fix: resume-scope-claim レビュー指摘対応 (deny セマンティクス doc・破損 snapshot の警告ログ)
This commit is contained in:
parent
364f936ed1
commit
b90291d5a0
1
Cargo.lock
generated
1
Cargo.lock
generated
|
|
@ -2941,6 +2941,7 @@ dependencies = [
|
||||||
"tempfile",
|
"tempfile",
|
||||||
"thiserror 2.0.18",
|
"thiserror 2.0.18",
|
||||||
"tokio",
|
"tokio",
|
||||||
|
"tracing",
|
||||||
"uuid",
|
"uuid",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,16 @@ pub fn register_pod(
|
||||||
|
|
||||||
/// Register a top-level Pod with explicit deny rules that reduce the
|
/// Register a top-level Pod with explicit deny rules that reduce the
|
||||||
/// claimed effective write scope.
|
/// claimed effective write scope.
|
||||||
|
///
|
||||||
|
/// Conflict semantics: if every Pod overlapping a requested allow rule
|
||||||
|
/// is fully covered by one of `scope_deny`, the conflict is suppressed
|
||||||
|
/// and the registration proceeds. The check is structural (deny ⊇
|
||||||
|
/// competitor.rule), not relational — it does not verify that the
|
||||||
|
/// competitor actually descends from this Pod's prior delegations.
|
||||||
|
/// In practice this is safe because the canonical caller is `restore`,
|
||||||
|
/// which derives `scope_deny` from the session's own snapshot, so any
|
||||||
|
/// covered competitor is guaranteed to be a descendant of the original
|
||||||
|
/// allocation. Direct callers must uphold the same invariant.
|
||||||
pub fn register_pod_with_deny(
|
pub fn register_pod_with_deny(
|
||||||
guard: &mut LockFileGuard,
|
guard: &mut LockFileGuard,
|
||||||
pod_name: String,
|
pod_name: String,
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ thiserror = { workspace = true }
|
||||||
sha2 = { workspace = true }
|
sha2 = { workspace = true }
|
||||||
hex = "0.4.3"
|
hex = "0.4.3"
|
||||||
protocol = { workspace = true }
|
protocol = { workspace = true }
|
||||||
|
tracing.workspace = true
|
||||||
|
|
||||||
[dev-dependencies]
|
[dev-dependencies]
|
||||||
tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
|
tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
|
||||||
|
|
|
||||||
|
|
@ -311,7 +311,15 @@ pub fn collect_state(entries: &[HashedEntry]) -> RestoredState {
|
||||||
domain, payload, ..
|
domain, payload, ..
|
||||||
} => {
|
} => {
|
||||||
if domain == POD_SCOPE_EXTENSION_DOMAIN {
|
if domain == POD_SCOPE_EXTENSION_DOMAIN {
|
||||||
state.pod_scope = serde_json::from_value(payload.clone()).ok();
|
match serde_json::from_value::<PodScopeSnapshot>(payload.clone()) {
|
||||||
|
Ok(snapshot) => state.pod_scope = Some(snapshot),
|
||||||
|
Err(err) => {
|
||||||
|
tracing::warn!(
|
||||||
|
error = %err,
|
||||||
|
"discarding malformed pod.scope snapshot from session log"
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
state.extensions.push((domain.clone(), payload.clone()));
|
state.extensions.push((domain.clone(), payload.clone()));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user