cleveragents/cleveragents-core
cleveragents/cleveragents-core
4
0
Fork 3
Code Issues 6.1k Pull requests 489 Projects Releases Packages Wiki Activity Actions

fix(decomposition): enforce plan.max-child-depth recursion limit to prevent unbounded hierarchy growth #11248

Merged
CoreRasurae merged 1 commit from fix/enforce-max-child-depth into master 2026-05-20 09:52:37 +00:00
Conversation 1 Commits 1 Files changed 5 +139 -4
CoreRasurae commented 2026-05-19 20:10:38 +00:00
Member
Copy link

Closes #10269

Summary

Enforces the plan.max-child-depth configuration limit in DecompositionService._build_hierarchy() to prevent unbounded recursive plan decomposition.

Changes

DecompositionConfig (decomposition_models.py)

  • Added max_child_depth field (default: 5, matching plan.max-child-depth)
  • Added validation in __post_init__ (value must be >= 1)
  • Updated docstring with new attribute

DecompositionService (decomposition_service.py)

  • Added max_child_depth guard in _build_hierarchy()
  • Stops recursion when depth >= config.max_child_depth
  • Emits warning log when limit is reached: Decomposition reached max-child-depth limit (%d) at depth %d. Creating terminal node for %d files.
  • Both max_depth and max_child_depth are respected; the more restrictive one wins

BDD Tests

  • New feature file: features/decomposition_max_child_depth.feature
    • Decomposition stops when max_child_depth limit is reached
    • max_child_depth guard triggers before max_depth when more restrictive
    • max_depth can be more restrictive than max_child_depth
    • Default config value is correct (5)
    • Invalid max_child_depth value is rejected
  • Updated default config scenario to assert max_child_depth = 5

Verification

  • All 711 features pass (0 failures)
  • Lint and typecheck pass
  • All new code paths covered by tests
Closes #10269 ## Summary Enforces the `plan.max-child-depth` configuration limit in `DecompositionService._build_hierarchy()` to prevent unbounded recursive plan decomposition. ## Changes ### `DecompositionConfig` (decomposition_models.py) - Added `max_child_depth` field (default: 5, matching `plan.max-child-depth`) - Added validation in `__post_init__` (value must be >= 1) - Updated docstring with new attribute ### `DecompositionService` (decomposition_service.py) - Added `max_child_depth` guard in `_build_hierarchy()` - Stops recursion when `depth >= config.max_child_depth` - Emits warning log when limit is reached: `Decomposition reached max-child-depth limit (%d) at depth %d. Creating terminal node for %d files.` - Both `max_depth` and `max_child_depth` are respected; the more restrictive one wins ### BDD Tests - New feature file: `features/decomposition_max_child_depth.feature` - Decomposition stops when max_child_depth limit is reached - max_child_depth guard triggers before max_depth when more restrictive - max_depth can be more restrictive than max_child_depth - Default config value is correct (5) - Invalid max_child_depth value is rejected - Updated default config scenario to assert max_child_depth = 5 ## Verification - All 711 features pass (0 failures) - Lint and typecheck pass - All new code paths covered by tests
fix(decomposition): enforce plan.max-child-depth recursion limit to prevent unbounded hierarchy growth
Some checks failed
CI / push-validation (pull_request) Successful in 43s
Details
CI / helm (pull_request) Successful in 52s
Details
CI / build (pull_request) Successful in 1m15s
Details
CI / lint (pull_request) Failing after 1m27s
Details
CI / quality (pull_request) Successful in 2m2s
Details
CI / typecheck (pull_request) Successful in 2m13s
Details
CI / security (pull_request) Successful in 2m13s
Details
CI / unit_tests (pull_request) Has started running
Details
CI / integration_tests (pull_request) Has been cancelled
Details
CI / coverage (pull_request) Has been cancelled
Details
CI / docker (pull_request) Has been cancelled
Details
CI / status-check (pull_request) Has been cancelled
Details
16c6469d83 
Add max_child_depth field to DecompositionConfig (default: 5, matching
plan.max-child-depth config) with validation in __post_init__. Update
_build_hierarchy() in DecompositionService to stop recursion and emit
a warning when the depth limit is reached.

BDD tests verify: max_child_depth guards trigger before max_depth
when more restrictive, warnings are logged, default config value is
correct, and invalid values are rejected.

ISSUES CLOSED: #10269
CoreRasurae added this to the v3.5.0 milestone 2026-05-19 20:12:13 +00:00
CoreRasurae force-pushed fix/enforce-max-child-depth from 16c6469d83
Some checks failed
CI / push-validation (pull_request) Successful in 43s
Details
CI / helm (pull_request) Successful in 52s
Details
CI / build (pull_request) Successful in 1m15s
Details
CI / lint (pull_request) Failing after 1m27s
Details
CI / quality (pull_request) Successful in 2m2s
Details
CI / typecheck (pull_request) Successful in 2m13s
Details
CI / security (pull_request) Successful in 2m13s
Details
CI / unit_tests (pull_request) Has started running
Details
CI / integration_tests (pull_request) Has been cancelled
Details
CI / coverage (pull_request) Has been cancelled
Details
CI / docker (pull_request) Has been cancelled
Details
CI / status-check (pull_request) Has been cancelled
Details
to 3a95701d9a
Some checks failed
CI / lint (pull_request) Successful in 1m19s
Details
CI / quality (pull_request) Successful in 1m39s
Details
CI / typecheck (pull_request) Successful in 1m43s
Details
CI / security (pull_request) Successful in 1m56s
Details
CI / build (pull_request) Successful in 33s
Details
CI / helm (pull_request) Successful in 40s
Details
CI / unit_tests (pull_request) Successful in 6m36s
Details
CI / integration_tests (pull_request) Successful in 3m57s
Details
CI / push-validation (pull_request) Successful in 19s
Details
CI / docker (pull_request) Successful in 1m28s
Details
CI / coverage (pull_request) Successful in 12m46s
Details
CI / status-check (pull_request) Successful in 4s
Details
CI / lint (push) Failing after 12s
Details
CI / typecheck (push) Failing after 11s
Details
CI / integration_tests (push) Failing after 7s
Details
CI / unit_tests (push) Failing after 12s
Details
CI / quality (push) Failing after 12s
Details
CI / security (push) Failing after 13s
Details
CI / coverage (push) Has been skipped
Details
CI / docker (push) Has been skipped
Details
CI / push-validation (push) Failing after 13s
Details
CI / helm (push) Failing after 14s
Details
CI / build (push) Failing after 15s
Details
CI / status-check (push) Failing after 2s
Details
CI / benchmark-regression (push) Failing after 34s
Details
CI / e2e_tests (push) Successful in 1m1s
Details
CI / benchmark-publish (push) Failing after 35m10s
Details
2026-05-19 20:56:50 +00:00 Compare
brent.edwards approved these changes 2026-05-19 22:05:16 +00:00
brent.edwards left a comment
Copy link

PR Review — #11248 APPROVED

PR: fix(decomposition): enforce plan.max-child-depth recursion limit to prevent unbounded hierarchy growth
Branch: fix/enforce-max-child-depth
Author: CoreRasurae (Luis Mendes)
Linked Issue: #10269
Milestone: v3.5.0
CI: 12/12 checks green (lint, quality, typecheck, security, build, helm, unit_tests, integration_tests, push-validation, docker, coverage, status-check)

Overall Assessment

All 10 checklist categories pass. The implementation is correct, well-tested, and fully addresses issue #10269. No blocking findings.

Checklist Breakdown

Category Status Notes
Correctness PASS reached_child_depth_limit = depth >= config.max_child_depth correctly guards _build_hierarchy(). All 5 acceptance criteria from #10269 are met. The more-restrictive-wins behavior (max_depth vs max_child_depth) is correctly implemented.
Specification Alignment PASS plan.max-child-depth (default 5) is enforced exactly as described in the spec: recursion stops at the limit, warning log is emitted, and terminal node is created.
Test Quality PASS 5 new BDD scenarios covering depth-limit enforcement, default value, guard priority (max_child_depth vs max_depth), inverse priority, and validation rejection. Existing large_project_decomposition.feature updated to assert max_child_depth=5. All 711 features pass with zero failures.
Type Safety PASS Zero # type: ignore comments. All function signatures annotated. Pydantic v2 ConfigDict(arbitrary_types_allowed=True) used appropriately.
Readability PASS Clear variable names (reached_child_depth_limit). Good docstring. Comment explains M6 4+ level context.
Performance PASS reached_child_depth_limit computed once per recursion, short-circuits via is_leaf - no inefficiencies.
Security PASS No secrets, no external inputs, no injection risks.
Code Style PASS SOLID, frozen dataclasses with __post_init__ validation. No magic numbers.
Documentation PASS DecompositionConfig docstring updated with max_child_depth attribute. No new public API surface.
Commit and PR Quality PASS Type/Bug label correct (matches issue #10269). Milestone v3.5.0 correct. PR body uses Closes #10269. Appropriately scoped (5 files, 139 additions).

