glow-all/decider
2
0
Fork 0
Code Issues 6 Pull requests Projects Releases Packages Wiki Activity Actions

P1-03: No ensemble-level timeout — provider hang blocks HTTP request forever #9

New issue
Closed
opened 2026-06-16 13:57:01 +00:00 by Artur · 0 comments
Artur commented 2026-06-16 13:57:01 +00:00
Owner
Copy link

Severity: P1 (High)
File: decider/ensemble.py line 60

Problem

The ensemble uses ThreadPoolExecutor without any timeout:

with ThreadPoolExecutor(max_workers=len(self.ensemble)) as pool:
    futures = {pool.submit(_call_one, cfg): cfg for cfg in self.ensemble}
    for future in as_completed(futures):
        vote = future.result()  # blocks indefinitely

If all providers hang (network partition, API outage, dead connection), the entire ensemble thread blocks forever → HTTP request handler blocks forever → worker thread leaked. With ThreadingHTTPServer, this means ALL workers can be consumed by hanging requests, causing a complete denial of service.

Fix

  1. Add an overall timeout parameter to Ensemble.decide()
  2. Use as_completed(futures, timeout=) or future.result(timeout=)
  3. Propagate timeout from config (server.decision_timeout)
  4. On timeout: log warning, return weighted result from completed providers only
  5. If no providers completed in time → fall back to ask_user
**Severity**: P1 (High) **File**: `decider/ensemble.py` line 60 ## Problem The ensemble uses `ThreadPoolExecutor` without any timeout: ```python with ThreadPoolExecutor(max_workers=len(self.ensemble)) as pool: futures = {pool.submit(_call_one, cfg): cfg for cfg in self.ensemble} for future in as_completed(futures): vote = future.result() # blocks indefinitely ``` If all providers hang (network partition, API outage, dead connection), the entire ensemble thread blocks forever → HTTP request handler blocks forever → worker thread leaked. With `ThreadingHTTPServer`, this means ALL workers can be consumed by hanging requests, causing a complete denial of service. ## Fix 1. Add an overall timeout parameter to `Ensemble.decide()` 2. Use `as_completed(futures, timeout=)` or `future.result(timeout=)` 3. Propagate timeout from config (`server.decision_timeout`) 4. On timeout: log warning, return weighted result from completed providers only 5. If no providers completed in time → fall back to `ask_user`
Artur closed this issue 2026-06-16 13:58:14 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
No results found.
Labels
Clear labels   
P1-High
High severity

  
P2-Medium
Medium severity

  
P3-Low
Low severity

  
bug
Bug or defect

  
enhancement
New feature or request

  
reliability
Reliability issue

  
security
Security issue

  
testing
Testing related

No labels
P1-High
P2-Medium
P3-Low
bug
enhancement
reliability
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
glow-all/decider#9
No description provided.