feat(txn-dedup): standalone SET routes through option-2 dedup loop

[bootjp]

Summary

Stacked on PR-A (#887). Extends option-2 dedup to standalone SET (dispatched outside MULTI). When r.onePhaseTxnDedup is on, r.set wraps the single command as a 1-element redcon.Command queue and dispatches via runTransactionWithDedup — reusing the M3 EXEC machinery instead of building a per-handler reusableSetTxn + dispatchSetReuse shape. SET already has applySet on txnContext, so this is the "free" extension to any command whose txn-state-aware apply hook already exists.

The standalone fast path (trySetFastPath) is intentionally bypassed under the gate: dedup is opt-in, and a non-dedup'd fast path under a dedup-on cluster would split the idempotency contract.

Base: feat/txn-dedup-docs-and-tests (PR #887).

Why standalone INCR / HSET are out of scope for THIS PR

INCR (in adapter/redis_compat_commands.go) and HSET both lack a txnContext.applyIncr / applyHSet implementation, so the "route through single-mop EXEC" pattern that worked here for SET cannot apply as-is — runTransactionWithDedup would reject the command at txn.apply ("unsupported in MULTI"). Bringing them in requires implementing applyIncr / applyHSet first (each ~30–50 LOC for the txn-state-aware read-compute-write shape), then the standalone handler routing is a one-liner via this same path. Tracked as separate follow-up PRs; until then, INCR and HSET keep today's buggy-under-churn behaviour — the design doc's stated default ("everything else keeps today's behaviour until its hook is added").

Caller audit (per /loop semantic-change rule)

• r.set (handler): gate-on takes a new code path; gate-off preserved verbatim via setLegacy. No external callers exist (it is wired only into the redcon dispatch table).
• setLegacy (new): byte-identical extraction of the pre-PR set() body. No external callers.
• writeRedisStandaloneResult (new): translates a single-element []redisResult from runTransactionWithDedup into the bare redcon reply shape (no WriteArray wrapper). Single caller in this PR; future SET-pattern callers will reuse it.

Tests

• adapter/redis_set_dedup_test.go (new):
  • TestStandaloneSetDedup_LandedPriorAttempt_ReturnsOK: gate-on + ambiguous attempt-1 land + reuse → probe hits → cached "OK" returned, dispatches=2, probeNoOps=1.
  • TestStandaloneSetDedup_DisabledKeepsLegacyPath: gate-off path runs no probe.
• Existing TestRedis_SET* and dedup suites still pass.

Validation

• go test ./adapter/ -run 'Dedup|Txn|MULTI|EXEC|TestRedis_SET' passes
• gofmt, go vet, golangci-lint run all clean (0 issues)

Design doc

docs/design/2026_05_21_proposed_txn_secondary_idempotency.md §M3 — standalone SET marked LANDED, standalone INCR/HSET called out as follow-up with the precise reason they cannot land alongside SET in this PR.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b5b3a75c-93be-4bee-a83a-8ecf60379811

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/standalone-set-dedup

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request implements deduplication for standalone SET commands by routing them through the transaction deduplication machinery (runTransaction) when the onePhaseTxnDedup gate is enabled. It extracts the legacy path into setLegacy, introduces writeRedisStandaloneResult to handle standalone response translation, adds corresponding unit tests, and updates the design documentation. I have no feedback to provide as there are no review comments and the implementation is clean and well-tested.

[bootjp]

@claude review

PR-B: standalone SET routes through option-2 dedup loop.

Mechanism: when r.onePhaseTxnDedup is on, r.set wraps the command as a 1-element redcon.Command queue and dispatches via runTransactionWithDedup. setLegacy preserves the pre-PR body byte-identical for the gate-off path. writeRedisStandaloneResult translates the single-element results array to a bare redcon reply (no WriteArray wrapper).

Standalone INCR / HSET are documented as out of scope because they lack txnContext.applyIncr / applyHSet hooks (would each be a ~30-50 LOC feature add).

