{"uuid": "7fa5c939-a6de-430f-a26a-ecec60d775f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-5xrq-8626-4rwp", "type": "seen", "source": "https://gist.github.com/kameking-lab/efb68ee24b485f78790081797ce23d44", "content": "# Worker Hang \u518d\u767a\u9632\u6b62 + IPA\u30bf\u30a4\u30c8\u30eb\u533a\u5206\u982d\u51fa\u3057 (2026-06-02)\n\n## TL;DR\n\n- **2026-06-01 \u7d42\u65e5\u306e cron \u4e0d\u767a\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8** (worker alive \u306e\u307e\u307e node-cron \u304c\n  \"missed execution at 19:30/22:00\" \u3092 WARN \u3057\u7d9a\u3051\u3001\u5168 publish \u304c\u4e0d\u767a) \u5bfe\u7b56\u3068\u3057\u3066\n  - heartbeat \u30d5\u30a1\u30a4\u30eb (5min \u6bce\u3001\u5916\u90e8\u76e3\u8996\u53ef)\n  - pm2 cron_restart (\u6bce\u65e5 04:00 JST \u4e88\u9632\u518d\u8d77\u52d5)\n  - process.on(unhandledRejection/uncaughtException) \u3067\u975e0 exit \u2192 autorestart\n  \u3092\u591a\u5c64\u3067\u5b9f\u88c5 (PR #170)\n- **\u66f4\u306b\u6df1\u523b: 2026-06-02 \u671d\u4ee5\u964d worker \u304c\u5b8c\u5168\u505c\u6b62** (PM2 daemon \u305d\u306e\u3082\u306e\u304c killed\u3001\n  ~23h \u30c0\u30a6\u30f3\u3001\u51685 publish \u6a5f\u4f1a\u55aa\u5931)\u3002\u3053\u308c\u306f pm2 startup \u304c\u672a\u767b\u9332\u306a\u305f\u3081 Windows\n  \u30ea\u30d6\u30fc\u30c8\u5f8c\u306b\u81ea\u52d5\u5fa9\u5e30\u3057\u306a\u3044\u65e2\u77e5\u30d1\u30bf\u30fc\u30f3 (memory: `worker-down-after-reboot`)\u3002\n  \u672c\u30bb\u30c3\u30b7\u30e7\u30f3\u3067 pm2 start \u3067\u5fa9\u65e7\u3001pm2 startup \u306e\u767b\u9332\u306f owner \u4f5c\u696d\u3068\u3057\u3066\u5225\u5efa\u3066\u3002\n- **IPA\u30bf\u30a4\u30c8\u30eb\u8a2d\u8a08\u6539\u5584** (PR #171): ipa-quiz / ipa-sikaku \u306f \u300c\u3010\u533a\u5206\u540d\u3011\u3007\u3007\u300d\n  \u5f62\u5f0f\u3092\u5f37\u5236 (Claude prompt + \u54c1\u8cea\u30b2\u30fc\u30c8\u306e warning)\n- **vitest CVE \u5bfe\u5fdc** (PR #172): vitest 3.2.4 \u306e critical advisory \u3092\u53d7\u3051 4.1.8 \u306b\u4e0a\u3052\n- \u65e2\u5b58\u30b9\u30c8\u30c3\u30af\u306e\u30bf\u30a4\u30c8\u30eb\u30fb\u5185\u5bb9\u306f\u5909\u66f4\u305b\u305a (\u691c\u8a3c\u30c7\u30fc\u30bf\u4fdd\u8b77)\n\n## 1. 2026-06-01 \u306e\u30cf\u30f3\u30b0\u72b6\u6cc1\u5206\u6790 (\u5b9f\u30ed\u30b0\u304b\u3089\u6642\u7cfb\u5217)\n\n### 1.1 worker-out.log \u629c\u7c8b\n```\n2026-06-01 00:00:00 +09:00: [worker] daily-summary written: ...