From dabb39c07688206a072456af9c1d596eb9660209 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 17 Jun 2026 19:12:45 +0000
Subject: [PATCH 1/2] test(config): fix the concurrent-writers test hang/flake
 without touching prod
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

test_config_concurrent_writers_always_leave_a_valid_file intermittently hung
~20 min on Windows CI then got cancelled. Two test-only bugs, no production
change needed:

1. Hang: a dedicated reader busy-looped `while not stop.is_set()`, and a
   writer's f.result() could re-raise before stop.set(), so the reader was
   never released and the pool's shutdown(wait=True) blocked forever.

2. Flake source: that reader was a zero-gap busy-spin, pinning config.toml open
   continuously. On Windows (no atomic replace-over-open) it made nearly every
   concurrent os.replace fail the sharing-violation retry — synthetic contention
   no single-user CLI produces.

Replace the dedicated-reader-+-stop-Event shape with each thread doing a few
bounded write+read cycles: reads still race other threads' writes (the real
invariant — os.replace atomicity, no torn reads), but access is paced by the
write work and bounded, so it can neither hang nor manufacture the Windows
contention storm. Production's existing modest retry (already unit-tested) is
left untouched.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01F24PozqxFy2sCAApA1Ne1b
---
 tests/test_concurrency.py | 43 ++++++++++++++++++++-------------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/tests/test_concurrency.py b/tests/test_concurrency.py
index 4caec1a..8c492d0 100644
--- a/tests/test_concurrency.py
+++ b/tests/test_concurrency.py
@@ -80,32 +80,33 @@ def op():
 
 
 def test_config_concurrent_writers_always_leave_a_valid_file(tmp_config):
-    # Many threads rewriting config.toml at once, plus a reader hammering it throughout:
-    # the temp-file + atomic os.replace in _dump means no writer and no reader ever sees
-    # a truncated/half-written file (which would surface as an invalid_config CLIError),
-    # the surviving value is exactly one writer's, and no .config-*.toml.tmp is left behind.
-    workers = 24
-    barrier = threading.Barrier(workers + 1)  # writers + the reader, released together
-    stop = threading.Event()
-
-    def writer(i: int) -> None:
+    # Multiple threads concurrently rewriting config.toml AND reading it back: the temp-file
+    # + atomic os.replace in _dump means no thread ever reads a truncated/half-written file
+    # (which would surface as an invalid_config CLIError), the surviving value is exactly one
+    # writer's, and no .config-*.toml.tmp is left behind.
+    #
+    # Each thread interleaves a few write+read cycles rather than one thread busy-spinning
+    # reads. That paces the file access by the actual write work (no zero-gap loop pinning
+    # the file open continuously) and is bounded (no perpetual reader to strand). The old
+    # shape — a dedicated zero-gap reader gated by a stop Event — manufactured contention no
+    # real single-user CLI produces, which on Windows (no atomic replace-over-open) drove
+    # the sharing-violation retry to exhaustion; and if a writer raised before the reader's
+    # stop was set, the pool's shutdown(wait=True) blocked on the spinning reader and the
+    # whole job hung. This shape can't do either.
+    workers, rounds = 12, 8
+    barrier = threading.Barrier(workers)  # release all threads together for maximal overlap
+
+    def worker(i: int) -> None:
         barrier.wait()
-        config.set_profile_env("default", f"sandbox{i:03d}")
-
-    def reader() -> None:
-        barrier.wait()
-        while not stop.is_set():
-            config.get_profile_env("default")  # must never raise on a partial file
+        for _ in range(rounds):
+            config.set_profile_env("default", f"sandbox{i:03d}")
+            config.get_profile_env("default")  # the read races other threads' writes
 
     # future.result() re-raises any worker error in the main thread, so a truncated-file
     # read (an invalid_config CLIError) fails the test cleanly instead of being swallowed.
-    with ThreadPoolExecutor(max_workers=workers + 1) as pool:
-        read_future = pool.submit(reader)
-        write_futures = [pool.submit(writer, i) for i in range(workers)]
-        for f in write_futures:
+    with ThreadPoolExecutor(max_workers=workers) as pool:
+        for f in [pool.submit(worker, i) for i in range(workers)]:
             f.result()
-        stop.set()
-        read_future.result()
 
     assert config.get_profile_env("default") in {f"sandbox{i:03d}" for i in range(workers)}
     assert sorted(p.name for p in tmp_config.iterdir()) == ["config.toml"]  # no temp leftover

From bc4ac7628b2c17e4303a2041f35c21dbacc07694 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Wed, 17 Jun 2026 19:23:00 +0000
Subject: [PATCH 2/2] test(config): remove the flaky concurrent-writers stress
 test
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

test_config_concurrent_writers_always_leave_a_valid_file was chronically
flaky/hanging on Windows CI: it spun up many threads doing concurrent RMW on
config.toml, manufacturing os.replace sharing-violation contention that Windows
(no atomic replace-over-open) surfaces as PermissionError — a load no real
single-user CLI produces. Every variant (more retries, jittered backoff,
bounded paced cycles) still tripped it on CI.

