fix(storage): scope ledger queries with bucket hint

internal/storage/driver/driver.go

@@ -75,6 +75,12 @@ func (d *Driver) CreateLedger(ctx context.Context, l *ledger.Ledger) (*ledgersto
 
 		ret = d.ledgerStoreFactory.Create(b, *l)
 
+		count, err := systemStore.CountLedgersInBucket(ctx, l.Bucket)
+		if err != nil {
+			return fmt.Errorf("counting ledgers in bucket: %w", err)
+		}
+		ret.SetAloneInBucket(count == 1)
+
 		return nil
 	})
 	if err != nil {
@@ -86,13 +92,24 @@ func (d *Driver) CreateLedger(ctx context.Context, l *ledger.Ledger) (*ledgersto
 
 func (d *Driver) OpenLedger(ctx context.Context, name string) (*ledgerstore.Store, *ledger.Ledger, error) {
 	// todo: keep the ledger in cache somewhere to avoid read the ledger at each request, maybe in the factory
-	ret, err := d.systemStoreFactory.Create(d.db).GetLedger(ctx, name)
+	// NOTE: if the store is ever cached, the isAloneInBucket flag must be
+	// refreshed/invalidated when bucket membership changes, otherwise
+	// cross-ledger reads may occur (missing WHERE ledger = ?).
+	systemStore := d.systemStoreFactory.Create(d.db)
+
+	ret, err := systemStore.GetLedger(ctx, name)
 	if err != nil {
 		return nil, nil, err
 	}
 
 	store := d.ledgerStoreFactory.Create(d.bucketFactory.Create(ret.Bucket), *ret)
 
+	count, err := systemStore.CountLedgersInBucket(ctx, ret.Bucket)
+	if err != nil {
+		return nil, nil, fmt.Errorf("counting ledgers in bucket: %w", err)
+	}
+	store.SetAloneInBucket(count == 1)
+
 	return store, ret, err
 }
 

internal/storage/driver/store.go

@@ -16,6 +16,7 @@ type SystemStore interface {
 	//ListLedgers(ctx context.Context, q systemstore.ListLedgersQuery) (*bunpaginate.Cursor[ledger.Ledger], error)
 	GetLedger(ctx context.Context, name string) (*ledger.Ledger, error)
 	GetDistinctBuckets(ctx context.Context) ([]string, error)
+	CountLedgersInBucket(ctx context.Context, bucket string) (int, error)
 
 	Migrate(ctx context.Context, options ...migrations.Option) error
 	GetMigrator(options ...migrations.Option) *migrations.Migrator

internal/storage/ledger/store.go

@@ -24,6 +24,13 @@ type Store struct {
 	bucket bucket.Bucket
 	ledger ledger.Ledger
 
+	// isAloneInBucket is a point-in-time optimization hint set when the store
+	// is created or opened. It indicates whether the ledger is the only one in
+	// its bucket, allowing the scoped select to skip the WHERE ledger = ? clause.
+	// Must be refreshed if bucket membership changes. Dangerous if the store is
+	// cached without proper invalidation.
+	isAloneInBucket bool
+
 	tracer                             trace.Tracer
 	meter                              metric.Meter
 	checkBucketSchemaHistogram         metric.Int64Histogram
@@ -165,25 +172,17 @@ func (store *Store) LockLedger(ctx context.Context) (*Store, bun.IDB, func() err
 
 // newScopedSelect creates a new select query scoped to the current ledger.
 // notes(gfyrag): The "WHERE ledger = 'XXX'" condition can cause degraded postgres plan.
-// To avoid that, we use a WHERE OR to separate the two cases:
-// 1. Check if the ledger is the only one in the bucket
-// 2. Otherwise, filter by ledger name
+// When the ledger is the only one in its bucket, we skip the clause entirely.
 func (store *Store) newScopedSelect() *bun.SelectQuery {
 	q := store.db.NewSelect()
-	checkLedgerAlone := store.db.NewSelect().
-		TableExpr("_system.ledgers").
-		ColumnExpr("count = 1").
-		Join("JOIN (?) AS counters ON _system.ledgers.bucket = counters.bucket",
-			store.db.NewSelect().
-				TableExpr("_system.ledgers").
-				ColumnExpr("bucket").
-				ColumnExpr("COUNT(*) AS count").
-				Group("bucket"),
-		).
-		Where("_system.ledgers.name = ?", store.ledger.Name)
-
-	return q.
-		Where("((?) or ledger = ?)", checkLedgerAlone, store.ledger.Name)
+	if !store.isAloneInBucket {
+		q = q.Where("ledger = ?", store.ledger.Name)
+	}
+	return q
+}
+
+func (store *Store) SetAloneInBucket(alone bool) {
+	store.isAloneInBucket = alone
 }
 
 func New(db bun.IDB, bucket bucket.Bucket, l ledger.Ledger, opts ...Option) *Store {

internal/storage/system/store.go

@@ -23,6 +23,7 @@ type Store interface {
 	Ledgers() common.PaginatedResource[ledger.Ledger, ListLedgersQueryPayload]
 	GetLedger(ctx context.Context, name string) (*ledger.Ledger, error)
 	GetDistinctBuckets(ctx context.Context) ([]string, error)
+	CountLedgersInBucket(ctx context.Context, bucket string) (int, error)
 
 	Migrate(ctx context.Context, options ...migrations.Option) error
 	GetMigrator(options ...migrations.Option) *migrations.Migrator
@@ -117,6 +118,17 @@ func (d *DefaultStore) GetLedger(ctx context.Context, name string) (*ledger.Ledg
 	return ret, nil
 }
 
+func (d *DefaultStore) CountLedgersInBucket(ctx context.Context, bucket string) (int, error) {
+	count, err := d.db.NewSelect().
+		TableExpr("_system.ledgers").
+		Where("bucket = ?", bucket).
+		Count(ctx)
+	if err != nil {
+		return 0, postgres.ResolveError(err)
+	}
+	return count, nil
+}
+
 func (d *DefaultStore) Migrate(ctx context.Context, options ...migrations.Option) error {
 	_, err := tracing.Trace(ctx, d.tracer, "MigrateSystemStore", func(ctx context.Context) (any, error) {
 		return nil, d.GetMigrator(options...).Up(ctx)