5b5ee4148e
When a run enables the critic (Ports.Critic set + RunnableAgent.Critic.Enabled), the kernel no longer hard-caps it at MaxRuntime. MaxRuntime becomes the SOFT trigger (passed to startCritic, used by the host critic as its wake + the base for its extendable backstop); the critic's deadline-watch is the real hard cancel. This restores mort's old agentexec two-tier timeout semantics — a slow-but-progressing run (e.g. a parent agent blocked on a 30-min animate render) is given room up to the critic's backstop instead of being killed at the nominal MaxRuntime. Specifics: - run/executor.go: the WithTimeout(MaxRuntime) is now conditional. Non-critic runs keep the literal MaxRuntime kill (→ "timeout"). Critic-owned runs get a GENEROUS WithTimeout at the new Defaults.CriticAbsoluteMax (default 6h) as a failsafe ceiling only — it never fires before the critic's backstop, and it guarantees a broken/nil host handle can't run unbounded. - run/critic.go: startCritic takes the resolved MaxRuntime as the soft trigger (falling back to Defaults.CriticSoftTimeout, then 90s), instead of always using the global CriticSoftTimeout. - Defaults.CriticAbsoluteMax added (withFallbacks default 6h). - Tests: non-critic dies at MaxRuntime; critic-owned survives past it; soft trigger == MaxRuntime. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Jo75sqmeVPgFUWZQBn179X
132 lines
4.9 KiB
Go
132 lines
4.9 KiB
Go
package run_test
|
|
|
|
import (
|
|
"context"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
|
|
"gitea.stevedudenhoeffer.com/steve/majordomo/llm"
|
|
"gitea.stevedudenhoeffer.com/steve/majordomo/provider/fake"
|
|
|
|
"gitea.stevedudenhoeffer.com/steve/executus/run"
|
|
"gitea.stevedudenhoeffer.com/steve/executus/tool"
|
|
)
|
|
|
|
// slowToolInvocation builds an Invocation whose session factory adds a "slow"
|
|
// tool that sleeps for d (respecting ctx). The model script calls it once, then
|
|
// answers — so the run's wall-clock is dominated by d, letting a test set a tiny
|
|
// MaxRuntime and observe whether MaxRuntime hard-cancels the run.
|
|
func slowToolInvocation(runID string, d time.Duration) tool.Invocation {
|
|
slow := llm.DefineTool("slow", "sleeps for a while",
|
|
func(ctx context.Context, _ struct{}) (any, error) {
|
|
select {
|
|
case <-time.After(d):
|
|
return "ok", nil
|
|
case <-ctx.Done():
|
|
return nil, ctx.Err()
|
|
}
|
|
})
|
|
return tool.Invocation{
|
|
RunID: runID,
|
|
SessionToolFactory: func(_ tool.AgentSession) tool.SessionTools {
|
|
return tool.SessionTools{Tools: []llm.Tool{slow}}
|
|
},
|
|
}
|
|
}
|
|
|
|
func slowModel() llm.Model {
|
|
fp := fake.New("fake")
|
|
fp.Enqueue("m",
|
|
fake.ReplyWith(llm.Response{ToolCalls: []llm.ToolCall{{ID: "c1", Name: "slow", Arguments: []byte(`{}`)}}}),
|
|
fake.Reply("done"),
|
|
)
|
|
m, _ := fp.Model("m")
|
|
return m
|
|
}
|
|
|
|
// TestNoCritic_MaxRuntimeIsHardCap: the legacy contract is preserved — without a
|
|
// critic, MaxRuntime is a literal WithTimeout that kills a run whose work outlasts
|
|
// it. The slow tool (200ms) outlasts MaxRuntime (20ms), so runCtx cancels mid-tool
|
|
// and the run ends in error (timeout).
|
|
func TestNoCritic_MaxRuntimeIsHardCap(t *testing.T) {
|
|
m := slowModel()
|
|
ex := run.New(run.Config{
|
|
Registry: tool.NewRegistry(),
|
|
Models: func(ctx context.Context, _ string) (context.Context, llm.Model, error) { return ctx, m, nil },
|
|
})
|
|
res := ex.Run(context.Background(),
|
|
run.RunnableAgent{Name: "x", ModelTier: "m", MaxIterations: 5, MaxRuntime: 20 * time.Millisecond},
|
|
slowToolInvocation("r", 200*time.Millisecond), "go")
|
|
if res.Err == nil {
|
|
t.Fatalf("non-critic run should hard-timeout at MaxRuntime; got output=%q err=nil", res.Output)
|
|
}
|
|
}
|
|
|
|
// TestCriticOwnsDeadline_SurvivesPastMaxRuntime: the fix — when the critic owns the
|
|
// deadline (Ports.Critic set + Critic.Enabled), MaxRuntime becomes the SOFT trigger
|
|
// and is NOT a hard cap. The fake critic exposes no hard deadline (Deadline()==zero,
|
|
// no kill), so the only hard ceiling is CriticAbsoluteMax (10s here). The slow tool
|
|
// (200ms) outlasts the tiny MaxRuntime (20ms) but the run completes — proving the
|
|
// old agentexec two-tier semantics are restored.
|
|
func TestCriticOwnsDeadline_SurvivesPastMaxRuntime(t *testing.T) {
|
|
m := slowModel()
|
|
h := &fakeCriticHandle{} // Deadline()==zero → no hard deadline, no kill
|
|
ex := run.New(run.Config{
|
|
Registry: tool.NewRegistry(),
|
|
Models: func(ctx context.Context, _ string) (context.Context, llm.Model, error) { return ctx, m, nil },
|
|
Ports: run.Ports{Critic: &fakeCritic{h: h}},
|
|
Defaults: run.Defaults{CriticAbsoluteMax: 10 * time.Second},
|
|
})
|
|
res := ex.Run(context.Background(),
|
|
run.RunnableAgent{Name: "watched", ModelTier: "m", MaxIterations: 5, MaxRuntime: 20 * time.Millisecond,
|
|
Critic: run.CriticConfig{Enabled: true}},
|
|
slowToolInvocation("r", 200*time.Millisecond), "go")
|
|
if res.Err != nil {
|
|
t.Fatalf("critic-owned run must survive past MaxRuntime (soft trigger); got err=%v", res.Err)
|
|
}
|
|
if res.Output != "done" {
|
|
t.Errorf("output = %q, want %q", res.Output, "done")
|
|
}
|
|
}
|
|
|
|
// capturingCritic records the soft trigger the executor passes to Monitor.
|
|
type capturingCritic struct {
|
|
mu sync.Mutex
|
|
soft time.Duration
|
|
h run.CriticHandle
|
|
}
|
|
|
|
func (c *capturingCritic) Monitor(_ context.Context, _ run.RunInfo, soft time.Duration) run.CriticHandle {
|
|
c.mu.Lock()
|
|
c.soft = soft
|
|
c.mu.Unlock()
|
|
return c.h
|
|
}
|
|
|
|
// TestCriticSoftTriggerIsMaxRuntime: the soft trigger handed to the host critic is
|
|
// the run's resolved MaxRuntime (mort's two-tier model — the critic first wakes once
|
|
// the run exceeds its nominal budget), NOT the global Defaults.CriticSoftTimeout.
|
|
func TestCriticSoftTriggerIsMaxRuntime(t *testing.T) {
|
|
fp := fake.New("fake")
|
|
fp.Enqueue("m", fake.Reply("done"))
|
|
m, _ := fp.Model("m")
|
|
cc := &capturingCritic{h: &fakeCriticHandle{}}
|
|
ex := run.New(run.Config{
|
|
Registry: tool.NewRegistry(),
|
|
Models: func(ctx context.Context, _ string) (context.Context, llm.Model, error) { return ctx, m, nil },
|
|
Ports: run.Ports{Critic: cc},
|
|
Defaults: run.Defaults{CriticSoftTimeout: 90 * time.Second}, // distinct from MaxRuntime below
|
|
})
|
|
const wantSoft = 7 * time.Minute
|
|
ex.Run(context.Background(),
|
|
run.RunnableAgent{Name: "x", ModelTier: "m", MaxRuntime: wantSoft, Critic: run.CriticConfig{Enabled: true}},
|
|
tool.Invocation{RunID: "r"}, "go")
|
|
cc.mu.Lock()
|
|
got := cc.soft
|
|
cc.mu.Unlock()
|
|
if got != wantSoft {
|
|
t.Errorf("soft trigger = %v, want the agent's MaxRuntime %v (not Defaults.CriticSoftTimeout)", got, wantSoft)
|
|
}
|
|
}
|