Skip to content

fix: guard event indexer poll cycle with Postgres advisory lock#31

Open
nonsobethel0-dev wants to merge 2 commits into
LabsCrypt:mainfrom
nonsobethel0-dev:fix/issue-5-indexer-advisory-lock
Open

fix: guard event indexer poll cycle with Postgres advisory lock#31
nonsobethel0-dev wants to merge 2 commits into
LabsCrypt:mainfrom
nonsobethel0-dev:fix/issue-5-indexer-advisory-lock

Conversation

@nonsobethel0-dev

@nonsobethel0-dev nonsobethel0-dev commented Jun 19, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Closes #5

What changed

src/services/eventIndexer.ts

pollOnce() now acquires pg_try_advisory_lock(738154291) on a dedicated pool connection at the start of every poll cycle:

  • If another instance already holds the lock, pg_try_advisory_lock returns false immediately — the current instance skips the cycle with a debug log and returns without touching the cursor or firing any side effects.
  • When the lock is acquired, a debug log is emitted so operators can see which pod/process is active in multi-instance deployments.
  • The lock is always released via pg_advisory_unlock in a finally block on the same connection that acquired it (advisory locks are session-scoped in Postgres, so releasing on a different connection would be a no-op).
  • The connection is returned to the pool in an outer finally, so neither the lock nor the connection leaks if processing throws.

src/services/__tests__/eventIndexer.test.ts — 4 new tests

Test Acceptance criterion
Lock-not-acquired path: no DB writes, no dispatches, client released AC 1
Lock acquired but processing throws: pg_advisory_unlock + release() still run AC 1
Restarted instance reads last_indexed_ledger = 500 from DB and fetches from ledger 501 AC 3
Two instances ingest same event: only the instance with rowCount > 0 dispatches webhooks and notifications AC 2 + 4

src/__tests__/eventIndexer.test.ts

  • Added debug: jest.fn() to mockLogger (required by the new observability log).
  • Added default mockLockClient that returns acquired: true for pg_try_advisory_lock, so all existing tests that call pollOnce() directly continue to pass without modification.

Acceptance criteria checklist

  • Guard each indexer poll cycle with a Postgres advisory lockpg_try_advisory_lock ensures only one instance advances the cursor per cycle; others skip immediately.
  • Side effects only fire for rows this instance actually inserted — webhook dispatch and notifications are gated on INSERT ... RETURNING rowCount > 0, which was already correct and is now explicitly tested.
  • Restarted instance resumes cleanly from the persisted cursorgetLastIndexedLedger() reads last_indexed_ledger from the DB on every poll; restart is transparent. Covered by the new resume test.
  • Test simulating two concurrent poll cycles without duplicate dispatch — three separate tests cover the lock-skip path, the throw-and-cleanup path, and the two-instance dispatch deduplication path.

How to test

npm test
# 16 tests, 2 suites, all pass

@nonsobethel0-dev
fix: guard event indexer poll cycle with Postgres advisory lock
72c64a4 
Closes LabsCrypt#5

Two concurrent indexer instances could both read the same cursor from
indexer_state, fetch the same ledger range, and fire webhooks/notifications
before the ON CONFLICT DO NOTHING result was known — wasting RPC calls
and risking duplicate side-effect dispatch.

Changes:
- pollOnce() now acquires pg_try_advisory_lock(738154291) on a dedicated
  connection at the start of each cycle. A second instance that calls
  pg_try_advisory_lock while the first holds it gets false immediately and
  skips the cycle rather than blocking.
- The lock is released in a finally block on the same connection that
  acquired it; the connection is always returned to the pool regardless of
  whether the cycle succeeds or throws.
- Side effects (webhook dispatch, notifications) were already gated on
  INSERT ... RETURNING rowCount > 0, so only the instance that wins the
  insert fires them. Added a test to document and protect this guarantee.
- Added mockLockClient default in src/__tests__/eventIndexer.test.ts so
  existing integration-style tests that call pollOnce() directly continue
  to work without changes.
- Three new tests in services/__tests__/eventIndexer.test.ts cover:
  1. Lock-not-acquired path: no DB writes, no dispatches, client released
  2. Lock acquired but processing throws: unlock + client release still run
  3. Two instances same event: only the inserting instance dispatches
@nonsobethel0-dev
fix: add restart-resume test and advisory lock observability log
d815095 
- Add debug log line when advisory lock is successfully acquired so
  operators can confirm which instance is active in multi-pod deployments
- Add mockLogger.debug to src/__tests__/eventIndexer.test.ts to match
- Add test: restarted instance reads persisted cursor (last_indexed_ledger=500)
  and resumes from ledger 501, not from 0 — covers acceptance criterion 3
ogazboiz
ogazboiz requested changes Jun 19, 2026
View reviewed changes

@ogazboiz ogazboiz left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the advisory-lock logic itself is solid, this is the right approach. pollOnce uses a dedicated session client, pg_try_advisory_lock (non-blocking, so a held lock just skips the cycle with no deadlock), unlocks in an inner finally that covers the early-return and error paths, releases the client in an outer finally, and the no-acquire path correctly skips the unlock. the new tests assert exactly those semantics. a few things block it though:

  1. mock-completeness regression breaks an untouched test. adding getClient to eventIndexer's import of connection.js makes src/__tests__/loanDispute.test.ts fail with SyntaxError: ... does not provide an export named 'getClient' (5 tests), because that test's connection.js mock (lines 11-15) only exports query/default/withTransaction. add getClient: jest.fn() to that mock. three other files mock connection.js without getClient and are latent risks if their import chains shift, worth adding it there too: src/tests/notificationCleanup.test.ts, src/tests/auditLog.test.ts, src/tests/remittanceService.test.ts.

  2. build fails, 6 tsc errors in the new test files (this repo has no ci so npm run build is the gate):

    • src/tests/eventIndexer.test.ts:83 the getClient mock infers never, type it jest.fn<() => Promise<typeof mockLockClient>>().
    • src/services/tests/eventIndexer.test.ts:404,440 .filter has no matching overload on the calls array, annotate it (e.g. .mock.calls as [string][]).
    • :431 mockRejectedValueOnce on a never mock, type the query mock generically.
    • :466 mockImplementation not assignable to UnknownFunction, cast to a typed signature.
    • :503 queriedRanges[0].from possibly undefined under noUncheckedIndexedAccess, use ?. or assert non-null.

  3. prettier fails on src/services/tests/eventIndexer.test.ts. run npx prettier --write on it.

fix the mock and the test-file types so npm run build and npm test are green and the lock work is good to go.

if you want to keep contributing, join us on Telegram: https://t.me/+DOylgFv1jyJlNzM0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ogazboiz ogazboiz ogazboiz requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Backend] Event indexer has no cross-instance lock and can double-process ledger ranges

2 participants

@nonsobethel0-dev @ogazboiz