feat(services): service init restructuring + container fork safety

Author: ogabrielluiz

src/backend/base/langflow/__main__.py

@@ -8,7 +8,6 @@
 import time
 import warnings
 from contextlib import suppress
-from functools import partial
 from ipaddress import ip_address
 from pathlib import Path
 
@@ -339,13 +338,8 @@ def run(
         static_files_dir: Path | None = Path(frontend_path) if frontend_path else None
 
     # Step 2: Starting Core Services
-    app = None
-    app_factory = None
     with progress.step(2):
-        if platform.system() == "Windows":
-            app = setup_app(static_files_dir=static_files_dir, backend_only=bool(backend_only))
-        else:
-            app_factory = partial(setup_app, static_files_dir=static_files_dir, backend_only=bool(backend_only))
+        app = setup_app(static_files_dir=static_files_dir, backend_only=bool(backend_only))
 
     # Step 3: Connecting Database (this happens inside setup_app via dependencies)
     with progress.step(3):
@@ -381,10 +375,6 @@ def run(
         with progress.step(6):
             import uvicorn
 
-            if app is None:
-                msg = "Windows startup requires a pre-built FastAPI application."
-                raise RuntimeError(msg)
-
             # Print summary and banner before starting the server, since uvicorn is a blocking call.
             # We _may_ be able to subprocess, but with window's spawn behavior, we'd have to move all
             # non-picklable code to the subprocess.
@@ -416,20 +406,16 @@ def run(
             # Use Gunicorn with LangflowUvicornWorker for non-Windows systems
             from langflow.server import LangflowApplication
 
-            if app_factory is None:
-                msg = "Gunicorn startup requires an application factory."
-                raise RuntimeError(msg)
-
             options = {
                 "bind": f"{host}:{port}",
                 "workers": get_number_of_workers(workers),
                 "timeout": worker_timeout,
                 "certfile": ssl_cert_file_path,
                 "keyfile": ssl_key_file_path,
                 "log_level": log_level.lower() if log_level is not None else "info",
-                "preload_app": os.environ.get("LANGFLOW_GUNICORN_PRELOAD", "false").lower() == "true",
+                "preload_app": os.environ.get("LANGFLOW_GUNICORN_PRELOAD", "true").lower() == "true",
             }
-            server = LangflowApplication(app_factory, options)
+            server = LangflowApplication(app, options)
 
             # Start the webapp process
             process_manager.webapp_process = Process(target=server.run)

src/backend/base/langflow/initial_setup/setup.py

@@ -1269,12 +1269,6 @@ async def get_or_create_default_folder(session: AsyncSession, user_id: UUID) ->
 
     This implementation avoids an external distributed lock and works with both SQLite and PostgreSQL.
 
-    The function only creates a new default folder on first initialization (when the user has no
-    folders at all). If the user has already been through initial setup and has at least one folder
-    — even if they renamed the default or only kept other folders — the existing folder is returned
-    instead of creating a new "Starter Project". This prevents a phantom default folder from being
-    forced back into the UI every time the user logs in or the server restarts.
-
     Args:
         session (AsyncSession): The active database session.
         user_id (UUID): The ID of the user who owns the folder.
@@ -1316,18 +1310,7 @@ async def get_or_create_default_folder(session: AsyncSession, user_id: UUID) ->
                     await session.rollback()
                     break
 
-    # Respect prior user intent: if the user already has folders (e.g. they renamed the
-    # default folder to something like "My Flows"), do not force a new "Starter Project" back
-    # into their UI on every login/server restart. Return any existing folder instead.
-    any_folder_stmt = (
-        select(Folder).where(Folder.user_id == user_id).order_by(Folder.id).limit(1)  # type: ignore[arg-type]
-    )
-    any_folder = (await session.exec(any_folder_stmt)).first()
-    if any_folder:
-        return FolderRead.model_validate(any_folder, from_attributes=True)
-
-    # No existing folder found for this user — this is the first-time setup path.
-    # Create the default folder.
+    # If no existing folder found, create a new one
     try:
         folder_obj = Folder(user_id=user_id, name=DEFAULT_FOLDER_NAME, description=DEFAULT_FOLDER_DESCRIPTION)
         session.add(folder_obj)

