chore: promote staging to staging-promote/4dea5dd5-24736995931 (2026-04-21 19:40 UTC)

[ironclaw-ci]

Auto-promotion from staging CI

Batch range: 7fb41555a9e55677d1aaea29ca567a5b369c2b05..e29429d727bc3f8ddaaeb509a29c798e927cafbe
Promotion branch: staging-promote/e29429d7-24742613700
Base: staging-promote/4dea5dd5-24736995931
Triggered by: Staging CI batch at 2026-04-21 19:40 UTC

Commits in this batch (68):

• 77c3821 feat(common): apply ExtensionName newtype to fan-out sites (PR 2/2) (feat(common): apply ExtensionName newtype to fan-out sites (PR 2/2) #2617)
• 3d51423 fix(llm): default missing OpenAI image detail to auto (fix(llm): default missing OpenAI image detail to auto #1940)
• 0af0267 feat(engine-v2): per-project sandbox (Phases 1–7) (feat(engine-v2): per-project sandbox (Phases 1–7) #2211)
• 4104e87 fix(secrets): TOCTOU-safe auto-generate, lazy keychain probe, fail-loud on stale DB (fix(secrets): TOCTOU-safe auto-generate, lazy keychain probe, fail-loud on stale DB #2653)
• 43d6fc1 feat(engine-v2): Phase 4 cost tracking + Phase 6 mission lifecycle acceptance (feat(engine-v2): Phase 4 cost tracking + Phase 6 mission lifecycle acceptance #2660)
• 08693aa feat(skills): activation feedback pipeline + install idempotence (feat(skills): activation feedback pipeline + install idempotence #2530)
• 81aec81 fix(gateway): v2 engine tool_calls persistence + e2e test coverage (fix(gateway): v2 engine tool_calls persistence + e2e test coverage #2452)
• a524bf8 refactor(gateway): stage 4b slices + empty allowlist — ironclaw#2599 (refactor(gateway): stage 4b slices + empty allowlist — ironclaw#2599 #2665)
• 14333e4 fix(wasm): run leak scan on pre-injection headers in channel callbacks (fix(wasm): run leak scan on pre-injection headers in channel callbacks #1377)
• c854a21 fix(cli): suppress non-CLI listeners under --cli-only (--cli-only still starts webhook server and ignores HTTP_HOST/HTTP_PORT #1840) (fix(cli): suppress non-CLI listeners under --cli-only (#1840) #1869)
• 90a6dad fix(cli): prevent UTF-8 panic in MCP tool description truncation (fixes bug(cli): MCP test-server tool description truncation panics on multi-byte UTF-8 #1947) (fix(cli): prevent UTF-8 panic in MCP tool description truncation (fixes #1947) #2008)
• 5fe3be8 refactor(gateway): extract features/chat/ — ironclaw#2599 stage 4c (refactor(gateway): extract features/chat/ — ironclaw#2599 stage 4c #2680)
• e8ae948 fix(telegram): unblock e2e activation flow (fix(telegram): unblock e2e activation flow #2652)
• a35f9d9 refactor(gateway): split monolithic style.css and app.js into per-surface modules (refactor(gateway): split monolithic style.css and app.js into per-surface modules #2683)
• cad5e50 feat(llm): hot-reload provider chain from settings (supersedes feat(llm): hot-reload provider chain from settings (#1350) #2059) (feat(llm): hot-reload provider chain from settings (supersedes #2059) #2673)
• 6419347 Preserve paused leases across engine auth resume (Preserve paused leases across engine auth resume #2631)
• 4ab8e43 fix(gateway): unify v2 extension auth resume flow (fix(gateway): unify v2 extension auth resume flow #2622)
• 3c1f37b fix(slack): remember thread participation across replies (fix(slack): remember thread participation across replies #1540)
• 737029d fix(ci): target promotion PR for Claude review comments (fix(ci): target promotion PR for Claude review comments #2576)
• fddf56b docs(engine): clarify ENGINE_V2 opt-in startup (docs(engine): clarify ENGINE_V2 opt-in startup #2694)
• e2544ed feat(engine): add mission_get action for retrieving mission results (feat(engine): add mission_get action for retrieving mission results #2549)
• 544a893 refactor(gateway): extract extensions + jobs + settings + routines — ironclaw#2599 stages 4d + 5 (refactor(gateway): extract extensions + jobs + settings + routines — ironclaw#2599 stages 4d + 5 #2687)
• fb4fc82 refactor(ownership): collapse OwnerId+Identity into UserId with role variants (refactor(ownership): collapse OwnerId+Identity into UserId with role variants #2677)
• fdaba10 feat(gateway): add attachment flows, v2 skill install coverage, and e2e stabilization (feat(gateway): add attachment flows, v2 skill install coverage, and e2e stabilization #2385)
• e88236a refactor(events): replace JobResult.status String with JobResultStatus enum (refactor(events): replace JobResult.status String with JobResultStatus enum #2678)
