feat(sync): request-driven pre_confirmed polling

[RafaelGranza]

Summary

• Each call to PreConfirmed() now triggers a fresh pre_confirmed fetch instead of waiting for the next ticker.
• If a fetch is already running, extra refresh requests are dropped. A burst of RPC calls produces a single fetch, not a storm.
• Each fetch is capped at 2s so a slow or hung feeder cannot block future fetches.
• The --preconfirmed-poll-interval ticker is now a fallback when there is no RPC traffic to drive fetches.

Benchmark

Numbers come from TestPreConfirmedUpdateFrequency: a 5-second simulation where one RPC call hits PreConfirmed() every 50ms (Mimicking a client, or more than one, dictating a higher request frequency).

Run: go test -v -run TestPreConfirmedUpdateFrequency ./sync/

feeder latency	baseline (ticker only)	request-driven	improvement
50ms	1.8 upd/s, mean 500ms	12.6 upd/s, mean 77ms	7x
100ms	1.8 upd/s, mean 500ms	7.0 upd/s, mean 141ms	4x
200ms	1.8 upd/s, mean 500ms	4.4 upd/s, mean 224ms	2.4x

The running guard caught 35-77% of triggers as duplicates, so it was not a feeder hammer.

[github-actions]

Claude finished @RafaelGranza's task in 5m 2s —— View job

---

PR Review

Reviewed against origin/thiagodeev/feeder-preconfirmed-optimization. Overall the design is sound — the fetch-once-per-trigger pattern with a running guard and per-fetch timeout is a reasonable shape for request-driven polling, and the new tests cover the trigger + storm cases well. Findings are mostly clarifications and trade-off questions, with one nit on test robustness.

Important / worth a closer look

• sync/pending_polling.go:22 — Is the 2s per-fetch cap correctly sized vs the feeder's growing HTTP timeout + backoff? On a slow feeder, the cap can cancel a single attempt before any retry, which may be intentional but isn't documented. Consider scaling with preConfirmedPollInterval.
• sync/pending_polling.go:319-325 — The drain-then-clear order in fetchPreConfirmed can silently swallow a freshness request that arrives in the window between the trigger read and Store(true). Self-heals on the next RPC, but worth documenting (or flipping the order).
• sync/sync.go:611-614 — The requestPreConfirmedRefresh() call in PreConfirmed() is async — the current caller gets the stored value, not the fresh one. The PR description reads as if the caller gets the fresh fetch. Tighten the inline comment. Also: gate with if s.preConfirmedPollInterval > 0 (harmless today, but cleaner).

Nits

• sync/pending_polling.go:279 — Ticker tick buffered during a fetch causes an immediate "free" second fetch when the loop re-enters the select. Pre-existing condition; could be drained in the same defer.
• sync/pending_polling_test.go:476-478 — The time.Sleep(50ms) + strict equality is potentially flaky on slow CI. Prefer require.Never or synctest.

Looks good

• Race fix in the test mock counters (atomic.Uint32) — nice catch.
• Trigger storm test correctly waits for the in-flight fetch via Eventually before dispatching the storm.
• pollPreConfirmed correctly handles targetBlockNum == 0 / not-at-tip by continuing after consuming the trigger; the channel buffer of 1 keeps wakeups bounded.
• fetchPreConfirmed correctly uses context.WithTimeout rooted at the parent ctx, so shutdown propagates.
• Usage string for --preconfirmed-poll-interval now matches the new behavior.

Inline comments posted on the specific lines.
· Branch

[RafaelGranza]

Hardcoded for now. Worth exposing as a flag, or fine to keep at 2s?

[RafaelGranza]

This is to avoid race conditions during tests

[github-actions]

Question — 2s timeout vs single feeder attempt.

The feeder client (clients/feeder/feeder.go) sets HTTP timeouts that grow under load (mediumGrowThreshold / IncreaseTimeout). With preConfirmedPollInterval defaulting to 500ms, the cap of 2s is fine for the steady-state case, but a single HTTP attempt that's already paying an increased timeout (say >1s) plus the backoff before the retry will not complete inside 2s. The comment frames this as "can't hold the running guard for the feeder client's full retry budget (~20s)" — but in practice the cap also cancels any retry path, which means under a slow feeder we'll silently never recover within a single fetchPreConfirmed call. The next trigger/tick will restart the attempt from scratch.

