fix(core): send SIGTERM before SIGKILL on sidecar shutdown (tinyhumansai#460) (tinyhumansai#495)

oxoxDev · claude · web-flow · commit b8ded44fbf35 · 2026-04-10T21:51:28.000+05:30
The Tauri shell's CoreProcessHandle::shutdown() was calling child.kill()
which sends SIGKILL on Unix, instantly terminating the core process
without giving it a chance to run graceful shutdown hooks. This left the
autocomplete Swift overlay helper (unified_helper_bin) orphaned, causing
persistent error notifications even after the app was closed.

Now sends SIGTERM first and waits up to 5s for the core to exit
gracefully (running shutdown hooks that stop the autocomplete engine and
quit the Swift helper), then falls back to SIGKILL if still alive.

Co-authored-by: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/app/src-tauri/Cargo.lock b/app/src-tauri/Cargo.lock
diff --git a/app/src-tauri/Cargo.toml b/app/src-tauri/Cargo.toml
@@ -40,6 +40,9 @@ semver = "1"
 log = "0.4"
 env_logger = "0.11"
 
+[target.'cfg(unix)'.dependencies]
+nix = { version = "0.29", default-features = false, features = ["signal"] }
+
 [target.'cfg(target_os = "macos")'.dependencies]
 objc2-app-kit = "0.3.2"
 objc2-core-graphics = "0.3.2"
diff --git a/app/src-tauri/src/core_process.rs b/app/src-tauri/src/core_process.rs
@@ -314,26 +314,35 @@ impl CoreProcessHandle {
 
     /// Stop the core process this handle spawned (child or in-process task). Safe to call if
     /// nothing was spawned or core was already external.
+    ///
+    /// On Unix, sends SIGTERM first so the core process can run its graceful
+    /// shutdown hooks (e.g. stopping the autocomplete engine and its Swift
+    /// overlay helper). Falls back to SIGKILL after a timeout.
     pub async fn shutdown(&self) {
         let mut child_guard = self.child.lock().await;
         if let Some(mut child) = child_guard.take() {
             log::info!("[core] terminating child core process on app shutdown");
-            if let Err(e) = child.kill().await {
-                log::warn!("[core] failed to kill child core process: {e}");
+
+            let exited = self.try_graceful_terminate(&child).await;
+
+            if !exited {
+                log::info!("[core] graceful shutdown timed out, sending SIGKILL");
+                if let Err(e) = child.kill().await {
+                    log::warn!("[core] failed to kill child core process: {e}");
+                }
             }
+
             // Wait for the process to exit so the RPC listen socket is released before restart
             // checks the port (otherwise we can spuriously hit "port still in use").
             match timeout(Duration::from_secs(12), child.wait()).await {
                 Ok(Ok(status)) => {
-                    log::debug!("[core] child core process reaped after kill: {status}");
+                    log::debug!("[core] child core process reaped after shutdown: {status}");
                 }
                 Ok(Err(e)) => {
-                    log::warn!("[core] wait on child core process after kill: {e}");
+                    log::warn!("[core] wait on child core process after shutdown: {e}");
                 }
                 Err(_) => {
-                    log::warn!(
-                        "[core] timed out waiting for child core process to exit after kill (12s)"
-                    );
+                    log::warn!("[core] timed out waiting for child core process to exit (12s)");
                 }
             }
         }
@@ -342,6 +351,62 @@ impl CoreProcessHandle {
             task.abort();
         }
     }
+
+    /// Send SIGTERM to the child and wait up to 5 seconds for it to exit.
+    /// Returns `true` if the process exited gracefully, `false` if it's still
+    /// alive (caller should escalate to SIGKILL).
+    async fn try_graceful_terminate(&self, child: &Child) -> bool {
+        #[cfg(unix)]
+        {
+            use nix::sys::signal::{self, Signal};
+            use nix::unistd::Pid;
+
+            let Some(pid) = child.id() else {
+                log::debug!("[core] child has no PID (already exited?)");
+                return true;
+            };
+
+            log::info!("[core] sending SIGTERM to core process (pid={pid})");
+            if let Err(e) = signal::kill(Pid::from_raw(pid as i32), Signal::SIGTERM) {
+                log::warn!("[core] failed to send SIGTERM: {e}");
+                return false;
+            }
+
+            // Poll for exit for up to 5 seconds.
+            const GRACE_PERIOD: Duration = Duration::from_secs(5);
+            const POLL_INTERVAL: Duration = Duration::from_millis(100);
+            let start = tokio::time::Instant::now();
+
+            while start.elapsed() < GRACE_PERIOD {
+                // Check if process is still alive (signal 0 = existence check).
+                match signal::kill(Pid::from_raw(pid as i32), None) {
+                    Err(nix::errno::Errno::ESRCH) => {
+                        log::info!(
+                            "[core] core process exited gracefully after SIGTERM ({}ms)",
+                            start.elapsed().as_millis()
+                        );
+                        return true;
+                    }
+                    _ => {}
+                }
+                tokio::time::sleep(POLL_INTERVAL).await;
+            }
+
+            log::warn!(
+                "[core] core process still alive after {}s grace period",
+                GRACE_PERIOD.as_secs()
+            );
+            false
+        }
+
+        #[cfg(not(unix))]
+        {
+            // On non-Unix platforms, there is no SIGTERM equivalent; the caller
+            // will use `child.kill()` directly.
+            let _ = child;
+            false
+        }
+    }
 }
 
 fn is_current_exe_path(candidate: &std::path::Path) -> bool {
