feat(cancel): STOP-status task cancellation + relaunch-hole close (ORCH-090)
Introduce the dedicated Plane STOP status as a single declarative task-cancel
mechanism: stop the active agent (graceful SIGTERM cascade), cancel all jobs
(terminal `cancelled`, never requeued), remove the worktree + delete the remote
feature branch (never main, never force-push), drive the task to the new
system-terminal state `cancelled` and tombstone the natural keys so a later
"To Analyse" re-creates it from scratch (docs artefacts preserved). STOP during a
critical merge/deploy window is deferred until the irreversible step finishes
honestly. Also closes the relaunch hole: handle_status_start relaunch is gated to
the `analysis` stage; the only pipeline-start entry point remains "To Analyse".
Cross-cutting (adr-0026): the "task terminal" predicate is widened {done} ->
{done, cancelled} in serial_gate / task_deps / stages sink + reaper/worker
requeue guards. STAGE_TRANSITIONS exit-gates / QG_CHECKS / check_* are unchanged
(`cancelled` is a sink, not a new edge). Additive, never-raise, restart-safe,
under kill-switch ORCH_STOP_STATUS_ENABLED (off -> zero regression).
New: src/cancel.py (leaf), src/gitea.py (delete_remote_branch), tasks columns
cancelled_at/cancel_requested_at, jobs status `cancelled`, GET /queue `stop` block.
Tests: tests/test_stop_status.py (TC-01..TC-14 + D7); full suite green (1345).
Docs updated in-PR (architecture README, CLAUDE.md, README.md, .env.example,
CHANGELOG). ADR-001 D4 refinement: plane_issue_id is tombstoned too (the lookup
ORs on it) — original UUID recoverable from the parseable suffix.
Refs: ORCH-090
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
orchestrator-deployer
@@ -605,6 +605,25 @@ class Settings(BaseSettings):
|
||||
serial_gate_repos: str = ""
|
||||
serial_gate_freeze_enabled: bool = True
|
||||
|
||||
# ORCH-090: STOP-status task cancellation (stop active agent + full progress
|
||||
# reset) and the relaunch-hole close. A new logical Plane key `stop` (fail-closed,
|
||||
# absent from _DEFAULT_STATES) routes to a cancel handler that drives the task to
|
||||
# the new system-terminal state `cancelled` (stage + durable). Additive,
|
||||
# never-raise, restart-safe; STAGE_TRANSITIONS / QG_CHECKS / check_* / existing
|
||||
# status semantics are NOT touched. See
|
||||
# docs/work-items/ORCH-090/06-adr/ADR-001-stop-cancel-task.md and the cross-cutting
|
||||
# docs/architecture/adr/adr-0026-stop-cancel-task.md.
|
||||
# stop_status_enabled -> kill-switch (env ORCH_STOP_STATUS_ENABLED). False ->
|
||||
# STOP handling AND the relaunch-hole gate are inert
|
||||
# (behaviour strictly as before ORCH-090 — zero
|
||||
# regression, AC-8).
|
||||
# stop_status_repos -> CSV scope (env ORCH_STOP_STATUS_REPOS). Empty -> applies
|
||||
# to ALL repos (cancellation is meaningful for enduro too);
|
||||
# non-empty -> only the listed repos. Tokens are sanitised
|
||||
# (^[A-Za-z0-9._-]+$) by the cancel leaf.
|
||||
stop_status_enabled: bool = True
|
||||
stop_status_repos: str = ""
|
||||
|
||||
# ORCH-073 (ADR-001 Р-4): main-integrity regression guard. After the merge-verify
|
||||
# under-gate confirms the deployed SHA is an ancestor of origin/main (FR-1), a
|
||||
# secondary deterministic (no-LLM) guard checks that a declarative set of markers
|
||||
|
||||
Reference in New Issue
Block a user