fix(state-node): bootstrap content network on first push to eliminate create race#41
Open
somasekimoto wants to merge 4 commits intomainfrom
Open
fix(state-node): bootstrap content network on first push to eliminate create race#41somasekimoto wants to merge 4 commits intomainfrom
somasekimoto wants to merge 4 commits intomainfrom
Conversation
… create race create_content pushed CRDT operations to selected members before the Gossipsub ContentCreated event arrived, so the PushOperations handler rejected the push for an unknown network. Members ended up with metadata but no data. The creator also retained a local CRDT copy despite being excluded from the member set. Carry a PushBootstrap payload on the first push so the receiver can persist the ContentNetwork record inline, and build the ops in an ephemeral CRDT repo so the creator no longer stores content it doesn't own. The creator still keeps the network metadata for relay purposes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…otstrap Keep the common update/delete/sync path free of the bootstrap parameter. Only create_content uses the _with_bootstrap variant. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the ephemeral LevelDB approach with direct Node construction and content_id() calls from crsl-lib. No I/O or temp files needed — genesis CID and update CID are computed via CBOR serialization + SHA-256 in memory. tempfile moves back to dev-dependencies. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
somasekimoto
force-pushed
the
fix/create-content-push-race
branch
from
c539438 to
ed876bb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
create_contentがPushOperationsを member ノードに送る際、受信側がまだContentNetworkを知らないため push が拒否され、member にデータが届かない問題を修正selectedから自身を除外しているのに、ローカル CRDT と AccessPolicy を保存していた問題を修正修正方針
ContentRequest::PushOperationsに optional なPushBootstrap { creator_node_id, member_nodes, created_at }を追加ContentNetwork即時保存 / それ以外 → 拒否」の順で判定crdt_repoにprepare_create_operationsを追加し、ephemeral なCrslCrdtRepository上で create を走らせてSerializedOperationを抽出 → creator は CRDT を永続化しないセキュリティ
peer_id == bs.creator_node_idとlocal_peer_id in bs.member_nodesを要求するので、creator なりすまし・victim へのネットワーク押し付けは防げる。残余リスク (任意 peer が自称 creator として push) は既存 GossipsubContentCreatedの信頼モデルと同等。該当箇所にSECURITY:コメント記載。互換性
Wire 形式変更あり。旧ノードとは通信不可になる。
Test plan
cargo test -p monas-state-node329 passed (286 unit + 5 e2e + 32 integration + 4 pk exchange + 2 new)tests/create_content_push_race_test.rs:create_content_delivers_crdt_ops_to_members_without_gossipsub_sync— 3 ノード実 libp2p mesh で create_content、gossipsub settle を挟まずに member がデータを持つこと + creator は持たないことを検証push_operations_rejects_unknown_network_without_bootstrap— 拒否パスの回帰防止test_prepare_create_operations_is_deterministic_across_repos— creator が持たない / 受信側が同じ CID で復元できることcargo test --workspace --profile test603 passedcargo fmt --checkcargo clippy --workspace --all-targets --profile test --no-deps -- --deny warnings警告 0scripts/start-local-nodes.sh --clean→scripts/e2e-test.sh) 7/7 passedscripts/e2e-test.shに Step 2.5「作成直後の即時同期検証」を追加 (race の回帰防止アサーション)🤖 Generated with Claude Code