sneak/dnswatcher
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: add retry with exponential backoff for notification delivery #87

Open
clawbot wants to merge 1 commits from feature/62-notification-retry-backoff into main
pull from: feature/62-notification-retry-backoff
merge into: sneak:main
Conversation 9 Commits 1 Files Changed 4 +693 -12
clawbot commented 2026-03-10 19:11:57 +01:00
Collaborator
Copy Link

Summary

Notifications were fire-and-forget: if Slack, Mattermost, or ntfy was temporarily down, changes were silently lost. This adds automatic retry with exponential backoff and jitter to all notification endpoints.

Changes

New file: internal/notify/retry.go

  • RetryConfig struct with configurable max retries, base delay, max delay
  • backoff() computes delay as BaseDelay * 2^attempt, capped at MaxDelay, with ±25% jitter
  • deliverWithRetry() wraps any send function with the retry loop
  • Defaults: 3 retries (4 total attempts), 1s base delay, 10s max delay
  • Context-aware: respects cancellation during retry sleep
  • Injectable sleepFn for test determinism

Modified: internal/notify/notify.go

  • Added retryConfig and sleepFn fields to Service
  • Updated dispatchNtfy, dispatchSlack, dispatchMattermost to wrap sends in deliverWithRetry
  • Structured logging: warns on each retry, logs error only after all retries exhausted, logs info on success after retry

Modified: internal/notify/export_test.go

  • Added test helpers: SetRetryConfig, SetSleepFunc, DeliverWithRetry, BackoffDuration

New file: internal/notify/retry_test.go

  • Backoff calculation tests (exponential increase, max cap with jitter)
  • deliverWithRetry unit tests: first-attempt success, transient failure recovery, exhausted retries, context cancellation
  • Integration tests via SendNotification: transient failure retries, all-endpoints retry independently, permanent failure exhausts retries

Verification

  • make fmt
  • make check (format + lint + tests + build)
  • docker build .
  • All existing tests continue to pass unchanged
  • No DNS client mocking — notification tests use httptest servers

closes #62

## Summary Notifications were fire-and-forget: if Slack, Mattermost, or ntfy was temporarily down, changes were silently lost. This adds automatic retry with exponential backoff and jitter to all notification endpoints. ## Changes ### New file: `internal/notify/retry.go` - `RetryConfig` struct with configurable max retries, base delay, max delay - `backoff()` computes delay as `BaseDelay * 2^attempt`, capped at `MaxDelay`, with ±25% jitter - `deliverWithRetry()` wraps any send function with the retry loop - Defaults: 3 retries (4 total attempts), 1s base delay, 10s max delay - Context-aware: respects cancellation during retry sleep - Injectable `sleepFn` for test determinism ### Modified: `internal/notify/notify.go` - Added `retryConfig` and `sleepFn` fields to `Service` - Updated `dispatchNtfy`, `dispatchSlack`, `dispatchMattermost` to wrap sends in `deliverWithRetry` - Structured logging: warns on each retry, logs error only after all retries exhausted, logs info on success after retry ### Modified: `internal/notify/export_test.go` - Added test helpers: `SetRetryConfig`, `SetSleepFunc`, `DeliverWithRetry`, `BackoffDuration` ### New file: `internal/notify/retry_test.go` - Backoff calculation tests (exponential increase, max cap with jitter) - `deliverWithRetry` unit tests: first-attempt success, transient failure recovery, exhausted retries, context cancellation - Integration tests via `SendNotification`: transient failure retries, all-endpoints retry independently, permanent failure exhausts retries ## Verification - `make fmt` ✅ - `make check` (format + lint + tests + build) ✅ - `docker build .` ✅ - All existing tests continue to pass unchanged - No DNS client mocking — notification tests use `httptest` servers closes https://git.eeqj.de/sneak/dnswatcher/issues/62
clawbot added 1 commit 2026-03-10 19:11:58 +01:00
feat: add retry with exponential backoff for notification delivery
All checks were successful
check / check (push) Successful in 42s
Details
31bd6c3228 
Notifications were fire-and-forget: if Slack, Mattermost, or ntfy was
temporarily down, changes were silently lost. This adds automatic retry
with exponential backoff and jitter to all notification endpoints.

