Design: bounded query execution — kernel fix for the /v1/query OOM (LLP 0054-0057)#215
Merged
Merged
Conversation
…LP 0054-0057) Captures the settled 1+2+3 kernel fix for hyparam/hypaware-server#9: unbounded ORDER BY / GROUP BY / COUNT(DISTINCT) buffer the whole scan and OOM-kill the daemon. Peak memory now tracks a per-query budget, not the scanned row count. - 0054 spec: bounded query execution — execution budget + threaded abort signal on the public hypaware/core/query surface (distinct from the output-shaped ContextControls); extends LLP 0015. - 0055 decision: stream scalar/distinct aggregates via scanColumn rather than buffering rows (lights squirreling's dormant fast path on icebird + the core union + ai-gateway schema wrapper). - 0056 decision: refuse over spill/truncate on budget exceed (spill = deferred follow-up; truncate is a wrong answer for aggregates). - 0057 plan: implementation across hypaware / squirreling / icebird / ai-gateway. - 0015: forward-ref to 0054 (Active doc — forward-ref only). - 0038: capture the daemon-isolation todo as the defense-in-depth sibling. Docs only — no code; @ref annotations land with the implementation. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
philcunliffe
added a commit
that referenced
this pull request
Jun 30, 2026
The bounded-query-execution design (merged Draft in #215) is reviewed and approved for implementation: flips the spec, both decisions, and the plan to Accepted. The 0038 isolation todo stays Draft (separately-owned track). Active follows when the code lands. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Design docs (LLP) capturing the settled 1+2+3 kernel fix for the
/v1/queryOOM — hyparam/hypaware-server#9. Docs only; no code.Unbounded
ORDER BY/ high-cardinalityGROUP BY/COUNT(DISTINCT …)over the ~495k-rowai_gateway_messagesbuffer the whole scan, thencollect()re-materializes it, and the daemon is OOM-killed mid-request. These docs make peak execution memory a function of a per-query budget, not the scanned row count.Documents
spec— bounded query execution: execution budget + threadedAbortSignaladded toExecuteSqlOptionson the publichypaware/core/querysurface — explicitly distinct from the output-shapedContextControls. Extends LLP 0015. This is the reusable budget primitive the server's LLP 0006#result-capsV1 note named.decision— stream scalar/distinct aggregates viascanColumnover row-buffering (lights squirreling's dormant fast path on icebird + the coreunionSources+ ai-gateway's schema wrapper).decision— refuse over spill/truncate on budget exceed (spill = deferred follow-up; truncate is a wrong answer for aggregates).plan— phased implementation across hypaware / squirreling / icebird / ai-gateway, with the@ref-to-add map and abounded_query_refusalsmoke.Paired PR
Server-side placement decision (fix-in-kernel as a named extension) + the LLP 0006 forward-ref: hyparam/hypaware-server#31.
Scope note
Signal-threading is a spec requirement (no real chose-X-over-Y), so it is folded into 0054 rather than minted as its own decision. The engine-side parts (#1 signal, #3 budget in squirreling; #2
scanColumnin icebird) land as upstream PRs to those first-party hyparam packages + a pinned kernel version bump — tracked in the 0057 plan.Validation
ref-check-equivalent: filename types match
**Type:**, all inter-LLP links +Relatedtargets resolve, new numbers unique (the only duplicate in the tree is the pre-existing0026collision onmaster, untouched here).🤖 Generated with Claude Code