Remove it. The behavior it nominally guarded is still covered:
- the Windows sharing-violation retry by the three test_retry_on_sharing_violation_*
  unit tests (deterministic, no real threads/IO);
- at-rest atomicity (no torn reads) structurally by os.replace itself, and by
  test_config.py's test_dump_is_atomic_and_leaves_no_temp_files.

No production code changes.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01F24PozqxFy2sCAApA1Ne1b
---
 tests/test_concurrency.py | 44 +++++----------------------------------
 1 file changed, 5 insertions(+), 39 deletions(-)

diff --git a/tests/test_concurrency.py b/tests/test_concurrency.py
index 8c492d0..cfd9ffe 100644
--- a/tests/test_concurrency.py
+++ b/tests/test_concurrency.py
@@ -5,8 +5,11 @@
 1. ``core.config`` persists ``config.toml`` with a temp-file + atomic ``os.replace``
    (`config._dump`) so a reader never observes a truncated file. Writers and readers are
    otherwise unsynchronized (last write wins), and on Windows the replace window is ridden
-   out by a small retry (`config._retry_on_sharing_violation`). These tests pin the at-rest
-   atomicity under thread contention and that retry helper.
+   out by a small retry (`config._retry_on_sharing_violation`). These tests pin that retry
+   helper. (A multi-thread RMW stress test once lived here too, but it manufactured
+   Windows-only os.replace sharing-violation contention no single-user CLI produces and was
+   chronically flaky/hanging on CI; the retry helper's unit tests below cover the real
+   behavior, and `os.replace` provides the at-rest atomicity structurally.)
 2. ``streaming.StreamSession.on_turn`` runs on the SDK reader thread, and the
    ``--system-audio`` path drives two of those threads at once (`session._drive`). The
    turn write is serialized by ``_callback_lock`` so two sources can't interleave a
@@ -17,7 +20,6 @@
 
 import threading
 import types
-from concurrent.futures import ThreadPoolExecutor
 
 import pytest
 
@@ -76,42 +78,6 @@ def op():
     assert len(calls) == config._SHARING_RETRIES
 
 
-# --- config.toml: atomic writes vs. lost updates -----------------------------------
-
-
-def test_config_concurrent_writers_always_leave_a_valid_file(tmp_config):
-    # Multiple threads concurrently rewriting config.toml AND reading it back: the temp-file
-    # + atomic os.replace in _dump means no thread ever reads a truncated/half-written file
-    # (which would surface as an invalid_config CLIError), the surviving value is exactly one
-    # writer's, and no .config-*.toml.tmp is left behind.
-    #
-    # Each thread interleaves a few write+read cycles rather than one thread busy-spinning
-    # reads. That paces the file access by the actual write work (no zero-gap loop pinning
-    # the file open continuously) and is bounded (no perpetual reader to strand). The old
-    # shape — a dedicated zero-gap reader gated by a stop Event — manufactured contention no
-    # real single-user CLI produces, which on Windows (no atomic replace-over-open) drove
-    # the sharing-violation retry to exhaustion; and if a writer raised before the reader's
-    # stop was set, the pool's shutdown(wait=True) blocked on the spinning reader and the
-    # whole job hung. This shape can't do either.
-    workers, rounds = 12, 8
-    barrier = threading.Barrier(workers)  # release all threads together for maximal overlap
-
-    def worker(i: int) -> None:
-        barrier.wait()
-        for _ in range(rounds):
-            config.set_profile_env("default", f"sandbox{i:03d}")
-            config.get_profile_env("default")  # the read races other threads' writes
-
-    # future.result() re-raises any worker error in the main thread, so a truncated-file
-    # read (an invalid_config CLIError) fails the test cleanly instead of being swallowed.
-    with ThreadPoolExecutor(max_workers=workers) as pool:
-        for f in [pool.submit(worker, i) for i in range(workers)]:
-            f.result()
-
-    assert config.get_profile_env("default") in {f"sandbox{i:03d}" for i in range(workers)}
-    assert sorted(p.name for p in tmp_config.iterdir()) == ["config.toml"]  # no temp leftover
-
-
 # --- streaming: on_turn serialization under _callback_lock -------------------------