Fix 528

[arkanoider]

Hi @grunch , @Catrya ,

this is the PR for #528 , i tested the cases and seems working, but it was a bit tricky and I also reorganize the code in the scheduler to make it work correctly.

I will check conflicts and rabbit suggestion, @Catrya double check when you can if it's all ok also on your side!

Summary by CodeRabbit

• New Features

  • Improved notifications to both maker and taker when an order is canceled.

• Refactor

  • Streamlined cancellation flow for consistent status updates, republish behavior, and notification triggering.
  • Consolidated pubkey-update path into a single unified DB update to simplify cleanup during cancellations.

• Tests

  • Simplified test assertions to structural no-op checks; emphasizes stability over behavioral assertions.

• Chores

  • Removed an unnecessary debug log for cleaner output.

[coderabbitai]

Walkthrough

Consolidates per-key pubkey DB edits into a single edit_pubkeys_order API, updates cancellation/scheduler flow to use an edited-order pipeline with notifications and enqueueing, and relaxes many tests to structural/no-op assertions; minor logging/import adjustments included.

Changes

Cohort / File(s)	Summary of edits
DB: consolidated pubkey edit src/db.rs	Added pub async fn edit_pubkeys_order(pool: &SqlitePool, order: &Order) -> Result<Order, MostroError> that nulls the appropriate regular and master pubkey columns (based on order kind) and returns the updated Order. Removed four specialized edit_* pubkey functions.
Cancel flow callers src/app/cancel.rs	Replaced multiple specific edit_* calls with a single edit_pubkeys_order(pool, order) call in the cancel-by-taker path; adjusted call sites to use the returned Order.
Scheduler: cancel + notify pipeline src/scheduler.rs	Added notify_users_canceled_order, integrated enqueue_order_msg, restructured job_cancel_orders to compute status/kind, build edited_order, call edit_pubkeys_order/update_order_event, persist updates, and enqueue notifications; added tracing/warnings.
Test relaxations (structural/no-op) src/app.rs, src/app/order.rs, src/app/take_sell.rs, src/bitcoin_price.rs, src/cli.rs, src/rpc/mod.rs	Replaced explicit asserts/matches with comments or no-op checks (e.g., if let / discard result) so tests rely on absence of panic rather than exact error variants. Removed one test function. No production logic changes.
Minor util/logging tweak src/util.rs	Removed a debug print in update_order_event; no functional change.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant S as Scheduler
  participant DB as Database
  participant MQ as MsgQueue
  participant E as EventPublisher

  rect rgba(230,245,255,0.5)
  note over S: job_cancel_orders tick — determine orders to cancel
  S->>DB: get_order_status(order_id) / get_order_kind(order_id)
  alt retrieval ok
    S->>S: compute maker_action, new_status, build edited_order
    S->>DB: edit_pubkeys_order(pool, edited_order)   %% consolidated DB update
  else retrieval failed
    S-->>S: warn and continue
  end
  end

  rect rgba(240,255,240,0.5)
  S->>E: update_order_event(edited_order)
  alt event update ok
    S->>S: notify_users_canceled_order(edited_order)
    S->>MQ: enqueue_order_msg(maker, payload?)
    S->>MQ: enqueue_order_msg(taker, payload)
    S->>DB: persist updated order/status
  else event update failed
    S-->>S: warn and continue
  end
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Refactoring #431 — Overlaps the consolidation of per-key DB edits into a single edit_pubkeys_order and scheduler/message-queue adjustments.
• Remove TradePubkey #419 — Modifies Action::TradePubkey handling in the app layer; related to this PR’s test relaxations and TradePubkey no-op adjustments.
• Handle events with action TradePubkey #412 — Adds/changes TradePubkey action handling in the app layer; relevant to the structural test changes around that action.

