Skip to content

[No QA] Log deferred WRITE Onyx flush failures after the watermark advanced#96290

Draft
elirangoshen wants to merge 2 commits into
Expensify:mainfrom
callstack-internal:eliran/log-deferred-write-flush-failure
Draft

[No QA] Log deferred WRITE Onyx flush failures after the watermark advanced#96290
elirangoshen wants to merge 2 commits into
Expensify:mainfrom
callstack-internal:eliran/log-deferred-write-flush-failure

Conversation

@elirangoshen

@elirangoshen elirangoshen commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Explanation of Change

Follow-up to #96039. That PR advanced the lastUpdateID watermark (ONYX_UPDATES_LAST_UPDATE_ID_APPLIED_TO_CLIENT) only after updates apply successfully — but that guarantee only holds for Pusher, Airship, and READ API commands.

As raised in review and confirmed here, WRITE requests still have the original bug. In applyHTTPSOnyxUpdates, WRITE requests use queueOnyxUpdates as their handler, which only appends the updates to an in-memory array and resolves immediately — the real write to Onyx happens later in QueuedOnyxUpdates.flushQueue() (driven by SequentialQueue). So the promise the watermark now keys off resolves before the deferred apply, and if that later Onyx.update fails, the updates are silently lost while the watermark already claims the client is caught up.

Following the same workflow as before (log first, add the behavioural fix only if the logs confirm the problem), this PR is logging only. It adds an [OnyxUpdateManagerError] Sentry alert when the deferred flush's Onyx.update rejects, then rethrows — no behavioural change. By the time flushQueue runs, the watermark has unconditionally already advanced, so any rejection here is by definition "after the watermark advanced."

Fixed Issues

$ #94877
PROPOSAL:

Tests

This PR is logging only — it adds a Sentry alert but changes no behaviour, so there is nothing user-facing to QA. It ships this way to confirm in production whether the deferred WRITE flush actually fails before we commit to a behavioural fix. The failure it logs is a storage-layer error path that can't be triggered through normal UI use.

  1. Use the app normally — open reports, create/edit expenses, switch between reports — and verify reports and transactions sync correctly with no stale or duplicated data.
  2. Confirm no new [OnyxUpdateManagerError] noise appears during normal use (the alert should only fire on an actual storage write failure).
  • Verify that no errors appear in the JS console

Offline tests

Go offline, perform actions (e.g. create an expense), then come back online. Verify the app syncs as before and no unexpected errors appear — this change does not alter offline behaviour.

QA Steps

Same as Tests (regression only). This is an internal reliability/observability change to how queued Onyx updates are flushed, with no user-facing UI. QA only needs to confirm there are no regressions in report/transaction syncing during normal use.

  • Verify that no errors appear in the JS console

PR Author Checklist

  • I linked the correct issue in the ### Fixed Issues section above
  • I wrote clear testing steps that cover the changes made in this PR
    • I added steps for local testing in the Tests section
    • I added steps for the expected offline behavior in the Offline steps section
    • I added steps for Staging and/or Production testing in the QA steps section
    • I added steps to cover failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
    • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
    • I tested this PR with a High Traffic account against the staging or production API to ensure there are no regressions (e.g. long loading states that impact usability).
  • I included screenshots or videos for tests on all platforms
  • I ran the tests on all platforms & verified they passed on:
    • Android: Native
    • Android: mWeb Chrome
    • iOS: Native
    • iOS: mWeb Safari
    • MacOS: Chrome / Safari
  • I verified there are no console errors (if there's a console error not related to the PR, report it or open an issue for it to be fixed)
  • I followed proper code patterns (see Reviewing the code)
    • I verified that comments were added to code that is not self explanatory
    • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
    • I verified any copy / text that was added to the app is grammatically correct in English. It adheres to proper capitalization guidelines (note: only the first word of header/labels should be capitalized), and is either coming verbatim from figma or has been approved by marketing (in order to get marketing approval, ask the Bug Zero team member to add the Waiting for copy label to the issue)
  • If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
  • I followed the guidelines as stated in the Review Guidelines
  • I tested other components that can be impacted by my changes (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar are working as expected)
  • If a new CSS style is added I verified that:
    • A similar style doesn't already exist
    • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(theme.componentBG))
  • If new assets were added or existing ones were modified, I verified that:
    • The assets are optimized and compressed (for SVG files, run npm run compress-svg)
    • The assets load correctly across all supported platforms.
  • If the PR modifies code that runs when editing or sending messages, I tested and verified there is no unexpected behavior for all supported markdown - URLs, single line code, code blocks, quotes, headings, bold, strikethrough, and italic.
  • If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
  • If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
  • If the PR modifies a component or page that can be accessed by a direct deeplink, I verified that the code functions as expected when the deeplink is used - from a logged in and logged out account.
  • If the PR modifies the UI (e.g. new buttons, new UI components, changing the padding/spacing/sizing, moving components, etc) or modifies the form input styles:
    • I verified that all the inputs inside a form are aligned with each other.
    • I added Design label and/or tagged @Expensify/design so the design team can review the changes.
  • I added unit tests for any new feature or bug fix in this PR to help automatically prevent regressions in this user flow.
  • If the main branch was merged into this PR after a review, I tested again and verified the outcome was still expected according to the Test steps.

Screenshots/Videos

Android: Native
Android: mWeb Chrome
iOS: Native
iOS: mWeb Safari
MacOS: Chrome / Safari

Follow-up to Expensify#96039: WRITE requests queue their updates and resolve
before the deferred flush applies them, so the lastUpdateID watermark
advances before the real write. Surface a flush failure in Sentry to
confirm the issue before adding a behavioural fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant