[BLOCKER] Fix silent error swallowing in Herald broadcasting #185

New Issue

Closed

opened 2026-02-02 17:23:50 +00:00 by jason.woltje · 0 comments

jason.woltje commented 2026-02-02 17:23:50 +00:00

Owner

Copy Link

Problem

Herald service catches ALL errors during job event broadcasting but only logs them - never notifies users or re-throws. This creates a silent notification failure where users expect job updates in Discord but receive nothing.

Location

apps/api/src/herald/herald.service.ts:102-104

async broadcastJobEvent(jobId: string, event: {...}): Promise<void> {
  try {
    // ... broadcasting logic ...
  } catch (error) {
    this.logger.error(`Failed to broadcast event for job ${jobId}:`, error);
    // ❌ CRITICAL: Error is logged but execution continues
    // No error is thrown, no user notification, no retry
  }
}

Hidden Failures

• Discord API authentication failures (expired token)
• Network failures (Discord service down)
• Thread not found errors (deleted thread)
• Rate limiting errors (too many messages)
• Database connection failures (job lookup)
• Permission errors (bot kicked from server)

User Impact

• Users expect job updates but receive nothing
• No indication that notifications are failing
• Jobs may complete but users think they're still running
• Debugging requires checking server logs
• Critical failures never communicated

Acceptance Criteria

• Store failed broadcasts for retry
• Implement retry mechanism with exponential backoff
• Send fallback notification to user on broadcast failure
• Re-throw critical events (job.failed, job.completed)
• Emit monitoring metrics for failed broadcasts
• Add circuit breaker for Discord API
• Add tests for error scenarios

Implementation Notes

catch (error) {
  this.logger.error(`Failed to broadcast event for job ${jobId}:`, error);
  
  // NEW: Store failed broadcast for retry
  await this.storeFailedBroadcast(jobId, event, error);
  
  // NEW: Fallback notification
  await this.sendFallbackNotification(jobId, 
    "Job notifications temporarily unavailable"
  );
  
  // NEW: Emit monitoring alert
  this.metrics.incrementFailedBroadcasts();
  
  // NEW: Re-throw if critical event
  if (this.isCriticalEvent(event.type)) {
    throw new BroadcastFailureError(...);
  }
}

References

M4.2-Infrastructure verification report (2026-02-02)
Security review agent ID: a1b8b3f

## Problem Herald service catches ALL errors during job event broadcasting but only logs them - never notifies users or re-throws. This creates a silent notification failure where users expect job updates in Discord but receive nothing. ## Location apps/api/src/herald/herald.service.ts:102-104 ```typescript async broadcastJobEvent(jobId: string, event: {...}): Promise<void> { try { // ... broadcasting logic ... } catch (error) { this.logger.error(`Failed to broadcast event for job ${jobId}:`, error); // ❌ CRITICAL: Error is logged but execution continues // No error is thrown, no user notification, no retry } } ``` ## Hidden Failures - Discord API authentication failures (expired token) - Network failures (Discord service down) - Thread not found errors (deleted thread) - Rate limiting errors (too many messages) - Database connection failures (job lookup) - Permission errors (bot kicked from server) ## User Impact - Users expect job updates but receive **nothing** - No indication that notifications are failing - Jobs may complete but users think they're still running - Debugging requires checking server logs - Critical failures never communicated ## Acceptance Criteria - [ ] Store failed broadcasts for retry - [ ] Implement retry mechanism with exponential backoff - [ ] Send fallback notification to user on broadcast failure - [ ] Re-throw critical events (job.failed, job.completed) - [ ] Emit monitoring metrics for failed broadcasts - [ ] Add circuit breaker for Discord API - [ ] Add tests for error scenarios ## Implementation Notes ```typescript catch (error) { this.logger.error(`Failed to broadcast event for job ${jobId}:`, error); // NEW: Store failed broadcast for retry await this.storeFailedBroadcast(jobId, event, error); // NEW: Fallback notification await this.sendFallbackNotification(jobId, "Job notifications temporarily unavailable" ); // NEW: Emit monitoring alert this.metrics.incrementFailedBroadcasts(); // NEW: Re-throw if critical event if (this.isCriticalEvent(event.type)) { throw new BroadcastFailureError(...); } } ``` ## References M4.2-Infrastructure verification report (2026-02-02) Security review agent ID: a1b8b3f

jason.woltje added this to the M4.2-Infrastructure (0.0.4) milestone 2026-02-02 17:23:50 +00:00

jason.woltje added the apiapip0 labels 2026-02-02 17:23:50 +00:00

jason.woltje closed this issue 2026-02-02 17:47:35 +00:00

jason.woltje referenced this issue from a commit 2026-02-02 19:00:53 +00:00

fix(#185): fix silent error swallowing in Herald broadcasting

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

v0.0.21

v0.20.0

v0.0.15

v0.0.2

Labels

Clear labels

ai

AI/LLM integration

api

Backend/API work

api

auth

Authentication

database

database

Database/schema work

devops

Docker/deployment

docs

Documentation

frontend

graph

knowledge-module

migration

Data migration

orchestrator

Orchestrator service (apps/orchestrator/)

p0

Critical priority

p1

High priority

p2

Medium priority

p3

Low priority

performance

Performance work

phase-1

phase-2

phase-3

phase-4

phase-5

plugin

MoltBot plugin work

search

security

Security-related

setup

Initial setup

testing

Testing/QA

web

Frontend work

No Label api api p0

Milestone

No items

No Milestone M4.2-Infrastructure (0.0.4)

Projects

Clear projects

No project

Assignees

Clear assignees

jason.woltje

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#185