feat(tools): propagate timeout abort signals to tool execution

2026-02-15 22:05:43 -08:00
parent 0220ec10dd
commit 2cdfb66071
10 changed files with 113 additions and 18 deletions
@@ -57,8 +57,12 @@ export interface Tool {
  /** Secret scopes required to execute this tool (optional). */
  requiredSecretScopes?: string[];
-  /** Async function that executes the tool. */
+  /** Optional execution context (abort signal, runtime metadata). */
-  execute: (args: unknown) => Promise<ToolResult>;
+  execute: (args: unknown, context?: ToolExecutionContext) => Promise<ToolResult>;
 }
 export interface ToolExecutionContext {
  signal?: AbortSignal;
 }
 ```
@@ -59,7 +59,7 @@ export const myTool: Tool = {
    },
    required: ['foo'],
  },
-  execute: async (rawArgs: unknown): Promise<ToolResult> => {
+  execute: async (rawArgs: unknown, _context?: { signal?: AbortSignal }): Promise<ToolResult> => {
    // ...
    return { success: true, output: 'ok' };
  },
@@ -16,6 +16,7 @@ Scope: Production-risk-first audit of bugs, code improvements, and feature oppor
 - ✅ F-008 addressed: WhatsApp Chromium launch is now sandboxed by default; no-sandbox mode is behind explicit `whatsapp.no_sandbox: true` opt-in.
 - ✅ F-014 addressed: `ModelRouter.setOnTierChange` now preserves existing listeners instead of replacing them, removing destructive listener-setter behavior.
 - ✅ F-002 addressed: `config.patch` now supports durable persistence via atomic write + backup when daemon has a concrete config path, and response includes `persisted`/`persistError` so UI can distinguish runtime-only vs disk-persisted updates.
 - ◑ F-003 partially addressed: tool execution now has an `AbortSignal` contract and executor triggers abort on timeout; host `shell.exec` and sandbox docker exec now respond to cancellation. Additional high-risk tools still need explicit cancellation coverage for full closure.
 ## Executive Summary
@@ -2547,6 +2547,24 @@
        "docs/plans/analysis/2026-02-16-codebase-audit-report.md"
      ],
      "test_status": "pnpm test:run src/gateway/handlers/handlers.test.ts src/config/persistence.test.ts + pnpm typecheck passing"
    },
    "audit-followup-tool-timeout-cancellation-contract": {
      "status": "in_progress",
      "date": "2026-02-16",
      "updated": "2026-02-16",
      "summary": "Started timeout-cancellation hardening: added ToolExecutionContext AbortSignal contract, executor abort-on-timeout propagation, and cancellation-aware shell execution for host and sandbox docker exec paths. Remaining work: migrate additional high-risk tools and add post-timeout side-effect regression coverage.",
      "files_modified": [
        "src/tools/types.ts",
        "src/tools/executor.ts",
        "src/tools/executor.test.ts",
        "src/tools/builtin/shell.ts",
        "src/sandbox/docker.ts",
        "src/sandbox/tools.ts",
        "docs/api/TOOLS.md",
        "docs/architecture/CONTRIBUTOR_MAP.md",
        "docs/plans/analysis/2026-02-16-codebase-audit-report.md"
      ],
      "test_status": "pnpm test:run src/tools/executor.test.ts src/tools/builtin/shell.test.ts + pnpm typecheck passing"
    }
  },
  "overall_progress": {
@@ -13,6 +13,7 @@ export interface DockerSandboxConfig {
 export interface ExecOptions {
  cwd?: string;
  timeout?: number;
  signal?: AbortSignal;
 }
 export interface ExecResult {
@@ -76,7 +77,7 @@ export class DockerSandbox {
    args.push(this._containerId, 'bash', '-c', command);
    const timeout = opts?.timeout ?? this.config.timeoutSeconds * 1000;
-    return this.dockerCmd(args, timeout);
+    return this.dockerCmd(args, timeout, opts?.signal);
  }
  /** Force-remove the container. */
@@ -109,15 +110,35 @@ export class DockerSandbox {
  }
  /** Run a docker CLI command. */
-  private dockerCmd(args: string[], timeout = 30_000): Promise<ExecResult> {
