🧵 server: guarantee nonce order in proposal execution

[cruzdanilo]

---

Summary by CodeRabbit

• Bug Fixes
  • Ensures proposal execution preserves nonce order so transactions are applied in the correct sequence.
  • Improves reliability of concurrent proposal handling by enforcing sequential processing, reducing race conditions and inconsistent outcomes.

[changeset-bot]

🦋 Changeset detected

Latest commit: 48a97e6

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@exactly/server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[gemini-code-assist]

Summary of Changes

Hello @cruzdanilo, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a potential race condition by ensuring that all proposals associated with a specific account are executed sequentially according to their nonce values. The changes modify the proposal scheduling logic to enforce strict ordering, thereby enhancing the reliability and predictability of proposal processing within the system.

Highlights

• Guaranteed Nonce Order: Proposals for each account are now processed strictly in the order of their nonces. This prevents out-of-order execution and ensures sequential processing of related operations.
• Sequential Proposal Scheduling: The mechanism for scheduling proposals has been updated from concurrent execution to sequential execution using Promise.reduce. This ensures that each proposal for an account completes before the next one begins.
• Mutex Priority for Nonces: The runExclusive method of the mutex now includes a priority argument derived from the proposal's nonce. This change reinforces the nonce-based ordering by giving higher priority to proposals with lower nonces when acquiring the mutex.

Changelog

• .changeset/bright-foxes-race.md
  • Added a new changeset file documenting the guarantee of nonce order in proposal execution.
• server/hooks/block.ts
  • Modified the proposal scheduling logic to use Promise.reduce for sequential execution of proposals per account, ensuring nonce order.
  • Updated the mutex.runExclusive call to include a priority argument based on the proposal's nonce, further enforcing execution order.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Warning

Rate limit exceeded

@cruzdanilo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 17 minutes and 33 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Walkthrough

A changeset adds a patch release entry for @exactly/server and the implementation ensures nonce order is preserved during proposal execution by converting parallel scheduling into sequential per-account chaining and adding a nonce-based override to mutex locking.

Changes

Cohort / File(s)	Summary
Changeset & Docs \.changeset/bright-foxes-race.md	Adds patch release entry documenting nonce order preservation guarantee.
Block hook: proposal scheduling & locking server/hooks/block.ts	Replaces parallel proposal scheduling with sequential per-account and idle processing (for...of + await). Passes nonce-based override (-Number(nonce)) to mutex.runExclusive to affect lock acquisition ordering.

Sequence Diagram(s)

sequenceDiagram
    participant BlockHook as Block Hook
    participant AccountGroup as Account Group
    participant Scheduler as Proposal Scheduler
    participant Mutex as Mutex

    BlockHook->>AccountGroup: collect proposals (grouped by account)
    AccountGroup->>Scheduler: iterate proposals in nonce order
    Scheduler->>Mutex: runExclusive(processProposal, -nonce)
    Mutex-->>Scheduler: acquire lock
    Scheduler->>Scheduler: execute proposal (await)
    Scheduler-->>Mutex: release lock
    AccountGroup->>Scheduler: next proposal (sequential)
    Note over Scheduler,Mutex: idle proposals handled similarly (sequential)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• 🥅 server: resolve orphaned proposals on nonce-too-low revert #765: Also modifies server/hooks/block.ts proposal execution and nonce handling (sequential per-account and nonce-aware locking).
• ✅ server: fix flaky nonce increment test isolation #763: Tests and validations related to nonce behavior in the block hook.
• 🥅 server: fingerprint nonce-skip reverts in block hook #760: Adjusts nonce/skip logic and revert fingerprinting in server/hooks/block.ts, touching similar areas.

Suggested reviewers

• nfmelendez

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Merge Conflict Detection	⚠️ Warning	⚠️ Unable to check for merge conflicts: Stream setup permanently failed: 14 UNAVAILABLE: read ECONNRESET

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: guaranteeing nonce order in proposal execution, which is directly supported by the sequential execution changes in server/hooks/block.ts.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch serial

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request aims to ensure that proposals are executed in the correct nonce order. However, the implementation has critical flaws related to the introduction of priority in the mutex acquisition. Specifically, there's incorrect library API usage and reversed priority logic, which could lead to inefficient execution or even a re-scheduling loop for accounts with multiple pending proposals. Additionally, converting bigint nonces to number for sorting and priority can cause precision loss for large nonces, further undermining the ordering guarantee.

[devin-ai-integration]

Devin Review found 1 potential issue.

View 3 additional findings in Devin Review.

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.46%. Comparing base (de02358) to head (48a97e6).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #771      +/-   ##
==========================================
+ Coverage   68.29%   68.46%   +0.16%     
==========================================
  Files         207      207              
  Lines        6949     7059     +110     
  Branches     2167     2214      +47     
==========================================
+ Hits         4746     4833      +87     
- Misses       2013     2029      +16     
- Partials      190      197       +7     

Flag	Coverage Δ
e2e	68.33% <100.00%> (+15.82%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 7 additional findings in Devin Review.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@server/hooks/block.ts`:
- Line 396: idleProposals are iterated in the contract-return order and not
sorted by nonce before sequential scheduling; before the for loop that calls
scheduleProposal over idleProposals, sort the idleProposals array by the
proposal.nonce (consistent with the earlier .toSorted(...) usage) so scheduling
happens in nonce order; update the block where idleProposals is built/used
(referencing the idleProposals variable and the scheduleProposal(p) call) to
apply a stable numeric sort by nonce (e.g., use .toSorted or .sort with
(a,b)=>a.nonce-b.nonce) and then iterate the sorted array.

[cruzdanilo]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Keep them coming!

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".