Scale MCP logs timeout for larger fetch windows

[Copilot]

The MCP logs tool was still defaulting to a 1-minute timeout, which caused fleet-wide queries to hit the 60s server deadline once the requested window grew beyond ~40 runs. This change raises the effective default budget for larger requests without changing explicit user-provided timeouts or the existing continuation behavior.

• MCP logs timeout behavior

  • Replace the fixed 1-minute fallback with a count-aware default timeout.
  • Keep explicit timeout values authoritative.
  • Preserve the existing CLI/orchestrator continuation flow; this only changes the implicit MCP-side budget selection.

• Default timeout tiers

  • Up to 40 runs: 1 minute
  • 41–80 runs: 2 minutes
  • Default 100-run window: 3 minutes

• Schema/default alignment

  • Update the MCP tool schema default for timeout to match the new count-scaled behavior.
  • Clarify the tool description so the timeout tiers are visible to callers.

• Targeted test updates

  • Add focused coverage for the new implicit-timeout calculation.
  • Update the MCP default-schema test to assert the real logs-tool defaults.

func effectiveMCPLogsToolTimeoutMinutes(requestedTimeout, count int) int {
	if requestedTimeout > 0 {
		return requestedTimeout
	}
	return defaultMCPLogsToolTimeoutMinutesForCount(count)
}

---

Generated by 👨‍🍳 PR Sous Chef · 193.2 AIC · ⌖ 8.61 AIC · ⊞ 6.7K · ◷

[Copilot]

Pull request overview

This PR updates the MCP logs tool to choose a larger implicit timeout for larger log fetch windows, reducing default 60s deadline hits on fleet-wide queries while keeping explicit user-provided timeouts authoritative.

Changes:

• Introduces a count-aware default timeout calculation for MCP logs requests and uses it when timeout is omitted.
• Updates the MCP tool schema defaults/description to reflect the new implicit timeout behavior.
• Adds/updates unit tests to cover the new implicit-timeout logic and schema defaults.

Show a summary per file

File	Description
pkg/cli/mcp_tools_privileged.go	Adds count-based implicit timeout selection and updates the MCP logs tool schema defaults/description.
pkg/cli/mcp_server_defaults_test.go	Aligns schema-default assertions with the updated MCP logs tool defaults.
pkg/cli/logs_timeout_test.go	Adds focused unit coverage for the new implicit MCP logs timeout calculation.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 3/3 changed files
• Comments generated: 2
• Review effort level: Low

[github-actions]

✅ Test Quality Sentinel completed test quality analysis.

[github-actions]

✅ PR Code Quality Reviewer completed the code quality review.

[github-actions]

🧠 Matt Pocock Skills Reviewer has completed the skills-based review. ✅

[github-actions]

✅ Design Decision Gate 🏗️ completed the design decision gate check.

No ADR enforcement needed: PR #42295 does not have the 'implementation' label and has only 84 new lines of code in business logic directories (threshold: 100). ADR gate skipped.

[gh-aw-bot]

@copilot please run the pr-finisher skill to bring this PR to a mergeable state. The branch has been queued for a base-branch update — once updated, rerun any failing checks and verify the PR is ready to merge.

Generated by 👨‍🍳 PR Sous Chef · 193.2 AIC · ⌖ 8.61 AIC · ⊞ 6.7K · ◷

[github-actions]

Review: Scale MCP logs timeout for larger fetch windows

The change is correct and well-structured. The math checks out across all documented tiers, the previous tautological test is replaced with a proper table-driven suite, and the schema/test constants are now derived from the source-of-truth rather than hardcoded magic numbers.

Two non-blocking suggestions are filed as inline comments:

1. Missing tier-boundary test — the 80 -> 81 boundary (2 to 3 min) is not covered; only the 40 -> 41 boundary is tested.
2. Schema default vs. runtime default — the elicitation default for timeout (3 min) reflects the 100-run tier, but callers who pass a smaller count will get a lower effective timeout at runtime. A short clarifying comment would help.

Neither is blocking. The core logic, constants, and formula are correct.

🧵 Reviewed using Impeccable skills by Impeccable Skills Reviewer · 36.6 AIC · ⌖ 6.63 AIC · ⊞ 4.9K

[github-actions]

The test suite covers the 40 → 41 boundary (1 → 2 min) but misses the 80 → 81 boundary (2 → 3 min). Consider adding test cases for count=80 (expect 2 min) and count=81 (expect 3 min) to fully exercise both tier transitions and guard against accidental formula changes.

@copilot please address this.

[github-actions]

The schema default for timeout is pinned to the 100-run tier (3 min). A caller that provides an explicit count=10 but no timeout will get a 1-minute effective timeout at runtime, despite the schema hint suggesting 3. The jsonschema tag description on the field already documents the tiers, but the schema default could mislead callers who assume it applies to any count value.

Consider adding a small comment here like:

// Schema default corresponds to defaultMCPLogsToolCount; actual runtime value
// scales down for smaller count values — see defaultMCPLogsToolTimeoutMinutesForCount.

@copilot please address this.

[github-actions]

🧪 Test Quality Sentinel Report

✅ Test Quality Score: 85/100 — Excellent

Analyzed 2 test(s): 2 design, 0 implementation, 0 guideline violation(s). Both tests directly verify behavioral contracts for the new count-aware timeout-scaling logic.

📊 Metrics & Test Classification (2 tests analyzed)

Metric	Value
New/modified tests analyzed	2
✅ Design tests (behavioral contracts)	2 (100%)
⚠️ Implementation tests (low value)	0 (0%)
Tests with error/edge cases	1 (50%)
Duplicate test clusters	0
Test inflation detected	No (ratio 1.53 — under 2:1)
🚨 Coding-guideline violations	0

Test	File	Classification	Issues Detected
TestEffectiveMCPLogsToolTimeoutMinutes (NEW — replaces no-op TestMCPServerDefaultTimeout)	pkg/cli/logs_timeout_test.go:115	✅ Design	—
TestMCPToolElicitationDefaults (logs-defaults section, MODIFIED)	pkg/cli/mcp_server_defaults_test.go:66	✅ Design	—

Go: 2 (*_test.go); JavaScript: 0. Build tags: both files carry //go:build !integration on line 1 ✅. No mock libraries detected ✅.

Score breakdown

Component	Earned	Max
Behavioral coverage (2/2 design tests)	40	40
Edge/error case coverage (1/2 — TestEffectiveMCPLogsToolTimeoutMinutes covers count=0, count=41 boundary, explicit-override path; TestMCPToolElicitationDefaults changes add no new error paths)	15	30
Low duplication (0 duplicate clusters)	20	20
Proportional growth (test +54 / prod +30 = 1.8:1)	10	10
Total	85	100

🔍 Per-test analysis

TestEffectiveMCPLogsToolTimeoutMinutes (pkg/cli/logs_timeout_test.go:115) — New, replaces TestMCPServerDefaultTimeout

The old test was a compile-time no-op: it set a local variable then immediately checked its own set value — it could never fail. The replacement is a table-driven test with 5 rows that exercise the real effectiveMCPLogsToolTimeoutMinutes() function:

Row	requestedTimeout	count	want	Notes
explicit timeout is preserved	5	100	5	Behavioral contract: explicit beats auto-scale
small fetch window keeps one minute default	0	40	1	At-threshold boundary
fetch window above forty runs gets two minutes	0	41	2	Just-above-threshold boundary
default hundred run window gets three minutes	0	100	3	Default-count case
unspecified count falls back to default window size	0	0	3	Edge case: zero count

Assertions use t.Errorf with full parameter context. ✅ No testify/mock; boundary + edge cases present.

TestMCPToolElicitationDefaults (pkg/cli/mcp_server_defaults_test.go:66) — Modified (logs-tool defaults section)

Two changes: replaces hardcoded magic numbers (100, 50) with the production constants defaultMCPLogsToolCount and defaultMCPLogsToolTimeoutMinutesForCount(defaultMCPLogsToolCount). This removes a dangerous drift risk where the test and the production code could silently disagree on the default values. The assertions now pin the relationship between the schema default and the production function output, rather than a fixed integer. Setup uses t.Fatalf for error paths.

Verdict

✅ Check passed. 0% implementation tests (threshold: 30%), no coding-guideline violations. The new TestEffectiveMCPLogsToolTimeoutMinutes replaces a functionally inert predecessor with genuine behavioral coverage across all documented timeout tiers and boundary conditions.

References: §28389435456

🧪 Test quality analysis by Test Quality Sentinel · 52.1 AIC · ⌖ 17.4 AIC · ⊞ 8.1K · ◷
_{Comment /review to run again}

[github-actions]

✅ Test Quality Sentinel: 85/100. Test quality is acceptable — 0% of new tests are implementation tests (threshold: 30%).

[github-actions]

Skills-Based Review 🧠

Applied /tdd and /grill-with-docs — approving with two minor suggestions.

📋 Key Themes & Highlights

Key Themes

• Test boundary gap: Tier 1→2 (count 40/41) is tested; tier 2→3 (count 80/81) is not — a future constant change could silently regress.
• Schema description drift: Timeout struct tag hardcodes tier numbers that should mirror mcpLogsRunsPerDefaultTimeoutMinute.

Positive Highlights

• ✅ Correct ceiling-division formula — verified manually against all four tier boundaries.
• ✅ Replaces a tautological mock test (timeout == 50 → want 50) with real table-driven tests that exercise the live function.
• ✅ Clean two-function split: defaultMCPLogsToolTimeoutMinutesForCount for the policy and effectiveMCPLogsToolTimeoutMinutes for the override logic.
• ✅ Named constants for every magic number; no bare literals left in the logic path.
• ✅ mcp_server_defaults_test.go is now self-consistent — schema defaults reference the same constants as the implementation.

🧠 Reviewed using Matt Pocock's skills by Matt Pocock Skills Reviewer · 62.1 AIC · ⌖ 7.43 AIC · ⊞ 6.6K
_{Comment /matt to run again}

[github-actions]

[/tdd] The tier 1→2 boundary (count=40/41) is tested but the tier 2→3 boundary (count=80/81) is not. A future off-by-one in the ceiling-division formula would only be caught at the tested boundaries.

💡 Two additional cases to add before line 152

{
	name:             "top of tier 2 keeps two minutes",
	requestedTimeout: 0,
	count:            80,
	want:             2,
},
{
	name:             "bottom of tier 3 gets three minutes",
	requestedTimeout: 0,
	count:            81,
	want:             3,
},

These pin both sides of the second tier boundary, matching the depth of coverage already present for the first boundary (40/41).

@copilot please address this.

[github-actions]

[/grill-with-docs] The jsonschema description hardcodes the tier boundaries ("1 minute for up to 40 runs, 2 minutes for 41-80 runs, and 3 minutes for the default 100-run window"), but the real boundaries are derived from mcpLogsRunsPerDefaultTimeoutMinute. If that constant changes the description will silently drift, misleading MCP callers.

💡 Suggestion

Add a short comment above the field pointing readers at the authoritative constants, or use a generate step to embed the computed strings. At minimum, note in a comment that the inline numbers shadow mcpLogsRunsPerDefaultTimeoutMinute:

// Tier thresholds mirror mcpLogsRunsPerDefaultTimeoutMinute; update this
// string if that constant changes.
Timeout int `json:"timeout,omitempty" jsonschema:"..."`

This keeps the description honest without requiring a runtime approach.

@copilot please address this.

[github-actions]

Two correctness issues need fixing before merge — plus two supporting issues already flagged in earlier comments.

