ticket: close peer pod handshake

work-items/closed/20260601-132955-tui-peer-pod-handshake-command/artifacts/review.md

@@ -0,0 +1,60 @@
+# Review: peer Pod handshake command
+
+Reviewer Pods:
+
+- Initial review: `peer-pod-handshake-reviewer-20260602`
+- Re-review: `peer-pod-handshake-rereviewer-20260602`
+
+## Result
+
+Approved after fixes. No remaining blockers.
+
+## Initial blocker findings
+
+The first reviewer found two blockers:
+
+1. `SendToPeerPod` wrote `Method::Notify` directly to the target socket without draining connect-time `Alert` / `Snapshot` traffic, so a real Pod socket could fail to process the notify while the sender reported success.
+2. Reciprocal registration rollback could delete a pre-existing `source -> target` peer relation when the reciprocal `target -> source` write failed.
+
+## Fix verification
+
+Coder added commit `057c2ef fix: harden peer pod registration`.
+
+The re-review confirmed:
+
+- `SendToPeerPod` now uses the existing `connect_and_send` one-shot client path, which drains connect-time `Alert` / `Snapshot` traffic before writing `Method::Notify` and reports delivery failures.
+- A regression test covers a target socket that emits an alert/snapshot before reading the peer notify.
+- `register_peer` now snapshots the source Pod's existing peer list and restores that exact list if the target-side write fails.
+- A regression test covers an injected target-side failure where the source already had the peer relation and verifies it is preserved.
+
+## Validation evidence
+
+Coder reported:
+
+- `cargo test -p pod discovery --lib`
+- `cargo test -p tui command --lib`
+- `cargo test -p protocol -p pod-store -p pod -p tui --lib`
+- `./tickets.sh doctor`
+- `git diff --check`
+- `nix build .#yoi`
+
+Reviewer re-ran:
+
+- `cargo test -p pod --lib peer`
+- `cargo test -p pod --lib connect_and_send`
+
+Parent/orchestrator reran after merge:
+
+- `cargo test -p pod discovery --lib`
+- `cargo test -p tui command --lib`
+- `cargo test -p protocol -p pod-store -p pod -p tui --lib`
+- `./tickets.sh doctor`
+- `git diff --check`
+- `nix build .#yoi`
+- `./result/bin/yoi pod --help`
+
+## Residual risk
+
+Peer registration updates two metadata files and is not crash-transactional because the current Pod metadata store has no multi-record transaction boundary. Normal write failures are handled by restoring the exact prior source peer list.
+
+The implemented peer relationship is metadata-level reciprocal registration, not live target-process consent. This is documented and remains separate from spawned-child delegation, delegated scope, output cursors, parent ownership, and child completion notifications.

work-items/closed/20260601-132955-tui-peer-pod-handshake-command/item.md

@@ -2,12 +2,12 @@
 id: 20260601-132955-tui-peer-pod-handshake-command
 slug: tui-peer-pod-handshake-command
 title: TUI: add peer Pod handshake and messaging command
-status: open
+status: closed
 kind: task
 priority: P2
 labels: [tui, pod, command, orchestration]
 created_at: 2026-06-01T13:29:55Z
-updated_at: 2026-06-02T13:18:34Z
+updated_at: 2026-06-02T13:54:50Z
 assignee: null
 legacy_ticket: null
 ---

work-items/closed/20260601-132955-tui-peer-pod-handshake-command/resolution.md

@@ -0,0 +1 @@
+Implemented TUI-initiated peer Pod handshake and peer messaging. Peers are persisted separately from spawned children, appear in ListPods as peers, and can receive peer messages through a distinct tool/method. Reviewer blockers were fixed; focused tests and nix build passed.

work-items/closed/20260601-132955-tui-peer-pod-handshake-command/thread.md

@@ -166,4 +166,81 @@ The current boundaries are documented in `artifacts/investigation-summary.md`. N
 The two-file reciprocal metadata update is not crash-transactional because the existing Pod metadata store has no multi-record transaction boundary. The implementation avoids successful replies with one-sided state for normal validation/write failures by restoring the exact prior source-side peer list if the reciprocal write fails.
 
 
+---
+
+<!-- event: review author: hare at: 2026-06-02T13:54:50Z status: approve -->
+
+## Review: approve
+
+# Review: peer Pod handshake command
+
+Reviewer Pods:
+
+- Initial review: `peer-pod-handshake-reviewer-20260602`
+- Re-review: `peer-pod-handshake-rereviewer-20260602`
+
+## Result
+
+Approved after fixes. No remaining blockers.
+
+## Initial blocker findings
+
+The first reviewer found two blockers:
+
+1. `SendToPeerPod` wrote `Method::Notify` directly to the target socket without draining connect-time `Alert` / `Snapshot` traffic, so a real Pod socket could fail to process the notify while the sender reported success.
+2. Reciprocal registration rollback could delete a pre-existing `source -> target` peer relation when the reciprocal `target -> source` write failed.
+
+## Fix verification
+
+Coder added commit `057c2ef fix: harden peer pod registration`.
+
+The re-review confirmed:
+
+- `SendToPeerPod` now uses the existing `connect_and_send` one-shot client path, which drains connect-time `Alert` / `Snapshot` traffic before writing `Method::Notify` and reports delivery failures.
+- A regression test covers a target socket that emits an alert/snapshot before reading the peer notify.
+- `register_peer` now snapshots the source Pod's existing peer list and restores that exact list if the target-side write fails.
+- A regression test covers an injected target-side failure where the source already had the peer relation and verifies it is preserved.
+
+## Validation evidence
+
+Coder reported:
+
+- `cargo test -p pod discovery --lib`
+- `cargo test -p tui command --lib`
+- `cargo test -p protocol -p pod-store -p pod -p tui --lib`
+- `./tickets.sh doctor`
+- `git diff --check`
+- `nix build .#yoi`
+
+Reviewer re-ran:
+
+- `cargo test -p pod --lib peer`
+- `cargo test -p pod --lib connect_and_send`
+
+Parent/orchestrator reran after merge:
+
+- `cargo test -p pod discovery --lib`
+- `cargo test -p tui command --lib`
+- `cargo test -p protocol -p pod-store -p pod -p tui --lib`
+- `./tickets.sh doctor`
+- `git diff --check`
+- `nix build .#yoi`
+- `./result/bin/yoi pod --help`
+
+## Residual risk
+
+Peer registration updates two metadata files and is not crash-transactional because the current Pod metadata store has no multi-record transaction boundary. Normal write failures are handled by restoring the exact prior source peer list.
+
+The implemented peer relationship is metadata-level reciprocal registration, not live target-process consent. This is documented and remains separate from spawned-child delegation, delegated scope, output cursors, parent ownership, and child completion notifications.
+
+
+---
+
+<!-- event: close author: hare at: 2026-06-02T13:54:50Z status: closed -->
+
+## Closed
+
+Implemented TUI-initiated peer Pod handshake and peer messaging. Peers are persisted separately from spawned children, appear in ListPods as peers, and can receive peer messages through a distinct tool/method. Reviewer blockers were fixed; focused tests and nix build passed.
+
+
 ---