fix: guard resolveThreadWriter with semaphore to prevent TOCTOU race

cursoragent · cursoragent · commit afb58bbef933 · 2026-04-05T00:14:21.000Z
Multiple adapter fibers can concurrently call resolveThreadWriter for
the same thread segment (e.g. _global). The check-then-create pattern
yields between get() and set(), allowing duplicate writers to be created.
The second writer overwrites the first in the map, orphaning its file
handle and batched logger.

Wrap the resolve logic with a Semaphore(1) so only one fiber can create
a writer for a given segment at a time.
diff --git a/apps/server/src/provider/Layers/EventNdjsonLogger.ts b/apps/server/src/provider/Layers/EventNdjsonLogger.ts
@@ -10,7 +10,7 @@ import path from "node:path";
 
 import type { ThreadId } from "@t3tools/contracts";
 import { RotatingFileSink } from "@t3tools/shared/logging";
-import { Effect, Exit, Logger, Scope } from "effect";
+import { Effect, Exit, Logger, Scope, Semaphore } from "effect";
 
 import { toSafeThreadAttachmentSegment } from "../../attachmentStore.ts";
 
@@ -195,33 +195,35 @@ export const makeEventNdjsonLogger = Effect.fn("makeEventNdjsonLogger")(function
 
   const threadWriters = new Map<string, ThreadWriter>();
   const failedSegments = new Set<string>();
+  const writerMutex = yield* Semaphore.make(1);
 
-  const resolveThreadWriter = Effect.fn("resolveThreadWriter")(function* (
-    threadSegment: string,
-  ): Effect.fn.Return<ThreadWriter | undefined> {
-    if (failedSegments.has(threadSegment)) {
-      return undefined;
-    }
-    const existing = threadWriters.get(threadSegment);
-    if (existing) {
-      return existing;
-    }
+  const resolveThreadWriter = (threadSegment: string) =>
+    writerMutex.withPermits(1)(
+      Effect.gen(function* () {
+        if (failedSegments.has(threadSegment)) {
+          return undefined;
+        }
+        const existing = threadWriters.get(threadSegment);
+        if (existing) {
+          return existing;
+        }
 
-    const writer = yield* makeThreadWriter({
-      filePath: path.join(path.dirname(filePath), `${threadSegment}.log`),
-      maxBytes,
-      maxFiles,
-      batchWindowMs,
-      streamLabel,
-    });
-    if (!writer) {
-      failedSegments.add(threadSegment);
-      return undefined;
-    }
+        const writer = yield* makeThreadWriter({
+          filePath: path.join(path.dirname(filePath), `${threadSegment}.log`),
+          maxBytes,
+          maxFiles,
+          batchWindowMs,
+          streamLabel,
+        });
+        if (!writer) {
+          failedSegments.add(threadSegment);
+          return undefined;
+        }
 
-    threadWriters.set(threadSegment, writer);
-    return writer;
-  });
+        threadWriters.set(threadSegment, writer);
+        return writer;
+      }).pipe(Effect.withSpan("resolveThreadWriter")),
+    );
 
   const write = Effect.fn("write")(function* (event: unknown, threadId: ThreadId | null) {
     const threadSegment = resolveThreadSegment(threadId);
