Modernize concurrency toward Swift 6 (audit + 15-file landable fixes)

Sources/App/CmuxCLIPathInstaller.swift

@@ -261,24 +261,19 @@ struct CmuxCLIPathInstaller {
         ]
         let stdout = Pipe()
         let stderr = Pipe()
-        let stdoutBuffer = PrivilegedCommandOutputBuffer()
-        let stderrBuffer = PrivilegedCommandOutputBuffer()
         process.standardOutput = stdout
         process.standardError = stderr
-        let outputGroup = DispatchGroup()
-        startDraining(stdout, into: stdoutBuffer, group: outputGroup)
-        startDraining(stderr, into: stderrBuffer, group: outputGroup)
-        defer {
-            stdout.fileHandleForReading.readabilityHandler = nil
-            stderr.fileHandleForReading.readabilityHandler = nil
-        }
         try process.run()
+        // Drain both pipes synchronously to EOF before waiting on exit so a child
+        // that fills a pipe buffer (>64KB) cannot block, then wait for termination.
+        // Avoids blocking the calling thread on async readabilityHandler callbacks.
+        let stdoutData = ProcessPipeReader.readDataToEndOfFileOrEmpty(from: stdout.fileHandleForReading)
+        let stderrData = ProcessPipeReader.readDataToEndOfFileOrEmpty(from: stderr.fileHandleForReading)
         process.waitUntilExit()
-        outputGroup.wait()
 
         guard process.terminationStatus == 0 else {
-            let stderrText = stderrBuffer.text.trimmingCharacters(in: .whitespacesAndNewlines)
-            let stdoutText = stdoutBuffer.text.trimmingCharacters(in: .whitespacesAndNewlines)
+            let stderrText = (String(data: stderrData, encoding: .utf8) ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
+            let stdoutText = (String(data: stdoutData, encoding: .utf8) ?? "").trimmingCharacters(in: .whitespacesAndNewlines)
             let details = stderrText.isEmpty ? stdoutText : stderrText
             let message = details.isEmpty
                 ? "osascript exited with status \(process.terminationStatus)."
@@ -287,25 +282,6 @@ struct CmuxCLIPathInstaller {
         }
     }
 
-    private static func startDraining(
-        _ pipe: Pipe,
-        into buffer: PrivilegedCommandOutputBuffer,
-        group: DispatchGroup
-    ) {
-        group.enter()
-        pipe.fileHandleForReading.readabilityHandler = { fileHandle in
-            switch ProcessPipeReader.readAvailableDataOrEndOfFile(from: fileHandle) {
-            case .data(let data):
-                buffer.append(data)
-            case .wouldBlock:
-                return
-            case .endOfFile:
-                fileHandle.readabilityHandler = nil
-                group.leave()
-            }
-        }
-    }
-
     private static func shellQuoted(_ value: String) -> String {
         "'" + value.replacingOccurrences(of: "'", with: "'\\''") + "'"
     }
@@ -337,21 +313,3 @@ struct CmuxCLIPathInstaller {
         return false
     }
 }
-
-private final class PrivilegedCommandOutputBuffer {
-    private let lock = NSLock()
-    private var data = Data()
-
-    var text: String {
-        lock.lock()
-        defer { lock.unlock() }
-        return String(data: data, encoding: .utf8) ?? ""
-    }
-
-    func append(_ chunk: Data) {
-        guard !chunk.isEmpty else { return }
-        lock.lock()
-        data.append(chunk)
-        lock.unlock()
-    }
-}

Sources/App/ShortcutRoutingSupport.swift

@@ -613,6 +613,7 @@ func shouldRouteBrowserDocumentEditingCommandEquivalentThroughWebContentFirst(
 /// For browser content, let the page try browser-local Find-family commands before cmux's menu fallback.
 /// Cmd+F is excluded because cmux chooses terminal, browser, or right-sidebar
 /// find from the current focus owner.
+@MainActor
 func shouldRouteBrowserFindCommandEquivalentThroughWebContentFirst(
     _ event: NSEvent,
     responder: NSResponder? = nil,
@@ -636,9 +637,7 @@ func shouldRouteBrowserFindCommandEquivalentThroughWebContentFirst(
 
     if shortcut.keepsCmuxBrowserFindBarOwnershipWhenVisible,
        let owningWebView {
-        let browserFindBarIsVisible = MainActor.assumeIsolated {
-            AppDelegate.shared?.browserFindBarIsVisible(for: owningWebView) == true
-        }
+        let browserFindBarIsVisible = AppDelegate.shared?.browserFindBarIsVisible(for: owningWebView) == true
         if browserFindBarIsVisible {
             return false
         }

Sources/Auth/AuthManager.swift

@@ -8,26 +8,43 @@ import StackAuth
 import Security
 #endif
 
-private final class AuthPresentationContext: NSObject, ASWebAuthenticationPresentationContextProviding {
+private final class AuthPresentationContext: NSObject, ASWebAuthenticationPresentationContextProviding, @unchecked Sendable {
     static let shared = AuthPresentationContext()
 
