charles/claude-hooks
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Packages 1 Wiki Activity Actions

fix(shutdown): tasks aborted during drain are marked status=success with no output #221

New issue
Closed
opened 2026-04-21 11:54:42 +00:00 by claude-desktop · 0 comments
claude-desktop commented 2026-04-21 11:54:42 +00:00
Collaborator
Copy link

Bug

When the service receives SIGTERM/SIGINT and runs the four-phase drain, any task that "naturally settles" inside phase 2 (drain budget) has its task_history.status set to success even when the SDK bailed because the HTTP listener closing triggered an indirect abort. The worker's promise resolves via the normal .then() path, so the task-store writer treats it as a success.

The symptom is a row with:

  • status = 'success'
  • turns = NULL
  • cost_usd = NULL
  • finished_at ≈ SIGTERM timestamp exactly

…and a matching pipeline row rendered with a green checkmark for work that never produced a commit or a PR. The operator can't tell the difference between "task succeeded in 2 minutes" and "task died silently during a restart."

Repro (2026-04-21 incident — #209, #210)

  1. #208 PR merged → propagator auto-assigned #209 / #210 to dev at 13:02:10/11.
  2. Dev agents started. Tasks e5bdebea (#209) and f0920b3b (#210) ran for ~120 s each.
  3. At 13:04:10 operator ran systemctl --user restart claude-hooks for an unrelated fix.
  4. Shutdown logs: [shutdown] task e5bdebea settled after 252ms, [shutdown] task f0920b3b settled after 252ms, [shutdown] all 2 task(s) drained cleanly + drained=2 force_aborted=0.
  5. task_history rows: both status=success, turns=NULL, cost_usd=NULL, finished_at=13:04:10 on the dot.
  6. Pipeline view rendered both issues with a green "implement" checkmark.
  7. Worktrees retained uncommitted changes (dev-2: warning: worktree has uncommitted changes from a previous dispatch on the next dispatch) — confirming the agent had started editing but never reached commit/push.

Acceptance criteria

Status accuracy

  • Any task that finalizes during the drain window and has turns = 0 / cost_usd = null / no recorded result SDK message is marked with a distinct status — proposed: interrupted (new value) rather than overloading cancelled (which today means /cancel from the operator).
  • Existing cancelled semantics are unchanged — operator-initiated cancels + phase-3 force-aborts stay on cancelled.
  • TaskStatus in packages/shared/src/task.ts (or wherever it lives) gets the new value. task-store.ts persistence switches on the shutdown flag.

Shutdown wiring

  • shutdown.ts sets a shutdown-in-progress flag observable to worker.ts. When a task settles while that flag is set and the SDK didn't emit a result message (i.e. the agent didn't finish producing output), the worker writes interrupted.
  • Phase-3 force-abort already marks cancelled with reason shutdown — keep that, or fold both paths into interrupted and drop the shutdown-reason column. Up to implementer — pick one, document in a code comment.

Pipeline rendering

  • pipeline.ts treats interrupted the same way it treats cancelled for stage rendering — not a green checkmark. The implement stage reverts to pending (or a new interrupted pill state if that reads clearer).
  • packages/shared/src/pipeline.ts exports the new stage state if one is introduced; <StagePill> in apps/web/src/components/stage-pill.tsx gets a matching visual (suggest reusing the stalled amber instead of inventing a new color).

Auto-recovery

  • On service boot, after container reconcile, scan task_history for rows whose status='interrupted' has not been followed by a subsequent completed task on the same issue. Log each as [recovery] issue #N has interrupted task <id> — consider re-dispatch. Do not auto-dispatch — the operator should decide (some tasks may have produced partial PRs worth reviewing first). Print a just redispatch-interrupted one-liner in the log so there's a clear next step.

Verification

  • Unit test in apps/server/src/shutdown.test.ts (or task-store.test.ts) — fires SIGTERM mid-task with a mocked worker, asserts task_history.status === 'interrupted'.
  • Manual: dispatch a long-running task, systemctl --user restart claude-hooks, inspect task_history — row should be interrupted, pipeline stage should NOT show green.

Out of scope

  • Automatic re-dispatch on reboot — the recovery step is a log hint + CLI one-liner, not a cron.
  • Changing the 60 s drain budget (shutdown.drain_ms) — orthogonal knob.
  • Persisting the partial worktree state across restarts — tasks already find their uncommitted changes on the next dispatch (the worker warned on this on 2026-04-21), which is enough.