Please verify: (1) setLegacy is byte-identical to the pre-PR set() body; (2) the writeRedisStandaloneResult coverage matches every redisResult type emitted by applySet (resultString OK, resultNil for NX/XX miss, resultBulk for GET old-value); (3) the gate-off path is unchanged (TestStandaloneSetDedup_DisabledKeepsLegacyPath pins this).

[claude]

Claude finished @bootjp's task in 2m 57s —— View job

---

PR #888 Review — standalone SET dedup

Todo list:

• Load tools
• Read changed files and diff
• Verify (1): setLegacy is byte-identical to pre-PR set() body
• Verify (2): writeRedisStandaloneResult covers all redisResult types from applySet
• Verify (3): gate-off path unchanged (TestStandaloneSetDedup_DisabledKeepsLegacyPath)
• General review: correctness, concurrency, edge cases
• Post final review

---

Verification Results

(1) setLegacy byte-identical to pre-PR set() body — ✅ Confirmed

The diff cleanly confirms the extraction: the pre-PR set() body (everything after proxyToLeader) becomes setLegacy verbatim. First line is opts, err := parseRedisSetOptions(cmd.Args[3:], time.Now()), last line is conn.WriteString("OK") — no reordering, no rewriting. The comment "byte-identical" is accurate.

(2) writeRedisStandaloneResult coverage vs. applySet result types — ✅ Covered, with one minor observation

applySet can return these result types:

Scenario	Result type	Path
WRONGTYPE error	resultError	applySet line 2337
NX miss / XX miss	resultNil	applySetCondition line 2390
Normal SET	resultString ("OK")	applySetResult line 2410
GET option, no prior value	resultNil	applySetResult line 2413
GET option, returns old value	resultBulk	applySetResult line 2415

writeRedisStandaloneResult handles all five: resultNil → WriteNull, resultError → writeRedisError, resultString → WriteString, resultBulk → WriteBulk. The extra resultArray/resultInt arms are correct defensive coding for future callers.

Minor observation — resultArray is shallow: the array arm writes WriteBulkString for each element. Redis nested arrays (e.g. HGETALL) need recursive handling, so writeRedisStandaloneResult is not safe to reuse for commands whose applyXxx can produce resultArray with non-string elements. This is fine for applySet and for any future string-list command, but the function's doc comment says "future SET-pattern callers" — worth noting the shallow-array constraint so a future caller doesn't silently mangle a nested response.

(3) Gate-off path unchanged — ✅ Confirmed

When onePhaseTxnDedup is false, set() calls setLegacy(conn, cmd) with no other side effects. The TestStandaloneSetDedup_DisabledKeepsLegacyPath test correctly pins this: probeNoOps == 0 guarantees no dedup machinery was entered, and the test uses newDedupTestCoordinator(st, 1, false) (pre-reject on attempt 1) so any accidental routing through runTransactionWithDedup would be observable.

---

Issues

🔶 Redundant double gate — r.runTransaction vs. r.runTransactionWithDedup (adapter/redis.go:1135)

The gate-on branch calls r.runTransaction, which then immediately re-checks r.onePhaseTxnDedup:

// set() line 1134-1142:
if r.onePhaseTxnDedup {
    results, err := r.runTransaction([]redcon.Command{cmd})  // <-- indirect
    ...
}

// runTransaction() line 3088-3091:
func (r *RedisServer) runTransaction(queue []redcon.Command) ([]redisResult, error) {
    if r.onePhaseTxnDedup {
        return r.runTransactionWithDedup(queue)  // same gate, checked twice
    }
    ...
}

This is functionally correct — runTransactionWithDedup is reached — but it creates a misleading call chain. The PR description and the block comment say "dispatches via runTransactionWithDedup", which is true only by indirection. The exec() handler also calls runTransaction and relies on the same internal dispatch (line 1900), so there is prior art for this style, but exec() is called outside any gate. A reader of set() who knows runTransaction contains its own gate will wonder why the outer gate re-checks.

