Skip to content

fix: close daemon socket after programmatic load() to prevent process hang #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

fix: close daemon socket after programmatic load() to prevent process hang #717

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5be596
Initial plan
Copilot May 25, 2026
768f435
fix: close daemon socket after load() to prevent process hang
Copilot May 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions packages/varlock/src/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import { checkForConfigErrors } from './cli/helpers/error-checks';
import { loadVarlockEnvGraph } from './lib/load-graph';
import { initVarlockEnv } from './runtime/env';
import { checkBunVersion } from './lib/check-bun-version';
import { cleanupDaemonClient } from './lib/local-encrypt';

// Import env-graph components for internal API
import {
Expand All @@ -26,9 +27,24 @@ export async function load() {
// loadFromSerializedGraph(envGraph.getSerializedGraph());
process.env.__VARLOCK_ENV = JSON.stringify(envGraph.getSerializedGraph());
initVarlockEnv();
// Close daemon socket so the process can exit naturally after load() resolves.
// The socket is unref'd by default (see DaemonClient.connectToSocket), but
// explicitly closing it here is belt-and-suspenders for runtimes/environments
// where unref() may not be sufficient.
cleanupDaemonClient();
// TODO: return resolved env and schema / meta info
}

/**
* Close the daemon client socket opened during `load()` or other operations
* that resolved `keychain(...)` values. This is called automatically by
* `load()`, but you can call it explicitly if you manage the connection
* lifecycle yourself.
*/
export function cleanup() {
cleanupDaemonClient();
}


export function getBuildTimeReplacements(opts?: {
objectKey?: string,
Expand Down
4 changes: 4 additions & 0 deletions packages/varlock/src/lib/local-encrypt/daemon-client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -441,6 +441,10 @@ export class DaemonClient {
socket.on('connect', () => {
clearTimeout(timeout);
this.socket = socket;
// Unref the socket so it does not keep the process alive when idle.
// Pending sendMessage calls re-ref the socket via the timeout timer,
// so interactive/biometric operations are not affected.
this.socket.unref();
this.isConnected = true;
this.buffer = Buffer.alloc(0);
resolve();
Expand Down
5 changes: 5 additions & 0 deletions packages/varlock/src/lib/local-encrypt/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,6 +286,11 @@ export function getDaemonClient(): DaemonClient {
return daemonClient;
}

/** Close the daemon client socket if one was created. Safe to call multiple times. */
export function cleanupDaemonClient(): void {
daemonClient?.cleanup();
}

// ── Key management ─────────────────────────────────────────────────────

/** Check if a key exists. */
Expand Down