src/backend/base/langflow/initial_setup/starter_project_hash.py

@@ -0,0 +1,161 @@
+"""SVC-01 starter-projects hash gate helpers.
+
+Computes a content hash over the starter-project JSON files plus the installed
+``lfx`` package version, and persists it as plaintext under
+``${LANGFLOW_CONFIG_DIR}/starter_projects.hash``. ``main.py`` uses the hash to
+short-circuit the full starter-project re-sync on restarts where nothing
+changed.
+
+Failure modes (D-04): missing, unreadable, or corrupt hash files all fall
+through to a full re-sync. ``LANGFLOW_FORCE_STARTER_RESYNC=1`` bypasses the
+comparison. Write failures (read-only root filesystem, e.g. container
+deployments) log at debug level and never raise -- mirroring the
+``update_project_file`` pattern at ``setup.py:690-701``.
+"""
+
+from __future__ import annotations
+
+import hashlib
+import os
+from importlib.metadata import PackageNotFoundError, version
+from typing import TYPE_CHECKING, Any
+
+import aiofiles
+from lfx.log.logger import logger
+
+if TYPE_CHECKING:
+    from collections.abc import Awaitable, Callable
+    from pathlib import Path
+
+    import anyio
+
+HASH_FILENAME = "starter_projects.hash"
+_HEX_LEN = 64
+
+
+async def compute_starter_projects_hash(starter_folder: anyio.Path) -> str:
+    """Return a SHA256 hex digest over the starter folder contents + ``lfx`` version.
+
+    The digest updates with ``filename || NUL || file_bytes || NUL`` for each
+    ``*.json`` file in ``starter_folder`` sorted by filename, followed by the
+    installed ``lfx`` package version string. Sorting is load-bearing: glob
+    order is not stable across filesystems.
+
+    If ``importlib.metadata.version("lfx")`` raises ``PackageNotFoundError``
+    (source-only checkout without ``pip install -e .``), the sentinel
+    ``"unknown"`` is substituted (Pattern F / Pitfall 5). The hash remains
+    stable within such an environment but will invalidate whenever the
+    fallback fires in a fresh environment -- acceptable per D-01.
+    """
+    try:
+        pkg_version = version("lfx")
+    except PackageNotFoundError:
+        pkg_version = "unknown"
+    hasher = hashlib.sha256()
+    paths = sorted(
+        [p async for p in starter_folder.glob("*.json")],
+        key=lambda p: p.name,
+    )
+    for path in paths:
+        hasher.update(path.name.encode("utf-8"))
+        hasher.update(b"\x00")
+        hasher.update(await path.read_bytes())
+        hasher.update(b"\x00")
+    hasher.update(pkg_version.encode("utf-8"))
+    return hasher.hexdigest()
+
+
+async def read_hash_file_safe(hash_path: Path) -> str | None:
+    """Return the stored SHA hex string, or ``None`` on any failure.
+
+    Skips comment lines (starting with ``#``) and returns the first line that
+    is exactly 64 lowercase hex characters. Returns ``None`` for:
+
+    - Missing file (``FileNotFoundError``)
+    - Unreadable file (``OSError`` / ``PermissionError``)
+    - Empty content
+    - Corrupt content (first non-comment line is not 64 hex chars)
+
+    The caller is expected to treat ``None`` as a cache miss and fall through
+    to a full re-sync (D-04).
+    """
+    try:
+        async with aiofiles.open(str(hash_path), encoding="utf-8") as f:
+            content = await f.read()
+    except (OSError, FileNotFoundError):
+        return None
+    for raw_line in content.splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#"):
+            continue
+        if len(line) == _HEX_LEN and all(c in "0123456789abcdef" for c in line):
+            return line
+        return None
+    return None
+
+
+async def write_hash_file_safe(hash_path: Path, sha_hex: str, version_string: str) -> None:
+    """Write ``sha_hex`` + a ``# version:`` comment line to ``hash_path``.
+
+    Ensures the parent directory exists (``mkdir(parents=True, exist_ok=True)``
+    on the parent). Swallows ``OSError`` (Pattern E) so that a read-only
+    filesystem -- common in containerized deployments with
+    ``readOnlyRootFilesystem: true`` -- does not crash lifespan startup; the
+    hash gate simply falls through to a full re-sync on every restart in that
+    environment.
+    """
+    content = f"{sha_hex}\n# version: {version_string}\n"
+    try:
+        hash_path.parent.mkdir(parents=True, exist_ok=True)
+        async with aiofiles.open(str(hash_path), "w", encoding="utf-8") as f:
+            await f.write(content)
+    except OSError as e:
+        await logger.adebug(
+            f"Could not write starter-projects hash file (read-only filesystem): {e}. "
+            "Hash gate will fall through to full re-sync on each restart."
+        )
+
+
+def is_force_resync_requested() -> bool:
+    """Return ``True`` if ``LANGFLOW_FORCE_STARTER_RESYNC`` is set to 1/true/yes.
+
+    Comparison is case-insensitive and whitespace-stripped. Any other value
+    (empty string, unset, "no", "0") returns ``False`` so the hash comparison
+    path runs normally.
+    """
+    return os.getenv("LANGFLOW_FORCE_STARTER_RESYNC", "").strip().lower() in ("1", "true", "yes")
+
+
+async def run_starter_projects_hash_gate(
+    *,
+    starter_folder: anyio.Path,
+    hash_path: Path,
+    sync_fn: Callable[[], Awaitable[Any]],
+) -> bool:
+    """Execute the SVC-01 hash-gated starter-project sync.
+
+    This helper encapsulates the hash compare / sync / write sequence so both
+    ``main.py`` (inside its ``FileLock``) and the Phase 4 parity tests invoke
+    the exact same code path. ``sync_fn`` is a zero-arg coroutine factory the
+    caller uses to pass in ``create_or_update_starter_projects(all_types_dict)``
+    with ``all_types_dict`` already bound.
+
+    Returns ``True`` when the full re-sync ran (cache miss or force-resync),
+    ``False`` when the hash matched and the sync was skipped.
+
+    The caller is responsible for wrapping this in its own ``FileLock`` /
+    error-handling context (TOCTOU safety per Pitfall 2). The gate itself
+    does not manage locking.
+    """
+    expected = await compute_starter_projects_hash(starter_folder)
+    actual = await read_hash_file_safe(hash_path)
+    if is_force_resync_requested() or actual != expected:
+        await sync_fn()
+        try:
+            pkg_v = version("lfx")
+        except PackageNotFoundError:
+            pkg_v = "unknown"
+        await write_hash_file_safe(hash_path, expected, pkg_v)
+        return True
+    await logger.adebug("Starter projects hash matches; skipped re-sync")
+    return False