update smoketests

Author: Shubham8287

crates/client-api/src/routes/database.rs

@@ -256,18 +256,27 @@ pub async fn prepare<S: ControlStateDelegate + NodeDelegate>(
         reducer,
     }): Path<CallParams>,
     TypedHeader(content_type): TypedHeader<headers::ContentType>,
+    headers: axum::http::HeaderMap,
     body: Bytes,
 ) -> axum::response::Result<impl IntoResponse> {
     let args = parse_call_args(content_type, body)?;
     let caller_identity = auth.claims.identity;
 
+    // The coordinator sends its actual database identity in `X-Coordinator-Identity`.
+    // Without this, `anon_auth_middleware` gives the HTTP caller an ephemeral random
+    // identity, which gets stored in `st_2pc_state` and breaks recovery polling.
+    let coordinator_identity = headers
+        .get("X-Coordinator-Identity")
+        .and_then(|v| v.to_str().ok())
+        .and_then(|s| spacetimedb_lib::Identity::from_hex(s).ok());
+
     let (module, Database { owner_identity, .. }) = find_module_and_database(&worker_ctx, name_or_identity).await?;
 
     // 2PC prepare is a server-to-server call; no client lifecycle management needed.
     // call_identity_connected/disconnected submit jobs to the module's executor, which
     // will be blocked holding the 2PC write lock after prepare_reducer returns — deadlock.
     let result = module
-        .prepare_reducer(caller_identity, None, &reducer, args)
+        .prepare_reducer(caller_identity, None, &reducer, args, coordinator_identity)
         .await;
 
     match result {

crates/core/src/host/instance_env.rs

@@ -1038,7 +1038,7 @@ impl InstanceEnv {
                     .bytes()
                     .await
                     .map_err(|e| NodesError::HttpError(e.to_string()))?;
-                Ok((status, body))
+                Ok::<_, NodesError>((status, body))
             }
             .await;
 
@@ -1093,6 +1093,7 @@ impl InstanceEnv {
             let mut req = client
                 .post(&url)
                 .header(http::header::CONTENT_TYPE, "application/octet-stream")
+                .header("X-Coordinator-Identity", caller_identity.to_hex().to_string())
                 .body(args);
             if let Some(token) = auth_token {
                 req = req.header(http::header::AUTHORIZATION, format!("Bearer {token}"));

crates/core/src/host/module_host.rs

@@ -1757,9 +1757,25 @@ impl ModuleHost {
         caller_connection_id: Option<ConnectionId>,
         reducer_name: &str,
         args: FunctionArgs,
+        // The actual coordinator database identity (from `X-Coordinator-Identity` header).
+        // When `Some`, used for `prepare_id` namespacing and stored in `st_2pc_state` for
+        // recovery.  Falls back to `caller_identity` when `None` (e.g., internal calls).
+        coordinator_identity_override: Option<Identity>,
     ) -> Result<(String, ReducerCallResult, Option<Bytes>), ReducerCallError> {
         use std::sync::atomic::{AtomicU64, Ordering};
-        static PREPARE_COUNTER: AtomicU64 = AtomicU64::new(1);
+        use std::sync::OnceLock;
+        // Counter seeded from current time on first use so that restarts begin from a
+        // different value than any existing st_2pc_state entries (which hold IDs from
+        // previous sessions starting at much smaller counter values).
+        static PREPARE_COUNTER: AtomicU64 = AtomicU64::new(0);
+        static PREPARE_COUNTER_INIT: OnceLock<()> = OnceLock::new();
+        PREPARE_COUNTER_INIT.get_or_init(|| {
+            let seed = std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .unwrap_or_default()
+                .as_micros() as u64;
+            PREPARE_COUNTER.store(seed, Ordering::Relaxed);
+        });
 
         let (reducer_id, reducer_def) = self
             .info
@@ -1788,9 +1804,13 @@ impl ModuleHost {
             args,
         };
 
+        // Resolve the effective coordinator identity before generating the prepare_id so
+        // the prefix is namespaced correctly even when called from the HTTP prepare handler.
+        let coordinator_identity = coordinator_identity_override.unwrap_or(caller_identity);
+
         // Include the coordinator identity so prepare_ids from different coordinators
         // cannot collide on the participant's st_2pc_state table.
-        let coordinator_hex = caller_identity.to_hex();
+        let coordinator_hex = coordinator_identity.to_hex();
         let prepare_id = format!(
             "prepare-{}-{}",
             &coordinator_hex.to_string()[..16],
@@ -1815,7 +1835,6 @@ impl ModuleHost {
         let this = self.clone();
         let reducer_name_owned = reducer_def.name.clone();
         let prepare_id_clone = prepare_id.clone();
-        let coordinator_identity = caller_identity;
         tokio::spawn(async move {
             let _ = this
                 .call(
@@ -1826,7 +1845,7 @@ impl ModuleHost {
                         Ok::<(), ReducerCallError>(())
                     },
                     // JS modules: no 2PC support yet.
-                    async |(p, _pid, _cid, ptx, _drx), inst| Err(ReducerCallError::NoSuchReducer),
+                    async |(_p, _pid, _cid, _ptx, _drx), _inst| Err(ReducerCallError::NoSuchReducer),
                 )
                 .await;
         });
@@ -2008,7 +2027,7 @@ impl ModuleHost {
 
                 // Step 1: Re-run the reducer to reacquire the write lock.
                 let new_prepare_id = match this
-                    .prepare_reducer(caller_identity, Some(caller_connection_id), &row.reducer_name, args)
+                    .prepare_reducer(caller_identity, Some(caller_connection_id), &row.reducer_name, args, Some(coordinator_identity))
                     .await
                 {
                     Ok((pid, result, _rv)) if !pid.is_empty() => {

crates/smoketests/tests/smoketests/cross_db_2pc.rs

@@ -2,19 +2,21 @@ use spacetimedb_smoketests::Smoketest;
 
 /// Module code for the 2PC test.
 ///
-/// Both the "bank A" and "bank B" databases use the same module.
+/// All three databases (A = coordinator, B and C = participants) use the same module.
 ///
 /// Tables:
 /// - `Ledger(account: String PK, balance: i64)` -- stores account balances.
 ///
 /// Reducers:
 /// - `init`: seeds "alice" with balance 100.
+/// - `balance(account) -> i64`: returns the current balance for an account.
 /// - `debit(account, amount)`: decrements balance, panics if insufficient funds.
 /// - `credit(account, amount)`: increments balance (or inserts if absent).
-/// - `transfer_funds(target_hex, from_account, to_account, amount)`:
-///     Credits `to_account` locally, then calls `debit` on the remote database
-///     using `call_reducer_on_db_2pc`. If the remote debit fails (panic/insufficient funds),
-///     the local credit is also rolled back by the 2PC protocol.
+/// - `transfer_funds(b_hex, c_hex, from_account, to_account, amount) -> TransferResult`:
+///     Credits `amount * 2` to `to_account` locally (collecting `amount` from each of B and C),
+///     then calls `debit(from_account, amount)` on both B and C via `call_reducer_on_db_2pc`.
+///     If either remote debit fails, all three databases are rolled back atomically.
+///     On success, returns the new local balance so the caller can verify without a second query.
 const MODULE_CODE: &str = r#"
 use spacetimedb::{log, ReducerContext, Table, Identity};
 
@@ -30,6 +32,14 @@ pub fn init(ctx: &ReducerContext) {
     ctx.db.ledger().insert(Ledger { account: "alice".to_string(), balance: 100 });
 }
 
+/// Returns the current balance for `account`.
+#[spacetimedb::reducer]
+pub fn balance(ctx: &ReducerContext, account: String) -> Result<i64, String> {
+    ctx.db.ledger().account().find(&account)
+        .map(|r| r.balance)
+        .ok_or_else(|| format!("account '{}' not found", account))
+}
+
 #[spacetimedb::reducer]
 pub fn debit(ctx: &ReducerContext, account: String, amount: i64) {
     let row = ctx.db.ledger().account().find(&account)
@@ -53,143 +63,131 @@ pub fn credit(ctx: &ReducerContext, account: String, amount: i64) {
     }
 }
 
