node: harden bounded /pending/confirm observability (tri-brain follow-up to #6900)#6901
Merged
Merged
Conversation
…-up to #6900) Two robustness fixes surfaced by the tri-brain review of #6900: - _pending_confirm_env_int: a non-positive override (RC_PENDING_CONFIRM_*_LIMIT=0 or negative) now falls back to the default instead of silently clamping to 1, which would throttle the confirm scheduler to one transfer per call with no error signal. - _pending_overdue_stats: narrow the swallow from bare Exception to sqlite3.Error and LOG it. A locked DB or pending_ledger schema drift must not masquerade as a healthy '0 overdue' to monitors trusting the new observability fields; genuine bugs now surface instead of being silently absorbed. Regenerated scripts/baselines/fetchall_existing.txt for the +8 line shift (content-identical: no fetchall site added or removed). py_compile clean, fetchall guard green, pending/confirm test failure-set unchanged vs main. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
BCOS-L1
Contributor
|
| Metric | Value |
|---|---|
| Trust Score | 52/100 |
| Certificate ID | BCOS-25c16621 |
| Tier | L1 (not met) |
What does this mean?
The BCOS (Beacon Certified Open Source) engine scans for:
- SPDX license header compliance
- Known CVE vulnerabilities (OSV database)
- Static analysis findings (Semgrep)
- SBOM completeness
- Dependency freshness
- Test infrastructure evidence
- Review attestation tier
BCOS v2 Engine - Free & Open Source (MIT) - Elyan Labs
jaxint
reviewed
Jun 6, 2026
Contributor
jaxint
left a comment
jaxint
left a comment
There was a problem hiding this comment.
Thanks for the contribution! The code changes look good.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tri-brain follow-up to #6900 — bounded
/pending/confirmobservability hardeningThe tri-brain review of #6900 surfaced two non-blocking robustness items (the BLOCKING finding — scheduler-throttle — was already fixed in rustchain-bounties#13228). This lands the two SHOULD-FIX items.
1.
_pending_confirm_env_int— non-positive override now falls back to defaultPreviously
max(1, int(raw))meantRC_PENDING_CONFIRM_MAX_LIMIT=0(or negative) silently became 1, throttling the confirm scheduler to one transfer per call withok: trueand no error. Now a non-positive override falls back to the configured default, so a misconfig fails loud-enough (default throughput) instead of silently starving the queue.2.
_pending_overdue_stats— narrow the swallow + logWas
except Exception: return {0, 0}. For an observability helper that's the worst case: a locked DB orpending_ledgerschema drift would masquerade as a healthy "0 overdue" to any monitor trusting the new fields. Now:except sqlite3.Error(genuine code bugs propagate instead of being absorbed),0,0so the endpoint never 500s on observability alone.Verification
py_compilecleanscripts/check_fetchall.shgreen — baseline regenerated for the +8 line shift; content-identical (no.fetchall()site added or removed, only 5 main-node line numbers moved)pending/confirm/overduetest failure-set is byte-identical tomainbefore vs after this change (the 19 reds are pre-existing bare-clone fixture gaps, green in CI; 78 pass both ways)Pure robustness, no behavior change on the happy path. Credit to the tri-brain pass (Codex NIT #2 + Grok SHOULD-FIX) for both.
🤖 Generated with Claude Code