Implement graceful shutdown with CancellationToken

[leynos]

Summary

• enable tokio-util rt feature
• use TaskTracker and CancellationToken for server shutdown
• update docs to mark graceful shutdown complete
• add regression test for shutdown in connection actor
• adjust worker task test for new pattern

Testing

• make lint
• make test

---

https://chatgpt.com/codex/tasks/task_e_68670889d3b08322b5a7c930edc42286

Summary by Sourcery

Enable graceful shutdown by replacing the broadcast channel mechanism with CancellationToken and TaskTracker, refactoring task spawning and shutdown logic in the server and worker tasks, updating tests and docs accordingly, and enabling the required tokio-util feature in Cargo.toml

New Features:

• Implement graceful shutdown using CancellationToken and TaskTracker

Enhancements:

• Refactor server and worker_task to use TaskTracker for spawning and tracking tasks instead of broadcast channels
• Update server run logic to cancel and await tracked tasks on shutdown

Build:

• Enable tokio-util "rt" feature in Cargo.toml

Documentation:

• Mark graceful shutdown as complete in the asynchronous outbound messaging roadmap

Tests:

• Replace broadcast-based shutdown tests with CancellationToken and TaskTracker patterns
• Add regression test for graceful shutdown in connection actor

[sourcery-ai]

Reviewer's Guide

Introduces a coordinated graceful shutdown mechanism using Tokio’s CancellationToken and TaskTracker, refactors worker tasks and their lifecycle management, adjusts tests to the new pattern, and updates dependencies and documentation accordingly.

Sequence diagram for graceful shutdown using CancellationToken and TaskTracker

sequenceDiagram
    participant MainServer
    participant TaskTracker
    participant CancellationToken
    participant WorkerTask

    MainServer->>TaskTracker: spawn(worker_task(..., token, tracker))
    loop For each worker
        TaskTracker->>WorkerTask: Start worker_task
    end
    MainServer->>CancellationToken: Wait for shutdown signal
    CancellationToken-->>WorkerTask: Signal cancellation
    WorkerTask-->>TaskTracker: Complete and notify
    MainServer->>TaskTracker: tracker.wait()
    TaskTracker-->>MainServer: All tasks complete
    MainServer->>CancellationToken: cancel()
    MainServer->>TaskTracker: close()
    MainServer->>TaskTracker: tracker.wait().await
    TaskTracker-->>MainServer: Confirm shutdown complete

Loading

Class diagram for updated server and worker task shutdown logic

classDiagram
    class Server {
        +listener
        +factory
        +on_preamble_success
        +on_preamble_failure
        +workers
        +run(shutdown)
    }
    class TaskTracker {
        +spawn(task)
        +wait()
        +close()
    }
    class CancellationToken {
        +cancel()
        +cancelled()
    }
    class WorkerTask {
        +worker_task(listener, factory, on_success, on_failure, shutdown, tracker)
    }
    Server --> TaskTracker : uses
    Server --> CancellationToken : uses
    TaskTracker --> WorkerTask : spawns
    WorkerTask --> CancellationToken : checks
    WorkerTask --> TaskTracker : notifies

Loading

File-Level Changes

Change	Details	Files
Implement graceful shutdown in server.run using CancellationToken and TaskTracker	Replace broadcast channel with a CancellationToken and TaskTracker Spawn worker tasks via tracker.spawn and clone tokens Update tokio::select to cancel on shutdown and await tracker completion Invoke tracker.close, cancel token, and await tracker.wait at shutdown	src/server.rs
Refactor worker_task to use CancellationToken and TaskTracker	Change function signature to accept CancellationToken and TaskTracker instead of broadcast receiver Use shutdown.cancelled() branch to break the loop Spawn process_stream tasks via tracker.spawn instead of tokio::spawn Remove broadcast receiver logic	src/server.rs
Adjust existing tests and add regression test for graceful shutdown	Modify worker_task shutdown test to use CancellationToken, TaskTracker, and tracker.wait Import tokio_util::{sync::CancellationToken, task::TaskTracker} in server tests Add connection_actor.rs regression test to verify graceful shutdown waits for all tasks	src/server.rs tests/connection_actor.rs
Enable tokio-util rt feature and mark graceful shutdown complete in docs	Update Cargo.toml to enable the "rt" feature for tokio-util Check off the graceful shutdown item in the asynchronous-outbound-messaging roadmap	Cargo.toml docs/asynchronous-outbound-messaging-roadmap.md

Possibly linked issues

• #0: PR replaces broadcast receiver with CancellationToken/TaskTracker for worker task shutdown.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Warning

Rate limit exceeded

@leynos has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 9 minutes and 54 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 139610b and aff7dcc.

📒 Files selected for processing (2)

• docs/hardening-wireframe-a-guide-to-production-resilience.md (1 hunks)
• src/server.rs (6 hunks)

Summary by CodeRabbit

• New Features

  • Introduced a more robust server shutdown mechanism using cancellation tokens and task tracking for improved task lifecycle management.
  • Added a new test to verify graceful shutdown waits for all tasks to complete.

• Documentation

  • Updated roadmap to mark graceful shutdown as complete.

• Chores

  • Updated dependency configuration to enable the "rt" feature for the async utility library.

Walkthrough

The shutdown and task management mechanism was refactored from using a Tokio broadcast channel and manual join handle tracking to utilising tokio_util's CancellationToken and TaskTracker. Associated code, tests, and dependency declarations were updated to reflect this new approach, and relevant documentation was amended.

Changes

File(s)	Change Summary
Cargo.toml	Updated tokio-util dependency to table format and enabled the rt feature.
docs/asynchronous-outbound-messaging-roadmap.md	Marked the "Graceful shutdown using CancellationToken and TaskTracker" checklist item as complete.
src/server.rs	Replaced broadcast channel shutdown and join handle management with CancellationToken and TaskTracker. Updated function signatures and internal logic accordingly.
tests/connection_actor.rs	Added a new async test verifying shutdown waits for all tasks using CancellationToken and TaskTracker. Updated imports.

Sequence Diagram(s)

sequenceDiagram
    participant Main as Main Server Task
    participant Tracker as TaskTracker
    participant Token as CancellationToken
    participant Worker as Worker Task

    Main->>Token: Create CancellationToken
    Main->>Tracker: Create TaskTracker
    loop For each worker
        Main->>Tracker: Spawn worker_task with Token, Tracker
        Tracker->>Worker: Run worker_task
    end
    Main->>Token: Await shutdown signal
    Token-->>Worker: Signal cancellation
    Worker->>Tracker: Complete task on shutdown
    Main->>Tracker: Wait for all tasks to finish

Loading

Possibly related PRs

• Fix shutdown receiver ownership #55: Addresses shutdown signalling and worker task management, but retains the broadcast channel approach rather than introducing CancellationToken and TaskTracker.

Poem

A CancellationToken in paw,
A TaskTracker on the floor—
No more lost worker rabbits,
Each task tracked to the door.
With graceful shutdown now in place,
Our warren’s code runs sure and ace!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Post Copyable Unit Tests in a Comment
• Commit Unit Tests in branch codex/implement-graceful-shutdown-with-cancellationtoken

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

Hey @leynos - I've reviewed your changes - here's some feedback:

• In run, remove the redundant shutdown_token.cancel() after tracker.close() and consider moving the single cancellation call to before tracker.close() for clearer shutdown ordering.
• Rename ambiguous local variables like t to more descriptive names to improve readability.

Prompt for AI Agents

Please address the comments from this code review:
## Overall Comments
- In `run`, remove the redundant `shutdown_token.cancel()` after `tracker.close()` and consider moving the single cancellation call to before `tracker.close()` for clearer shutdown ordering.
- Rename ambiguous local variables like `t` to more descriptive names to improve readability.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9a9e26d and 139610b.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (4)

• Cargo.toml (1 hunks)
• docs/asynchronous-outbound-messaging-roadmap.md (1 hunks)
• src/server.rs (6 hunks)
• tests/connection_actor.rs (2 hunks)

🧰 Additional context used

📓 Path-based instructions (10)

`docs/**/*.md`: Documentation must use en-GB-oxendict spelling and grammar (with the exception of "license" which is to be left unchanged for community consistency).

docs/**/*.md: Documentation must use en-GB-oxendict spelling and grammar (with the exception of "license" which is to be left unchanged for community consistency).

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`**/*.md`: Validate Markdown files using `markdownlint *.md **/*.md`. Run `mdfor...