• 010bb70 refactor(gateway): promote cross-slice GatewayState builders to test_helpers — ironclaw#2599 stage-6 prereq (refactor(gateway): promote cross-slice GatewayState test builders — ironclaw#2599 stage-6 prereq #2704)
• 141435e feat(gateway): expose engine v2 threads in chat history and sidebar (feat(gateway): expose engine v2 threads in chat history and sidebar #2532)
• d30c76d feat: add debug inspector panel for web gateway (feat: add debug inspector panel for web gateway #1873)
• b5dde50 fix(gateway): address PR fix(gateway): unify v2 extension auth resume flow #2622 review feedback (follow-up) (fix(gateway): address PR #2622 review feedback (follow-up) #2701)
• 3c7925c refactor(gateway): delete server.rs shim + relocate tests to slices — ironclaw#2599 stage 6 (refactor(gateway): delete server.rs shim + relocate tests to slices — ironclaw#2599 stage 6 #2706)
• 0a8428f fix(telegram): handle 'message is too long' with retry splitting (fix(telegram): handle 'message is too long' with retry splitting #1943)
• 77e746f feat(portfolio): complete tool, tests, widget, and share-gains flow (feat(portfolio): complete tool, tests, widget, and share-gains flow #2368)
• 8bf25bc fix(setup): run migrations during onboard when DATABASE_URL preset (onboard fails with "Failed to save settings to database", but ironclaw starts successfully and applies migrations #846) (fix(setup): run migrations during onboard when DATABASE_URL preset (#846) #2309)
• f2c4c25 docs(skills): clarify /search/issues returns issues and PRs (docs(skills): clarify /search/issues returns issues and PRs #2713)
• 0476a3d fix(gateway): Settings extension button label reflects auth state ([QA] Activate button shows credential popup for already-installed tools #2235) (fix(gateway): Settings extension button label reflects auth state (#2235) #2709)
• 833cb48 refactor(channels): introduce ExternalThreadId newtype at channel boundary (refactor(channels): introduce ExternalThreadId newtype at channel boundary #2685)
• d8802e6 fix(wasm): gate websocket runtime on auth and stop reconnect loop on fatal closes (WASM channel runtime: stop websocket/poll reconnect loops when auth is missing or rejected #2557) (fix(wasm): gate websocket runtime on auth and stop reconnect loop on fatal closes (#2557) #2707)
• a69aa54 refactor(gateway): hygiene batch — delete dead handler, tighten boundaries, add caller-level chat tests (refactor(gateway): hygiene batch — delete dead handler, tighten boundaries, add caller-level chat tests #2712)
• 862ac13 feat(memory): configurable insights interval, session summary hook, reasoning-augmented recall (feat(memory): configurable insights interval, session summary hook, reasoning-augmented recall #2336)
• 532e07f fix: prevent immediate requests creating missions (fix: prevent immediate requests creating missions #2328)
• c8f8753 fix(gateway): remove v2 active-work pills from web ui (fix(gateway): remove v2 active-work pills from web ui #2671)
• 038853f refactor(types): adopt MissionId in router + introduce McpServerName (refactor(types): adopt MissionId in router + introduce McpServerName #2681)
• ab38a0b feat(bridge): workspace-backed project registration + adapter improvements (feat(bridge): workspace-backed project registration + adapter improvements #2533)
• 5d99d55 fix(gate): handle orphaned approval gates when thread deleted (fix(gate): handle orphaned approval gates when thread deleted #2347)
• c725366 docs(rules): add review-driven guidance for Claude Code (docs(rules): add review-driven guidance for Claude Code #2714)
• e0c029c ci: validate Cargo.toml version before use in Docker workflows ([CRITICAL] Command injection vulnerability: extracted VERSION from Cargo.toml is used in sh #1901) (ci: validate Cargo.toml version before use in Docker workflows (#1901) #2742)
• 4577d0e fix(gateway): wire standalone missions tab (load, back, refresh) (fix(gateway): wire standalone missions tab (load, back, refresh) #2745)
• 392a33a feat(tui): support multiline message drafting (feat(tui): support multiline message drafting #2462)
• ae9b179 fix(channel): feishu pairing (fix(channel): feishu pairing #2454)
• e35099d [codex] Support web document uploads ([codex] Support web document uploads #2332)
• ... and 18 more (see compare view)

