fix(lockfile): add atomic writes and cache invalidation#7927
Conversation
- Use atomic write pattern (write to temp file, then rename) to prevent partial writes from corrupting the lockfile - Add global lockfile caches with invalidation function - Invalidate caches when lockfile is saved or removed This ensures lockfile integrity and prevents stale cache issues when lockfiles are modified. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Summary of ChangesHello @jdx, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the robustness and data integrity of lockfile handling. By introducing atomic write operations, it safeguards against lockfile corruption during interrupted write processes. Furthermore, it establishes a centralized caching mechanism for lockfiles with explicit invalidation, resolving issues of stale data and ensuring that all operations consistently reflect the most current lockfile state. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
There was a problem hiding this comment.
Pull request overview
This PR addresses lockfile reliability issues by implementing atomic writes and cache invalidation to prevent data corruption and stale cache usage.
Changes:
- Implemented atomic write pattern using temporary files and rename operations
- Moved lockfile caches to module level with public invalidation function
- Added cache invalidation calls after lockfile modifications
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| // Use atomic write: write to temp file, then rename | ||
| // This prevents partial writes from corrupting the lockfile | ||
| let temp_path = path.with_extension("lock.tmp"); |
There was a problem hiding this comment.
The temp file extension 'lock.tmp' will replace the existing extension rather than appending to it. For a file like 'config.lock', this creates 'config.tmp' instead of 'config.lock.tmp'. Consider using a pattern like path.with_file_name(format!(\"{}.tmp\", path.file_name().unwrap().to_str().unwrap())) or a similar approach to preserve the original filename structure.
| let temp_path = path.with_extension("lock.tmp"); | |
| let temp_path = match path.file_name().and_then(|name| name.to_str()) { | |
| Some(name) => path.with_file_name(format!("{name}.tmp")), | |
| None => path.with_extension("lock.tmp"), | |
| }; |
| // This prevents partial writes from corrupting the lockfile | ||
| let temp_path = path.with_extension("lock.tmp"); | ||
| file::write(&temp_path, &content)?; | ||
| fs::rename(&temp_path, path)?; |
There was a problem hiding this comment.
If fs::rename fails after successfully writing the temp file, the temporary file will be left behind without cleanup. Consider wrapping this operation in a guard or adding error handling to remove the temp file on failure.
| fs::rename(&temp_path, path)?; | |
| if let Err(err) = fs::rename(&temp_path, path) { | |
| // Best-effort cleanup of temporary file if rename fails | |
| let _ = fs::remove_file(&temp_path); | |
| return Err(err.into()); | |
| } |
There was a problem hiding this comment.
Code Review
This pull request introduces atomic writes for lockfiles to prevent corruption and adds a global cache invalidation mechanism to prevent stale data. The changes look solid and address the stated problems effectively. I've made one suggestion to improve the robustness of the cache invalidation logic in case of poisoned mutexes.
| if let Ok(mut cache) = ALL_LOCKFILES_CACHE.lock() { | ||
| cache.clear(); | ||
| } | ||
| if let Ok(mut cache) = SINGLE_LOCKFILE_CACHE.lock() { | ||
| cache.clear(); | ||
| } |
There was a problem hiding this comment.
The current implementation of invalidate_caches silently ignores poisoned mutexes. If a thread panics while holding a cache lock, the cache may not be invalidated for the lifetime of the process, leading to stale data. It's more robust to recover from the poison and clear the cache anyway, as the clear() operation is safe even with potentially inconsistent data.
ALL_LOCKFILES_CACHE.lock().unwrap_or_else(|e| e.into_inner()).clear();
SINGLE_LOCKFILE_CACHE.lock().unwrap_or_else(|e| e.into_inner()).clear();
Hyperfine Performance
|
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.12 x -- echo |
20.8 ± 0.4 | 20.0 | 24.9 | 1.00 |
mise x -- echo |
21.7 ± 1.0 | 20.3 | 35.3 | 1.04 ± 0.05 |
mise env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.12 env |
20.0 ± 0.4 | 19.2 | 23.6 | 1.00 |
mise env |
20.7 ± 0.4 | 19.9 | 22.9 | 1.04 ± 0.03 |
mise hook-env
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.12 hook-env |
20.6 ± 0.3 | 20.0 | 22.5 | 1.00 |
mise hook-env |
21.5 ± 0.5 | 20.5 | 23.0 | 1.04 ± 0.03 |
mise ls
| Command | Mean [ms] | Min [ms] | Max [ms] | Relative |
|---|---|---|---|---|
mise-2026.1.12 ls |
19.0 ± 0.4 | 18.1 | 20.7 | 1.00 |
mise ls |
19.3 ± 0.4 | 18.5 | 23.9 | 1.02 ± 0.03 |
xtasks/test/perf
| Command | mise-2026.1.12 | mise | Variance |
|---|---|---|---|
| install (cached) | 113ms | 114ms | +0% |
| ls (cached) | 71ms | 71ms | +0% |
| bin-paths (cached) | 76ms | 76ms | +0% |
| task-ls (cached) | 4454ms | ✅ 546ms | +715% |
✅ Performance improvement: task-ls cached is 715%
