Skip to content

chore(release): promote rc-2026.6.4#163

Merged
jacderida merged 18 commits into
mainfrom
rc-2026.6.4
Jul 1, 2026
Merged

chore(release): promote rc-2026.6.4#163
jacderida merged 18 commits into
mainfrom
rc-2026.6.4

Conversation

@jacderida

Copy link
Copy Markdown
Collaborator

Promotes rc-2026.6.4 to release version(s): 0.14.2.

  • strips -rc.* from [package].version
  • rewrites internal git+branch deps to crates.io version pins
  • regenerates Cargo.lock

Once merged, the release tag will be pushed to fire the publish workflow.

mickvandijke and others added 18 commits June 26, 2026 12:11
Node-side role in the full-node-shunning plan (full == dishonest == evict). After fresh replication, the node tests every responsible close-group peer 5-15 min later for possession; storing earns no positive trust, while not storing is penalised at AuditChallenge severity. Delivery of the push is best-effort (up to 2 retries/peer) but never an exemption: undelivered peers are still tested and penalised alike. Adds a self-closeness gate on client puts, coupled so its width stays >= the client fallback ceiling. Trust-score eviction is already implemented in saorsa-core; this ADR only emits the signal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
First slice of ADR-0003. replicate_fresh now retries each per-peer push up to FRESH_REPLICATION_DELIVERY_MAX_RETRIES on a transport failure, so a transient hiccup doesn't silently drop the offer. The encoded offer is shared via Arc so the common single-attempt path keeps one clone per peer. Delivery assurance only — possession scoring (the delayed 5-15 min check and AuditChallenge-severity penalty) is the next stage.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ant-protocol 2.2.0 pulled saorsa-core 0.26.0 from crates.io while the node used a local path of the same version, producing two copies that collided on shared types (e.g. saorsa_core::address::MultiAddr) and broke the ant-devnet binary. Point the direct dependency at WithAutonomi/saorsa-core PR #119 (trust quarantine thresholds) and add a matching [patch.crates-io] so the transitive copy unifies onto one source. Full workspace now builds.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Implements the ADR-0003 gate. A client PUT is now accepted only when this node is within its own local SELF_CLOSENESS_GATE_WIDTH (= K_BUCKET_SIZE) closest peers to the address, so the fresh replication it triggers is legitimate and cannot mis-penalise honest peers. The width equals the client's PUT fallback ceiling (ADR-0002), so a client routing past full close-group members onto further peers is still accepted; a genuinely far node is turned away. The P2P handle is bound out of the lock before the await, and the gate no-ops when no handle is attached (unit tests). Fresh-replication receives keep their own narrower admission check.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Implements the detection+penalty core of ADR-0003. After fresh replication, replicate_fresh now returns the responsible close-group peers; the fresh-write drainer enqueues a possession-check event, and a new scheduler task waits a randomised 5-15 minute settle delay (POSSESSION_CHECK_DELAY_MIN/MAX) before probing every responsible peer for actual possession via a presence-only VerificationRequest. A peer confirmed absent is penalised at AuditChallenge severity (report_trust_event(ApplicationFailure(AUDIT_FAILURE_TRUST_WEIGHT))); a peer that holds it earns nothing; an unreachable peer yields no verdict and is re-probed under a bounded grace, never penalised. Every responsible peer is tested regardless of whether the original push reached it. New possession module, config tunables, and a delay-bounds unit test. 376 replication tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds a test-only ReplicationEngine::run_possession_check_now that drives the ADR-0003 possession check without the 5-15 min scheduler delay, plus an e2e test on a 10-node testnet: node A probes an absent peer B and a present peer C over real transport; B's trust score drops (penalised, the signal saorsa-core eviction acts on) while C's is untouched. Proves the detection+penalty core deterministically.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Proves the full replicate_fresh -> enqueue -> delayed scheduler -> penalty chain. Makes the 5-15 min possession delay a ReplicationConfig field (POSSESSION_CHECK_DELAY_MIN/MAX as defaults) so tests can shorten it, threads an optional replication_config override through TestNetworkConfig, and has the public replicate_fresh entry point schedule the possession check (the production PUT path already does via the drainer). The e2e test runs a 10-node testnet with a ~200-500ms delay, triggers fresh replication with no payment cache so close peers reject and are absent, and asserts the scheduled check penalises an absent close peer. 675 lib tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Adds an e2e test on a 25-node testnet: the closest (responsible) node accepts a client PUT (gate must not break normal uploads), while the farthest node (rank >= K_BUCKET_SIZE, outside its own closest view) rejects before payment with a closeness error. Proves both the regression guard and the intended reject behaviour of the ADR-0003 self-closeness gate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…nvergence

Amends ADR-0003. A healthy replica whose routing table still lists closer full nodes it hasn't evicted yet ranks itself outside the narrow storage_admission_width window and would wrongly reject a fresh-replication offer it should accept — stalling convergence, and inconsistent with the wider K-window it already accepts client PUTs within. Widen the fresh-offer accept gate to config.paid_list_close_group_size (= K_BUCKET_SIZE = 20). Safe: the sender still fans out only to close_group_size, so this adds no stores; retention/pruning stays at storage_admission_width, so steady-state replication is unchanged and any transient over-coverage is reclaimed once the close group converges (the multi-day prune hysteresis spans the minutes-long eviction window). Sender fan-out deliberately not widened — the repair path heals that case. 675 lib tests + fresh-replication & full-close-group-shunning e2e tests pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Prune-confirmation and fresh-replication possession audits now use AuditChallenge-style failure semantics for timeouts and bad proofs, while subtree audits keep their separate timeout grace behavior.

Possession checks also share the bootstrap-claim grace and abuse tracking used by responsible and prune audits.

BREAKING CHANGE: AuditChallenge-style prune and possession audit timeouts are penalized immediately instead of using timeout grace.
…de-shunning-node

# Conflicts:
#	Cargo.lock
#	Cargo.toml
rustdoc's redundant_explicit_links lint (promoted to an error by
RUSTDOCFLAGS="-D warnings" in the Documentation CI job) flagged the
module-doc link to AuditChallenge, whose explicit crate path duplicates
what the intra-doc shortcut resolves to. Use the shortcut form, matching
the other AuditChallenge link in this file.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat: full-node shunning — node implementation (ADR-0003)
Copilot AI review requested due to automatic review settings June 30, 2026 22:59

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR promotes ant-node to release 0.14.2 and updates ant-protocol/saorsa-core pins, but it also includes significant replication/storage behavior changes implementing ADR-0003 (delayed possession checking, fresh-replication delivery retries, and a self-closeness gate on client PUTs), plus new/expanded E2E coverage.

Changes:

  • Add ADR-0003 mechanisms: client PUT self-closeness gate, fresh-replication delivery retries, and delayed possession-check scheduling/verification.
  • Expand E2E test harness configurability (replication config override, per-node disk reserve overrides) and add new replication regression tests.
  • Promote versions: ant-node 0.14.2, ant-protocol 2.2.2, saorsa-core 0.26.2, and regenerate Cargo.lock.

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tests/e2e/testnet.rs Adds per-test replication config override and per-node disk-reserve overrides; wires these into node setup.
tests/e2e/replication.rs Adds ADR-0003-focused E2E regression tests (possession check behavior, full-node shunning, self-closeness gate).
src/storage/handler.rs Introduces self-closeness gating on client PUTs using attached P2PNode routing view.
src/replication/pruning.rs Changes prune-audit handling to treat undecodable/no-response as an immediate audit failure.
src/replication/protocol.rs Updates audit-related commentary/tests text to match revised timeout/failure semantics.
src/replication/possession.rs New module implementing delayed possession verification via single-key AuditChallenge.
src/replication/mod.rs Schedules delayed possession checks after fresh replication; adds a background scheduler task.
src/replication/fresh.rs Adds bounded retry behavior for fresh-replication offer delivery and returns responsible peers for scheduling checks.
src/replication/config.rs Adds fresh-delivery retry constant and possession-check delay config fields (with defaults).
docs/adr/ADR-0003-full-node-detection-and-eviction.md New ADR describing full-node detection/penalisation/eviction and self-closeness gating.
Cargo.toml Version bump and dependency pin updates.
Cargo.lock Lockfile regeneration for the release and updated dependency pins.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Cargo.toml
[package]
name = "ant-node"
version = "0.14.1"
version = "0.14.2"
Comment thread src/replication/mod.rs
Comment on lines +693 to +697
tokio::spawn(async move {
let delay = possession::random_delay(delay_min, delay_max);
tokio::select! {
() = shutdown.cancelled() => {}
() = tokio::time::sleep(delay) => {
Comment on lines +151 to +153
ProbeOutcome::Timeout => {
report_possession_audit_failure(&peer, &key_hex, "timed out", p2p_node).await;
}
@jacderida jacderida merged commit 3df630c into main Jul 1, 2026
24 checks passed
@jacderida jacderida deleted the rc-2026.6.4 branch July 1, 2026 00:05
grumbach pushed a commit to grumbach/ant-node that referenced this pull request Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants