Make schedule history sequence allocation concurrency-safe

WorkflowScheduleHistoryEvent::record() previously chose the next
sequence with max(sequence)+1 without serialization, so concurrent
lifecycle writers could pick the same slot and either hit the
unique(workflow_schedule_id, sequence) constraint or leave audit
ordering dependent on DB timing. This retries the write on unique-
constraint violations so racing writers advance to the next free
slot instead of failing or silently duplicating.

Adds regression tests covering a single collision and a five-deep
pileup to exercise the retry loop end-to-end against the unique
index. Closes TD-069.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: durable-workflow-ops

src/V2/Models/WorkflowScheduleHistoryEvent.php

@@ -8,13 +8,22 @@
 use Illuminate\Database\Eloquent\Concerns\HasUlids;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\UniqueConstraintViolationException;
 use Workflow\V2\Enums\HistoryEventType;
 use Workflow\V2\Support\ConfiguredV2Models;
 
 class WorkflowScheduleHistoryEvent extends Model
 {
     use HasUlids;
 
+    /**
+     * Upper bound on retry iterations when racing for the next schedule
+     * history sequence. Contention is expected to be low per-schedule, so this
+     * is large enough to clear any realistic pileup without masking a bug
+     * that would otherwise spin forever.
+     */
+    private const SEQUENCE_RETRY_LIMIT = 32;
+
     public $incrementing = false;
 
     protected $table = 'workflow_schedule_history_events';
@@ -47,24 +56,41 @@ public static function record(
         HistoryEventType $eventType,
         array $payload = [],
     ): self {
-        $sequence = ((int) ConfiguredV2Models::query('schedule_history_event_model', self::class)
-            ->where('workflow_schedule_id', $schedule->id)
-            ->max('sequence')) + 1;
+        $snapshot = self::snapshotPayload($schedule, $payload);
+        $workflowInstanceId = self::stringValue($payload['workflow_instance_id'] ?? null);
+        $workflowRunId = self::stringValue($payload['workflow_run_id'] ?? null);
+
+        for ($attempt = 1; $attempt <= self::SEQUENCE_RETRY_LIMIT; $attempt++) {
+            $sequence = ((int) ConfiguredV2Models::query('schedule_history_event_model', self::class)
+                ->where('workflow_schedule_id', $schedule->id)
+                ->max('sequence')) + 1;
+
+            try {
+                /** @var self $event */
+                $event = ConfiguredV2Models::query('schedule_history_event_model', self::class)->create([
+                    'workflow_schedule_id' => $schedule->id,
+                    'schedule_id' => $schedule->schedule_id,
+                    'namespace' => $schedule->namespace,
+                    'sequence' => $sequence,
+                    'event_type' => $eventType->value,
+                    'payload' => $snapshot,
+                    'workflow_instance_id' => $workflowInstanceId,
+                    'workflow_run_id' => $workflowRunId,
+                    'recorded_at' => now(),
+                ]);
+
+                return $event;
+            } catch (UniqueConstraintViolationException $e) {
+                if ($attempt === self::SEQUENCE_RETRY_LIMIT) {
+                    throw $e;
+                }
+                // Another writer claimed this sequence first. Re-read the max
+                // and try the next slot.
+            }
+        }
 
-        /** @var self $event */
-        $event = ConfiguredV2Models::query('schedule_history_event_model', self::class)->create([
-            'workflow_schedule_id' => $schedule->id,
-            'schedule_id' => $schedule->schedule_id,
-            'namespace' => $schedule->namespace,
-            'sequence' => $sequence,
-            'event_type' => $eventType->value,
-            'payload' => self::snapshotPayload($schedule, $payload),
-            'workflow_instance_id' => self::stringValue($payload['workflow_instance_id'] ?? null),
-            'workflow_run_id' => self::stringValue($payload['workflow_run_id'] ?? null),
-            'recorded_at' => now(),
-        ]);
-
-        return $event;
+        // Unreachable: the loop either returns or re-throws at the final attempt.
+        throw new \LogicException('Schedule history sequence allocation exhausted retries.');
     }
 
     /**

tests/Feature/V2/V2ScheduleTest.php

@@ -531,6 +531,91 @@ public function testScheduleLifecycleRecordsScheduleLevelHistoryEvents(): void
         $this->assertSame(1, $events[6]->payload['skipped_trigger_count']);
     }
 
+    public function testScheduleHistorySequenceRecoversFromConcurrentCollision(): void
+    {
+        $schedule = ScheduleManager::create(
+            scheduleId: 'sequence-race-test',
+            workflowClass: TestScheduledWorkflow::class,
+            cronExpression: '* * * * *',
+        );
+
+        // ScheduleCreated was written with sequence = 1. Simulate another
+        // concurrent writer that has already claimed sequence = 2 before we
+        // attempt to record the next lifecycle event — exactly the collision
+        // the unique(workflow_schedule_id, sequence) constraint would raise.
+        WorkflowScheduleHistoryEvent::query()->create([
+            'workflow_schedule_id' => $schedule->id,
+            'schedule_id' => $schedule->schedule_id,
+            'namespace' => $schedule->namespace,
+            'sequence' => 2,
+            'event_type' => HistoryEventType::SchedulePaused->value,
+            'payload' => ['reason' => 'pre-claimed by racing writer'],
+            'recorded_at' => now(),
+        ]);
+
+        ScheduleManager::pause($schedule, 'operator hold');
+
+        $events = WorkflowScheduleHistoryEvent::query()
+            ->where('workflow_schedule_id', $schedule->id)
+            ->orderBy('sequence')
+            ->get();
+
+        // record() should have retried past the collision and landed on
+        // sequence = 3, preserving ordering rather than blowing up.
+        $this->assertSame([1, 2, 3], $events->pluck('sequence')->all());
+        $this->assertSame(
+            [
+                HistoryEventType::ScheduleCreated->value,
+                HistoryEventType::SchedulePaused->value,
+                HistoryEventType::SchedulePaused->value,
+            ],
+            $events->map(static fn (WorkflowScheduleHistoryEvent $event): string => $event->event_type->value)->all(),
+        );
+        $this->assertSame('pre-claimed by racing writer', $events[1]->payload['reason']);
+        $this->assertSame('operator hold', $events[2]->payload['reason']);
+    }
+
+    public function testConcurrentScheduleLifecycleWritesAllLandWithUniqueSequences(): void
+    {
+        $schedule = ScheduleManager::create(
+            scheduleId: 'sequence-pileup-test',
+            workflowClass: TestScheduledWorkflow::class,
+            cronExpression: '* * * * *',
+        );
+
+        // Pre-claim sequences 2..6 to force record() to retry five times
+        // before landing on the next free slot. This exercises the retry
+        // loop under a larger pileup than a single collision.
+        for ($claimed = 2; $claimed <= 6; $claimed++) {
+            WorkflowScheduleHistoryEvent::query()->create([
+                'workflow_schedule_id' => $schedule->id,
+                'schedule_id' => $schedule->schedule_id,
+                'namespace' => $schedule->namespace,
+                'sequence' => $claimed,
+                'event_type' => HistoryEventType::SchedulePaused->value,
+                'payload' => ['reason' => 'pileup ' . $claimed],
+                'recorded_at' => now(),
+            ]);
+        }
+
+        ScheduleManager::pause($schedule, 'post-pileup');
+
+        $sequences = WorkflowScheduleHistoryEvent::query()
+            ->where('workflow_schedule_id', $schedule->id)
+            ->orderBy('sequence')
+            ->pluck('sequence')
+            ->all();
+
+        $this->assertSame([1, 2, 3, 4, 5, 6, 7], $sequences);
+
+        $tail = WorkflowScheduleHistoryEvent::query()
+            ->where('workflow_schedule_id', $schedule->id)
+            ->where('sequence', 7)
+            ->first();
+        $this->assertNotNull($tail);
+        $this->assertSame('post-pileup', $tail->payload['reason']);
+    }
+
     public function testTriggerDeletedScheduleTracksSkipReason(): void
     {
         $schedule = ScheduleManager::create(