fix: rename agentic sessions table to agent_sessions

Kenbak · Kenbak · commit 15cd4e305dce · 2026-03-27T15:22:30.000+05:30
The old `sessions` table (dashboard login) and the new agentic prepaid
sessions shared the same name. On mainnet, CREATE TABLE IF NOT EXISTS
was a no-op since the old table already existed, causing data purge to
fail with "no such column: status".

Rename to `agent_sessions` to avoid the collision. Also clean up
agent_sessions on merchant deletion and token regeneration.
diff --git a/src/db.rs b/src/db.rs
@@ -641,9 +641,9 @@ pub async fn create_pool(database_url: &str) -> anyhow::Result<SqlitePool> {
     sqlx::query("ALTER TABLE x402_verifications ADD COLUMN protocol TEXT NOT NULL DEFAULT 'x402'")
         .execute(&pool).await.ok();
 
-    // Sessions table (agentic prepaid credit)
+    // Agent sessions table (agentic prepaid credit)
     sqlx::query(
-        "CREATE TABLE IF NOT EXISTS sessions (
+        "CREATE TABLE IF NOT EXISTS agent_sessions (
             id TEXT PRIMARY KEY,
             merchant_id TEXT NOT NULL REFERENCES merchants(id),
             deposit_txid TEXT NOT NULL,
@@ -663,9 +663,9 @@ pub async fn create_pool(database_url: &str) -> anyhow::Result<SqlitePool> {
     .await
     .ok();
 
-    sqlx::query("CREATE INDEX IF NOT EXISTS idx_sessions_token ON sessions(bearer_token)")
+    sqlx::query("CREATE INDEX IF NOT EXISTS idx_agent_sessions_token ON agent_sessions(bearer_token)")
         .execute(&pool).await.ok();
-    sqlx::query("CREATE INDEX IF NOT EXISTS idx_sessions_merchant ON sessions(merchant_id, status)")
+    sqlx::query("CREATE INDEX IF NOT EXISTS idx_agent_sessions_merchant ON agent_sessions(merchant_id, status)")
         .execute(&pool).await.ok();
 
     // Price type columns (one_time vs recurring)
@@ -923,12 +923,18 @@ pub async fn set_scanner_state(pool: &SqlitePool, key: &str, value: &str) -> any
 pub async fn run_data_purge(pool: &SqlitePool, purge_days: i64) -> anyhow::Result<()> {
     let cutoff = format!("-{} days", purge_days);
 
-    // Expired sessions + closed/depleted sessions older than cutoff
-    let sessions = sqlx::query(
-        "DELETE FROM sessions WHERE
+    // Expired agent sessions + closed/depleted sessions older than cutoff
+    let agent_sessions_purged = sqlx::query(
+        "DELETE FROM agent_sessions WHERE
             expires_at < strftime('%Y-%m-%dT%H:%M:%SZ', 'now')
             OR (status IN ('closed', 'depleted') AND created_at < strftime('%Y-%m-%dT%H:%M:%SZ', 'now', ?))"
-    ).bind(&cutoff).execute(pool).await?;
+    ).bind(&cutoff).execute(pool).await
+    .map(|r| r.rows_affected()).unwrap_or(0);
+
+    // Expired dashboard login sessions
+    let _ = sqlx::query(
+        "DELETE FROM sessions WHERE expires_at < strftime('%Y-%m-%dT%H:%M:%SZ', 'now')"
+    ).execute(pool).await;
 
     // Expired recovery tokens
     let tokens = sqlx::query(
@@ -947,13 +953,13 @@ pub async fn run_data_purge(pool: &SqlitePool, purge_days: i64) -> anyhow::Resul
          AND created_at < strftime('%Y-%m-%dT%H:%M:%SZ', 'now', ?)"
     ).bind(&cutoff).execute(pool).await?;
 
-    let total = sessions.rows_affected()
+    let total = agent_sessions_purged
         + tokens.rows_affected()
         + webhooks.rows_affected()
         + tickets.rows_affected();
     if total > 0 {
         tracing::info!(
-            sessions = sessions.rows_affected(),
+            agent_sessions = agent_sessions_purged,
             tokens = tokens.rows_affected(),
             webhooks = webhooks.rows_affected(),
             tickets = tickets.rows_affected(),
diff --git a/src/merchants/mod.rs b/src/merchants/mod.rs
@@ -260,6 +260,10 @@ pub async fn regenerate_dashboard_token(pool: &SqlitePool, merchant_id: &str) ->
         .bind(merchant_id)
         .execute(pool)
         .await?;
+    let _ = sqlx::query("DELETE FROM agent_sessions WHERE merchant_id = ?")
+        .bind(merchant_id)
+        .execute(pool)
+        .await;
 
     tracing::info!(merchant_id, "Dashboard token regenerated, all sessions invalidated");
     Ok(new_token)
@@ -353,6 +357,8 @@ pub async fn delete_merchant(pool: &SqlitePool, merchant_id: &str) -> anyhow::Re
 