\n2026-06-01 00:00:02 +09:00: [worker] daily-summary committed and pushed\n2026-06-01 06:00:00 +09:00: [worker:auto-refill] fridge-chef: 34 \u672c (\u22656) \u2014 \u30b9\u30ad\u30c3\u30d7\n2026-06-01 06:00:00 +09:00: ... (\u4ed64\u30a2\u30ab\u30a6\u30f3\u30c8\u3082\u540c\u69d8)\n2026-06-01 06:00:00 +09:00: [worker:auto-refill] \u30ed\u30b0\u3092\u66f8\u304d\u8fbc\u307f\u307e\u3057\u305f\n(* \u3053\u3053\u3067\u9014\u7d76 *)\n2026-06-01 22:37:22 +09:00: [worker] B-002 timezone check ... (= \u79c1\u306e restart)\n```\n\n\u2192 06:00:00 \u4ee5\u964d 22:37 restart \u307e\u3067\u3001**worker-out.log \u3078\u306e\u66f8\u304d\u8fbc\u307f\u304c\u7d0416\u6642\u9593\n   \u5b8c\u5168\u505c\u6b62**\u3002\u671f\u5f85\u3055\u308c\u305f\u30a4\u30d9\u30f3\u30c8 (fridge 07:30, ipa-sikaku 12:30, pasha 17:30,\n   anzen 19:30, ipa-quiz 22:00 \u306e publish) \u3044\u305a\u308c\u3082\u8a18\u9332\u306a\u3057\u3002\n\n### 1.2 worker-err.log \u3067\u306e\u75d5\u8de1\n```\n2026-06-01 19:30:01 +09:00: [NODE-CRON] [WARN] missed execution at Mon Jun 01 2026 19:30:00\n  ! Possible blocking IO or high CPU user at the same process used by node-cron.\n2026-06-01 22:00:01 +09:00: [NODE-CRON] [WARN] missed execution at Mon Jun 01 2026 22:00:00\n```\n\n\u2192 node-cron \u306f\u300c\u524d\u306e\u30b8\u30e7\u30d6\u304c\u307e\u3060\u52d5\u3044\u3066\u3044\u308b / event loop \u304c\u30d6\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u300d\n   \u3068\u5224\u5b9a\u3057\u3066\u65b0\u898f\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u3092 skip \u3057\u3001warn \u3092\u6295\u3052\u305f\u3002\u3053\u308c\u304c\u4e8b\u5b9f\u4e0a\u552f\u4e00\u306e\n   \u751f\u5b58\u30b7\u30b0\u30ca\u30eb (logEvent \u3067\u306f\u306a\u304f\u76f4\u63a5 stderr \u306b\u51fa\u308b\u30bf\u30a4\u30d7\u306e WARN)\u3002\n\n### 1.3 pm2 / process \u8996\u70b9\n- pm2 list \u306f\u7d42\u59cb pid 29536 online (28h uptime) \u3092\u8868\u793a\n- pm2 autorestart=true \u306f process exit \u6642\u3057\u304b\u767a\u706b\u3057\u306a\u3044\u3002event loop hang \u3067\u306f\u7121\u529b\n- max_memory_restart=512M \u306f\u8d85\u904e\u3057\u306a\u304b\u3063\u305f (memory 30-110MB \u3067\u63a8\u79fb)\n\n### 1.4 \u771f\u56e0 (\u4eee\u8aac\u3001\u672a\u5b8c\u5168\u89e3\u660e)\n- 07:30 fridge publish \u306e child process spawn \u6642\u306b\u4f55\u304b\u304c parent \u5074\u306e event loop\n  \u3092\u30d6\u30ed\u30c3\u30af\u3057\u305f\u53ef\u80fd\u6027\u3002Windows \u74b0\u5883\u3067 stdio:\"inherit\" \u306e