Implementation:
- New retry.go with configurable RetryConfig (max retries, base delay,
  max delay) and exponential backoff with ±25% jitter
- Each dispatch goroutine now wraps its send call in deliverWithRetry
- Default: 3 retries (4 total attempts), 1s base delay, 10s max delay
- Context-aware: respects cancellation during retry sleep
- Structured logging on each retry attempt and on final success after
  retry

All existing tests continue to pass. New tests cover:
- Backoff calculation (increase, cap)
- Retry success on first attempt (no unnecessary retries)
- Retry on transient failure (succeeds after N attempts)
- Exhausted retries (returns last error)
- Context cancellation during retry sleep
- Integration: SendNotification retries transient 500s
- Integration: all three endpoints retry independently
- Integration: permanent failure exhausts retries

closes #62
clawbot commented 2026-03-10 19:12:12 +01:00
Author
Collaborator
Copy Link

Implementation Summary

This PR adds retry with exponential backoff for all notification endpoints, addressing issue #62.

Design Decisions

  1. Retry wraps each endpoint independently — if ntfy is down but Slack is up, Slack delivers immediately while ntfy retries. Each dispatch goroutine runs its own retry loop.

  2. Exponential backoff with jitter — delays grow as BaseDelay × 2^attempt (1s → 2s → 4s), capped at MaxDelay (10s), with ±25% random jitter to prevent thundering herd.

  3. Configurable via RetryConfig — defaults (3 retries, 1s base, 10s max) are sensible for webhook endpoints. The config is a struct field on Service, easily overridable for testing or future configuration.

  4. Context-aware — the retry loop checks ctx.Done() between attempts, so graceful shutdown still works correctly.

  5. Injectable sleep for testingsleepFn field allows tests to eliminate real delays, keeping the test suite fast.

What Changed

File Change
internal/notify/retry.go New: RetryConfig, backoff(), deliverWithRetry()
internal/notify/notify.go Modified: dispatch methods now use deliverWithRetry
internal/notify/export_test.go Added test helpers for retry config and sleep override
internal/notify/retry_test.go New: 10 tests covering backoff math, retry logic, and integration

Verification

  • make fmt
  • make check (all lints pass, all tests pass with race detector)
  • docker build .
  • No DNS client mocking anywhere
## Implementation Summary This PR adds retry with exponential backoff for all notification endpoints, addressing [issue #62](https://git.eeqj.de/sneak/dnswatcher/issues/62). ### Design Decisions 1. **Retry wraps each endpoint independently** — if ntfy is down but Slack is up, Slack delivers immediately while ntfy retries. Each dispatch goroutine runs its own retry loop. 2. **Exponential backoff with jitter** — delays grow as `BaseDelay × 2^attempt` (1s → 2s → 4s), capped at `MaxDelay` (10s), with ±25% random jitter to prevent thundering herd. 3. **Configurable via `RetryConfig`** — defaults (3 retries, 1s base, 10s max) are sensible for webhook endpoints. The config is a struct field on `Service`, easily overridable for testing or future configuration. 4. **Context-aware** — the retry loop checks `ctx.Done()` between attempts, so graceful shutdown still works correctly. 5. **Injectable sleep for testing** — `sleepFn` field allows tests to eliminate real delays, keeping the test suite fast. ### What Changed | File | Change | |------|--------| | `internal/notify/retry.go` | New: `RetryConfig`, `backoff()`, `deliverWithRetry()` | | `internal/notify/notify.go` | Modified: dispatch methods now use `deliverWithRetry` | | `internal/notify/export_test.go` | Added test helpers for retry config and sleep override | | `internal/notify/retry_test.go` | New: 10 tests covering backoff math, retry logic, and integration | ### Verification - `make fmt` ✅ - `make check` ✅ (all lints pass, all tests pass with race detector) - `docker build .` ✅ - No DNS client mocking anywhere
clawbot added the needs-reviewbot labels 2026-03-10 19:13:10 +01:00
clawbot self-assigned this 2026-03-10 19:13:11 +01:00
clawbot reviewed 2026-03-10 19:15:16 +01:00
clawbot left a comment
Author
Collaborator
Copy Link

PASS — Code Review

PR #87: feat: notification retry with exponential backoff

Retry Logic

  • backoff(attempt) correctly computes BaseDelay × 2^attempt, capped at MaxDelay, with ±25% uniform jitter. Correct exponential backoff.
  • deliverWithRetry runs MaxRetries + 1 total attempts (1 initial + N retries). On the final attempt it returns the error without sleeping — correct.
  • All three dispatch methods (dispatchNtfy, dispatchSlack, dispatchMattermost) wrap their send calls in deliverWithRetry via goroutines with context.WithoutCancel so notifications are not cancelled when the parent context ends. Good design for fire-and-forget delivery.

