perf+reliability: lifespan fail-fast, tool caching, indexes, task lifecycle

[madhavcodez]

Summary

PR 3 of 4 in the critical-cleanup sweep. Addresses the highest-leverage findings from the parallel performance + reliability review.

Key changes

Lifespan rewrite (CRITICAL)

Previously every init step was try/except: logger.warning — a degraded boot looked successful. Now:

• Required subsystems (database) fail-fast and abort startup
• Optional subsystems (expert seeding, source_registry, scheduler, redis_bridge) degrade gracefully and surface their state via the new GET /health/ready endpoint
• next(get_session()) replaced with with SessionLocal() as db:
• stop_scheduler = lambda: None rebind smell eliminated
• Redis bridge task tracked + awaited on shutdown

Tool-result cache (CRITICAL — wired existing infra)

core/tool_cache.py — fail-open Redis cache keyed on (tool, params). Wired into exa_search and gemini_search with 1h TTL. Previously every mission re-paid those APIs for identical queries; SourceCache existed but those tools didn't use it.

Celery worker lifecycle (HIGH)

worker_max_tasks_per_child=10 recycles workers to release accumulated LLM-context heap (workers grew several GB RSS over a day). Soft/hard time limits (300s/360s) prevent stuck HTTP calls from hanging queues.

Missing DB indexes (HIGH)

New migration f4a8d2c1e9b0_add_perf_indexes.py:

• ix_missions_status — backs ?status=running
• ix_missions_user_created — backs dashboard "your recent missions"
• ix_findings_mission_confidence — backs per-mission finding list

Background task lifecycle (HIGH)

core/background_tasks.py — spawn_background_task keeps strong refs in a module set + logs uncaught exceptions in a done-callback. Three asyncio.ensure_future (deprecated, GC-collectable) call sites migrated.

Error envelope sanitisation (HIGH)

data_sources.py:183,266 + workflows.py:262 no longer leak raw exception strings in 5xx responses. logger.exception(...) captures the traceback server-side.

Pagination (HIGH)

run_steps.py gains limit/offset (default 200, max 1000).

Deferred to follow-up PRs

• Sync db.query in async routes — needs ~33 router edits, own PR
• APScheduler → Celery Beat migration — needs autopilot/monitor/workflow job loader reconciliation
• Dashboard polish (ReactFlow lazy-load, ActivityFeed memo, WS broadcast gather) — UI-focused PR

Test plan

• CI green
• alembic upgrade head succeeds, then alembic downgrade -1 reverses cleanly
• GET /health/ready returns subsystem states
• Manual: stop Redis, hit /health/ready → expect redis_bridge: degraded
• Manual: fire 11 Celery tasks → confirm worker recycled after 10
• Manual: hit Exa twice with same query → second call hits cache (response includes cached: true)

References

• Perf review TOP-10 chore: bootstrap operational hygiene (CI, hooks, templates, configs) #1 (cache), security: fix critical RCE, IDOR, SSRF, webhook, and rate-limit issues #2 (worker recycle), chore: prune dead code, remove planning archive, relocate Dockerfiles #4 (indexes), chore(deps): bump actions/upload-artifact from 4 to 7 #6 (pagination)
• Arch review perf+reliability: lifespan fail-fast, tool caching, indexes, task lifecycle #3 (lifespan fail-fast), D1, D2
• Code review chore: prune dead code, remove planning archive, relocate Dockerfiles #4 (init_db), chore(deps): bump actions/upload-artifact from 4 to 7 #6 (ensure_future), chore(deps): bump actions/setup-python from 5 to 6 #7 (5xx leakage)