commit c89a8187e0046e1aafcd88e43b4738971dfe9dbd
parent 2a42015ff814340eff87a27569fe93c1c0f52a53
Author: triesap <tyson@radroots.org>
Date: Wed, 8 Apr 2026 22:23:18 +0000
stdio: harden hyf internal diagnostics sink
Diffstat:
4 files changed, 217 insertions(+), 21 deletions(-)
diff --git a/src/hyf_stdio/diagnostics.mojo b/src/hyf_stdio/diagnostics.mojo
@@ -0,0 +1,65 @@
+from std.ffi import c_int, external_call
+from std.os import getenv, makedirs
+from std.pathlib import Path
+from std.tempfile import gettempdir
+
+
+comptime _HYF_DIAGNOSTICS_DIR_ENV = "HYF_DIAGNOSTICS_DIR"
+comptime _HYF_DIAGNOSTICS_DIR_NAME = "hyf-diagnostics"
+comptime _HYF_DIAGNOSTICS_FILE_PREFIX = "hyf-internal-error-pid-"
+comptime _HYF_DIAGNOSTICS_FILE_SUFFIX = ".log"
+comptime _HYF_DIAGNOSTICS_DIR_MODE = 0o700
+comptime _HYF_DIAGNOSTICS_FILE_MODE = 0o600
+
+
+def _current_process_id() -> Int:
+ return Int(external_call["getpid", c_int]())
+
+
+def _ensure_directory_mode(path: Path):
+ var path_str = path.__fspath__()
+ _ = external_call["chmod", c_int](
+ path_str.as_c_string_slice().unsafe_ptr(),
+ c_int(_HYF_DIAGNOSTICS_DIR_MODE),
+ )
+
+
+def _ensure_file_mode(handle: Int):
+ _ = external_call["fchmod", c_int](
+ c_int(handle), c_int(_HYF_DIAGNOSTICS_FILE_MODE)
+ )
+
+
+def _default_diagnostics_dir() raises -> Path:
+ var tmpdir = gettempdir()
+ if tmpdir:
+ return Path(tmpdir.value()) / _HYF_DIAGNOSTICS_DIR_NAME
+ return Path("/tmp") / _HYF_DIAGNOSTICS_DIR_NAME
+
+
+def _diagnostics_dir() raises -> Path:
+ var configured = getenv(_HYF_DIAGNOSTICS_DIR_ENV, "")
+ if configured != "":
+ return Path(configured)
+ return _default_diagnostics_dir()
+
+
+def _diagnostic_log_path() raises -> Path:
+ var diagnostics_dir = _diagnostics_dir()
+ makedirs(diagnostics_dir, mode=_HYF_DIAGNOSTICS_DIR_MODE, exist_ok=True)
+ _ensure_directory_mode(diagnostics_dir)
+ return diagnostics_dir / (
+ _HYF_DIAGNOSTICS_FILE_PREFIX
+ + String(_current_process_id())
+ + _HYF_DIAGNOSTICS_FILE_SUFFIX
+ )
+
+
+def append_internal_diagnostic(line: String):
+ try:
+ var log_path = _diagnostic_log_path()
+ with open(log_path, "a") as log_file:
+ _ensure_file_mode(log_file.handle)
+ log_file.write(line)
+ except:
+ pass
diff --git a/src/hyf_stdio/server.mojo b/src/hyf_stdio/server.mojo
@@ -1,7 +1,5 @@
from std.collections import Optional
from std.io.io import _fdopen
-from std.os import getenv
-from std.pathlib import Path
from std.sys import stdin
from mojson import Value
@@ -21,6 +19,7 @@ from hyf_stdio.codec import (
)
from hyf_stdio.control.capabilities import build_capabilities_output
from hyf_stdio.control.status import build_status_output
+from hyf_stdio.diagnostics import append_internal_diagnostic
from hyf_stdio.envelope import (
WireErrorResponse,
WireRequest,
@@ -80,11 +79,6 @@ def _write_success(response: WireSuccessResponse) raises:
def _diagnostic_value(value: String) -> String:
return value.replace("\n", "\\n").replace("\r", "\\r")
-
-def _internal_diagnostic_path() -> Path:
- return Path(getenv("TMPDIR", "/tmp")) / "hyf-internal-error.log"
