go-coldbrew · ankurs · Apr 2, 2026 · Mar 31, 2026 · Mar 31, 2026 · Apr 1, 2026
diff --git a/errors.go b/errors.go
@@ -60,18 +60,18 @@ type customError struct {
 	basePath     string // snapshot of basePath at capture time
 	cause        error
 	wrapped      error // immediate parent for Unwrap() chain; may differ from cause
-	shouldNotify bool
+	shouldNotify atomic.Bool
 	status       *grpcstatus.Status
 }
 
 // ShouldNotify returns true if the error should be reported to notifiers.
 func (c *customError) ShouldNotify() bool {
-	return c.shouldNotify
+	return c.shouldNotify.Load()
 }
 
 // Notified marks the error as having been notified (or not).
 func (c *customError) Notified(status bool) {
-	c.shouldNotify = !status
+	c.shouldNotify.Store(!status)
 }
 
 // Error returns the error message.
@@ -233,30 +233,30 @@ func WrapWithSkipAndStatus(err error, msg string, skip int, status *grpcstatus.S
 	//if we have stack information reuse that
 	if e, ok := err.(ErrorExt); ok {
 		c := &customError{
-			Msg:          msg + e.Error(),
-			cause:        e.Cause(),
-			wrapped:      err, // preserve full chain for errors.Is/errors.As
-			status:       status,
-			shouldNotify: true,
+			Msg:     msg + e.Error(),
+			cause:   e.Cause(),
+			wrapped: err, // preserve full chain for errors.Is/errors.As
+			status:  status,
 		}
+		c.shouldNotify.Store(true)
 
 		c.stack = e.Callers()
 		if ce, ok := e.(*customError); ok {
 			c.basePath = ce.basePath
 		}
 		if n, ok := e.(NotifyExt); ok {
-			c.shouldNotify = n.ShouldNotify()
+			c.shouldNotify.Store(n.ShouldNotify())
 		}
 		return c
 	}
 
 	c := &customError{
-		Msg:          msg + err.Error(),
-		cause:        err,
-		wrapped:      err,
-		shouldNotify: true,
-		status:       status,
+		Msg:     msg + err.Error(),
+		cause:   err,
+		wrapped: err,
+		status:  status,
 	}
+	c.shouldNotify.Store(true)
 	c.captureStack(skip + 1)
 	return c
 

diff --git a/notifier/notifier.go b/notifier/notifier.go
@@ -8,6 +8,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"time"
 
 	gobrake "github.com/airbrake/gobrake/v5"
@@ -35,12 +36,20 @@ var (
 	hostname           string
 	traceHeader        string = "x-trace-id"
 
-	// asyncSem is a semaphore that bounds the number of concurrent async
-	// notification goroutines. When full, new notifications are dropped
-	// to prevent goroutine explosion under sustained error bursts.
-	asyncSem = make(chan struct{}, 1000)
 )
 
+// asyncSem is a semaphore that bounds the number of concurrent async
+// notification goroutines. When full, new notifications are dropped
+// to prevent goroutine explosion under sustained error bursts.
+// Stored as atomic.Pointer to eliminate the race between SetMaxAsyncNotifications
+// and NotifyAsync goroutines reading the channel variable.
+var asyncSem atomic.Pointer[chan struct{}]
+
+func init() {
+	ch := make(chan struct{}, 20)
+	asyncSem.Store(&ch)
+}
+
 const (
 	tracerID = "tracerId"
 )
@@ -50,11 +59,13 @@ var asyncSemOnce sync.Once
 // SetMaxAsyncNotifications sets the maximum number of concurrent async
 // notification goroutines. When the limit is reached, new async notifications
 // are dropped to prevent goroutine explosion under sustained error bursts.
-// Default is 1000. Can only be called once; subsequent calls are no-ops.
+// Default is 20. The first successful call wins; subsequent calls are no-ops.
+// It is safe to call concurrently with NotifyAsync.
 func SetMaxAsyncNotifications(n int) {
 	if n > 0 {
 		asyncSemOnce.Do(func() {
-			asyncSem = make(chan struct{}, n)
+			ch := make(chan struct{}, n)
+			asyncSem.Store(&ch)
 		})
 	}
 }
@@ -67,7 +78,7 @@ func NotifyAsync(err error, rawData ...interface{}) error {
 	if err == nil {
 		return nil
 	}
-	sem := asyncSem
+	sem := *asyncSem.Load()
 	select {
 	case sem <- struct{}{}:
 		data := append([]interface{}(nil), rawData...)
@@ -553,7 +564,9 @@ func SetTraceId(ctx context.Context) context.Context {
 func GetTraceId(ctx context.Context) string {
 	if o := options.FromContext(ctx); o != nil {
 		if data, found := o.Get(tracerID); found {
-			return data.(string)
+			if traceID, ok := data.(string); ok {
+				return traceID
+			}
 		}
 	}
 	if logCtx := loggers.FromContext(ctx); logCtx != nil {

