fix(server): resolve memory leaks causing OOM in k8s deployment

- usage/logger_plugin: cap modelStats.Details at 1000 entries per model - cache/signature_cache: add background cleanup for expired sessions (10 min) - management/handler: add background cleanup for stale IP rate-limit entries (1 hr) - executor/cache_helpers: add mutex protection and TTL cleanup for codexCacheMap (15 min) - executor/codex_executor: use thread-safe cache accessors Add reproduction tests demonstrating leak behavior before/after fixes. Amp-Thread-ID: https://ampcode.com/threads/T-019ba0fc-1d7b-7338-8e1d-ca0520412777 Co-authored-by: Amp <amp@ampcode.com>
2026-02-18 04:10:51 +08:00 · 2026-01-09 13:33:46 +05:45
parent d47b7dc79a
commit 47dacce6ea
7 changed files with 526 additions and 6 deletions
--- a/internal/cache/signature_cache.go
+++ b/internal/cache/signature_cache.go
@@ -26,11 +26,17 @@ const (

 	// MinValidSignatureLen is the minimum length for a signature to be considered valid
 	MinValidSignatureLen = 50
+
+	// SessionCleanupInterval controls how often stale sessions are purged
+	SessionCleanupInterval = 10 * time.Minute
 )

 // signatureCache stores signatures by sessionId -> textHash -> SignatureEntry
 var signatureCache sync.Map

+// sessionCleanupOnce ensures the background cleanup goroutine starts only once
+var sessionCleanupOnce sync.Once
+
 // sessionCache is the inner map type
 type sessionCache struct {
 	mu      sync.RWMutex
@@ -45,6 +51,9 @@ func hashText(text string) string {

 // getOrCreateSession gets or creates a session cache
 func getOrCreateSession(sessionID string) *sessionCache {
+	// Start background cleanup on first access
+	sessionCleanupOnce.Do(startSessionCleanup)
+
 	if val, ok := signatureCache.Load(sessionID); ok {
 		return val.(*sessionCache)
 	}
@@ -53,6 +62,40 @@ func getOrCreateSession(sessionID string) *sessionCache {
 	return actual.(*sessionCache)
 }

+// startSessionCleanup launches a background goroutine that periodically
+// removes sessions where all entries have expired.
+func startSessionCleanup() {
+	go func() {
+		ticker := time.NewTicker(SessionCleanupInterval)
+		defer ticker.Stop()
+		for range ticker.C {
+			purgeExpiredSessions()
+		}
+	}()
+}
+
+// purgeExpiredSessions removes sessions with no valid (non-expired) entries.
+func purgeExpiredSessions() {
+	now := time.Now()
+	signatureCache.Range(func(key, value any) bool {
+		sc := value.(*sessionCache)
+		sc.mu.Lock()
+		// Remove expired entries
+		for k, entry := range sc.entries {
+			if now.Sub(entry.Timestamp) > SignatureCacheTTL {
+				delete(sc.entries, k)
+			}
+		}
+		isEmpty := len(sc.entries) == 0
+		sc.mu.Unlock()
+		// Remove session if empty
+		if isEmpty {
+			signatureCache.Delete(key)
+		}
+		return true
+	})
+}
+
 // CacheSignature stores a thinking signature for a given session and text.
 // Used for Claude models that require signed thinking blocks in multi-turn conversations.
 func CacheSignature(sessionID, text, signature string) {