4aa06f652e
executus CI / test (pull_request) Failing after 58s
From PR #9 (minimax + deepseek): - Run now has a top-level recover() — the "never propagates a panic" promise was unenforced; a panicking host Port (Critic/Audit/Palette) on the run goroutine now becomes Result.Err instead of unwinding into the caller. - The critic deadline-watch goroutine recovers panics from a host Deadline() (it's a separate goroutine, so Run's recover can't catch it) — a buggy CriticHandle can't crash the process. - CriticHandle interface documents its concurrency contract (Record*/Steer on the run goroutine vs Deadline()/Stop() from the watch goroutine — impls must be concurrent-safe; the critic battery already is). - startCritic's dead `soft <= 0 -> noop` guard (withFallbacks already coerces to 90s) replaced with a defensive inline 90s default, so a bypass of withFallbacks still gets a working critic instead of silently none. - Delivery tests made honest: the old "error path" test only checked the early-return (no delivery); added TestDeliverErrorOnRunFailure (in-loop model error -> DeliverError to the target) + renamed the early-return test. Graded all #9 findings in the gadfly MCP. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
92 lines
2.7 KiB
Go
92 lines
2.7 KiB
Go
package run
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"gitea.stevedudenhoeffer.com/steve/majordomo/agent"
|
|
)
|
|
|
|
// criticDeadlineCheck is how often the deadline-watch goroutine polls the
|
|
// critic's hard deadline. Small relative to any realistic soft timeout.
|
|
const criticDeadlineCheck = time.Second
|
|
|
|
// criticBinding wires a CriticHandle into a run: the executor forwards activity
|
|
// (steps + tool starts) to it, binds the run's hard cancellation to the critic's
|
|
// extendable deadline, and exposes the critic's Steer messages as an agent
|
|
// RunOption. All methods are nil-safe so the executor can call them
|
|
// unconditionally when no critic is configured.
|
|
type criticBinding struct {
|
|
h CriticHandle
|
|
}
|
|
|
|
// startCritic begins critic monitoring for this run when one is configured and
|
|
// the agent enables it. It launches a goroutine that cancels runCtx (via cancel)
|
|
// the moment the critic's hard deadline passes — the critic may extend that
|
|
// deadline, so a healthy-but-slow run is given room while a hung one is killed.
|
|
// Returns (nil, no-op stop) when there is no critic. The caller MUST defer the
|
|
// returned stop.
|
|
func (e *Executor) startCritic(runCtx context.Context, cancel context.CancelFunc, ra RunnableAgent, info RunInfo) (*criticBinding, func()) {
|
|
noop := func() {}
|
|
if e.cfg.Ports.Critic == nil || !ra.Critic.Enabled {
|
|
return nil, noop
|
|
}
|
|
soft := e.cfg.Defaults.CriticSoftTimeout
|
|
if soft <= 0 {
|
|
soft = 90 * time.Second // defensive: withFallbacks normally guarantees >0
|
|
}
|
|
h := e.cfg.Ports.Critic.Monitor(runCtx, info, soft)
|
|
if h == nil {
|
|
return nil, noop
|
|
}
|
|
done := make(chan struct{})
|
|
go func() {
|
|
// A host CriticHandle.Deadline() that panics must not crash the process
|
|
// (this runs on its own goroutine, so the executor's top-level recover
|
|
// can't catch it). Log-free best-effort: just stop watching.
|
|
defer func() { _ = recover() }()
|
|
t := time.NewTicker(criticDeadlineCheck)
|
|
defer t.Stop()
|
|
for {
|
|
select {
|
|
case <-done:
|
|
return
|
|
case <-runCtx.Done():
|
|
return
|
|
case <-t.C:
|
|
// A zero deadline = no hard cap (not yet set); otherwise cancel
|
|
// once we're at or past it.
|
|
if d := h.Deadline(); !d.IsZero() && !time.Now().Before(d) {
|
|
cancel()
|
|
return
|
|
}
|
|
}
|
|
}
|
|
}()
|
|
return &criticBinding{h: h}, func() {
|
|
close(done)
|
|
h.Stop()
|
|
}
|
|
}
|
|
|
|
func (b *criticBinding) recordStep(iter int) {
|
|
if b != nil {
|
|
b.h.RecordStep(iter)
|
|
}
|
|
}
|
|
|
|
func (b *criticBinding) recordToolStart(name, args string) {
|
|
if b != nil {
|
|
b.h.RecordToolStart(name, args)
|
|
}
|
|
}
|
|
|
|
// steerOptions returns the agent RunOptions that drain the critic's steer
|
|
// messages into the loop. Empty when there is no critic.
|
|
func (b *criticBinding) steerOptions() []agent.RunOption {
|
|
if b == nil {
|
|
return nil
|
|
}
|
|
return []agent.RunOption{agent.WithSteer(b.h.Steer)}
|
|
}
|