pipe handle \u304c\n  Chrome (Playwright) \u3068\u7af6\u5408\u3059\u308b\u4e8b\u4f8b\u306f M-015 docs \u306b\u3042\u308a\n- \u3082\u3057\u304f\u306f\u672a\u51e6\u7406 Promise rejection \u304c\u63e1\u308a\u6f70\u3055\u308c\u3066 event loop \u304c\u6b62\u307e\u3063\u305f\n- JOB_TIMEOUT_MS=10min \u306f child process \u5074\u306e\u307f kill \u3059\u308b\u305f\u3081\u3001parent \u5074\u30cf\u30f3\u30b0\n  \u306f\u6551\u3048\u306a\u3044\n\n\u2192 \u78ba\u5b9f\u306a\u5bfe\u7b56\u3068\u3057\u3066 **heartbeat + cron_restart + crash hooks** \u306e\u591a\u5c64\u9632\u5fa1\u3092\u5b9f\u88c5\u3002\n\n### 1.5 (\u6df1\u523b) 2026-06-02 \u306e worker \u5b8c\u5168\u505c\u6b62\n- 6/1 22:45 \u306b PR #168 (selector defensive) \u306e\u53cd\u6620\u3067 pm2 restart \u5b9f\u65bd (pid 31120)\n- \u305d\u3053\u304b\u3089 6/2 21:48 (\u672c\u30bb\u30c3\u30b7\u30e7\u30f3\u958b\u59cb) \u307e\u3067\u3001worker-out.log \u66f8\u304d\u8fbc\u307f\u306a\u3057\n- pm2 list \u304c\u7a7a (note-worker doesn't exist)\u3001daemon \u305d\u306e\u3082\u306e\u304c\u6d88\u3048\u3066\u3044\u305f\n- \u63a8\u6e2c: 6/1 22:45 \uff5e 6/2 \u4efb\u610f\u306e\u6642\u523b\u306b Windows \u518d\u8d77\u52d5 \u2192 PM2 daemon \u6b7b\u4ea1\n  \u2192 \u81ea\u52d5\u5fa9\u5e30\u305b\u305a (pm2 startup \u672a\u8a2d\u5b9a)\n- 6/2 fridge 07:30 / ipa-sikaku 12:30 / pasha 17:30 / anzen 19:30 / ipa-quiz 22:00\n  \u306e 5 publish \u6a5f\u4f1a\u3059\u3079\u3066\u55aa\u5931\n\n## 2. \u518d\u767a\u9632\u6b62 (PR #170 \u3067\u5b9f\u88c5)\n\n### 2.1 heartbeat (`apps/worker/src/heartbeat.ts`)\n- 5 \u5206\u6bce\u306b `logs/worker-heartbeat.json` \u306b\u66f8\u304f:\n  ```json\n  {\n    \"ts\": \"ISO timestamp\",\n    \"pid\": 42824,\n    \"uptimeSec\": 12345,\n    \"memRssMb\": 87.2,\n    \"runningJobs\": [\"fridge-chef\"],\n    \"keepAliveRunning\": false,\n    \"nodeVersion\": \"v24.13.1\"\n  }\n  ```\n- \u5916\u90e8\u76e3\u8996 (Windows Task Scheduler \u306e 1 \u884c\u30b9\u30af\u30ea\u30d7\u30c8\u7b49) \u304c mtime \u306e\u9bae\u5ea6\u3092\u898b\u308b\n- HEARTBEAT_STALE_MS=15min (3 \u00d7 \u9593\u9694) \u8d8a\u3048\u306a\u3089 \"hang \u7591\u3044\" \u2192 `pm2 restart` \u3067\u5fa9\u65e7\n\n### 2.2 cron_restart (`ecosystem.config.js`)\n```js\ncron_restart: \"0 4 * * *\", // \u6bce\u65e5 04:00 JST \u4e88\u9632\u518d\u8d77\u52d5\n```\n- \u5168 publish \u6642\u523b (07:30/12:30/17:30/19:30/22:00) \u3068\u7981\u6b62\u5e2f (07-08/19-20/21:30-22:30)\n  \u3092\u56de\u907f\u3057\u305f\u6700\u3082\u5b89\u5168\u306a\u6642\u9593\u5e2f\n- 6/1 \u306e\u3088\u3046\u306a event loop \u30cf\u30f3\u30b0\u3067\u3082 04:00 \u3067\u5fc5\u305a\u30ea\u30bb\u30c3\u30c8\n\n### 2.3 crash hooks (`apps/worker/src/index.ts`)\n```ts\nprocess.on(\"unhandledRejection\", (reason) =&gt; {\n  console.error(`[worker] FATAL unhandledRejection: ${msg}`);\n  process.exit(70); // pm2 autorestart \u306b\u4efb\u305b\u308b\n});\nprocess.on(\"uncaughtException\", (err) =&gt; { ... });\n```\n- \u65e7\u6765\u306f\u9ed9\u3063\u3066\u30cf\u30f3\u30b0\u72b6\u614b\u306e\u307e\u307e\u306b\u306a\u3063\u3066\u3044\u305f\u4e8b\u6848\u3092\u5f37\u5236 exit \u306b\u5909\u63db\n- pm2 autorestart=true \u304c\u62fe\u3063\u3066\u518d\u8d77\u52d5\u3059\u308b\n\n### 2.4 \u5225\u9014\u5fc5\u8981 (\u672c PR \u7bc4\u56f2\u5916\u3001owner \u4f5c\u696d)\n- **pm2 startup**: Windows \u30b5\u30fc\u30d3\u30b9\u3068\u3057\u3066 pm2 \u3092\u767b\u9332\u3057\u3001\u518d\u8d77\u52d5\u5f8c\u306e auto-resurrect\n  \u3092\u5b9f\u73fe\u3059\u308b\u3002\u30b3\u30de\u30f3\u30c9\u306f `pm2 startup` \u306e\u51fa\u529b\u3059\u308b\u7ba1\u7406\u8005\u6a29\u9650\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\n- \u3053\u308c\u304c\u5165\u3089\u306a\u3044\u3068 OS \u30ea\u30d6\u30fc\u30c8\u8d77\u56e0\u306e\u9577\u671f\u30c0\u30a6\u30f3 (6/2 \u306e 23h \u30c0\u30a6\u30f3) \u306f\u9632\u3052\u306a\u3044\n\n## 3. IPA\u30bf\u30a4\u30c8\u30eb\u8a2d\u8a08\u6539\u5584 (PR #171 \u3067\u5b9f\u88c5)\n\n### 3.1 \u306a\u305c\n- \u30c7\u30fc\u30bf\u5206\u6790 (docs/data-analysis-and-improvements-2026-05-31.md) \u3067 TOP10 view\n  \u8a18\u4e8b\u306e **10/10 \u304c\u6570\u5b57\u5165\u308a\u30019/10 \u304c\u30bf\u30fc\u30b2\u30c3\u30c8\u660e\u793a**\n- \u53d7\u9a13\u8005\u306b\u3068\u3063\u3066\u6700\u5f37\u306e\u30bf\u30fc\u30b2\u30c3\u30c8\u6307\u6a19\u306f\u300c\u81ea\u5206\u304c\u53d7\u3051\u308b\u8a66\u9a13\u533a\u5206\u540d\u300d\n- \u65e2\u5b58\u30bf\u30a4\u30c8\u30eb\u4f8b \u300c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5206\u91ce\u306e\u983b\u51fa\u554f\u984c\u30d1\u30bf\u30fc\u30f3\u300d \u3067\u306f\u53d7\u9a13\u8005\u306f\n  \u300c\u3053\u308c\u306f AP \u306e\u8a71? FE \u306e\u8a71? \u305d\u308c\u3068\u3082 NW \u30b9\u30da\u30b7\u30e3\u30ea\u30b9\u30c8?\u300d\u3068\u4e00\u76ee\u3067\u5224\u65ad\u3067\u304d\u306a\u3044\n\n### 3.2 \u5f62\u5f0f\n- \u30bf\u30a4\u30c8\u30eb\u5192\u982d\u306b\u5168\u89d2\u306e **\u3010\u533a\u5206\u540d\u3011** \u3092\u7f6e\u304f (\u534a\u89d2 [] \u306f\u4e0d\u53ef)\n- \u533a\u5206\u540d\u306f\u53d7\u9a13\u8005\u306b\u4f1d\u308f\u308b\u6b63\u5f0f\u540d\u79f0\u307e\u305f\u306f\u516c\u7684\u7565\u79f0\n- \u53d7\u7406\u30ea\u30b9\u30c8 (slug \u5225):\n  - **ipa-quiz**: IT\u30d1\u30b9\u30dd\u30fc\u30c8 / \u60c5\u5831\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30de\u30cd\u30b8\u30e1\u30f3\u30c8 / \u57fa\u672c\u60c5\u5831(\u6280\u8853\u8005) / \u5fdc\u7528\u60c5\u5831(\u6280\u8853\u8005)\n  - **ipa-sikaku** (\u9ad8\u5ea69\u533a\u5206): \u30d7\u30ed\u30b8\u30a7\u30af\u30c8\u30de\u30cd\u30fc\u30b8\u30e3 / \u30b7\u30b9\u30c6\u30e0\u76e3\u67fb\u6280\u8853\u8005 / IT\u30b9\u30c8\u30e9\u30c6\u30b8\u30b9\u30c8 / \u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30b9\u30da\u30b7\u30e3\u30ea\u30b9\u30c8 / \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u30da\u30b7\u30e3\u30ea\u30b9\u30c8 / \u60c5\u5831\u51e6\u7406\u5b89\u5168\u78ba\u4fdd\u652f\u63f4\u58eb / \u30b7\u30b9\u30c6\u30e0\u30a2\u30fc\u30ad\u30c6\u30af\u30c8 / \u30a8\u30f3\u30d9\u30c7\u30c3\u30c9\u30b7\u30b9\u30c6\u30e0\u30b9\u30da\u30b7\u30e3\u30ea\u30b9\u30c8 / IT\u30b5\u30fc\u30d3\u30b9\u30de\u30cd\u30fc\u30b8\u30e3\n\n### 3.3 \u5b9f\u88c5\u5834\u6240\n- **\u751f\u6210\u5074 (prompts.ts)**: `buildSystemPrompt(product, slug)` \u3067 IPA\u7cfb\u306e\u3068\u304d\n  system prompt \u672b\u5c3e\u306b\u30eb\u30fc\u30eb\u30fb\u53d7\u7406\u533a\u5206\u30fbslug\u5225\u306e\u4f8b\u3092\u6ce8\u5165\u3002Claude \u304c\u76f4\u63a5\u9075\u5b88\u3059\u308b\n- **\u691c\u67fb\u5074 (quality-gate.ts)**: `assessBodyQuality({title, slug, ...})` \u3067\n  IPA\u5f62\u5f0f\u4e0d\u4e00\u81f4\u3092 **warnings** \u306b\u51fa\u3059 (\u65e2\u5b58\u30b9\u30c8\u30c3\u30af\u6e29\u5b58\u306e\u305f\u3081 reject \u306f\u3057\u306a\u3044\u3001\n  \u904b\u7528\u30b7\u30b0\u30ca\u30eb)\n- `validateIpaTitlePrefix(title, slug)` \u7d14\u95a2\u6570\u3067\u518d\u5229\u7528\u53ef\u80fd (pure / I/O\u7121\u3057)\n\n### 3.4 \u9069\u7528\u7bc4\u56f2\n- ipa-quiz / ipa-sikaku \u306e\u307f\u3002fridge-chef / anzen-ai / pasha \u306f\u5909\u66f4\u306a\u3057\n- \u65e2\u5b58\u30b9\u30c8\u30c3\u30af (ready-to-post \u516870\u672c) \u306e\u30bf\u30a4\u30c8\u30eb\u30fb\u672c\u6587\u306f\u89e6\u3089\u306a\u3044\n- \u6b21\u56de\u306e Claude \u751f\u6210 + auto-refill \u304b\u3089\u65b0\u30eb\u30fc\u30eb\u304c\u52b9\u304f\n\n## 4. vitest CVE \u5bfe\u5fdc (PR #172)\n\n- vitest &lt;4.1.0 \u3067 [GHSA-5xrq-8626-4rwp](https://github.com/advisories/GHSA-5xrq-8626-4rwp)\n  (Vitest UI server arbitrary file read &amp; execute, critical) \u304c\u516c\u8868\n- \u5168 8 package.json \u3067 vitest \u3092 ^3.0.9 \u2192 ^4.1.0 (\u5b9f 4.1.8)\n- vitest 4 breaking: `vi.fn()` \u306e call history \u306f `vi.restoreAllMocks()` \u3067\n  \u30af\u30ea\u30a2\u3055\u308c\u306a\u304f\u306a\u3063\u305f \u2192 `mockReset()` \u3092 beforeEach \u306b\u660e\u793a (url-verify.test.ts)\n- \u5168 364 \u30c6\u30b9\u30c8\u7dd1\n\n## 5. \u5b8c\u4e86\u72b6\u614b (\u672c\u30bb\u30c3\u30b7\u30e7\u30f3)\n\n- main HEAD: 229495b (\u958b\u59cb\u6642) \u2192 \u5404 PR \u30de\u30fc\u30b8\u5f8c\u306b\u66f4\u65b0\u4e88\u5b9a\n- worker: pid 31120 \u2192 6/2 \u671d\u4ee5\u964d dead \u2192 pm2 start ecosystem.config.js \u3067\u5fa9\u65e7\n- 5\u30a2\u30ab\u30a6\u30f3\u30c8\u5168 authenticated, \u5168 publish \u6642\u523b scheduled\n- heartbeat 5min\u6bce\u306b `logs/worker-heartbeat.json` \u66f4\u65b0\n- cron_restart 04:00 JST \u4e88\u9632\u518d\u8d77\u52d5 \u8a2d\u5b9a\u6e08\n- IPA\u7cfb prompt \u5f37\u5316 (Claude \u751f\u6210\u5074\u306b\u3010\u533a\u5206\u540d\u3011\u30eb\u30fc\u30eb\u6ce8\u5165)\n\n## 6. \u6b21\u306e\u4eba\u9593\u5224\u65ad\u5fc5\u8981\u4e8b\u9805\n\n1. **\u3010\u6700\u91cd\u8981\u30fb\u5373\u5bfe\u5fdc\u63a8\u5968\u3011** `pm2 startup` (Windows \u30b5\u30fc\u30d3\u30b9\u767b\u9332) \u306e owner \u4f5c\u696d\u3002\n   \u3053\u308c\u304c\u306a\u3044\u3068 OS \u30ea\u30d6\u30fc\u30c8\u3067\u307e\u305f\u9577\u671f\u30c0\u30a6\u30f3\u304c\u8d77\u304d\u308b\n2. **\u3010\u660e\u65e5\u671d\u301c\u6570\u65e5\u3011** heartbeat \u304c\u60f3\u5b9a\u901a\u308a 5min \u6bce\u306b\u66f4\u65b0\u3055\u308c\u308b\u304b\u3001cron_restart\n   04:00 \u3067\u4e88\u9632\u518d\u8d77\u52d5\u304c\u8d70\u308b\u304b\u3092\u89b3\u5bdf\n3. **\u3010\u4efb\u610f\u3011** Phase 4 \u30cf\u30c3\u30b7\u30e5\u30bf\u30b0\u5f8c\u4ed8\u3051 (\u524d\u30bb\u30c3\u30b7\u30e7\u30f3\u6301\u3061\u8d8a\u3057) \u3092\u518d\u958b\u3059\u308b\u304b\n4. **\u3010\u4eca\u5f8c\u3011** 6/1 \u30cf\u30f3\u30b0\u306e\u771f\u56e0 (parent process event loop \u30d6\u30ed\u30c3\u30af\u6e90) \u3092\n   \u8a73\u7d30\u8ffd\u8de1\u3059\u308b\u304b (heartbeat \u304c\u3042\u308c\u3070\u6b21\u56de\u518d\u767a\u6642\u306b\u767a\u898b\u304c\u901f\u3044)\n", "creation_timestamp": "2026-06-02T13:34:19.000000Z"}