refactor: EscrowBackend seam — Cashu foundation CF-0#795
Conversation
Cashu foundation CF-0 (docs/cashu/01-fundamentals.md, section 6): - new src/escrow.rs: narrow hold-invoice-shaped EscrowBackend trait (create/settle/cancel_hold_invoice), behaviour-preserving pass-through impl for LndConnector, and an inert CashuBackend stub whose methods return a typed HoldInvoiceError (never panic). - release_action now takes &mut dyn EscrowBackend; the app.rs call site coerces the existing &mut LndConnector implicitly, so Lightning behaviour is unchanged. - settle_seller_hold_invoice (util.rs) takes the seam too — required because release_action settles through it; its other caller (admin_settle) coerces implicitly as well. This is the one file beyond the spec's stated CF-0 conflict surface, noted in the PR. No behaviour change: existing suite passes unmodified (503 tests) plus one new stub test (504 total).
WalkthroughIntroduces an ChangesEscrow Backend Abstraction
Estimated code review effort: 2 (Simple) | ~15 minutes Possibly related PRs
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@coderabbitai review |
✅ Action performedReview finished.
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/escrow.rs (1)
1-14: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winPlace the escrow seam under the documented runtime module layout.
src/escrow.rsintroduces runtime code at thesrc/root, while the project layout rule keeps runtime code under the listed subdirectories. Consider moving this seam under the closest existing domain subtree, likelysrc/app/escrow.rsfor order/business flow routing orsrc/lightning/escrow.rsif the module is intended to remain Lightning-adjacent, then update imports accordingly.As per coding guidelines, "
src/**/*.rs: Runtime code lives insrc/with subdirectories:src/app/for order flows and business logic,src/lightning/for LND bindings and Lightning helpers,src/rpc/for gRPC service and types, andsrc/config/for settings and loaders".🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/escrow.rs` around lines 1 - 14, The escrow seam is placed at the runtime root instead of the documented module subtree, so move the `EscrowBackend` trait from `src/escrow.rs` into the appropriate domain module, likely `src/app/escrow.rs` for flow routing or `src/lightning/escrow.rs` if it stays Lightning-specific, and update the module declarations/imports that reference it. Keep the trait and its `LndConnector` dependency in the same domain area so the runtime layout matches the project convention and any callers continue to use the new module path.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/escrow.rs`:
- Around line 1-14: The escrow seam is placed at the runtime root instead of the
documented module subtree, so move the `EscrowBackend` trait from
`src/escrow.rs` into the appropriate domain module, likely `src/app/escrow.rs`
for flow routing or `src/lightning/escrow.rs` if it stays Lightning-specific,
and update the module declarations/imports that reference it. Keep the trait and
its `LndConnector` dependency in the same domain area so the runtime layout
matches the project convention and any callers continue to use the new module
path.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: c6ebba46-d36a-4d17-9fbd-b97b74310fc7
📒 Files selected for processing (4)
src/app/release.rssrc/escrow.rssrc/main.rssrc/util.rs
|
@codex review |
|
Codex Review: Didn't find any major issues. Hooray! Reviewed commit: ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Summary
CF-0, the Wave-0 precursor of the Cashu foundation (
docs/cashu/01-fundamentals.md§6). Behaviour-preserving refactor only — no new runtime behaviour, no config, no Cashu logic.src/escrow.rs(new): narrow, hold-invoice-shapedEscrowBackendtrait (create_hold_invoice/settle_hold_invoice/cancel_hold_invoice), per locked decision §4.7 (the trait keeps the LN shape; Cashu behaviour will come from branching handlers onescrow_mode(), never from widening this trait).impl EscrowBackend for LndConnector: literal pass-through to the inherent methods. Thecanceldelegation preserves thecode=<Code>error-prefix contract that bond release relies on.CashuBackendstub: every method returns a typedHoldInvoiceError("… not implemented …")— never panics.release_actionnow takes&mut dyn EscrowBackend; theapp.rscall site coerces the existing&mut LndConnectorimplicitly.settle_seller_hold_invoice(util.rs) takes the seam too.Deviation from the spec'd conflict surface (one file)
The spec lists CF-0's surface as
src/escrow.rs+src/app/release.rs. Routingrelease_actionthrough the seam necessarily dragssettle_seller_hold_invoice(inutil.rs) with it — that's the helperrelease_actionsettles through. Its other caller (admin_settle) passes its&mut LndConnectorunchanged via implicit coercion, so no other file is touched. Flagging it here so the docs can be amended if maintainers prefer.Trait return types (design note)
The spec doesn't pin the trait's return types. The LND inherent methods return gRPC response types (
AddHoldInvoiceResp, etc.); the trait uses domain shapes instead —(payment_request, preimage, hash)for create,()for settle/cancel — so the seam doesn't leakfedimint_tonic_lndtypes. The only routed call today (settle) discarded the response anyway, so this is still a pure pass-through.Backwards-compat guarantee (CF-0 merge gate)
Lightning calls flow through the pass-through impl unchanged; the pre-existing suite passes unmodified.
Test plan
cargo fmt --allcargo clippy --all-targets --all-features -- -D warningscargo test— 504 passed (503 pre-existing unmodified + 1 new:cashu_backend_stub_returns_typed_error_without_panicking)Part of the CF-0…CF-5 foundation series; CF-1 (config + escrow mode) follows independently.
Summary by CodeRabbit
New Features
Bug Fixes