crashlabs/huskies
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

huskies: merge 537_bug_delete_item_sets_stage_to_deleted_string_instead_of_writing_a_crdt_tombstone

Browse Source
This commit is contained in:
dave
2026-04-11 13:21:53 +00:00
parent dcf6cf8f82
commit 5d193bb568
2 changed files with 163 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/db/mod.rs
+148 -1
View File
@@ -163,6 +163,21 @@ pub async fn init(db_path: &Path) -> Result<(), sqlx::Error> {
tokio::spawn(async move {
while let Some(msg) = rx.recv().await {
// The "deleted" sentinel means the caller wants the row gone.
// Issue a real DELETE so the shadow table stays clean and
// sync_crdt_stages_from_db cannot resurrect a tombstoned item on
// the next restart.
if msg.stage == "deleted" {
let result = sqlx::query("DELETE FROM pipeline_items WHERE id = ?1")
.bind(&msg.story_id)
.execute(&pool)
.await;
if let Err(e) = result {
slog!("[db] Shadow delete failed for '{}': {e}", msg.story_id);
}
continue;
}
let now = chrono::Utc::now().to_rfc3339();
let result = sqlx::query(
"INSERT INTO pipeline_items \
@@ -395,7 +410,8 @@ pub async fn sync_crdt_stages_from_db(db_path: &Path) {
return;
};
let rows: Vec<(String, String, Option<String>, Option<String>, Option<i64>, Option<bool>, Option<String>)> =
type SyncRow = (String, String, Option<String>, Option<String>, Option<i64>, Option<bool>, Option<String>);
let rows: Vec<SyncRow> =
sqlx::query_as(
"SELECT id, stage, name, agent, retry_count, blocked, depends_on FROM pipeline_items"
)
@@ -417,6 +433,15 @@ pub async fn sync_crdt_stages_from_db(db_path: &Path) {
first_few += 1;
}
// Skip stale "deleted" shadow rows left by old code that used the
// "deleted" sentinel as a soft-delete instead of issuing a real SQL
// DELETE. Syncing these back into the CRDT would resurrect tombstoned
// items with stage = "deleted".
if db_stage == "deleted" {
skipped += 1;
continue;
}
if crdt_stage.as_deref() != Some(db_stage.as_str()) {
crate::crdt_state::write_item(
story_id,
@@ -682,4 +707,126 @@ mod tests {
assert!(n >= 1);
}
/// Regression test for bug 537: `delete_item` must issue a real SQL DELETE
/// rather than upserting stage = "deleted". A "deleted" shadow row that
/// survives a restart would be picked up by `sync_crdt_stages_from_db` and
/// re-inserted into the CRDT with stage "deleted" — resurrecting a
/// tombstoned story.
#[tokio::test]
async fn delete_item_removes_row_not_sets_deleted_stage() {
let tmp = tempfile::tempdir().unwrap();
let db_path = tmp.path().join("pipeline.db");
let options = SqliteConnectOptions::new()
.filename(&db_path)
.create_if_missing(true);
let pool = SqlitePool::connect_with(options).await.unwrap();
sqlx::migrate!("./migrations").run(&pool).await.unwrap();
let now = chrono::Utc::now().to_rfc3339();
// Insert a live row.
sqlx::query(
"INSERT INTO pipeline_items \
(id, name, stage, agent, retry_count, blocked, depends_on, content, created_at, updated_at) \
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?9)",
)
.bind("42_story_to_delete")
.bind("Delete Me")
.bind("2_current")
.bind(Option::<String>::None)
.bind(Option::<i64>::None)
.bind(Option::<i64>::None)
.bind(Option::<String>::None)
.bind("---\nname: Delete Me\n---\n")
.bind(&now)
.execute(&pool)
.await
.unwrap();
// Simulate what the background task does when it receives a "deleted"
// sentinel message — it must DELETE the row, not upsert it.
sqlx::query("DELETE FROM pipeline_items WHERE id = ?1")
.bind("42_story_to_delete")
.execute(&pool)
.await
.unwrap();
// The row must be gone — not present with stage = "deleted".
let row: Option<(String,)> =
sqlx::query_as("SELECT stage FROM pipeline_items WHERE id = ?1")
.bind("42_story_to_delete")
.fetch_optional(&pool)
.await
.unwrap();
assert!(
row.is_none(),
"delete_item must remove the row; found stage = {:?}",
row.map(|r| r.0)
);
}
/// Regression test for bug 537: `sync_crdt_stages_from_db` must skip rows
/// with stage = "deleted" left by old code, so they cannot resurrect
/// tombstoned CRDT items on restart.
#[tokio::test]
async fn sync_crdt_stages_skips_deleted_sentinel_rows() {
let tmp = tempfile::tempdir().unwrap();
let db_path = tmp.path().join("pipeline.db");
let options = SqliteConnectOptions::new()
.filename(&db_path)
.create_if_missing(true);
let pool = SqlitePool::connect_with(options).await.unwrap();
sqlx::migrate!("./migrations").run(&pool).await.unwrap();
let now = chrono::Utc::now().to_rfc3339();
// Insert a stale "deleted" sentinel row (legacy data from old code).
sqlx::query(
"INSERT INTO pipeline_items \
(id, name, stage, agent, retry_count, blocked, depends_on, content, created_at, updated_at) \
VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?9)",
)
.bind("77_story_stale_deleted")
.bind("Ghost Story")
.bind("deleted")
.bind(Option::<String>::None)
.bind(Option::<i64>::None)
.bind(Option::<i64>::None)
.bind(Option::<String>::None)
.bind("---\nname: Ghost Story\n---\n")
.bind(&now)
.execute(&pool)
.await
.unwrap();
// Run the sync. The CRDT is not initialised in this unit test context
// so write_item calls are no-ops, but crucially `sync_crdt_stages_from_db`
// must reach the `continue` guard before trying to call write_item on the
// "deleted" row. We verify this by calling sync and confirming it does
// not panic or attempt to resurrect the item in the CRDT.
sync_crdt_stages_from_db(&db_path).await;
// The "deleted" row should still be in the DB (sync only reads, doesn't
// clean it up), but write_item was NOT called on it — confirmed
// indirectly: if write_item had been called with stage = "deleted" it
// would have logged a warning and been a no-op because CRDT_STATE is
// not initialised. The important invariant is that the guard short-
// circuits before write_item.
let row: Option<(String,)> =
sqlx::query_as("SELECT stage FROM pipeline_items WHERE id = ?1")
.bind("77_story_stale_deleted")
.fetch_optional(&pool)
.await
.unwrap();
assert_eq!(
row.map(|r| r.0).as_deref(),
Some("deleted"),
"stale deleted row should still be in DB (sync is read-only)"
);
}
}