Conversation
…ience - Add AMQP publisher/consumer, DLQ topology, worker service, POST /jobs/plan-sync - GitHub Actions: PHPUnit unit + Postgres integration tests; MIT LICENSE - Dev image: PHP_BASE_IMAGE (ECR mirror), .dockerignore, Make ready/pull-base - Search cache: epoch invalidation, stampede lock; provider client timeouts/retry/circuit - PlanListParser: suppress libxml noise on invalid XML; php-amqplib dependency Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| } | ||
| } | ||
|
|
||
| return $this->loadFromDatabaseAndCache($cacheKey, $startsAt, $endsAt); |
There was a problem hiding this comment.
Stampede loop adds 1.5s latency when Redis is down
Medium Severity
When Redis is unavailable, setIfNotExists returns false (the executeWithFallback default), which is indistinguishable from "another request holds the lock." This causes every search request to fall through to the polling loop, sleeping 30 × 50ms = 1.5 seconds before finally querying PostgreSQL. The README states "if Redis is down, search still reads PostgreSQL," but the stampede protection silently degrades every request with a significant blocking delay instead of falling through immediately to the database.
Additional Locations (1)
| - PROVIDER_URL=${PROVIDER_URL} | ||
| - PROVIDER_FIXTURE_PATH=${PROVIDER_FIXTURE_PATH} | ||
| - PROVIDER_URL=${PROVIDER_URL:-} | ||
| - PROVIDER_FIXTURE_PATH=${PROVIDER_FIXTURE_PATH:-tests/Fixtures/provider_responses/response_1.xml} |
There was a problem hiding this comment.
Missing RABBITMQ_VHOST in app service environment
Medium Severity
The app service environment is missing RABBITMQ_VHOST, while worker-plan-sync includes it. When a non-default vhost is configured in .env, AmqpPlanSyncJobPublisher::fromEnvironment() running inside the app container will always fall back to vhost /, while the consumer in the worker container will use the configured vhost. Published messages go to the wrong vhost and are never consumed.
Additional Locations (1)
| docs | ||
| tests | ||
| .env | ||
| .env.* |
There was a problem hiding this comment.
Dockerignore missing vendor breaks prod image build
Medium Severity
The new .dockerignore omits vendor/. The new prod Dockerfile target runs composer install --no-dev then COPY . .. On any machine where composer install was run on the host (e.g. via make install), COPY . . overwrites the container's --no-dev vendor directory with the host's full vendor tree including dev dependencies like PHPUnit. The documented prod build command produces an image with dev dependencies baked in.
Additional Locations (1)
1 participant
…ience
Made-with: Cursor
Note
Medium Risk
Introduces a new async plan-sync execution path via RabbitMQ and a new public endpoint (
POST /jobs/plan-sync), plus changes search caching semantics; these affect operational behavior and failure modes across Redis/RabbitMQ.Overview
Adds asynchronous plan sync via RabbitMQ. Introduces
PlanSyncJobPublisherPortwith an AMQP implementation that declares exchange/queue/DLQ topology, plus a long-running consumer and newPOST /jobs/plan-syncendpoint (and CLIscripts/enqueue-plan-sync.php) to enqueue durable sync jobs.Improves
/searchcaching robustness. Switches cache invalidation from wildcard deletes to epoch-based keys and adds single-flight locking + wait loop to reduce cache stampedes; TTL is now configurable viaCACHE_SEARCH_TTL.Hardens ops/dev tooling. Adds a
worker-plan-syncCompose service, multi-stage Dockerfile with configurablePHP_BASE_IMAGEmirror, a.dockerignore, expanded Make targets (ready,pull-base, readiness wait), and a GitHub Actions workflow running unit + Postgres integration tests; updates.env.example, README, and adds MITLICENSE.Written by Cursor Bugbot for commit fd13210. This will update automatically on new commits. Configure here.