Comparison to Praos spec, noting work still to do. Major items: - Peer management (promote/demote/churn) - Pipelining Both are known and will be next up following a coordinator refactor
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Decouple TCP accept from handshake so one slow peer no longer blocks all inbound connections. Each handshake now runs as an independent tokio task, gated by a semaphore (--max-handshaking, default 64) and a per-IP connection cap (--max-connections-per-ip, default 3). Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Switch mux from RoundRobin to StrictPriority scheduler so Praos protocols always outprioritize Leios, preventing head-of-line blocking. Add named priority constants, fix KeepAlive/PeerSharing/Leios priority assignments, consolidate deferred items into Future Work section. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
codec.rs wraps mux channels with CBOR framing — belongs in mux/.
protocol.rs defines the protocol state machine framework — belongs
in protocols/. Re-export from parent modules so imports become
crate::mux::{CodecSend,CodecRecv} and crate::protocols::{Protocol,
Runner,Agency,Role,ProtocolError}. Update all ~40 import sites.
238 tests pass.
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Wire LeiosNotify (ID 18) and LeiosFetch (ID 19) into the per-peer task architecture behind a `leios_enabled` config flag (default false). - LeiosStore: content-addressed blob store for EBs/votes (separate from ChainStore since Leios data is keyed by (slot, hash), not a linear chain) - Client tasks: spawn_leios_notify (continuous request_next loop), spawn_leios_fetch (command-driven, like BlockFetch) - Server handlers: serve_leios_notify (from LeiosStore + subscribe), serve_leios_fetch (block/txs/vote lookups) - Types: 6 PeerEvent, 2 PeerCommand, 5 NetworkEvent, 3 NetworkCommand variants - Coordinator: stub-forwards Leios events, populates LeiosStore on fetch - Wiring: peer_task, responder_task, duplex_task all conditionally register and spawn Leios protocol sub-tasks - CLI: --leios flag on serve (synthetic EB/vote generation) and multi-follow (logs Leios notifications) for local end-to-end testing 247 total tests (9 new). Locally tested: serve --leios -> multi-follow --leios. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
All 6 N2N mini-protocols now implemented (147 tests). Multi-peer coordination layer remains TBD for Phase 3. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Update workspace structure (types/ module, mux/codec.rs, protocols/ protocol.rs, leios_notify/, leios_fetch/). Update header/block design decision from opaque to parsed. Mark Phase 4a-4c as complete. Fix file paths and test counts in implementation plan. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Implement the TxSubmission mini-protocol (protocol ID 4, version 2) — pull-based transaction dissemination with blocking/non-blocking modes, flow control, and full CBOR codec with indefinite-length inner lists. Includes client-side run_client helper, server handler in fake server, and CLI 'submit' command with single-tx and Poisson stream modes. 20 new tests (129 total), live-tested against fake server. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Choose thread-per-peer with shared coordinator over Pallas v2 event-driven (single-threaded bottleneck) and Haskell actor model (over-engineered for ~20 peers). Document PeerHandle sketch, peer-agnostic consensus interface, and ordering rationale (multi-peer before Leios protocols). Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Sub-phases 4a-4f: LeiosNotify/LeiosFetch protocols, Praos header/body extensions, per-peer task integration, coordinator/ChainStore extensions, and priority scheduling. Working assumptions: protocol IDs 18/19, opaque types, two protocols initially, freshest-first deferred. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Add detailed plan for peer temperature lifecycle (Cold/Warm/Hot), dynamic sub-task management, and churn policy. Moderate scope, no consensus dependency, can be done before or after Phase 4. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Security fixes: - read_segment now validates payload_len against max_payload before allocating, preventing OOM from malicious segment headers - CodecRecv enforces max_buffer (default 2.5MB) to prevent unbounded buffer growth from crafted CBOR that never completes decoding - Demuxer passes configured sdu_size as the segment payload limit Test vectors captured from backbone.cardano.iog.io:3001: - ProposeVersions and AcceptVersion raw bytes validated against our encoder output (byte-for-byte match ensures wire compatibility) New tests (19 added, 50 total): - Wire: oversized payload rejection, live segment headers, timestamp wrap - Codec: buffer overflow rejection, large cross-segment messages, channel close - Handshake codec: unknown tag, truncated payload, live vector decode - N2N: v7-v10 2-field format, live bytes decode, invalid CBOR, key order Also: net-cli capture command, CLAUDE.md test vector workflow, .gitignore Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
- Cap version table entries at 256 and version mismatch list at 256 in handshake codec, preventing unbounded allocation from crafted CBOR map/array lengths - Switch demuxer from blocking send to try_send -- if a protocol's channel is full, the connection is torn down instead of blocking the demuxer (which would stall all protocols on the connection) - Add test for oversized version table rejection Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
New `follow` CLI command that jumps to the current chain tip and prints each new block as it arrives. Reconnects with exponential backoff on failure, using a rolling window of known points for efficient re-intersection. Shared connection helper extracted to reduce duplication across CLI commands. Live-tested against Cardano mainnet. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Phase 1 steps 1-6: the core transport and multiplexing layers. - Workspace setup: net-core (library) + net-cli (binary) crates - bearer/: trait-based transport abstraction with TcpBearer and MemBearer - mux/wire: 8-byte segment header encode/decode, segment read/write, payload fragmentation into SDUs - mux/channel: split ChannelSend/ChannelRecv halves (pipelining-ready) - mux/scheduler: Scheduler trait with RoundRobin and StrictPriority - mux/egress: muxer task with per-protocol staging buffers and scheduler-driven segment writing - mux/ingress: demuxer task with per-protocol dispatch and configurable ingress buffer limits (overflow = connection teardown per spec) - mux/mod: Mux assembly tying it all together with register() and run() 16 tests covering wire format round-trips, scheduler behavior, bearer data exchange, and full mux integration (single-protocol, bidirectional, multi-protocol) over MemBearer. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Phase 1 step 7: CBOR message framing over raw mux byte channels. - CodecSend: encodes any minicbor::Encode type to CBOR and sends via channel - CodecRecv: accumulates bytes across segment boundaries and incrementally decodes CBOR messages using minicbor, solving the no-message-framing problem from the Ouroboros wire protocol - Uses HRTB (for<'a> Decode) to avoid lifetime conflicts between the decode buffer and mutation — decoded types must be owned - minicbor 0.25 dependency added Tests: codec round-trip and multiple-message sequencing over MemBearer mux. 18 tests total, all passing. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Require a systematic audit of all untrusted-input paths at the end of each implementation phase: allocation bounds, buffer caps, non-blocking demuxer, timeout coverage, error propagation, and no-panic grep. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>