Skip to content

chore: trim old order and transaction events on the leader#1408

Merged
MicBun merged 1 commit into
mainfrom
chore/leader-gate-scheduler-trims
Jul 17, 2026
Merged

chore: trim old order and transaction events on the leader#1408
MicBun merged 1 commit into
mainfrom
chore/leader-gate-scheduler-trims

Conversation

@MicBun

@MicBun MicBun commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

resolves: https://github.com/trufnetwork/trufscan/issues/184

What

Leader-gates trim_order_events (migration 044) and trim_transaction_events (migration 052) so the leader-only tn_digest scheduler is authorized to run them.

Why

Both actions were declared PUBLIC owner, but the scheduler broadcasts them signed with the node's leader key, not the namespace owner. So every scheduler call was rejected with action is owner-only, and the trims never ran. On mainnet, trim_order_events has 159 failed attempts and 0 successes since ~block 1.7M, so ob_order_events (and, once live, transaction_events) grow unbounded on the node.

auto_digest, fired by the same scheduler with the same key, succeeds because it gates on check_leader_authorization() (@signer == @leader_sender). These two trims should use that same gate.

Change

trim_order_events and trim_transaction_events now drop owner and call check_leader_authorization() at the top of the body. Edited in place in their defining migrations (044/052) — actions are CREATE OR REPLACE and migrate.sh re-applies every file, so this re-applies idempotently on the next migrate. The trim logic is otherwise unchanged: deletion stays deterministic (block-height cutoff, never wall-clock) and delete-capped, so every validator removes the same rows on replay. No .prod.sql twin; the auth is namespace-agnostic. It is a CREATE OR REPLACE ACTION change only (no ALTER/DDL), so it is safe to apply against a live, settling node.

Test

tests/streams/digest/scheduler_trim_leader_authorization_test.go: the current block leader is accepted and a non-leader is rejected (Only the current block leader), for both actions. Existing coverage still passes — TestTrimTransactionEvents + E2E (data retention), TestDigestActionsLeaderAuthorization, and the scheduler-path broadcast integration test.

@MicBun MicBun self-assigned this Jul 17, 2026
@holdex

holdex Bot commented Jul 17, 2026

Copy link
Copy Markdown

Time Submission Status

Member # Time Running Total Status Last Update
MicBun 3h ✅ Submitted Jul 17, 2026, 10:24 AM

Submit or update total time with:

@holdex pr submit-time 2h

Add time on top of previous submission with:

@holdex pr add-time 1h30m

See available commands to help comply with our Guidelines.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The migration redeclares scheduler trim actions as public, leader-authorized actions while retaining capped, height-based deletion. A new test verifies non-leader calls fail and current-leader calls succeed for both actions.

Changes

Scheduler trim authorization

Layer / File(s) Summary
Leader-gated trim action implementations
internal/migrations/054-scheduler-trim-authorization.sql
trim_order_events and trim_transaction_events call check_leader_authorization(), apply height cutoffs and deletion caps, and emit deletion status notices.
Authorization coverage
tests/streams/digest/scheduler_trim_leader_authorization_test.go
Tests reject non-leader invocations and accept invocations signed by the current block leader for both trim actions.

Estimated code review effort: 3 (Moderate) | ~20 minutes

Possibly related PRs

  • trufnetwork/node#1344: Adds scheduler logic that broadcasts trim_order_events, complementing this action’s leader authorization.
  • trufnetwork/node#1406: Adds execution and parsing paths for trim_transaction_events, which this PR authorizes.

Suggested labels: type: chore

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and matches the main change: leader-authorized trimming of old order and transaction events.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/leader-gate-scheduler-trims

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/migrations/054-scheduler-trim-authorization.sql`:
- Around line 34-37: Update the cutoff<=0 early-return branch in
trim_order_events to emit the scheduler’s established parseable no-op NOTICE
format, matching trim_transaction_events, before returning. Preserve the
existing no-op behavior while ensuring the scheduler can parse the broadcast
without retries.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2b0fe48b-3f56-425d-bc9a-300613e1d1f7

📥 Commits

Reviewing files that changed from the base of the PR and between b548cf0 and c8fb970.

📒 Files selected for processing (2)
  • internal/migrations/054-scheduler-trim-authorization.sql
  • tests/streams/digest/scheduler_trim_leader_authorization_test.go

Comment on lines +34 to +37
if $cutoff <= 0 {
NOTICE('trim_order_events: cutoff<=0, nothing to trim');
RETURN;
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Emit a parseable no-op NOTICE to prevent scheduler retries.

The comment in trim_transaction_events explicitly warns that an unrecognized NOTICE string will cause a parse failure in the scheduler's broadcast path, triggering needless retries. Since the same tn_digest scheduler invokes both actions, trim_order_events must also emit the parseable no-op format when short-circuiting here.

🐛 Proposed fix
     if $cutoff <= 0 {
-        NOTICE('trim_order_events: cutoff<=0, nothing to trim');
+        NOTICE('trim_order_events: deleted=0 remaining=0 has_more=false');
         RETURN;
     }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if $cutoff <= 0 {
NOTICE('trim_order_events: cutoff<=0, nothing to trim');
RETURN;
}
if $cutoff <= 0 {
NOTICE('trim_order_events: deleted=0 remaining=0 has_more=false');
RETURN;
}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/migrations/054-scheduler-trim-authorization.sql` around lines 34 -
37, Update the cutoff<=0 early-return branch in trim_order_events to emit the
scheduler’s established parseable no-op NOTICE format, matching
trim_transaction_events, before returning. Preserve the existing no-op behavior
while ensuring the scheduler can parse the broadcast without retries.

@MicBun
MicBun force-pushed the chore/leader-gate-scheduler-trims branch from c8fb970 to 8c4a072 Compare July 17, 2026 08:49
@MicBun

MicBun commented Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

@holdex pr submit-time 3h

@MicBun
MicBun merged commit 2bb7f9a into main Jul 17, 2026
9 checks passed
@MicBun
MicBun deleted the chore/leader-gate-scheduler-trims branch July 17, 2026 10:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant