fix: prune deleted watermark state after rewrite grace

yottahmd · yottahmd · commit 2b70cb87b7ec · 2026-04-27T22:23:43.000+09:00
diff --git a/internal/service/scheduler/tick_planner.go b/internal/service/scheduler/tick_planner.go
@@ -35,6 +35,8 @@ type DAGChangeEvent struct {
 	DAGName string    // always set (needed for delete)
 }
 
+const deletedWatermarkGrace = 2 * time.Minute
+
 // PlannedRun represents a run that the TickPlanner has decided should be dispatched.
 type PlannedRun struct {
 	DAG           *core.DAG
@@ -106,8 +108,8 @@ type TickPlannerConfig struct {
 // tracks progress via watermarks, and reacts to DAG lifecycle changes.
 //
 // Thread safety:
-//   - entries and buffers are protected by entryMu (accessed from drainEvents
-//     goroutine and cronLoop's Plan).
+//   - entries, buffers, and deletedGrace are protected by entryMu (accessed
+//     from drainEvents goroutine and cronLoop's Plan).
 //   - watermarkState is shared with the flusher goroutine and protected by mu.
 //   - Plan() holds entryMu during I/O calls (IsSuspended, IsRunning,
 //     GetLatestStatus, GenRunID). This is intentional: the lock prevents
@@ -124,9 +126,10 @@ type TickPlanner struct {
 	watermarkDirty atomic.Bool
 
 	// per-DAG tracking (protected by entryMu)
-	entryMu sync.Mutex
-	entries map[string]*plannerEntry
-	buffers map[string]*ScheduleBuffer
+	entryMu      sync.Mutex
+	entries      map[string]*plannerEntry
+	buffers      map[string]*ScheduleBuffer
+	deletedGrace map[string]time.Time
 
 	// lastPlanResult holds the runs from the most recent Plan() call.
 	// It is written by Plan() and read by Advance(). Both are called
@@ -204,9 +207,10 @@ func NewTickPlanner(cfg TickPlannerConfig) *TickPlanner {
 		}
 	}
 	return &TickPlanner{
-		cfg:     cfg,
-		entries: make(map[string]*plannerEntry),
-		buffers: make(map[string]*ScheduleBuffer),
+		cfg:          cfg,
+		entries:      make(map[string]*plannerEntry),
+		buffers:      make(map[string]*ScheduleBuffer),
+		deletedGrace: make(map[string]time.Time),
 	}
 }
 
@@ -383,6 +387,8 @@ func (tp *TickPlanner) Plan(ctx context.Context, now time.Time) []PlannedRun {
 	tp.entryMu.Lock()
 	defer tp.entryMu.Unlock()
 
+	tp.pruneExpiredDeletedWatermarks(now)
+
 	var candidates []PlannedRun
 
 	for dagName, entry := range tp.entries {
@@ -649,6 +655,9 @@ func (tp *TickPlanner) shouldRun(ctx context.Context, dag *core.DAG, scheduledTi
 		// The latest run belongs to a removed/edited slot. Do not let its runtime
 		// timestamps suppress the current schedule.
 		return true
+	case latestScheduledSlotUnknown:
+		// Fall back to runtime-based suppression when the latest run does not carry
+		// a trustworthy scheduled slot identity.
 	}
 
 	// Guard 2 fallback: legacy/manual runs without an authoritative schedule slot.
@@ -1047,6 +1056,7 @@ func (tp *TickPlanner) handleEvent(ctx context.Context, event DAGChangeEvent) {
 		if event.DAG == nil {
 			return
 		}
+		delete(tp.deletedGrace, event.DAGName)
 		tp.entries[event.DAGName] = &plannerEntry{dag: event.DAG}
 		// Set watermark to now (new DAGs have no catchup)
 		flushNow = tp.advanceDAGWatermark(event.DAGName, tp.cfg.Clock())
@@ -1058,6 +1068,7 @@ func (tp *TickPlanner) handleEvent(ctx context.Context, event DAGChangeEvent) {
 		if event.DAG == nil {
 			return
 		}
+		delete(tp.deletedGrace, event.DAGName)
 		tp.entries[event.DAGName] = &plannerEntry{dag: event.DAG}
 		// Remove existing buffer and recompute if catchupWindow > 0
 		delete(tp.buffers, event.DAGName)
@@ -1071,9 +1082,11 @@ func (tp *TickPlanner) handleEvent(ctx context.Context, event DAGChangeEvent) {
 	case DAGChangeDeleted:
 		delete(tp.entries, event.DAGName)
 		delete(tp.buffers, event.DAGName)
-		// Preserve persisted watermark state across delete+add rewrite cycles so
-		// the re-added DAG can detect schedule edits before its next slot. Truly
-		// deleted DAG watermarks are pruned on the next Init.
+		if tp.hasDAGWatermark(event.DAGName) {
+			tp.deletedGrace[event.DAGName] = tp.cfg.Clock().Add(deletedWatermarkGrace)
+		}
+		// Preserve watermark state briefly across delete+add rewrite cycles so
+		// the re-added DAG can detect schedule edits before its next slot.
 		logger.Info(ctx, "Planner: DAG deleted", tag.DAG(event.DAGName))
 	}
 
@@ -1128,6 +1141,50 @@ func (tp *TickPlanner) reconcileStartScheduleState(dag *core.DAG) bool {
 	return true
 }
 