-
-
def _diagnostic_trace_id(trace_id: Optional[String]) -> String:
if trace_id:
return _diagnostic_value(String(trace_id.value()))
@@ -97,20 +91,17 @@ def _emit_internal_diagnostic(
capability: String,
detail: String,
):
- try:
- _internal_diagnostic_path().write_text(
- "hyf_internal_error request_id=\""
- + _diagnostic_value(request_id)
- + "\" trace_id=\""
- + _diagnostic_trace_id(trace_id)
- + "\" capability=\""
- + _diagnostic_value(capability)
- + "\" detail=\""
- + _diagnostic_value(detail)
- + "\"\n"
- )
- except:
- pass
+ append_internal_diagnostic(
+ "hyf_internal_error request_id=\""
+ + _diagnostic_value(request_id)
+ + "\" trace_id=\""
+ + _diagnostic_trace_id(trace_id)
+ + "\" capability=\""
+ + _diagnostic_value(capability)
+ + "\" detail=\""
+ + _diagnostic_value(detail)
+ + "\"\n"
+ )
def _wire_error_from_core_failure(
diff --git a/tests/test_hyf.mojo b/tests/test_hyf.mojo
@@ -1,3 +1,5 @@
+import std.os
+from std.os.path import exists
from std.pathlib import Path, _dir_of_current_file
from std.testing import (
TestSuite,
@@ -5,6 +7,7 @@ from std.testing import (
assert_raises,
assert_true,
)
+from std.tempfile import TemporaryDirectory
from mojson import Value, loads
@@ -27,6 +30,29 @@ from hyf_stdio.server import (
comptime _EXPECTED_INTERNAL_ERROR_MESSAGE = (
"internal hyf daemon error; inspect local diagnostics"
)
+comptime _HYF_DIAGNOSTICS_DIR_ENV = "HYF_DIAGNOSTICS_DIR"
+
+
+struct ScopedEnvVar:
+ var name: String
+ var value: String
+ var previous: String
+ var had_previous: Bool
+
+ def __init__(out self, name: String, value: String):
+ self.name = String(name)
+ self.value = String(value)
+ self.previous = std.os.getenv(name)
+ self.had_previous = self.previous != ""
+
+ def __enter__(mut self) raises:
+ _ = std.os.setenv(self.name, self.value, overwrite=True)
+
+ def __exit__(mut self):
+ if self.had_previous:
+ _ = std.os.setenv(self.name, self.previous, overwrite=True)
+ else:
+ _ = std.os.unsetenv(self.name)
def _dispatch(line: String) raises -> Value:
@@ -716,5 +742,49 @@ def test_internal_error_is_bounded_on_wire() raises:
)
+def test_internal_error_diagnostics_append_per_process() raises:
+ with TemporaryDirectory() as temp_dir:
+ var diagnostics_dir = Path(temp_dir) / "hyf-internal-diagnostics"
+
+ with ScopedEnvVar(
+ _HYF_DIAGNOSTICS_DIR_ENV, diagnostics_dir.__fspath__()
+ ):
+ _ = loads(
+ handle_request_line_with_control_builders[
+ _failing_status_output, build_capabilities_output
+ ](
+ '{"version":1,"request_id":"status-internal-diag-1","trace_id":"trace-status-internal-diag-1","capability":"sys.status","input":{}}'
+ )
+ )
+ _ = loads(
+ handle_request_line_with_control_builders[
+ _failing_status_output, build_capabilities_output
+ ](
+ '{"version":1,"request_id":"status-internal-diag-2","trace_id":"trace-status-internal-diag-2","capability":"sys.status","input":{}}'
+ )
+ )
+
+ assert_true(exists(diagnostics_dir))
+ var entries = std.os.listdir(diagnostics_dir)
+ assert_equal(len(entries), 1)
+ assert_true(entries[0].startswith("hyf-internal-error-pid-"))
