Revert direct pushes to main

[findolor]

Motivation

Three commits were pushed directly to main without the normal PR review flow:

• 543a103 - Add order caching and fix trades-by-address timeout
• 50e7fd9 - Add metaboard neutralization, order caching, direct trades, quote chunking, and nginx hardening
• b1ebea3 - Skip RPC quotes for zero-balance orders and add stage timing

Branch protection currently prevents rewriting main, so this PR restores the reviewed tree state with a normal revert commit instead. The original changes are preserved for review in #82, #83, and #84.

Solution

• Revert the three direct-pushed commits in newest-to-oldest order.
• Fold the revert into a single commit for review clarity.
• Leave the original changes available in the stacked review PRs.

Checks

• nix develop -c cargo fmt
• nix develop -c rainix-rs-static

Note: rainix-rs-static passed, with existing warnings reported in the nested rain.orderbook crate.

Summary by CodeRabbit

• Removed Features

  • Trade-related endpoints and batch trade queries disabled; some trade responses are now unimplemented.
  • In-memory caching for orders and trades removed.

• Behavior Changes

  • “Not yet indexed” API response variant removed.

• Improvements

  • Simplified order listing flow to always fetch fresh quotes.

• Infrastructure

  • Server configuration and system settings updated; host keys and filesystem device identifier changed.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request removes production dependencies (moka, rusqlite), eliminates the caching and direct-trades SQLite layers, strips per-endpoint in-memory caching from orders routes, centralizes order-list response building, removes Nginx rate-limiting/security header customizations, updates deployment keys and role assignments, and stubs out trades handlers with todo!().

Changes

Cohort / File(s)	Summary
Dependency Removals Cargo.toml	Removed moka (with future feature) and rusqlite from production dependencies.
Deployment Keys & Roles keys.nix	Replaced keys.host SSH public key, removed keys.alastair, and removed alastair from roles.infra and roles.ssh.
System Configuration os.nix	Deleted Nginx rate-limiting and custom hardening blocks, removed scanner-blocking locations, updated /mnt/data device ID, and removed sandbox = false nix setting.
Caching Infrastructure Removal src/cache.rs	Deleted entire cache module: AppCache, Invalidatable, CacheGroup, and associated tests.
Direct-Trades DB Layer Removal src/direct_trades.rs	Removed DirectTradesFetcher and all SQLite-backed query/utility functions.
Error & Trade Types src/error.rs, src/types/trades.rs	Removed ApiError::NotYetIndexed and From<Arc<ApiError>> impl; deleted batch/taker trade request/response types.
Startup & Wiring src/main.rs, src/test_helpers.rs	Removed direct-trades wiring and .manage(...) registrations; updated rocket() signature (dropped direct_trades_fetcher arg) and adjusted test builder call.
Raindex Provider src/raindex/config.rs	Removed neutralize_metaboards helper/tests; RaindexProvider::load now obtains client via registry.get_raindex_client(db.clone()).
Orders Route Handlers src/routes/orders/get_by_owner.rs, src/routes/orders/get_by_token.rs, src/routes/orders/mod.rs	Removed per-endpoint caches and their parameters; simplified handlers to delegate to process_* and build_orders_list_response; removed zero-balance filtering and manual remapping; changed batch chunking to None.
Trades & Order Visibility src/routes/trades.rs, src/routes/order/get_order.rs	Deleted trades query logic, caches, batch/taker endpoints, and tests; left get_trades_by_tx/get_trades_by_address as todo!(); made map_trade private.
Type Derivations src/types/orders.rs	Narrowed derives for OrderSide (removed Copy, PartialEq, Eq, Hash).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• Batch order quote lookups per page #77 — Implements batched order-quote fetching and centralized build_orders_list_response, matching the orders refactor in this PR.
• Implement get_orders_by_token endpoint and refactor orders module #52 — Modifies orders subsystem routes and types; overlaps on orders handler and caching changes.
• Implement get_orders_by_owner endpoint #53 — Changes orders-by-owner implementation; closely related to the removed per-endpoint cache and handler adjustments.

Suggested reviewers

• hardyjosh
• 0xgleb
• JuaniRios

Poem

🐰
I hopped through code with nimble feet,
Cleared caches, DBs, and rate-limit sleet;
Keys reset, routes pared down fine,
Trades rest now — they'll bloom in time. 🌱

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Revert direct pushes to main' clearly and accurately summarizes the main objective of this PR: reverting three commits that were pushed directly to the main branch without normal PR review.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch revert/alastair-direct-main-pushes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/routes/trades.rs (1)

27-77: ⚠️ Potential issue | 🔴 Critical

Mounted routes call todo!() — requests will panic in production.

Both get_trades_by_tx (Line 38) and get_trades_by_address (Line 73) unconditionally panic via todo!(), yet they are mounted at /v1/trades in src/main.rs (Line 137), listed in the OpenAPI paths (Lines 66–67 of src/main.rs), and documented in docs/src/trades.md as supported endpoints. Any authenticated request that passes the guards will panic the handler worker and return a raw 500 that does not flow through ApiError, contradicting the guideline that all API errors must go through the ApiError enum.

I understand this restores the pre–direct-push state, but the revert keeps these endpoints publicly reachable while non-functional. At a minimum, replace todo!() with a proper ApiError response (or gate the mount behind a feature flag) until the real implementation lands.

🛡️ Proposed fix — return a structured ApiError instead of panicking

     async move {
         tracing::info!(tx_hash = ?tx_hash, "request received");
-        let _raindex = shared_raindex.read().await;
-        todo!()
+        let _raindex = shared_raindex.read().await;
+        Err(ApiError::Internal("trades-by-tx endpoint not implemented".into()))
     }
     .instrument(span.0)
     .await

     async move {
         tracing::info!(address = ?address, params = ?params, "request received");
-        let _raindex = shared_raindex.read().await;
-        todo!()
+        let _raindex = shared_raindex.read().await;
+        Err(ApiError::Internal("trades-by-address endpoint not implemented".into()))
     }
     .instrument(span.0)
     .await

Alternatively, un-mount routes::trades::routes() and drop these entries from ApiDoc until implementations exist.

As per coding guidelines: "All API errors must go through the ApiError enum, never return raw status codes" and Rust production code should "handle errors gracefully or exit with a message" rather than panicking via todo!()/unwrap/expect.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/trades.rs` around lines 27 - 77, Both handlers get_trades_by_tx
and get_trades_by_address currently call todo!() which will panic; replace those
todo!() calls with returning a proper ApiError (i.e., return Err(ApiError::...)
from the async block) so the error flows through your API error handling instead
of crashing the worker; include a trace/info log mentioning the endpoint and
tx_hash/address, and ensure the returned error uses an appropriate variant
(e.g., an “unimplemented” or “internal” ApiError) so callers receive a
structured ApiError response for TradesByTxResponse/TradesByAddressResponse
paths until the real implementations (which will use SharedRaindexProvider) are
added.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@src/routes/trades.rs`:
- Around line 27-77: Both handlers get_trades_by_tx and get_trades_by_address
currently call todo!() which will panic; replace those todo!() calls with
returning a proper ApiError (i.e., return Err(ApiError::...) from the async
block) so the error flows through your API error handling instead of crashing
the worker; include a trace/info log mentioning the endpoint and
tx_hash/address, and ensure the returned error uses an appropriate variant
(e.g., an “unimplemented” or “internal” ApiError) so callers receive a
structured ApiError response for TradesByTxResponse/TradesByAddressResponse
paths until the real implementations (which will use SharedRaindexProvider) are
added.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 959d32fb-5e27-4440-97ec-9eddfa5087ee

📥 Commits

Reviewing files that changed from the base of the PR and between b1ebea3 and bb989eb.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• Cargo.toml
• keys.nix
• os.nix
• src/cache.rs
• src/direct_trades.rs
• src/error.rs
• src/main.rs
• src/raindex/config.rs
• src/routes/order/get_order.rs
• src/routes/orders/get_by_owner.rs
• src/routes/orders/get_by_token.rs
• src/routes/orders/mod.rs
• src/routes/trades.rs
• src/test_helpers.rs
• src/types/orders.rs
• src/types/trades.rs

💤 Files with no reviewable changes (5)

• Cargo.toml
• src/types/trades.rs
• src/error.rs
• src/direct_trades.rs
• src/cache.rs

[findolor]

• Neutralize metaboards (~5s per request saved) #86 : 2 dependent PRs (#87 , #88 )
• Revert direct pushes to main #85 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add the label add-to-gt-merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[graphite-app]

Merge activity

• Apr 27, 11:42 AM UTC: findolor added this pull request to the Graphite merge queue.
• Apr 27, 12:30 PM UTC: Merged by the Graphite merge queue.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/routes/trades.rs (1)

28-77: ⚠️ Potential issue | 🟠 Major

Heads up: both handlers will panic at runtime via todo!().