**/*.md: Validate Markdown files using markdownlint *.md **/*.md.
Run mdformat-all after any documentation changes to format all Markdown files and fix table markup.
Validate Markdown Mermaid diagrams using the nixie CLI. The tool is already installed; run nixie *.md **/*.md directly instead of using npx.
Markdown paragraphs and bullet points must be wrapped at 80 columns.
Code blocks must be wrapped at 120 columns.
Tables and headings must not be wrapped.

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`docs/**/*.md`: Provide user guides and examples demonstrating server-initiated messaging.

docs/**/*.md: Provide user guides and examples demonstrating server-initiated messaging.

📄 Source: CodeRabbit Inference Engine (docs/asynchronous-outbound-messaging-roadmap.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`docs/**/*.md`: Conventions for writing project documentation should follow the rules outlined in the documentation style guide.

docs/**/*.md: Conventions for writing project documentation should follow the rules outlined in the documentation style guide.

📄 Source: CodeRabbit Inference Engine (docs/contents.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`docs/**/*.md`: Use British English based on the Oxford English Dictionary (en-o...

docs/**/*.md: Use British English based on the Oxford English Dictionary (en-oxendict) for documentation.
The word "outwith" is acceptable in documentation.
Keep US spelling when used in an API, for example color.
Use the Oxford comma in documentation.
Company names are treated as collective nouns (e.g., "Lille Industries are expanding").
Write headings in sentence case in documentation.
Use Markdown headings (#, ##, ###, etc.) in order without skipping levels.
Follow markdownlint recommendations for Markdown files.
Provide code blocks and lists using standard Markdown syntax.
Always use fenced code blocks with a language identifier; use plaintext for non-code text.
Use - as the first level bullet and renumber lists when items change.
Prefer inline links using [text](url) or angle brackets around the URL in Markdown.
Expand any uncommon acronym on first use, for example, Continuous Integration (CI).
Wrap paragraphs at 80 columns in documentation.
Wrap code at 120 columns in documentation.
Do not wrap tables in documentation.
Use footnotes referenced with [^label] in documentation.
Include Mermaid diagrams in documentation where it adds clarity.
When embedding figures in documentation, use ![alt text](path/to/image) and provide concise alt text describing the content.
Add a short description before each Mermaid diagram in documentation so screen readers can understand it.

📄 Source: CodeRabbit Inference Engine (docs/documentation-style-guide.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`docs/**/*.md`: Write the official documentation for the new features. Create se...

docs/**/*.md: Write the official documentation for the new features. Create separate guides for "Duplex Messaging & Pushes", "Streaming Responses", and "Message Fragmentation". Each guide must include runnable examples and explain the relevant concepts and APIs.

📄 Source: CodeRabbit Inference Engine (docs/wireframe-1-0-detailed-development-roadmap.md)

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`**/*.md`: * Avoid 2nd person or 1st person pronouns ("I", "you", "we") * Use en...

**/*.md: * Avoid 2nd person or 1st person pronouns ("I", "you", "we")

• Use en-oxendic spelling and grammar.
• Paragraphs and bullets must be wrapped to 80 columns, except where a long URL would prevent this (in which case, silence MD013 for that line)
• Code blocks should be wrapped to 120 columns.
• Headings must not be wrapped.

⚙️ Source: CodeRabbit Configuration File

List of files the instruction was applied to:

• docs/asynchronous-outbound-messaging-roadmap.md

`Cargo.toml`: Use explicit version ranges in `Cargo.toml` and keep dependencies up-to-date.

Cargo.toml: Use explicit version ranges in Cargo.toml and keep dependencies up-to-date.

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• Cargo.toml

`**/*.rs`: Comment why, not what. Explain assumptions, edge cases, trade-offs, o...

**/*.rs: Comment why, not what. Explain assumptions, edge cases, trade-offs, or complexity. Don't echo the obvious.
Comments must use en-GB-oxendict spelling and grammar.
Function documentation must include clear examples.
Every module must begin with a module level (//!) comment explaining the module's purpose and utility.
Document public APIs using Rustdoc comments (///) so documentation can be generated with cargo doc.
Place function attributes after doc comments.
Do not use return in single-line functions.
Use predicate functions for conditional criteria with more than two branches.
Lints must not be silenced except as a last resort.
Lint rule suppressions must be tightly scoped and include a clear reason.
Prefer expect over allow.
Prefer .expect() over .unwrap().
Clippy warnings MUST be disallowed.
Fix any warnings emitted during tests in the code itself rather than silencing them.
Where a function is too long, extract meaningfully named helper functions adhering to separation of concerns and CQRS.
Where a function has too many parameters, group related parameters in meaningfully named structs.
Where a function is returning a large error consider using Arc to reduce the amount of data returned.
Write unit and behavioural tests for new functionality. Run both before and after making any change.
Prefer immutable data and avoid unnecessary mut bindings.
Handle errors with the Result type instead of panicking where feasible.
Avoid unsafe code unless absolutely necessary and document any usage clearly.

📄 Source: CodeRabbit Inference Engine (AGENTS.md)

List of files the instruction was applied to:

• tests/connection_actor.rs
• src/server.rs

`**/*.rs`: * Seek to keep the cyclomatic complexity of functions no more than 12...

**/*.rs: * Seek to keep the cyclomatic complexity of functions no more than 12.

• Adhere to single responsibility and CQRS

• Place function attributes after doc comments.

• Do not use return in single-line functions.

• Move conditionals with >2 branches into a predicate function.

• Avoid unsafe unless absolutely necessary.

• Every module must begin with a //! doc comment that explains the module's purpose and utility.

• Comments must use en-GB-oxendict spelling and grammar.

• Lints must not be silenced except as a last resort.

  • #[allow] is forbidden.
  • Only narrowly scoped #[expect(lint, reason = "...")] is allowed.
  • No lint groups, no blanket or file-wide suppression.
  • Include FIXME: with link if a fix is expected.

• Use rstest fixtures for shared setup and to avoid repetition between tests.

• Replace duplicated tests with #[rstest(...)] parameterised cases.

• Prefer mockall for mocks/stubs.

• Prefer .expect() over .unwrap()

• Ensure that any API or behavioural changes are reflected in the documentation in docs/

• Ensure that any completed roadmap steps are recorded in the appropriate roadmap in docs/

⚙️ Source: CodeRabbit Configuration File

List of files the instruction was applied to:

• tests/connection_actor.rs
• src/server.rs

🧠 Learnings (1)

tests/connection_actor.rs (1)

Learnt from: CR
PR: leynos/wireframe#0
File: docs/wireframe-1-0-detailed-development-roadmap.md:0-0
Timestamp: 2025-06-29T18:04:58.493Z
Learning: Graceful shutdown should be implemented using tokio_util::sync::CancellationToken for signaling and tokio_util::task::TaskTracker to ensure all connection actors terminate cleanly.

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: build-test

🔇 Additional comments (7)

Cargo.toml (1)

10-10: Appropriate feature flag addition for graceful shutdown.

The addition of the "rt" feature for tokio-util correctly enables the required runtime utilities (CancellationToken and TaskTracker) for the new graceful shutdown implementation.

docs/asynchronous-outbound-messaging-roadmap.md (1)

41-41: Documentation accurately reflects implementation status.

The roadmap correctly marks the graceful shutdown implementation as complete, which aligns with the code changes in src/server.rs and the new test coverage in tests/connection_actor.rs.

tests/connection_actor.rs (2)

9-9: Import correctly updated for new test requirements.

The addition of TaskTracker to the import statement supports the new graceful shutdown test.

---

238-264: Well-structured test for graceful shutdown behaviour.

The test effectively validates that:

1. Multiple ConnectionActor instances can be tracked using TaskTracker
2. Cancellation via CancellationToken triggers graceful shutdown
3. All tracked tasks complete within the expected timeout

The 500ms timeout is reasonable for verifying task completion.

src/server.rs (3)

33-33: Import statement correctly adds required utilities.

The addition of CancellationToken and TaskTracker from tokio_util supports the refactored graceful shutdown implementation.

---

352-372: Worker task correctly implements graceful shutdown pattern.

The refactored implementation properly:

1. Uses biased select! to prioritise shutdown signals
2. Tracks spawned tasks via TaskTracker for coordinated shutdown
3. Maintains the existing error handling and backoff logic

---

809-826: Test correctly validates the new shutdown mechanism.

The updated test properly exercises the CancellationToken and TaskTracker based shutdown, ensuring the worker task responds to cancellation signals within the expected timeout.

[leynos]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[leynos]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.