keys managements(KM) implementation on add-invoice

[grunch]

Summary by CodeRabbit

• New Features

  • Enhanced invoice processing logic for better message handling and order status updates.
  • Added feedback prompts for users when processing orders.

• Bug Fixes

  • Improved filtering criteria for incoming messages to ensure only relevant actions are processed.

[coderabbitai]

Walkthrough

The pull request introduces modifications to three CLI-related files: add_invoice.rs, take_buy.rs, and take_sell.rs. The changes primarily focus on refining message processing logic, enhancing request handling, and improving user feedback. Key modifications include making the order variable mutable, introducing unique request identifiers, and updating order status management. Additionally, conditions for filtering messages have been made more specific, ensuring that only relevant actions are processed.

Changes

File	Change Summary
src/cli/add_invoice.rs	- Made order variable mutable - Cloned trade_keys - Introduced request_id for unique request identification - Streamlined payload initialization - Updated order status to WaitingPayment with error handling
src/cli/take_buy.rs	- Added condition to filter messages by Action::PayInvoice
src/cli/take_sell.rs	- Added condition to filter messages by Action::AddInvoice - Inserted new println! for user feedback

Possibly Related PRs

• Code refactoring and bug fixes #96: Replacement of send_order_id_cmd with send_message_sync in message handling.
• Code refactoring related with message payload #91: Refactoring payload structure for message processing.
• Code refactoring and small fixes #90: Modifications to message handling and error management in execute_send_msg.
• Bump mostro-core to v0.6.11 #87: Update to the mostro-core dependency that may affect functionality.
• Fix: missing order id in take-sell #95: Changes in execute_take_sell function regarding message construction and order ID handling.

Poem

🐰 Invoices dance, messages flow,
Request IDs spark, status starts to grow,
Filters tighten, feedback clear and bright,
Mostro's CLI leaps with rabbit-like might!
Code hops forward, precision in sight 🚀

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 58c462e and 7bd6a44.

📒 Files selected for processing (1)

• src/cli/add_invoice.rs (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/cli/add_invoice.rs

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/cli/take_sell.rs (1)

78-81: Enhance user feedback for invoice amount

The current message could be more informative and include validation of the amount.

Consider this improvement:

    println!(
-        "Please add a lightning invoice with amount of {}",
-        order.amount
+        "Please add a lightning invoice with amount of {} sats. Ensure this matches your expected amount.",
+        order.amount.max(0) // Ensure non-negative amount
    );

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e2f579a and 637e78c.

📒 Files selected for processing (3)

• src/cli/add_invoice.rs (3 hunks)
• src/cli/take_buy.rs (1 hunks)
• src/cli/take_sell.rs (1 hunks)

🔇 Additional comments (2)

src/cli/take_buy.rs (1)

51-51: LGTM: Enhanced message filtering with specific action check

The addition of message.action == Action::PayInvoice check improves message filtering security by ensuring only relevant messages are processed.

Let's verify the message action handling across the codebase:

✅ Verification successful

Let me gather more context about the Action enum and its usage pattern.

---

Let me check one more thing to understand the message handling pattern across different actions.

---

LGTM: Action-specific message filtering is correctly implemented

The verification confirms that the Action::PayInvoice check in take_buy.rs follows the established pattern across the codebase. Each action handler (take_buy.rs, take_sell.rs) correctly filters messages based on both request_id and specific actions (PayInvoice, AddInvoice) as part of the request-response flow. The implementation is consistent with the security model where each handler only processes its relevant action types.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify consistent PayInvoice action handling
# Look for other places where PayInvoice action is handled to ensure consistency

ast-grep --pattern 'Action::PayInvoice'

Length of output: 154

---

Script:

#!/bin/bash
# Find the Action enum definition and its usage
ast-grep --pattern 'enum Action'

# Find all places where message.action is checked
ast-grep --pattern 'message.action == Action::'

# Find all places where Action is used
rg "Action::" -A 2

Length of output: 2478

---

Script:

#!/bin/bash
# Find message handling patterns in take_buy.rs
cat src/cli/take_buy.rs

# Find similar patterns in take_sell.rs for comparison
cat src/cli/take_sell.rs

Length of output: 5286

src/cli/take_sell.rs (1)

76-76: LGTM: Improved message filtering with AddInvoice action

The addition of the specific action check aligns with the security improvements seen across the codebase.

Let's verify the consistency of AddInvoice action handling:

✅ Verification successful

Action handling is consistent and properly implemented

The verification shows that the Action::AddInvoice check is part of a consistent pattern across the codebase where message actions are verified alongside request IDs. Similar patterns are found in related files (take_buy.rs and add_invoice.rs) with their respective actions (PayInvoice and WaitingSellerToPay), all following the same security pattern of dual verification with request IDs.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify consistent AddInvoice action handling
# Look for other places where AddInvoice action is handled to ensure consistency

ast-grep --pattern 'Action::AddInvoice'

Length of output: 209

---

Script:

#!/bin/bash
# Let's check the Action enum definition and its usage patterns
ast-grep --pattern 'enum Action {
  $$$
}'

# Also check how Action is used in the context of request_id
ast-grep --pattern 'message.action == Action::$_'

Length of output: 453

---

Script:

#!/bin/bash
# Let's examine the full context of these message handling patterns
rg "message\.action.*Action::" -A 5 -B 5

Length of output: 2063