You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Stop conditions (incl. the new token/cost budget in #475) are evaluated between rounds. A single runaway iteration can overshoot any ceiling before the next evaluation. We need a hard backstop: a supervisor/deadline-enforced ceiling that aborts an agent mid-turn when it blows a token or wall-clock limit.
This is the "true hard ceiling" referenced (but not yet tracked) in #475.
The supervisor can already kill + respawn: AcpxSupervisor (src/core/acpx-supervisor.ts:165-226).
Deadline machinery already exists: DeadlineWatcher fires per-handoff timers and rebuilds them from store on restart (src/core/deadline-watcher.ts:69-147).
Gap: neither enforces a per-agent/per-session token or wall-clock ceiling that hard-aborts a live ACP session mid-iteration.
Proposed change
Feed a per-agent (and per-session) hard ceiling — maxTokens / maxWallClockSeconds — to the supervisor/deadline layer.
On breach: kill the ACP session via AcpxSupervisor (terminal abort, not just a "stop" flag the agent may ignore), record the reason, and surface it in run health.
An agent that exceeds its hard token/time ceiling is terminated mid-iteration, with a recorded abort reason (not left running until the next round boundary).
Follow-up to #475 (corrects its inaccurate "tracked separately" line). Related: #376 (Run Health — where abort reasons surface), #347 (Epic F admission + backpressure), deadline-watcher.ts / acpx-supervisor.ts (the enforcement surfaces).
Summary
Stop conditions (incl. the new token/cost budget in #475) are evaluated between rounds. A single runaway iteration can overshoot any ceiling before the next evaluation. We need a hard backstop: a supervisor/deadline-enforced ceiling that aborts an agent mid-turn when it blows a token or wall-clock limit.
This is the "true hard ceiling" referenced (but not yet tracked) in #475.
Current state
evaluateStopConditions/evaluateBudget(src/core/stop-conditions.ts) — checked at round boundaries only.AcpxSupervisor(src/core/acpx-supervisor.ts:165-226).DeadlineWatcherfires per-handoff timers and rebuilds them from store on restart (src/core/deadline-watcher.ts:69-147).Proposed change
maxTokens/maxWallClockSeconds— to the supervisor/deadline layer.AcpxSupervisor(terminal abort, not just a "stop" flag the agent may ignore), record the reason, and surface it in run health.Acceptance criteria
Context
Follow-up to #475 (corrects its inaccurate "tracked separately" line). Related: #376 (Run Health — where abort reasons surface), #347 (Epic F admission + backpressure),
deadline-watcher.ts/acpx-supervisor.ts(the enforcement surfaces).