fix(agent): prevent session lock deadlock on timeout during compaction

[mverrilli]

Summary

• Fix session lock deadlock when a run times out during post-prompt compaction
• waitForCompactionRetry() was not respecting the abort signal, causing execution to hang before reaching the finally block that releases the session write lock, leaving sessions permanently unresponsive
• Add timedOutDuringCompaction flag to skip auth profile rotation on compaction timeouts (model succeeded; not a profile issue)
• Capture pre-compaction message snapshot to persist a complete transcript when compaction times out mid-restructure

Root cause

When a run hits the timeout (default 10 minutes) while waitForCompactionRetry() is blocked, the abort signal fires but the compaction wait has no way to be cancelled. The finally block that calls unsubscribe() and releases the session write lock never runs, leaving the session permanently stuck until gateway restart.

Changes

Subscription cleanup (pi-embedded-subscribe.ts):

• unsubscribe() now actively rejects pending compaction promises with AbortError, aborts in-flight compaction, and sets an unsubscribed flag to prevent new promises from being created
• waitForCompactionRetry() rejects with AbortError after unsubscribe (cancellation, not false success) and propagates rejections through all code paths including the microtask race-check
• Orphaned compaction promises (created by late event handlers with no consumer) are logged at debug level to prevent silent unhandled rejections

Attempt lifecycle (attempt.ts):

• Wrap waitForCompactionRetry() in abortable() so the abort signal can cancel the wait
• Capture a pre-compaction message snapshot with before/after compaction state checks to avoid copying a mid-compaction array
• Use awaitingCompaction flag + subscription.isCompacting() for robust timeout classification that doesn't depend on a single instantaneous read
• Use activeSession.isCompacting (session state) for snapshot safety decisions, subscription.isCompacting() (broader signal including pending retries) for timeout classification
• Pair sessionIdUsed with whichever snapshot source is actually used to prevent downstream correlation issues
• Guard unsubscribe() with try/catch in the finally block so remaining cleanup (clearActiveEmbeddedRun, abort listener removal) always runs

Profile rotation (run.ts):

• Skip auth profile rotation when timeout occurred during compaction — the model succeeded, compaction was the bottleneck

---

• Fixes Session lane permanently blocked after embedded run timeout during tool calls #9405
• Fixes Embedded run never exits after abort: waitForCompactionRetry() not tied to abort signal, session stays active and locked #12085
• Fixes [Bug]: Embedded run timeout fails to clean up session/lane state when compaction is in-flight (waitForCompactionRetry not abort-aware) #13341

---

• This was AI assisted. I understand what the code does.
• Tested for 48 hours, regular hangs experienced have disappeared.

Greptile Overview

Greptile Summary

This PR hardens embedded session teardown to prevent deadlocks when a run times out during post-prompt compaction.

Key changes:

• subscribeEmbeddedPiSession() now tracks an unsubscribed state and rejects any pending compaction-wait promise with an AbortError on teardown, and waitForCompactionRetry() rejects after unsubscribe instead of returning a false “success”.
• runEmbeddedAttempt() wraps waitForCompactionRetry() in the local abortable() helper so timeouts/aborts can cancel the wait and reliably reach the finally that releases the session write lock.
• On timeout during compaction, runEmbeddedAttempt() persists a safe message snapshot (pre-compaction if compaction wasn’t running during snapshot capture) and reports timedOutDuringCompaction upward.
• runEmbeddedPiAgent() uses timedOutDuringCompaction to skip auth profile rotation for compaction-induced timeouts (model succeeded; compaction/infra was the bottleneck).

Overall this aligns timeout behavior with cancellation semantics, ensures teardown is idempotent, and reduces the chance of sessions becoming permanently stuck due to unreleased locks.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk.
• Changes are localized to compaction wait/teardown and timeout classification, and the new behavior (rejecting waits on unsubscribe + making unsubscribe idempotent) directly addresses the deadlock root cause without altering unrelated runner flows. Snapshot/sessionId pairing is handled consistently, and abort errors are correctly classified by existing runner helpers.
• No files require special attention

_{Last reviewed commit: c10290d}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

src/agents/pi-embedded-runner/run.overflow-compaction.test.ts
Test factory missing field

EmbeddedRunAttemptResult gained a required timedOutDuringCompaction field (src/agents/pi-embedded-runner/run/types.ts:93-112), but makeAttemptResult() doesn’t set it. This will break TS typechecking (and any test compilation) once this PR lands.

Also appears in src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.test.ts:47-62 (makeAttempt).

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/pi-embedded-runner/run.overflow-compaction.test.ts
Line: 157:174

Comment:
**Test factory missing field**

`EmbeddedRunAttemptResult` gained a required `timedOutDuringCompaction` field (`src/agents/pi-embedded-runner/run/types.ts:93-112`), but `makeAttemptResult()` doesn’t set it. This will break TS typechecking (and any test compilation) once this PR lands.

Also appears in `src/agents/pi-embedded-runner.run-embedded-pi-agent.auth-profile-rotation.test.ts:47-62` (`makeAttempt`).

How can I resolve this? If you propose a fix, please make it concise.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 70f24ff64b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{2 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (1)

src/agents/pi-embedded-subscribe.ts
Unhandled compaction wait rejection
waitForCompactionRetry() creates a microtask promise and, if compaction starts, it does state.compactionRetryPromise.then(resolve) without a rejection handler (src/agents/pi-embedded-subscribe.ts:590-603). Since unsubscribe() now rejects compactionRetryPromise with an AbortError (:544-557), this path will leave the outer promise pending forever on unsubscribe/abort, recreating the hang it’s meant to prevent. Handle rejection too (e.g. then(resolve, resolve) or propagate AbortError via a reject in the outer promise).

Prompt To Fix With AI

This is a comment left during a code review.
Path: src/agents/pi-embedded-subscribe.ts
Line: 590:603

Comment:
**Unhandled compaction wait rejection**
`waitForCompactionRetry()` creates a microtask promise and, if compaction starts, it does `state.compactionRetryPromise.then(resolve)` without a rejection handler (`src/agents/pi-embedded-subscribe.ts:590-603`). Since `unsubscribe()` now rejects `compactionRetryPromise` with an AbortError (`:544-557`), this path will leave the outer promise pending forever on unsubscribe/abort, recreating the hang it’s meant to prevent. Handle rejection too (e.g. `then(resolve, resolve)` or propagate AbortError via a `reject` in the outer promise).

How can I resolve this? If you propose a fix, please make it concise.

[gumadeiras]

Merged via squash.

• Prepared head SHA: 64a2890
• Merge commit: e6f67d5

Thanks @mverrilli!