Current commits in this promotion (1)

Current base: staging-promote/4dea5dd5-24736995931
Current head: staging-promote/e29429d7-24742613700
Current range: origin/staging-promote/4dea5dd5-24736995931..origin/staging-promote/e29429d7-24742613700

• e29429d fix(e2e): multi-tenant widget isolation + portfolio nudge recovery (fix(e2e): multi-tenant widget isolation + portfolio nudge recovery #2790)

Auto-updated by staging promotion metadata workflow

Waiting for gates:

• Tests: pending
• E2E: pending
• Claude Code review: pending (will post comments on this PR)

---

Auto-created by staging-ci workflow

[claude]

Code review

Found 10 issues:

1. [HIGH:90] Port Binding TOCTOU Race Condition

Between closing the port-reservation sockets and passing those port numbers to create_subprocess_exec(), another process could bind to either port, causing subprocess failures or binding to unintended ports. The pattern should pass socket file descriptors directly or use SO_REUSEADDR, rather than close-then-use.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 209 to 266 in e29429d

	reserved = []
	for _ in range(2):
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.bind(("127.0.0.1", 0))
	reserved.append(sock)
	gateway_port = reserved[0].getsockname()[1]
	http_port = reserved[1].getsockname()[1]
	for sock in reserved:
	sock.close()
	env = {
	"PATH": os.environ.get("PATH", "/usr/bin:/bin"),
	"HOME": home_dir,
	"IRONCLAW_BASE_DIR": os.path.join(home_dir, ".ironclaw"),
	"RUST_LOG": "ironclaw=info",
	"RUST_BACKTRACE": "1",
	"IRONCLAW_OWNER_ID": "e2e-widget-multi-tenant",
	"AGENT_MULTI_TENANT": "true",
	"GATEWAY_ENABLED": "true",
	"GATEWAY_HOST": "127.0.0.1",
	"GATEWAY_PORT": str(gateway_port),
	"GATEWAY_AUTH_TOKEN": AUTH_TOKEN,
	"GATEWAY_USER_ID": "e2e-widget-multi-tenant",
	"HTTP_HOST": "127.0.0.1",
	"HTTP_PORT": str(http_port),
	"CLI_ENABLED": "false",
	"LLM_BACKEND": "openai_compatible",
	"LLM_BASE_URL": mock_llm_server,
	"LLM_MODEL": "mock-model",
	"DATABASE_BACKEND": "libsql",
	"LIBSQL_PATH": os.path.join(db_tmpdir.name, "multi-tenant.db"),
	"SANDBOX_ENABLED": "false",
	"SKILLS_ENABLED": "true",
	"ROUTINES_ENABLED": "true",
	"HEARTBEAT_ENABLED": "false",
	"EMBEDDING_ENABLED": "false",
	"WASM_ENABLED": "false",
	"ONBOARD_COMPLETED": "true",
	}
	# Forward cargo-llvm-cov env vars so coverage data is captured in CI.
	cov_prefixes = ("CARGO_LLVM_COV", "LLVM_")
	cov_extras = ("CARGO_ENCODED_RUSTFLAGS", "CARGO_INCREMENTAL")
	for key, val in os.environ.items():
	if key.startswith(cov_prefixes) or key in cov_extras:
	env[key] = val
	proc = await asyncio.create_subprocess_exec(
	ironclaw_binary,
	"--no-onboard",
	stdin=asyncio.subprocess.DEVNULL,
	stdout=asyncio.subprocess.PIPE,
	stderr=asyncio.subprocess.PIPE,
	env=env,
	)
	base_url = f"http://127.0.0.1:{gateway_port}"
	try:

2. [HIGH:90] Fixture Code Duplication — DRY Violation

The multi_tenant_gateway_server and single_tenant_gateway_server fixtures are 95% identical (lines 122–192 vs 201–283). Both duplicate environment dict construction, port reservation logic, process spawning, error handling, and cleanup. This violates DRY and creates future maintenance risk when gateway env setup must be edited in multiple places.

