fix(agent-jobs): validate claims before claiming
This commit is contained in:
@@ -1074,6 +1074,65 @@ export const claimNextInternal = internalMutation({
|
||||
secrets.push(secret);
|
||||
}
|
||||
}
|
||||
const ownedProfile =
|
||||
aiProviderProfile?.ownerId === job.ownerId && aiProviderProfile.enabled
|
||||
? aiProviderProfile
|
||||
: null;
|
||||
const failClaim = async (reason: string) => {
|
||||
const failedAt = Date.now();
|
||||
await ctx.db.patch(job._id, {
|
||||
status: 'failed',
|
||||
error: reason,
|
||||
completedAt: failedAt,
|
||||
updatedAt: failedAt,
|
||||
});
|
||||
await ctx.db.patch(job.agentRequestId, {
|
||||
status: 'failed',
|
||||
updatedAt: failedAt,
|
||||
});
|
||||
if (job.threadId) {
|
||||
await ctx.db.patch(job.threadId, {
|
||||
status: 'failed',
|
||||
updatedAt: failedAt,
|
||||
resolvedAt: failedAt,
|
||||
});
|
||||
}
|
||||
await ctx.db.insert('agentJobEvents', {
|
||||
jobId: job._id,
|
||||
spoonId: job.spoonId,
|
||||
ownerId: job.ownerId,
|
||||
level: 'error',
|
||||
phase: 'queued',
|
||||
message: `Job could not be claimed: ${reason}`,
|
||||
createdAt: failedAt,
|
||||
});
|
||||
};
|
||||
if (!spoon) {
|
||||
await failClaim('The Spoon for this job no longer exists.');
|
||||
return null;
|
||||
}
|
||||
if (!ownedProfile) {
|
||||
await failClaim(
|
||||
'AI is not configured for this user. Add an AI provider in settings.',
|
||||
);
|
||||
return null;
|
||||
}
|
||||
if (ownedProfile.authType !== 'none' && !ownedProfile.encryptedSecret) {
|
||||
await failClaim('Selected AI provider is missing credentials.');
|
||||
return null;
|
||||
}
|
||||
if (agentSettings && !agentSettings.enabled) {
|
||||
await failClaim('Agent jobs are disabled for this Spoon.');
|
||||
return null;
|
||||
}
|
||||
if ((job.runtime ?? 'opencode') !== 'opencode') {
|
||||
await failClaim('Legacy OpenAI direct jobs are no longer supported.');
|
||||
return null;
|
||||
}
|
||||
if (secrets.length !== job.selectedSecretIds.length) {
|
||||
await failClaim('Selected secrets must belong to this Spoon.');
|
||||
return null;
|
||||
}
|
||||
const now = Date.now();
|
||||
await ctx.db.patch(job._id, {
|
||||
status: 'claimed',
|
||||
@@ -1098,8 +1157,7 @@ export const claimNextInternal = internalMutation({
|
||||
job: { ...job, status: 'claimed' as const, claimedBy: workerId },
|
||||
spoon,
|
||||
aiSettings,
|
||||
aiProviderProfile:
|
||||
aiProviderProfile?.ownerId === job.ownerId ? aiProviderProfile : null,
|
||||
aiProviderProfile: ownedProfile,
|
||||
agentSettings,
|
||||
secrets,
|
||||
};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
'use node';
|
||||
|
||||
import { ConvexError, v } from 'convex/values';
|
||||
import { v } from 'convex/values';
|
||||
|
||||
import type { Doc } from './_generated/dataModel';
|
||||
import { internal } from './_generated/api';
|
||||
@@ -56,20 +56,7 @@ export const claimNextForWorker = action({
|
||||
},
|
||||
)) as ClaimedJob | null;
|
||||
if (!claimed) return null;
|
||||
if (!claimed.spoon) {
|
||||
throw new ConvexError('Claimed job points at a missing Spoon.');
|
||||
}
|
||||
if (!claimed.aiProviderProfile) {
|
||||
throw new ConvexError(
|
||||
'AI is not configured for this user. Add an AI provider in settings.',
|
||||
);
|
||||
}
|
||||
if (
|
||||
claimed.aiProviderProfile.authType !== 'none' &&
|
||||
!claimed.aiProviderProfile.encryptedSecret
|
||||
) {
|
||||
throw new ConvexError('Selected AI provider is missing credentials.');
|
