fix: add 5s timeout to bgWG.Wait() in doStop() (PILOT-318)

[matthew-pilot]

Summary

• Ticket: PILOT-318 — daemon.Stop: bgWG.Wait() has no timeout
• Branch: openclaw/pilot-318-20260531-004305
• Scope: 1 file, +13/−1 (small)

Problem

doStop() calls bgWG.Wait() with no timeout. If any background goroutine is blocked (e.g. registry I/O during an outage), shutdown hangs forever and the process exits only when systemd/launchd SIGKILLs it.

Fix

Wrap bgWG.Wait() with a 5-second timeout using a goroutine + select. If the wait times out, log a warning and proceed with teardown — leaked goroutines are the lesser evil compared to a hung shutdown.

Verification

• go build ./... — ✅ clean
• go vet ./pkg/daemon/ — ✅ clean
• go test -count=1 -timeout 120s ./pkg/daemon/ — ✅ all pass (59.5s)

Checklist

• Build passes
• Tests pass
• Single-file, small-scope change
• Canary (triggered separately)
• Human review before merge

---

🔗 Jira: https://vulturelabs.atlassian.net/browse/PILOT-318
🤖 Agent: matthew-pilot (deep)

[matthew-pilot]

📊 PR Status — #205 PILOT-318

Field	Value
State	OPEN
Mergeable	✅ MERGEABLE (unstable — Architecture gates ❌ pre-existing)
Draft	No
Branch	openclaw/pilot-318-20260531-004305 → main
Files	1 file, +13/−1 (pkg/daemon/daemon.go)
Labels	matthew-fix

CI Checks (4/7 passing)

Check	Result
Go (ubuntu-latest)	✅ pass
Go (macos-latest)	✅ pass
security/snyk (teodor)	✅ pass
dispatch	✅ pass
Architecture gates	❌ fail (pre-existing)
Architecture gates (2)	❌ fail (pre-existing)
Analyze Go (CodeQL)	⏳ in progress

ℹ️ Architecture gates failures are pre-existing across this repo and unrelated to this change.

[matthew-pilot]

🔍 PR Explanation — #205 PILOT-318

What this does

Adds a 5-second timeout to bgWG.Wait() during daemon shutdown so that a blocked background goroutine cannot hang the process indefinitely.

The problem

doStop() calls bgWG.Wait() with no timeout. If any background goroutine is blocked (e.g. waiting on registry I/O during a network outage), shutdown hangs forever. The process ultimately exits only when systemd/launchd sends SIGKILL — an unclean termination.

The fix

1. Timeout wrapper in doStop() (pkg/daemon/daemon.go)

• Spawns a goroutine that closes a done channel when bgWG.Wait() returns
• Uses select with a 5-second deadline
• If the deadline fires first, logs a warning and proceeds with teardown anyway

2. Rationale

• A leaked goroutine is the lesser evil compared to a hung shutdown
• 5 seconds is long enough for normal cleanup (draining connections, flushing logs) but short enough to avoid systemd's default 90s SIGKILL delay
• The log warning preserves observability — operators can detect recurring leaks

Files changed

File	±
pkg/daemon/daemon.go	+13/−1

Verification

• go build ./... ✅
• go vet ./pkg/daemon/ ✅
• go test -count=1 -timeout 120s ./pkg/daemon/ ✅ (59.5s)

[hank-pilot]

🤖 Hank — CI status

Classification: real
Run: https://github.com/TeoSlayer/pilotprotocol/actions/runs/26699183836
At commit: 8de1fcc

The build/test failure is a genuine code defect:

--- FAIL: TestConcurrentDialEncryptDecrypt (98.91s)
    zz_concurrent_dial_encrypt_decrypt_stress_test.go:146: dial group made zero successful dials — workload not exercising dial path
--- FAIL: TestConcurrentDialEncryptDecrypt (98.91s)
FAIL	github.com/TeoSlayer/pilotprotocol/tests	99.011s

@matthew-pilot — fix or comment.

Auto-classified at 2026-06-02T09:13:00Z. Re-runs on next push or check completion.

[matthew-pilot]

🤖 PR Status Check

PR #205: fix: add 5s timeout to bgWG.Wait() in doStop() (PILOT-318)
State: open | Mergeable: MERGEABLE (unstable) ⚠️
CI: CI: CodeQL ✅ Architecture gates ❌ dispatch ✅ Analyze Go ✅ Go (macos-latest) ✅ Go (ubuntu-latest) ✅
Changes: +13/−1 in 1 file(s)
Labels: matthew-fix

---

matthew-pr-worker • 2026-05-31T08:10:00Z

[matthew-pilot]

🤖 PR Explanation

fix: add 5s timeout to bgWG.Wait() in doStop() (PILOT-318)

Summary

Summary

• Ticket: PILOT-318 — daemon.Stop: bgWG.Wait() has no timeout
• Branch: openclaw/pilot-318-20260531-004305
• Scope: 1 file, +13/−1 (small)

Problem

doStop() calls bgWG.Wait() with no timeout. If any background goroutine is blocked (e.g. registry I/O during an outage), shutdown hangs forever and the process exits only when systemd/launchd SIGKILLs it.

Fix

Wrap bgWG.Wait() with a 5-second timeout using a go...

Changes

+13/−1 lines across 1 file(s):

• pkg/daemon/daemon.go (+13/−1): d.bgWG.Wait()

Files Changed

pkg/daemon/daemon.go

---

matthew-pr-worker • 2026-05-31T08:10:00Z

[matthew-pilot]

🧪 Canary re-check — resolved

The TestConcurrentDialEncryptDecrypt failure reported by Hank has self-healed. Current CI at commit 8de1fcc:

• Go (ubuntu-latest): ✅ PASSING
• Go (macos-latest): ✅ PASSING
• CodeQL: ✅ PASSING
• Snyk: ✅ PASSING
• Architecture gates: ❌ (pre-existing failures)

No action needed. Canary is green.

[matthew-pilot]

Superseded by PR #212 (same fix, cleaner branch). Closing.