@checkstack/incident-backend 1.3.0 → 1.5.0

package/src/service.ts

@@ -1,5 +1,5 @@
 import { eq, and, inArray, ne } from "drizzle-orm";
-import type { SafeDatabase } from "@checkstack/backend-api";
+import type { AdvisoryLockService, SafeDatabase } from "@checkstack/backend-api";
 import * as schema from "./schema";
 import {
   incidents,
@@ -17,6 +17,7 @@ import type {
   UpdateIncidentInput,
   AddIncidentUpdateInput,
   IncidentStatus,
+  IncidentSeverity,
 } from "@checkstack/incident-common";
 
 type Db = SafeDatabase<typeof schema>;
@@ -26,7 +27,10 @@ function generateId(): string {
 }
 
 export class IncidentService {
-  constructor(private db: Db) {}
+  constructor(
+    private db: Db,
+    private advisoryLock: AdvisoryLockService,
+  ) {}
 
   /**
    * List incidents with optional filters
@@ -125,6 +129,62 @@ export class IncidentService {
     };
   }
 
+  /**
+   * Batched reactive-state read for the `incident` entity (Model B
+   * plugin-backed `read` accessor). Given incident ids, return the reactive
+   * subset `{ status, severity, systemIds }` for each that exists (missing
+   * ids omitted). Reads the AUTHORITATIVE `incidents` + `incident_systems`
+   * tables — no framework `entity_state` storage. This is the single source
+   * of truth `handle.mutate` snapshots `prev` from and `get`/`getMany`/scope
+   * enrichment route through.
+   */
+  async getManyEntityStates(
+    ids: ReadonlyArray<string>,
+  ): Promise<
+    Record<string, { status: IncidentStatus; severity: IncidentSeverity; systemIds: string[] }>
+  > {
+    if (ids.length === 0) return {};
+
+    const rows = await this.db
+      .select({
+        id: incidents.id,
+        status: incidents.status,
+        severity: incidents.severity,
+      })
+      .from(incidents)
+      .where(inArray(incidents.id, [...ids]));
+    if (rows.length === 0) return {};
+
+    const presentIds = rows.map((r) => r.id);
+    const systemRows = await this.db
+      .select({
+        incidentId: incidentSystems.incidentId,
+        systemId: incidentSystems.systemId,
+      })
+      .from(incidentSystems)
+      .where(inArray(incidentSystems.incidentId, presentIds));
+
+    const systemsByIncident = new Map<string, string[]>();
+    for (const r of systemRows) {
+      const list = systemsByIncident.get(r.incidentId);
+      if (list) list.push(r.systemId);
+      else systemsByIncident.set(r.incidentId, [r.systemId]);
+    }
+
+    const out: Record<
+      string,
+      { status: IncidentStatus; severity: IncidentSeverity; systemIds: string[] }
+    > = {};
+    for (const row of rows) {
+      out[row.id] = {
+        status: row.status,
+        severity: row.severity,
+        systemIds: systemsByIncident.get(row.id) ?? [],
+      };
+    }
+    return out;
+  }
+
   /**
    * Get active incidents for a system
    */
@@ -165,13 +225,18 @@ export class IncidentService {
   }
 
   /**
-   * Create a new incident
+   * Create a new incident.
+   *
+   * `id` may be supplied by the caller so the reactive `incident` entity can
+   * be keyed on a known id BEFORE the insert runs (the create's `prev`
+   * snapshot must read the not-yet-existing row as absent — see §10.1). When
+   * omitted, a fresh id is generated. The id is server-owned either way.
    */
   async createIncident(
     input: CreateIncidentInput,
     userId?: string,
+    id: string = generateId(),
   ): Promise<IncidentWithSystems> {
-    const id = generateId();
 
     await this.db.insert(incidents).values({
       id,
@@ -407,4 +472,87 @@ export class IncidentService {
 
     return !!match;
   }
+
+  /**
+   * Find a single OPEN (not-resolved) incident affecting `systemId`, if
+   * any. Returns the incident with its systems, mirroring the old
+   * auto-incident `findActiveAutoIncident(systemId)` dedup semantic. Used
+   * by `incident.create`'s opt-in `dedupe_open_for_system` flag so a
+   * second trigger for an already-incidented system reuses the open
+   * incident rather than opening a duplicate.
+   */
+  async findActiveIncidentForSystem(
+    systemId: string,
+  ): Promise<IncidentWithSystems | undefined> {
+    const systemIncidents = await this.db
+      .select({ incidentId: incidentSystems.incidentId })
+      .from(incidentSystems)
+      .where(eq(incidentSystems.systemId, systemId));
+
+    const ids = systemIncidents.map((r) => r.incidentId);
+    if (ids.length === 0) return undefined;
+
+    const [match] = await this.db
+      .select({ id: incidents.id })
+      .from(incidents)
+      .where(and(inArray(incidents.id, ids), ne(incidents.status, "resolved")))
+      .limit(1);
+
+    if (!match) return undefined;
+    return this.getIncident(match.id);
+  }
+
+  /**
+   * Dedup-aware create for a single system, used by the `incident.create`
+   * automation action when `dedupe_open_for_system` is set. Serializes the
+   * check-then-create per system with a transaction-scoped advisory lock so
+   * two concurrent triggers for the same system (e.g. sustained + flapping)
+   * can't both observe "no open incident" and both create one. The critical
+   * section is short (a find + an insert), so a transaction-scoped lock is
+   * the right primitive (it auto-releases at COMMIT, no leak possible).
+   *
+   * Returns `{ incident, reused }` — `reused` is true when an already-open
+   * incident for the system was found and returned instead of creating.
+   */
+  async createIncidentDedupedForSystem(
+    input: CreateIncidentInput,
+    dedupeSystemId: string,
+    userId?: string,
+    newId?: string,
+    /**
+     * Optional create wrapper (§10.1, 6(a)). When the dedup decides to CREATE,
+     * the actual create runs through this wrapper INSIDE the advisory lock, so
+     * the reactive `incident` entity write (which snapshots `prev` before the
+     * insert) is serialized with the dedup check. The wrapper receives the
+     * bound create thunk and MUST call it exactly once, returning its result.
+     * Defaults to calling the create directly (non-reactive).
+     */
+    onCreate: (
+      create: () => Promise<IncidentWithSystems>,
+    ) => Promise<IncidentWithSystems> = (create) => create(),
+  ): Promise<{ incident: IncidentWithSystems; reused: boolean }> {
+    return this.advisoryLock.withXactLock({
+      key: `incident.dedupe-open-for-system:${dedupeSystemId}`,
+      // The find + create deliberately run on `this.db` (the admin pool), NOT
+      // on the lock connection. That is safe because `pg_advisory_xact_lock`
+      // BLOCKS every other holder of this key until this lock transaction
+      // commits: a racing caller waits at lock-acquire, so its find can't
+      // observe "no open incident" until ours has already committed the
+      // insert. Crucially, the lock transaction lives on the DEDICATED lock
+      // pool (see `createAdvisoryLockService(lockPool)`), so holding it open
+      // while the work runs on the admin pool cannot starve the admin pool.
+      fn: async () => {
+        const existing = await this.findActiveIncidentForSystem(dedupeSystemId);
+        if (existing) {
+          return { incident: existing, reused: true };
+        }
+        // Create through the caller's wrapper (reactive entity write) so the
+        // `incident.created` emit is serialized inside the dedup lock.
+        const incident = await onCreate(() =>
+          this.createIncident(input, userId, newId),
+        );
+        return { incident, reused: false };
+      },
+    });
+  }
 }