chore(release): promote rc-2026.7.1#178
Merged
Merged
Conversation
Extends the ant-devnet harness so a devnet can be reached from another device on the LAN (phone, simulator, second machine). All three flags are opt-in and default off — omitting them reproduces today's loopback-only behavior exactly. - --host <ipv4>: bind 0.0.0.0 and advertise the given LAN IP in the manifest bootstrap addresses (adds DevnetConfig::advertise_ip, default None → .local(true) + 127.0.0.1, unchanged). - --evm-network arbitrum-sepolia: verify payments against the real deployed Arbitrum Sepolia contracts (no local Anvil, empty wallet key) — exercises the external-signer payment flow. - --serve-port <port>: read-only manifest HTTP API (GET /api/devnet-manifest.json + /api/info); hand-rolled HTTP/1.1, no new dependencies. Node code and the wire protocol are untouched — only the ant-devnet binary and the Devnet harness change. Adds CLI parse tests + a default-config test. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…many_lines CI runs clippy with -D warnings and the workspace enables clippy::pedantic, so the expanded main() tripped too_many_lines (121/100). Extract the EVM-backing resolution into resolve_evm_info; behavior unchanged, main() back to ~85 lines. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…EVM flags, read timeout Automated-review follow-ups on the manifest HTTP API + CLI: - Reject a loopback/unspecified --host early (would stamp unreachable bootstrap addresses into the manifest). - Manifest API now enforces GET and returns 405 for other methods. - --evm-network and --enable-evm are mutually exclusive at the clap level. - Cap the manifest-server handler with a 5s socket read timeout so a slow/idle client can't tie up a thread (listener binds 0.0.0.0). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… hardening @dirvine review + Copilot follow-ups on the manifest API: - Bind the manifest listener synchronously in serve_manifest_api and propagate the error, so a bind failure (e.g. port in use) fails the run instead of the devnet reporting 'running' without its API. - Reject --serve-port 0 at the parser (range 1..) — it would otherwise bind an ephemeral port while /api/info advertises ':0'. - --serve-port now requires --host (the API publishes a LAN URL; a loopback-only devnet would be misleading/unsafe). - Handle manifest-API connections inline in the single server thread instead of spawning an unbounded thread per connection (kept the 5s read timeout). - Also reject multicast/broadcast --host, not just loopback/unspecified. - Propagate the bootstrap serialization error in /api/info instead of silently substituting null. Adds serve_port_requires_host + serve_port_rejects_zero CLI tests. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Production nodes accumulate out-of-range chunks indefinitely: storage admission reaches width 20, retained-storage responsibility uses width 9, commitments cover the strict closest 7, and only ~35% (~7/20) of stored chunks appear in current commitments — yet almost no records reach prune audits or deletion. Cause: prune candidacy required six mature neighbor-sync repair-hint proofs among the key's close group before a record could even be selected for a prune audit. Repair hints are sent to the ~20 peers closest to SELF, while prune confirmation concerns the 7 peers closest to the KEY; for a record outside width 9 nothing guarantees those sets overlap, so candidates were silently deferred forever. The commitment-retention veto additionally blocked the START of the 3-day hysteresis rather than only deletion, and none of the intermediate states were visible at INFO level. Fix: - Candidacy now strictly means "continuously outside the storage- retention width (9) for PRUNE_HYSTERESIS_DURATION". It never depends on repair proofs, bootstrap state, audit budget, or prior neighbor-sync contact. - The out-of-range timestamp is recorded the moment a record leaves range, even while a retained commitment still holds the key; retention vetoes deletion only. - Prune-confirmation audits challenge the CURRENT strict closest 7 straight from the local routing table, never filtered through RepairProofs. The repair-proof maturity gate is unchanged for the responsible-chunk anti-outsourcing audit. - Deletion still requires 6-of-7 valid