### Blocking issues (this review)

1. timeout: 0 cannot reach the CLI's "unlimited" mode (line 71, effectiveMCPLogsToolTimeoutMinutes)

The guard if requestedTimeout > 0 silently treats an explicit 0 identically to an omitted value, so an MCP caller who intends --timeout 0 (no timeout, CLI-documented contract) always gets an auto-computed budget. The PR description says "Keep explicit timeout values authoritative" — this code doesn't deliver that. Either pass 0 through as-is, or explicitly document and enforce that unlimited mode is intentionally blocked.

2. No upper bound on computed timeout (line 62, defaultMCPLogsToolTimeoutMinutesForCount)

count=1000 → 25-minute timeout; count=10000 → ~4-hour hang. The schema count field has no maximum constraint, making the handler susceptible to over-large inputs. A hard cap (e.g., 10 minutes) should be applied and exposed in the schema.

### Supporting issues (also flagged in this review)

• Test "unspecified count falls back to default window size" encodes the count=0 / 10-run inconsistency (identified by a prior comment) as expected behavior, making it harder to fix.
• Stale "seconds" in mcp_server_defaults_test.go:59 — test fixture out of sync with the real logsArgs.Timeout field which now says "minutes".

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• patchdiff.githubusercontent.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "patchdiff.githubusercontent.com"

See Network Configuration for more information.

🔎 Code quality review by PR Code Quality Reviewer · 95.8 AIC · ⌖ 9.09 AIC · ⊞ 5.2K
_{Comment /review to run again}

Comments that could not be inline-anchored

pkg/cli/mcp_tools_privileged.go:71

timeout: 0 cannot request unlimited execution — contradicts the PR's stated design goal: if requestedTimeout > 0 silently treats an explicit 0 the same as an omitted value, so an MCP caller who passes timeout: 0 to opt into unlimited mode receives an auto-computed budget instead.

<details>
<summary>💡 Details and suggested fix</summary>

The CLI contract is explicit: --timeout 0 means "no timeout" (logs_command.go flag: "Download timeout in minutes (0 = no timeout)"). The PR …

pkg/cli/mcp_tools_privileged.go:62

No upper bound on computed timeout — a large count can produce arbitrarily long hangs: count=1000 yields a 25-minute timeout; there is no schema maximum on count and no cap in this function.

<details>
<summary>💡 Details and suggested fix</summary>

The formula (count + 39) / 40 scales linearly without a ceiling:

count	computed timeout
120	3 min
121	4 min
200	5 min
1000	25 min …

pkg/cli/logs_timeout_test.go:150

This test case encodes a known bug as expected behavior: the test asserts count=0 → 3-minute timeout because defaultMCPLogsToolTimeoutMinutesForCount substitutes defaultMCPLogsToolCount=100. But when args.Count==0, the handler doesn't pass -c to the CLI, which then fetches only 10 runs (its own default). The timeout is over-provisioned by 3× and the test name implies this is correct.

<details>
<summary>💡 Why this matters</summary>

An existing review comment on this PR already i…

pkg/cli/mcp_server_defaults_test.go:59

Stale unit descriptor in test fixture: this local logsArgs struct still says "Maximum time in seconds" while the real logsArgs.Timeout field (changed in this PR) says "minutes". Because the test redefines the struct locally instead of importing the real type, schema-documentation drift goes undetected.

<details>
<summary>💡 Suggested fix</summary>

Change the local field tag to match production:

Timeout int `json:"timeout,omitempty" jsonschema:"Maximum time in minutes to spen…

</details>

[Copilot]

@copilot please run the pr-finisher skill to bring this PR to a mergeable state. The branch has been queued for a base-branch update — once updated, rerun any failing checks and verify the PR is r...

Addressed in 75db04a.

I ran the pr-finisher workflow for this branch: applied/validated the remaining timeout-review fixes, ran local validation (make fmt, make lint, make test-unit, make test), and pushed the update. Current PR head is updated; CI for this new head is not yet green in this agent context and needs maintainer re-trigger to fully verify merge readiness.

Done