Skip to content

chore(release): promote rc-2026.7.1#178

Merged
jacderida merged 17 commits into
mainfrom
rc-2026.7.1
Jul 15, 2026
Merged

chore(release): promote rc-2026.7.1#178
jacderida merged 17 commits into
mainfrom
rc-2026.7.1

Conversation

@jacderida

Copy link
Copy Markdown
Collaborator

Promotes rc-2026.7.1 to release version(s): 0.14.4.

  • strips -rc.* from [package].version
  • rewrites internal git+branch deps to crates.io version pins
  • regenerates Cargo.lock

Once merged, the release tag will be pushed to fire the publish workflow.

Nic and others added 17 commits July 13, 2026 17:09
Extends the ant-devnet harness so a devnet can be reached from another device
on the LAN (phone, simulator, second machine). All three flags are opt-in and
default off — omitting them reproduces today's loopback-only behavior exactly.

- --host <ipv4>: bind 0.0.0.0 and advertise the given LAN IP in the manifest
  bootstrap addresses (adds DevnetConfig::advertise_ip, default None →
  .local(true) + 127.0.0.1, unchanged).
- --evm-network arbitrum-sepolia: verify payments against the real deployed
  Arbitrum Sepolia contracts (no local Anvil, empty wallet key) — exercises the
  external-signer payment flow.
- --serve-port <port>: read-only manifest HTTP API (GET /api/devnet-manifest.json
  + /api/info); hand-rolled HTTP/1.1, no new dependencies.

Node code and the wire protocol are untouched — only the ant-devnet binary and
the Devnet harness change. Adds CLI parse tests + a default-config test.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…many_lines

CI runs clippy with -D warnings and the workspace enables clippy::pedantic, so
the expanded main() tripped too_many_lines (121/100). Extract the EVM-backing
resolution into resolve_evm_info; behavior unchanged, main() back to ~85 lines.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…EVM flags, read timeout

Automated-review follow-ups on the manifest HTTP API + CLI:
- Reject a loopback/unspecified --host early (would stamp unreachable
  bootstrap addresses into the manifest).
- Manifest API now enforces GET and returns 405 for other methods.
- --evm-network and --enable-evm are mutually exclusive at the clap level.
- Cap the manifest-server handler with a 5s socket read timeout so a slow/idle
  client can't tie up a thread (listener binds 0.0.0.0).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… hardening

@dirvine review + Copilot follow-ups on the manifest API:
- Bind the manifest listener synchronously in serve_manifest_api and propagate
  the error, so a bind failure (e.g. port in use) fails the run instead of the
  devnet reporting 'running' without its API.
- Reject --serve-port 0 at the parser (range 1..) — it would otherwise bind an
  ephemeral port while /api/info advertises ':0'.
- --serve-port now requires --host (the API publishes a LAN URL; a loopback-only
  devnet would be misleading/unsafe).
- Handle manifest-API connections inline in the single server thread instead of
  spawning an unbounded thread per connection (kept the 5s read timeout).
- Also reject multicast/broadcast --host, not just loopback/unspecified.
- Propagate the bootstrap serialization error in /api/info instead of silently
  substituting null.

Adds serve_port_requires_host + serve_port_rejects_zero CLI tests.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Production nodes accumulate out-of-range chunks indefinitely: storage
admission reaches width 20, retained-storage responsibility uses width 9,
commitments cover the strict closest 7, and only ~35% (~7/20) of stored
chunks appear in current commitments — yet almost no records reach prune
audits or deletion.

Cause: prune candidacy required six mature neighbor-sync repair-hint
proofs among the key's close group before a record could even be
selected for a prune audit. Repair hints are sent to the ~20 peers
closest to SELF, while prune confirmation concerns the 7 peers closest
to the KEY; for a record outside width 9 nothing guarantees those sets
overlap, so candidates were silently deferred forever. The
commitment-retention veto additionally blocked the START of the 3-day
hysteresis rather than only deletion, and none of the intermediate
states were visible at INFO level.

