BjedZddlZddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z ddl mZmZddlmZej$dk(rddlZnddlZd Zd Zd Zej$dk(ZeZd Zdad Zde fdZdadee de fdZde fdZ de fdZ!de"fdZ#ddde$de%ddfdZ&de"de"fdZ'de"de"de fdZ(de$dee$fdZ)de$dee$fdZ*de$dee"fd Z+de$de%fd!Z,d"e-e"efde%fd#Z.de-fd$Z/de-e"effd%Z0d&e dee-e"effd'Z1d&e d(e-e"efddfd)Z2dadee dee-fd*Z3dad+ee dee-e"effd,Z4d"ee-e"efdee$fd-Z5de d.e%ddfd/Z6dbd0Z7de%fd1Z8de$de%fd2Z9dbd3Z:de%fd4Z;dbd5Zeeeeeeeed8d9ed:ed;eded?ed@eddfdAZ?dee-e"effdBZ@dbdCZAdade"de"dDee-e"efdeBe%ee-e"efffdEZCde"de"ddfdFZDdddGdHee$dIee$de$fdJZEdKZFdLZGdMZHdLZIde fdNZJde fdOZKdPe"dQe$de%fdRZLd&e dSe"dTe"dQe$de%f dUZMdVe$de%fdWZNde%fdXZOdbdYZPdVe$de%fdZZQde%fd[ZRdbd\ZS dad]d^dee d.e%dee$fd_ZT dad]d^dee d.e%de%fd`ZUy)cu Gateway runtime status helpers. Provides PID-file based detection of whether the gateway daemon is running, used by send_message's check_fn to gate availability in the CLI. The PID file lives at ``{HERMES_HOME}/gateway.pid``. HERMES_HOME defaults to ``~/.hermes`` but can be overridden via the environment variable. This means separate HERMES_HOME directories naturally get separate PID files — a property that will be useful when we add named profiles (multiple agents running concurrently under distinct configurations). N)datetimetimezone)Pathget_hermes_home)AnyOptionalatomic_json_writewin32hermes-gatewayzgateway_state.jsonz gateway-locksz gateway.lockreturnc t}|dz S)z@Return the path to the gateway PID file, respecting HERMES_HOME.z gateway.pidrhomes 3/home/ubuntu/.hermes/hermes-agent/gateway/status.py _get_pid_pathr,s  D - pid_pathcV||jtSt}|tz S)z1Return the path to the runtime gateway lock file.) with_name_GATEWAY_LOCK_FILENAMEr)rrs r_get_gateway_lock_pathr2s.!!"899  D ( ((rc<tjtS)z5Return the persisted runtime health/status file path.)rr_RUNTIME_STATUS_FILErr_get_runtime_status_pathr:s ? $ $%9 ::rctjd}|r t|Sttjdtjdz dz }|dz tz S)zBReturn the machine-local directory for token-scoped gateway locks.HERMES_GATEWAY_LOCK_DIRXDG_STATE_HOMEz.localstatehermes)osgetenvrr_LOCKS_DIRNAME)override state_homes r _get_lock_dirr)?sTyy23HH~bii 0$))+2H72RSTJ  > 11rcdtjtjj SN)rnowrutc isoformatrrr _utc_now_isor/Hs << % / / 11rF)forcepidr0c|r|trv tjddt|ddgddd}|jd k7r>|jxs|jxsd j}t|xsd |y|stjnttd tj}t j ||y#t$r't j |tjYywxYw) zTerminate a PID with platform-appropriate force semantics. POSIX uses SIGTERM/SIGKILL. Windows uses taskkill /T /F for true force-kill because os.kill(..., SIGTERM) is not equivalent to a tree-killing hard stop. taskkillz/PIDz/Tz/FT capture_outputtexttimeoutNrztaskkill failed for PID SIGKILL) _IS_WINDOWS subprocessrunstrFileNotFoundErrorr$killsignalSIGTERM returncodestderrstdoutstripOSErrorgetattr)r1r0resultdetailssigs r terminate_pidrLLs   ^^VSXtT:# F    !}}; ;BBDG'E'?u%EF F %&..769fnn+UCGGC!  