Extract a shared _create_dedicated_gateway_server() helper function or move this logic to conftest.py to allow reuse across test files.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 201 to 283 in e29429d

	@pytest.fixture(scope="session")
	async def multi_tenant_gateway_server(ironclaw_binary, mock_llm_server):
	"""Dedicated gateway with AGENT_MULTI_TENANT=true for multi-tenant isolation tests."""
	home_tmpdir = tempfile.TemporaryDirectory(prefix="ironclaw-widget-multi-tenant-home-")
	home_dir = home_tmpdir.name
	db_tmpdir = tempfile.TemporaryDirectory(prefix="ironclaw-widget-multi-tenant-db-")
	os.makedirs(os.path.join(home_dir, ".ironclaw"), exist_ok=True)
	reserved = []
	for _ in range(2):
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.bind(("127.0.0.1", 0))
	reserved.append(sock)
	gateway_port = reserved[0].getsockname()[1]
	http_port = reserved[1].getsockname()[1]
	for sock in reserved:
	sock.close()
	env = {
	"PATH": os.environ.get("PATH", "/usr/bin:/bin"),
	"HOME": home_dir,
	"IRONCLAW_BASE_DIR": os.path.join(home_dir, ".ironclaw"),
	"RUST_LOG": "ironclaw=info",
	"RUST_BACKTRACE": "1",
	"IRONCLAW_OWNER_ID": "e2e-widget-multi-tenant",
	"AGENT_MULTI_TENANT": "true",
	"GATEWAY_ENABLED": "true",
	"GATEWAY_HOST": "127.0.0.1",
	"GATEWAY_PORT": str(gateway_port),
	"GATEWAY_AUTH_TOKEN": AUTH_TOKEN,
	"GATEWAY_USER_ID": "e2e-widget-multi-tenant",
	"HTTP_HOST": "127.0.0.1",
	"HTTP_PORT": str(http_port),
	"CLI_ENABLED": "false",
	"LLM_BACKEND": "openai_compatible",
	"LLM_BASE_URL": mock_llm_server,
	"LLM_MODEL": "mock-model",
	"DATABASE_BACKEND": "libsql",
	"LIBSQL_PATH": os.path.join(db_tmpdir.name, "multi-tenant.db"),
	"SANDBOX_ENABLED": "false",
	"SKILLS_ENABLED": "true",
	"ROUTINES_ENABLED": "true",
	"HEARTBEAT_ENABLED": "false",
	"EMBEDDING_ENABLED": "false",
	"WASM_ENABLED": "false",
	"ONBOARD_COMPLETED": "true",
	}
	# Forward cargo-llvm-cov env vars so coverage data is captured in CI.
	cov_prefixes = ("CARGO_LLVM_COV", "LLVM_")
	cov_extras = ("CARGO_ENCODED_RUSTFLAGS", "CARGO_INCREMENTAL")
	for key, val in os.environ.items():
	if key.startswith(cov_prefixes) or key in cov_extras:
	env[key] = val
	proc = await asyncio.create_subprocess_exec(
	ironclaw_binary,
	"--no-onboard",
	stdin=asyncio.subprocess.DEVNULL,
	stdout=asyncio.subprocess.PIPE,
	stderr=asyncio.subprocess.PIPE,
	env=env,
	)
	base_url = f"http://127.0.0.1:{gateway_port}"
	try:
	await wait_for_ready(f"{base_url}/api/health", timeout=60)
	yield base_url
	except TimeoutError:
	stderr_text = ""
	if proc.stderr:
	try:
	stderr_text = (await asyncio.wait_for(proc.stderr.read(8192), timeout=2)).decode(
	"utf-8",
	errors="replace",
	)
	except asyncio.TimeoutError:
	pass
	pytest.fail(f"multi-tenant widget server failed to start:\n{stderr_text}")
	finally:
	await _stop_proc(proc)
	home_tmpdir.cleanup()
	db_tmpdir.cleanup()

