UN-3608 [FEAT] PG Queue 9i — executor async/callback path on PG (self-chained continuations)#2097
UN-3608 [FEAT] PG Queue 9i — executor async/callback path on PG (self-chained continuations)#2097muhammad-ali-e merged 4 commits intofeat/UN-3445-pg-queue-integrationZipstack/unstract:feat/UN-3445-pg-queue-integrationfrom UN-3608-pg-queue-executor-callbackZipstack/unstract:UN-3608-pg-queue-executor-callbackCopy head branch name to clipboard
Conversation
…-chained continuations) Migrate the executor RPC's async/callback path off Celery onto the PG queue, completing the executor-transport migration (the blocking path landed in 9h-c). - dispatch_async / dispatch_with_callback now route PG-vs-Celery per call via the single pg_queue_enabled flag (was always Celery). Backend + workers. - §5 fire-and-forget self-chaining: on_success/on_error Celery Signatures are translated to serialisable ContinuationSpecs carried in the payload; after the executor runs execute_extraction the consumer self-chains the matching continuation onto the callback queue (result prepended on success, dispatch task_id on error), acking regardless to avoid an LLM double-spend. - New gated worker-pg-ide-callback consumer drains the ide_callback queue (Prompt Studio run/index/extract, lookups). Compose profile pg-queue. - ContinuationSpec + on_success/on_error/task_id added to the shared TaskPayload wire contract (unstract.core). Zero-regression: every new path is gated and fails closed to Celery; gate OFF is byte-identical to the prior Celery behaviour. Call sites unchanged — they keep passing Celery Signatures; the dispatcher translates only on the PG branch. Tests: payload set/unset, signature->spec translation, consumer self-chain success/error + enqueue-failure guard, routing gate (backend + workers). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
muhammad-ali-e
left a comment
There was a problem hiding this comment.
Automated PR review — PG Queue 9i (executor async/callback path)
Ran the PR Review Toolkit (code-reviewer, silent-failure-hunter, type-design-analyzer, pr-test-analyzer, comment-analyzer, code-simplifier) over ab80a494..7afc6d19. Overall the implementation is well-structured and unusually well-commented, and the happy-path test coverage is solid. The inline comments below are the deduplicated findings, prioritised.
Critical (1): the early-drop branches (malformed / poison / unknown-task) never chain on_error, so a dispatch_with_callback caller hangs forever with no user-facing error.
Important (5): the reply_key XOR callback invariant is documented but unenforced; the PG on_error callback can't recover the real executor error via AsyncResult; success-result self-chaining and the backend producer don't JSON-coerce callback payloads (silent drop / insert error on UUID/datetime); _signature_to_spec accepts an empty task_name and silently drops positional callback args.
Suggestions: _DispatchHandle + _signature_to_spec are duplicated byte-for-byte across backend/workers; returned ExecutionResult(success=False) routes to on_success; over-broad swallow in _continuation_org; consumer helpers re-widen typed payloads to bare dict; minor comment/jargon polish.
Test gaps (no inline anchor — the branches aren't in this diff): add coverage for on_error firing on the drop branches, the both-keys-present precedence, and dispatch_async/dispatch_with_callback enqueue-failure propagation.
| reply_key, | ||
| ) | ||
| return | ||
| if on_error: |
There was a problem hiding this comment.
Critical — on_error callback dropped on the early-drop branches. This new block correctly self-chains on_error when the run raises, but the three early-drop branches above — malformed payload, poison/max_attempts exceeded, and unknown/unregistered task — only call _fail_reply(reply_key, ...) and then delete(). For a dispatch_with_callback message (no reply_key, has on_error) those branches delete the row and never chain on_error. A poison executor task is exactly the realistic failure mode, and it's the case where the user most needs the error surfaced; instead the HTTP-202 caller waits on a WebSocket error event that never arrives (run appears to hang, no terminal state). This is asymmetric with the reply_key path, which does fail those branches.
Fix: in each early-drop branch, in addition to _fail_reply, chain the error continuation when present, e.g. a helper _fail_dispatch(payload, error=...) that does _fail_reply(reply_key, ...) and if on_error: self._chain_continuation(on_error, prepend=payload.get('task_id') or '', payload=payload) before the delete(). Add tests for the unknown-task / poison / malformed cases with on_error set.