Minor Observations (non-blocking, P3)

  • Unused import (P3:nit): decomposition_max_child_depth_steps.py imports when from behave but only uses then. The when import is dead code - suggest removing before merge.

  • Branch naming (P3:nit): The contributing guide specifies bugfix/mN- for bug fixes; this branch uses fix/. The repo's actual branch history uses fix/ universally, so this is consistent with established convention.

CI Gate Verification

All 5 required-for-merge CI jobs are green:

  • CI / lint (pull_request) - Successful in 1m19s
  • CI / typecheck (pull_request) - Successful in 1m43s
  • CI / unit_tests (pull_request) - Successful in 6m36s
  • CI / coverage (pull_request) - Successful in 12m46s
  • CI / security (pull_request) - Successful in 1m56s

Coverage job passed with >=97% threshold as confirmed by the CI / coverage (pull_request) success check.

Conclusion

This PR correctly enforces the plan.max-child-depth configuration limit in DecompositionService._build_hierarchy(), preventing unbounded recursive plan decomposition as described in issue #10269. All acceptance criteria pass, all tests pass, and no blocking issues were found. Approved for merge.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

## PR Review — #11248 APPROVED **PR**: fix(decomposition): enforce plan.max-child-depth recursion limit to prevent unbounded hierarchy growth **Branch**: fix/enforce-max-child-depth **Author**: CoreRasurae (Luis Mendes) **Linked Issue**: #10269 **Milestone**: v3.5.0 **CI**: 12/12 checks green (lint, quality, typecheck, security, build, helm, unit_tests, integration_tests, push-validation, docker, coverage, status-check) --- ### Overall Assessment All 10 checklist categories pass. The implementation is correct, well-tested, and fully addresses issue #10269. No blocking findings. --- ### Checklist Breakdown | Category | Status | Notes | |---|---|---| | **Correctness** | PASS | `reached_child_depth_limit = depth >= config.max_child_depth` correctly guards `_build_hierarchy()`. All 5 acceptance criteria from #10269 are met. The more-restrictive-wins behavior (max_depth vs max_child_depth) is correctly implemented. | | **Specification Alignment** | PASS | `plan.max-child-depth` (default 5) is enforced exactly as described in the spec: recursion stops at the limit, warning log is emitted, and terminal node is created. | | **Test Quality** | PASS | 5 new BDD scenarios covering depth-limit enforcement, default value, guard priority (max_child_depth vs max_depth), inverse priority, and validation rejection. Existing `large_project_decomposition.feature` updated to assert `max_child_depth=5`. All 711 features pass with zero failures. | | **Type Safety** | PASS | Zero `# type: ignore` comments. All function signatures annotated. Pydantic v2 `ConfigDict(arbitrary_types_allowed=True)` used appropriately. | | **Readability** | PASS | Clear variable names (`reached_child_depth_limit`). Good docstring. Comment explains M6 4+ level context. | | **Performance** | PASS | `reached_child_depth_limit` computed once per recursion, short-circuits via `is_leaf` - no inefficiencies. | | **Security** | PASS | No secrets, no external inputs, no injection risks. | | **Code Style** | PASS | SOLID, frozen dataclasses with `__post_init__` validation. No magic numbers. | | **Documentation** | PASS | `DecompositionConfig` docstring updated with `max_child_depth` attribute. No new public API surface. | | **Commit and PR Quality** | PASS | Type/Bug label correct (matches issue #10269). Milestone v3.5.0 correct. PR body uses `Closes #10269`. Appropriately scoped (5 files, 139 additions). | --- ### Minor Observations (non-blocking, P3) - **Unused import (P3:nit)**: `decomposition_max_child_depth_steps.py` imports `when` from behave but only uses `then`. The `when` import is dead code - suggest removing before merge. - **Branch naming (P3:nit)**: The contributing guide specifies `bugfix/mN-` for bug fixes; this branch uses `fix/`. The repo's actual branch history uses `fix/` universally, so this is consistent with established convention. --- ### CI Gate Verification All 5 required-for-merge CI jobs are green: - `CI / lint (pull_request)` - Successful in 1m19s - `CI / typecheck (pull_request)` - Successful in 1m43s - `CI / unit_tests (pull_request)` - Successful in 6m36s - `CI / coverage (pull_request)` - Successful in 12m46s - `CI / security (pull_request)` - Successful in 1m56s Coverage job passed with >=97% threshold as confirmed by the `CI / coverage (pull_request)` success check. --- ### Conclusion This PR correctly enforces the `plan.max-child-depth` configuration limit in `DecompositionService._build_hierarchy()`, preventing unbounded recursive plan decomposition as described in issue #10269. All acceptance criteria pass, all tests pass, and no blocking issues were found. Approved for merge. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
CoreRasurae deleted branch fix/enforce-max-child-depth 2026-05-20 09:52:37 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
HAL9001
brent.edwards
Labels
Clear labels   
auto/needs-reevaluation
Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  
controller-managed
Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  
auto/blocked-by-deps
PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  
auto/ci-timeout
Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  
auto/claimed-implementer
Currently being processed by an implementer worker.