+  private dockerCmd(args: string[], timeout = 30_000, signal?: AbortSignal): Promise<ExecResult> {
    return new Promise((resolve, reject) => {
-      execFile('docker', args, { timeout, maxBuffer: 1024 * 1024 }, (error, stdout, stderr) => {
+      let settled = false;
      const child = execFile('docker', args, { timeout, maxBuffer: 1024 * 1024 }, (error, stdout, stderr) => {
        if (signal) {
          signal.removeEventListener('abort', onAbort);
        }
        if (settled) {return;}
        settled = true;
        if (error) {
          reject(error);
          return;
        }
        resolve({ stdout, stderr });
      });
      const onAbort = () => {
        if (settled) {return;}
        settled = true;
        child.kill('SIGTERM');
        reject(new Error('Sandbox command aborted'));
      };
      if (signal) {
        if (signal.aborted) {
          onAbort();
        } else {
          signal.addEventListener('abort', onAbort, { once: true });
        }
      }
    });
  }
 }
@@ -1,4 +1,4 @@
-import type { Tool, ToolResult } from '../tools/types.js';
+import type { Tool, ToolResult, ToolExecutionContext } from '../tools/types.js';
 import type { DockerSandbox } from './docker.js';
 interface ShellExecArgs {
@@ -29,7 +29,7 @@ export function createSandboxedShellTool(sandbox: DockerSandbox): Tool {
      },
      required: ['command'],
    },
-    execute: async (rawArgs: unknown): Promise<ToolResult> => {
+    execute: async (rawArgs: unknown, context?: ToolExecutionContext): Promise<ToolResult> => {
      const args = rawArgs as ShellExecArgs;
      const timeout = args.timeout ?? 30_000;
@@ -37,6 +37,7 @@ export function createSandboxedShellTool(sandbox: DockerSandbox): Tool {
        const result = await sandbox.exec(args.command, {
          cwd: args.cwd,
          timeout,
          signal: context?.signal,
        });
        const output = result.stdout + (result.stderr ? `\nstderr: ${result.stderr}` : '');
@@ -68,12 +69,12 @@ export function createSandboxedProcessStartTool(sandbox: DockerSandbox): Tool {
      },
      required: ['command'],
    },
-    execute: async (rawArgs: unknown): Promise<ToolResult> => {
+    execute: async (rawArgs: unknown, context?: ToolExecutionContext): Promise<ToolResult> => {
      const args = rawArgs as ProcessStartArgs;
      try {
        const wrappedCmd = `nohup bash -c '${args.command.replace(/'/g, "'\\''")}' > /tmp/proc.log 2>&1 & echo $!`;
-        const result = await sandbox.exec(wrappedCmd, { cwd: args.cwd });
+        const result = await sandbox.exec(wrappedCmd, { cwd: args.cwd, signal: context?.signal });
        const pid = result.stdout.trim();
        return {
@@ -1,5 +1,5 @@
 import { execFile } from 'child_process';
-import type { Tool, ToolResult } from '../types.js';
+import type { Tool, ToolResult, ToolExecutionContext } from '../types.js';
 interface ShellExecArgs {
  command: string;
@@ -19,16 +19,19 @@ export const shellExecTool: Tool = {
    },
    required: ['command'],
  },
-  execute: async (rawArgs: unknown): Promise<ToolResult> => {
+  execute: async (rawArgs: unknown, context?: ToolExecutionContext): Promise<ToolResult> => {
    const args = rawArgs as ShellExecArgs;
    const timeout = args.timeout ?? 30_000;
    return new Promise((resolve) => {
-      execFile('bash', ['-c', args.command], {
+      const child = execFile('bash', ['-c', args.command], {
        cwd: args.cwd,
        timeout,
        maxBuffer: 1024 * 1024,
      }, (error, stdout, stderr) => {
        if (context?.signal) {
          context.signal.removeEventListener('abort', onAbort);
        }
        if (error) {
          if (error.killed || error.signal === 'SIGTERM') {
            resolve({ success: false, output: stdout, error: `Command timed out after ${timeout}ms` });
@@ -43,6 +46,17 @@ export const shellExecTool: Tool = {
        }
