refactor: address PR review feedback

simongdavies · Copilot · simongdavies · commit c48ac5cde548 · 2026-06-04T12:30:33.000+01:00
- Make setHostPrintFn callback synchronous (remove Promise deferral)
- Add TypeError validation for non-function callback arguments
- Switch host function TSFN calls to Blocking mode for consistency
- Remove microtask flush workarounds from tests
- Update reentrancy documentation comment

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/src/js-host-api/lib.js b/src/js-host-api/lib.js
@@ -218,16 +218,16 @@ for (const method of [
     }
     SandboxBuilder.prototype.setHostPrintFn = wrapSync(function (callback) {
         if (typeof callback !== 'function') {
-            // Forward non-function values to the native method for consistent
-            // validation errors (the Rust layer rejects non-callable arguments).
-            return origSetHostPrintFn.call(this, callback);
+            throw new TypeError(
+                `SandboxBuilder.setHostPrintFn expects a function, received ${typeof callback}`
+            );
         }
         return origSetHostPrintFn.call(this, (msg) => {
-            Promise.resolve()
-                .then(() => callback(msg))
-                .catch((e) => {
-                    console.error('Host print callback threw:', e);
-                });
+            try {
+                callback(msg);
+            } catch (e) {
+                console.error('Host print callback threw:', e);
+            }
         });
     });
 }
diff --git a/src/js-host-api/src/lib.rs b/src/js-host-api/src/lib.rs
@@ -426,20 +426,18 @@ impl SandboxBuilderWrapper {
         >,
     ) -> napi::Result<&Self> {
         self.with_inner(|b| {
-            // Blocking mode ensures the TSFN dispatch completes before the
-            // native call returns, but the JS wrapper defers the user callback
-            // via a Promise microtask — so user code may run after guest
-            // execution resumes. From the guest's perspective, print is
-            // effectively fire-and-forget with no return value to await.
-            // Unlike host functions (which use NonBlocking + oneshot channel
-            // for async Promise resolution), print has no result path.
+            // Blocking mode ensures the TSFN call is queued even when the
+            // queue is full (it blocks until space is available), preventing
+            // silent message drops that NonBlocking mode would cause.
             //
-            // **Reentrancy note:** The print callback ultimately runs while
-            // the sandbox Mutex is held (inside `call_handler`'s
-            // `spawn_blocking`). Calling Hyperlight APIs that acquire the
-            // same lock from within the callback (e.g. `snapshot()`,
-            // `restore()`, `unload()`) will deadlock. Keep print callbacks
-            // simple — logging only.
+            // The JS wrapper invokes the user callback synchronously in the
+            // TSFN handler — no microtask deferral.
+            //
+            // **Reentrancy note:** The print callback runs while the sandbox
+            // Mutex is held (inside `call_handler`'s `spawn_blocking`).
+            // Calling Hyperlight APIs that acquire the same lock from within
+            // the callback (e.g. `snapshot()`, `restore()`, `unload()`) will
+            // deadlock. Keep print callbacks simple — logging only.
             let print_fn = move |msg: String| -> i32 {
                 let status = callback.call(msg, ThreadsafeFunctionCallMode::Blocking);
                 if status == Status::Ok {
@@ -685,10 +683,10 @@ impl HostModuleWrapper {
             return Err(invalid_arg_error("Function name must not be empty"));
         }
         let wrapper = move |args: String| -> hyperlight_js::Result<String> {
-            use ThreadsafeFunctionCallMode::NonBlocking;
+            use ThreadsafeFunctionCallMode::Blocking;
             let args: Vec<Option<serde_json::Value>> = serde_json::from_str(&args)?;
             let (tx, rx) = oneshot::channel();
-            let status = func.call_with_return_value(Rest(args), NonBlocking, move |result, _| {
+            let status = func.call_with_return_value(Rest(args), Blocking, move |result, _| {
                 let _ = tx.send(result);
                 Ok(())
             });
diff --git a/src/js-host-api/tests/sandbox.test.js b/src/js-host-api/tests/sandbox.test.js
@@ -471,8 +471,6 @@ describe('setHostPrintFn', () => {
         );
         const loaded = await sandbox.getLoadedSandbox();
         await loaded.callHandler('handler', {});
-        // Flush microtasks — the print wrapper defers via Promise
-        await new Promise((r) => setTimeout(r, 0));
 
         expect(messages.join('')).toContain('Hello from guest!');
     });
@@ -495,8 +493,6 @@ describe('setHostPrintFn', () => {
         );
         const loaded = await sandbox.getLoadedSandbox();
         await loaded.callHandler('handler', {});
-        // Flush microtasks
-        await new Promise((r) => setTimeout(r, 0));
 
         const combined = messages.join('');
         expect(combined).toContain('first');
@@ -545,8 +541,6 @@ describe('setHostPrintFn', () => {
         const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
         try {
             const result = await loaded.callHandler('handler', {});
-            // Flush microtasks — the print wrapper defers via Promise
-            await new Promise((r) => setTimeout(r, 0));
 
             // The JS wrapper catches the throw — guest continues normally
             expect(result.survived).toBe(true);
