fix: harden terminal session startup checks and review rationale

埃博拉酱 · 埃博拉酱 · commit 9e10b4b7556a · 2026-03-08T16:44:05.000+08:00
Update terminal session startup so createSession always waits for the axs HTTP endpoint to become reachable even when a stale or still-booting PID already exists. This removes the race where POST /terminals could run before the embedded server was actually ready during slow startup or crash recovery.

Replace the fragile PTY open error substring detection with structured JSON parsing so normal output that happens to contain overlapping text does not trigger the binary refresh and retry path.

Clarify in init-alpine.sh that the temporary allow-any-origin switch cannot be tightened from the shell wrapper because Origin validation must be implemented inside axs itself.
diff --git a/src/components/terminal/terminal.js b/src/components/terminal/terminal.js
@@ -640,39 +640,41 @@ export default class TerminalComponent {
 				// In debug builds, refresh axs binary from assets before starting
 				await Terminal.refreshAxsBinary();
 				await Terminal.startAxs(false, () => {}, console.error);
+			}
+
+			// Always wait for the HTTP endpoint, even if the PID is already alive.
+			// kill -0 only tells us the outer process exists; the embedded server may
+			// still be starting, especially after crash recovery on slower devices.
+			const initialPollRetries = axsRunning ? 10 : 30;
+			if (!(await pollAxs(initialPollRetries))) {
+				// AXS failed to become reachable — attempt auto-repair
+				toast("Repairing terminal environment...");
+
+				try {
+					await Terminal.stopAxs();
+				} catch (_) {
+					/* ignore */
+				}
 
-				// Wait for axs HTTP server to become reachable
-				const pollResult = await pollAxs(30);
-				if (!pollResult) {
-					// AXS failed to start — attempt auto-repair
-					toast("Repairing terminal environment...");
+				// Re-run installing flow to repair packages / config
+				const repairOk = await Terminal.startAxs(
+					true,
+					console.log,
+					console.error,
+				);
+				if (repairOk) {
+					// Start AXS again after repair
+					await Terminal.startAxs(false, () => {}, console.error);
+				}
 
+				if (!(await pollAxs(30))) {
+					// Still broken — clear .configured so next open re-triggers install
 					try {
-						await Terminal.stopAxs();
+						await Terminal.resetConfigured();
 					} catch (_) {
 						/* ignore */
 					}
-
-					// Re-run installing flow to repair packages / config
-					const repairOk = await Terminal.startAxs(
-						true,
-						console.log,
-						console.error,
-					);
-					if (repairOk) {
-						// Start AXS again after repair
-						await Terminal.startAxs(false, () => {}, console.error);
-					}
-
-					if (!(await pollAxs(30))) {
-						// Still broken — clear .configured so next open re-triggers install
-						try {
-							await Terminal.resetConfigured();
-						} catch (_) {
-							/* ignore */
-						}
-						throw new Error("Failed to start AXS server after repair attempt");
-					}
+					throw new Error("Failed to start AXS server after repair attempt");
 				}
 			}
 
@@ -681,6 +683,24 @@ export default class TerminalComponent {
 				rows: this.terminal.rows,
 			};
 
+			const parsePtyOpenError = (payload) => {
+				if (typeof payload !== "string") {
+					return null;
+				}
+
+				const trimmed = payload.trim();
+				if (!trimmed.startsWith("{")) {
+					return null;
+				}
+
+				try {
+					const parsed = JSON.parse(trimmed);
+					return typeof parsed?.error === "string" ? parsed.error : null;
+				} catch {
+					return null;
+				}
+			};
+
 			const response = await fetch(
 				`http://localhost:${this.options.port}/terminals`,
 				{
@@ -697,9 +717,10 @@ export default class TerminalComponent {
 			}
 
 			const data = await response.text();
+			const ptyOpenError = parsePtyOpenError(data);
 
 			// Detect PTY errors from axs server (e.g. incompatible binary)
-			if (data.includes('"error"') && data.includes("Failed to open PTY")) {
+			if (ptyOpenError?.includes("Failed to open PTY")) {
 				const refreshed = await Terminal.refreshAxsBinary();
 				if (refreshed) {
 					// Kill old axs, restart with fresh binary, and retry once
@@ -719,7 +740,7 @@ export default class TerminalComponent {
 						);
 						if (retryResp.ok) {
 							const retryData = await retryResp.text();
-							if (!retryData.includes('"error"')) {
+								if (!parsePtyOpenError(retryData)) {
 								this.pid = retryData.trim();
 								return this.pid;
 							}
diff --git a/src/plugins/terminal/scripts/init-alpine.sh b/src/plugins/terminal/scripts/init-alpine.sh
@@ -270,8 +270,10 @@ chmod +x "$PREFIX/alpine/initrc"
 # even though axs is already listening, which triggers false repair/reinstall loops.
 # axs currently exposes only its default https://localhost policy or a global
 # allow-any-origin switch; it does not support an explicit origin allowlist yet.
-# Keep this until axs gains per-origin CORS configuration that can express the
-# WebView origin without breaking the localhost probe.
+# Tightening this inside the shell wrapper is not possible: Origin validation has
+# to happen inside axs itself, where the HTTP request is handled. Until axs gains
+# per-origin CORS or an equivalent auth gate, keep this stopgap so terminal
+# startup and localhost readiness probes remain functional.
 "$PREFIX/axs" --allow-any-origin -c "bash --rcfile /initrc -i"
 
 else
