fix: prevent add prev_event or auth_events if the initial events are already informed

[ggazzo]

…lready informed

Summary by CodeRabbit

• Bug Fixes

  • Prevented duplicate or unintended authorization and previous events, improving event integrity and timeline accuracy.
  • Increased reliability of event ordering and depth calculations in rooms.

• Refactor

  • Reworked internal event tracking to use dedicated sets, reducing side effects and making updates safer.
  • Optimized event building to skip unnecessary processing when related events already exist, improving performance and responsiveness.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 78.94737% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.85%. Comparing base (14b0c72) to head (3441e00).

Files with missing lines	Patch %	Lines
packages/room/src/manager/event-wrapper.ts	78.94%	4 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #248   +/-   ##
=======================================
  Coverage   81.84%   81.85%           
=======================================
  Files          63       63           
  Lines        4705     4717   +12     
=======================================
+ Hits         3851     3861   +10     
- Misses        854      856    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Conditional logic was added to only add auth and previous events when missing during event construction. EventWrapper now tracks auth_events and prev_events via Sets, updates accessors to return arrays from these Sets, and adjusts mutation methods to operate on Sets instead of raw arrays.

Changes

Cohort / File(s)	Summary of changes
State event build flow packages/federation-sdk/src/services/state.service.ts	In buildEvent, call addAuthEvents and addPrevEvents only if auth/prev events are absent, altering the Promise.all flow to conditionally populate these fields.
Event wrapper Set-based tracking packages/room/src/manager/event-wrapper.ts	Introduced private Sets for auth/prev event IDs; populate from raw event; updated serializers and accessors to read from Sets; updated addPrevEvents and authedBy to mutate Sets and maintain depth.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Caller
  participant S as StateService
  participant EW as EventWrapper

  C->>S: buildEvent(instance)
  S->>EW: inspect event.auth_events / prev_events
  alt Missing auth/prev events
    S->>S: addAuthEvents(instance)
    S->>S: addPrevEvents(instance)
  else Already present
    S->>S: Skip population
  end
  S-->>C: Built event

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• refactor: propagate room version through PersistentEventBase #230: Touches the same EventWrapper methods (getAuthEventIds/getPreviousEventIds, addPrevEvents, authedBy).
• fix: streamline join event creation and enhance error messaging for e… #201: Similar changes to StateService build flow and EventWrapper Set-based handling for auth/prev events.
• refactor: standardize event creation in RoomService and PersistentEve… #188: Directly related to StateService.buildEvent orchestration adjusted here.

Suggested reviewers

• rodrigok

Poem

A hop and a skip through events I go,
Tidying auth, letting prev only show when low.
Sets in my paws, I sort with care,
No duplicates hiding anywhere.
Thump-thump! The flow’s now clean and bright—
Carrot-powered commits done right. 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Title Check	✅ Passed	The title directly summarizes the core fix—preventing the addition of prev_event and auth_events when those events are already set—and accurately reflects the main change in the code without introducing unrelated details.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/prev_events

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

Fix ensures auth_events and prev_events are not redundantly appended when they are already provided on incoming events by introducing internal Sets to track unique IDs and adding conditional population logic in state handling.

• Introduces authEventsIds and prevEventsIds Sets to enforce uniqueness and prevent duplicate additions.
• Skips addAuthEvents/addPrevEvents in StateService when events are already present.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
packages/room/src/manager/event-wrapper.ts	Adds internal Sets for auth/prev event IDs and updates methods to use them instead of mutating rawEvent arrays.
packages/federation-sdk/src/services/state.service.ts	Conditionally invokes population of auth/prev events based on existing event data.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

The constructor copies auth_events and prev_events into new Sets, creating two sources of truth (rawEvent.auth_events / rawEvent.prev_events vs authEventsIds / prevEventsIds) without marking the originals as deprecated or keeping them in sync. Consider either (a) normalizing by replacing rawEvent.auth_events/prev_events with the Set-backed arrays at creation time, (b) updating the rawEvent arrays whenever the Sets change, or (c) encapsulating access so external code cannot read stale rawEvent.* arrays.

Suggested change

	}
	}
	if (this.rawEvent.prev_events) {
	for (const id of this.rawEvent.prev_events) {
	this.prevEventsIds.add(id);
	}
	}
	}
	}
	delete this.rawEvent.auth_events;
	}
	if (this.rawEvent.prev_events) {
	for (const id of this.rawEvent.prev_events) {
	this.prevEventsIds.add(id);
	}
	delete this.rawEvent.prev_events;
	}
	}
	/**
	* Returns the current list of auth event IDs as an array.
	*/
	getAuthEventsArray(): EventID[] {
	return Array.from(this.authEventsIds);
	}
	/**
	* Returns the current list of prev event IDs as an array.
	*/
	getPrevEventsArray(): EventID[] {
	return Array.from(this.prevEventsIds);
	}

[Copilot]

addPrevEvents and authedBy now update only the Sets and no longer mutate rawEvent.prev_events or rawEvent.auth_events, which can leave rawEvent.* arrays stale if any other code paths still access them directly. To avoid divergence, either also update rawEvent.* arrays here, or refactor remaining internal/external usages to always go through the Set-backed accessors and document rawEvent.* as legacy.

[Copilot]

addPrevEvents and authedBy now update only the Sets and no longer mutate rawEvent.prev_events or rawEvent.auth_events, which can leave rawEvent.* arrays stale if any other code paths still access them directly. To avoid divergence, either also update rawEvent.* arrays here, or refactor remaining internal/external usages to always go through the Set-backed accessors and document rawEvent.* as legacy.

[Copilot]

Using logical && inside Promise.all results in boolean false entries when conditions fail, which is unconventional and can obscure intent. Recommend building the promise list explicitly: const tasks = []; if (instance.event.auth_events.length === 0) tasks.push(this.addAuthEvents(instance)); if (instance.event.prev_events.length === 0) tasks.push(this.addPrevEvents(instance)); await Promise.all(tasks);