fix(gateway): recover stale pid and planned restart state

[helix4u]

What does this PR do?

This hardens gateway liveness tracking and makes service restarts recover cleanly when Hermes asks the service manager to restart it.

There were two related failure modes in this area:

• stale ~/.hermes/gateway.pid metadata could block a real restart even when the old gateway was gone
• planned service restarts could wedge into a confusing systemd state where Hermes exited with code 75, systemd entered its restart window or failed/rate-limited state, and hermes gateway status did not explain what was happening clearly

The first half of this PR separates live ownership from stale metadata by adding a real runtime lock (gateway.lock) that is held by the live gateway process for its entire lifetime. That makes startup answer the important question cleanly:

• if the runtime lock is held, there is still a live owner
• if the PID file exists but the runtime lock is not held, the PID state is stale and can be cleaned up

The second half makes hermes gateway restart more idempotent for systemd-managed gateways. After a self-requested restart, the CLI now clears stale failed state, actively kicks the unit back into motion, and waits for the replacement process instead of leaving the operator in a silent dead window. hermes gateway status also now surfaces planned-restart states directly, including the common exit 75 failure case, and supports -l/--full so the same command can mirror the untruncated systemctl / journalctl output users are already being told to inspect.

Related Issue

N/A

Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 🔒 Security fix
• 📝 Documentation update
• ✅ Tests (adding or improving test coverage)
• ♻️ Refactor (no behavior change)
• 🎯 New skill (bundled or hub)

Changes Made

• Added a cross-process runtime gateway lock in gateway/status.py using OS file locking
• Made get_running_pid() consult the runtime lock before trusting gateway.pid
• Added fallback from stale gateway.pid metadata to live gateway.lock metadata when the lock is still held
• Released the runtime lock during normal gateway shutdown in gateway/run.py
• Claimed the runtime lock before writing gateway.pid during startup in gateway/run.py
• Tightened stop_profile_gateway() in hermes_cli/gateway.py so it only removes the PID file after the process is actually gone
• Added systemd unit-property probing in hermes_cli/gateway.py for restart/status recovery logic
• Made systemd_restart() clear failed state and explicitly start the unit when a planned restart is pending or when the service is in the post-exit handoff window
• Made systemd_status() explain pending auto-restart and stuck planned-restart states instead of just showing a generic failed service
• Added hermes gateway status -l / --full to expose untruncated service and journal output
• Added regression tests for lock lifecycle, stale PID-without-lock cleanup, live lock fallback, planned restart recovery, and the new status parser/status output paths

How to Test

1. Run source venv/bin/activate
2. Run scripts/run_tests.sh tests/gateway/test_status.py tests/hermes_cli/test_gateway.py tests/hermes_cli/test_gateway_service.py tests/hermes_cli/test_gateway_runtime_health.py -n 4
3. Run scripts/run_tests.sh tests/gateway/test_runner_startup_failures.py tests/gateway/test_gateway_shutdown.py tests/gateway/test_clean_shutdown_marker.py tests/hermes_cli/test_update_gateway_restart.py -n 4
4. Run scripts/run_tests.sh tests/hermes_cli/test_gateway_service.py tests/hermes_cli/test_gateway_runtime_health.py tests/hermes_cli/test_gateway.py -n 4

Checklist

Code

• I've read the Contributing Guide
• My commit messages follow Conventional Commits (fix(scope):, feat(scope):, etc.)
• I searched for existing PRs to make sure this isn't a duplicate
• My PR contains only changes related to this fix/feature (no unrelated commits)
• I've run pytest tests/ -q and all tests pass
• I've added tests for my changes (required for bug fixes, strongly encouraged for features)
• I've tested on my platform: Ubuntu 24.04 / Linux

Documentation & Housekeeping

• I've updated relevant documentation (README, docs/, docstrings) — or N/A
• I've updated cli-config.yaml.example if I added/changed config keys — or N/A
• I've updated CONTRIBUTING.md or AGENTS.md if I changed architecture or workflows — or N/A
• I've considered cross-platform impact (Windows, macOS) per the compatibility guide — or N/A
• I've updated tool descriptions/schemas if I changed tool behavior — or N/A

Screenshots / Logs

Focused test runs passed:

• 148 passed across status/service/runtime-health coverage
• 60 passed across startup/shutdown/restart coverage
• 122 passed across the gateway service/runtime-health/status slice after the restart-status follow-up changes

[alt-glitch]

Related: #14002 (stale gateway PID recovery + systemd cleanup) and #11156 (OSError from scoped-lock PID probe) — overlapping gateway liveness improvements.

[alt-glitch]

Related: #14002 (stale gateway PID recovery + systemd cleanup) and #11156 (OSError from scoped-lock PID probe) — overlapping gateway liveness improvements.

[helix4u]

updated. should allow for detecting stale pids and systemd rate limits.

[teknium1]

Merged via PR #14200 — your commit (1c5d088) was cherry-picked onto current main with authorship preserved via rebase-merge, plus a small follow-up fix so that _cleanup_invalid_pid_path actually unlinks stale gateway.pid / gateway.lock files left behind by a crashed foreign PID (the defensive remove_pid_file() guard was swallowing those). Thanks for the fix and the detailed diagnosis in Discord! #14200