That may be the intent (you'd rather retry-from-scratch on the next 500ms tick than wait), but worth being explicit in the comment, and worth confirming this is acceptable on a saturated/sluggish feeder. Two thoughts:

• Consider tying the timeout to max(preConfirmedPollInterval*N, floor) so the cap scales with the configured cadence — a node configured with --preconfirmed-poll-interval=5s probably doesn't want a 2s cap.
• Optionally surface as a flag (the existing TODO hints at this).

[RafaelGranza]

IMO, this is NOT a problem, since the ticker will keep trying if the request failed.

[github-actions]

Subtle: the drain-then-release order can silently swallow a freshness request.

The ordering here is drain trigger → set fetching=false. Consider the trigger storm in the new test (line 460-464): all 100 requests during the fetch are dropped at requestPreConfirmedRefresh because preConfirmedFetching==true. That's the documented behavior. But the buffered slot drained here represents an additional request that arrived in the tiny window between the polling goroutine reading from preConfirmedTrigger and fetchPreConfirmed setting preConfirmedFetching=true. That request was sent after the trigger this fetch was started for, so the fetch result is not necessarily fresh enough to satisfy it.

In practice the next RPC call re-triggers, so it self-heals — but worth a one-line note in the comment that the drain assumes "any trigger queued during the fetch was for data the fetch already covers." Today the comment says "a refresh arriving during this call doesn't fire a back-to-back fetch", which is true but slightly misleading about whose request gets dropped.

A subtle hardening alternative: flip the order — clear the flag first, then drain. That makes the drain semantically "drop triggers that would race with the next iteration's own read", and any request that arrived in the post-drain window queues a fresh fetch on the next iteration. The cost is one possibly-redundant fetch immediately afterwards, but in exchange you never silently lose a request. Up to you whether the current trade-off is worth keeping — just call it out.

[RafaelGranza]

I'll apply changes

[github-actions]

Doc accuracy: the triggering caller does not benefit from the triggered fetch.

This call is fire-and-forget — the fetch is async, so this PreConfirmed() call returns the currently stored s.preConfirmed.Load() below. The fresh data is observed only by:

• the next PreConfirmed() caller (after the fetch updates s.preConfirmed), or
• subscribers of preConfirmedDataFeed.

The PR description ("Each call to PreConfirmed() now triggers a fresh pre_confirmed fetch") reads as if the caller gets the fresh result. They don't. Worth tightening the inline comment here to say something like:

Note: this is async — the current call returns the cached value. Fresh data is observed by the next caller and by preConfirmedDataFeed subscribers.

Also: requestPreConfirmedRefresh() runs even when preConfirmedPollInterval == 0 (polling disabled). It's harmless (channel fills to 1, subsequent sends drop), but slightly wasteful. Consider gating with if s.preConfirmedPollInterval > 0.

[RafaelGranza]

IMO, if the client is dictating the request frequency, this implies it requests frequently.
So not returning the fresher info is not necessary, since the call will re-trigger again, from ticker or request.

[github-actions]

Potentially flaky on slow CI.

The time.Sleep(50ms) followed by a strict require.Equal(t, uint32(1), ...) assumes the polling goroutine has had time to (a) deliver out, (b) loop back to the select, and (c) not be woken by anything. On a heavily loaded CI runner 50ms can be tight, and any spurious wake (e.g. the ticker — even at time.Hour it shouldn't fire, but other timers in the runtime could affect scheduling) would flip the count.

Two cleaner options:

require.Never(t, func() bool {
    return mockDS.numCallsPreConfirmed.Load() != 1
}, 200*time.Millisecond, 10*time.Millisecond,
    "trigger storm during fetch should not produce additional fetches")

or use testing/synctest (already imported in this file) to make the test deterministic. The first is the smallest change.

[github-actions]

Nit: ticker tick buffered during a fetch causes a "free" second fetch.

With default preConfirmedPollInterval=500ms and a fetch that takes most of the 2s timeout (slow feeder, hung connection, etc.), at least one ticker.C will fire and buffer in time.Ticker's 1-slot buffer. The instant fetchPreConfirmed returns and the loop re-enters the select, the buffered tick fires immediately and starts another fetch. That fetch is fine in isolation, but it makes the "1 fetch per interval" intent slightly misleading under slow-feeder conditions.