3. [HIGH:85] Unbounded Regex Compilation on Every match_response() Call

The _nudge_re pattern is compiled inside the function body (line 795–798) on every invocation. Since match_response() is called once per chat completion request (potentially hundreds of times per test run), this wastes CPU compiling the same regex repeatedly instead of caching it at module-level. Move the regex pattern definition outside the function.

ironclaw/tests/e2e/mock_llm.py

Lines 795 to 798 in e29429d

	_nudge_re = re.compile(
	r"You said you would perform an action|You expressed intent",
	re.IGNORECASE,
	)

4. [MEDIUM:85] Incomplete Async Fixture Scope Documentation

The multi_tenant_gateway_server is session-scoped with cleanup in the finally block (lines 282–283), but the relationship between session-scoped server lifespan and function-scoped cleanup fixture (clean_multi_tenant_customizations) is not documented. Add docstring clarifying expected fixture interaction and temp-dir cleanup ordering.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 201 to 206 in e29429d

	@pytest.fixture(scope="session")
	async def multi_tenant_gateway_server(ironclaw_binary, mock_llm_server):
	"""Dedicated gateway with AGENT_MULTI_TENANT=true for multi-tenant isolation tests."""
	home_tmpdir = tempfile.TemporaryDirectory(prefix="ironclaw-widget-multi-tenant-home-")
	home_dir = home_tmpdir.name
	db_tmpdir = tempfile.TemporaryDirectory(prefix="ironclaw-widget-multi-tenant-db-")

5. [MEDIUM:75] Multiple Sequential Regex Searches Without Early Return

The nudge recovery block (lines 800–813) iterates through all user messages and performs two regex searches per message without short-circuiting when a match is found. For conversations with 10+ user messages, this performs 20+ regex searches. Add an early return after the first successful domain-context match to avoid redundant searches.

ironclaw/tests/e2e/mock_llm.py

Lines 800 to 813 in e29429d

	for msg in messages:
	if msg.get("role") == "user":
	msg_text = _message_text(msg)
	if re.search(r"portfolio|defi|rebalance|yield.*positions", msg_text, re.IGNORECASE):
	return (
	"I'll analyze your DeFi portfolio. The portfolio skill is active and I can scan "
	"your wallet addresses across chains to discover positions, check yields, and "
	"suggest rebalancing opportunities."
	)
	if re.search(r"0x[a-fA-F0-9]{40}", msg_text, re.IGNORECASE):
	return (
	"I found your wallet address. Let me scan your portfolio across all supported "
	"chains to discover DeFi positions and classify them against known protocols."
	)

6. [MEDIUM:75] Mock LLM Pattern Matching — Unclear Fallthrough Behavior

The new nudge-recovery code (lines 789–813) runs before the CANNED_RESPONSES loop. If neither portfolio nor wallet context is found, code falls through to the generic nudge pattern in CANNED_RESPONSES (line 57). This "special-case-before-fallback" structure works but intent is not explicit. Document the fallthrough behavior in a comment above line 815 to clarify pattern matching precedence.

ironclaw/tests/e2e/mock_llm.py

Lines 789 to 815 in e29429d

	# Nudge recovery: when the engine sends a "you expressed intent but
	# didn't call a tool" nudge, check whether the conversation has
	# portfolio/wallet context from an earlier user message and return a
	# portfolio-relevant response so the nudge pattern (which matches
	# before the portfolio patterns in CANNED_RESPONSES) doesn't swallow
	# the domain context.
	_nudge_re = re.compile(
	r"You said you would perform an action|You expressed intent",
	re.IGNORECASE,
	)
	if _nudge_re.search(content):
	for msg in messages:
	if msg.get("role") == "user":
	msg_text = _message_text(msg)
	if re.search(r"portfolio|defi|rebalance|yield.*positions", msg_text, re.IGNORECASE):
	return (
	"I'll analyze your DeFi portfolio. The portfolio skill is active and I can scan "
	"your wallet addresses across chains to discover positions, check yields, and "
	"suggest rebalancing opportunities."
	)
	if re.search(r"0x[a-fA-F0-9]{40}", msg_text, re.IGNORECASE):
	return (
	"I found your wallet address. Let me scan your portfolio across all supported "
	"chains to discover DeFi positions and classify them against known protocols."
	)
	for pattern, response in CANNED_RESPONSES:

7. [MEDIUM:75] Session-Scoped Fixture with Implicit Resource Cleanup

The multi_tenant_gateway_server subprocess persists for the entire pytest session. If pytest crashes or is forcefully terminated before the finally block, the ironclaw process will leak as an orphan. In CI, this could accumulate processes across test runs. Either make the fixture function-scoped (per-test recreation) or add explicit process cleanup guarantees via pytest plugins.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 256 to 283 in e29429d

	proc = await asyncio.create_subprocess_exec(
	ironclaw_binary,
	"--no-onboard",
	stdin=asyncio.subprocess.DEVNULL,
	stdout=asyncio.subprocess.PIPE,
	stderr=asyncio.subprocess.PIPE,
	env=env,
	)
	base_url = f"http://127.0.0.1:{gateway_port}"
	try:
	await wait_for_ready(f"{base_url}/api/health", timeout=60)
	yield base_url
	except TimeoutError:
	stderr_text = ""
	if proc.stderr:
	try:
	stderr_text = (await asyncio.wait_for(proc.stderr.read(8192), timeout=2)).decode(
	"utf-8",
	errors="replace",
	)
	except asyncio.TimeoutError:
	pass
	pytest.fail(f"multi-tenant widget server failed to start:\n{stderr_text}")
	finally:
	await _stop_proc(proc)
	home_tmpdir.cleanup()
	db_tmpdir.cleanup()

8. [MEDIUM:70] Unconstrained Environment Variable Forwarding

Coverage environment variables are forwarded from the outer environment using key.startswith(cov_prefixes) without explicit allowlisting (lines 249–254). While intentional for CI, this forwards any key starting with LLVM_ or CARGO_LLVM_COV, including potentially sensitive ones. Explicitly enumerate allowed keys (e.g., LLVM_PROFILE_FILE) rather than prefix-matching.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 249 to 254 in e29429d

	# Forward cargo-llvm-cov env vars so coverage data is captured in CI.
	cov_prefixes = ("CARGO_LLVM_COV", "LLVM_")
	cov_extras = ("CARGO_ENCODED_RUSTFLAGS", "CARGO_INCREMENTAL")
	for key, val in os.environ.items():
	if key.startswith(cov_prefixes) or key in cov_extras:
	env[key] = val

9. [MEDIUM:70] Duplicate Coverage Env Forwarding Logic

The _forward_coverage_env() logic (lines 249–254) duplicates identical code from conftest.py. Call the existing shared helper from conftest.py instead of re-implementing inline. This indicates the fixture should live in conftest.py for reuse.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 249 to 254 in e29429d

	# Forward cargo-llvm-cov env vars so coverage data is captured in CI.
	cov_prefixes = ("CARGO_LLVM_COV", "LLVM_")
	cov_extras = ("CARGO_ENCODED_RUSTFLAGS", "CARGO_INCREMENTAL")
	for key, val in os.environ.items():
	if key.startswith(cov_prefixes) or key in cov_extras:
	env[key] = val

10. [MEDIUM:70] Temporary Directory Cleanup Order Issue

In the fixture finally-block (lines 282–283), home_tmpdir.cleanup() is called before ensuring the subprocess has fully released all file handles. If the subprocess is still writing logs/state during the graceful shutdown window, cleanup could fail silently or leave locked files. Reorder: close the process context first, then cleanup directories.

ironclaw/tests/e2e/scenarios/test_widget_customization.py

Lines 273 to 283 in e29429d

	stderr_text = (await asyncio.wait_for(proc.stderr.read(8192), timeout=2)).decode(
	"utf-8",
	errors="replace",
	)
	except asyncio.TimeoutError:
	pass
	pytest.fail(f"multi-tenant widget server failed to start:\n{stderr_text}")
	finally:
	await _stop_proc(proc)
	home_tmpdir.cleanup()
	db_tmpdir.cleanup()