Feature/pause state coverage#1291
Merged
Baskarayelu merged 6 commits intoJun 3, 2026
Merged
Conversation
The app exposed a single flat /health that always returned status: ok, with no distinction between liveness (process up) and readiness (dependencies healthy). Orchestrators could therefore route traffic to instances that were up but unable to serve. Split the signal into two probes, mounted at the root and unauthenticated so orchestrators can reach them: - /health, /livez — cheap, dependency-free liveness check (always 200). - /readyz — readiness check that probes DB connectivity (pingDatabase), ingest lag (lagMonitor), and webhook queue health, honours maintenance mode, and returns 503 when not ready. Reuses the SubStatus / degradation pattern from the monitoring route: "degraded" stays in rotation, "unavailable" fails readiness. Add a pingDatabase() helper (SELECT 1 round-trip), readiness.test.ts covering DB-down, critical lag, maintenance mode, partial failure and queue-saturation edge cases plus information-leak checks, and docs/health.md documenting probe semantics. Probe responses expose only coarse status enums — no hostnames, versions, ledger numbers, or error messages. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The app exposed a single flat /health that always returned status: ok, with no distinction between liveness (process up) and readiness (dependencies healthy). Orchestrators could therefore route traffic to instances that were up but unable to serve. Split the signal into two probes, mounted at the root and unauthenticated so orchestrators can reach them: - /health, /livez — cheap, dependency-free liveness check (always 200). - /readyz — readiness check that probes DB connectivity (pingDatabase), ingest lag (lagMonitor), and webhook queue health, honours maintenance mode, and returns 503 when not ready. Reuses the SubStatus / degradation pattern from the monitoring route: "degraded" stays in rotation, "unavailable" fails readiness. Add a pingDatabase() helper (SELECT 1 round-trip), readiness.test.ts covering DB-down, critical lag, maintenance mode, partial failure and queue-saturation edge cases plus information-leak checks, and docs/health.md documenting probe semantics. Probe responses expose only coarse status enums — no hostnames, versions, ledger numbers, or error messages.
…dency-probes' of https://github.com/mikkyvans0-source/quicklendx-protocol into Backend--Add-health/readiness/liveness-split-with-dependency-probes
…olds and add corresponding unit tests and documentation
…comprehensive documentation and regression tests
|
@mikkyvans0-source Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Consolidates the funded-invoice setup in test_pause.rs onto a single token-backed `fund_invoice` helper that registers a real Stellar Asset Contract with funded, pre-approved balances, mirroring the e2e fixture. This is required because accept_bid_and_fund, settle_invoice, and a completing process_partial_payment move real value through transfer_funds. Also: - Add test_pause_blocks_make_payment_alias so the make_payment alias is covered by the circuit-breaker matrix alongside process_partial_payment. - Fix bid setup to use expected_return (1100) > bid_amount (1000), which validate_bid requires. - Remove the now-redundant setup_funded_with_token helper. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Closes #1093
Summary
This work adds full pause-state coverage for the emergency circuit breaker. It's on branch feature/pause-state-coverage.
What I found
The real contract lives in quicklendx-contracts/, not the root src/ (which is a separate arithmetic-only crate with a different pause model). All work targets the real contract.
Security bug found and fixed: While validating that no mutating path ignores the pause flag, I found that process_partial_payment and its alias make_payment did not call require_not_paused — they bypassed the circuit breaker entirely. A payment could be processed while the protocol was supposedly frozen. The guard was added to both.
Changes (committed in 2dc4b9d + refactor 4bd8c4c)
lib.rs — added the missing pause guard to process_partial_payment/make_payment; added /// pause-check notes to store_invoice, place_bid, accept_bid_and_fund, settle_invoice.
test_pause.rs — 9 new tests: blocked-while-paused for place_bid, process_partial_payment, make_payment; unpause-recovery for all five entrypoints; and a mid-lifecycle freeze/resume test. Funded-invoice tests use a token-backed SAC fixture matching the e2e harness.
operations.md — expanded the Pause section with the authoritative pause matrix (each row → its blocked + recovery test) and a circuit-breaker invariant note