nonce-bound possession proofs, plus a pre-deletion revalidation against the current routing table (width-9 re-check, retention re-check, current-close-group proof re-check). Bootstrap gating, the per-pass challenge budget, and commitment retention are audit/deletion deferrals that preserve candidacy and the first-seen time. - Explicit lifecycle states (InRange, HysteresisPending, Candidate, HeldByCommitment, BootstrapDeferred, BudgetDeferred, AuditFailed, Pruned) and one aggregate INFO census per pass. Unit and E2E regression coverage added; no prune test manufactures repair proofs anymore, and the threshold E2E test now runs the production-width scenario (close group 7, retention width 9, empty RepairProofs, 5/7 retains, 6/7 deletes). SemVer: patch Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
fix(pruning): make prune candidacy independent of repair-hint history
…meouts-part-capacity-fix # Conflicts: # src/replication/mod.rs
The merge of upstream/rc-2026.7.1 combined our branch's refactor (singular prune_audit_response_status replaced by the batch prune_audit_response_statuses) with upstream's grading tests, which still called the removed singular function. Adapt the graded_status test helper to delegate to the batch function with a single-key challenge slice so upstream's coverage is preserved. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…acity-fix fix(replication): batch record prune audit challenges
feat(ant-devnet): opt-in LAN / external-devnet mode (--host / --evm-network / --serve-port)
There was a problem hiding this comment.
Pull request overview
Promotes the node from 0.14.3 to 0.14.4, but the diff also includes substantive runtime and tooling changes around replication pruning/audit behavior and devnet LAN usability.
Changes:
- Refactors stored-record pruning into an explicit lifecycle (marking, hysteresis, candidacy, audit/deferral, revalidation) and removes prune-audit dependence on repair-hint proofs; adds richer prune telemetry.
- Improves audit/prune operational behavior: batches prune-confirmation challenges per peer, revalidates against current routing table before deletion, and adds structured audit-responder admission drop reasons; increases audit concurrency limits.
- Extends
ant-devnetwith LAN hosting (--host), optional external EVM network selection, and an optional manifest HTTP API.
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/e2e/replication.rs | Updates pruning E2E expectations to match new candidacy/hysteresis and audit-attempt behavior. |
| src/replication/pruning.rs | Major pruning lifecycle refactor; removes repair-proof gating for prune audits; batches challenges; adds detailed counters and unit tests. |
| src/replication/mod.rs | Adds structured audit-responder admission failure reporting and updates prune-pass invocation to new context shape. |
| src/replication/config.rs | Adjusts audit responder caps and factors out a responsible-audit sender key limit helper. |
| src/replication/audit.rs | Switches responsible audit sampling to the new key-limit helper. |
| src/devnet.rs | Adds advertise_ip support and uses it for bootstrap addresses / binding behavior. |
| src/bin/ant-devnet/main.rs | Adds LAN/devnet manifest API features, external EVM selection, and host validation; refactors manifest creation/output. |
| src/bin/ant-devnet/cli.rs | Adds --host, --evm-network, and --serve-port CLI flags with parsing tests. |
| docs/REPLICATION_DESIGN.md | Updates replication design rules/docs to reflect the new pruning lifecycle and audit targeting rules. |
| Cargo.toml | Bumps crate version to 0.14.4. |
| Cargo.lock | Regenerates lockfile entry for 0.14.4. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+124
to
+128
| // Optional read-only HTTP API so LAN devices fetch the manifest instead of | ||
| // copying files (GET /api/devnet-manifest.json + /api/info). | ||
| if let Some(port) = cli.serve_port { | ||
| serve_manifest_api(port, cli.host, &manifest, json.clone())?; | ||
| } |
Comment on lines
1
to
+3
| [package] | ||
| name = "ant-node" | ||
| version = "0.14.3" | ||
| version = "0.14.4" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promotes
rc-2026.7.1to release version(s): 0.14.4.-rc.*from[package].versionCargo.lockOnce merged, the release tag will be pushed to fire the publish workflow.