GGC (  s'C-C76C7identitycltj|jdjddS)Nutf-8)hashlibsha256encode hexdigest)rMs r _scope_hashrUgs* >>(//'2 3 = = ? DDrscopec:t|dt|dz S)N-z.lock)r)rU)rVrMs r_get_scope_lock_pathrYks" ?wa H(='>eD DDrctd|d} t|jdjdS#tt t ttf$rYywxYw)z:Return the kernel start time for a process when available./proc/z/statrOencodingN) rint read_textsplitr? IndexErrorPermissionError ValueErrorrG)r1 stat_paths r_get_process_start_timerfos^vcU%()I9&&&8>>@DEE z?J Ps+=AAct|S)zBPublic wrapper for retrieving a process start time when available.)rf)r1s rget_process_start_timerhys "3 ''rctd|d} |j}|r1|jddjddj S tjdd t|d d gd d d }|jdk(r4|jj r|jj Sy#t t tf$rYwxYw#ttjf$rYywxYw)zReturn the process command line as a space-separated string. On Linux, reads /proc//cmdline directly. On macOS and other platforms without /proc, falls back to ``ps -p -o command=``. r[z/cmdline rOignore)errorspsz-pz-ozcommand=Tr5rN)r read_bytesreplacedecoderFr?rcrGr<r=r>rCrETimeoutExpired)r1 cmdline_pathrawrIs r_read_process_cmdlinerv~s &X./LW%%' ;;w-44WX4NTTV V   4S4 4      !fmm&9&9&;==&&( ( %  8    Z.. /   s$CA)CCCC65C6cLt|syd}tfd|DS)zBReturn True when the live PID still looks like the Hermes gateway.F)hermes_cli.main gatewayhermes_cli/main.py gatewayhermes gatewayr gateway/run.pyc3&K|]}|v ywr+r.0patterncmdlines r z._looks_like_gateway_process..:gw'!:)rvany)r1patternsrs @r_looks_like_gateway_processrs-#C(G H :: ::rrecordc|jdtk7ry|jd}t|tr|sydj d|Dd}t fd|DS)zMValidate gateway identity from PID-file metadata when cmdline is unavailable.kindFargv c32K|]}t|ywr+)r>)r~parts rrz-_record_looks_like_gateway..s2Ts4y2s)rxryrzr{c3&K|]}|v ywr+rr}s rrz-_record_looks_like_gateway..rr)get _GATEWAY_KIND isinstancelistjoinr)rrrrs @r_record_looks_like_gatewayrsb zz&]* ::f D dD !hh2T22GH :: ::rctjtttj t tjdS)N)r1rr start_time)r$getpidrrsysrrfrrr_build_pid_recordrs1yy{SXX-biik:  rc Zt}|jdddditd|S)NstartingFr) gateway_state exit_reasonrestart_requested active_agents platforms updated_at)rupdater/)payloads r_build_runtime_status_recordrs6!G NN#""n  Nrpathc|jsy |jdj}|sy t j |}t|tr|SdS#t$rYywxYw#tj $rYywxYw)NrOr\) existsr`rFrGjsonloadsJSONDecodeErrorrdict)rrurs r_read_json_filers ;;=nngn.446 **S/!$/79T9    s" A A/ A,+A,/BBrc"t||ddy)N),:)indent separatorsr )rrs r_write_json_filersdGDZHrc|xs t}|jsy |jj}|sy t j |}t|trd|iSt|tr|Sy#t$rYywxYw#t j$r! dt|icYS#t$rYYywxYwwxYwNr1) rrr`rFrGrrrr_rdrr)rrurs r_read_pid_recordrs*=?H ??   "((* **S/'3w'4  %     3s8$ $  sAA?B? B  B C" B1.C1 B>:C=B>>C lock_pathc0t|xs tSr+)rr)rs r_read_gateway_lock_recordrs IA)?)A BBrcZ|sy t|dS#tttf$rYywxYwr)r_KeyError TypeErrorrd)rs r_pid_from_recordr s5 6%=!! i ,s ** cleanup_stalec|sy |jd t|jdy#t$rY(wxYw#t$rYywxYw)aDelete a stale gateway PID file (and its sibling lock metadata). Called from ``get_running_pid()`` after the runtime lock has already been confirmed inactive, so the on-disk metadata is known to belong to a dead process. Unlike ``remove_pid_file()`` (which defensively refuses to delete a PID file whose ``pid`` field differs from ``os.getpid()`` to protect ``--replace`` handoffs), this path force-unlinks both files so the next startup sees a clean slate. NT missing_ok)unlink Exceptionrrrs r_cleanup_invalid_pid_pathrs_  4( x(//4/@        s4A AA AAc|jd|jtjt ||j  t j|jy#t$rYywxYw)Nr) seektruncaterdumprflushr$fsyncfilenorGhandles r_write_gateway_lock_recordr(s[ KKN OOII!6* LLN  !    