fix(gateway): try SIGUSR1 restart before spawning external processes

[grimmjoww]

See the diff

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 67c398f860

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep schtasks restart path when SIGUSR1 listeners exist

This early return bypasses platform-specific restart logic whenever a SIGUSR1 listener is registered, which is true inside the gateway run loop. In the Windows supervised path (restartGatewayProcessWithFreshPid), that means triggerOpenClawRestart reports success via scheduled in-process SIGUSR1, the process exits as supervised, and the scheduled timer never fires; because relaunchGatewayScheduledTask is skipped, the Scheduled Task restart is not triggered and the gateway can stop instead of restarting.

Useful? React with 👍 / 👎.

[greptile-apps]

Greptile Summary

This PR adds an early-return to triggerOpenClawRestart() that checks for registered SIGUSR1 listeners and, when found, delegates to scheduleGatewaySigusr1Restart() instead of spawning external processes (launchctl, systemctl, etc.). It also extends the RestartAttempt.method union with "sigusr1". The fix addresses the structural problem of external child processes dying when their parent gateway exits before they complete.

Confidence Score: 5/5

Safe to merge; logic is sound and the only finding is missing test coverage for the new branch.

The SIGUSR1 listener-count guard correctly identifies in-gateway context (Node's --inspect handler is OS-level and invisible to listenerCount, so there's no false-positive risk). The RestartAttempt type union is properly extended. cleanStaleGatewayProcessesSync is correctly skipped on the in-process path. scheduleGatewaySigusr1Restart always returns ok:true so dropping its return value is harmless. The single P2 finding (no unit test for the new branch) does not affect runtime correctness.

src/infra/restart.ts — new SIGUSR1 branch in triggerOpenClawRestart lacks a unit test.

Prompt To Fix All With AI

This is a comment left during a code review.
Path: src/infra/restart.ts
Line: 301-305

Comment:
**No test coverage for the new SIGUSR1 early-return branch**

`restart.test.ts` only exercises the stale-PID helpers, and `process-respawn.test.ts` mocks `triggerOpenClawRestart` entirely, so the new branch is never exercised by the test suite. A minimal unit test could register a temporary `SIGUSR1` listener on `process`, call `triggerOpenClawRestart()`, assert that the result has `method === "sigusr1"` and `ok === true`, and verify `scheduleGatewaySigusr1Restart` was called (mocked). This matches the pattern recommended by CLAUDE.md for narrowly scoped changes.

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "fix(gateway): try SIGUSR1 restart before..." | Re-trigger Greptile}

[greptile-apps]

No test coverage for the new SIGUSR1 early-return branch

restart.test.ts only exercises the stale-PID helpers, and process-respawn.test.ts mocks triggerOpenClawRestart entirely, so the new branch is never exercised by the test suite. A minimal unit test could register a temporary SIGUSR1 listener on process, call triggerOpenClawRestart(), assert that the result has method === "sigusr1" and ok === true, and verify scheduleGatewaySigusr1Restart was called (mocked). This matches the pattern recommended by CLAUDE.md for narrowly scoped changes.

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/infra/restart.ts
Line: 301-305

Comment:
**No test coverage for the new SIGUSR1 early-return branch**

`restart.test.ts` only exercises the stale-PID helpers, and `process-respawn.test.ts` mocks `triggerOpenClawRestart` entirely, so the new branch is never exercised by the test suite. A minimal unit test could register a temporary `SIGUSR1` listener on `process`, call `triggerOpenClawRestart()`, assert that the result has `method === "sigusr1"` and `ok === true`, and verify `scheduleGatewaySigusr1Restart` was called (mocked). This matches the pattern recommended by CLAUDE.md for narrowly scoped changes.

How can I resolve this? If you propose a fix, please make it concise.

[grimmjoww]

Closing this PR — Codex's P1 is correct: on Windows, the gateway run-loop always registers a SIGUSR1 listener, so the early-return fires when triggerOpenClawRestart() is re-entered from restartGatewayProcessWithFreshPid → schtasks branch, which means relaunchGatewayScheduledTask never runs and the scheduled task isn't told to relaunch the process after exit.

After re-reading the call graph, the root cause is structural, not platform-specific: triggerOpenClawRestart has two caller classes with contradictory needs, and the schtasks branch of restartGatewayProcessWithFreshPid should bypass it and go directly to relaunchGatewayScheduledTask (the same pattern launchd already uses via scheduleDetachedLaunchdRestartHandoff). Opening a revised PR with that fix + the unit test Greptile asked for.

Thanks to @codex and @greptile-bot for the review.

[chatgpt-codex-connector]

To use Codex here, create a Codex account and connect to github.

[greptile-apps]

Thanks for the thorough write-up — the call graph analysis makes the structural issue clear. The launchd parallel (scheduleDetachedLaunchdRestartHandoff bypassing triggerOpenClawRestart) is a clean model for the schtasks fix. Looking forward to reviewing the revised PR.

Tip: You can customize Greptile's behavior for this repo with .greptile/rules and .greptile/config.