fix(trogon-gateway): fix claim-check always triggered due to async-nats race

When `retry_on_initial_connect` is set, async-nats returns the `Client`
before the background connection task populates the `ServerInfo` watch
channel, so `server_info().max_payload` is always 0 immediately after
connect — collapsing the claim-check threshold to 0 and routing every
payload through the object-store path.

`trogon_nats::connect` always sets `retry_on_initial_connect`, making
this race deterministic in production.

Workaround: read the limit from `TROGON_GATEWAY_NATS_MAX_PAYLOAD_BYTES`
(default 1 MiB) instead of querying the server. The original line is
kept as a comment pending resolution of the upstream race.

Tracking issue: #122

Also adds OTel instrumentation to `ClaimCheckPublisher::publish_event`
and the Linear webhook handler so the claim-check path decision is
observable in traces and structured logs, and adds 20 production fixture
payloads (PII-sanitised) with integration tests for the Linear source.

Signed-off-by: Yordis Prieto <yordis.prieto@gmail.com>

Author: yordis

rsworkspace/crates/trogon-gateway/src/config.rs

@@ -1,4 +1,5 @@
 use std::fmt;
+use std::num::NonZeroUsize;
 use std::path::Path;
 
 use confique::Config;
@@ -20,6 +21,17 @@ use trogon_std::{NonZeroDuration, ZeroDuration};
 
 use crate::source_status::SourceStatus;
 
+#[derive(Debug)]
+struct ZeroNotAllowed;
+
+impl fmt::Display for ZeroNotAllowed {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.write_str("must be greater than zero")
+    }
+}
+
+impl std::error::Error for ZeroNotAllowed {}
+
 #[derive(Debug)]
 pub enum ConfigValidationError {
     InvalidField {
@@ -125,6 +137,10 @@ struct GatewayConfig {
     http_server: HttpServerConfig,
     #[config(nested)]
     nats: NatsConfigSection,
+    // TODO: restore dynamic server-info negotiation once the async-nats race is resolved.
+    // See the TODO in main.rs for the full explanation.
+    #[config(env = "TROGON_GATEWAY_NATS_MAX_PAYLOAD_BYTES", default = 1_048_576)]
+    nats_max_payload_bytes: usize,
     #[config(nested)]
     sources: SourcesConfig,
 }
@@ -307,6 +323,7 @@ pub struct ResolvedHttpServerConfig {
 pub struct ResolvedConfig {
     pub http_server: ResolvedHttpServerConfig,
     pub nats: trogon_nats::NatsConfig,
+    pub nats_max_payload_bytes: NonZeroUsize,
     pub github: Option<trogon_source_github::GithubConfig>,
     pub discord: Option<trogon_source_discord::DiscordConfig>,
     pub slack: Option<trogon_source_slack::SlackConfig>,
@@ -356,6 +373,18 @@ fn resolve(cfg: GatewayConfig, nats_overrides: &NatsArgs) -> Result<ResolvedConf
     let linear = resolve_linear(cfg.sources.linear, &mut errors);
     let notion = resolve_notion(cfg.sources.notion, &mut errors);
 
+    let nats_max_payload_bytes = match NonZeroUsize::new(cfg.nats_max_payload_bytes) {
+        Some(v) => v,
+        None => {
+            errors.push(ConfigValidationError::invalid(
+                "nats",
+                "nats_max_payload_bytes",
+                ZeroNotAllowed,
+            ));
+            return Err(ConfigError::Validation(errors));
+        }
+    };
+
     if !errors.is_empty() {
         return Err(ConfigError::Validation(errors));
     }
@@ -365,6 +394,7 @@ fn resolve(cfg: GatewayConfig, nats_overrides: &NatsArgs) -> Result<ResolvedConf
             port: cfg.http_server.port,
         },
         nats,
+        nats_max_payload_bytes,
         github,
         discord,
         slack,
@@ -2267,4 +2297,19 @@ timestamp_tolerance_secs = 0
         let result = load(Some(f.path()));
         assert!(matches!(result, Err(ConfigError::Load(_))));
     }
+
+    #[test]
+    fn nats_max_payload_bytes_zero_is_error() {
+        let toml = r#"
+nats_max_payload_bytes = 0
+
+[sources.linear]
+webhook_secret = "linear-secret"
+"#;
+        let f = write_toml(toml);
+        let result = load(Some(f.path()));
+        assert!(
+            matches!(result, Err(ConfigError::Validation(ref errs)) if errs.iter().any(|e| e.contains("nats_max_payload_bytes")))
+        );
+    }
 }

