Standalone activity heartbeating

[dandavison]

What changed?

Implement heartbeating for CHASM activities (standalone activity)

Why?

Required feature

How did you test it?

• built
• added new functional test(s)

---

Note

Implements heartbeating for standalone activities, including heartbeat timers, timeout-driven retry/failure, task-token validation, frontend routing, and supporting proto/executors with comprehensive tests.

• Activity/State Machine:
  • Add RecordHeartbeat with task-token validation; store heartbeat details/time and schedule heartbeat timer; response signals cancelRequested.
  • Start schedules heartbeat and start-to-close timers; TransitionTimedOut handles HEARTBEAT; getOrCreateLastHeartbeat used when recording failures.
  • Introduce WithToken wrapper and enforce token validation in HandleCompleted/Failed/Canceled and heartbeats.
  • Extract retry flow via tryReschedule/shouldRetry/hasEnoughTimeForRetry; start-to-close timeout uses retry-first logic.
  • PopulateRecordStartedResponse includes prior HeartbeatDetails; TransitionStarted records worker/deployment and uses started-time-based scheduling.
• Tasks/Proto/FX:
  • Define HeartbeatTimeoutTask in proto (+ helpers); implement validate/execute executors; register in fx and task registry.
• History APIs:
  • Route standalone RecordActivityTaskHeartbeat and RespondActivityTask{Completed,Failed,Canceled} via chasm.UpdateComponent using WithToken.
• Tests:
  • Add/extend functional tests for heartbeats: invalid/stale tokens, cancelRequested flag, retry on heartbeat timeout, timeout without heartbeats, and heartbeats preventing timeout; adjust started transition test.

^{Written by Cursor Bugbot for commit af7ca83. This will update automatically on new commits. Configure here.}

[dandavison]

ignore: formatting only

[bergundy]

Looks like @fretz12 and you have different ideas on how to format these signatures. I personally like the style in this PR better.

[fretz12]

I like this formatting better too, but ideally we should have the linter take care of it.
I'm running gofumpt locally, it seems to do a good job... maybe introduce it as part of the lint-code target?

[dandavison]

ignore: formatting only

[dandavison]

ignore: formatting only

[bergundy]

Looks like @fretz12 and you have different ideas on how to format these signatures. I personally like the style in this PR better.

[bergundy]

You will want to validate that the schedule time in the attributes is still relevant here not in the execute function. It should deterministic function of the last heartbeat time and the attempt start time (hbDeadline below should be equal to the schedule time).

[dandavison]

See reply below

[bergundy]

This shouldn't happen here. Validate in the Validate function. Schedule a new task any time a heartbeat is received.

[dandavison]

I currently still think that the design I've proposed is preferable:

I've added a high water mark mechanism to make the tasks become invalid on execution.

[dandavison]

Discussed offline -- design B incurs extra persistence writes that aren't balanced out by the changes to numbers of logical tasks created. I've switched the PR over to the design that @bergundy proposes.

[bergundy]

We agreed not to add Task to the task names. Not sure if we want to use TaskExecutor vs. just Executor for the struct names but that is not critical and can change easily. The string names cannot be changed easily OTOH because they affect how tasks are represented in persistence.

[bergundy]

Just before returning here you want to generate a new heartbeat task if the heartbeat timeout is set.

[dandavison]

See reply above; I currently still think the proposed design is preferable.

[dandavison]

This is done now -- switched back to your design.

[bergundy]

Alternatively, you can use require.ErrorAs(err, &invalidArgumentErr)

[dandavison]

Leaving as is for now

[fretz12]

Wrong error message? Also NotFound doesn't feel like the right error type, even though I get it's checking if a token "matches". Perhaps FailPrecondition?

[dandavison]

I used NotFound because it'd what the workflow implementation uses (see IsActivityTaskNotFoundForToken)

[fretz12]

Same comment as above

[dandavison]

I used NotFound because it'd what the workflow implementation uses (see IsActivityTaskNotFoundForToken)

[fretz12]

@bergundy is there any performance pentalty if we create a new field on every hearbeat?

[bergundy]

No, no penalty.

[fretz12]

Suggested change

	Details: input.Request.HeartbeatRequest.GetDetails(),
	Details: input.Request.GetHeartbeatRequest().GetDetails(),

[dandavison]

Thanks, taken

[fretz12]

nit: taskAttrs, task are unused

[dandavison]

Thanks, marked as _ unused parameters

[fretz12]

If hbDeadline happens to be attemptStartTime + hbTimeout (i.e., no hearbeat recorded yet), won't the next timer basically pop the same time as the current one being executed?

[dandavison]

That should not happen because of this condition

if ctx.Now(activity).Before(hbDeadline)

the heartbeat task will not execute before time hbDeadline since the first task is scheduled for hbTimeout.

[cursor]

Bug: Proto field numbers changed breaking wire format compatibility

The new field last_heartbeat_task_scheduled_time was inserted at field number 7, causing all subsequent fields to be renumbered: retry_policy moved from 7→8, status from 8→9, schedule_time from 9→10, priority from 10→11, and cancel_state from 11→12. This breaks protobuf wire format backward compatibility. If any ActivityState messages were previously serialized and stored, deserializing them with the new schema will cause data corruption (e.g., the old retry_policy data would be interpreted as last_heartbeat_task_scheduled_time). New fields should be added with the next available field number (12) without renumbering existing fields.

Additional Locations (1)

• chasm/lib/activity/gen/activitypb/v1/activity_state.pb.go#L172-L188

 

[dandavison]

The movement here was required to fix a bug that I encountered when implementing the other proposed design. We needed attempt.StartedTime to be available in TransitionStarted so that we could use it in scheduling the first heartbeat task, as well as the base for the start-to-close timeout. Before this PR we were using an ad-hoc ctx.Now() that was close to but not equal to StartedTime.

Reverting it doesn't cause a test failure with the hreartbeating design in this PR, but it's better to set the field state before calling the transition function.

[dandavison]

Reverting this would now cause a test failure since the PR is back to design A.

[dandavison]

This is where we use StartedTime that I referred to above; it wasn't possible before because we were calling the transition function before setting the attempt field state.

Reverting this doesn't cause a test failure in the current PR. But it did with the alternative design, and in any case it's better to use StartedTime rather than an arbitrary timestamp that's close to it in time.

[dandavison]

Reverting this would now cause a test failure since the PR is back to design A.

[bergundy]

Approved with comments.

[bergundy]

Why is this logic outside of the transition function? Ideally no mutation would be done outside of transitions.

[dandavison]

Good point, moved and updated tests.

[bergundy]

nit: this logic seems duplicated any time an attempt is failed, can we add a function that encapsulates it?

[dandavison]

Good call, refactored along those lines in ffcb338.

[bergundy]

Make it a method:

Suggested change

	func ValidateActivityTaskToken(
	ctx chasm.Context,
	a *Activity,
	token *tokenspb.Task,
	) error {
	func (a *Activity) ValidateTaskToken(
	ctx chasm.Context,
	token *tokenspb.Task,
	) error {

[bergundy]

And move it to activity.go?

[dandavison]

Thanks, yes, agree with both, done.

[bergundy]

What value are you getting from adding those sleeps? They are just making the test flaky.

[dandavison]

The sleeps allow us to prove that an attempt with duration longer than the heartbeat interval can succeed, due to the heartbeats. Without the sleep, the attempt would just immediately succeed and we would have demonstrated nothing about the heartbeat timeout.

I'd like to know of better ways to demonstrate that, but tests like that are a necessity while developing the feature. We could delete the test if there is no good way of testing this in a functional test.