Files
nick-doc/Issues/ISSUE-111-scanner-deliverwebhook-goroutines-use-blocking-time-sleep.md
Siavash Sameni dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00

1.3 KiB

issue, title, severity, domain, labels, status, created, source
issue title severity domain labels status created source
111 Scanner: deliverWebhook goroutines use blocking time.Sleep — goroutine leak under sustained failure medium Scanner
bug
scanner
goroutine-leak
open 2026-05-30 Full Codebase Audit 2026-05-30

Scanner: deliverWebhook goroutines use blocking time.Sleep — goroutine leak under sustained failure

Severity: medium Domain: Scanner Labels: bug, scanner, goroutine-leak

Description

scanner/webhook.go:90 spawns a goroutine per webhook delivery that uses time.Sleep for retry backoff. Under sustained backend failure, many goroutines accumulate blocking on sleep with no upper bound on their count or total memory usage.

Options

  1. Replace per-delivery sleeping goroutines with a persisted retry queue + ticker (already partially present).
  2. Use a bounded worker pool + context cancellation instead of time.Sleep.
  3. Cap concurrent in-flight deliveries with a semaphore.

Recommendation

Move retries to the persisted queue/ticker model with a bounded worker pool and context-aware delays. Coordinate with ISSUE-112.

Affected Files

  • scanner/webhook.go:90

References