-/// Transfer `amount` from `from_account` on the remote database to `to_account` locally.
+/// Transfer `amount` from `from_account` on both B and C to `to_account` on A (locally).
+///
+/// Returns the new local balance of `to_account` so the caller can verify correctness
+/// without issuing a separate query.
 ///
-/// Uses 2PC: credits locally first, then calls debit on the remote database via
-/// `call_reducer_on_db_2pc`. If the remote debit fails, the coordinator's reducer also
-/// fails, triggering abort of all participants.
+/// If either remote debit fails (insufficient funds), returns Err and the 2PC protocol
+/// rolls back all three databases atomically.
 #[spacetimedb::reducer]
-pub fn transfer_funds(ctx: &ReducerContext, target_hex: String, from_account: String, to_account: String, amount: i64) {
-    // Credit locally first.
-    credit(ctx, to_account.clone(), amount);
-
-    // Now call debit on the remote database using 2PC.
-    let target = Identity::from_hex(&target_hex).expect("invalid target identity hex");
-    let args = spacetimedb::spacetimedb_lib::bsatn::to_vec(&(from_account, amount)).expect("failed to encode args");
-    match spacetimedb::remote_reducer::call_reducer_on_db_2pc(target, "debit", &args) {
-        Ok(()) => {
-            log::info!("transfer_funds: remote debit succeeded");
-        }
-        Err(e) => {
-            log::error!("transfer_funds: remote debit failed: {}", e);
-            panic!("remote debit failed: {e}");
-        }
-    }
+pub fn transfer_funds(ctx: &ReducerContext, b_hex: String, c_hex: String, from_account: String, to_account: String, amount: i64) -> Result<i64, String> {
+    credit(ctx, to_account.clone(), amount * 2);
+
+    let b = Identity::from_hex(&b_hex).map_err(|e| format!("invalid B identity: {e}"))?;
+    let args_b = spacetimedb::spacetimedb_lib::bsatn::to_vec(&(from_account.clone(), amount)).map_err(|e| format!("failed to encode args: {e}"))?;
+    spacetimedb::remote_reducer::call_reducer_on_db_2pc(b, "debit", &args_b)
+        .map_err(|e| format!("debit on B failed: {e}"))?;
+    log::info!("transfer_funds: debit on B succeeded");
+
+    let c = Identity::from_hex(&c_hex).map_err(|e| format!("invalid C identity: {e}"))?;
+    let args_c = spacetimedb::spacetimedb_lib::bsatn::to_vec(&(from_account, amount)).map_err(|e| format!("failed to encode args: {e}"))?;
+    spacetimedb::remote_reducer::call_reducer_on_db_2pc(c, "debit", &args_c)
+        .map_err(|e| format!("debit on C failed: {e}"))?;
+    log::info!("transfer_funds: debit on C succeeded");
+
+    // Return new local balance so the caller can assert correctness immediately.
+    ctx.db.ledger().account().find(&to_account)
+        .map(|r| r.balance)
+        .ok_or_else(|| format!("account '{}' not found after credit", to_account))
 }
 "#;
 