References

  • apps/server/src/shutdown.ts — drain machinery.
  • apps/server/src/worker.ts — where task_history rows are written on task finalize.
  • apps/server/src/task-store.tsTaskRecord shape + persistence.
  • apps/server/src/pipeline.ts — stage-state derivation from task_history.status.
  • CLAUDE.md §"Graceful shutdown (issue #182)" — four-phase drain description (status-writing is not explicit today; this ticket makes it so).
  • 2026-04-21 incident: tasks e5bdebea-14d6-4358-b266-132e69037fe2 (#209) and f0920b3b-9cda-4811-920f-76602ad0a947 (#210) — evidence of the false-success classification.
## Bug When the service receives SIGTERM/SIGINT and runs the four-phase drain, any task that "naturally settles" inside phase 2 (drain budget) has its `task_history.status` set to **`success`** even when the SDK bailed because the HTTP listener closing triggered an indirect abort. The worker's promise resolves via the normal `.then()` path, so the task-store writer treats it as a success. The symptom is a row with: - `status = 'success'` - `turns = NULL` - `cost_usd = NULL` - `finished_at` ≈ SIGTERM timestamp exactly …and a matching pipeline row rendered with a green checkmark for work that never produced a commit or a PR. The operator can't tell the difference between "task succeeded in 2 minutes" and "task died silently during a restart." ## Repro (2026-04-21 incident — #209, #210) 1. `#208` PR merged → propagator auto-assigned `#209` / `#210` to dev at `13:02:10/11`. 2. Dev agents started. Tasks `e5bdebea` (#209) and `f0920b3b` (#210) ran for ~120 s each. 3. At `13:04:10` operator ran `systemctl --user restart claude-hooks` for an unrelated fix. 4. Shutdown logs: `[shutdown] task e5bdebea settled after 252ms`, `[shutdown] task f0920b3b settled after 252ms`, `[shutdown] all 2 task(s) drained cleanly` + `drained=2 force_aborted=0`. 5. `task_history` rows: both `status=success`, `turns=NULL`, `cost_usd=NULL`, `finished_at=13:04:10` on the dot. 6. Pipeline view rendered both issues with a green "implement" checkmark. 7. Worktrees retained uncommitted changes (`dev-2: warning: worktree has uncommitted changes from a previous dispatch` on the next dispatch) — confirming the agent had started editing but never reached commit/push. ## Acceptance criteria ### Status accuracy - [ ] Any task that finalizes during the drain window **and** has `turns = 0` / `cost_usd = null` / no recorded `result` SDK message is marked with a distinct status — proposed: `interrupted` (new value) rather than overloading `cancelled` (which today means `/cancel` from the operator). - [ ] Existing `cancelled` semantics are unchanged — operator-initiated cancels + phase-3 force-aborts stay on `cancelled`. - [ ] `TaskStatus` in `packages/shared/src/task.ts` (or wherever it lives) gets the new value. `task-store.ts` persistence switches on the shutdown flag. ### Shutdown wiring - [ ] `shutdown.ts` sets a shutdown-in-progress flag observable to `worker.ts`. When a task settles while that flag is set **and** the SDK didn't emit a `result` message (i.e. the agent didn't finish producing output), the worker writes `interrupted`. - [ ] Phase-3 force-abort already marks `cancelled` with reason `shutdown` — keep that, or fold both paths into `interrupted` and drop the shutdown-reason column. Up to implementer — pick one, document in a code comment. ### Pipeline rendering - [ ] `pipeline.ts` treats `interrupted` the same way it treats `cancelled` for stage rendering — **not** a green checkmark. The implement stage reverts to `pending` (or a new `interrupted` pill state if that reads clearer). - [ ] `packages/shared/src/pipeline.ts` exports the new stage state if one is introduced; `<StagePill>` in `apps/web/src/components/stage-pill.tsx` gets a matching visual (suggest reusing the `stalled` amber instead of inventing a new color). ### Auto-recovery - [ ] On service boot, after container reconcile, scan `task_history` for rows whose `status='interrupted'` has not been followed by a subsequent completed task on the same issue. Log each as `[recovery] issue #N has interrupted task <id> — consider re-dispatch`. Do **not** auto-dispatch — the operator should decide (some tasks may have produced partial PRs worth reviewing first). Print a `just redispatch-interrupted` one-liner in the log so there's a clear next step. ### Verification - [ ] Unit test in `apps/server/src/shutdown.test.ts` (or `task-store.test.ts`) — fires SIGTERM mid-task with a mocked worker, asserts `task_history.status === 'interrupted'`. - [ ] Manual: dispatch a long-running task, `systemctl --user restart claude-hooks`, inspect `task_history` — row should be `interrupted`, pipeline stage should NOT show green. ## Out of scope - Automatic re-dispatch on reboot — the recovery step is a log hint + CLI one-liner, not a cron. - Changing the 60 s drain budget (`shutdown.drain_ms`) — orthogonal knob. - Persisting the partial worktree state across restarts — tasks already find their uncommitted changes on the next dispatch (the worker warned on this on 2026-04-21), which is enough. ## References - `apps/server/src/shutdown.ts` — drain machinery. - `apps/server/src/worker.ts` — where `task_history` rows are written on task finalize. - `apps/server/src/task-store.ts` — `TaskRecord` shape + persistence. - `apps/server/src/pipeline.ts` — stage-state derivation from `task_history.status`. - `CLAUDE.md` §"Graceful shutdown (issue #182)" — four-phase drain description (status-writing is not explicit today; this ticket makes it so). - 2026-04-21 incident: tasks `e5bdebea-14d6-4358-b266-132e69037fe2` (#209) and `f0920b3b-9cda-4811-920f-76602ad0a947` (#210) — evidence of the false-`success` classification.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
chore/sync-pre-push-from-forge-base
fix/flows-yaml-dispatch-identity
feat/board-tap-to-assign
dev/1107
code-lead/1106
code-lead/1108
dev/1104
code-lead/1103
code-lead/1080
dev/1087
feat/flows-yaml-ci-events
chore/board-drop-stalled-and-density-controls
fix/flows-yaml-routes-always-register
flows-yaml/api-defaults
dev/1023
fix/event-log-history-bleed
fix/janitor-fix-ci-logs-and-cap
dev/1022
fix/board-card-provider
code-lead/1036
dev/1025
code-lead/1020
dev/1017
code-lead/1026
feat/web-shortcut-registry-1018
dev/1015
code-lead/1009
code-lead/1008
dev/975
dev/969
dev/973
dev/967
code-lead/968
code-lead/953
dev/970
dev/976
code-lead/966
code-lead/956
code-lead/951
dev/962
dev/963
dev/977
dev/955
dev/983
dev/961
dev/974
code-lead/950
code-lead/939
dev/941
dev/940
dev/937
dev/938
dev/936
dev/935
feat/web-i18n-fr-locale
feat/spec-editor-ui-polish
chore/drop-legacy-compat
fix/skills-drop-preview-pane
fix/882-skills-safety-rail
dev/911
dev/909
dev/923
dev/917
dev/915
feat/879-sr11-m2-drop-legacy-skill
code-lead/873
dev/881
code-lead/869
dev/867
code-lead/845
code-lead/843
code-lead/844
dev/837
dev/861
dev/849
code-lead/837
code-lead/842
fix/dedup-rebase-inflight
dev/838
code-lead/847
dev/833
code-lead/848
pr/838
code-lead/841
feat/settings-save-bar/836
code-lead/840
dev/846
code-lead/839
dev/832
fix/board-sse-stale-cache
dev/834
dev/835
feat/settings-breadcrumbs
feat/forge-oauth-credentials
refactor/service-config-consolidation
feat/agent-tokens-to-secrets
feat/gitlab-oauth-to-db
feat/authelia-rip-and-voice-fixes
fix/rebase-storm-and-dead-letter
code-lead/797
code-lead/796
dev/811
code-lead/798
dev/810
code-lead/795
dev/808
code-lead/794
dev/805
dev/802
dev/803
feat/avatar-menu-settings-entry
feat/per-agent-token-tracking
dev/793
dev/747
dev/752
code-lead/790
code-lead/759
dev/756
dev/760
dev/741
dev/767
dev/740
dev/709
dev/644
dev/637
boss/614
dev/600
dev/611
dev/585
fix/login-bonus-fixes
boss/544
dev/542
refactor/api-prefix-and-session-gate
dev/489
boss/531
boss/518
dev/499
boss/516
dev/530
dev/517
dev/519
dev/515
dev/522
dev/503
dev/471
boss/329
dev/417
dev/418
dev/402
boss/327
dev/334
dev/332
boss/326
boss/325
dev/331
boss/324
boss/323
boss/322
dev/294
test/s11-task-analytics
dev/262
boss/270
dev/268
foreman/ui-consolidation-spec
dev/234
boss/196
boss/176
boss/164
fix/124-session-persist-bind
boss/52
dev/87
boss/73
dev/77
dev/81
dev/82
boss/79
dev/42
dev/35
boss/7
No results found.
Labels
Clear labels   
area:agents
Agent types, pool scheduling, per-instance config

  
area:dashboard
Dashboard UI and observability surfaces

  
area:database
DB layer — schema, migrations, ORM, raw SQL

  
area:design
UI/UX mockup work — routes to designer agent

  
area:design-review
Design review dispatch — routes to design-reviewer agent

  
area:flows
Flow runner — YAML loader, executor, op registry, expression eval

  
area:infra
Deployment, isolation, containers, systemd units

  
area:meta
Tracking, scaffolding, project setup

  
area:security
Security — routes to reviewer-security (opus)

  
area:sessions
Session-id store, Claude SDK resume logic

  
area:webhook
Forgejo webhook routing and handlers

  
area:workdir
Clone cache, worktrees, git identity

  
security
Security-sensitive issue

  
type:bug
Bug

  
type:chore
Chore

  
type:meta
Tracking or decisions, not implementation work

  
type:user-story
User story

No labels
area:agents
area:dashboard
area:database
area:design
area:design-review
area:flows
area:infra
area:meta
area:security
area:sessions
area:webhook
area:workdir
security
type:bug
type:chore
type:meta
type:user-story
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
code-lead
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
charles/claude-hooks#221
No description provided.