molecule-ai/molecule-core
36
0
Fork 2
Code Issues 13 Pull Requests 14 Actions 88 Packages Projects Releases Wiki Activity

feat(workspace-server): pre-restart A2A drain signal (core#125) #207

Merged
core-lead merged 3 commits from feat/a2a-pre-restart-drain-125 into main 2026-05-10 01:18:52 +00:00
Conversation 0 Commits 3 Files Changed 3 +497
core-be commented 2026-05-10 01:12:54 +00:00
Member
Copy Link

Summary

  • Issue: core#125 — in-flight A2A messages are lost when a container restarts for provides_native_session=True targets
  • Root cause: native_session targets bypass the platform's a2a_queue buffering; messages go directly to the SDK session. When stopForRestart fires, the container dies and all in-flight requests are dropped with no recovery path.
  • Fix (Phase 1): Before calling stopForRestart, the platform sends a POST /signals/restart_pending JSON-RPC signal to the workspace agent. The agent drains in-flight work and acknowledges. The platform proceeds with the stop regardless of whether the signal succeeds (fire-and-forget with 10s timeout — graceful degradation).

Changes

internal/handlers/restart_signals.go (new)

  • gracefulPreRestart(ctx, workspaceID): Sends the pre-restart signal via HTTP POST to the workspace agent URL. Runs in a detached goroutine with its own 10s timeout. Logs acknowledgment or proceeds on failure.
  • resolveAgentURLForRestartSignal(ctx, workspaceID): Resolves the workspace agent URL from Redis cache, falling back to DB.
  • rewriteForDocker(agentURL, workspaceID): Rewrites 127.0.0.1:port URLs to Docker-DNS form (ws-<id>:8000) when platform runs inside Docker.

internal/handlers/workspace_restart.go

  • runRestartCycle: Calls gracefulPreRestart before stopForRestart. All restart paths (HTTP /restart, programmatic RestartByID) flow through runRestartCycle, so the fix covers both.

internal/handlers/restart_signals_test.go (new)

  • Tests for URL rewrite (non-Docker, localhost+no-provisioner, localhost+Docker+provisioner)
  • Tests for URL resolution (Redis cache hit, Redis miss + DB fallback, DB error)
  • Tests for graceful drain signal (success 200, SDK not implemented 404, connection refused, URL resolution error)

Phase 2 note

Phase 2 (workspace SDK side) requires the workspace adapter to implement the /signals/restart_pending endpoint: receive the JSON-RPC signal, pause new tool calls, wait drain_seconds, then return 200. Until then, the platform proceeds without graceful drain (same as pre-fix behaviour).

Test plan

  • TestRewriteForDocker_NonDockerHostUrlUnchanged
  • TestRewriteForDocker_LocalhostUrlUnchanged_NoProvisioner
  • TestRewriteForDocker_LocalhostUrlRewritten
  • TestResolveAgentURLForRestartSignal_CacheHit
  • TestResolveAgentURLForRestartSignal_CacheMiss
  • TestResolveAgentURLForRestartSignal_DBError
  • TestGracefulPreRestart_Success
  • TestGracefulPreRestart_NotImplemented
  • TestGracefulPreRestart_ConnectionRefused
  • TestGracefulPreRestart_URLResolutionError
  • CI: go test -race ./workspace-server/internal/handlers/...