     sqlx::query("DELETE FROM sessions WHERE merchant_id = ?")
         .bind(merchant_id).execute(&mut *conn).await?;
+    let _ = sqlx::query("DELETE FROM agent_sessions WHERE merchant_id = ?")
+        .bind(merchant_id).execute(&mut *conn).await;
     sqlx::query("DELETE FROM recovery_tokens WHERE merchant_id = ?")
         .bind(merchant_id).execute(&mut *conn).await?;
     sqlx::query("DELETE FROM fee_ledger WHERE merchant_id = ?")
diff --git a/src/sessions/mod.rs b/src/sessions/mod.rs
@@ -40,7 +40,7 @@ pub async fn create_session(
     let bearer_token = generate_token();
 
     sqlx::query(
-        "INSERT INTO sessions (id, merchant_id, deposit_txid, bearer_token, balance_zatoshis, balance_remaining, cost_per_request, requests_made, refund_address, status, expires_at)
+        "INSERT INTO agent_sessions (id, merchant_id, deposit_txid, bearer_token, balance_zatoshis, balance_remaining, cost_per_request, requests_made, refund_address, status, expires_at)
          VALUES (?, ?, ?, ?, ?, ?, ?, 0, ?, 'active', strftime('%Y-%m-%dT%H:%M:%SZ', 'now', '+' || ? || ' hours'))"
     )
     .bind(&id)
@@ -72,7 +72,7 @@ pub async fn create_session(
 pub async fn get_session(pool: &SqlitePool, session_id: &str) -> Result<Option<Session>> {
     let row = sqlx::query_as::<_, (String, String, String, String, i64, i64, i64, i64, Option<String>, String, String, String, Option<String>)>(
         "SELECT id, merchant_id, deposit_txid, bearer_token, balance_zatoshis, balance_remaining, cost_per_request, requests_made, refund_address, status, expires_at, created_at, closed_at
-         FROM sessions WHERE id = ?"
+         FROM agent_sessions WHERE id = ?"
     )
     .bind(session_id)
     .fetch_optional(pool)
@@ -99,7 +99,7 @@ pub async fn validate_and_deduct(pool: &SqlitePool, bearer_token: &str) -> Resul
     // Atomic deduction: single UPDATE with WHERE guards prevents race conditions.
     // If balance < cost or session is expired/inactive, rows_affected == 0.
     let result = sqlx::query(
-        "UPDATE sessions SET
+        "UPDATE agent_sessions SET
             balance_remaining = balance_remaining - cost_per_request,
             requests_made = requests_made + 1
          WHERE bearer_token = ?
@@ -114,7 +114,7 @@ pub async fn validate_and_deduct(pool: &SqlitePool, bearer_token: &str) -> Resul
     if result.rows_affected() == 0 {
         // Mark depleted/expired sessions so they don't linger
         sqlx::query(
-            "UPDATE sessions SET status = CASE
+            "UPDATE agent_sessions SET status = CASE
                 WHEN expires_at < strftime('%Y-%m-%dT%H:%M:%SZ', 'now') THEN 'expired'
                 WHEN balance_remaining < cost_per_request THEN 'depleted'
                 ELSE status END
@@ -131,7 +131,7 @@ pub async fn validate_and_deduct(pool: &SqlitePool, bearer_token: &str) -> Resul
     // Read back the updated session state
     let row = sqlx::query_as::<_, (String, String, i64, i64, i64, Option<String>)>(
         "SELECT id, merchant_id, balance_remaining, cost_per_request, requests_made, refund_address
-         FROM sessions WHERE bearer_token = ?"
+         FROM agent_sessions WHERE bearer_token = ?"
     )
     .bind(bearer_token)
     .fetch_optional(pool)
@@ -177,7 +177,7 @@ pub async fn close_session(pool: &SqlitePool, session_id: &str) -> Result<Option
     };
 
     sqlx::query(
-        "UPDATE sessions SET status = 'closed', closed_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now') WHERE id = ?"
+        "UPDATE agent_sessions SET status = 'closed', closed_at = strftime('%Y-%m-%dT%H:%M:%SZ', 'now') WHERE id = ?"
     )
     .bind(session_id)
     .execute(pool)
@@ -219,7 +219,7 @@ pub async fn get_summary(pool: &SqlitePool, session_id: &str) -> Result<Option<S
 pub async fn list_for_merchant(pool: &SqlitePool, merchant_id: &str) -> Result<Vec<Session>> {
     let rows = sqlx::query_as::<_, (String, String, String, String, i64, i64, i64, i64, Option<String>, String, String, String, Option<String>)>(
         "SELECT id, merchant_id, deposit_txid, bearer_token, balance_zatoshis, balance_remaining, cost_per_request, requests_made, refund_address, status, expires_at, created_at, closed_at
-         FROM sessions WHERE merchant_id = ? ORDER BY created_at DESC LIMIT 100"
+         FROM agent_sessions WHERE merchant_id = ? ORDER BY created_at DESC LIMIT 100"
     )
     .bind(merchant_id)
     .fetch_all(pool)
@@ -245,7 +245,7 @@ pub async fn list_for_merchant(pool: &SqlitePool, merchant_id: &str) -> Result<V
 /// Check if a deposit txid has already been used for a session
 pub async fn txid_already_used(pool: &SqlitePool, txid: &str) -> bool {
     sqlx::query_scalar::<_, i64>(
-        "SELECT COUNT(*) FROM sessions WHERE deposit_txid = ?"
+        "SELECT COUNT(*) FROM agent_sessions WHERE deposit_txid = ?"
     )
     .bind(txid)
     .fetch_one(pool)