  
auto/claimed-merge
Currently being processed by the merge driver.

  
auto/claimed-reviewer
Currently being processed by a reviewer worker.

  
auto/driver-down
Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  
auto/invariant-violation
Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  
auto/last-attempt-tier-0
In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-1
In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-2
In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  
auto/last-attempt-tier-min
In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  
Automation Tracking
Tracking issues used by the AI Automation system for agents to communicate and report.

  
auto/needs-conflict-resolution
Rebase conflict needs LLM conflict-resolver.

  
auto/needs-implementer
Failing CI needs implementer attention.

  
auto/postmortem
Documenting a driver incident or rollback.

  
auto/ready-to-merge
Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  
auto/restart-throttled
Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  
auto/revert
Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  
auto/sentinel
Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  
auto/stale-inactivity
No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  
auto/unstable
Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  
Blocked
A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
 A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
 A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
 A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
 A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
 A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
 A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
 A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
 A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
 A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
 A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
 Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
 Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
 Should have feature in order to satisfy the epic/legendary.

  
Needs Feedback
There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
 1 man-hours worth of work for an expert with no learning curve.

  
Points
13
 13 man-hours worth of work for an expert with no learning curve.

  
Points
2
 2 man-hours worth of work for an expert with no learning curve.

  
Points
21
 21 man-hours worth of work for an expert with no learning curve.

  
Points
3
 3 man-hours worth of work for an expert with no learning curve.

  
Points
34
 34 man-hours worth of work for an expert with no learning curve.

  
Points
5
 5 man-hours worth of work for an expert with no learning curve.

  
Points
55
 55 man-hours worth of work for an expert with no learning curve.

  
Points
8
 8 man-hours worth of work for an expert with no learning curve.

  
Points
88
 88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
 This ticket has backlogged priority and is not to be worked on yet

  
Priority
CI Blocker
 Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Signed-off: Owner
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike
A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
 The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
 A ticket that represents the same content as an existing ticket.

  
State
In Progress
 A ticket that is actively being developed.

  
State
In Review
 A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
 This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
 All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
 The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
 This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Automation
 Any edits or discussion about the AI automated coding system.

  
Type
Bug
 Something that doesnt work as intended.

  
Type
Discussion
 Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
 An error or improvement needed in the documentation.

  
Type
Epic
 Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
 Some new functionality not present.

  
Type
Legendary
 A type of Epic which will contain other Epics.

  
Type
Refactor
 A code change that restructures existing code without changing its external behavior.

  
Type
Support
 Someone needs help using the project.

  
Type
Task
 A generic task that doesnt fit into the other type categories.

  
Type
Testing
 Work exclusively focusing on fixing or expanding testing.

No labels
auto/needs-reevaluation
controller-managed
auto/blocked-by-deps
auto/ci-timeout
auto/claimed-implementer
auto/claimed-merge
auto/claimed-reviewer
auto/driver-down
auto/invariant-violation
auto/last-attempt-tier-0
auto/last-attempt-tier-1
auto/last-attempt-tier-2
auto/last-attempt-tier-min
Automation Tracking
auto/needs-conflict-resolution
auto/needs-implementer
auto/postmortem
auto/ready-to-merge
auto/restart-throttled
auto/revert
auto/sentinel
auto/stale-inactivity
auto/unstable
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs Feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
CI Blocker
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Automation
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Refactor
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
v3.5.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
HAL9000
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks
#10269 Enforce plan.max-child-depth limit in DecompositionService._build_hierarchy()
cleveragents/cleveragents-core
Reference
cleveragents/cleveragents-core!11248
No description provided.