e26236fdc1
* Extract session pipeline framework, refactor verification, add UsageProcessor skeleton Pluggable framework under services/session_pipeline/ (contract + lib + per-processor runner) so multiple processors can read /data/user_sessions/<key>/*.jsonl on their own cadence with full failure isolation. Verification flow becomes the first plugin; a no-op UsageProcessor reserves the second slot pending a separate brainstorm on extraction logic + storage shape. Schema v28→v29: rename session_extraction_state → session_processor_state with composite PK (processor_name, session_file). Existing rows copied over with processor_name='verification'; legacy table dropped. Migration is idempotent and no-ops the copy step on fresh installs that came up at the new schema. Endpoint: /api/admin/run-verification-detector replaced by parametrized /api/admin/run-session-processor?processor=<name>. Audit action format follows. Scheduler JOBS: verification-detector entry split into session-processor:verification + session-processor:usage. SCHEDULER_VERIFICATION_DETECTOR_INTERVAL retained for operator compatibility (drives both cadence and health-check grace window); SCHEDULER_USAGE_PROCESSOR_INTERVAL added. * Address PR #232 review: scan dead branch + per-processor lock - `SessionProcessorStateRepository.scan_unprocessed_for` dead else: both branches surfaced every jsonl, the SELECT was unused, runner MD5-rehashed every stable session per tick. Replaced with an mtime precheck — stable sessions (mtime <= processed_at) are filtered at scan; modified files still surface for the runner's authoritative `file_hash` invalidation. Naive-local comparison matches the existing health-check idiom (DuckDB TIMESTAMP strips tz on storage). - Per-processor advisory lock around `_run_processor` in `/api/admin/run-session-processor`. Scheduler tick + manual admin POST could otherwise both run, both call create_evidence on overlapping detections, and accumulate duplicate verification_evidence rows (the dedup short-circuit only covers create+contradiction, not evidence per ADR Decision 3). Non-blocking acquire → 409 Conflict on concurrent invocation; release in finally so a runner exception doesn't wedge the processor. Tests: two new scan unit tests (mtime filter + post-mark mtime bump), 409 endpoint test, lock-released-on-exception test. Two existing tests updated for the new "filtered at scan" stat shape (previously asserted skipped == 1, now scanned == 0). * Address PR #232 review #2: parallel scheduler tick + last_run on terminal state Two pre-existing scaffold bugs in services/scheduler/__main__.py amplified by adding more session-pipeline jobs: 1. Serial for-loop over jobs with synchronous httpx.post(timeout=900) — a 10-minute verification run blocked every other job (data-refresh, health-check, usage, corporate-memory) for the whole window. The PR's stated isolation guarantee held inside the runner but broke at the scheduler dispatch layer. 2. last_run advanced only when _call_api returned True. Permanent-failure jobs hot-looped on every tick (30s) instead of cadence (15min). Fix: ThreadPoolExecutor.submit per due job + per-job in_flight set so a long-running job can't be re-launched on subsequent ticks. last_run advances unconditionally in finally; errors still surface via _call_api logging + audit_log on the receiving side. _run_job extracted to module-level for unit testing. New tests: - TestRunJobBookkeeping: advances on success / failure / unhandled raise - TestRunLoopParallelism: in_flight protection prevents duplicate launches across ticks for a single slow job --------- Co-authored-by: Minas Arustamyan <arustamyan.minas@gmail.com>
46 lines
1.7 KiB
Python
46 lines
1.7 KiB
Python
"""Pluggable session processors for the session-pipeline framework.
|
|
|
|
Each processor implements the SessionProcessor protocol from
|
|
services.session_pipeline.contract and lives in its own module here.
|
|
|
|
The PROCESSORS list + PROCESSORS_BY_NAME dict are populated lazily so that
|
|
processors needing runtime config (LLM extractor, instance config, etc.)
|
|
don't fail at import time when those aren't available — relevant for tests
|
|
and for instances where the LLM is intentionally unconfigured.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from functools import lru_cache
|
|
|
|
from services.session_pipeline.contract import SessionProcessor
|
|
from services.session_processors.usage import UsageProcessor
|
|
from services.session_processors.verification import build_verification_processor
|
|
|
|
|
|
@lru_cache(maxsize=1)
|
|
def _build_registry() -> dict[str, SessionProcessor]:
|
|
"""Construct the registry once per process. Verification needs an LLM
|
|
extractor which is built from instance config + env, so we delay until
|
|
something actually asks for the registry — meaning admin endpoint or
|
|
scheduler call, not test imports."""
|
|
registry: dict[str, SessionProcessor] = {
|
|
"usage": UsageProcessor(),
|
|
}
|
|
try:
|
|
registry["verification"] = build_verification_processor()
|
|
except Exception:
|
|
# Verification needs an LLM; if construction fails (no API key,
|
|
# bad config), the endpoint will report a clean 400 "unknown
|
|
# processor" rather than a 500 at import time. The error is logged
|
|
# by build_verification_processor.
|
|
pass
|
|
return registry
|
|
|
|
|
|
def get_processor(name: str) -> SessionProcessor | None:
|
|
return _build_registry().get(name)
|
|
|
|
|
|
def list_processor_names() -> list[str]:
|
|
return sorted(_build_registry().keys())
|