If you care, drain the ticker in the same defer as the trigger inside fetchPreConfirmed:

defer func() {
    select { case <-s.preConfirmedTrigger: default: }
    select { case <-ticker.C: default: } // would need ticker passed in
    s.preConfirmedFetching.Store(false)
}()

Not a blocker — this PR doesn't make the situation worse than the pre-PR behavior — but a natural companion if you're already adding the trigger drain.

[RafaelGranza]

I'm inclined of not caring about it.

[codecov]

Codecov Report

❌ Patch coverage is 97.29730% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 76.52%. Comparing base (a5e3520) to head (b1bb551).

Files with missing lines	Patch %	Lines
sync/pending_polling.go	97.14%	1 Missing ⚠️

Additional details and impacted files

@@                               Coverage Diff                               @@
##           thiagodeev/feeder-preconfirmed-optimization    #3694      +/-   ##
===============================================================================
+ Coverage                                        76.51%   76.52%   +0.01%     
===============================================================================
  Files                                              402      402              
  Lines                                            36952    36936      -16     
===============================================================================
- Hits                                             28273    28266       -7     
+ Misses                                            6697     6686      -11     
- Partials                                          1982     1984       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Claude finished @RafaelGranza's task in 3m 13s —— View job

---

PR Review (incremental — only the new commit since prior review)

• Check whether new commits have been pushed since the previous review
• Re-read modified files
• Identify any new findings
• Post inline comment on new benchmark
• Post final summary

Only one new commit since the prior review: 0dad90b — test(sync): benchmark the new pooling. It adds TestPreConfirmedUpdateFrequency in sync/pending_polling_test.go (a synctest-based instrumented benchmark comparing ticker-only vs request-driven polling across three fetch latencies). The four production files (sync/pending_polling.go, sync/sync.go, cmd/juno/juno.go) are unchanged from the previous review — so the prior findings still apply, modulo the author's responses below.

New finding (this push)

Nit — sync/pending_polling_test.go:1119 — benchmark probe asserts nothing. Posted inline. Cheap to upgrade into a regression guard by bounding fetches for the request-driven scenario (when fetchLatency >= triggerInterval, the running guard must drop the bulk of triggers). Also a minor metrics-accuracy nit on emitted.Load() racing the trigger goroutine post-cancel — synctest.Wait() after cancel() would pin it.

Re: author responses on prior findings

• 2s per-fetch timeout (sync/pending_polling.go:22) — author: "NOT a problem, the ticker will keep trying if the request failed." That's a defensible call as long as the default --preconfirmed-poll-interval=500ms stays the operational default. Two foot-guns to be aware of: (a) if an operator sets --preconfirmed-poll-interval=5s (legitimate for cost-conscious deployments), the 2s cap aborts a single attempt well before that 5s cadence wants to retry; (b) the new benchmark you just added would happily detect this — wire triggerInterval larger than preConfirmedFetchTimeout and you'll see throughput collapse. Either scale with the interval (max(interval, 2s)) or document the implicit min-cadence requirement in the flag's usage string.
• Async requestPreConfirmedRefresh() in PreConfirmed() (sync/sync.go:614) — author: "if the client is dictating frequency, the call will re-trigger again." Agreed for steady-state RPC traffic. The trade-off only bites on the first call after a long idle period (e.g., a websocket subscriber waking up after the connection was quiet) — that first caller gets stale data. Minor; the inline comment could just say so.
• Ticker tick buffered during a fetch (sync/pending_polling.go:279) — author: "inclined not to care." Fine — pre-existing behavior, doesn't regress, and the benchmark's fetches count will surface it if it ever matters.
• time.Sleep(50ms) flakiness in trigger-storm test (sync/pending_polling_test.go:479) — still worth swapping to require.Never; the change is one line and removes a CI flake class. Up to you.

Looks good

• Benchmark structure is sound — synctest.Test per-scenario, proper buffering on out, correct teardown via <-recorderDone.
• No new files written; no production code touched.
  · Branch

[github-actions]

Nit: this is a Test* that asserts nothing — consider adding bounds so it doubles as a regression test.

