Expand description
Centralized bounded-queue usage tracker.
secure-exec streams guest output through a chain of bounded queues: the V8 -> host event channel, the sidecar stdout/stdin frame queues, and so on. Each queue applies backpressure when full (it parks the producer until the consumer drains) rather than crashing, but backpressure is invisible: a slow host consumer silently stalls a session with nothing in the logs.
This module gives that whole chain a single, inspectable home:
- Every bounded queue registers a
QueueGauge(with a stable name and its capacity) in a process-globalQueueRegistry. - Producers report depth as they enqueue (either by an exact count for
manually-tracked queues via
TrackedSyncSender, or by sampling the live depth of a Tokio channel viaQueueGauge::observe_depth). - When a queue crosses
WARN_FILL_PERCENTof capacity the gauge emits a singlewarn!, so “the consumer is falling behind” shows up before the queue saturates and backpressure stalls the session. It re-arms once the queue drains back belowREARM_FILL_PERCENT. queue_snapshotreturns the live depth / high-water / capacity of every registered queue for debugging or a status endpoint.
Structs§
- Limit
Warning - A near-capacity event for one limit, delivered to the global warning sink at
the same edge as the
tracing::warn!. This is the structured payload a host hook (e.g. agentOSonLimitWarning) is built from. - Queue
Gauge - Live usage gauge for a single bounded queue.
- Queue
Registry - Process-global registry of every live
QueueGauge. - Queue
Snapshot - Immutable view of a tracked limit’s usage, returned by
queue_snapshot. - Tracked
Receiver - Receiver half of a
tracked_sync_channel; records a dequeue for every item it yields so the gauge depth tracks the real backlog. - Tracked
Sync Sender - A
std::sync::mpsc::SyncSenderthat feeds aQueueGaugeas items flow through it, so a queue whose backing channel cannot report its own length still participates in the centralized tracker.
Enums§
- Limit
Category - What class of bounded resource a gauge tracks. Lets a snapshot / a host hook group and reason about limits beyond just queues.
- Tracked
Limit - Stable catalog of tracked limits that may emit near-capacity or exhaustion
warnings. Keep
website/src/content/docs/docs/features/resource-limits.mdxin sync when adding, removing, or renaming variants so host-visible warning names and the documented constants do not drift.
Constants§
- REARM_
FILL_ PERCENT - Fill fraction a near-full queue must drain back below before it will warn
again. The gap to
WARN_FILL_PERCENTprovides hysteresis so a queue hovering at the threshold does not flap. - WARN_
FILL_ PERCENT - Fill fraction (percent of capacity) at or above which a queue is considered “near full” and emits a warning. Edge-triggered so a steadily-full queue logs once, not on every enqueue.
Functions§
- log_
queue_ snapshot - Emit a
debug!line for every registered queue. Useful for an on-demand dump of the queue chain when diagnosing a stall. - queue_
snapshot - Snapshot every registered queue from the global registry.
- register_
limit - Register a non-queue bounded limit (a saturating resource or memory envelope)
with the global registry, so it shares the same approach-warning + snapshot
machinery as queues. Observe usage with
QueueGauge::observe_depth. - register_
queue - Register a bounded queue (the
LimitCategory::Queuecase) with the global registry. Convenience overQueueRegistry::global+QueueRegistry::register. - set_
limit_ warning_ handler - Install a process-global sink that is invoked on the same edge-triggered,
hysteresis-gated boundary as the
tracing::warn!whenever a tracked limit crossesWARN_FILL_PERCENT. The sidecar uses this to forward limit warnings to the host as structured events (theonLimitWarninghook). The handler must be cheap and non-blocking; it runs on the producer’s thread. - tracked_
sync_ channel - Create a bounded
std::sync::mpscsync-channel whose depth is tracked by a registeredQueueGauge. Drop-in forstd::sync::mpsc::sync_channelplus centralized usage tracking + near-capacity warnings. - warn_
limit_ exhausted - Emit a structured/logged warning for a limit that has already been exhausted. Use this for runtime caps such as CPU or heap exhaustion where there is no continuously sampled queue depth to observe before the terminal edge.