`4b880d2`

Resolve devloop audit findings

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 1 week ago

SHA: 4b880d28887b366bdf0656b25e67b4a607d0b91a
Parents: 209b581
Tree: 4ac1c6d

4 changed files

Status	File	+	-
M	`README.md`	2	1
M	`src/fgof_devloop.f90`	5	1
M	`test/test_devloop_jobs.f90`	7	0
M	`test/test_devloop_model.f90`	15	1

README.mdmodified

  - `devloop_watch_summary` condenses `fgof-watch` event batches into file, directory, create, modify, remove, move, ignored, and failure counters
  - `devloop_watch_options()` projects dev-loop policy into `fgof-watch` options for debounce polls, hidden-path filtering, and directory event emission
  - `devloop_watch_trigger()` turns successful watch summaries into change triggers while suppressing watcher failures, disabled restart-on-change policy, empty batches, directory-only batches when disabled, and batches below `min_restart_changes`
 +- `devloop_change_trigger()` suppresses nonpositive change counts so empty batches cannot start cycles through the lower-level trigger API
  - `devloop_build_command()`, `devloop_run_command()`, and `devloop_smoke_command()` wrap `fgof-process` commands with loop roles and optional process options
  - `run_devloop_command()` executes one command spec and preserves the raw `process_result`, including stdout, stderr, exit code, timeout state, and process error details
  - `run_devloop_cycle()` starts a cycle, executes enabled build/run/smoke specs in order, skips later specs after the first failure, and feeds the outcome into `finish_devloop_cycle()`
  - `devloop_service_job()` builds a long-running service/job spec backed by `fgof-jobs`
  - `attach_devloop_job()` records an already-launched pid/process group and ownership expectations
  - `observe_devloop_job()` applies `fgof-jobs` wait results while preserving member-level terminal state
 -- `devloop_job_restart_plan()` models whether a watched change should stop, start, restart, release, or require terminal handoff for a long-running job; released jobs return no action
 +- `devloop_job_restart_plan()` models whether a watched change should stop, start, restart, release, or require terminal handoff for a long-running job; released jobs and release-on-handoff plans return no stop/start/restart action
  - `begin_devloop_cycle()` increments the cycle counter and starts work only when the loop is active, idle, and policy permits the trigger
  - `finish_devloop_cycle()` records success or failure and returns an explicit decision to idle, restart, or stop
  - negative `max_failures` values normalize to unlimited failures

src/fgof_devloop.f90modified

      type(devloop_trigger) :: trigger
      trigger = clear_devloop_trigger()
 +    if (change_count <= 0) return
++
      trigger%kind = FGOF_DEVLOOP_TRIGGER_CHANGE
 -    trigger%change_count = max(0, change_count)
 +    trigger%change_count = change_count
      if (present(reason)) then
        trigger%reason = reason
      else
      if (job_state%terminal_handoff_required .and. job_state%spec%release_on_handoff) then
        plan%should_release = .true.
 +      plan%reason = "release for terminal handoff"
 +      return
      end if
      if (job_state%running .or. job_state%stopped .or. job_state%cleanup_needed) then

test/test_devloop_jobs.f90modified

      if (.not. plan%terminal_handoff_required) error stop "foreground jobs should surface terminal handoff"
      if (.not. plan%should_release) error stop "release-on-handoff should be explicit"
 +    if (plan%action /= FGOF_DEVLOOP_JOB_ACTION_NONE) error stop "release-on-handoff should not restart"
 +    if (plan%should_stop) error stop "release-on-handoff should not stop the job"
 +    if (plan%should_start) error stop "release-on-handoff should not start a replacement"
 +    if (plan%should_restart) error stop "release-on-handoff should not request restart"
 +    if (plan%reason /= "release for terminal handoff") then
 +      error stop "release-on-handoff reason should be explicit"
 +    end if
    end subroutine test_terminal_handoff_plan
    subroutine test_pipeline_wait_observation()

test/test_devloop_model.f90modified

      FGOF_DEVLOOP_DECISION_RESTART, &
      FGOF_DEVLOOP_DECISION_STOP, &
      FGOF_DEVLOOP_TRIGGER_CHANGE, &
 +    FGOF_DEVLOOP_TRIGGER_NONE, &
      FGOF_DEVLOOP_TRIGGER_START, &
      begin_devloop_cycle, &
      clear_devloop_options, &
      should_start_on_open, &
      start_devloop, &
      stop_devloop
 -  use fgof_devloop_types, only : devloop_cycle, devloop_decision, devloop_options, devloop_state
 +  use fgof_devloop_types, only : devloop_cycle, devloop_decision, devloop_options, devloop_state, devloop_trigger
    implicit none
    type(devloop_state) :: state
    type(devloop_options) :: options
    type(devloop_cycle) :: cycle
    type(devloop_decision) :: decision
 +  type(devloop_trigger) :: trigger
    state = clear_devloop_state()
    call start_devloop(state)
    if (.not. decision%should_run) error stop "restart decision should request another run"
    if (state%consecutive_failures /= 1) error stop "failed cycle should increment failure count"
 +  call start_devloop(state)
 +  trigger = devloop_change_trigger(0)
 +  if (trigger%kind /= FGOF_DEVLOOP_TRIGGER_NONE) then
 +    error stop "zero-count change trigger should be suppressed"
 +  end if
 +  trigger = devloop_change_trigger(-2)
 +  if (trigger%kind /= FGOF_DEVLOOP_TRIGGER_NONE) then
 +    error stop "negative-count change trigger should be suppressed"
 +  end if
 +  cycle = begin_devloop_cycle(state, devloop_change_trigger(0))
 +  if (cycle%started) error stop "zero-count changes should not start a cycle"
++
    options = clear_devloop_options()
    options%restart_on_change = .false.
    call start_devloop(state, options)