The function reads as a benchmark probe (logs metrics via t.Logf, no require.* calls), but it lives under Test* rather than Benchmark* so it runs on every go test ./sync/... invocation. Two consequences:

1. No regression coverage. If pollPreConfirmed ever stopped honoring the running guard and started firing one fetch per trigger, this test would silently log a 20× increase in fetches and still pass. Cheap addition for the request-driven scenario:

   if sc.triggerInterval > 0 {
       // With fetch latency >= triggerInterval, the running guard must drop
       // most triggers; fetches should be bounded by ceil(runDuration/fetchLatency).
       maxFetches := uint32(runDuration/fetchLatency) + 2
       require.LessOrEqual(t, fetches, maxFetches,
           "running guard regressed: expected at most %d fetches, got %d",
           maxFetches, fetches)
   }

2. Minor noise in CI. Six subtests of 5s virtual time each — fast under synctest (well under 1s wall-clock), but the docstring should probably set expectations (or rename to Benchmark* and call from a custom harness).

Also a small metrics-accuracy nit: after cancel(), the trigger-emitting goroutine can fire emitted.Add(1) one more time before observing ctx.Done(), while the main proceeds to emitted.Load() only after <-recorderDone. Off by ≤1 — atomics make this safe, just slightly imprecise in the printed triggers_emitted. A synctest.Wait() after cancel() would pin it.

Not blocking — file is a diagnostic, not load-bearing.

[github-actions]

Claude finished @RafaelGranza's task in 3m 3s —— View job

---

PR Review (incremental — only the new commit since prior review)

• Check what commits are new since the previous review
• Re-read changed files
• Identify any new findings
• Post inline comments (none required this round)
• Update this comment with final summary

Only one new commit since the prior review: b1bb551 — test(sync): Make tests deterministic. It converts the Trigger-storm subtest in sync/pending_polling_test.go to use testing/synctest, replacing the require.Eventually + time.Sleep(50ms) + strict require.Equal combination with synctest.Wait() checkpoints. No production-code changes in this push.

New findings

None. The synctest rewrite is sound and directly addresses the flake nit from the prior review. Tracing the scenario through the bubble:

• requestPreConfirmedRefresh() → channel send buffers (cap 1) → polling goroutine reads trigger, enters fetchPreConfirmed, sets preConfirmedFetching=true, calls mock, parks on <-release. synctest.Wait() returns because the polling goroutine is durably blocked. numCallsPreConfirmed == 1 ✓.
• Storm of 100 requestPreConfirmedRefresh() calls all bail at if s.preConfirmedFetching.Load() { return } since the mock is still blocked. Trigger channel stays empty. ✓.
• close(release) → mock returns → pollPreConfirmed sends to out (buf 32, non-blocking) → loops back → blocks on the select (no trigger, ticker = time.Hour). synctest.Wait() returns and <-out succeeds. ✓.

Two minor things to note (not new — context for the rewrite):

• The release close ordering doesn't exercise the drain-before-release window flagged earlier — the storm happens entirely while fetching=true, so no trigger ever lands in preConfirmedTrigger. That's fine for what this test is checking (the running guard), but the drain-vs-release race noted in the earlier review is not covered by this test. If you ever want to assert "drain runs cleanly", you'd need a separate scenario where a storm request does land in the channel (e.g. release a fetch then immediately storm in a tight loop without synctest.Wait between).
• Ticker is time.Hour — correct for synctest, since synctest.Wait() itself doesn't advance virtual time (only when all goroutines including the test goroutine are blocked on timers). Worth keeping the comment you added so future readers know why.

Re: prior-review items still open

• Drain-then-clear order (sync/pending_polling.go:319-325) — author replied "I'll apply changes" in the previous round, but the order is unchanged in this push. Flagging in case it was just deferred to a follow-up commit and not dropped.
• 2s per-fetch timeout, async requestPreConfirmedRefresh() in PreConfirmed(), ticker-tick-buffered nit — author NACK'd previously; no changes expected here.
• TestPreConfirmedUpdateFrequency asserts nothing (from the previous incremental review) — unchanged in this push; the benchmark probe still has no require.* bounds.

Looks good

• synctest.Test rewrite is clean: t.Context() instead of a hardcoded 2s deadline, explicit checkpoints replacing brittle sleeps, comment explaining why the ticker has to be set to time.Hour under synctest.
• No production code touched — risk surface is purely test-only.
  · Branch