rsworkspace/crates/trogon-gateway/src/main.rs

@@ -59,7 +59,29 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
     info!("trogon-gateway starting");
 
     let nats = connect(&resolved.nats, NATS_CONNECT_TIMEOUT).await?;
-    let max_payload = MaxPayload::from_server_limit(nats.server_info().max_payload);
+    // TODO: restore the line below once the async-nats race is resolved.
+    //
+    // `trogon_nats::connect` always sets `retry_on_initial_connect`, which causes
+    // async-nats to return the `Client` before the background connection task has
+    // populated the `ServerInfo` watch channel. Reading `server_info().max_payload`
+    // immediately after `connect()` therefore returns 0 (the `Default` value for
+    // `usize`), which collapses `MaxPayload::from_server_limit` to a threshold of 0
+    // and routes every payload — including tiny ones — through the object-store
+    // claim-check path.
+    //
+    // Until async-nats guarantees `server_info()` is populated before returning the
+    // `Client` (or `trogon_nats::connect` exposes a post-connection hook), the value
+    // is taken from config (`TROGON_GATEWAY_NATS_MAX_PAYLOAD_BYTES`, default 1 MiB).
+    //
+    // Tracking issue: https://github.com/TrogonStack/trogonai/issues/122
+    // let server_max_payload = nats.server_info().max_payload;
+    let server_max_payload = resolved.nats_max_payload_bytes.get();
+    let max_payload = MaxPayload::from_server_limit(server_max_payload);
+    info!(
+        server_max_payload_bytes = server_max_payload,
+        claim_check_threshold_bytes = max_payload.threshold(),
+        "NATS connected"
+    );
     let js_context = async_nats::jetstream::new(nats.clone());
     let object_store = NatsObjectStore::provision(
         &js_context,

rsworkspace/crates/trogon-nats/src/jetstream/claim_check.rs

@@ -3,7 +3,7 @@ use std::time::Duration;
 
 use async_nats::HeaderMap;
 use bytes::Bytes;
-use tracing::error;
+use tracing::{debug, error};
 
 use super::object_store::{ObjectStoreGet, ObjectStorePut};
 use super::publish::PublishOutcome;
@@ -144,7 +144,17 @@ impl<P: JetStreamPublisher, S: ObjectStorePut> ClaimCheckPublisher<P, S> {
         payload: Bytes,
         ack_timeout: Duration,
     ) -> PublishOutcome<P::PublishError> {
-        if payload.len() <= self.max_payload.threshold() {
+        let payload_bytes = payload.len();
+        let threshold = self.max_payload.threshold();
+
+        if payload_bytes <= threshold {
+            debug!(
+                nats.subject = %subject,
+                messaging.message.body.size = payload_bytes,
+                trogon.claim_check.threshold_bytes = threshold,
+                trogon.claim_check.used = false,
+                "publishing directly"
+            );
             return super::publish::publish_event(
                 &self.publisher,
                 subject,
@@ -157,6 +167,15 @@ impl<P: JetStreamPublisher, S: ObjectStorePut> ClaimCheckPublisher<P, S> {
 
         let key = claim_object_key(&subject);
 
+        debug!(
+            nats.subject = %subject,
+            messaging.message.body.size = payload_bytes,
+            trogon.claim_check.threshold_bytes = threshold,
+            trogon.claim_check.used = true,
+            trogon.claim_check.key = %key,
+            "payload exceeds threshold, storing in object store"
+        );
+
         // Store-then-publish: if publish fails, the object becomes orphaned.
         // Cleanup relies on the object store bucket's TTL — see #101.
         let mut cursor = std::io::Cursor::new(payload);

rsworkspace/crates/trogon-source-linear/src/server.rs

@@ -133,6 +133,7 @@ fn handle_webhook<P: JetStreamPublisher, S: ObjectStorePut>(
         action = tracing::field::Empty,
         webhook_id = tracing::field::Empty,
         subject = tracing::field::Empty,
+        messaging.message.body.size = tracing::field::Empty,
     )
 )]
 async fn handle_webhook_inner<P: JetStreamPublisher, S: ObjectStorePut>(
@@ -264,6 +265,7 @@ async fn handle_webhook_inner<P: JetStreamPublisher, S: ObjectStorePut>(
     span.record("action", action.as_str());
     span.record("webhook_id", &webhook_id);
     span.record("subject", &subject);
+    span.record("messaging.message.body.size", body.len());
 
     let mut nats_headers = async_nats::HeaderMap::new();
     nats_headers.insert("Nats-Msg-Id", webhook_id.as_str());

rsworkspace/crates/trogon-source-linear/tests/fixtures/linear.Comment.create__019d8434-663b-7eb0-85ba-0b7b5b611645.json