Suggested reviewers

• grunch
• Catrya

Poem

Thump-thump across the code I hop,
One function now cleans up the crop.
Orders unkeyed, messages sent,
Tests relax — no panic, content.
Carrots tucked, the rabbit’s top! 🥕🐇

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	❓ Inconclusive	The title “Fix 528” merely references an issue number without describing the substantive change or the reorganization of the scheduler cancellation flow that addresses the bug, making it too generic for readers to grasp the nature of the fix at a glance.	Please revise the title to summarize the key change, for example “Restructure scheduler cancellation flow to fix order retake error,” so that the primary fix is clear to reviewers and future maintainers.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-528

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/app/cancel.rs (1)

176-196: Use edited order for event update and persist event_id; avoid stale data

After clearing pubkeys you publish using the original order, so the Nostr event can carry stale pubkeys. Also, the returned Order from update_order_event isn’t persisted, leaving event_id stale in DB.

Apply:

     // Reset api quotes
     reset_api_quotes(order);

-    if order.is_buy_order().is_ok() {
-        info!("Cancel seller data from db");
-        edit_pubkeys_order(pool, order)
-            .await
-            .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;
-    }
-    if order.is_sell_order().is_ok() {
-        info!("Cancel buyer data from db");
-        edit_pubkeys_order(pool, order)
-            .await
-            .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;
-    }
+    // Clear counterparty pubkeys (returns updated order reflecting DB state)
+    let edited_order = edit_pubkeys_order(pool, order)
+        .await
+        .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;

     update_order_to_initial_state(pool, order.id, order.amount, order.fee)
         .await
         .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;
-    update_order_event(my_keys, Status::Pending, order)
-        .await
-        .map_err(|e| MostroInternalErr(ServiceError::NostrError(e.to_string())))?;
+    // Publish using the edited order (pubkeys cleared) and persist event_id/status
+    let order_updated = update_order_event(my_keys, Status::Pending, &edited_order)
+        .await
+        .map_err(|e| MostroInternalErr(ServiceError::NostrError(e.to_string())))?;
+    order_updated
+        .update(pool)
+        .await
+        .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;

This mirrors the persist pattern used in cancel_order_by_maker and ensures the published event matches DB state.

🧹 Nitpick comments (9)

src/app/order.rs (2)

248-249: Avoid vacuous test: assert the structural condition

let _ = result.is_ok() || result.is_err(); does nothing. Keep structural intent but assert it to prevent silent passes.

Apply:

-        // Structural check: ensure call does not panic
-        let _ = result.is_ok() || result.is_err();
+        // Structural check: ensure call returns a Result without panicking
+        assert!(result.is_ok() || result.is_err());

---

271-272: Make structural test explicit

Prefer asserting the condition to avoid a no-op.

-        // Structural check: ensure call returns a Result without panicking
-        let _ = result2.is_ok() || result2.is_err();
+        // Structural check: ensure call returns a Result without panicking
+        assert!(result2.is_ok() || result2.is_err());

src/app.rs (4)

491-505: No-op tests: prefer minimal assertions

These are pure no-ops. To keep structural scope but avoid vacuous passes, assert a benign invariant (e.g., that the function returns or branch executes).

• Replace comment-only “No-op” lines with an assert!(true) or a simple property check tied to the code path.

---

599-605: Structural match: assert handled arms to avoid empty branches

Empty branches are fine for structure, but add a trivial assertion to avoid completely vacuous test code.

• Inside handled arms, add assert!(true); or let _: () = (); to indicate intentional no-op.

---

671-674: Prefer an assertion in the expected branch

Replace the “No-op” with assert!(true); so the branch is exercised explicitly; keep unreachable!() for the else as-is.

---

691-696: Use matches! for structural checks

Instead of an empty if let, assert the variant to keep the structural test meaningful.

-                    // Test that we got a message of some kind
-                    if let Message::Order(_) = message {}
+                    // Test that we got an Order message
+                    assert!(matches!(message, Message::Order(_)));

src/scheduler.rs (3)

241-308: Optional: include trade_index in notifications (if available)

Both maker/taker notifications pass trade_index: None. If you can derive the maker’s/taker’s current trade index from updated_order, consider setting it to keep sequencing consistent.

• Verify whether downstream validation uses trade_index on cancel/republish notifications. If so, populate it from updated_order.trade_index_{buyer|seller} matching the recipient role.

---

371-392: Don’t ignore DB reset result before republish; handle Ok(false)/Err

Ignoring update_order_to_initial_state can leave inconsistent state. Handle failure and short-circuit.

