fix(agents,think,ai-chat): re-attach to still-running sub-agent runs on parent recovery (#1630)

[threepointone]

Closes #1630.

Problem

When a parent agent is interrupted (deploy / Durable Object eviction) while a child agentTool() run is still in flight, parent recovery sealed the run interrupted within a ~5s window and the parent re-issued the task — re-running the child's already-completed work. For long-running children under continuous deploys this surfaced to users as "the agent went all the way back and lost the files it already wrote."

Root causes (all in packages/agents/src/index.ts unless noted):

1. Fresh runId per call. agentTool() minted a fresh nanoid per call, so a turn re-run by chat recovery spawned a brand-new child instead of re-using the in-flight one.
2. Abandon, don't re-attach. A duplicate non-terminal run (runAgentTool) and a still-running child during startup reconciliation were sealed interrupted at ~5s instead of being tailed to their real terminal result.
3. No durable child-run reconcile. A child facet self-heals its interrupted turn via its own chatRecovery, but that path never wrote the child's agent-tool run row, so the row stranded running (think) / was force-errored (ai-chat) — the parent could never collect the recovered result.
4. interrupted was an immutable terminal. Once sealed interrupted, a later child completion could never repair the parent row, so a re-issue returned stale interrupted and the model retried with a new toolCallId → fresh child → re-ran work.

Change

1. Stable child runId — agentTool() (agent-tools.ts)

Derive the child runId from the (recovery-preserved) tool call id: agent-tool:<toolCallId> instead of a fresh nanoid. A turn re-run by recovery resolves to the same idempotent child facet, so completed child work is never re-run. Falls back to a fresh id only when there's no tool call id.

2. Bounded re-attach (runAgentTool + _reconcileAgentToolRuns)

A duplicate non-terminal runId and a still-running child during startup reconciliation now tail the live child to its real terminal result and collect it, instead of immediately sealing interrupted. Bounded by a generous internal wall-clock budget DEFAULT_AGENT_TOOL_REATTACH_TIMEOUT_MS (120s), consistent with the wall-clock-dominant chat-recovery budget (#1638): a child that keeps advancing toward terminal within the window is collected; a genuinely hung child still seals interrupted so recovery can never block forever.

_reconcileAgentToolRuns is a two-pass sweep: a deadline-bounded inspect/classify, then parallel re-attach of still-running children (each with its own budget) — so one slow/hung child can't starve every later sibling against the shared deadline.

3. Durable child-run reconcile — think + ai-chat (transcript-based, symmetric)

Both packages reconcile a stale child-run row (running, no live abort controller = the original isolate is gone) from the durable transcript on inspectAgentToolRun, gated on recovery state via _classifyAgentToolChildRecovery() (lists chat-recovery incidents on the 1:1 child facet):

• recovery in-progress → keep running so the parent's bounded re-attach keeps waiting;
• settled with an assistant turn (text or tool-only) → completed (the parent collects the real result);
• failed/empty → error.

This keeps the child's own (working) saveMessages recovery path untouched.

Why not the durable submission registry? We first tried running the child via submitMessages({ submissionId: runId }) so the durable submission row would be the recovery-reconciled terminal marker. The unit suite stayed green, but the real-eviction e2e caught a regression: _recoverSubmissionsOnStart's "error a running submission whose messages were applied" policy fights the chat-recovery fiber resuming a multi-restart, multi-step tool loop — the child stalled at 10/30 steps and the parent collected error. Submissions are a clean single-turn durable primitive but the wrong execution path for resumable agent-tool loops. Reverted in favor of the transcript reconcile, which never touches the recovery path. (Tracked as base-API follow-ups N7/N8 in the working doc.)

4. interrupted is now a soft, repairable terminal (_updateAgentToolTerminal)

_updateAgentToolTerminal no longer excludes interrupted from its overwrite guard (only completed/error/aborted are hard/immutable), and runAgentTool routes an existing interrupted run through the re-attach path. So a re-issue (or later child completion) repairs the row to the child's real result instead of returning stale interrupted — implements #1630's "fix _updateAgentToolTerminal so a later child completion can repair the parent row."

Edge cases handled (from review)

• Multi-child starvation — parallel re-attach (above).
• Text-less completed runs — collected as completed when the recovered turn produced any assistant message (text or tool-only), not only when there's final text.
• Chunk re-replay — re-attach tails from the child's current max chunk sequence, not -1, so it forwards only new chunks (a reconnected client already replays stored chunks via _replayAgentToolRuns; the client reducer appends by arrival order).
• Hung-child reader — on budget-abort the tail reader is abandoned (a pre-caught read), not cancelled: cancelling a remote child-facet RPC stream surfaces an unswallowable "Stream was cancelled" pump rejection (verified). The hold is bounded — the child reaches terminal within its own chat-recovery ceiling, firing the tail's closer which releases the reader.
• No premature terminalize — _checkRunFibers() (creates the recovery incident) is awaited in onStart before the facet serves RPC, so a stale-row inspect always sees the in-progress incident.

API / surface

• No new public configuration (budget is an internal constant; the existing maxAttempts stays the one knob).
• Adds an internal agent_tool:recovery:reattach observability event.
• agentTool() runId derivation and the re-attach behavior are internal.

Tests

• think unit (agent-tools.test.ts): reworked still-running → completed via re-attach; new bounded-tail-able-stuck → interrupted after budget; new parallel reconcile (hung child can't starve a sibling); new interrupted-repair (re-issue collects completed). Plus the agents test that agentTool() derives a stable runId.
• ai-chat unit: the reconcile classify/completed/error/in-progress paths.
• Real-eviction e2e (task-amplification.test.ts): drives both the hand-picked stable-runId parent and the natural agentTool() parent through real kill/restart churn, asserting the child reaches all 30 steps and the parent's run row settles completed (parentChildStatus). Both scenarios pass.
• Real-deploy harness (examples/deploy-churn, operator-run): a new --mode subagent drives a child via agentTool() and fires real wrangler deploys mid-child-loop. Run with 2 mid-loop deploys, it confirms the fix holds under real deploys — the child completed all 30 steps with 1 re-run (no amplification, no data loss). It also surfaced the follow-up below.

Verification

• tsc clean (agents + think + ai-chat); oxlint + oxfmt clean.
• Full suites green: think 458, ai-chat 480; agents agent-tool tests green.
• Both real-eviction e2e scenarios pass (~224s).

Known follow-ups (tracked, not in this PR)

• Orchestrating-parent recovery progress (surfaced by the real-deploy harness). A parent turn that merely awaits a sub-agent makes no forward progress of its own, so under heavy deploy churn the parent's own chat recovery can exhaust (stable_timeout, progress: 1) before the child finishes — the parent then collects interrupted even though the child completed (its work preserved, no amplification). Fix (= plan's N1 "apply recovery to the sub-agent path"): count the child's forwarded progress as parent progress, and/or re-attach a still-recoverable interrupted row on a later restart. Beyond this PR's re-attach scope → separate PR.
• ai-chat real-eviction e2e — blocked on building a deterministic, LLM-free, streamText-compatible mock child that completes after recovery (an AI-SDK harness problem orthogonal to this change; ai-chat's reconcile is unit-validated).
• N7 — durable submissions can double-recover / prematurely error a chatRecovery turn under churn (the latent base-API bug behind the reverted submission experiment).
• N8 — unify the durable "turn status/result" record (transcript vs deleted-on-success incident vs submissions).

Test plan

• CI green
• Review the re-attach budget (120s) and the agent-tool:<toolCallId> runId derivation
• Validate against examples/deploy-churn + the customer chaos harness

Made with Cursor

[changeset-bot]

🦋 Changeset detected

Latest commit: 965f60a

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
agents	Minor
@cloudflare/think	Patch
@cloudflare/ai-chat	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[threepointone]

/bonk do a deep review, look for edge cases, is the ux/dx good

[pkg-pr-new]

Open in StackBlitz

agents

npm i https://pkg.pr.new/agents@1640

@cloudflare/ai-chat

npm i https://pkg.pr.new/@cloudflare/ai-chat@1640

@cloudflare/codemode

npm i https://pkg.pr.new/@cloudflare/codemode@1640

hono-agents

npm i https://pkg.pr.new/hono-agents@1640

@cloudflare/shell

npm i https://pkg.pr.new/@cloudflare/shell@1640

@cloudflare/think

npm i https://pkg.pr.new/@cloudflare/think@1640

@cloudflare/voice

npm i https://pkg.pr.new/@cloudflare/voice@1640

@cloudflare/worker-bundler

npm i https://pkg.pr.new/@cloudflare/worker-bundler@1640

commit: 965f60a

[ask-bonk]

@threepointone Bonk workflow was cancelled.

View workflow run · To retry, trigger Bonk again.