fix: serialize codex submit bursts

This commit is contained in:
Codex
2026-05-19 23:55:31 +00:00
parent b2f16f235b
commit fced0520fe
3 changed files with 91 additions and 4 deletions
+3
View File
@@ -37,6 +37,8 @@ Every Code Queue task must have a narrow ownership boundary.
Prompts for production-adjacent work must explicitly forbid heavy local checks on the master server when those checks are known to risk OOM, and must tell the worker which validation belongs in D601 CI, dev env, or a target service container.
When one supervisor machine is creating many Code Queue tasks in a burst, submit calls should default to serial or near-serial behavior. A short local lock or delay is acceptable if it prevents the control plane from being flooded faster than it can acknowledge tasks, especially on low-memory hosts. The goal is to keep task creation observable and stable, not to maximize raw enqueue throughput.
## Monitoring
The supervisor must monitor Code Queue with task-level and queue-level evidence, not with a single status field.
@@ -89,6 +91,7 @@ Examples of infrastructure defects include:
- CLI observability that cannot show running, recently completed, or unread terminal tasks;
- a proxy path that differs between WebUI and CLI;
- a deploy job that reports failure even though the service API is healthy.
- a supervisor-side submit burst that can saturate the Code Queue manager or low-memory host before the queue has a chance to acknowledge tasks.
These defects should be assigned to infrastructure queues with prompts that include the concrete observed failure, the expected long-term contract, and the recovery action required for the original delivery task.