feat(platform): adaptive chat reliability and blue-green deploy tiers#1914
Merged
Conversation
yannickmonney
force-pushed
the
feat/chat-reliability-and-deploy-tiers
branch
from
2056d60 to
58e9e81
Compare
Adaptive chat reliability, blue-green deploy tiers, CLI version alignment, and sandbox blue-green re-architecture.
Self-review pass on the rebased PR: - flip-sandbox: a drained colour whose /drain-status stayed unknown through the timeout was torn down (killing in-flight turns); treat unknown as 'may have sessions' and linger, with the spawner max-linger self-reap as backstop. Added a regression test + injectable poll/timeout seams. - docs(retention): describe the standalone retention-policy.json layout (flat fields) instead of the dropped folded-policy structure, in all 3 locales. - docs(models): fix stale examples/default/providers path -> builtin-configs. - ui(button): add tooltip/aria-name tests + Storybook story for the icon-button title->accessible-name feature. - chore: fix a stale doc-comment path in convex-error.ts.
… crash the E2E server The Vite dev/preview proxy (used by the prod-build E2E serving path) routes /ws_api, /http_api and /api/* to the Convex backend with no http-proxy error handler. A transient upstream reset (ECONNRESET) or client disconnect (EPIPE) under CI load therefore rethrows and tears down the port-3000 server, after which every in-flight navigation fails at once — the whole Playwright shard dies with 0ms test failures rather than one test flaking. Attach an error handler to each proxied route: log and respond 502 (HTTP) or destroy the socket (WS upgrade) so one blip can't take the server down. Pre-existing flake (also seen on main); surfaced while greening this PR's E2E.
…et can't crash the E2E server" This reverts the vite.config.ts proxy error-handler change (d95adef). It did not fix the E2E failure and was based on a symptom-level reading. The real cause is a pre-existing, main-wide E2E infra issue: a Convex "Hit an error while pushing" during the dev-stack env-sync leaves the backend incompletely deployed, so the app can't reach Convex and the worker `org` fixture dies (every spec fails at 0ms). The vite ECONNRESET/EPIPE floods are a downstream symptom. Proven pre-existing: main's own E2E run at the merge-base (bbaab2f) shows the identical "Hit an error while pushing" + vite ECONNRESET pattern, before this branch diverged. The proxy hardening also tried to write to already-ended sockets (writeAfterFIN), so it is net-negative here. Keeping this PR focused; the dev-stack push error belongs in a separate infra fix.
yannickmonney
force-pushed
the
feat/chat-reliability-and-deploy-tiers
branch
from
42ab2f3 to
26547cf
Compare
The worker-scoped workerOrg fixture waits for the seeded 'E2E Assistant'
on /dashboard/{org}/agents/all, but that table shows only INSTALLED +
enabled agents. assistant.json had no metadata.autoInstall, so the
provisioner (syncDefaultAgentInstallations) skipped it — no
agentInstallations row, agent filtered out, waitForSeededOrg timed out,
and every seeded-org spec cascade-failed (~120 tests in 1-3ms each).
Add metadata.autoInstall:true (mirrors the already-working seeded
prompt). Also add empty apps/skills/branding/governance fixture dirs so
org scaffold stops logging non-fatal '[scaffold] ... does not exist'
ERRORs for the config domains added in #1911 (copyTree skips dotfiles,
so the .gitkeep stubs change no seeded behavior).
The seed fix unblocked the suite; the residual platform failures were
automation-editor.spec / automation.spec asserting on the canvas toolbar
(Add step / Test automation) via page.getByTitle(). The shared @tale/ui
Button now suppresses the native title attribute and routes title into
aria-label + a Radix tooltip, so getByTitle() matches nothing even though
the buttons render with those accessible names. Switch the 4 lookups to
getByRole('button', { name, exact }) — the stable role+label locator the
specs already use elsewhere.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
A consolidated batch that had accumulated on this branch, opened as one PR per request. It spans
two headline pillars plus supporting governance / model-catalog / accessibility work. Grouped by theme
below so it can be reviewed pillar-by-pillar.