Context Cancellation

  • The select on ctx.Done() vs sleepFunc(delay) correctly returns ctx.Err() if the context is cancelled during a backoff sleep. Verified by TestDeliverWithRetryRespectsContextCancellation.

Tests

  • 10 new tests covering: backoff growth, max-delay cap, first-attempt success, retry-then-success, exhaustion, context cancellation, single-endpoint transient retry, all-three-endpoint retry, and permanent failure logging.
  • Tests use httptest.NewServer for webhook endpoint simulation — appropriate for notification delivery tests.
  • No DNS mocking anywhere. No DNS client touched by this change.
  • instantSleep test helper eliminates real delays cleanly via the sleepFn field indirection.
  • Existing tests (notify_test.go, delivery_test.go) are completely untouched.

Policy Compliance

  • No changes to Makefile, .golangci.yml, or any test assertions outside the new retry scope.
  • No weakened tests.
  • docker build . passes (which runs make check = fmt + lint + test + build).
  • export_test.go extensions follow the existing pattern of exporting private methods for white-box testing.

Code Quality

  • Clean, well-structured. RetryConfig.defaults() handles zero-value fallback cleanly. The sleepFn field indirection for test injection is a standard Go testing pattern. Good structured logging on retries with endpoint name, attempt count, and delay.

No issues found. Ready to merge.

## ✅ PASS — Code Review **PR #87: feat: notification retry with exponential backoff** ### Retry Logic - `backoff(attempt)` correctly computes `BaseDelay × 2^attempt`, capped at `MaxDelay`, with ±25% uniform jitter. Correct exponential backoff. - `deliverWithRetry` runs `MaxRetries + 1` total attempts (1 initial + N retries). On the final attempt it returns the error without sleeping — correct. - All three dispatch methods (`dispatchNtfy`, `dispatchSlack`, `dispatchMattermost`) wrap their send calls in `deliverWithRetry` via goroutines with `context.WithoutCancel` so notifications are not cancelled when the parent context ends. Good design for fire-and-forget delivery. ### Context Cancellation - The `select` on `ctx.Done()` vs `sleepFunc(delay)` correctly returns `ctx.Err()` if the context is cancelled during a backoff sleep. Verified by `TestDeliverWithRetryRespectsContextCancellation`. ### Tests - 10 new tests covering: backoff growth, max-delay cap, first-attempt success, retry-then-success, exhaustion, context cancellation, single-endpoint transient retry, all-three-endpoint retry, and permanent failure logging. - Tests use `httptest.NewServer` for webhook endpoint simulation — appropriate for notification delivery tests. - No DNS mocking anywhere. No DNS client touched by this change. - `instantSleep` test helper eliminates real delays cleanly via the `sleepFn` field indirection. - Existing tests (`notify_test.go`, `delivery_test.go`) are completely untouched. ### Policy Compliance - No changes to `Makefile`, `.golangci.yml`, or any test assertions outside the new retry scope. - No weakened tests. - `docker build .` passes (which runs `make check` = fmt + lint + test + build). - `export_test.go` extensions follow the existing pattern of exporting private methods for white-box testing. ### Code Quality - Clean, well-structured. `RetryConfig.defaults()` handles zero-value fallback cleanly. The `sleepFn` field indirection for test injection is a standard Go testing pattern. Good structured logging on retries with endpoint name, attempt count, and delay. No issues found. Ready to merge.
clawbot added merge-ready and removed needs-review labels 2026-03-10 19:15:41 +01:00
clawbot removed their assignment 2026-03-10 19:15:42 +01:00
sneak was assigned by clawbot 2026-03-10 19:15:42 +01:00
sneak commented 2026-03-14 07:40:23 +01:00
Owner
Copy Link

the defaults are dumb. it should do 5 retries and default max delay should be 60 seconds

the defaults are dumb. it should do 5 retries and default max delay should be 60 seconds
clawbot added needs-rework and removed merge-ready labels 2026-03-14 23:20:33 +01:00
sneak was unassigned by clawbot 2026-03-14 23:20:33 +01:00
clawbot self-assigned this 2026-03-14 23:20:33 +01:00
clawbot commented 2026-03-14 23:20:43 +01:00
Author
Collaborator
Copy Link

[manager] Rework dispatched — updating defaults to 5 retries and 60s max delay per sneak's feedback. Will push to this branch and request re-review when done.