s#A55 BBc tr|jdtj|j dk(r!|j d|j |jttj|jtjdytj|jtjtjzy#t t"f$rYywxYw)Nr TF)r;rr$SEEK_ENDtellwriter_WINDOWS_LOCK_OFFSETmsvcrtlockingrLK_NBLCKfcntlflockLOCK_EXLOCK_NBBlockingIOErrorrGrs r_try_acquire_file_lockr3s   KK2;; '{{}! T"  KK, - NN6==?FOOQ ? KK )F G W %sB"C)%AC))C;:C;c ddl}t|jt|S#t$rYnwxYwt r ddl}|jj}|j|j_ |j|j_ |j|j_ d}d}d}d}d}|j||zdt|} | s|j} | |k(ry| |k(ry y |j| d} | |k(|j| S#|j| wxYw#t t"f$rYywxYw t%j&t|dy #t($rYyt*$rYy t $rYywxYw) uCross-platform "is this PID alive" check that does NOT kill the target. CRITICAL on Windows: Python's ``os.kill(pid, 0)`` is NOT a no-op like it is on POSIX. CPython's Windows implementation (``Modules/posixmodule.c::os_kill_impl``) treats ``sig=0`` as ``CTRL_C_EVENT`` because the two values collide at the C level, and routes it through ``GenerateConsoleCtrlEvent(0, pid)`` — which sends a Ctrl+C to the entire console process group containing the target PID, not just the PID itself. Any caller that wanted to "check if this PID is alive" via ``os.kill(pid, 0)`` on Windows was silently killing that process (and often unrelated processes in the same console group). Long-standing Python quirk; see bpo-14484. Implementation: prefer :mod:`psutil` (hard dependency — the canonical cross-platform answer, maintained by Giampaolo Rodolà, uses ``OpenProcess + GetExitCodeProcess`` on Windows internally). Fall back to a hand-rolled ctypes ``OpenProcess`` / ``WaitForSingleObject`` pair on Windows + ``os.kill(pid, 0)`` on POSIX if psutil is somehow unavailable — e.g. stripped-down install or import error during the scaffold phase before ``psutil`` is pip-installed. rNiriWroFT)psutilbool pid_existsr_ ImportErrorr;ctypeswindllkernel32c_void_p OpenProcessrestypec_uintWaitForSingleObject GetLastError CloseHandlerGAttributeErrorr$r@ProcessLookupErrorrc) r1rrr!PROCESS_QUERY_LIMITED_INFORMATION SYNCHRONIZE WAIT_TIMEOUTERROR_INVALID_PARAMETERERROR_ACCESS_DENIEDrerr wait_results r _pid_existsrCs, F%%c#h/00      }}--H,2??H (39==H ( ( 0,2MMH ! ! )06 -"K%L&( #"# ))1K?CF++-11 -- -&::61E #l2$$V,$$V,(    GGCHa !    s[&) 55B+D2,D24D D2D//D22EEE(( F3F=FFc& trI|jttj|j tj dytj|j tjy#t$rYywxYw)Nr) r;rrrrrLK_UNLCKrrLOCK_UNrGrs r_release_file_lockrs[  KK, - NN6==?FOOQ ? KK  7    sAB2B BBctyt}|jjddt |dd}t |s|j yt||ay)zClaim the cross-process runtime lock for the gateway. Unlike the PID file, the lock is owned by the live process itself. If the process dies abruptly, the OS releases the lock automatically. Tparentsexist_oka+rOr\F)_gateway_lock_handlerparentmkdiropenrcloser)rrs racquire_gateway_runtime_lockrs_' ! #DKKdT2 $w /F !& ) v&! rcpt}|ydat| |jy#t$rYywxYw)z&<&>',>BXBZ,Z  $ $ & $dW =F  !