### 🚀 Features - **(edit)** add interactive config editor (`mise edit`) by @jdx in [#7930](#7930) - **(lockfile)** graduate lockfiles from experimental by @jdx in [#7929](#7929) - **(task)** add support for usage values in task confirm dialog by @roele in [#7924](#7924) - **(task)** improve source freshness checking with edge case handling by @jdx in [#7932](#7932) ### 🐛 Bug Fixes - **(activate)** preserve ordering of paths appended after mise activate by @jdx in [#7919](#7919) - **(install)** sort failed installations for deterministic error output by @jdx in [#7936](#7936) - **(lockfile)** preserve URL and prefer sha256 when merging platform info by @jdx in [#7923](#7923) - **(lockfile)** add atomic writes and cache invalidation by @jdx in [#7927](#7927) - **(templates)** use sha256 for hash filter instead of blake3 by @jdx in [#7925](#7925) - **(upgrade)** respect tracked configs when pruning old versions by @jdx in [#7926](#7926) ### 🚜 Refactor - **(progress)** migrate from indicatif to clx by @jdx in [#7928](#7928) ### 📚 Documentation - improve clarity on uvx and pipx dependencies by @ygormutti in [#7878](#7878) ### ⚡ Performance - **(install)** use Kahn's algorithm for dependency scheduling by @jdx in [#7933](#7933) - use Aho-Corasick for efficient redaction by @jdx in [#7931](#7931) ### 🧪 Testing - remove flaky test_http_version_list test by @jdx in [#7934](#7934) ### Chore - use github backend instead of ubi in mise.lock by @jdx in [#7922](#7922) ### New Contributors - @ygormutti made their first contribution in [#7878](#7878)
## Summary - Use atomic write pattern (write to temp file, then rename) to prevent partial writes from corrupting the lockfile - Add global lockfile caches with invalidation function - Invalidate caches when lockfile is saved or removed ## Problem 1. **Non-atomic writes**: If a write was interrupted mid-operation, the lockfile could become corrupted 2. **Stale caches**: Lockfile caches were not invalidated when lockfiles were modified, leading to stale data being used ## Solution 1. Write lockfile content to a temp file first, then atomically rename it to the target path 2. Move cache declarations to module level with public `invalidate_caches()` function 3. Call `invalidate_caches()` after any lockfile modification ## Test plan - [x] Code compiles and passes linting - [ ] Manual testing of lockfile operations 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Touches lockfile persistence and caching; failures in the temp-file rename flow or missed invalidation could cause lockfile updates to be lost or stale data to be read. > > **Overview** > Prevents lockfile corruption by switching `Lockfile::save` to an *atomic write* pattern (write to a temp file, then `rename` into place) and clearing caches after writes/removals. > > Moves lockfile read caches to module-level globals (`ALL_LOCKFILES_CACHE`, `SINGLE_LOCKFILE_CACHE`) and adds a public `invalidate_caches()` so cached `read_all_lockfiles`/`read_lockfile_for` results don’t remain stale after lockfile changes. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0ba014f. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
### 🚀 Features - **(edit)** add interactive config editor (`mise edit`) by @jdx in [jdx#7930](jdx#7930) - **(lockfile)** graduate lockfiles from experimental by @jdx in [jdx#7929](jdx#7929) - **(task)** add support for usage values in task confirm dialog by @roele in [jdx#7924](jdx#7924) - **(task)** improve source freshness checking with edge case handling by @jdx in [jdx#7932](jdx#7932) ### 🐛 Bug Fixes - **(activate)** preserve ordering of paths appended after mise activate by @jdx in [jdx#7919](jdx#7919) - **(install)** sort failed installations for deterministic error output by @jdx in [jdx#7936](jdx#7936) - **(lockfile)** preserve URL and prefer sha256 when merging platform info by @jdx in [jdx#7923](jdx#7923) - **(lockfile)** add atomic writes and cache invalidation by @jdx in [jdx#7927](jdx#7927) - **(templates)** use sha256 for hash filter instead of blake3 by @jdx in [jdx#7925](jdx#7925) - **(upgrade)** respect tracked configs when pruning old versions by @jdx in [jdx#7926](jdx#7926) ### 🚜 Refactor - **(progress)** migrate from indicatif to clx by @jdx in [jdx#7928](jdx#7928) ### 📚 Documentation - improve clarity on uvx and pipx dependencies by @ygormutti in [jdx#7878](jdx#7878) ### ⚡ Performance - **(install)** use Kahn's algorithm for dependency scheduling by @jdx in [jdx#7933](jdx#7933) - use Aho-Corasick for efficient redaction by @jdx in [jdx#7931](jdx#7931) ### 🧪 Testing - remove flaky test_http_version_list test by @jdx in [jdx#7934](jdx#7934) ### Chore - use github backend instead of ubi in mise.lock by @jdx in [jdx#7922](jdx#7922) ### New Contributors - @ygormutti made their first contribution in [jdx#7878](jdx#7878)
Summary
Problem
Solution
invalidate_caches()functioninvalidate_caches()after any lockfile modificationTest plan
🤖 Generated with Claude Code
Note
Medium Risk
Touches lockfile persistence and caching; failures in the temp-file rename flow or missed invalidation could cause lockfile updates to be lost or stale data to be read.
Overview
Prevents lockfile corruption by switching
Lockfile::saveto an atomic write pattern (write to a temp file, thenrenameinto place) and clearing caches after writes/removals.Moves lockfile read caches to module-level globals (
ALL_LOCKFILES_CACHE,SINGLE_LOCKFILE_CACHE) and adds a publicinvalidate_caches()so cachedread_all_lockfiles/read_lockfile_forresults don’t remain stale after lockfile changes.Written by Cursor Bugbot for commit 0ba014f. This will update automatically on new commits. Configure here.