+
+ var content = (diagnostics_dir / entries[0]).read_text()
+ var lines = content.splitlines()
+ assert_equal(len(lines), 2)
+ assert_true(
+ content.find('request_id="status-internal-diag-1"') >= 0
+ )
+ assert_true(
+ content.find('request_id="status-internal-diag-2"') >= 0
+ )
+ assert_true(
+ content.find(
+ 'detail="simulated test-only status builder failure"'
+ )
+ >= 0
+ )
+
+
def main() raises:
TestSuite.discover_tests[__functions_in_module()]().run()
diff --git a/tests/test_stdio_contract.mojo b/tests/test_stdio_contract.mojo
@@ -1,7 +1,11 @@
+import std.os
from std.os import Pipe, Process
+from std.os.path import exists
+from std.pathlib import Path
from std.testing import assert_equal, assert_true, TestSuite
from std.ffi import CStringSlice, c_int, external_call
from std.sys._libc import close, exit, vfork
+from std.tempfile import TemporaryDirectory
from mojson import Value, loads
@@ -9,6 +13,29 @@ from mojson import Value, loads
comptime _EXPECTED_INTERNAL_ERROR_MESSAGE = (
"internal hyf daemon error; inspect local diagnostics"
)
+comptime _HYF_DIAGNOSTICS_DIR_ENV = "HYF_DIAGNOSTICS_DIR"
+
+
+struct ScopedEnvVar:
+ var name: String
+ var value: String
+ var previous: String
+ var had_previous: Bool
+
+ def __init__(out self, name: String, value: String):
+ self.name = String(name)
+ self.value = String(value)
+ self.previous = std.os.getenv(name)
+ self.had_previous = self.previous != ""
+
+ def __enter__(mut self) raises:
+ _ = std.os.setenv(self.name, self.value, overwrite=True)
+
+ def __exit__(mut self):
+ if self.had_previous:
+ _ = std.os.setenv(self.name, self.previous, overwrite=True)
+ else:
+ _ = std.os.unsetenv(self.name)
def _dup2(oldfd: c_int, newfd: c_int) -> c_int:
@@ -222,5 +249,48 @@ def test_internal_error_is_bounded_on_wire() raises:
)
+def test_internal_error_records_detail_in_explicit_diagnostics_dir() raises:
+ with TemporaryDirectory() as temp_dir:
+ var diagnostics_dir = Path(temp_dir) / "hyf-internal-diagnostics"
+ with ScopedEnvVar(
+ _HYF_DIAGNOSTICS_DIR_ENV, diagnostics_dir.__fspath__()
+ ):
+ var response = _run_entrypoint(
+ "tests/internal_error_stdio_main.mojo",
+ '{"version":1,"request_id":"status-internal-proc-diag-1","trace_id":"trace-status-internal-proc-diag-1","capability":"sys.status","input":{}}',
+ )
+
+ assert_true(not response["ok"].bool_value())
+ assert_equal(
+ response["error"]["code"].string_value(),
+ "internal_error",
+ )
+ assert_true(exists(diagnostics_dir))
+
+ var entries = std.os.listdir(diagnostics_dir)
+ assert_equal(len(entries), 1)
+ assert_true(entries[0].startswith("hyf-internal-error-pid-"))
+
+ var content = (diagnostics_dir / entries[0]).read_text()
+ assert_true(
+ content.find(
+ 'request_id="status-internal-proc-diag-1"'
+ )
+ >= 0
+ )
+ assert_true(
+ content.find(
+ 'trace_id="trace-status-internal-proc-diag-1"'
+ )
+ >= 0
+ )
+ assert_true(
+ content.find(
+ 'detail="simulated test-only status builder failure"'
+ )
+ >= 0
+ )
+
+
def main() raises:
TestSuite.discover_tests[__functions_in_module()]().run()