+    // ASWebAuthenticationSession invokes presentationAnchor(for:) synchronously
+    // on whichever thread called session.start(). When beginSignIn() fires from
+    // the socket command dispatch thread (cmux auth login), that callback lands
+    // off-main, but the anchor (NSApp.keyWindow/...) is @MainActor state. Rather
+    // than block the caller with DispatchQueue.main.sync, beginSignIn() (already
+    // @MainActor) pre-fetches the anchor on main via cacheCurrentAnchor() right
+    // before start(), and the off-main callback reads that cached window under a
+    // lock. The lock-guarded NSWindow is why this type is @unchecked Sendable.
+    private let lock = NSLock()
+    private var cachedAnchor: NSWindow?
+
     func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
-        // ASWebAuthenticationSession invokes this on whichever thread called
-        // session.start(). When beginSignIn() fires from the socket command
-        // dispatch thread (cmux auth login), this callback lands off-main,
-        // and any NSApp access must hop to main before returning.
         if Thread.isMainThread {
             return Self.currentAnchor()
         }
-        var result: ASPresentationAnchor = NSWindow()
-        DispatchQueue.main.sync {
-            result = Self.currentAnchor()
-        }
-        return result
+        lock.lock()
+        let cached = cachedAnchor
+        lock.unlock()
+        return cached ?? NSWindow()
+    }
+
+    /// Snapshot the current presentation anchor on the main actor so the
+    /// synchronous, possibly off-main protocol callback can read it without
+    /// blocking on main. Call immediately before `session.start()`.
+    @MainActor
+    func cacheCurrentAnchor() {
+        let anchor = Self.currentAnchor()
+        lock.lock()
+        cachedAnchor = anchor
+        lock.unlock()
     }
 
     @MainActor
-    private static func currentAnchor() -> ASPresentationAnchor {
+    private static func currentAnchor() -> NSWindow {
         NSApp.keyWindow ?? NSApp.mainWindow ?? (NSApp.windows.first ?? NSWindow())
     }
 }
@@ -277,7 +294,9 @@ final class AuthManager: ObservableObject {
                 }
             }
         }
-        session.presentationContextProvider = AuthPresentationContext.shared
+        let presentationContext = AuthPresentationContext.shared
+        presentationContext.cacheCurrentAnchor()
+        session.presentationContextProvider = presentationContext
         session.prefersEphemeralWebBrowserSession = false
 
         if session.start() {

Sources/BackgroundWorkspacePrimeCoordinator.swift

@@ -262,7 +262,7 @@ final class BackgroundWorkspacePrimeCoordinator {
                   let self,
                   let waiter,
                   let tabManager else { return }
-            Task { @MainActor in
+            MainActor.assumeIsolated {
                 self.evaluate(waiter: waiter, workspaceId: workspaceId, tabManager: tabManager)
             }
         }
@@ -278,33 +278,35 @@ final class BackgroundWorkspacePrimeCoordinator {
                   let self,
                   let waiter,
                   let tabManager else { return }
-            Task { @MainActor in
+            MainActor.assumeIsolated {
                 self.evaluate(waiter: waiter, workspaceId: workspaceId, tabManager: tabManager)
             }
         }
         waiter.addObserver(hostedViewObserver)
 
         let pendingObserver = tabManager.$pendingBackgroundWorkspaceLoadIds
             .dropFirst()
+            .receive(on: DispatchQueue.main)
             .sink { [weak self, weak waiter, weak tabManager] pendingIds in
                 guard !pendingIds.contains(workspaceId),
                       let self,
                       let waiter,
                       let tabManager else { return }
-                Task { @MainActor in
+                MainActor.assumeIsolated {
                     self.evaluate(waiter: waiter, workspaceId: workspaceId, tabManager: tabManager)
                 }
             }
         waiter.addCancellable(pendingObserver)
 
         let tabsObserver = tabManager.$tabs
             .dropFirst()
+            .receive(on: DispatchQueue.main)
             .sink { [weak self, weak waiter, weak tabManager] tabs in
                 guard !tabs.contains(where: { $0.id == workspaceId }),
                       let self,
                       let waiter,
                       let tabManager else { return }
-                Task { @MainActor in
+                MainActor.assumeIsolated {
                     self.evaluate(waiter: waiter, workspaceId: workspaceId, tabManager: tabManager)
                 }
             }

Sources/CmuxConfig.swift

@@ -1909,7 +1909,9 @@ final class CmuxConfigStore: ObservableObject {
     private var resolvedNewWorkspaceCommandCache: CmuxResolvedCommand?
     private var resolvedNewWorkspaceActionCache: CmuxResolvedConfigAction?
     private var parsedConfigCache: [String: ParsedConfigCacheEntry] = [:]
-    private var lifetimeCancellables = Set<AnyCancellable>()
+    private var trustObservationTask: Task<Void, Never>?
+    private var localReattachTask: Task<Void, Never>?
+    private var globalReattachTask: Task<Void, Never>?
     private var trackingCancellables = Set<AnyCancellable>()
     private var localFileWatchSource: DispatchSourceFileSystemObject?
     private var localFileDescriptor: Int32 = -1
@@ -1946,13 +1948,20 @@ final class CmuxConfigStore: ObservableObject {
         self.localConfigPath = localConfigPath
         self.fileWatchingEnabled = startFileWatchers
         self.localConfigSearchDirectory = localConfigPath.map(Self.searchDirectoryForLocalConfigPath(_:))
-        NotificationCenter.default.publisher(for: CmuxActionTrust.didChangeNotification)
-            .receive(on: DispatchQueue.main)
-            .sink { [weak self] _ in
+        // The store is @MainActor, so this task inherits main-actor isolation and
+        // loadAll() runs on main without an explicit dispatch hop. The handle is
+        // cancelled in deinit so the observer lives exactly as long as the store.
+        trustObservationTask = Task { [weak self] in
+            // Map to Void so the non-Sendable `Notification` never crosses into
+            // this main-actor task; only the change signal is needed, not the value.
+            let signals = NotificationCenter.default.notifications(
+                named: CmuxActionTrust.didChangeNotification
+            ).map { _ in () }
+            for await _ in signals {
                 guard let self else { return }
                 self.loadAll()
             }
-            .store(in: &lifetimeCancellables)
+        }
         if startFileWatchers {
             if localConfigPath != nil {
                 startLocalFileWatcher()
@@ -1962,6 +1971,9 @@ final class CmuxConfigStore: ObservableObject {
     }
 
     deinit {
+        trustObservationTask?.cancel()
+        localReattachTask?.cancel()
+        globalReattachTask?.cancel()
         localFileWatchSource?.cancel()
         for source in localHookFileWatchSources.values {
             source.cancel()
@@ -2961,7 +2973,7 @@ final class CmuxConfigStore: ObservableObject {
                 DispatchQueue.main.async {
                     self.stopLocalFileWatcher()
                     self.loadAll()
-                    self.scheduleLocalReattach(attempt: 1)
+                    self.scheduleLocalReattach()
                 }
             } else {
                 DispatchQueue.main.async {
@@ -3102,18 +3114,20 @@ final class CmuxConfigStore: ObservableObject {
         startLocalFileWatcher()
     }
 
-    private func scheduleLocalReattach(attempt: Int) {
-        guard attempt <= Self.maxReattachAttempts else { return }
-        watchQueue.asyncAfter(deadline: .now() + Self.reattachDelay) { [weak self] in
-            guard let self else { return }
-            DispatchQueue.main.async {
-                guard let path = self.localConfigPath else { return }
-                if FileManager.default.fileExists(atPath: path) {
-                    self.loadAll()
-                    self.startLocalFileWatcher()
-                } else {
-                    self.startLocalDirectoryWatcher()
-                }
+    private func scheduleLocalReattach() {
+        // A deleted config has no inode to attach a DispatchSource to, so this is a
+        // genuine poll for the file's reappearance, not a timing hack. A superseding
+        // event or deinit cancels the pending retry via the stored handle.
+        localReattachTask?.cancel()
+        localReattachTask = Task { @MainActor [weak self] in
+            try? await Task.sleep(for: .seconds(Self.reattachDelay))
+            if Task.isCancelled { return }
+            guard let self, let path = self.localConfigPath else { return }
+            if FileManager.default.fileExists(atPath: path) {
+                self.loadAll()
+                self.startLocalFileWatcher()
+            } else {
+                self.startLocalDirectoryWatcher()
             }
         }
     }
@@ -3155,7 +3169,7 @@ final class CmuxConfigStore: ObservableObject {
                 DispatchQueue.main.async {
                     self.stopGlobalFileWatcher()
                     self.loadAll()
-                    self.scheduleGlobalReattach(attempt: 1)
+                    self.scheduleGlobalReattach()
                 }
             } else {
                 DispatchQueue.main.async {
@@ -3172,21 +3186,24 @@ final class CmuxConfigStore: ObservableObject {
         globalFileWatchSource = source
     }
 
-    private func scheduleGlobalReattach(attempt: Int) {
-        guard attempt <= Self.maxReattachAttempts else {
-            startGlobalDirectoryWatcher()
-            return
-        }
-        watchQueue.asyncAfter(deadline: .now() + Self.reattachDelay) { [weak self] in
-            guard let self else { return }
-            DispatchQueue.main.async {
+    private func scheduleGlobalReattach() {
+        // A deleted config has no inode to watch, so poll for reappearance with an
+        // explicit bounded retry count instead of recursing through the call stack.
+        // The stored handle lets a superseding event or deinit cancel the loop.
+        globalReattachTask?.cancel()
+        globalReattachTask = Task { @MainActor [weak self] in
+            for _ in 0..<Self.maxReattachAttempts {
+                try? await Task.sleep(for: .seconds(Self.reattachDelay))
+                if Task.isCancelled { return }
+                guard let self else { return }
                 if FileManager.default.fileExists(atPath: self.globalConfigPath) {
                     self.loadAll()
                     self.startGlobalFileWatcher()
-                } else {
-                    self.scheduleGlobalReattach(attempt: attempt + 1)
+                    return
                 }
             }
+            guard let self else { return }
+            self.startGlobalDirectoryWatcher()
         }
     }