[codex] implement session bind failure recovery

[k82cn]

Summary

Implements session bind failure recovery for RFE25.

• Adds BindExecutorCompletedRequest.result and internal FlameResult conversions.
• Reports executor bind/install/shim/enter failures through bind-completed results.
• Moves bind-completed result handling into executor state, with failed binding executors transitioning to Unbinding.
• Tracks transient session-level retry_count, records session bind failure and retry-limit events, and skips not-ready sessions through SessionFilter predicates.
• Surfaces session events through storage, SDK conversion, and flmctl view -s.
• Adds the design doc for the recovery behavior.

Validation

• cargo fmt --all
• cargo test -p flame-session-manager model::tests::test_snapshot_find_sessions_by_predicate
• cargo test -p flame-session-manager scheduler::tests::test_scheduler_skips_not_ready_session
• cargo test -p flame-session-manager binding_state_tests
• cargo test -p flame-session-manager bind_session_failed_tests
• cargo check -p flame-session-manager
• cargo test -p flame-session-manager
• cargo test -p flame-executor-manager
• cargo check -p flame-session-manager -p flame-executor-manager -p flmctl -p flame-rs
• git diff --check

Full cargo test -p flame-rs was not run as part of the final pass because the package includes benchmark integration tests that expect a live local session-manager. The library tests passed earlier with cargo test -p flame-rs --lib.

fix #25

[gemini-code-assist]

Code Review

This pull request implements a session bind failure recovery mechanism, introducing a transient retry counter for sessions and a reporting path for bind failures from the executor manager to the session manager. Key changes include the addition of session-level events, configuration for retry limits, and scheduler updates to skip sessions exceeding these limits. Feedback was provided to improve the robustness of the binding state machine by ensuring an executor cannot transition to a 'Bound' state if its associated session ID is missing during completion.

[gemini-code-assist]

In bind_session_success, if bound_session_id() returns None, the executor's state is still transitioned to Bound without being associated with a session. A Bound executor should always have a session. This could lead to an invalid state where an executor is considered bound but has no session, potentially causing issues in other parts of the system that assume a bound executor has a session.

It would be more robust to return an InvalidState error if the session ID is missing, similar to how bind_session_failed handles it.

        let ssn_id = self.bound_session_id()?.ok_or_else(|| {
            let e = lock_ptr!(self.executor).unwrap();
            FlameError::InvalidState(format!(
                "Executor <{}> has no session attached in Binding state on successful completion",
                e.id
            ))
        })?;

        let ssn_ptr = self.storage.get_session_ptr(ssn_id)?;
        let mut ssn = lock_ptr!(ssn_ptr)?;
        ssn.retry_count = 0;

[k82cn]

Addressed in 57ecd12d: bind_session_success now requires an attached session and returns InvalidState before transitioning to Bound when it is missing. I also added unit coverage for the missing-session success path.

[codecov]

Codecov Report

❌ Patch coverage is 64.36170% with 67 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
executor_manager/src/states/idle.rs	0.00%	38 Missing ⚠️
executor_manager/src/executor.rs	0.00%	9 Missing ⚠️
executor_manager/src/states/bound.rs	0.00%	5 Missing ⚠️
flmctl/src/view.rs	62.50%	3 Missing ⚠️
...ession_manager/src/controller/executors/binding.rs	95.16%	3 Missing ⚠️
session_manager/src/model/mod.rs	75.00%	3 Missing ⚠️
executor_manager/src/client.rs	0.00%	2 Missing ⚠️
executor_manager/src/states/unbinding.rs	0.00%	2 Missing ⚠️
session_manager/src/apiserver/backend.rs	0.00%	1 Missing ⚠️
session_manager/src/controller/mod.rs	90.90%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[k82cn]

we should not reset the retry_count, just keep it there.

[k82cn]

Addressed in b257331e: successful bind completion now validates the attached session but leaves retry_count unchanged.

[k82cn]

move those to record_bind_failure and increment_session_retry_count, those two function should only have an executor paramenter, it should get info themself accordingly.

[k82cn]

Addressed in b257331e: record_bind_failure and increment_session_retry_count now take the executor and derive the session/executor details internally.

[k82cn]

are they still necessary after refactor?

[k82cn]

Addressed in b257331e: removed the redundant bound-session helper path after the binding-state refactor.

[k82cn]

replace it with READY_SESSION const, similar to OPEN_SESSION.

[k82cn]

Addressed in b257331e: replaced the ready-session helper with READY_SESSION, implemented as a const inline lambda predicate, and updated scheduler actions to use it directly.