+func (tp *TickPlanner) hasDAGWatermark(dagName string) bool {
+	tp.mu.RLock()
+	defer tp.mu.RUnlock()
+
+	if tp.watermarkState == nil {
+		return false
+	}
+	_, ok := tp.watermarkState.DAGs[dagName]
+	return ok
+}
+
+func (tp *TickPlanner) pruneExpiredDeletedWatermarks(now time.Time) {
+	if len(tp.deletedGrace) == 0 {
+		return
+	}
+
+	tp.mu.Lock()
+	defer tp.mu.Unlock()
+
+	if tp.watermarkState == nil || tp.watermarkState.DAGs == nil {
+		return
+	}
+
+	changed := false
+	for dagName, expiresAt := range tp.deletedGrace {
+		if now.Before(expiresAt) {
+			continue
+		}
+		delete(tp.deletedGrace, dagName)
+		if _, active := tp.entries[dagName]; active {
+			continue
+		}
+		if _, ok := tp.watermarkState.DAGs[dagName]; !ok {
+			continue
+		}
+		delete(tp.watermarkState.DAGs, dagName)
+		changed = true
+	}
+
+	if changed {
+		tp.watermarkDirty.Store(true)
+	}
+}
+
 // reinsertCatchupItem puts a failed catchup run back at the front of the
 // DAG's schedule buffer so it retries on the next tick. If the buffer was
 // already cleaned up, a new one is created.
diff --git a/internal/service/scheduler/tick_planner_test.go b/internal/service/scheduler/tick_planner_test.go
@@ -459,6 +459,80 @@ func TestTickPlanner_HandleEvent_Deleted(t *testing.T) {
 	// Verify entry was removed
 	_, ok = tp.entries["del-dag"]
 	assert.False(t, ok, "del-dag should be removed from entries")
+
+	tp.mu.RLock()
+	_, hasWM := tp.watermarkState.DAGs["del-dag"]
+	tp.mu.RUnlock()
+	assert.True(t, hasWM, "del-dag watermark should be retained during the rewrite grace window")
+}
+
+func TestTickPlanner_DeletedWatermarkExpiresAfterGraceWindow(t *testing.T) {
+	t.Parallel()
+
+	const graceWindow = 2 * time.Minute
+
+	now := time.Date(2026, 2, 7, 12, 0, 0, 0, time.UTC)
+	clock := now
+	eventCh := make(chan DAGChangeEvent, 256)
+	store := &mockWatermarkStore{}
+	tp := NewTickPlanner(TickPlannerConfig{
+		WatermarkStore: store,
+		QueuesEnabled:  true,
+		IsSuspended: func(_ context.Context, _ string) bool {
+			return false
+		},
+		GetLatestStatus: func(_ context.Context, _ *core.DAG) (exec.DAGRunStatus, error) {
+			return exec.DAGRunStatus{}, nil
+		},
+		Dispatch: func(_ context.Context, _ *core.DAG, _ string, _ core.TriggerType, _ time.Time) error {
+			return nil
+		},
+		GenRunID: func(_ context.Context) (string, error) {
+			return "test-run-id", nil
+		},
+		IsRunning: func(_ context.Context, _ *core.DAG) (bool, error) {
+			return false, nil
+		},
+		RunExists: func(_ context.Context, _ *core.DAG, _ string) (bool, error) {
+			return false, nil
+		},
+		Clock: func() time.Time {
+			return clock
+		},
+		Events: eventCh,
+	})
+
+	dag := &core.DAG{
+		Name:     "deleted-after-grace",
+		Schedule: []core.Schedule{mustParseSchedule(t, "0 * * * *")},
+	}
+	require.NoError(t, tp.Init(context.Background(), []*core.DAG{dag}))
+
+	tp.entryMu.Lock()
+	tp.handleEvent(context.Background(), DAGChangeEvent{
+		Type:    DAGChangeDeleted,
+		DAGName: dag.Name,
+	})
+	tp.entryMu.Unlock()
+
+	tp.mu.RLock()
+	_, hasWM := tp.watermarkState.DAGs[dag.Name]
+	tp.mu.RUnlock()
+	require.True(t, hasWM, "watermark should remain available during the rewrite grace window")
+
+	clock = now.Add(graceWindow + time.Second)
+	tp.Plan(context.Background(), clock)
+	tp.Flush(context.Background())
+
+	tp.mu.RLock()
+	_, hasWM = tp.watermarkState.DAGs[dag.Name]
+	tp.mu.RUnlock()
+	assert.False(t, hasWM, "watermark should be pruned after the grace window expires")
+
+	saved := store.lastSaved()
+	require.NotNil(t, saved)
+	_, hasPersisted := saved.DAGs[dag.Name]
+	assert.False(t, hasPersisted, "expired deleted watermark should not be persisted")
 }
 
 func TestTickPlanner_HandleEvent_Updated(t *testing.T) {
diff --git a/internal/service/scheduler/watermark.go b/internal/service/scheduler/watermark.go
@@ -20,7 +20,7 @@ type SchedulerState struct {
 type DAGWatermark struct {
 	LastScheduledTime        time.Time                      `json:"lastScheduledTime"`
 	StartScheduleFingerprint string                         `json:"startScheduleFingerprint,omitempty"`
-	SkipSuccessResetAt       time.Time                      `json:"skipSuccessResetAt,omitempty"`
+	SkipSuccessResetAt       time.Time                      `json:"skipSuccessResetAt"`
 	OneOffs                  map[string]OneOffScheduleState `json:"oneOffs,omitempty"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ type SchedulerState struct {`
`20`	`20`	`type DAGWatermark struct {`
`21`	`21`	LastScheduledTime time.Time `json:"lastScheduledTime"`
`22`	`22`	StartScheduleFingerprint string `json:"startScheduleFingerprint,omitempty"`
`23`		- SkipSuccessResetAt time.Time `json:"skipSuccessResetAt,omitempty"`
	`23`	+ SkipSuccessResetAt time.Time `json:"skipSuccessResetAt"`
`24`	`24`	OneOffs map[string]OneOffScheduleState `json:"oneOffs,omitempty"`
`25`	`25`	`}`
`26`	`26`