Skip to content

feat(sdk): rethrow publishProfileAndMark + publishAndMark for eager onboarding banner#99

Open
variablefate wants to merge 4 commits intomainfrom
claude/sdk-publish-throws
Open

feat(sdk): rethrow publishProfileAndMark + publishAndMark for eager onboarding banner#99
variablefate wants to merge 4 commits intomainfrom
claude/sdk-publish-throws

Conversation

@variablefate
Copy link
Copy Markdown
Owner

@variablefate variablefate commented May 6, 2026

Summary

  • Promote RoadflareDomainService.publishProfileAndMark and ProfileBackupCoordinator.publishAndMark from async to async throws. Onboarding (runOnboardingPublishImpl) catches and fires the banner immediately when online instead of waiting the full 60s for the watchdog. ADR-0016's watchdog stays as the hang-case safety net.
  • ProfileBackupCoordinator.publishAndMark preserves its republish-loop coalescing via a last-iteration-error semantic: a coalesced republish that succeeds rescues an earlier failure; only a terminal failure throws. Sessions invalidated by clearAll() return without throw.
  • Non-onboarding callers (SyncCoordinator.flushPendingSyncPublishes, SyncDomainStrategy.publishLocal, settings/locations UI taps in SettingsTab / PaymentMethodsScreen / SavedLocationsView) wrap with try? to preserve best-effort contract — the dirty flag is still the source of truth there.
  • Followed-drivers and ride-history publishXAndMark helpers stay async (no UI watchdog observes them).
  • OnboardingPublishWatchdogTests gets two new tests: eager-fire-when-online and stay-quiet-when-offline-then-rearm.

ADR-0017 documents the decision and rationale. Closes Issue #97 item 2.

Test plan

  • swift test (838 tests) — all pass; new publishProfileAndMarkRethrowsRelayFailure test exercises the throw, existing publishAndMarkFailurePathSkipsMarkPublished updated to expect the throw.
  • xcodebuild ... test (full iOS test plan) — all pass; new eagerErrorSurfacesBannerBeforeWatchdogTimeoutWhenOnline asserts banner fires in <500ms with timeout configured to 60s (production value), eagerErrorStaysQuietWhenOffline asserts watchdog parking owns the offline path.
  • Manual on-device verification deferred to Issue Onboarding publish-failure surface: device verification + 4 deferred follow-ups #97 item 1 (ride next TestFlight build): toggle airplane mode mid-ProfileSetup → tap Continue → expect banner near-instant on online toggle, not after 60s.

🤖 Generated with Claude Code

@variablefate @claude
feat(sdk): rethrow publishProfileAndMark + ProfileBackupCoordinator.p…
dbca1d4 
…ublishAndMark

Onboarding watchdog (ADR-0016) inferred publish failure from a sync-store
dirty flag because both `publishProfileAndMark` and `publishAndMark`
swallowed errors at the SDK boundary. Even an instant relay rejection
left the user staring for the full 60s window before the banner appeared.

Promote the two helpers to `async throws`. AppState's onboarding path
catches and runs the same connectivity-gated check the watchdog uses,
firing the banner immediately when online (and deferring to the
watchdog's offline-park branch when not). The watchdog stays as the
hang-case safety net.

`ProfileBackupCoordinator.publishAndMark` preserves its republish-loop
coalescing semantic via a last-iteration error: a coalesced republish
that succeeds rescues an earlier failed iteration; only a terminal
failure throws.

Non-onboarding callers (`SyncCoordinator.flushPendingSyncPublishes`,
`SyncDomainStrategy.publishLocal`, settings/locations UI taps) wrap with
`try?` to preserve their best-effort contract.

ADR-0017 documents the change. Closes #97 item 2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@variablefate
Copy link
Copy Markdown
Owner Author

variablefate commented May 6, 2026

Code review

Found 1 issue:

  1. saveAndPublishSettings short-circuits on first throw, skipping the second publish. Pre-PR, both await publishProfile() and await publishProfileBackup() always ran (errors swallowed inside). Post-PR, try await publishProfile() followed by try await publishProfileBackup() aborts the second call when the first throws. In the eager-error catch (runOnboardingPublishImpl for .settingsBackup) this is compounded by onboardingPublishWatchdogTask?.cancel() — the watchdog that was the safety net for partial-failure cases (its isOnboardingDomainDirty(.settingsBackup) checks both .profile AND .profileBackup flags) is now cancelled, leaving the .profileBackup publish un-attempted until manual Retry or reconnectAndRestoreSession.flushPendingSyncPublishes. Consider capturing the first error but running both publishes before throwing, e.g. do { try await publishProfile() } catch { first = error }; do { try await publishProfileBackup() } catch { first = first ?? error }; if let first { throw first }.

roadflare-ios/RoadFlare/RoadFlareCore/ViewModels/AppState.swift

Lines 441 to 447 in dbca1d4

}
public func saveAndPublishSettings() async throws {
try await publishProfile()
try await publishProfileBackup()
}

🤖 Generated with Claude Code

- If this code review was useful, please react with 👍. Otherwise, react with 👎.

variablefate and others added 2 commits May 5, 2026 18:03
@variablefate @claude
fix(onboarding): saveAndPublishSettings always attempts both publishes
5954585 
Pre-PR-99 the two `await` calls swallowed errors internally so both ran
unconditionally. After the throws migration, `try await publishProfile()`
short-circuited the chain — `publishProfileBackup()` never ran when the
first call failed, leaving the Kind 30177 backup unattempted until a
manual Retry or the next reconnect-flush.

Capture the first error, run both publishes, throw if either failed.
The eager-error catch in `runOnboardingPublishImpl` still surfaces the
banner when at least one fails.

Addresses code review feedback on PR #99.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@variablefate @claude
chore(appstate): align publishProfileBackup to publishProfile's guard…
d21e159 
… pattern

Both methods silently no-op when the sync coordinator isn't configured,
but `publishProfile` made it explicit via `guard let ... else { return }`
while `publishProfileBackup` relied on optional-chaining a throwing call,
which silently returns nil-coalesced Void without throwing. Same end
state, but the explicit guard reads better and matches the sibling.

Code review follow-up on PR #99.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@variablefate variablefate mentioned this pull request May 7, 2026
Open
3 tasks
@variablefate
Copy link
Copy Markdown
Owner Author

variablefate commented May 7, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

🤖 Generated with Claude Code

- If this code review was useful, please react with 👍. Otherwise, react with 👎.

@variablefate @claude
chore: address sub-80 code-review polish
173b01c 
- ProfileBackupCoordinator: capture `generationStillValid` inside the
  atomic-exit lock so the post-loop throw decision uses state from the
  same critical section, restoring the "atomic single-lock exits"
  contract that .claude/CLAUDE.md mandates for publish state machines.
- AppState: update `startOnboardingPublish` doc to acknowledge that
  the publish is no longer "unsupervised" — the eager-error catch
  block (ADR-0017) is a second failure-surface path that runs
  concurrently with the watchdog.
- AppState: update `onboardingPublishTask` doc to reflect that
  cancellation matters at three places now (entry-bail + two checks
  bracketing the connectivity await in the catch block), not just
  pre-scheduling.

Code-review follow-up. No behavior change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@variablefate