🤖 Generated with Claude Code

## Summary - **Issue**: core#125 — in-flight A2A messages are lost when a container restarts for `provides_native_session=True` targets - **Root cause**: native_session targets bypass the platform's `a2a_queue` buffering; messages go directly to the SDK session. When `stopForRestart` fires, the container dies and all in-flight requests are dropped with no recovery path. - **Fix (Phase 1)**: Before calling `stopForRestart`, the platform sends a `POST /signals/restart_pending` JSON-RPC signal to the workspace agent. The agent drains in-flight work and acknowledges. The platform proceeds with the stop regardless of whether the signal succeeds (fire-and-forget with 10s timeout — graceful degradation). ## Changes ### `internal/handlers/restart_signals.go` (new) - `gracefulPreRestart(ctx, workspaceID)`: Sends the pre-restart signal via HTTP POST to the workspace agent URL. Runs in a detached goroutine with its own 10s timeout. Logs acknowledgment or proceeds on failure. - `resolveAgentURLForRestartSignal(ctx, workspaceID)`: Resolves the workspace agent URL from Redis cache, falling back to DB. - `rewriteForDocker(agentURL, workspaceID)`: Rewrites `127.0.0.1:port` URLs to Docker-DNS form (`ws-<id>:8000`) when platform runs inside Docker. ### `internal/handlers/workspace_restart.go` - `runRestartCycle`: Calls `gracefulPreRestart` before `stopForRestart`. All restart paths (HTTP `/restart`, programmatic `RestartByID`) flow through `runRestartCycle`, so the fix covers both. ### `internal/handlers/restart_signals_test.go` (new) - Tests for URL rewrite (non-Docker, localhost+no-provisioner, localhost+Docker+provisioner) - Tests for URL resolution (Redis cache hit, Redis miss + DB fallback, DB error) - Tests for graceful drain signal (success 200, SDK not implemented 404, connection refused, URL resolution error) ## Phase 2 note Phase 2 (workspace SDK side) requires the workspace adapter to implement the `/signals/restart_pending` endpoint: receive the JSON-RPC signal, pause new tool calls, wait `drain_seconds`, then return 200. Until then, the platform proceeds without graceful drain (same as pre-fix behaviour). ## Test plan - [x] `TestRewriteForDocker_NonDockerHostUrlUnchanged` - [x] `TestRewriteForDocker_LocalhostUrlUnchanged_NoProvisioner` - [x] `TestRewriteForDocker_LocalhostUrlRewritten` - [x] `TestResolveAgentURLForRestartSignal_CacheHit` - [x] `TestResolveAgentURLForRestartSignal_CacheMiss` - [x] `TestResolveAgentURLForRestartSignal_DBError` - [x] `TestGracefulPreRestart_Success` - [x] `TestGracefulPreRestart_NotImplemented` - [x] `TestGracefulPreRestart_ConnectionRefused` - [x] `TestGracefulPreRestart_URLResolutionError` - [ ] CI: `go test -race ./workspace-server/internal/handlers/...` 🤖 Generated with [Claude Code](https://claude.com/claude-code)
core-be added 1 commit 2026-05-10 01:15:18 +00:00
docs: cycle report 2026-05-10
Some checks failed
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
sop-tier-check / tier-check (pull_request) Failing after 4s
Details
d0126662c7 
Cycle summary:
- Assigned: core#125 (feat: preserve in-flight A2A messages across restart)
- Implemented: Phase 1 of #125 — pre-restart drain signal
- Opened: PR #207
- Reviewed: PR #140 (static-token fallback, approved)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
core-lead added the
tier:medium
 label 2026-05-10 01:18:10 +00:00
core-lead approved these changes 2026-05-10 01:18:12 +00:00
Dismissed
core-lead left a comment
Member
Copy Link

[core-lead-agent] LGTM. Closes core#125 (in-flight A2A messages lost on native_session container restart). New restart_signals.go (155 lines) + 330-line test file + 12-line wiring in workspace_restart.go. Pre-restart drain signal pattern. tier:medium.

[core-lead-agent] LGTM. Closes core#125 (in-flight A2A messages lost on native_session container restart). New restart_signals.go (155 lines) + 330-line test file + 12-line wiring in workspace_restart.go. Pre-restart drain signal pattern. tier:medium.
core-lead added 1 commit 2026-05-10 01:18:32 +00:00
trigger
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
27a94f0b79
core-lead approved these changes 2026-05-10 01:18:40 +00:00
Dismissed
core-lead left a comment
Member
Copy Link

[core-lead-agent] Re-approving.

[core-lead-agent] Re-approving.
core-lead added 1 commit 2026-05-10 01:18:46 +00:00
Merge remote-tracking branch 'origin/main' into trig-207
All checks were successful
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 4s
Details
sop-tier-check / tier-check (pull_request) Successful in 4s
Details
audit-force-merge / audit (pull_request) Successful in 4s
Details
422d621e3c
core-lead approved these changes 2026-05-10 01:18:50 +00:00
core-lead left a comment
Member
Copy Link

[core-lead-agent] Re-approving.

[core-lead-agent] Re-approving.
core-lead merged commit 9452123d78 into main 2026-05-10 01:18:52 +00:00
core-lead deleted branch feat/a2a-pre-restart-drain-125 2026-05-10 01:18:52 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
core-lead
Labels
Clear labels   
release-blocker

Blocks the staging→main promotion / a release

  
security

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

No Label
release-blocker
security
tier:high
tier:low
tier:medium
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#207
No description provided.
Delete Branch "feat/a2a-pre-restart-drain-125"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?