Both get_trades_by_tx (line 38) and get_trades_by_address (line 73) are still mounted at /v1/trades in src/main.rs (line 137) and advertised in OpenAPI (src/main.rs lines 66-67 with a 200 response shape). Any request to either endpoint will:

1. Acquire the shared_raindex read lock for no reason, then
2. Hit todo!(), which panics — Rocket will surface a 500 to the client instead of a properly typed ApiError.

This conflicts with the coding guideline that all API errors go through the ApiError enum and that production code should handle errors gracefully (the panic-on-hit semantics of todo!() are in the same family as unwrap/expect).

I understand this PR is a deliberate revert restoring the prior state, and the real implementations live in PRs #82/#83/#84 — but until one of those lands, consider either (a) returning an explicit ApiError (e.g., ApiError::Internal("trades endpoint not yet implemented".into()) or a 503-mapped variant) so the OpenAPI contract is honored, or (b) temporarily un-mounting these routes in main.rs and dropping them from the OpenAPI paths(...) list to avoid advertising a surface that 500s.

As per coding guidelines: "All API errors must go through the ApiError enum, never return raw status codes" and "Never use expect or unwrap in production code; handle errors gracefully or exit with a message".

🛡️ Sketch: graceful placeholder until the real implementations land

 pub async fn get_trades_by_tx(
     _global: GlobalRateLimit,
     _key: AuthenticatedKey,
-    shared_raindex: &State<crate::raindex::SharedRaindexProvider>,
+    _shared_raindex: &State<crate::raindex::SharedRaindexProvider>,
     span: TracingSpan,
     tx_hash: ValidatedFixedBytes,
 ) -> Result<Json<TradesByTxResponse>, ApiError> {
     async move {
         tracing::info!(tx_hash = ?tx_hash, "request received");
-        let _raindex = shared_raindex.read().await;
-        todo!()
+        Err(ApiError::Internal(
+            "trades-by-tx endpoint not yet implemented".into(),
+        ))
     }
     .instrument(span.0)
     .await
 }

(Apply the analogous change to get_trades_by_address.)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/trades.rs` around lines 28 - 77, Both handlers get_trades_by_tx
and get_trades_by_address contain todo!() which will panic at runtime and hold
the shared_raindex read lock; replace the todo!() with an explicit ApiError
return so the endpoints fail gracefully (e.g., return
Err(ApiError::Internal("trades endpoint not yet implemented".into())) or another
503-mapped ApiError variant), ensuring the function signatures (get_trades_by_tx
and get_trades_by_address) return a proper Err(ApiError) instead of panicking;
optionally remove the unnecessary shared_raindex.read().await if you don’t need
the lock for the placeholder.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@os.nix`:
- Around line 128-131: Confirm which DigitalOcean block device is actually
attached to the production droplet and update the mount entry accordingly: check
the node for the by-id name (e.g., whether it is
"scsi-0DO_Volume_st0x-rest-api-data-v2" or
"scsi-0DO_Volume_st0x-rest-api-data"), then in the Nix expression update the
fileSystems."/mnt/data" device value to the exact by-id string that exists (or
have ops reattach the non-v2 volume before merging); ensure the updated device
string replaces the current device value in the fileSystems."/mnt/data" block so
systemd mount units will succeed.

---

Outside diff comments:
In `@src/routes/trades.rs`:
- Around line 28-77: Both handlers get_trades_by_tx and get_trades_by_address
contain todo!() which will panic at runtime and hold the shared_raindex read
lock; replace the todo!() with an explicit ApiError return so the endpoints fail
gracefully (e.g., return Err(ApiError::Internal("trades endpoint not yet
implemented".into())) or another 503-mapped ApiError variant), ensuring the
function signatures (get_trades_by_tx and get_trades_by_address) return a proper
Err(ApiError) instead of panicking; optionally remove the unnecessary
shared_raindex.read().await if you don’t need the lock for the placeholder.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: eed0b89a-058e-4349-aaa5-1bc76cb7a10e

📥 Commits

Reviewing files that changed from the base of the PR and between bb989eb and 5951bd2.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (16)

• Cargo.toml
• keys.nix
• os.nix
• src/cache.rs
• src/direct_trades.rs
• src/error.rs
• src/main.rs
• src/raindex/config.rs
• src/routes/order/get_order.rs
• src/routes/orders/get_by_owner.rs
• src/routes/orders/get_by_token.rs
• src/routes/orders/mod.rs
• src/routes/trades.rs
• src/test_helpers.rs
• src/types/orders.rs
• src/types/trades.rs

💤 Files with no reviewable changes (5)

• Cargo.toml
• src/error.rs
• src/types/trades.rs
• src/direct_trades.rs
• src/cache.rs

✅ Files skipped from review due to trivial changes (2)

• keys.nix
• src/raindex/config.rs

🚧 Files skipped from review as they are similar to previous changes (2)

• src/routes/orders/mod.rs
• src/types/orders.rs

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find any other references to the old/new volume identifiers to confirm which is canonical in this repo.
rg -nP -C2 'DO_Volume_st0x-rest-api-data(-v2)?'

