Skip to content

Add retry/backoff and circuit breaker to health checks #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zhangsiqiang519 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add retry/backoff and circuit breaker to health checks #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions diagnostic/build-94e0fb08.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"generated_at": "2026-06-20T16:39:09.565245+00:00",
"commit": "94e0fb08",
"diagnostic_logd": "diagnostic/build-94e0fb08.logd",
"diagnostic_logd_error": null,
"message_blocker": null,
"chunked": false,
"chunk_size_bytes": null,
"password": "efcd3c4a127e4b6e294d",
"decrypt_command": "encryptly unpack diagnostic/build-94e0fb08.logd <outdir> --password efcd3c4a127e4b6e294d",
Comment on lines +9 to +10

@coderabbitai coderabbitai Bot Jun 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Search for the diagnostic file and related build configuration
git ls-files | grep -E "(diagnostic|build)" | head -20

Repository: thanhle74/kickama

Length of output: 267

🏁 Script executed:

# Check if the diagnostic directory exists and list its contents
ls -la diagnostic/ 2>/dev/null || echo "diagnostic directory not found"

Repository: thanhle74/kickama

Length of output: 482

🏁 Script executed:

# Search for build.py or similar build configuration files
fd "build\.py" -o fd "\.github" -type d

Repository: thanhle74/kickama

Length of output: 185

🏁 Script executed:

# Read the diagnostic JSON file to verify the password presence
cat diagnostic/build-94e0fb08.json

Repository: thanhle74/kickama

Length of output: 5120

🏁 Script executed:

# Read build.py to understand how the artifact is created
cat -n build.py | head -100

Repository: thanhle74/kickama

Length of output: 3742

🏁 Script executed:

# Check the CI workflow configuration
cat .github/workflows/diagnostic-build-log.yml

Repository: thanhle74/kickama

Length of output: 10279

🏁 Script executed:

# Read more of build.py to understand password generation and encryption
wc -l build.py && tail -n +100 build.py | head -200

Repository: thanhle74/kickama

Length of output: 6347

🏁 Script executed:

# Search for password generation logic
rg "password" build.py -B 2 -A 2

Repository: thanhle74/kickama

Length of output: 1438

🏁 Script executed:

# Check for any environment variable handling for secrets
rg "environ|getenv|secret|token" build.py -i

Repository: thanhle74/kickama

Length of output: 212

Remove plaintext password from committed diagnostic metadata before merging.

The password and decrypt_command embed a bearer secret in the PR that will be visible to all reviewers and persist in git history until artifacts are removed. Although the PR note correctly states these diagnostic artifacts are temporary, the password is required by the CI validation workflow and cannot be omitted from the JSON without redesigning the CI contract to pass secrets differently (e.g., via GitHub encrypted secrets or environment variables). Verify with maintainers whether the CI workflow can be modified to handle decryption credentials outside of committed metadata, or ensure these artifacts are removed immediately after merge.

Additionally, artifact paths expose the builder's absolute filesystem layout (e.g., /Users/zhangsiqiang/Documents/Codex/...). Consider using relative paths or truncating paths to remove usernames and workspace details.

🧰 Tools
🪛 Betterleaks (1.5.0)

[high] 9-9: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@diagnostic/build-94e0fb08.json` around lines 9 - 10, Remove the plaintext
password value from the "password" field in the diagnostic/build-94e0fb08.json
metadata file and redact or remove the embedded password from the
"decrypt_command" field to prevent the secret from persisting in git history and
being visible to reviewers. Additionally, review and replace any absolute
filesystem paths (such as those containing usernames like
"/Users/zhangsiqiang/...") with relative paths or truncated versions that do not
expose system-specific details. Coordinate with maintainers to modify the CI
validation workflow to pass decryption credentials through GitHub encrypted
secrets or environment variables instead of committing them in the JSON
metadata.

Source: Linters/SAST tools

"total_modules": 10,
"passed": 4,
"failed": 6,
"modules": [
{
"name": "backend",
"status": "FAIL",
"elapsed_seconds": 0,
"artifact": null,
"output": "Command not found: [Errno 2] No such file or directory: 'cargo'"
},
{
"name": "frontend",
"status": "PASS",
"elapsed_seconds": 6.051,
"artifact": "/Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/thanhle-kickama-15-health-retry/frontend/dist",
"output": "> tent-frontend@0.0.0 build\n> tsc -b && vite build\n\nvite v6.4.3 building for production...\ntransforming...\n\u2713 100 modules transformed.\nrendering chunks...\ncomputing gzip size...\ndist/index.html 0.62 kB \u2502 gzip: 0.34 kB\ndist/assets/state-BkjSKDbY.js 8.91 kB \u2502 gzip: 3.55 kB \u2502 map: 57.15 kB\ndist/assets/vendor-CREcWLHI.js 48.93 kB \u2502 gzip: 17.22 kB \u2502 map: 481.27 kB\ndist/assets/index-CyxcoTyU.js 231.32 kB \u2502 gzip: 72.02 kB \u2502 map: 1,044.42 kB\n\u2713 built in 645ms"
Comment on lines +26 to +27

@coderabbitai coderabbitai Bot Jun 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cd /tmp/repository 2>/dev/null || cd . && find . -name "diagnostic" -type d | head -5

Repository: thanhle74/kickama

Length of output: 74

🏁 Script executed:

find . -name "build-94e0fb08.json" -type f

Repository: thanhle74/kickama

Length of output: 94

🏁 Script executed:

cat -n diagnostic/build-94e0fb08.json 2>/dev/null | head -60

Repository: thanhle74/kickama

Length of output: 4600

🏁 Script executed:

grep -r "artifact" --include="*.py" --include="*.js" --include="*.ts" --include="*.json" --include="*.sh" . 2>/dev/null | grep -v "\.git" | grep -v "node_modules" | head -20

Repository: thanhle74/kickama

Length of output: 1884

🏁 Script executed:

grep -r "build-94e0fb08" . 2>/dev/null | grep -v "\.git"

Repository: thanhle74/kickama

Length of output: 601

🏁 Script executed:

ls -la diagnostic/ | head -20

Repository: thanhle74/kickama

Length of output: 482

🏁 Script executed:

grep -B 5 -A 5 '"artifact": binary' build.py

Repository: thanhle74/kickama

Length of output: 419

🏁 Script executed:

grep -B 10 -A 10 'def.*artifact' build.py | head -50

Repository: thanhle74/kickama

Length of output: 847

🏁 Script executed:

cat build.py | head -100

Repository: thanhle74/kickama

Length of output: 3042

🏁 Script executed:

grep -B 20 "artifact.*binary" build.py | head -60

Repository: thanhle74/kickama

Length of output: 2406

🏁 Script executed:

grep -A 5 "def build_module" build.py

Repository: thanhle74/kickama

Length of output: 184

🏁 Script executed:

grep -B 5 -A 15 "for name, success, elapsed, output, binary in results" build.py

Repository: thanhle74/kickama

Length of output: 2755

🏁 Script executed:

grep -B 30 "def build_module" build.py | tail -40

Repository: thanhle74/kickama

Length of output: 777

🏁 Script executed:

grep -A 50 "def build_module" build.py | head -60

Repository: thanhle74/kickama

Length of output: 1925

🏁 Script executed:

rg "binary" build.py -B 2 -A 2

Repository: thanhle74/kickama

Length of output: 2752

🏁 Script executed:

grep -A 15 "def verify_binary" build.py

Repository: thanhle74/kickama

Length of output: 540

Convert artifact paths to repo-relative format to prevent exposing builder username and workspace layout.

The absolute paths (e.g., /Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/...) appear at lines 26, 47, and 54 in this diagnostic file that is committed to the repository. Since the artifact field serves only for display and logging purposes—not for actual file references—convert these to paths relative to the repository root before serializing to JSON (and consider the same for build.log and build-summary.txt). This has minimal implementation cost and eliminates private information from the committed diagnostic record.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@diagnostic/build-94e0fb08.json` around lines 26 - 27, The diagnostic JSON
file contains absolute file paths in the artifact field (and potentially in
build.log and build-summary.txt fields) that expose the builder's username and
local workspace structure. Locate the code responsible for generating this
diagnostic JSON file and modify it to convert these absolute paths to
repository-relative paths before serializing and writing the JSON. The
conversion should strip the machine-specific prefix and maintain only the path
relative to the repository root, since these fields are used for display and
logging purposes only. Apply this path conversion consistently to the artifact
field on lines 26 and 47 and 54, as well as to any build.log and
build-summary.txt fields.

},
{
"name": "market",
"status": "FAIL",
"elapsed_seconds": 0,
"artifact": null,
"output": "Command not found: [Errno 2] No such file or directory: 'go'"
},
{
"name": "frailbox",
"status": "FAIL",
"elapsed_seconds": 0.471,
"artifact": null,
"output": "gcc -Wall -Wextra -Wpedantic -std=c2x -O2 -g -D_FORTIFY_SOURCE=3 -fstack-protector-strong -fPIE -Iinclude -MMD -MP -c src/arena.c -o build/src/arena.o\nsrc/arena.c:17:23: error: use of undeclared identifier 'MAP_HUGETLB'\n 17 | mmap_flags |= MAP_HUGETLB;\n | ^~~~~~~~~~~\nsrc/arena.c:179:17: warning: comparison of distinct pointer types ('const void *' and 'char *') [-Wcompare-distinct-pointer-types]\n 179 | ptr < (char *)region->start + region->size) {\n | ~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n1 warning and 1 error generated.\nmake: *** [build/src/arena.o] Error 1"
},
{
"name": "engine",
"status": "PASS",
"elapsed_seconds": 12.815,
"artifact": "/Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/thanhle-kickama-15-health-retry/frailbox/engine/build/trial-engine",
"output": "[ 11%] Building CXX object CMakeFiles/trial-engine.dir/main.cpp.o\n[ 22%] Building CXX object CMakeFiles/trial-engine.dir/core/math.cpp.o\n[ 33%] Building CXX object CMakeFiles/trial-engine.dir/core/ecs.cpp.o\n[ 44%] Building CXX object CMakeFiles/trial-engine.dir/dynamics/rigidbody.cpp.o\n[ 55%] Building CXX object CMakeFiles/trial-engine.dir/dynamics/constraint.cpp.o\n[ 66%] Building CXX object CMakeFiles/trial-engine.dir/collision/collision.cpp.o\n[ 77%] Building CXX object CMakeFiles/trial-engine.dir/Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/thanhle-kickama-15-health-retry/frailbox/wat.cpp.o\n[ 88%] Building CXX object CMakeFiles/trial-engine.dir/Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/thanhle-kickama-15-health-retry/frailbox/engine.cpp.o\n[100%] Linking CXX executable trial-engine\n[100%] Built target trial-engine"
},
{
"name": "compliance",
"status": "PASS",
"elapsed_seconds": 2.613,
"artifact": "/Users/zhangsiqiang/Documents/Codex/2026-06-19/new-chat/outputs/thanhle-kickama-15-health-retry/compliance/build",
"output": "\u6ce8: ComplianceAuditor.java\u4f7f\u7528\u6216\u8986\u76d6\u4e86\u5df2\u8fc7\u65f6\u7684 API\u3002\n\u6ce8: \u6709\u5173\u8be6\u7ec6\u4fe1\u606f, \u8bf7\u4f7f\u7528 -Xlint:deprecation \u91cd\u65b0\u7f16\u8bd1\u3002"
},
{
"name": "v2-market-stream",
"status": "PASS",
"elapsed_seconds": 0.16,
"artifact": null,
"output": "Syntax OK"
},
{
"name": "nfc-scanner",
"status": "FAIL",
"elapsed_seconds": 0,
"artifact": null,
"output": "Command not found: [Errno 2] No such file or directory: 'luac'"
},
{
"name": "openapi-haskell",
"status": "FAIL",
"elapsed_seconds": 0,
"artifact": null,
"output": "Command not found: [Errno 2] No such file or directory: 'ghc'"
},
{
"name": "openapi-tools",
"status": "FAIL",
"elapsed_seconds": 0,
"artifact": null,
"output": "Command not found: [Errno 2] No such file or directory: 'luac'"
}
],
"pr_note": "Include the encrypted diagnostic logd artifact(s): diagnostic/build-94e0fb08.logd. The encrypted .logd is the required diagnostic content for PR review; this JSON file is metadata. Maintainers may ask you to remove these diagnostic artifacts before merging."
}
Binary file added diagnostic/build-94e0fb08.logd
View file
Open in desktop
Binary file not shown.
24 changes: 24 additions & 0 deletions docs/OPERATIONS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,30 @@ The health check returns a 200 OK response with a JSON body:
}
```

### HTTP Probe Retry and Circuit Breaker

`tools/health_check.py` can retry transient HTTP probe failures and avoid
hammering endpoints that keep failing.

```sh
python3 tools/health_check.py --service backend \
--max-retries 3 \
--backoff-factor 2 \
--circuit-threshold 4 \
--circuit-cooldown 60
```

Retry delays use exponential backoff:

```text
delay = base_delay * (backoff_factor ^ attempt)
```

The default base delay is 1 second. A circuit opens after the configured number
of consecutive HTTP probe failures and stays open until the cooldown expires.
JSON and text output include summary counts for OK, WARNING, CRITICAL, and open
circuits.

### Prometheus Metrics

Each service exposes Prometheus metrics at `/metrics` on the same port as the
Expand Down
124 changes: 124 additions & 0 deletions tests/test_health_check_retry_circuit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
import sys
import unittest
from pathlib import Path
from typing import List


ROOT = Path(__file__).resolve().parents[1]
sys.path.insert(0, str(ROOT))

from tools import health_check # noqa: E402


class HealthCheckRetryCircuitTest(unittest.TestCase):
def test_http_probe_retries_until_success(self) -> None:
Comment on lines +13 to +14

@coderabbitai coderabbitai Bot Jun 20, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Isolate tests from global circuit-breaker state.

check_http_service reuses HTTP_CIRCUIT_BREAKERS, but this test class never clears it. That makes outcomes order-dependent when tests are reordered or sharded.

Proposed fix 
 class HealthCheckRetryCircuitTest(unittest.TestCase):
+    def setUp(self) -> None:
+        health_check.HTTP_CIRCUIT_BREAKERS.clear()
+
     def test_http_probe_retries_until_success(self) -> None:
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_health_check_retry_circuit.py` around lines 13 - 14, The
HealthCheckRetryCircuitTest class does not isolate its tests from the global
HTTP_CIRCUIT_BREAKERS state that is shared across test runs. Add a setUp method
and/or tearDown method to the HealthCheckRetryCircuitTest class to clear the
HTTP_CIRCUIT_BREAKERS global state before and/or after each test method
executes. This ensures that each test method in the class starts with a clean
circuit breaker state, making test outcomes independent of execution order when
tests are reordered or sharded.

attempts = 0

def request_once(host: str, port: int, path: str, timeout: int) -> tuple[int, str]:
nonlocal attempts
attempts += 1
if attempts == 1:
raise ConnectionRefusedError("not ready")
return 200, "ok"

status, detail, code = health_check.check_http_service(
"localhost",
8080,
"/health",
5,
max_retries=2,
backoff_factor=0,
request_once=request_once,
sleep=lambda seconds: None,
)

self.assertEqual(status, "OK")
self.assertEqual(code, 200)
self.assertEqual(attempts, 2)
self.assertIn("after 2 attempts", detail)

def test_retry_backoff_uses_exponential_schedule(self) -> None:
sleeps: List[float] = []

def request_once(host: str, port: int, path: str, timeout: int) -> tuple[int, str]:
raise TimeoutError("timeout")

status, detail, code = health_check.check_http_service(
"localhost",
8080,
"/health",
5,
max_retries=2,
backoff_factor=2,
backoff_base_delay=0.5,
request_once=request_once,
sleep=sleeps.append,
)

self.assertEqual(status, "CRITICAL")
self.assertEqual(code, 0)
self.assertIn("timeout", detail)
self.assertEqual(sleeps, [0.5, 1.0])

def test_circuit_breaker_opens_after_threshold(self) -> None:
breaker = health_check.CircuitBreaker(threshold=2, cooldown_seconds=30, clock=lambda: 100.0)

breaker.record_failure()
self.assertTrue(breaker.allow_request())

breaker.record_failure()
self.assertFalse(breaker.allow_request())

def test_circuit_breaker_resets_after_cooldown(self) -> None:
now = 100.0

def clock() -> float:
return now

breaker = health_check.CircuitBreaker(threshold=1, cooldown_seconds=30, clock=clock)
breaker.record_failure()
self.assertFalse(breaker.allow_request())

now = 131.0
self.assertTrue(breaker.allow_request())

def test_health_summary_counts_statuses_and_circuit_breakers(self) -> None:
results = {
"services": {
"backend": {"status": "OK"},
"market": {"status": "WARNING", "circuit": "closed"},
"frailbox": {"status": "CRITICAL", "circuit": "open"},
},
"infrastructure": {"redis": {"status": "CRITICAL"}},
"system": {"disk": {"status": "OK"}, "memory": {"status": "WARNING"}},
}

self.assertEqual(
health_check.summarize_results(results),
{
"ok": 2,
"warning": 2,
"critical": 2,
"circuit_open": 1,
},
)

def test_retry_flags_are_parsed(self) -> None:
args = health_check.parse_args(
[
"--max-retries",
"3",
"--backoff-factor",
"1.5",
"--circuit-threshold",
"4",
]
)

self.assertEqual(args.max_retries, 3)
self.assertEqual(args.backoff_factor, 1.5)
self.assertEqual(args.circuit_threshold, 4)


if __name__ == "__main__":
unittest.main()
Loading