ORCH-7: cleanup + hardening (M-4 dead code + M-2 graceful timeout) #4

Merged

admin merged 3 commits from feature/ORCH-7-hardening into main

2026-06-03 08:31:26 +03:00

Author	SHA1	Message	Date
Dev Agent	c167c6930d	test(launcher): watchdog graceful kill ordering + timeout config + M-4 removal Cover M-2: SIGTERM-before-SIGKILL ordering, graceful exit within grace skips SIGKILL, ProcessLookupError before SIGTERM is tolerated (no _record_kill), and _resolve_timeout per-agent override / default / malformed-JSON fallback. Cover M-4: _auto_merge_pr removed, _ensure_pr retained.	2026-06-03 08:28:09 +03:00
Dev Agent	49ecb48eb0	feat(launcher): graceful SIGTERM->SIGKILL + configurable agent timeout (M-2) The watchdog used to time.sleep(timeout) then immediately SIGKILL, which cut claude off mid-write and left half-written artifacts. It now sends SIGTERM, polls os.kill(pid, 0) for up to agent_kill_grace_seconds, and only SIGKILL if the process is still alive; ProcessLookupError is tolerated at every step. Timeout is now configurable via config.py: agent_timeout_seconds (default 1800), agent_kill_grace_seconds (default 20), and agent_timeout_overrides_json for per-agent overrides (e.g. {"reviewer": 3600}). AGENT_TIMEOUT is kept as a backward-compatible alias. The recorded exit_code stays -9 so the ORCH-1 monitor retry/fail logic is unchanged (timeout-kills classify as permanent and requeue within max_attempts, no retry loop).	2026-06-03 08:28:03 +03:00
Dev Agent	237732bc64	refactor(launcher): remove dead _auto_merge_pr (M-4) _auto_merge_pr had zero callers (merge is handled by the deployer agent). Removed the method; _ensure_pr (still used by the auto-advance path) is kept.	2026-06-03 08:27:52 +03:00

Author

SHA1

Message

Date

Dev Agent

c167c6930d

test(launcher): watchdog graceful kill ordering + timeout config + M-4 removal

Cover M-2: SIGTERM-before-SIGKILL ordering, graceful exit within grace skips
SIGKILL, ProcessLookupError before SIGTERM is tolerated (no _record_kill), and
_resolve_timeout per-agent override / default / malformed-JSON fallback.
Cover M-4: _auto_merge_pr removed, _ensure_pr retained.

2026-06-03 08:28:09 +03:00

Dev Agent

49ecb48eb0

feat(launcher): graceful SIGTERM->SIGKILL + configurable agent timeout (M-2)

The watchdog used to time.sleep(timeout) then immediately SIGKILL, which cut
claude off mid-write and left half-written artifacts. It now sends SIGTERM,
polls os.kill(pid, 0) for up to agent_kill_grace_seconds, and only SIGKILL if
the process is still alive; ProcessLookupError is tolerated at every step.

Timeout is now configurable via config.py: agent_timeout_seconds (default 1800),
agent_kill_grace_seconds (default 20), and agent_timeout_overrides_json for
per-agent overrides (e.g. {"reviewer": 3600}). AGENT_TIMEOUT is kept as a
backward-compatible alias. The recorded exit_code stays -9 so the ORCH-1
monitor retry/fail logic is unchanged (timeout-kills classify as permanent and
requeue within max_attempts, no retry loop).

2026-06-03 08:28:03 +03:00

Dev Agent

237732bc64

refactor(launcher): remove dead _auto_merge_pr (M-4)

_auto_merge_pr had zero callers (merge is handled by the deployer agent).
Removed the method; _ensure_pr (still used by the auto-advance path) is kept.

2026-06-03 08:27:52 +03:00

ORCH-7: cleanup + hardening (M-4 dead code + M-2 graceful timeout) #4

3 Commits