-                                    let _ = update_order_to_initial_state(
-                                        &pool,
-                                        order.id,
-                                        order.amount,
-                                        order.fee,
-                                    )
-                                    .await;
+                                    match update_order_to_initial_state(
+                                        &pool,
+                                        order.id,
+                                        order.amount,
+                                        order.fee,
+                                    )
+                                    .await {
+                                        Ok(true) => {}
+                                        Ok(false) => {
+                                            tracing::warn!(
+                                                "No rows updated resetting order {} to initial state",
+                                                order.id
+                                            );
+                                            continue;
+                                        }
+                                        Err(e) => {
+                                            tracing::warn!(
+                                                "Failed to reset order {} to initial state: {}",
+                                                order.id, e
+                                            );
+                                            continue;
+                                        }
+                                    }

---

415-423: Replace println! with tracing

println! in async jobs bypasses your logging config.

-                            println!("Edited order: {:?}", edited_order);
+                            tracing::debug!("Edited order: {:?}", edited_order);

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5f2db5 and c455b8f.

📒 Files selected for processing (12)

• src/app.rs (6 hunks)
• src/app/admin_settle.rs (0 hunks)
• src/app/cancel.rs (2 hunks)
• src/app/order.rs (2 hunks)
• src/app/take_sell.rs (2 hunks)
• src/bitcoin_price.rs (1 hunks)
• src/cli.rs (2 hunks)
• src/db.rs (3 hunks)
• src/lightning/invoice.rs (1 hunks)
• src/rpc/mod.rs (2 hunks)
• src/scheduler.rs (3 hunks)
• src/util.rs (0 hunks)

💤 Files with no reviewable changes (2)

• src/app/admin_settle.rs
• src/util.rs

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-07-17T13:51:17.338Z

Learnt from: arkanoider
PR: MostroP2P/mostro#499
File: src/lightning/invoice.rs:108-114
Timestamp: 2025-07-17T13:51:17.338Z
Learning: In Lightning invoice validation for Mostro buy orders (src/lightning/invoice.rs), zero-amount invoices (amount_sat == 0) should always pass validation even when an expected amount is provided. This is because users can submit invoices at order creation time before knowing the exact satoshi amount they'll receive. The condition `if amount_sat != res && amount_sat != 0` correctly implements this by allowing zero-amount invoices to pass while enforcing exact amount matching for non-zero invoices.

Applied to files:

• src/lightning/invoice.rs

🧬 Code graph analysis (2)

src/app/cancel.rs (1)

src/db.rs (2)

• edit_pubkeys_order (649-703)
• update_order_to_initial_state (776-813)

src/scheduler.rs (2)

src/util.rs (2)

• enqueue_order_msg (921-936)
• update_order_event (562-599)

src/db.rs (3)

• None (650-650)
• update_order_to_initial_state (776-813)
• edit_pubkeys_order (649-703)

🔇 Additional comments (2)

src/db.rs (2)

649-703: Consolidated pubkey reset looks correct; verify trade_index side-effects

The Buy→seller_pubkey and Sell→buyer_pubkey mapping plus corresponding master key reset is sound. Dynamic SQL is reasonable here.

• Confirm that callers don’t expect trade_index_{buyer|seller} to be reset alongside pubkeys on cancel/republish. If they do, extend this UPDATE accordingly or perform it in the caller to keep concerns separate.

---

9-9: Minor: alias import clarity

Using Kind as OrderKind improves readability where both Kind and Status are in scope. LGTM.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/app/cancel.rs (1)

178-182: Use the returned order to ensure state consistency.

The edit_pubkeys_order function returns a refreshed Order object after updating the database, but this result is discarded. While the subsequent operations (update_order_to_initial_state, update_order_event) may work with the stale order reference in this specific flow, it's a safer practice to use the canonical post-update state.

According to the enriched summary, the scheduler now relies on the edited order object for its cancellation flow. Adopting the same pattern here ensures consistency across cancel paths and avoids potential issues if future code expects the order pubkey fields to reflect the nulled state.