There was a problem hiding this comment.
Fixed (42862651b). Added a shared _fail_dispatch(payload, error=...) used by the run-raised path and all three early-drop branches (malformed / poison / unknown task), so a dispatch_with_callback failure always self-chains on_error. Tests cover all three drop branches with on_error set.
| # regardless — same anti-double-spend reasoning as reply_key (a | ||
| # vt-redelivery would re-run the executor / re-spend LLM tokens). | ||
| # _chain_continuation is best-effort, so the ack never wedges. | ||
| self._chain_continuation( |
There was a problem hiding this comment.
Important — PG on_error loses the real executor error text. prepend=payload.get('task_id') hands the callback (e.g. ide_index_error) the dispatch task_id as failed_task_id, but that callback resolves the actual message via AsyncResult(failed_task_id, app=app).result. On the PG path the executor ran eagerly via task.apply and never wrote to a Celery result backend under that id, so AsyncResult(...).result is empty and the callback degrades to its generic default error string. Parity is structural (right positional shape) but not behavioural — the real error is dropped.
Fix: the consumer has the exception in hand at the failure branch — carry the real error text into the on_error continuation (e.g. prepend f"{type(exc).__name__}: {exc}", or pass it via the continuation kwargs), or store the error under task_id in a backend the callback can read.
There was a problem hiding this comment.
Fixed (42862651b). The consumer now carries the real error text into callback_kwargs['error'], and _get_task_error prefers it over the (empty-on-PG) AsyncResult lookup. Test asserts RuntimeError: boom reaches the on_error continuation.
| # Async/callback: self-chain the success continuation onto the callback | ||
| # queue before the ack — the §5 hand-off (PG analogue of Celery's link). | ||
| # Best-effort (never raises): a chain failure logs + still acks, so the | ||
| # executor is not re-run (LLM double-spend); the callback is lost. |
There was a problem hiding this comment.
Important — success callback silently dropped on non-JSON-safe results. prepend=eager.result is enqueued as args=[eager.result]; client.send serialises with plain json.dumps(message) (no default=str). An executor result dict containing a UUID/datetime — exactly the kind of payload these results carry — makes json.dumps raise TypeError, which _chain_continuation's broad except swallows ("FAILED to self-chain"), so the success callback and its user-facing WebSocket event are lost. The Celery path serialises via its configured serializer and has no such gap.
Fix: JSON-coerce the prepended result before enqueuing (mirror backend/pg_queue/producer.py:_json_safe), or give client.send's json.dumps a default=str.
There was a problem hiding this comment.
Fixed (42862651b). Added _json_safe (json round-trip with default=str) applied to the prepended value in _chain_continuation. Test uses a task returning a datetime and asserts the chained arg is coerced + plain-json serialisable.
| message.msg_id, | ||
| reply_key, | ||
| ) | ||
| elif on_success: |
There was a problem hiding this comment.
Suggestion — a returned ExecutionResult(success=False) chains on_success. The success/error split keys purely on whether task.apply(...) raised, but execute_extraction can return a failed ExecutionResult (success=False, via ExecutionResult.failure(...)) without raising. That takes this elif on_success branch and chains the success continuation with a failure payload; on_error never fires. This matches Celery semantics (link_error also only fires on raised exceptions), so it's parity rather than a regression — but given the user-facing impact, either inspect eager.result.success is False and route to on_error, or add a comment documenting that returned-failure deliberately follows the success path, so a future reader doesn't mistake it for the drop-branch bug above.
There was a problem hiding this comment.
Documented (42862651b). Added a comment on the elif on_success branch: "success" == did-not-raise (Celery link parity); a returned failed ExecutionResult deliberately follows on_success — distinct from the drop-branch bug above.
| self._result_backend = PgResultBackend() | ||
| self._result_backend.store_result(reply_key, result=result, error=error) | ||
|
|
||
| def _chain_continuation(self, spec: dict, *, prepend: object, payload: dict) -> None: |
There was a problem hiding this comment.
Suggestion — restore the typed contract at the consumer boundary. _chain_continuation(self, spec: dict, *, prepend, payload: dict) re-widens to bare dict, discarding the new ContinuationSpec / TaskPayload types the PR added precisely for these shapes. A key rename across the producer↔consumer boundary (e.g. task_name → name) wouldn't be caught by the type checker. Annotate spec: ContinuationSpec, payload: TaskPayload (imports already available in this tree).
There was a problem hiding this comment.
Fixed (42862651b). _chain_continuation(spec: ContinuationSpec, *, payload: TaskPayload, ...) and _continuation_org(payload: TaskPayload) now carry the real types.
| if reply_key is not None: | ||
| message["reply_key"] = reply_key | ||
| if on_success is not None: | ||
| message["on_success"] = on_success |
There was a problem hiding this comment.
Important — on_success/on_error bypass _json_safe. args/kwargs go through _json_safe(...) above (lines 96-97), but the continuation specs (each with a nested kwargs dict) are written into the JSONField verbatim. If a callback's kwargs carry a UUID/datetime, PgQueueMessage.objects.create raises at insert time — and unlike the worker path this is caller-visible at dispatch. Fix: message["on_success"] = _json_safe(on_success) (and likewise on_error).
There was a problem hiding this comment.
Fixed (42862651b). message['on_success'] = _json_safe(on_success) (and on_error). Test passes a UUID in callback_kwargs and asserts it's coerced.
| "PG self-chaining routes by the row's queue and cannot default it" | ||
| ) | ||
| return ContinuationSpec( | ||
| task_name=sig.task, |
There was a problem hiding this comment.
Important — _signature_to_spec validates queue but not task, and silently drops positional args. Two gaps with the same fail-fast philosophy already applied to queue:
task_name=sig.taskis read with no guard. Ifsig.taskis empty/None(a malformed signature), the continuation enqueues with a falsytask_nameand is dropped far downstream as "malformed payload: missing task_name" — a lost callback with a misleading log. Addif not getattr(sig, 'task', None): raise ValueError(...).ContinuationSpechas noargs, and onlysig.kwargsis read. A CelerySignaturemay carry positionalargs; on the PG branch they're silently dropped, so the callback runs with a different arg list than on Celery — violating the "call sites unchanged" contract. Today's call sites are kwargs-only (latent), but make it loud:if getattr(sig, 'args', None): raise ValueError("callback signature has positional args; PG self-chaining supports kwargs only").
There was a problem hiding this comment.
Fixed (42862651b, in the now-shared unstract.core.execution_dispatch). Guards both: raises on a falsy task, and raises on positional args (kwargs-only callbacks). Tests for each.
| _DEFAULT_TIMEOUT = 3600 | ||
|
|
||
|
|
||
| class _DispatchHandle: |
There was a problem hiding this comment.
Suggestion — _DispatchHandle and _signature_to_spec are duplicated byte-for-byte with backend/pg_queue/executor_rpc.py. Both files now carry identical copies of this class and the _signature_to_spec helper (and near-identical dispatch_async/dispatch_with_callback bodies). The new translation logic — especially the correctness-bearing "fail fast on missing queue" rule — can now drift silently between the two copies. ContinuationSpec/PgTaskStatus were hoisted into unstract.core for exactly this reason; _DispatchHandle and _signature_to_spec (no Django/worker deps) belong there too. Import both copies from one shared definition.
There was a problem hiding this comment.
Done — extracted DispatchHandle + signature_to_continuation into unstract.core.execution_dispatch (commit 0f8b57151); both mirrors import them and the duplicated TestSignatureToSpec is gone in favour of one shared test. (Full mirror retirement remains UN-3607.)
| the prompt-studio call sites keep passing Celery ``Signature``s unchanged and | ||
| the dispatcher translates them only on the PG branch. | ||
|
|
||
| The consumer prepends the chained argument the callback expects (the executor |
There was a problem hiding this comment.
Suggestion — "before kwargs" is slightly misleading. _chain_continuation passes the chained value as a separate positional args=[prepend] list and kwargs as a distinct mapping — they aren't concatenated into one positional sequence, so "before kwargs" reads as if kwargs were positional. Reword to e.g.: "… passes the chained argument as the callback's first positional arg, alongside the spec's kwargs — mirroring how Celery's link prepends the parent task's return value."
There was a problem hiding this comment.
Fixed (42862651b). Reworded to '… passes the chained value as the callback's first positional arg, alongside the spec's kwargs as a distinct mapping …'.
| # IDE callback consumer (③c) — drains the ``ide_callback`` queue the executor | ||
| # self-chains onto for async/callback dispatch (Prompt Studio run/index/extract, | ||
| # lookups). Registers the ide_callback worker's tasks (ide_prompt_complete, | ||
| # ide_index_complete, extraction_complete, …). Dark until dispatch_with_callback |
There was a problem hiding this comment.
Suggestion — "Dark" is jargon for a compose file. Clear to the authors (idle / no traffic) but opaque to an operator scanning services. Suggest: "Idle (receives no work) until dispatch_with_callback routes to PG, i.e. the gating flag is on". Also worth confirming: the sibling worker-pg-callback/worker-pg-scheduler declare depends_on: rabbitmq; this service doesn't. Likely fine since ide_callback tasks only do API writes + ws emits, but verify none dispatch onward to a Celery broker.
There was a problem hiding this comment.
Fixed (42862651b). Reworded 'Dark' → 'Idle (receives no work) until …'. Confirmed no broker dep needed: grepped ide_callback/tasks.py — no .delay/.apply_async/send_task/signature/chord; these callbacks only do API writes + ws emits. Added that note to the compose comment.
…ct.core Cuts the new-code duplication SonarCloud flagged on the backend/workers executor_rpc.py mirror by moving the two genuinely transport-agnostic pieces of the async/callback path into unstract.core (alongside ContinuationSpec): - DispatchHandle (the .id-only AsyncResult duck-type) - signature_to_continuation (Celery Signature -> ContinuationSpec) Both mirrors now import them instead of redefining; the duplicated TestSignatureToSpec is removed from both test suites in favour of one shared test. The dispatch_async/dispatch_with_callback method bodies stay mirrored (they genuinely differ by transport — Django ORM vs psycopg2); retiring that residue is the separate shared-package follow-up (UN-3607). No behaviour change: pure code movement, gate and contract unchanged. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
SonarCloud duplication on new code — addressed ( Most of the flagged duplication is the intentional backend ↔ workers But I've cut the new-code slice now by lifting the two genuinely transport-agnostic helpers I added into
Both mirrors import them instead of redefining, and the duplicated No behaviour change: pure code movement, gate + contract unchanged. Backend (20) + workers (28) executor-RPC suites green; ruff/pre-commit clean. |
… json-safety, guards Toolkit review on #2097: - Critical: chain on_error on the early-drop branches too (malformed / poison / unknown task), via a shared _fail_dispatch — a dispatch_with_callback failure always reaches its on_error callback, not only when the task body raised. - Carry the real error text to on_error via callback_kwargs['error'] (PG has no Celery AsyncResult for the callback to recover it from); error callbacks prefer it. - JSON-coerce the self-chained prepend (UUID/datetime in an executor result no longer makes client.send's plain json.dumps raise and silently drop the callback). - Enforce the reply_key XOR on_success/on_error invariant in to_payload + enqueue_task. - _json_safe the continuation specs in the backend producer. - signature_to_continuation: guard task name + reject positional-arg callbacks. - Restore ContinuationSpec/TaskPayload types at the consumer boundary; drop the over-broad except in _continuation_org; document the returned-failure->on_success parity; reword the ContinuationSpec doc and the compose "Dark" comment. Tests for every fix. Backend 35, workers 76 green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Review round addressed — Critical
Important
Suggestions
Tests added for every fix. Backend 35, workers 76 green; ruff/pre-commit clean. SonarCloud new-code duplication cut by the extraction (net −34 there). |
|
| Filename | Overview |
|---|---|
| workers/queue_backend/pg_queue/consumer.py | Self-chaining (§5) added: success/error continuations are enqueued after task execution. The _fail_dispatch helper correctly surfaces errors on both the request-reply and on_error paths, but the exception-handler log message incorrectly states the error was "surfaced via reply/on_error" for on_success-only dispatches where the failure is silently dropped. |
| unstract/core/src/unstract/core/execution_dispatch.py | New shared module: DispatchHandle (minimal AsyncResult duck-type) and signature_to_continuation (Celery Signature → ContinuationSpec). Fail-fast on missing task, missing queue, or positional args. Clean, no issues. |
| unstract/core/src/unstract/core/data_models.py | Adds ContinuationSpec TypedDict and on_success/on_error/task_id NotRequired fields to TaskPayload. Clean, backward-compatible wire format change. |
| backend/pg_queue/executor_rpc.py | dispatch_async and dispatch_with_callback added to PgExecutionDispatcher; RoutingExecutionDispatcher updated to gate both on pg_queue_enabled flag. No issues found. |
| workers/queue_backend/pg_queue/executor_rpc.py | Mirror of the backend PgExecutionDispatcher for the worker context. _enqueue refactored to keyword-only optional params; dispatch_async and dispatch_with_callback added. No issues. |
| workers/ide_callback/tasks.py | _get_task_error now takes an explicit parameter; call sites pass cb.get("error") so PG-path errors (no AsyncResult backend) are surfaced correctly. explicit is not None check applied per prior review. |
| docker/docker-compose.yaml | New worker-pg-ide-callback service on port 8100:8090 (no conflict with worker-pg-executor's 8099:8090). VT/health-stale vars set to 120/180s per prior review feedback. |
| backend/pg_queue/producer.py | enqueue_task extended with on_success/on_error/task_id; mutual exclusivity with reply_key validated; continuation specs JSON-coerced via _json_safe. No issues. |
| workers/queue_backend/pg_queue/task_payload.py | to_payload extended with on_success/on_error/task_id; mutual exclusivity check mirrors the backend producer. Clean. |
| workers/tests/test_pg_queue_consumer.py | TestSelfChain covers success/error self-chaining, early-drop on_error delivery, non-JSON-safe result coercion, on_success-only failure ack, fallback-to-on_error on enqueue failure, and no-continuation fire-and-forget. Thorough. |
| workers/tests/test_executor_rpc.py | Comprehensive new tests for PG async/callback wiring and shared dispatch helpers. No issues. |
Sequence Diagram
%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
participant FE as Frontend
participant BE as Backend (dispatch_with_callback)
participant PGQ as pg_queue_message
participant EX as worker-pg-executor
participant CBQ as ide_callback queue
participant CB as worker-pg-ide-callback
participant WS as WebSocket
FE->>BE: Prompt Studio run/index/extract
BE->>PGQ: enqueue execute_extraction (on_success, on_error, task_id)
BE-->>FE: HTTP 202 (task_id via DispatchHandle.id)
EX->>PGQ: SKIP LOCKED claim
PGQ-->>EX: message (payload with on_success/on_error)
alt Task succeeds
EX->>EX: task.apply() → eager.result
EX->>CBQ: "_chain_continuation(on_success, prepend=result)"
EX->>PGQ: DELETE (ack)
alt on_success enqueue fails
EX->>CBQ: _fail_dispatch → _chain_continuation(on_error)
end
else Task raises
EX->>EX: task.apply() → Exception
EX->>CBQ: "_fail_dispatch → _chain_continuation(on_error, error=exc_str)"
EX->>PGQ: DELETE (ack — avoids LLM re-run)
end
CB->>CBQ: SKIP LOCKED claim
CBQ-->>CB: continuation payload (task_name, args, kwargs)
CB->>CB: ide_prompt_complete / ide_prompt_error
CB->>WS: emit event → Frontend
CB->>CBQ: DELETE (ack)
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
participant FE as Frontend
participant BE as Backend (dispatch_with_callback)
participant PGQ as pg_queue_message
participant EX as worker-pg-executor
participant CBQ as ide_callback queue
participant CB as worker-pg-ide-callback
participant WS as WebSocket
FE->>BE: Prompt Studio run/index/extract
BE->>PGQ: enqueue execute_extraction (on_success, on_error, task_id)
BE-->>FE: HTTP 202 (task_id via DispatchHandle.id)
EX->>PGQ: SKIP LOCKED claim
PGQ-->>EX: message (payload with on_success/on_error)
alt Task succeeds
EX->>EX: task.apply() → eager.result
EX->>CBQ: "_chain_continuation(on_success, prepend=result)"
EX->>PGQ: DELETE (ack)
alt on_success enqueue fails
EX->>CBQ: _fail_dispatch → _chain_continuation(on_error)
end
else Task raises
EX->>EX: task.apply() → Exception
EX->>CBQ: "_fail_dispatch → _chain_continuation(on_error, error=exc_str)"
EX->>PGQ: DELETE (ack — avoids LLM re-run)
end
CB->>CBQ: SKIP LOCKED claim
CBQ-->>CB: continuation payload (task_name, args, kwargs)
CB->>CB: ide_prompt_complete / ide_prompt_error
CB->>WS: emit event → Frontend
CB->>CBQ: DELETE (ack)
Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 1
workers/queue_backend/pg_queue/consumer.py:264-269
**Misleading "surfaced" log for on_success-only failures**
The log message fires for every `reply_key or on_success or on_error` branch, claiming the error was "surfaced via reply/on_error + acked". But when only `on_success` is set (`on_error` absent), `_fail_dispatch` is a no-op — no reply channel exists and nothing is chained. The executor message is correctly acked (to avoid an LLM re-run), but the failure is silently dropped from the caller's perspective. An operator debugging a hung prompt-studio session would see "surfaced via reply/on_error" and wrongly conclude the frontend was notified, derailing the investigation.
This case is explicitly tested and accepted as correct behavior, but the log should distinguish between the cases. Replace the single `logger.exception` with two messages: one for when `reply_key or on_error` is set (error was surfaced) and one for the on_success-only failure (acked silently, caller has no terminal event).
Reviews (2): Last reviewed commit: "UN-3608 [FIX] review round 2 — on_succes..." | Re-trigger Greptile
muhammad-ali-e
left a comment
There was a problem hiding this comment.
Second-pass review (PG executor async/callback path). The items from the first pass are genuinely addressed in 42862651. Two new correctness/silent-failure findings on the dispatch path below; the rest (latent type-design hardening, a docker-compose comment-vs-depends_on mismatch, and a critical test gap on _get_task_error's explicit-error precedence) are in the summary rather than posted inline.
| if reply_key: | ||
| # Record the failure so the waiting caller gets a definitive | ||
| # result instead of blocking to its timeout, then ACK. We do NOT | ||
| if reply_key or on_error: |
There was a problem hiding this comment.
Correctness — an on_success-only callback dispatch that raises falls through to vt-redelivery and re-runs the executor. The guard here is if reply_key or on_error:, but dispatch_with_callback(on_success=..., on_error=None) is a permitted shape: both kwargs default to None and signature_to_continuation(None) returns None, so an on_success-only callback payload is fully reachable. When such a dispatch's executor raises, this condition is false and control drops into the fire-and-forget branch below, leaving the row for vt-expiry redelivery — exactly the costly re-run (LLM double-spend) the comment on lines 252-258 says this path must avoid — and the caller never receives a terminal event.
Broaden the guard to if reply_key or on_success or on_error: so any reply/callback dispatch acks-on-failure rather than redelivering, or enforce in dispatch_with_callback that on_error is required whenever on_success is set.
There was a problem hiding this comment.
Fixed (ec16fefda). Broadened the failure guard to if reply_key or on_success or on_error: — an on_success-only callback dispatch that raises now ACKs instead of vt-redelivering (no executor re-run). Test: on_success-only + raise → delete called, not redelivered.
| # path — the on_success callback receives the failed result and renders | ||
| # it — exactly as on Celery. This is NOT the missing-on_error drop bug | ||
| # the early-drop branches handle. | ||
| self._chain_continuation(on_success, prepend=eager.result, payload=payload) |
There was a problem hiding this comment.
Silent failure — a failed on_success enqueue leaves the caller with no terminal event. On the success path _chain_continuation is best-effort and never raises: if the enqueue fails (transport/DB error, connection drop, a bad spec["queue"]), it logs and the executor message is acked with no fallback. Since the on_success callback (ide_index_complete / ide_prompt_complete / extraction_complete) is what emits the WebSocket event the prompt-studio UI blocks on after its 202, a dropped success continuation leaves the user with neither a success nor an error event — the session hangs indefinitely, after the LLM spend already occurred.
