fix: propagate watch callback errors to KFC for cache reliability

[samayer12]

Summary

• Re-throw watch callback errors so KFC knows the callback failed and does not permanently cache items whose callbacks threw. Previously errors were swallowed, causing KFC to skip the item on subsequent relists — making resources like UDSExemptions invisible for hours.
• Add soak test metric assertions for cache miss growth, resync failures, and watch controller failures that were previously collected but never used as pass/fail criteria.

Context

Production bug reported in product-support: Pepr occasionally misses UDSExemption resources after K8s API server 429 errors during EKS cluster bootstrap (UDS Core 1.1.0-unicorn, Pepr 1.1.5). The missed exemption stays invisible until pod restart or manual annotation.

Root cause spans two repos:

1. KFC: Watcher#process caches items before running callbacks — a failed callback leaves the item permanently stuck in cache (companion PR forthcoming)
2. Pepr (this PR): watchCallback catches and swallows all errors, so KFC never learns a callback failed

Changes

src/lib/processors/watch-processor.ts

• Add throw e after Log.error() in the watch callback catch block (line 139)

src/lib/processors/watch-processor.test.ts

• 4 new tests: callback error propagation (direct, queue, finalizer) + success regression guard
• Mock ../finalizer to isolate finalizer tests

scripts/soak-test.sh

• Assert watch_controller_failures_total == 0 every iteration
• Assert cache miss growth stays below configurable threshold after stabilization
• Assert resync failure count stays below configurable threshold

scripts/soak-summary.sh

• Add "Cache Miss Trend" section with post-stabilization growth analysis

Test plan

• New unit tests written first (TDD), confirmed they fail without the fix
• Fix applied, all 1338 unit tests pass
• ESLint + Prettier + ShellCheck pass
• Soak test validates with new assertions (after merge + nightly run)
• Companion KFC PR: reorder #process to cache after callback succeeds (see fix: cache items after callback succeeds to prevent permanent loss kubernetes-fluent-client#1105)

[samayer12]

@greptileai

[greptile-apps]

Greptile Summary

This PR fixes a production reliability bug where watchCallback silently swallowed errors, causing KFC to permanently cache items whose callbacks failed (making resources like UDSExemption invisible until pod restart). The fix is a single throw e after the existing Log.error call; four new TDD tests confirm error propagation for the direct, queue, and finalizer paths. The soak-test improvements add enforceable pass/fail assertions for watch controller failures, cache miss growth, and resync failures — and thread CACHE_MISS_GROWTH_THRESHOLD explicitly to soak-summary.sh, closing the previously flagged threshold-mismatch gap.

Confidence Score: 5/5

Safe to merge — the core fix is a minimal, well-tested one-liner and all remaining findings are P2 suggestions on soak-test infrastructure.

The production bug fix is correct and backed by four new unit tests covering all code paths. All previous reviewer concerns (forward-looking comment, threshold mismatch) are addressed. The only open finding is a P2 on the cache-miss growth metric logic in the soak script, which does not affect runtime correctness of Pepr itself.

scripts/soak-test.sh — the cache miss growth assertion compares per-interval deltas rather than cumulative post-stabilization sum, which may miss gradual steady-state accumulation.

Important Files Changed

Filename	Overview
src/lib/processors/watch-processor.ts	Core fix: adds throw e after logging in the catch block so KFC receives callback failures; includes a clear NOTE about the companion KFC PR dependency
src/lib/processors/watch-processor.test.ts	Adds four well-structured TDD tests covering direct watch, queue, finalizer error propagation, and success regression; finalizer mock correctly isolates the new test suite
scripts/soak-test.sh	Adds three metric assertions (watch failures, cache miss growth, resync failures); cache miss growth check compares per-interval deltas rather than cumulative post-stabilization sum, which can miss gradual steady-state accumulation
scripts/soak-summary.sh	Adds Cache Miss Trend section and now accepts CACHE_MISS_GROWTH_THRESHOLD as a positional argument (resolving the previous env-var inconsistency with soak-test.sh)
.github/workflows/soak.yaml	Promotes threshold env vars to job-level env, passes CACHE_MISS_GROWTH_THRESHOLD explicitly to soak-summary.sh — no issues found

Sequence Diagram

sequenceDiagram
    participant KFC as KFC (Watcher#process)
    participant WP as watchCallback (Pepr)
    participant CB as watchCallback/finalizeCallback

    Note over KFC,CB: Before this PR
    KFC->>KFC: cache item
    KFC->>WP: invoke callback
    WP->>CB: await callback
    CB-->>WP: throws Error
    WP->>WP: Log.error (swallow)
    WP-->>KFC: resolve (KFC unaware of failure)
    Note over KFC: item stuck cached ✗

    Note over KFC,CB: After this PR
    KFC->>KFC: cache item (companion PR will reorder this)
    KFC->>WP: invoke callback
    WP->>CB: await callback
    CB-->>WP: throws Error
    WP->>WP: Log.error
    WP-->>KFC: re-throw Error
    KFC->>KFC: aware callback failed ✓

Loading

_{Reviews (3): Last reviewed commit: "fix: address greptile review feedback" | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (ff16fc8) to head (1070a2c).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@     Coverage Diff      @@
##   main   #3052   +/-   ##
============================
============================

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🎉 This PR is included in version 1.1.7 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