fix(test): deflake stderr_pump + host_guard on CI

macOS/Windows CI failed on two timing-fragile tests this PR added;
ubuntu (faster runner) masked both. No production code changed.

- cancel_stops_pump_while_child_alive: cancelled on a fixed 150ms
  sleep, but a cold interpreter on a loaded CI runner hadn't emitted
  the line yet, so the file was empty at cancel. Now polls the
  (unbuffered) file until the line is observed, then cancels and
  asserts the handle resolves well inside the child's now-30s
  lifetime — deterministic regardless of runner speed.
- run_allows_loopback_when_escape_hatch_set: 10s LISTENING wait was
  too tight for a cold python stdlib http.server on a loaded macOS
  runner (~10s observed; ~2s locally). Bumped to 30s.

Local ci-checks.sh green; targeted tests pass in 0.2s / 1.3s.

Author: Teerapat-Vatpitak

crates/mcp-loadtest/src/protocol/transport/stderr_pump.rs

@@ -147,18 +147,22 @@ mod tests {
         std::env::var("MCP_LOADTEST_PYTHON").unwrap_or_else(|_| "python".to_string())
     }
 
-    /// Cancelling the token must stop the pump **promptly** and **flush the
-    /// file before exiting**, even while the source is still alive (the
-    /// shutdown / Drop path).
+    /// Cancelling the token must stop the pump **promptly** even while the
+    /// source is still alive (the shutdown / Drop path), with the captured
+    /// file left intact.
     ///
-    /// The child writes one stderr line, flushes, then sleeps 5s without
-    /// emitting more — so the pump is genuinely blocked in `next_line()` (not
-    /// at EOF) when we cancel. We cancel ~150ms in, assert the `JoinHandle`
-    /// resolves in well under 2s, and assert the early line was flushed to the
-    /// file. The child's 5s sleep is never awaited: we explicitly `start_kill`
-    /// + bounded-`wait` it so it's reaped immediately instead of letting the
-    /// runtime block on it at teardown (the old 60s-`ping` child did exactly
-    /// that, making this test take ~59s).
+    /// The child writes one stderr line, flushes, then sleeps 30s without
+    /// emitting more — so the pump stays genuinely blocked in `next_line()`
+    /// (not at EOF) the whole time. Rather than a fixed sleep before
+    /// cancelling (racy: on a slow/loaded CI runner the child + interpreter
+    /// may not have emitted the line inside a fixed window, leaving the file
+    /// empty at cancel — the original macOS/Windows CI flake), we **poll the
+    /// file until the line is observed**. `tokio::fs::File` is unbuffered, so
+    /// the line is visible the instant the pump's read arm writes it. Only
+    /// then do we cancel and assert the `JoinHandle` resolves far inside the
+    /// child's 30s lifetime (a broken cancel would block ~30s). The child is
+    /// reaped explicitly (`start_kill` + bounded `wait`) so the runtime never
+    /// blocks on its sleep at teardown (that original bug made this ~59s).
     #[tokio::test]
     async fn cancel_stops_pump_while_child_alive() {
         let log = temp_log("cancel");
@@ -167,12 +171,12 @@ mod tests {
             .expect("create temp log");
 
         // Stdlib-only: emit one stderr line + flush, then stay alive (no more
-        // output) for 5s. Cross-platform via the resolved interpreter.
+        // output) for 30s. Cross-platform via the resolved interpreter.
         let mut child = tokio::process::Command::new(python())
             .args([
                 "-c",
                 "import sys,time; sys.stderr.write('early\\n'); \
-                 sys.stderr.flush(); time.sleep(5)",
+                 sys.stderr.flush(); time.sleep(30)",
             ])
             .stderr(std::process::Stdio::piped())
             .stdout(std::process::Stdio::null())
@@ -185,24 +189,48 @@ mod tests {
         let cancel = CancellationToken::new();
         let handle = spawn_stderr_pump(stderr, file, false, cancel.clone());
 
-        // Let the pump read+write the early line, then cancel while the child
-        // is still sleeping (source alive, pump parked in next_line()).
-        tokio::time::sleep(Duration::from_millis(150)).await;
-        cancel.cancel();
+        // Deterministically wait until the pump has actually read+written the
+        // line (child still sleeping → no EOF; this proves the alive-source
+        // read path). Generous bound tolerates slow-CI process startup;
+        // normally completes in well under 100ms.
+        let observed = {
+            let deadline = std::time::Instant::now() + Duration::from_secs(30);
+            loop {
+                if tokio::fs::read_to_string(&log)
+                    .await
+                    .map(|c| c.contains("early"))
+                    .unwrap_or(false)
+                {
+                    break true;
+                }
+                if std::time::Instant::now() >= deadline {
+                    break false;
+                }
+                tokio::time::sleep(Duration::from_millis(20)).await;
+            }
+        };
+        assert!(
+            observed,
+            "pump never wrote the child's stderr line to the file \
+             (real pump bug, not a timing flake)"
+        );
 
-        // Prompt stop: the handle must resolve far inside 2s after cancel.
-        tokio::time::timeout(Duration::from_secs(2), handle)
+        // Source is still alive (child sleeping 30s). Cancelling must stop the
+        // pump promptly: a broken cancel would leave the handle pending until
+        // the child's 30s sleep ends, so 5s is unambiguous yet CI-tolerant.
+        cancel.cancel();
+        tokio::time::timeout(Duration::from_secs(5), handle)
             .await
-            .expect("cancel should stop the pump well within 2s")
+            .expect("cancel must stop the pump within 5s (source still alive)")
             .expect("pump task panicked");
 
-        // Cancel arm must have flushed the buffered line before breaking.
+        // The captured line survived the cancel/flush exit path.
         let contents = tokio::fs::read_to_string(&log)
             .await
             .expect("read captured log");
         assert!(
             contents.contains("early"),
-            "cancel path must flush the buffered line before exiting, got: {contents:?}"
+            "cancel path must preserve the captured line, got: {contents:?}"
         );
 
         // Reap the still-sleeping child now (don't leave it for the runtime to

crates/mcp-loadtest/tests/host_guard.rs

@@ -135,7 +135,10 @@ async fn run_allows_loopback_when_escape_hatch_set() {
 
     let stdout = child.stdout.take().expect("child stdout");
     let mut lines = BufReader::new(stdout).lines();
-    let listening = tokio::time::timeout(Duration::from_secs(10), lines.next_line())
+    // 30s, not 10s: a cold Python + stdlib http.server bind on a loaded
+    // macOS GitHub runner can edge past 10s (observed on CI); locally this
+    // resolves in ~2s. Generous bound trades nothing for CI determinism.
+    let listening = tokio::time::timeout(Duration::from_secs(30), lines.next_line())
         .await
         .expect("timed out waiting for LISTENING line")
         .expect("read stdout")