Clear placement reconcile flag via Drop guard

rupurt · rupurt · commit 490edb3df15f · 2026-05-06T16:36:17.000-07:00
placement_reconcile_in_flight is set with a CAS at the top of
schedule_machine_placement_reconcile and was cleared by an explicit
store at the end of the spawned thread. If reconcile_machine_placements
ever panicked, the explicit store would not run and the flag would
latch forever, silently disabling every future reconcile for the
lifetime of the process.

Wrap the cleared-on-completion behaviour in a PlacementReconcileGuard
whose Drop impl clears the AtomicBool. Construct the guard on the
calling thread before thread::spawn so the flag also clears if the
spawn itself fails. The reconcile thread now drops the guard on
return or unwind, so any future panic in reconcile_machine_placements
no longer wedges the control plane.
diff --git a/crates/port-runtime/src/hosted_control_plane.rs b/crates/port-runtime/src/hosted_control_plane.rs
@@ -4689,6 +4689,21 @@ fn schedule_machine_placement_reconcile(
     });
 }
 
+#[cfg(not(test))]
+struct PlacementReconcileGuard {
+    state: ControlPlaneState,
+}
+
+#[cfg(not(test))]
+impl Drop for PlacementReconcileGuard {
+    fn drop(&mut self) {
+        self.state
+            .inner
+            .placement_reconcile_in_flight
+            .store(false, std::sync::atomic::Ordering::Release);
+    }
+}
+
 #[cfg(not(test))]
 fn schedule_machine_placement_reconcile(
     state: &ControlPlaneState,
@@ -4708,20 +4723,23 @@ fn schedule_machine_placement_reconcile(
         return;
     }
 
-    let state = state.clone();
+    // Construct the guard before the thread::spawn so the in-flight
+    // flag clears via Drop even if reconcile_machine_placements panics
+    // or thread::spawn itself fails. Without this, a single panic
+    // would latch the flag forever and silently disable every future
+    // reconcile for the lifetime of the process.
+    let guard = PlacementReconcileGuard {
+        state: state.clone(),
+    };
     thread::spawn(move || {
-        if let Err(error) = reconcile_machine_placements(&state, &trigger) {
+        if let Err(error) = reconcile_machine_placements(&guard.state, &trigger) {
             eprintln!(
                 "control plane '{}' placement reconcile triggered by {} failed: {}",
-                state.inner.control_plane,
+                guard.state.inner.control_plane,
                 trigger.detail(),
                 error
             );
         }
-        state
-            .inner
-            .placement_reconcile_in_flight
-            .store(false, std::sync::atomic::Ordering::Release);
     });
 }
 