-/// Happy path: transfer 50 from B's alice to A's alice.
-/// After: A alice = 150, B alice = 50.
+/// Call `balance(account)` on `db_identity` via the HTTP API and return the i64 result.
+fn call_balance(test: &Smoketest, db_identity: &str, account: &str) -> i64 {
+    let resp = test
+        .api_call_json(
+            "POST",
+            &format!("/v1/database/{db_identity}/call/balance"),
+            &format!("[\"{account}\"]"),
+        )
+        .unwrap_or_else(|e| panic!("balance call failed for {db_identity}: {e}"));
+    assert!(resp.is_success(), "balance reducer returned {}", resp.status_code);
+    resp.json()
+        .unwrap_or_else(|e| panic!("failed to parse balance JSON: {e}"))
+        .as_i64()
+        .unwrap_or_else(|| panic!("balance JSON was not an integer"))
+}
+
+/// Happy path: transfer 30 from both B's alice and C's alice to A's alice.
+///
+/// The coordinator reducer returns the new local balance (160), which is used directly
+/// to assert A's result.  B and C balances are verified via `balance` reducer calls.
+///
+/// Expected: A=160, B=70, C=70.
 #[test]
 fn test_cross_db_2pc_happy_path() {
     let pid = std::process::id();
     let db_a_name = format!("2pc-bank-a-{pid}");
     let db_b_name = format!("2pc-bank-b-{pid}");
+    let db_c_name = format!("2pc-bank-c-{pid}");
 
     let mut test = Smoketest::builder().module_code(MODULE_CODE).autopublish(false).build();
 
-    // Publish bank B (the participant that will be debited).
-    test.publish_module_named(&db_b_name, false)
-        .expect("failed to publish bank B");
+    // Publish participants first, then coordinator.
+    test.publish_module_named(&db_b_name, false).expect("failed to publish bank B");
     let db_b_identity = test.database_identity.clone().expect("bank B identity not set");
 
-    // Publish bank A (the coordinator that will be credited).
-    test.publish_module_named(&db_a_name, false)
-        .expect("failed to publish bank A");
-    let _db_a_identity = test.database_identity.clone().expect("bank A identity not set");
-
-    // Transfer 50 from B's alice to A's alice.
-    // The coordinator is bank A. It credits locally, then calls debit on B via 2PC.
-    test.call("transfer_funds", &[&db_b_identity, "alice", "alice", "50"])
-        .expect("transfer_funds failed");
-
-    // Verify bank A: alice should have 150.
-    let result_a = test
-        .spacetime(&[
-            "sql",
-            "--server",
-            &test.server_url,
-            test.database_identity.as_ref().unwrap(),
-            "SELECT balance FROM ledger WHERE account = 'alice'",
-        ])
-        .expect("sql query on bank A failed");
-    assert!(
-        result_a.contains("150"),
-        "Expected bank A alice balance = 150, got:\n{result_a}"
-    );
-
-    // Verify bank B: alice should have 50.
-    let result_b = test
-        .spacetime(&[
-            "sql",
-            "--server",
-            &test.server_url,
-            &db_b_identity,
-            "SELECT balance FROM ledger WHERE account = 'alice'",
-        ])
-        .expect("sql query on bank B failed");
-    assert!(
-        result_b.contains("50"),
-        "Expected bank B alice balance = 50, got:\n{result_b}"
-    );
+    test.publish_module_named(&db_c_name, false).expect("failed to publish bank C");
+    let db_c_identity = test.database_identity.clone().expect("bank C identity not set");
+
+    test.publish_module_named(&db_a_name, false).expect("failed to publish bank A");
+    let db_a_identity = test.database_identity.clone().expect("bank A identity not set");
+
+    // Call transfer_funds; the return value is A's new alice balance.
+    let resp = test
+        .api_call_json(
+            "POST",
+            &format!("/v1/database/{db_a_identity}/call/transfer_funds"),
+            &format!("[\"{db_b_identity}\", \"{db_c_identity}\", \"alice\", \"alice\", 30]"),
+        )
+        .expect("transfer_funds call failed");
+    assert!(resp.is_success(), "transfer_funds failed: {}", resp.status_code);
+    let new_a_balance = resp.json().expect("invalid JSON").as_i64().expect("not i64");
+    assert_eq!(new_a_balance, 160, "transfer_funds return value: expected A alice=160");
+
+    // Verify B and C via balance reducer.
+    assert_eq!(call_balance(&test, &db_b_identity, "alice"), 70, "B alice should be 70");
+    assert_eq!(call_balance(&test, &db_c_identity, "alice"), 70, "C alice should be 70");
 }
 
-/// Abort path: try to transfer 200, but B only has 100.
-/// The remote debit should fail, causing the coordinator reducer to panic,
-/// which should roll back the local credit.
-/// After: both A and B should still have alice = 100.
+/// Abort path: try to transfer 110 from B and C, but both only have 100.
+///
+/// B's debit fails (insufficient funds), so the coordinator reducer panics and the
+/// 2PC protocol rolls back all three databases.  We verify via `balance` reducer calls
+/// that every account is still at 100.
+///
+/// Expected: A=100, B=100, C=100.
 #[test]
 fn test_cross_db_2pc_abort_insufficient_funds() {
     let pid = std::process::id();
     let db_a_name = format!("2pc-abort-a-{pid}");
     let db_b_name = format!("2pc-abort-b-{pid}");
+    let db_c_name = format!("2pc-abort-c-{pid}");
 
     let mut test = Smoketest::builder().module_code(MODULE_CODE).autopublish(false).build();
 
-    // Publish bank B.
-    test.publish_module_named(&db_b_name, false)
-        .expect("failed to publish bank B");
+    test.publish_module_named(&db_b_name, false).expect("failed to publish bank B");
     let db_b_identity = test.database_identity.clone().expect("bank B identity not set");
 
-    // Publish bank A.
-    test.publish_module_named(&db_a_name, false)
-        .expect("failed to publish bank A");
-
-    // Try to transfer 200 -- B only has 100, so the remote debit will fail.
-    let result = test.call("transfer_funds", &[&db_b_identity, "alice", "alice", "200"]);
-    // The call should fail because the remote debit panicked.
-    assert!(
-        result.is_err(),
-        "Expected transfer_funds to fail due to insufficient funds"
-    );
-
-    // Verify bank A: alice should still have 100 (the local credit was rolled back).
-    let result_a = test
-        .spacetime(&[
-            "sql",
-            "--server",
-            &test.server_url,
-            test.database_identity.as_ref().unwrap(),
-            "SELECT balance FROM ledger WHERE account = 'alice'",
-        ])
-        .expect("sql query on bank A failed");
-    assert!(
-        result_a.contains("100"),
-        "Expected bank A alice balance = 100 after failed transfer, got:\n{result_a}"
-    );
-
-    // Verify bank B: alice should still have 100.
-    let result_b = test
-        .spacetime(&[
-            "sql",
-            "--server",
-            &test.server_url,
-            &db_b_identity,
-            "SELECT balance FROM ledger WHERE account = 'alice'",
-        ])
-        .expect("sql query on bank B failed");
-    assert!(
-        result_b.contains("100"),
-        "Expected bank B alice balance = 100 after failed transfer, got:\n{result_b}"
-    );
+    test.publish_module_named(&db_c_name, false).expect("failed to publish bank C");
+    let db_c_identity = test.database_identity.clone().expect("bank C identity not set");
+
+    test.publish_module_named(&db_a_name, false).expect("failed to publish bank A");
+    let db_a_identity = test.database_identity.clone().expect("bank A identity not set");
+
+    // Transfer 110 from each — both only have 100, so B's debit panics → 2PC aborts all.
+    let resp = test
+        .api_call_json(
+            "POST",
+            &format!("/v1/database/{db_a_identity}/call/transfer_funds"),
+            &format!("[\"{db_b_identity}\", \"{db_c_identity}\", \"alice\", \"alice\", 110]"),
+        )
+        .expect("api_call failed");
+    assert!(!resp.is_success(), "Expected transfer_funds to fail due to insufficient funds");
+
+    // All three accounts must still be at 100.
+    assert_eq!(call_balance(&test, &db_a_identity, "alice"), 100, "A alice should still be 100");
+    assert_eq!(call_balance(&test, &db_b_identity, "alice"), 100, "B alice should still be 100");
+    assert_eq!(call_balance(&test, &db_c_identity, "alice"), 100, "C alice should still be 100");
 }