fix: two independent hanging-write bugs in the execution engine and local Bun server#158
Merged
RhysSullivan merged 4 commits intoRhysSullivan:mainfrom Apr 10, 2026
Conversation
…omise boundaries The execution engine's `startPausableExecution` forked the sandbox fiber with `Effect.fork`, which attaches it to the current fiber's `Local` FiberScope. Every host that drives `executeWithPause` and `resume` from separate contexts (the HTTP API handlers, CLI `executor call` + `executor resume`, and any host that pauses across an async boundary) runs each call in its own top-level `Effect.runPromise`. When the first runPromise's root fiber exits to return the paused result, its `FiberRuntime.evaluateEffect` calls `interruptAllChildren()` and interrupts the sandbox before the caller ever sees the response. The subsequent `resume` then races `Fiber.join(paused.fiber)` — which returns the interrupt exit immediately (converted to a defect by `Effect.orDie` in `awaitCompletionOrPause`) — against `Deferred.await(nextSignal)`. `Effect.race`'s `onSelfDone` on failure waits for the loser, but nothing ever signals the next pause Deferred: the tool's continuation runs on a separate root fiber spawned by the quickjs sandbox bridge for each tool call, and once that completes with no further elicitations, `nextSignal` is never filled. The resume call hangs forever. Crucially, the underlying HTTP side effect of the tool can still succeed in this window — producing "phantom writes" where the upstream observes the mutation but the caller never sees the response. `Effect.forkDaemon` attaches the sandbox fiber to the global FiberScope instead of the parent's children set, so the parent's `interruptAllChildren` on exit does not touch it. FiberRefs and Context are copied at fork time via `unsafeMakeChildFiber`, so the daemon is fully independent of the driving runPromise's lifetime. Adds a regression test (`"resume returns across separate runPromise boundaries for a single-elicit tool (HTTP-like)"`) that uses plain `it(async () => ...)` so each engine call is its own top-level `runPromise`, matching the HTTP handler shape. The test runs against a new single-elicit `singleApproval` tool that mirrors the Gmail `labels.create`-style "one approval, one side effect, one response" shape. The existing `multiApproval`-based `it.effect` test masks the bug because both calls share one runPromise scope AND the second elicit eventually fills `nextSignal`, letting the race complete even with a dead sandbox fiber.
…ion round-trips can complete
Bun.serve's default idleTimeout is 10 seconds (see
`src/bun.js/api/server/ServerConfig.zig:26`). That is too short for the
executor's HTTP endpoints:
- The MCP streamable-HTTP transport on `/mcp` keeps the TCP socket open
for the duration of a tool call. When a non-SAFE operation trips the
`requiresApproval` annotation in the google-discovery / openapi /
graphql plugins, the executor's elicitation handler calls
`server.server.elicitInput(...)`, which sends an `elicitation/create`
request to the MCP client and awaits its response. For clients that
surface an approval UI to a human operator, the full round-trip —
render prompt, read it, click, serialize the response, send it back
over the socket — routinely takes 5–10 seconds. Bun's 10s idle timeout
was closing the socket mid-flight, either:
(a) before the response returned — the tool call appeared to hang
and the caller saw a transport error; or
(b) after the sandbox had already received `{ action: "accept" }`
and the underlying HTTP call to the upstream API had gone
through — producing "phantom writes" where the upstream observed
the mutation but the caller never saw the response.
Both failure modes were reproduced against Gmail's `labels.create`
during debugging.
- The executor's own `/api/executions` + `/api/executions/:id/resume`
pause/resume flow also benefits: long-running sandboxed computations
(e.g. large batch operations driven from a `tools.search` loop) can
legitimately idle the socket beyond 10 seconds while awaiting tool
continuations.
`idleTimeout: 0` disables the idle timeout entirely. This is a
documented behavior of Bun's uSockets: `us_socket_timeout` in
`packages/bun-usockets/src/socket.c:86-92` sets the internal `s->timeout`
field to the sentinel `255` — which never fires — when `seconds == 0`.
`idleTimeout: 0` is therefore the correct "no timeout" signal, not a
"close immediately" bug.
The executor's MCP host and HTTP API clients are responsible for
enforcing their own per-request timeouts (MCP SDK's
`DEFAULT_REQUEST_TIMEOUT_MSEC = 60000`, and any caller-side timeouts).
Disabling the Bun-level idle timeout only removes a racing cutoff that
was shorter than those logical timeouts and shorter than a realistic
human approval cycle.
aryasaatvik
changed the title
aryasaatvik
commented
Apr 10, 2026
|
|
||
| const invoker = makeFullInvoker(executor, { onElicitation: elicitationHandler }); | ||
| fiber = yield* Effect.fork(codeExecutor.execute(code, invoker)); | ||
| fiber = yield* Effect.forkDaemon(codeExecutor.execute(code, invoker)); |
Contributor
Author
There was a problem hiding this comment.
This is the core lifetime fix. A paused execution can cross multiple host calls: /api/executions returns the pause, then /api/executions/:id/resume joins the same sandbox later. With Effect.fork, the sandbox remains a child of the first runPromise, so returning the paused response can interrupt it before the caller has a chance to resume. forkDaemon moves that sandbox fiber into the global scope, which matches the execution ID lifecycle instead of the request lifecycle.
aryasaatvik
commented
Apr 10, 2026
| // nothing can accidentally unstick a dead-fiber race via a second | ||
| // elicitation (which is what masks the bug in the `multiApproval` test | ||
| // above). | ||
| it( |
Contributor
Author
There was a problem hiding this comment.
The important detail here is using a normal async Vitest test instead of it.effect. That makes executeWithPause and resume run through separate top-level Effect.runPromise calls, matching HTTP/CLI usage. The single-elicit tool avoids the old multi-elicit test accidentally unblocking the dead-fiber race with a second pause signal.
aryasaatvik
commented
Apr 10, 2026
| // and `/api/executions` pause/resume can legitimately keep the socket | ||
| // idle longer than that. `0` is the "no timeout" sentinel per Bun's | ||
| // uSockets; MCP/HTTP clients enforce their own per-request timeouts. | ||
| idleTimeout: 0, |
Contributor
Author
There was a problem hiding this comment.
This covers the other hang path. Bun defaults HTTP connections to a 10s idle timeout, which is short enough to cut off MCP elicitation while a human approval UI is still round-tripping. Setting this to 0 disables the server-level socket cutoff; MCP and callers still keep their own logical request timeouts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two independent causes of hung non-SAFE tool calls that could still complete upstream, producing phantom writes where the mutation succeeded but the caller never received a response.
Changes
Use
Effect.forkDaemonfor pausable sandbox executions.executeWithPauseandresumeare often driven by separate top-levelEffect.runPromisecalls, such as HTTP requests or CLI invocations.Effect.forkties the sandbox fiber to the first caller scope, so it can be interrupted as soon as the paused result is returned.forkDaemonlets the paused execution survive across the resume boundary.Set
Bun.serve({ idleTimeout: 0 })for the local server.Tests
runPromiseboundaries.Effect.forkand passes withEffect.forkDaemon.Validation
bun run typecheckandbun x vitest runinpackages/core/executionbun run typecheckinapps/locallabels.create