Apply this diff:

     // clean pubkeys from db
-    let _ = edit_pubkeys_order(pool, order)
+    *order = edit_pubkeys_order(pool, order)
         .await
         .map_err(|e| MostroInternalErr(ServiceError::DbAccessError(e.to_string())))?;

This ensures that the in-memory order reflects the database state after pubkey nullification, maintaining consistency with the scheduler's approach described in the PR context.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c455b8f and 3e15ce3.

📒 Files selected for processing (1)

• src/app/cancel.rs (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

src/app/cancel.rs (1)

src/db.rs (2)

• edit_pubkeys_order (649-703)
• update_order_to_initial_state (776-813)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: MSRV build (1.86.0)
• GitHub Check: clippy

🔇 Additional comments (1)

src/app/cancel.rs (1)

1-1: LGTM! Clean consolidation of DB imports.

The import statement correctly brings in the new unified edit_pubkeys_order function, replacing the previous individual pubkey edit functions. This aligns with the consolidation approach described in the related db.rs changes.

[Catrya]

Hi @arkanoider
It works fine for me, but I'm seeing this weird thing. I think it's from mostro-cli. Anyway, I'll leave it here just in case.
User A takes an order and doesn't respond, it's republished and returns to pending. When A tries to take the same order, I see this in mostro-cli:

error returned from database: (code: 1555) UNIQUE constraint failed: orders.id

also have an error in mostrod logs if user continues:

2025-10-03T19:43:52.036993Z  WARN mostrod::app: Error checking trade index: Sending cantDo message to user for InvalidTradeIndex

[Catrya]

@arkanoider well, regardless of the branch of mostrod (main or this) or mostro-cli where i am, if the user takes an order, does nothing, and then after the order returns to pending, tries to take it again, mostro always responds:

2025-10-06T17:26:36.966691Z  INFO mostrod::app: Invalid trade index
2025-10-06T17:26:36.966761Z  WARN mostrod::app: Error checking trade index: Sending cantDo message to user for InvalidTradeIndex

And after that, the user can't create or take a new order because Mostro always responds the same way.
I suppose it was a Mostro-CLI error that's always sending the wrong tradekey?

with mobile client i have not this error

[arkanoider]

@arkanoider well, regardless of the branch of mostrod (main or this) or mostro-cli where i am, if the user takes an order, does nothing, and then after the order returns to pending, tries to take it again, mostro always responds:

2025-10-06T17:26:36.966691Z  INFO mostrod::app: Invalid trade index
2025-10-06T17:26:36.966761Z  WARN mostrod::app: Error checking trade index: Sending cantDo message to user for InvalidTradeIndex

And after that, the user can't create or take a new order because Mostro always responds the same way. I suppose it was a Mostro-CLI error that's always sending the wrong tradekey?

with mobile client i have not this error

So with Mostro-cli on my develop branch :

https://github.com/MostroP2P/mostro-cli/tree/aligning-message

you are not able to take an order? Did I understand right?

[Catrya]

tACK

[grunch]

utACK

[coderabbitai]

Actionable comments posted: 7

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3e15ce3 and 4e1e486.

📒 Files selected for processing (3)

• src/app.rs (6 hunks)
• src/app/order.rs (2 hunks)
• src/util.rs (0 hunks)

💤 Files with no reviewable changes (1)

• src/util.rs

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: MSRV build (1.86.0)
• GitHub Check: clippy

🔇 Additional comments (1)

src/app.rs (1)

676-679: Inconsistent test logic.

The test uses unreachable! for non-GiftWrap kinds, but this contradicts the stated purpose of a structural test. If only GiftWrap events are being tested, the match should verify this, not panic.

Consider refactoring to clarify intent:

 match kind {
     NostrKind::GiftWrap => {
-        // This is the expected path for gift wrap events
-        // No-op
+        // Verify this is the GiftWrap kind
+        assert_eq!(kind, NostrKind::GiftWrap);
     }
-    _ => unreachable!("Only GiftWrap events are considered in this test scope"),
+    _ => {
+        // This test only covers GiftWrap
+    }
 }

Likely an incorrect or invalid review comment.

[arkanoider]

Ok! Rabbit rants were all about nipticks in tests, we are testing correctly our needings.

