1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
//! Max-runtime (watchdog) config for in-flight routine runs.
//!
//! A run launches its agent in a detached tmux session that nothing otherwise bounds: a hung agent
//! (waiting on stdin, looping, blocked on a stuck network/git op) never exits, so the TTL reaper —
//! which only touches *finished* runs — can never reap it, and each cron tick stacks another zombie
//! session + workbench. The cleanup watchdog force-kills any session whose run has exceeded its
//! routine's max runtime, after which the workbench is reaped under the normal TTL rules.
use Routine;
/// Upper bound on a single run's wall-clock duration before the watchdog kills its session: 1h.
///
/// Mirrors the TTL cap ([`super::ttl::MAX_TTL_SECS`]): a run is only worth keeping alive until the
/// next run is due, and never longer than this. Also the fallback for orphaned workbenches whose
/// routine was since deleted.
pub const MAX_RUNTIME_SECS: u64 = 60 * 60;
/// Cron-derived watchdog ceiling for a routine running on `schedule`:
/// `min(MAX_RUNTIME_SECS, cron interval)`.
///
/// An explicit `max_runtime_secs` above this is silently clamped by
/// [`Routine::effective_max_runtime_secs`], so create/update validation rejects it instead (#468).
pub