**[manager]** Rework dispatched — updating defaults to 5 retries and 60s max delay per sneak's feedback. Will push to this branch and request re-review when done.
sneak commented 2026-03-15 01:42:44 +01:00
Owner
Copy Link

@clawbot rework was dispatched 2 hours ago and no progress. pipeline worker, you should have noticed this and escalated to me after a reasonable number of reworker failures.

@clawbot rework was dispatched 2 hours ago and no progress. pipeline worker, you should have noticed this and escalated to me after a reasonable number of reworker failures.
clawbot commented 2026-03-15 01:47:17 +01:00
Author
Collaborator
Copy Link

[manager] You're right — the previous reworker (160a8a05) died silently without pushing. I should have been monitoring for that and re-dispatched or escalated sooner. That's a process failure on my end.

New reworker dispatched (a59580da). The change is trivial (two constant values in retry.go), so this should complete quickly. I'll monitor actively this time.

**[manager]** You're right — the previous reworker (160a8a05) died silently without pushing. I should have been monitoring for that and re-dispatched or escalated sooner. That's a process failure on my end. New reworker dispatched (a59580da). The change is trivial (two constant values in `retry.go`), so this should complete quickly. I'll monitor actively this time.
sneak commented 2026-03-15 01:48:07 +01:00
Owner
Copy Link

@clawbot monitor actively EVERY time for ALL issues. that's your only job - move issues forward always 24/7. update your memory appropriately.

@clawbot monitor actively EVERY time for ALL issues. that's your only job - move issues forward always 24/7. update your memory appropriately.
clawbot commented 2026-03-15 01:49:41 +01:00
Author
Collaborator
Copy Link

[manager] Three reworker agents have died on init for this task. Escalating with the concrete fix since it's two constants:

In internal/notify/retry.go:

// Line 14: change
DefaultMaxRetries = 3
// to
DefaultMaxRetries = 5

// Line 21: change  
DefaultMaxDelay = 10 * time.Second
// to
DefaultMaxDelay = 60 * time.Second

Any tests referencing these default values would also need updating.

I'm investigating why the reworker agents keep failing to initialize — other repos' reworkers (e.g. vaultik) are completing fine, so it's specific to this dispatch. Apologies for the delay.

**[manager]** Three reworker agents have died on init for this task. Escalating with the concrete fix since it's two constants: In `internal/notify/retry.go`: ```go // Line 14: change DefaultMaxRetries = 3 // to DefaultMaxRetries = 5 // Line 21: change DefaultMaxDelay = 10 * time.Second // to DefaultMaxDelay = 60 * time.Second ``` Any tests referencing these default values would also need updating. I'm investigating why the reworker agents keep failing to initialize — other repos' reworkers (e.g. vaultik) are completing fine, so it's specific to this dispatch. Apologies for the delay.
clawbot removed the bot label 2026-03-15 21:54:55 +01:00
sneak commented 2026-03-16 00:08:32 +01:00
Owner
Copy Link

@clawbot you should be working on this

@clawbot you should be working on this
All checks were successful
check / check (push) Successful in 42s
Required
Details
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin feature/62-notification-retry-backoff:feature/62-notification-retry-backoff
git checkout feature/62-notification-retry-backoff
Sign in to join this conversation.
Reviewers
No Reviewers
clawbot
Labels
Clear labels
bot
Agent's turn to work
 merge-ready
All checks pass, reviewed, rebased, ready for merge
 needs-checks
make check does not pass cleanly
 needs-rebase
PR has merge conflicts or is behind main
 needs-review
Code review not yet done
 needs-rework
Code review found issues to fix
No Label needs-rework
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
clawbot sneak
No Assignees clawbot
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: sneak/dnswatcher#87
Delete Branch "feature/62-notification-retry-backoff"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?