Add cleanup indexes for ASB retention paths#66
Conversation
PR SummaryMedium Risk Overview Updates Reviewed by Cursor Bugbot for commit 9805c67. Bugbot is set up for automated code reviews on this repo. Configure here. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue. You can view the agent here.
Reviewed by Cursor Bugbot for commit 9805c67. Configure here.
| `, sessionID) | ||
| ORDER BY created_at ASC, id ASC | ||
| LIMIT $2 | ||
| `, sessionID, maxGrantsBySessionLookup) |
There was a problem hiding this comment.
Silent truncation may leave grants unrevoked on session cleanup
Low Severity
ListGrantsBySession now silently caps results at 10,000, but both callers (expireSession and RevokeSession) assume they receive all grants for the session. In expireSession, the session is marked expired even when not all grants were processed, and since the session is no longer active, subsequent cleanup runs won't re-process it — leaving orphaned active grants. In RevokeSession, there's no retry mechanism at all. No error or warning is returned when the limit is reached.
Reviewed by Cursor Bugbot for commit 9805c67. Configure here.


Summary
grants.session_idindex for session revocation lookupsListGrantsBySessionso the session-grant lookup is no longer unboundedTesting
go test ./internal/store/postgres ./internal/migrate -count=1go test ./... -count=1GOTOOLCHAIN=go1.26.0 go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.3 run ./...git diff --checkPart of #15