diff --git a/notifier/notifier_test.go b/notifier/notifier_test.go
@@ -0,0 +1,101 @@
+package notifier
+
+import (
+	"context"
+	"sync"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/go-coldbrew/errors"
+	"github.com/go-coldbrew/options"
+)
+
+func TestGetTraceId_NonStringValue(t *testing.T) {
+	// Regression test: GetTraceId must not panic when the tracerID
+	// option holds a non-string value.
+	ctx := options.AddToOptions(context.Background(), tracerID, 12345)
+
+	// Before the fix this panicked with "interface conversion: interface {} is int, not string".
+	got := GetTraceId(ctx)
+	if got != "" {
+		t.Errorf("expected empty string for non-string tracerID, got %q", got)
+	}
+}
+
+func TestGetTraceId_StringValue(t *testing.T) {
+	ctx := options.AddToOptions(context.Background(), tracerID, "abc-123")
+
+	got := GetTraceId(ctx)
+	if got != "abc-123" {
+		t.Errorf("expected 'abc-123', got %q", got)
+	}
+}
+
+func TestNotifyAsync_BoundedConcurrency(t *testing.T) {
+	// Set a tiny semaphore so we can observe drops.
+	ch := make(chan struct{}, 1)
+	asyncSem.Store(&ch)
+	t.Cleanup(func() {
+		// Drain any tokens left by test goroutines.
+		select {
+		case <-ch:
+		default:
+		}
-		// Drain any tokens left by test goroutines.
-		select {
-		case <-ch:
-		default:
-		}
-		// Drain any tokens left by test goroutines.
-		select {
-		case <-ch:
-		default:
-		}
+		// Restore default.
+		def := make(chan struct{}, 20)
+		asyncSem.Store(&def)
+	})
+
+	// Fill the single slot with a blocking goroutine.
+	block := make(chan struct{})
+	blockErr := errors.New("blocker")
+	NotifyAsync(blockErr) // takes the one slot
+	// Give the goroutine a moment to acquire the semaphore token.
+	time.Sleep(10 * time.Millisecond)
+
+	// Now the semaphore is full. Additional calls should be dropped.
+	var dropped atomic.Int32
+	originalDebug := NotifyAsync(errors.New("should-drop"))
+	// NotifyAsync returns the error regardless of drop/send, so we can't
+	// check the return value. Instead, verify the semaphore is still full
+	// by checking we can't send another token.
+	select {
+	case ch <- struct{}{}:
+		// We could send — means the slot was free, which means the previous
+		// call was dropped (it didn't acquire). That's the expected path.
+		<-ch // put it back
+		dropped.Add(1)
+	default:
+		// Slot is full — the previous NotifyAsync got in, which shouldn't
+		// happen since we already filled it. This is also fine if timing
+		// allowed the blocker to finish.
+	}
+	_ = originalDebug
+
+	// Unblock the first goroutine so it releases the token.
+	close(block)
+	// Wait a bit for cleanup.
-func TestNotifyAsync_BoundedConcurrency(t *testing.T) {
-	// Set a tiny semaphore so we can observe drops.
-	ch := make(chan struct{}, 1)
-	asyncSem.Store(&ch)
-	t.Cleanup(func() {
-		// Drain any tokens left by test goroutines.
-		select {
-		case <-ch:
-		default:
-		}
-		// Restore default.
-		def := make(chan struct{}, 20)
-		asyncSem.Store(&def)
-	})
-
-	// Fill the single slot with a blocking goroutine.
-	block := make(chan struct{})
-	blockErr := errors.New("blocker")
-	NotifyAsync(blockErr) // takes the one slot
-	// Give the goroutine a moment to acquire the semaphore token.
-	time.Sleep(10 * time.Millisecond)
-
-	// Now the semaphore is full. Additional calls should be dropped.
-	var dropped atomic.Int32
-	originalDebug := NotifyAsync(errors.New("should-drop"))
-	// NotifyAsync returns the error regardless of drop/send, so we can't
-	// check the return value. Instead, verify the semaphore is still full
-	// by checking we can't send another token.
-	select {
-	case ch <- struct{}{}:
-		// We could send — means the slot was free, which means the previous
-		// call was dropped (it didn't acquire). That's the expected path.
-		<-ch // put it back
-		dropped.Add(1)
-	default:
-		// Slot is full — the previous NotifyAsync got in, which shouldn't
-		// happen since we already filled it. This is also fine if timing
-		// allowed the blocker to finish.
-	}
-	_ = originalDebug
-
-	// Unblock the first goroutine so it releases the token.
-	close(block)
-	// Wait a bit for cleanup.
+// testNotifyErr implements errors.NotifyExt and allows the test to
+// distinguish between accepted and dropped async notifications.
+type testNotifyErr struct {
+	msg     string
+	block   <-chan struct{}
+	dropped *atomic.Int32
+}
+
+func (e *testNotifyErr) Error() string {
+	return e.msg
+}
+
+// Notified is called by NotifyAsync. When async is true, the notification
+// was accepted and we block to hold the semaphore token. When async is
+// false, the notification was dropped and we record that fact.
+func (e *testNotifyErr) Notified(async bool) {
+	if async {
+		// Hold the token until the test closes e.block.
+		<-e.block
+		return
+	}
+	if e.dropped != nil {
+		e.dropped.Add(1)
+	}
+}
+
+func TestNotifyAsync_BoundedConcurrency(t *testing.T) {
+	// Set a tiny semaphore so we can observe drops.
+	ch := make(chan struct{}, 1)
+	asyncSem.Store(&ch)
+	t.Cleanup(func() {
+		// Drain any tokens left by test goroutines.
+		for {
+			select {
+			case <-ch:
+			default:
+				goto drained
+			}
+		}
+	drained:
+		// Restore default.
+		def := make(chan struct{}, 20)
+		asyncSem.Store(&def)
+	})
+
+	// Fill the single slot with a blocking notification.
+	block := make(chan struct{})
+	var dropped atomic.Int32
+
+	holder := &testNotifyErr{
+		msg:     "holder",
+		block:   block,
+		dropped: &dropped,
+	}
+	NotifyAsync(holder) // should take the one slot and block in Notified(true)
+
+	// Give the goroutine a moment to acquire the semaphore token.
+	time.Sleep(10 * time.Millisecond)
+
+	// Now the semaphore is full. Additional calls should be dropped and
+	// reported via Notified(false).
+	for i := 0; i < 5; i++ {
+		NotifyAsync(&testNotifyErr{
+			msg:     "should-drop",
+			block:   block,
+			dropped: &dropped,
+		})
+	}
+
+	// Allow callbacks to run.
+	time.Sleep(50 * time.Millisecond)
+
+	if got := dropped.Load(); got == 0 {
+		t.Fatalf("expected some async notifications to be dropped while semaphore slot held, got %d drops", got)
+	}
+
+	// Unblock the goroutines so they can release the token and exit.
+	close(block)
-func TestNotifyAsync_BoundedConcurrency(t *testing.T) {
-	// Set a tiny semaphore so we can observe drops.
-	ch := make(chan struct{}, 1)
-	asyncSem.Store(&ch)
-	t.Cleanup(func() {
-		// Drain any tokens left by test goroutines.
-		select {
-		case <-ch:
-		default:
-		}
-		// Restore default.
-		def := make(chan struct{}, 20)
-		asyncSem.Store(&def)
-	})
-
-	// Fill the single slot with a blocking goroutine.
-	block := make(chan struct{})
-	blockErr := errors.New("blocker")
-	NotifyAsync(blockErr) // takes the one slot
-	// Give the goroutine a moment to acquire the semaphore token.
-	time.Sleep(10 * time.Millisecond)
-
-	// Now the semaphore is full. Additional calls should be dropped.
-	var dropped atomic.Int32
-	originalDebug := NotifyAsync(errors.New("should-drop"))
-	// NotifyAsync returns the error regardless of drop/send, so we can't
-	// check the return value. Instead, verify the semaphore is still full
-	// by checking we can't send another token.
-	select {
-	case ch <- struct{}{}:
-		// We could send — means the slot was free, which means the previous
-		// call was dropped (it didn't acquire). That's the expected path.
-		<-ch // put it back
-		dropped.Add(1)
-	default:
-		// Slot is full — the previous NotifyAsync got in, which shouldn't
-		// happen since we already filled it. This is also fine if timing
-		// allowed the blocker to finish.
-	}
-	_ = originalDebug
-
-	// Unblock the first goroutine so it releases the token.
-	close(block)
-	// Wait a bit for cleanup.
+// testNotifyErr implements errors.NotifyExt and allows the test to
+// distinguish between accepted and dropped async notifications.
+type testNotifyErr struct {
+	msg     string
+	block   <-chan struct{}
+	dropped *atomic.Int32
+}
+
+func (e *testNotifyErr) Error() string {
+	return e.msg
+}
+
+// Notified is called by NotifyAsync. When async is true, the notification
+// was accepted and we block to hold the semaphore token. When async is
+// false, the notification was dropped and we record that fact.
+func (e *testNotifyErr) Notified(async bool) {
+	if async {
+		// Hold the token until the test closes e.block.
+		<-e.block
+		return
+	}
+	if e.dropped != nil {
+		e.dropped.Add(1)
+	}
+}
+
+func TestNotifyAsync_BoundedConcurrency(t *testing.T) {
+	// Set a tiny semaphore so we can observe drops.
+	ch := make(chan struct{}, 1)
+	asyncSem.Store(&ch)
+	t.Cleanup(func() {
+		// Drain any tokens left by test goroutines.
+		for {
+			select {
+			case <-ch:
+			default:
+				goto drained
+			}
+		}
+	drained:
+		// Restore default.
+		def := make(chan struct{}, 20)
+		asyncSem.Store(&def)
+	})
+
+	// Fill the single slot with a blocking notification.
+	block := make(chan struct{})
+	var dropped atomic.Int32
+
+	holder := &testNotifyErr{
+		msg:     "holder",
+		block:   block,
+		dropped: &dropped,
+	}
+	NotifyAsync(holder) // should take the one slot and block in Notified(true)
+
+	// Give the goroutine a moment to acquire the semaphore token.
+	time.Sleep(10 * time.Millisecond)
+
+	// Now the semaphore is full. Additional calls should be dropped and
+	// reported via Notified(false).
+	for i := 0; i < 5; i++ {
+		NotifyAsync(&testNotifyErr{
+			msg:     "should-drop",
+			block:   block,
+			dropped: &dropped,
+		})
+	}
+
+	// Allow callbacks to run.
+	time.Sleep(50 * time.Millisecond)
+
+	if got := dropped.Load(); got == 0 {
+		t.Fatalf("expected some async notifications to be dropped while semaphore slot held, got %d drops", got)
+	}
+
+	// Unblock the goroutines so they can release the token and exit.
+	close(block)
+	time.Sleep(50 * time.Millisecond)
+}
+
+func TestSetMaxAsyncNotifications_ConcurrentAccess(t *testing.T) {
+	// Regression test: SetMaxAsyncNotifications and NotifyAsync must not
+	// race on the asyncSem variable. Run with -race to verify.
+	var wg sync.WaitGroup
+
+	wg.Add(2)
+	go func() {
+		defer wg.Done()
+		for i := 0; i < 100; i++ {
+			SetMaxAsyncNotifications(50)
+		}
+	}()
+	go func() {
+		defer wg.Done()
+		for i := 0; i < 20; i++ {
+			NotifyAsync(errors.New("race test"))
+		}
+	}()
+	wg.Wait()
+}