1.8 KiB
1.8 KiB
Pipeline Policies and Lifecycle Hooks
Why this exists
PipelineExecutor previously handled DAG traversal, failure heuristics, state persistence, and domain-event emission in one execution loop. This made behavior harder to isolate and test.
Current structure
FailurePolicy(src/agents/failure-policy.ts)- Owns hard vs soft failure classification.
- Determines whether a sequence of hard failures should abort execution.
PersistenceLifecycleObserver(src/agents/lifecycle-observer.ts)- Handles state patching, project-context updates, and domain-event publishing for each node attempt.
PipelineExecutor(src/agents/pipeline.ts)- Coordinates DAG traversal and retry behavior.
- Computes aggregate run status from executed terminal nodes plus critical-path failures.
- Applies dedicated
SecurityViolationErrorhandling policy (hard_abortorvalidation_failmapping). - Resolves per-attempt
ResolvedExecutionContext(phase/model/tool/security contract) and injects it into actor executors.
Aggregate status semantics
Run status is success only when both are true:
- All executed terminal nodes (leaves in the executed subgraph) have final status
success. - No executed node in the critical path has final status
failure.
Otherwise status is failure.
Persistence guarantees
State and project-context writes are now atomic via temp-file + rename. Project-context patch/write operations are serialized both in-process (promise queue) and cross-process (lock file).
Tool enforcement guarantees
- Pipeline resolves a flat
allowedToolslist per node attempt. - MCP config exposed to executors is pre-filtered to
allowedTools. - Claude tool callbacks are expected to use the provided policy handler so unsupported shared MCP tool filters cannot bypass enforcement.