& ) v &  LLN  LLN   w     LLN   sTBA?.B? B  B  BBB?B0/B?0 B<9B?;B<<B?ct}|jjddtjt } t j|t jt jzt jz} t j|dd5}|j|dddy#t$rwxYw#1swYyxYw#t$r$ |jd#t $rYwxYwwxYw)zWrite the current process PID and metadata to the gateway PID file. Uses atomic O_CREAT | O_EXCL creation so that concurrent --replace invocations race: exactly one process wins and the rest get FileExistsError. TrwrOr\Nr)rrrrdumpsrr$rO_CREATO_EXCLO_WRONLYFileExistsErrorfdopenrrrrG)rrfdfs rwrite_pid_filers ?DKKdT2 ZZ)+ ,F WWT2:: 1BKK? @ YYr3 1 Q GGFO         KK4K (     s[AC C%C7C C CCC D$C76D7 DDDD)rrrrplatformplatform_state error_code error_messagerrrrrrrrcBt}t|xs t} t} | j di| d| d<| d| d<| d| d<| d| d<t | d<|t ur|| d<|t ur|| d<|t urt|| d <|t urtd t|| d <|t urQ| dj|i} |t ur|| d <|t ur|| d <|t ur|| d<t | d<| | d|<t|| y)zBPersist gateway runtime health information for diagnostics/status.rrr1rrrrrrrrr"rrN) rrrr setdefaultr/_UNSETrmaxr_rr) rrrrrrrrrrcurrent_recordplatform_payloads rwrite_runtime_statusr"sV $ %Dd#E'C'EG&(N {B'$V,GFO#E*GEN$V,GFO*<8GL(NGLF"#0 & !, &'+,='>#$F"#&q#m*<#= v";/33HbA  '(6 W % V #-7 \ *  &0= _ -)5&)9 X&T7#rc(ttS)z=Read the persisted gateway runtime health/status information.)rrrrrread_runtime_statusr$s 35 66rc t}t|}|) t|d}||t jk7ry|jdy#ttt f$rd}YEwxYw#t$rYywxYw)ahRemove the gateway PID file, but only if it belongs to this process. During --replace handoffs, the old process's atexit handler can fire AFTER the new process has written its own PID file. Blindly removing the file would delete the new process's record, leaving the gateway running with no PID file (invisible to ``get_running_pid()``). Nr1Tr) rrr_rrrdr$rrr)rrfile_pids rremove_pid_filer's   &   ve}-#BIIK(? t $ i4     s9A1AA1A1A.+A1-A..A11 A=<A=metadatac,t||}|jjddit|t ||xsit d}t |}|#|jr |jd|rh t|d}|tjk(r3|j!d|j!dk(rt#||d|fS|du}|st%|sd}nt'|}|j!d|||j!dk7rd}|s8|j!d'|%t)|st+|} | t-|sd}|sq t/d|d } | jrQ| j1d j3D].} | j5d s| j7d } | dvrd}n|r |jdnd|fS tj:|tj<tj>ztj@z} tjD| dd 5}tGjH||dddy#t$rYwxYw#tttf$rd}YwxYw#tt8f$rYwxYw#t$rYwxYw#tB$rdt |fcYSwxYw#1swYyxYw#tJ$r$ |jd#t$rYwxYwwxYw)zAcquire a machine-local lock keyed by scope + identity. Used to prevent multiple local gateways from using the same external identity at once (e.g. the same Telegram bot token across different HERMES_HOME dirs). Tr)rV identity_hashr(rNrr1rr[z/statusrOr\zState:r>TtFr)TN)&rYrrrrUr/rrrrGr_rrrdr$rrrrrfrrvrrr` splitlines startswithrarcrrrrrrrrr)rVrMr(rrexisting existing_pidstale current_start live_cmdline _proc_status_line_staterrs racquire_scoped_lockr76s< %UH5I 4$7  $X.N"n Fy)HI,,.       - x/L 299; &8<< +ET`Ia+a Y /> !$|, 7 E LL.:%1%l)CC E \2:%-7 E#8#FL#/7QRZ7[ $ '+f\N',J'K '..0)5)?)?)?)Q)\)\)^*#(#3#3H#=-2[[]1-=F'-';04$) *    D 1(? "1 WWY RYY 6 D E YYr3 1 &V IIff % & Y    )Z0 L `$_5    1oi0001 &        -     s0I-I=#AJ7JJ/.AJ>5K& K$K&- I:9I:=JJJ,+J,/ J;:J;>KKK#K&#K&& L0LL L LLLc*t||}t|}|sy|jdtjk7ry|jdt tjk7ry |j dy#t$rYywxYw)zDRelease a previously-acquired scope lock when owned by this process.Nr1rTr)rYrrr$rrfrrG)rVrMrr/s rrelease_scoped_lockr9s$UH5Iy)H ||Ebiik)||L!%r/r_rrLrUrYrfrhrvrrrrrrrrrrrrrrrrr r rr"r$r'tupler7r9rBrErbrHrkrFrIrQrZr^rcrerirlrnrvrxrrrrsR   ', #<<7 + llg% '# t )Xd^)t);$; 2t22c2.3sdt6E#E#EEEsEtE#(( ( sx}< ;S ;T ; ;tCH~;$;&4 d38n  :$ :8DcN#; : I4I$sCx.ITIx~$8C$C8DQTVYQYNC[CXd38n5(3-    ,  d  GSGTGV d*  htn.6 # *$*$*$ *$  *$  *$*$*$*$ *$Z7Xd38n57  0dsdcdXd3PS8n=Udafgkmuvz{~AD|DwEnFhFbGdN  s  c  d  $ $&**}*sm* *@5 <,4, 0t0 ST+ ++ +  +  +\cd2$& #$*d  $%%tn%%c] %R $NNtnNN Nr