This is distinct from the now-fixed non-JSON-safe-result drop: _json_safe removes one cause of the enqueue raising, but a transport/DB failure still triggers the same silent drop with no recovery channel. Consider having _chain_continuation return whether it enqueued, and on a success-path failure fall back to _fail_dispatch(payload, error="result delivery failed; see worker logs") so the session still terminates. At minimum, carry run_id/task_id/org_id into the failure log so the stranded session is correlatable later.
There was a problem hiding this comment.
Fixed (ec16fefda). _chain_continuation now returns whether it enqueued; on a success-path enqueue failure we fall back to _fail_dispatch(payload, error='result delivery failed; see worker logs') so the caller gets a terminal on_error event instead of hanging. The failure log now carries run_id/task_id/org for correlation. Test asserts the on_error fallback fires when the on_success send fails.
…queue fallback, ide-callback vt - Correctness: broaden the failure guard to `reply_key or on_success or on_error` so an on_success-only callback dispatch that raises ACKs instead of falling through to vt-redelivery (which would re-run the executor / re-spend LLM tokens). - Silent failure: _chain_continuation now returns whether it enqueued; on a success-path enqueue failure, fall back to on_error so the HTTP-202 caller gets a terminal event instead of hanging. Failure log carries run_id/task_id/org. - ide_callback _get_task_error: `if explicit is not None` (don't discard an explicit "" error) — greptile. - worker-pg-ide-callback: set VT_SECONDS=120 / HEALTH_STALE=180 (overridable) so a slow internal-API write can't be re-claimed mid-run and double-emit — greptile. Tests: on_success-only-raise acks (no redelivery); success-enqueue-failure falls back to on_error. Workers self-chain + ide_callback green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
Review round 2 addressed —
Tests added for the two correctness fixes. Workers self-chain + ide_callback green. On the SonarCloud gate: new-code duplication is now 10.4% (was 30.5%) after lifting the shared helpers — the remainder is the backend↔workers |
46c53d1
into
feat/UN-3445-pg-queue-integration
|
What
Migrates the executor RPC's async/callback path off Celery onto the PG queue, completing the executor-transport migration (the blocking path landed in 9h-c). Targets the
feat/UN-3445-pg-queue-integrationbranch (notmain).Today
dispatch_with_callback(Prompt Studio run/index/extract, lookups) always rides Celerylink/link_error. This routes it through Postgres instead, via §5 fire-and-forget self-chaining: the executor consumer, after runningexecute_extraction, enqueues the continuation itself.How
dispatch_async/dispatch_with_callbacknow pick PG-vs-Celery per call via the singlepg_queue_enabledflag (same gate as the rest of the feature), in both backend and workersexecutor_rpc.py.on_success/on_errorCelerySignatures are translated to a serialisableContinuationSpec(task_name/kwargs/queue) carried in the task payload. After the executor runs, the consumer self-chains the matching continuation onto the callback queue: the result dict prepended on success, the dispatchtask_idon error (Celerylink_errorparity). It acks regardless of chain outcome — a vt-redelivery would re-run the executor (LLM double-spend); a chain failure is logged loud and best-effort.worker-pg-ide-callbackservice drains theide_callbackqueue (compose profilepg-queue).ContinuationSpec+on_success/on_error/task_idadded to the sharedTaskPayloadinunstract.core(all optional, set only when present).Zero-regression
Every new path is gated and fails closed to Celery. Gate OFF is byte-identical to the prior behaviour:
dispatch_with_callbackdelegates to the unchanged SDKExecutionDispatcher(send_task(..., link=, link_error=)), no continuation payload, no self-chain. Call sites are unchanged — they keep passing CelerySignatures; the dispatcher translates them only on the PG branch.Tests
signature → spectranslation (incl. missing-queue fail-fast)Dev-tested end-to-end (flag ON)
backend dispatch_with_callback → PG → worker-pg-executor execute_extraction → self-chain → worker-pg-ide-callback ide_prompt_complete → emit-websocket 200, output persisted— zero RabbitMQ. Non-regression confirmed with a flag ON/OFF A/B (identical behaviour).After this slice the executor transport is fully on PG; RabbitMQ can be decommissioned next.
🤖 Generated with Claude Code