Skip to content

feat(twap-monitor): wire OrderPostError retry_hint on submit (BLEU-829)#6

Open
brunota20 wants to merge 3 commits into
feat/twap-monitor-submit-bleu-828from
feat/twap-monitor-retry-bleu-829
Open

feat(twap-monitor): wire OrderPostError retry_hint on submit (BLEU-829)#6
brunota20 wants to merge 3 commits into
feat/twap-monitor-submit-bleu-828from
feat/twap-monitor-retry-bleu-829

Conversation

@brunota20

@brunota20 brunota20 commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Summary

When `cow_api::submit_order` returns Err, decode the orderbook's typed `ApiError` JSON from `host-error.data` and dispatch on `OrderPostErrorKind::is_retriable()`:

  • retriable (InsufficientFee, TooManyLimitOrders, PriceExceedsMarketPrice) → `RetryAction::TryNextBlock` — leave the watch in place.
  • permanent (InvalidSignature, WrongOwner, DuplicateOrder, UnsupportedToken, InvalidAppData, ...) → `RetryAction::Drop` — delete `watch:{owner}:{params_hash}` + any stale `next_block:` / `next_epoch:` entries.
  • typed payload missing / unparseable → `TryNextBlock` (safe default — a flaky orderbook should not poison a still-valid watch).

A `RetryAction::Backoff { seconds }` variant is defined for completeness with the BLEU-829 contract but has no producer today: cowprotocol's surface is `retry_hint() -> bool` (no server-supplied delay). The slot stays so the dispatcher can grow into it once a hint exists (server `Retry-After` header or a richer typed error).

Host follow-up

`cow_api::submit_order` in nullislabs/shepherd PR #8 currently stuffs the formatted error string into `host-error.message` with `data: None` and hardcoded `code: 0`. `try_decode_api_error` reads from `host-error.data`, so once the host forwards the upstream JSON the dispatch becomes data-driven without further module changes. Test `classify_missing_data_defaults_to_try_next_block` documents today's fallback; the four other `classify_*` tests lock the intended semantics for the post-host-fix world.

dev/m2-base bump

This branch consumes `bleu/cow-rs` at `57f5f55` (= main with #4 BLEU-822 + #5 BLEU-823 in). The bump was pushed as a single commit on `dev/m2-base` so PR #2 / #3 / #4 / #5 don't need to carry it — they rebase / fast-forward through it cleanly.

Stacks on #5 (BLEU-828 submission).

Linear: BLEU-829.

Test plan

  • `cargo test -p twap-monitor` — 29 host tests (3 BLEU-826 + 14 BLEU-827 + 7 BLEU-828 + 5 BLEU-829: retriable / permanent / unknown / missing-data / malformed-data).
  • `cargo clippy --target wasm32-wasip2 -p twap-monitor -- -Dwarnings`.
  • `cargo clippy -p twap-monitor --tests -- -Dwarnings`.
  • `cargo build --target wasm32-wasip2 --release -p twap-monitor` — 298 KB .wasm.
  • End-to-end with live host that forwards `host-error.data` — gated on the shepherd host fix.

brunota20 added 3 commits June 15, 2026 10:24
@brunota20
chore(deps): bump cowprotocol patch to bleu/cow-rs main (BLEU-822 + B…
5a42878 
…LEU-823 in)
@brunota20
Stack BLEU-829 on BLEU-828
f23601b
@brunota20
feat(twap-monitor): wire OrderPostError retry_hint on submit (BLEU-829)
eb0990a 
After \`cow_api::submit_order\` returns Err, decode the orderbook's
typed \`ApiError\` JSON from \`host-error.data\` and dispatch on
\`OrderPostErrorKind::is_retriable()\`:

- retriable (InsufficientFee, TooManyLimitOrders,
  PriceExceedsMarketPrice) -> RetryAction::TryNextBlock — leave
  the watch in place so the next block re-attempts.
- permanent (InvalidSignature, WrongOwner, DuplicateOrder,
  UnsupportedToken, InvalidAppData, ...) -> RetryAction::Drop —
  delete watch:{owner}:{params_hash} and any stale next_block /
  next_epoch entries the lifecycle layer may have written.
- typed payload missing or unparseable -> TryNextBlock (safe
  default: a flaky orderbook should not poison a still-valid
  watch).

A \`RetryAction::Backoff { seconds }\` variant is defined for the
BLEU-829 contract but has no producer: cowprotocol's surface today
is bool-only (no server-supplied delay). The variant is kept so the
dispatcher can grow into it once a hint shows up (e.g. server
\`Retry-After\` header or a richer typed error).

## Host follow-up

\`cow_api::submit_order\` in nullislabs/shepherd PR #8 stuffs the
formatted error string into \`host-error.message\` with \`data: None\`
and \`code: 0\`. \`try_decode_api_error\` reads from \`host-error.data\`
already, so once the host forwards the upstream JSON the dispatch
becomes data-driven without further module changes. Test
\`classify_missing_data_defaults_to_try_next_block\` documents the
current fallback; the four other classify tests lock the
intended semantics for when the host catches up.

Tests: 5 new (retriable / permanent / unknown / missing-data /
malformed-data). Total 29 host tests. \`.wasm\` 298 KB (was 273 KB;
adds the typed ApiError decode + the small dispatcher).

Note: this branch also picks up the dev/m2-base bump to
bleu/cow-rs main (\`57f5f55\`), which lands BLEU-822
(\`OrderPostErrorKind\`) + BLEU-823 — both now visible through the
\`cowprotocol\` re-exports.

Linear: BLEU-829.
@linear-code

linear-code Bot commented Jun 15, 2026

Copy link
Copy Markdown

BLEU-829

@brunota20 brunota20 mentioned this pull request Jun 15, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@brunota20