@@ -0,0 +1,47 @@
+{
+    "action": "create",
+    "actor": {
+        "id": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "name": "Test User",
+        "email": "test.user@example.invalid",
+        "avatarUrl": "https://example.invalid/avatar.png",
+        "url": "https://example.invalid/profiles/test-user",
+        "type": "user"
+    },
+    "createdAt": "2026-04-13T00:18:39.406Z",
+    "data": {
+        "id": "d8589dfa-7102-42a3-8162-dd8891110d3b",
+        "createdAt": "2026-04-13T00:18:39.406Z",
+        "updatedAt": "2026-04-13T00:18:39.398Z",
+        "body": "asdsa",
+        "issueId": "eb9aa286-ee58-4089-82c7-91245745cd11",
+        "userId": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "reactionData": [],
+        "isArtificialAgentSessionRoot": false,
+        "botActor": null,
+        "user": {
+            "id": "b915a192-d677-4da7-9b26-d10794c63c28",
+            "name": "Test User",
+            "email": "test.user@example.invalid",
+            "avatarUrl": "https://example.invalid/avatar.png",
+            "url": "https://example.invalid/profiles/test-user"
+        },
+        "issue": {
+            "id": "eb9aa286-ee58-4089-82c7-91245745cd11",
+            "title": "Demo 2",
+            "teamId": "eafa5651-df81-4e77-b369-52cc26127db3",
+            "team": {
+                "id": "eafa5651-df81-4e77-b369-52cc26127db3",
+                "key": "STM",
+                "name": "Test Team"
+            },
+            "identifier": "STM-14",
+            "url": "https://example.invalid/issue/STM-14/demo-2"
+        }
+    },
+    "url": "https://example.invalid/issue/STM-14/demo-2#comment-d8589dfa",
+    "type": "Comment",
+    "organizationId": "315a704e-7d8a-4db3-90ee-941d5d8cbe8b",
+    "webhookTimestamp": 1776039519669,
+    "webhookId": "4849cf83-0c00-4bb6-99ea-0dd330cd5f0d"
+}

rsworkspace/crates/trogon-source-linear/tests/fixtures/linear.Issue.create__019d814e-13ec-7911-bbcc-5dadd1d53273.json

@@ -0,0 +1,57 @@
+{
+    "action": "create",
+    "actor": {
+        "id": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "name": "Test User",
+        "email": "test.user@example.invalid",
+        "avatarUrl": "https://example.invalid/avatar.png",
+        "url": "https://example.invalid/profiles/test-user",
+        "type": "user"
+    },
+    "createdAt": "2026-04-12T05:13:18.613Z",
+    "data": {
+        "id": "eb9aa286-ee58-4089-82c7-91245745cd11",
+        "createdAt": "2026-04-12T05:13:18.613Z",
+        "updatedAt": "2026-04-12T05:13:18.613Z",
+        "number": 14,
+        "title": "Demo 2",
+        "priority": 0,
+        "sortOrder": 33,
+        "prioritySortOrder": 43.65,
+        "slaType": "all",
+        "addedToTeamAt": "2026-04-12T05:13:18.629Z",
+        "labelIds": [],
+        "teamId": "eafa5651-df81-4e77-b369-52cc26127db3",
+        "previousIdentifiers": [],
+        "creatorId": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "stateId": "f2760411-fb81-44ff-99b3-4b8d34200bd9",
+        "reactionData": [],
+        "priorityLabel": "No priority",
+        "inheritsSharedAccess": false,
+        "botActor": null,
+        "identifier": "STM-14",
+        "url": "https://example.invalid/issue/STM-14/demo-2",
+        "subscriberIds": [
+            "b915a192-d677-4da7-9b26-d10794c63c28"
+        ],
+        "state": {
+            "id": "f2760411-fb81-44ff-99b3-4b8d34200bd9",
+            "color": "#bec2c8",
+            "name": "Backlog",
+            "type": "backlog"
+        },
+        "team": {
+            "id": "eafa5651-df81-4e77-b369-52cc26127db3",
+            "key": "STM",
+            "name": "Test Team"
+        },
+        "labels": [],
+        "description": "",
+        "descriptionData": "{\"type\":\"doc\",\"content\":[{\"type\":\"paragraph\"}]}"
+    },
+    "url": "https://example.invalid/issue/STM-14/demo-2",
+    "type": "Issue",
+    "organizationId": "315a704e-7d8a-4db3-90ee-941d5d8cbe8b",
+    "webhookTimestamp": 1775990870911,
+    "webhookId": "4849cf83-0c00-4bb6-99ea-0dd330cd5f0d"
+}

rsworkspace/crates/trogon-source-linear/tests/fixtures/linear.Issue.update__019d814d-b876-7e02-9c0c-3d39d4a0f77c.json

@@ -0,0 +1,82 @@
+{
+    "action": "update",
+    "actor": {
+        "id": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "name": "Test User",
+        "email": "test.user@example.invalid",
+        "avatarUrl": "https://example.invalid/avatar.png",
+        "url": "https://example.invalid/profiles/test-user",
+        "type": "user"
+    },
+    "createdAt": "2026-04-12T04:54:27.300Z",
+    "data": {
+        "id": "8ccf0ea8-03ae-4e4c-b570-d4b8228490e2",
+        "createdAt": "2025-11-26T07:49:10.704Z",
+        "updatedAt": "2026-04-12T04:54:27.299Z",
+        "number": 13,
+        "title": "Demo",
+        "priority": 0,
+        "sortOrder": -45.11,
+        "prioritySortOrder": 94.09,
+        "startedAt": "2025-11-26T07:54:03.531Z",
+        "canceledAt": "2026-04-12T04:54:27.288Z",
+        "slaType": "all",
+        "addedToTeamAt": "2025-11-26T07:49:10.737Z",
+        "labelIds": [
+            "574ea29d-a4b3-488d-b006-eb58c9e5f856"
+        ],
+        "teamId": "eafa5651-df81-4e77-b369-52cc26127db3",
+        "previousIdentifiers": [],
+        "creatorId": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "assigneeId": "b915a192-d677-4da7-9b26-d10794c63c28",
+        "stateId": "3dbc33f5-20bd-473f-a8b4-512df0c7ba51",
+        "reactionData": [],
+        "priorityLabel": "No priority",
+        "inheritsSharedAccess": false,
+        "botActor": null,
+        "identifier": "STM-13",
+        "url": "https://example.invalid/issue/STM-13/demo",
+        "subscriberIds": [
+            "b915a192-d677-4da7-9b26-d10794c63c28"
+        ],
+        "assignee": {
+            "id": "b915a192-d677-4da7-9b26-d10794c63c28",
+            "name": "Test User",
+            "email": "test.user@example.invalid",
+            "avatarUrl": "https://example.invalid/avatar.png",
+            "url": "https://example.invalid/profiles/test-user"
+        },
+        "state": {
+            "id": "3dbc33f5-20bd-473f-a8b4-512df0c7ba51",
+            "color": "#95a2b3",
+            "name": "Canceled",
+            "type": "canceled"
+        },
+        "team": {
+            "id": "eafa5651-df81-4e77-b369-52cc26127db3",
+            "key": "STM",
+            "name": "Test Team"
+        },
+        "labels": [
+            {
+                "id": "574ea29d-a4b3-488d-b006-eb58c9e5f856",
+                "color": "#BB87FC",
+                "name": "Feature"
+            }
+        ],
+        "description": "Berry nice, she is a 10",
+        "descriptionData": "{\"type\":\"doc\",\"content\":[{\"type\":\"paragraph\",\"content\":[{\"type\":\"text\",\"text\":\"Berry nice, she is a 10\"}]}]}"
+    },
+    "updatedFrom": {
+        "stateId": "c9e5e61e-3bac-448a-a7e1-25b2d8bc7cda",
+        "sortOrder": 61.53,
+        "updatedAt": "2026-04-12T04:54:26.357Z",
+        "canceledAt": null,
+        "completedAt": "2026-04-12T04:54:26.345Z"
+    },
+    "url": "https://example.invalid/issue/STM-13/demo",
+    "type": "Issue",
+    "organizationId": "315a704e-7d8a-4db3-90ee-941d5d8cbe8b",
+    "webhookTimestamp": 1775990847284,
+    "webhookId": "4849cf83-0c00-4bb6-99ea-0dd330cd5f0d"
+}