Fix:
- Candidacy now strictly means "continuously outside the storage-
  retention width (9) for PRUNE_HYSTERESIS_DURATION". It never depends
  on repair proofs, bootstrap state, audit budget, or prior
  neighbor-sync contact.
- The out-of-range timestamp is recorded the moment a record leaves
  range, even while a retained commitment still holds the key;
  retention vetoes deletion only.
- Prune-confirmation audits challenge the CURRENT strict closest 7
  straight from the local routing table, never filtered through
  RepairProofs. The repair-proof maturity gate is unchanged for the
  responsible-chunk anti-outsourcing audit.
- Deletion still requires 6-of-7 valid nonce-bound possession proofs,
  plus a pre-deletion revalidation against the current routing table
  (width-9 re-check, retention re-check, current-close-group proof
  re-check). Bootstrap gating, the per-pass challenge budget, and
  commitment retention are audit/deletion deferrals that preserve
  candidacy and the first-seen time.
- Explicit lifecycle states (InRange, HysteresisPending, Candidate,
  HeldByCommitment, BootstrapDeferred, BudgetDeferred, AuditFailed,
  Pruned) and one aggregate INFO census per pass.

Unit and E2E regression coverage added; no prune test manufactures
repair proofs anymore, and the threshold E2E test now runs the
production-width scenario (close group 7, retention width 9, empty
RepairProofs, 5/7 retains, 6/7 deletes).

SemVer: patch

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
fix(pruning): make prune candidacy independent of repair-hint history
…meouts-part-capacity-fix

# Conflicts:
#	src/replication/mod.rs
The merge of upstream/rc-2026.7.1 combined our branch's refactor (singular
prune_audit_response_status replaced by the batch prune_audit_response_statuses)
with upstream's grading tests, which still called the removed singular function.
Adapt the graded_status test helper to delegate to the batch function with a
single-key challenge slice so upstream's coverage is preserved.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…acity-fix

fix(replication): batch record prune audit challenges
feat(ant-devnet): opt-in LAN / external-devnet mode (--host / --evm-network / --serve-port)
Copilot AI review requested due to automatic review settings July 15, 2026 11:54

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Promotes the node from 0.14.3 to 0.14.4, but the diff also includes substantive runtime and tooling changes around replication pruning/audit behavior and devnet LAN usability.

Changes:

  • Refactors stored-record pruning into an explicit lifecycle (marking, hysteresis, candidacy, audit/deferral, revalidation) and removes prune-audit dependence on repair-hint proofs; adds richer prune telemetry.
  • Improves audit/prune operational behavior: batches prune-confirmation challenges per peer, revalidates against current routing table before deletion, and adds structured audit-responder admission drop reasons; increases audit concurrency limits.
  • Extends ant-devnet with LAN hosting (--host), optional external EVM network selection, and an optional manifest HTTP API.

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tests/e2e/replication.rs Updates pruning E2E expectations to match new candidacy/hysteresis and audit-attempt behavior.
src/replication/pruning.rs Major pruning lifecycle refactor; removes repair-proof gating for prune audits; batches challenges; adds detailed counters and unit tests.
src/replication/mod.rs Adds structured audit-responder admission failure reporting and updates prune-pass invocation to new context shape.
src/replication/config.rs Adjusts audit responder caps and factors out a responsible-audit sender key limit helper.
src/replication/audit.rs Switches responsible audit sampling to the new key-limit helper.
src/devnet.rs Adds advertise_ip support and uses it for bootstrap addresses / binding behavior.
src/bin/ant-devnet/main.rs Adds LAN/devnet manifest API features, external EVM selection, and host validation; refactors manifest creation/output.
src/bin/ant-devnet/cli.rs Adds --host, --evm-network, and --serve-port CLI flags with parsing tests.
docs/REPLICATION_DESIGN.md Updates replication design rules/docs to reflect the new pruning lifecycle and audit targeting rules.
Cargo.toml Bumps crate version to 0.14.4.
Cargo.lock Regenerates lockfile entry for 0.14.4.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +124 to +128
// Optional read-only HTTP API so LAN devices fetch the manifest instead of
// copying files (GET /api/devnet-manifest.json + /api/info).
if let Some(port) = cli.serve_port {
serve_manifest_api(port, cli.host, &manifest, json.clone())?;
}
Comment thread Cargo.toml
Comment on lines 1 to +3
[package]
name = "ant-node"
version = "0.14.3"
version = "0.14.4"
@jacderida jacderida merged commit 571868a into main Jul 15, 2026
23 checks passed
@jacderida jacderida deleted the rc-2026.7.1 branch July 15, 2026 13:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants