fix: reject foreground timeout above cap instead of clamping

Change behavior from silent clamping to returning an error when the model requests a foreground timeout exceeding FOREGROUND_MAX_TIMEOUT. This forces the model to use background=true for long-running commands rather than silently changing its intent. - Config default timeouts above the cap are NOT rejected (user's choice) - Only explicit model-requested timeouts trigger rejection - Added boundary test for timeout exactly at the limit
2026-04-25 00:51:20 +00:00 · 2026-04-10 02:56:56 -07:00 · 2026-04-10 02:56:56 -07:00 · a420235b66
commit a420235b66
parent 6c3565df57
2 changed files with 74 additions and 76 deletions
--- a/tests/tools/test_terminal_foreground_timeout_cap.py
+++ b/tests/tools/test_terminal_foreground_timeout_cap.py
@ -1,7 +1,7 @@
-"""Tests for foreground timeout clamping in terminal_tool.
+"""Tests for foreground timeout cap in terminal_tool.

-Ensures that foreground commands have a hard timeout cap to prevent
-a single tool call from blocking the entire agent session.
+Ensures that foreground commands with timeout > FOREGROUND_MAX_TIMEOUT
+are rejected with an error suggesting background=true.
 """
 import json
 import os
@ -29,36 +29,27 @@ def _make_env_config(**overrides):


 class TestForegroundTimeoutCap:
-    """FOREGROUND_MAX_TIMEOUT prevents foreground commands from blocking too long."""
+    """FOREGROUND_MAX_TIMEOUT rejects foreground commands that exceed it."""

-    def test_foreground_timeout_clamped_to_max(self):
-        """When model requests timeout > FOREGROUND_MAX_TIMEOUT, it's clamped."""
+    def test_foreground_timeout_rejected_above_max(self):
+        """When model requests timeout > FOREGROUND_MAX_TIMEOUT, return error."""
        from tools.terminal_tool import terminal_tool, FOREGROUND_MAX_TIMEOUT

        with patch("tools.terminal_tool._get_env_config", return_value=_make_env_config()), \
             patch("tools.terminal_tool._start_cleanup_thread"):

-            mock_env = MagicMock()
-            mock_env.execute.return_value = {"output": "done", "returncode": 0}
+            result = json.loads(terminal_tool(
+                command="echo hello",
+                timeout=9999,  # Way above max
+            ))

-            with patch("tools.terminal_tool._active_environments", {"default": mock_env}), \
-                 patch("tools.terminal_tool._last_activity", {"default": 0}), \
-                 patch("tools.terminal_tool._check_all_guards", return_value={"approved": True}):
-                result = json.loads(terminal_tool(
-                    command="echo hello",
-                    timeout=9999,  # Way above max
-                ))
+        assert "error" in result
+        assert "9999" in result["error"]
+        assert str(FOREGROUND_MAX_TIMEOUT) in result["error"]
+        assert "background=true" in result["error"]

-            # Verify the timeout was clamped
-            call_kwargs = mock_env.execute.call_args
-            assert call_kwargs[1]["timeout"] == FOREGROUND_MAX_TIMEOUT
-            assert result.get("timeout_note") is not None
-            assert "clamped" in result["timeout_note"]
-            assert "9999" in result["timeout_note"]
-            assert "background=true" in result["timeout_note"]
-
-    def test_foreground_timeout_within_max_not_clamped(self):
-        """When model requests timeout <= FOREGROUND_MAX_TIMEOUT, no clamping."""
+    def test_foreground_timeout_within_max_executes(self):
+        """When model requests timeout <= FOREGROUND_MAX_TIMEOUT, execute normally."""
        from tools.terminal_tool import terminal_tool

        with patch("tools.terminal_tool._get_env_config", return_value=_make_env_config()), \
@ -75,12 +66,16 @@ class TestForegroundTimeoutCap:
                    timeout=300,  # Within max
                ))

-            call_kwargs = mock_env.execute.call_args
-            assert call_kwargs[1]["timeout"] == 300
-            assert "timeout_note" not in result
+        call_kwargs = mock_env.execute.call_args
+        assert call_kwargs[1]["timeout"] == 300
+        assert "error" not in result or result["error"] is None

-    def test_config_default_exceeds_cap_no_model_timeout(self):
-        """When config default timeout > cap and model passes no timeout, clamping fires."""
+    def test_config_default_above_cap_not_rejected(self):
+        """When config default timeout > cap but model passes no timeout, execute normally.
+
+        Only the model's explicit timeout parameter triggers rejection,
+        not the user's configured default.
+        """
        from tools.terminal_tool import terminal_tool, FOREGROUND_MAX_TIMEOUT

        # User configured TERMINAL_TIMEOUT=900 in their env
@ -96,16 +91,12 @@ class TestForegroundTimeoutCap:
                 patch("tools.terminal_tool._check_all_guards", return_value={"approved": True}):
                result = json.loads(terminal_tool(command="make build"))

-            # Should be clamped
-            call_kwargs = mock_env.execute.call_args
-            assert call_kwargs[1]["timeout"] == FOREGROUND_MAX_TIMEOUT
-            # Note should reference the original 900s, NOT "None"
-            note = result.get("timeout_note", "")
-            assert "900" in note, f"Expected '900' in timeout_note but got: {note!r}"
-            assert "None" not in note, f"timeout_note contains 'None': {note!r}"
-            assert "clamped" in note
+        # Should execute with the config default, NOT be rejected
+        call_kwargs = mock_env.execute.call_args
+        assert call_kwargs[1]["timeout"] == 900
+        assert "error" not in result or result["error"] is None

-    def test_background_not_clamped(self):
+    def test_background_not_rejected(self):
        """Background commands should NOT be subject to foreground timeout cap."""
        from tools.terminal_tool import terminal_tool

@ -132,14 +123,14 @@ class TestForegroundTimeoutCap:
                    timeout=9999,
                ))

-            # Background should NOT be clamped
-            assert result.get("timeout_note") is None
+        # Background should NOT be rejected
+        assert "error" not in result or result["error"] is None

-    def test_default_timeout_not_clamped(self):
-        """Default timeout (180s) should not trigger clamping."""
+    def test_default_timeout_not_rejected(self):
+        """Default timeout (180s) should not trigger rejection."""
        from tools.terminal_tool import terminal_tool, FOREGROUND_MAX_TIMEOUT

-        # 180 < 600, so no clamping
+        # 180 < 600, so no rejection
        assert 180 < FOREGROUND_MAX_TIMEOUT

        with patch("tools.terminal_tool._get_env_config", return_value=_make_env_config()), \
@ -153,9 +144,31 @@ class TestForegroundTimeoutCap:
                 patch("tools.terminal_tool._check_all_guards", return_value={"approved": True}):
                result = json.loads(terminal_tool(command="echo hello"))

-            call_kwargs = mock_env.execute.call_args
-            assert call_kwargs[1]["timeout"] == 180
-            assert "timeout_note" not in result
+        call_kwargs = mock_env.execute.call_args
+        assert call_kwargs[1]["timeout"] == 180
+        assert "error" not in result or result["error"] is None
+
+    def test_exactly_at_max_not_rejected(self):
+        """Timeout exactly at FOREGROUND_MAX_TIMEOUT should execute normally."""
+        from tools.terminal_tool import terminal_tool, FOREGROUND_MAX_TIMEOUT
+
+        with patch("tools.terminal_tool._get_env_config", return_value=_make_env_config()), \
+             patch("tools.terminal_tool._start_cleanup_thread"):
+
+            mock_env = MagicMock()
+            mock_env.execute.return_value = {"output": "done", "returncode": 0}
+
+            with patch("tools.terminal_tool._active_environments", {"default": mock_env}), \
+                 patch("tools.terminal_tool._last_activity", {"default": 0}), \
+                 patch("tools.terminal_tool._check_all_guards", return_value={"approved": True}):
+                result = json.loads(terminal_tool(
+                    command="echo hello",
+                    timeout=FOREGROUND_MAX_TIMEOUT,  # Exactly at limit
+                ))
+
+        call_kwargs = mock_env.execute.call_args
+        assert call_kwargs[1]["timeout"] == FOREGROUND_MAX_TIMEOUT
+        assert "error" not in result or result["error"] is None


 class TestForegroundMaxTimeoutConstant:
@ -164,9 +177,6 @@ class TestForegroundMaxTimeoutConstant:
    def test_default_value_is_600(self):
        """Default FOREGROUND_MAX_TIMEOUT is 600 when env var is not set."""
        from tools.terminal_tool import FOREGROUND_MAX_TIMEOUT
-        # Module-level constant should be 600 in a clean test environment.
-        # If TERMINAL_MAX_FOREGROUND_TIMEOUT is set, it may differ — but the
-        # conftest _isolate_hermes_home fixture ensures a clean env for tests.
        assert FOREGROUND_MAX_TIMEOUT == 600

    def test_schema_mentions_max(self):
@ -174,4 +184,4 @@ class TestForegroundMaxTimeoutConstant:
        from tools.terminal_tool import TERMINAL_SCHEMA, FOREGROUND_MAX_TIMEOUT
        timeout_desc = TERMINAL_SCHEMA["parameters"]["properties"]["timeout"]["description"]
        assert str(FOREGROUND_MAX_TIMEOUT) in timeout_desc
-        assert "max" in timeout_desc.lower()
+        assert "background=true" in timeout_desc