||||
}
|
||||
if (!claimed.spoon || !claimed.aiProviderProfile) return null;
|
||||
const profile = claimed.aiProviderProfile;
|
||||
return {
|
||||
job: claimed.job,
|
||||
|
||||
@@ -0,0 +1,219 @@
|
||||
import { convexTest } from 'convex-test';
|
||||
import { describe, expect, test } from 'vitest';
|
||||
|
||||
import type { Id } from '../../convex/_generated/dataModel.js';
|
||||
import { internal } from '../../convex/_generated/api.js';
|
||||
import schema from '../../convex/schema';
|
||||
|
||||
const modules = import.meta.glob('../../convex/**/*.*s');
|
||||
|
||||
type SeedOptions = {
|
||||
profile?: 'valid' | 'disabled' | 'missing-credentials' | 'none';
|
||||
settingsEnabled?: boolean;
|
||||
runtime?: 'opencode' | 'openai_direct';
|
||||
secret?: 'valid' | 'foreign';
|
||||
};
|
||||
|
||||
const seedQueuedJob = async (
|
||||
t: ReturnType<typeof convexTest>,
|
||||
options: SeedOptions = {},
|
||||
) =>
|
||||
await t.mutation(async (ctx) => {
|
||||
const now = Date.now();
|
||||
const ownerId = await ctx.db.insert('users', {
|
||||
email: 'owner@example.com',
|
||||
name: 'Owner',
|
||||
});
|
||||
const spoonId = await ctx.db.insert('spoons', {
|
||||
ownerId,
|
||||
name: 'Editor Spoon',
|
||||
provider: 'github',
|
||||
upstreamOwner: 'upstream',
|
||||
upstreamRepo: 'editor',
|
||||
upstreamDefaultBranch: 'main',
|
||||
upstreamUrl: 'https://github.com/upstream/editor',
|
||||
forkOwner: 'team',
|
||||
forkRepo: 'editor-spoon',
|
||||
forkUrl: 'https://github.com/team/editor-spoon',
|
||||
visibility: 'private',
|
||||
maintenanceMode: 'watch',
|
||||
syncCadence: 'daily',
|
||||
productionRefStrategy: 'default_branch',
|
||||
status: 'active',
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
});
|
||||
await ctx.db.insert('spoonAgentSettings', {
|
||||
spoonId,
|
||||
ownerId,
|
||||
enabled: options.settingsEnabled ?? true,
|
||||
runtime: 'opencode',
|
||||
defaultBaseBranch: 'main',
|
||||
branchPrefix: 'spoon/',
|
||||
agentModel: 'gpt-5.1-codex',
|
||||
reasoningEffort: 'medium',
|
||||
maxJobDurationMs: 60_000,
|
||||
maxOutputBytes: 1_000_000,
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
});
|
||||
const profileKind = options.profile ?? 'none';
|
||||
const aiProviderProfileId =
|
||||
profileKind === 'none'
|
||||
? undefined
|
||||
: await ctx.db.insert('aiProviderProfiles', {
|
||||
ownerId,
|
||||
name: 'Test provider',
|
||||
provider: 'openai',
|
||||
authType:
|
||||
profileKind === 'missing-credentials' ? 'api_key' : 'none',
|
||||
defaultModel: 'gpt-5.1-codex',
|
||||
modelOptions: ['gpt-5.1-codex'],
|
||||
reasoningEffort: 'medium',
|
||||
enabled: profileKind !== 'disabled',
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
});
|
||||
const selectedSecretIds: Id<'spoonSecrets'>[] = [];
|
||||
if (options.secret) {
|
||||
const secretOwnerId =
|
||||
options.secret === 'foreign'
|
||||
? await ctx.db.insert('users', {
|
||||
email: 'other@example.com',
|
||||
name: 'Other',
|
||||
})
|
||||
: ownerId;
|
||||
selectedSecretIds.push(
|
||||
await ctx.db.insert('spoonSecrets', {
|
||||
spoonId,
|
||||
ownerId: secretOwnerId,
|
||||
name: 'TOKEN',
|
||||
encryptedValue: 'encrypted',
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
}),
|
||||
);
|
||||
}
|
||||
const requestId = await ctx.db.insert('agentRequests', {
|
||||
spoonId,
|
||||
ownerId,
|
||||
prompt: 'Fix the editor',
|
||||
status: 'queued',
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
});
|
||||
const jobId = await ctx.db.insert('agentJobs', {
|
||||
spoonId,
|
||||
ownerId,
|
||||
agentRequestId: requestId,
|
||||
status: 'queued',
|
||||
prompt: 'Fix the editor',
|
||||
runtime: options.runtime ?? 'opencode',
|
||||
workspaceStatus: 'not_started',
|
||||
baseBranch: 'main',
|
||||
workBranch: 'spoon/fix-editor',
|
||||
forkOwner: 'team',
|
||||
forkRepo: 'editor-spoon',
|
||||
forkUrl: 'https://github.com/team/editor-spoon',
|
||||
upstreamOwner: 'upstream',
|
||||
upstreamRepo: 'editor',
|
||||
selectedSecretIds,
|
||||
aiProviderProfileId,
|
||||
model: 'gpt-5.1-codex',
|
||||
reasoningEffort: 'medium',
|
||||
createdAt: now,
|
||||
updatedAt: now,
|
||||
});
|
||||
await ctx.db.patch(requestId, { agentJobId: jobId });
|
||||
return { jobId, requestId, spoonId };
|
||||
});
|
||||
|
||||
const expectFailedClaim = async (
|
||||
t: ReturnType<typeof convexTest>,
|
||||
jobId: Id<'agentJobs'>,
|
||||
) => {
|
||||
const result = await t.mutation(internal.agentJobs.claimNextInternal, {
|
||||
workerId: 'w1',
|
||||
});
|
||||
expect(result).toBeNull();
|
||||
const job = await t.run(async (ctx) => await ctx.db.get(jobId));
|
||||
expect(job?.status).toBe('failed');
|
||||
expect(job?.error).toBeTruthy();
|
||||
};
|
||||
|
||||
describe('claimNextInternal validation', () => {
|
||||
test('fails a queued job when its owner has no configured profile', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t);
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('claims a fully valid queued job', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, { profile: 'valid' });
|
||||
|
||||
const result = await t.mutation(internal.agentJobs.claimNextInternal, {
|
||||
workerId: 'w1',
|
||||
});
|
||||
const job = await t.run(async (ctx) => await ctx.db.get(jobId));
|
||||
|
||||
expect(result).not.toBeNull();
|
||||
expect(result?.aiProviderProfile?.enabled).toBe(true);
|
||||
expect(job?.status).toBe('claimed');
|
||||
});
|
||||
|
||||
test('fails a queued job when its profile is disabled', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, { profile: 'disabled' });
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('fails a queued job when its profile is missing credentials', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, {
|
||||
profile: 'missing-credentials',
|
||||
});
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('fails a queued job when Spoon agent jobs are disabled', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, {
|
||||
profile: 'valid',
|
||||
settingsEnabled: false,
|
||||
});
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('fails a queued job with an unsupported legacy runtime', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, {
|
||||
profile: 'valid',
|
||||
runtime: 'openai_direct',
|
||||
});
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('fails a queued job with a secret owned by another user', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId } = await seedQueuedJob(t, {
|
||||
profile: 'valid',
|
||||
secret: 'foreign',
|
||||
});
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
|
||||
test('fails a queued job whose Spoon was deleted', async () => {
|
||||
const t = convexTest(schema, modules);
|
||||
const { jobId, spoonId } = await seedQueuedJob(t, { profile: 'valid' });
|
||||
await t.mutation(async (ctx) => await ctx.db.delete(spoonId));
|
||||
|
||||
await expectFailedClaim(t, jobId);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user