dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
ac2787f6194342e40e2c52f141a6eecbabacf460
mxaccessgw/docs/WorkerProcessLauncher.md
T
Joseph Doherty bd4a09a35e Add Polly resilience policies
2026-04-27 15:37:56 -04:00

2.7 KiB
Raw Blame History

Worker Process Launcher

The gateway uses WorkerProcessLauncher to validate and start one worker process for a gateway session. The launcher owns process start semantics only; pipe handshaking and WorkerReady validation remain part of the worker client startup path.

Launch Inputs

WorkerProcessLaunchRequest carries the per-session bootstrap values:

  • SessionId,
  • PipeName,
  • ProtocolVersion,
  • Nonce,
  • optional PipeReservation cleanup handle.

The launcher passes SessionId, PipeName, and ProtocolVersion as command line arguments:

--session-id <sessionId> --pipe-name <pipeName> --protocol-version <version>

The launcher sets the nonce through the MXGATEWAY_WORKER_NONCE environment variable. The nonce is not included in WorkerProcessCommandLine so logs and diagnostics can report the launch command without exposing the secret.

Validation And Cleanup

Before starting the process, the launcher validates that the configured worker path exists, has a .exe extension, contains a valid Windows Portable Executable header, and matches the configured RequiredArchitecture.

After the process starts, IWorkerStartupProbe waits for startup readiness. The default probe only verifies that the worker did not exit immediately. The worker client replaces this probe when pipe connection, hello, and WorkerReady handling are implemented.

Startup probing uses a bounded Polly retry policy. The gateway starts the worker process once, then retries only transient startup-probe failures while the process remains alive. The policy is configured by WorkerOptions.StartupProbeRetryAttempts and WorkerOptions.StartupProbeRetryDelayMilliseconds; the retry counter is recorded as mxgateway.retries.attempted with area=worker_startup.

The launcher also passes MXGATEWAY_WORKER_PIPE_CONNECT_ATTEMPT_TIMEOUT_MS to the worker process from WorkerOptions.PipeConnectAttemptTimeoutMilliseconds. The worker uses that value as the per-attempt named-pipe connect timeout inside its own bounded Polly retry loop.

If startup fails or exceeds WorkerOptions.StartupTimeoutSeconds, the launcher kills the worker process tree, disposes the process handle, disposes the optional pipe reservation, records a worker kill metric, and reports a WorkerProcessLaunchException.

Verification

Run the focused launcher tests after changing process launch behavior:

dotnet test src/MxGateway.Tests/MxGateway.Tests.csproj --filter WorkerProcessLauncherTests

Run the gateway build because the launcher is part of MxGateway.Server:

dotnet build src/MxGateway.Server/MxGateway.Server.csproj

Related Documentation

Reference in New Issue View Git Blame Copy Permalink