op-batcher: exit process on criticial throttling RPC error

[geoknee]

Confirmed manually that with these changes, the process is exited instead of just stopping the "work" of the batcher only.

[almanax-ai]

Unprotected nil closeApp invocation can cause panic

The new shutdownOnCriticalError method unconditionally calls l.closeApp(err), which is passed as nil in many test and example invocations. This will cause a runtime panic when a critical throttling RPC error occurs, leading to an unintended crash.

Add a nil check before calling l.closeApp(err), or default to a safe no-op function if closeApp is not provided.

---

Don't like this finding? Reply "dismiss" and it won't appear again in future scans.

[scharissis]

Tests for this would be good; does it shut down? Is it graceful?

[geoknee]

I tested this manually so far, and yes it does shut down successfully. I'm not totally sure we want to write a full end to end test for this, because we would need to spawn the batcher in a subprocess, attach it to an rpc endpoint returning MethodNotFound, and check on that process terminating. We don't have tests like this for sending an interrupt to the process, which should have the same effect. I'll see if I can add a little bit more unit tests to shore this up.

[geoknee]

I extended an existing test here a57e224. I'm pretty happy with this level of testing, it shows the "closeApp" is called under the right conditions. Having that closeApp actually cause the process to exit is arguably out of scope, since this is generic behavior from op-service that we rely on for multiple services.

[scharissis]

Tests for this would be good.

[geoknee]

59a967a

[scharissis]

Nice! Short & Sweet.