Repository: ST0x-Technology/st0x.rest.api

Length of output: 252

---

🏁 Script executed:

#!/bin/bash
# Check git history of os.nix line 129 to see what was changed
git log -p --follow -S 'DO_Volume_st0x-rest-api-data' -- os.nix | head -100

Repository: ST0x-Technology/st0x.rest.api

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Also search for any -v2 references in the entire codebase
rg 'st0x-rest-api-data-v2|DO_Volume.*v2' --type nix --type txt --type md

Repository: ST0x-Technology/st0x.rest.api

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# Check git diff to see what this PR actually changes
git diff HEAD~1 os.nix 2>/dev/null || git diff os.nix 2>/dev/null || echo "No git diff available"

Repository: ST0x-Technology/st0x.rest.api

Length of output: 55

---

🏁 Script executed:

#!/bin/bash
# List recent commits affecting os.nix with one-line summaries
git log --oneline -20 -- os.nix

Repository: ST0x-Technology/st0x.rest.api

Length of output: 116

---

🏁 Script executed:

#!/bin/bash
# Show the full diff of the last commit that touched os.nix
git log -1 -p -- os.nix | head -150

Repository: ST0x-Technology/st0x.rest.api

Length of output: 4581

---

🏁 Script executed:

#!/bin/bash
# Check git status and any staged changes
git status os.nix
git diff --cached os.nix 2>/dev/null || echo "No staged changes"

Repository: ST0x-Technology/st0x.rest.api

Length of output: 139

---

🏁 Script executed:

#!/bin/bash
# Search for any mention of v2 in os.nix or related files
cat os.nix | grep -i v2 || echo "No v2 found in os.nix"

Repository: ST0x-Technology/st0x.rest.api

Length of output: 95

---

🏁 Script executed:

#!/bin/bash
# Show the three commits that were reverted
git show 543a103:os.nix 2>/dev/null | grep -A5 'mnt/data' || echo "os.nix not in 543a103"
git show 50e7fd9:os.nix 2>/dev/null | grep -A5 'mnt/data' || echo "os.nix not in 50e7fd9"
git show b1ebea3:os.nix 2>/dev/null | grep -A5 'mnt/data' || echo "os.nix not in b1ebea3"

Repository: ST0x-Technology/st0x.rest.api

Length of output: 1903

---

🏁 Script executed:

#!/bin/bash
# Check git log for all commits and their affected files
git log --oneline --all -30

Repository: ST0x-Technology/st0x.rest.api

Length of output: 1931

---

🏁 Script executed:

#!/bin/bash
# Show which files were modified by the three direct pushes
git show --name-status 543a103 | head -20
git show --name-status 50e7fd9 | head -20
git show --name-status b1ebea3 | head -20

Repository: ST0x-Technology/st0x.rest.api

Length of output: 2429

---

Verify the reverted /mnt/data device by-id matches the currently attached DigitalOcean volume.

This revert switches the mount target from scsi-0DO_Volume_st0x-rest-api-data-v2 (introduced in commit 50e7fd9) back to scsi-0DO_Volume_st0x-rest-api-data. If the production droplet's attached volume is still the -v2 variant, the mount unit will fail at activation, breaking /mnt/data and cascading failures for logs, systemd ReadWritePaths, and logrotate/tmpfiles rules. Confirm with ops which volume is currently attached and either keep the -v2 identifier or ensure the non-v2 volume is attached before merging.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@os.nix` around lines 128 - 131, Confirm which DigitalOcean block device is
actually attached to the production droplet and update the mount entry
accordingly: check the node for the by-id name (e.g., whether it is
"scsi-0DO_Volume_st0x-rest-api-data-v2" or
"scsi-0DO_Volume_st0x-rest-api-data"), then in the Nix expression update the
fileSystems."/mnt/data" device value to the exact by-id string that exists (or
have ops reattach the non-v2 volume before merging); ensure the updated device
string replaces the current device value in the fileSystems."/mnt/data" block so
systemd mount units will succeed.