fix(v2): decouple listener + skipped-leg audit (fix bundle 2)
Closes H4, H5, M8 from the v2-bitspire review (omnibus follow-up #11). H4 — Decouple invoice listener from distribution. tasks._handle_payment now spawns process_settlement on a background task instead of awaiting it. The LNbits invoice queue is shared across every extension on the node; under load (a machine with 50 LPs, a stalled internal payment, etc.) the previous synchronous path could freeze the queue for everyone. Concurrency is safe because fix bundle 1's claim_settlement_for_processing already prevents double-processing on listener re-fires. RUF006 fix: hold strong refs to in-flight tasks via a module-level set so the GC doesn't collect them mid-flight (asyncio.create_task only weakly references its task). Tasks self-clean via add_done_callback(set.discard). H5 + M8 — Skipped-leg audit rows for stranded sats. Previously, four paths in distribution.py logged a warning and left sats in the machine wallet, marking the settlement 'processed' with no row-level visibility into where the un-paid sats sit: 1. _pay_super_fee: super_fee_pct > 0 but super_fee_wallet_id unset 2. _pay_operator_splits: no commission ruleset (default + override) 3. _pay_dca_distributions: exchange_rate = 0 (fallback path) 4. _pay_dca_distributions: no eligible LPs with positive balance Plus a fifth case the review didn't enumerate but is the same shape: 5. _pay_dca_distributions: no flow-mode LPs at the machine at all Each now writes a dca_payments row with status='skipped', the intended leg_type (super_fee / operator_split / dca), the stranded amount in amount_sats, and a human-readable error_message explaining why. New _record_skipped_leg helper consolidates the pattern. This makes stranded sats visible in: - The machine detail dialog's settlements rows (the legs are filtered into the audit blob alongside completed/failed legs) - The payments CSV export - GET /api/v1/dca/payments?leg_type=... 'skipped' is a documented leg-status value now (alongside pending / completed / failed / voided / refunded) — no schema change since status is TEXT. Knock-on fix: void_open_legs_for_settlement (used by partial-dispense recompute) now also includes status='skipped' in its WHERE clause so a re-run doesn't double-count the audit rows from a prior attempt. 72/72 tests still pass. Lint clean. Refs: aiolabs/satmachineadmin#11 — fix bundle 2 ✅ Remaining in #11: H6 (partial-dispense split ratio) + fix bundle 3 (dead-code purge) + the M and N items. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
f4eb7ec928
commit
ecef916dda
4 changed files with 118 additions and 28 deletions
30
tasks.py
30
tasks.py
|
|
@ -1,4 +1,4 @@
|
|||
# Satoshi Machine v2 — invoice listener (P1).
|
||||
# Satoshi Machine v2 — invoice listener (P1 + fix bundle 2).
|
||||
#
|
||||
# Subscribes to LNbits' invoice dispatcher (register_invoice_listener), then
|
||||
# for each successful inbound payment:
|
||||
|
|
@ -7,11 +7,10 @@
|
|||
# Falls back to machine.fallback_commission_pct if extra is absent.
|
||||
# 3. Computes the two-stage split (super_fee first, operator remainder).
|
||||
# 4. Inserts a dca_settlements row idempotently (keyed by payment_hash).
|
||||
#
|
||||
# The actual distribution of sats — paying out the LP DCA legs, the super-fee
|
||||
# leg, and the operator's commission-split legs — happens in a separate
|
||||
# settlement-processor task (P2). This listener only LANDS the settlement
|
||||
# row; status='pending' tells the processor it still needs to move the money.
|
||||
# 5. Spawns the distribution processor on a background task so the
|
||||
# LNbits invoice queue (which serves ALL extensions on the node)
|
||||
# keeps draining while we move sats. Concurrency is safe because
|
||||
# process_settlement now uses an optimistic-lock claim (fix bundle 1).
|
||||
|
||||
import asyncio
|
||||
|
||||
|
|
@ -29,6 +28,12 @@ from .distribution import process_settlement
|
|||
|
||||
LISTENER_NAME = "ext_satmachineadmin"
|
||||
|
||||
# Holds strong refs to in-flight distribution tasks so Python's GC doesn't
|
||||
# collect them mid-flight (asyncio.create_task only weakly references its
|
||||
# task once awaiters drop). Tasks self-clean by removing themselves on
|
||||
# completion via the done_callback below.
|
||||
_inflight_distributions: set = set()
|
||||
|
||||
|
||||
async def wait_for_paid_invoices() -> None:
|
||||
invoice_queue: asyncio.Queue = asyncio.Queue()
|
||||
|
|
@ -79,10 +84,15 @@ async def _handle_payment(payment: Payment) -> None:
|
|||
f"(super_fee={data.platform_fee_sats} "
|
||||
f"operator_fee={data.operator_fee_sats}){fb}"
|
||||
)
|
||||
# Trigger distribution synchronously so latency is one bitSpire-tx wide.
|
||||
# process_settlement is idempotent (status='processed' guard); if this
|
||||
# task crashes mid-process, the next manual or scheduled retry resumes.
|
||||
await process_settlement(settlement.id)
|
||||
# Spawn distribution on a background task so the LNbits invoice queue
|
||||
# (shared across all extensions) keeps draining while we move sats.
|
||||
# Concurrency-safe: process_settlement uses claim_settlement_for_processing
|
||||
# so a listener re-fire can't double-process. Listener latency is now
|
||||
# bounded by the create_settlement_idempotent insert, not by the N+M
|
||||
# internal pay_invoice round-trips of a full distribution.
|
||||
task = asyncio.create_task(process_settlement(settlement.id))
|
||||
_inflight_distributions.add(task)
|
||||
task.add_done_callback(_inflight_distributions.discard)
|
||||
|
||||
|
||||
async def hourly_transaction_polling() -> None:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue