fix(replication): require aged repair hints before audits#135
Merged
jacderida merged 3 commits intoJun 12, 2026
Merged
Conversation
jacderida
approved these changes
Jun 12, 2026
…pair-hint-min-age # Conflicts: # src/replication/pruning.rs
jacderida
added a commit
that referenced
this pull request
Jun 16, 2026
Re-pin the saorsa-core git dep to the current rc-2026.6.2 commit (79f5ad6, post-#135) so the lock reference matches the branch. Lock-only; no version bump, no tag.
jacderida
added a commit
to grumbach/ant-node
that referenced
this pull request
Jun 22, 2026
logging to subtree/byte audits) Resolve conflicts after main advanced (incl. WithAutonomi#157 audit-challenge logging, WithAutonomi#135 aged repair hints, the prune-proof/admission gate, and the neighbor-sync hints refactor): - neighbor_sync: thread the gossiped commitment through main's hints-based sync path (sync_with_peer_with_hints). The commitment piggybacks on NeighborSync messages, so this is load-bearing for the gossip-triggered subtree audit (ADR-0002), not optional. Fixes a silent (non-marker) auto-merge breakage that referenced `commitment` without a parameter. - mod.rs: keep the ADR-0002 gossip-audit trigger; combine main's per-batch sync hints with the per-round my_commitment snapshot at every sync call site; take main's new VERIFICATION_CYCLE_SLOW_LOG_MS. - pruning: keep main's record_prune_lookup_groups prune-proof/admission gate AND re-apply the ADR-0002 commitment-retention veto (is_held) so a key still committed under a recently-gossiped commitment is never pruned. - tests/e2e: union both sides' prune tests; fill the merged PrunePassContext (repair_proof_now + commitment_state) on every literal. Fold WithAutonomi#157's audit-challenge logging convention into the subtree and byte challenge responders (received + reply sent/not-sent via send_replication_response_checked) and the capacity-dropped paths. Verified: cargo fmt --check, cargo check --all-targets (+test-utils), and cargo clippy --all-targets --features test-utils all clean; cargo test --lib --features test-utils -> 674 passed, 0 failed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this changes
The PR changes audit eligibility for replica chunks.
Previously, once this node had sent a peer a repair hint for a chunk, that peer could become audit-eligible for that chunk after the existing later sync-epoch gate.
Now, the repair hint must satisfy both conditions before the peer can be audited for that chunk:
Concretely:
REPAIR_HINT_MIN_AGE = 1 hour.Instantwhen a repair hint is recorded as sent.has_mature_replica_hintto require elapsed time >= 1 hour.This prevents this failure mode: we send a peer a repair hint for chunk
K, then immediately audit that peer forKbefore it had a fair chance to fetch/store it.Tests
cargo fmt --all -- --checkcargo test repair_proofs --libcargo test audit_key_filter_retains_stable_proofs_and_rejects_evicted_peers --libcargo clippy --all-targets --all-features -- -D warningscargo test --features test-utils --test e2e test_prune_pass_requires_remote_confirmation_before_delete -- --nocapture