        resolve({ success: true, output: stdout + (stderr ? `\nstderr: ${stderr}` : '') });
      });
      const onAbort = () => {
        child.kill('SIGTERM');
      };
      if (context?.signal) {
        if (context.signal.aborted) {
          onAbort();
        } else {
          context.signal.addEventListener('abort', onAbort, { once: true });
        }
      }
    });
  },
 };
@@ -42,6 +42,23 @@ const fileWriteLikeTool: Tool = {
  execute: async () => ({ success: true, output: 'ok' }),
 };
 const cancellableTool: Tool = {
  name: 'test.cancellable',
  description: 'Long-running cancellable tool',
  inputSchema: { type: 'object', properties: {} },
  execute: async (_args, context) => {
    return await new Promise((resolve) => {
      const onAbort = () => resolve({ success: false, output: '', error: 'aborted' });
      if (context?.signal?.aborted) {
        onAbort();
        return;
      }
      context?.signal?.addEventListener('abort', onAbort, { once: true });
      setTimeout(() => resolve({ success: true, output: 'done' }), 5000);
    });
  },
 };
 describe('ToolExecutor', () => {
  it('executes a tool and returns result', async () => {
    const registry = new ToolRegistry();
@@ -86,6 +103,17 @@ describe('ToolExecutor', () => {
    expect(result.error).toContain('timed out');
  });
  it('aborts cancellable tool work on timeout', async () => {
    const registry = new ToolRegistry();
    registry.register(cancellableTool);
    const hooks = new HookEngine({ confirm: [], log: [], silent: [] });
    const executor = new ToolExecutor(registry, hooks, { defaultTimeoutMs: 50 });
    const result = await executor.execute('test.cancellable', {});
    expect(result.success).toBe(false);
    expect(result.error).toContain('timed out');
  });
  it('truncates large output', async () => {
    const registry = new ToolRegistry();
    registry.register(bigOutputTool);
@@ -225,6 +225,7 @@ export class ToolExecutor {
    });
    let timeoutHandle: NodeJS.Timeout | undefined;
    const abortController = new AbortController();
    try {
      const result = await Promise.race([
        (async () => {
@@ -232,17 +233,20 @@ export class ToolExecutor {
            const sandboxSessionId = context?.sessionId ?? `${context?.channel ?? 'unknown'}:${context?.sender ?? 'unknown'}`;
            const sandbox = await this.sandboxManager.getOrCreate(sandboxSessionId);
            if (toolName === 'shell.exec') {
-              return createSandboxedShellTool(sandbox).execute(args);
+              return createSandboxedShellTool(sandbox).execute(args, { signal: abortController.signal });
            }
            if (toolName === 'process.start') {
-              return createSandboxedProcessStartTool(sandbox).execute(args);
+              return createSandboxedProcessStartTool(sandbox).execute(args, { signal: abortController.signal });
            }
          }
-          return tool.execute(args);
+          return tool.execute(args, { signal: abortController.signal });
        })(),
        new Promise<ToolResult>((_, reject) => {
          timeoutHandle = setTimeout(
-            () => reject(new Error(`Tool '${toolName}' timed out after ${this.defaultTimeoutMs}ms`)),
+            () => {
              abortController.abort();
              reject(new Error(`Tool '${toolName}' timed out after ${this.defaultTimeoutMs}ms`));
            },
            this.defaultTimeoutMs,
          );
        }),
@@ -10,7 +10,11 @@ export interface Tool {
  inputSchema: ToolInputSchema;
  /** Secret scopes required to execute this tool (optional). */
  requiredSecretScopes?: string[];
-  execute(args: unknown): Promise<ToolResult>;
+  execute(args: unknown, context?: ToolExecutionContext): Promise<ToolResult>;
 }
 export interface ToolExecutionContext {
  signal?: AbortSignal;
 }
 export interface ToolCall {