Pillar 1 — Adaptive chat reliability
lib/shared/chat-errors.ts): one pure module classifies and encodesgeneration errors, used by both the Convex backend and the chat UI.
message.errornow carries astructured, localizable
TALE_ERR1envelope instead of a raw string.convex/providers/,failure_scope.ts): deterministicfailures retire a single credential/endpoint rather than a whole provider, with a structured
fallback envelope surfaced to the UI.
modelFallback*strings.blended into the governor's difficulty prior. The per-agent manual Response Tuning override and
its settings tab/route are removed; the governor gains anti-oscillation (
lastTier) + cold-qualityself-correction.
[N]reference tokens; legacy screenshot captureremoved; the new-chat shortcut/button moves from the chat header to the nav rail.
Pillar 2 — Blue-green deploy tiers + CLI version model
tale deploy:-a/--all→--stop;convexalways rolls;db/proxystop-gated;platformblue-green;sandbox/sandbox-egressflip via a new zero-gap path.flip-sandbox.ts+ spawnerSANDBOX_COLOR,/v1/drain,colour-aware cancel via
sandboxExecutions.spawnerColor).tale upgrade→tale update(CLI self-update + file-sync only;rolls the binary back on sync failure). Automatic CLI↔instance version alignment (
lib/version/align.ts).tale rollbackrequires-y/--yes.Pillar 3 — Governance config, model catalog, UI a11y
retention-policy.jsonfolded into apolicyblock of
retention.jsonwith a legacy read fallback; six policy editors refactored onto a sharedZod
config-parser+ an optimistic instant-save toggle hook.Buttonenforces labels on icon-only buttons (with aworking built-in tooltip); the zoom-pan viewer toolbar is rebuilt on shared primitives.
dev-engineauto-starts astopped Docker engine.
Schema / migrations
All four Convex schema changes are purely additive optional fields with legacy-row coalescing
(
autoRouteCache.seed,sandboxExecutions.spawnerColor,threads/reasoning_profilesbucketlastTier) — no data migration required. Knowledge-DB (Postgres) schema unchanged → N/A.Self-review + CodeRabbit — fixes applied
This PR was reviewed by an adversarial multi-agent self-review (11 confirmed findings) and CodeRabbit
(local CLI, 25 findings; 1 was a verified false-positive). Fixes pushed in the two
fix(platform)commits on top of the feature commit:
replaceBinaryWindowsreturned${installPath}.oldbut createdtale.old.exe, so commit/rollback hit a nonexistent path; now one consistent, name-agnostic backup.retagged once the sandbox tier moved off
statefulToUpdate, breaking the first/v1/executeafter abump; now derived from the actual
flipSandboxTierroll.SkeletonBox(a plain span that dropsthe injected ref/handlers); it now wraps the real
ButtonBase.failure_scopecrash — tolerate a missingapiKey/baseUrl(keyless providers).lastTierfallback, signal-killed update exit code, drain-status responsevalidation, SSE header precedence, paste image double-insert, video-URL unhandled
rejection, a literal NUL byte in
auto_route_helpers, Knip dead exports, and severalsilent catches → all fixed. Tests updated to the new error-envelope /
[MODEL_FALLBACK]contracts.Deferred (tracked) — intentionally not in this PR
/v1/drainis unauthenticated — a deliberate trust assumption (the spawner port is neverhost-exposed). Documented; HMAC-gating it is a follow-up if that assumption changes.
mergeRetentionPolicyon a fresh org without a bounds catalog — an edge-case in theactively-evolving governance file-config flow; left for the owner of that refactor to avoid a wrong
fix to the bounds-seeding path.
setSpawnerColorround-trip in single-colour mode, a dropped{model}i18nparam, two test-only helper exports) — noted, non-blocking.
Definition of Done
bun run check— typecheck (13/13) + Knip + targeted tests run locally; full lint/test suite green in CI.bun run lint:sast(Opengrep) — clean (pre-commit gate + CI Opengrep/Opengrep-OSS green).bun run test:e2e— Playwright runs in CI; theautomation*spec failures are pre-existinginfra flakiness (WebServer
ECONNRESET/ convex-push /TALE_CONFIG_DIR), unrelated to this diff.<Skeletonize>— no new hand-rolled skeletons.messages/{en,de,fr}.json— 5812 leaf keys verified in parity./docs/{en,de,fr}/for user-visible changes (CLI verbs, deploy tiers, models, retention).README.md(CLI command surface).AGENTS.mdcomment rule + docs prose-lint updated.