[arkanoider]

@coderabbitai take a look at last commit if is ok removing tautological result on tests...

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/app/order.rs (1)

219-231: Consider aligning test names with actual scope.

Tests like test_order_action_with_valid_order, test_order_action_range_order_validation, and test_order_action_zero_amount_with_premium have names suggesting they validate specific business logic, but they don't include order payloads (line 176), so they only test the early-return path and message construction without panics. While this aligns with the structural testing approach, the names might mislead future maintainers.

Consider either:

1. Renaming to reflect structural scope (e.g., test_order_action_message_construction_no_panic)
2. Adding comments explaining the limited scope
3. Leaving as-is if the naming convention is understood across the project

Based on learnings.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4e1e486 and 64722e8.

📒 Files selected for processing (2)

• src/app.rs (5 hunks)
• src/app/order.rs (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/app.rs

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-10-09T14:06:50.026Z

Learnt from: arkanoider
PR: MostroP2P/mostro#530
File: src/app/order.rs:278-279
Timestamp: 2025-10-09T14:06:50.026Z
Learning: In the Mostro project, tests in files like `src/app/order.rs` may use structural checks to ensure functions like `order_action` do not panic during message construction, rather than validating specific error variants.

Applied to files:

• src/app/order.rs

🧬 Code graph analysis (1)

src/app/order.rs (1)

src/app.rs (2)

• create_test_unwrapped_gift (428-444)
• create_test_message (417-425)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test
• GitHub Check: MSRV build (1.86.0)

🔇 Additional comments (6)

src/app/order.rs (6)

230-230: LGTM! Structural test aligns with project approach.

The change to discard the result with let _ = ... correctly implements a structural check that ensures the function doesn't panic, which aligns with the project's testing approach. Based on learnings.

---

241-241: LGTM! Structural test aligns with project approach.

The structural check is appropriate for ensuring no panics occur during message construction. Based on learnings.

---

251-252: LGTM! Clear intent with explanatory comment.

The comment clearly documents the structural test intent, and the implementation correctly checks for panics without asserting on specific Result variants. Based on learnings.

---

265-265: LGTM! Structural test for trade index logic.

The test correctly implements a structural check for the trade index fallback case where sender == rumor.pubkey. Based on learnings.

---

272-273: LGTM! Structural test with clear documentation.

The comment and implementation correctly express the intent to check for non-panicking execution rather than behavioral validation. Based on learnings.

---

277-277: LGTM! Structural test for trade index presence.

The test appropriately checks that the function doesn't panic when a trade_index is provided. Based on learnings.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get the last commit on the PR branch
git log -1 --pretty=format:"%H %s" origin/fix-528

# Show the diff of the last commit
git show --stat origin/fix-528

# Get detailed diff of test changes in the last commit
git show origin/fix-528

Length of output: 584

---

🏁 Script executed:

#!/bin/bash
# List all branches to find the correct one
git branch -a | grep -i fix

# Get the last commit on the current branch
git log -1 --pretty=format:"%H %s"

# Show the diff of the last commit with stats
git show --stat HEAD

# Get detailed diff of the last commit focusing on test changes
git show HEAD | head -500

Length of output: 3520

---

@arkanoider, yes, the last commit looks good! You're correctly removing tautological assertions from the tests. Here's why these changes are appropriate:

What was removed:

1. assert!(result.is_ok() || result.is_err()) - This assertion is always true because a Result is by definition either Ok or Err. This never fails and provides no test value.

2. let _ = result.is_ok() || result.is_err(); - This is even worse—it evaluates to a boolean but immediately discards it, doing literally nothing.

3. An empty test function test_handle_message_action_unknown() that was just a no-op structural test.

What remains:

• let _ = order_action(...).await; - This is the correct approach for these structural tests. It calls the function and implicitly verifies it doesn't panic, which is what these tests are actually checking.

Summary:
✅ The changes improve code quality by removing meaningless code
✅ Test coverage remains intact—the functions are still called and checked for panics
✅ The code is now cleaner and more straightforward

These are good cleanups from the CodeRabbit suggestions! 🎉

[grunch]

LGTM