0fÚbashz-c)ÚstdoutÚstderrÚstdinÚstart_new_sessionÚ close_fds)rNÚmkdirr,ÚsysÚplatformr`rar&rÚO_WRONLYÚO_CREATÚO_APPENDÚ subprocessÚPopenÚSTDOUTÚDEVNULLr*Úcloser)rurvrtÚscriptÚfdÚprocs rÚspawn_async_diagnosticr’Ås3€ð*ØŒ×Ò d°TÐÑ:Ô:Ð:Ð:øÝðððØˆtˆtðøøøõ„|wÒÐØˆtð ¨;ð ð õ œ ™œð ð ð ððõŒW•S˜‘]”]¥B¤Kµ"´*Ñ$<½r¼{Ñ$JÈEÑ RÔ RˆˆøÝðððØˆtˆtðøøøðõÔØ ˜?Ð0Ð0°&¸$ÀÐGØÝÔ$ÝÔ$Ø"Øð ñ ô ˆˆøõ wÐ'ðððð ÝŒHR‰LŒLˆLˆLøÝð ð ð ØˆDð øøøàð ÝŒHR‰LŒLˆLˆLˆLøÝð ð ð ØˆDˆDð øøøðøøøð ð ÝŒHR‰LŒLˆLˆLøÝð ð ð ØˆDð øøøøð ÝŒHR‰LŒLˆLˆLøÝð ð ð ØˆDð øøøøøøðŒ8€Osµ‚Ÿ -¬-ÁAB%Â% B3Â2B3Â75C-Ã,E8Ã-EÃ?DÄEÄ D!ÄEÄ D!Ä!EÄ$E8Ä&D<Ä< E Å E Å EÅE8ÅE(Å( E5Å4E5Å8FÅ:FÆFÆ FÆFÆFÆFrlc ó2—| dd¦«}| d¦«pi}| dd¦«}| d¦«pd}| d¦«pd}| d¦«rd nd }| d¦«}t|ttf¦«r|d›nd}g} | d ¦«1| d¦«} | d| rdnd›¦«| d¦«| d¦«| d¦«r| d|d›¦«| rdd | ¦«znd}d|›d|›d|›d|›d|›|›d|› S)z?Render a shutdown context dict as a single, scannable log line.rLú?rNrEz (unknown)r=rrTÚyesÚnorUz.2fr[Nr\ztakeover_marker_present=rOÚotherr]zplanned_stop_marker_present=yesrXztracer_pid=Ú Úzsignal=z under_systemd=z parent_pid=z parent_name=z loadavg_1m=z parent_cmdline=)rÚ isinstancerrwÚappendÚjoin)rlrrNÚ parent_cmdÚparent_nameÚ parent_pidrTÚloadÚload_strÚextrasÚfor_selfÚ extras_strs rÚformat_context_for_logr¥sì€à 'Š'(˜CÑ Ô €CØ WŠWXÑ Ô Ð $ "€FØ—’˜I {Ñ3Ô3€JØ—*’*˜VÑ$Ô$Ð+¨€KØ—’˜EÑ"Ô"Ð) c€JØ ŸWšW _Ñ5Ô5Ð?EE¸4€MØ7Š7<Ñ Ô €DÝ *¨4µ#µu°Ñ >Ô >ÐG$ˆ}ˆ}ˆ}ÀC€HØ€FØ ‡w‚wÐ Ñ!Ô!Ð-Ø—7’7Ð5Ñ6Ô6ˆØ Š ØH°Ð'F v v¸wÐHÐHñ ô ð ð‡w‚wÐ$Ñ%Ô%Ð1Ø Š Ð7Ñ8Ô8Ð8Ø ‡w‚wˆ|ÑÔð9Ø Š Ð7 C¨Ô$5Ð7Ð7Ñ8Ô8Ð8Ø-3Ð;#˜Ÿš Ñ(Ô(Ñ(Ð(¸€Jð )#ð )ð )Ø&ð )ð )à ð )ð )ð#ð )ð )ðð )ð ð )ð )ð%ð )ð )ðócól— tj|td¬¦«S#ttf$rYdSwxYw)zFJSON-serialise a context dict for structured ingestion. Never raises.T)ÚdefaultÚ sort_keysz{})ÚjsonÚdumpsrrr)rls rÚcontext_as_jsonr¬:sE€ðÝŒz˜#¥s°dÐ;Ñ;Ô;Ð;øÝ•zÐ"ðððØˆtˆtðøøøs‚ž3²3Ú drain_timeoutúOptional[Dict[str, Any]]có¸—tj d¦«}|sdSd} tdd¬¦«5}|D]\}d|vrV| ¦« d¦«}t |¦«D]}| d¦«r|}nŒ|rnŒ]ddd¦«n#1swxYwYn#ttf$rYnwxYw|sdSd}dggfD]í} tjd g|¢d ‘|‘d‘ddd ¬¦«} n"#ttjtf$rYŒCwxYw| j dkrŒS| j ¦«D]|}| d¦«re| dd¦«d ¦«} | ¦«rt%| ¦«}nt'| ¦«}|nŒ}|nŒî|€dS|dz}d}||z} |||| || kdœS)u.At startup, sanity-check that systemd's TimeoutStopSec >= drain_timeout. When the gateway is run under a stale systemd unit file (e.g. the user upgraded hermes-agent but never re-ran ``hermes setup`` to regenerate the unit), ``TimeoutStopSec`` can be smaller than the configured ``restart_drain_timeout``. Result: SIGTERM arrives, the drain starts, and systemd SIGKILLs the cgroup mid-drain â€” looks like a phantom kill in the journal because the journal only logs ``code=killed status=9``. Returns ``None`` when the alignment is fine OR we can't determine it (not running under systemd, ``systemctl`` unavailable, etc.). Returns a dict with ``timeout_stop_sec`` + ``drain_timeout`` + ``mismatch`` bool when we have data to report. Best-effort. Never raises. rPNz/proc/self/cgroupr!r"z.serviceú/z--userÚ systemctlÚshowz--property=TimeoutStopUSecTg@)Úcapture_outputÚtextr}rzTimeoutStopUSec=Ú=r%g€„.Ag>@)ÚunitÚtimeout_stop_secrÚexpected_minÚmismatch)r`rcrr&r)r(ÚreversedÚendswithr,r*rŠÚrunÚTimeoutExpiredÚ returncoderÚ splitlinesr'rgrÚ_parse_systemd_duration_to_us)rrmÚ unit_namer-r.ÚpartsÚpÚ timeout_usÚflagÚresultÚvaluer·ÚheadroomÚexpecteds rÚcheck_systemd_timing_alignmentrÊBsË€õ"”J—N’N ?Ñ3Ô3€MØðØˆtð $€Ið å Ð%°Ð 8Ñ 8Ô 8ð ¸BØð ð à Ð%Ð%Ø ŸJšJ™LœL×.Ò.¨sÑ3Ô3EÝ% e™_œ_ð"ð"˜ØŸ:š: jÑ1Ô1ð"Ø()˜IØ!˜Eð"ð!ðØ˜øð ð ð ñ ô ð ð ð ð ð ð øøøð ð ð ð øøõ Õ&Ð'ð ð ð Øˆð øøøàðØˆtð !%€JØ˜RÐ ððˆð Ý”^ØÐU˜tÐU VÐU¨YÐUÐ8TÐUØ#¨$¸ðñôˆFˆFøõ"¥:Ô#<½gÐFð ð ð ØˆHð øøøàÔ Ò!Ð!Øà”M×,Ò,Ñ.Ô.ð ð ˆDØŠÐ1Ñ2Ô2ð ØŸ š 3¨Ñ*Ô*¨1Ô-×3Ò3Ñ5Ô5à—=’=‘?”?ðFÝ!$ U¡¤JJå!>¸uÑ!EÔ!EJØÐ)ØEøØÐ!ØˆEð"ðÐØˆtà! KÑ/Ðð€HØ˜xÑ'€HàØ,Ø&Ø Ø$ xÒ/ðððsG§B0¸A B$ÂB0Â$B(Â(B0Â+B(Â,B0Â0CÃCÃ!C7Ã7DÄDrqcóê—|sdSddddddddœ}d}d }d }|d zD]O}| ¦«s|dkrp|rh| | ¦«¦«}||sdS |tt |¦«|z¦«z }n#t $rYdSwxYwd }d }||z }Œ| ¦«r||z }Œ§|rj|rh| | ¦«¦«}|€dS |tt |¦«|z¦«z }n#t $rYdSwxYwd }d }Œ|r:|s8 |tt |¦«dz¦«z }n#t $rYdSwxYwd }ŒQ|dkr|ndS)zÕParse 'TimeoutStopUSec=1min 30s' / '90s' style values to microseconds. systemd accepts a wide grammar; we cover the common cases (s, ms, min, h) and return None on anything unexpected. Never raises. Nr%ièi@Bi‡“l$'-)ÚusÚmsÚsÚsecÚminÚhÚhrrr™r˜ú.)rgrÚlowerrrwrÚisalpha)rqÚunitsÚtotal_usÚtokenÚdigitsÚchÚ multipliers rrÀrÀ™s€ððØˆtàØØ ØØØ Øð ð €Eð€HØ€EØ €FØC‰ið ñ ˆØ :Š:‰<Œ<ð ˜2 š9˜9Øð à"ŸYšY u§{¢{¡}¤}Ñ5Ô5 ØÐ%¨VÐ%Ø˜4˜4ð Ø¥¥E¨&¡M¤M°JÑ$>Ñ ?Ô ?Ñ?HHøÝ!ð ð ð Ø˜4˜4˜4ð øøøàØØb‰LˆFˆFØ ZŠZ‰\Œ\ð ØR‰KˆEˆEØ ð ˜ð ØŸš 5§;¢;¡=¤=Ñ1Ô1ˆJØÐ!Øttð ØC¥ f¡ ¤ ° Ñ :Ñ;Ô;Ñ;øÝð ð ð Øtttð øøøàˆFØˆE‰EØ ð ˜Eð ð ØC¥ f¡ ¤ ° Ñ 9Ñ:Ô:Ñ:øÝð ð ð Øtttð øøøàˆFùØ !’||ˆ8ˆ8¨Ð-s6Á("BÂ BÂBÃ2"DÄ D$Ä#D$Ä2"EÅ E$Å#E$)rrrr)rrrrrr)rrrr)rrrr:)N)rHrrr:)rurrvrrtrwrrx)rlr:rr)rrwrr®)rqrrrx) Ú__doc__Ú __future__rrªr`rLrŠr…r^ÚpathlibrÚtypingrrrrr Ú__annotations__Ú_nameÚgetattrÚ_valrrr/r9rGrsr’r¥r¬rÊrÀ©r¦rúråsèððððð"#Ð"Ð"Ð"Ð"Ð"à€€€Ø € € € Ø € € € ØÐÐÐØ € € € Ø€€€ØÐÐÐÐÐØ,Ð,Ð,Ð,Ð,Ð,Ð,Ð,Ð,Ð,Ð,Ð,ð')ÐÐ(Ð(Ð(Ñ(Ø Mð/ð/€EØˆ76˜5 $Ñ'Ô'€DØÐØ).Ð˜C˜C ™IœIÑ&øðAðAðAðAð ð ð ð ð Qð Qð Qð Qððððð>ZðZðZðZðZðB!ð QðQðQðQðQðQðhððððBððððTðTðTðTðn5.ð5.ð5.ð5.ð5.ð5.r¦