The cleaner call under the gate is r.runTransactionWithDedup([]redcon.Command{cmd}) directly, which removes the double-check and makes the intent explicit. Fix this →

🔶 Test gap: NX/XX miss and GET return paths not covered (adapter/redis_set_dedup_test.go)

TestStandaloneSetDedup_LandedPriorAttempt_ReturnsOK only exercises the resultString("OK") path. The resultNil (NX miss, or GET with no prior value) and resultBulk (GET with old value) paths through writeRedisStandaloneResult are not tested via the dedup route. These result types come from applySet under normal conditions (NX/XX/GET options) and are exercised by existing TestRedis_SET* tests, but not in the dedup context.

This is lower priority because writeRedisStandaloneResult is a straightforward switch with no branching logic beyond type dispatch, and the covered path (resultString) validates the routing is wired correctly. But since the PR calls out "coverage matches every redisResult type emitted by applySet" as a review criterion, it's worth noting the gap.

---

Verdict

All three verification targets pass. The implementation is correct: the dedup machinery is properly reached, the result translation is complete for all applySet output types, and the legacy path is untouched for gate-off. The redundant double-gate is a style issue worth fixing before merge (the fix is a one-word change: runTransaction → runTransactionWithDedup). The test coverage gap for NX/XX/GET dedup paths is a nice-to-have.

[bootjp]

@claude review

Round 1 fixes (commit 963a2d3):

• 🔶 Redundant double gate: set's gate-on branch now calls runTransactionWithDedup directly instead of runTransaction (which re-checked the same gate). Intent explicit, indirection removed.
• 🔶 Test gap: added TestStandaloneSetDedup_NXMissReturnsNil (resultNil routing) and TestStandaloneSetDedup_GETOptionReturnsOldBulk (resultBulk routing). Both fire the ambiguous-attempt-1-lands path so the result must come from the cached attempt-1 array.
• Minor: documented writeRedisStandaloneResult's shallow-array constraint in its doc comment per claude[bot]'s nested-array observation.

go test ./adapter/ -run StandaloneSetDedup passes (5 tests). gofmt/vet/golangci-lint clean.

[claude]

Claude finished @bootjp's task in 2m 1s —— View job

---

PR #888 Review — Round 2 (commit 963a2d3 fixes)

Todo list:

• Load tools
• Read adapter/redis.go — verify double-gate fix
• Read adapter/redis_set_dedup_test.go — verify new test cases
• Verify shallow-array doc comment added to writeRedisStandaloneResult
• Post final review

---

Verification Results

(1) Double-gate fix — ✅ Confirmed

adapter/redis.go:1142 now calls r.runTransactionWithDedup([]redcon.Command{cmd}) directly. The old runTransaction → re-check-gate → runTransactionWithDedup indirection is gone. The surrounding block comment at lines 1121–1133 clearly explains the routing rationale.

Minor style note (not a blocker): the inline comment at lines 1135–1141 uses // claude[bot] PR #888 review: as an attribution prefix. The CLAUDE.md convention says to not reference the current task/fix in code comments (that belongs in the commit message, not the source). The substantive "why" content (explaining the double-gate indirection) is correct and worth keeping — the attribution prefix is the only part that violates the convention. Worth trimming before merge: strip claude[bot] PR #888 review: and keep the rest.

(2) Test gap — ✅ Confirmed addressed

Both new tests are structurally sound:

Test	Result type	How pinned
TestStandaloneSetDedup_NXMissReturnsNil	resultNil	conn.bulk == nil, conn.err == "", stored value still "seed"
TestStandaloneSetDedup_GETOptionReturnsOldBulk	resultBulk	conn.bulk == "prior", new value "v1" committed

Both use newDedupTestCoordinator(st, 1, true) (ambiguousLands=true) so the result must come from the cached attempt-1 array, not a re-execution. The tripartite assertion (conn write + no error + storage state) in each test provides meaningful coverage.

Weak nil assertion (informational, not a blocker): TestStandaloneSetDedup_NXMissReturnsNil asserts conn.bulk == nil to pin that WriteNull was called. Since recordingConn.bulk starts as nil, this assertion is also satisfied if nothing at all was written. The test is still an effective regression pin because (a) any wrong branch (WriteString, WriteBulk, writeRedisError) would make the assertion fail or set conn.err/conn.bulk to non-nil, and (b) the storage-state check confirms the NX didn't apply. A wroteNull bool field on recordingConn would make it airtight, but the current form is adequate.

(3) Shallow-array doc comment — ✅ Confirmed

writeRedisStandaloneResult at lines 1202–1209 now documents the flat-array constraint clearly:

The resultArray arm writes each element via WriteBulkString... It does NOT recurse into nested arrays. A future caller whose applyXxx emits resultArray with non-string elements... must either pre-flatten its result or extend this switch with a recursive arm.

The warning is precise, actionable, and correctly identifies the failure mode.

---

Verdict

All three Round 1 findings are addressed. The implementation is correct. Two minor notes before merge:

1. // claude[bot] PR #888 review: inline comment prefix (adapter/redis.go:1135): strip the attribution, keep the explanation. One-word fix, purely cosmetic.
2. Nil-assertion strength in TestStandaloneSetDedup_NXMissReturnsNil: acceptable as-is; adding wroteNull bool to recordingConn would harden it but is not required for this PR.

Neither is a merge blocker. LGTM.

[bootjp]

@claude review

Round 2 fixes (commit fd91a6a):

• (a) Stripped // claude[bot] PR #888 review: attribution prefix from the two inline comments per CLAUDE.md convention. Substantive "why" content kept (double-gate rationale; shallow-array constraint) — fix attribution lives in the commit message instead.
• (b) Added wroteNull bool witness field to recordingConn (in redis_retry_test.go). Hardened TestStandaloneSetDedup_NXMissReturnsNil to require.True(conn.wroteNull) so a wrong branch that wrote nothing at all would now be caught (not just the existing conn.bulk == nil zero-value match).

Caller audit:

• recordingConn is test-only; adding wroteNull bool default false is strictly additive. Grep'd all 8 recordingConn instantiations across redis_retry_test.go + redis_lua_linearizable_read_test.go — none read wroteNull. Only redis_set_dedup_test.go uses it.

go test ./adapter/ -run StandaloneSetDedup|ExecDedup passes; gofmt + go vet + golangci-lint clean.

[claude]

Claude finished @bootjp's task in 1m 24s —— View job

---

PR #888 Review — Round 3 (commit fd91a6a fixes)

Todo list:

• Load tools
• Read adapter/redis.go — verify attribution prefix stripped, substantive content kept
• Read adapter/redis_retry_test.go — verify wroteNull bool field added
• Read adapter/redis_set_dedup_test.go — verify require.True(conn.wroteNull) assertion
• Post final review

---

Verification Results

(a) Attribution prefix stripped from inline comments — ✅ Confirmed (with one remaining gap)

adapter/redis.go is clean: grep "claude\[bot\]\|PR #888" adapter/redis.go returns nothing. The two comments that previously carried the // claude[bot] PR #888 review: prefix now read as pure rationale — the double-gate explanation and the shallow-array constraint — with no task-reference attribution. ✅

Remaining gap — redis_set_dedup_test.go still carries two CLAUDE.md-violating references:

• Line 56: // Closes the claude[bot] PR #888 review's test-gap observation that the NX/XX/GET result types...
• Line 78: // \conn.bulk == nil` -- claude[bot] PR feat(txn-dedup): standalone SET routes through option-2 dedup loop #888 round-2 hardening.`

These are the same violation that was cleaned from redis.go in Round 2, just left in the test file. CLAUDE.md: "Don't reference the current task, fix, or callers … since those belong in the PR description and rot as the codebase evolves." Line 56 can drop to just the NX-miss test rationale; line 78 can end at the zero-value explanation without the attribution suffix.

These are not merge blockers, but the cleanup is one-liner each.

(b) wroteNull bool field and test hardening — ✅ Confirmed airtight

recordingConn diff:

+	wroteNull bool

WriteNull():

func (c *recordingConn) WriteNull() {
    c.bulk = nil
+   c.wroteNull = true
}

TestStandaloneSetDedup_NXMissReturnsNil asserts:

require.True(t, conn.wroteNull, "NX miss must call WriteNull, not silently skip the write")

The witness flag closes the zero-value aliasing problem exactly as identified in Round 2: any branch that wrote nothing would leave conn.bulk == nil (true) but conn.wroteNull == false (fail). The test is now airtight. ✅

The tripartite assertion (wroteNull, bulk == nil, err == "") combined with the storage-state check (seed value unchanged) gives full coverage of the NX miss path through writeRedisStandaloneResult.

---

Verdict

Both Round 2 items are correctly addressed. The implementation is sound. One minor cleanup remains: strip the two claude[bot] PR #888 references from redis_set_dedup_test.go lines 56 and 78, applying the same CLAUDE.md rule that was applied to redis.go in Round 2.

Not a merge blocker. LGTM with that cleanup.

[bootjp]

@claude review

Round 3 cleanup (commit da6b0b4):

• Stripped the two remaining claude[bot] PR #888 attribution refs from redis_set_dedup_test.go lines 56 and 78 — the same CLAUDE.md convention that was cleaned from redis.go in round 2 was left in the test file.
• Substantive rationale (NX semantics, zero-value aliasing problem) kept; attribution moves to the commit message.

grep 'claude[bot]|PR #888' adapter/redis_set_dedup_test.go now returns empty. go test ./adapter/ -run StandaloneSetDedup passes. lint clean.

[claude]

Claude finished @bootjp's task in 1m 45s —— View job

---

PR #888 Review — Round 4 (commit da6b0b4 cleanup)

Todo list:

• Load tools
• Attempt to read adapter/redis_set_dedup_test.go — branch not locally available (merged into feat/txn-dedup-docs-and-tests); review based on author's verification evidence and prior-round context
• Verify attribution cleanup against prior-round findings
• Post final review

---

Verification

The PR branch (feat/standalone-set-dedup) has been merged into feat/txn-dedup-docs-and-tests and the commits are not on the local clone, so direct file inspection is not possible without additional fetch permissions. The review below is based on the prior-round findings, the author's stated verification (grep 'claude\[bot\]\|PR #888' adapter/redis_set_dedup_test.go returns empty), and the confirmed test + lint pass.

Round 3 findings addressed — ✅ Confirmed by evidence

Round 3 identified exactly two remaining attribution violations in redis_set_dedup_test.go:

Line (pre-fix)	Violation	Fix
56	// Closes the claude[bot] PR #888 review's test-gap observation...	Strip attribution prefix; keep NX semantics rationale
78	// conn.bulk == nil -- claude[bot] PR #888 round-2 hardening.	Strip attribution suffix; keep zero-value aliasing rationale

The author reports both stripped and grep 'claude\[bot\]\|PR #888' adapter/redis_set_dedup_test.go now returns empty. This matches the same pattern applied to redis.go in Round 2 (where the same grep was confirmed clean). The substantive content — the NX semantics explanation and the zero-value aliasing rationale — is described as retained, which is the correct outcome.

---

Cumulative review summary across all rounds

Finding	Round raised	Status
Redundant double gate (runTransaction → runTransactionWithDedup)	R1	✅ Fixed (R1)
Test gap: resultNil / resultBulk paths not covered in dedup context	R1	✅ Fixed (R1)
writeRedisStandaloneResult shallow-array constraint undocumented	R1 (observation)	✅ Doc comment added (R1)
// claude[bot] PR #888 review: prefix in redis.go inline comments	R2	✅ Stripped (R2)
conn.bulk == nil zero-value aliasing in NXMiss test	R2	✅ Hardened with wroteNull bool witness (R2)
claude[bot] PR #888 attribution refs in redis_set_dedup_test.go (lines 56, 78)	R3	✅ Stripped (R4 / da6b0b4)

All findings addressed. No open issues remain.

---

LGTM. Clean PR — the dedup routing, result-type translation, gate-off preservation, and test coverage are all sound. The four-round review loop systematically closed the double-gate indirection, the NX/GET result-type test gaps, the wroteNull witness omission, and the CLAUDE.md attribution-comment violations.